First Last Prev Next    This bug is not in your last search results.
Bug 52012 - self service is breaking with a "recursion" issue
self service is breaking with a "recursion" issue
Status: NEW
Product: UCS
Classification: Unclassified
Component: Self Service
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-09-15 09:54 CEST by Telirand
Modified: 2021-01-27 01:58 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020091421000041, 2020110221000103
Bug group (optional): Error handling, External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Telirand 2020-09-15 09:54:38 CEST 
password just throws error, when trying to use any method to reset pw

Everything instaleld without an error and the AD syncs....





Internal server error during "passwordreset/get_reset_methods".
Request: passwordreset/get_reset_methods

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/management/console/base.py", line 359, in __error_handling
    six.reraise(etype, exc, etraceback)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/base.py", line 262, in execute
    function.__func__(self, request, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 102, in _decorator
    return func(self, request, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 179, in _decorated
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 181, in _response
    return function(self, request)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 321, in _response
    result = _multi_response(self, request)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 181, in _response
    return function(self, request)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 443, in _response
    return list(function(self, iterator, *nones))
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 289, in _fake_func
    yield function(self, *args)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 874, in get_reset_methods
    if self.is_blacklisted(username, 'passwordreset'):
  File "/usr/lib/python2.7/dist-packages/univention/management/console/ldap.py", line 152, in _decorated
    result = func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1088, in is_blacklisted
    groups_dns.extend(self.get_nested_groups(group_dn))
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups
    res.extend(self.get_nested_groups(ng))





........
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups
    res.extend(self.get_nested_groups(ng))
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups
    res.extend(self.get_nested_groups(ng))
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1124, in get_nested_groups
    group = self.get_udm_group(groupdn)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/ldap.py", line 152, in _decorated
    result = func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/passwordreset/__init__.py", line 1161, in get_udm_group
    group = self.groupmod.object(None, ldap_connection, ldap_position, groupdn)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 230, in __init__
    self.oldattr = self.lo.get(self.dn, attr=attr, required=True)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 710, in get
    return self.lo.get(dn, attr, required)
  File "/usr/lib/python2.7/dist-packages/univention/uldap.py", line 207, in _decorated
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/univention/uldap.py", line 438, in get
    result = self.lo.search_s(dn, ldap.SCOPE_BASE, '(objectClass=*)', attr)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 597, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 993, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 931, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 591, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 503, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 507, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 92, in _ldap_call
    self._ldap_object_lock.acquire()
RuntimeError: maximum recursion depth exceeded
Comment 1 Florian Best univentionstaff 2020-09-15 10:01:33 CEST 
Reported also via Traceback-Feedback:

Version: 4.4-5 errata737 (Blumenthal)

Remark: broken password change

just entered "user name"

Error: 
Internal server error during "passwordreset/get_reset_methods".
Request: passwordreset/get_reset_methods

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 359, in __error_handling
    six.reraise(etype, exc, etraceback)
  File "%PY2.7%/univention/management/console/base.py", line 262, in execute
    function.__func__(self, request, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 102, in _decorator
    return func(self, request, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 179, in _decorated
    return func(self, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 181, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 321, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 181, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 443, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 289, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 874, in get_reset_methods
    if self.is_blacklisted(username, 'passwordreset'):
  File "%PY2.7%/univention/management/console/ldap.py", line 152, in _decorated
    result = func(*args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1088, in is_blacklisted
    groups_dns.extend(self.get_nested_groups(group_dn))
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups
    res.extend(self.get_nested_groups(ng))
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups
    res.extend(self.get_nested_groups(ng))
…
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups
    res.extend(self.get_nested_groups(ng))
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups
    res.extend(self.get_nested_groups(ng))
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1127, in get_nested_groups
    res.extend(self.get_nested_groups(ng))
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1124, in get_nested_groups
    group = self.get_udm_group(groupdn)
  File "%PY2.7%/univention/management/console/ldap.py", line 152, in _decorated
    result = func(*args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 1161, in get_udm_group
    group = self.groupmod.object(None, ldap_connection, ldap_position, groupdn)
  File "%PY2.7%/univention/admin/handlers/__init__.py", line 230, in __init__
    self.oldattr = self.lo.get(self.dn, attr=attr, required=True)
  File "%PY2.7%/univention/admin/uldap.py", line 710, in get
    return self.lo.get(dn, attr, required)
  File "%PY2.7%/univention/uldap.py", line 207, in _decorated
    return func(self, *args, **kwargs)
  File "%PY2.7%/univention/uldap.py", line 438, in get
    result = self.lo.search_s(dn, ldap.SCOPE_BASE, '(objectClass=*)', attr)
  File "%PY2.7%/ldap/ldapobject.py", line 597, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "%PY2.7%/ldap/ldapobject.py", line 993, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "%PY2.7%/ldap/ldapobject.py", line 931, in _apply_method_s
    return func(self,*args,**kwargs)
  File "%PY2.7%/ldap/ldapobject.py", line 591, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "%PY2.7%/ldap/ldapobject.py", line 503, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "%PY2.7%/ldap/ldapobject.py", line 507, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "%PY2.7%/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "%PY2.7%/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "%PY2.7%/ldap/ldapobject.py", line 92, in _ldap_call
    self._ldap_object_lock.acquire()
RuntimeError: maximum recursion depth exceeded
Comment 2 Telirand 2020-09-23 07:54:58 CEST 
ok this seems to be related to  having a user name that exists, but is not correct.


say we have a domain user

xy01\bob.smith

and we enter that format:

we get
"an error occurred , you are not authorized to perform this action
"server error message:"
"no contact information is stored for this user. resetting the password is not possible"



BUT if we now enter the user:
"bob.smith".. THEN the error message is thrown.

so it seems if you can get a partial match, then you can cause the error
Comment 3 Telirand 2020-09-23 07:56:14 CEST 
ok this seems to be related to  having a user name that exists, but is not correct.


say we have a domain user

xy01\bob.smith

and we enter that format:


xy01\bob.smith

we get
"an error occurred , you are not authorized to perform this action
"server error message:"
"no contact information is stored for this user. resetting the password is not possible"



BUT if we now enter the user:
"bob.smith".. THEN the error message is thrown.

so it seems if you can get a partial match, then you can cause the error
Comment 4 Christian Castens univentionstaff 2021-01-26 15:00:06 CET 
reported again:
Version: 4.4-6 errata780 (Blumenthal)

Remark: just sort it out......

also you cannot send this "message" about a fault unless yuo are already logged into the system

so there are atleast TWO bugs in this.....
Comment 5 Telirand 2021-01-27 01:58:02 CET 
It NEVER went away, just did not get dealt with.
First Last Prev Next    This bug is not in your last search results.