History log of /6.0.3/kv_engine/include/memcached/rbac/privileges.h (Results 1 - 17 of 17)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: v7.0.2, v6.6.3, v7.0.1, v7.0.0, v6.6.2, v6.5.2, v6.6.1, v6.0.5, v6.6.0, v6.5.1, v6.0.4, v6.5.0, v6.0.3, v5.5.4, v5.5.5, v5.5.6, v6.0.1, v5.5.3, v6.0.0, v5.1.3, v5.5.2, v5.5.1, v5.1.2, v5.1.1, v5.0.1, v5.1.0, v5.0.0
# 21daf083 14-Jun-2017 Trond Norbye <trond.norbye@gmail.com>

MB-24854: Revert "MB-20940: Remove TAP privilege"

This reverts commit 45e4b178ae8c50629ad3c75be725cc0076bf6f01.

Change-Id: I4970af09c9b9bde59ebe4a6bc7f281b48f01fc0f
Reviewed-on:

MB-24854: Revert "MB-20940: Remove TAP privilege"

This reverts commit 45e4b178ae8c50629ad3c75be725cc0076bf6f01.

Change-Id: I4970af09c9b9bde59ebe4a6bc7f281b48f01fc0f
Reviewed-on: http://review.couchbase.org/79509
Reviewed-by: Will Gardner <willg@rdner.io>
Tested-by: Build Bot <build@couchbase.com>

show more ...


# 45e4b178 08-Jun-2017 Trond Norbye <trond.norbye@gmail.com>

MB-20940: Remove TAP privilege

Change-Id: I56fa78e09f4168ee80fa6552816b285999784286
Reviewed-on: http://review.couchbase.org/79231
Reviewed-by: Dave Rigby <daver@couchbase.com>
T

MB-20940: Remove TAP privilege

Change-Id: I56fa78e09f4168ee80fa6552816b285999784286
Reviewed-on: http://review.couchbase.org/79231
Reviewed-by: Dave Rigby <daver@couchbase.com>
Tested-by: Build Bot <build@couchbase.com>

show more ...


# ef8e4d7c 08-Jun-2017 Trond Norbye <trond.norbye@gmail.com>

MB-24684: Remove Write privilege

The privilege is split into Insert, Upsert and Delete and
ns_server is providing the new privileges in the config.

Change-Id: Ie1df52d252d18d79f

MB-24684: Remove Write privilege

The privilege is split into Insert, Upsert and Delete and
ns_server is providing the new privileges in the config.

Change-Id: Ie1df52d252d18d79f6e9e4a545d50d9a12bbfae1
Reviewed-on: http://review.couchbase.org/79226
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>

show more ...


# 60db1a8e 07-Jun-2017 Trond Norbye <trond.norbye@gmail.com>

MB-24684: Split write privilege into insert,delete,upsert

This patch split the privilege Write into more fine grained
privileges:

* Insert - Allows for creating documents by

MB-24684: Split write privilege into insert,delete,upsert

This patch split the privilege Write into more fine grained
privileges:

* Insert - Allows for creating documents by using Add
* Delete - Allows for deleting documents
* Upsert - Allows for creating and modifying documents

Change-Id: I4a76b038ec46cb045b7b242c8b7e0a55fc99feea
Reviewed-on: http://review.couchbase.org/79185
Reviewed-by: Dave Rigby <daver@couchbase.com>
Tested-by: Build Bot <build@couchbase.com>

show more ...


Revision tags: v4.6.2_ep, v4.6.2_mc, v4.6.1_ep
# 3fea81cf 24-Feb-2017 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Add SecurityManagement privilege

And move some of the internal privileges from one category
to another. The change is invisible from the current role
setup (but they may be

MB-19339: Add SecurityManagement privilege

And move some of the internal privileges from one category
to another. The change is invisible from the current role
setup (but they may be split in a later patch so it is
better to use the correct privilege from day 1)

Change-Id: Ibd689ee59e606cea6085fe1e518bf94f39508ee2
Reviewed-on: http://review.couchbase.org/74251
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>

show more ...


# 15d2bb8d 24-Feb-2017 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Add RBAC to TAP

Given that TAP is deprecated we don't separate between consumer
or producer.

Change-Id: Ic0e27d83040cfce7c6f7b1ca60a9c670e9a7b7ee
Reviewed-on: http

MB-19339: Add RBAC to TAP

Given that TAP is deprecated we don't separate between consumer
or producer.

Change-Id: Ic0e27d83040cfce7c6f7b1ca60a9c670e9a7b7ee
Reviewed-on: http://review.couchbase.org/74243
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: David Haikney <david.haikney@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>

show more ...


# 1b1e9d9e 21-Feb-2017 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Add RBAC check for XATTR

According to the XATTR spec a connection needs XattrRead in
order to read a user xattr, and SystemXattrRead to read
a system attribute. XattrWrite

MB-19339: Add RBAC check for XATTR

According to the XATTR spec a connection needs XattrRead in
order to read a user xattr, and SystemXattrRead to read
a system attribute. XattrWrite and SystemXattrWrite is
used to allow modifications to user and system attributes.

Change-Id: I393112ff69f881eb98afb6bfb285d8810df859b6
Reviewed-on: http://review.couchbase.org/73807
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Daniel Owen <owend@couchbase.com>

show more ...


# ebcb634d 15-Feb-2017 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Add to_string(PrivilegeAccess)

Change-Id: I48cae3e9e46746d113675c01a205bf372f1cf1f1
Reviewed-on: http://review.couchbase.org/73697
Tested-by: Build Bot <build@couchbase.com

MB-19339: Add to_string(PrivilegeAccess)

Change-Id: I48cae3e9e46746d113675c01a205bf372f1cf1f1
Reviewed-on: http://review.couchbase.org/73697
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Daniel Owen <owend@couchbase.com>

show more ...


# c5efff7b 10-Feb-2017 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Refactor, build rbac as a separate library

Build the RBAC module as a separate module to avoid building
the source files multiple times (in the core and the tests)

Cha

MB-19339: Refactor, build rbac as a separate library

Build the RBAC module as a separate module to avoid building
the source files multiple times (in the core and the tests)

Change-Id: Ie5ae6934ad204fd2e2c4e57d34a3f82e76a6a1dd
Reviewed-on: http://review.couchbase.org/73505
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>

show more ...


# f84289c4 06-Feb-2017 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Add privilege database in memcached

This is the initial step of adding RBAC to memcached. It adds the
basic datastructures to be used by memcached. It is currently
not hook

MB-19339: Add privilege database in memcached

This is the initial step of adding RBAC to memcached. It adds the
basic datastructures to be used by memcached. It is currently
not hooked into the system, but added as separate patches ot make
it easier to review.

Change-Id: Iba5e82f98179f85184f92c89ae6bde90d39a55be
Reviewed-on: http://review.couchbase.org/73185
Reviewed-by: Dave Rigby <daver@couchbase.com>
Tested-by: Build Bot <build@couchbase.com>

show more ...


# 25d9af73 06-Feb-2017 Trond Norbye <trond.norbye@gmail.com>

Refactor: Move privilege stuff to cb::rbac

Change-Id: I83c092c7dd6956f9496dfbe08c86ce4e1b835327
Reviewed-on: http://review.couchbase.org/73183
Tested-by: Build Bot <build@couchbase.c

Refactor: Move privilege stuff to cb::rbac

Change-Id: I83c092c7dd6956f9496dfbe08c86ce4e1b835327
Reviewed-on: http://review.couchbase.org/73183
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Daniel Owen <owend@couchbase.com>

show more ...


Revision tags: v4.6.0_ep, v4.5.1-MP1_mc, v4.6.0-DP_mc, v4.6.0-DP_ep, v4.5.1-MP1_ep, v4.1.2-MP2_mc, v4.5.1_mc, v4.6.0_mc, v4.1.2-MP1_ep
# a47c925a 12-Jul-2016 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Add privilege to manage collections

Change-Id: Iae230adb82000b6ce5a5a19ddb8780232c4694b8
Reviewed-on: http://review.couchbase.org/65685
Tested-by: buildbot <build@couchbase

MB-19339: Add privilege to manage collections

Change-Id: Iae230adb82000b6ce5a5a19ddb8780232c4694b8
Reviewed-on: http://review.couchbase.org/65685
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>
Reviewed-by: Will Gardner <will.gardner@couchbase.com>

show more ...


# 4be17c7e 12-Jul-2016 Trond Norbye <trond.norbye@gmail.com>

Add privileges to access the system attribute section

Change-Id: Ic1abdec58f0dc0a9649f26c9c8900b580273e94a
Reviewed-on: http://review.couchbase.org/65681
Reviewed-by: Dave Rigby <dav

Add privileges to access the system attribute section

Change-Id: Ic1abdec58f0dc0a9649f26c9c8900b580273e94a
Reviewed-on: http://review.couchbase.org/65681
Reviewed-by: Dave Rigby <daver@couchbase.com>
Tested-by: buildbot <build@couchbase.com>

show more ...


# 529f4a3f 12-Jul-2016 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Split DCP into Producer and Consumer

The DCP privilege should not exist. The server don't separate
between the two privileges currently, but as part of implementing
the bac

MB-19339: Split DCP into Producer and Consumer

The DCP privilege should not exist. The server don't separate
between the two privileges currently, but as part of implementing
the backend we'll add tests that ensure that the privileges is
correctly set up.

Change-Id: If35f54dfd45148ecf57e57905b2fddcf7dffa04d
Reviewed-on: http://review.couchbase.org/65677
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>

show more ...


Revision tags: v3.1.6_ep
# aa8e12d9 08-Jul-2016 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Add IdleConnection privilege

This privilege is intended for clients which don't handle
abnormal disconnects very well.

Change-Id: I54cd93c5fce532d91200a7c466dee61cee63

MB-19339: Add IdleConnection privilege

This privilege is intended for clients which don't handle
abnormal disconnects very well.

Change-Id: I54cd93c5fce532d91200a7c466dee61cee63b20e
Reviewed-on: http://review.couchbase.org/65608
Reviewed-by: Dave Rigby <daver@couchbase.com>
Tested-by: buildbot <build@couchbase.com>

show more ...


# 862c3e44 08-Jul-2016 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Split TAP into Producer and Consumer

"clients" of the system should be able to set up producer
streams, but we might not trust such systems enough to
allow them to inject d

MB-19339: Split TAP into Producer and Consumer

"clients" of the system should be able to set up producer
streams, but we might not trust such systems enough to
allow them to inject data into the system.

Change-Id: I44796ca5716a2bbdc9593d35819b5388282a969e
Reviewed-on: http://review.couchbase.org/65606
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>

show more ...


# 3b2a836d 22-Jun-2016 Trond Norbye <trond.norbye@gmail.com>

MB-19339: Refactor RBAC handling in memcached

memcached used to follow the least privilege principle by
allowing the "user" to grant access to individual commands.
As part of the tas

MB-19339: Refactor RBAC handling in memcached

memcached used to follow the least privilege principle by
allowing the "user" to grant access to individual commands.
As part of the task to integrate memcacheds RBAC into the
entire stack, we're refactoring the RBAC support to look
more like the model being used in ns_server.

We've defined a small subset of privileges and specify
which privileges each command require and perform that check
before each command is executed. Given that some commands
may produce different results depending on which privilege
the "user" have access to, the server API is also extended
to provide a method for the underlying engine to call to
check for privilege access:

if (!sapi->cookie.check_privilege(cookie,
Privilege::Read)) {
return ENGINE_EACCESS;
}

We've not yet decided on how memcached shall receive the
RBAC configuration defined by the user. There is currently
two alternatives:

1) Use the component in `ns_server`
+ The component already exists; only minor changes is needed
to add support for our privileges
+ No need to standardize the "file format" for the RBAC data
+ Only one implementation of the access evaluation
+ The same bugs exists everywhere
- memcached depends on the availability of another component
- what to do if it refuse to answer on the port
- what to do if we're having "network" failures
- what to do if we're failing to create a socket to perform
the rest call (running out of file descriptors)
- We need to create a mock of the server for our unit testing
- need to implement enough failure scenarios to ensure we handle
all kinds of problems
- Is it fast engough, and does it scale?
- We need to add support for HTTP in memcached
- Cache invalidation
- We would have to generate the privilege set every time
the user selects a bucket (or performs a new auth), but
we would have no clue when to invalidate this. We _could_
add a TTL for the privilege set for let's say 1h to avoid
having to reboot all nodes to kick out all users which no
longer have access to the privileges.

2) Let `memcached` implement the access control
+ No external process dependencies affecting the availability or
error situations at runtime
- Need a fixed file format between `ns_server` and `memcached` and
a way to signal memcached that the files changed.
- Need to implement parser in multiple components
+ Need to create test suite to ensure that all components
produce the same result of the given input
+ Extremely fast and scalable. Everything is lookup of internal
datastructures in a "copy on write" mode. Lock only held in
order to create a shared pointer to the datastructures. Cache
invalidation performed by looking at two atomic variables.
- No need for a mock server, all tests may be performed with
real configuration data.
+ Simpler logic in `memcached`
+ No need to suspend a connection in the middle of the AUTH /
Select-Bucket phase in order to request the privilege
set from `ns_server`

Given the above we can't currently provide any useful implementation
with a fine grained RBAC control, so this patch grants connections
authenticated as _admin full access to the system. All other
connections will get access similar to what they used to get before
RBAC was added to memcached.

The unit tests needs to be updated to make sure they use the new
privilege infrastructure when we have decided if we want to use
an internal component or an external component.

Change-Id: I4154053a2394ac836f34593b6f6067b0a46f5d71
Reviewed-on: http://review.couchbase.org/65148
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Will Gardner <will.gardner@couchbase.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>

show more ...