Skip to content
Permalink
Browse files
Don't allow 'monster' as cookie value in debconf
  • Loading branch information
rnewson authored and nickva committed Apr 27, 2022
1 parent a622ebf commit 567bc663e7c8cf80e6c28d97d7535e5805f27dfc
Showing 4 changed files with 43 additions and 10 deletions.
@@ -249,7 +249,7 @@ In the very rare case you need to connect to the couchdb server, a remsh script
provided. You need to specify both the name of the server and the cookie, even if
you are using the default.
```bash
/snap/bin/couchdb.remsh -n couchdb@localhost -c monster
/snap/bin/couchdb.remsh -n couchdb@localhost -c $COOKIE
```
# Building this snap <a name="building"></a>

@@ -62,13 +62,29 @@ promptbind() {
done
}

promptcookie() {
while :; do
RET=""
db_input high couchdb/cookie || true
db_go
db_get couchdb/cookie
if [ -z "$RET" ]; then
db_input critical couchdb/no_cookie
db_fset couchdb/cookie seen false
elif [ "$RET" = "monster" ]; then
db_input critical couchdb/no_cookie_monsters
db_fset couchdb/cookie seen false
else
break
fi
done
}

# if they exist, make current settings debconf's defaults
if [ -e /opt/couchdb/etc/vm.args ] ; then
cookie="$(grep '^-setcookie' /opt/couchdb/etc/vm.args | cut -d ' ' -f 2 | stripwhitespace)"
nodename="$(grep '^-name' /opt/couchdb/etc/vm.args | cut -d ' ' -f 2 | stripwhitespace)"
if [ "${cookie}" != "monster" ]; then
db_set couchdb/cookie "${cookie}"
fi
db_set couchdb/cookie "${cookie}"
if [ "${nodename}" != "couchdb@127.0.0.1" ]; then
db_set couchdb/nodename "${nodename}"
fi
@@ -102,7 +118,7 @@ none)
;;
standalone)
db_fset couchdb/nodename seen false
db_fset couchdb/cookie seen false
promptcookie
promptbind w.x.y.z
# still prompt for password
promptpass
@@ -113,8 +129,7 @@ clustered)
fi
db_input high couchdb/nodename || true
db_go
db_input high couchdb/cookie || true
db_go
promptcookie
# do not allow binding to loopback in clustered mode
promptbind 127.0.0.1
promptpass
@@ -157,6 +157,17 @@ case $1 in
false
fi

# Set the cookie
db_get couchdb/cookie && cookie="$RET"

# change existing setcookie line if present
sed -i "s/^[# ]*-setcookie.*$/-setcookie ${cookie}/" /opt/couchdb/etc/vm.args

# add setcookie line if not present
if ! grep -q '^-setcookie' /opt/couchdb/etc/vm.args; then
echo "-setcookie ${cookie}" >> /opt/couchdb/etc/vm.args
fi

# set inet_dist_use_interface default if not present
if ! grep -q '^-kernel inet_dist_use_interface' /opt/couchdb/etc/vm.args; then
echo "-kernel inet_dist_use_interface '{127,0,0,1}'" >> /opt/couchdb/etc/vm.args
@@ -180,10 +191,8 @@ case $1 in
;;
clustered)
db_get couchdb/nodename && nodename="$RET"
db_get couchdb/cookie && cookie="$RET"

sed -i "s/^-name .*$/-name ${nodename}/" /opt/couchdb/etc/vm.args
sed -i "s/^-setcookie .*$/-setcookie ${cookie}/" /opt/couchdb/etc/vm.args

setbindaddress

@@ -37,7 +37,6 @@ _Description: CouchDB Erlang node name:

Template: couchdb/cookie
Type: string
Default: monster
_Description: CouchDB Erlang magic cookie:
A CouchDB node has an Erlang magic cookie value set at startup.
.
@@ -104,3 +103,13 @@ _Description: Remove all CouchDB databases?
The /var/lib/couchdb directory containing all CouchDB databases will
be removed. This will also clear the stored node name for this machine,
and remove the couchdb user and group.

Template: couchdb/no_cookie_monsters
Type: error
_Description: Cookie input error
The Erlang cookie cannot be set to 'monster'. Please try again.

Template: couchdb/no_cookie
Type: error
_Description: Cookie input error
The Erlang cookie cannot be empty. Please try again.

0 comments on commit 567bc66

Please sign in to comment.