libcouchbase 1.2.8 → 1.3.0

data/ext/libcouchbase/contrib/cbsasl/src/scram-sha/scram_utils.h

@@ -0,0 +1,99 @@
+/*
+ *     Copyright 2018 Couchbase, Inc.
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
+
+#ifndef SRC_SCRAM_SHA_SCRAM_UILS_H_
+#define SRC_SCRAM_SHA_SCRAM_UILS_H_
+
+#include <stddef.h>
+#include "cbsasl/cbsasl.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Ensures the seed for OpenSSL's RAND_bytes function is correctly filled.
+ * Please note: as we use it only for the generation of the client nonce,
+ * we don't need a strong entropy.
+ */
+void seed_rand(void);
+
+/**
+ * Generates a binary nonce of 'buffer_length' bytes at the given buffer address.
+ * The buffer must be already allocated with enough space in it.
+ */
+void generate_nonce(char *buffer, int buffer_length);
+
+/**
+ * Computes the number of comma (',') and equal ('=') characters in the input string
+ * for further substitution.
+ * If return value is negative, it means the buffer contains an invalid (control) character.
+ */
+int compute_special_chars(const char *buffer, int buffer_length);
+
+/**
+ * Copies 'n' bytes from 'src' to 'dest', replacing comma and equal characters by their
+ * substitution strings in the destination.
+ */
+void usernmcpy(char *dest, const char *src, size_t n);
+
+/**
+ * Parses the server's first reply to extract the nonce, the salt and the iteration count.
+ */
+cbsasl_error_t parse_server_challenge(const char *serverin, unsigned int serverinlen, const char **nonce,
+                                      unsigned int *noncelength, const char **salt, unsigned int *saltlength,
+                                      unsigned int *itcount);
+
+/**
+ * Generates the salted password.
+ */
+cbsasl_error_t generate_salted_password(cbsasl_auth_mechanism_t auth_mech, const cbsasl_secret_t *passwd,
+                                        const char *salt, unsigned int saltlen, unsigned int itcount,
+                                        unsigned char *outbuffer, unsigned int *outlength);
+
+/**
+ * Computes the client proof. It is computed as:
+ *
+ * ClientKey       := HMAC(SaltedPassword, "Client Key")
+ * StoredKey       := H(ClientKey)
+ * AuthMessage     := client-first-message-bare + "," +
+ *                    server-first-message + "," +
+ *                    client-final-message-without-proof
+ * ClientSignature := HMAC(StoredKey, AuthMessage)
+ * ClientProof     := ClientKey XOR ClientSignature
+ */
+cbsasl_error_t compute_client_proof(cbsasl_auth_mechanism_t auth_mech, const unsigned char *saltedpassword,
+                                    unsigned int saltedpasslen, const char *clientfirstbare, unsigned int cfblen,
+                                    const char *serverfirstmess, unsigned int sfmlen,
+                                    const char *clientfinalwithoutproof, unsigned int cfwplen, char **authmessage,
+                                    char *outclientproof, unsigned int outprooflen);
+
+/**
+ * Computes the Server Signature. It is computed as:
+ *
+ * SaltedPassword  := Hi(Normalize(password), salt, i)
+ * ServerKey       := HMAC(SaltedPassword, "Server Key")
+ * ServerSignature := HMAC(ServerKey, AuthMessage)
+ */
+cbsasl_error_t compute_server_signature(cbsasl_auth_mechanism_t auth_mech, const unsigned char *saltedpassword,
+                                        unsigned int saltedpasslen, const char *authmessage, char *outserversign,
+                                        unsigned int outsignlen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRC_SCRAM_SHA_SCRAM_UILS_H_ */

data/ext/libcouchbase/contrib/cliopts/CMakeLists.txt

@@ -1,2 +1,2 @@
 ADD_LIBRARY(cliopts OBJECT cliopts.c)
-SET_TARGET_PROPERTIES(cbsasl PROPERTIES COMPILE_FLAGS "${LCB_CORE_CFLAGS}")
+SET_TARGET_PROPERTIES(cbsasl-lcb PROPERTIES COMPILE_FLAGS "${LCB_CORE_CFLAGS}")

data/ext/libcouchbase/contrib/cliopts/cliopts.h

@@ -222,7 +222,20 @@ public:
     bool passed() const { return found != 0; }
     void setPassed(bool val = true) { found = val ? 1 : 0; }
     int numSpecified() const { return found; }
-    Option() { memset(this, 0, sizeof (cliopts_entry)); }
+
+    Option()
+    {
+        kshort = 0;
+        klong = NULL;
+        ktype = CLIOPTS_ARGT_NONE;
+        dest = NULL;
+        help = NULL;
+        vdesc = NULL;
+        required = 0;
+        hidden = 0;
+        found = 0;
+    }
+
 private:
     friend class Parser;
 };

data/ext/libcouchbase/contrib/snappy/CMakeLists.txt

@@ -1,8 +1,7 @@
-PROJECT(lcbsnappy)
 FILE(GLOB SNAPPY_SRC *.cc)
-ADD_LIBRARY(lcbsnappy STATIC ${SNAPPY_SRC})
+ADD_LIBRARY(lcb_snappy OBJECT ${SNAPPY_SRC})
 
-SET_TARGET_PROPERTIES(lcbsnappy
+SET_TARGET_PROPERTIES(lcb_snappy
     PROPERTIES
     POSITION_INDEPENDENT_CODE TRUE
     COMPILE_FLAGS "${LCB_CORE_CXXFLAGS}")

data/ext/libcouchbase/contrib/snappy/snappy-sinksource.cc

@@ -1,3 +1,7 @@
+#if defined(__clang__) || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 2)
+#pragma GCC diagnostic ignored "-Wunused-parameter"
+#endif
+
 // Copyright 2011 Google Inc. All Rights Reserved.
 //
 // Redistribution and use in source and binary forms, with or without

data/ext/libcouchbase/contrib/snappy/snappy-stubs-public.h

@@ -36,15 +36,17 @@
 #ifndef UTIL_SNAPPY_OPENSOURCE_SNAPPY_STUBS_PUBLIC_H_
 #define UTIL_SNAPPY_OPENSOURCE_SNAPPY_STUBS_PUBLIC_H_
 
-#if 1
+#include "config.h"
+
+#ifdef HAVE_STDINT_H
 #include <stdint.h>
 #endif
 
-#if 1
+#ifdef HAVE_STDDEF_H
 #include <stddef.h>
 #endif
 
-#if 0
+#ifdef HAVE_SYS_UIO_H
 #include <sys/uio.h>
 #endif
 
@@ -58,7 +60,7 @@
 
 namespace snappy {
 
-#if 1
+#ifdef HAVE_STDINT_H
 typedef int8_t int8;
 typedef uint8_t uint8;
 typedef int16_t int16;
@@ -84,7 +86,7 @@ typedef std::string string;
   TypeName(const TypeName&);               \
   void operator=(const TypeName&)
 
-#if !0
+#ifndef HAVE_SYS_UIO_H
 // Windows does not have an iovec type, yet the concept is universally useful.
 // It is simple to define it ourselves, so we put it inside our own namespace.
 struct iovec {

data/ext/libcouchbase/contrib/snappy/snappy.cc

@@ -1,3 +1,9 @@
+#if defined(__clang__) || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 2)
+#pragma GCC diagnostic ignored "-Wunused-parameter"
+#pragma GCC diagnostic ignored "-Wunused-function"
+#pragma GCC diagnostic ignored "-Wsign-compare"
+#endif
+
 // Copyright 2005 Google Inc. All Rights Reserved.
 //
 // Redistribution and use in source and binary forms, with or without
@@ -26,10 +32,10 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+#include "snappy-lcb-msvc.h" // Added by libcouchbase
 #include "snappy.h"
 #include "snappy-internal.h"
 #include "snappy-sinksource.h"
-#include "snappy-lcb-msvc.h" // Added by libcouchbase
 
 #include <stdio.h>
 
@@ -1304,4 +1310,3 @@ size_t Compress(const char* input, size_t input_length, string* compressed) {
 
 
 } // end namespace snappy
-

data/ext/libcouchbase/example/crypto/.gitignore

@@ -0,0 +1,2 @@
+openssl_symmetric_decrypt
+openssl_symmetric_encrypt

data/ext/libcouchbase/example/crypto/Makefile

@@ -0,0 +1,13 @@
+LDFLAGS=-lcouchbase -lm
+CFLAGS=-g
+
+OPENSSL_LDFLAGS=$(shell pkg-config --libs openssl) ${LDFLAGS}
+OPENSSL_CFLAGS=$(shell pkg-config --cflags openssl) ${CFLAGS}
+
+all: openssl_symmetric_encrypt openssl_symmetric_decrypt
+
+openssl_symmetric_encrypt: openssl_symmetric_encrypt.c openssl_symmetric_provider.c common_provider.c
+	${CC} ${OPENSSL_CFLAGS} ${OPENSSL_LDFLAGS} -o $@ $^
+
+openssl_symmetric_decrypt: openssl_symmetric_decrypt.c openssl_symmetric_provider.c common_provider.c
+	${CC} ${OPENSSL_CFLAGS} ${OPENSSL_LDFLAGS} -o $@ $^

data/ext/libcouchbase/example/crypto/common_provider.c

@@ -0,0 +1,24 @@
+/* -*- Mode: C; tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ *     Copyright 2018 Couchbase, Inc.
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
+
+#include "common_provider.h"
+
+uint8_t *common_hmac_sha256_key = "myauthpassword";
+
+uint8_t common_aes256_key[AES256_KEY_SIZE] = "!mysecretkey#9^5usdk39d&dlf)03sL";
+uint8_t common_aes256_iv[AES256_IV_SIZE] = {0x65, 0xe7, 0x66, 0xbe, 0x35, 0xb2, 0xd2, 0x52,
+                                            0x2b, 0x2e, 0x7e, 0x8e, 0x99, 0x9,  0x8d, 0xa9};

data/ext/libcouchbase/example/crypto/common_provider.h

@@ -0,0 +1,31 @@
+/* -*- Mode: C; tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ *     Copyright 2018 Couchbase, Inc.
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
+
+#ifndef _COMMON_PROVIDER_H
+#define _COMMON_PROVIDER_H
+
+#include <libcouchbase/couchbase.h>
+
+#define AES256_KEY_SIZE 32
+#define AES256_IV_SIZE 16
+
+extern uint8_t common_aes256_key[AES256_KEY_SIZE];
+extern uint8_t common_aes256_iv[AES256_IV_SIZE];
+
+extern uint8_t *common_hmac_sha256_key;
+
+#endif

data/ext/libcouchbase/example/crypto/openssl_symmetric_decrypt.c

@@ -0,0 +1,139 @@
+/* -*- Mode: C; tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ *     Copyright 2018 Couchbase, Inc.
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
+
+#include <stdio.h>
+#include <libcouchbase/couchbase.h>
+#include <libcouchbase/crypto.h>
+#include <stdlib.h>
+#include <string.h> /* strlen */
+#ifdef _WIN32
+#define PRIx64 "I64x"
+#else
+#include <inttypes.h>
+#endif
+
+#include "openssl_symmetric_provider.h"
+
+static void die(lcb_t instance, const char *msg, lcb_error_t err)
+{
+    fprintf(stderr, "%s. Received code 0x%X (%s)\n", msg, err, lcb_strerror(instance, err));
+    exit(EXIT_FAILURE);
+}
+
+static void op_callback(lcb_t instance, int cbtype, const lcb_RESPBASE *rb)
+{
+    if (rb->rc == LCB_SUCCESS) {
+        const lcb_RESPGET *rg = (const lcb_RESPGET *)rb;
+        lcbcrypto_CMDDECRYPT dcmd = {};
+        lcb_error_t err;
+
+        printf("VALUE:  %.*s\n", (int)rg->nvalue, rg->value);
+        dcmd.version = 0;
+        dcmd.prefix = NULL;
+        dcmd.doc = rg->value;
+        dcmd.ndoc = rg->nvalue;
+        dcmd.out = NULL;
+        dcmd.nout = 0;
+        err = lcbcrypto_decrypt_fields(instance, &dcmd);
+        if (err != LCB_SUCCESS) {
+            die(instance, "Couldn't decrypt field 'message'", err);
+        }
+        if (dcmd.out == NULL) {
+            die(instance, "Crypto provider returned success, but document is NULL", LCB_EINVAL);
+        }
+        /* chop trailing LF for nicer look */
+        if (dcmd.out[dcmd.nout - 1] == '\n') {
+            dcmd.out[dcmd.nout - 1] = ' ';
+        }
+        printf("PLAIN:  %.*s\n", (int)dcmd.nout, dcmd.out);
+        free(dcmd.out); // NOTE: it should be compatible with what providers use to allocate memory
+        printf("CAS:    0x%" PRIx64 "\n", rb->cas);
+    } else {
+        die(instance, lcb_strcbtype(cbtype), rb->rc);
+    }
+}
+
+static void get_encrypted(lcb_t instance, const char *key)
+{
+    lcb_CMDGET cmd = {};
+    lcb_error_t err;
+    LCB_CMD_SET_KEY(&cmd, key, strlen(key));
+    printf("KEY:    %s\n", key);
+    err = lcb_get3(instance, NULL, &cmd);
+    if (err != LCB_SUCCESS) {
+        die(instance, "Couldn't schedule get operation", err);
+    }
+    lcb_wait(instance);
+}
+
+int main(int argc, char *argv[])
+{
+    lcb_error_t err;
+    lcb_t instance;
+
+    {
+        struct lcb_create_st create_options = {};
+        create_options.version = 3;
+
+        if (argc < 2) {
+            fprintf(stderr, "Usage: %s couchbase://host/bucket [ password [ username ] ]\n", argv[0]);
+            exit(EXIT_FAILURE);
+        }
+
+        create_options.v.v3.connstr = argv[1];
+        if (argc > 2) {
+            create_options.v.v3.passwd = argv[2];
+        }
+        if (argc > 3) {
+            create_options.v.v3.username = argv[3];
+        }
+
+        err = lcb_create(&instance, &create_options);
+        if (err != LCB_SUCCESS) {
+            die(NULL, "Couldn't create couchbase handle", err);
+        }
+
+        err = lcb_connect(instance);
+        if (err != LCB_SUCCESS) {
+            die(instance, "Couldn't schedule connection", err);
+        }
+
+        lcb_wait(instance);
+
+        err = lcb_get_bootstrap_status(instance);
+        if (err != LCB_SUCCESS) {
+            die(instance, "Couldn't bootstrap from cluster", err);
+        }
+
+        lcb_install_callback3(instance, LCB_CALLBACK_GET, op_callback);
+    }
+
+    lcbcrypto_register(instance, "AES-256-HMAC-SHA256", osp_create());
+
+    get_encrypted(instance, "secret-1");
+    printf("\n");
+    get_encrypted(instance, "secret-2");
+    printf("\n");
+    get_encrypted(instance, "secret-3");
+    printf("\n");
+    get_encrypted(instance, "secret-4");
+    printf("\n");
+    get_encrypted(instance, "secret-5");
+
+    lcb_destroy(instance);
+    return 0;
+}

data/ext/libcouchbase/example/crypto/openssl_symmetric_encrypt.c

@@ -0,0 +1,147 @@
+/* -*- Mode: C; tab-width: 4; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ *     Copyright 2018 Couchbase, Inc.
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
+
+#include <stdio.h>
+#include <libcouchbase/couchbase.h>
+#include <libcouchbase/crypto.h>
+#include <stdlib.h>
+#include <string.h> /* strlen */
+#ifdef _WIN32
+#define PRIx64 "I64x"
+#else
+#include <inttypes.h>
+#endif
+
+#include "openssl_symmetric_provider.h"
+
+static void die(lcb_t instance, const char *msg, lcb_error_t err)
+{
+    fprintf(stderr, "%s. Received code 0x%X (%s)\n", msg, err, lcb_strerror(instance, err));
+    exit(EXIT_FAILURE);
+}
+
+static void op_callback(lcb_t instance, int cbtype, const lcb_RESPBASE *rb)
+{
+    if (rb->rc == LCB_SUCCESS) {
+        fprintf(stderr, "CAS:    0x%" PRIx64 "\n", rb->cas);
+    } else {
+        die(instance, lcb_strcbtype(cbtype), rb->rc);
+    }
+}
+
+static void store_encrypted(lcb_t instance, const char *key, const char *val)
+{
+    lcb_error_t err;
+    lcb_CMDSTORE cmd = {};
+    lcbcrypto_CMDENCRYPT ecmd = {};
+    lcbcrypto_FIELDSPEC field = {};
+
+    printf("KEY:    %s\n", key);
+    printf("PLAIN:  %s\n", val);
+
+    ecmd.version = 0;
+    ecmd.prefix = NULL;
+    ecmd.doc = val;
+    ecmd.ndoc = strlen(val);
+    ecmd.out = NULL;
+    ecmd.nout = 0;
+    ecmd.nfields = 1;
+    ecmd.fields = &field;
+    field.name = "message";
+    field.alg = "AES-256-HMAC-SHA256";
+    field.kid = "mypublickey";
+
+    err = lcbcrypto_encrypt_fields(instance, &ecmd);
+    if (err != LCB_SUCCESS) {
+        die(instance, "Couldn't encrypt field 'message'", err);
+    }
+    /* chop trailing LF for nicer look */
+    if (ecmd.out[ecmd.nout - 1] == '\n') {
+        ecmd.out[ecmd.nout - 1] = ' ';
+    }
+    printf("CIPHER: %s\n", ecmd.out);
+
+    LCB_CMD_SET_KEY(&cmd, key, strlen(key));
+    LCB_CMD_SET_VALUE(&cmd, ecmd.out, ecmd.nout);
+    cmd.operation = LCB_SET;
+    cmd.datatype = LCB_DATATYPE_JSON;
+
+    err = lcb_store3(instance, NULL, &cmd);
+    free(ecmd.out); // NOTE: it should be compatible with what providers use to allocate memory
+    if (err != LCB_SUCCESS) {
+        die(instance, "Couldn't schedule storage operation", err);
+    }
+    lcb_wait(instance);
+}
+
+int main(int argc, char *argv[])
+{
+    lcb_error_t err;
+    lcb_t instance;
+
+    {
+        struct lcb_create_st create_options = {};
+        create_options.version = 3;
+
+        if (argc < 2) {
+            fprintf(stderr, "Usage: %s couchbase://host/bucket [ password [ username ] ]\n", argv[0]);
+            exit(EXIT_FAILURE);
+        }
+
+        create_options.v.v3.connstr = argv[1];
+        if (argc > 2) {
+            create_options.v.v3.passwd = argv[2];
+        }
+        if (argc > 3) {
+            create_options.v.v3.username = argv[3];
+        }
+
+        err = lcb_create(&instance, &create_options);
+        if (err != LCB_SUCCESS) {
+            die(NULL, "Couldn't create couchbase handle", err);
+        }
+
+        err = lcb_connect(instance);
+        if (err != LCB_SUCCESS) {
+            die(instance, "Couldn't schedule connection", err);
+        }
+
+        lcb_wait(instance);
+
+        err = lcb_get_bootstrap_status(instance);
+        if (err != LCB_SUCCESS) {
+            die(instance, "Couldn't bootstrap from cluster", err);
+        }
+
+        lcb_install_callback3(instance, LCB_CALLBACK_STORE, op_callback);
+    }
+
+    lcbcrypto_register(instance, "AES-256-HMAC-SHA256", osp_create());
+
+    store_encrypted(instance, "secret-1", "{\"message\":\"The old grey goose jumped over the wrickety gate.\"}");
+    printf("\n");
+    store_encrypted(instance, "secret-2", "{\"message\":10}");
+    printf("\n");
+    store_encrypted(instance, "secret-3", "{\"message\":\"10\"}");
+    printf("\n");
+    store_encrypted(instance, "secret-4", "{\"message\":[\"The\",\"Old\",\"Grey\",\"Goose\",\"Jumped\",\"over\",\"the\",\"wrickety\",\"gate\"]}");
+    printf("\n");
+    store_encrypted(instance, "secret-5", "{\"message\":{\"myValue\":\"The old grey goose jumped over the wrickety gate.\",\"myInt\":10}}");
+
+    lcb_destroy(instance);
+    return 0;
+}