Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error: function_clause on invalid DB security objects #1384

Closed
wohali opened this issue Jun 13, 2018 · 6 comments
Closed

error: function_clause on invalid DB security objects #1384

wohali opened this issue Jun 13, 2018 · 6 comments

Comments

@wohali
Copy link
Member

@wohali wohali commented Jun 13, 2018

Worked example with dev/run -n 1 (password is randomly generated):

$ curl -X PUT http://root:Amef8yjS@localhost:15984/abc/_security -d '{"admins":["admin"],"members":["role_a"]}'
{"error":"error","reason":"no_majority"}
$ curl -X PUT http://root:eubM+LeC@localhost:15984/abc/_security -d '{"members":["role_a"]}'
{"error":"error","reason":"no_majority"}

Logfile:

[error] 2018-06-13T16:50:50.479397Z node1@127.0.0.1 <0.3576.0> 3108587a16 Failed to set security object on {'node1@127.0.0.1',<<"shards/a0000000-bfffffff/abc.1528908305">>} :: {error,function_clause}
[error] 2018-06-13T16:50:50.479454Z node1@127.0.0.1 <0.3642.0> 3108587a16 rpc couch_db:set_security/2 function_clause [{couch_db,validate_names_and_roles,[[<<"role_a">>]],[{file,"src/couch_db.erl"},{line,594}]},{couch_db,validate_security_object,1,[{file,"src/couch_db.erl"},{line,590}]},{couch_db,set_security,2,[{file,"src/couch_db.erl"},{line,574}]},{fabric_rpc,with_db,3,[{file,"src/fabric_rpc.erl"},{line,289}]},{rexi_server,init_p,3,[{file,"src/rexi_server.erl"},{line,139}]}]                                                                              [error] 2018-06-13T16:50:50.479648Z node1@127.0.0.1 <0.3576.0> 3108587a16 Failed to set security object on {'node1@127.0.0.1',<<"shards/40000000-5fffffff/abc.1528908305">>} :: {error,function_clause}                                         [error] 2018-06-13T16:50:50.480220Z node1@127.0.0.1 <0.3647.0> 3108587a16 rpc couch_db:set_security/2 function_clause [{couch_db,validate_names_and_roles,[[<<"role_a">>]],[{file,"src/couch_db.erl"},{line,594}]},{couch_db,validate_security_object,1,[{file,"src/couch_db.erl"},{line,590}]},{couch_db,set_security,2,[{file,"src/couch_db.erl"},{line,574}]},{fabric_rpc,with_db,3,[{file,"src/fabric_rpc.erl"},{line,289}]},{rexi_server,init_p,3,[{file,"src/rexi_server.erl"},{line,139}]}]                                                                              [error] 2018-06-13T16:50:50.480371Z node1@127.0.0.1 <0.3646.0> 3108587a16 rpc couch_db:set_security/2 function_clause [{couch_db,validate_names_and_roles,[[<<"role_a">>]],[{file,"src/couch_db.erl"},{line,594}]},{couch_db,validate_security_object,1,[{file,"src/couch_db.erl"},{line,590}]},{couch_db,set_security,2,[{file,"src/couch_db.erl"},{line,574}]},{fabric_rpc,with_db,3,[{file,"src/fabric_rpc.erl"},{line,289}]},{rexi_server,init_p,3,[{file,"src/rexi_server.erl"},{line,139}]}]                                                                              [error] 2018-06-13T16:50:50.480506Z node1@127.0.0.1 <0.3576.0> 3108587a16 Failed to set security object on {'node1@127.0.0.1',<<"shards/e0000000-ffffffff/abc.1528908305">>} :: {error,function_clause}
[error] 2018-06-13T16:50:50.480645Z node1@127.0.0.1 <0.3576.0> 3108587a16 Failed to set security object on {'node1@127.0.0.1',<<"shards/c0000000-dfffffff/abc.1528908305">>} :: {error,function_clause}
[error] 2018-06-13T16:50:50.480700Z node1@127.0.0.1 <0.3644.0> 3108587a16 rpc couch_db:set_security/2 function_clause [{couch_db,validate_names_and_roles,[[<<"role_a">>]],[{file,"src/couch_db.erl"},{line,594}]},{couch_db,validate_security_object,1,[{file,"src/couch_db.erl"},{line,590}]},{couch_db,set_security,2,[{file,"src/couch_db.erl"},{line,574}]},{fabric_rpc,with_db,3,[{file,"src/fabric_rpc.erl"},{line,289}]},{rexi_server,init_p,3,[{file,"src/rexi_server.erl"},{line,139}]}]
[error] 2018-06-13T16:50:50.480812Z node1@127.0.0.1 <0.3576.0> 3108587a16 Failed to set security object on {'node1@127.0.0.1',<<"shards/80000000-9fffffff/abc.1528908305">>} :: {error,function_clause}
[notice] 2018-06-13T16:50:50.481502Z node1@127.0.0.1 <0.3576.0> 3108587a16 localhost:15984 127.0.0.1 undefined PUT /abc/_security?n=1 500 ok 53
@PatriciaHeimfarth
Copy link

@PatriciaHeimfarth PatriciaHeimfarth commented Jun 15, 2018

I would like to work on this problem!

@wohali
Copy link
Member Author

@wohali wohali commented Jun 17, 2018

Hi @PBeier ! Thanks for volunteering to help.

The function_clause error line above has the full stack trace:

[error] 2018-06-13T16:50:50.479454Z node1@127.0.0.1 <0.3642.0> 3108587a16 rpc couch_db:set_security/2 function_clause [{couch_db,validate_names_and_roles,[[<<"role_a">>]],[{file,"src/couch_db.erl"},{line,594}]},{couch_db,validate_security_object,1,[{file,"src/couch_db.erl"},{line,590}]},{couch_db,set_security,2,[{file,"src/couch_db.erl"},{line,574}]},{fabric_rpc,with_db,3,[{file,"src/fabric_rpc.erl"},{line,289}]},{rexi_server,init_p,3,[{file,"src/rexi_server.erl"},{line,139}]}]                                                                              [error] 2018-06-13T16:50:50.479648Z node1@127.0.0.1 <0.3576.0> 3108587a16 Failed to set security object on {'node1@127.0.0.1',<<"shards/40000000-5fffffff/abc.1528908305">>} :: {error,function_clause}                                         [error] 2018-06-13T16:50:50.480220Z node1@127.0.0.1 <0.3647.0> 3108587a16 rpc couch_db:set_security/2 function_clause [{couch_db,validate_names_and_roles,[[<<"role_a">>]],[{file,"src/couch_db.erl"},{line,594}]},{couch_db,validate_security_object,1,[{file,"src/couch_db.erl"},{line,590}]},{couch_db,set_security,2,[{file,"src/couch_db.erl"},{line,574}]},{fabric_rpc,with_db,3,[{file,"src/fabric_rpc.erl"},{line,289}]},{rexi_server,init_p,3,[{file,"src/rexi_server.erl"},{line,139}]}]                                                                              [error] 2018-06-13T16:50:50.480371Z node1@127.0.0.1 <0.3646.0> 3108587a16 rpc couch_db:set_security/2 function_clause [
{couch_db,validate_names_and_roles,[[<<"role_a">>]],[{file,"src/couch_db.erl"},{line,594}]},
{couch_db,validate_security_object,1,[{file,"src/couch_db.erl"},{line,590}]},
{couch_db,set_security,2,[{file,"src/couch_db.erl"},{line,574}]},
{fabric_rpc,with_db,3,[{file,"src/fabric_rpc.erl"},{line,289}]},
{rexi_server,init_p,3,[{file,"src/rexi_server.erl"},{line,139}]}]   

You'll need to add an additional guard in couch_db:validate_security_object/1 or couch_db:set_security/2 to deal with the fact that it's found an item inside of members or admins that isn't either "names" or "roles".

While you're at it, you should check that it correctly handles security objects that have top-level items that aren't admins or members.

See the documentation for what a security object should look like.

Then, I would add additional test cases to ensure that what you've done passes. This file is one possible place to start, but you could also put a test case in at the chttpd layer, which is higher level.

@PatriciaHeimfarth
Copy link

@PatriciaHeimfarth PatriciaHeimfarth commented Jun 20, 2018

Sorry, I can't find Visual Studio 2013 x64 Community Edition; only the x86 version ...

@jiangphcn
Copy link
Contributor

@jiangphcn jiangphcn commented Nov 22, 2018

@PBeier are you still working on this ticket? If not, @wenli200133 can help out as well.

@jiangphcn
Copy link
Contributor

@jiangphcn jiangphcn commented Nov 26, 2018

looks that there is no response from @PBeier. Assuming @wenli200133 can start with this task.

@wohali
Copy link
Member Author

@wohali wohali commented Nov 26, 2018

Thanks @jiangphcn , go ahead @wenli200133

jiangphcn added a commit to cloudant/couchdb that referenced this issue Dec 8, 2018
   -  fix function_clause error on invalid DB security objects
   when the request body of PUT db/_security endpoint is not
   a correct json format

Closes apache#1384
@jiangphcn jiangphcn closed this in fcb272e Dec 8, 2018
janl added a commit that referenced this issue Feb 7, 2019
   -  fix function_clause error on invalid DB security objects
   when the request body of PUT db/_security endpoint is not
   a correct json format

Closes #1384
janl added a commit that referenced this issue Feb 17, 2019
   -  fix function_clause error on invalid DB security objects
   when the request body of PUT db/_security endpoint is not
   a correct json format

Closes #1384
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants