Univention Bugzilla – Bug 56938
Code 502 when opening "Passwords (teachers)" in UMC, ModuleProcess: child 4622 (schoolusers) exited with -6 (SIGABRT)
Last modified: 2024-01-17 14:03:11 CET
Created attachment 11168 [details] screenshot showing the 502 error Schooladmins get status code 502 when they try to open "Passwords (teachers)" in UMC and are not able to reset passwords of teachers. After clicking OK, only an empty list appears. Please see the attached screenshot with the error message: "An unknown error with status code 502 occurred while connecting to the server, please try again later." The management-console-server.log (debug-level 4) shows this: 22.12.23 18:59:34.694 MAIN ( ALL ) : reset_timeout(): new session expiration in 28799 seconds 22.12.23 18:59:34.700 MAIN ( ALL ) : reset_timeout(): new session expiration in 28799 seconds 22.12.23 18:59:34.700 MAIN ( ALL ) : reset_timeout(): new session expiration in 28799 seconds 22.12.23 18:59:34.702 RESOURCES ( INFO ) : Searching for module providing command schoolusers/schools 22.12.23 18:59:34.702 RESOURCES ( INFO ) : Found module schoolusers 22.12.23 18:59:34.702 MAIN ( INFO ) : Checking ACLs for schoolusers/schools (schoolusers) 22.12.23 18:59:34.706 MAIN ( INFO ) : Starting new module process schoolusers 22.12.23 18:59:34.707 MAIN ( PROCESS ) : running: /usr/bin/python3 /usr/sbin/univention-management-console-module -m schoolusers -s /run/univention-management-console/4578-schoolusers-1703267974707-3fbcaae2-1c3e-4fa5-.socket -d 4 -l en_US.UTF-8 22.12.23 18:59:34.716 MAIN ( INFO ) : Passing request to module schoolusers 22.12.23 18:59:35.523 MAIN ( ALL ) : Received response 200 22.12.23 18:59:35.578 MAIN ( ALL ) : reset_timeout(): new session expiration in 28799 seconds 22.12.23 18:59:35.579 RESOURCES ( INFO ) : Searching for module providing command schoolusers/groups 22.12.23 18:59:35.579 RESOURCES ( INFO ) : Found module schoolusers 22.12.23 18:59:35.579 MAIN ( INFO ) : Checking ACLs for schoolusers/groups (schoolusers) 22.12.23 18:59:35.583 MAIN ( INFO ) : Passing request to module schoolusers 22.12.23 18:59:35.593 MAIN ( ALL ) : Received response 200 22.12.23 18:59:35.658 MAIN ( ALL ) : reset_timeout(): new session expiration in 28799 seconds 22.12.23 18:59:35.659 RESOURCES ( INFO ) : Searching for module providing command schoolusers/query 22.12.23 18:59:35.659 RESOURCES ( INFO ) : Found module schoolusers 22.12.23 18:59:35.659 MAIN ( INFO ) : Checking ACLs for schoolusers/query (schoolusers) 22.12.23 18:59:35.664 MAIN ( INFO ) : Passing request to module schoolusers 22.12.23 18:59:35.686 MAIN ( PROCESS ) : ModuleProcess: child 4622 (schoolusers) exited with -6 (SIGABRT) 22.12.23 18:59:35.686 MAIN ( WARN ) : Reaching module failed: HTTP 599: Unknown 22.12.23 18:59:35 ERROR ( 4578) : 502 POST /univention/command/schoolusers/query (127.0.0.1) 31.91ms The error is reproducible with: UCS: 5.0-6 errata904 Installed: cups=2.2.1 samba4=4.16 squid=3.5 ucsschool=5.0 v4 4.4/ucsschool-veyon-proxy=4.7.4.14-0 Upgradable:
The "free(): double free detected in tcache 2" is a bug in the C-library. That is very problematic and should be communicated upstream. But it can be avoided by using the library correctly. The "attr" argument tells the LDAP library & server which attributes should be included in the return list. It is supposed to be a list of strings, not a dictionary! It should look like this: ``` attr = ['uid', 'givenName', 'sn'] ``` Please try the above code with this "attr" argument.
Yeah, I see it now - it _is_ a regression due to the resolution of Bug #50231: https://git.knut.univention.de/univention/ucsschool/-/blob/993587c5fbbfdabdb6fe6446bce84d0907d40506/ucs-school-lib/modules/ucsschool/lib/school_umc_base.py#L371-387 The local variable `attr` gets overwritten by the loop... Patch: ``` diff --git a/ucs-school-lib/modules/ucsschool/lib/school_umc_base.py b/ucs-school-lib/modules/ucsschool/lib/school_umc_base.py index f51529ed4..13a127c1d 100644 --- a/ucs-school-lib/modules/ucsschool/lib/school_umc_base.py +++ b/ucs-school-lib/modules/ucsschool/lib/school_umc_base.py @@ -383,8 +383,8 @@ class SchoolBaseModule(Base): ) # Bug #50231 prevent crashing # previous list extend needs to be reformatted - for dn, attr in ldap_connection.search(filter=filter_s, attr=attr): - users.append({"dn": dn, "attrs": attr}) + for dn, _attr in ldap_connection.search(filter=filter_s, attr=attr): + users.append({"dn": dn, "attrs": _attr}) return user ```
It seems like there is a missing test that covers that branch. ... no actually, there is one: 04_ucs-school-reset-password-non-school-member.py Please check, why that test didn't trigger or detect the error in this bug report.
Fix has been merged and built: Package: ucs-school-lib Version: 13.0.43
Errata updates for UCS@school 5.0 v4 have been released. https://docs.software-univention.de/ucsschool-changelog/5.0v4/en/changelog.html https://docs.software-univention.de/ucsschool-changelog/5.0v4/de/changelog.html If this error occurs again, please clone this bug.
> The "free(): double free detected in tcache 2" is a bug in the C-library. > That is very problematic and should be communicated upstream. Reported the `python-ldap` C extension bug with https://github.com/python-ldap/python-ldap/issues/556 and provided a possible fix with https://github.com/python-ldap/python-ldap/pull/555 (In reply to Daniel Tröder from comment #3)
Another customer affected 2024010821000113
An other customer 2024011721000196 is affected