Commit Graph

88 Commits

Author SHA1 Message Date
c-a-m da3aacf107 Passwords: SecuredString to lock down and clear password usage.
SecuredString encapsulates handling of passwords and clearing them when done.  This change
includes changing everywhere passwords are used.  After authentication the authentication service will
clear the token - which will clear the password.  This avoids using any passwords in String objects.

This also adds commentary to BCrypt to show how it changed from the original external resource.  It moves utility methods to CharArrays.

Original commit: elastic/x-pack-elasticsearch@d0ffbae5c8
2014-09-26 10:39:04 -06:00
javanna f3164f1d24 [TEST] add system key to node settings in ShieldRestTests
Original commit: elastic/x-pack-elasticsearch@76be4c240a
2014-09-26 08:44:50 +02:00
uboness b3472bf3dc Changed the base64 encoding of the signatures to be URL safe
In InternalKeyService, we encode the signatures with base64. For things like scroll id, that need to be placed in URLs it's important that the signature will be URL safe.

Original commit: elastic/x-pack-elasticsearch@138d02d966
2014-09-25 13:52:55 +02:00
javanna b99f7be199 [TEST] add docs check to ScrollIdSigningTests
Original commit: elastic/x-pack-elasticsearch@30c026ac92
2014-09-25 11:58:13 +02:00
Michael McCandless d9d5cbeb32 upgrade to Lucene 4.10.1 snapshot
Original commit: elastic/x-pack-elasticsearch@d41ba71039
2014-09-24 16:35:42 -04:00
uboness 2482750435 Added a cli tool to generate the system_key file
Original commit: elastic/x-pack-elasticsearch@8c344ded6b
2014-09-23 12:24:05 +02:00
javanna f1b0c88bd4 [TEST] introduce base class for ldap tests that starts apache ds up and cleans it up afterwards
ApacheDSRule has been moved to `ExternalResource` which requires less code and implements `TestRule` instead of `MethodRule`. `TestRule` supports `ClassRule`s as well as ordinary `Rule`s. A class rule is exactly what we need for the ldap tests since we want to start the ldap server once before class and shut it down after all tests (after class). Also made sure that the static fields are cleaned up, otherwise `StaticFieldsInvariantRule` barfs.

Added `extends ElasticsearchTestsCase` where missing also.

Closes elastic/elasticsearch#80

Original commit: elastic/x-pack-elasticsearch@2143a2dcc6
2014-09-20 10:26:42 +02:00
javanna 723725753a [TEST] Make it possible to run REST tests against es+shield
Added `ShieldRestTests` that extends `ElasticsearchRestTests` allowing to run REST tests against es+shield. Tests won't be run by default as they require additional configuration (e.g. rest tests and spec location on file system). They can be activated via `-Dtests.rest=true`. Rest tests and spec location can be provided as follows:

```
-Dtests.rest.spec=/path/to/elasticsearch/rest-api-spec/api -Dtests.rest.suite=/path/to/elasticsearch/master/rest-api-spec/test
```

Some tests need to be blacklisted at this moment as follows:

```
-Dtests.rest.blacklist=scroll/*/*,mpercolate/*/*,msearch/*/*
```

Closes elastic/elasticsearch#79

Original commit: elastic/x-pack-elasticsearch@6f3e72dd87
2014-09-19 17:08:17 +02:00
javanna 932cfd9a33 [TEST] fix apache ds cleanup issues
Original commit: elastic/x-pack-elasticsearch@235a5de900
2014-09-19 15:01:19 +02:00
javanna d5d4be018d [TEST] fixed ScrollIdSigningTests to never use the signed scroll ids as tampered one
`randomInt` includes 0, thus the tampered id could stay the same as the signed scroll ids in some cases which would make everything work and the test fail.

Also cleared the scroll from a finally block, otherwise when the test fails the scroll stays around which might make after test checks fail.

Original commit: elastic/x-pack-elasticsearch@6f6b0d844d
2014-09-19 14:45:50 +02:00
uboness de893c544a Added key service
- Key service provides un/signing functionality
- will initially be used to un/sign scroll ids (for the scroll api)

Original commit: elastic/x-pack-elasticsearch@256e0e3c5d
2014-09-18 15:09:10 +02:00
javanna a313879f49 [TEST] enabled http where needed as it was disabled by default in es core
Original commit: elastic/x-pack-elasticsearch@3a56726c65
2014-09-16 17:08:54 +02:00
javanna 99c41997d9 Update es core version to 1.4.0.Beta1-SNAPSHOT
Original commit: elastic/x-pack-elasticsearch@07a12d3c58
2014-09-16 15:34:09 +02:00
javanna fee5a30f7f Update es core version to 1.4.0.Beta-SNAPSHOT
Original commit: elastic/x-pack-elasticsearch@acd0ab0292
2014-09-15 15:46:24 +02:00
Alexander Reelsen d604c63527 Netty: Move n2n filter in pipeline to first place
The current IP filter kicks in after the SSL handler, which only
makes sense, if you check things like the SSL certificate. For
now it makes most sense to really put this at the first place.

Original commit: elastic/x-pack-elasticsearch@bbaed67a3c
2014-09-12 08:32:38 +02:00
Alexander Reelsen 176517ba7e Testing: Changing ApacheDsRule to not use the same workdir for LDAP server
Original commit: elastic/x-pack-elasticsearch@532d02b014
2014-09-11 16:30:26 +02:00
uboness 1588c761ea Cleanup
- Formalized the notion of a client vs. node mode. Introduced an `AbstractShieldModule` that takes care of that
- For now, standarized on the `Shield` name across the board (e.g. change `SecurityModule` to `ShieldModule`)
- Introduces static methods to `ShieldPlugin` to resolve shield specific config files (on the way fixed the file resolving of the ldap group mapper)
- The n2n ip filtering is now resolved at the module level. If not enabled, null is injected and the netty handler is then not injected to the pipeline
- updated code base with the latest changes in es-core around how relevant http headers are registered and copied over to the transport request
- Added new known action in es-core  `indices:admin/get`

Original commit: elastic/x-pack-elasticsearch@ca8d85dc81
2014-09-11 15:21:57 +03:00
Alexander Reelsen 787a415c27 FileRolesStore: Make sure default path is loaded correctly on startup
The wrong path was used as default path. Also added logging information
for all files, so one can at least check the paths.

Original commit: elastic/x-pack-elasticsearch@893493fd17
2014-09-10 12:07:16 +02:00
Alexander Reelsen f15d5c4aa3 Testing: Create rule for starting/stopping ApacheDS
This ensures, that resources are cleaned up appropriately.

Original commit: elastic/x-pack-elasticsearch@d881562a3e
2014-09-09 21:28:40 +02:00
Alexander Reelsen 954ea51ef3 Test: Ensure that security plugin is not loaded via classpath
Original commit: elastic/x-pack-elasticsearch@765a3d5115
2014-09-09 16:26:23 +02:00
uboness 263ebfbbf2 Have AuthenticationService resolve the auth token from rest request
- Also made sure that we fallback on system token only if the system has permission to the action.
- While at it, change the binding of the different services to run as a singletons

Closes elastic/elasticsearch#64

Original commit: elastic/x-pack-elasticsearch@3705b7365a
2014-09-09 14:31:17 +03:00
uboness 5cc210bc9a Bug Fix: LdapModule now reports whether it's enabled/disabled correctly
- Also fixed a bug where if ldap/esuers module is disabled, injection failed (now injecting the appropriate `null` values to `Realms`
 - Also updated `SecurityFilter` with latest changes in es core (action filters API changed)

Original commit: elastic/x-pack-elasticsearch@71de64e6ad
2014-09-07 01:07:24 +02:00
uboness f4b4075cfa Upgraded to Lucene 4.10 and fixed the build
The automaton support changed quite a bit in 4.10 which required determinizing all the automatons used in the Privilege

Original commit: elastic/x-pack-elasticsearch@96a82f0f5d
2014-09-06 15:41:22 +02:00
uboness 5cc7d55568 cleaned up UsernamePasswordToken
Removed the caching of the token on the request context. Caching is now handled by the InternalAuthenticationService

Original commit: elastic/x-pack-elasticsearch@d60bc7af67
2014-09-05 15:24:43 +02:00
Alexander Reelsen 2aa52a3113 Fix: Use context instead of headers for storing the auth token
Original commit: elastic/x-pack-elasticsearch@497202f7a1
2014-09-05 12:46:59 +02:00
Alexander Reelsen c96db14742 Fixing compilation errors due to latest core changes
Original commit: elastic/x-pack-elasticsearch@dff29dc46d
2014-09-05 10:25:21 +02:00
uboness 6ebe1b997f Make sure the "Authorization" header is copied from the rest to request the transport message
Original commit: elastic/x-pack-elasticsearch@a29c66821e
2014-09-04 13:52:06 +02:00
uboness 6f82a56ed3 Restructured and cleaned up guice modules
- ShieldModule loads the SecuredTransportModule which is in turn responsible for loading the required transport related sub-modules
- Removed n2n module and incorporated n2n into the transport module
- Updated the docs to reflect the new settings for n2n ip filtering

Original commit: elastic/x-pack-elasticsearch@dd82306a04
2014-09-03 13:32:44 +02:00
Bill Hwang 3ae67f3999 [BUILD] Added license check
1) Enforce license header check on source files
2) Add missing license header to existing sources

Original commit: elastic/x-pack-elasticsearch@da73e4f2b6
2014-09-02 15:54:05 -07:00
Bill Hwang 6b0ec94eab [CI] Add JaCoCo plug in dependencies
Add jacoco plug in depdencies to pom.xml, inside a profile.
This enables code coverage analysis

Original commit: elastic/x-pack-elasticsearch@eedf882368
2014-09-02 12:18:07 -07:00
javanna 8a7764fb50 [TEST] Updated known actions names test
Closes elastic/elasticsearch#51

Original commit: elastic/x-pack-elasticsearch@9e051f9fb6
2014-09-01 14:33:55 +02:00
Alexander Reelsen 4fa7abd7d6 Fix: Make compilation work with java 8
Also fixes a test, which was relying on order

Original commit: elastic/x-pack-elasticsearch@56b8cd0381
2014-09-01 11:23:02 +02:00
uboness ef48bf7c6e Change http status of AuthorizationException to 403
Closes elastic/elasticsearch#55

Original commit: elastic/x-pack-elasticsearch@23006f238b
2014-09-01 06:37:15 +02:00
uboness fd568037bb Added create_index as a separate index privilege
Closes elastic/elasticsearch#53

Original commit: elastic/x-pack-elasticsearch@ec7f6ce5fa
2014-08-31 23:32:36 +02:00
uboness 956aeb53f4 Modified the initial authentication logic
When a http request arrives, we first verify that it carries an authentication token (if it doesn't we throw an authentication exception). Beyond that, any action request that arrives, if it doesn't have an authentication token we assume system user identity. The rationale behind it is that  if a request comes in via the transport, then the sending peer authenticated with a client auth cert (the cert acts as the guarantee here that the actor can be assumed as System)... otherwise, the request can come from the local node and triggered by the system (e.g. gateway recovery)

The System user only has permissions to internal apis (it doesn't have full access/permission to all the apis). when a System identity is assumed, the authorization service will grant/deny the request based on whether the request is an internal api or not.

Aso fixed the known actions (to be insync with 1.x branch)

Closes elastic/elasticsearch#45

Original commit: elastic/x-pack-elasticsearch@be27cb0e1b
2014-08-29 15:35:01 -07:00
Alexander Reelsen eb29414077 incorporating review comments as parseFile methods already return immutable maps
Original commit: elastic/x-pack-elasticsearch@5baaad0971
2014-08-29 10:23:58 +02:00
Alexander Reelsen c6b7be5596 Cleanup: Incorporating findbugs/pmd findings
Original commit: elastic/x-pack-elasticsearch@5567fae416
2014-08-29 10:15:03 +02:00
Alexander Reelsen 25d2480e78 Ip filtering: Check correct path for default file
Also added logging, so that on start up a message is logged, if all
connections are rejected or the config file is not found.

Closes elastic/elasticsearch#48

Original commit: elastic/x-pack-elasticsearch@51f16d75ba
2014-08-29 09:11:28 +02:00
uboness c17c140cd2 Small fixes
- throw an error on initialization if the audit trail is configured with an unknown output
- removed unnecessary null checks

Original commit: elastic/x-pack-elasticsearch@8d26723553
2014-08-28 16:05:04 -07:00
Alexander Reelsen f73645054b Ip Filter: Allow to disable via node configuration
Added `shield.n2n.enabled` property to disable this feature, so
it does not get added to the netty pipeline.

Original commit: elastic/x-pack-elasticsearch@d73d27619c
2014-08-28 16:34:27 +02:00
Alexander Reelsen c9379b3875 CliTool: Do not leave invalid lines in roles file
Removing all roles from a user result in an invalid line left in the
roles file. This commit simply removes the user from the roles file
in that case.

Original commit: elastic/x-pack-elasticsearch@c1f4a961fd
2014-08-28 15:10:24 +02:00
Alexander Reelsen 52ba1ceff3 CliTool: Fixed adding of roles for existing users
The roles file had been checked instead of the users file when checking
if the user already exists. This lead to wrong "user not found" error
messages.

Original commit: elastic/x-pack-elasticsearch@6fc5646ce7
2014-08-28 14:50:08 +02:00
javanna 929e12e9cb [TEST] Removed discovery configuration from transport clients settings
Also removed unused copyFile method

Original commit: elastic/x-pack-elasticsearch@2d96e05ded
2014-08-28 13:57:06 +02:00
Alexander Reelsen d0e377ff76 Testing: Create ShieldIntegrationTest that other test inherit from
This integration test contains all of the configuration needed to run with shield
and will be the base for further improvements.

Closes elastic/elasticsearch#36
Relates elastic/elasticsearch#31

Original commit: elastic/x-pack-elasticsearch@fe77f4d32b
2014-08-28 09:30:51 +02:00
uboness fcd3a89a3d We've decided that for now (phase1) index template APIs will be under cluster management privilege
Original commit: elastic/x-pack-elasticsearch@390d55e859
2014-08-27 12:28:51 -07:00
Alexander Reelsen b887fad51a Config file parsing: Improved parsing for edge cases
Created some tests to improve parsing of files, most importantly fixed an endless loop
in YAML parsing and made the non-yaml parsers a bit more error resistant.

Closes elastic/elasticsearch#40

Original commit: elastic/x-pack-elasticsearch@8873138d0c
2014-08-26 10:49:48 +02:00
c-a-m 9cd397727f LDAP: Implements an LDAP realm
The LDAP realm is a bind-per-user strategy and the group lookup strategy is configurable.
If a role mapping file is not defined, groups names are taken as role names.
Special configuration for active directory simplifies the configuration.

Integration Tests are using an embedded apache DS LDAP Server.

Original commit: elastic/x-pack-elasticsearch@ce20e1b3be
2014-08-25 15:36:31 -06:00
c-a-m cf40c76e15 User Caching Issue Fix
Fixes Caching issue with passwords hashing with unique salts.

Original commit: elastic/x-pack-elasticsearch@e0ee1440fa
2014-08-20 12:26:46 -07:00
uboness f040d895b3 Added the notion of IndicesResolver
A strategy for extracting the related indices from a request. The default strategy relies on the request to either be `IndicesRequest` or `CompositeIndicesRequest`. But depending on the request type, there might be other strategies as well. For example, `GetIndexTemplatesRequest` only holds the template name and therefore requires a different strategy where the template is looked up in the cluster metadata and the indices are resolved from there.

This also cleans up the Permission class and makes sure that the indices are resolved once per request (and not once per configured group permission)

Original commit: elastic/x-pack-elasticsearch@95192ccdff
2014-08-20 10:42:51 -07:00
uboness 1154f13345 Allow configuring cluster & indices permissions on specific actions
- It is now possible to assign index & cluster permission on an action level (not just the fixed privileges we defined).

 - also added a test to check that all the actions elasticsearch has are indeed known to shield. So whenever a new action is introduced in elasticsearch, and shield is not aware of it, the build will fail. This will help us ensure that all actions in elasticsearch are 1) well formatted/categorized, 2) secured and "permissible"

Closes elastic/elasticsearch#19

Original commit: elastic/x-pack-elasticsearch@170c3b9185
2014-08-20 09:27:52 -07:00