Bug 3351 - pdb_mysql again overwrites password fields
Summary: pdb_mysql again overwrites password fields
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: pdb_sql (show other bugs)
Version: 3.0.21
Hardware: x86 Linux
: P3 regression
Target Milestone: none
Assignee: pdb_sql maintainers mail alias
QA Contact: Samba QA Contact
Depends on:
Reported: 2005-12-22 10:55 UTC by Florian Effenberger
Modified: 2006-02-03 04:38 UTC (History)
9 users (show)

See Also:

Bugfix (875 bytes, patch)
2005-12-30 04:04 UTC, Volker Lendecke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Effenberger 2005-12-22 10:55:23 UTC
Today, I upgraded from 3.0.20b to 3.0.21, and pdb_mysql again overwrites password fields. All accounts - user and machine - had the same password.

This is the bug that was initially fixed in 3.0.20a or b.

I don't know if it is a packaging error or a new bug in the module, but 3.0.21 should NOT BE USED for production use of pdb_mysql.

The file date and time reads:
-rw-r--r--  1 783 783 13739 2005-10-14 09:03 samba-3.0.20b/source/passdb/pdb_mysql.c
-rw-r--r--  1 783 783 17629 2005-10-12 19:03 samba-3.0.20b/source/passdb/pdb_pgsql.c
-rw-r--r--  1 783 783 17804 2005-10-12 19:03 samba-3.0.20b/source/passdb/pdb_sql.c

-rw-r--r--  1 783 783 13739 2005-12-22 14:18 samba-3.0.21/source/passdb/pdb_mysql.c
-rw-r--r--  1 783 783 17629 2005-09-29 23:52 samba-3.0.21/source/passdb/pdb_pgsql.c
-rw-r--r--  1 783 783 17818 2005-11-09 19:29 samba-3.0.21/source/passdb/pdb_sql.c

At least pdb_pgsql is older in 3.0.2 (however, I use pdb_mysql).
Comment 1 Florian Effenberger 2005-12-22 10:56:08 UTC
After upgrading to 3.0.21, it worked fine, I could logon.
But after a while, this did not work anymore because of wrong machine credentials.

I guess a machine or a user tried to change the password, whereas all password fields in the table - not only the one of the machine or user - got affected.
Comment 2 Jeremy Allison 2005-12-22 11:08:15 UTC
I feel quite cross. I informed the pdb sql maintainers list before 3.0.21 shipped that there had been changes that would require attention. I got no response and we could not delay 3.0.21 any further.

Jerry, if we don't get any response from the maintainers we just have to pull all this code out of the tree. Unmaintained code is worse than no code at all.

Comment 3 Florian Effenberger 2005-12-22 11:32:18 UTC
Sorry, I'm also on this pdb_sql-list and that mail in fact never reached me.
Could you please send it again?

I'm quite sure someone will fix it.

For me, removing the pdb_mysql module is definitely NOT an option. As you can see from the response to the previous attempt, that module is used quite often (although declared as experimantal).
Comment 4 Florian Effenberger 2005-12-22 11:39:07 UTC
Adding Jelmer to CC, maybe he's interested in helping to fix as well. ;-)
Comment 5 Volker Lendecke 2005-12-22 11:42:50 UTC
Florian, what about taking it out of the Samba core and provide a separate page with a patch?

Comment 6 Florian Effenberger 2005-12-22 11:53:44 UTC
Okay, that would be an option as well, however, then I would ask you to link it on the Samba website.

@pdbsql team: Anyone of you capable of providing a patch? I'm no programmer, unfortunately - but we got it up last time, so I hope we can get it up this time again. ;-) I could help debugging and testing it.

@Volker, Jerry, Jeremy: Could you please provide us with information on what actually changed in 3.0.21? I have the fear that just a wrong version got packaged or that a bug was backported.

This bug seems to be exactly the same we experienced last time, so I'm not quite sure it has something to do with the new Samba core.
Comment 7 Volker Lendecke 2005-12-22 11:56:28 UTC
You have to talk to deryck and the other "root"s on samba.org, but I'm sure that we will even find a corner for you on samba.org proper, so that you don't have to set up webspace yourself.

Comment 8 Florian Effenberger 2005-12-22 11:59:36 UTC
That would be great.

I don't care about the way the patch is provided - whether in Samba or as separate patch - however completely dropping it is no option.

I hope someone from the pdbsql developer team can fix it. :-)
Comment 9 Jelmer Vernooij 2005-12-22 13:27:51 UTC
Jeremy, can you be a bit more specific about what changed in passdb/ between 3.0.20 and 3.0.21 that could've broken pdb_mysql? I don't see any major changes to the pdb_*sql.c files in websvn.

As I mentioned earlier, I wouldn't consider taking this out of the main source a bad idea - the modules can easily be built out of the source tree as .so files (plugins), no need for patching the main source tree. Just my € 0.02. 
Comment 10 Florian Effenberger 2005-12-23 06:39:12 UTC
I just compiled 3.0.21 with the files

pdb_mysql.c  pdb_pgsql.c  pdb_sql.c

from 3.0.20b (my working installation) - but it does not work. As soon as I change a password, all password fields are affected.

As 3.0.20b's version does not work, this does not seem to be a packaging error or a regression, but rather has something to do with the Samba changes in 3.0.21.

Any input is welcome!
Comment 11 Florian Effenberger 2005-12-23 06:39:54 UTC
Adding dmcguire@pegasys.cc
Comment 12 Florian Effenberger 2005-12-23 06:40:14 UTC
Adding rindfuss@wz-berlin.de
Comment 13 Florian Effenberger 2005-12-23 06:40:32 UTC
Adding satya@gentoo.org
Comment 14 Volker Lendecke 2005-12-23 07:03:23 UTC
If you do, please stop smbd, make sure you have 3.0.21 installed, delete all logfiles, start smbd. Then do (and please describe) the steps you do to reproduce the problem.

BTW, please also set 'max log size = 0' during your tests, your logfiles seem truncated. And bzip2 -9 them :-)


Comment 15 Volker Lendecke 2005-12-23 07:05:36 UTC
OUCH, wrong window :-)

Comment 16 Florian Effenberger 2005-12-24 02:20:18 UTC
Adding justin@snt.utwente.nl
Comment 17 Florian Effenberger 2005-12-24 02:21:06 UTC
Adding a.sporto+bzil@gmail.com
Comment 18 Florian Effenberger 2005-12-24 02:21:38 UTC
Adding tpot@samba.org
Comment 19 Florian Effenberger 2005-12-24 02:22:06 UTC
Adding jht@samba.org
Comment 20 Florian Effenberger 2005-12-24 02:23:47 UTC
Okay, I have added some people I think that might be interested in fixing this bug to the Cc list.

Here is a compiled list out of the release notes on what might (!) be an important change to pdb causing the error:

* Allow pdbedit to set the domain for a user account.

* Port some of the non-critical changes from HEAD to 3_0. 
  The main one is the change in pdb_enum_alias_memberships 
  to match samr.idl a bit closer.

* Implement a new caching API for enumerating the pdb elements.

* Convert the RAP user and group enumeration functions to the 
  utilized the pdb_search API. 

* Fix up example pdb modules after prototype change for 

* Add the capability to set account description using pdbedit.

* BUG 892: Default unknown_6 field to 1260 in mySQL pdb module.

* BUG 1957: Implement minimal update of fields in mySQL pdb 

* Cache the result of a pdb_getsampwnam for later SID lookup 

* BUG 2080: Fix duplicate call to pdb_get_acct_desc().

* Backport pdbedit changes from trunk.
Comment 21 Florian Effenberger 2005-12-24 02:30:28 UTC
I found out that someone changing his password is NOT necessary for the bug to occur. After five to ten minutes of Samba running, the passwords are all the same. Maybe it has something to do with machine accounts checking/setting their credentials automatically.
Comment 22 Volker Lendecke 2005-12-30 04:04:18 UTC
Created attachment 1637 [details]

Try this patch please.

Comment 23 Florian Effenberger 2005-12-30 05:57:04 UTC
Hello Volker. Thanks a lot, you made my day! IT WORKS! :-)
Tested against Samba 3.0.21a
Comment 24 Björn Jacke 2006-01-07 13:42:46 UTC
this is fixed and checked in.
Comment 25 Andrei Nazarenko 2006-01-27 07:17:59 UTC
Could somebody please confirm if the patch from Volker Lendecke made it to version 3.0.21a?  And if not, what are the chances of it being included in the next released version?
Comment 26 Gerald (Jerry) Carter (dead mail address) 2006-01-27 07:22:05 UTC
It is included in 3.0.21b which is due for release soon.
Comment 27 Mario Lipinski 2006-02-03 03:45:29 UTC
i believe this bug is not fixed
Comment 28 Volker Lendecke 2006-02-03 03:51:24 UTC
Can you provide a debug level 10 log of smbd and a sniff of the traffic between smbd and the sql server?

Comment 29 Mario Lipinski 2006-02-03 04:10:17 UTC
(In reply to comment #28)
> Can you provide a debug level 10 log of smbd and a sniff of the traffic between
> smbd and the sql server?

I will have a look at this this afternoon and send you the logs.
Are the queries logged by mysqld enough or do you need a dump of the network traffic (e.g. by tcpdump)?
Comment 30 Volker Lendecke 2006-02-03 04:23:17 UTC
> I will have a look at this this afternoon and send you the logs.
> Are the queries logged by mysqld enough or do you need a dump of the network
> traffic (e.g. by tcpdump)?
Sorry, I should not have replied to this one. Please ask the pdb-sql maintainers behind samba-pdbsql@samba.org, referred to in bug number 3375.


Comment 31 Mario Lipinski 2006-02-03 04:38:33 UTC
OK. My fault (or also a bug in the packaging files, using debian-unstable).

I made a debian package (with all the defaults except for mysql) and installed it. The package had the version 3.0.20b and i upgraded my system and the 3.0.21a version from the debian repository got installed.

I don't know whether the packaging info should have been updated or i should have updated it before installing.