First Last Prev Next    This bug is not in your last search results.
Bug 44109 - exam mode: cleanup of ucr variables fails (othershares/hosts/deny, marktplatz/hosts/deny, printmode/hosts/none, sharemode/room/examroom)
exam mode: cleanup of ucr variables fails (othershares/hosts/deny, marktplatz...
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: UMC - Exam mode
UCS@school 4.1 R2
Other Linux
: P5 normal (vote)
: UCS@school 4.2 v2
Assigned To: Florian Best
Daniel Tröder
:
Depends on: 44082
Blocks: 44157
  Show dependency treegraph
 
Reported: 2017-03-28 13:51 CEST by Sönke Schwardt-Krummrich
Modified: 2017-06-23 13:32 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 4: Will affect most installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.571
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2017032721000276, 2017021521000586, 2017053021000266
Bug group (optional): Workaround is available
Max CVSS v3 score:

Attachments
Screenshot (100.86 KB, image/png)
2017-05-24 17:36 CEST, Florian Best 		Details
Screenshot 2 (52.97 KB, image/png)
2017-05-30 11:24 CEST, Florian Best 		Details
patch (1.83 KB, patch)
2017-05-30 13:45 CEST, Florian Best 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2017-03-28 13:51:31 CEST 
The changes of UCS@school 4.1R2 have to be ported to UCS@school 4.2

+++ This bug was initially created as a clone of Bug #44082 +++

certain ucr variables are not cleaned up after an exam. Examples from the customer environment: 

config-registry-replog:
2017-03-27 12:31:15: set samba/othershares/hosts/deny='10.101.69.116 10.101.69.177 10.101.69.29' old:[Previously undefined]
2017-03-27 12:31:15: set samba/share/Marktplatz/hosts/deny='10.101.69.116 10.101.69.177 10.101.69.29' old:[Previously undefined]
2017-03-27 12:31:15: set samba/printmode/hosts/none='""' old:[Previously undefined]
2017-03-27 12:31:15: set samba/sharemode/room/examroom=home old:[Previously undefined]
Comment 1 Daniel Tröder univentionstaff 2017-04-20 09:39:26 CEST 
r78840: code merge and advisory

Package: ucs-school-umc-exam
Version: 7.0.3-5A~4.2.0.201704200939
Branch: ucs_4.2-0
Scope: ucs-school-4.2
Comment 2 Daniel Tröder univentionstaff 2017-04-20 10:00:07 CEST 
r78841: fix fuzzy i18n

ucs-school-umc-exam 7.0.3-6A~4.2.0.201704200957
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2017-04-24 12:19:05 CEST 
As discussed, the code should use univention.lib.umc.Client instead of UMCConnection.
Comment 4 Daniel Tröder univentionstaff 2017-04-28 09:59:49 CEST 
r78979: use univention.lib.umc.Client instead of UMCConnection

Package: ucs-school-umc-exam
Version: 7.0.3-7A~4.2.0.201704280956
Branch: ucs_4.2-0
Scope: ucs-school-4.2
Comment 5 Florian Best univentionstaff 2017-05-09 16:36:03 CEST 
REOPEN: Error handling is broken. The new lib doesn't raise HTTPException, SocketError at anytime.
Comment 6 Daniel Tröder univentionstaff 2017-05-21 11:11:14 CEST 
(In reply to Florian Best from comment #5)
> REOPEN: Error handling is broken. The new lib doesn't raise HTTPException,
> SocketError at anytime.
Actually the API documentation is broken - it is non-existent.
Please provide a API documentation which exceptions are raised by which methods. It is a big waist of time to crawl all possible UMC/request code paths that can lead to exceptions!

r79458: fix exception handling
r79459: advisory update

ucs-school-umc-exam 7.0.4-5A~4.2.0.201705211110
Comment 7 Florian Best univentionstaff 2017-05-24 16:13:46 CEST 
Well, the fix doesn't investigate why it failed but just added another second resetting of the settings via the backend.
The error handling in case of errors during reset is also not done so that if that happens no exam user account are removed.

But the changes work.

YAML: s/bow/now/ → r79669
Comment 8 Florian Best univentionstaff 2017-05-24 17:36:05 CEST 
Created attachment 8880 [details]
Screenshot

The real reason might be this error message? It happens after waiting too long. I also think that I already ended the exam.
Comment 9 Florian Best univentionstaff 2017-05-30 11:24:34 CEST 
Created attachment 8884 [details]
Screenshot 2

Hmm, I cannot finish an exam anymore when being logged in via SAML. These error pop ups occur in an endless loop always when trying to finish the exam.
Comment 10 Florian Best univentionstaff 2017-05-30 11:26:30 CEST 
30.05.17 11:18:25.210  MAIN        ( WARN    ) : SAML binddn does not match: 'uid=administrator,cn=users,dc=school,dc=local' != 'uid=Administrator,cn=users,dc=school,dc=local'
30.05.17 11:18:44.406  MODULE      ( PROCESS ) : Diese Aktion erfordert die Eingabe Ihres Passwortes.
30.05.17 11:18:51.416  ADMIN       ( WARN    ) : modules update_extended_attributes: custom field for tab Passwort-Wiederherstellung: failed to set tabPosition
30.05.17 11:18:53.834  MODULE      ( PROCESS ) : Verteilung der Klassenarbeitsdateien -
30.05.17 11:18:57.425  MODULE      ( PROCESS ) : Vorbereiten der Raumeinstellungen - beendet...
30.05.17 11:19:39.250  MODULE      ( PROCESS ) : Entfernen der Klassenarbeitskonten - beendet...
30.05.17 11:21:51.386  MODULE      ( ERROR   ) : Cannot load project - project file /var/lib/ucs-school-umc-schoolexam/asdf does not exist
30.05.17 11:21:51.386  MODULE      ( WARN    ) : The project file for exam asdf does not exist. Ignoring and finishing exam mode.
30.05.17 11:21:55.752  MODULE      ( PROCESS ) : Vorbereiten der Raumeinstellungen - beendet...
30.05.17 11:22:32.393  MODULE      ( PROCESS ) : Diese Aktion erfordert die Eingabe Ihres Passwortes.
Comment 11 Daniel Tröder univentionstaff 2017-05-30 11:42:24 CEST 
(In reply to Florian Best from comment #9)
> Hmm, I cannot finish an exam anymore when being logged in via SAML. These
> error pop ups occur in an endless loop always when trying to finish the exam.
* Can you check, it it does happen with ucs-school-umc-exam before 7.0.3-5 too?

* Is it possible, that @require_password is incompatible with SAML?
Comment 12 Florian Best univentionstaff 2017-05-30 12:04:44 CEST 
(In reply to Daniel Tröder from comment #11)
> (In reply to Florian Best from comment #9)
> > Hmm, I cannot finish an exam anymore when being logged in via SAML. These
> > error pop ups occur in an endless loop always when trying to finish the exam.
> * Can you check, it it does happen with ucs-school-umc-exam before 7.0.3-5
> too?
No it doesn't.

> * Is it possible, that @require_password is incompatible with SAML?
@require_password is necessary for SAML if you need the password. And that is the problem: @require_password was added so that some other internal behavior changes.

The easiest fix is probably:

--- a/ucs-school-umc-computerroom/umc/python/computerroom/__init__.py
+++ b/ucs-school-umc-computerroom/umc/python/computerroom/__init__.py

-»   »   if userDN and userDN != self.user_dn:
+»   »   if userDN and userDN.lower() != self.user_dn.lower():
Comment 13 Florian Best univentionstaff 2017-05-30 13:21:37 CEST 
I found the real problem which was not covered by Bug #44082.

First the computerroom/exam/finish request is performed and then the computerroom/settings/set. This causes that the "reset" command which is stored for the room is never executed:
umc/python/computerroom/__init__.py
668 »   »   if in_exam_mode and roomInfo.get('cmd'):
671 »   »   »   »   subprocess.call(shlex.split(roomInfo['cmd']))

Here the prove from the logs:

30.05.17 13:14:39.066  PROTOCOL    ( INFO    ) : Sending UMCP RESPONSE 149614287905814-11784
30.05.17 13:14:40.857  PARSER      ( INFO    ) : UMCP REQUEST 149614288085007-11792 parsed successfully
30.05.17 13:14:40.857  MODULE      ( INFO    ) : Received request 149614288085007-11792
30.05.17 13:14:40.857  PROTOCOL    ( INFO    ) : Received UMCP COMMAND REQUEST 149614288085007-11792
30.05.17 13:14:40.857  MODULE      ( INFO    ) : Executing ['computerroom/exam/finish']
30.05.17 13:14:40.857  MAIN        ( INFO    ) : Setting locale 'de_DE'
30.05.17 13:14:40.859  MODULE      ( INFO    ) : Writing info file for room "cn=oldschool-raum1,cn=raeume,cn=groups,ou=oldschool,dc=school,dc=local": {'examDescription': None, 'exam': None, 'room': 'cn=oldschool-raum1,cn=raeume,cn=groups,ou=oldschool,dc=school,dc=local', '
examEndTime': None, 'cmd': '/usr/share/ucs-school-umc-computerroom/ucs-school-deactivate-rules -r samba/sharemode/room/raum1 -e samba/othershares/hosts/deny -e samba/share/Marktplatz/hosts/deny 1.2.3.5 1.2.3.4 0000:0000:0000:0000:0000:0000:0000:0002', 'pid': 12557, 'user':
 'uid=Administrator,cn=users,dc=school,dc=local'}
30.05.17 13:14:40.859  PROTOCOL    ( INFO    ) : Sending UMCP RESPONSE 149614288085007-11792
30.05.17 13:14:40.948  PARSER      ( INFO    ) : UMCP REQUEST 149614288092992-11793 parsed successfully
30.05.17 13:14:40.948  MODULE      ( INFO    ) : Received request 149614288092992-11793
30.05.17 13:14:40.949  PROTOCOL    ( INFO    ) : Received UMCP COMMAND REQUEST 149614288092992-11793
30.05.17 13:14:40.949  MODULE      ( INFO    ) : Executing ['computerroom/settings/set']
30.05.17 13:14:40.949  MAIN        ( INFO    ) : Setting locale 'de_DE'
30.05.17 13:14:41.029  MODULE      ( INFO    ) : iTALC users: 
30.05.17 13:14:41.029  MODULE      ( INFO    ) : Reloading cups
30.05.17 13:14:41.052  PROTOCOL    ( INFO    ) : Sending UMCP RESPONSE 149614288092992-11793
Comment 14 Florian Best univentionstaff 2017-05-30 13:45:05 CEST 
Created attachment 8886 [details]
patch

The patch contains the real fix for Bug #44082 so that all the current changes can be reverted.
There is still another specific problem, that samba/printmode/hosts/none is never reset due to Bug #30450 / svn r39711 which added:
» »   if varname in vunset:
» »   »   del vunset[varname]
→ I see no reason for this code. IMHO we should remove these two lines (as is done in the patch, too).
Comment 15 Florian Best univentionstaff 2017-05-30 14:34:04 CEST 
@Sönke: it's difficult to decide this now. We'll wait until Thursday with the final fix to discuss this with you.

Both fixes have advantages and disadvantages:

The Javascript-Fix (attachment 8886 [details]):
* advantage: less testing, works out of the box, fast delivered fix
* disadvantage: it's unclear why the "del vunset[varname]" line exists and what side effects it has to remove it

The python backend fix:
* advantage: the code is part of the backend and therefore we can easier test it with ucs-test, possible javascript errors in the future aren't ignored silently anymore
* disadvantage: the fix is incomplete, especially regarding error handling and more work needs to be done:
** if e.g. the room acquire or settings-reset fails no exam users are removed
*** → See the traceback in Ticket #2017053021000266 which currently happens very often due to Bug #44382
** when logged in via SAML we have multiple side effects:
*** if stopping the exam fails there is a javascript error which removes the currently set room. stopping it a second time would cause the error in attachment 8880 [details] 
*** the progressbar starts immediately and can't be stopped anymore in case of failures (e.g. attachment 8880 [details] or wrong password is entered during the SAML-requires-credentials-dialog)
*** the comparision of the room owner DN and the current user is done case sensitive, but the case is different when being logged in via SAML causing errors like attachment 8884 [details], so that one cannot stop an exam anymore.
** no feedback is sent to the user in case of errors

Another question is: should we backport this then to UCS 4.1? The current released UCS@school is broken for SAML users.
Comment 16 Florian Best univentionstaff 2017-06-01 12:59:36 CEST 
I found the synthesis of both solutions and moved the logic into the backend. All other changes have been reverted.

ucs-school-umc-exam.yaml:
r79976 | YAML Bug #44109
r79974 | Bug #44109: revert

ucs-school-umc-computerroom (9.0.7-1):
r79975 | Bug #44109: fix unsetting of computerroom settings after exam mode

ucs-school-umc-computerroom.yaml:
r79976 | YAML Bug #44109
Comment 17 Florian Best univentionstaff 2017-06-01 13:02:06 CEST 
For the UCR variable "samba/printmode/hosts/none" we have got Bug #37840.
Comment 18 Daniel Tröder univentionstaff 2017-06-06 16:39:49 CEST 
OK: manual tests with SAML-login
OK: manual tests with non-SAML-login

root@single130:~# ucr search room01
proxy/filter/usergroup/SchuleEins-room01: windows-pc01$

# start exam

root@single130:~# ucr search room01
proxy/filter/room/room01/ip: 10.200.3.231
proxy/filter/room/room01/rule: Kein Internet
proxy/filter/usergroup/SchuleEins-room01: windows-pc01$
samba/sharemode/room/room01: home

# configure print more in computer room

samba/printmode/room/room01: none

# finish exam

root@single130:~# ucr search room01
proxy/filter/usergroup/SchuleEins-room01: windows-pc01$
Comment 19 Sönke Schwardt-Krummrich univentionstaff 2017-06-23 13:32:25 CEST 
UCS@school 4.2 v2 has been released.

http://docs.software-univention.de/changelog-ucsschool-4.2v2-de.html

If this error occurs again, please clone this bug.
First Last Prev Next    This bug is not in your last search results.