opensearch-project · Poojita-Raj · Oct 27, 2022 · Oct 27, 2022 · Oct 27, 2022
@@ -68,7 +68,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bumps `reactor-core` from 3.4.18 to 3.4.23 ([#4548](https://github.com/opensearch-project/OpenSearch/pull/4548))
 - Bumps `jempbox` from 1.8.16 to 1.8.17 ([#4550](https://github.com/opensearch-project/OpenSearch/pull/4550))
 - Bumps `hadoop-hdfs` from 3.3.3 to 3.3.4 ([#4644](https://github.com/opensearch-project/OpenSearch/pull/4644))
-- Bumps `jna` from 5.11.0 to 5.12.1 ([#4656](https://github.com/opensearch-project/OpenSearch/pull/4656))
 - Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) ([#4779](https://github.com/opensearch-project/OpenSearch/pull/4779))
 - Bumps `tika` from 2.4.0 to 2.5.0 ([#4791](https://github.com/opensearch-project/OpenSearch/pull/4791))
 - Exclude jettison version brought in with hadoop-minicluster. ([#4787](https://github.com/opensearch-project/OpenSearch/pull/4787))
@@ -97,7 +96,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Further simplification of the ZIP publication implementation ([#4360](https://github.com/opensearch-project/OpenSearch/pull/4360))
 - Relax visibility of the HTTP_CHANNEL_KEY and HTTP_SERVER_CHANNEL_KEY to make it possible for the plugins to access associated Netty4HttpChannel / Netty4HttpServerChannel instance ([#4638](https://github.com/opensearch-project/OpenSearch/pull/4638))
 - Load the deprecated master role in a dedicated method instead of in setAdditionalRoles() ([#4582](https://github.com/opensearch-project/OpenSearch/pull/4582))
-- Include Windows OS in Bootstrap initializeNatives() check for definitelyRunningAsRoot() ([#4656](https://github.com/opensearch-project/OpenSearch/pull/4656))
 - Add APIs (GET/PUT) to decommission awareness attribute ([#4261](https://github.com/opensearch-project/OpenSearch/pull/4261))
 - Improve Gradle pre-commit checks to pre-empt Jenkins build ([#4660](https://github.com/opensearch-project/OpenSearch/pull/4660))
 - Update to Apache Lucene 9.4.0 ([#4661](https://github.com/opensearch-project/OpenSearch/pull/4661))
@@ -120,6 +118,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Remove Legacy Version support from Snapshot/Restore Service ([#4728](https://github.com/opensearch-project/OpenSearch/pull/4728))
 - Remove deprecated serialization logic from pipeline aggs ([#4847](https://github.com/opensearch-project/OpenSearch/pull/4847))
 - Remove unused private methods ([#4926](https://github.com/opensearch-project/OpenSearch/pull/4926))
+- Revert PR 4656 to unblock Windows CI ([#4949](https://github.com/opensearch-project/OpenSearch/pull/4949))
 
 ### Fixed
 - `opensearch-service.bat start` and `opensearch-service.bat manager` failing to run ([#4289](https://github.com/opensearch-project/OpenSearch/pull/4289))

@@ -110,7 +110,7 @@ dependencies {
   api 'com.netflix.nebula:gradle-info-plugin:11.3.3'
   api 'org.apache.rat:apache-rat:0.13'
   api 'commons-io:commons-io:2.7'
-  api "net.java.dev.jna:jna:5.12.1"
+  api "net.java.dev.jna:jna:5.11.0"
   api 'gradle.plugin.com.github.johnrengelman:shadow:7.1.2'
   api 'org.jdom:jdom2:2.0.6.1'
   api 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10'

@@ -22,7 +22,7 @@ jettison          = 1.5.1
 woodstox          = 6.4.0
 
 # when updating the JNA version, also update the version in buildSrc/build.gradle
-jna               = 5.12.1
+jna               = 5.5.0
 
 netty             = 4.1.84.Final
 joda              = 2.10.13

@@ -0,0 +1 @@
+0e0845217c4907822403912ad6828d8e0b256208
@@ -35,19 +35,14 @@
 import com.sun.jna.Native;
 import com.sun.jna.Pointer;
 import com.sun.jna.WString;
-import com.sun.jna.ptr.IntByReference;
-import com.sun.jna.ptr.PointerByReference;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.apache.lucene.util.Constants;
-import org.opensearch.bootstrap.JNAAdvapi32Library.TokenElevation;
 import org.opensearch.monitor.jvm.JvmInfo;
 
 import java.nio.file.Path;
 
-import static org.opensearch.bootstrap.JNAAdvapi32Library.TOKEN_ELEVATION;
-import static org.opensearch.bootstrap.JNAAdvapi32Library.TOKEN_QUERY;
 import static org.opensearch.bootstrap.JNAKernel32Library.SizeT;
 
 /**
@@ -190,44 +185,13 @@ static String rlimitToString(long value) {
 
     /** Returns true if user is root, false if not, or if we don't know */
     static boolean definitelyRunningAsRoot() {
+        if (Constants.WINDOWS) {
+            return false; // don't know
+        }
         try {
-            if (Constants.WINDOWS) {
-                JNAKernel32Library kernel32 = JNAKernel32Library.getInstance();
-                JNAAdvapi32Library advapi32 = JNAAdvapi32Library.getInstance();
-
-                // Fetch a pseudo handle for the current process.
-                // The pseudo handle need not be closed when it is no longer needed (calling CloseHandle is a no-op).
-                Pointer process = kernel32.GetCurrentProcess();
-                PointerByReference hToken = new PointerByReference();
-                // Fetch the process token for the current process, for which we know we have the access rights
-                if (!advapi32.OpenProcessToken(process, TOKEN_QUERY, hToken)) {
-                    logger.warn(
-                        "Unable to open the Process Token for the current process [" + JNACLibrary.strerror(Native.getLastError()) + "]"
-                    );
-                    return false;
-                }
-                // We have successfully opened the token. Ensure it gets closed after we use it.
-                try {
-                    TokenElevation elevation = new TokenElevation();
-                    IntByReference returnLength = new IntByReference();
-                    if (!advapi32.GetTokenInformation(hToken.getValue(), TOKEN_ELEVATION, elevation, elevation.size(), returnLength)) {
-                        logger.warn(
-                            "Unable to get TokenElevation information for the current process ["
-                                + JNACLibrary.strerror(Native.getLastError())
-                                + "]"
-                        );
-                        return false;
-                    }
-                    // Nonzero value means elevated privileges
-                    return elevation.TokenIsElevated > 0;
-                } finally {
-                    kernel32.CloseHandle(hToken.getValue());
-                }
-            }
-            // For unix-based systems, check effective user ID of process
             return JNACLibrary.geteuid() == 0;
         } catch (UnsatisfiedLinkError e) {
-            // this will have already been logged by Native Library, no need to repeat it
+            // this will have already been logged by Kernel32Library, no need to repeat it
             return false;
         }
     }