I got an early morning call that people can't log in anymore, that was because all their passwords were set equal. UPDATE's don't have a where clause because this doesn't work as expected: if (query->update) { query->part1[strlen(query->part1) - 1] = '\0'; query->part1 = talloc_asprintf_append(query->part1, " WHERE %s = '%s'", In talloc_asprintf_append it is not strlen that's used for calculcating the length of the string to append to, maybe it should be??? Here a simple example I checked, result is ONE and not ONEFOUR: query->part1 = talloc_asprintf(query,"ONE TWO THREE"); query->part1[3]='\0'; talloc_asprintf_append(query->part1,"FOUR"); My one liner solution for pdb_sql.c: making a copy of part1 before feeding it to append: query->part1[strlen(query->part1) - 1] = '\0'; query->part1 = talloc_asprintf(query,query->part1); query->part1 = talloc_asprintf_append(query->part1, " WHERE %s = '%s'",
*** This bug has been marked as a duplicate of 3018 ***