First Last Prev Next    This bug is not in your last search results.
Bug 47106 - The umcp client can only answer one authentication request at a time
The umcp client can only answer one authentication request at a time
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC (Generic)
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.4-1-errata
Assigned To: Florian Best
Jürn Brodersen
:
Depends on:
Blocks: 48002 49929
  Show dependency treegraph
 
Reported: 2018-05-30 16:24 CEST by Jürn Brodersen
Modified: 2019-07-31 13:58 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 7: Crash: Bug causes crash or data loss
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.120
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Script to trigger the problem (658 bytes, text/plain)
2018-05-30 16:51 CEST, Sönke Schwardt-Krummrich 		Details
Patch for umc-web-server (2.97 KB, patch)
2019-07-29 17:57 CEST, Jürn Brodersen 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jürn Brodersen univentionstaff 2018-05-30 16:24:18 CEST 
See bu 46870 comment 6

> I think I finally found the problem:
> 
> After sending the auth command
> univention-management-console-web-server:get_response() thinks that the
> session timed out and sends a second auth request. (get_response was called
> by the progress command).
> 
> src/univention/management/console/protocol/client.py keeps track of one auth
> requests with an id if a second auth request is called that id gets
> overwritten. The first auth request now doesn't emit the 'authenticated'
> signal because client.py only uses one auth_id. But
> univention-management-console-web-server expects that signal before
> answering the first auth command
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2018-05-30 16:51:20 CEST 
Created attachment 9544 [details]
Script to trigger the problem

The problem may be triggered with the attached test script that has to be called on the affected system. It sends 500 auth requests with a delay of 0<=x<0.2 seconds.
To improve the chance to trigger the problem, the following patch should be applied:

--- a/management/univention-management-console/univention-management-console-web-server
+++ b/management/univention-management-console/univention-management-console-web-server
@@ -155,6 +155,7 @@ class SessionClient(object):
 		self._auth_response.status = response.status
 		self._auth_response.result = response.result
 		self._auth_response.message = response.message
+		time.sleep(0.3)
 		self._auth_response_queue.put(self._auth_response)
 		# release queue object
 		self._auth_response_queue = None
Comment 2 Florian Best univentionstaff 2019-03-12 21:05:48 CET 
(In reply to Sönke Schwardt-Krummrich from comment #1)
> To improve the chance to trigger the problem, the following patch should be
> applied:
No... your script goes against the UMC-Server... The UMC-Webserver is not involved, so the patch is not effective.
Comment 3 Florian Best univentionstaff 2019-03-12 21:16:47 CET 
(In reply to Florian Best from comment #2)
> (In reply to Sönke Schwardt-Krummrich from comment #1)
> > To improve the chance to trigger the problem, the following patch should be
> > applied:
> No... your script goes against the UMC-Server... The UMC-Webserver is not
> involved, so the patch is not effective.
Oh sorry, it uses univention.lib.umc not umcp.client. Then it's valid.

So in the bad case one have a forever hanging client, right?
I assume it needs to be fixed in the umcp.Client.

Started a branch: fbest/47106-47239-umc-webserver-client-hanging.
Comment 4 Jürn Brodersen univentionstaff 2019-07-29 17:57:13 CEST 
Created attachment 10138 [details]
Patch for  umc-web-server

The patch in fbest/47106-47239-umc-webserver-client-hanging worked for me with some changes in the umc-web-server
Comment 5 Florian Best univentionstaff 2019-07-31 12:13:00 CEST 
univention-management-console (11.0.4-33)
3e46cf5abc1e | Bug #47106: pep8
fe1a20e46acc | Bug #47106: fix multiple parallel authentication requests in umcp.Client

univention-management-console.yaml
fe1a20e46acc | Bug #47106: fix multiple parallel authentication requests in umcp.Client
Comment 6 Jürn Brodersen univentionstaff 2019-07-31 12:18:26 CEST 
What I tested:
Login with saml -> OK
Login without saml -> OK
@require_password decorator with saml -> OK
Logout with saml -> OK
Logout without saml -> OK
Password change -> OK
Can't reproduce comment 1 any more -> OK
Can't reproduce problems hanging requests in the diagnostic module any more (these happened due to the fixes in bug 48002 and bug 49929, which triggered this bug)
 -> OK

yaml -> OK
Comment 7 Arvid Requate univentionstaff 2019-07-31 13:58:35 CEST 
<http://errata.software-univention.de/ucs/4.4/203.html>
First Last Prev Next    This bug is not in your last search results.