[ mailman-Patches-869644 ] Fix: Error accessing priv. roster/arch
w/ non-member address
SourceForge.net
noreply at sourceforge.net
Sat Jan 3 08:02:16 EST 2004
Patches item #869644, was opened at 2004-01-03 00:45
Message generated for change (Comment added) made by berndts
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=869644&group_id=103
Category: Web UI
Group: Mailman 2.1
Status: Closed
Resolution: Accepted
Priority: 5
Submitted By: Stephan Berndts (berndts)
Assigned to: Barry A. Warsaw (bwarsaw)
Summary: Fix: Error accessing priv. roster/arch w/ non-member address
Initial Comment:
Mailman 2.1.4 is producing a bug if one tries to login to a private
roster or archive with an email address which is not a member of
the respective mailing list.
This patch solves the problem.
----------------------------------------------------------------------
>Comment By: Stephan Berndts (berndts)
Date: 2004-01-03 14:02
Message:
Logged In: YES
user_id=129854
I should have included a traceback -- sorry.
The error occurs even if you already have a Mailman cookie for another
mailing list and try to login to a private roster/ archive afterwards. (With
another address?)
The linenumbers may differ from a fresh Mailman 2.1.4 installation as I
applied some patches.
Traceback (most recent call last):
File "/usr/local/mailman/scripts/driver", line 87, in run_main
main()
File "/usr/local/mailman/Mailman/Cgi/private.py", line 141, in main
password, username):
File "/usr/local/mailman/Mailman/SecurityManager.py", line 220, in
WebAuthenticate
ok = self.CheckCookie(ac, user)
File "/usr/local/mailman/Mailman/SecurityManager.py", line 300, in
CheckCookie
ok = self.__checkone(c, authcontext, user)
File "/usr/local/mailman/Mailman/SecurityManager.py", line 311, in
__checkone
key, secret = self.AuthContextInfo(authcontext, user)
File "/usr/local/mailman/Mailman/SecurityManager.py", line 105, in
AuthContextInfo
secret = self.getMemberPassword(user)
File "/usr/local/mailman/Mailman/OldStyleMemberships.py", line 102, in
getMemberPassword
raise Errors.NotAMemberError, member
NotAMemberError: someaddress
----------------------------------------------------------------------
Comment By: Barry A. Warsaw (bwarsaw)
Date: 2004-01-03 02:15
Message:
Logged In: YES
user_id=12800
Someone I downloaded an older SecurityManager.py.patch. I
grabbed it again and now see what you're talking about.
Here's one way the bug can be manifest: if you were a member
when you logged in to read the archives, but got
subsequently removed before your cookie expired (i.e. your
browser exited). Is there another way this crash can happen?
----------------------------------------------------------------------
Comment By: Stephan Berndts (berndts)
Date: 2004-01-03 01:09
Message:
Logged In: YES
user_id=129854
That's a completely different position in the file!? I am in function
__checkone, not in Authenticate.
Your comment does not match my patch :)
----------------------------------------------------------------------
Comment By: Barry A. Warsaw (bwarsaw)
Date: 2004-01-03 01:02
Message:
Logged In: YES
user_id=12800
Are you sure you're looking at version 2.20.2.2 of
SecurityManager.py? Here's what the AuthUser clause looks like:
elif ac == mm_cfg.AuthUser:
if user is not None:
try:
if self.authenticateMember(user,
response):
return ac
except Errors.NotAMemberError:
pass
This doesn't match patch the patch, so I'm wondering if your
files are out of date?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=869644&group_id=103
More information about the Mailman-coders
mailing list