Bug 3018 - mysql passdb backend broken in 3.0.20rc2
Summary: mysql passdb backend broken in 3.0.20rc2
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: pdb_sql (show other bugs)
Version: 3.0.20
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: pdb_sql maintainers mail alias
QA Contact: Jelmer Vernooij
: 3078 (view as bug list)
Depends on:
Reported: 2005-08-19 04:49 UTC by Peter Rindfuss
Modified: 2006-02-10 08:42 UTC (History)
6 users (show)

See Also:

patch to lib/talloc.c, function talloc_vasprintf_append (530 bytes, patch)
2005-08-24 10:16 UTC, Peter Rindfuss
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Rindfuss 2005-08-19 04:49:17 UTC
I have Samba 3.0.20rc2 on a Linux machine as PDC.
My passdb backend is MySql 4.1.

When I re-joined a Windows XP machine to the domain (the machine account already
existed), the final SQL statement issued by Samba was:

UPDATE `account` SET
 smb_pass_can_change_time = 1124446998, 
 smb_pass_must_change_time = 2147483647,
 smb_pass_last_set_time = 1124446998,
 smb_nt_pass = '2933ACB55AEBAA79309409A03417FE9A'

Obviously, there is no WHERE clause, so the all rows in the database got updated
instead of just the machine account. What is is missing is something like 
WHERE user = 'ABCDE$' at the end of the SQL statement.
This is really desastrous (or would be, fortunately it is just a test

There are more MySql problems, see bug 2531.
Comment 2 Peter Rindfuss 2005-08-22 09:26:10 UTC
I was able to track the problem down a bit.
In the UPDATE example I gave, things go wrong in passdb/pdb_sql.c in the
statement at line 539-545:

    query->part1 =
                   " WHERE %s = '%s'",
                           "user sid column",
                   sid_to_string(sid_str, pdb_get_user_sid (newpwd)));

I added some DEBUG statements which revealed that after the call of
talloc_asprintf_append, query->part1 is unchanged, which should not be the case.
The ingredients to the call to talloc_asprintf_append are ok, so something
inside the helper function talloc_asprintf_append goes wrong.

The function talloc_asprintf_append is defined in lib/talloc.c and is used only
in pdb_sql.c, which explains why only sql passdb users experience problems.
My guess is that bugs 2531 and 3019 are caused by talloc_asprintf_append too, as
it is used 9 times in pdb_sql.c.

I hope that can find the time to go into this a bit deeper.

Comment 3 Florian Effenberger 2005-08-22 09:45:03 UTC
Thanks for tracking that down, that really sounds great! If you have a patch,
I'd happily test it here, if you want. :-)
Comment 4 Peter Rindfuss 2005-08-24 10:16:44 UTC
Created attachment 1398 [details]
patch to lib/talloc.c, function talloc_vasprintf_append

The function talloc_vasprintf_append in lib/talloc.c appends formattedly to a
string s. The length of the lhs string s, to which more data is appended, is
calculated in the wrong way. The original function uses the length of the
talloc-ed data chunk as length of s, but it is perfectly ok (and actually
happens) that the real string is shorter. So I calculate the string length
simply with strlen(s) now.

From what I can see, this solves bug 3018, but not 2531. I have a patch for the
latter bug, too.
Comment 5 Jelmer Vernooij 2005-08-26 01:16:40 UTC
reassigning to me  
Comment 6 Uli M 2005-09-19 06:02:29 UTC
*** Bug 3078 has been marked as a duplicate of this bug. ***
Comment 7 Jelmer Vernooij 2005-09-23 11:14:16 UTC
The experimental pdb modules (pdb_mysql, pdb_pgsql and pdb_xml) have 
been a bit neglected during the last few releases of Samba 3 as they 
haven't been actively maintained. I was the original author and 
maintainer, but I no longer work on Samba 3 and I no longer use any of 
the modules in production.  
I'll remove these modules unless somebody steps up as a maintainer. If 
there's anyone willing to take over maintainance of either one of 
these modules, please let me know. Otherwise, I'll put the modules up 
on my samba.org homepage as a separate tarball for those interested 
(including some of the patches that have been published). 
Comment 8 Florian Effenberger 2005-09-24 01:22:18 UTC
We run a pdb_mysql environment with Samba 3.0.20 and the patches by Peter
Rindfuss, which I'm adding to CC, hoping that this is okay for him.

The patches are in talloc.c and pdb_sql.c, and then pdb_mysql works fine
(pdb_pgsql untested).

Unfortunately, I am no programmer, but we actively use the pdb_mysql module, as
we have set up a GUI that relies on this, and switching to tdbsam or LDAP is no
intermediate option for us.

I hope that we can find some people willing to help debugging on coding on these

Darrell, Peter, would you be willing to help? I would be helping, too!
Comment 9 Florian Effenberger 2005-09-24 01:22:54 UTC
Adding Darrell to Cc so he doesn't miss one of the associated Bugzilla entries -
hope that is okay.
Comment 10 Peter Rindfuss 2005-09-26 13:12:49 UTC
> Darrell, Peter, would you be willing to help? I would be helping, too!

Hi Everybody,

I was on vacation for a couple of days, so I had no chance to respond earlier.
I am definitely willing to help in the further development of the sql backend. 

Cheers, Peter
Comment 11 Florian Effenberger 2005-09-26 21:30:55 UTC
Great to hear, thanks a lot! So we seem to have enough people who will work on
the modules, now we just have to wait for the Samba team to tell us how to go
on. ;-)
Comment 12 Buchan Milne 2005-10-23 23:38:30 UTC
What is the current status of this bug?

According to bug #3188 it seems to be working?
Comment 13 Peter Rindfuss 2005-10-24 01:18:03 UTC
This is solved as far as I can tell.
Peter Rindfuss
Comment 14 Florian Effenberger 2005-12-23 06:42:05 UTC
Maybe this new bug is of interest for those on the Cc list:

Comment 15 Gerald (Jerry) Carter (dead mail address) 2006-02-10 08:42:05 UTC
See bug 3375.  If someone wants to maintain these modules outside
the Samba source tree, that is fine.  But the source has been removed
from the upcoming 3.0.22 release.