Univention Bugzilla – Bug 39695
UMC-Server: crash due to race condition on authentication request
Last modified: 2015-11-17 12:12:37 CET
During the SAML implementation a race condition has been implemented which might cause that the UMC-Server crashes if two parallel authentication requests are done. The first succeeded authentication request will remove the state.authResponse which the second wants to use. 31.10.15 12:35:42.907 RESOURCES ( INFO ) : Loaded categories from default.xml 31.10.15 12:35:42.907 RESOURCES ( INFO ) : Reloading UCR variables 31.10.15 12:35:42.922 AUTH ( INFO ) : Canonicalized username; 'Administrator' 31.10.15 12:35:42.923 AUTH ( ERROR ) : ### query_list=[('SAML message: ', 1)], auth=<pam object, service="univention-management-console", user="Administrator", conv=0x309f6c0, pamh=0x33387d0>, data=({1: ['asdf'], 3: [''], 4: ['', '', '']}, None), answer=[('asdf', 0)], prompts=None 31.10.15 12:35:42.923 AUTH ( ERROR ) : ### query_list=[('Passwort: ', 1)], auth=<pam object, service="univention-management-console", user="Administrator", conv=0x309f6c0, pamh=0x33387d0>, data=({1: [], 3: [''], 4: ['', '', '']}, None), answer=[('asdf', 0)], prompts=None 31.10.15 12:35:45.374 AUTH ( ERROR ) : PAM: authentication error: ('Fehler bei Authentifizierung', 7) 31.10.15 12:35:45.374 AUTH ( ERROR ) : The authentication has failed, please login again 31.10.15 12:35:45.374 AUTH ( INFO ) : Trying to authenticate user 'Administrator' 31.10.15 12:35:45.377 PARSER ( INFO ) : UMCP RESPONSE 144629134246911-937 parsed successfully 31.10.15 12:35:45.377 PROTOCOL ( INFO ) : Received UMCP RESPONSE 144629134246911-937 31.10.15 12:35:45.409 AUTH ( INFO ) : Canonicalized username; 'Administrator' 31.10.15 12:35:45.410 AUTH ( ERROR ) : ### query_list=[('SAML message: ', 1)], auth=<pam object, service="univention-management-console", user="Administrator", conv=0x309f6c0, pamh=0x33387d0>, data=({1: ['dsf'], 3: [''], 4: ['', '', '']}, None), answer=[('dsf', 0)], prompts=None 31.10.15 12:35:45.410 AUTH ( ERROR ) : ### query_list=[('Passwort: ', 1)], auth=<pam object, service="univention-management-console", user="Administrator", conv=0x309f6c0, pamh=0x33387d0>, data=({1: [], 3: [''], 4: ['', '', '']}, None), answer=[('dsf', 0)], prompts=None 31.10.15 12:35:53.618 AUTH ( ERROR ) : PAM: authentication error: ('Fehler bei Authentifizierung', 7) 31.10.15 12:35:53.618 AUTH ( ERROR ) : The authentication has failed, please login again 31.10.15 12:35:53.621 MAIN ( ERROR ) : Traceback (most recent call last): File "/usr/sbin/univention-management-console-server", line 226, in <module> umc_daemon.do_action() File "/usr/lib/pymodules/python2.7/daemon/runner.py", line 186, in do_action func(self) File "/usr/sbin/univention-management-console-server", line 153, in _restart self._start() File "/usr/lib/pymodules/python2.7/daemon/runner.py", line 131, in _start self.app.run() File "/usr/sbin/univention-management-console-server", line 203, in run notifier.loop() File "/usr/lib/pymodules/python2.7/notifier/nf_generic.py", line 283, in loop step() File "/usr/lib/pymodules/python2.7/notifier/nf_generic.py", line 275, in step __min_timer = dispatch.dispatcher_run() File "/usr/lib/pymodules/python2.7/notifier/dispatch.py", line 72, in dispatcher_run if not disp(): File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 154, in _simple_threads_dispatcher task.announce() File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 135, in announce self._callback( self, self._result ) File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "/usr/lib/pymodules/python2.7/univention/management/console/auth.py", line 144, in __authentication_result self.signal_emit('authenticated', auth_result) File "/usr/lib/pymodules/python2.7/notifier/signals.py", line 75, in signal_emit self.__signals[ signal ].emit( *args ) File "/usr/lib/pymodules/python2.7/notifier/signals.py", line 41, in emit cb( *args ) File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/session.py", line 117, in _authenticated self.signal_emit('authenticated', result, self) File "/usr/lib/pymodules/python2.7/notifier/signals.py", line 75, in signal_emit self.__signals[ signal ].emit( *args ) File "/usr/lib/pymodules/python2.7/notifier/signals.py", line 41, in emit cb( *args ) File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/server.py", line 112, in _authenticated state.authResponse.status = result.status AttributeError: 'NoneType' object has no attribute 'status'
Fixed by not creating the response object immediately but passing the request as parameter in the authenticated signals. univention-management-console (8.0.22-1): r65056 | Bug #39695: fix race condition during duplicated authentication
Unable to run into any race condition now. No changelog needed.
UCS 4.1 has been released: https://docs.software-univention.de/release-notes-4.1-0-en.html https://docs.software-univention.de/release-notes-4.1-0-de.html If this error occurs again, please use "Clone This Bug".