Mike Wallace created COUCHDB-2325:
-------------------------------------
Summary: fabric:get_security/2 can return security objects from
nodes that are in maintenance mode
Key: COUCHDB-2325
URL: https://issues.apache.org/jira/browse/COUCHDB-2325
Project: CouchDB
Issue Type: Bug
Security Level: public (Regular issues)
Components: BigCouch
Reporter: Mike Wallace
Currently, fabric:get_security/2 calls fabric_util:get_db/2 and if the node
servicing a request does not have a shard for the db then fabric_util:get_db/2
can return a shard from a node which is in maintenance mode.
If that node is a replacement node that has not yet been brought into the
cluster then the security object will be empty. Because fabric:get_security/2
is in the code path for authorizing requests at the HTTP layer this can result
in live nodes returning 403s. I have verified that this issue exists even
though cassim now handles authorization (cassim eventually makes the same call
to fabric:get_security/2).
The crux of the problem is that the algorithm used by fabric_util:get_db/2
doesn't account for the possibility of nodes being in maintenance mode.
See https://gist.github.com/mikewallace1979/8d01bb8661a50762bfc3 for the steps
to reproduce locally.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
