Bug 25196 - Absturz des UMC-Servers bei speziellem Operationset
Absturz des UMC-Servers bei speziellem Operationset
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 3.0
Other Linux
: P5 normal (vote)
: UCS 3.2-2-errata
Assigned To: Alexander Kramer
Alexander Kläser
:
Depends on:
Blocks: 35912
  Show dependency treegraph
 
Reported: 2011-12-05 17:47 CET by Alexander Kläser
Modified: 2014-09-11 15:06 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Cleanup, Error handling
Max CVSS v3 score:
klaeser: Patch_Available+


Attachments
fixed the ',,'- and 'foobar*'-problem (868 bytes, patch)
2014-06-04 13:27 CEST, Alexander Kramer
Details | Diff
updated the patch to include the hints (2.07 KB, patch)
2014-06-10 15:29 CEST, Alexander Kramer
Details | Diff
updated 2 lines (2.08 KB, patch)
2014-06-10 16:00 CEST, Alexander Kramer
Details | Diff
Correct traceback (795 bytes, patch)
2014-06-13 16:43 CEST, Alexander Kläser
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Kläser univentionstaff 2011-12-05 17:47:31 CET
Mit dem Operationset command=*, flavor=d* und nach Zuweisung des Sets über eine spezielle Richtlinie für einen Benutzer, stürtzt der UMC-Server bei der Anmeldung des Benutzers scheinbar ab. Das ist derzeit nicht relevant.
Comment 1 Florian Best univentionstaff 2013-04-04 12:38:05 CEST
passiert auch, wenn operation ',,' enthält:

>>> import univention.management.console.acl as acl
>>> a = acl.ACLs()
>>> a._ACLs__parse_command(':,,')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/pymodules/python2.6/univention/management/console/acl.py", line 196, in __parse_command
    elif elem[ 0 ] == '!': # key without value allowed if starting with ! -> key may not exist
IndexError: string index out of range
Comment 2 Alexander Kläser univentionstaff 2014-06-03 09:46:54 CEST
@Alex: Could you please prepare a patch for this behaviour and attach it to this bug?
Comment 3 Alexander Kramer univentionstaff 2014-06-04 13:24:57 CEST
see patch:
- typos like ',,' will be ignored and a message will be written in the log
- the script now checks if flavor2 is set if the name of flavor1 ends with a *
Comment 4 Alexander Kramer univentionstaff 2014-06-04 13:27:11 CEST
Created attachment 5936 [details]
fixed the ',,'- and 'foobar*'-problem

see patch:
- typos like ',,' will be ignored and a message will be written in the log
- the script now checks if flavor2 is set if the name of flavor1 ends with a *
Comment 5 Florian Best univentionstaff 2014-06-05 16:09:03 CEST
Comment on attachment 5936 [details]
fixed the ',,'- and 'foobar*'-problem

FYI:
> string.find('foo') != -1
is oldschool python. It is nicer to use 
> 'foo' (not) in string

Also the line 
> elif elem[ 0 ] == '!':
could just be replaced by
> elif elem.startswith('!'):
so that the other check before is not necessary.
Comment 6 Alexander Kramer univentionstaff 2014-06-10 15:29:15 CEST
Created attachment 5946 [details]
updated the patch to include the hints
Comment 7 Alexander Kramer univentionstaff 2014-06-10 16:00:20 CEST
Created attachment 5947 [details]
updated 2 lines
Comment 8 Alexander Kläser univentionstaff 2014-06-11 14:12:44 CEST
Patch looks good to me. Could you please prepare it as erratum?
Comment 9 Alexander Kramer univentionstaff 2014-06-13 15:00:31 CEST
Added patch to svn and adapted YAML file.
Package has been build.

univention-management-console (6.0.25-1)
   * Bug #25196: UMC-Server won't die cause of operationsets
Comment 10 Alexander Kläser univentionstaff 2014-06-13 16:15:20 CEST
Note that you increased the wrong package version: 6.0.25-1 should be 6.0.24-7!

On my dev system, I get the following traceback, probably related to this bug?

>  File "/usr/sbin/univention-management-console-server", line 209, in <module>
>    umc_daemon.do_action()
>  File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 186, in do_action
>    func(self)
>  File "/usr/sbin/univention-management-console-server", line 142, in _restart
>    self._start()
>  File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 131, in _start
>    self.app.run()
>  File "/usr/sbin/univention-management-console-server", line 192, in run
>    notifier.loop()
>  File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 284, in loop
>    step()
>  File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 271, in step
>    not __sockets[ cond ][ fd ]( sock_obj ):
>  File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 165, in _receive
>    self._handle( state, msg )
>  File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 279, in _handle
>    state.processor = Processor( *state.credentials() )
>  File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 226, in __init__
>    self._reload_acls_and_permitted_commands()
>  File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 232, in _reload_acls_and_permitted_commands
>    self.__command_list = moduleManager.permitted_commands(ucr['hostname'], self.acls)
>  File "/usr/lib/pymodules/python2.6/univention/management/console/module.py", line 400, in permitted_commands
>    if acls.is_command_allowed( command, hostname, flavor = flavor.id ):
>  File "/usr/lib/pymodules/python2.6/univention/management/console/acl.py", line 276, in is_command_allowed
>    return self._is_allowed( filter( lambda x: x.fromUser == False, self.acls ), command, hostname, options, flavor ) or \
>  File "/usr/lib/pymodules/python2.6/univention/management/console/acl.py", line 252, in _is_allowed
>    match = self.__command_match( rule.command, command )
>  File "/usr/lib/pymodules/python2.6/univention/management/console/acl.py", line 228, in __command_match
>    if cmd1[ -1 ] == '*' and cmd2.startswith( cmd1[ : -1 ] ):
> IndexError: string index out of range
Comment 11 Alexander Kläser univentionstaff 2014-06-13 16:43:03 CEST
Created attachment 5960 [details]
Correct traceback

I attached a little patch that avoids the traceback by using endswith(). Afterwards, the user Administrator did not have any modules accessible on UMC. I reverted the usage of the method partition. In this case it is better to avoid this cleanup, as it might change the current behaviour (as it did now).
Comment 12 Alexander Kramer univentionstaff 2014-06-19 17:05:28 CEST
Fixed chanlog and yaml.
Package has been build.

Changes: 


 univention-management-console (6.0.24-7)
   * Bug #25196: UMC-Server won't die cause of operationsets
Comment 13 Alexander Kläser univentionstaff 2014-07-09 18:39:16 CEST
The changes look fine now. I could not produce an ACL parse error anymore.

YAML file → I adapted the entry to the following text (note that "don't"/"won't" is common speech):

> * The UMC server parses operation set strings more carefully now to avoid 
>   server crashes.

→ VERIFIED
Comment 14 Janek Walkenhorst univentionstaff 2014-08-07 17:42:28 CEST
http://errata.univention.de/ucs/3.2/159.html