[ZBX-15634] ODBC key does not use stored credentials (MariaDB ODBC/Connector) Created: 2019 Feb 11  Updated: 2024 Apr 10  Resolved: 2019 Apr 09

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Proxy (P), Server (S)
Affects Version/s: 4.0.4
Fix Version/s: 4.0.7rc1, 4.2.1rc1, 4.4.0alpha1, 4.4 (plan)

Type: Patch request Priority: Major
Reporter: Jose Deniz Assignee: Andrejs Kozlovs
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File image-2019-02-11-08-42-25-700.png     File odbc-mariadb.patch    
Team: Team A
Team: Team A
Sprint: Sprint 50 (Mar 2019), Sprint 51 (Apr 2019)
Story Points: 0.25

 Description   

Steps to reproduce:

  1. Vanilla installation of zabbix-server-mysql using zabbix repositories (RHEL 7)
  2. Install and configure ODBC using Maria ODBC/Connector (tested 2.08, 3.0.8 & 3.1.0 RC versions
  3. Create an odbc entry for a server 
    [myserver]
Description           = zabbix
Driver                = MariaDB
Database              = zabbix
Server                = 127.0.0.1
User                  = tests
Password              = tests
Port                  = 3306
  1. Create a database monitor item like this:

Result:

It fails with

  5204:20190210:160003.410 In get_value() key:'db.odbc.select[odbc_test,myserver]'
  5204:20190210:160003.410 In get_value_db() key_orig:'db.odbc.select[odbc_test,myserver]' query:'select 1'
  5204:20190210:160003.410 In zbx_odbc_connect() dsn:'poc04.dev.bpm.crk.ot01.net' user:''

Looking at ODBC trace:

[ODBC][6655][1549817973.920999][SQLConnect.c][3700]
        Entry:
            Connection = 0x557318b46330
            Server Name = [myserver][length = 26 (SQL_NTS)]
            User Name = [][length = 0 (SQL_NTS)]
            Authentication = [][length = 0 (SQL_NTS)]
        UNICODE Using encoding ASCII 'ISO8859-1' and UNICODE 'UCS-2LE'

        DIAG [28000] [ma-3.0.8]Access denied for user 'zabbix'@'localhost' (using password: NO)

Expected:
Successful login (using stored odbc.ini credentials)

 Comments   
Comment by Jose Deniz [ 2019 Feb 11 ]

This happens because MariaDB ODBC distinguish between empty or null username or password, so if we send empty string values it tries to use local system user. ODBC stored values are tests:tests but instead query is done using zabbix as user

  5204:20190210:160003.410 In get_value() key:'db.odbc.select[myserver]'
  5204:20190210:160003.410 In get_value_db() key_orig:'db.odbc.select[myserver]' query:'select 1'
  5204:20190210:160003.410 In zbx_odbc_connect() dsn:'myserver' user:''
  5204:20190210:160003.411 zbx_odbc_diag(): [SQL_SUCCESS]
  5204:20190210:160003.411 zbx_odbc_diag(): [SQL_SUCCESS]
  5204:20190210:160003.411 zbx_odbc_diag(): [SQL_SUCCESS]
  5204:20190210:160003.415 zbx_odbc_diag(): [SQL_ERROR]:[28000][1045][[unixODBC][ma-3.0.8]Access denied for user 'zabbix'@'localhost' (using password: NO)]
  5204:20190210:160003.416 End of zbx_odbc_connect()
  5204:20190210:160003.416 End of get_value_db():NOTSUPPORTED

 

An isql session (odbc trace) using odbc.ini #isql myserver:

ODBC][6969][1549817891.100123][SQLConnect.c][3700]
        Entry:
            Connection = 0x19f9050
            Server Name = [myserver][length = 26 (SQL_NTS)]
            User Name = [NULL]
            Authentication = [NULL]
        UNICODE Using encoding ASCII 'ISO8859-1' and UNICODE 'UCS-2LE'

[ODBC][6969][1549817891.117190][SQLConnect.c][4273]
        Exit:[SQL_SUCCESS]

Being sent user & password as null values ODBC uses stored credentials at odbc.ini file and login is successful 

 

 

Patch proposed is very simple, if user or pass are empty send them to ODBC as null values. With this small patch it works as expected.

patched zabbix-server log:

  5624:20190210:160953.717 In zbx_odbc_connect() dsn:'myserver' user:''
  5624:20190210:160953.718 zbx_odbc_diag(): [SQL_SUCCESS]
  5624:20190210:160953.718 zbx_odbc_diag(): [SQL_SUCCESS]
  5624:20190210:160953.718 zbx_odbc_diag(): [SQL_SUCCESS]
  5624:20190210:160953.725 zbx_odbc_diag(): [SQL_SUCCESS]
  5624:20190210:160953.725 zbx_odbc_diag(): [SQL_SUCCESS]
  5624:20190210:160953.725 zbx_odbc_diag(): [SQL_SUCCESS]
  5624:20190210:160953.725 zbx_odbc_diag(): [SQL_SUCCESS]
  5624:20190210:160953.726 zbx_odbc_diag(): [SQL_SUCCESS]
  5624:20190210:160953.726 zbx_odbc_connect() connected to MariaDB(10.01.000038) using libmaodbc.so(03.00.0008)
  5624:20190210:160953.726 End of zbx_odbc_connect()
  5624:20190210:160953.726 In zbx_odbc_select() query:'select 1'
  5624:20190210:160953.726 zbx_odbc_diag(): [SQL_SUCCESS]

 

 

 

Comment by Aigars Kadikis [ 2019 Feb 11 ]

Hello Jose Deniz,

Thank you for registering this thread.

Is it correct that you are trying an option to not store any other database credentials inside Zabbix database? Instead, you want to store credentials on the filesystem only?

Comment by Jose Deniz [ 2019 Feb 11 ]

Hello aigars.kadikis,

Yes. Configured in that way. odbc.ini storing DSN, user, password, database and server. Nothing is stored at zabbix database but key and SQL query. I've been using this model widely on 3.0 LTS

Comment by Arturs Lontons [ 2019 Feb 12 ]

Hi,

Thank you for reporting the issue.

I was able to replicate this behavior with MariaDB connector 3.1.0RC version. Not sure if this warrants a fix from the Zabbix side or some additional clarification in the documentation - I'll pass this on to the development team for them to discuss internally.

Comment by Glebs Ivanovskis [ 2019 Mar 09 ]

I've been using this model widely on 3.0 LTS

jadeniz, you mean the patch? I'm surprised to hear that 4.0 behaves any different to 3.0.

Comment by Jose Deniz [ 2019 Mar 11 ]

@cyclone This configuration worked in Zabbix 2.4 and 3.0. I found this problem upgrading 3.0 servers and none of them (2.4 or 3.0) were patched. Basically they stopped working after 4.0 upgrade.

Comment by Vladislavs Sokurenko [ 2019 Mar 25 ]

(1) [D] Update ODBC description to mention what specifying username and password does.

User name Enter the database user name (optional if user is specified in odbc.ini)
Password Enter the database user password (optional if password is specified in odbc.ini)

To:

User name Enter the database user name (optional, if left blank then user specified in odbc.ini will be used)
Password Enter the database user password (optional, if left blank then password specified in odbc.ini will be used)

Comment by Vladislavs Sokurenko [ 2019 Mar 25 ]

(2) [D] Upgrade notes

While MySQL and PostgreSQL drivers should work the same as before the upgrade, due to changes required for MariaDB driver to work correctly some unixODBC drivers might need reconfiguration in cases where empty username or password was configured in Database monitor item and it was not meant to work as mentioned below:
user name (optional, if left blank then user specified in odbc.ini will be used)
user password (optional, if left blank then password specified in odbc.ini will be used)

If empty password or user is required it needs to be specified in odbc.ini instead.

Comment by Vladislavs Sokurenko [ 2019 Mar 25 ]

Successfully tested

Comment by Glebs Ivanovskis [ 2019 Mar 25 ]

Zabbix typically uses

if ('\0' == *some_string)

instead of

if ('\0' == some_string[0])

vso yes cyclone that is true and was noticed but forgotten to change, thanks a lot for reminding.

cyclone You are welcome!

Comment by Andrejs Kozlovs [ 2019 Apr 03 ]

Fixed in:

  • pre-4.0.7rc1 r91887
  • pre-4.2.1rc1 r91888
  • pre-4.4.0alpha1 (trunk) r91889
Generated at Sat Apr 20 04:38:53 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.