Univention Bugzilla – Bug 50852
No share access on a teachers pc after a finished exam
Last modified: 2020-04-20 16:04:23 CEST
The customer has a problem with the share access on a teachers pc, after an exam is finished. After the end of the exam, shares are no longer accessible to anyone except MyFiles. This state remains unchanged even after a restart and different logins. Remedy so that subsequent instruction with access to all shares is possible. Simplest scenario: Log on to the teacher's workstation with a student account. Then log on to the UCS WebFrontEnd with a teacher account and start a test class and finish it immediately. All shares are immediately available. Computer login teacher, UCS login teacher = share problems Computer login student, UCS login teacher = Everything o.k. Under ucs@school and computer room the logged in teacher cannot change any shares of a computer if the login behaviour is the same. Under student login this is no problem. Additionally: The IP address of the teacher's computer is entered into the UCR - samba/othershares/hosts/deny and samba/share/Marketplace/hosts/deny with the IP addresses of the student computers, but when the exam is finished, only the IP addresses of the student computers are logged out, the IP address of the teacher computer remains. Unfortunately I could not reproduce this in my testenvironment. But I could see, that the teachers pc was also listed in the computerroom like the students pc's. And the IP address of the teachers pc is set in the mentioned ucr variables as well, but after finishing the exam, the variables are completely cleared.
Which UCS and UCS@school version are in use in the domain that has the issue?
(In reply to Erik Damrose from comment #1) > Which UCS and UCS@school version are in use in the domain that has the issue? UCS: 4.4-3 errata454 Installed: cups=2.2.1 dhcp-server=12.0 prometheus-node-exporter=1.1 samba4=4.10 squid=3.5 ucsschool=4.4 v4 Upgradable: ucs-school-slave: Installiert: 12.0.2-6A~4.4.0.201912051307 Installationskandidat: 12.0.2-6A~4.4.0.201912051307
A second customer (PaedML) reports the problem with a hanging teacher computer (Ticket 2020021721000307). Problem occurs no matter which PC the teacher logs on to. If an admin logs on to the teacher PC the problem does not occur (we will test if also not occur if student is logged on teacher PC). A wrong class is entered in the marketplace. UCS: 4.3-5 errata626 Installed: cups=2.2.1 dhcp-server=12.0 horde=5.2.17-2 nagios=4.3 samba4=4.7 squid=3.5 ucsschool=4.3 v9
Customer did following test: 1. - Start KA mode on PC A as a teacher and exit normally - Log off teacher after finishing KA - logon and logoff student on PC A - Re-logon teacher check share access --> No access to share 2. - Logon and Logoff student on PC A - Restart the PC - Re-logon teacher and check share access --> No access to share 3. - Log administrator on and off the PC A - Restart the PC - Re-logon teacher and check share access --> No access to share Seems to be different to first customer
Need to correct the description: - Share Access works normally before starting KA. - Start KA mode on PC A as a teacher and exit normally - Log off teacher after finishing KA then customer did these tests: > 1. > - logon and logoff student on PC A > - Re-logon teacher check share access > --> No access to share > > 2. > - Logon and Logoff student on PC A > - Restart the PC > - Re-logon teacher and check share access > --> No access to share > > 3. > - Log administrator on and off the PC A > - Restart the PC > - Re-logon teacher and check share access > --> No access to share Customer asks for patch today.
I set "Who will be affected by this bug?" to "Will affect a very few installed domains", because I think that only very few domains are really affected. Irrespective of the fact that it has really unpleasant impacts. Feel free to discuss it.
(In reply to Michel Smidt from comment #6) > I set "Who will be affected by this bug?" to "Will affect a very few > installed domains", because I think that only very few domains are really > affected. Irrespective of the fact that it has really unpleasant impacts. > Feel free to discuss it. Sorry wrong Bug.
Ignore comment 8, copy paste gone wrong... I guess this is a regression from bug 50083. As described in bug 41752, it might take a second for iTalc to connect to the computers in a room. As long as iTalc isn't connected, the computer is considered a students computer and the share restrictions are applied. Later when a teacher stops the exam iTalc has connected and the teacher computer is therefore detected. But the share restrictions aren't lifted because they shouldn't have been applied in the first place. With the fix of bug 50083 a subprocess call was removed which might have given iTalc enough time to connect to the computers and detect the teachers computer. How to reproduce: I didn't really try to reproduce the race condition, but this can also be reproduced as follows: 1) Add computer A to room A 2) Start exam in room A from computer B 3) computer A is now in "samba/share/Marktplatz/hosts/deny" 4) Login as a teacher on computer A 5) Stop the exam 6) computer A has not been removed from "samba/share/Marktplatz/hosts/deny" Quick fix: Reset all computers in the room (see patch) We should also check if we can improve the detection of a teacher computer (see also bug 48080)
I tested the patch in the paedml environment and it fixed the problem. Thank you for the fast fix
The patch also fixed the problem in the other environment!
The bugfix is implemented in oschwieg/4.4/50852 The backport for 4.3 will be handled in Bug #50968 Instead of using iTalc to fetch the ip addresses of all computers in the room we now use the ComputerRoom school object and fetch all hosts, excluding computers marked as teacher computers. That means: It it not important where the teacher is logged in, it only matters which computers are configured to be teacher computers in the room management module (as it is documented in the manual). Please QA on the branch and REOPEN for merge&build.
QA -> all ok (code & functionality) please merge&build [oschwieg/4.4/50852] d32423282 Bug #50852: Exempt teacher computers from computerroom settings changes ucsschool 4.4, Two Windows clients, which are in a computer room. One is a teacher's pc, the other one isn't. Before the patch: After KA start, both computers are in ucrv. After KA finish, the teacher's computer remains in ucrv. After the patch: After KA start, the student's computer is in the ucrv, the teacher's computer is left out. It doesn't matter whether the teacher was logged in before or not. After the KA is finished, the student pc is removed, too (like before).
Package: ucs-school-umc-computerroom Version: 11.0.0-18A~4.4.0.202004161150 Branch: ucs_4.4-0 Scope: ucs-school-4.4 Advisory added.
QA -> Merge & YAML OK
Released as an errata update to ucsschool 4.4 v5. https://docs.software-univention.de/changelog-ucsschool-4.4v5-de.html#changelog:ucsschool:2020-04-20