** Description changed: [Impact] memcached 1.5.22 in focal has a bug where it looks for its SASL configuration at /etc/sasl2/memcached.conf/memcached.conf instead of /etc/sasl2/memcached.conf. This causes a memcached setup with authentication that was working in bionic to fail in focal. The bug was introduced upstream in 1.5.7~3: + https://github.com/memcached/memcached/commit/39151c870c5e598f039714bdb790bd46f614856e + https://github.com/memcached/memcached/commit/80dd99d831535ddeec73d55a0adcaeaac8cb7298 https://github.com/memcached/memcached/pull/366 + and fixed upstream in 1.6.0~15: + https://github.com/memcached/memcached/commit/6207330c2705fdb5f02de13b99a0d994f7c4f14a + + The reason this bug happens is because sasl works with paths (i.e., + directories) when determining which configuration files it should load, + whereas, after the two commits mentioned above (version 1.5.7~3), + memcached started to pass a full pathname (including the filename) of + the configuration file. + + So, while in a "normal" setup memcached's configuration file would live + at /etc/sasl2/memcached.conf, meaning that memcached would tell sasl + that the config path is "/etc/sasl2/", with the buggy memcached sasl + would think that the configuration directory is + "/etc/sasl2/memcached.conf/", and would try to look for a + "memcached.conf" file inside it. + + Users could workaroud this bug by creating a directory named + "/etc/sasl2/memcached.conf/". For this reason, the backported patch + also takes this workaround into account. The patch also accepts the + "/etc/sasl/" directory. [Test Case] - apt-get install memcached libmemcached-tools libsasl2-modules sasl2-bin - mkdir /etc/sasl2 - echo 'mech_list: plain' > /etc/sasl2/memcached.conf - echo 'sasldb_path: /etc/sasl2/memcached-sasldb2' >> /etc/sasl2/memcached.conf - echo bar | saslpasswd2 -p -f /etc/sasl2/memcached-sasldb2 -a memcached foo - chown memcache: /etc/sasl2/memcached-sasldb2 - echo '-S' >> /etc/memcached.conf - systemctl restart memcached - memcping --servers=127.0.0.1 --binary --username=foo --password=bar + To test the fix, one can do: - Succeeds in bionic (with no output); fails in focal with “Failed to ping - 127.0.0.1:11211 UNKNOWN READ FAILURE” or “Failed to ping 127.0.0.1:11211 - WRITE FAILURE”; should succeed with the patch. + $ lxc launch ubuntu-daily:focal memcached-bug1878721 + $ lxc shell memcached-bug1878721 + # apt update && apt upgrade -y + # apt install -y memcached libmemcached-tools libsasl2-modules sasl2-bin + # mkdir -p /etc/sasl2 + # cat > /etc/sasl2/memcached.conf << __EOF__ + mech_list: plain + sasldb_path: /etc/sasl2/memcached-sasldb2 + __EOF__ + # echo bar | saslpasswd2 -p -f /etc/sasl2/memcached-sasldb2 -a memcached foo + # chown memcache: /etc/sasl2/memcached-sasldb2 + # echo '-S' >> /etc/memcached.conf + # systemctl restart memcached.service + # memcping --servers=127.0.0.1 --binary --username=foo --password=bar - If you want to test alternate locations for the SASL config file, here - are all four locations that will now work by default: + With the last command, you should see an error like: - • /etc/sasl/memcached.conf/memcached.conf: fails in bionic; accidentally succeeds in focal; should succeed with the patch - • /etc/sasl/memcached.conf: succeeds in bionic; fails in focal; should succeed with the patch - • /etc/sasl2/memcached.conf/memcached.conf: fails in bionic; accidentally succeeds in focal; should succeed with the patch - • /etc/sasl2/memcached.conf: succeeds in bionic; fails in focal; should succeed with the patch + Failed to ping 127.0.0.1:11211 WRITE FAILURE + + or: + + Failed to ping 127.0.0.1:11211 READ FAILURE + + You can also check its exit status: + + # echo $? + 1 + + It is possible to test the workaround workaround mentioned in the + previous section by doing: + + # mv /etc/sasl2/memcached.conf /tmp/ + # mkdir /etc/sasl2/memcached.conf + # mv /tmp/memcached.conf /etc/sasl2/memcached.conf/ + # systemctl restart memcached.service + # memcping --servers=127.0.0.1 --binary --username=foo --password=bar + # echo $? + 0 + + Using the fix provided, one can verify that both tests above will work. + + Here are all four locations that will now work by default: + + • /etc/sasl/memcached.conf/memcached.conf + • /etc/sasl/memcached.conf + • /etc/sasl2/memcached.conf/memcached.conf + • /etc/sasl2/memcached.conf [Regression Potential] Low risk. The upstream patch is targeted and applies cleanly to 1.5.22. It looks for the SASL configuration at both the incorrect and correct paths, so even in the (unlikely) event that someone worked around this bug by manually creating a configuration file at the incorrect path /etc/sasl2/memcached.conf/memcached.conf, that will continue to be respected. If there were to be a regression, it would likely manifest as an authentication failure, which clients may display as a read or write failure, like the failure mode of the regression being fixed here.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1878721 Title: memcached looks for SASL configuration at wrong path /etc/sasl2/memcached.conf/memcached.conf (18.04→20.04 regression) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/memcached/+bug/1878721/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
