[ mailman-Patches-869644 ] Fix: Error accessing priv. roster/arch w/ non-member address

SourceForge.net noreply at sourceforge.net
Sat Jan 3 08:02:16 EST 2004


Patches item #869644, was opened at 2004-01-03 00:45
Message generated for change (Comment added) made by berndts
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=869644&group_id=103

Category: Web UI
Group: Mailman 2.1
Status: Closed
Resolution: Accepted
Priority: 5
Submitted By: Stephan Berndts (berndts)
Assigned to: Barry A. Warsaw (bwarsaw)
Summary: Fix: Error accessing priv. roster/arch w/ non-member address

Initial Comment:
Mailman 2.1.4 is producing a bug if one tries to login to a private 
roster or archive with an email address which is not a member of 
the respective mailing list.

This patch solves the problem.

----------------------------------------------------------------------

>Comment By: Stephan Berndts (berndts)
Date: 2004-01-03 14:02

Message:
Logged In: YES 
user_id=129854

I should have included a traceback -- sorry.

The error occurs even if you already have a Mailman cookie for another 
mailing list and try to login to a private roster/ archive afterwards. (With 
another address?)

The linenumbers may differ from a fresh Mailman 2.1.4 installation as I 
applied some patches.

Traceback (most recent call last):
  File "/usr/local/mailman/scripts/driver", line 87, in run_main
    main()
  File "/usr/local/mailman/Mailman/Cgi/private.py", line 141, in main
    password, username):
  File "/usr/local/mailman/Mailman/SecurityManager.py", line 220, in 
WebAuthenticate
    ok = self.CheckCookie(ac, user)
  File "/usr/local/mailman/Mailman/SecurityManager.py", line 300, in 
CheckCookie
    ok = self.__checkone(c, authcontext, user)
  File "/usr/local/mailman/Mailman/SecurityManager.py", line 311, in 
__checkone
    key, secret = self.AuthContextInfo(authcontext, user)
  File "/usr/local/mailman/Mailman/SecurityManager.py", line 105, in 
AuthContextInfo
    secret = self.getMemberPassword(user)
  File "/usr/local/mailman/Mailman/OldStyleMemberships.py", line 102, in 
getMemberPassword
    raise Errors.NotAMemberError, member
NotAMemberError: someaddress

----------------------------------------------------------------------

Comment By: Barry A. Warsaw (bwarsaw)
Date: 2004-01-03 02:15

Message:
Logged In: YES 
user_id=12800

Someone I downloaded an older SecurityManager.py.patch.  I
grabbed it again and now see what you're talking about. 
Here's one way the bug can be manifest: if you were a member
when you logged in to read the archives, but got
subsequently removed before your cookie expired (i.e. your
browser exited).  Is there another way this crash can happen?

----------------------------------------------------------------------

Comment By: Stephan Berndts (berndts)
Date: 2004-01-03 01:09

Message:
Logged In: YES 
user_id=129854

That's a completely different position in the file!? I am in function 
__checkone, not in Authenticate.
Your comment does not match my patch :)

----------------------------------------------------------------------

Comment By: Barry A. Warsaw (bwarsaw)
Date: 2004-01-03 01:02

Message:
Logged In: YES 
user_id=12800

Are you sure you're looking at version 2.20.2.2 of
SecurityManager.py?  Here's what the AuthUser clause looks like:

            elif ac == mm_cfg.AuthUser:
                if user is not None:
                    try:
                        if self.authenticateMember(user,
response):
                            return ac
                    except Errors.NotAMemberError:
                        pass

This doesn't match patch the patch, so I'm wondering if your
files are out of date?


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=869644&group_id=103



More information about the Mailman-coders mailing list