The Samba-Bugzilla – Bug 3018
mysql passdb backend broken in 3.0.20rc2
Last modified: 2006-02-10 08:42:05 UTC
I have Samba 3.0.20rc2 on a Linux machine as PDC.
My passdb backend is MySql 4.1.
When I re-joined a Windows XP machine to the domain (the machine account already
existed), the final SQL statement issued by Samba was:
UPDATE `account` SET
smb_pass_can_change_time = 1124446998,
smb_pass_must_change_time = 2147483647,
smb_pass_last_set_time = 1124446998,
smb_lm_pass = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
smb_nt_pass = '2933ACB55AEBAA79309409A03417FE9A'
Obviously, there is no WHERE clause, so the all rows in the database got updated
instead of just the machine account. What is is missing is something like
WHERE user = 'ABCDE$' at the end of the SQL statement.
This is really desastrous (or would be, fortunately it is just a test
There are more MySql problems, see bug 2531.
look at these:
I was able to track the problem down a bit.
In the UPDATE example I gave, things go wrong in passdb/pdb_sql.c in the
statement at line 539-545:
" WHERE %s = '%s'",
"user sid column",
sid_to_string(sid_str, pdb_get_user_sid (newpwd)));
I added some DEBUG statements which revealed that after the call of
talloc_asprintf_append, query->part1 is unchanged, which should not be the case.
The ingredients to the call to talloc_asprintf_append are ok, so something
inside the helper function talloc_asprintf_append goes wrong.
The function talloc_asprintf_append is defined in lib/talloc.c and is used only
in pdb_sql.c, which explains why only sql passdb users experience problems.
My guess is that bugs 2531 and 3019 are caused by talloc_asprintf_append too, as
it is used 9 times in pdb_sql.c.
I hope that can find the time to go into this a bit deeper.
Thanks for tracking that down, that really sounds great! If you have a patch,
I'd happily test it here, if you want. :-)
Created attachment 1398 [details]
patch to lib/talloc.c, function talloc_vasprintf_append
The function talloc_vasprintf_append in lib/talloc.c appends formattedly to a
string s. The length of the lhs string s, to which more data is appended, is
calculated in the wrong way. The original function uses the length of the
talloc-ed data chunk as length of s, but it is perfectly ok (and actually
happens) that the real string is shorter. So I calculate the string length
simply with strlen(s) now.
From what I can see, this solves bug 3018, but not 2531. I have a patch for the
latter bug, too.
reassigning to me
*** Bug 3078 has been marked as a duplicate of this bug. ***
The experimental pdb modules (pdb_mysql, pdb_pgsql and pdb_xml) have
been a bit neglected during the last few releases of Samba 3 as they
haven't been actively maintained. I was the original author and
maintainer, but I no longer work on Samba 3 and I no longer use any of
the modules in production.
I'll remove these modules unless somebody steps up as a maintainer. If
there's anyone willing to take over maintainance of either one of
these modules, please let me know. Otherwise, I'll put the modules up
on my samba.org homepage as a separate tarball for those interested
(including some of the patches that have been published).
We run a pdb_mysql environment with Samba 3.0.20 and the patches by Peter
Rindfuss, which I'm adding to CC, hoping that this is okay for him.
The patches are in talloc.c and pdb_sql.c, and then pdb_mysql works fine
Unfortunately, I am no programmer, but we actively use the pdb_mysql module, as
we have set up a GUI that relies on this, and switching to tdbsam or LDAP is no
intermediate option for us.
I hope that we can find some people willing to help debugging on coding on these
Darrell, Peter, would you be willing to help? I would be helping, too!
Adding Darrell to Cc so he doesn't miss one of the associated Bugzilla entries -
hope that is okay.
> Darrell, Peter, would you be willing to help? I would be helping, too!
I was on vacation for a couple of days, so I had no chance to respond earlier.
I am definitely willing to help in the further development of the sql backend.
Great to hear, thanks a lot! So we seem to have enough people who will work on
the modules, now we just have to wait for the Samba team to tell us how to go
What is the current status of this bug?
According to bug #3188 it seems to be working?
This is solved as far as I can tell.
Maybe this new bug is of interest for those on the Cc list:
See bug 3375. If someone wants to maintain these modules outside
the Samba source tree, that is fine. But the source has been removed
from the upcoming 3.0.22 release.