[Bug 1878721] Re: memcached looks for SASL configuration at wrong path /etc/sasl2/memcached.conf/memcached.conf (18.04→20.04 regression)
Anders Kaseorg
1878721 at bugs.launchpad.net
Tue Jun 2 04:55:51 UTC 2020
** Description changed:
[Impact]
memcached 1.5.22 in focal has a bug where it looks for its SASL
configuration at /etc/sasl2/memcached.conf/memcached.conf instead of
/etc/sasl2/memcached.conf. This causes a memcached setup with
authentication that was working in bionic to fail in focal.
The bug was introduced upstream in 1.5.7~3:
https://github.com/memcached/memcached/commit/39151c870c5e598f039714bdb790bd46f614856e
https://github.com/memcached/memcached/pull/366
and fixed upstream in 1.6.0~15:
https://github.com/memcached/memcached/commit/6207330c2705fdb5f02de13b99a0d994f7c4f14a
[Test Case]
apt-get install memcached libmemcached-tools libsasl2-modules sasl2-bin
mkdir /etc/sasl2
echo 'mech_list: plain' > /etc/sasl2/memcached.conf
echo 'sasldb_path: /etc/sasl2/memcached-sasldb2' >> /etc/sasl2/memcached.conf
echo bar | saslpasswd2 -p -f /etc/sasl2/memcached-sasldb2 -a memcached foo
chown memcache: /etc/sasl2/memcached-sasldb2
+ echo '-S' >> /etc/memcached.conf
systemctl restart memcached
memcping --servers=127.0.0.1 --binary --username=foo --password=bar
Succeeds in bionic (with no output); fails in focal with “Failed to ping
127.0.0.1:11211 UNKNOWN READ FAILURE” or “Failed to ping 127.0.0.1:11211
WRITE FAILURE”; should succeed with the patch.
If you want to test alternate locations for the SASL config file, here
are all four locations that will now work by default:
• /etc/sasl/memcached.conf/memcached.conf: fails in bionic; accidentally succeeds in focal; should succeed with the patch
• /etc/sasl/memcached.conf: succeeds in bionic; fails in focal; should succeed with the patch
• /etc/sasl2/memcached.conf/memcached.conf: fails in bionic; accidentally succeeds in focal; should work with the patch
• /etc/sasl2/memcached.conf: succeeds in bionic; fails in focal; should succeed with the patch
[Regression Potential]
Low risk. The upstream patch is targeted and applies cleanly to 1.5.22.
It looks for the SASL configuration at both the incorrect and correct
paths, so even in the (unlikely) event that someone worked around this
bug by manually creating a configuration file at the incorrect path
/etc/sasl2/memcached.conf/memcached.conf, that will continue to be
respected.
If there were to be a regression, it would likely manifest as an
authentication failure, which clients may display as a read or write
failure, like the failure mode of the regression being fixed here.
** Description changed:
[Impact]
memcached 1.5.22 in focal has a bug where it looks for its SASL
configuration at /etc/sasl2/memcached.conf/memcached.conf instead of
/etc/sasl2/memcached.conf. This causes a memcached setup with
authentication that was working in bionic to fail in focal.
The bug was introduced upstream in 1.5.7~3:
https://github.com/memcached/memcached/commit/39151c870c5e598f039714bdb790bd46f614856e
https://github.com/memcached/memcached/pull/366
and fixed upstream in 1.6.0~15:
https://github.com/memcached/memcached/commit/6207330c2705fdb5f02de13b99a0d994f7c4f14a
[Test Case]
apt-get install memcached libmemcached-tools libsasl2-modules sasl2-bin
mkdir /etc/sasl2
echo 'mech_list: plain' > /etc/sasl2/memcached.conf
echo 'sasldb_path: /etc/sasl2/memcached-sasldb2' >> /etc/sasl2/memcached.conf
echo bar | saslpasswd2 -p -f /etc/sasl2/memcached-sasldb2 -a memcached foo
chown memcache: /etc/sasl2/memcached-sasldb2
echo '-S' >> /etc/memcached.conf
systemctl restart memcached
memcping --servers=127.0.0.1 --binary --username=foo --password=bar
Succeeds in bionic (with no output); fails in focal with “Failed to ping
127.0.0.1:11211 UNKNOWN READ FAILURE” or “Failed to ping 127.0.0.1:11211
WRITE FAILURE”; should succeed with the patch.
If you want to test alternate locations for the SASL config file, here
are all four locations that will now work by default:
• /etc/sasl/memcached.conf/memcached.conf: fails in bionic; accidentally succeeds in focal; should succeed with the patch
• /etc/sasl/memcached.conf: succeeds in bionic; fails in focal; should succeed with the patch
- • /etc/sasl2/memcached.conf/memcached.conf: fails in bionic; accidentally succeeds in focal; should work with the patch
+ • /etc/sasl2/memcached.conf/memcached.conf: fails in bionic; accidentally succeeds in focal; should succeed with the patch
• /etc/sasl2/memcached.conf: succeeds in bionic; fails in focal; should succeed with the patch
[Regression Potential]
Low risk. The upstream patch is targeted and applies cleanly to 1.5.22.
It looks for the SASL configuration at both the incorrect and correct
paths, so even in the (unlikely) event that someone worked around this
bug by manually creating a configuration file at the incorrect path
/etc/sasl2/memcached.conf/memcached.conf, that will continue to be
respected.
If there were to be a regression, it would likely manifest as an
authentication failure, which clients may display as a read or write
failure, like the failure mode of the regression being fixed here.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1878721
Title:
memcached looks for SASL configuration at wrong path
/etc/sasl2/memcached.conf/memcached.conf (18.04→20.04 regression)
Status in memcached package in Ubuntu:
Fix Released
Status in memcached source package in Eoan:
Triaged
Status in memcached source package in Focal:
Confirmed
Bug description:
[Impact]
memcached 1.5.22 in focal has a bug where it looks for its SASL
configuration at /etc/sasl2/memcached.conf/memcached.conf instead of
/etc/sasl2/memcached.conf. This causes a memcached setup with
authentication that was working in bionic to fail in focal.
The bug was introduced upstream in 1.5.7~3:
https://github.com/memcached/memcached/commit/39151c870c5e598f039714bdb790bd46f614856e
https://github.com/memcached/memcached/pull/366
and fixed upstream in 1.6.0~15:
https://github.com/memcached/memcached/commit/6207330c2705fdb5f02de13b99a0d994f7c4f14a
[Test Case]
apt-get install memcached libmemcached-tools libsasl2-modules sasl2-bin
mkdir /etc/sasl2
echo 'mech_list: plain' > /etc/sasl2/memcached.conf
echo 'sasldb_path: /etc/sasl2/memcached-sasldb2' >> /etc/sasl2/memcached.conf
echo bar | saslpasswd2 -p -f /etc/sasl2/memcached-sasldb2 -a memcached foo
chown memcache: /etc/sasl2/memcached-sasldb2
echo '-S' >> /etc/memcached.conf
systemctl restart memcached
memcping --servers=127.0.0.1 --binary --username=foo --password=bar
Succeeds in bionic (with no output); fails in focal with “Failed to
ping 127.0.0.1:11211 UNKNOWN READ FAILURE” or “Failed to ping
127.0.0.1:11211 WRITE FAILURE”; should succeed with the patch.
If you want to test alternate locations for the SASL config file, here
are all four locations that will now work by default:
• /etc/sasl/memcached.conf/memcached.conf: fails in bionic; accidentally succeeds in focal; should succeed with the patch
• /etc/sasl/memcached.conf: succeeds in bionic; fails in focal; should succeed with the patch
• /etc/sasl2/memcached.conf/memcached.conf: fails in bionic; accidentally succeeds in focal; should succeed with the patch
• /etc/sasl2/memcached.conf: succeeds in bionic; fails in focal; should succeed with the patch
[Regression Potential]
Low risk. The upstream patch is targeted and applies cleanly to
1.5.22. It looks for the SASL configuration at both the incorrect and
correct paths, so even in the (unlikely) event that someone worked
around this bug by manually creating a configuration file at the
incorrect path /etc/sasl2/memcached.conf/memcached.conf, that will
continue to be respected.
If there were to be a regression, it would likely manifest as an
authentication failure, which clients may display as a read or write
failure, like the failure mode of the regression being fixed here.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/memcached/+bug/1878721/+subscriptions
More information about the Ubuntu-sponsors
mailing list