diff options
author | Robert Newson <rnewson@apache.org> | 2014-08-21 16:34:59 +0100 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2014-08-21 16:34:59 +0100 |
commit | 5e46f3b988797e16bde36518d5b808eadd83ecfa (patch) | |
tree | f6123331738f9677257b55b7604046b0bb58a8ff | |
parent | 6acdb2203e5b97030014d18ab1fa83d1e3828038 (diff) | |
download | couchdb-2299-dont-upgrade-admin-hashes-stupidly.tar.gz |
Don't upgrade admin hashes into the _users database2299-dont-upgrade-admin-hashes-stupidly
Admin users are stored in .ini files and are not full-fledged user
documents. Internally, a fake document is made to allow insertion into
the auth cache. CouchDB 1.6 introduced a feature to upgrade password
hashes from the legacy simple hash scheme to the stronger PBKDF2
scheme. It inappropriately attempted to do this to the fake admin
docs, which do not pass the _design/_auth validation checks. This is
fortunate, however, as CouchDB would then have written the admin users
into the users database causing widespread confusion and fear.
-rw-r--r-- | src/couchdb/couch_httpd_auth.erl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl index 6888f0691..305283255 100644 --- a/src/couchdb/couch_httpd_auth.erl +++ b/src/couchdb/couch_httpd_auth.erl @@ -345,8 +345,9 @@ maybe_value(Key, Else, Fun) -> [{Key, Fun(Else)}]. maybe_upgrade_password_hash(UserName, Password, UserProps) -> - case couch_util:get_value(<<"password_scheme">>, UserProps, <<"simple">>) of - <<"simple">> -> + IsAdmin = lists:member(<<"_admin">>, couch_util:get_value(<<"roles">>, UserProps, [])), + case {IsAdmin, couch_util:get_value(<<"password_scheme">>, UserProps, <<"simple">>)} of + {false, <<"simple">>} -> DbName = ?l2b(couch_config:get("couch_httpd_auth", "authentication_db", "_users")), couch_util:with_db(DbName, fun(UserDb) -> UserProps2 = proplists:delete(<<"password_sha">>, UserProps), |