rethinkdb 2.2.0.4 → 2.3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 61203b4912d349374e32f44b3db3b1b66a65345b
-  data.tar.gz: 3bdc2e9c7f63883392ef703f9ec9e81a257c6f5f
+  metadata.gz: 3cc46a96063b3b943304398afd307176d3847889
+  data.tar.gz: e0f277c7d8ca4c0d7ac3405cad9c2fadb65d2026
 SHA512:
-  metadata.gz: 05c173811f8db6ad995a9e4dae15369ac03727fad9b562ba4c2d2b9352eeb8fb67f4383dc4880b2900e44d022ebbe7484635f255540f15db4213c73d6defff38
-  data.tar.gz: 3283f2eefd314523dad97e6d1457ac5bc2f10ebaa967631b26aced0ed3e65bb80bf063bea030a85f5624c7df37665667a45be733852a1e30912f457deabf21c5
+  metadata.gz: 8c6fbddd6d2063eab25468fcedcab36c97f06fbca90bb8eaf55b5d0f22fcd99e36f6dc658e42963226c073696a066b7392b93717b5e82a0de3c08a707af41282
+  data.tar.gz: 6827ef687ed5a9e09c61320a4bf6f77918403a155890c475f9d34279a8f455697fdce4069c69f3c4c4f0bd35d44974f9514607e799be2fbe7dc8f718d74f7447

data/lib/exc.rb

@@ -1,19 +1,20 @@
 module RethinkDB
-  ReqlError = RqlError = Class.new(RuntimeError)
+  RqlError = ReqlError = Class.new(RuntimeError)
 
-  ReqlRuntimeError = RqlRuntimeError = Class.new(ReqlError)
-  ReqlInternalError = RqlInternalError = Class.new(ReqlRuntimeError)
-  ReqlResourceLimitError = RqlResourceLimitError = Class.new(ReqlRuntimeError)
-  ReqlQueryLogicError = RqlQueryLogicError = Class.new(ReqlRuntimeError)
-  ReqlNonExistenceError = RqlNonExistenceError = Class.new(ReqlQueryLogicError)
-  ReqlAvailabilityError = RqlAvailabilityError = Class.new(ReqlRuntimeError)
-  ReqlOpFailedError = RqlOpFailedError = Class.new(ReqlAvailabilityError)
-  ReqlOpIndeterminateError = RqlOpIndeterminateError = Class.new(ReqlAvailabilityError)
-  ReqlUserError = RqlUserError = Class.new(ReqlRuntimeError)
+  RqlRuntimeError = ReqlRuntimeError = Class.new(ReqlError)
+  RqlInternalError = ReqlInternalError = Class.new(ReqlRuntimeError)
+  RqlResourceLimitError = ReqlResourceLimitError = Class.new(ReqlRuntimeError)
+  RqlQueryLogicError = ReqlQueryLogicError = Class.new(ReqlRuntimeError)
+  RqlNonExistenceError = ReqlNonExistenceError = Class.new(ReqlQueryLogicError)
+  RqlAvailabilityError = ReqlAvailabilityError = Class.new(ReqlRuntimeError)
+  RqlOpFailedError = ReqlOpFailedError = Class.new(ReqlAvailabilityError)
+  RqlOpIndeterminateError = ReqlOpIndeterminateError = Class.new(ReqlAvailabilityError)
+  RqlUserError = ReqlUserError = Class.new(ReqlRuntimeError)
+  ReqlPermissionError = Class.new(ReqlRuntimeError)
 
-  ReqlDriverError = RqlDriverError = Class.new(ReqlError)
-  ReqlAuthError = RqlAuthError = Class.new(ReqlDriverError)
-  ReqlCompileError = RqlCompileError = Class.new(ReqlError)
+  RqlDriverError = ReqlDriverError = Class.new(ReqlError)
+  RqlAuthError = ReqlAuthError = Class.new(ReqlDriverError)
+  RqlCompileError = ReqlCompileError = Class.new(ReqlError)
   ReqlServerCompileError = Class.new(ReqlCompileError)
   ReqlDriverCompileError = Class.new(ReqlCompileError)
 end

data/lib/func.rb

@@ -22,6 +22,7 @@ module RethinkDB
       :insert => 1,
       :delete => -1,
       :reduce => -1,
+      :fold => -1,
       :between => 2,
       :table => -1,
       :table_create => -1,
@@ -34,6 +35,7 @@ module RethinkDB
       :during => -1,
       :orderby => -1,
       :order_by => -1,
+      :union => -1,
       :group => -1,
       :iso8601 => -1,
       :index_create => -1,

data/lib/net.rb

@@ -1,10 +1,12 @@
+require 'base64'
+require 'openssl'
 require 'monitor'
+require 'pp' # This is needed for pretty_inspect
 require 'set'
+require 'securerandom'
 require 'socket'
 require 'thread'
 require 'timeout'
-require 'pp' # This is needed for pretty_inspect
-require 'openssl'
 
 module RethinkDB
   module Faux_Abort
@@ -456,6 +458,7 @@ module RethinkDB
 
   class Connection
     include OpenSSL
+
     def auto_reconnect(x=true)
       @auto_reconnect = x
       self
@@ -474,7 +477,13 @@ module RethinkDB
       @host = opts[:host] || "localhost"
       @port = (opts[:port] || 28015).to_i
       @default_db = opts[:db]
-      @auth_key = opts[:auth_key] || ""
+      @user = opts[:user] || "admin"
+      @user = @user.gsub("=", "=3D").gsub(",","=2C")
+      if opts[:password] && opts[:auth_key]
+        raise ReqlDriverError, "Cannot specify both a password and an auth key."
+      end
+      @password = opts[:password] || opts[:auth_key] || ""
+      @nonce = SecureRandom.base64(18)
       @timeout = opts[:timeout].to_i
       @timeout = 20 if @timeout <= 0
       @ssl_opts = opts[:ssl] || {}
@@ -490,6 +499,13 @@ module RethinkDB
     end
     attr_reader :host, :port, :default_db, :conn_id
 
+    def client_port
+      is_open() ? @socket.addr[1] : nil
+    end
+    def client_address
+      is_open() ? @socket.addr[3] : nil
+    end
+
     def new_token
       @token_cnt_mutex.synchronize{@token_cnt += 1}
     end
@@ -576,10 +592,11 @@ module RethinkDB
       @mon.synchronize {
         written = 0
         while written < packet.length
-          # Supposedly slice will not copy the array if it goes all the way to the end
-          # We use IO::syswrite here rather than IO::write because of incompatibilities in
-          # JRuby regarding filling up the TCP send buffer.
-          # Reference: https://github.com/rethinkdb/rethinkdb/issues/3795
+          # Supposedly slice will not copy the array if it goes all
+          # the way to the end We use IO::syswrite here rather than
+          # IO::write because of incompatibilities in JRuby regarding
+          # filling up the TCP send buffer.  Reference:
+          # https://github.com/rethinkdb/rethinkdb/issues/3795
           written += @socket.syswrite(packet.slice(written, packet.length))
         end
       }
@@ -645,7 +662,8 @@ module RethinkDB
     end
 
     @@last = nil
-    @@magic_number = VersionDummy::Version::V0_4
+    @@magic_number = VersionDummy::Version::V1_0
+    @@protocol_version = 0
     @@wire_protocol = VersionDummy::Protocol::JSON
 
     def debug_socket; @socket; end
@@ -814,6 +832,180 @@ module RethinkDB
       note_data(token, data)
     end
 
+    def rcv_json
+      response = ""
+      while response[-1..-1] != "\0"
+        response += @socket.read_exn(1, @timeout)
+      end
+      begin
+        res = JSON.parse(response[0...-1])
+        if !res['success']
+          msg = "Handshake error (#{res})."
+          ecode = res['error_code']
+          if ecode && ecode >= 10 && ecode <= 20
+            msg = res['error'] if res['error'].to_s != ""
+            raise ReqlAuthError, msg
+          else
+            raise ReqlDriverError, msg
+          end
+        end
+      rescue Exception => e
+        if !e.class.ancestors.include?(ReqlDriverError)
+          raise ReqlDriverError, "Connection closed by server (#{e})."
+        else
+          raise e
+        end
+      end
+      return res
+    end
+
+    def send_json(x)
+      send(x.to_json + "\0")
+    end
+
+    def check_version(server_info)
+      if server_info['min_protocol_version'] > @@protocol_version ||
+          server_info['max_protocol_version'] < @@protocol_version
+        raise ReqlDriverError, "Version mismatch: Driver uses #{@@protocol_version} "+
+          "but server accepts "+
+          "[#{server_info['min_version']}, #{server_info['max_version']}]."
+      end
+    end
+
+    def check_nonce(server_nonce, nonce)
+      if !server_nonce.start_with?(nonce)
+        raise ReqlDriverError, "Invalid nonce #{server_nonce} received from server."
+      end
+    end
+
+    @@fast_auth_func = lambda {|*args|
+      digest = OpenSSL::Digest::SHA256.new
+      OpenSSL::PKCS5.pbkdf2_hmac(*args, digest.digest_length, digest)
+    }
+    @@slow_auth_func = lambda {|password, salt, iter|
+      mac = OpenSSL::HMAC.new(password, OpenSSL::Digest::SHA256.new)
+      acc = t = mac.update(salt + "\0\0\0\1").digest
+      mac.reset
+      (iter-1).times{acc = xor(acc, t = mac.update(t).digest); mac.reset}
+      res = acc
+    }
+    @@auth_func = @@fast_auth_func
+    @@auth_func_mutex = Mutex.new
+
+    @@auth_cache = {}
+    @@auth_cache_mutex = Mutex.new
+
+    def pbkdf2_hmac_sha256(*args)
+      auth_func = res = nil
+      @@auth_cache_mutex.synchronize {
+        res = @@auth_cache[args]
+        return res if res
+      }
+
+      @@auth_func_mutex.synchronize {
+        auth_func = @@auth_func
+      }
+      begin
+        res = auth_func.call(*args)
+      rescue NotImplementedError => e
+        if auth_func != @@slow_auth_func
+          @@auth_func_mutex.synchronize {
+            auth_func = @@auth_func = @@slow_auth_func
+          }
+          res = auth_func.call(*args)
+        else
+          raise e
+        end
+      end
+
+      @@auth_cache_mutex.synchronize {
+        @@auth_cache[args] = res
+      }
+      return res
+    end
+
+    def hmac(*args)
+      OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, *args)
+    end
+
+    def sha256(str)
+      OpenSSL::Digest.digest("SHA256", str)
+    end
+
+    def self.xor(str1, str2)
+      out = str1.dup
+      out.bytesize.times {|i|
+        out.setbyte(i, out.getbyte(i) ^ str2.getbyte(i))
+      }
+      return out
+    end
+
+    def const_eq(a, b)
+      return false if a.size != b.size
+      residue = 0
+      a.unpack('C*').zip(b.unpack('C*')).each{|x,y|
+        residue |= (x ^ y)
+      }
+      return residue == 0
+    end
+
+    def check_server_signature_claim(server_signature_claim, server_signature)
+      if !const_eq(server_signature_claim, server_signature)
+        sig1 = Base64.strict_encode64(server_signature_claim)
+        sig2 = Base64.strict_encode64(server_signature)
+        raise ReqlAuthError, "Server signature #{sig1} does "+
+          "not match expected signature #{sig2}."
+      end
+    end
+
+    def do_handshake
+      begin
+        send([@@magic_number].pack('L<'))
+        client_first_message_bare = "n=#{@user},r=#{@nonce}"
+        send_json({ protocol_version: @@protocol_version,
+                    authentication_method: "SCRAM-SHA-256",
+                    authentication: "n,,#{client_first_message_bare}" })
+
+        server_version_msg = rcv_json
+        check_version(server_version_msg)
+
+        auth_resp = rcv_json
+        server_first_message = auth_resp['authentication']
+
+        fields = Hash[server_first_message.split(',').map{|x| x.split('=', 2)}]
+        server_nonce = fields['r']
+
+        client_final_message_without_proof = "c=biws,r=#{server_nonce}"
+        auth_message = "#{client_first_message_bare},#{server_first_message},"+
+          client_final_message_without_proof
+        check_nonce(server_nonce, @nonce)
+        salt = Base64.decode64(fields['s'])
+        iter = fields['i'].to_i
+
+        salted_password = pbkdf2_hmac_sha256(@password, salt, iter)
+
+        client_key = hmac(salted_password, "Client Key")
+        stored_key = sha256(client_key)
+        client_signature = hmac(stored_key, auth_message)
+        client_proof = Connection::xor(client_key, client_signature)
+        cproof_64 = Base64.strict_encode64(client_proof)
+
+        msg = "#{client_final_message_without_proof},p=#{cproof_64}"
+        send_json({authentication: msg})
+
+        sig_resp = rcv_json
+        fields = Hash[sig_resp['authentication'].split(',').map{|x| x.split('=', 2)}]
+        server_signature_claim = Base64::decode64(fields['v'])
+        server_key = hmac(salted_password, "Server Key")
+        server_signature = hmac(server_key, auth_message)
+        check_server_signature_claim(server_signature_claim, server_signature)
+      rescue ReqlError => e
+        raise e
+      rescue Exception => e
+        raise ReqlDriverError, "Error during handshake: #{e.inspect} #{e.backtrace}"
+      end
+    end
+
     def start_listener
       class << @socket
         def maybe_timeout(sec=nil, &b)
@@ -829,24 +1021,7 @@ module RethinkDB
           }
         end
       end
-      send([@@magic_number, @auth_key.size].pack('L<L<') +
-            @auth_key + [@@wire_protocol].pack('L<'))
-      response = ""
-      while response[-1..-1] != "\0"
-        response += @socket.read_exn(1, @timeout)
-      end
-      response = response[0...-1]
-      if response == "SUCCESS"
-        # do nothing
-      elsif response == "ERROR: Incorrect authorization key.\n"
-        raise ReqlAuthError, "Incorrect authorization key."
-      else
-        raise ReqlRuntimeError, "Server dropped connection with message: \"#{response}\""
-      end
-
-      if @listener
-        raise ReqlDriverError, "Internal driver error, listener already started."
-      end
+      do_handshake
       @listener = Thread.new {
         while true
           begin

data/lib/ql2.pb.rb

@@ -8,6 +8,7 @@ module RethinkDB
 			V0_2 = 1915781601
 			V0_3 = 1601562686
 			V0_4 = 1074539808
+			V1_0 = 885177795
 		end
 		
 		module Protocol
@@ -59,6 +60,7 @@ module RethinkDB
 			OP_FAILED = 4100000
 			OP_INDETERMINATE = 4200000
 			USER = 5000000
+			PERMISSION_ERROR = 6000000
 		end
 		
 		module ResponseNote
@@ -140,6 +142,7 @@ module RethinkDB
 			BETWEEN = 182
 			REDUCE = 37
 			MAP = 38
+			FOLD = 187
 			FILTER = 39
 			CONCAT_MAP = 40
 			ORDER_BY = 41
@@ -176,6 +179,7 @@ module RethinkDB
 			RECONFIGURE = 176
 			REBALANCE = 179
 			SYNC = 138
+			GRANT = 188
 			INDEX_CREATE = 75
 			INDEX_DROP = 76
 			INDEX_LIST = 77

data/lib/shim.rb

@@ -72,6 +72,7 @@ module RethinkDB
             when re::OP_FAILED        then raise ReqlOpFailedError,         r['r'][0]
             when re::OP_INDETERMINATE then raise ReqlOpIndeterminateError,  r['r'][0]
             when re::USER             then raise ReqlUserError,             r['r'][0]
+            when re::PERMISSION_ERROR then raise ReqlPermissionError,       r['r'][0]
             else                           raise ReqlRuntimeError,          r['r'][0]
           end
         when rt::COMPILE_ERROR        then raise ReqlServerCompileError,    r['r'][0]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rethinkdb
 version: !ruby/object:Gem::Version
-  version: 2.2.0.4
+  version: 2.3.0.0
 platform: ruby
 authors:
 - RethinkDB Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-24 00:00:00.000000000 Z
+date: 2016-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json