Dave Cottlehuber created COUCHDB-2299:
-----------------------------------------
Summary: admin users are unable to login after upgrading to 1.6.0
when older password hashes are used
Key: COUCHDB-2299
URL: https://issues.apache.org/jira/browse/COUCHDB-2299
Project: CouchDB
Issue Type: Bug
Security Level: public (Regular issues)
Components: Database Core
Reporter: Dave Cottlehuber
# issue
When a couch is upgraded to 1.6.0, and the config files contain an [admins]
section with non-PBKDF2 hashed passwords (old-style < 1.3.1) then couchdb will
not let those admin users login.
# reproduce
- install 1.2.1 through 1.5.1 (tested those + 1.3.1 + 1.6.1-rc.3)
- create a new admin user via futon
- remove old binaries etc `rm -rf bin share lib`
- only dbs and .ini files remain (apart from log uri etc)
- install 1.6.0 (or 1-rc.3 with the fix for the raw/unhashed password fix)
- try to log in using admin via futon
{code}
2> [debug] [<0.146.0>] 'POST' /_session {1,1} from "94.136.7.161"
Headers: [{'Accept',"application/json"},
{'Accept-Encoding',"gzip,deflate"},
{'Accept-Language',"en-US,en;q=0.8,de;q=0.6"},
{'Connection',"keep-alive"},
{'Content-Length',"25"},
{'Content-Type',"application/x-www-form-urlencoded; charset=UTF-8"},
{'Cookie',"AuthSession="},
{"Dnt","1"},
{'Host',"130.211.98.121:5984"},
{"Origin","http://130.211.98.121:5984"},
{'Referer',"http://130.211.98.121:5984/_utils/"},
{'User-Agent',"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2129.0 Safari/537.36"},
{"X-Requested-With","XMLHttpRequest"}]
[debug] [<0.146.0>] OAuth Params: []
[debug] [<0.146.0>] Attempt Login: admin
[debug] [<0.117.0>] DDocProc found for DDocKey: {<<"_design/_auth">>,
<<"2-7837bd4a550c1a65ac96c258e83d8b8c">>}
[debug] [<0.171.0>] OS Process #Port<0.3041> Input ::
["reset",{"reduce_limit":true,"timeout":5000}]
[debug] [<0.171.0>] OS Process #Port<0.3041> Output :: true
[debug] [<0.171.0>] OS Process #Port<0.3041> Input :: ["ddoc","_design/_auth",
["validate_doc_update"],
[{"_id":"",
"password_scheme":"pbkdf2",
"iterations":10,"roles":["_admin"],
"salt":"a755d787383cdc147808a3ce2326479e",
"password_scheme":"simple",
"derived_key":"77bc076166db06fd940540ea7dc9d181e7e44741",
"_revisions":{"start":0,"ids":[]}},
null,
{"db":"_users","name":null,"roles":["_admin"]},{}]]
[debug] [<0.171.0>] OS Process #Port<0.3041> Output :: {"forbidden":"doc.type
must be user"}
[debug] [<0.146.0>] Minor error in HTTP request: {forbidden,
<<"doc.type must be user">>}
[debug] [<0.146.0>] Stacktrace: [{couch_db,update_doc,4,
[{file,"couch_db.erl"},{line,432}]},
{couch_httpd_auth,
'-maybe_upgrade_password_hash/3-fun-0-',
4,
[{file,"couch_httpd_auth.erl"},
{line,355}]},
{couch_util,with_db,2,
[{file,"couch_util.erl"},{line,443}]},
{couch_httpd_auth,handle_session_req,1,
[{file,"couch_httpd_auth.erl"},
{line,275}]},
{couch_httpd,handle_request_int,5,
[{file,"couch_httpd.erl"},{line,318}]},
{mochiweb_http,headers,5,
[{file,"mochiweb_http.erl"},{line,94}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,227}]}]
[info] [<0.146.0>] 94.136.7.161 - - POST /_session 403
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
