2 * Copyright (C) 2006-2010 Brian Aker
5 * Use and distribution licensed under the BSD license. See
6 * the COPYING file in the parent directory for full text.
8 * Summary: interface for memcached server
9 * Description: main include file for libmemcached
14 void memcached_set_sasl_callbacks(memcached_st
*ptr
,
15 const sasl_callback_t
*callbacks
)
17 ptr
->sasl
.callbacks
= callbacks
;
18 ptr
->sasl
.is_allocated
= false;
21 const sasl_callback_t
*memcached_get_sasl_callbacks(memcached_st
*ptr
)
23 return ptr
->sasl
.callbacks
;
27 * Resolve the names for both ends of a connection
28 * @param fd socket to check
29 * @param laddr local address (out)
30 * @param raddr remote address (out)
31 * @return true on success false otherwise (errno contains more info)
33 static bool resolve_names(int fd
, char *laddr
, size_t laddr_length
, char *raddr
, size_t raddr_length
)
35 char host
[NI_MAXHOST
];
36 char port
[NI_MAXSERV
];
37 struct sockaddr_storage saddr
;
38 socklen_t salen
= sizeof(saddr
);
40 if ((getsockname(fd
, (struct sockaddr
*)&saddr
, &salen
) < 0) ||
41 (getnameinfo((struct sockaddr
*)&saddr
, salen
, host
, sizeof(host
),
42 port
, sizeof(port
), NI_NUMERICHOST
| NI_NUMERICSERV
) < 0))
47 (void)snprintf(laddr
, laddr_length
, "%s;%s", host
, port
);
50 if ((getpeername(fd
, (struct sockaddr
*)&saddr
, &salen
) < 0) ||
51 (getnameinfo((struct sockaddr
*)&saddr
, salen
, host
, sizeof(host
),
52 port
, sizeof(port
), NI_NUMERICHOST
| NI_NUMERICSERV
) < 0))
57 (void)snprintf(raddr
, raddr_length
, "%s;%s", host
, port
);
62 memcached_return_t
memcached_sasl_authenticate_connection(memcached_server_st
*server
)
64 memcached_return_t rc
;
66 /* SANITY CHECK: SASL can only be used with the binary protocol */
67 unlikely (!server
->root
->flags
.binary_protocol
)
68 return MEMCACHED_FAILURE
;
70 /* Try to get the supported mech from the server. Servers without SASL
71 * support will return UNKNOWN COMMAND, so we can just treat that
74 protocol_binary_request_no_extras request
= {
75 .message
.header
.request
= {
76 .magic
= PROTOCOL_BINARY_REQ
,
77 .opcode
= PROTOCOL_BINARY_CMD_SASL_LIST_MECHS
81 if (memcached_io_write(server
, request
.bytes
,
82 sizeof(request
.bytes
), 1) != sizeof(request
.bytes
))
84 return MEMCACHED_WRITE_FAILURE
;
87 memcached_server_response_increment(server
);
89 char mech
[MEMCACHED_MAX_BUFFER
];
90 rc
= memcached_response(server
, mech
, sizeof(mech
), NULL
);
91 if (rc
!= MEMCACHED_SUCCESS
)
93 if (rc
== MEMCACHED_PROTOCOL_ERROR
)
95 /* If the server doesn't support SASL it will return PROTOCOL_ERROR.
96 * This error may also be returned for other errors, but let's assume
97 * that the server don't support SASL and treat it as success and
98 * let the client fail with the next operation if the error was
99 * caused by another problem....
101 rc
= MEMCACHED_SUCCESS
;
107 /* set ip addresses */
108 char laddr
[NI_MAXHOST
+ NI_MAXSERV
];
109 char raddr
[NI_MAXHOST
+ NI_MAXSERV
];
111 unlikely (!resolve_names(server
->fd
, laddr
, sizeof(laddr
), raddr
, sizeof(raddr
)))
113 server
->cached_errno
= errno
;
114 return MEMCACHED_ERRNO
;
118 int ret
= sasl_client_new("memcached", server
->hostname
, laddr
, raddr
,
119 server
->root
->sasl
.callbacks
, 0, &conn
);
122 return MEMCACHED_AUTH_PROBLEM
;
126 const char *chosenmech
;
128 ret
= sasl_client_start(conn
, mech
, NULL
, &data
, &len
, &chosenmech
);
130 if (ret
!= SASL_OK
&& ret
!= SASL_CONTINUE
)
132 rc
= MEMCACHED_AUTH_PROBLEM
;
136 uint16_t keylen
= (uint16_t)strlen(chosenmech
);
137 request
.message
.header
.request
.opcode
= PROTOCOL_BINARY_CMD_SASL_AUTH
;
138 request
.message
.header
.request
.keylen
= htons(keylen
);
139 request
.message
.header
.request
.bodylen
= htonl(len
+ keylen
);
142 /* send the packet */
144 struct libmemcached_io_vector_st vector
[]=
146 { .length
= sizeof(request
.bytes
), .buffer
= request
.bytes
},
147 { .length
= keylen
, .buffer
= chosenmech
},
148 { .length
= len
, .buffer
= data
}
151 if (memcached_io_writev(server
, vector
, 3, true) == -1)
153 rc
= MEMCACHED_WRITE_FAILURE
;
156 memcached_server_response_increment(server
);
158 /* read the response */
159 rc
= memcached_response(server
, NULL
, 0, NULL
);
160 if (rc
!= MEMCACHED_AUTH_CONTINUE
)
165 ret
= sasl_client_step(conn
, memcached_result_value(&server
->root
->result
),
166 (unsigned int)memcached_result_length(&server
->root
->result
),
169 if (ret
!= SASL_OK
&& ret
!= SASL_CONTINUE
)
171 rc
= MEMCACHED_AUTH_PROBLEM
;
175 request
.message
.header
.request
.opcode
= PROTOCOL_BINARY_CMD_SASL_STEP
;
176 request
.message
.header
.request
.bodylen
= htonl(len
+ keylen
);
180 /* Release resources */
186 static int get_username(void *context
, int id
, const char **result
,
189 if (!context
|| !result
|| (id
!= SASL_CB_USER
&& id
!= SASL_CB_AUTHNAME
))
191 return SASL_BADPARAM
;
197 *len
= (unsigned int)strlen(*result
);
203 static int get_password(sasl_conn_t
*conn
, void *context
, int id
,
204 sasl_secret_t
**psecret
)
206 if (!conn
|| ! psecret
|| id
!= SASL_CB_PASS
)
208 return SASL_BADPARAM
;
216 memcached_return_t
memcached_set_sasl_auth_data(memcached_st
*ptr
,
217 const char *username
,
218 const char *password
)
220 if (ptr
== NULL
|| username
== NULL
||
221 password
== NULL
|| ptr
->sasl
.callbacks
!= NULL
)
223 return MEMCACHED_FAILURE
;
226 sasl_callback_t
*cb
= libmemcached_calloc(ptr
, 4, sizeof(sasl_callback_t
));
227 char *name
= libmemcached_malloc(ptr
, strlen(username
) + 1);
228 size_t password_length
= strlen(password
);
229 sasl_secret_t
*secret
= libmemcached_malloc(ptr
, password_length
+1 + sizeof(*secret
));
230 if (cb
== NULL
|| name
== NULL
|| secret
== NULL
)
232 libmemcached_free(ptr
, cb
);
233 libmemcached_free(ptr
, name
);
234 libmemcached_free(ptr
, secret
);
235 return MEMCACHED_MEMORY_ALLOCATION_FAILURE
;
238 secret
->len
= strlen(password
);
239 memcpy(secret
->data
, password
, password_length
);
240 secret
->data
[password_length
]= 0;
242 cb
[0].id
= SASL_CB_USER
;
243 cb
[0].proc
= get_username
;
244 cb
[0].context
= strncpy(name
, username
, sizeof(cb
[0].context
));
245 cb
[1].id
= SASL_CB_AUTHNAME
;
246 cb
[1].proc
= get_username
;
248 cb
[2].id
= SASL_CB_PASS
;
249 cb
[2].proc
= get_password
;
250 cb
[2].context
= secret
;
251 cb
[3].id
= SASL_CB_LIST_END
;
253 ptr
->sasl
.callbacks
= cb
;
254 ptr
->sasl
.is_allocated
= true;
256 return MEMCACHED_SUCCESS
;
259 memcached_return_t
memcached_destroy_sasl_auth_data(memcached_st
*ptr
)
261 if (ptr
== NULL
|| ptr
->sasl
.callbacks
== NULL
)
263 return MEMCACHED_FAILURE
;
266 if (ptr
->sasl
.is_allocated
)
268 libmemcached_free(ptr
, ptr
->sasl
.callbacks
[0].context
);
269 libmemcached_free(ptr
, ptr
->sasl
.callbacks
[2].context
);
270 libmemcached_free(ptr
, (void*)ptr
->sasl
.callbacks
);
271 ptr
->sasl
.is_allocated
= false;
274 ptr
->sasl
.callbacks
= NULL
;
276 return MEMCACHED_SUCCESS
;
279 memcached_return_t
memcached_clone_sasl(memcached_st
*clone
, const memcached_st
*source
)
282 if (source
->sasl
.callbacks
== NULL
)
284 return MEMCACHED_SUCCESS
;
287 /* Hopefully we are using our own callback mechanisms.. */
288 if (source
->sasl
.callbacks
[0].id
== SASL_CB_USER
&&
289 source
->sasl
.callbacks
[0].proc
== get_username
&&
290 source
->sasl
.callbacks
[1].id
== SASL_CB_AUTHNAME
&&
291 source
->sasl
.callbacks
[1].proc
== get_username
&&
292 source
->sasl
.callbacks
[2].id
== SASL_CB_PASS
&&
293 source
->sasl
.callbacks
[2].proc
== get_password
&&
294 source
->sasl
.callbacks
[3].id
== SASL_CB_LIST_END
)
296 sasl_secret_t
*secret
= source
->sasl
.callbacks
[2].context
;
297 return memcached_set_sasl_auth_data(clone
,
298 source
->sasl
.callbacks
[0].context
,
299 (const char*)secret
->data
);
303 * But we're not. It may work if we know what the user tries to pass
304 * into the list, but if we don't know the ID we don't know how to handle
309 while (source
->sasl
.callbacks
[total
].id
!= SASL_CB_LIST_END
)
311 switch (source
->sasl
.callbacks
[total
].id
)
314 case SASL_CB_AUTHNAME
:
318 /* I don't know how to deal with this... */
319 return MEMCACHED_NOT_SUPPORTED
;
325 sasl_callback_t
*cb
= libmemcached_calloc(clone
, total
+ 1, sizeof(sasl_callback_t
));
328 return MEMCACHED_MEMORY_ALLOCATION_FAILURE
;
330 memcpy(cb
, source
->sasl
.callbacks
, (total
+ 1) * sizeof(sasl_callback_t
));
332 /* Now update the context... */
333 for (size_t x
= 0; x
< total
; ++x
)
335 if (cb
[x
].id
== SASL_CB_USER
|| cb
[x
].id
== SASL_CB_AUTHNAME
)
337 cb
[x
].context
= libmemcached_malloc(clone
, strlen(source
->sasl
.callbacks
[x
].context
));
339 if (cb
[x
].context
== NULL
)
341 /* Failed to allocate memory, clean up previously allocated memory */
342 for (size_t y
= 0; y
< x
; ++y
)
344 libmemcached_free(clone
, clone
->sasl
.callbacks
[y
].context
);
347 libmemcached_free(clone
, cb
);
348 return MEMCACHED_MEMORY_ALLOCATION_FAILURE
;
350 strncpy(cb
[x
].context
, source
->sasl
.callbacks
[x
].context
, sizeof(cb
[x
].context
));
354 sasl_secret_t
*src
= source
->sasl
.callbacks
[x
].context
;
355 sasl_secret_t
*n
= libmemcached_malloc(clone
, src
->len
+ 1 + sizeof(*n
));
358 /* Failed to allocate memory, clean up previously allocated memory */
359 for (size_t y
= 0; y
< x
; ++y
)
361 libmemcached_free(clone
, clone
->sasl
.callbacks
[y
].context
);
364 libmemcached_free(clone
, cb
);
365 return MEMCACHED_MEMORY_ALLOCATION_FAILURE
;
367 memcpy(n
, src
, src
->len
+ 1 + sizeof(*n
));
372 clone
->sasl
.callbacks
= cb
;
373 clone
->sasl
.is_allocated
= true;
375 return MEMCACHED_SUCCESS
;