Lcb_make_http_request usage broken in 2.7.4

penacho · May 17, 2017, 2:03pm

In our application we use lcb_make_http_request() to retrieve statistics for a bucket (/pools/default/buckets/<bucket_name>). This worked fine in 2.4.7 and 2.7.0.
Now I trying to move 2.7.4 (because of another issue) and notice that the statistics can no longer retrieved: libcouchbase 2.7.4 now adds an Authenticator header with empty username/password to the HTTP request. The earlier versions I mentioned didn’t do that.

A quick look at the code suggests that the only case it will not do that is when cmdflag is set to LCB_CMDHTTP_F_NOUPASS, but seems not possible to set that with lcb_make_http_request().

Is there a way to prevent libcouchbase automagically set (empty) username/password in the outgoing HTTP request for lcb_make_http_request() ?

mnunberg · May 17, 2017, 2:15pm

You can switch over to using the lcb_http3() API, which will prevent it from sending the header. You can still use your legacy callbacks installed via lcb_set_http_callback).

If you look in the source code, you’ll see that lcb_make_http_request() is a simple wrapper around lcb_http3. lcb_http3 should be available in 2.4.7 as well, so I’m not sure you’ll have an issue with that.

In any event, sending an Authentication header when there’s an empty username/password seems like a bug to me. I think I just figured out why…

avsej · May 17, 2017, 2:24pm

But why not provide username at least? Similar issue was reported here Couchbase-ruby-client broken by libcouchbase 2.7.4 - #3 by avsej, and if you just pass username with empty password.

You have to specify username when creating lcb instance, in lcb_create

penacho · May 17, 2017, 2:33pm

Thanks Mark,
If you already a patch for the empty username/password I can try that (I build the library from source anyway to use libevent2 on CentOS 6). Else I’ll change it to using the lcb_http3() call.

penacho · May 17, 2017, 2:35pm

As the username/password are not required to connect to the server, nor to retrieve the stats, why bother with the configuration hassle of username/password?

mnunberg · May 17, 2017, 2:36pm

The patch probably won’t be coming in until later today, as I need to release a new version today.

Couchbase Server 5.0 will now require a username and password for any type of operation, hence the changes in the library.

penacho · May 17, 2017, 2:38pm

Ok, no worries. I see where the problem is, I’ll make a quick fix for now and pick up yours later.

penacho · May 17, 2017, 2:53pm

This fixes the issue:

--- src/http/http.cc	2017-04-18 19:56:41.000000000 +0200
+++ src/http/http.cc.new	2017-05-17 16:40:39.283528011 +0200
@@ -473,7 +473,8 @@
 }
 
 add_header("Accept", "application/json");
-    if (password && username) {
+    if (password && (password[0] != '\0') &&
+        username && (username[0] != '\0') ) {
     char auth[256];
     std::string upassbuf;
     upassbuf.append(username).append(":").append(password);

Topic		Replies	Views
Couchbase-ruby-client broken by libcouchbase 2.7.4 Ruby SDK	8	3736	August 22, 2018
Php-ext-couchbase-1.1.2-ubuntu1110 - "Failed to create libcouchbase instance" PHP SDK	1	1839	October 28, 2013
Memory leak in libcouchbase 2.2.0 / lcb_make_http_request? C SDK	2	2450	April 30, 2014
Libcouchbase error: The username must match the bucket name (or be NULL) for data access C SDK	4	2036	April 10, 2018
Connecting to couchbase cluster without bucket name using C SDK C SDK	1	1425	June 25, 2018

Lcb_make_http_request usage broken in 2.7.4

Related topics