secure-installation will remove all users except root

arangodb · Jun 12, 2016 · ed01dce · ed01dce
1 parent 7b6ff09
commit ed01dce
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 12 deletions.
diff --git a/arangod/RestServer/InitDatabaseFeature.cpp b/arangod/RestServer/InitDatabaseFeature.cpp
@@ -34,8 +34,10 @@ using namespace arangodb::application_features;
 using namespace arangodb::basics;
 using namespace arangodb::options;
 
-InitDatabaseFeature::InitDatabaseFeature(ApplicationServer* server)
-    : ApplicationFeature(server, "InitDatabase") {
+InitDatabaseFeature::InitDatabaseFeature(ApplicationServer* server,
+    std::vector<std::string> const& nonServerFeatures)
+  : ApplicationFeature(server, "InitDatabase"),
+    _nonServerFeatures(nonServerFeatures) {
   setOptional(false);
   requiresElevatedPrivileges(false);
   startsAfter("Logger");
@@ -62,6 +64,10 @@ void InitDatabaseFeature::validateOptions(
     std::shared_ptr<ProgramOptions> options) {
   ProgramOptions::ProcessingResult const& result = options->processingResult();
   _seenPassword = result.touched("database.password");
+
+  if (_initDatabase || _restoreAdmin) {
+    ApplicationServer::forceDisableFeatures(_nonServerFeatures);
+  }
 }
 
 void InitDatabaseFeature::prepare() {

diff --git a/arangod/RestServer/InitDatabaseFeature.h b/arangod/RestServer/InitDatabaseFeature.h
@@ -29,7 +29,8 @@ namespace arangodb {
 class InitDatabaseFeature final
     : public application_features::ApplicationFeature {
  public:
-  explicit InitDatabaseFeature(application_features::ApplicationServer* server);
+  InitDatabaseFeature(application_features::ApplicationServer* server,
+                 std::vector<std::string> const& nonServerFeatures);
 
  public:
   std::string const& defaultPassword() const { return _password; }
@@ -52,6 +53,7 @@ class InitDatabaseFeature final
 
  private:
   bool _seenPassword = false;
+  std::vector<std::string> _nonServerFeatures;
 };
 }
 

diff --git a/arangod/RestServer/arangod.cpp b/arangod/RestServer/arangod.cpp
@@ -120,7 +120,7 @@ static int runServer(int argc, char** argv) {
   server.addFeature(new FileDescriptorsFeature(&server));
   server.addFeature(new FoxxQueuesFeature(&server));
   server.addFeature(new FrontendFeature(&server));
-  server.addFeature(new InitDatabaseFeature(&server));
+  server.addFeature(new InitDatabaseFeature(&server, nonServerFeatures));
   server.addFeature(new LanguageFeature(&server));
   server.addFeature(new LogfileManager(&server));
   server.addFeature(new LoggerBufferFeature(&server));

diff --git a/etc/arangodb3/arango-init-database.conf.in b/etc/arangodb3/arango-init-database.conf.in
@@ -1,4 +1,10 @@
 @include arangod
 
+[server]
+rest-server = false
+
+[log]
+level = error
+
 [database]
-init-database = true
+init-database = true
diff --git a/etc/arangodb3/arango-secure-installation.conf.in b/etc/arangodb3/arango-secure-installation.conf.in
@@ -1,4 +1,10 @@
 @include arangod
 
+[server]
+rest-server = false
+
+[log]
+level = error
+
 [database]
-restore-admin = true
+restore-admin = true
diff --git a/etc/relative/arango-init-database.conf b/etc/relative/arango-init-database.conf
@@ -3,5 +3,8 @@
 [server]
 rest-server = false
 
+[log]
+level = error
+
 [database]
 init-database = true
diff --git a/etc/relative/arango-secure-installation.conf b/etc/relative/arango-secure-installation.conf
@@ -1,4 +1,10 @@
 @include arangod
 
+[server]
+rest-server = false
+
+[log]
+level = error
+
 [database]
-restore-admin = true
+restore-admin = true
diff --git a/js/server/restore-admin-user.js b/js/server/restore-admin-user.js
@@ -28,12 +28,9 @@
   var args = global.UPGRADE_ARGS;
   delete global.UPGRADE_ARGS;
 
-  const users = require("@arangodb/users");
+  require("internal").db._users.truncate();
 
-  try {
-    users.remove("root");
-  } catch (e) {
-  }
+  const users = require("@arangodb/users");
 
   users.save("root", args.password, true);
   users.grantDatabase("root", "*", "rw");