couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mikewall...@apache.org
Subject [3/4] couch commit: updated refs/heads/2452-users-db-security-on-clustered-interface to 4e24b4c
Date Fri, 14 Nov 2014 19:35:06 GMT
Move admin ddoc check for _users DB to http layer

In order to restrict access to design documents in the
authentication DB to admins only we were checking whether a user
was admin in the couch_server callback. When running the auth DB
on the clustered interface this meant that admins could not read
the design doc because the user context was not being passed to
any of the calls to open the design doc.

One possible fix is to add the user context to all the clustering
code involving design doc access however given the amount of
plumbing here is fairly substantial the chances of getting it wrong
are rather high. The alternative is to move this check into the
http layer where we already have access to the user context.

This commit moves the admin check when accessing design docs in the
auth DB into couch_httpd_db (for the admin port).

A separate commit in couchdb-chttpd adds a similar check for
requests through the clustered port.

COUCHDB-2452 3/3


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/6266b954
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/6266b954
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/6266b954

Branch: refs/heads/2452-users-db-security-on-clustered-interface
Commit: 6266b95415f8c8d8cde49a8ce221e9d31ebf18b8
Parents: 2ed6938
Author: Mike Wallace <mikewallace@apache.org>
Authored: Thu Nov 13 18:02:05 2014 +0000
Committer: Mike Wallace <mikewallace@apache.org>
Committed: Fri Nov 14 18:26:40 2014 +0000

----------------------------------------------------------------------
 src/couch_httpd_db.erl | 23 +++++++++++++++++++++++
 src/couch_users_db.erl | 15 +++------------
 2 files changed, 26 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/6266b954/src/couch_httpd_db.erl
----------------------------------------------------------------------
diff --git a/src/couch_httpd_db.erl b/src/couch_httpd_db.erl
index 34f04f2..12e59d1 100644
--- a/src/couch_httpd_db.erl
+++ b/src/couch_httpd_db.erl
@@ -489,6 +489,29 @@ db_doc_req(#httpd{method='DELETE'}=Req, Db, DocId) ->
     end;
 
 db_doc_req(#httpd{method = 'GET', mochi_req = MochiReq} = Req, Db, DocId) ->
+    case DocId of
+    <<"_design/", _/binary>> ->
+        DbName = mem3:dbname(Db#db.name),
+        AuthDbName = ?l2b(config:get("couch_httpd_auth", "authentication_db")),
+        case AuthDbName of
+        DbName ->
+            % in the authentication database, design doc access are admin-only.
+            %{SecProps} = fabric:get_security(DbName),
+            %case (catch couch_db:check_is_admin(Db#db{security=SecProps})) of
+            case (catch couch_db:check_is_admin(Db)) of
+            ok ->
+                ok;
+            _ ->
+                throw({forbidden,
+                    <<"Only administrators can view design docs in the users database.">>})
+            end;
+        _Else ->
+            % on other databases, design doc access is free for all.
+            ok
+        end;
+    _Else ->
+        ok
+    end,
     #doc_query_args{
         rev = Rev,
         open_revs = Revs,

http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/6266b954/src/couch_users_db.erl
----------------------------------------------------------------------
diff --git a/src/couch_users_db.erl b/src/couch_users_db.erl
index 3b76862..a16b874 100644
--- a/src/couch_users_db.erl
+++ b/src/couch_users_db.erl
@@ -73,11 +73,8 @@ save_doc(#doc{body={Body}} = Doc) ->
         Doc#doc{body={Body3}}
     end.
 
-% If the doc is a design doc
-%   If the request's userCtx identifies an admin
-%     -> return doc
-%   Else
-%     -> 403 // Forbidden
+% If the doc is a design doc return it and relay on the http layer to restrict
+% access to admins
 % If the request's userCtx identifies an admin
 %   -> return doc
 % If the request's userCtx.name doesn't match the doc's name
@@ -85,13 +82,7 @@ save_doc(#doc{body={Body}} = Doc) ->
 % Else
 %   -> return doc
 after_doc_read(#doc{id = <<?DESIGN_DOC_PREFIX, _/binary>>} = Doc, Db) ->
-    case (catch couch_db:check_is_admin(Db)) of
-    ok ->
-        Doc;
-    _ ->
-        throw({forbidden,
-        <<"Only administrators can view design docs in the users database.">>})
-    end;
+    Doc;
 after_doc_read(Doc, #db{user_ctx = UserCtx} = Db) ->
     #user_ctx{name=Name} = UserCtx,
     DocName = get_doc_name(Doc),


Mime
View raw message