Skip to content

Instantly share code, notes, and snippets.

@rnewson
rnewson / rfc3394.erl
Created January 23, 2017 23:00
RFC 3394 key wrapping in erlang
% Licensed under the Apache License, Version 2.0 (the "License"); you may not
% use this file except in compliance with the License. You may obtain a copy of
% the License at
%
% http://www.apache.org/licenses/LICENSE-2.0
%
% Unless required by applicable law or agreed to in writing, software
% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
% License for the specific language governing permissions and limitations under
["ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA384", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-GCM-SHA384", "AES128-SHA256", "AES128-SHA", "AES256-SHA256", "AES256-SHA"]
commit e980bb7459865abcb47067b8daed49953704f4fc
Author: Robert Newson <rnewson@apache.org>
Date: Tue Jun 14 11:59:09 2016 +0100
Build small container for single node
diff --git a/Dockerfile.build b/Dockerfile.build
new file mode 100644
index 0000000..28a9ba5
--- /dev/null
; everyone
➜ ~ curl foo:bar@localhost:15984/db1/_security; curl foo:bar@localhost:15986/db1/_security
{}
{}
; admin_only
➜ ~ curl foo:bar@localhost:15984/db1/_security; curl foo:bar@localhost:15986/db1/_security
{"members":{"roles":["_admin"]},"admins":{"roles":["_admin"]}}
{"members":{"roles":["_admin"]},"admins":{"roles":["_admin"]}}
@rnewson
rnewson / blah.diff
Created May 10, 2016 18:52
Optionally allow admin_only security object by default
diff --git a/src/couch_db_updater.erl b/src/couch_db_updater.erl
index 813161a..8639db2 100644
--- a/src/couch_db_updater.erl
+++ b/src/couch_db_updater.erl
@@ -570,7 +570,7 @@ init_db(DbName, Filepath, Fd, Header0, Options) ->
[{compression, Compression}]),
case couch_db_header:security_ptr(Header) of
nil ->
- Security = [],
+ Security = default_security_object(),
@rnewson
rnewson / tls_dist.diff
Created March 26, 2016 17:03
Use TLS for erlang distribution (RSA or ECC)
commit eb3560777d70049fb86ef21d09856e3afbb7fdf7
Author: Robert Newson <rnewson@apache.org>
Date: 2016-03-26 16:42:48 +0000
Use TLS for erlang distribution
diff --git a/Makefile b/Makefile
index cefc5da..04eb284 100644
--- a/Makefile
+++ b/Makefile
@rnewson
rnewson / no-party.diff
Created December 18, 2015 12:56
refuse to bind non-locally if there's no admin user
index ef89873..74a0964 100644
--- a/src/couch_httpd.erl
+++ b/src/couch_httpd.erl
@@ -1103,13 +1103,43 @@ check_for_last(#mp{buffer=Buffer, data_fun=DataFun}=Mp) ->
data_fun = DataFun2})
end.
-validate_bind_address(any) -> ok;
+validate_bind_address(any) ->
+ assert_admins_if_remote({0,0,0,0});
@rnewson
rnewson / couch_replicator.diff
Created September 30, 2015 11:12
Making SHA-2 ssl replication work in R14B01
diff --git a/src/couch_replicator_httpc.erl b/src/couch_replicator_httpc.erl
index 4b609a6..e4efb39 100644
--- a/src/couch_replicator_httpc.erl
+++ b/src/couch_replicator_httpc.erl
@@ -94,6 +94,7 @@ send_ibrowse_req(#httpdb{headers = BaseHeaders} = HttpDb, Params) ->
end,
{ok, Worker} = couch_replicator_httpc_pool:get_worker(HttpDb#httpdb.httpc_pool),
IbrowseOptions = [
+ {socket_options, [{ssl_imp, old}]},
{response_format, binary}, {inactivity_timeout, HttpDb#httpdb.timeout} |
validate_view(Language, VName, {Views}) ->
case {Language, couch_util:get_value(<<"map">>, Views)} of
{<<"query">>, {[_ | _]}} ->
ok;
{_, MapVal} when is_binary(MapVal) ->
ok;
@rnewson
rnewson / keymerge.diff
Last active September 17, 2015 11:41
use lists:keymerge
diff --git a/src/couch_httpd.erl b/src/couch_httpd.erl
index d1e9447..db447cb 100644
--- a/src/couch_httpd.erl
+++ b/src/couch_httpd.erl
@@ -770,16 +770,10 @@ end_json_response(Resp) ->
maybe_add_default_headers(ForRequest, ToHeaders) ->
DefaultHeaders = [
- {"Content-Type", negotiate_content_type(ForRequest)},
- {"Cache-Control", "must-revalidate"}