> On Sept. 5, 2017, 11 a.m., Hitesh Khamesra wrote: > > Ship It!
I've had to do more work on this & would appreciate another review. - Bruce ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62088/#review184565 ----------------------------------------------------------- On Sept. 7, 2017, 10:32 a.m., Bruce Schuchardt wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62088/ > ----------------------------------------------------------- > > (Updated Sept. 7, 2017, 10:32 a.m.) > > > Review request for geode, Alexander Murmann, Galen O'Sullivan, Hitesh > Khamesra, and Udo Kohlmeyer. > > > Bugs: GEODE-3249 > https://issues.apache.org/jira/browse/GEODE-3249 > > > Repository: geode > > > Description > ------- > > This change leaves the security hole in place but allows you to plug it by > setting the system property > > geode.disallow-internal-messages-without-credentials=true > > Clients must be upgraded to the release containing this change if you set > this system property to true and client/server authentication is enabled. > Otherwise client messages to register PDX types or Instantiators will be > rejected by the servers. > > New tests have been added to perform backward-compatibility testing with the > old security implementation and the internal message command classes have > been modified to perform validation of credentials if the system property is > set to true. > > > Diffs > ----- > > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java > b243d8ebb8f7fb698a4637c7a787ee2d7216f1f7 > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxEnum.java > 5a4a07b81b18d33e465bd3aa46ad4232b976b608 > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java > 041e12fbd04e81f1f69520c53ef9c2f7481132fd > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetFunctionAttribute.java > 76cc4a59bff691c4760083861362825d70ba326e > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXEnumById.java > 5e59640e5067ec8ac5fc50807ec276e1bdc025dd > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForEnum.java > b0ebaf23f27e91278c7afe3648954ad6113206a8 > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForType.java > f2172ef4d8fa9f83929d8f5b2aa0c5377d7cf57e > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXTypeById.java > e46445bc96d735a66aa09330a1790b951591251e > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPdxEnums70.java > 3fe9750f8577a70e4cda9e76da83070f6e6606b1 > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPdxTypes70.java > e64683fb620985d698357912bb1d1b52e8b24681 > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterDataSerializers.java > eef5195eae3bedb414aa2e2fca748b31e0b27908 > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInstantiators.java > a402cb360f05f99442833e6098c736d2ac18d69a > > geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationDUnitTest.java > ca7b2b6b7a2c8d8215eda828901a05dcabdf3625 > > geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationPart2DUnitTest.java > f8ebe056e21228f1d9e32e1dd271f6a4bfb4af71 > > geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java > 0ecd72f4ee321f7f8aa5e998fa176551e45f025c > > geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationDUnitTest.java > 09aedbec86f95ab9affa1f76b387a5a03c0098ec > > geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java > a4fd365ffaa51447d56c2bcb481311082ddcbc31 > geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java > e69f36de1efbd0061ad8621db45fe3a64686968e > > geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/MonitorCQ.java > f5e31df988f5955d2fbeef5269a7729ec97c9d03 > > geode-cq/src/test/java/org/apache/geode/security/ClientAuthorizationTwoDUnitTest.java > f5f686c0595c7500c4275292edb2e8f87593c67e > > > Diff: https://reviews.apache.org/r/62088/diff/2/ > > > Testing > ------- > > > Thanks, > > Bruce Schuchardt > >
