You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Dave Cottlehuber (JIRA)" <ji...@apache.org> on 2014/08/21 15:54:11 UTC
[jira] [Commented] (COUCHDB-2299) admin users are unable to login
after upgrading to 1.6.0 when older password hashes are used
[ https://issues.apache.org/jira/browse/COUCHDB-2299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14105373#comment-14105373 ]
Dave Cottlehuber commented on COUCHDB-2299:
-------------------------------------------
Note that 1.4+ obviously won't have the actual issue, because they will create PKBDF2-style hashes, but if the [admins] section hasn't changed from a previous install, it will still fail. 1.6.0 is where we broke this.
> admin users are unable to login after upgrading to 1.6.0 when older password hashes are used
> --------------------------------------------------------------------------------------------
>
> Key: COUCHDB-2299
> URL: https://issues.apache.org/jira/browse/COUCHDB-2299
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Database Core
> Affects Versions: 1.6.0
> Reporter: Dave Cottlehuber
> Priority: Blocker
> Fix For: 1.6.1
>
>
> # issue
> When a couch is upgraded to 1.6.0, and the config files contain an [admins] section with non-PBKDF2 hashed passwords (old-style < 1.3.1) then couchdb will not let those admin users login.
> # reproduce
> - install 1.2.1 through 1.5.1 (tested those + 1.3.1 + 1.6.1-rc.3)
> - create a new admin user via futon
> - remove old binaries etc `rm -rf bin share lib`
> - only dbs and .ini files remain (apart from log uri etc)
> - install 1.6.0 (or 1-rc.3 with the fix for the raw/unhashed password fix)
> - try to log in using admin via futon
> {code}
> 2> [debug] [<0.146.0>] 'POST' /_session {1,1} from "94.136.7.161"
> Headers: [{'Accept',"application/json"},
> {'Accept-Encoding',"gzip,deflate"},
> {'Accept-Language',"en-US,en;q=0.8,de;q=0.6"},
> {'Connection',"keep-alive"},
> {'Content-Length',"25"},
> {'Content-Type',"application/x-www-form-urlencoded; charset=UTF-8"},
> {'Cookie',"AuthSession="},
> {"Dnt","1"},
> {'Host',"130.211.98.121:5984"},
> {"Origin","http://130.211.98.121:5984"},
> {'Referer',"http://130.211.98.121:5984/_utils/"},
> {'User-Agent',"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2129.0 Safari/537.36"},
> {"X-Requested-With","XMLHttpRequest"}]
> [debug] [<0.146.0>] OAuth Params: []
> [debug] [<0.146.0>] Attempt Login: admin
> [debug] [<0.117.0>] DDocProc found for DDocKey: {<<"_design/_auth">>,
> <<"2-7837bd4a550c1a65ac96c258e83d8b8c">>}
> [debug] [<0.171.0>] OS Process #Port<0.3041> Input :: ["reset",{"reduce_limit":true,"timeout":5000}]
> [debug] [<0.171.0>] OS Process #Port<0.3041> Output :: true
> [debug] [<0.171.0>] OS Process #Port<0.3041> Input :: ["ddoc","_design/_auth",
> ["validate_doc_update"],
> [{"_id":"",
> "password_scheme":"pbkdf2",
> "iterations":10,"roles":["_admin"],
> "salt":"a755d787383cdc147808a3ce2326479e",
> "password_scheme":"simple",
> "derived_key":"77bc076166db06fd940540ea7dc9d181e7e44741",
> "_revisions":{"start":0,"ids":[]}},
> null,
> {"db":"_users","name":null,"roles":["_admin"]},{}]]
> [debug] [<0.171.0>] OS Process #Port<0.3041> Output :: {"forbidden":"doc.type must be user"}
> [debug] [<0.146.0>] Minor error in HTTP request: {forbidden,
> <<"doc.type must be user">>}
> [debug] [<0.146.0>] Stacktrace: [{couch_db,update_doc,4,
> [{file,"couch_db.erl"},{line,432}]},
> {couch_httpd_auth,
> '-maybe_upgrade_password_hash/3-fun-0-',
> 4,
> [{file,"couch_httpd_auth.erl"},
> {line,355}]},
> {couch_util,with_db,2,
> [{file,"couch_util.erl"},{line,443}]},
> {couch_httpd_auth,handle_session_req,1,
> [{file,"couch_httpd_auth.erl"},
> {line,275}]},
> {couch_httpd,handle_request_int,5,
> [{file,"couch_httpd.erl"},{line,318}]},
> {mochiweb_http,headers,5,
> [{file,"mochiweb_http.erl"},{line,94}]},
> {proc_lib,init_p_do_apply,3,
> [{file,"proc_lib.erl"},{line,227}]}]
> [info] [<0.146.0>] 94.136.7.161 - - POST /_session 403
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)