The Samba-Bugzilla – Bug 3351
pdb_mysql again overwrites password fields
Last modified: 2006-02-03 04:38:33 UTC
Today, I upgraded from 3.0.20b to 3.0.21, and pdb_mysql again overwrites password fields. All accounts - user and machine - had the same password.
This is the bug that was initially fixed in 3.0.20a or b.
I don't know if it is a packaging error or a new bug in the module, but 3.0.21 should NOT BE USED for production use of pdb_mysql.
The file date and time reads:
-rw-r--r-- 1 783 783 13739 2005-10-14 09:03 samba-3.0.20b/source/passdb/pdb_mysql.c
-rw-r--r-- 1 783 783 17629 2005-10-12 19:03 samba-3.0.20b/source/passdb/pdb_pgsql.c
-rw-r--r-- 1 783 783 17804 2005-10-12 19:03 samba-3.0.20b/source/passdb/pdb_sql.c
-rw-r--r-- 1 783 783 13739 2005-12-22 14:18 samba-3.0.21/source/passdb/pdb_mysql.c
-rw-r--r-- 1 783 783 17629 2005-09-29 23:52 samba-3.0.21/source/passdb/pdb_pgsql.c
-rw-r--r-- 1 783 783 17818 2005-11-09 19:29 samba-3.0.21/source/passdb/pdb_sql.c
At least pdb_pgsql is older in 3.0.2 (however, I use pdb_mysql).
After upgrading to 3.0.21, it worked fine, I could logon.
But after a while, this did not work anymore because of wrong machine credentials.
I guess a machine or a user tried to change the password, whereas all password fields in the table - not only the one of the machine or user - got affected.
I feel quite cross. I informed the pdb sql maintainers list before 3.0.21 shipped that there had been changes that would require attention. I got no response and we could not delay 3.0.21 any further.
Jerry, if we don't get any response from the maintainers we just have to pull all this code out of the tree. Unmaintained code is worse than no code at all.
Sorry, I'm also on this pdb_sql-list and that mail in fact never reached me.
Could you please send it again?
I'm quite sure someone will fix it.
For me, removing the pdb_mysql module is definitely NOT an option. As you can see from the response to the previous attempt, that module is used quite often (although declared as experimantal).
Adding Jelmer to CC, maybe he's interested in helping to fix as well. ;-)
Florian, what about taking it out of the Samba core and provide a separate page with a patch?
Okay, that would be an option as well, however, then I would ask you to link it on the Samba website.
@pdbsql team: Anyone of you capable of providing a patch? I'm no programmer, unfortunately - but we got it up last time, so I hope we can get it up this time again. ;-) I could help debugging and testing it.
@Volker, Jerry, Jeremy: Could you please provide us with information on what actually changed in 3.0.21? I have the fear that just a wrong version got packaged or that a bug was backported.
This bug seems to be exactly the same we experienced last time, so I'm not quite sure it has something to do with the new Samba core.
You have to talk to deryck and the other "root"s on samba.org, but I'm sure that we will even find a corner for you on samba.org proper, so that you don't have to set up webspace yourself.
That would be great.
I don't care about the way the patch is provided - whether in Samba or as separate patch - however completely dropping it is no option.
I hope someone from the pdbsql developer team can fix it. :-)
Jeremy, can you be a bit more specific about what changed in passdb/ between 3.0.20 and 3.0.21 that could've broken pdb_mysql? I don't see any major changes to the pdb_*sql.c files in websvn.
As I mentioned earlier, I wouldn't consider taking this out of the main source a bad idea - the modules can easily be built out of the source tree as .so files (plugins), no need for patching the main source tree. Just my € 0.02.
I just compiled 3.0.21 with the files
pdb_mysql.c pdb_pgsql.c pdb_sql.c
from 3.0.20b (my working installation) - but it does not work. As soon as I change a password, all password fields are affected.
As 3.0.20b's version does not work, this does not seem to be a packaging error or a regression, but rather has something to do with the Samba changes in 3.0.21.
Any input is welcome!
If you do, please stop smbd, make sure you have 3.0.21 installed, delete all logfiles, start smbd. Then do (and please describe) the steps you do to reproduce the problem.
BTW, please also set 'max log size = 0' during your tests, your logfiles seem truncated. And bzip2 -9 them :-)
OUCH, wrong window :-)
Okay, I have added some people I think that might be interested in fixing this bug to the Cc list.
Here is a compiled list out of the release notes on what might (!) be an important change to pdb causing the error:
* Allow pdbedit to set the domain for a user account.
* Port some of the non-critical changes from HEAD to 3_0.
The main one is the change in pdb_enum_alias_memberships
to match samr.idl a bit closer.
* Implement a new caching API for enumerating the pdb elements.
* Convert the RAP user and group enumeration functions to the
utilized the pdb_search API.
* Fix up example pdb modules after prototype change for
* Add the capability to set account description using pdbedit.
* BUG 892: Default unknown_6 field to 1260 in mySQL pdb module.
* BUG 1957: Implement minimal update of fields in mySQL pdb
* Cache the result of a pdb_getsampwnam for later SID lookup
* BUG 2080: Fix duplicate call to pdb_get_acct_desc().
* Backport pdbedit changes from trunk.
I found out that someone changing his password is NOT necessary for the bug to occur. After five to ten minutes of Samba running, the passwords are all the same. Maybe it has something to do with machine accounts checking/setting their credentials automatically.
Created attachment 1637 [details]
Try this patch please.
Hello Volker. Thanks a lot, you made my day! IT WORKS! :-)
Tested against Samba 3.0.21a
this is fixed and checked in.
Could somebody please confirm if the patch from Volker Lendecke made it to version 3.0.21a? And if not, what are the chances of it being included in the next released version?
It is included in 3.0.21b which is due for release soon.
i believe this bug is not fixed
Can you provide a debug level 10 log of smbd and a sniff of the traffic between smbd and the sql server?
(In reply to comment #28)
> Can you provide a debug level 10 log of smbd and a sniff of the traffic between
> smbd and the sql server?
I will have a look at this this afternoon and send you the logs.
Are the queries logged by mysqld enough or do you need a dump of the network traffic (e.g. by tcpdump)?
> I will have a look at this this afternoon and send you the logs.
> Are the queries logged by mysqld enough or do you need a dump of the network
> traffic (e.g. by tcpdump)?
Sorry, I should not have replied to this one. Please ask the pdb-sql maintainers behind email@example.com, referred to in bug number 3375.
OK. My fault (or also a bug in the packaging files, using debian-unstable).
I made a debian package (with all the defaults except for mysql) and installed it. The package had the version 3.0.20b and i upgraded my system and the 3.0.21a version from the debian repository got installed.
I don't know whether the packaging info should have been updated or i should have updated it before installing.