MB-52995 Don't start erlang node when passing password to...

timofey-barmin · timofey-barmin · commit 03c82f60c10d · 2022-09-19T23:46:54.000Z
... babysitter Change-Id: I8db0a28cbc30f5919e05b43f62d75fd9602cc130 Reviewed-on: https://review.couchbase.org/c/couchbase-cli/+/179389 Tested-by: Build Bot <build@couchbase.com> Reviewed-by: James Lee <james.lee@couchbase.com>
diff --git a/cbmgr.py b/cbmgr.py
@@ -8,6 +8,7 @@
 import platform
 import random
 import re
+import socket
 import string
 import subprocess
 import sys
@@ -1681,55 +1682,47 @@ def __init__(self):
 
     def execute(self, opts):
         if opts.send_password is not None:
-            path = [CB_BIN_PATH, os.environ['PATH']]
-            if os.name == 'posix':
-                os.environ['PATH'] = ':'.join(path)
-            else:
-                os.environ['PATH'] = ';'.join(path)
-
-            cookiefile = os.path.join(opts.config_path, "couchbase-server.babysitter.cookie")
-            if not os.path.isfile(cookiefile):
+            portfile = os.path.join(opts.config_path, "couchbase-server.babysitter.smport")
+            if not os.path.isfile(portfile):
                 _exit_if_errors(["The node is down"])
-            cookie = _exit_on_file_read_failure(cookiefile, "Insufficient privileges to send master password - Please"
-                                                            " execute this command as a operating system user who has"
-                                                            " file system read permission on the Couchbase Server "
-                                                            " configuration").rstrip()
-
-            nodefile = os.path.join(opts.config_path, "couchbase-server.babysitter.node")
-            node = _exit_on_file_read_failure(nodefile).rstrip()
-
-            self.prompt_for_master_pwd(node, cookie, opts.send_password, opts.config_path)
+            familyport = _exit_on_file_read_failure(
+                portfile, "Insufficient privileges to send master password - Please"
+                " execute this command as an operating system user who has"
+                " file system read permission on the Couchbase Server "
+                " configuration").rstrip()
+            [afamilystr, portstr] = familyport.split()
+            port = int(portstr)
+            afamily = socket.AF_INET6 if afamilystr == "inet6" else socket.AF_INET
+            self.prompt_for_master_pwd(afamily, port, opts.send_password)
         else:
             _exit_if_errors(["No parameters set"])
 
-    def prompt_for_master_pwd(self, node, cookie, password, cb_cfg_path):
-        dist_cfg_file = os.path.join(cb_cfg_path, "config", "dist_cfg")
-
+    def prompt_for_master_pwd(self, afamily, port, password):
         if password == '':
             password = getpass.getpass("\nEnter master password:")
 
-        name = 'executioner@cb.local'
-        args = ['-pa', CB_NS_EBIN_PATH, CB_BABYSITTER_EBIN_PATH, '-noinput', '-name', name, '-proto_dist', 'cb',
-                '-eval', 'erlang:set_cookie(node(), list_to_atom(os:getenv("CB_COOKIE"))).', '-epmd_module', 'cb_epmd',
-                '-kernel'] + CB_INETRC_OPT + \
-            ['dist_config_file', f'"{dist_cfg_file}"', '-run', 'encryption_service',
-             'remote_set_password', node]
-
-        rc, out, err = self.run_process("erl", args, extra_env={'SETPASSWORD': password, 'CB_COOKIE': cookie})
-
-        if rc == 0:
+        sock = socket.socket(afamily, socket.SOCK_DGRAM)
+        try:
+            sock.settimeout(5)
+            addr = "::1" if afamily == socket.AF_INET6 else "127.0.0.1"
+            sock.sendto(password.encode('utf-8'), (addr, port))
+            (result, _) = sock.recvfrom(128)
+        except socket.timeout:
+            result = b'timeout'
+        finally:
+            sock.close()
+
+        if result == b'ok':
             print("SUCCESS: Password accepted. Node started booting.")
-        elif rc == 101:
+        elif result == b'retry':
             print("Incorrect password.")
-            self.prompt_for_master_pwd(node, cookie, '', cb_cfg_path)
-        elif rc == 102:
-            _exit_if_errors(["Password was already supplied"])
-        elif rc == 103:
-            _exit_if_errors(["The node is down"])
-        elif rc == 104:
+            self.prompt_for_master_pwd(afamily, port, '')
+        elif result == b'timeout':
+            _exit_if_errors(["Timeout"])
+        elif result == b'auth_failure':
             _exit_if_errors(["Incorrect password. Node shuts down."])
         else:
-            _exit_if_errors([f'Unknown error: {rc} {out}, {err}'])
+            _exit_if_errors([f'Unknown error: {result}'])
 
     def run_process(self, name, args, extra_env=None):
         try:
diff --git a/test/test_cli.py b/test/test_cli.py
@@ -2,8 +2,10 @@
 that validates input correctly"""
 import json
 import os
+import socket
 import sys
 import tempfile
+import threading
 import unittest
 import urllib
 from argparse import Namespace
@@ -1867,22 +1869,55 @@ def test_get_group_no_group_name(self):
 class TestMasterPassword(CommandTest):
     def setUp(self):
         self.command = ['couchbase-cli', 'master-password']
-        self.cmd_args = ['--config-path', '.', '--send-password', 'password']
+        self.cmd_args = ['--config-path', '.', '--send-password', 'asdasd']
         self.server_args = {}
         super(TestMasterPassword, self).setUp()
 
-    def test_missing_cookie(self):
+    def test_missing_portfile(self):
         self.system_exit_run(self.command + self.cmd_args, self.server_args)
         self.assertIn('The node is down', self.str_output)
 
-    def test_cannot_read_cookie(self):
-        cookie = open("couchbase-server.babysitter.cookie", "x")
-        cookie.write("cookie-monster")
-        cookie.close()
-        os.chmod(cookie.name, 0000)
-        self.system_exit_run(self.command + self.cmd_args, self.server_args)
-        os.remove(cookie.name)
-        self.assertIn('ERROR: Insufficient privileges', self.str_output)
+    def test_cannot_read_port(self):
+        portfile = open('couchbase-server.babysitter.smport', 'x')
+        try:
+            portfile.write('inet 12345')
+            portfile.close()
+            os.chmod(portfile.name, 0000)
+            self.system_exit_run(self.command + self.cmd_args, self.server_args)
+            self.assertIn('ERROR: Insufficient privileges', self.str_output)
+        finally:
+            os.remove(portfile.name)
+
+    def test_succ_cmd_ipv4(self):
+        self.succ_cmd(socket.AF_INET)
+
+    def test_succ_cmd_ipv6(self):
+        self.succ_cmd(socket.AF_INET6)
+
+    def succ_cmd(self, addrFamily):
+        with socket.socket(addrFamily, socket.SOCK_DGRAM) as sock:
+            sock.bind(('', 0))
+            port = sock.getsockname()[1]
+            portfile = open('couchbase-server.babysitter.smport', 'x')
+            try:
+                addrFamilyStr = 'inet' if addrFamily == socket.AF_INET else "inet6"
+                portfile.write(addrFamilyStr + ' ' + str(port))
+                portfile.close()
+
+                thread = threading.Thread(target=read_password, args=(sock,))
+                thread.start()
+
+                self.no_error_run(self.command + self.cmd_args, self.server_args)
+                thread.join()
+                self.assertIn('SUCCESS: Password accepted', self.str_output)
+            finally:
+                os.remove(portfile.name)
+
+
+def read_password(sock):
+    (result, remoteaddr) = sock.recvfrom(128)
+    assert(result == b'asdasd')
+    sock.sendto(b'ok', remoteaddr)
 
 
 class TestXdcrReplicate(CommandTest):
