Hey all, I am writing my own implementation of a memcachedClient within which I want to add authentication. I just started with PLAIN auth but failed.
My main reference is this one https://github.com/couchbase/memcached/blob/master/docs/sasl.md My guess is that the binary message I am sending through the wire was wrong, thus it could never match with the secret I store in the db file. After searching around, I found out the SASL_AUTH(0X21) is also a key-value like operation, where the key is the auth mechanism, and the value being auth data. The tricky part is how I put them in the outgoing request. Please correct me if i am wrong, below is an example of PLAIN auth request 1. The auth mechanism comes right after the header. in this case 'PLAIN' 2. A NULL byte comes after the "key" -> "PLAIN". In this case byte # 29. 3. Then comes the user@hostName 4. A NULL bytes comes after user@hostname. In this case byte # 34 5. The last part is the password Byte/ 0 | 1 | 2 | 3 | / | | | | |0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7|0 1 2 3 4 5 6 7| +---------------+---------------+---------------+---------------+ 0| 0x80 | 0x21 | 0x00 | 0x05 | +---------------+---------------+---------------+---------------+ 4| 0x00 | 0x00 | 0x00 | 0x00 | +---------------+---------------+---------------+---------------+ 8| 0x00 | 0x00 | 0x00 | 0x11 | +---------------+---------------+---------------+---------------+ 12| 0x00 | 0x00 | 0x00 | 0x00 | +---------------+---------------+---------------+---------------+ 16| 0x00 | 0x00 | 0x00 | 0x00 | +---------------+---------------+---------------+---------------+ 20| 0x00 | 0x00 | 0x00 | 0x00 | +---------------+---------------+---------------+---------------+ 24| 0x50 ('P') | 0x4c ('L') | 0x41 ('A') | 0x49 ('I') | +---------------+---------------+---------------+---------------+ 28| 0x4e ('N') | 0x00 | 0x75 ('u') | 0x73 ('s') | +---------------+---------------+---------------+---------------+ 32| 0x65 ('e') | 0x72 ('r') | 0x00 | 0x70 ('p') | +---------------+---------------+---------------+---------------+ 36| 0x65 ('e') | 0x6e ('n') | 0x63 ('c') | 0x69 ('i') | +---------------+---------------+---------------+---------------+ 40| 0x6c ('l') | +---------------+ Total 41 bytes (24 bytes header, 5 bytes key and 12 value) Field (offset) (value) Magic (0) : 0x80 Opcode (1) : 0x21 Key length (2,3) : 0x0005 Extra length (4) : 0x00 Data type (5) : 0x00 Vbucket (6,7) : 0x0000 Total body (8-11) : 0x00000011 Opaque (12-15): 0x00000000 CAS (16-23): 0x00000000 What could be wrong? - In my memcached-sasl-db, should I store userName:password or username@hostName:password? - Does the TotalLength of the message include the NULL bytes being added between authKey/authData and username/password? - In my authData should I use \0x00userName\0x00password or \0x00userName@hostNname\0x00password? - Any other suggestions? Best regards, Jiuming *Below are Logs and configurations for your references* memcached logs: Below you will find that I did a LIST_MECH(0x20) and then did a SASL_AUTH(0X21) LRU crawler thread sleeping <28 new binary client connection. 28: going from conn_new_cmd to conn_waiting 28: going from conn_waiting to conn_read 28: going from conn_read to conn_closing <28 connection closed. 28: going from conn_closing to conn_closed <28 new binary client connection. 28: going from conn_new_cmd to conn_waiting 28: going from conn_waiting to conn_read 28: going from conn_read to conn_parse_cmd <28 Read binary protocol data: <28 0x80 0x20 0x00 0x00 <28 0x00 0x00 0x00 0x00 <28 0x00 0x00 0x00 0x00 <28 0x00 0x00 0x00 0x01 <28 0x00 0x00 0x00 0x00 <28 0x00 0x00 0x00 0x00 authenticated() in cmd 0x20 is true >28 Writing bin response: >28 0x81 0x20 0x00 0x00 >28 0x00 0x00 0x00 0x00 >28 0x00 0x00 0x00 0x15 >28 0x00 0x00 0x00 0x01 >28 0x00 0x00 0x00 0x00 >28 0x00 0x00 0x00 0x00 28: going from conn_parse_cmd to conn_mwrite 28: going from conn_mwrite to conn_new_cmd 28: going from conn_new_cmd to conn_waiting 28: going from conn_waiting to conn_read 28: going from conn_read to conn_parse_cmd <28 Read binary protocol data: <28 0x80 0x21 0x00 0x05 <28 0x00 0x00 0x00 0x00 <28 0x00 0x00 0x00 0x14 <28 0x00 0x00 0x00 0x02 <28 0x00 0x00 0x00 0x00 <28 0x00 0x00 0x00 0x00 authenticated() in cmd 0x21 is true 28: going from conn_parse_cmd to conn_nread mech: ``PLAIN'' with 15 bytes of data SASL (severity 2): Password verification failed sasl result code: -20 Unknown sasl response: -20 >28 Writing an error: Auth failure. >28 Writing bin response: >28 0x81 0x21 0x00 0x00 >28 0x00 0x00 0x00 0x20 >28 0x00 0x00 0x00 0x0d >28 0x00 0x00 0x00 0x02 >28 0x00 0x00 0x00 0x00 >28 0x00 0x00 0x00 0x00 My memcached.conf % cat memcached.conf mech_list: plain log_level: 5 sasldb_path: /tmp/memcached-sasl-db My /tmp/memcached-sasl-db % cat memcached-sasl-db myname@myHostName:mypass My exports: export MEMCACHED_SASL_PWDB=/tmp/memcached-sasl-db export SASL_CONF_PATH=`pwd`/memcached.conf -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
