API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 20th, 2014
167
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 70.53 KB | None | 0 0
raw download clone embed print report
  1. [Mon, 20 Oct 2014 22:39:41 GMT] [info] [<0.31.0>] Apache CouchDB has started on http://127.0.0.1:6024/
  2. [Mon, 20 Oct 2014 22:39:41 GMT] [info] [<0.103.0>] 127.0.0.1 - - GET / 200
  3. [Mon, 20 Oct 2014 22:39:41 GMT] [info] [<0.104.0>] 127.0.0.1 - - HEAD /_users/_all_docs 200
  4. [Mon, 20 Oct 2014 22:39:41 GMT] [info] [<0.105.0>] 127.0.0.1 - - PUT /_config/admins/_hoodie 200
  5. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.118.0>] 127.0.0.1 - - PUT /_config/admins/admin 200
  6. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.117.0>] 127.0.0.1 - - PUT /app 201
  7. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.116.0>] 127.0.0.1 - - PUT /app/_security 200
  8. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.115.0>] 127.0.0.1 - - PUT /app/config 201
  9. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.114.0>] 127.0.0.1 - - PUT /plugins 201
  10. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.113.0>] 127.0.0.1 - - PUT /plugins/_security 200
  11. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.112.0>] 127.0.0.1 - - PUT /_config/httpd/authentication_handlers 200
  12. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.109.0>] 127.0.0.1 - - GET / 200
  13. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.107.0>] 127.0.0.1 - - GET /_users 200
  14. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.110.0>] 127.0.0.1 - - GET /plugins/_all_docs?include_docs=true 200
  15. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.111.0>] 127.0.0.1 - - GET /app/config 200
  16. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.108.0>] 127.0.0.1 - - GET /_db_updates?feed=longpoll&timeout=0 200
  17. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.106.0>] 127.0.0.1 - - GET /_users/_changes?since=1&feed=continuous&heartbeat=30000&include_docs=true 200
  18. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.153.0>] 127.0.0.1 - - GET /_db_updates?feed=continuous&heartbeat=true 200
  19. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.150.0>] 127.0.0.1 - - GET /app/ 200
  20. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.152.0>] 127.0.0.1 - - GET /plugins/ 200
  21. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.159.0>] 127.0.0.1 - - GET /_users/_all_docs?include_docs=true 200
  22. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.159.0>] 127.0.0.1 - - GET /plugins//_changes?since=1&feed=continuous&heartbeat=30000&include_docs=true 200
  23. [Mon, 20 Oct 2014 22:39:44 GMT] [info] [<0.162.0>] 127.0.0.1 - - GET /app//_changes?since=2&feed=continuous&heartbeat=30000 200
  24. [Mon, 20 Oct 2014 22:39:48 GMT] [info] [<0.173.0>] 127.0.0.1 - - GET /?hoodieId=2p2lfhr 200
  25. [Mon, 20 Oct 2014 22:39:48 GMT] [info] [<0.172.0>] 127.0.0.1 - - DELETE /_session 200
  26. [Mon, 20 Oct 2014 22:39:53 GMT] [error] [<0.94.0>] OS Process Error <0.215.0> :: {os_process_error,
  27. {exit_status,133}}
  28. [Mon, 20 Oct 2014 22:39:53 GMT] [error] [<0.94.0>] ** Generic server couch_query_servers terminating
  29. ** Last message in was {get_proc,{doc,<<"_design/_auth">>,
  30. {1,
  31. [<<117,239,204,225,240,131,49,109,98,
  32. 45,56,159,63,152,19,247>>]},
  33. {[{<<"language">>,<<"javascript">>},
  34. {<<"validate_doc_update">>,
  35. <<"\n function(newDoc, oldDoc, userCtx, secObj) {\n if (newDoc._deleted === true) {\n // allow deletes by admins and matching users\n // without checking the other fields\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\n (userCtx.name == oldDoc.name)) {\n return;\n } else {\n throw({forbidden: 'Only admins may delete other user docs.'});\n }\n }\n\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\n throw({forbidden : 'doc.type must be user'});\n } // we only allow user docs for now\n\n if (!newDoc.name) {\n throw({forbidden: 'doc.name is required'});\n }\n\n if (!newDoc.roles) {\n throw({forbidden: 'doc.roles must exist'});\n }\n\n if (!isArray(newDoc.roles)) {\n throw({forbidden: 'doc.roles must be an array'});\n }\n\n for (var idx = 0; idx < newDoc.roles.length; idx++) {\n if (typeof newDoc.roles[idx] !== 'string') {\n throw({forbidden: 'doc.roles can only contain strings'});\n }\n }\n\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\n throw({\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\n });\n }\n\n if (oldDoc) { // validate all updates\n if (oldDoc.name !== newDoc.name) {\n throw({forbidden: 'Usernames can not be changed.'});\n }\n }\n\n if (newDoc.password_sha && !newDoc.salt) {\n throw({\n forbidden: 'Users with password_sha must have a salt.' +\n 'See /_utils/script/couch.js for example code.'\n });\n }\n\n if (newDoc.password_scheme === \"pbkdf2\") {\n if (typeof(newDoc.iterations) !== \"number\") {\n throw({forbidden: \"iterations must be a number.\"});\n }\n if (typeof(newDoc.derived_key) !== \"string\") {\n throw({forbidden: \"derived_key must be a string.\"});\n }\n }\n\n var is_server_or_database_admin = function(userCtx, secObj) {\n // see if the user is a server admin\n if(userCtx.roles.indexOf('_admin') !== -1) {\n return true; // a server admin\n }\n\n // see if the user a database admin specified by name\n if(secObj && secObj.admins && secObj.admins.names) {\n if(secObj.admins.names.indexOf(userCtx.name) !== -1) {\n return true; // database admin\n }\n }\n\n // see if the user a database admin specified by role\n if(secObj && secObj.admins && secObj.admins.roles) {\n var db_roles = secObj.admins.roles;\n for(var idx = 0; idx < userCtx.roles.length; idx++) {\n var user_role = userCtx.roles[idx];\n if(db_roles.indexOf(user_role) !== -1) {\n return true; // role matches!\n }\n }\n }\n\n return false; // default to no admin\n }\n\n if (!is_server_or_database_admin(userCtx, secObj)) {\n if (oldDoc) { // validate non-admin updates\n if (userCtx.name !== newDoc.name) {\n throw({\n forbidden: 'You may only update your own user document.'\n });\n }\n // validate role updates\n var oldRoles = oldDoc.roles.sort();\n var newRoles = newDoc.roles.sort();\n\n if (oldRoles.length !== newRoles.length) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n\n for (var i = 0; i < oldRoles.length; i++) {\n if (oldRoles[i] !== newRoles[i]) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n }\n } else if (newDoc.roles.length > 0) {\n throw({forbidden: 'Only _admin may set roles'});\n }\n }\n\n // no system roles in users db\n for (var i = 0; i < newDoc.roles.length; i++) {\n if (newDoc.roles[i][0] === '_') {\n throw({\n forbidden:\n 'No system roles (starting with underscore) in users db.'\n });\n }\n }\n\n // no system names as names\n if (newDoc.name[0] === '_') {\n throw({forbidden: 'Username may not start with underscore.'});\n }\n\n var badUserNameChars = [':'];\n\n for (var i = 0; i < badUserNameChars.length; i++) {\n if (newDoc.name.indexOf(badUserNameChars[i]) >= 0) {\n throw({forbidden: 'Character `' + badUserNameChars[i] +\n '` is not allowed in usernames.'});\n }\n }\n }\n">>}]},
  36. [],false,[]},
  37. {<<"_design/_auth">>,
  38. <<"1-75efcce1f083316d622d389f3f9813f7">>}}
  39. ** When Server state == {qserver,28708,36902,40999,32805,[],
  40. {[{<<"reduce_limit">>,true},
  41. {<<"timeout">>,5000}]}}
  42. ** Reason for termination ==
  43. ** {bad_return_value,{os_process_error,{exit_status,133}}}
  44.  
  45. [Mon, 20 Oct 2014 22:39:53 GMT] [error] [<0.94.0>] {error_report,<0.30.0>,
  46. {<0.94.0>,crash_report,
  47. [[{initial_call,
  48. {couch_query_servers,init,['Argument__1']}},
  49. {pid,<0.94.0>},
  50. {registered_name,couch_query_servers},
  51. {error_info,
  52. {exit,
  53. {bad_return_value,
  54. {os_process_error,{exit_status,133}}},
  55. [{gen_server,terminate,6,
  56. [{file,"gen_server.erl"},{line,737}]},
  57. {proc_lib,init_p_do_apply,3,
  58. [{file,"proc_lib.erl"},{line,237}]}]}},
  59. {ancestors,
  60. [couch_secondary_services,couch_server_sup,
  61. <0.31.0>]},
  62. {messages,
  63. [{'EXIT',<0.215.0>,normal},
  64. {'DOWN',#Ref<0.0.0.765>,process,<0.215.0>,
  65. normal}]},
  66. {links,[<0.90.0>]},
  67. {dictionary,[]},
  68. {trap_exit,true},
  69. {status,running},
  70. {heap_size,1598},
  71. {stack_size,27},
  72. {reductions,3620}],
  73. []]}}
  74. [Mon, 20 Oct 2014 22:39:53 GMT] [error] [<0.90.0>] {error_report,<0.30.0>,
  75. {<0.90.0>,supervisor_report,
  76. [{supervisor,{local,couch_secondary_services}},
  77. {errorContext,child_terminated},
  78. {reason,
  79. {bad_return_value,
  80. {os_process_error,{exit_status,133}}}},
  81. {offender,
  82. [{pid,<0.94.0>},
  83. {name,query_servers},
  84. {mfargs,{couch_query_servers,start_link,[]}},
  85. {restart_type,permanent},
  86. {shutdown,brutal_kill},
  87. {child_type,worker}]}]}}
  88. [Mon, 20 Oct 2014 22:39:53 GMT] [error] [<0.207.0>] Uncaught error in HTTP request: {exit,
  89. {{bad_return_value,
  90. {os_process_error,
  91. {exit_status,133}}},
  92. {gen_server,call,
  93. [couch_query_servers,
  94. {get_proc,
  95. {doc,
  96. <<"_design/_auth">>,
  97. {1,
  98. [<<117,239,204,
  99. 225,240,131,49,
  100. 109,98,45,56,
  101. 159,63,152,19,
  102. 247>>]},
  103. {[{<<"language">>,
  104. <<"javascript">>},
  105. {<<"validate_doc_update">>,
  106. <<"\n function(newDoc, oldDoc, userCtx, secObj) {\n if (newDoc._deleted === true) {\n // allow deletes by admins and matching users\n // without checking the other fields\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\n (userCtx.name == oldDoc.name)) {\n return;\n } else {\n throw({forbidden: 'Only admins may delete other user docs.'});\n }\n }\n\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\n throw({forbidden : 'doc.type must be user'});\n } // we only allow user docs for now\n\n if (!newDoc.name) {\n throw({forbidden: 'doc.name is required'});\n }\n\n if (!newDoc.roles) {\n throw({forbidden: 'doc.roles must exist'});\n }\n\n if (!isArray(newDoc.roles)) {\n throw({forbidden: 'doc.roles must be an array'});\n }\n\n for (var idx = 0; idx < newDoc.roles.length; idx++) {\n if (typeof newDoc.roles[idx] !== 'string') {\n throw({forbidden: 'doc.roles can only contain strings'});\n }\n }\n\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\n throw({\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\n });\n }\n\n if (oldDoc) { // validate all updates\n if (oldDoc.name !== newDoc.name) {\n throw({forbidden: 'Usernames can not be changed.'});\n }\n }\n\n if (newDoc.password_sha && !newDoc.salt) {\n throw({\n forbidden: 'Users with password_sha must have a salt.' +\n 'See /_utils/script/couch.js for example code.'\n });\n }\n\n if (newDoc.password_scheme === \"pbkdf2\") {\n if (typeof(newDoc.iterations) !== \"number\") {\n throw({forbidden: \"iterations must be a number.\"});\n }\n if (typeof(newDoc.derived_key) !== \"string\") {\n throw({forbidden: \"derived_key must be a string.\"});\n }\n }\n\n var is_server_or_database_admin = function(userCtx, secObj) {\n // see if the user is a server admin\n if(userCtx.roles.indexOf('_admin') !== -1) {\n return true; // a server admin\n }\n\n // see if the user a database admin specified by name\n if(secObj && secObj.admins && secObj.admins.names) {\n if(secObj.admins.names.indexOf(userCtx.name) !== -1) {\n return true; // database admin\n }\n }\n\n // see if the user a database admin specified by role\n if(secObj && secObj.admins && secObj.admins.roles) {\n var db_roles = secObj.admins.roles;\n for(var idx = 0; idx < userCtx.roles.length; idx++) {\n var user_role = userCtx.roles[idx];\n if(db_roles.indexOf(user_role) !== -1) {\n return true; // role matches!\n }\n }\n }\n\n return false; // default to no admin\n }\n\n if (!is_server_or_database_admin(userCtx, secObj)) {\n if (oldDoc) { // validate non-admin updates\n if (userCtx.name !== newDoc.name) {\n throw({\n forbidden: 'You may only update your own user document.'\n });\n }\n // validate role updates\n var oldRoles = oldDoc.roles.sort();\n var newRoles = newDoc.roles.sort();\n\n if (oldRoles.length !== newRoles.length) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n\n for (var i = 0; i < oldRoles.length; i++) {\n if (oldRoles[i] !== newRoles[i]) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n }\n } else if (newDoc.roles.length > 0) {\n throw({forbidden: 'Only _admin may set roles'});\n }\n }\n\n // no system roles in users db\n for (var i = 0; i < newDoc.roles.length; i++) {\n if (newDoc.roles[i][0] === '_') {\n throw({\n forbidden:\n 'No system roles (starting with underscore) in users db.'\n });\n }\n }\n\n // no system names as names\n if (newDoc.name[0] === '_') {\n throw({forbidden: 'Username may not start with underscore.'});\n }\n\n var badUserNameChars = [':'];\n\n for (var i = 0; i < badUserNameChars.length; i++) {\n if (newDoc.name.indexOf(badUserNameChars[i]) >= 0) {\n throw({forbidden: 'Character `' + badUserNameChars[i] +\n '` is not allowed in usernames.'});\n }\n }\n }\n">>}]},
  107. [],false,[]},
  108. {<<"_design/_auth">>,
  109. <<"1-75efcce1f083316d622d389f3f9813f7">>}},
  110. infinity]}}}
  111. [Mon, 20 Oct 2014 22:39:53 GMT] [info] [<0.207.0>] Stacktrace: [{gen_server,call,3,
  112. [{file,"gen_server.erl"},{line,190}]},
  113. {couch_query_servers,get_ddoc_process,2,
  114. [{file,"couch_query_servers.erl"},
  115. {line,547}]},
  116. {couch_query_servers,with_ddoc_proc,2,
  117. [{file,"couch_query_servers.erl"},
  118. {line,268}]},
  119. {couch_query_servers,validate_doc_update,5,
  120. [{file,"couch_query_servers.erl"},
  121. {line,227}]},
  122. {couch_db,
  123. '-validate_doc_update/3-lc$^0/1-0-',5,
  124. [{file,"couch_db.erl"},{line,473}]},
  125. {couch_db,validate_doc_update,3,
  126. [{file,"couch_db.erl"},{line,473}]},
  127. {couch_db,
  128. '-prep_and_validate_updates/6-fun-1-',3,
  129. [{file,"couch_db.erl"},{line,532}]},
  130. {lists,foldl,3,
  131. [{file,"lists.erl"},{line,1261}]}]
  132. [Mon, 20 Oct 2014 22:39:53 GMT] [info] [<0.207.0>] 127.0.0.1 - - PUT /_users/org.couchdb.user%3Auser%2Ftest 500
  133. [Mon, 20 Oct 2014 22:39:53 GMT] [error] [<0.207.0>] httpd 500 error response:
  134. {"error":"{bad_return_value,{os_process_error,{exit_status,133}}}","reason":"{gen_server,call,\n [couch_query_servers,\n {get_proc,{doc,<<\"_design/_auth\">>,\n {1,\n [<<117,239,204,225,240,131,49,109,98,45,56,159,\n 63,152,19,247>>]},\n {[{<<\"language\">>,<<\"javascript\">>},\n {<<\"validate_doc_update\">>,\n <<\"\\n function(newDoc, oldDoc, userCtx, secObj) {\\n if (newDoc._deleted === true) {\\n // allow deletes by admins and matching users\\n // without checking the other fields\\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\\n (userCtx.name == oldDoc.name)) {\\n return;\\n } else {\\n throw({forbidden: 'Only admins may delete other user docs.'});\\n }\\n }\\n\\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\\n throw({forbidden : 'doc.type must be user'});\\n } // we only allow user docs for now\\n\\n if (!newDoc.name) {\\n throw({forbidden: 'doc.name is required'});\\n }\\n\\n if (!newDoc.roles) {\\n throw({forbidden: 'doc.roles must exist'});\\n }\\n\\n if (!isArray(newDoc.roles)) {\\n throw({forbidden: 'doc.roles must be an array'});\\n }\\n\\n for (var idx = 0; idx < newDoc.roles.length; idx++) {\\n if (typeof newDoc.roles[idx] !== 'string') {\\n throw({forbidden: 'doc.roles can only contain strings'});\\n }\\n }\\n\\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\\n throw({\\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\\n });\\n }\\n\\n if (oldDoc) { // validate all updates\\n if (oldDoc.name !== newDoc.name) {\\n throw({forbidden: 'Usernames can not be changed.'});\\n }\\n }\\n\\n if (newDoc.password_sha && !newDoc.salt) {\\n throw({\\n forbidden: 'Users with password_sha must have a salt.' +\\n 'See /_utils/script/couch.js for example code.'\\n });\\n }\\n\\n if (newDoc.password_scheme === \\\"pbkdf2\\\") {\\n if (typeof(newDoc.iterations) !== \\\"number\\\") {\\n throw({forbidden: \\\"iterations must be a number.\\\"});\\n }\\n if (typeof(newDoc.derived_key) !== \\\"string\\\") {\\n throw({forbidden: \\\"derived_key must be a string.\\\"});\\n }\\n }\\n\\n var is_server_or_database_admin = function(userCtx, secObj) {\\n // see if the user is a server admin\\n if(userCtx.roles.indexOf('_admin') !== -1) {\\n return true; // a server admin\\n }\\n\\n // see if the user a database admin specified by name\\n if(secObj && secObj.admins && secObj.admins.names) {\\n if(secObj.admins.names.indexOf(userCtx.name) !== -1) {\\n return true; // database admin\\n }\\n }\\n\\n // see if the user a database admin specified by role\\n if(secObj && secObj.admins && secObj.admins.roles) {\\n var db_roles = secObj.admins.roles;\\n for(var idx = 0; idx < userCtx.roles.length; idx++) {\\n var user_role = userCtx.roles[idx];\\n if(db_roles.indexOf(user_role) !== -1) {\\n return true; // role matches!\\n }\\n }\\n }\\n\\n return false; // default to no admin\\n }\\n\\n if (!is_server_or_database_admin(userCtx, secObj)) {\\n if (oldDoc) { // validate non-admin updates\\n if (userCtx.name !== newDoc.name) {\\n throw({\\n forbidden: 'You may only update your own user document.'\\n });\\n }\\n // validate role updates\\n var oldRoles = oldDoc.roles.sort();\\n var newRoles = newDoc.roles.sort();\\n\\n if (oldRoles.length !== newRoles.length) {\\n throw({forbidden: 'Only _admin may edit roles'});\\n }\\n\\n for (var i = 0; i < oldRoles.length; i++) {\\n if (oldRoles[i] !== newRoles[i]) {\\n throw({forbidden: 'Only _admin may edit roles'});\\n }\\n }\\n } else if (newDoc.roles.length > 0) {\\n throw({forbidden: 'Only _admin may set roles'});\\n }\\n }\\n\\n // no system roles in users db\\n for (var i = 0; i < newDoc.roles.length; i++) {\\n if (newDoc.roles[i][0] === '_') {\\n throw({\\n forbidden:\\n 'No system roles (starting with underscore) in users db.'\\n });\\n }\\n }\\n\\n // no system names as names\\n if (newDoc.name[0] === '_') {\\n throw({forbidden: 'Username may not start with underscore.'});\\n }\\n\\n var badUserNameChars = [':'];\\n\\n for (var i = 0; i < badUserNameChars.length; i++) {\\n if (newDoc.name.indexOf(badUserNameChars[i]) >= 0) {\\n throw({forbidden: 'Character `' + badUserNameChars[i] +\\n '` is not allowed in usernames.'});\\n }\\n }\\n }\\n\">>}]},\n [],false,[]},\n {<<\"_design/_auth\">>,\n <<\"1-75efcce1f083316d622d389f3f9813f7\">>}},\n infinity]}"}
  135.  
  136. [Mon, 20 Oct 2014 22:40:04 GMT] [info] [<0.191.0>] 127.0.0.1 - - DELETE /_session 200
  137. [Mon, 20 Oct 2014 22:40:04 GMT] [info] [<0.190.0>] 127.0.0.1 - - GET /?hoodieId=2p2lfhr 200
  138. [Mon, 20 Oct 2014 22:40:12 GMT] [error] [<0.219.0>] OS Process Error <0.243.0> :: {os_process_error,
  139. {exit_status,133}}
  140. [Mon, 20 Oct 2014 22:40:12 GMT] [error] [<0.219.0>] ** Generic server couch_query_servers terminating
  141. ** Last message in was {get_proc,{doc,<<"_design/_auth">>,
  142. {1,
  143. [<<117,239,204,225,240,131,49,109,98,
  144. 45,56,159,63,152,19,247>>]},
  145. {[{<<"language">>,<<"javascript">>},
  146. {<<"validate_doc_update">>,
  147. <<"\n function(newDoc, oldDoc, userCtx, secObj) {\n if (newDoc._deleted === true) {\n // allow deletes by admins and matching users\n // without checking the other fields\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\n (userCtx.name == oldDoc.name)) {\n return;\n } else {\n throw({forbidden: 'Only admins may delete other user docs.'});\n }\n }\n\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\n throw({forbidden : 'doc.type must be user'});\n } // we only allow user docs for now\n\n if (!newDoc.name) {\n throw({forbidden: 'doc.name is required'});\n }\n\n if (!newDoc.roles) {\n throw({forbidden: 'doc.roles must exist'});\n }\n\n if (!isArray(newDoc.roles)) {\n throw({forbidden: 'doc.roles must be an array'});\n }\n\n for (var idx = 0; idx < newDoc.roles.length; idx++) {\n if (typeof newDoc.roles[idx] !== 'string') {\n throw({forbidden: 'doc.roles can only contain strings'});\n }\n }\n\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\n throw({\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\n });\n }\n\n if (oldDoc) { // validate all updates\n if (oldDoc.name !== newDoc.name) {\n throw({forbidden: 'Usernames can not be changed.'});\n }\n }\n\n if (newDoc.password_sha && !newDoc.salt) {\n throw({\n forbidden: 'Users with password_sha must have a salt.' +\n 'See /_utils/script/couch.js for example code.'\n });\n }\n\n if (newDoc.password_scheme === \"pbkdf2\") {\n if (typeof(newDoc.iterations) !== \"number\") {\n throw({forbidden: \"iterations must be a number.\"});\n }\n if (typeof(newDoc.derived_key) !== \"string\") {\n throw({forbidden: \"derived_key must be a string.\"});\n }\n }\n\n var is_server_or_database_admin = function(userCtx, secObj) {\n // see if the user is a server admin\n if(userCtx.roles.indexOf('_admin') !== -1) {\n return true; // a server admin\n }\n\n // see if the user a database admin specified by name\n if(secObj && secObj.admins && secObj.admins.names) {\n if(secObj.admins.names.indexOf(userCtx.name) !== -1) {\n return true; // database admin\n }\n }\n\n // see if the user a database admin specified by role\n if(secObj && secObj.admins && secObj.admins.roles) {\n var db_roles = secObj.admins.roles;\n for(var idx = 0; idx < userCtx.roles.length; idx++) {\n var user_role = userCtx.roles[idx];\n if(db_roles.indexOf(user_role) !== -1) {\n return true; // role matches!\n }\n }\n }\n\n return false; // default to no admin\n }\n\n if (!is_server_or_database_admin(userCtx, secObj)) {\n if (oldDoc) { // validate non-admin updates\n if (userCtx.name !== newDoc.name) {\n throw({\n forbidden: 'You may only update your own user document.'\n });\n }\n // validate role updates\n var oldRoles = oldDoc.roles.sort();\n var newRoles = newDoc.roles.sort();\n\n if (oldRoles.length !== newRoles.length) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n\n for (var i = 0; i < oldRoles.length; i++) {\n if (oldRoles[i] !== newRoles[i]) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n }\n } else if (newDoc.roles.length > 0) {\n throw({forbidden: 'Only _admin may set roles'});\n }\n }\n\n // no system roles in users db\n for (var i = 0; i < newDoc.roles.length; i++) {\n if (newDoc.roles[i][0] === '_') {\n throw({\n forbidden:\n 'No system roles (starting with underscore) in users db.'\n });\n }\n }\n\n // no system names as names\n if (newDoc.name[0] === '_') {\n throw({forbidden: 'Username may not start with underscore.'});\n }\n\n var badUserNameChars = [':'];\n\n for (var i = 0; i < badUserNameChars.length; i++) {\n if (newDoc.name.indexOf(badUserNameChars[i]) >= 0) {\n throw({forbidden: 'Character `' + badUserNameChars[i] +\n '` is not allowed in usernames.'});\n }\n }\n }\n">>}]},
  148. [],false,[]},
  149. {<<"_design/_auth">>,
  150. <<"1-75efcce1f083316d622d389f3f9813f7">>}}
  151. ** When Server state == {qserver,53284,61478,65575,57381,[],
  152. {[{<<"reduce_limit">>,true},
  153. {<<"timeout">>,5000}]}}
  154. ** Reason for termination ==
  155. ** {bad_return_value,{os_process_error,{exit_status,133}}}
  156.  
  157. [Mon, 20 Oct 2014 22:40:12 GMT] [error] [<0.219.0>] {error_report,<0.30.0>,
  158. {<0.219.0>,crash_report,
  159. [[{initial_call,
  160. {couch_query_servers,init,['Argument__1']}},
  161. {pid,<0.219.0>},
  162. {registered_name,couch_query_servers},
  163. {error_info,
  164. {exit,
  165. {bad_return_value,
  166. {os_process_error,{exit_status,133}}},
  167. [{gen_server,terminate,6,
  168. [{file,"gen_server.erl"},{line,737}]},
  169. {proc_lib,init_p_do_apply,3,
  170. [{file,"proc_lib.erl"},{line,237}]}]}},
  171. {ancestors,
  172. [couch_secondary_services,couch_server_sup,<0.31.0>]},
  173. {messages,
  174. [{'EXIT',<0.243.0>,normal},
  175. {'DOWN',#Ref<0.0.0.1038>,process,<0.243.0>,normal}]},
  176. {links,[<0.90.0>]},
  177. {dictionary,[]},
  178. {trap_exit,true},
  179. {status,running},
  180. {heap_size,1598},
  181. {stack_size,27},
  182. {reductions,3548}],
  183. []]}}
  184. [Mon, 20 Oct 2014 22:40:12 GMT] [error] [<0.90.0>] {error_report,<0.30.0>,
  185. {<0.90.0>,supervisor_report,
  186. [{supervisor,{local,couch_secondary_services}},
  187. {errorContext,child_terminated},
  188. {reason,
  189. {bad_return_value,
  190. {os_process_error,{exit_status,133}}}},
  191. {offender,
  192. [{pid,<0.219.0>},
  193. {name,query_servers},
  194. {mfargs,{couch_query_servers,start_link,[]}},
  195. {restart_type,permanent},
  196. {shutdown,brutal_kill},
  197. {child_type,worker}]}]}}
  198. [Mon, 20 Oct 2014 22:40:12 GMT] [error] [<0.208.0>] Uncaught error in HTTP request: {exit,
  199. {{bad_return_value,
  200. {os_process_error,
  201. {exit_status,133}}},
  202. {gen_server,call,
  203. [couch_query_servers,
  204. {get_proc,
  205. {doc,
  206. <<"_design/_auth">>,
  207. {1,
  208. [<<117,239,204,
  209. 225,240,131,49,
  210. 109,98,45,56,
  211. 159,63,152,19,
  212. 247>>]},
  213. {[{<<"language">>,
  214. <<"javascript">>},
  215. {<<"validate_doc_update">>,
  216. <<"\n function(newDoc, oldDoc, userCtx, secObj) {\n if (newDoc._deleted === true) {\n // allow deletes by admins and matching users\n // without checking the other fields\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\n (userCtx.name == oldDoc.name)) {\n return;\n } else {\n throw({forbidden: 'Only admins may delete other user docs.'});\n }\n }\n\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\n throw({forbidden : 'doc.type must be user'});\n } // we only allow user docs for now\n\n if (!newDoc.name) {\n throw({forbidden: 'doc.name is required'});\n }\n\n if (!newDoc.roles) {\n throw({forbidden: 'doc.roles must exist'});\n }\n\n if (!isArray(newDoc.roles)) {\n throw({forbidden: 'doc.roles must be an array'});\n }\n\n for (var idx = 0; idx < newDoc.roles.length; idx++) {\n if (typeof newDoc.roles[idx] !== 'string') {\n throw({forbidden: 'doc.roles can only contain strings'});\n }\n }\n\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\n throw({\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\n });\n }\n\n if (oldDoc) { // validate all updates\n if (oldDoc.name !== newDoc.name) {\n throw({forbidden: 'Usernames can not be changed.'});\n }\n }\n\n if (newDoc.password_sha && !newDoc.salt) {\n throw({\n forbidden: 'Users with password_sha must have a salt.' +\n 'See /_utils/script/couch.js for example code.'\n });\n }\n\n if (newDoc.password_scheme === \"pbkdf2\") {\n if (typeof(newDoc.iterations) !== \"number\") {\n throw({forbidden: \"iterations must be a number.\"});\n }\n if (typeof(newDoc.derived_key) !== \"string\") {\n throw({forbidden: \"derived_key must be a string.\"});\n }\n }\n\n var is_server_or_database_admin = function(userCtx, secObj) {\n // see if the user is a server admin\n if(userCtx.roles.indexOf('_admin') !== -1) {\n return true; // a server admin\n }\n\n // see if the user a database admin specified by name\n if(secObj && secObj.admins && secObj.admins.names) {\n if(secObj.admins.names.indexOf(userCtx.name) !== -1) {\n return true; // database admin\n }\n }\n\n // see if the user a database admin specified by role\n if(secObj && secObj.admins && secObj.admins.roles) {\n var db_roles = secObj.admins.roles;\n for(var idx = 0; idx < userCtx.roles.length; idx++) {\n var user_role = userCtx.roles[idx];\n if(db_roles.indexOf(user_role) !== -1) {\n return true; // role matches!\n }\n }\n }\n\n return false; // default to no admin\n }\n\n if (!is_server_or_database_admin(userCtx, secObj)) {\n if (oldDoc) { // validate non-admin updates\n if (userCtx.name !== newDoc.name) {\n throw({\n forbidden: 'You may only update your own user document.'\n });\n }\n // validate role updates\n var oldRoles = oldDoc.roles.sort();\n var newRoles = newDoc.roles.sort();\n\n if (oldRoles.length !== newRoles.length) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n\n for (var i = 0; i < oldRoles.length; i++) {\n if (oldRoles[i] !== newRoles[i]) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n }\n } else if (newDoc.roles.length > 0) {\n throw({forbidden: 'Only _admin may set roles'});\n }\n }\n\n // no system roles in users db\n for (var i = 0; i < newDoc.roles.length; i++) {\n if (newDoc.roles[i][0] === '_') {\n throw({\n forbidden:\n 'No system roles (starting with underscore) in users db.'\n });\n }\n }\n\n // no system names as names\n if (newDoc.name[0] === '_') {\n throw({forbidden: 'Username may not start with underscore.'});\n }\n\n var badUserNameChars = [':'];\n\n for (var i = 0; i < badUserNameChars.length; i++) {\n if (newDoc.name.indexOf(badUserNameChars[i]) >= 0) {\n throw({forbidden: 'Character `' + badUserNameChars[i] +\n '` is not allowed in usernames.'});\n }\n }\n }\n">>}]},
  217. [],false,[]},
  218. {<<"_design/_auth">>,
  219. <<"1-75efcce1f083316d622d389f3f9813f7">>}},
  220. infinity]}}}
  221. [Mon, 20 Oct 2014 22:40:12 GMT] [info] [<0.208.0>] Stacktrace: [{gen_server,call,3,
  222. [{file,"gen_server.erl"},{line,190}]},
  223. {couch_query_servers,get_ddoc_process,2,
  224. [{file,"couch_query_servers.erl"},
  225. {line,547}]},
  226. {couch_query_servers,with_ddoc_proc,2,
  227. [{file,"couch_query_servers.erl"},
  228. {line,268}]},
  229. {couch_query_servers,validate_doc_update,5,
  230. [{file,"couch_query_servers.erl"},
  231. {line,227}]},
  232. {couch_db,
  233. '-validate_doc_update/3-lc$^0/1-0-',5,
  234. [{file,"couch_db.erl"},{line,473}]},
  235. {couch_db,validate_doc_update,3,
  236. [{file,"couch_db.erl"},{line,473}]},
  237. {couch_db,
  238. '-prep_and_validate_updates/6-fun-1-',3,
  239. [{file,"couch_db.erl"},{line,532}]},
  240. {lists,foldl,3,
  241. [{file,"lists.erl"},{line,1261}]}]
  242. [Mon, 20 Oct 2014 22:40:12 GMT] [info] [<0.208.0>] 127.0.0.1 - - PUT /_users/org.couchdb.user%3Auser%2Ftest 500
  243. [Mon, 20 Oct 2014 22:40:12 GMT] [error] [<0.208.0>] httpd 500 error response:
  244. {"error":"{bad_return_value,{os_process_error,{exit_status,133}}}","reason":"{gen_server,call,\n [couch_query_servers,\n {get_proc,{doc,<<\"_design/_auth\">>,\n {1,\n [<<117,239,204,225,240,131,49,109,98,45,56,159,\n 63,152,19,247>>]},\n {[{<<\"language\">>,<<\"javascript\">>},\n {<<\"validate_doc_update\">>,\n <<\"\\n function(newDoc, oldDoc, userCtx, secObj) {\\n if (newDoc._deleted === true) {\\n // allow deletes by admins and matching users\\n // without checking the other fields\\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\\n (userCtx.name == oldDoc.name)) {\\n return;\\n } else {\\n throw({forbidden: 'Only admins may delete other user docs.'});\\n }\\n }\\n\\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\\n throw({forbidden : 'doc.type must be user'});\\n } // we only allow user docs for now\\n\\n if (!newDoc.name) {\\n throw({forbidden: 'doc.name is required'});\\n }\\n\\n if (!newDoc.roles) {\\n throw({forbidden: 'doc.roles must exist'});\\n }\\n\\n if (!isArray(newDoc.roles)) {\\n throw({forbidden: 'doc.roles must be an array'});\\n }\\n\\n for (var idx = 0; idx < newDoc.roles.length; idx++) {\\n if (typeof newDoc.roles[idx] !== 'string') {\\n throw({forbidden: 'doc.roles can only contain strings'});\\n }\\n }\\n\\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\\n throw({\\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\\n });\\n }\\n\\n if (oldDoc) { // validate all updates\\n if (oldDoc.name !== newDoc.name) {\\n throw({forbidden: 'Usernames can not be changed.'});\\n }\\n }\\n\\n if (newDoc.password_sha && !newDoc.salt) {\\n throw({\\n forbidden: 'Users with password_sha must have a salt.' +\\n 'See /_utils/script/couch.js for example code.'\\n });\\n }\\n\\n if (newDoc.password_scheme === \\\"pbkdf2\\\") {\\n if (typeof(newDoc.iterations) !== \\\"number\\\") {\\n throw({forbidden: \\\"iterations must be a number.\\\"});\\n }\\n if (typeof(newDoc.derived_key) !== \\\"string\\\") {\\n throw({forbidden: \\\"derived_key must be a string.\\\"});\\n }\\n }\\n\\n var is_server_or_database_admin = function(userCtx, secObj) {\\n // see if the user is a server admin\\n if(userCtx.roles.indexOf('_admin') !== -1) {\\n return true; // a server admin\\n }\\n\\n // see if the user a database admin specified by name\\n if(secObj && secObj.admins && secObj.admins.names) {\\n if(secObj.admins.names.indexOf(userCtx.name) !== -1) {\\n return true; // database admin\\n }\\n }\\n\\n // see if the user a database admin specified by role\\n if(secObj && secObj.admins && secObj.admins.roles) {\\n var db_roles = secObj.admins.roles;\\n for(var idx = 0; idx < userCtx.roles.length; idx++) {\\n var user_role = userCtx.roles[idx];\\n if(db_roles.indexOf(user_role) !== -1) {\\n return true; // role matches!\\n }\\n }\\n }\\n\\n return false; // default to no admin\\n }\\n\\n if (!is_server_or_database_admin(userCtx, secObj)) {\\n if (oldDoc) { // validate non-admin updates\\n if (userCtx.name !== newDoc.name) {\\n throw({\\n forbidden: 'You may only update your own user document.'\\n });\\n }\\n // validate role updates\\n var oldRoles = oldDoc.roles.sort();\\n var newRoles = newDoc.roles.sort();\\n\\n if (oldRoles.length !== newRoles.length) {\\n throw({forbidden: 'Only _admin may edit roles'});\\n }\\n\\n for (var i = 0; i < oldRoles.length; i++) {\\n if (oldRoles[i] !== newRoles[i]) {\\n throw({forbidden: 'Only _admin may edit roles'});\\n }\\n }\\n } else if (newDoc.roles.length > 0) {\\n throw({forbidden: 'Only _admin may set roles'});\\n }\\n }\\n\\n // no system roles in users db\\n for (var i = 0; i < newDoc.roles.length; i++) {\\n if (newDoc.roles[i][0] === '_') {\\n throw({\\n forbidden:\\n 'No system roles (starting with underscore) in users db.'\\n });\\n }\\n }\\n\\n // no system names as names\\n if (newDoc.name[0] === '_') {\\n throw({forbidden: 'Username may not start with underscore.'});\\n }\\n\\n var badUserNameChars = [':'];\\n\\n for (var i = 0; i < badUserNameChars.length; i++) {\\n if (newDoc.name.indexOf(badUserNameChars[i]) >= 0) {\\n throw({forbidden: 'Character `' + badUserNameChars[i] +\\n '` is not allowed in usernames.'});\\n }\\n }\\n }\\n\">>}]},\n [],false,[]},\n {<<\"_design/_auth\">>,\n <<\"1-75efcce1f083316d622d389f3f9813f7\">>}},\n infinity]}"}
  245.  
  246. [Mon, 20 Oct 2014 22:40:20 GMT] [error] [<0.246.0>] OS Process Error <0.256.0> :: {os_process_error,
  247. {exit_status,133}}
  248. [Mon, 20 Oct 2014 22:40:20 GMT] [error] [<0.246.0>] ** Generic server couch_query_servers terminating
  249. ** Last message in was {get_proc,{doc,<<"_design/_auth">>,
  250. {1,
  251. [<<117,239,204,225,240,131,49,109,98,
  252. 45,56,159,63,152,19,247>>]},
  253. {[{<<"language">>,<<"javascript">>},
  254. {<<"validate_doc_update">>,
  255. <<"\n function(newDoc, oldDoc, userCtx, secObj) {\n if (newDoc._deleted === true) {\n // allow deletes by admins and matching users\n // without checking the other fields\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\n (userCtx.name == oldDoc.name)) {\n return;\n } else {\n throw({forbidden: 'Only admins may delete other user docs.'});\n }\n }\n\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\n throw({forbidden : 'doc.type must be user'});\n } // we only allow user docs for now\n\n if (!newDoc.name) {\n throw({forbidden: 'doc.name is required'});\n }\n\n if (!newDoc.roles) {\n throw({forbidden: 'doc.roles must exist'});\n }\n\n if (!isArray(newDoc.roles)) {\n throw({forbidden: 'doc.roles must be an array'});\n }\n\n for (var idx = 0; idx < newDoc.roles.length; idx++) {\n if (typeof newDoc.roles[idx] !== 'string') {\n throw({forbidden: 'doc.roles can only contain strings'});\n }\n }\n\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\n throw({\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\n });\n }\n\n if (oldDoc) { // validate all updates\n if (oldDoc.name !== newDoc.name) {\n throw({forbidden: 'Usernames can not be changed.'});\n }\n }\n\n if (newDoc.password_sha && !newDoc.salt) {\n throw({\n forbidden: 'Users with password_sha must have a salt.' +\n 'See /_utils/script/couch.js for example code.'\n });\n }\n\n if (newDoc.password_scheme === \"pbkdf2\") {\n if (typeof(newDoc.iterations) !== \"number\") {\n throw({forbidden: \"iterations must be a number.\"});\n }\n if (typeof(newDoc.derived_key) !== \"string\") {\n throw({forbidden: \"derived_key must be a string.\"});\n }\n }\n\n var is_server_or_database_admin = function(userCtx, secObj) {\n // see if the user is a server admin\n if(userCtx.roles.indexOf('_admin') !== -1) {\n return true; // a server admin\n }\n\n // see if the user a database admin specified by name\n if(secObj && secObj.admins && secObj.admins.names) {\n if(secObj.admins.names.indexOf(userCtx.name) !== -1) {\n return true; // database admin\n }\n }\n\n // see if the user a database admin specified by role\n if(secObj && secObj.admins && secObj.admins.roles) {\n var db_roles = secObj.admins.roles;\n for(var idx = 0; idx < userCtx.roles.length; idx++) {\n var user_role = userCtx.roles[idx];\n if(db_roles.indexOf(user_role) !== -1) {\n return true; // role matches!\n }\n }\n }\n\n return false; // default to no admin\n }\n\n if (!is_server_or_database_admin(userCtx, secObj)) {\n if (oldDoc) { // validate non-admin updates\n if (userCtx.name !== newDoc.name) {\n throw({\n forbidden: 'You may only update your own user document.'\n });\n }\n // validate role updates\n var oldRoles = oldDoc.roles.sort();\n var newRoles = newDoc.roles.sort();\n\n if (oldRoles.length !== newRoles.length) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n\n for (var i = 0; i < oldRoles.length; i++) {\n if (oldRoles[i] !== newRoles[i]) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n }\n } else if (newDoc.roles.length > 0) {\n throw({forbidden: 'Only _admin may set roles'});\n }\n }\n\n // no system roles in users db\n for (var i = 0; i < newDoc.roles.length; i++) {\n if (newDoc.roles[i][0] === '_') {\n throw({\n forbidden:\n 'No system roles (starting with underscore) in users db.'\n });\n }\n }\n\n // no system names as names\n if (newDoc.name[0] === '_') {\n throw({forbidden: 'Username may not start with underscore.'});\n }\n\n var badUserNameChars = [':'];\n\n for (var i = 0; i < badUserNameChars.length; i++) {\n if (newDoc.name.indexOf(badUserNameChars[i]) >= 0) {\n throw({forbidden: 'Character `' + badUserNameChars[i] +\n '` is not allowed in usernames.'});\n }\n }\n }\n">>}]},
  256. [],false,[]},
  257. {<<"_design/_auth">>,
  258. <<"1-75efcce1f083316d622d389f3f9813f7">>}}
  259. ** When Server state == {qserver,69668,77862,81959,73765,[],
  260. {[{<<"reduce_limit">>,true},
  261. {<<"timeout">>,5000}]}}
  262. ** Reason for termination ==
  263. ** {bad_return_value,{os_process_error,{exit_status,133}}}
  264.  
  265. [Mon, 20 Oct 2014 22:40:20 GMT] [error] [<0.246.0>] {error_report,<0.30.0>,
  266. {<0.246.0>,crash_report,
  267. [[{initial_call,
  268. {couch_query_servers,init,['Argument__1']}},
  269. {pid,<0.246.0>},
  270. {registered_name,couch_query_servers},
  271. {error_info,
  272. {exit,
  273. {bad_return_value,
  274. {os_process_error,{exit_status,133}}},
  275. [{gen_server,terminate,6,
  276. [{file,"gen_server.erl"},{line,737}]},
  277. {proc_lib,init_p_do_apply,3,
  278. [{file,"proc_lib.erl"},{line,237}]}]}},
  279. {ancestors,
  280. [couch_secondary_services,couch_server_sup,<0.31.0>]},
  281. {messages,
  282. [{'EXIT',<0.256.0>,normal},
  283. {'DOWN',#Ref<0.0.0.1173>,process,<0.256.0>,normal}]},
  284. {links,[<0.90.0>]},
  285. {dictionary,[]},
  286. {trap_exit,true},
  287. {status,running},
  288. {heap_size,1598},
  289. {stack_size,27},
  290. {reductions,3646}],
  291. []]}}
  292. [Mon, 20 Oct 2014 22:40:20 GMT] [error] [<0.90.0>] {error_report,<0.30.0>,
  293. {<0.90.0>,supervisor_report,
  294. [{supervisor,{local,couch_secondary_services}},
  295. {errorContext,child_terminated},
  296. {reason,
  297. {bad_return_value,
  298. {os_process_error,{exit_status,133}}}},
  299. {offender,
  300. [{pid,<0.246.0>},
  301. {name,query_servers},
  302. {mfargs,{couch_query_servers,start_link,[]}},
  303. {restart_type,permanent},
  304. {shutdown,brutal_kill},
  305. {child_type,worker}]}]}}
  306. [Mon, 20 Oct 2014 22:40:20 GMT] [error] [<0.242.0>] Uncaught error in HTTP request: {exit,
  307. {{bad_return_value,
  308. {os_process_error,
  309. {exit_status,133}}},
  310. {gen_server,call,
  311. [couch_query_servers,
  312. {get_proc,
  313. {doc,
  314. <<"_design/_auth">>,
  315. {1,
  316. [<<117,239,204,
  317. 225,240,131,49,
  318. 109,98,45,56,
  319. 159,63,152,19,
  320. 247>>]},
  321. {[{<<"language">>,
  322. <<"javascript">>},
  323. {<<"validate_doc_update">>,
  324. <<"\n function(newDoc, oldDoc, userCtx, secObj) {\n if (newDoc._deleted === true) {\n // allow deletes by admins and matching users\n // without checking the other fields\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\n (userCtx.name == oldDoc.name)) {\n return;\n } else {\n throw({forbidden: 'Only admins may delete other user docs.'});\n }\n }\n\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\n throw({forbidden : 'doc.type must be user'});\n } // we only allow user docs for now\n\n if (!newDoc.name) {\n throw({forbidden: 'doc.name is required'});\n }\n\n if (!newDoc.roles) {\n throw({forbidden: 'doc.roles must exist'});\n }\n\n if (!isArray(newDoc.roles)) {\n throw({forbidden: 'doc.roles must be an array'});\n }\n\n for (var idx = 0; idx < newDoc.roles.length; idx++) {\n if (typeof newDoc.roles[idx] !== 'string') {\n throw({forbidden: 'doc.roles can only contain strings'});\n }\n }\n\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\n throw({\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\n });\n }\n\n if (oldDoc) { // validate all updates\n if (oldDoc.name !== newDoc.name) {\n throw({forbidden: 'Usernames can not be changed.'});\n }\n }\n\n if (newDoc.password_sha && !newDoc.salt) {\n throw({\n forbidden: 'Users with password_sha must have a salt.' +\n 'See /_utils/script/couch.js for example code.'\n });\n }\n\n if (newDoc.password_scheme === \"pbkdf2\") {\n if (typeof(newDoc.iterations) !== \"number\") {\n throw({forbidden: \"iterations must be a number.\"});\n }\n if (typeof(newDoc.derived_key) !== \"string\") {\n throw({forbidden: \"derived_key must be a string.\"});\n }\n }\n\n var is_server_or_database_admin = function(userCtx, secObj) {\n // see if the user is a server admin\n if(userCtx.roles.indexOf('_admin') !== -1) {\n return true; // a server admin\n }\n\n // see if the user a database admin specified by name\n if(secObj && secObj.admins && secObj.admins.names) {\n if(secObj.admins.names.indexOf(userCtx.name) !== -1) {\n return true; // database admin\n }\n }\n\n // see if the user a database admin specified by role\n if(secObj && secObj.admins && secObj.admins.roles) {\n var db_roles = secObj.admins.roles;\n for(var idx = 0; idx < userCtx.roles.length; idx++) {\n var user_role = userCtx.roles[idx];\n if(db_roles.indexOf(user_role) !== -1) {\n return true; // role matches!\n }\n }\n }\n\n return false; // default to no admin\n }\n\n if (!is_server_or_database_admin(userCtx, secObj)) {\n if (oldDoc) { // validate non-admin updates\n if (userCtx.name !== newDoc.name) {\n throw({\n forbidden: 'You may only update your own user document.'\n });\n }\n // validate role updates\n var oldRoles = oldDoc.roles.sort();\n var newRoles = newDoc.roles.sort();\n\n if (oldRoles.length !== newRoles.length) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n\n for (var i = 0; i < oldRoles.length; i++) {\n if (oldRoles[i] !== newRoles[i]) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n }\n } else if (newDoc.roles.length > 0) {\n throw({forbidden: 'Only _admin may set roles'});\n }\n }\n\n // no system roles in users db\n for (var i = 0; i < newDoc.roles.length; i++) {\n if (newDoc.roles[i][0] === '_') {\n throw({\n forbidden:\n 'No system roles (starting with underscore) in users db.'\n });\n }\n }\n\n // no system names as names\n if (newDoc.name[0] === '_') {\n throw({forbidden: 'Username may not start with underscore.'});\n }\n\n var badUserNameChars = [':'];\n\n for (var i = 0; i < badUserNameChars.length; i++) {\n if (newDoc.name.indexOf(badUserNameChars[i]) >= 0) {\n throw({forbidden: 'Character `' + badUserNameChars[i] +\n '` is not allowed in usernames.'});\n }\n }\n }\n">>}]},
  325. [],false,[]},
  326. {<<"_design/_auth">>,
  327. <<"1-75efcce1f083316d622d389f3f9813f7">>}},
  328. infinity]}}}
  329. [Mon, 20 Oct 2014 22:40:20 GMT] [info] [<0.242.0>] Stacktrace: [{gen_server,call,3,
  330. [{file,"gen_server.erl"},{line,190}]},
  331. {couch_query_servers,get_ddoc_process,2,
  332. [{file,"couch_query_servers.erl"},
  333. {line,547}]},
  334. {couch_query_servers,with_ddoc_proc,2,
  335. [{file,"couch_query_servers.erl"},
  336. {line,268}]},
  337. {couch_query_servers,validate_doc_update,5,
  338. [{file,"couch_query_servers.erl"},
  339. {line,227}]},
  340. {couch_db,
  341. '-validate_doc_update/3-lc$^0/1-0-',5,
  342. [{file,"couch_db.erl"},{line,473}]},
  343. {couch_db,validate_doc_update,3,
  344. [{file,"couch_db.erl"},{line,473}]},
  345. {couch_db,
  346. '-prep_and_validate_updates/6-fun-1-',3,
  347. [{file,"couch_db.erl"},{line,532}]},
  348. {lists,foldl,3,
  349. [{file,"lists.erl"},{line,1261}]}]
  350. [Mon, 20 Oct 2014 22:40:20 GMT] [info] [<0.242.0>] 127.0.0.1 - - PUT /_users/org.couchdb.user%3Auser%2Ftest 500
  351. [Mon, 20 Oct 2014 22:40:20 GMT] [error] [<0.242.0>] httpd 500 error response:
  352. {"error":"{bad_return_value,{os_process_error,{exit_status,133}}}","reason":"{gen_server,call,\n [couch_query_servers,\n {get_proc,{doc,<<\"_design/_auth\">>,\n {1,\n [<<117,239,204,225,240,131,49,109,98,45,56,159,\n 63,152,19,247>>]},\n {[{<<\"language\">>,<<\"javascript\">>},\n {<<\"validate_doc_update\">>,\n <<\"\\n function(newDoc, oldDoc, userCtx, secObj) {\\n if (newDoc._deleted === true) {\\n // allow deletes by admins and matching users\\n // without checking the other fields\\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\\n (userCtx.name == oldDoc.name)) {\\n return;\\n } else {\\n throw({forbidden: 'Only admins may delete other user docs.'});\\n }\\n }\\n\\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\\n throw({forbidden : 'doc.type must be user'});\\n } // we only allow user docs for now\\n\\n if (!newDoc.name) {\\n throw({forbidden: 'doc.name is required'});\\n }\\n\\n if (!newDoc.roles) {\\n throw({forbidden: 'doc.roles must exist'});\\n }\\n\\n if (!isArray(newDoc.roles)) {\\n throw({forbidden: 'doc.roles must be an array'});\\n }\\n\\n for (var idx = 0; idx < newDoc.roles.length; idx++) {\\n if (typeof newDoc.roles[idx] !== 'string') {\\n throw({forbidden: 'doc.roles can only contain strings'});\\n }\\n }\\n\\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\\n throw({\\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\\n });\\n }\\n\\n if (oldDoc) { // validate all updates\\n if (oldDoc.name !== newDoc.name) {\\n throw({forbidden: 'Usernames can not be changed.'});\\n }\\n }\\n\\n if (newDoc.password_sha && !newDoc.salt) {\\n throw({\\n forbidden: 'Users with password_sha must have a salt.' +\\n 'See /_utils/script/couch.js for example code.'\\n });\\n }\\n\\n if (newDoc.password_scheme === \\\"pbkdf2\\\") {\\n if (typeof(newDoc.iterations) !== \\\"number\\\") {\\n throw({forbidden: \\\"iterations must be a number.\\\"});\\n }\\n if (typeof(newDoc.derived_key) !== \\\"string\\\") {\\n throw({forbidden: \\\"derived_key must be a string.\\\"});\\n }\\n }\\n\\n var is_server_or_database_admin = function(userCtx, secObj) {\\n // see if the user is a server admin\\n if(userCtx.roles.indexOf('_admin') !== -1) {\\n return true; // a server admin\\n }\\n\\n // see if the user a database admin specified by name\\n if(secObj && secObj.admins && secObj.admins.names) {\\n if(secObj.admins.names.indexOf(userCtx.name) !== -1) {\\n return true; // database admin\\n }\\n }\\n\\n // see if the user a database admin specified by role\\n if(secObj && secObj.admins && secObj.admins.roles) {\\n var db_roles = secObj.admins.roles;\\n for(var idx = 0; idx < userCtx.roles.length; idx++) {\\n var user_role = userCtx.roles[idx];\\n if(db_roles.indexOf(user_role) !== -1) {\\n return true; // role matches!\\n }\\n }\\n }\\n\\n return false; // default to no admin\\n }\\n\\n if (!is_server_or_database_admin(userCtx, secObj)) {\\n if (oldDoc) { // validate non-admin updates\\n if (userCtx.name !== newDoc.name) {\\n throw({\\n forbidden: 'You may only update your own user document.'\\n });\\n }\\n // validate role updates\\n var oldRoles = oldDoc.roles.sort();\\n var newRoles = newDoc.roles.sort();\\n\\n if (oldRoles.length !== newRoles.length) {\\n throw({forbidden: 'Only _admin may edit roles'});\\n }\\n\\n for (var i = 0; i < oldRoles.length; i++) {\\n if (oldRoles[i] !== newRoles[i]) {\\n throw({forbidden: 'Only _admin may edit roles'});\\n }\\n }\\n } else if (newDoc.roles.length > 0) {\\n throw({forbidden: 'Only _admin may set roles'});\\n }\\n }\\n\\n // no system roles in users db\\n for (var i = 0; i < newDoc.roles.length; i++) {\\n if (newDoc.roles[i][0] === '_') {\\n throw({\\n forbidden:\\n 'No system roles (starting with underscore) in users db.'\\n });\\n }\\n }\\n\\n // no system names as names\\n if (newDoc.name[0] === '_') {\\n throw({forbidden: 'Username may not start with underscore.'});\\n }\\n\\n var badUserNameChars = [':'];\\n\\n for (var i = 0; i < badUserNameChars.length; i++) {\\n if (newDoc.name.indexOf(badUserNameChars[i]) >= 0) {\\n throw({forbidden: 'Character `' + badUserNameChars[i] +\\n '` is not allowed in usernames.'});\\n }\\n }\\n }\\n\">>}]},\n [],false,[]},\n {<<\"_design/_auth\">>,\n <<\"1-75efcce1f083316d622d389f3f9813f7\">>}},\n infinity]}"}
  353.  
  354. [Mon, 20 Oct 2014 22:40:34 GMT] [info] [<0.189.0>] 127.0.0.1 - - GET /?hoodieId=2p2lfhr 200
  355. [Mon, 20 Oct 2014 22:41:04 GMT] [info] [<0.276.0>] 127.0.0.1 - - GET /?hoodieId=2p2lfhr 200
  356. [Mon, 20 Oct 2014 22:41:34 GMT] [info] [<0.187.0>] 127.0.0.1 - - GET /?hoodieId=2p2lfhr 200
  357. [Mon, 20 Oct 2014 22:42:04 GMT] [info] [<0.188.0>] 127.0.0.1 - - GET /?hoodieId=2p2lfhr 200
  358. [Mon, 20 Oct 2014 22:42:35 GMT] [info] [<0.196.0>] 127.0.0.1 - - GET /?hoodieId=2p2lfhr 200
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!