Enhanced Security: mailmng failed: Unable to connect to Plesk Database

[MikeyH]

Hi, is anyone else having issues with mailmng or dnsmng failing to connect to the psa database after enabling enhanced security mode?

The typical errors look like: mailmng failed: Unable to connect to Plesk Database: Access denied for user 'admin'@'localhost' (using password: YES)

Any idea how to update mailmng and dnsmng to submit the AES-128-CBC encrypted passwords?

Database connection failures while deleting a webspace can lead to a corrupted psa database and panel errors like...

Error: Unable to find service node for web service on domain with id=

 

[abdi]

This may help:

http://forum.parallels.com/showthread.php?t=98707

 

[MikeyH]

Login works OK and changing the admin password does not resolve.

The issue seems to be mailmng and dnsmng are unable to connect to mysql after enabling enhanced security.

Both were disabled when upgrading...

 

[MikeyH]

This issue is caused by passwords longer than 32 characters!

 

[MikeyH]

Long Passwords > 32 chars can cause Unable to connect to Plesk Database

Passwords > 32 characters can cause exceptions with mailmng and dnsmng like:

mailmng failed: Unable to connect to Plesk Database: Access denied for user 'admin'@'localhost' (using password: YES)

eg setting password to 35 characters then activating mail services on a domain will cause:

mail_Facade->setReject() failed: exception 'mail_Exception_ManagerExecution' with message 'mailmng failed: Unable to connect to Plesk Database: Access denied for user 'admin'@'localhost' (using password: YES)' in /opt/psa/admin/plib/mail/Manager.php:186
Stack trace:
#0 /opt/psa/admin/plib/mail/Manager.php(379): mail_Manager->callMailMngWithException('set-reject', Array)
#1 /opt/psa/admin/plib/mail/Facade.php(44): mail_Manager->setReject('domain...')
#2 /opt/psa/admin/plib/DSMail.php(103): mail_Facade->setReject('domain...', false)
#3 [internal function]: DSMail->update(false)
#4 /opt/psa/admin/plib/Transaction/WebspaceObjectCallWrapper.php(35): call_user_func_array(Array, Array)
#5 /opt/psa/admin/plib/ui/client.domain.mail.properties.php(112): Transaction_WebspaceObjectCallWrapper->__call('update', Array)
#6 /opt/psa/admin/plib/ui/client.domain.mail.properties.php(112): Transaction_WebspaceMailService->update(false)
#7 /opt/psa/admin/plib/UIPointer.php(595): plesk__client__domain__mail__properties->accessItem('POST', NULL)
#8 /opt/psa/admin/htdocs/plesk.php(45): UIPointer->access('POST')
#9 {main}
0: DSMail.php:107
DSMail->update(boolean false)
1: :
call_user_func_array(array, array)
2: WebspaceObjectCallWrapper.php:35
Transaction_WebspaceObjectCallWrapper->__call(string 'update', array)
3: client.domain.mail.properties.php:112
Transaction_WebspaceMailService->update(boolean false)
4: client.domain.mail.properties.php:112
plesk__client__domain__mail__properties->accessItem(string 'POST', NULL null)
5: UIPointer.php:595
UIPointer->access(string 'POST')
6: plesk.php:45

 

[IgorG]

Looks like that allowed length of password is defined in MySQL. For example:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e "desc mysql.user"
+-----------------------+-----------------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------------+-----------------------------------+------+-----+---------+-------+

| Password | char(41) | NO | | | |

 

[MikeyH]

This is not a mysql issue.

All mysql passwords are hashed into exactly 41 bytes: http://dev.mysql.com/doc/refman/5.1/en/password-hashing.html

 

[MikeyH]

Steps to reproduce:

Fresh install of Plesk 11.0.9 #10 with admin password of 33 characters in length.

Activate/deactivate mail services on a domain will work.

Enable Enhanced Security.

Activate/deactivate mail services on a domain will fail.

 

[IgorG]

According to this old KB article http://kb.parallels.com/en/1027 there is limit for password. Not sure, maybe it is changed now.

 

[MikeyH]

You can use a password with 50 characters without enhanced security mode.

Once you enable enhanced security mode this breaks a working system and the limit is 32 characters to avoid mailmng and dnsmng failures.

If there is a limit... the password field should enforce this limit to prevent database corruption due to these errors.

Please file as a defect with the development team...

 

[IgorG]

Please fill this template with all necessary details - http://forum.parallels.com/showthread.php?t=106113
I will forward your request to developers for investigation.

 

[MikeyH]

PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE

Plesk, 11.0.9, #10, Debian 6.0.5, x86_64


PROBLEM DESCRIPTION

Enabling enhanced security mode with admin password > 32 characters causes mailmng and dnsmng exceptions that can result in webspace, domain and psa database corruption.


STEPS TO REPRODUCE

Fresh install of Plesk 11.0.9 #10 with admin password of 33 characters in length.

Success Test: Activate/deactivate mail services on a domain will work.

Enable Enhanced Security mode.

Fail Test: Activate/deactivate mail services on a domain will fail.


ACTUAL RESULT

Activate/deactivate mail services on a domain will fail with the exception in additional information.

Multiple features (eg delete webspace) will fail with errors related to: mailmng/dnsmng failed: Unable to connect to Plesk Database: Access denied for user 'admin'@'localhost' (using password: YES)


EXPECTED RESULT

All features should work as they did prior to enabling enhanced security mode.

Any limits on maximum password length should be documented and enforced in the password fields with appropriate warnings to prevent errors.

Exceptions related to mailmng and dnsmng operations should be better handled to leave the system in a consistent or recoverable state.


ANY ADDITIONAL INFORMATION

All exceptions are related to: mailmng/dnsmng failed: Unable to connect to Plesk Database: Access denied for user 'admin'@'localhost' (using password: YES)

mail_Facade->setReject() failed: exception 'mail_Exception_ManagerExecution' with message 'mailmng failed: Unable to connect to Plesk Database: Access denied for user 'admin'@'localhost' (using password: YES)' in /opt/psa/admin/plib/mail/Manager.php:186
Stack trace:
#0 /opt/psa/admin/plib/mail/Manager.php(379): mail_Manager->callMailMngWithException('set-reject', Array)
#1 /opt/psa/admin/plib/mail/Facade.php(44): mail_Manager->setReject('domain...')
#2 /opt/psa/admin/plib/DSMail.php(103): mail_Facade->setReject('domain...', false)
#3 [internal function]: DSMail->update(false)
#4 /opt/psa/admin/plib/Transaction/WebspaceObjectCallWrapper.php(35): call_user_func_array(Array, Array)
#5 /opt/psa/admin/plib/ui/client.domain.mail.properties.php(112): Transaction_WebspaceObjectCallWrapper->__call('update', Array)
#6 /opt/psa/admin/plib/ui/client.domain.mail.properties.php(112): Transaction_WebspaceMailService->update(false)
#7 /opt/psa/admin/plib/UIPointer.php(595): plesk__client__domain__mail__properties->accessItem('POST', NULL)
#8 /opt/psa/admin/htdocs/plesk.php(45): UIPointer->access('POST')
#9 {main}
0: DSMail.php:107
DSMail->update(boolean false)
1: :
call_user_func_array(array, array)
2: WebspaceObjectCallWrapper.php:35
Transaction_WebspaceObjectCallWrapper->__call(string 'update', array)
3: client.domain.mail.properties.php:112
Transaction_WebspaceMailService->update(boolean false)
4: client.domain.mail.properties.php:112
plesk__client__domain__mail__properties->accessItem(string 'POST', NULL null)
5: UIPointer.php:595
UIPointer->access(string 'POST')
6: plesk.php:45

 

[IgorG]

Thank you for detailed report. I have forwarded it to developers and I will update thread with results of investigation as soon as I receive them.

 

[PietjeP]

We experience the same problems as Mikey.

Since the "Enhanced" security mode cannot be switched back off, we continue to have a defect mailserver running that cannot be managed through Plesk.

Fix through microupdate would be much appreciated.