Apache DBD Auth not working with mysql
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apr-util (Ubuntu) |
Fix Released
|
High
|
Andreas Hasenack | ||
Eoan |
Fix Released
|
High
|
Andreas Hasenack | ||
Focal |
Fix Released
|
High
|
Andreas Hasenack |
Bug Description
[Impact]
The MySQL dbd driver fails to load into apache. This causes apache2 to fail to start if it's configured in this way.
Since MySQL 8.0.2[1], the my_init() function is no longer exported, and it's not expected that clients will call it.
Confirming that, the current build logs for apr-util show:
/home/ubuntu/
1267 | my_init();
| ^~~~~~~
| mysql_init
Furthermore, they also show[2] that loading the mysql driver failed, but that doesn't cause the build to fail (unknown reason: not addressed in this update):
(...)
Loaded pgsql driver OK.
Failed to open pgsql[]
Failed to load driver file apr_dbd_mysql.so <<<<<<<
Loaded sqlite3 driver OK.
(...)
The fix is to not call my_init(). This was confirmed with MySQL upstream.
[Test Case]
* install and enable the dbd authentication module
sudo apt update
sudo apt install apache2 libaprutil1-
sudo a2enmod authn_dbd
sudo systemctl restart apache2
* confirm apache is still working:
curl localhost
* now enable the mysql driver
echo DBDriver mysql | sudo tee /etc/apache2/
sudo a2enconf dbd_mysql
* confirm error when restarting apache
sudo systemctl restart apache2
With the fixed packages, the restart above works just fine.
[Regression Potential]
A deprecated initialization function isn't being called anymore. This SRU isn't testing actual authentication using MySQL, just that the module now loads. There could be specific details in apr-utils that were being handled by my_init() before, and now aren't.
[Other Info]
Patch wasn't upstreamed because it should better check when to call my_init() and when not, i.e., check the mysql version properly and decide.
[Original Description]
Using Apache DBD auth for MySQL server 8 causes an error in Focal 20.04
Same setup is working fine in 16.04 and 18.04
The following line in Apache2/
DBDriver mysql
apache start failed:
apachectl[1188]: Can't load driver file apr_dbd_mysql.so
The file exists in
/usr/lib/
linking the file to
/lib/apache2/
doesn't change the error message
1. https:/
2. https:/
Related branches
- Christian Ehrhardt (community): Approve
- Canonical Server Core Reviewers: Pending requested
-
Diff: 67 lines (+33/-1)4 files modifieddebian/changelog (+7/-0)
debian/control (+2/-1)
debian/patches/mysql8-my_init.patch (+23/-0)
debian/patches/series (+1/-0)
- Canonical Server Core Reviewers: Pending requested
- Canonical Server: Pending requested
-
Diff: 66 lines (+36/-0) (has conflicts)3 files modifieddebian/changelog (+9/-0)
debian/patches/mysql8-my_init.patch (+23/-0)
debian/patches/series (+4/-0)
- Christian Ehrhardt (community): Approve
- Canonical Server Core Reviewers: Pending requested
-
Diff: 53 lines (+31/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/mysql8-my_init.patch (+23/-0)
debian/patches/series (+1/-0)
no longer affects: | apache2 (Ubuntu) |
Changed in apr-util (Ubuntu Eoan): | |
status: | New → Triaged |
Changed in apr-util (Ubuntu Focal): | |
status: | New → Triaged |
Changed in apr-util (Ubuntu Eoan): | |
importance: | Undecided → High |
Changed in apr-util (Ubuntu Focal): | |
importance: | Undecided → High |
no longer affects: | apache2 (Ubuntu Eoan) |
no longer affects: | apache2 (Ubuntu Focal) |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Thanks Andreas for this report. Apparently the same problem happens in Eoan too. The minimal steps to reproduce are:
1. start a fresh LXD container dbd-mysql conf-available/ dbd_mysql. conf
2. apt update
3. apt install apache2 libaprutil1-
4. a2enmod authn_dbd (also enables the dbd module)
5. systemctl restart apache2
6. curl localhost => It works!
7. echo DBDriver mysql > /etc/apache2/
8. a2enconf dbd_mysql
9. systemctl reload apache2
This last reload fails on Eoan and Focal with error:
apachectl[2695]: AH00526: Syntax error on line 1 of /etc/apache2/ conf-enabled/ dbd_mysql. conf:
apachectl[2695]: Can't load driver file apr_dbd_mysql.so
apachectl[2695]: Action 'graceful' failed.
but succeeds on Bionic.