From 2518cecacada63fd3213c7ade1969dffb2642d68 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Fri, 22 Sep 2017 11:18:18 -0700 Subject: [PATCH 1/3] Plugins: Add versionless alias to all security policy codebase properties This is a followup to #26521. This commit expands the alias added for the elasticsearch client codebase to all codebases. The original full jar name property is left intact. This only adds an alias without the version, which should help ease the pain in updating any versions (ES itself or dependencies). --- .../org/elasticsearch/bootstrap/Security.java | 30 +++++++++---------- .../elasticsearch/bootstrap/security.policy | 6 ++-- .../bootstrap/test-framework.policy | 14 ++++----- .../plugin-metadata/plugin-security.policy | 2 +- .../plugin-metadata/plugin-security.policy | 4 +-- 5 files changed, 27 insertions(+), 29 deletions(-) diff --git a/core/src/main/java/org/elasticsearch/bootstrap/Security.java b/core/src/main/java/org/elasticsearch/bootstrap/Security.java index a1ce20a0e27c8..43873a84f877f 100644 --- a/core/src/main/java/org/elasticsearch/bootstrap/Security.java +++ b/core/src/main/java/org/elasticsearch/bootstrap/Security.java @@ -199,28 +199,26 @@ static Policy readPolicy(URL policyFile, Set codebases) { try { // set codebase properties for (URL url : codebases) { - String shortName = PathUtils.get(url.toURI()).getFileName().toString(); - if (shortName.endsWith(".jar") == false) { + String fileName = PathUtils.get(url.toURI()).getFileName().toString(); + if (fileName.endsWith(".jar") == false) { continue; // tests :( } - String property = "codebase." + shortName; - if (shortName.startsWith("elasticsearch-rest-client")) { - // The rest client is currently the only example where we have an elasticsearch built artifact - // which needs special permissions in policy files when used. This temporary solution is to - // pass in an extra system property that omits the -version.jar suffix the other properties have. - // That allows the snapshots to reference snapshot builds of the client, and release builds to - // referenced release builds of the client, all with the same grant statements. - final String esVersion = Version.CURRENT + (Build.CURRENT.isSnapshot() ? "-SNAPSHOT" : ""); - final int index = property.indexOf("-" + esVersion + ".jar"); - assert index >= 0; - String restClientAlias = property.substring(0, index); - propertiesSet.add(restClientAlias); - System.setProperty(restClientAlias, url.toString()); + // We attempt to use a versionless identifier for each codebase. This assumes a specific version + // format in the jar filename. While we cannot ensure all jars in all plugins use this format, nonconformity + // only means policy grants would need to include the entire jar filename as they always have before. + String property = "codebase." + fileName; + String aliasProperty = "codebase." + fileName.replaceFirst("-\\d+\\.\\d+.*\\.jar", ""); + if (aliasProperty.equals(property) == false) { + propertiesSet.add(aliasProperty); + String previous = System.setProperty(aliasProperty, url.toString()); + if (previous != null) { + throw new IllegalStateException("codebase property already set: " + aliasProperty + "->" + previous); + } } propertiesSet.add(property); String previous = System.setProperty(property, url.toString()); if (previous != null) { - throw new IllegalStateException("codebase property already set: " + shortName + "->" + previous); + throw new IllegalStateException("codebase property already set: " + property + "->" + previous); } } return Policy.getInstance("JavaPolicy", new URIParameter(policyFile.toURI())); diff --git a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy index 001af2b7f4c85..7a9ea3e697790 100644 --- a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy +++ b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy @@ -24,14 +24,14 @@ //// SecurityManager impl: //// Must have all permissions to properly perform access checks -grant codeBase "${codebase.securesm-1.1.jar}" { +grant codeBase "${codebase.securesm}" { permission java.security.AllPermission; }; //// Very special jar permissions: //// These are dangerous permissions that we don't want to grant to everything. -grant codeBase "${codebase.lucene-core-7.0.0.jar}" { +grant codeBase "${codebase.lucene-core}" { // needed to allow MMapDirectory's "unmap hack" (die unmap hack, die) // java 8 package permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; @@ -42,7 +42,7 @@ grant codeBase "${codebase.lucene-core-7.0.0.jar}" { permission java.lang.RuntimePermission "accessDeclaredMembers"; }; -grant codeBase "${codebase.lucene-misc-7.0.0.jar}" { +grant codeBase "${codebase.lucene-misc}" { // needed to allow shard shrinking to use hard-links if possible via lucenes HardlinkCopyDirectoryWrapper permission java.nio.file.LinkPermission "hard"; }; diff --git a/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy b/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy index b8d868b3cfd61..539587c409d42 100644 --- a/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy +++ b/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy @@ -21,7 +21,7 @@ //// These are mock objects and test management that we allow test framework libs //// to provide on our behalf. But tests themselves cannot do this stuff! -grant codeBase "${codebase.securemock-1.2.jar}" { +grant codeBase "${codebase.securemock}" { // needed to access ReflectionFactory (see below) permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; // needed for reflection in ibm jdk @@ -33,7 +33,7 @@ grant codeBase "${codebase.securemock-1.2.jar}" { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; -grant codeBase "${codebase.lucene-test-framework-7.0.0.jar}" { +grant codeBase "${codebase.lucene-test-framework}" { // needed by RamUsageTester permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // needed for testing hardlinks in StoreRecoveryTests since we install MockFS @@ -42,7 +42,7 @@ grant codeBase "${codebase.lucene-test-framework-7.0.0.jar}" { permission java.lang.RuntimePermission "accessDeclaredMembers"; }; -grant codeBase "${codebase.randomizedtesting-runner-2.5.2.jar}" { +grant codeBase "${codebase.randomizedtesting-runner}" { // optionally needed for access to private test methods (e.g. beforeClass) permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // needed to fail tests on uncaught exceptions from other threads @@ -53,12 +53,12 @@ grant codeBase "${codebase.randomizedtesting-runner-2.5.2.jar}" { permission java.lang.RuntimePermission "accessDeclaredMembers"; }; -grant codeBase "${codebase.junit-4.12.jar}" { +grant codeBase "${codebase.junit}" { // needed for TestClass creation permission java.lang.RuntimePermission "accessDeclaredMembers"; }; -grant codeBase "${codebase.mocksocket-1.2.jar}" { +grant codeBase "${codebase.mocksocket}" { // mocksocket makes and accepts socket connections permission java.net.SocketPermission "*", "accept,connect"; }; @@ -70,12 +70,12 @@ grant codeBase "${codebase.elasticsearch-rest-client}" { permission java.net.NetPermission "getProxySelector"; }; -grant codeBase "${codebase.httpcore-nio-4.4.5.jar}" { +grant codeBase "${codebase.httpcore-nio}" { // httpcore makes socket connections for rest tests permission java.net.SocketPermission "*", "connect"; }; -grant codeBase "${codebase.httpasyncclient-4.1.2.jar}" { +grant codeBase "${codebase.httpasyncclient}" { // httpasyncclient makes socket connections for rest tests permission java.net.SocketPermission "*", "connect"; // rest client uses system properties which gets the default proxy diff --git a/modules/reindex/src/main/plugin-metadata/plugin-security.policy b/modules/reindex/src/main/plugin-metadata/plugin-security.policy index 70fb51b845ce1..a2482eaf4bd57 100644 --- a/modules/reindex/src/main/plugin-metadata/plugin-security.policy +++ b/modules/reindex/src/main/plugin-metadata/plugin-security.policy @@ -27,7 +27,7 @@ grant codeBase "${codebase.elasticsearch-rest-client}" { permission java.net.NetPermission "getProxySelector"; }; -grant codeBase "${codebase.httpasyncclient-4.1.2.jar}" { +grant codeBase "${codebase.httpasyncclient}" { // rest client uses system properties which gets the default proxy permission java.net.NetPermission "getProxySelector"; }; diff --git a/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy b/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy index 4c87e1ef9c598..32b2dc9bd1540 100644 --- a/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy +++ b/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy @@ -17,7 +17,7 @@ * under the License. */ -grant codeBase "${codebase.netty-common-4.1.13.Final.jar}" { +grant codeBase "${codebase.netty-common}" { // for reading the system-wide configuration for the backlog of established sockets permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read"; @@ -25,7 +25,7 @@ grant codeBase "${codebase.netty-common-4.1.13.Final.jar}" { permission java.net.SocketPermission "*", "accept,connect"; }; -grant codeBase "${codebase.netty-transport-4.1.13.Final.jar}" { +grant codeBase "${codebase.netty-transport}" { // Netty NioEventLoop wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854 // the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely! permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write"; From 616b3c3f300db5e794bd0a453b34fedea3269398 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Thu, 9 Nov 2017 13:56:17 -0800 Subject: [PATCH 2/3] cleanup --- core/src/main/java/org/elasticsearch/bootstrap/Security.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/org/elasticsearch/bootstrap/Security.java b/core/src/main/java/org/elasticsearch/bootstrap/Security.java index 43873a84f877f..aaae726ea8984 100644 --- a/core/src/main/java/org/elasticsearch/bootstrap/Security.java +++ b/core/src/main/java/org/elasticsearch/bootstrap/Security.java @@ -212,13 +212,13 @@ static Policy readPolicy(URL policyFile, Set codebases) { propertiesSet.add(aliasProperty); String previous = System.setProperty(aliasProperty, url.toString()); if (previous != null) { - throw new IllegalStateException("codebase property already set: " + aliasProperty + "->" + previous); + throw new IllegalStateException("codebase property already set: " + aliasProperty + " -> " + previous + ", cannot set to " + url.toString()); } } propertiesSet.add(property); String previous = System.setProperty(property, url.toString()); if (previous != null) { - throw new IllegalStateException("codebase property already set: " + property + "->" + previous); + throw new IllegalStateException("codebase property already set: " + property + " -> " + previous + ", cannot set to " + url.toString()); } } return Policy.getInstance("JavaPolicy", new URIParameter(policyFile.toURI())); From 54c3576b1ab9d72f2091bf947b926b364841ad11 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Thu, 9 Nov 2017 14:04:52 -0800 Subject: [PATCH 3/3] fix line length --- .../src/main/java/org/elasticsearch/bootstrap/Security.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/org/elasticsearch/bootstrap/Security.java b/core/src/main/java/org/elasticsearch/bootstrap/Security.java index aaae726ea8984..c742fdf7f84c6 100644 --- a/core/src/main/java/org/elasticsearch/bootstrap/Security.java +++ b/core/src/main/java/org/elasticsearch/bootstrap/Security.java @@ -212,13 +212,15 @@ static Policy readPolicy(URL policyFile, Set codebases) { propertiesSet.add(aliasProperty); String previous = System.setProperty(aliasProperty, url.toString()); if (previous != null) { - throw new IllegalStateException("codebase property already set: " + aliasProperty + " -> " + previous + ", cannot set to " + url.toString()); + throw new IllegalStateException("codebase property already set: " + aliasProperty + " -> " + previous + + ", cannot set to " + url.toString()); } } propertiesSet.add(property); String previous = System.setProperty(property, url.toString()); if (previous != null) { - throw new IllegalStateException("codebase property already set: " + property + " -> " + previous + ", cannot set to " + url.toString()); + throw new IllegalStateException("codebase property already set: " + property + " -> " + previous + + ", cannot set to " + url.toString()); } } return Policy.getInstance("JavaPolicy", new URIParameter(policyFile.toURI()));