[ZBX-15634] ODBC key does not use stored credentials (MariaDB ODBC/Connector) Created: 2019 Feb 11 Updated: 2024 Apr 10 Resolved: 2019 Apr 09 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Proxy (P), Server (S) |
Affects Version/s: | 4.0.4 |
Fix Version/s: | 4.0.7rc1, 4.2.1rc1, 4.4.0alpha1, 4.4 (plan) |
Type: | Patch request | Priority: | Major |
Reporter: | Jose Deniz | Assignee: | Andrejs Kozlovs |
Resolution: | Fixed | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2019-02-11-08-42-25-700.png odbc-mariadb.patch |
Team: | Team A |
Team: | Team A |
Sprint: | Sprint 50 (Mar 2019), Sprint 51 (Apr 2019) |
Story Points: | 0.25 |
Description |
Steps to reproduce:
Result: It fails with 5204:20190210:160003.410 In get_value() key:'db.odbc.select[odbc_test,myserver]' 5204:20190210:160003.410 In get_value_db() key_orig:'db.odbc.select[odbc_test,myserver]' query:'select 1' 5204:20190210:160003.410 In zbx_odbc_connect() dsn:'poc04.dev.bpm.crk.ot01.net' user:'' Looking at ODBC trace: [ODBC][6655][1549817973.920999][SQLConnect.c][3700] Entry: Connection = 0x557318b46330 Server Name = [myserver][length = 26 (SQL_NTS)] User Name = [][length = 0 (SQL_NTS)] Authentication = [][length = 0 (SQL_NTS)] UNICODE Using encoding ASCII 'ISO8859-1' and UNICODE 'UCS-2LE' DIAG [28000] [ma-3.0.8]Access denied for user 'zabbix'@'localhost' (using password: NO) Expected: |
Comments |
Comment by Jose Deniz [ 2019 Feb 11 ] |
This happens because MariaDB ODBC distinguish between empty or null username or password, so if we send empty string values it tries to use local system user. ODBC stored values are tests:tests but instead query is done using zabbix as user 5204:20190210:160003.410 In get_value() key:'db.odbc.select[myserver]' 5204:20190210:160003.410 In get_value_db() key_orig:'db.odbc.select[myserver]' query:'select 1' 5204:20190210:160003.410 In zbx_odbc_connect() dsn:'myserver' user:'' 5204:20190210:160003.411 zbx_odbc_diag(): [SQL_SUCCESS] 5204:20190210:160003.411 zbx_odbc_diag(): [SQL_SUCCESS] 5204:20190210:160003.411 zbx_odbc_diag(): [SQL_SUCCESS] 5204:20190210:160003.415 zbx_odbc_diag(): [SQL_ERROR]:[28000][1045][[unixODBC][ma-3.0.8]Access denied for user 'zabbix'@'localhost' (using password: NO)] 5204:20190210:160003.416 End of zbx_odbc_connect() 5204:20190210:160003.416 End of get_value_db():NOTSUPPORTED
An isql session (odbc trace) using odbc.ini #isql myserver: ODBC][6969][1549817891.100123][SQLConnect.c][3700] Entry: Connection = 0x19f9050 Server Name = [myserver][length = 26 (SQL_NTS)] User Name = [NULL] Authentication = [NULL] UNICODE Using encoding ASCII 'ISO8859-1' and UNICODE 'UCS-2LE' [ODBC][6969][1549817891.117190][SQLConnect.c][4273] Exit:[SQL_SUCCESS] Being sent user & password as null values ODBC uses stored credentials at odbc.ini file and login is successful
Patch proposed is very simple, if user or pass are empty send them to ODBC as null values. With this small patch it works as expected. patched zabbix-server log: 5624:20190210:160953.717 In zbx_odbc_connect() dsn:'myserver' user:'' 5624:20190210:160953.718 zbx_odbc_diag(): [SQL_SUCCESS] 5624:20190210:160953.718 zbx_odbc_diag(): [SQL_SUCCESS] 5624:20190210:160953.718 zbx_odbc_diag(): [SQL_SUCCESS] 5624:20190210:160953.725 zbx_odbc_diag(): [SQL_SUCCESS] 5624:20190210:160953.725 zbx_odbc_diag(): [SQL_SUCCESS] 5624:20190210:160953.725 zbx_odbc_diag(): [SQL_SUCCESS] 5624:20190210:160953.725 zbx_odbc_diag(): [SQL_SUCCESS] 5624:20190210:160953.726 zbx_odbc_diag(): [SQL_SUCCESS] 5624:20190210:160953.726 zbx_odbc_connect() connected to MariaDB(10.01.000038) using libmaodbc.so(03.00.0008) 5624:20190210:160953.726 End of zbx_odbc_connect() 5624:20190210:160953.726 In zbx_odbc_select() query:'select 1' 5624:20190210:160953.726 zbx_odbc_diag(): [SQL_SUCCESS]
|
Comment by Aigars Kadikis [ 2019 Feb 11 ] |
Hello Jose Deniz, Thank you for registering this thread. Is it correct that you are trying an option to not store any other database credentials inside Zabbix database? Instead, you want to store credentials on the filesystem only? |
Comment by Jose Deniz [ 2019 Feb 11 ] |
Hello aigars.kadikis, Yes. Configured in that way. odbc.ini storing DSN, user, password, database and server. Nothing is stored at zabbix database but key and SQL query. I've been using this model widely on 3.0 LTS |
Comment by Arturs Lontons [ 2019 Feb 12 ] |
Hi, Thank you for reporting the issue. I was able to replicate this behavior with MariaDB connector 3.1.0RC version. Not sure if this warrants a fix from the Zabbix side or some additional clarification in the documentation - I'll pass this on to the development team for them to discuss internally. |
Comment by Glebs Ivanovskis [ 2019 Mar 09 ] |
jadeniz, you mean the patch? I'm surprised to hear that 4.0 behaves any different to 3.0. |
Comment by Jose Deniz [ 2019 Mar 11 ] |
@cyclone This configuration worked in Zabbix 2.4 and 3.0. I found this problem upgrading 3.0 servers and none of them (2.4 or 3.0) were patched. Basically they stopped working after 4.0 upgrade. |
Comment by Vladislavs Sokurenko [ 2019 Mar 25 ] |
(1) [D] Update ODBC description to mention what specifying username and password does.
To:
|
Comment by Vladislavs Sokurenko [ 2019 Mar 25 ] |
(2) [D] Upgrade notes While MySQL and PostgreSQL drivers should work the same as before the upgrade, due to changes required for MariaDB driver to work correctly some unixODBC drivers might need reconfiguration in cases where empty username or password was configured in Database monitor item and it was not meant to work as mentioned below: If empty password or user is required it needs to be specified in odbc.ini instead. |
Comment by Vladislavs Sokurenko [ 2019 Mar 25 ] |
Successfully tested |
Comment by Glebs Ivanovskis [ 2019 Mar 25 ] |
Zabbix typically uses if ('\0' == *some_string) instead of if ('\0' == some_string[0]) vso yes cyclone that is true and was noticed but forgotten to change, thanks a lot for reminding. cyclone You are welcome! |
Comment by Andrejs Kozlovs [ 2019 Apr 03 ] |
Fixed in:
|