Bug 47170 – Missing literal in time formatting influences group reports

Bug 47170 - Missing literal in time formatting influences group reports


Summary:	Missing literal in time formatting influences group reports

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	UMC - Users
Version:	UCS 4.3
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Duplicates:	47197 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-06-11 15:03 CEST by Nico Gulden
Modified:	2021-05-14 16:34 CEST (History)
CC List:	6 users (show)

See Also:	49697
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.229
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2018061121000601, 2018061421001416, 2019042421000374
Bug group (optional):	External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nico Gulden

2018-06-11 15:03:34 CEST

In file `/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py` in
section:

def unmapWindowsFiletime(old):
        if old and old[0]:
                if old[0] == "0":
                        return old[0]
                d = 116444736000000000L  # difference between 1601 and 1970
                unixtime = (int(old[0]) - d) / 10000000
                return time.strftime('%Y%m%d%H%M%SZ', time.gmtime(unixtime))
        return ''

should be a `%` between second and time zone.

Comment 1 Nico Gulden

2018-06-11 15:06:51 CEST

See https://github.com/univention/univention-corporate-server/blob/df228268a49d08e333114cf07de79a11ce9895fb/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py#L1434

Comment 2 Nico Gulden

2018-06-11 15:46:58 CEST

4.3-0 Errata 89 is affected.

Comment 3 Florian Best

2018-06-15 11:15:41 CEST

*** Bug 47197 has been marked as a duplicate of this bug. ***

Comment 4 Florian Best

2018-06-15 11:18:21 CEST

Why are you so sure about the missing '%' ?

>>> time.strftime('%Y%m%d%H%M%SZ', time.gmtime(time.time()))
'20180615091618Z'

I think this is on purpose.
The question is, what value is in "unixtime"?

Comment 5 Stefan Gohmann

2018-06-15 11:34:10 CEST

(In reply to Florian Best from comment #4)
> Why are you so sure about the missing '%' ?
> 
> >>> time.strftime('%Y%m%d%H%M%SZ', time.gmtime(time.time()))
> '20180615091618Z'
> 
> I think this is on purpose.
> The question is, what value is in "unixtime"?

At least in Ticket #2018061421001416, the value was set to seconds since 1970. See Bug #47197#c3.

Comment 6 Florian Best

2019-05-05 22:04:14 CEST

From Bug #47197:

(In reply to Stefan Gohmann from comment #3)
> I can reproduce it:
> 
> root@master431:~# ldapmodify -x -D cn=admin,$(ucr get ldap/base) -y
> /etc/ldap.secret -f user-set-sambaBadPasswordTime-to-1467969484.ldif 
> modifying entry "uid=edl,cn=users,dc=deadlock43,dc=intranet"
> 
> root@master431:~# udm users/user list 
> Traceback (most recent call last):
>   File
> "/usr/share/univention-directory-manager-tools/univention-cli-server", line
> 218, in doit
>     output = univention.admincli.admin.doit(arglist)
>   File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line
> 398, in doit
>     out = _doit(arglist)
>   File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line
> 987, in _doit
>     for object in univention.admin.modules.lookup(module, co, lo,
> scope='sub', superordinate=superordinate, base=position.getDn(),
> filter=filter):
>   File "/usr/lib/pymodules/python2.7/univention/admin/modules.py", line 732,
> in lookup
>     tmpres = module.lookup(co, lo, filter, base=base,
> superordinate=superordinate, scope=scope, unique=unique, required=required,
> timeout=timeout, sizelimit=sizelimit)
>   File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py",
> line 1404, in lookup
>     result.append(cls(co, lo, None, dn=dn, superordinate=superordinate,
> attributes=attrs))
>   File
> "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line
> 1520, in __init__
>     univention.admin.handlers.simpleLdap.__init__(self, co, lo, position,
> dn, superordinate, attributes=attributes)
>   File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py",
> line 230, in __init__
>     oldinfo = self.mapping.unmapValues(self.oldattr)
>   File "/usr/lib/pymodules/python2.7/univention/admin/mapping.py", line 321,
> in unmapValues
>     info = mapDict(self, oldattr)
>   File "/usr/lib/pymodules/python2.7/univention/admin/mapping.py", line 377,
> in mapDict
>     v = mapping.unmapValue(key, value)
>   File "/usr/lib/pymodules/python2.7/univention/admin/mapping.py", line 317,
> in unmapValue
>     return unmap_value(value) if unmap_value else value
>   File
> "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line
> 1433, in unmapWindowsFiletime
>     return time.strftime('%Y%m%d%H%M%SZ', time.gmtime(unixtime))
> ValueError: year out of range
> root@master431:~# ldapmodify -x -D cn=admin,$(ucr get ldap/base) -y
> /etc/ldap.secret -f user-set-sambaBadPasswordTime-to-0.ldif 
> modifying entry "uid=edl,cn=users,dc=deadlock43,dc=intranet"
> 
> root@master431:~# udm users/user list --filter uid=edl | grep -i lock
> DN: uid=edl,cn=users,dc=deadlock43,dc=intranet
>   groups: cn=Domain Users,cn=groups,dc=deadlock43,dc=intranet
>   locked: 0
>   lockedTime: 0
>   primaryGroup: cn=Domain Users,cn=groups,dc=deadlock43,dc=intranet
>   unlock: None
>   unlockTime: None
> root@master431:~# 
> 
> root@master431:~# tail user-set-sambaBadPasswordTime-to-0.ldif 
> dn: uid=edl,cn=users,dc=deadlock43,dc=intranet
> changetype: modify
> replace: sambaBadPasswordTime
> sambaBadPasswordTime: 0
> 
> root@master431:~# tail user-set-sambaBadPasswordTime-to-1467969484.ldif 
> dn: uid=edl,cn=users,dc=deadlock43,dc=intranet
> changetype: modify
> replace: sambaBadPasswordTime
> sambaBadPasswordTime: 1467969484
> 
> root@master431:~#

Comment 7 Florian Best

2019-05-05 22:35:21 CEST

The question which remains here is: Who sets sambaBadPasswordTime (or badPasswordTime) to an invalid value?
UDM does not.
The S4-Connector doesn't set something explicit, it just takes values from the S4-LDAP (password.py:lockout_sync_s4_to_ucs()).
Maybe we should validate the value there before writing it to ldap, if the S4 Connector is the cause.

A valid value would look like: '132015618880000000'
Or should UDM be more graceful and allow other formats (unix timestamps)?
(I don't think so.)
UDM could raise an invalidValue() error so that the object is ignored and not anymore shown in UDM/UMC.

Comment 9 Ingo Steuwer

2021-05-14 15:42:58 CEST

This issue has been filed against UCS 4.3.

UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.