Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Internal: Add versionless alias for rest client codebase in policy files #26521

Merged
merged 5 commits into from
Sep 7, 2017
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 9 additions & 7 deletions core/src/main/java/org/elasticsearch/bootstrap/Security.java
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,15 @@
import java.security.Permissions;
import java.security.Policy;
import java.security.URIParameter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;

import static org.elasticsearch.bootstrap.FilePermissionUtils.addDirectoryPath;
import static org.elasticsearch.bootstrap.FilePermissionUtils.addSingleFilePath;
Expand Down Expand Up @@ -191,13 +194,16 @@ static Map<String,Policy> getPluginPermissions(Environment environment) throws I
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static Policy readPolicy(URL policyFile, Set<URL> codebases) {
try {
List<String> shortNames = new ArrayList<>();
try {
// set codebase properties
for (URL url : codebases) {
String shortName = PathUtils.get(url.toURI()).getFileName().toString();
if (shortName.endsWith(".jar") == false) {
String fileName = PathUtils.get(url.toURI()).getFileName().toString();
if (fileName.endsWith(".jar") == false) {
continue; // tests :(
}
String shortName = fileName.replaceFirst("-\\d+\\.\\d+.*\\.jar", ".jar");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assumes a version format that while fairly standard is not guaranteed.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure it is not guaranteed to work for all possible version formats (specifically any that might use just a single version). But this will cover 99.9% of versions out there, and the edge case would not be for our own policy files (which is currently the only place we actually use jar specific grants). If there is a version format that is different, we can tweak this in the future, but this is still progress.

shortNames.add(shortName);
String previous = System.setProperty("codebase." + shortName, url.toString());
if (previous != null) {
throw new IllegalStateException("codebase property already set: " + shortName + "->" + previous);
Expand All @@ -206,11 +212,7 @@ static Policy readPolicy(URL policyFile, Set<URL> codebases) {
return Policy.getInstance("JavaPolicy", new URIParameter(policyFile.toURI()));
} finally {
// clear codebase properties
for (URL url : codebases) {
String shortName = PathUtils.get(url.toURI()).getFileName().toString();
if (shortName.endsWith(".jar") == false) {
continue; // tests :(
}
for (String shortName : shortNames) {
System.clearProperty("codebase." + shortName);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,14 @@
//// SecurityManager impl:
//// Must have all permissions to properly perform access checks

grant codeBase "${codebase.securesm-1.1.jar}" {
grant codeBase "${codebase.securesm.jar}" {
permission java.security.AllPermission;
};

//// Very special jar permissions:
//// These are dangerous permissions that we don't want to grant to everything.

grant codeBase "${codebase.lucene-core-7.0.0-snapshot-d94a5f0.jar}" {
grant codeBase "${codebase.lucene-core.jar}" {
// needed to allow MMapDirectory's "unmap hack" (die unmap hack, die)
// java 8 package
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
Expand All @@ -42,7 +42,7 @@ grant codeBase "${codebase.lucene-core-7.0.0-snapshot-d94a5f0.jar}" {
permission java.lang.RuntimePermission "accessDeclaredMembers";
};

grant codeBase "${codebase.lucene-misc-7.0.0-snapshot-d94a5f0.jar}" {
grant codeBase "${codebase.lucene-misc.jar}" {
// needed to allow shard shrinking to use hard-links if possible via lucenes HardlinkCopyDirectoryWrapper
permission java.nio.file.LinkPermission "hard";
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
//// These are mock objects and test management that we allow test framework libs
//// to provide on our behalf. But tests themselves cannot do this stuff!

grant codeBase "${codebase.securemock-1.2.jar}" {
grant codeBase "${codebase.securemock.jar}" {
// needed to access ReflectionFactory (see below)
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
// needed for reflection in ibm jdk
Expand All @@ -33,7 +33,7 @@ grant codeBase "${codebase.securemock-1.2.jar}" {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

grant codeBase "${codebase.lucene-test-framework-7.0.0-snapshot-d94a5f0.jar}" {
grant codeBase "${codebase.lucene-test-framework.jar}" {
// needed by RamUsageTester
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
// needed for testing hardlinks in StoreRecoveryTests since we install MockFS
Expand All @@ -42,7 +42,7 @@ grant codeBase "${codebase.lucene-test-framework-7.0.0-snapshot-d94a5f0.jar}" {
permission java.lang.RuntimePermission "accessDeclaredMembers";
};

grant codeBase "${codebase.randomizedtesting-runner-2.5.2.jar}" {
grant codeBase "${codebase.randomizedtesting-runner.jar}" {
// optionally needed for access to private test methods (e.g. beforeClass)
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
// needed to fail tests on uncaught exceptions from other threads
Expand All @@ -53,29 +53,29 @@ grant codeBase "${codebase.randomizedtesting-runner-2.5.2.jar}" {
permission java.lang.RuntimePermission "accessDeclaredMembers";
};

grant codeBase "${codebase.junit-4.12.jar}" {
grant codeBase "${codebase.junit.jar}" {
// needed for TestClass creation
permission java.lang.RuntimePermission "accessDeclaredMembers";
};

grant codeBase "${codebase.mocksocket-1.2.jar}" {
grant codeBase "${codebase.mocksocket.jar}" {
// mocksocket makes and accepts socket connections
permission java.net.SocketPermission "*", "accept,connect";
};

grant codeBase "${codebase.elasticsearch-rest-client-7.0.0-alpha1-SNAPSHOT.jar}" {
grant codeBase "${codebase.elasticsearch-rest-client.jar}" {
// rest makes socket connections for rest tests
permission java.net.SocketPermission "*", "connect";
// rest client uses system properties which gets the default proxy
permission java.net.NetPermission "getProxySelector";
};

grant codeBase "${codebase.httpcore-nio-4.4.5.jar}" {
grant codeBase "${codebase.httpcore-nio.jar}" {
// httpcore makes socket connections for rest tests
permission java.net.SocketPermission "*", "connect";
};

grant codeBase "${codebase.httpasyncclient-4.1.2.jar}" {
grant codeBase "${codebase.httpasyncclient.jar}" {
// httpasyncclient makes socket connections for rest tests
permission java.net.SocketPermission "*", "connect";
// rest client uses system properties which gets the default proxy
Expand Down