Univention Bugzilla – Bug 47106
The umcp client can only answer one authentication request at a time
Last modified: 2019-07-31 13:58:35 CEST
See bu 46870 comment 6 > I think I finally found the problem: > > After sending the auth command > univention-management-console-web-server:get_response() thinks that the > session timed out and sends a second auth request. (get_response was called > by the progress command). > > src/univention/management/console/protocol/client.py keeps track of one auth > requests with an id if a second auth request is called that id gets > overwritten. The first auth request now doesn't emit the 'authenticated' > signal because client.py only uses one auth_id. But > univention-management-console-web-server expects that signal before > answering the first auth command
Created attachment 9544 [details] Script to trigger the problem The problem may be triggered with the attached test script that has to be called on the affected system. It sends 500 auth requests with a delay of 0<=x<0.2 seconds. To improve the chance to trigger the problem, the following patch should be applied: --- a/management/univention-management-console/univention-management-console-web-server +++ b/management/univention-management-console/univention-management-console-web-server @@ -155,6 +155,7 @@ class SessionClient(object): self._auth_response.status = response.status self._auth_response.result = response.result self._auth_response.message = response.message + time.sleep(0.3) self._auth_response_queue.put(self._auth_response) # release queue object self._auth_response_queue = None
(In reply to Sönke Schwardt-Krummrich from comment #1) > To improve the chance to trigger the problem, the following patch should be > applied: No... your script goes against the UMC-Server... The UMC-Webserver is not involved, so the patch is not effective.
(In reply to Florian Best from comment #2) > (In reply to Sönke Schwardt-Krummrich from comment #1) > > To improve the chance to trigger the problem, the following patch should be > > applied: > No... your script goes against the UMC-Server... The UMC-Webserver is not > involved, so the patch is not effective. Oh sorry, it uses univention.lib.umc not umcp.client. Then it's valid. So in the bad case one have a forever hanging client, right? I assume it needs to be fixed in the umcp.Client. Started a branch: fbest/47106-47239-umc-webserver-client-hanging.
Created attachment 10138 [details] Patch for umc-web-server The patch in fbest/47106-47239-umc-webserver-client-hanging worked for me with some changes in the umc-web-server
univention-management-console (11.0.4-33) 3e46cf5abc1e | Bug #47106: pep8 fe1a20e46acc | Bug #47106: fix multiple parallel authentication requests in umcp.Client univention-management-console.yaml fe1a20e46acc | Bug #47106: fix multiple parallel authentication requests in umcp.Client
What I tested: Login with saml -> OK Login without saml -> OK @require_password decorator with saml -> OK Logout with saml -> OK Logout without saml -> OK Password change -> OK Can't reproduce comment 1 any more -> OK Can't reproduce problems hanging requests in the diagnostic module any more (these happened due to the fixes in bug 48002 and bug 49929, which triggered this bug) -> OK yaml -> OK
<http://errata.software-univention.de/ucs/4.4/203.html>