Skip to content

Commit

Permalink
Revert PR 4656 to unblock Windows CI (opensearch-project#4949)
Browse files Browse the repository at this point in the history
* Revert PR 4656 to unblock Windows CI

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

* changelog added

Signed-off-by: Poojita Raj <poojiraj@amazon.com>

Signed-off-by: Poojita Raj <poojiraj@amazon.com>
  • Loading branch information
Poojita-Raj authored Oct 27, 2022
1 parent 84aba05 commit fe0b917
Show file tree
Hide file tree
Showing 7 changed files with 8 additions and 169 deletions.
3 changes: 1 addition & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Bumps `reactor-core` from 3.4.18 to 3.4.23 ([#4548](https://github.com/opensearch-project/OpenSearch/pull/4548))
- Bumps `jempbox` from 1.8.16 to 1.8.17 ([#4550](https://github.com/opensearch-project/OpenSearch/pull/4550))
- Bumps `hadoop-hdfs` from 3.3.3 to 3.3.4 ([#4644](https://github.com/opensearch-project/OpenSearch/pull/4644))
- Bumps `jna` from 5.11.0 to 5.12.1 ([#4656](https://github.com/opensearch-project/OpenSearch/pull/4656))
- Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) ([#4779](https://github.com/opensearch-project/OpenSearch/pull/4779))
- Bumps `tika` from 2.4.0 to 2.5.0 ([#4791](https://github.com/opensearch-project/OpenSearch/pull/4791))
- Exclude jettison version brought in with hadoop-minicluster. ([#4787](https://github.com/opensearch-project/OpenSearch/pull/4787))
Expand Down Expand Up @@ -97,7 +96,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Further simplification of the ZIP publication implementation ([#4360](https://github.com/opensearch-project/OpenSearch/pull/4360))
- Relax visibility of the HTTP_CHANNEL_KEY and HTTP_SERVER_CHANNEL_KEY to make it possible for the plugins to access associated Netty4HttpChannel / Netty4HttpServerChannel instance ([#4638](https://github.com/opensearch-project/OpenSearch/pull/4638))
- Load the deprecated master role in a dedicated method instead of in setAdditionalRoles() ([#4582](https://github.com/opensearch-project/OpenSearch/pull/4582))
- Include Windows OS in Bootstrap initializeNatives() check for definitelyRunningAsRoot() ([#4656](https://github.com/opensearch-project/OpenSearch/pull/4656))
- Add APIs (GET/PUT) to decommission awareness attribute ([#4261](https://github.com/opensearch-project/OpenSearch/pull/4261))
- Improve Gradle pre-commit checks to pre-empt Jenkins build ([#4660](https://github.com/opensearch-project/OpenSearch/pull/4660))
- Update to Apache Lucene 9.4.0 ([#4661](https://github.com/opensearch-project/OpenSearch/pull/4661))
Expand All @@ -120,6 +118,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- Remove Legacy Version support from Snapshot/Restore Service ([#4728](https://github.com/opensearch-project/OpenSearch/pull/4728))
- Remove deprecated serialization logic from pipeline aggs ([#4847](https://github.com/opensearch-project/OpenSearch/pull/4847))
- Remove unused private methods ([#4926](https://github.com/opensearch-project/OpenSearch/pull/4926))
- Revert PR 4656 to unblock Windows CI ([#4949](https://github.com/opensearch-project/OpenSearch/pull/4949))

### Fixed
- `opensearch-service.bat start` and `opensearch-service.bat manager` failing to run ([#4289](https://github.com/opensearch-project/OpenSearch/pull/4289))
Expand Down
2 changes: 1 addition & 1 deletion buildSrc/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ dependencies {
api 'com.netflix.nebula:gradle-info-plugin:11.3.3'
api 'org.apache.rat:apache-rat:0.13'
api 'commons-io:commons-io:2.7'
api "net.java.dev.jna:jna:5.12.1"
api "net.java.dev.jna:jna:5.11.0"
api 'gradle.plugin.com.github.johnrengelman:shadow:7.1.2'
api 'org.jdom:jdom2:2.0.6.1'
api 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10'
Expand Down
2 changes: 1 addition & 1 deletion buildSrc/version.properties
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jettison = 1.5.1
woodstox = 6.4.0

# when updating the JNA version, also update the version in buildSrc/build.gradle
jna = 5.12.1
jna = 5.5.0

netty = 4.1.84.Final
joda = 2.10.13
Expand Down
1 change: 0 additions & 1 deletion server/licenses/jna-5.12.1.jar.sha1

This file was deleted.

1 change: 1 addition & 0 deletions server/licenses/jna-5.5.0.jar.sha1
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0e0845217c4907822403912ad6828d8e0b256208
124 changes: 0 additions & 124 deletions server/src/main/java/org/opensearch/bootstrap/JNAAdvapi32Library.java

This file was deleted.

44 changes: 4 additions & 40 deletions server/src/main/java/org/opensearch/bootstrap/JNANatives.java
Original file line number Diff line number Diff line change
Expand Up @@ -35,19 +35,14 @@
import com.sun.jna.Native;
import com.sun.jna.Pointer;
import com.sun.jna.WString;
import com.sun.jna.ptr.IntByReference;
import com.sun.jna.ptr.PointerByReference;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.lucene.util.Constants;
import org.opensearch.bootstrap.JNAAdvapi32Library.TokenElevation;
import org.opensearch.monitor.jvm.JvmInfo;

import java.nio.file.Path;

import static org.opensearch.bootstrap.JNAAdvapi32Library.TOKEN_ELEVATION;
import static org.opensearch.bootstrap.JNAAdvapi32Library.TOKEN_QUERY;
import static org.opensearch.bootstrap.JNAKernel32Library.SizeT;

/**
Expand Down Expand Up @@ -190,44 +185,13 @@ static String rlimitToString(long value) {

/** Returns true if user is root, false if not, or if we don't know */
static boolean definitelyRunningAsRoot() {
if (Constants.WINDOWS) {
return false; // don't know
}
try {
if (Constants.WINDOWS) {
JNAKernel32Library kernel32 = JNAKernel32Library.getInstance();
JNAAdvapi32Library advapi32 = JNAAdvapi32Library.getInstance();

// Fetch a pseudo handle for the current process.
// The pseudo handle need not be closed when it is no longer needed (calling CloseHandle is a no-op).
Pointer process = kernel32.GetCurrentProcess();
PointerByReference hToken = new PointerByReference();
// Fetch the process token for the current process, for which we know we have the access rights
if (!advapi32.OpenProcessToken(process, TOKEN_QUERY, hToken)) {
logger.warn(
"Unable to open the Process Token for the current process [" + JNACLibrary.strerror(Native.getLastError()) + "]"
);
return false;
}
// We have successfully opened the token. Ensure it gets closed after we use it.
try {
TokenElevation elevation = new TokenElevation();
IntByReference returnLength = new IntByReference();
if (!advapi32.GetTokenInformation(hToken.getValue(), TOKEN_ELEVATION, elevation, elevation.size(), returnLength)) {
logger.warn(
"Unable to get TokenElevation information for the current process ["
+ JNACLibrary.strerror(Native.getLastError())
+ "]"
);
return false;
}
// Nonzero value means elevated privileges
return elevation.TokenIsElevated > 0;
} finally {
kernel32.CloseHandle(hToken.getValue());
}
}
// For unix-based systems, check effective user ID of process
return JNACLibrary.geteuid() == 0;
} catch (UnsatisfiedLinkError e) {
// this will have already been logged by Native Library, no need to repeat it
// this will have already been logged by Kernel32Library, no need to repeat it
return false;
}
}
Expand Down

0 comments on commit fe0b917

Please sign in to comment.