Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-48251

Audit log not updating for invalid credentials for view

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Cannot Reproduce
    • 7.0.2
    • 7.1.0
    • view-engine
    • None

    Description

      Build 7.0.2-6611

      Ran below curl command with wrong credentials

      curl -s -XGET http://Administrator:passwor@10.112.206.101:8092/travel-sample/_design/dev_1/_view/myView

      Audit log is not updated with wrong credentials information.

       

      {"bucket":"travel-sample","description":"The specified bucket was selected","id":20492,"local":\{"ip":"127.0.0.1","port":11209}

      ,"name":"select bucket","real_userid":{"domain":"local","user":"@ns_server"},"remote":{"ip":"127.0.0.1","port":60270},"timestamp":"2021-08-31T03:57:04.954981-07:00"}

      {"bucket":"travel-sample","description":"The specified bucket was selected","id":20492,"local":\{"ip":"127.0.0.1","port":11209}

      ,"name":"select bucket","real_userid":{"domain":"local","user":"@ns_server"},"remote":{"ip":"127.0.0.1","port":60270},"timestamp":"2021-08-31T03:57:05.829367-07:00"}

       

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          ankit.prabhu Ankit Prabhu added a comment - - edited

          couch_audit register itself to receive what all events to audit from couch_config. Looking at couch_config structure, couch_audit is not registered with it.

          [{backtrace,
                     [<<"Program counter: 0x00007f1bb7cd98b8 (gen_server:loop/7 + 456)">>,
                      <<"CP: 0x0000000000000000 (invalid)">>,<<>>,
                      <<"0x00007f1b86dd61c0 Return addr 0x00007f1bb7cf2d60 (proc_lib:init_p_do_apply/3 + 64)">>,
                      <<"y(0)     []">>,<<"y(1)     infinity">>,
                      <<"y(2)     couch_config">>,
                      <<"(3)     {config,[{<0.7913.3>,#Fun<couch_config.2.35085178>},{<0.7911.3>,#Fun<couch_config.3.35085178>},{<0.7907.3>,#Fun<">>,
                      <<"y(4)     couch_config">>,<<"y(5)     <0.213.0>">>,<<>>,
                      <<"0x00007f1b86dd61f8 Return addr 0x0000000000986fa8 (<terminate process normally>)">>,
                      <<"y(0)     []">>,<<"y(1)     []">>,
                      <<"y(2)     Catch 0x00007f1bb7cf2d70 (proc_lib:init_p_do_apply/3 + 80)">>,
                      <<>>]},
                 {messages,[]},
                 {dictionary,
                     [{'$ancestors',
                          [couch_server_sup,cb_couch_sup,ns_couchdb_sup,<14820.86.0>]},
                      {'$initial_call',{couch_config,init,1}}]},

           couch_audit structure with no monitored_by.

           [{backtrace,
                     [<<"Program counter: 0x00007f1bb7cd98b8 (gen_server:loop/7 + 456)">>,
                      <<"CP: 0x0000000000000000 (invalid)">>,<<>>,
                      <<"0x00007f1b86d24ab8 Return addr 0x00007f1bb7cf2d60 (proc_lib:init_p_do_apply/3 + 64)">>,
                      <<"y(0)     []">>,<<"y(1)     infinity">>,
                      <<"y(2)     couch_audit">>,
                      <<"y(3)     {state,false,[],[],#Port<0.15>,{[],[]}}">>,
                      <<"y(4)     couch_audit">>,<<"y(5)     <0.265.0>">>,<<>>,
                      <<"0x00007f1b86d24af0 Return addr 0x0000000000986fa8 (<terminate process normally>)">>,
                      <<"y(0)     []">>,<<"y(1)     []">>,
                      <<"y(2)     Catch 0x00007f1bb7cf2d70 (proc_lib:init_p_do_apply/3 + 80)">>,
                      <<>>]},
                 {messages,[]},
                 {dictionary,
                     [{'$ancestors',[couch_audit_sup,<14820.264.0>]},
                      {'$initial_call',{couch_audit,init,1}}]},
                 {registered_name,couch_audit},
                 {status,waiting},
                 {initial_call,{proc_lib,init_p,5}},
                 {error_handler,error_handler},
                 {garbage_collection,
                     [{max_heap_size,#{error_logger => true,kill => true,size => 0}},
                      {min_bin_vheap_size,46422},
                      {min_heap_size,233},
                      {fullsweep_after,512},
                      {minor_gcs,115}]},
                 {garbage_collection_info,
                     [{old_heap_block_size,10958},
                      {heap_block_size,4185},
                      {mbuf_size,0},
                      {recent_size,1245},
                      {stack_size,11},
                      {old_heap_size,21},
                      {heap_size,1248},
                      {bin_vheap_size,0},
                      {bin_vheap_block_size,46422},
                      {bin_old_vheap_size,0},
                      {bin_old_vheap_block_size,46422}]},
                 {links,[<14820.265.0>,#Port<14820.15>]},
                 {monitors,[]},
                 {monitored_by,[]},

          Server started at 2021-08-30T22:04:32.114 

          [error_logger:info,2021-08-30T22:04:32.114-07:00,couchdb_ns_1@cb.local:cb_couch_sup<0.163.0>:ale_error_logger_handler:do_log:101]Apache CouchDB has started on http://127.0.0.1:8092/

          There is an error saying wrong CA

          [error_logger:info,2021-08-30T22:27:09.310-07:00,ns_1@10.112.206.101:<0.28717.24>:ale_error_logger_handler:do_log:101]
          =========================NOTICE REPORT=========================
          TLS server: In state certify received CLIENT ALERT: Fatal - Unknown CA
           
           
          [error_logger:error,2021-08-30T22:27:09.311-07:00,ns_1@10.112.206.101:<0.28602.24>:ale_error_logger_handler:do_log:101]
          =========================ERROR REPORT=========================
              application: mochiweb
              accept_error: {error,{tls_alert,{unknown_ca,"TLS server: In state certify received CLIENT ALERT: Fatal - Unknown CA\n"}}}
          [error_logger:error,2021-08-30T22:27:09.311-07:00,ns_1@10.112.206.101:<0.28602.24>:ale_error_logger_handler:do_log:101]
          =========================CRASH REPORT=========================
            crasher:
              initial call: mochiweb_acceptor:init/4
              pid: <0.28602.24>
              registered_name: []
              exception exit: {error,accept_failed}
                in function  mochiweb_acceptor:init/4 (/home/couchbase/jenkins/workspace/couchbase-server-unix/couchdb/src/mochiweb/mochiweb_acceptor.erl, line 76)
              ancestors: [menelaus_web_ssl_ipv4,<0.27269.18>,<0.285.0>,
                            ns_ssl_services_sup,ns_server_nodes_sup,<0.260.0>,
                            ns_server_cluster_sup,root_sup,<0.140.0>]
              message_queue_len: 0
              messages: []
              links: [<0.27268.18>]
              dictionary: []
              trap_exit: false
              status: running
              heap_size: 2586
              stack_size: 27
              reductions: 6178
            neighbours:

          which resulted in the killing of couch_config process and it respawned but didn't register couch_audit. And when auditing is turned on couch_audit didn't receive any notification of new settings and ignored all the events. 

          [error_logger:error,2021-08-30T22:27:09.970-07:00,couchdb_ns_1@cb.local:cb_config_couch_sync<0.7520.0>:ale_error_logger_handler:do_log:101]
          =========================ERROR REPORT=========================
          ** Generic server cb_config_couch_sync terminating
          ** Last message in was {notable_change,cluster_encryption_level}
          ** When Server state == {state}
          ** Reason for termination ==
          ** {{killed,{gen_server,call,
                                  [couch_config,
                                   {set,"httpd","ip6_bind_address","::",true}]}},
              [{gen_server,call,2,[{file,"gen_server.erl"},{line,215}]},
               {cb_config_couch_sync,apply_to_couch_config,4,
                                     [{file,"src/cb_config_couch_sync.erl"},{line,119}]},
               {cb_config_couch_sync,handle_info,2,
                                     [{file,"src/cb_config_couch_sync.erl"},{line,65}]},
               {gen_server,try_dispatch,4,[{file,"gen_server.erl"},{line,637}]},
               {gen_server,handle_msg,6,[{file,"gen_server.erl"},{line,711}]},
               {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,249}]}]}

          Workaround:

          Stop and start couch_audit process

          curl -X POST -u [user]:[password] http://host:8091/diag/eval -d 'rpc:call(ns_node_disco:couchdb_node(), erlang, apply, [fun () -> application:stop(couch_audit) end,[]])'
           
          curl -X POST -u [user]:[password] http://host:8091/diag/eval -d 'rpc:call(ns_node_disco:couchdb_node(), erlang, apply, [fun () -> application:start(couch_audit) end,[]])'

          ankit.prabhu Ankit Prabhu added a comment - - edited couch_audit register itself to receive what all events to audit from couch_config. Looking at couch_config structure, couch_audit is not registered with it. [{backtrace,            [<<"Program counter: 0x00007f1bb7cd98b8 (gen_server:loop/7 + 456)">>,             <<"CP: 0x0000000000000000 (invalid)">>,<<>>,             <<"0x00007f1b86dd61c0 Return addr 0x00007f1bb7cf2d60 (proc_lib:init_p_do_apply/3 + 64)">>,             <<"y(0)     []">>,<<"y(1)     infinity">>,             <<"y(2)     couch_config">>,             <<"(3)     {config,[{<0.7913.3>,#Fun<couch_config.2.35085178>},{<0.7911.3>,#Fun<couch_config.3.35085178>},{<0.7907.3>,#Fun<">>,             <<"y(4)     couch_config">>,<<"y(5)     <0.213.0>">>,<<>>,             <<"0x00007f1b86dd61f8 Return addr 0x0000000000986fa8 (<terminate process normally>)">>,             <<"y(0)     []">>,<<"y(1)     []">>,             <<"y(2)     Catch 0x00007f1bb7cf2d70 (proc_lib:init_p_do_apply/3 + 80)">>,             <<>>]},        {messages,[]},        {dictionary,            [{'$ancestors',                 [couch_server_sup,cb_couch_sup,ns_couchdb_sup,<14820.86.0>]},             {'$initial_call',{couch_config,init,1}}]},  couch_audit structure with no monitored_by. [{backtrace,            [<<"Program counter: 0x00007f1bb7cd98b8 (gen_server:loop/7 + 456)">>,             <<"CP: 0x0000000000000000 (invalid)">>,<<>>,             <<"0x00007f1b86d24ab8 Return addr 0x00007f1bb7cf2d60 (proc_lib:init_p_do_apply/3 + 64)">>,             <<"y(0)     []">>,<<"y(1)     infinity">>,             <<"y(2)     couch_audit">>,             <<"y(3)     {state,false,[],[],#Port<0.15>,{[],[]}}">>,             <<"y(4)     couch_audit">>,<<"y(5)     <0.265.0>">>,<<>>,             <<"0x00007f1b86d24af0 Return addr 0x0000000000986fa8 (<terminate process normally>)">>,             <<"y(0)     []">>,<<"y(1)     []">>,             <<"y(2)     Catch 0x00007f1bb7cf2d70 (proc_lib:init_p_do_apply/3 + 80)">>,             <<>>]},        {messages,[]},        {dictionary,            [{'$ancestors',[couch_audit_sup,<14820.264.0>]},             {'$initial_call',{couch_audit,init,1}}]},        {registered_name,couch_audit},        {status,waiting},        {initial_call,{proc_lib,init_p,5}},        {error_handler,error_handler},        {garbage_collection,            [{max_heap_size,#{error_logger => true,kill => true,size => 0}},             {min_bin_vheap_size,46422},             {min_heap_size,233},             {fullsweep_after,512},             {minor_gcs,115}]},        {garbage_collection_info,            [{old_heap_block_size,10958},             {heap_block_size,4185},             {mbuf_size,0},             {recent_size,1245},             {stack_size,11},             {old_heap_size,21},             {heap_size,1248},             {bin_vheap_size,0},             {bin_vheap_block_size,46422},             {bin_old_vheap_size,0},             {bin_old_vheap_block_size,46422}]},        {links,[<14820.265.0>,#Port<14820.15>]},        {monitors,[]},        {monitored_by,[]}, Server started at 2021-08-30T22:04:32.114  [error_logger:info,2021-08-30T22:04:32.114-07:00,couchdb_ns_1@cb.local:cb_couch_sup<0.163.0>:ale_error_logger_handler:do_log:101]Apache CouchDB has started on http://127.0.0.1:8092/ There is an error saying wrong CA [error_logger:info,2021-08-30T22:27:09.310-07:00,ns_1@10.112.206.101:<0.28717.24>:ale_error_logger_handler:do_log:101] =========================NOTICE REPORT========================= TLS server: In state certify received CLIENT ALERT: Fatal - Unknown CA     [error_logger:error,2021-08-30T22:27:09.311-07:00,ns_1@10.112.206.101:<0.28602.24>:ale_error_logger_handler:do_log:101] =========================ERROR REPORT=========================     application: mochiweb     accept_error: {error,{tls_alert,{unknown_ca,"TLS server: In state certify received CLIENT ALERT: Fatal - Unknown CA\n"}}} [error_logger:error,2021-08-30T22:27:09.311-07:00,ns_1@10.112.206.101:<0.28602.24>:ale_error_logger_handler:do_log:101] =========================CRASH REPORT=========================   crasher:     initial call: mochiweb_acceptor:init/4     pid: <0.28602.24>     registered_name: []     exception exit: {error,accept_failed}       in function  mochiweb_acceptor:init/4 (/home/couchbase/jenkins/workspace/couchbase-server-unix/couchdb/src/mochiweb/mochiweb_acceptor.erl, line 76)     ancestors: [menelaus_web_ssl_ipv4,<0.27269.18>,<0.285.0>,                   ns_ssl_services_sup,ns_server_nodes_sup,<0.260.0>,                   ns_server_cluster_sup,root_sup,<0.140.0>]     message_queue_len: 0     messages: []     links: [<0.27268.18>]     dictionary: []     trap_exit: false     status: running     heap_size: 2586     stack_size: 27     reductions: 6178   neighbours: which resulted in the killing of couch_config process and it respawned but didn't register couch_audit. And when auditing is turned on couch_audit didn't receive any notification of new settings and ignored all the events.  [error_logger:error,2021-08-30T22:27:09.970-07:00,couchdb_ns_1@cb.local:cb_config_couch_sync<0.7520.0>:ale_error_logger_handler:do_log:101] =========================ERROR REPORT========================= ** Generic server cb_config_couch_sync terminating ** Last message in was {notable_change,cluster_encryption_level} ** When Server state == {state} ** Reason for termination == ** {{killed,{gen_server,call,                         [couch_config,                          {set,"httpd","ip6_bind_address","::",true}]}},     [{gen_server,call,2,[{file,"gen_server.erl"},{line,215}]},      {cb_config_couch_sync,apply_to_couch_config,4,                            [{file,"src/cb_config_couch_sync.erl"},{line,119}]},      {cb_config_couch_sync,handle_info,2,                            [{file,"src/cb_config_couch_sync.erl"},{line,65}]},      {gen_server,try_dispatch,4,[{file,"gen_server.erl"},{line,637}]},      {gen_server,handle_msg,6,[{file,"gen_server.erl"},{line,711}]},      {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,249}]}]} Workaround: Stop and start couch_audit process curl -X POST -u [user]:[password] http://host:8091/diag/eval -d 'rpc:call(ns_node_disco:couchdb_node(), erlang, apply, [fun () -> application:stop(couch_audit) end,[]])'   curl -X POST -u [user]:[password] http://host:8091/diag/eval -d 'rpc:call(ns_node_disco:couchdb_node(), erlang, apply, [fun () -> application:start(couch_audit) end,[]])'

          I tried to reproduce this issue several times. Not able to reproduce it.

          It's a negative scenario, So moving this to Neo.

          ankit.prabhu Ankit Prabhu added a comment - I tried to reproduce this issue several times. Not able to reproduce it. It's a negative scenario, So moving this to Neo.
          jeelan.poola Jeelan Poola added a comment -

          Chanabasappa Ghali Are you able to reproduce this in Neo builds? Ankit tried a lot without any success. Thanks!

          jeelan.poola Jeelan Poola added a comment - Chanabasappa Ghali Are you able to reproduce this in Neo builds? Ankit tried a lot without any success. Thanks!

          Checked with latest build 7.1.0-1745. Issue is not observed.

          chanabasappa.ghali Chanabasappa Ghali added a comment - Checked with latest build 7.1.0-1745. Issue is not observed.

          People

            ankit.prabhu Ankit Prabhu
            chanabasappa.ghali Chanabasappa Ghali
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty