Bug 34557 - Not possible to add one internet rule to multiple computer rooms
Not possible to add one internet rule to multiple computer rooms
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: UMC - Internet rules
UCS@school 3.2
Other Linux
: P5 normal (vote)
: UCS@school 3.2 R2
Assigned To: Sönke Schwardt-Krummrich
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-04-15 16:38 CEST by Michel Smidt
Modified: 2014-06-12 09:20 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
First version of a possible patch (UNTESTED!) (2.67 KB, text/plain)
2014-04-15 18:00 CEST, Sönke Schwardt-Krummrich
Details
Second version of patch (2.67 KB, patch)
2014-04-25 09:57 CEST, Sönke Schwardt-Krummrich
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michel Smidt 2014-04-15 16:38:06 CEST
Submitted by 2014041121010048
Reproduced by author.

System UCS@School 3.2-1 Errata 88
Steps to reproduce:
1. Define two internet rules (e.g. "Only wikipedia")
2. Create two computer rooms with at least on computer (e.g. "First", "Second")
3. Choose in the "Computer room" modul for the "First" room under "Change settings" the web access profile "Only wikipedia" 

Squid conf (/etc/squid/squidGuard.conf):
acl {
room-First {
  pass whitelist-Only-20wikipedia none

  redirect http://.../blocked-by-squid.html
}
  default {
    pass whitelist !blacklist all
    redirect http://.../blocked-by-squid.html
  }
}

4. Choose for the "Second" room the same web access profile "Only wikipedia"
Still the same squid conf (/etc/squid/squidGuard.conf):
acl {
room-First {
  pass whitelist-Only-20wikipedia none

  redirect http://.../blocked-by-squid.html
}
  default {
    pass whitelist !blacklist all
    redirect http://.../blocked-by-squid.html
  }
}

5. Choose for the "Second" room the same web access profile "No Internet" creates two correct rules:
acl {
room-Second {
  pass whitelist-No-20Internet none

  redirect http://.../blocked-by-squid.html
}
room-First {
  pass whitelist-Only-20wikipedia none

  redirect http://.../blocked-by-squid.html
}
  default {
    pass whitelist !blacklist all
    redirect http://.../blocked-by-squid.html
  }
}
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2014-04-15 18:00:55 CEST
Created attachment 5875 [details]
First version of a possible patch (UNTESTED!)

There is a logic bug within the UCR squidguard bug. I attached a first version of a possible patch. The patch is not heavily tested and but looks promising.
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2014-04-16 11:11:59 CEST
The patch was not final. Additional changes had to be made.
For automatic testing in future a new ucs-test script 11_squidguard_assign_rule_to_2_rooms has been added to the package 
ucs-test-ucsschool.

Changelogentry für 3.2R2 has been added, too.

ucs-school-webproxy (10.0.2-1)
ucs-test-ucsschool (1.0.12-1)
Comment 3 Nicolas Christener 2014-04-24 17:40:56 CEST
Will this patch be part of an upcoming errate update of the 3.2 line?

Could you attach the final patch set so we can manually apply and test it?
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2014-04-25 09:57:32 CEST
Created attachment 5889 [details]
Second version of patch

(In reply to Nicolas Christener from comment #3)
> Will this patch be part of an upcoming errate update of the 3.2 line?

Currently it is planned to integrate the fix into the upcoming UCS@school 3.2R2.
 
> Could you attach the final patch set so we can manually apply and test it?
Comment 5 Florian Best univentionstaff 2014-05-06 15:20:15 CEST
OK, assigning 1 same internet rule to 2 computer rooms works as expected.
Test-Script: OK
Some errors in the changelog entry has been fixed.
Comment 6 Sönke Schwardt-Krummrich univentionstaff 2014-06-12 09:19:24 CEST
UCS@school 3.2 R2 has been released:
http://docs.univention.de/release-notes-ucsschool-3.2R2-de.html

If this error occurs again, please use "Clone This Bug".