couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Cottlehuber (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-2299) admin users are unable to login after upgrading to 1.6.0 when older password hashes are used
Date Thu, 21 Aug 2014 13:54:11 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-2299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14105373#comment-14105373
] 

Dave Cottlehuber commented on COUCHDB-2299:
-------------------------------------------

Note that 1.4+ obviously won't have the actual issue, because they will create PKBDF2-style
hashes, but if the [admins] section hasn't changed from a previous install, it will still
fail. 1.6.0 is where we broke this.

> admin users are unable to login after upgrading to 1.6.0 when older password hashes are
used
> --------------------------------------------------------------------------------------------
>
>                 Key: COUCHDB-2299
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2299
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Database Core
>    Affects Versions: 1.6.0
>            Reporter: Dave Cottlehuber
>            Priority: Blocker
>             Fix For: 1.6.1
>
>
> # issue
> When a couch is upgraded to 1.6.0, and the config files contain an [admins] section with
non-PBKDF2 hashed passwords (old-style < 1.3.1) then couchdb will not let those admin users
login.
> # reproduce
> - install 1.2.1 through 1.5.1 (tested those + 1.3.1 + 1.6.1-rc.3)
> - create a new admin user via futon
> - remove old binaries etc `rm -rf bin share lib` 
> - only dbs and .ini files remain (apart from log uri etc) 
> - install 1.6.0 (or 1-rc.3 with the fix for the raw/unhashed password fix) 
> - try to log in using admin via futon
> {code}
> 2> [debug] [<0.146.0>] 'POST' /_session {1,1} from "94.136.7.161"
> Headers: [{'Accept',"application/json"},
>           {'Accept-Encoding',"gzip,deflate"},
>           {'Accept-Language',"en-US,en;q=0.8,de;q=0.6"},
>           {'Connection',"keep-alive"},
>           {'Content-Length',"25"},
>           {'Content-Type',"application/x-www-form-urlencoded; charset=UTF-8"},
>           {'Cookie',"AuthSession="},
>           {"Dnt","1"},
>           {'Host',"130.211.98.121:5984"},
>           {"Origin","http://130.211.98.121:5984"},
>           {'Referer',"http://130.211.98.121:5984/_utils/"},
>           {'User-Agent',"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/39.0.2129.0 Safari/537.36"},
>           {"X-Requested-With","XMLHttpRequest"}]
> [debug] [<0.146.0>] OAuth Params: []
> [debug] [<0.146.0>] Attempt Login: admin
> [debug] [<0.117.0>] DDocProc found for DDocKey: {<<"_design/_auth">>,
>                                                  <<"2-7837bd4a550c1a65ac96c258e83d8b8c">>}
> [debug] [<0.171.0>] OS Process #Port<0.3041> Input  :: ["reset",{"reduce_limit":true,"timeout":5000}]
> [debug] [<0.171.0>] OS Process #Port<0.3041> Output :: true
> [debug] [<0.171.0>] OS Process #Port<0.3041> Input  :: ["ddoc","_design/_auth",
>     ["validate_doc_update"],
>     [{"_id":"",
>         "password_scheme":"pbkdf2",
>         "iterations":10,"roles":["_admin"],
>         "salt":"a755d787383cdc147808a3ce2326479e",
>         "password_scheme":"simple",
>         "derived_key":"77bc076166db06fd940540ea7dc9d181e7e44741",
>         "_revisions":{"start":0,"ids":[]}},
>     null,
>     {"db":"_users","name":null,"roles":["_admin"]},{}]]
> [debug] [<0.171.0>] OS Process #Port<0.3041> Output :: {"forbidden":"doc.type
must be user"}
> [debug] [<0.146.0>] Minor error in HTTP request: {forbidden,
>                                                   <<"doc.type must be user">>}
> [debug] [<0.146.0>] Stacktrace: [{couch_db,update_doc,4,
>                                      [{file,"couch_db.erl"},{line,432}]},
>                                  {couch_httpd_auth,
>                                      '-maybe_upgrade_password_hash/3-fun-0-',
>                                      4,
>                                      [{file,"couch_httpd_auth.erl"},
>                                       {line,355}]},
>                                  {couch_util,with_db,2,
>                                      [{file,"couch_util.erl"},{line,443}]},
>                                  {couch_httpd_auth,handle_session_req,1,
>                                      [{file,"couch_httpd_auth.erl"},
>                                       {line,275}]},
>                                  {couch_httpd,handle_request_int,5,
>                                      [{file,"couch_httpd.erl"},{line,318}]},
>                                  {mochiweb_http,headers,5,
>                                      [{file,"mochiweb_http.erl"},{line,94}]},
>                                  {proc_lib,init_p_do_apply,3,
>                                      [{file,"proc_lib.erl"},{line,227}]}]
> [info] [<0.146.0>] 94.136.7.161 - - POST /_session 403
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message