The SignatureService tried to access the system key file in
the constructor, which could lead to endless loops. This PR
moves the service into a AbstractLifecycleComponent to keep
the constructor dumb.
Relates elastic/elasticsearch#517
Original commit: elastic/x-pack-elasticsearch@b1e5bfe98c
For LDAP hostname verification, we use the "default" SSLContext, which is cached in a map
and re-used. If a secure connection is established then the session is cached for use later. In
the tests, we sometimes run a test that connects without hostname verification and a SSL session
is cached. Then when the hostname verification test runs, it uses the cached session and does
not perform hostname verification causing the test to fail. This fix changes the test to always
use a new SSLContext for each test.
Closeselastic/elasticsearch#521
Original commit: elastic/x-pack-elasticsearch@46ffed34bb
When generating the sysemkey, the permissions are set to owner read/write
only in order to protect the system key. This only works, if the underlying
filesystem supports posix permissions.
Closeselastic/elasticsearch#516
Original commit: elastic/x-pack-elasticsearch@32d6e1d745
SSLEngine will throw various SSLExceptions when the application initiates a write prior
to the handshake being completed. The NettySecuredTransport marks a channel as ready
for use once it is connected, even though the handshake has not completed. A handler
has been added that performs the handshake and queues writes until the handshake has
completed. Additionally, fix SslMultiPortTests to always connect to the proper client
profile port.
Closeselastic/elasticsearch#390. Closeselastic/elasticsearch#393. Closeselastic/elasticsearch#394. Closeselastic/elasticsearch#395. Closeselastic/elasticsearch#414
Original commit: elastic/x-pack-elasticsearch@1bb3218373
Because elasticsearch core does not have a possibility to retrieve the
currently open search contexts across the cluster, there is no possiblity
to check if a user is allowed to close a context, when `_all` is
specified.
This commit introduces a new cluster privilege called
cluster:scroll/clear/_all
which allows to clear all scroll requests.
Closeselastic/elasticsearch#502
Original commit: elastic/x-pack-elasticsearch@5f5ce5de36
SSL and TLS do not require hostname verification, but without it they are susceptible
to man in the middle attacks. This adds support for hostname verification for
transport client connections and for ldaps connections.
Closeselastic/elasticsearch#489
Original commit: elastic/x-pack-elasticsearch@c9380f0319
This extends the connect timeout on windows to give it enought time to complete. It moves the ldap read timeout test to openldap and active directory.
We now have three timeouts configurable. The timeout tests on active directory only work for TCP connect, and TCP read, but not LDAP Search.
Original commit: elastic/x-pack-elasticsearch@ff97396f60
Because this leads to endless loops when starting elasticsearch
some components have been refactored to AbstractLifecycleComponents
so that the exception throwing logic can executed in the
`doStart()` method.
Closeselastic/elasticsearch#505
Original commit: elastic/x-pack-elasticsearch@75d1fd358a
As no test has been marked with the @Network annotation, the test should not
try to connect to example.com (which needs to be resolved and thus requires an
internet connection). We can simply bind a local socket and run into the 1ms
timeout there.
Original commit: elastic/x-pack-elasticsearch@2c2da90607
In order to be more flexible this clean up commit splits the
TransportService into a client and server one. As part of this
we can safely remove the slightly misused TransportFilters class.
Renamed shield.type from server to node, so we can differentiate between node2node and node2client communication.
Original commit: elastic/x-pack-elasticsearch@a3a2f9bf38
Fixes duplicate messages being logged on reload of the user_roles file. Add the realm name
to the logging on reload of the role mappings file since there can be a distinct file per
ldap/ad realm.
Closeselastic/elasticsearch#485
Original commit: elastic/x-pack-elasticsearch@90932fcec7
Until now the store implementations truncated the existing file and recreated it in-place.
This has problems with bigger files as the files may not yet have finished to be written,
when the WatchService tries to pick them up.
This commit fixes the problem by creating a temp file first to write the new roles or user files
and then moves it over. Also an atomic move is tried first, if the file system supports this.
Closeselastic/elasticsearch#477
Original commit: elastic/x-pack-elasticsearch@75894dd75d
Previously, we always used the keystore password as the key password, which does not
work if a user specifies a different password when generating the key with keytool. If the
key password is not specified, the keystore password will be used.
Closeselastic/elasticsearch#473
Original commit: elastic/x-pack-elasticsearch@8a6efdbf21
The realm documentation has a 'enabled' parameter to indicate whether the realm
should be used or not. This value is now being honored so that a realm can be disabled.
Closeselastic/elasticsearch#474
Original commit: elastic/x-pack-elasticsearch@3638a14c22
This moves the esvm files into dev-tools and collapses the settings with "." This will require the latest version of esvm 0.0.10. It combines the ldap and ad config into the same file.
Added readme to dev-tools/esvm
Original commit: elastic/x-pack-elasticsearch@dab9fa643d
In order to fix various issues with the SSL service, the following cleanups have been done
* Removed SSLServiceProvider and all the lazy loading magic
* Do not try to create an SSLContext in the constructor. According to Guice docs the constructor
should only be used ever for variable declarations but not business logic. This also fixes a nasty
OOM, in case an exception was thrown in the constructor, because Guice tried to recreate that class
in an endless loop
* Get responsibilities right (which resulted in this nasty lazy loading provider design).
The SSLService allows to create a SSLEngine at the time you need it, but you need to supply
specific configuration if you want it to instead of using the default configuration
and creating a SSLContext on startup like we did before.
All changes are internal.
Closeselastic/elasticsearch#454Closeselastic/elasticsearch#453
Original commit: elastic/x-pack-elasticsearch@7ca49f781c
The shield test infra already verifies that the plugin is loaded before each test, it makes little sense to check again in this specific test. Left the second part that tests the shield info endpoint and renamed the test method
Closeselastic/elasticsearch#423
Original commit: elastic/x-pack-elasticsearch@ac2d566c42
Build number maven plugin requires this info to retrieve the build number and make it available as a variable, which is then published through RestShieldInfoAction, which is currently null. This commit makes sure the build number gets currently published.
Closeselastic/elasticsearch#428
Original commit: elastic/x-pack-elasticsearch@0a2bc7646b
- where the licenses were enabled on any cluster event. Instead they should only be enabled either explicitly by the test or at start up.
- also modified `ShieldActionModule` to for `ShieldActionFilter` to be bound as an eager singleton (es core doesn't define the scope for the registered action filters)
Original commit: elastic/x-pack-elasticsearch@47ac0d2e6f
- Added a `LicenseService` to handle license feature enable/disable events
- LicenseEventNotifier is responsible for notifying the license events to whatever registered listeners that are interested in them
- In Shield, when a license is disabled for `shield` feature, we block all read operations (done in the `ShieldActionFilter`)
- Added initial documentation around licensing
Closeselastic/elasticsearch#347
Original commit: elastic/x-pack-elasticsearch@6ba7a10cd4
This is a little cleanup to only iterate IP filter rules for each
profile instead of iterating all of them and check for the profile
inside of the rule.
Original commit: elastic/x-pack-elasticsearch@6774f1f165
The locale is being randomized but never printed out for now (fixed upstream but we still depend on 1.4.0). We need to temporarily log it out manually to debug some test failures that might be related to the locale randomization (in combination with build machines settings).
Original commit: elastic/x-pack-elasticsearch@6f7e9625d1
Every random call should happen all the time on all platforms (unless randomized!), otherwise tests won't reproduce on different platforms.
Original commit: elastic/x-pack-elasticsearch@d5b2d2079c
This PR allows to configure different ServerTransportFilters per profile.
By default there is a `server` transport filter, that does authentication
and a `client` on that rejects internal actions and shard actions.
Closeselastic/elasticsearch#312
Original commit: elastic/x-pack-elasticsearch@1ce66495a5
In order to fixelastic/elasticsearch#378 a problem was revealed, that the ip filter for HTTP was
always the one for the default profile, which lead to failed tests (along
with wrong socket connections, which made the test go green irregularly).
This commit fixes the tests and allow to configure own HTTP ip filters, adding
the following settings
* shield.http.filter.enabled
* shield.http.filter.allow
* shield.http.filter.deny
If not specific settings are configured, the one of the default profile are used.
Closeselastic/elasticsearch#378
Original commit: elastic/x-pack-elasticsearch@89dbaefe9a
N2NAuthenticator was not really used. Only the ip filtering authenticator was used, and was used directory (no use for a generic interface). `IPFilteringN2NAuthenticator` is now `IPFilter` and all relevant classes were moved to `shield.transport.filter` package.
Original commit: elastic/x-pack-elasticsearch@43f6faeb4b
In order to not require client side SSL certs for transport clients
another option was added in the profile configuration to enable
or disable client side certs. The same option has also been added
for HTTP.
Original commit: elastic/x-pack-elasticsearch@9658598bdc
Force validation of eusers username & password, and the role names.
role names and usernames follow the following validation rule:
```
A valid name must be at least 1 characher and no longer than 30 characters. It must begin with a letter (`a-z` or `A-Z`)
or an underscore (`_`). Subsequent characters can be letters, underscores (`_`), digits (`0-9`) or any of the following
symbols `@`, `-` or `$`
```
passwords must be at least 6 characters long.
Closeselastic/elasticsearch#399
Original commit: elastic/x-pack-elasticsearch@e6be51b357
Local gateway has been removed in core, but it's a master only change. If we don't set it to local in our settings, we end up using the none gateway and KnownActionsTests fails because the local gateway endpoint are not registered to core.
Original commit: elastic/x-pack-elasticsearch@9bb550329f
