search

SK-Yang / memcached

Automatically exported from code.google.com/p/memcached
0 stars 0 forks source link

SASL authentication allows wrong credentials to access memcache #316

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Ran memcached server with following flags -S -d -m 1024 0.0.0.0 -p 11211 -u 
ubuntu
2. Add user with saslpasswd2 -a memcached -c newuser
3. Pointed cached store: dalli_store, 'domain.com:11211', { :username => 
newuser, :password *** } (I am using dalli gem in Rails application)
4. When I try to access memcache with wrong credentials, on the first try I get 
message that authentication failed, which is fine. But, when I try again to 
access the cache it lets me do it even I have provided wrong credentials.

What is the expected output? What do you see instead?

After failed authentication I shouldn't be able to access memcached and be able 
to both read and write in it. When I try to access memcache without providing 
any credentials I get rejected every time, which is what I expect. Also when I 
provide valid credentials I get a message that SASL authentication was 
successfull and then I have access to memcached, which is also what I expect.

What version of the product are you using? On what operating system?

I am using memcached 1.4.10 and libevent 1.4.9 on Ubuntu 10.04.2 LTS

Please provide any additional information below.

These are the steps that I followed when installing memcached with SASL:

libevent:

    cd /usr/src/
    wget http://www.monkey.org/~provos/libevent-1.4.9-stable.tar.gz  
    tar xvfz libevent-1.4.9-stable.tar.gz  
    cd libevent-1.4.9-stable  
    ./configure
    make
    make install

SASL packages:

    sudo apt-get -f install libsasl2-2 sasl2-bin libsasl2-dev libsasl2-modules 

memcached:

    cd /usr/src/
    wget http://memcached.googlecode.com/files/memcached-1.4.10.tar.gz
    tar -xzf memcached-1.4.10.tar.gz
    cd memcached-1.4.10
    ./configure --enable-sasl
    make
    make install

I am starting memcached with following command:

    memcached -S -d -m 1024 0.0.0.0 -p 11211 -u ubuntu

Original issue reported on code.google.com by ras...@renderedtext.com on 19 Apr 2013 at 9:11

GoogleCodeExporter commented 9 years ago 
fixed in 1.4.17. please let us know if it's not/etc.

Original comment by dorma...@rydia.net on 20 Dec 2013 at 10:35