You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ro...@apache.org on 2022/10/24 19:04:46 UTC
[couchdb] 01/01: Implement global admin password hasher process
This is an automated email from the ASF dual-hosted git repository.
ronny pushed a commit to branch couch_password_server
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 9589ac48da3c9aa044d060c8148142b87fb046c4
Author: Ronny Berndt <ro...@apache.org>
AuthorDate: Mon Oct 24 21:04:27 2022 +0200
Implement global admin password hasher process
---
src/couch/src/couch_password_server.erl | 75 +++++++++++++++++++++++++++++++++
src/couch/src/couch_server.erl | 18 ++------
src/couch/src/couch_sup.erl | 6 +++
3 files changed, 85 insertions(+), 14 deletions(-)
diff --git a/src/couch/src/couch_password_server.erl b/src/couch/src/couch_password_server.erl
new file mode 100644
index 000000000..2dfc1c3a8
--- /dev/null
+++ b/src/couch/src/couch_password_server.erl
@@ -0,0 +1,75 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+% http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(couch_password_server).
+
+-behaviour(gen_server).
+
+-include_lib("couch/include/couch_db.hrl").
+
+-export([start_link/0]).
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2, terminate/2,
+ code_change/3]).
+
+-export([hash/0]).
+
+-record(state, {}).
+
+%%%===================================================================
+%%% Public functions
+%%%===================================================================
+
+hash() ->
+ gen_server:call(?MODULE, {hash_passwords}).
+
+%%%===================================================================
+%%% Spawning and gen_server implementation
+%%%===================================================================
+
+start_link() ->
+ gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+init(_Args) ->
+ {ok, #state{}}.
+
+handle_call({hash_passwords}, _From, _State) ->
+ hash_admin_passwords();
+handle_call(_Request, _From, State = #state{}) ->
+ {reply, ok, State}.
+
+handle_cast(_Request, State = #state{}) ->
+ {noreply, State}.
+
+handle_info(_Info, State = #state{}) ->
+ {noreply, State}.
+
+terminate(_Reason, _State = #state{}) ->
+ ok.
+
+code_change(_OldVsn, State = #state{}, _Extra) ->
+ {ok, State}.
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
+
+hash_admin_passwords() ->
+ hash_admin_passwords(true).
+
+hash_admin_passwords(Persist) ->
+ lists:foreach(
+ fun({User, ClearPassword}) ->
+ HashedPassword = couch_passwords:hash_admin_password(ClearPassword),
+ config:set("admins", User, ?b2l(HashedPassword), Persist)
+ end,
+ couch_passwords:get_unhashed_admins()
+ ).
\ No newline at end of file
diff --git a/src/couch/src/couch_server.erl b/src/couch/src/couch_server.erl
index 4cb858295..9e030b217 100644
--- a/src/couch/src/couch_server.erl
+++ b/src/couch/src/couch_server.erl
@@ -253,18 +253,6 @@ is_admin(User, ClearPwd) ->
has_admins() ->
config:get("admins") /= [].
-hash_admin_passwords() ->
- hash_admin_passwords(true).
-
-hash_admin_passwords(Persist) ->
- lists:foreach(
- fun({User, ClearPassword}) ->
- HashedPassword = couch_passwords:hash_admin_password(ClearPassword),
- config:set("admins", User, ?b2l(HashedPassword), Persist)
- end,
- couch_passwords:get_unhashed_admins()
- ).
-
close_db_if_idle(DbName) ->
case ets:lookup(couch_dbs(DbName), DbName) of
[#entry{}] ->
@@ -310,7 +298,8 @@ init([N]) ->
),
ok = config:listen_for_changes(?MODULE, N),
ok = couch_file:init_delete_dir(RootDir),
- hash_admin_passwords(),
+ % hash_admin_passwords(),
+ couch_password_server:hash(),
ets:new(couch_dbs(N), [
set,
protected,
@@ -381,7 +370,8 @@ handle_config_change("couchdb_engines", _, _, _, N) ->
{ok, N};
handle_config_change("admins", _, _, Persist, N) ->
% spawn here so couch event manager doesn't deadlock
- spawn(fun() -> hash_admin_passwords(Persist) end),
+ % spawn(fun() -> couch_passwords_hasher:hash_admin_passwords(Persist) end),
+ couch_password_server:hash(),
{ok, N};
handle_config_change("httpd", "authentication_handlers", _, _, N) ->
couch_httpd:stop(),
diff --git a/src/couch/src/couch_sup.erl b/src/couch/src/couch_sup.erl
index f13bc9917..abb7d7eae 100644
--- a/src/couch/src/couch_sup.erl
+++ b/src/couch/src/couch_sup.erl
@@ -28,6 +28,7 @@ start_link() ->
assert_no_monsters(),
assert_admins(),
maybe_launch_admin_annoyance_reporter(),
+ start_password_server(),
write_pidfile(),
notify_starting(),
@@ -168,3 +169,8 @@ write_file(FileName, Contents) ->
couch_log:error("Failed ot write ~s :: ~s", Args),
throw({error, Reason})
end.
+
+start_password_server() ->
+ couch_log:info("Password Server Process is starting.~n", []),
+ couch_password_server:start_link(),
+ ok.
\ No newline at end of file