You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ro...@apache.org on 2022/10/24 19:04:46 UTC

[couchdb] 01/01: Implement global admin password hasher process

This is an automated email from the ASF dual-hosted git repository.

ronny pushed a commit to branch couch_password_server
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 9589ac48da3c9aa044d060c8148142b87fb046c4
Author: Ronny Berndt <ro...@apache.org>
AuthorDate: Mon Oct 24 21:04:27 2022 +0200

    Implement global admin password hasher process
---
 src/couch/src/couch_password_server.erl | 75 +++++++++++++++++++++++++++++++++
 src/couch/src/couch_server.erl          | 18 ++------
 src/couch/src/couch_sup.erl             |  6 +++
 3 files changed, 85 insertions(+), 14 deletions(-)

diff --git a/src/couch/src/couch_password_server.erl b/src/couch/src/couch_password_server.erl
new file mode 100644
index 000000000..2dfc1c3a8
--- /dev/null
+++ b/src/couch/src/couch_password_server.erl
@@ -0,0 +1,75 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+%   http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(couch_password_server).
+
+-behaviour(gen_server).
+
+-include_lib("couch/include/couch_db.hrl").
+
+-export([start_link/0]).
+-export([init/1, handle_call/3, handle_cast/2, handle_info/2, terminate/2,
+  code_change/3]).
+
+-export([hash/0]).
+
+-record(state, {}).
+
+%%%===================================================================
+%%% Public functions
+%%%===================================================================
+
+hash() ->
+  gen_server:call(?MODULE, {hash_passwords}).
+
+%%%===================================================================
+%%% Spawning and gen_server implementation
+%%%===================================================================
+
+start_link() ->
+  gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+init(_Args) ->
+  {ok, #state{}}.
+
+handle_call({hash_passwords}, _From, _State) ->
+  hash_admin_passwords();
+handle_call(_Request, _From, State = #state{}) ->
+  {reply, ok, State}.
+
+handle_cast(_Request, State = #state{}) ->
+  {noreply, State}.
+
+handle_info(_Info, State = #state{}) ->
+  {noreply, State}.
+
+terminate(_Reason, _State = #state{}) ->
+  ok.
+
+code_change(_OldVsn, State = #state{}, _Extra) ->
+  {ok, State}.
+
+%%%===================================================================
+%%% Internal functions
+%%%===================================================================
+
+hash_admin_passwords() ->
+  hash_admin_passwords(true).
+
+hash_admin_passwords(Persist) ->
+  lists:foreach(
+    fun({User, ClearPassword}) ->
+      HashedPassword = couch_passwords:hash_admin_password(ClearPassword),
+      config:set("admins", User, ?b2l(HashedPassword), Persist)
+    end,
+    couch_passwords:get_unhashed_admins()
+  ).
\ No newline at end of file
diff --git a/src/couch/src/couch_server.erl b/src/couch/src/couch_server.erl
index 4cb858295..9e030b217 100644
--- a/src/couch/src/couch_server.erl
+++ b/src/couch/src/couch_server.erl
@@ -253,18 +253,6 @@ is_admin(User, ClearPwd) ->
 has_admins() ->
     config:get("admins") /= [].
 
-hash_admin_passwords() ->
-    hash_admin_passwords(true).
-
-hash_admin_passwords(Persist) ->
-    lists:foreach(
-        fun({User, ClearPassword}) ->
-            HashedPassword = couch_passwords:hash_admin_password(ClearPassword),
-            config:set("admins", User, ?b2l(HashedPassword), Persist)
-        end,
-        couch_passwords:get_unhashed_admins()
-    ).
-
 close_db_if_idle(DbName) ->
     case ets:lookup(couch_dbs(DbName), DbName) of
         [#entry{}] ->
@@ -310,7 +298,8 @@ init([N]) ->
     ),
     ok = config:listen_for_changes(?MODULE, N),
     ok = couch_file:init_delete_dir(RootDir),
-    hash_admin_passwords(),
+    % hash_admin_passwords(),
+    couch_password_server:hash(),
     ets:new(couch_dbs(N), [
         set,
         protected,
@@ -381,7 +370,8 @@ handle_config_change("couchdb_engines", _, _, _, N) ->
     {ok, N};
 handle_config_change("admins", _, _, Persist, N) ->
     % spawn here so couch event manager doesn't deadlock
-    spawn(fun() -> hash_admin_passwords(Persist) end),
+    % spawn(fun() -> couch_passwords_hasher:hash_admin_passwords(Persist) end),
+    couch_password_server:hash(),
     {ok, N};
 handle_config_change("httpd", "authentication_handlers", _, _, N) ->
     couch_httpd:stop(),
diff --git a/src/couch/src/couch_sup.erl b/src/couch/src/couch_sup.erl
index f13bc9917..abb7d7eae 100644
--- a/src/couch/src/couch_sup.erl
+++ b/src/couch/src/couch_sup.erl
@@ -28,6 +28,7 @@ start_link() ->
     assert_no_monsters(),
     assert_admins(),
     maybe_launch_admin_annoyance_reporter(),
+    start_password_server(),
     write_pidfile(),
     notify_starting(),
 
@@ -168,3 +169,8 @@ write_file(FileName, Contents) ->
             couch_log:error("Failed ot write ~s :: ~s", Args),
             throw({error, Reason})
     end.
+
+start_password_server() ->
+    couch_log:info("Password Server Process is starting.~n", []),
+    couch_password_server:start_link(),
+    ok.
\ No newline at end of file