Univention Bugzilla – Bug 25196
Absturz des UMC-Servers bei speziellem Operationset
Last modified: 2014-09-11 15:06:31 CEST
Mit dem Operationset command=*, flavor=d* und nach Zuweisung des Sets über eine spezielle Richtlinie für einen Benutzer, stürtzt der UMC-Server bei der Anmeldung des Benutzers scheinbar ab. Das ist derzeit nicht relevant.
passiert auch, wenn operation ',,' enthält: >>> import univention.management.console.acl as acl >>> a = acl.ACLs() >>> a._ACLs__parse_command(':,,') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/pymodules/python2.6/univention/management/console/acl.py", line 196, in __parse_command elif elem[ 0 ] == '!': # key without value allowed if starting with ! -> key may not exist IndexError: string index out of range
@Alex: Could you please prepare a patch for this behaviour and attach it to this bug?
see patch: - typos like ',,' will be ignored and a message will be written in the log - the script now checks if flavor2 is set if the name of flavor1 ends with a *
Created attachment 5936 [details] fixed the ',,'- and 'foobar*'-problem see patch: - typos like ',,' will be ignored and a message will be written in the log - the script now checks if flavor2 is set if the name of flavor1 ends with a *
Comment on attachment 5936 [details] fixed the ',,'- and 'foobar*'-problem FYI: > string.find('foo') != -1 is oldschool python. It is nicer to use > 'foo' (not) in string Also the line > elif elem[ 0 ] == '!': could just be replaced by > elif elem.startswith('!'): so that the other check before is not necessary.
Created attachment 5946 [details] updated the patch to include the hints
Created attachment 5947 [details] updated 2 lines
Patch looks good to me. Could you please prepare it as erratum?
Added patch to svn and adapted YAML file. Package has been build. univention-management-console (6.0.25-1) * Bug #25196: UMC-Server won't die cause of operationsets
Note that you increased the wrong package version: 6.0.25-1 should be 6.0.24-7! On my dev system, I get the following traceback, probably related to this bug? > File "/usr/sbin/univention-management-console-server", line 209, in <module> > umc_daemon.do_action() > File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 186, in do_action > func(self) > File "/usr/sbin/univention-management-console-server", line 142, in _restart > self._start() > File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 131, in _start > self.app.run() > File "/usr/sbin/univention-management-console-server", line 192, in run > notifier.loop() > File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 284, in loop > step() > File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 271, in step > not __sockets[ cond ][ fd ]( sock_obj ): > File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 165, in _receive > self._handle( state, msg ) > File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 279, in _handle > state.processor = Processor( *state.credentials() ) > File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 226, in __init__ > self._reload_acls_and_permitted_commands() > File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 232, in _reload_acls_and_permitted_commands > self.__command_list = moduleManager.permitted_commands(ucr['hostname'], self.acls) > File "/usr/lib/pymodules/python2.6/univention/management/console/module.py", line 400, in permitted_commands > if acls.is_command_allowed( command, hostname, flavor = flavor.id ): > File "/usr/lib/pymodules/python2.6/univention/management/console/acl.py", line 276, in is_command_allowed > return self._is_allowed( filter( lambda x: x.fromUser == False, self.acls ), command, hostname, options, flavor ) or \ > File "/usr/lib/pymodules/python2.6/univention/management/console/acl.py", line 252, in _is_allowed > match = self.__command_match( rule.command, command ) > File "/usr/lib/pymodules/python2.6/univention/management/console/acl.py", line 228, in __command_match > if cmd1[ -1 ] == '*' and cmd2.startswith( cmd1[ : -1 ] ): > IndexError: string index out of range
Created attachment 5960 [details] Correct traceback I attached a little patch that avoids the traceback by using endswith(). Afterwards, the user Administrator did not have any modules accessible on UMC. I reverted the usage of the method partition. In this case it is better to avoid this cleanup, as it might change the current behaviour (as it did now).
Fixed chanlog and yaml. Package has been build. Changes: univention-management-console (6.0.24-7) * Bug #25196: UMC-Server won't die cause of operationsets
The changes look fine now. I could not produce an ACL parse error anymore. YAML file → I adapted the entry to the following text (note that "don't"/"won't" is common speech): > * The UMC server parses operation set strings more carefully now to avoid > server crashes. → VERIFIED
http://errata.univention.de/ucs/3.2/159.html