git.m6w6.name Git - m6w6/libmemcached/blob - libmemcached/sasl.c

   1 /* LibMemcached
   2  * Copyright (C) 2006-2010 Brian Aker
   3  * All rights reserved.
   4  *
   5  * Use and distribution licensed under the BSD license.  See
   6  * the COPYING file in the parent directory for full text.
   7  *
   8  * Summary: interface for memcached server
   9  * Description: main include file for libmemcached
  10  *
  11  */
  12 #include "common.h"
  13
  14 void memcached_set_sasl_callbacks(memcached_st *ptr,
  15                                   const sasl_callback_t *callbacks)
  16 {
  17   ptr->sasl.callbacks= callbacks;
  18   ptr->sasl.is_allocated= false;
  19 }
  20
  21 const sasl_callback_t *memcached_get_sasl_callbacks(memcached_st *ptr)
  22 {
  23   return ptr->sasl.callbacks;
  24 }
  25
  26 /**
  27  * Resolve the names for both ends of a connection
  28  * @param fd socket to check
  29  * @param laddr local address (out)
  30  * @param raddr remote address (out)
  31  * @return true on success false otherwise (errno contains more info)
  32  */
  33 static bool resolve_names(int fd, char *laddr, size_t laddr_length, char *raddr, size_t raddr_length)
  34 {
  35   char host[NI_MAXHOST];
  36   char port[NI_MAXSERV];
  37   struct sockaddr_storage saddr;
  38   socklen_t salen= sizeof(saddr);
  39
  40   if ((getsockname(fd, (struct sockaddr *)&saddr, &salen) < 0) ||
  41       (getnameinfo((struct sockaddr *)&saddr, salen, host, sizeof(host),
  42                    port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV) < 0))
  43   {
  44     return false;
  45   }
  46
  47   (void)snprintf(laddr, laddr_length, "%s;%s", host, port);
  48   salen= sizeof(saddr);
  49
  50   if ((getpeername(fd, (struct sockaddr *)&saddr, &salen) < 0) ||
  51       (getnameinfo((struct sockaddr *)&saddr, salen, host, sizeof(host),
  52                    port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV) < 0))
  53   {
  54     return false;
  55   }
  56
  57   (void)snprintf(raddr, raddr_length, "%s;%s", host, port);
  58
  59   return true;
  60 }
  61
  62 memcached_return_t memcached_sasl_authenticate_connection(memcached_server_st *server)
  63 {
  64   memcached_return_t rc;
  65
  66   /* SANITY CHECK: SASL can only be used with the binary protocol */
  67   unlikely (!server->root->flags.binary_protocol)
  68     return MEMCACHED_FAILURE;
  69
  70   /* Try to get the supported mech from the server. Servers without SASL
  71    * support will return UNKNOWN COMMAND, so we can just treat that
  72    * as authenticated
  73    */
  74   protocol_binary_request_no_extras request= {
  75     .message.header.request= {
  76       .magic= PROTOCOL_BINARY_REQ,
  77       .opcode= PROTOCOL_BINARY_CMD_SASL_LIST_MECHS
  78     }
  79   };
  80
  81   if (memcached_io_write(server, request.bytes,
  82                          sizeof(request.bytes), 1) != sizeof(request.bytes))
  83   {
  84     return MEMCACHED_WRITE_FAILURE;
  85   }
  86
  87   memcached_server_response_increment(server);
  88
  89   char mech[MEMCACHED_MAX_BUFFER];
  90   rc= memcached_response(server, mech, sizeof(mech), NULL);
  91   if (rc != MEMCACHED_SUCCESS)
  92   {
  93     if (rc == MEMCACHED_PROTOCOL_ERROR)
  94     {
  95       /* If the server doesn't support SASL it will return PROTOCOL_ERROR.
  96        * This error may also be returned for other errors, but let's assume
  97        * that the server don't support SASL and treat it as success and
  98        * let the client fail with the next operation if the error was
  99        * caused by another problem....
 100        */
 101       rc= MEMCACHED_SUCCESS;
 102     }
 103
 104     return rc;
 105   }
 106
 107   /* set ip addresses */
 108   char laddr[NI_MAXHOST + NI_MAXSERV];
 109   char raddr[NI_MAXHOST + NI_MAXSERV];
 110
 111   unlikely (!resolve_names(server->fd, laddr, sizeof(laddr), raddr, sizeof(raddr)))
 112   {
 113     server->cached_errno= errno;
 114     return MEMCACHED_ERRNO;
 115   }
 116
 117   sasl_conn_t *conn;
 118   int ret= sasl_client_new("memcached", server->hostname, laddr, raddr,
 119                            server->root->sasl.callbacks, 0, &conn);
 120   if (ret != SASL_OK)
 121   {
 122     return MEMCACHED_AUTH_PROBLEM;
 123   }
 124
 125   const char *data;
 126   const char *chosenmech;
 127   unsigned int len;
 128   ret= sasl_client_start(conn, mech, NULL, &data, &len, &chosenmech);
 129
 130   if (ret != SASL_OK && ret != SASL_CONTINUE)
 131   {
 132     rc= MEMCACHED_AUTH_PROBLEM;
 133     goto end;
 134   }
 135
 136   uint16_t keylen= (uint16_t)strlen(chosenmech);
 137   request.message.header.request.opcode= PROTOCOL_BINARY_CMD_SASL_AUTH;
 138   request.message.header.request.keylen= htons(keylen);
 139   request.message.header.request.bodylen= htonl(len + keylen);
 140
 141   do {
 142     /* send the packet */
 143
 144     struct libmemcached_io_vector_st vector[]=
 145     {
 146       { .length= sizeof(request.bytes), .buffer= request.bytes },
 147       { .length= keylen, .buffer= chosenmech },
 148       { .length= len, .buffer= data }
 149     };
 150
 151     if (memcached_io_writev(server, vector, 3, true) == -1)
 152     {
 153       rc= MEMCACHED_WRITE_FAILURE;
 154       goto end;
 155     }
 156     memcached_server_response_increment(server);
 157
 158     /* read the response */
 159     rc= memcached_response(server, NULL, 0, NULL);
 160     if (rc != MEMCACHED_AUTH_CONTINUE)
 161     {
 162       goto end;
 163     }
 164
 165     ret= sasl_client_step(conn, memcached_result_value(&server->root->result),
 166                           (unsigned int)memcached_result_length(&server->root->result),
 167                           NULL, &data, &len);
 168
 169     if (ret != SASL_OK && ret != SASL_CONTINUE)
 170     {
 171       rc= MEMCACHED_AUTH_PROBLEM;
 172       goto end;
 173     }
 174
 175     request.message.header.request.opcode= PROTOCOL_BINARY_CMD_SASL_STEP;
 176     request.message.header.request.bodylen= htonl(len + keylen);
 177   } while (true);
 178
 179 end:
 180   /* Release resources */
 181   sasl_dispose(&conn);
 182
 183   return rc;
 184 }
 185
 186 static int get_username(void *context, int id, const char **result,
 187                         unsigned int *len)
 188 {
 189   if (!context || !result || (id != SASL_CB_USER && id != SASL_CB_AUTHNAME))
 190   {
 191     return SASL_BADPARAM;
 192   }
 193
 194   *result= context;
 195   if (len)
 196   {
 197     *len= (unsigned int)strlen(*result);
 198   }
 199
 200   return SASL_OK;
 201 }
 202
 203 static int get_password(sasl_conn_t *conn, void *context, int id,
 204                         sasl_secret_t **psecret)
 205 {
 206   if (!conn || ! psecret || id != SASL_CB_PASS)
 207   {
 208     return SASL_BADPARAM;
 209   }
 210
 211   *psecret= context;
 212
 213   return SASL_OK;
 214 }
 215
 216 memcached_return_t memcached_set_sasl_auth_data(memcached_st *ptr,
 217                                                 const char *username,
 218                                                 const char *password)
 219 {
 220   if (ptr == NULL || username == NULL ||
 221       password == NULL || ptr->sasl.callbacks != NULL)
 222   {
 223     return MEMCACHED_FAILURE;
 224   }
 225
 226   sasl_callback_t *cb= libmemcached_calloc(ptr, 4, sizeof(sasl_callback_t));
 227   char *name= libmemcached_malloc(ptr, strlen(username) + 1);
 228   sasl_secret_t *secret= libmemcached_malloc(ptr, strlen(password) + 1 + sizeof(*secret))
 229 ;
 230   if (cb == NULL || name == NULL || secret == NULL)
 231   {
 232     libmemcached_free(ptr, cb);
 233     libmemcached_free(ptr, name);
 234     libmemcached_free(ptr, secret);
 235     return MEMCACHED_MEMORY_ALLOCATION_FAILURE;
 236   }
 237
 238   secret->len= strlen(password);
 239   strcpy((void*)secret->data, password);
 240
 241   cb[0].id= SASL_CB_USER;
 242   cb[0].proc= get_username;
 243   cb[0].context= strcpy(name, username);
 244   cb[1].id= SASL_CB_AUTHNAME;
 245   cb[1].proc= get_username;
 246   cb[1].context= name;
 247   cb[2].id= SASL_CB_PASS;
 248   cb[2].proc= get_password;
 249   cb[2].context= secret;
 250   cb[3].id= SASL_CB_LIST_END;
 251
 252   ptr->sasl.callbacks= cb;
 253   ptr->sasl.is_allocated= true;
 254
 255   return MEMCACHED_SUCCESS;
 256 }
 257
 258 memcached_return_t memcached_destroy_sasl_auth_data(memcached_st *ptr)
 259 {
 260    if (ptr == NULL || ptr->sasl.callbacks == NULL)
 261    {
 262      return MEMCACHED_FAILURE;
 263    }
 264
 265    if (ptr->sasl.is_allocated)
 266    {
 267      libmemcached_free(ptr, ptr->sasl.callbacks[0].context);
 268      libmemcached_free(ptr, ptr->sasl.callbacks[2].context);
 269      libmemcached_free(ptr, (void*)ptr->sasl.callbacks);
 270      ptr->sasl.is_allocated= false;
 271    }
 272
 273    ptr->sasl.callbacks= NULL;
 274
 275    return MEMCACHED_SUCCESS;
 276 }
 277
 278 memcached_return_t memcached_clone_sasl(memcached_st *clone, const  memcached_st *source)
 279 {
 280
 281   if (source->sasl.callbacks == NULL)
 282   {
 283     return MEMCACHED_SUCCESS;
 284   }
 285
 286   /* Hopefully we are using our own callback mechanisms.. */
 287   if (source->sasl.callbacks[0].id == SASL_CB_USER &&
 288       source->sasl.callbacks[0].proc == get_username &&
 289       source->sasl.callbacks[1].id == SASL_CB_AUTHNAME &&
 290       source->sasl.callbacks[1].proc == get_username &&
 291       source->sasl.callbacks[2].id == SASL_CB_PASS &&
 292       source->sasl.callbacks[2].proc == get_password &&
 293       source->sasl.callbacks[3].id == SASL_CB_LIST_END)
 294   {
 295     sasl_secret_t *secret= source->sasl.callbacks[2].context;
 296     return memcached_set_sasl_auth_data(clone,
 297                                         source->sasl.callbacks[0].context,
 298                                         (const char*)secret->data);
 299   }
 300
 301   /*
 302    * But we're not. It may work if we know what the user tries to pass
 303    * into the list, but if we don't know the ID we don't know how to handle
 304    * the context...
 305    */
 306   size_t total= 0;
 307
 308   while (source->sasl.callbacks[total].id != SASL_CB_LIST_END)
 309   {
 310     switch (source->sasl.callbacks[total].id)
 311     {
 312     case SASL_CB_USER:
 313     case SASL_CB_AUTHNAME:
 314     case SASL_CB_PASS:
 315        break;
 316     default:
 317        /* I don't know how to deal with this... */
 318        return MEMCACHED_NOT_SUPPORTED;
 319     }
 320
 321     ++total;
 322   }
 323
 324   sasl_callback_t *cb= libmemcached_calloc(clone, total + 1, sizeof(sasl_callback_t));
 325   if (cb == NULL)
 326   {
 327     return MEMCACHED_MEMORY_ALLOCATION_FAILURE;
 328   }
 329   memcpy(cb, source->sasl.callbacks, (total + 1) * sizeof(sasl_callback_t));
 330
 331   /* Now update the context... */
 332   for (size_t x= 0; x < total; ++x)
 333   {
 334     if (cb[x].id == SASL_CB_USER || cb[x].id == SASL_CB_AUTHNAME)
 335     {
 336       cb[x].context= libmemcached_malloc(clone, strlen(source->sasl.callbacks[x].context));
 337
 338       if (cb[x].context == NULL)
 339       {
 340         /* Failed to allocate memory, clean up previously allocated memory */
 341         for (size_t y= 0; y < x; ++y)
 342         {
 343           libmemcached_free(clone, clone->sasl.callbacks[y].context);
 344         }
 345
 346         libmemcached_free(clone, cb);
 347         return MEMCACHED_MEMORY_ALLOCATION_FAILURE;
 348       }
 349       strcpy(cb[x].context, source->sasl.callbacks[x].context);
 350     }
 351     else
 352     {
 353       sasl_secret_t *src = source->sasl.callbacks[x].context;
 354       sasl_secret_t *n = libmemcached_malloc(clone, src->len + 1 + sizeof(*n));
 355       if (n == NULL)
 356       {
 357         /* Failed to allocate memory, clean up previously allocated memory */
 358         for (size_t y= 0; y < x; ++y)
 359         {
 360           libmemcached_free(clone, clone->sasl.callbacks[y].context);
 361         }
 362
 363         libmemcached_free(clone, cb);
 364         return MEMCACHED_MEMORY_ALLOCATION_FAILURE;
 365       }
 366       memcpy(n, src, src->len + 1 + sizeof(*n));
 367       cb[x].context= n;
 368     }
 369   }
 370
 371   clone->sasl.callbacks= cb;
 372   clone->sasl.is_allocated= true;
 373
 374   return MEMCACHED_SUCCESS;
 375 }