geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hitesh Khamesra <hkhame...@pivotal.io>
Subject Re: Review Request 62088: GEODE-3249 Validate internal client/server messages
Date Fri, 08 Sep 2017 16:49:54 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62088/#review184986
-----------------------------------------------------------


Ship it!




Ship It!

- Hitesh Khamesra


On Sept. 7, 2017, 5:43 p.m., Bruce Schuchardt wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62088/
> -----------------------------------------------------------
> 
> (Updated Sept. 7, 2017, 5:43 p.m.)
> 
> 
> Review request for geode, Alexander Murmann, Galen O'Sullivan, Hitesh Khamesra, and Udo
Kohlmeyer.
> 
> 
> Bugs: GEODE-3249
>     https://issues.apache.org/jira/browse/GEODE-3249
> 
> 
> Repository: geode
> 
> 
> Description
> -------
> 
> This change leaves the security hole in place but allows you to plug it by setting the
system property
> 
> geode.disallow-internal-messages-without-credentials=true
> 
> Clients must be upgraded to the release containing this change if you set this system
property to true and client/server authentication is enabled.  Otherwise client messages to
register PDX types or Instantiators will be rejected by the servers.
> 
> New tests have been added to perform backward-compatibility testing with the old security
implementation and the internal message command classes have been modified to perform validation
of credentials if the system property is set to true.
> 
> 
> Diffs
> -----
> 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
b243d8ebb8f7fb698a4637c7a787ee2d7216f1f7 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxEnum.java
5a4a07b81b18d33e465bd3aa46ad4232b976b608 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java
041e12fbd04e81f1f69520c53ef9c2f7481132fd 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetFunctionAttribute.java
76cc4a59bff691c4760083861362825d70ba326e 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXEnumById.java
5e59640e5067ec8ac5fc50807ec276e1bdc025dd 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForEnum.java
b0ebaf23f27e91278c7afe3648954ad6113206a8 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForType.java
f2172ef4d8fa9f83929d8f5b2aa0c5377d7cf57e 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXTypeById.java
e46445bc96d735a66aa09330a1790b951591251e 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPdxEnums70.java
3fe9750f8577a70e4cda9e76da83070f6e6606b1 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPdxTypes70.java
e64683fb620985d698357912bb1d1b52e8b24681 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterDataSerializers.java
eef5195eae3bedb414aa2e2fca748b31e0b27908 
>   geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInstantiators.java
a402cb360f05f99442833e6098c736d2ac18d69a 
>   geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationDUnitTest.java
ca7b2b6b7a2c8d8215eda828901a05dcabdf3625 
>   geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationPart2DUnitTest.java
f8ebe056e21228f1d9e32e1dd271f6a4bfb4af71 
>   geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java
0ecd72f4ee321f7f8aa5e998fa176551e45f025c 
>   geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationDUnitTest.java
09aedbec86f95ab9affa1f76b387a5a03c0098ec 
>   geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java
a4fd365ffaa51447d56c2bcb481311082ddcbc31 
>   geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java e69f36de1efbd0061ad8621db45fe3a64686968e

>   geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/MonitorCQ.java
f5e31df988f5955d2fbeef5269a7729ec97c9d03 
>   geode-cq/src/test/java/org/apache/geode/security/ClientAuthorizationTwoDUnitTest.java
f5f686c0595c7500c4275292edb2e8f87593c67e 
> 
> 
> Diff: https://reviews.apache.org/r/62088/diff/3/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Bruce Schuchardt
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message