Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 65465 invoked from network); 16 Feb 2010 11:12:35 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 16 Feb 2010 11:12:35 -0000 Received: (qmail 64847 invoked by uid 500); 16 Feb 2010 11:12:34 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 64760 invoked by uid 500); 16 Feb 2010 11:12:34 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 64750 invoked by uid 99); 16 Feb 2010 11:12:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Feb 2010 11:12:34 +0000 X-ASF-Spam-Status: No, hits=1.5 required=10.0 tests=NORMAL_HTTP_TO_IP,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of b.candler@pobox.com designates 208.72.237.25 as permitted sender) Received: from [208.72.237.25] (HELO sasl.smtp.pobox.com) (208.72.237.25) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Feb 2010 11:12:23 +0000 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 1597D9A879 for ; Tue, 16 Feb 2010 06:12:02 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=hpKDkoleY+wDDjCvzI7n7Y2lSMM=; b=TMNsZ5d E5lvFfTTaFfDjVOFucjCGJabQPBU64oxFtn5FCN3beRsIaBzfauNMg9PVdCsWQb5 qnyEGWXFHmo5f7HBqgu12OSHX4ON+HSgkinj8QcKOdBb7FvTYZ1j3hqN14waRZcg yMZcWl1dlGoU0qnb7tYN3WK3VOC7jQ2lLgYQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=sasl; b=eCeU58niDluCx/naGC97zosffYGz93IJ8 ff5w6wTb3Py9iEbdBlJuBgy+bDuWzC5vB+B7Mwch2vlWD5SHDlOqjmDlTjhejFqn bcjr2zZTRaWdKDAUqUmGu/IMA2DhfHmgGWP8GWFl1a2GsnOBIduEZ9ka3f5e+IOd iD8mGQkLQg= Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 122639A878 for ; Tue, 16 Feb 2010 06:12:02 -0500 (EST) Received: from zino (unknown [87.194.77.98]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id CB7BD9A875 for ; Tue, 16 Feb 2010 06:12:01 -0500 (EST) Received: from lists by zino with local (Exim 4.69) (envelope-from ) id 1NhLLU-0001Zh-Px for dev@couchdb.apache.org; Tue, 16 Feb 2010 11:12:00 +0000 Date: Tue, 16 Feb 2010 11:12:00 +0000 From: Brian Candler To: dev@couchdb.apache.org Subject: Re: DB ACLs (was Re: 0.11 Release / Feature Freeze for 1.0) Message-ID: <20100216111200.GB6036@uk.tiscali.com> References: <20100205224225.GA8463@uk.tiscali.com> <20100206095856.GA5057@uk.tiscali.com> <20100207091927.GA4771@uk.tiscali.com> <20100208161946.GA6227@uk.tiscali.com> <20100209100053.GA5270@uk.tiscali.com> <20100209100419.GB5270@uk.tiscali.com> <20100209193037.GA13080@uk.tiscali.com> <20100216105027.GA6036@uk.tiscali.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100216105027.GA6036@uk.tiscali.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-Pobox-Relay-ID: 1B806B8E-1AEC-11DF-A8C3-6AF7ED7EF46B-28021239!a-pb-sasl-quonix.pobox.com X-Virus-Checked: Checked by ClamAV on apache.org And a bit more debugging: diff --git a/src/couchdb/couch_db.erl b/src/couchdb/couch_db.erl index 6d5da15..c2826e3 100644 --- a/src/couchdb/couch_db.erl +++ b/src/couchdb/couch_db.erl @@ -238,7 +238,9 @@ check_is_admin(#db{user_ctx=#user_ctx{name=Name,roles=Roles}}=Db) -> AdminRoles -> % same list, not an admin role case AdminNames -- [Name] of AdminNames -> % same names, not an admin - throw({unauthorized, <<"You are not a db or server admin.">>}); + %% throw({unauthorized, <<"You are not a db or server admin.">>}); + Msg = list_to_binary(io_lib:format("Bah. Admins=~p, AdminNames=~p, AdminRoles=~p, Name=~p, Roles=~p", [Admins, AdminNames, AdminRoles, Name, Roles])), + throw({unauthorized, Msg}); _ -> ok end; @@ -273,12 +275,15 @@ check_is_reader(#db{user_ctx=#user_ctx{name=Name,roles=Roles}=UserCtx}=Db) -> end. get_admins(#db{security=SecProps}) -> - proplists:get_value(<<"admins">>, SecProps, {[]}). + Admins = proplists:get_value(<<"admins">>, SecProps, {[]}), + ?LOG_INFO("In get_admins: SecProps=~p Admins=~p", [SecProps, Admins]), + Admins. get_readers(#db{security=SecProps}) -> proplists:get_value(<<"readers">>, SecProps, {[]}). get_security(#db{security=SecProps}) -> + ?LOG_INFO("In get_security: SecProps=~p", [SecProps]), {SecProps}. set_security(#db{update_pid=Pid}=Db, {NewSecProps}) when is_list(NewSecProps) -> Results: [Tue, 16 Feb 2010 10:54:12 GMT] [info] [<0.94.0>] In get_admins: SecProps=[{admins,{[{names,[<<"brianadmin">>]},{roles,[]}]}}, {readers,{[{names,[]},{roles,[]}]}}, {sec_obj,{[{<<"foo">>,<<"bar">>}]}}] Admins={[]} [Tue, 16 Feb 2010 10:54:12 GMT] [info] [<0.94.0>] In get_security: SecProps=[{admins,{[{names,[<<"brianadmin">>]},{roles,[]}]}}, {readers,{[{names,[]},{roles,[]}]}}, {sec_obj,{[{<<"foo">>,<<"bar">>}]}}] [Tue, 16 Feb 2010 10:54:12 GMT] [info] [<0.94.0>] 127.0.0.1 - - 'GET' /briantest/_security 200 [Tue, 16 Feb 2010 10:54:25 GMT] [info] [<0.106.0>] In get_admins: SecProps=[{admins,{[{names,[<<"brianadmin">>]},{roles,[]}]}}, {readers,{[{names,[<<"brian">>]},{roles,[]}]}}, {sec_obj,{[]}}] Admins={[]} [Tue, 16 Feb 2010 10:54:25 GMT] [info] [<0.106.0>] In get_admins: SecProps=[{admins,{[{names,[<<"brianadmin">>]},{roles,[]}]}}, {readers,{[{names,[]},{roles,[]}]}}, {sec_obj,{[{<<"foo">>,<<"bar">>}]}}] Admins={[]} [Tue, 16 Feb 2010 10:54:25 GMT] [info] [<0.106.0>] In get_admins: SecProps=[{admins,{[{names,[<<"brianadmin">>]},{roles,[]}]}}, {readers,{[{names,[]},{roles,[]}]}}, {sec_obj,{[{<<"foo">>,<<"bar">>}]}}] Admins={[]} [Tue, 16 Feb 2010 10:54:25 GMT] [info] [<0.106.0>] 127.0.0.1 - - 'PUT' /briantest/_design/foo 401 The problem is that in my database, SecProps has atom admins as the proplist key, but get_admins is looking for binary <<"admins">> as the key. However, on a freshly-created database, binaries *are* used as keys: [Tue, 16 Feb 2010 10:59:05 GMT] [info] [<0.126.0>] In get_security: SecProps=[{<<"admins">>, {[{<<"names">>,[<<"brianadmin">>]}, {<<"roles">>,[]}]}}, {<<"readers">>, {[{<<"names">>,[]},{<<"roles">>,[]}]}}, {<<"sec_obj">>,{[{<<"foo">>,<<"bar">>}]}}] [Tue, 16 Feb 2010 10:59:05 GMT] [info] [<0.126.0>] 127.0.0.1 - - 'GET' /testdb/_security 200 and I realised I could fix the problem by a GET followed by a PUT of the _security document. $ curl http://127.0.0.1:5984/briantest/_security | curl -X PUT --data-binary @- http://admin:admin@127.0.0.1:5984/briantest/_security So I would summarise this as: (1) whatever mechanism merged my old _readers and _admins into _security got it wrong (but I haven't found that mechanism yet) (2) the code which retrieves _security and returns it as JSON to the browser is unable to distinguish atoms from binaries, and so it gives a false impression to the user that the security settings have been set in a particular way, when they have not. I don't know if this is worth opening a JIRA ticket for, because maybe it only affects databases which have been following trunk. But anything which means that security behaves differently to how it appears to have been configured makes me nervous. Regards, Brian.