You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by va...@apache.org on 2022/04/26 19:44:51 UTC
[couchdb] 01/10: Remove the default "monster" cookie
This is an automated email from the ASF dual-hosted git repository.
vatamane pushed a commit to branch 3.2.x
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit c4e811ecf97d5796145b60f3b99a84abcec56ebf
Author: Robert Newson <rn...@apache.org>
AuthorDate: Sat Apr 2 01:12:10 2022 -0400
Remove the default "monster" cookie
---
dev/remsh | 3 +--
dev/remsh-tls | 3 +--
rel/overlay/bin/remsh | 8 ++++++--
rel/overlay/etc/vm.args | 5 ++---
src/couch/src/couch_sup.erl | 20 ++++++++++++++++++++
5 files changed, 30 insertions(+), 9 deletions(-)
diff --git a/dev/remsh b/dev/remsh
index b9b81d226..347a799d0 100755
--- a/dev/remsh
+++ b/dev/remsh
@@ -25,5 +25,4 @@ fi
NAME="remsh$$@$HOST"
NODE="node$NODE@$HOST"
-COOKIE=monster
-erl -name $NAME -remsh $NODE -setcookie $COOKIE -hidden
+erl -name $NAME -remsh $NODE -hidden
diff --git a/dev/remsh-tls b/dev/remsh-tls
index 603317d72..089db669f 100755
--- a/dev/remsh-tls
+++ b/dev/remsh-tls
@@ -25,6 +25,5 @@ fi
NAME="remsh$$@$HOST"
NODE="node$NODE@$HOST"
-COOKIE=monster
rootdir="$(cd "${0%/*}" 2>/dev/null; echo "$PWD")"
-erl -name $NAME -remsh $NODE -setcookie $COOKIE -hidden -proto_dist inet_tls -ssl_dist_optfile "${rootdir}/couch_ssl_dist.conf"
+erl -name $NAME -remsh $NODE -hidden -proto_dist inet_tls -ssl_dist_optfile "${rootdir}/couch_ssl_dist.conf"
diff --git a/rel/overlay/bin/remsh b/rel/overlay/bin/remsh
index 3f59bcb21..de37d6cc2 100755
--- a/rel/overlay/bin/remsh
+++ b/rel/overlay/bin/remsh
@@ -55,11 +55,10 @@ if test -f "$ARGS_FILE"; then
ARGS_FILE_COOKIE=$(awk '$1=="-setcookie"{print $2}' "$ARGS_FILE")
COOKIE="${COOKIE:-$ARGS_FILE_COOKIE}"
fi
-COOKIE="${COOKIE:-monster}"
printHelpAndExit() {
echo "Usage: ${PROGNAME} [OPTION]... [-- <additional Erlang cli options>]"
- echo " -c cookie specify shared Erlang cookie (default: monster)"
+ echo " -c cookie specify shared Erlang cookie"
echo " -l HOST specify remsh's host name (default: 127.0.0.1)"
echo " -m use output of \`hostname -f\` as remsh's host name"
echo " -n NAME@HOST specify couchdb's Erlang node name (-name in vm.args)"
@@ -114,6 +113,11 @@ fi
# to avoid conflicts with the cli parameters
ERL_FLAGS_CLEAN=$(echo "$ERL_FLAGS" | sed 's/-setcookie \([^ ][^ ]*\)//g' | sed 's/-name \([^ ][^ ]*\)//g')
+if [ -z "${COOKIE}" ]; then
+ echo "No Erlang cookie could be found, please specify with -c" >&2
+ exit 1
+fi
+
if [ -z "$TLSCONF" ]; then
exec env ERL_FLAGS="$ERL_FLAGS_CLEAN" "$BINDIR/erl" -boot "$ROOTDIR/releases/$APP_VSN/start_clean" \
-name remsh$$@$LHOST -remsh $NODE -hidden -setcookie $COOKIE \
diff --git a/rel/overlay/etc/vm.args b/rel/overlay/etc/vm.args
index 805e9ec22..4971627c9 100644
--- a/rel/overlay/etc/vm.args
+++ b/rel/overlay/etc/vm.args
@@ -38,9 +38,8 @@
{{node_name}}
# All nodes must share the same magic cookie for distributed Erlang to work.
-# Comment out this line if you synchronized the cookies by other means (using
-# the ~/.erlang.cookie file, for example).
--setcookie monster
+# Uncomment the following line and append a securely generated random value.
+# -setcookie
# Tell kernel and SASL not to log anything
-kernel error_logger silent
diff --git a/src/couch/src/couch_sup.erl b/src/couch/src/couch_sup.erl
index b936c1e5d..85400a39a 100644
--- a/src/couch/src/couch_sup.erl
+++ b/src/couch/src/couch_sup.erl
@@ -28,6 +28,7 @@
start_link() ->
+ assert_no_monsters(),
assert_admins(),
maybe_launch_admin_annoyance_reporter(),
write_pidfile(),
@@ -87,6 +88,25 @@ handle_config_change(_, _, _, _, _) ->
handle_config_terminate(_Server, _Reason, _State) ->
ok.
+assert_no_monsters() ->
+ couch_log:info("Preflight check: Checking For Monsters~n", []),
+ case erlang:get_cookie() of
+ monster ->
+ couch_log:info(
+ "~n%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%~n" ++
+ " Monster detected ohno!, aborting startup. ~n" ++
+ " Please change the Erlang cookie in vm.args to the same ~n" ++
+ " securely generated random value on all nodes of this cluster. ~n" ++
+ "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%~n",
+ []
+ ),
+ % Wait a second so the log message can make it to the log
+ timer:sleep(500),
+ erlang:halt(1);
+ _ ->
+ ok
+ end.
+
assert_admins() ->
couch_log:info("Preflight check: Asserting Admin Account~n", []),
case {config:get("admins"), os:getenv("COUCHDB_TEST_ADMIN_PARTY_OVERRIDE")} of