SOLR-14853: enableRemoteStreaming and enableStreamBody are now global (#1615)

Env vars: SOLR_ENABLE_REMOTE_STREAMING and SOLR_ENABLE_STREAM_BODY
Sys props: solr.enableRemoteStreaming and solr.enableStreamBody

solrconfig.xml (including via config-edit API) are now no-op; log a warning.
Backwards incompatible but easy to comply.

Co-authored-by: Jan Høydahl <janhoy@users.noreply.github.com>

---------

Signed-off-by: Jan Høydahl <janhoy@users.noreply.github.com>
Co-authored-by: Jan Høydahl <janhoy@users.noreply.github.com>

Author: 2 people

solr/CHANGES.txt

@@ -50,6 +50,9 @@ Other Changes
 
 * SOLR-17025: Upgrade Jetty to 9.4.53.v20231009 (Kevin Risden)
 
+* SOLR-14853: Security: Converted enableRemoteStreaming and enableStreamBody solrconfig options into system properties and env vars.
+  Attempts to set them the old way are no-op and log a warning. (David Smiley, janhoy, Ishan Chattopadhyaya)
+
 ==================  8.11.2 ==================
 
 Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.

solr/core/src/java/org/apache/solr/core/SolrConfig.java

@@ -134,9 +134,6 @@ public enum PluginOpts {
 
   private int formUploadLimitKB;
 
-  private boolean enableRemoteStreams;
-  private boolean enableStreamBody;
-
   private boolean handleSelect;
 
   private boolean addHttpRequestToContext;
@@ -340,9 +337,13 @@ private SolrConfig(SolrResourceLoader loader, String name, boolean isConfigsetTr
       formUploadLimitKB = get("requestDispatcher").get("requestParsers").intAttr("formdataUploadLimitInKB", Integer.MAX_VALUE);
       if (formUploadLimitKB == -1) formUploadLimitKB = Integer.MAX_VALUE;
 
-      enableRemoteStreams = get("requestDispatcher").get("requestParsers").boolAttr("enableRemoteStreaming", false);
+      if (get("requestDispatcher").get("requestParsers").attr("enableRemoteStreaming") != null) {
+        log.warn("Ignored deprecated enableRemoteStreaming in config; use sys-prop");
+      }
 
-      enableStreamBody = get("requestDispatcher").get("requestParsers").boolAttr("enableStreamBody", false);
+      if (get("requestDispatcher").get("requestParsers").attr("enableStreamBody") != null) {
+        log.warn("Ignored deprecated enableStreamBody in config; use sys-prop");
+      }
 
       handleSelect = get("requestDispatcher").boolAttr("handleSelect", !luceneMatchVersion.onOrAfter(Version.LUCENE_7_0_0));
       addHttpRequestToContext = get("requestDispatcher").get("requestParsers").boolAttr("addHttpRequestToContext", false);
@@ -902,15 +903,6 @@ public boolean isAddHttpRequestToContext() {
     return addHttpRequestToContext;
   }
 
-  public boolean isEnableRemoteStreams() {
-    return enableRemoteStreams;
-  }
-
-  public boolean isEnableStreamBody() {
-    return enableStreamBody;
-  }
-
-
   @Override
   @SuppressWarnings({"unchecked", "rawtypes"})
   public Map<String, Object> toMap(Map<String, Object> result) {

solr/core/src/java/org/apache/solr/handler/DumpRequestHandler.java

@@ -18,6 +18,7 @@
 
 import java.io.IOException;
 import java.io.Reader;
+import java.lang.invoke.MethodHandles;
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -28,14 +29,27 @@
 import org.apache.solr.common.util.NamedList;
 import org.apache.solr.common.util.SimpleOrderedMap;
 import org.apache.solr.core.PluginInfo;
+import org.apache.solr.core.SolrCore;
 import org.apache.solr.request.SolrQueryRequest;
 import org.apache.solr.request.SolrRequestHandler;
 import org.apache.solr.response.SolrQueryResponse;
+import org.apache.solr.security.AuthorizationContext;
+import org.apache.solr.security.PermissionNameProvider;
+import org.apache.solr.util.plugin.SolrCoreAware;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import static org.apache.solr.common.params.CommonParams.NAME;
 
-public class DumpRequestHandler extends RequestHandlerBase
+public class DumpRequestHandler extends RequestHandlerBase implements SolrCoreAware, PermissionNameProvider
 {
+  private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
+  SolrCore solrCore;
+  
+  @Override
+  public void inform(SolrCore core) {
+    this.solrCore = core;
+  }
 
   @Override
   @SuppressWarnings({"unchecked"})
@@ -130,4 +144,15 @@ public void init(@SuppressWarnings({"rawtypes"})NamedList args) {
       if(nl!=null) subpaths = nl.getAll("subpath");
     }
   }
+
+  @Override
+  public PermissionNameProvider.Name getPermissionName(AuthorizationContext request) {
+    if (solrCore != null && solrCore.getSolrConfig().getRequestParsers().isEnableRemoteStreams()) {
+      log.warn(
+          "Dump request handler requires config-read permission when remote streams are enabled");
+      return PermissionNameProvider.Name.CONFIG_READ_PERM;
+    } else {
+      return PermissionNameProvider.Name.ALL;
+    }
+  }
 }

solr/core/src/java/org/apache/solr/servlet/SolrRequestParsers.java

@@ -116,10 +116,11 @@ public SolrRequestParsers( SolrConfig globalConfig ) {
       multipartUploadLimitKB = globalConfig.getMultipartUploadLimitKB();
 
       formUploadLimitKB = globalConfig.getFormUploadLimitKB();
-      
-      enableRemoteStreams = globalConfig.isEnableRemoteStreams();
-      enableStreamBody = globalConfig.isEnableStreamBody();
-  
+
+      // security risks; disabled by default
+      enableRemoteStreams = Boolean.getBoolean("solr.enableRemoteStreaming");
+      enableStreamBody = Boolean.getBoolean("solr.enableStreamBody");
+
       // Let this filter take care of /select?xxx format
       handleSelect = globalConfig.isHandleSelect();
 
@@ -482,8 +483,12 @@ public void setAddRequestHeadersToContext(boolean addRequestHeadersToContext) {
     this.addHttpRequestToContext = addRequestHeadersToContext;
   }
 
-  //-----------------------------------------------------------------
-  //-----------------------------------------------------------------
+  public boolean isEnableRemoteStreams() {
+    return enableRemoteStreams;
+  }
+
+  // -----------------------------------------------------------------
+  // -----------------------------------------------------------------
 
   // I guess we don't really even need the interface, but i'll keep it here just for kicks
   interface SolrRequestParser 

solr/core/src/test-files/solr/collection1/conf/solrconfig-analytics-query.xml

@@ -216,7 +216,7 @@ based HashBitset. -->
   </searchComponent>
 
   <requestDispatcher>
-    <requestParsers enableRemoteStreaming="false" multipartUploadLimitInKB="-1" />
+    <requestParsers multipartUploadLimitInKB="-1" />
     <httpCaching lastModifiedFrom="openTime" etagSeed="Solr" never304="false">
       <cacheControl>max-age=30, public</cacheControl>
     </httpCaching>

solr/core/src/test-files/solr/collection1/conf/solrconfig-collapseqparser.xml

@@ -218,7 +218,7 @@ based HashBitset. -->
   </requestHandler>
 
   <requestDispatcher>
-    <requestParsers enableRemoteStreaming="false" multipartUploadLimitInKB="-1" />
+    <requestParsers multipartUploadLimitInKB="-1" />
     <httpCaching lastModifiedFrom="openTime" etagSeed="Solr" never304="false">
       <cacheControl>max-age=30, public</cacheControl>
     </httpCaching>

solr/core/src/test-files/solr/collection1/conf/solrconfig-components-name.xml

@@ -53,7 +53,7 @@
   </requestHandler>
 
   <requestDispatcher>
-    <requestParsers enableRemoteStreaming="false" multipartUploadLimitInKB="-1" />
+    <requestParsers multipartUploadLimitInKB="-1" />
     <httpCaching lastModifiedFrom="openTime" etagSeed="Solr" never304="false">
       <cacheControl>max-age=30, public</cacheControl>
     </httpCaching>

solr/core/src/test-files/solr/collection1/conf/solrconfig-delaying-component.xml

@@ -35,7 +35,7 @@
   </requestHandler>
 
   <requestDispatcher >
-    <requestParsers enableRemoteStreaming="false" multipartUploadLimitInKB="-1" />
+    <requestParsers multipartUploadLimitInKB="-1" />
     <httpCaching never304="true" />
   </requestDispatcher>
 

solr/core/src/test-files/solr/collection1/conf/solrconfig-doctransformers.xml

@@ -40,7 +40,7 @@
   <requestHandler name="/select" class="solr.SearchHandler"/>
 
   <requestDispatcher>
-    <requestParsers enableRemoteStreaming="false" multipartUploadLimitInKB="-1" />
+    <requestParsers multipartUploadLimitInKB="-1" />
   </requestDispatcher>
 
   <!-- config for the admin interface -->

solr/core/src/test-files/solr/collection1/conf/solrconfig-elevate.xml

@@ -128,7 +128,7 @@
   </requestHandler>-->
 
   <requestDispatcher>
-    <requestParsers enableRemoteStreaming="false" multipartUploadLimitInKB="-1" />
+    <requestParsers multipartUploadLimitInKB="-1" />
     <httpCaching lastModifiedFrom="openTime" etagSeed="Solr" never304="false">
       <cacheControl>max-age=30, public</cacheControl>
     </httpCaching>