Bug 53464 - Starting an exam throws an unexpected error
Starting an exam throws an unexpected error
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Ucsschool-lib
UCS@school 4.4
Other Linux
: P5 normal (vote)
: UCS@school 4.4 v9-errata
Assigned To: Tobias Wenzel
Jürn Brodersen
:
Depends on: 53800 53799 53828
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-18 12:31 CEST by Christina Scheinig
Modified: 2021-10-20 15:02 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.057
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2021050221000524
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2021-06-18 12:31:31 CEST
During a start of an Exam, the teacher gets the following error message:

An error ocurred
An error occurred during the preparation of the exam. The following information will show more details about the exact error. Please retry to start the exam.
An unexpected error occurred.


The error in the logfile:
03.05.21 15:27:22.130  MODULE      ( ERROR   ) : _finished:814  Error in start_exam()->_thread(): Unable to load default file
  File "/usr/lib/python2.7/dist-packages/notifier/threads.py", line 80, in _run
    result = self._function()
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/schoolexam/__init__.py", line 805, in _thread
    Instance.set_nt_acls_on_exam_folders(my.project.getRecipients())
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/schoolexam/__init__.py", line 258, in set_nt_acls_on_exam_folders
    deny_owner_change_permissions(root)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/schoolexam/__init__.py", line 120, in deny_owner_change_permissions
    lp.load_default()
RuntimeError: Unable to load default file


The customer defined a workgroup, with consecutive whitespaces in the name. Therefore the share also has these whitespaces.
As described in Bug 45338 the samba config parser reduces consecutive whitespaces to one.


root@ucs01:/tmp/samba_backup_1623939478# samba-tool testparm -d2 -s smb.conf
lpcfg_load: refreshing parameters from smb.conf
Can't find include file /tmp/samba_backup_1623939478/local.config.d/PSG-Ch GK - 12.local.config.conf
ERROR: Unable to load file smb.conf

In 
/usr/share/pyshared/univention/management/console/modules/schoolexam/__init__.py
in the function 
def deny_owner_change_permissions(filename):  # type: (str) -> None
the samba default config is used and checked. Here the whitespaces are reduced to one and the error occurs during exam start.

The Exam is working after that, but the teacher has to open the computerroom manually.
Comment 2 Tobias Wenzel univentionstaff 2021-09-14 12:00:25 CEST
This bug does not seem to be an ucsschool bug.


=== We did the following ===


- reproduces the error in multi-server env

univention-app info
UCS: 4.4-8 errata1029
Installed: cups=2.2.1 samba4=4.10 squid=3.5 ucsschool=4.4 v9 ucsschool-veyon-proxy=1.1

- The error seems to be in lp.load_default() as suspected: This samba function loads /etc/smb.conf where the home-dirs are configured - but also all other shares, because they are included. I.e. if there are any shares with consecutive whitespaces, this will fail. 

We tried the following fixes:

- skiping lp.load_default() does not work: the code is excuted and the exam starts without any errors, but we got the following:

samba-tool ntacl get --as-sddl /home/DEMOSCHOOL2/schueler/exam-homes/exam-demo_student2.20210827-052446/
ERROR(runtime): uncaught exception - Unable to load default file
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 185, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 173, in run
lp = sambaopts.get_loadparm()
File "/usr/lib/python2.7/dist-packages/samba/getopt.py", line 91, in get_loadparm
self._lp.load_default()


- creating symlinks without whitespace (this might be quick fix, but we won't put this in our product)
- try/except RuntimeError -> Bad IDEA
- when creating a group (class|workgroup) replace consecutive whitespace
\s+ -> \s          -> same problem as with symlinks, user input should not be modified.


Note: 

The group seems to be created correct, so I don't now if this is really a s4 bug. 

udm groups/group list --filter cn=DEMOSCHOOL2-Ch*
cn=DEMOSCHOOL2-Ch*
DN: cn=DEMOSCHOOL2-Ch  GK,cn=schueler,cn=groups,ou=DEMOSCHOOL2,dc=wenzel-univention,dc=intranet

univention-s4search "CN=DEMOSCHOOL2-Ch  GK"
# record 1
dn: CN=DEMOSCHOOL2-Ch  GK,CN=schueler,CN=groups,OU=DEMOSCHOOL2,DC=wenzel-univention,DC=intranet

We already had a list of QA-Tasks

QA Tasks:


 - code review
 - test in single-server-env + multi-server env
 - are existing groups with consecutive whitespaces handled?
 - create a workgroup PSG-Ch  GK and start an exam -> witness the error in the log + umc before the fix. This can also be done by calling the following code used in the ucsschool-lib

from samba.param import LoadParm
lp.load_default()

 - deploy fix -> no error should be raised
 - tests should pass + there should be a new one for this scenario.
 - check if samba-tool ntacl get /home/... still works
 - check if samba-tool testparm -d2 -s smb.conf works -> see bug


=== Quick fix ===

Existing classes or workgroups, e.g. for DEMOSCHOOL2, have to be renamed. You can find them e.g. via udm:

udm groups/group list --filter cn="DEMOSCHOOL2-*  *" | egrep "DN"
DN: cn=DEMOSCHOOL2-Ch  GK,cn=schueler,cn=groups,ou=DEMOSCHOOL2,dc=wenzel-univention,dc=intranet
DN: cn=DEMOSCHOOL2-Spacy  Class,cn=klassen,cn=schueler,cn=groups,ou=DEMOSCHOOL2,dc=wenzel-univention,dc=intranet
Comment 3 Tobias Wenzel univentionstaff 2021-09-16 11:33:49 CEST
We decided to 

- write a diagnose module which will point out the problematic groups (this bug)
- opened a bug to fix/report this in upstream in samba -> Bug 53799
- opened another bug to prevent group-names in school with consecutive whitespaces -> Bug 53800
Comment 4 Tobias Wenzel univentionstaff 2021-09-16 15:39:36 CEST
We wrote a diagnostic module and apdated the documentation in 

[twenzel/4.4/53464_group_share_names] a466b4ae1 Bug #53646: adapt manual
[twenzel/4.4/53464_group_share_names] ecd84e5d7 fixup! Bug #53464: diagnose module
[twenzel/4.4/53464_group_share_names] 4d233d159 Bug #53464: diagnose module
Comment 5 Tobias Wenzel univentionstaff 2021-09-20 14:41:22 CEST
forward-ported to ucsschool5.0 in 0ad027f4c229b628fab8a856ffe84b477f8e05f5

 twenzel/5.0/53464_group_share_names

please also qa in 5.0 :)
Comment 6 Tobias Wenzel univentionstaff 2021-09-22 09:26:10 CEST
As discussed:

the fixes have already been merged to 5.0 / 4.4
Comment 7 Tobias Wenzel univentionstaff 2021-09-22 15:50:56 CEST
I adjusted the text and built the packages as discussed.

Package: ucs-school-umc-diagnostic
Version: 1.0.0-25
User: twenzel
Scope: ucs-school-4.4


Package: ucs-school-umc-diagnostic
Version: 2.0.5A~5.0.0.202109221548
Branch: ucs_5.0-0
Scope: ucs-school-5.0
Comment 8 Tobias Wenzel univentionstaff 2021-09-24 08:13:20 CEST
We implemented a fix in univention-samba in Bug #53799
Comment 9 Tobias Wenzel univentionstaff 2021-09-27 09:48:22 CEST
We thought the diagnostic module was not needed any more, because the school-exam started without any problems and samba-tool worked as expected. But:

With share names, consecutive spaces are always squashed to one space by Samba. This is not a big deal, but it breaks the "My Shares" links.

If the directory path on the server has consecutive spaces, the share cannot be opened. Even if the share name does not contain spaces.

So I undid the reverts with

Package: ucs-school-umc-diagnostic
Version: 1.0.0-27A~4.4.0.202109270937
Branch: ucs_4.4-0
Scope: ucs-school-4.4

Package: ucs-school-umc-diagnostic
Version: 2.0.7A~5.0.0.202109270940
Branch: ucs_5.0-0
Scope: ucs-school-5.0


This also includes the documentation -> school-groups with consecutive whitespaces should not be supported.


-> This means the Exam-Mode still works but shares should still not include consecutive whitespaces.
Comment 10 Jürn Brodersen univentionstaff 2021-10-06 15:50:58 CEST
What I tested:
Groups without whitespaces are not diagnosed -> OK
Groups with single whitespaces are not diagnosed -> OK
Groups with two or more consecutive whitespaces are diagnosed -> OK

Updated yaml:
[4.4 8ebedc4d7] Bug #53464: updated yaml

help article:
https://help.univention.com/t/18597

-> Verified
Comment 11 Tobias Wenzel univentionstaff 2021-10-20 15:02:43 CEST
Errata updates for UCS@school 4.4 v9 have been released.

https://docs.software-univention.de/changelog-ucsschool-4.4v9-de.html

If this error occurs again, please clone this bug.