Home
last modified time | relevance | path

Searched +hist:5 +hist:d255ca1 (Results 1 - 2 of 2) sorted by relevance

/Couchbase_C_Client_v3.0/cmake/Modules/
H A DGetPlatformCCInfo.cmakediff 5d255ca1 Sat Feb 08 19:53:48 UTC 2014 Mark Nunberg <mnunberg@haskalah.org> Set proper output name for binary packages

Change-Id: I44c806909df766ecff1d2b389a40274375170fbe
Reviewed-on: http://review.couchbase.org/33353
Reviewed-by: Brett Lawson <brett19@gmail.com>
Tested-by: Mark Nunberg <mnunberg@haskalah.org>
diff 5d255ca1 Sat Feb 08 19:53:48 UTC 2014 Mark Nunberg <mnunberg@haskalah.org> Set proper output name for binary packages

Change-Id: I44c806909df766ecff1d2b389a40274375170fbe
Reviewed-on: http://review.couchbase.org/33353
Reviewed-by: Brett Lawson <brett19@gmail.com>
Tested-by: Mark Nunberg <mnunberg@haskalah.org>
/Couchbase_C_Client_v3.0/
H A DCMakeLists.txtdiff 5bf25415 Mon Jul 16 15:34:56 UTC 2018 Sergey Avseyev <sergey.avseyev@gmail.com> CCBC-957: Automatically disable SSL support, when OpenSSL missing

Change-Id: Icbe2f33e8491ce7db986307d40d8f15fbac1a319
Reviewed-on: http://review.couchbase.org/96942
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Sergey Avseyev <sergey.avseyev@gmail.com>
diff 40ff8088 Mon Apr 09 12:18:52 UTC 2018 Guillaume Molleda / Amadeus IT Group <gmolleda@amadeus.com> CCBC-685: Implementation of SCRAM-SHA authentication mechanism

Please refer to RFC 5802 for a complete description of the SCRAM-SHA
authentication sequence.

Basically, the purpose is to base the authentication on exchanges of
proofs of identity rather than passwords (in clear text or not). Proofs
are hashed using a salted password (the salt being provided by the
server) and random nonces (unique to the session), so that only peers
knowing the secret password can acknowledge them.

The authentication is performed in five steps.

Step 1: the client sends the username and his nonce (unique to this
session).

Step 2: the server returns its nonce (concatenated with the client's
nonce), the salt and an iteration count (used when computing the
salted password).

Step 3: the client computes the client's proof from a combination of the
password, the salt, the iteration count and the previous
messages (cf RFC 5802 for the complete details). It is sent back
to the server.

Step 4: the server verifies the validity of the client's proof and
generates its own proof based also on the password, the salt,
the iteration count and a concatenation of previous messages.
This proof is replied to the client as acknowledgement of the
authentication.

Step 5: the client can verify the validity of the server's proof. The
authentication is successful.

Three versions of SCRAM-SHA algorithm are currently available:
SCRAM-SHA1, SCRAM-SHA256 and SCRAM-SHA512, the difference being on the
strength of the hashing. SCRAM-SHA512 is considered as more secure now,
so it is used as default by this implementation.

This implementation was tested over a Couchbase cluster 4.6.2
(enterprise version).

Here is a real example of SCRAM-SHA512 authentication exchange made
between the mininal example and the 4.6.2 cluster (captured using
tcpdump):

Msg 1 (client->server):
n,,n=test,r=0c0d2b1a62de9318

Msg 2 (server->client):
r=0c0d2b1a62de9318660590ff26368002,s=bGkVWZUpi3OgnkzskW+8YlB7LyFrwETeWI+1seQ+0Y4oP4/FditP6DE/oQ0qdrSKFC4VVlkkSaW34EyhGHzEzA==,i=4096

Msg 3 (client->server):
c=biws,r=0c0d2b1a62de9318660590ff26368002,p=f3UTCdYt5pgb5LvkZsdM97crONf7+k8iFZP5/26Z8pIB75I/++L/Vy5FMfAsSDaLNiAo00bzpSz3SFZ9qzR3yw==

Msg 4 (server->client):
v=i6R3vC0ul0V4XW/jIC1dtayEGPeYBVudp1ay8Ai9R9Mup96B2aP8weU58+C2orgWKPRW0IWGPUMXIW7py/Sfrw==

Proofs and salt are encoded in Base64.

Other examples can be found in the unit tests (t_scram.cc file).

Please note that we rely on OpenSSL for the implementation of SHA, HMAC
and PBKDF2 algorithms. If OpenSSL is not linked (or if OpenSSL doesn't
implement PBKDF2), then SCRAM-SHA* authentication mecanisms are disabled
(only CRAM-MD5 and PLAIN will be used).

Change-Id: I4353e791c5e773b8c2fe31b335a05b10d9d499c8
Reviewed-on: http://review.couchbase.org/92497
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Sergey Avseyev <sergey.avseyev@gmail.com>
diff 4f93ddd2 Fri Jun 30 12:21:08 UTC 2017 Sergey Avseyev <sergey.avseyev@gmail.com> CCBC-781: Expose enhanced errors for data commands

Motivation
----------
Couchbase Server 5 might return additional information about
errors in the response body. According to SDK-RFC-28, the library
should allow user code to inspect this information.

Modification
------------
Check for non-empty body of failure responses before handlers invocation,
and if their datatype is JSON, try to parse it according to spec.
Store extracted reference ID and error context into response wrapper
and define API functions to access it:

* lcb_resp_get_error_context(int, const lcb_RESPBASE *)
* lcb_resp_get_error_ref(int, const lcb_RESPBASE *)

They both return non-NULL strings if any of error information accessible.
The lifetime of these fields limited by lifetime of the response object.

This change only covers commands, exposed directly to user via callbacks.
Enhanced error messages for authentication logged by the library. See
http://review.couchbase.org/80143

Result
------
The user can match error events to the server events (if 'ref' field
accessible), and inspect details about failure in error context.

Change-Id: I71fc618092ced011c67e9ad892c03b2db080caae
Reviewed-on: http://review.couchbase.org/80187
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Brett Lawson <brett19@gmail.com>
diff 5e994557 Tue Nov 04 00:20:35 UTC 2014 Mark Nunberg <mnunberg@haskalah.org> Add lcbcore as an 'object' library

This way we don't need to compile the object files twice for
libcouchbase.so and libcouchbaseS.a

Change-Id: Ice6856964510c24bc675aad05fa6f1284c88d120
Reviewed-on: http://review.couchbase.org/42770
Reviewed-by: Sergey Avseyev <sergey.avseyev@gmail.com>
Tested-by: Mark Nunberg <mnunberg@haskalah.org>
diff 5b2f7f6d Sat Feb 22 13:48:11 UTC 2014 Mark Nunberg <mnunberg@haskalah.org> cmake: fix mock URL

Change-Id: Ic122aad86eaeec7137cfbaa6e4e1924b088d3aaf
Reviewed-on: http://review.couchbase.org/33854
Reviewed-by: Brett Lawson <brett19@gmail.com>
Tested-by: Mark Nunberg <mnunberg@haskalah.org>
diff 5d255ca1 Sat Feb 08 19:53:48 UTC 2014 Mark Nunberg <mnunberg@haskalah.org> Set proper output name for binary packages

Change-Id: I44c806909df766ecff1d2b389a40274375170fbe
Reviewed-on: http://review.couchbase.org/33353
Reviewed-by: Brett Lawson <brett19@gmail.com>
Tested-by: Mark Nunberg <mnunberg@haskalah.org>
diff 5d255ca1 Sat Feb 08 19:53:48 UTC 2014 Mark Nunberg <mnunberg@haskalah.org> Set proper output name for binary packages

Change-Id: I44c806909df766ecff1d2b389a40274375170fbe
Reviewed-on: http://review.couchbase.org/33353
Reviewed-by: Brett Lawson <brett19@gmail.com>
Tested-by: Mark Nunberg <mnunberg@haskalah.org>
diff 94fda37c Mon Dec 23 15:52:35 UTC 2013 Mark Nunberg <mnunberg@haskalah.org> Reverting CCCP support to prepare for confmon

Confmon is our next-generation configuration management system which
abstracts all the config handling using a dedicated new API

Revert "Use SASL unless username is NULL, not password"

This reverts commit 61d18f314face1541beede99e2d82e5c528ab689.
Revert "Don't start a failout chain if NMVB config can't be parsed"

This reverts commit 14c7aabb75c92b143b69dddada52ef24c17e06f4.
Revert "CCBC-300 Use 'Uncommited' instead of 'Evolving' according to attributes(5)"

This reverts commit ceb345353b36a854e2161b8c1ccab81821d169c8.
Revert "Skip CMD_GET_CLUSTER_CONFIG on server failout"

This reverts commit c1128a2bdbb156f7cf78644d4eec32e087fc8b99.
Revert "Sylistic improvements for configuration"

This reverts commit 8d66cb5638e8b38f99e5b0240c8f9d33981e428e.
Revert "cbc: add switch --config-transport to choose HTTP/CCCP"

This reverts commit a12ad36abdf52ccf96f19821abb9dc8c5c151045.
Revert "Use second version of the lcb_create_st in C++ constructor"

This reverts commit 7121ba431ff950401e0bdf0be56629320e2b8a0f.
Revert "CCBC-234 Add lcb_cntl command to determine source of configuration"

This reverts commit 3e9ccd624d3b98dd4ab26bdabc11f2585dd61365.
Revert "CCBC-234 Use CCCP protocol to update vbucket configuration"

This reverts commit c010d2b4c27efb7b9da02c82084948e9f821aaba.
Revert "CCBC-234 Bootstrap with CCCP"

This reverts commit b07f1b65e4ed07832d74aaf1ec22a15b8a5f2482.
Revert "Extract function to pick node from backup list"

This reverts commit 983eaaec96ef3e9a7a5f59b7530233a112e1787f.
Revert "Refactor internal configuration struct"

This reverts commit e758c638b4842234629215ff113c400809340828.
Revert "Isolate HTTP bootstrapping code"

This reverts commit 6295d55d671dc79bdca4e56a2790f3966de84d90.

Change-Id: Ia0d3a4f52e90de46bbd8b2411327ce8a4fe554a3
Reviewed-on: http://review.couchbase.org/31633
Reviewed-by: Brett Lawson <brett19@gmail.com>
Tested-by: Mark Nunberg <mnunberg@haskalah.org>
diff ba2db369 Thu Aug 15 02:42:34 UTC 2013 Mark Nunberg <mnunberg@haskalah.org> [bconf] Overhaul

This cleans up the bucketconfig code; breakouts and error propagation
are done from the I/O handlers rather than the parsing handlers. This
allows the I/O handlers to more easily cancel the timeouts if necessary.

Among the additions:

- New lcb_cntl operation for a configuration timeout (5 seconds by
default)
- 'bconf_provider' module, where most of the bucket config updating is
done
- Move stuff from bconf_parse over to bconf_io where it affects instance
state and likewise.

Change-Id: I1a31d990b7333e1691855eb311bbec48b71b8a21
Reviewed-on: http://review.couchbase.org/28284
Reviewed-by: Sergey Avseyev <sergey.avseyev@gmail.com>
Tested-by: Sergey Avseyev <sergey.avseyev@gmail.com>

Completed in 50 milliseconds