couchbase 3.2.4 → 3.2.6

package/deps/lcb/src/operations/get.cc

@@ -129,6 +129,12 @@ LIBCOUCHBASE_API lcb_STATUS lcb_cmdget_on_behalf_of(lcb_CMDGET *cmd, const char
     return cmd->on_behalf_of(std::string(data, data_len));
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_cmdget_on_behalf_of_extra_privilege(lcb_CMDGET *cmd, const char *privilege,
+                                                                    size_t privilege_len)
+{
+    return cmd->on_behalf_of_add_extra_privilege(std::string(privilege, privilege_len));
+}
+
 static lcb_STATUS get_validate(lcb_INSTANCE *instance, const lcb_CMDGET *cmd)
 {
     if (cmd->key().empty()) {
@@ -159,6 +165,12 @@ static lcb_STATUS get_schedule(lcb_INSTANCE *instance, std::shared_ptr<lcb_CMDGE
         if (err != LCB_SUCCESS) {
             return err;
         }
+        for (const auto &privilege : cmd->extra_privileges()) {
+            err = lcb::flexible_framing_extras::encode_impersonate_users_extra_privilege(privilege, framing_extras);
+            if (err != LCB_SUCCESS) {
+                return err;
+            }
+        }
     }
 
     hdr.request.magic = framing_extras.empty() ? PROTOCOL_BINARY_REQ : PROTOCOL_BINARY_AREQ;

package/deps/lcb/src/operations/get_replica.cc

@@ -144,6 +144,12 @@ LIBCOUCHBASE_API lcb_STATUS lcb_cmdgetreplica_on_behalf_of(lcb_CMDGETREPLICA *cm
     return cmd->on_behalf_of(std::string(data, data_len));
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_cmdgetreplica_on_behalf_of_extra_privilege(lcb_CMDGETREPLICA *cmd,
+                                                                           const char *privilege, size_t privilege_len)
+{
+    return cmd->on_behalf_of_add_extra_privilege(std::string(privilege, privilege_len));
+}
+
 struct RGetCookie : mc_REQDATAEX {
     RGetCookie(void *cookie, lcb_INSTANCE *instance, get_replica_mode, int vb);
     void decref()
@@ -349,20 +355,26 @@ static lcb_STATUS get_replica_schedule(lcb_INSTANCE *instance, std::shared_ptr<l
         return LCB_ERR_NO_MATCHING_SERVER;
     }
 
-    /* Initialize the cookie */
-    auto *rck = new RGetCookie(cmd->cookie(), instance, cmd->mode(), vbid);
-    rck->start = cmd->start_time_or_default_in_nanoseconds(gethrtime());
-    rck->deadline =
-        rck->start + cmd->timeout_or_default_in_nanoseconds(LCB_US2NS(LCBT_SETTING(instance, operation_timeout)));
-
     std::vector<std::uint8_t> framing_extras;
     if (cmd->want_impersonation()) {
         lcb_STATUS err = lcb::flexible_framing_extras::encode_impersonate_user(cmd->impostor(), framing_extras);
         if (err != LCB_SUCCESS) {
             return err;
         }
+        for (const auto &privilege : cmd->extra_privileges()) {
+            err = lcb::flexible_framing_extras::encode_impersonate_users_extra_privilege(privilege, framing_extras);
+            if (err != LCB_SUCCESS) {
+                return err;
+            }
+        }
     }
 
+    /* Initialize the cookie */
+    auto *rck = new RGetCookie(cmd->cookie(), instance, cmd->mode(), vbid);
+    rck->start = cmd->start_time_or_default_in_nanoseconds(gethrtime());
+    rck->deadline =
+        rck->start + cmd->timeout_or_default_in_nanoseconds(LCB_US2NS(LCBT_SETTING(instance, operation_timeout)));
+
     /* Initialize the packet */
     req.request.magic = framing_extras.empty() ? PROTOCOL_BINARY_REQ : PROTOCOL_BINARY_AREQ;
     req.request.opcode = PROTOCOL_BINARY_CMD_GET_REPLICA;

package/deps/lcb/src/operations/ping.cc

@@ -69,7 +69,7 @@ LIBCOUCHBASE_API lcb_STATUS lcb_respping_result_id(const lcb_RESPPING *resp, siz
         return LCB_ERR_OPTIONS_CONFLICT;
     }
     *endpoint_id = resp->services[index].id;
-    *endpoint_id_len = strlen(*endpoint_id);
+    *endpoint_id_len = *endpoint_id == nullptr ? 0 : strlen(*endpoint_id);
     return LCB_SUCCESS;
 }
 
@@ -100,7 +100,7 @@ LIBCOUCHBASE_API lcb_STATUS lcb_respping_result_local(const lcb_RESPPING *resp,
         return LCB_ERR_OPTIONS_CONFLICT;
     }
     *address = resp->services[index].local;
-    *address_len = strlen(*address);
+    *address_len = *address == nullptr ? 0 : strlen(*address);
     return LCB_SUCCESS;
 }
 

package/deps/lcb/src/operations/remove.cc

@@ -117,6 +117,12 @@ LIBCOUCHBASE_API lcb_STATUS lcb_cmdremove_on_behalf_of(lcb_CMDREMOVE *cmd, const
     return cmd->on_behalf_of(std::string(data, data_len));
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_cmdremove_on_behalf_of_extra_privilege(lcb_CMDREMOVE *cmd, const char *privilege,
+                                                                       size_t privilege_len)
+{
+    return cmd->on_behalf_of_add_extra_privilege(std::string(privilege, privilege_len));
+}
+
 static lcb_STATUS remove_validate(lcb_INSTANCE *instance, const lcb_CMDREMOVE *cmd)
 {
     if (cmd->key().empty()) {
@@ -159,6 +165,12 @@ static lcb_STATUS remove_schedule(lcb_INSTANCE *instance, std::shared_ptr<lcb_CM
         if (err != LCB_SUCCESS) {
             return err;
         }
+        for (const auto &privilege : cmd->extra_privileges()) {
+            err = lcb::flexible_framing_extras::encode_impersonate_users_extra_privilege(privilege, framing_extras);
+            if (err != LCB_SUCCESS) {
+                return err;
+            }
+        }
     }
 
     hdr.request.magic = framing_extras.empty() ? PROTOCOL_BINARY_REQ : PROTOCOL_BINARY_AREQ;

package/deps/lcb/src/operations/store.cc

@@ -234,6 +234,12 @@ LIBCOUCHBASE_API lcb_STATUS lcb_cmdstore_on_behalf_of(lcb_CMDSTORE *cmd, const c
     return cmd->on_behalf_of(std::string(data, data_len));
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_cmdstore_on_behalf_of_extra_privilege(lcb_CMDSTORE *cmd, const char *privilege,
+                                                                      size_t privilege_len)
+{
+    return cmd->on_behalf_of_add_extra_privilege(std::string(privilege, privilege_len));
+}
+
 struct DurStoreCtx : mc_REQDATAEX {
     lcb_INSTANCE *instance;
     lcb_U16 persist_to;
@@ -400,6 +406,12 @@ static lcb_STATUS store_schedule(lcb_INSTANCE *instance, std::shared_ptr<lcb_CMD
         if (err != LCB_SUCCESS) {
             return err;
         }
+        for (const auto &privilege : cmd->extra_privileges()) {
+            err = lcb::flexible_framing_extras::encode_impersonate_users_extra_privilege(privilege, framing_extras);
+            if (err != LCB_SUCCESS) {
+                return err;
+            }
+        }
     }
     auto ffextlen = static_cast<std::uint8_t>(framing_extras.size());
     hdr.request.magic = (ffextlen == 0) ? PROTOCOL_BINARY_REQ : PROTOCOL_BINARY_AREQ;

package/deps/lcb/src/operations/subdoc.cc

@@ -409,6 +409,12 @@ LIBCOUCHBASE_API lcb_STATUS lcb_cmdsubdoc_on_behalf_of(lcb_CMDSUBDOC *cmd, const
     return cmd->on_behalf_of(std::string(data, data_len));
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_cmdsubdoc_on_behalf_of_extra_privilege(lcb_CMDSUBDOC *cmd, const char *privilege,
+                                                                       size_t privilege_len)
+{
+    return cmd->on_behalf_of_add_extra_privilege(std::string(privilege, privilege_len));
+}
+
 namespace SubdocCmdTraits
 {
 enum Options {
@@ -798,6 +804,12 @@ static lcb_STATUS subdoc_schedule(lcb_INSTANCE *instance, std::shared_ptr<lcb_CM
         if (rc != LCB_SUCCESS) {
             return rc;
         }
+        for (const auto &privilege : cmd->extra_privileges()) {
+            rc = lcb::flexible_framing_extras::encode_impersonate_users_extra_privilege(privilege, framing_extras);
+            if (rc != LCB_SUCCESS) {
+                return rc;
+            }
+        }
     }
     hdr.request.magic = framing_extras.empty() ? PROTOCOL_BINARY_REQ : PROTOCOL_BINARY_AREQ;
     auto ffextlen = static_cast<std::uint8_t>(framing_extras.size());

package/deps/lcb/src/operations/touch.cc

@@ -117,6 +117,12 @@ LIBCOUCHBASE_API lcb_STATUS lcb_cmdtouch_on_behalf_of(lcb_CMDTOUCH *cmd, const c
     return cmd->on_behalf_of(std::string(data, data_len));
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_cmdtouch_on_behalf_of_extra_privilege(lcb_CMDTOUCH *cmd, const char *privilege,
+                                                                      size_t privilege_len)
+{
+    return cmd->on_behalf_of_add_extra_privilege(std::string(privilege, privilege_len));
+}
+
 static lcb_STATUS touch_validate(lcb_INSTANCE *instance, const lcb_CMDTOUCH *cmd)
 {
     if (cmd->key().empty()) {
@@ -142,6 +148,12 @@ static lcb_STATUS touch_schedule(lcb_INSTANCE *instance, std::shared_ptr<lcb_CMD
         if (err != LCB_SUCCESS) {
             return err;
         }
+        for (const auto &privilege : cmd->extra_privileges()) {
+            err = lcb::flexible_framing_extras::encode_impersonate_users_extra_privilege(privilege, framing_extras);
+            if (err != LCB_SUCCESS) {
+                return err;
+            }
+        }
     }
 
     hdr.request.magic = framing_extras.empty() ? PROTOCOL_BINARY_REQ : PROTOCOL_BINARY_AREQ;

package/deps/lcb/src/operations/unlock.cc

@@ -106,6 +106,12 @@ LIBCOUCHBASE_API lcb_STATUS lcb_cmdunlock_on_behalf_of(lcb_CMDUNLOCK *cmd, const
     return cmd->on_behalf_of(std::string(data, data_len));
 }
 
+LIBCOUCHBASE_API lcb_STATUS lcb_cmdunlock_on_behalf_of_extra_privilege(lcb_CMDUNLOCK *cmd, const char *privilege,
+                                                                       size_t privilege_len)
+{
+    return cmd->on_behalf_of_add_extra_privilege(std::string(privilege, privilege_len));
+}
+
 static lcb_STATUS unlock_validate(lcb_INSTANCE *instance, const lcb_CMDUNLOCK *cmd)
 {
     if (cmd->key().empty()) {
@@ -137,6 +143,12 @@ static lcb_STATUS unlock_schedule(lcb_INSTANCE *instance, std::shared_ptr<lcb_CM
         if (err != LCB_SUCCESS) {
             return err;
         }
+        for (const auto &privilege : cmd->extra_privileges()) {
+            err = lcb::flexible_framing_extras::encode_impersonate_users_extra_privilege(privilege, framing_extras);
+            if (err != LCB_SUCCESS) {
+                return err;
+            }
+        }
     }
 
     hdr.request.magic = framing_extras.empty() ? PROTOCOL_BINARY_REQ : PROTOCOL_BINARY_AREQ;

package/deps/lcb/src/search/search_handle.cc

@@ -97,8 +97,7 @@ void lcb_SEARCH_HANDLE_::invoke_row(lcb_RESPSEARCH *resp)
                     } else if (resp->ctx.http_response_code == 400) {
                         if (error_message_.find("not_found") != std::string::npos) {
                             resp->ctx.rc = LCB_ERR_INDEX_NOT_FOUND;
-                        } else if (error_message_.find("CreateIndex, Prepare failed, err: num_fts_indexes") !=
-                                   std::string::npos) {
+                        } else if (error_message_.find("num_fts_indexes") != std::string::npos) {
                             resp->ctx.rc = LCB_ERR_QUOTA_LIMITED;
                         }
                     } else if (resp->ctx.http_response_code == 429) {

package/deps/lcb/src/settings.cc

@@ -106,6 +106,7 @@ void lcb_settings_unref(lcb_settings *settings)
     }
     free(settings->bucket);
     free(settings->sasl_mech_force);
+    free(settings->truststorepath);
     free(settings->certpath);
     free(settings->keypath);
     free(settings->client_string);

package/deps/lcb/src/ssl/ssl_common.c

@@ -32,6 +32,26 @@
 #define LOGARGS(ssl, lvl) ((lcbio_SOCKET *)SSL_get_app_data(ssl))->settings, "SSL", lvl, __FILE__, __LINE__
 static char *global_event = "dummy event for ssl";
 
+static const char *capella_ca_cert = "-----BEGIN CERTIFICATE-----\n"
+                                     "MIIDFTCCAf2gAwIBAgIRANLVkgOvtaXiQJi0V6qeNtswDQYJKoZIhvcNAQELBQAw\n"
+                                     "JDESMBAGA1UECgwJQ291Y2hiYXNlMQ4wDAYDVQQLDAVDbG91ZDAeFw0xOTEyMDYy\n"
+                                     "MjEyNTlaFw0yOTEyMDYyMzEyNTlaMCQxEjAQBgNVBAoMCUNvdWNoYmFzZTEOMAwG\n"
+                                     "A1UECwwFQ2xvdWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfvOIi\n"
+                                     "enG4Dp+hJu9asdxEMRmH70hDyMXv5ZjBhbo39a42QwR59y/rC/sahLLQuNwqif85\n"
+                                     "Fod1DkqgO6Ng3vecSAwyYVkj5NKdycQu5tzsZkghlpSDAyI0xlIPSQjoORA/pCOU\n"
+                                     "WOpymA9dOjC1bo6rDyw0yWP2nFAI/KA4Z806XeqLREuB7292UnSsgFs4/5lqeil6\n"
+                                     "rL3ooAw/i0uxr/TQSaxi1l8t4iMt4/gU+W52+8Yol0JbXBTFX6itg62ppb/Eugmn\n"
+                                     "mQRMgL67ccZs7cJ9/A0wlXencX2ohZQOR3mtknfol3FH4+glQFn27Q4xBCzVkY9j\n"
+                                     "KQ20T1LgmGSngBInAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n"
+                                     "FJQOBPvrkU2In1Sjoxt97Xy8+cKNMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B\n"
+                                     "AQsFAAOCAQEARgM6XwcXPLSpFdSf0w8PtpNGehmdWijPM3wHb7WZiS47iNen3oq8\n"
+                                     "m2mm6V3Z57wbboPpfI+VEzbhiDcFfVnK1CXMC0tkF3fnOG1BDDvwt4jU95vBiNjY\n"
+                                     "xdzlTP/Z+qr0cnVbGBSZ+fbXstSiRaaAVcqQyv3BRvBadKBkCyPwo+7svQnScQ5P\n"
+                                     "Js7HEHKVms5tZTgKIw1fbmgR2XHleah1AcANB+MAPBCcTgqurqr5G7W2aPSBLLGA\n"
+                                     "fRIiVzm7VFLc7kWbp7ENH39HVG6TZzKnfl9zJYeiklo5vQQhGSMhzBsO70z4RRzi\n"
+                                     "DPFAN/4qZAgD5q3AFNIq2WWADFQGSwVJhg==\n"
+                                     "-----END CERTIFICATE-----\n";
+
 /******************************************************************************
  ******************************************************************************
  ** Boilerplate lcbio_TABLE Wrappers                                         **
@@ -221,6 +241,9 @@ static void log_callback(const SSL *ssl, int where, int ret)
 {
     int should_log = 0;
     lcbio_SOCKET *sock = SSL_get_app_data(ssl);
+    if (sock == NULL) {
+        return;
+    }
     /* Ignore low-level SSL stuff */
 
     if (where & SSL_CB_ALERT) {
@@ -298,6 +321,48 @@ static long decode_ssl_protocol(const char *protocol)
     return disallow;
 }
 
+static lcb_STATUS add_certificate_authority(const lcb_settings *settings, SSL_CTX *ctx, const char *certificate_value,
+                                            int certificate_length)
+{
+    lcb_STATUS rc = LCB_SUCCESS;
+    ERR_clear_error();
+
+    BIO *bio = BIO_new_mem_buf(certificate_value, certificate_length);
+    if (bio) {
+        X509_STORE *store = SSL_CTX_get_cert_store(ctx);
+        if (store) {
+            for (int added = 0;; added = 1) {
+                X509 *cert = PEM_read_bio_X509(bio, 0, 0, 0);
+                if (!cert) {
+                    unsigned long err = ERR_get_error();
+                    if (added && ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
+                        break;
+                    }
+                    lcb_log(LOGARGS_S(settings, LCB_LOG_ERROR),
+                            "Unable to load default certificate: lib=%s, func=%s, reason=%s", ERR_lib_error_string(err),
+                            ERR_func_error_string(err), ERR_reason_error_string(err));
+                    rc = LCB_ERR_SSL_ERROR;
+                    goto GT_CLEANUP;
+                }
+
+                int ok = X509_STORE_add_cert(store, cert);
+                X509_free(cert);
+                if (ok != 1) {
+                    unsigned long err = ERR_get_error();
+                    lcb_log(LOGARGS_S(settings, LCB_LOG_ERROR),
+                            "Unable to add default certificate: lib=%s, func=%s, reason=%s", ERR_lib_error_string(err),
+                            ERR_func_error_string(err), ERR_reason_error_string(err));
+                    rc = LCB_ERR_SSL_ERROR;
+                    goto GT_CLEANUP;
+                }
+            }
+        }
+    }
+GT_CLEANUP:
+    BIO_free(bio);
+    return rc;
+}
+
 lcbio_pSSLCTX lcbio_ssl_new(const char *tsfile, const char *cafile, const char *keyfile, int noverify, lcb_STATUS *errp,
                             lcb_settings *settings)
 {
@@ -351,28 +416,41 @@ lcbio_pSSLCTX lcbio_ssl_new(const char *tsfile, const char *cafile, const char *
     }
 #endif
 
-    if (cafile || tsfile) {
+    if (tsfile) {
         lcb_log(LOGARGS_S(settings, LCB_LOG_DEBUG), "Load verify locations from \"%s\"", tsfile ? tsfile : cafile);
         if (!SSL_CTX_load_verify_locations(ret->ctx, tsfile ? tsfile : cafile, NULL)) {
             *errp = LCB_ERR_SSL_ERROR;
             goto GT_ERR;
         }
-        if (cafile && keyfile) {
-            lcb_log(LOGARGS_S(settings, LCB_LOG_DEBUG), "Authenticate with key \"%s\", cert \"%s\"", keyfile, cafile);
-            if (!SSL_CTX_use_certificate_file(ret->ctx, cafile, SSL_FILETYPE_PEM)) {
-                *errp = LCB_ERR_SSL_ERROR;
-                goto GT_ERR;
-            }
-            if (!SSL_CTX_use_PrivateKey_file(ret->ctx, keyfile, SSL_FILETYPE_PEM)) {
-                lcb_log(LOGARGS_S(settings, LCB_LOG_ERROR), "Unable to load private key \"%s\"", keyfile);
-                *errp = LCB_ERR_SSL_ERROR;
-                goto GT_ERR;
-            }
-            if (!SSL_CTX_check_private_key(ret->ctx)) {
-                lcb_log(LOGARGS_S(settings, LCB_LOG_ERROR), "Unable to verify private key \"%s\"", keyfile);
-                *errp = LCB_ERR_SSL_ERROR;
-                goto GT_ERR;
-            }
+    } else {
+        lcb_log(LOGARGS_S(settings, LCB_LOG_DEBUG), "Use default CA for TLS verify");
+        if (SSL_CTX_set_default_verify_paths(ret->ctx) != 1) {
+            unsigned long err = ERR_get_error();
+            lcb_log(LOGARGS_S(settings, LCB_LOG_WARN), "Unable to load system certificates: lib=%s, reason=%s",
+                    ERR_lib_error_string(err), ERR_reason_error_string(err));
+        }
+        // add the capella Root CA if no other CA was specified.
+        *errp = add_certificate_authority(settings, ret->ctx, capella_ca_cert, strlen(capella_ca_cert));
+        if (*errp != LCB_SUCCESS) {
+            goto GT_ERR;
+        }
+    }
+
+    if (cafile && keyfile) {
+        lcb_log(LOGARGS_S(settings, LCB_LOG_DEBUG), "Authenticate with key \"%s\", cert \"%s\"", keyfile, cafile);
+        if (!SSL_CTX_use_certificate_chain_file(ret->ctx, cafile)) {
+            *errp = LCB_ERR_SSL_ERROR;
+            goto GT_ERR;
+        }
+        if (!SSL_CTX_use_PrivateKey_file(ret->ctx, keyfile, SSL_FILETYPE_PEM)) {
+            lcb_log(LOGARGS_S(settings, LCB_LOG_ERROR), "Unable to load private key \"%s\"", keyfile);
+            *errp = LCB_ERR_SSL_ERROR;
+            goto GT_ERR;
+        }
+        if (!SSL_CTX_check_private_key(ret->ctx)) {
+            lcb_log(LOGARGS_S(settings, LCB_LOG_ERROR), "Unable to verify private key \"%s\"", keyfile);
+            *errp = LCB_ERR_SSL_ERROR;
+            goto GT_ERR;
         }
     }
 
@@ -422,15 +500,25 @@ GT_ERR:
     return NULL;
 }
 
+struct proto_ctx_ssl {
+    lcbio_PROTOCTX proto;
+    SSL *ssl;
+};
+
 static void noop_dtor(lcbio_PROTOCTX *arg)
 {
-    free(arg);
+    if (!arg) {
+        return;
+    }
+    struct proto_ctx_ssl *sproto = (struct proto_ctx_ssl *)arg;
+    SSL_set_app_data(sproto->ssl, NULL);
+    free(sproto);
 }
 
 lcb_STATUS lcbio_ssl_apply(lcbio_SOCKET *sock, lcbio_pSSLCTX sctx)
 {
     lcbio_pTABLE old_iot = sock->io, new_iot;
-    lcbio_PROTOCTX *sproto;
+    struct proto_ctx_ssl *sproto;
 
     if (old_iot->model == LCB_IOMODEL_EVENT) {
         new_iot = lcbio_Essl_new(old_iot, sock->u.fd, sctx->ctx);
@@ -440,12 +528,13 @@ lcb_STATUS lcbio_ssl_apply(lcbio_SOCKET *sock, lcbio_pSSLCTX sctx)
 
     if (new_iot) {
         sproto = calloc(1, sizeof(*sproto));
-        sproto->id = LCBIO_PROTOCTX_SSL;
-        sproto->dtor = noop_dtor;
-        lcbio_protoctx_add(sock, sproto);
+        sproto->proto.id = LCBIO_PROTOCTX_SSL;
+        sproto->proto.dtor = noop_dtor;
+        lcbio_protoctx_add(sock, &sproto->proto);
         lcbio_table_unref(old_iot);
         sock->io = new_iot;
         /* just for logging */
+        sproto->ssl = ((lcbio_XSSL *)new_iot)->ssl;
         SSL_set_app_data(((lcbio_XSSL *)new_iot)->ssl, sock);
         return LCB_SUCCESS;
 

package/deps/lcb/src/utilities.cc

@@ -214,3 +214,24 @@ lcb_STATUS lcb::flexible_framing_extras::encode_impersonate_user(const std::stri
     }
     return LCB_SUCCESS;
 }
+
+lcb_STATUS lcb::flexible_framing_extras::encode_impersonate_users_extra_privilege(
+    const std::string &privilege, std::vector<std::uint8_t> &flexible_framing_extras)
+{
+    auto privilege_len = privilege.size();
+    if (privilege_len > std::numeric_limits<std::uint8_t>::max() + 0xfU) {
+        return LCB_ERR_INVALID_ARGUMENT;
+    }
+    std::uint8_t frame_id = 0x06;
+    if (privilege_len < 15) {
+        auto frame_size = static_cast<std::uint8_t>(privilege_len);
+        flexible_framing_extras.emplace_back(frame_id << 4U | frame_size);
+    } else {
+        flexible_framing_extras.emplace_back(frame_id << 4U | 0xfU);
+        flexible_framing_extras.emplace_back(privilege_len - 0xfU);
+    }
+    for (const auto byte : privilege) {
+        flexible_framing_extras.emplace_back(byte);
+    }
+    return LCB_SUCCESS;
+}

package/deps/lcb/src/utilities.h

@@ -29,6 +29,9 @@ namespace lcb
 namespace flexible_framing_extras
 {
 lcb_STATUS encode_impersonate_user(const std::string &username, std::vector<std::uint8_t> &flexible_framing_extras);
+
+lcb_STATUS encode_impersonate_users_extra_privilege(const std::string &privilege,
+                                                    std::vector<std::uint8_t> &flexible_framing_extras);
 } // namespace flexible_framing_extras
 } // namespace lcb
 

package/deps/lcb/src/vbucket/vbucket.c

@@ -932,12 +932,19 @@ char *lcbvb_save_json(lcbvb_CONFIG *cfg)
     cJSON *tmp = NULL, *nodes = NULL;
     cJSON *root = cJSON_CreateObject();
 
-    if (cfg->dtype == LCBVB_DIST_VBUCKET) {
-        tmp = cJSON_CreateString("vbucket");
-    } else {
-        tmp = cJSON_CreateString("ketama");
+    switch (cfg->dtype) {
+        case  LCBVB_DIST_VBUCKET:
+            tmp = cJSON_CreateString("vbucket");
+            break;
+        case LCBVB_DIST_KETAMA:
+            tmp = cJSON_CreateString("ketama");
+            break;
+        default:
+            break;
+    }
+    if (tmp) {
+        cJSON_AddItemToObject(root, "nodeLocator", tmp);
     }
-    cJSON_AddItemToObject(root, "nodeLocator", tmp);
 
     if (cfg->buuid) {
         tmp = cJSON_CreateString(cfg->buuid);
@@ -951,8 +958,10 @@ char *lcbvb_save_json(lcbvb_CONFIG *cfg)
         tmp = cJSON_CreateInt64(cfg->revid);
         cJSON_AddItemToObject(root, "rev", tmp);
     }
-    tmp = cJSON_CreateString(cfg->bname);
-    cJSON_AddItemToObject(root, "name", tmp);
+    if (cfg->bname != NULL) {
+        tmp = cJSON_CreateString(cfg->bname);
+        cJSON_AddItemToObject(root, "name", tmp);
+    }
 
     nodes = cJSON_CreateArray();
     cJSON_AddItemToObject(root, "nodesExt", nodes);

package/deps/lcb/tests/CMakeLists.txt

@@ -173,7 +173,7 @@ MACRO(DEFINE_MOCKTEST plugin test)
             --gtest_filter="ContaminatingUnitTest.*"
             --gtest_throw_on_failure=1
             --gtest_print_time=1
-            --gtest_output=xml:"${PROJECT_BINARY_DIR}/REPORT_${plugin}_${test}.xml")
+            --gtest_output=xml:"${PROJECT_BINARY_DIR}/REPORT_${plugin}_${test}_contaminating.xml")
     SET_TESTS_PROPERTIES(check-contaminating-${plugin}-${test} PROPERTIES LABELS "contaminating" )
 ENDMACRO()
 

package/deps/lcb/tests/iotests/mock-environment.cc

@@ -423,7 +423,19 @@ static void statsCallback(lcb_INSTANCE *instance, lcb_CALLBACK_TYPE, const lcb_R
                 }
                 break;
             case 7:
-                version = MockEnvironment::VERSION_70;
+                switch (minor) {
+                    case 0:
+                        version = MockEnvironment::VERSION_70;
+                        break;
+                    case 1:
+                        version = MockEnvironment::VERSION_71;
+                        break;
+                    case 2:
+                        version = MockEnvironment::VERSION_72;
+                        break;
+                    default:
+                        break;
+                }
                 break;
             default:
                 break;

package/deps/lcb/tests/iotests/mock-environment.h

@@ -246,7 +246,9 @@ class MockEnvironment : public ::testing::Environment
         VERSION_60 = 10,
         VERSION_65 = 11,
         VERSION_66 = 12,
-        VERSION_70 = 13
+        VERSION_70 = 13,
+        VERSION_71 = 14,
+        VERSION_72 = 15,
     };
 
     void SetUp() override;

package/deps/lcb/tests/iotests/serverparams.h

@@ -37,10 +37,15 @@ class ServerParams
     void makeConnectParams(lcb_CREATEOPTS *&crst, lcb_io_opt_t io, lcb_INSTANCE_TYPE type = LCB_TYPE_BUCKET)
     {
         lcb_createopts_create(&crst, type);
-        if (host.find("couchbase://") == 0) {
+        if (host.find("couchbase") == 0) {
             connstr = host;
             // deactivate dnssrv and compression, use cccp bootstrap
-            connstr += "?dnssrv=off&bootstrap_on=cccp&compression=off";
+            if (host.find("?") == std::string::npos) {
+                connstr += "?";
+            } else {
+                connstr += "&";
+            }
+            connstr += "dnssrv=off&bootstrap_on=cccp&compression=off";
         } else {
             if (mcNodes.empty() || type == LCB_TYPE_CLUSTER) {
                 connstr = "couchbase://" + host + "=http";