INTERNAL: Make the -S option available with ascii protocol

naver · Jan 31, 2025 · d2f6f61 · d2f6f61
1 parent c3340cb
commit d2f6f61
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 35 deletions.
diff --git a/memcached.c b/memcached.c
@@ -7693,6 +7693,46 @@ static void write_and_free(conn *c, char *buf, int bytes)
     c->write_and_go = conn_new_cmd;
 }
 
+static bool authenticated_ascii(conn *c, token_t *tokens, const size_t ntokens)
+{
+    bool rv = false;
+
+    if (c->authenticated) {
+        rv = true;
+    } else if (ntokens < 2) {
+        rv = false;
+    } else if((strcmp(tokens[COMMAND_TOKEN].value, "dump") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "cmdlog") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "config") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "getattr") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "help") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "lqdetect") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "quit") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "ready") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "scan") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "setattr") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "shutdown") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "stats") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "version") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "zkensemble") == 0)) {
+        rv = true;
+    } else if (ntokens < 3) {
+        rv = false;
+    } else if((strcmp(tokens[COMMAND_TOKEN].value, "set") == 0) ||
+              (strcmp(tokens[COMMAND_TOKEN].value, "get") == 0)) {
+        rv = (strncmp(tokens[KEY_TOKEN].value, "arcus:", 6) == 0);
+    } else if (ntokens < 5) {
+        rv = false;
+    } else if ((strcmp(tokens[COMMAND_TOKEN].value, "lop") == 0) ||
+               (strcmp(tokens[COMMAND_TOKEN].value, "sop") == 0) ||
+               (strcmp(tokens[COMMAND_TOKEN].value, "mop") == 0) ||
+               (strcmp(tokens[COMMAND_TOKEN].value, "bop") == 0)) {
+        rv = (strncmp(tokens[COMMAND_TOKEN+2].value, "arcus:", 6) == 0);
+    }
+
+    return rv;
+}
+
 #ifdef JHPARK_OLD_SMGET_INTERFACE
 static inline int set_smget_mode_maybe(conn *c, token_t *tokens, size_t ntokens)
 {
@@ -13092,6 +13132,11 @@ static void process_command_ascii(conn *c, char *command, int cmdlen)
 
     ntokens = tokenize_command(command, cmdlen, tokens, MAX_TOKENS);
 
+    if (settings.require_sasl && !authenticated_ascii(c, tokens, ntokens)) {
+        out_string(c, "CLIENT_ERROR unauthenticated");
+        return;
+    }
+
     if ((ntokens >= 3) && (strcmp(tokens[COMMAND_TOKEN].value, "get") == 0))
     {
         process_get_command(c, tokens, ntokens, false);
@@ -15061,7 +15106,6 @@ int main (int argc, char **argv)
     int cache_memory_limit = 0;
     int sticky_memory_limit = 0;
 
-    bool protocol_specified = false;
     bool tcp_specified = false;
     bool udp_specified = false;
 
@@ -15274,7 +15318,6 @@ int main (int argc, char **argv)
             settings.backlog = atoi(optarg);
             break;
         case 'B':
-            protocol_specified = true;
             if (strcmp(optarg, "auto") == 0) {
                 settings.binding_protocol = negotiating_prot;
             } else if (strcmp(optarg, "binary") == 0) {
@@ -15399,23 +15442,6 @@ int main (int argc, char **argv)
         }
     }
 
-    if (settings.require_sasl) {
-        if (!protocol_specified) {
-            settings.binding_protocol = binary_prot;
-        } else {
-            if (settings.binding_protocol == negotiating_prot) {
-                mc_logger->log(EXTENSION_LOG_WARNING, NULL,
-                        "ERROR: You cannot use auto-negotiating protocol while requiring SASL.\n");
-                exit(EX_USAGE);
-            }
-            if (settings.binding_protocol == ascii_prot) {
-                mc_logger->log(EXTENSION_LOG_WARNING, NULL,
-                        "ERROR: You cannot use only ASCII protocol while requiring SASL.\n");
-                exit(EX_USAGE);
-            }
-        }
-    }
-
     if (udp_specified && settings.udpport != 0 && !tcp_specified) {
         settings.port = settings.udpport;
     }

diff --git a/t/binary-sasl.t.in b/t/binary-sasl.t.in
@@ -31,7 +31,7 @@ if (supports_sasl()) {
          plan skip_all => "The binary 'saslpasswd' is missing from your system";
     }
     else {
-       plan tests => 33;
+       plan tests => 30;
     }
 } else {
     plan tests => 1;
@@ -42,21 +42,6 @@ if (supports_sasl()) {
     exit 0;
 }
 
-eval {
-    my $server = get_memcached($engine, "-S -B auto");
-};
-ok($@, "SASL shouldn't be used with protocol auto negotiate");
-
-eval {
-    my $server = get_memcached($engine, "-S -B ascii");
-};
-ok($@, "SASL isn't implemented in the ascii protocol");
-
-eval {
-    my $server = get_memcached($engine, "-S -B binary -B ascii");
-};
-ok($@, "SASL isn't implemented in the ascii protocol");
-
 # Based almost 100% off testClient.py which is:
 # Copyright (c) 2007  Dustin Sallings <[email protected]>