[JENKINS-45841] - Disable JNLP/JNLP2/CLI protocols on new installations

core/src/main/java/hudson/cli/CliProtocol.java

@@ -47,12 +47,17 @@ public String getName() {
         return jenkins.CLI.get().isEnabled() ? "CLI-connect" : null;
     }
 
+    @Override
+    public boolean isDeprecated() {
+        return true;
+    }
+
     /**
      * {@inheritDoc}
      */
     @Override
     public String getDisplayName() {
-        return "Jenkins CLI Protocol/1";
+        return "Jenkins CLI Protocol/1 (deprecated, unencrypted)";
     }
 
     @Override

core/src/main/java/hudson/cli/CliProtocol2.java

@@ -38,12 +38,18 @@ public boolean isOptIn() {
         return false;
     }
 
+    @Override
+    public boolean isDeprecated() {
+        // We do not recommend it though it may be required for Remoting CLI
+        return true;
+    }
+
     /**
      * {@inheritDoc}
      */
     @Override
     public String getDisplayName() {
-        return "Jenkins CLI Protocol/2";
+        return "Jenkins CLI Protocol/2 (deprecated)";
     }
 
     @Override

core/src/main/java/jenkins/AgentProtocol.java

@@ -8,6 +8,8 @@
 import java.io.IOException;
 import java.net.Socket;
 import java.util.Set;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
 import jenkins.model.Jenkins;
 
 /**
@@ -53,6 +55,16 @@ public boolean isOptIn() {
     public boolean isRequired() {
         return false;
     }
+
+    /**
+     * Checks if the protocol is deprecated.
+     * 
+     * @since TODO
+     */
+    public boolean isDeprecated() {
+        return false;
+    }
+
     /**
      * Protocol name.
      *
@@ -86,6 +98,7 @@ public static ExtensionList<AgentProtocol> all() {
         return ExtensionList.lookup(AgentProtocol.class);
     }
 
+    @CheckForNull
     public static AgentProtocol of(String protocolName) {
         for (AgentProtocol p : all()) {
             String n = p.getName();

core/src/main/java/jenkins/install/SetupWizard.java

@@ -52,6 +52,8 @@
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.net.URLConnection;
+import java.util.Arrays;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import jenkins.CLI;
@@ -62,6 +64,7 @@
 import net.sf.json.JSONObject;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
+import org.jenkinsci.remoting.engine.JnlpProtocol4Handler;
 import org.kohsuke.accmod.restrictions.DoNotUse;
 import org.kohsuke.stapler.interceptor.RequirePOST;
 
@@ -127,6 +130,13 @@ public class SetupWizard extends PageDecorator {
                     // Disable CLI over Remoting
                     CLI.get().setEnabled(false);
 
+                    // Disable old Non-Encrypted protocols ()
+                    HashSet<String> newProtocols = new HashSet<>(jenkins.getAgentProtocols());
+                    newProtocols.removeAll(Arrays.asList(
+                            "JNLP2-connect", "JNLP-connect", "CLI-connect"   
+                    ));
+                    jenkins.setAgentProtocols(newProtocols);
+
                     // require a crumb issuer
                     jenkins.setCrumbIssuer(new DefaultCrumbIssuer(false));
 

core/src/main/java/jenkins/slaves/DeprecatedAgentProtocolMonitor.java

@@ -0,0 +1,112 @@
+/*
+ * The MIT License
+ *
+ * Copyright (c) 2017 CloudBees, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package jenkins.slaves;
+
+import hudson.Extension;
+import hudson.init.InitMilestone;
+import hudson.init.Initializer;
+import hudson.model.AdministrativeMonitor;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.annotation.CheckForNull;
+import jenkins.AgentProtocol;
+import jenkins.model.Jenkins;
+import org.apache.commons.lang.StringUtils;
+import org.jenkinsci.Symbol;
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+
+
+/**
+ * Monitors enabled protocols and warns if a protocol is deprecated. 
+ * 
+ * @author Oleg Nenashev
+ * @since TODO
+ */
+@Extension
+@Symbol("remotingProtocolVersions")
+@Restricted(NoExternalUse.class)
+public class DeprecatedAgentProtocolMonitor extends AdministrativeMonitor {
+
+    private static final Logger LOGGER = Logger.getLogger(DeprecatedAgentProtocolMonitor.class.getName());
+
+    public DeprecatedAgentProtocolMonitor() {
+        super(AgentProtocol.class.getName() + "-deprecated");
+    }
+
+    @Override
+    public String getDisplayName() {
+        return "Deprecated Remoting protocols";
+    }
+
+    @Override
+    public boolean isActivated() {
+        final Set<String> agentProtocols = Jenkins.getInstance().getAgentProtocols();
+        for (String name : agentProtocols) {
+            AgentProtocol pr = AgentProtocol.of(name);
+            if (pr != null && pr.isDeprecated()) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    @Restricted(NoExternalUse.class)
+    public String getDeprecatedProtocols() {
+        String res = getDeprecatedProtocolsString();
+        return res != null ? res : "N/A";
+    }
+
+    @CheckForNull
+    public static String getDeprecatedProtocolsString() {
+        final List<String> deprecatedProtocols = new ArrayList<>();
+        final Set<String> agentProtocols = Jenkins.getInstance().getAgentProtocols();
+        for (String name : agentProtocols) {
+            AgentProtocol pr = AgentProtocol.of(name);
+            if (pr != null && pr.isDeprecated()) {
+                deprecatedProtocols.add(name);
+            }
+        }
+        if (deprecatedProtocols.isEmpty()) {
+            return null;
+        }
+        return StringUtils.join(deprecatedProtocols, ',');
+    }
+
+    @Initializer(after = InitMilestone.PLUGINS_STARTED)
+    @Restricted(NoExternalUse.class)
+    public static void initializerCheck() {
+        String protocols = getDeprecatedProtocolsString();
+        if(protocols != null) {
+            LOGGER.log(Level.WARNING, "This Jenkins instance uses deprecated Remoting protocols: {0}"
+                    + "It may impact stability of the instance. " 
+                    + "If newer protocol versions are supported by all system components "
+                    + "(agents, CLI and other clients), "
+                    + "it is highly recommended to disable the deprecated protocols.", protocols);
+        } 
+    }
+}

core/src/main/java/jenkins/slaves/JnlpSlaveAgentProtocol.java

@@ -44,6 +44,15 @@
  * is generated once and used forever, which makes this whole scheme
  * less secure.
  *
+ * <h2>UI Extensions</h2>
+ * <dl>
+ *  <dt>description.jelly</dt>
+ *  <dd>Optional protocol description</dd>
+ *  <dt>deprecationCause.jelly</dt>
+ *  <dd>Optional. If the protocol is marked as {@link #isDeprecated()}, 
+ *      clarifies the deprecation reason and provides extra documentation links</dd>
+ * </dl>
+ * 
  * @author Kohsuke Kawaguchi
  * @since 1.467
  */
@@ -79,6 +88,11 @@ public boolean isOptIn() {
         return OPT_IN;
     }
 
+    @Override
+    public boolean isDeprecated() {
+        return true;
+    }
+
     @Override
     public String getName() {
         return handler.isEnabled() ? handler.getName() : null;

core/src/main/java/jenkins/slaves/JnlpSlaveAgentProtocol2.java

@@ -53,6 +53,11 @@ public boolean isOptIn() {
         return false;
     }
 
+    @Override
+    public boolean isDeprecated() {
+        return true;
+    }
+
     /**
      * {@inheritDoc}
      */

core/src/main/java/jenkins/slaves/JnlpSlaveAgentProtocol3.java

@@ -65,6 +65,11 @@ public String getDisplayName() {
         return Messages.JnlpSlaveAgentProtocol3_displayName();
     }
 
+    @Override
+    public boolean isDeprecated() {
+        return true;
+    }
+
     @Override
     public void handle(Socket socket) throws IOException, InterruptedException {
         handler.handle(socket,

core/src/main/resources/hudson/cli/CliProtocol/deprecationCause.jelly

@@ -0,0 +1,4 @@
+<?jelly escape-by-default='true'?>
+<j:jelly xmlns:j="jelly:core">
+  ${%message}
+</j:jelly>

core/src/main/resources/hudson/cli/CliProtocol/deprecationCause.properties

@@ -0,0 +1,2 @@
+message=This protocol is an obsolete protocol, which has been replaced by CLI2-connect. \
+        It is also not encrypted.

core/src/main/resources/hudson/cli/CliProtocol2/deprecationCause.jelly

@@ -0,0 +1,4 @@
+<?jelly escape-by-default='true'?>
+<j:jelly xmlns:j="jelly:core">
+  ${%message}
+</j:jelly>

core/src/main/resources/hudson/cli/CliProtocol2/deprecationCause.properties

@@ -0,0 +1,3 @@
+message=Remoting-based CLI is deprecated and not recommended due to the security reasons. \
+        It is recommended to disable this protocol on the instance. \
+        if you need Remoting CLI on your instance, this protocol has to be enabled.

core/src/main/resources/hudson/security/GlobalSecurityConfiguration/index.groovy

@@ -72,6 +72,11 @@ l.layout(norefresh:true, permission:app.ADMINISTER, title:my.displayName, csscla
                                         td(colspan:"2");
                                         td(class:"setting-description"){
                                             st.include(from:p, page: "description", optional:true);
+                                            if (p.deprecated) {
+                                              br()
+                                              text(b(_("Deprecated. ")))
+                                              st.include(from:p, page: "deprecationCause", optional:true);
+                                            }
                                         }
                                         td();
                                     }

core/src/main/resources/jenkins/slaves/DeprecatedAgentProtocolMonitor/message.jelly

@@ -0,0 +1,7 @@
+<?jelly escape-by-default='true'?>
+<j:jelly xmlns:j="jelly:core">
+  <div class="warning">
+    ${%blurb(it.deprecatedProtocols)}
+    <a href="${rootURL}/configureSecurity">${%Protocol Configuration}</a>
+  </div>
+</j:jelly>

core/src/main/resources/jenkins/slaves/DeprecatedAgentProtocolMonitor/message.properties

@@ -0,0 +1,4 @@
+blurb=This Jenkins instance uses deprecated Remoting protocols: {0}. \
+      It may impact stability of the instance. \
+      If newer protocol versions are supported by all system components (agents, CLI and other clients), \
+      it is highly recommended to disable the deprecated protocols.

core/src/main/resources/jenkins/slaves/JnlpSlaveAgentProtocol/deprecationCause.jelly

@@ -0,0 +1,4 @@
+<?jelly escape-by-default='true'?>
+<j:jelly xmlns:j="jelly:core">
+  ${%message}
+</j:jelly>

core/src/main/resources/jenkins/slaves/JnlpSlaveAgentProtocol/deprecationCause.properties

@@ -0,0 +1,2 @@
+message=This protocol is an obsolete protocol, which has been replaced by JNLP2-connect. \
+        It is also not encrypted.

core/src/main/resources/jenkins/slaves/JnlpSlaveAgentProtocol2/deprecationCause.jelly

@@ -0,0 +1,5 @@
+<?jelly escape-by-default='true'?>
+<j:jelly xmlns:j="jelly:core">
+  ${%message}
+  <a href="https://github.com/jenkinsci/remoting/blob/master/docs/protocols.md#jnlp2-connect-errata">${%JNLP2 Protocol Errata}</a>
+</j:jelly>

core/src/main/resources/jenkins/slaves/JnlpSlaveAgentProtocol2/deprecationCause.properties

@@ -0,0 +1,3 @@
+message=This protocol has known stability issues, and it is replaced by JNLP4. \
+  It is also not encrypted. \
+  See more information in the protocol Errata.

core/src/main/resources/jenkins/slaves/JnlpSlaveAgentProtocol3/deprecationCause.jelly

@@ -0,0 +1,6 @@
+<?jelly escape-by-default='true'?>
+<j:jelly xmlns:j="jelly:core">
+  ${%This protocol is unstable. See the protocol documentation for more info.}
+  <!-- TODO: Move/mirror it to jenkins.io -->
+  <a href="https://github.com/jenkinsci/remoting/blob/master/docs/protocols.md#jnlp3-connect-errata">${%JNLP3 Protocol Errata}</a>
+</j:jelly>

core/src/main/resources/jenkins/slaves/JnlpSlaveAgentProtocol3/deprecationCause.properties

@@ -0,0 +1 @@
+

core/src/main/resources/jenkins/slaves/JnlpSlaveAgentProtocol3/description.properties

@@ -1,4 +1 @@
-summary=Extends the version 2 protocol by adding basic encryption but requires a thread per client. \
-  This protocol falls back to Java Web Start Agent Protocol/2 (unencrypted) when it can't create a secure connection. \
-  This protocol is not recommended. \
-  Use Java Web Start Agent Protocol/4 instead.
+summary=Extends the version 2 protocol by adding basic encryption but requires a thread per client.

core/src/main/resources/jenkins/slaves/JnlpSlaveAgentProtocol3/description_de.properties

@@ -20,6 +20,4 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-summary=Erweitert das Protokoll Version 2 um einfache Verschl\u00FCsselung, aber erfordert einen Thread pro Client. \
-  Dieses Protokoll f\u00E4llt auf Protokoll-Version 2 (unverschl\u00FCsselt) zur\u00FCck, wenn keine sichere Verbindung hergestellt werden kann. \
-  Dieses Protokoll sollte nicht verwendet werden, stattdessen sollte Protokoll-Version 4 verwendet werden.
+summary=Erweitert das Protokoll Version 2 um einfache Verschl\u00fcsselung, aber erfordert einen Thread pro Client.

core/src/main/resources/jenkins/slaves/Messages.properties

@@ -20,7 +20,7 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-JnlpSlaveAgentProtocol.displayName=Java Web Start Agent Protocol/1 (unencrypted)
-JnlpSlaveAgentProtocol2.displayName=Java Web Start Agent Protocol/2 (unencrypted)
-JnlpSlaveAgentProtocol3.displayName=Java Web Start Agent Protocol/3 (basic encryption)
+JnlpSlaveAgentProtocol.displayName=Java Web Start Agent Protocol/1 (deprecated, unencrypted)
+JnlpSlaveAgentProtocol2.displayName=Java Web Start Agent Protocol/2 (deprecated, unencrypted)
+JnlpSlaveAgentProtocol3.displayName=Java Web Start Agent Protocol/3 (deprecated, basic encryption)
 JnlpSlaveAgentProtocol4.displayName=Java Web Start Agent Protocol/4 (TLS encryption)