incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Dingwall <james.dingw...@zynstra.com>
Subject Re: old-style (hashed) passwords for admin are broken in 1.6.0?
Date Thu, 21 Aug 2014 12:33:34 GMT
Alexey Elfman wrote:
> Hello.
>
> I've experiencing troubles after upgrade to 1.6.0.
> After short investigation, I realized, that troubles are with admin users
> with hashed password (not pbkdf) in locals.ini file.
>
> Users with hashed password experiencing 403 error accessing couchdb 1.6.0
> (all previous versions work fine). Error text isn't helpfull:
> "{"error":"forbidden","reason":"doc.type must be user"}"
>
> So, my recommendation is to reset password before upgrade (it will become
> in pbkdf format).
>
> This trouble (breaking change?) was not covered in change log for 1.6.0,
> so, may be, my message will be helpfull for somebody.
>
This was a bug in the 1.6.0 release.  You can apply a patch to the 
source to solve the problem.

Regards,
James

cat << EOF | patch src/couchdb/couch_passwords.erl
--- src/couchdb/couch_passwords.erl.orig        2014-07-26 
17:53:22.624015000 +0000
+++ src/couchdb/couch_passwords.erl     2014-07-26 17:54:10.524015000 +0000
@@ -26,7 +26,9 @@
      ?l2b(couch_util:to_hex(crypto:sha(<<Password/binary, Salt/binary>>))).

  %% CouchDB utility functions
--spec hash_admin_password(binary()) -> binary().
+-spec hash_admin_password(binary() | list()) -> binary().
+hash_admin_password(ClearPassword) when is_list(ClearPassword) ->
+    hash_admin_password(?l2b(ClearPassword));
  hash_admin_password(ClearPassword) when is_binary(ClearPassword) ->
      Iterations = couch_config:get("couch_httpd_auth", "iterations", 
"10000"),
      Salt = couch_uuids:random(),
EOF


Mime
View raw message