func (this *cbConfigStore) Authorize(credentials map[string]string, privileges []clustering.Privilege) errors.Error { if len(credentials) == 0 { return errors.NewAdminAuthError(nil, "no credentials provided") } for username, password := range credentials { auth, err := cbauth.Auth(username, password) if err != nil { return errors.NewAdminAuthError(err, "") } for _, requested := range privileges { switch requested { case clustering.PRIV_SYS_ADMIN: isAdmin, err := auth.IsAdmin() if err != nil { return errors.NewAdminAuthError(err, "") } if isAdmin { return nil } return errors.NewAdminAuthError(nil, "sys admin requires administrator credentials") case clustering.PRIV_READ: if auth.CanReadAnyMetadata() { return nil } return errors.NewAdminAuthError(nil, "read not authorized") } } } return errors.NewAdminAuthError(nil, "unrecognized authorization request") }
func doAuth(username, password, bucket string, requested datastore.Privilege) (bool, error) { logging.Debugf(" Authenticating for bucket %s username %s password %s", bucket, username, password) creds, err := cbauth.Auth(username, password) if err != nil { return false, err } if requested == datastore.PRIV_DDL { authResult, err := creds.CanDDLBucket(bucket) if err != nil || authResult == false { return false, err } } else if requested == datastore.PRIV_WRITE { authResult, err := creds.CanAccessBucket(bucket) if err != nil || authResult == false { return false, err } } else if requested == datastore.PRIV_READ { authResult, err := creds.CanReadBucket(bucket) if err != nil || authResult == false { return false, err } } else { return false, fmt.Errorf("Invalid Privileges") } return true, nil }
func main() { flag.Parse() /* NOTE. This example requires the following environment variables to be set. CBAUTH_REVRPC_URL e.g CBAUTH_REVRPC_URL="http://*****:*****@127.0.0.1:9000/_cbauth" */ url, err := url.Parse(*serverURL) if err != nil { log.Printf("Failed to parse url %v", err) return } hostPort := url.Host user, bucket_password, err := cbauth.GetHTTPServiceAuth(hostPort) if err != nil { log.Printf("Failed %v", err) return } log.Printf(" HTTP Servce username %s password %s", user, bucket_password) client, err := couchbase.ConnectWithAuthCreds(*serverURL, user, bucket_password) if err != nil { log.Printf("Connect failed %v", err) return } cbpool, err := client.GetPool("default") if err != nil { log.Printf("Failed to connect to default pool %v", err) return } mUser, mPassword, err := cbauth.GetMemcachedServiceAuth(hostPort) if err != nil { log.Printf(" failed %v", err) return } var cbbucket *couchbase.Bucket cbbucket, err = cbpool.GetBucketWithAuth(*bucketName, mUser, mPassword) if err != nil { log.Printf("Failed to connect to bucket %v", err) return } log.Printf(" Bucket name %s Bucket %v", *bucketName, cbbucket) err = cbbucket.Set("k1", 5, "value") if err != nil { log.Printf("set failed error %v", err) return } if *authUser != "" { creds, err := cbauth.Auth(*authUser, *authPswd) if err != nil { log.Printf(" failed %v", err) return } permission := fmt.Sprintf("cluster.bucket[%s].data!read", *bucketName) canAccess, err := creds.IsAllowed(permission) if err != nil { log.Printf(" error %v checking permission %v", err, permission) } else { log.Printf(" result of checking permission %v : %v", permission, canAccess) } } }
func main() { flag.Parse() /* NOTE. This example requires the following environment variables to be set. NS_SERVER_CBAUTH_URL NS_SERVER_CBAUTH_USER NS_SERVER_CBAUTH_PWD e.g NS_SERVER_CBAUTH_URL="http://localhost:9000/_cbauth" NS_SERVER_CBAUTH_USER="******" NS_SERVER_CBAUTH_PWD="asdasd" */ url, err := url.Parse(*serverURL) if err != nil { log.Printf("Failed to parse url %v", err) return } hostPort := url.Host user, bucket_password, err := cbauth.GetHTTPServiceAuth(hostPort) if err != nil { log.Printf("Failed %v", err) return } log.Printf(" HTTP Servce username %s password %s", user, bucket_password) client, err := couchbase.ConnectWithAuthCreds(*serverURL, user, bucket_password) if err != nil { log.Printf("Connect failed %v", err) return } cbpool, err := client.GetPool("default") if err != nil { log.Printf("Failed to connect to default pool %v", err) return } mUser, mPassword, err := cbauth.GetMemcachedServiceAuth(hostPort) if err != nil { log.Printf(" failed %v", err) return } var cbbucket *couchbase.Bucket cbbucket, err = cbpool.GetBucketWithAuth(*bucketName, mUser, mPassword) if err != nil { log.Printf("Failed to connect to bucket %v", err) return } log.Printf(" Bucket name %s Bucket %v", *bucketName, cbbucket) err = cbbucket.Set("k1", 5, "value") if err != nil { log.Printf("set failed error %v", err) return } if *authUser != "" { creds, err := cbauth.Auth(*authUser, *authPswd) if err != nil { log.Printf(" failed %v", err) return } canAccess, err := creds.CanAccessBucket(*bucketName) if err != nil { log.Printf(" can't access bucket %v", err) } log.Printf(" results canaccess %v bucket %v", canAccess, *bucketName) canRead, err := creds.CanReadBucket(*bucketName) if err != nil { log.Printf(" can't read bucket %v", err) } log.Printf(" results canread %v bucket %v", canRead, *bucketName) canDDL, err := creds.CanDDLBucket(*bucketName) if err != nil { log.Printf(" can't DDL bucket %v", err) } log.Printf(" results canDDL %v bucket %v", canDDL, *bucketName) } }