Univention Bugzilla – Bug 28140
UMC-Server Abstürze
Last modified: 2012-12-12 21:10:44 CET
Wird ein Request via 'umc-command' mit Ctrl-C abgebrochen, so stürzt der Server ab. Siehe: # ps aux | grep '[u]nivention-management-console-server' root 15063 9.6 1.2 22028 12820 ? S 09:38 0:00 /usr/bin/python2.6 /usr/sbin/univention-management-console-server start # umc-command -U Administrator -P univention "schoolwizards/schools/create" -o name=test 02.08.12 10:43:06.850 DEBUG_INIT ^CTraceback (most recent call last): File "/usr/sbin/umc-command", line 270, in <module> notifier.loop() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 284, in loop step() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 220, in step fds = __poll.poll( timeout ) KeyboardInterrupt # ps aux | grep '[u]nivention-management-console-server'
Der Clienttraceback hilft nicht viel weiter, hier ist der Serverseitige Traceback: Traceback (most recent call last): File "/usr/sbin/univention-management-console-server", line 209, in <module> umc_daemon.do_action() File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 186, in do_action func(self) File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 131, in _start self.app.run() File "/usr/sbin/univention-management-console-server", line 192, in run notifier.loop() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 284, in loop step() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 271, in step not __sockets[ cond ][ fd ]( sock_obj ): File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 144, in _receive self.__states[ socket ].processor.shutdown() File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 218, in shutdown self.__processes[ module_name ].request( req ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/client.py", line 254, in request if self._resend( sock ): File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/client.py", line 193, in _resend bytessent = sock.send( data ) socket.error: [Errno 107] Der Socket ist nicht verbunden
Es werden 3 errnos abgefangen, ansonsten wird die Exception weitergereicht, wenn sie nicht EAGAIN ist. Patchvorschlag: Index: src/univention/management/console/protocol/client.py =================================================================== --- src/univention/management/console/protocol/client.py (Revision 34811) +++ src/univention/management/console/protocol/client.py (Arbeitskopie) @@ -198,11 +198,12 @@ else: del self.__resend_queue[sock][0] except socket.error, e: - if e.errno in ( errno.ECONNABORTED, errno.EISCONN, errno.ENOEXEC ): + if e.errno in ( errno.ECONNABORTED, errno.EISCONN, errno.ENOEXEC, errno.ENOTCONN ): # Error may happen if module process died and server tries to send request at the same time # ECONNABORTED: connection reset by peer # EISCONN: socket not connected # ENOEXEC: bad file descriptor + # ENOTCONN: socket not connected CORE.info( 'Client: _resend: socket is damaged: %s' % str( e ) ) self.signal_emit( 'closed' ) return False
(In reply to comment #2) > Patchvorschlag: > … Da muss True returned werden. eher: - if e[0] != 11: - raise - return True + if e.errno in (errno.ENOTCONN, errno.EAGAIN): + return True + raise ------------------------------------------------------------------- 2 Weitere Abstürze des UMC-Servers könne so verursacht werden: Angabe eines nicht iterierbaren Datentyp (z.b. integer) bei der Abfrage von ucr variablen. # umc-get -U Administrator -P univention ucr -e -o '1' Traceback (most recent call last): File "/usr/sbin/univention-management-console-server", line 209, in <module> umc_daemon.do_action() File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 186, in do_action func(self) File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 131, in _start self.app.run() File "/usr/sbin/univention-management-console-server", line 192, in run notifier.loop() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 284, in loop step() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 271, in step not __sockets[ cond ][ fd ]( sock_obj ): File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 163, in _receive self._handle( state, msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 217, in _handle for value in msg.options: TypeError: 'int' object is not iterable ------------------------------------------------------------ AUTH request ohne username oder passwort parameter, oder wenn request.options kein dict ist. # ln -s /usr/sbin/univention-management-console-client /usr/sbin/umc-auth # umc-auth -U Administrator -P univention Traceback (most recent call last): File "/usr/sbin/univention-management-console-server", line 209, in <module> umc_daemon.do_action() File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 186, in do_action func(self) File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 131, in _start self.app.run() File "/usr/sbin/univention-management-console-server", line 192, in run notifier.loop() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 284, in loop step() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 271, in step not __sockets[ cond ][ fd ]( sock_obj ): File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 163, in _receive self._handle( state, msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 211, in _handle state.authenticate( msg.body[ 'username' ], msg.body[ 'password' ] ) KeyError: 'username'
Weiterer Absturz durch syntax/verification # umc-get -U Administrator -P univention syntax/verification -e -o '1' Traceback (most recent call last): File "/usr/sbin/univention-management-console-server", line 209, in <module> umc_daemon.do_action() File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 186, in do_action func(self) File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 131, in _start self.app.run() File "/usr/sbin/univention-management-console-server", line 192, in run notifier.loop() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 284, in loop step() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 271, in step not __sockets[ cond ][ fd ]( sock_obj ): File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 163, in _receive self._handle( state, msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 270, in _handle state.processor.request( msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 241, in request self.handle_request_get( msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 349, in handle_request_get syntax_name = msg.options.get( 'syntax' ) AttributeError: 'int' object has no attribute 'get'
Absturz durch /SET # umc-set -U Administrator -P univention / -e -o '1' Traceback (most recent call last): File "/usr/sbin/univention-management-console-server", line 209, in <module> umc_daemon.do_action() File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 186, in do_action func(self) File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 131, in _start self.app.run() File "/usr/sbin/univention-management-console-server", line 192, in run notifier.loop() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 284, in loop step() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 271, in step not __sockets[ cond ][ fd ]( sock_obj ): File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 163, in _receive self._handle( state, msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 270, in _handle state.processor.request( msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 243, in request self.handle_request_set( msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 384, in handle_request_set for key, value in msg.options.items(): AttributeError: 'int' object has no attribute 'items'
Dasselbe auch in /upload: # umc-upload -U Administrator -P univention '' -e -o '[1]' Traceback (most recent call last): File "/usr/sbin/univention-management-console-server", line 209, in <module> umc_daemon.do_action() File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 186, in do_action func(self) File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 131, in _start self.app.run() File "/usr/sbin/univention-management-console-server", line 192, in run notifier.loop() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 284, in loop step() File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 271, in step not __sockets[ cond ][ fd ]( sock_obj ): File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 163, in _receive self._handle( state, msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 270, in _handle state.processor.request( msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 249, in request self.handle_request_upload( msg ) File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 476, in handle_request_upload tmpfilename = file_obj[ 'tmpfile' ] TypeError: 'int' object is unsubscriptable
*** Bug 27883 has been marked as a duplicate of this bug. ***
Aus Bug #27883 (In reply to comment #2) > Dadurch steht hier nur noch dieser Punkt aus: > > * eventuell ist der uploader noch angreifbar für einen Request mit htmlcode im > > parameter "filename" Um den "filename"+"name"-Parameter sollte noch ein html-escape gebaut werden.
Fixed in: univention-management-console (5.0.16-1) unstable; urgency=low . * fixed crashing of UMC-Server when client socket disconnects; Bug #28140 * added validation of various requests which leads to crashing of UMC Server; Bug #28140 * filename and name parameter for UMCP UPLOAD are now html encoded; Bug #27883 * added catching of TypeError in IntegerSanitizer; Bug #27720 für die QA: Die folgenden Befehle sollten den Server nicht mehr zum Absturz bringen: umc-get -U Administrator -P univention ucr -e -o '1' umc-get -U Administrator -P univention ucr -e -o '[1]' umc-set -U Administrator -P univention '' -e -o '1' umc-get -U Administrator -P univention syntax/verification -e -o '1' umc-upload -U Administrator -P univention / -e -o '[1]' umc-upload -U Administrator -P univention / -e -o '[{}]' ln -s /usr/sbin/univention-management-console-client /usr/sbin/umc-auth umc-auth -U Administrator -P univention Außerdem muss geprüft werden, was passiert, wenn umc-command schnell abgebrochen wird (ich weiß nicht, warum Exceptions mit anderen enums durchgereicht werden, aber nicht weiter abgefangen werden, macht für mich wenig Sinn). Die Upload parameter "name" + "filename" sollten html-kodiert sein: touch '/var/tmp/univention-management-console-frontend/<>"' umc-upload -U Administrator -P univention / -e -o '[{"tmpfile":"/var/tmp/univention-management-console-frontend/<>\"", "name":"<>\"", "filename":"<>\""}]'
FYI, in client.py: # EAGAIN: ? os.strerror(errno.EAGAIN) → 'Resource temporarily unavailable' Changelog → OK (In reply to comment #9) > ... > für die QA: > Die folgenden Befehle sollten den Server nicht mehr zum Absturz bringen: > umc-get -U Administrator -P univention ucr -e -o '1' > umc-get -U Administrator -P univention ucr -e -o '[1]' > umc-set -U Administrator -P univention '' -e -o '1' > umc-get -U Administrator -P univention syntax/verification -e -o '1' > umc-upload -U Administrator -P univention / -e -o '[1]' > umc-upload -U Administrator -P univention / -e -o '[{}]' > ln -s /usr/sbin/univention-management-console-client /usr/sbin/umc-auth > umc-auth -U Administrator -P univention → OK > Außerdem muss geprüft werden, was passiert, wenn umc-command schnell > abgebrochen wird (ich weiß nicht, warum Exceptions mit anderen enums > durchgereicht werden, aber nicht weiter abgefangen werden, macht für mich wenig > Sinn). → OK > Die Upload parameter "name" + "filename" sollten html-kodiert sein: > touch '/var/tmp/univention-management-console-frontend/<>"' > umc-upload -U Administrator -P univention / -e -o > '[{"tmpfile":"/var/tmp/univention-management-console-frontend/<>\"", > "name":"<>\"", "filename":"<>\""}]' → Wie besprochen, bitte die Zeichen "<" und ">" im UMC-Webserver durch "_" ersetzen anstelle der HTML-Kodierung, da diese potentiell zu Seiteneffekten in den Modulen führen kann.
univention-management-console (5.0.23-1) univention-management-console-frontend (2.0.61-1)
(In reply to comment #10) > ... > → Wie besprochen, bitte die Zeichen "<" und ">" im UMC-Webserver durch "_" > ersetzen anstelle der HTML-Kodierung, da diese potentiell zu Seiteneffekten in > den Modulen führen kann. → OK, die HTML-kodierten Zeichen sind jetzt nicht mehr da, "<" und ">" werden durch den Web-Server umgewandelt.
UCS 3.1-0 has been released: http://forum.univention.de/viewtopic.php?f=54&t=2125 If this error occurs again, please use "Clone This Bug".