keystoneauth

Config parse error in ldap driver

Bug #2039255 reported by Axel Sündermann on 2023-10-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	keystoneauth	New	Undecided	Unassigned

Bug Description

The LDAP password contains a $, this causes keystone to crash with trying to find an option named like the characters after the $ in the password.

The LDAP user in our configuration has a password ending with $f, keystone crashes with:
oslo_config.cfg.NoSuchOptError: no such option f in group [DEFAULT]

Versions:

Ubuntu 22.04
Openstack 2023.1

Reproduce:

Configure a ldap password containing the character $ in keystone.conf or keystone.domain.conf

Full log output:

2023-10-13 07:37:50.860817 mod_wsgi (pid=30): Exception occurred processing WSGI script '/usr/bin/keystone-wsgi-public'.
2023-10-13 07:37:50.863592 Traceback (most recent call last):
2023-10-13 07:37:50.863611 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 3247, in __getitem__
2023-10-13 07:37:50.863614 value = self.conf._get(option, group=group,
2023-10-13 07:37:50.863616 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2653, in _get
2023-10-13 07:37:50.863618 value, loc = self._do_get(name, group, namespace)
2023-10-13 07:37:50.863620 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2671, in _do_get
2023-10-13 07:37:50.863621 info = self._get_opt_info(name, group)
2023-10-13 07:37:50.863623 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2876, in _get_opt_info
2023-10-13 07:37:50.863625 raise NoSuchOptError(opt_name, group)
2023-10-13 07:37:50.863632 oslo_config.cfg.NoSuchOptError: no such option f in group [ldap]
2023-10-13 07:37:50.863635
2023-10-13 07:37:50.863636 During handling of the above exception, another exception occurred:
2023-10-13 07:37:50.863638
2023-10-13 07:37:50.863640 Traceback (most recent call last):
2023-10-13 07:37:50.863785 File "/usr/lib/python3/dist-packages/flask/app.py", line 2548, in __call__
2023-10-13 07:37:50.863788 return self.wsgi_app(environ, start_response)
2023-10-13 07:37:50.863790 File "/usr/lib/python3/dist-packages/werkzeug/middleware/proxy_fix.py", line 187, in __call__
2023-10-13 07:37:50.863792 return self.app(environ, start_response)
2023-10-13 07:37:50.863794 File "/usr/lib/python3/dist-packages/webob/dec.py", line 129, in __call__
2023-10-13 07:37:50.863795 resp = self.call_func(req, *args, **kw)
2023-10-13 07:37:50.863797 File "/usr/lib/python3/dist-packages/webob/dec.py", line 193, in call_func
2023-10-13 07:37:50.863798 return self.func(req, *args, **kwargs)
2023-10-13 07:37:50.863800 File "/usr/lib/python3/dist-packages/oslo_middleware/base.py", line 124, in __call__
2023-10-13 07:37:50.863802 response = req.get_response(self.application)
2023-10-13 07:37:50.863804 File "/usr/lib/python3/dist-packages/webob/request.py", line 1313, in send
2023-10-13 07:37:50.863805 status, headers, app_iter = self.call_application(
2023-10-13 07:37:50.863807 File "/usr/lib/python3/dist-packages/webob/request.py", line 1278, in call_application
2023-10-13 07:37:50.863808 app_iter = application(self.environ, start_response)
2023-10-13 07:37:50.863810 File "/usr/lib/python3/dist-packages/webob/dec.py", line 143, in __call__
2023-10-13 07:37:50.863817 return resp(environ, start_response)
2023-10-13 07:37:50.863819 File "/usr/lib/python3/dist-packages/webob/dec.py", line 129, in __call__
2023-10-13 07:37:50.863821 resp = self.call_func(req, *args, **kw)
2023-10-13 07:37:50.863823 File "/usr/lib/python3/dist-packages/webob/dec.py", line 193, in call_func
2023-10-13 07:37:50.863824 return self.func(req, *args, **kwargs)
2023-10-13 07:37:50.863826 File "/usr/lib/python3/dist-packages/oslo_middleware/base.py", line 124, in __call__
2023-10-13 07:37:50.863827 response = req.get_response(self.application)
2023-10-13 07:37:50.863829 File "/usr/lib/python3/dist-packages/webob/request.py", line 1313, in send
2023-10-13 07:37:50.863830 status, headers, app_iter = self.call_application(
2023-10-13 07:37:50.863832 File "/usr/lib/python3/dist-packages/webob/request.py", line 1278, in call_application
2023-10-13 07:37:50.863834 app_iter = application(self.environ, start_response)
2023-10-13 07:37:50.863836 File "/usr/lib/python3/dist-packages/webob/dec.py", line 129, in __call__
2023-10-13 07:37:50.863837 resp = self.call_func(req, *args, **kw)
2023-10-13 07:37:50.863839 File "/usr/lib/python3/dist-packages/webob/dec.py", line 193, in call_func
2023-10-13 07:37:50.863840 return self.func(req, *args, **kwargs)
2023-10-13 07:37:50.863842 File "/usr/lib/python3/dist-packages/osprofiler/web.py", line 111, in __call__
2023-10-13 07:37:50.863843 return request.get_response(self.application)
2023-10-13 07:37:50.863846 File "/usr/lib/python3/dist-packages/webob/request.py", line 1313, in send
2023-10-13 07:37:50.863847 status, headers, app_iter = self.call_application(
2023-10-13 07:37:50.863849 File "/usr/lib/python3/dist-packages/webob/request.py", line 1278, in call_application
2023-10-13 07:37:50.863850 app_iter = application(self.environ, start_response)
2023-10-13 07:37:50.863852 File "/usr/lib/python3/dist-packages/webob/dec.py", line 129, in __call__
2023-10-13 07:37:50.863854 resp = self.call_func(req, *args, **kw)
2023-10-13 07:37:50.863855 File "/usr/lib/python3/dist-packages/webob/dec.py", line 193, in call_func
2023-10-13 07:37:50.863857 return self.func(req, *args, **kwargs)
2023-10-13 07:37:50.863859 File "/usr/lib/python3/dist-packages/oslo_middleware/request_id.py", line 58, in __call__
2023-10-13 07:37:50.863860 response = req.get_response(self.application)
2023-10-13 07:37:50.863862 File "/usr/lib/python3/dist-packages/webob/request.py", line 1313, in send
2023-10-13 07:37:50.863864 status, headers, app_iter = self.call_application(
2023-10-13 07:37:50.863866 File "/usr/lib/python3/dist-packages/webob/request.py", line 1278, in call_application
2023-10-13 07:37:50.863867 app_iter = application(self.environ, start_response)
2023-10-13 07:37:50.863869 File "/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/url_normalize.py", line 38, in __call__
2023-10-13 07:37:50.863870 return self.app(environ, start_response)
2023-10-13 07:37:50.863872 File "/usr/lib/python3/dist-packages/webob/dec.py", line 129, in __call__
2023-10-13 07:37:50.863874 resp = self.call_func(req, *args, **kw)
2023-10-13 07:37:50.863876 File "/usr/lib/python3/dist-packages/webob/dec.py", line 193, in call_func
2023-10-13 07:37:50.863877 return self.func(req, *args, **kwargs)
2023-10-13 07:37:50.863879 File "/usr/lib/python3/dist-packages/keystonemiddleware/auth_token/__init__.py", line 340, in __call__
2023-10-13 07:37:50.863880 response = req.get_response(self._app)
2023-10-13 07:37:50.863882 File "/usr/lib/python3/dist-packages/webob/request.py", line 1313, in send
2023-10-13 07:37:50.863884 status, headers, app_iter = self.call_application(
2023-10-13 07:37:50.863886 File "/usr/lib/python3/dist-packages/webob/request.py", line 1278, in call_application
2023-10-13 07:37:50.863887 app_iter = application(self.environ, start_response)
2023-10-13 07:37:50.863889 File "/usr/lib/python3/dist-packages/werkzeug/middleware/dispatcher.py", line 78, in __call__
2023-10-13 07:37:50.863892 return app(environ, start_response)
2023-10-13 07:37:50.863895 File "/usr/lib/python3/dist-packages/flask/app.py", line 2528, in wsgi_app
2023-10-13 07:37:50.863896 response = self.handle_exception(e)
2023-10-13 07:37:50.863898 File "/usr/lib/python3/dist-packages/flask_restful/__init__.py", line 271, in error_router
2023-10-13 07:37:50.863899 return original_handler(e)
2023-10-13 07:37:50.863901 File "/usr/lib/python3/dist-packages/flask_restful/__init__.py", line 271, in error_router
2023-10-13 07:37:50.863902 return original_handler(e)
2023-10-13 07:37:50.863904 File "/usr/lib/python3/dist-packages/flask_restful/__init__.py", line 271, in error_router
2023-10-13 07:37:50.863906 return original_handler(e)
2023-10-13 07:37:50.863908 [Previous line repeated 28 more times]
2023-10-13 07:37:50.863910 File "/usr/lib/python3/dist-packages/flask/app.py", line 2525, in wsgi_app
2023-10-13 07:37:50.863911 response = self.full_dispatch_request()
2023-10-13 07:37:50.863913 File "/usr/lib/python3/dist-packages/flask/app.py", line 1822, in full_dispatch_request
2023-10-13 07:37:50.863914 rv = self.handle_user_exception(e)
2023-10-13 07:37:50.863916 File "/usr/lib/python3/dist-packages/flask_restful/__init__.py", line 271, in error_router
2023-10-13 07:37:50.863918 return original_handler(e)
2023-10-13 07:37:50.863920 File "/usr/lib/python3/dist-packages/flask_restful/__init__.py", line 271, in error_router
2023-10-13 07:37:50.863921 return original_handler(e)
2023-10-13 07:37:50.863923 File "/usr/lib/python3/dist-packages/flask_restful/__init__.py", line 271, in error_router
2023-10-13 07:37:50.863924 return original_handler(e)
2023-10-13 07:37:50.863926 [Previous line repeated 28 more times]
2023-10-13 07:37:50.863928 File "/usr/lib/python3/dist-packages/flask/app.py", line 1820, in full_dispatch_request
2023-10-13 07:37:50.863930 rv = self.dispatch_request()
2023-10-13 07:37:50.863932 File "/usr/lib/python3/dist-packages/flask/app.py", line 1796, in dispatch_request
2023-10-13 07:37:50.863933 return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
2023-10-13 07:37:50.863935 File "/usr/lib/python3/dist-packages/flask_restful/__init__.py", line 467, in wrapper
2023-10-13 07:37:50.863936 resp = resource(*args, **kwargs)
2023-10-13 07:37:50.863938 File "/usr/lib/python3/dist-packages/flask/views.py", line 107, in view
2023-10-13 07:37:50.863940 return current_app.ensure_sync(self.dispatch_request)(**kwargs)
2023-10-13 07:37:50.863942 File "/usr/lib/python3/dist-packages/flask_restful/__init__.py", line 582, in dispatch_request
2023-10-13 07:37:50.863943 resp = meth(*args, **kwargs)
2023-10-13 07:37:50.863945 File "/usr/lib/python3/dist-packages/keystone/server/flask/common.py", line 1064, in wrapper
2023-10-13 07:37:50.863946 return f(*args, **kwargs)
2023-10-13 07:37:50.863948 File "/usr/lib/python3/dist-packages/keystone/api/auth.py", line 315, in post
2023-10-13 07:37:50.863950 token = authentication.authenticate_for_token(auth_data)
2023-10-13 07:37:50.863952 File "/usr/lib/python3/dist-packages/keystone/api/_shared/authentication.py", line 185, in authenticate_for_token
2023-10-13 07:37:50.863953 authenticate(auth_info, auth_context)
2023-10-13 07:37:50.863955 File "/usr/lib/python3/dist-packages/keystone/api/_shared/authentication.py", line 152, in authenticate
2023-10-13 07:37:50.863956 resp = method.authenticate(auth_info.get_method_data(method_name))
2023-10-13 07:37:50.863958 File "/usr/lib/python3/dist-packages/keystone/auth/plugins/password.py", line 31, in authenticate
2023-10-13 07:37:50.863960 user_info = auth_plugins.UserAuthInfo.create(auth_payload, METHOD_NAME)
2023-10-13 07:37:50.863962 File "/usr/lib/python3/dist-packages/keystone/auth/plugins/core.py", line 106, in create
2023-10-13 07:37:50.863963 user_auth_info._validate_and_normalize_auth_data(auth_payload)
2023-10-13 07:37:50.863967 File "/usr/lib/python3/dist-packages/keystone/auth/plugins/core.py", line 214, in _validate_and_normalize_auth_data
2023-10-13 07:37:50.863968 super(UserAuthInfo, self)._validate_and_normalize_auth_data(
2023-10-13 07:37:50.863971 File "/usr/lib/python3/dist-packages/keystone/auth/plugins/core.py", line 168, in _validate_and_normalize_auth_data
2023-10-13 07:37:50.863972 user_ref = PROVIDERS.identity_api.get_user_by_name(
2023-10-13 07:37:50.863974 File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 115, in wrapped
2023-10-13 07:37:50.863975 __ret_val = __f(*args, **kwargs)
2023-10-13 07:37:50.863977 File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 412, in wrapper
2023-10-13 07:37:50.863979 self.domain_configs.setup_domain_drivers(
2023-10-13 07:37:50.863981 File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 306, in setup_domain_drivers
2023-10-13 07:37:50.863982 self._setup_domain_drivers_from_files(standard_driver,
2023-10-13 07:37:50.863984 File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 159, in _setup_domain_drivers_from_files
2023-10-13 07:37:50.863986 self._load_config_from_file(
2023-10-13 07:37:50.863988 File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 128, in _load_config_from_file
2023-10-13 07:37:50.863989 domain_config['driver'] = self._load_driver(domain_config)
2023-10-13 07:37:50.863991 File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 90, in _load_driver
2023-10-13 07:37:50.863992 return manager.load_driver(Manager.driver_namespace,
2023-10-13 07:37:50.863994 File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 73, in load_driver
2023-10-13 07:37:50.863996 driver_manager = stevedore.DriverManager(namespace,
2023-10-13 07:37:50.863998 File "/usr/lib/python3/dist-packages/stevedore/driver.py", line 54, in __init__
2023-10-13 07:37:50.863999 super(DriverManager, self).__init__(
2023-10-13 07:37:50.864001 File "/usr/lib/python3/dist-packages/stevedore/named.py", line 78, in __init__
2023-10-13 07:37:50.864002 extensions = self._load_plugins(invoke_on_load,
2023-10-13 07:37:50.864004 File "/usr/lib/python3/dist-packages/stevedore/extension.py", line 218, in _load_plugins
2023-10-13 07:37:50.864006 self._on_load_failure_callback(self, ep, err)
2023-10-13 07:37:50.864008 File "/usr/lib/python3/dist-packages/stevedore/extension.py", line 206, in _load_plugins
2023-10-13 07:37:50.864009 ext = self._load_one_plugin(ep,
2023-10-13 07:37:50.864011 File "/usr/lib/python3/dist-packages/stevedore/named.py", line 156, in _load_one_plugin
2023-10-13 07:37:50.864012 return super(NamedExtensionManager, self)._load_one_plugin(
2023-10-13 07:37:50.864014 File "/usr/lib/python3/dist-packages/stevedore/extension.py", line 242, in _load_one_plugin
2023-10-13 07:37:50.864016 obj = plugin(*invoke_args, **invoke_kwds)
2023-10-13 07:37:50.864018 File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/core.py", line 47, in __init__
2023-10-13 07:37:50.864019 self.user = UserApi(self.conf)
2023-10-13 07:37:50.864021 File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/core.py", line 252, in __init__
2023-10-13 07:37:50.864022 super(UserApi, self).__init__(conf)
2023-10-13 07:37:50.864024 File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/common.py", line 1843, in __init__
2023-10-13 07:37:50.864026 super(EnabledEmuMixIn, self).__init__(conf)
2023-10-13 07:37:50.864028 File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/common.py", line 1171, in __init__
2023-10-13 07:37:50.864029 self.LDAP_PASSWORD = conf.ldap.password
2023-10-13 07:37:50.864031 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 3161, in __getattr__
2023-10-13 07:37:50.864032 return self._conf._get(name, self._group)
2023-10-13 07:37:50.864034 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2653, in _get
2023-10-13 07:37:50.864037 value, loc = self._do_get(name, group, namespace)
2023-10-13 07:37:50.864039 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2716, in _do_get
2023-10-13 07:37:50.864041 return (convert(val), alt_loc)
2023-10-13 07:37:50.864043 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2686, in convert
2023-10-13 07:37:50.864044 self._substitute(value, group, namespace), opt)
2023-10-13 07:37:50.864046 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2786, in _substitute
2023-10-13 07:37:50.864047 ret = tmpl.safe_substitute(
2023-10-13 07:37:50.864049 File "/usr/lib/python3.10/string.py", line 142, in safe_substitute
2023-10-13 07:37:50.864051 return self.pattern.sub(convert, self.template)
2023-10-13 07:37:50.864053 File "/usr/lib/python3.10/string.py", line 133, in convert
2023-10-13 07:37:50.864054 return str(mapping[named])
2023-10-13 07:37:50.864056 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 3250, in __getitem__
2023-10-13 07:37:50.864057 value = self.conf._get(key, namespace=self.namespace)
2023-10-13 07:37:50.864059 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2653, in _get
2023-10-13 07:37:50.864061 value, loc = self._do_get(name, group, namespace)
2023-10-13 07:37:50.864063 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2671, in _do_get
2023-10-13 07:37:50.864064 info = self._get_opt_info(name, group)
2023-10-13 07:37:50.864066 File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2876, in _get_opt_info
2023-10-13 07:37:50.864067 raise NoSuchOptError(opt_name, group)
2023-10-13 07:37:50.864074 oslo_config.cfg.NoSuchOptError: no such option f in group [DEFAULT]

See original description

Axel Sündermann (cubitusinthecloud) on 2023-10-13

description:

updated

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.