Modify

Opened 12 years ago

Closed 12 years ago

#10134 closed defect (fixed)

httpauth login throws traceback

Reported by: tekknokrat Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: traceback recursion httpauth loginform
Cc: tekknokrat, Ryan J Ollos Trac Release: 0.11

Description

Current trunk throws a traceback like attached if a wrong password is supplied.

Attachments (2)

traceback.log (81.4 KB) - added by tekknokrat 12 years ago.
20120705_acctmgr_http-auth_t10134.patch (1.8 KB) - added by Steffen Hoffmann 12 years ago.
split basic and digest authentication attempts to prevent recusion from second to previous method

Download all attachments as: .zip

Change History (11)

Changed 12 years ago by tekknokrat

Attachment: traceback.log added

comment:1 Changed 12 years ago by tekknokrat

Btw. everythings fine with a correct password given. Configuration snippets of my setup...

apache2 config:

  <Location /trac>                                                              
     SetHandler mod_python                                                      
     PythonInterpreter main_interpreter                                         
     PythonHandler trac.web.modpython_frontend                                  
     # PythonOption TracEnvParentDir /var/trac                                  
     PythonOption TracUriRoot /trac                                             
     PythonOption TracEnv /var/trac/test                                 
     PythonOption TracLocale en_US.UTF8                                         
     PythonOption PYTHON_EGG_CACHE /var/trac/tmp                                
     Order allow,deny                                                           
     Allow from all                                                             
  </Location>    

trac.ini:

[account-manager]                                                               
authentication_url = /http_auth                                                 
password_store = HttpAuthStore   
...
[components]                                                                    
acct_mgr.admin.accountmanageradminpages = enabled                               
acct_mgr.api.accountmanager = enabled                                           
acct_mgr.http.HttpAuthStore = enabled                                           
acct_mgr.web_ui.loginmodule = enabled                                           
trac.web.auth.loginmodule = disabled                                            
tracfullblog.admin.fullblogadminpanel = enabled                                 
tracfullblog.core.fullblogcore = enabled                                        
tracfullblog.db.fullblogsetup = enabled                                         
tracfullblog.macros.bloglistmacro = enabled                                     
tracfullblog.web_ui.fullblogmodule = enabled                                    
tractab.tractab.tractab = enabled                                               
tractags.api.tagsystem = enabled                                                
tractags.macros.listtaggedmacro = enabled                                       
tractags.macros.tagcloudmacro = enabled                                         
tractags.model.tagmodelprovider = enabled                                       
tractags.ticket.tickettagprovider = enabled                                     
tractags.web_ui.tagrequesthandler = enabled                                     
tractags.web_ui.tagtemplateprovider = enabled                                   
tractags.wiki.tagwikisyntaxprovider = enabled                                   
tractags.wiki.wikitaginterface = enabled                                        
tractags.wiki.wikitagprovider = enabled                                         
tracwysiwyg.templateprovider = enabled                                          
tracwysiwyg.wysiwygwikifilter = enabled                

comment:2 Changed 12 years ago by Steffen Hoffmann

What I see from your traceback is an recursion in urllib2.

Maybe there is something wrong in the way we call both, simple and digest auth handlers at once. The HTTP401 on digest authentication seems to recall the previous request to basic auth, so it could help to call them in separate try..catch parts. Although I'm not sure how such a grave bug should have survived more than 6 years since the initial implementation in r1534.

Any more insights how your (web server) configuration could be different from many others?

Changed 12 years ago by Steffen Hoffmann

split basic and digest authentication attempts to prevent recusion from second to previous method

comment:3 Changed 12 years ago by Steffen Hoffmann

Try this patch please, even if it looks like a clumsy solution and probably could be coded more elegant.

comment:4 Changed 12 years ago by Steffen Hoffmann

Cc: Ryan J Ollos added
Keywords: needinfo added
Priority: normallow

Ping.

Not often, that you get a patch within a day after the report, but no feedback afterwards, even not after half a year by now. That's really a disappointment to me.

Anyone remaining interested in fixing this issue? It's unreasonable to assume, that I'll push code I've provided for good, but can't verify on my own. Even if the issue meanwhile has been resolved by other means, it would be fair at minimum to tell it to me.

Drop a comment, please, or I'll certainly drop the issue.

comment:5 Changed 12 years ago by Jun Omae

According to http://bugs.python.org/issue8797, it seems the Python issue. Also, Bitten has the same issue and has fixed in bitten:changeset:974. See bitten:ticket:658.

But I couldn't reproduce it....

comment:6 Changed 12 years ago by Steffen Hoffmann

Keywords: needinfo removed
Priority: lownormal

Wonderful, thanks Jun.

That finally casts some light up-on the scenery. So this is a Python bug. Strange encounter, but you gave me valuable pointers, that I'll use to verify my interim solution.

comment:7 Changed 12 years ago by Steffen Hoffmann

(In [12408]) AccountManagerPlugin: Use own HTTPBasicAuthHandler under Python 2.6 to avoid recursion in urllib2 (http://bugs.python.org/issue8797), refs #10134.

Special thanks to Jun Omae for pointing at hodgestar's changes to fix this issue for Bitten (bitten:r974).

comment:8 Changed 12 years ago by Steffen Hoffmann

Test feedback would be much appreciated.

comment:9 Changed 12 years ago by Steffen Hoffmann

Resolution: fixed
Status: newclosed

(In [12482]) AccountManagerPlugin: Publish maintenance release 0.4.1, closes #5964, #8545, #10134, #10625, #10700 and #10701.

This is an update for current stable acct_mgr-0.4 with a number of fixes for issues resolved within the last weeks, i.e.:

  • a final fix for Single-Sign-On functionality (refs #9676),
  • a long-standing HttpAuth login issue and
  • one for acct_mgr.LoginModule, that is relevant if used with web-servers, that evaluate the REMOTE_USER environment variable.

Changeset [12468] is included, that may require a Trac db fix-up. Run python ./contrib/fix-session_attribute-failed_logins.py <env> once on any Trac environment, that had account locking enabled with time constraints before.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.