[Bug 1878721] Re: memcached looks for SASL configuration at wrong path /etc/sasl2/memcached.conf/memcached.conf (18.04→20.04 regression)

Wed Jun 24 12:30:41 UTC 2020

Hello Anders, or anyone else affected,

Accepted memcached into eoan-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/memcached/1.5.10-0ubuntu3.1 in a
few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
eoan to verification-done-eoan. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-eoan. In either case, without details of your testing we will not
be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: memcached (Ubuntu Eoan)
       Status: Triaged => Fix Committed

** Tags added: verification-needed-eoan

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1878721

Title:
  memcached looks for SASL configuration at wrong path
  /etc/sasl2/memcached.conf/memcached.conf (18.04→20.04 regression)

Status in memcached package in Ubuntu:
  Fix Released
Status in memcached source package in Eoan:
  Fix Committed
Status in memcached source package in Focal:
  Fix Released

Bug description:
  [Impact]

  memcached 1.5.22 in focal has a bug where it looks for its SASL
  configuration at /etc/sasl2/memcached.conf/memcached.conf instead of
  /etc/sasl2/memcached.conf.  This causes a memcached setup with
  authentication that was working in bionic to fail in focal.

  The bug was introduced upstream in 1.5.7~3:

  https://github.com/memcached/memcached/commit/39151c870c5e598f039714bdb790bd46f614856e
  https://github.com/memcached/memcached/commit/80dd99d831535ddeec73d55a0adcaeaac8cb7298
  https://github.com/memcached/memcached/pull/366

  and fixed upstream in 1.6.0~15:

  https://github.com/memcached/memcached/commit/6207330c2705fdb5f02de13b99a0d994f7c4f14a

  The reason this bug happens is because sasl works with paths (i.e.,
  directories) when determining which configuration files it should
  load, whereas, after the two commits mentioned above (version
  1.5.7~3), memcached started to pass a full pathname (including the
  filename) of the configuration file.

  So, while in a "normal" setup memcached's configuration file would
  live at /etc/sasl2/memcached.conf, meaning that memcached would tell
  sasl that the config path is "/etc/sasl2/", with the buggy memcached
  sasl would think that the configuration directory is
  "/etc/sasl2/memcached.conf/", and would try to look for a
  "memcached.conf" file inside it.

  Users could workaroud this bug by creating a directory named
  "/etc/sasl2/memcached.conf/".  For this reason, the backported patch
  also takes this workaround into account.  The patch also accepts the
  "/etc/sasl/" directory.

  [Test Case]

  To test the fix, one can do:

  $ lxc launch ubuntu-daily:focal memcached-bug1878721
  $ lxc shell memcached-bug1878721
  # apt update && apt upgrade -y
  # apt install -y memcached libmemcached-tools libsasl2-modules sasl2-bin
  # mkdir -p /etc/sasl2
  # cat > /etc/sasl2/memcached.conf << __EOF__
  mech_list: plain
  sasldb_path: /etc/sasl2/memcached-sasldb2
  __EOF__
  # echo bar | saslpasswd2 -p -f /etc/sasl2/memcached-sasldb2 -a memcached foo
  # chown memcache: /etc/sasl2/memcached-sasldb2
  # echo '-S' >> /etc/memcached.conf
  # systemctl restart memcached.service
  # memcping --servers=127.0.0.1 --binary --username=foo --password=bar

  With the last command, you should see an error like:

    Failed to ping 127.0.0.1:11211 WRITE FAILURE

  or:

    Failed to ping 127.0.0.1:11211 READ FAILURE

  You can also check its exit status:

  # echo $?
  1

  It is possible to test the workaround workaround mentioned in the
  previous section by doing:

  # mv /etc/sasl2/memcached.conf /tmp/
  # mkdir /etc/sasl2/memcached.conf
  # mv /tmp/memcached.conf /etc/sasl2/memcached.conf/
  # systemctl restart memcached.service
  # memcping --servers=127.0.0.1 --binary --username=foo --password=bar
  # echo $?
  0

  Using the fix provided, one can verify that both tests above will
  work.

  Here are all four locations that will now work by default:

  • /etc/sasl/memcached.conf/memcached.conf
  • /etc/sasl/memcached.conf
  • /etc/sasl2/memcached.conf/memcached.conf
  • /etc/sasl2/memcached.conf

  [Regression Potential]

  Low risk.  The upstream patch is targeted and applies cleanly to
  1.5.22.  It looks for the SASL configuration at both the incorrect and
  correct paths, so even in the (unlikely) event that someone worked
  around this bug by manually creating a configuration file at the
  incorrect path /etc/sasl2/memcached.conf/memcached.conf, that will
  continue to be respected.

  If there were to be a regression, it would likely manifest as an
  authentication failure, which clients may display as a read or write
  failure, like the failure mode of the regression being fixed here.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/memcached/+bug/1878721/+subscriptions