Bug 2348 - pgsql backend fails after reboot on SSL-enabled databases
pgsql backend fails after reboot on SSL-enabled databases
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: pdb_sql
3.0.11
All Linux
: P3 normal
: none
Assigned To: pdb_sql maintainers mail alias
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-15 06:42 UTC by Fernando Schapachnik
Modified: 2005-10-19 06:09 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Fernando Schapachnik 2005-02-15 06:42:16 UTC
When using pgsql passdb against and SSL-enabled postgres database and a NT4 SP 6
as a workstation, the following consistently happens:

-Samba stablishes an SSL connection to the database.
-Everything works fine.
-The workstation is rebooted.
-Then nobody can log into the workstation until Samba processes are restarted.

Samba log reads:

[2005/02/15 10:24:00, 0] passdb/pdb_pgsql.c:pgsqlsam_select_by_field(246)
  Error executing SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_drive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dial,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,logon_divs,hours_len,bad_password_count,logon_count,unknown_6
FROM "user" WHERE username = 'WORKSTATIONNAMEHERE$', server closed the
connection unexpectedly
        This probably means the server terminated abnormally
        before or while processing the request.

Postgres log reads:
[24129]  LOG:  SSL error: decryption failed or bad record mac
[24129]  LOG:  pq_recvbuf: recv() failed: Connection reset by peer

The PDC is a RH AS 3.0, with rh-postgresql-devel-7.3.6-7 and
rh-postgresql-libs-7.3.6-7. DB server is Postgres 7.3.9.

Haven't had the chance yet to try it with other clients.

I would have reported it to postgres, but it happens consistently after
rebooting the workstation, so may be it is related to the connection handling
for that case in the pgsql backend.

If you need more info, please let me know.

Thanks!
Comment 1 Jelmer Vernooij 2005-03-10 15:35:50 UTC
Is this also happening when you're not using SSL? 

I don't have much ideas as to why this is happening - though I guess it is
related to the fact that a smbd process dies off. Is the connection to the
database initiated before any of the clients connects? That might mean the
database connection is inherited from the "root" smbd when a new process is
fork()-ed off and the connection is inherited.
Comment 2 Fernando Schapachnik 2005-03-11 07:01:59 UTC
(In reply to comment #1)
> Is this also happening when you're not using SSL? 

When not using SSL, everything works OK.

> related to the fact that a smbd process dies off. Is the connection to the
> database initiated before any of the clients connects? That might mean the

Yes, when Samba start, it initiates a connection to the DB and sits idle on it.

> database connection is inherited from the "root" smbd when a new process is
> fork()-ed off and the connection is inherited.

May be it's worth bringing it up on the PG mailing list?
Comment 3 Jelmer Vernooij 2005-03-11 07:45:17 UTC
Yes, I'd probably be a good idea to ask about this on the postgresql list. There
is no SSL-specific code in the PostGreSQL backend.
Comment 4 Jelmer Vernooij 2005-09-23 11:18:23 UTC
The experimental pdb modules (pdb_mysql, pdb_pgsql and pdb_xml) have 
been a bit neglected during the last few releases of Samba 3 as they 
haven't been actively maintained. I was the original author and 
maintainer, but I no longer work on Samba 3 and I no longer use any of 
the modules in production. I was hoping I could nonetheless keep the code 
working for those that still use it, but this turned out to be harder then I 
expected. 
 
I'll remove these modules unless somebody steps up as a maintainer. If 
there's anyone willing to take over maintainance of either one of 
these modules, please let me know. Otherwise, I'll put the modules up 
on my samba.org homepage as a separate tarball for those interested 
(including some of the patches that have been published). 
Comment 5 Fernando Schapachnik 2005-10-19 06:09:30 UTC
Changing the way to handle connections fixed it.