Univention Bugzilla – Bug 44109
exam mode: cleanup of ucr variables fails (othershares/hosts/deny, marktplatz/hosts/deny, printmode/hosts/none, sharemode/room/examroom)
Last modified: 2017-06-23 13:32:25 CEST
The changes of UCS@school 4.1R2 have to be ported to UCS@school 4.2 +++ This bug was initially created as a clone of Bug #44082 +++ certain ucr variables are not cleaned up after an exam. Examples from the customer environment: config-registry-replog: 2017-03-27 12:31:15: set samba/othershares/hosts/deny='10.101.69.116 10.101.69.177 10.101.69.29' old:[Previously undefined] 2017-03-27 12:31:15: set samba/share/Marktplatz/hosts/deny='10.101.69.116 10.101.69.177 10.101.69.29' old:[Previously undefined] 2017-03-27 12:31:15: set samba/printmode/hosts/none='""' old:[Previously undefined] 2017-03-27 12:31:15: set samba/sharemode/room/examroom=home old:[Previously undefined]
r78840: code merge and advisory Package: ucs-school-umc-exam Version: 7.0.3-5A~4.2.0.201704200939 Branch: ucs_4.2-0 Scope: ucs-school-4.2
r78841: fix fuzzy i18n ucs-school-umc-exam 7.0.3-6A~4.2.0.201704200957
As discussed, the code should use univention.lib.umc.Client instead of UMCConnection.
r78979: use univention.lib.umc.Client instead of UMCConnection Package: ucs-school-umc-exam Version: 7.0.3-7A~4.2.0.201704280956 Branch: ucs_4.2-0 Scope: ucs-school-4.2
REOPEN: Error handling is broken. The new lib doesn't raise HTTPException, SocketError at anytime.
(In reply to Florian Best from comment #5) > REOPEN: Error handling is broken. The new lib doesn't raise HTTPException, > SocketError at anytime. Actually the API documentation is broken - it is non-existent. Please provide a API documentation which exceptions are raised by which methods. It is a big waist of time to crawl all possible UMC/request code paths that can lead to exceptions! r79458: fix exception handling r79459: advisory update ucs-school-umc-exam 7.0.4-5A~4.2.0.201705211110
Well, the fix doesn't investigate why it failed but just added another second resetting of the settings via the backend. The error handling in case of errors during reset is also not done so that if that happens no exam user account are removed. But the changes work. YAML: s/bow/now/ → r79669
Created attachment 8880 [details] Screenshot The real reason might be this error message? It happens after waiting too long. I also think that I already ended the exam.
Created attachment 8884 [details] Screenshot 2 Hmm, I cannot finish an exam anymore when being logged in via SAML. These error pop ups occur in an endless loop always when trying to finish the exam.
30.05.17 11:18:25.210 MAIN ( WARN ) : SAML binddn does not match: 'uid=administrator,cn=users,dc=school,dc=local' != 'uid=Administrator,cn=users,dc=school,dc=local' 30.05.17 11:18:44.406 MODULE ( PROCESS ) : Diese Aktion erfordert die Eingabe Ihres Passwortes. 30.05.17 11:18:51.416 ADMIN ( WARN ) : modules update_extended_attributes: custom field for tab Passwort-Wiederherstellung: failed to set tabPosition 30.05.17 11:18:53.834 MODULE ( PROCESS ) : Verteilung der Klassenarbeitsdateien - 30.05.17 11:18:57.425 MODULE ( PROCESS ) : Vorbereiten der Raumeinstellungen - beendet... 30.05.17 11:19:39.250 MODULE ( PROCESS ) : Entfernen der Klassenarbeitskonten - beendet... 30.05.17 11:21:51.386 MODULE ( ERROR ) : Cannot load project - project file /var/lib/ucs-school-umc-schoolexam/asdf does not exist 30.05.17 11:21:51.386 MODULE ( WARN ) : The project file for exam asdf does not exist. Ignoring and finishing exam mode. 30.05.17 11:21:55.752 MODULE ( PROCESS ) : Vorbereiten der Raumeinstellungen - beendet... 30.05.17 11:22:32.393 MODULE ( PROCESS ) : Diese Aktion erfordert die Eingabe Ihres Passwortes.
(In reply to Florian Best from comment #9) > Hmm, I cannot finish an exam anymore when being logged in via SAML. These > error pop ups occur in an endless loop always when trying to finish the exam. * Can you check, it it does happen with ucs-school-umc-exam before 7.0.3-5 too? * Is it possible, that @require_password is incompatible with SAML?
(In reply to Daniel Tröder from comment #11) > (In reply to Florian Best from comment #9) > > Hmm, I cannot finish an exam anymore when being logged in via SAML. These > > error pop ups occur in an endless loop always when trying to finish the exam. > * Can you check, it it does happen with ucs-school-umc-exam before 7.0.3-5 > too? No it doesn't. > * Is it possible, that @require_password is incompatible with SAML? @require_password is necessary for SAML if you need the password. And that is the problem: @require_password was added so that some other internal behavior changes. The easiest fix is probably: --- a/ucs-school-umc-computerroom/umc/python/computerroom/__init__.py +++ b/ucs-school-umc-computerroom/umc/python/computerroom/__init__.py -» » if userDN and userDN != self.user_dn: +» » if userDN and userDN.lower() != self.user_dn.lower():
I found the real problem which was not covered by Bug #44082. First the computerroom/exam/finish request is performed and then the computerroom/settings/set. This causes that the "reset" command which is stored for the room is never executed: umc/python/computerroom/__init__.py 668 » » if in_exam_mode and roomInfo.get('cmd'): 671 » » » » subprocess.call(shlex.split(roomInfo['cmd'])) Here the prove from the logs: 30.05.17 13:14:39.066 PROTOCOL ( INFO ) : Sending UMCP RESPONSE 149614287905814-11784 30.05.17 13:14:40.857 PARSER ( INFO ) : UMCP REQUEST 149614288085007-11792 parsed successfully 30.05.17 13:14:40.857 MODULE ( INFO ) : Received request 149614288085007-11792 30.05.17 13:14:40.857 PROTOCOL ( INFO ) : Received UMCP COMMAND REQUEST 149614288085007-11792 30.05.17 13:14:40.857 MODULE ( INFO ) : Executing ['computerroom/exam/finish'] 30.05.17 13:14:40.857 MAIN ( INFO ) : Setting locale 'de_DE' 30.05.17 13:14:40.859 MODULE ( INFO ) : Writing info file for room "cn=oldschool-raum1,cn=raeume,cn=groups,ou=oldschool,dc=school,dc=local": {'examDescription': None, 'exam': None, 'room': 'cn=oldschool-raum1,cn=raeume,cn=groups,ou=oldschool,dc=school,dc=local', ' examEndTime': None, 'cmd': '/usr/share/ucs-school-umc-computerroom/ucs-school-deactivate-rules -r samba/sharemode/room/raum1 -e samba/othershares/hosts/deny -e samba/share/Marktplatz/hosts/deny 1.2.3.5 1.2.3.4 0000:0000:0000:0000:0000:0000:0000:0002', 'pid': 12557, 'user': 'uid=Administrator,cn=users,dc=school,dc=local'} 30.05.17 13:14:40.859 PROTOCOL ( INFO ) : Sending UMCP RESPONSE 149614288085007-11792 30.05.17 13:14:40.948 PARSER ( INFO ) : UMCP REQUEST 149614288092992-11793 parsed successfully 30.05.17 13:14:40.948 MODULE ( INFO ) : Received request 149614288092992-11793 30.05.17 13:14:40.949 PROTOCOL ( INFO ) : Received UMCP COMMAND REQUEST 149614288092992-11793 30.05.17 13:14:40.949 MODULE ( INFO ) : Executing ['computerroom/settings/set'] 30.05.17 13:14:40.949 MAIN ( INFO ) : Setting locale 'de_DE' 30.05.17 13:14:41.029 MODULE ( INFO ) : iTALC users: 30.05.17 13:14:41.029 MODULE ( INFO ) : Reloading cups 30.05.17 13:14:41.052 PROTOCOL ( INFO ) : Sending UMCP RESPONSE 149614288092992-11793
Created attachment 8886 [details] patch The patch contains the real fix for Bug #44082 so that all the current changes can be reverted. There is still another specific problem, that samba/printmode/hosts/none is never reset due to Bug #30450 / svn r39711 which added: » » if varname in vunset: » » » del vunset[varname] → I see no reason for this code. IMHO we should remove these two lines (as is done in the patch, too).
@Sönke: it's difficult to decide this now. We'll wait until Thursday with the final fix to discuss this with you. Both fixes have advantages and disadvantages: The Javascript-Fix (attachment 8886 [details]): * advantage: less testing, works out of the box, fast delivered fix * disadvantage: it's unclear why the "del vunset[varname]" line exists and what side effects it has to remove it The python backend fix: * advantage: the code is part of the backend and therefore we can easier test it with ucs-test, possible javascript errors in the future aren't ignored silently anymore * disadvantage: the fix is incomplete, especially regarding error handling and more work needs to be done: ** if e.g. the room acquire or settings-reset fails no exam users are removed *** → See the traceback in Ticket #2017053021000266 which currently happens very often due to Bug #44382 ** when logged in via SAML we have multiple side effects: *** if stopping the exam fails there is a javascript error which removes the currently set room. stopping it a second time would cause the error in attachment 8880 [details] *** the progressbar starts immediately and can't be stopped anymore in case of failures (e.g. attachment 8880 [details] or wrong password is entered during the SAML-requires-credentials-dialog) *** the comparision of the room owner DN and the current user is done case sensitive, but the case is different when being logged in via SAML causing errors like attachment 8884 [details], so that one cannot stop an exam anymore. ** no feedback is sent to the user in case of errors Another question is: should we backport this then to UCS 4.1? The current released UCS@school is broken for SAML users.
I found the synthesis of both solutions and moved the logic into the backend. All other changes have been reverted. ucs-school-umc-exam.yaml: r79976 | YAML Bug #44109 r79974 | Bug #44109: revert ucs-school-umc-computerroom (9.0.7-1): r79975 | Bug #44109: fix unsetting of computerroom settings after exam mode ucs-school-umc-computerroom.yaml: r79976 | YAML Bug #44109
For the UCR variable "samba/printmode/hosts/none" we have got Bug #37840.
OK: manual tests with SAML-login OK: manual tests with non-SAML-login root@single130:~# ucr search room01 proxy/filter/usergroup/SchuleEins-room01: windows-pc01$ # start exam root@single130:~# ucr search room01 proxy/filter/room/room01/ip: 10.200.3.231 proxy/filter/room/room01/rule: Kein Internet proxy/filter/usergroup/SchuleEins-room01: windows-pc01$ samba/sharemode/room/room01: home # configure print more in computer room samba/printmode/room/room01: none # finish exam root@single130:~# ucr search room01 proxy/filter/usergroup/SchuleEins-room01: windows-pc01$
UCS@school 4.2 v2 has been released. http://docs.software-univention.de/changelog-ucsschool-4.2v2-de.html If this error occurs again, please clone this bug.