Ticket #10134 (closed defect: fixed)

Opened 11 months ago

Last modified 5 months ago

httpauth login throws traceback

Reported by: tekknokrat Assigned to: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: traceback recursion httpauth loginform
Cc: gunnar_thielebein@gmx.net, rjollos Trac Release: 0.11

Description

Current trunk throws a traceback like attached if a wrong password is supplied.

Attachments

traceback.log (81.4 kB) - added by tekknokrat on 07/04/12 11:02:10.
20120705_acctmgr_http-auth_t10134.patch (1.8 kB) - added by hasienda on 07/05/12 02:36:37.
split basic and digest authentication attempts to prevent recusion from second to previous method

Change History

07/04/12 11:02:10 changed by tekknokrat

  • attachment traceback.log added.

07/04/12 11:06:53 changed by tekknokrat

Btw. everythings fine with a correct password given. Configuration snippets of my setup...

apache2 config: 

  <Location /trac>                                                              
     SetHandler mod_python                                                      
     PythonInterpreter main_interpreter                                         
     PythonHandler trac.web.modpython_frontend                                  
     # PythonOption TracEnvParentDir /var/trac                                  
     PythonOption TracUriRoot /trac                                             
     PythonOption TracEnv /var/trac/test                                 
     PythonOption TracLocale en_US.UTF8                                         
     PythonOption PYTHON_EGG_CACHE /var/trac/tmp                                
     Order allow,deny                                                           
     Allow from all                                                             
  </Location>

trac.ini: 

[account-manager]                                                               
authentication_url = /http_auth                                                 
password_store = HttpAuthStore   
...
[components]                                                                    
acct_mgr.admin.accountmanageradminpages = enabled                               
acct_mgr.api.accountmanager = enabled                                           
acct_mgr.http.HttpAuthStore = enabled                                           
acct_mgr.web_ui.loginmodule = enabled                                           
trac.web.auth.loginmodule = disabled                                            
tracfullblog.admin.fullblogadminpanel = enabled                                 
tracfullblog.core.fullblogcore = enabled                                        
tracfullblog.db.fullblogsetup = enabled                                         
tracfullblog.macros.bloglistmacro = enabled                                     
tracfullblog.web_ui.fullblogmodule = enabled                                    
tractab.tractab.tractab = enabled                                               
tractags.api.tagsystem = enabled                                                
tractags.macros.listtaggedmacro = enabled                                       
tractags.macros.tagcloudmacro = enabled                                         
tractags.model.tagmodelprovider = enabled                                       
tractags.ticket.tickettagprovider = enabled                                     
tractags.web_ui.tagrequesthandler = enabled                                     
tractags.web_ui.tagtemplateprovider = enabled                                   
tractags.wiki.tagwikisyntaxprovider = enabled                                   
tractags.wiki.wikitaginterface = enabled                                        
tractags.wiki.wikitagprovider = enabled                                         
tracwysiwyg.templateprovider = enabled                                          
tracwysiwyg.wysiwygwikifilter = enabled

07/05/12 02:14:28 changed by hasienda

What I see from your traceback is an recursion in urllib2.

Maybe there is something wrong in the way we call both, simple and digest auth handlers at once. The HTTP401 on digest authentication seems to recall the previous request to basic auth, so it could help to call them in separate try..catch parts. Although I'm not sure how such a grave bug should have survived more than 6 years since the initial implementation in r1534.

Any more insights how your (web server) configuration could be different from many others?

07/05/12 02:36:37 changed by hasienda

  • attachment 20120705_acctmgr_http-auth_t10134.patch added.

split basic and digest authentication attempts to prevent recusion from second to previous method

07/05/12 02:42:06 changed by hasienda

Try this patch please, even if it looks like a clumsy solution and probably could be coded more elegant.

12/04/12 23:05:29 changed by hasienda

  • priority changed from normal to low.
  • cc changed from gunnar_thielebein@gmx.net to gunnar_thielebein@gmx.net, rjollos.
  • keywords changed from traceback recursion httpauth loginform to needinfo traceback recursion httpauth loginform.

Ping.

Not often, that you get a patch within a day after the report, but no feedback afterwards, even not after half a year by now. That's really a disappointment to me.

Anyone remaining interested in fixing this issue? It's unreasonable to assume, that I'll push code I've provided for good, but can't verify on my own. Even if the issue meanwhile has been resolved by other means, it would be fair at minimum to tell it to me.

Drop a comment, please, or I'll certainly drop the issue.

12/05/12 13:51:32 changed by jun66j5

According to http://bugs.python.org/issue8797, it seems the Python issue. Also, Bitten has the same issue and has fixed in bitten:changeset:974. See bitten:ticket:658.

But I couldn't reproduce it....

12/06/12 00:41:23 changed by hasienda

  • priority changed from low to normal.
  • keywords changed from needinfo traceback recursion httpauth loginform to traceback recursion httpauth loginform.

Wonderful, thanks Jun.

That finally casts some light up-on the scenery. So this is a Python bug. Strange encounter, but you gave me valuable pointers, that I'll use to verify my interim solution.

12/06/12 23:39:15 changed by hasienda

(In [12408]) AccountManagerPlugin: Use own HTTPBasicAuthHandler under Python 2.6 to avoid recursion in urllib2 (http://bugs.python.org/issue8797), refs #10134.

Special thanks to Jun Omae for pointing at hodgestar's changes to fix this issue for Bitten (bitten:r974).

12/06/12 23:40:11 changed by hasienda

Test feedback would be much appreciated.

12/26/12 22:22:18 changed by hasienda

  • status changed from new to closed.
  • resolution set to fixed.

(In [12482]) AccountManagerPlugin: Publish maintenance release 0.4.1, closes #5964, #8545, #10134, #10625, #10700 and #10701.

This is an update for current stable acct_mgr-0.4 with a number of fixes for issues resolved within the last weeks, i.e.:

  • a final fix for Single-Sign-On functionality (refs #9676),
  • a long-standing HttpAuth? login issue and
  • one for acct_mgr.LoginModule, that is relevant if used with web-servers, that evaluate the REMOTE_USER environment variable.

Changeset [12468] is included, that may require a Trac db fix-up. Run python ./contrib/fix-session_attribute-failed_logins.py <env> once on any Trac environment, that had account locking enabled with time constraints before.

Add/Change #10134 (httpauth login throws traceback)




Change Properties
Action