Bug 3078 - passdb/pdb_sql.c(and possibly lib/talloc.c): UPDATE's don't have a WHERE clause
Summary: passdb/pdb_sql.c(and possibly lib/talloc.c): UPDATE's don't have a WHERE clause
Status: RESOLVED DUPLICATE of bug 3018
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.20
Hardware: All All
: P3 major
Target Milestone: none
Assignee: Jelmer Vernooij
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-09-09 04:49 UTC by Uli M
Modified: 2005-09-19 06:02 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Uli M 2005-09-09 04:49:47 UTC 
I got an early morning call that people can't log in anymore, that was because
all their passwords were set equal.
UPDATE's don't have a where clause because this doesn't work as expected:

if (query->update) {
    query->part1[strlen(query->part1) - 1] = '\0';
    query->part1 = talloc_asprintf_append(query->part1,
                                                                   " WHERE %s =
'%s'",

In talloc_asprintf_append it is not strlen that's used for calculcating the
length of the string to append to, maybe it should be???

Here a simple example I checked, result is ONE and not ONEFOUR:

query->part1 = talloc_asprintf(query,"ONE TWO THREE");
query->part1[3]='\0';
talloc_asprintf_append(query->part1,"FOUR");

My one liner solution for pdb_sql.c: making a copy of part1 before feeding it to
append:

                query->part1[strlen(query->part1) - 1] = '\0';
                query->part1 = talloc_asprintf(query,query->part1);
                query->part1 =
                        talloc_asprintf_append(query->part1,
                                                                   " WHERE %s =
'%s'",
Comment 1 Uli M 2005-09-19 06:02:27 UTC 

*** This bug has been marked as a duplicate of 3018 ***