You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ro...@apache.org on 2022/10/24 19:04:45 UTC
[couchdb] branch couch_password_server created (now 9589ac48d)
This is an automated email from the ASF dual-hosted git repository.
ronny pushed a change to branch couch_password_server
in repository https://gitbox.apache.org/repos/asf/couchdb.git
at 9589ac48d Implement global admin password hasher process
This branch includes the following new commits:
new 9589ac48d Implement global admin password hasher process
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[couchdb] 01/01: Implement global admin password hasher process
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ronny pushed a commit to branch couch_password_server
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 9589ac48da3c9aa044d060c8148142b87fb046c4
Author: Ronny Berndt <ro...@apache.org>
AuthorDate: Mon Oct 24 21:04:27 2022 +0200
Implement global admin password hasher process
---
src/couch/src/couch_password_server.erl | 75 +++++++++++++++++++++++++++++++++
src/couch/src/couch_server.erl | 18 ++------
src/couch/src/couch_sup.erl | 6 +++
3 files changed, 85 insertions(+), 14 deletions(-)
diff --git a/src/couch/src/couch_password_server.erl b/src/couch/src/couch_password_server.erl
new file mode 100644
index 000000000..2dfc1c3a8
--- /dev/null
+++ b/src/couch/src/couch_password_server.erl
@@ -0,0 +1,75 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(couch_password_server).
+
+-behaviour(gen_server).
+
+-include_lib("couch/include/couch_db.hrl").
+
+-export([start_link/0]).
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2, terminate/2,
+ code_change/3]).
+
+-export([hash/0]).
+
+-record(state, {}).
+
+%%%===================================================================
+%%% Public functions
+%%%===================================================================
+
+hash() ->
+ gen_server:call(?MODULE, {hash_passwords}).
+
+%%%===================================================================
+%%% Spawning and gen_server implementation
+%%%===================================================================
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+init(_Args) ->
+ {ok, #state{}}.
+
+handle_call({hash_passwords}, _From, _State) ->
+ hash_admin_passwords();
+handle_call(_Request, _From, State = #state{}) ->
+ {reply, ok, State}.
+
+handle_cast(_Request, State = #state{}) ->
+ {noreply, State}.
+
+handle_info(_Info, State = #state{}) ->
+ {noreply, State}.
+
+terminate(_Reason, _State = #state{}) ->
+ ok.
+
+code_change(_OldVsn, State = #state{}, _Extra) ->
+ {ok, State}.
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
+
+hash_admin_passwords() ->
+ hash_admin_passwords(true).
+
+hash_admin_passwords(Persist) ->
+ lists:foreach(
+ fun({User, ClearPassword}) ->
+ HashedPassword = couch_passwords:hash_admin_password(ClearPassword),
+ config:set("admins", User, ?b2l(HashedPassword), Persist)
+ end,
+ couch_passwords:get_unhashed_admins()
+ ).
\ No newline at end of file
diff --git a/src/couch/src/couch_server.erl b/src/couch/src/couch_server.erl
index 4cb858295..9e030b217 100644
--- a/src/couch/src/couch_server.erl
+++ b/src/couch/src/couch_server.erl
@@ -253,18 +253,6 @@ is_admin(User, ClearPwd) ->
has_admins() ->
config:get("admins") /= [].
-hash_admin_passwords() ->
- hash_admin_passwords(true).
-
-hash_admin_passwords(Persist) ->
- lists:foreach(
- fun({User, ClearPassword}) ->
- HashedPassword = couch_passwords:hash_admin_password(ClearPassword),
- config:set("admins", User, ?b2l(HashedPassword), Persist)
- end,
- couch_passwords:get_unhashed_admins()
- ).
-
close_db_if_idle(DbName) ->
case ets:lookup(couch_dbs(DbName), DbName) of
[#entry{}] ->
@@ -310,7 +298,8 @@ init([N]) ->
),
ok = config:listen_for_changes(?MODULE, N),
ok = couch_file:init_delete_dir(RootDir),
- hash_admin_passwords(),
+ % hash_admin_passwords(),
+ couch_password_server:hash(),
ets:new(couch_dbs(N), [
set,
protected,
@@ -381,7 +370,8 @@ handle_config_change("couchdb_engines", _, _, _, N) ->
{ok, N};
handle_config_change("admins", _, _, Persist, N) ->
% spawn here so couch event manager doesn't deadlock
- spawn(fun() -> hash_admin_passwords(Persist) end),
+ % spawn(fun() -> couch_passwords_hasher:hash_admin_passwords(Persist) end),
+ couch_password_server:hash(),
{ok, N};
handle_config_change("httpd", "authentication_handlers", _, _, N) ->
couch_httpd:stop(),
diff --git a/src/couch/src/couch_sup.erl b/src/couch/src/couch_sup.erl
index f13bc9917..abb7d7eae 100644
--- a/src/couch/src/couch_sup.erl
+++ b/src/couch/src/couch_sup.erl
@@ -28,6 +28,7 @@ start_link() ->
assert_no_monsters(),
assert_admins(),
maybe_launch_admin_annoyance_reporter(),
+ start_password_server(),
write_pidfile(),
notify_starting(),
@@ -168,3 +169,8 @@ write_file(FileName, Contents) ->
couch_log:error("Failed ot write ~s :: ~s", Args),
throw({error, Reason})
end.
+
+start_password_server() ->
+ couch_log:info("Password Server Process is starting.~n", []),
+ couch_password_server:start_link(),
+ ok.
\ No newline at end of file