Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix NPE in auditing authenticationSuccess for non-existing run-as user (#91171) #91240

Merged
merged 1 commit into from
Nov 2, 2022
Merged

Fix NPE in auditing authenticationSuccess for non-existing run-as user (#91171) #91240

merged 1 commit into from
Nov 2, 2022

Conversation

ywangd
Copy link
Member

@ywangd ywangd commented Nov 2, 2022

When run-as fails because the target user does not exist, the authentication is created with a null lookup realm. It is then rejected at authorization time. But for authentication, it is treated as success. This can lead to NPE when auditing the authenticationSuccess event.

This PR fixes the NPE by checking whether lookup realm is null before using it.

Relates: #91126 (comment)

Backport: #91171

@ywangd
Fix NPE in auditing authenticationSuccess for non-existing run-as user (
ede5b3e 
elastic#91171)

When run-as fails because the target user does not exist, the
authentication is created with a null lookup realm. It is then rejected
at authorization time. But for authentication, it is treated as success.
This can lead to NPE when auditing the authenticationSuccess event.

This PR fixes the NPE by checking whether lookup realm is null before
using it.

Relates: elastic#91126 (comment)
@ywangd ywangd added backport auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) labels Nov 2, 2022
@elasticsearchmachine elasticsearchmachine merged commit 3f24a51 into elastic:8.5 Nov 2, 2022
@ywangd ywangd deleted the pki-realm-delegatee-realm-8.5 branch November 2, 2022 00:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport v8.5.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ywangd @elasticsearchmachine