Example #1
0
func (this *cbConfigStore) Authorize(credentials map[string]string, privileges []clustering.Privilege) errors.Error {

	if len(credentials) == 0 {
		return errors.NewAdminAuthError(nil, "no credentials provided")
	}

	for username, password := range credentials {
		auth, err := cbauth.Auth(username, password)
		if err != nil {
			return errors.NewAdminAuthError(err, "")
		}
		for _, requested := range privileges {
			switch requested {
			case clustering.PRIV_SYS_ADMIN:
				isAdmin, err := auth.IsAdmin()
				if err != nil {
					return errors.NewAdminAuthError(err, "")
				}
				if isAdmin {
					return nil
				}
				return errors.NewAdminAuthError(nil, "sys admin requires administrator credentials")
			case clustering.PRIV_READ:
				if auth.CanReadAnyMetadata() {
					return nil
				}
				return errors.NewAdminAuthError(nil, "read not authorized")
			}
		}
	}
	return errors.NewAdminAuthError(nil, "unrecognized authorization request")
}
Example #2
0
func doAuth(username, password, bucket string, requested datastore.Privilege) (bool, error) {

	logging.Debugf(" Authenticating for bucket %s username %s password %s", bucket, username, password)
	creds, err := cbauth.Auth(username, password)
	if err != nil {
		return false, err
	}

	if requested == datastore.PRIV_DDL {
		authResult, err := creds.CanDDLBucket(bucket)
		if err != nil || authResult == false {
			return false, err
		}

	} else if requested == datastore.PRIV_WRITE {
		authResult, err := creds.CanAccessBucket(bucket)
		if err != nil || authResult == false {
			return false, err
		}

	} else if requested == datastore.PRIV_READ {
		authResult, err := creds.CanReadBucket(bucket)
		if err != nil || authResult == false {
			return false, err
		}

	} else {
		return false, fmt.Errorf("Invalid Privileges")
	}

	return true, nil

}
Example #3
0
func main() {

	flag.Parse()
	/*
	   NOTE. This example requires the following environment variables to be set.

	   CBAUTH_REVRPC_URL

	   e.g

	   CBAUTH_REVRPC_URL="http://*****:*****@127.0.0.1:9000/_cbauth"

	*/

	url, err := url.Parse(*serverURL)
	if err != nil {
		log.Printf("Failed to parse url %v", err)
		return
	}

	hostPort := url.Host

	user, bucket_password, err := cbauth.GetHTTPServiceAuth(hostPort)
	if err != nil {
		log.Printf("Failed %v", err)
		return
	}

	log.Printf(" HTTP Servce username %s password %s", user, bucket_password)

	client, err := couchbase.ConnectWithAuthCreds(*serverURL, user, bucket_password)
	if err != nil {
		log.Printf("Connect failed %v", err)
		return
	}

	cbpool, err := client.GetPool("default")
	if err != nil {
		log.Printf("Failed to connect to default pool %v", err)
		return
	}

	mUser, mPassword, err := cbauth.GetMemcachedServiceAuth(hostPort)
	if err != nil {
		log.Printf(" failed %v", err)
		return
	}

	var cbbucket *couchbase.Bucket
	cbbucket, err = cbpool.GetBucketWithAuth(*bucketName, mUser, mPassword)

	if err != nil {
		log.Printf("Failed to connect to bucket %v", err)
		return
	}

	log.Printf(" Bucket name %s Bucket %v", *bucketName, cbbucket)

	err = cbbucket.Set("k1", 5, "value")
	if err != nil {
		log.Printf("set failed error %v", err)
		return
	}

	if *authUser != "" {
		creds, err := cbauth.Auth(*authUser, *authPswd)
		if err != nil {
			log.Printf(" failed %v", err)
			return
		}

		permission := fmt.Sprintf("cluster.bucket[%s].data!read", *bucketName)
		canAccess, err := creds.IsAllowed(permission)
		if err != nil {
			log.Printf(" error %v checking permission %v", err, permission)
		} else {
			log.Printf(" result of checking permission %v : %v", permission, canAccess)
		}
	}

}
Example #4
0
func main() {

	flag.Parse()
	/*
	   NOTE. This example requires the following environment variables to be set.

	   NS_SERVER_CBAUTH_URL
	   NS_SERVER_CBAUTH_USER
	   NS_SERVER_CBAUTH_PWD

	   e.g

	   NS_SERVER_CBAUTH_URL="http://localhost:9000/_cbauth"
	   NS_SERVER_CBAUTH_USER="******"
	   NS_SERVER_CBAUTH_PWD="asdasd"

	*/

	url, err := url.Parse(*serverURL)
	if err != nil {
		log.Printf("Failed to parse url %v", err)
		return
	}

	hostPort := url.Host

	user, bucket_password, err := cbauth.GetHTTPServiceAuth(hostPort)
	if err != nil {
		log.Printf("Failed %v", err)
		return
	}

	log.Printf(" HTTP Servce username %s password %s", user, bucket_password)

	client, err := couchbase.ConnectWithAuthCreds(*serverURL, user, bucket_password)
	if err != nil {
		log.Printf("Connect failed %v", err)
		return
	}

	cbpool, err := client.GetPool("default")
	if err != nil {
		log.Printf("Failed to connect to default pool %v", err)
		return
	}

	mUser, mPassword, err := cbauth.GetMemcachedServiceAuth(hostPort)
	if err != nil {
		log.Printf(" failed %v", err)
		return
	}

	var cbbucket *couchbase.Bucket
	cbbucket, err = cbpool.GetBucketWithAuth(*bucketName, mUser, mPassword)

	if err != nil {
		log.Printf("Failed to connect to bucket %v", err)
		return
	}

	log.Printf(" Bucket name %s Bucket %v", *bucketName, cbbucket)

	err = cbbucket.Set("k1", 5, "value")
	if err != nil {
		log.Printf("set failed error %v", err)
		return
	}

	if *authUser != "" {
		creds, err := cbauth.Auth(*authUser, *authPswd)
		if err != nil {
			log.Printf(" failed %v", err)
			return
		}

		canAccess, err := creds.CanAccessBucket(*bucketName)
		if err != nil {
			log.Printf(" can't access bucket %v", err)
		}

		log.Printf(" results canaccess %v bucket %v", canAccess, *bucketName)

		canRead, err := creds.CanReadBucket(*bucketName)
		if err != nil {
			log.Printf(" can't read bucket %v", err)
		}

		log.Printf(" results canread %v bucket %v", canRead, *bucketName)

		canDDL, err := creds.CanDDLBucket(*bucketName)
		if err != nil {
			log.Printf(" can't DDL bucket %v", err)
		}

		log.Printf(" results canDDL %v bucket %v", canDDL, *bucketName)
	}

}