incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Shorin <kxe...@gmail.com>
Subject Re: old-style (hashed) passwords for admin are broken in 1.6.0?
Date Thu, 21 Aug 2014 12:40:49 GMT
or just wait for awhile for 1.6.1 release with the bugfix.
--
,,,^..^,,,


On Thu, Aug 21, 2014 at 4:33 PM, James Dingwall
<james.dingwall@zynstra.com> wrote:
> Alexey Elfman wrote:
>>
>> Hello.
>>
>> I've experiencing troubles after upgrade to 1.6.0.
>> After short investigation, I realized, that troubles are with admin users
>> with hashed password (not pbkdf) in locals.ini file.
>>
>> Users with hashed password experiencing 403 error accessing couchdb 1.6.0
>> (all previous versions work fine). Error text isn't helpfull:
>> "{"error":"forbidden","reason":"doc.type must be user"}"
>>
>> So, my recommendation is to reset password before upgrade (it will become
>> in pbkdf format).
>>
>> This trouble (breaking change?) was not covered in change log for 1.6.0,
>> so, may be, my message will be helpfull for somebody.
>>
> This was a bug in the 1.6.0 release.  You can apply a patch to the source to
> solve the problem.
>
> Regards,
> James
>
> cat << EOF | patch src/couchdb/couch_passwords.erl
> --- src/couchdb/couch_passwords.erl.orig        2014-07-26
> 17:53:22.624015000 +0000
> +++ src/couchdb/couch_passwords.erl     2014-07-26 17:54:10.524015000 +0000
> @@ -26,7 +26,9 @@
>      ?l2b(couch_util:to_hex(crypto:sha(<<Password/binary, Salt/binary>>))).
>
>  %% CouchDB utility functions
> --spec hash_admin_password(binary()) -> binary().
> +-spec hash_admin_password(binary() | list()) -> binary().
> +hash_admin_password(ClearPassword) when is_list(ClearPassword) ->
> +    hash_admin_password(?l2b(ClearPassword));
>  hash_admin_password(ClearPassword) when is_binary(ClearPassword) ->
>      Iterations = couch_config:get("couch_httpd_auth", "iterations",
> "10000"),
>      Salt = couch_uuids:random(),
> EOF
>

Mime
View raw message