Bug 53757 – [5.0] ADC Traceback in password_sync_ucs: "TypeError: Odd-length string" / Hash UCS: NO PASSWORDXXXXXX

Bug 53757 - [5.0] ADC Traceback in password_sync_ucs: "TypeError: Odd-length string" / Hash UCS: NO PASSWORDXXXXXX


Summary:	[5.0] ADC Traceback in password_sync_ucs: "TypeError: Odd-length string" / H...

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-0-errata
Assigned To:	Arvid Requate
QA Contact:	Florian Best

URL:
Keywords:

Depends on:	49590
Blocks:
	Show dependency tree / graph

Reported:	2021-09-07 15:49 CEST by Florian Best
Modified:	2021-09-15 17:41 CEST (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2019042421000374, 2019110721000375, 2021020921000259, 2020121821000706
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 1 Arvid Requate

2021-09-07 19:48:12 CEST

cherry-pick from 4.4-8, amend and rebuild:

00b269fd78 | Skip sambaNTPassword sync if invalid
a319b1d79a | Advisory version

Comment 2 Florian Best

2021-09-07 23:16:30 CEST

(In reply to Arvid Requate from comment #1)
> cherry-pick from 4.4-8, amend and rebuild:
better develop in 5.0-0 and then backport to 4.4-8. Then you don't get error like this one:

`TypeError: startswith first arg must be bytes or a tuple of bytes, not str`

-       if pwd != nt_hash:
+       if not pwd or pwd.startswith("NO PASSWORD"):

Comment 3 Arvid Requate

2021-09-08 14:50:16 CEST

7dcd357275 | fixup! Skip sambaNTPassword sync if invalid
7f9ffa70f0 | Advisory update

Comment 4 Florian Best

2021-09-10 09:19:49 CEST

A lot of tests are failing, I am unsure what the reason is. Something in the setup process.
https://jenkins.knut.univention.de:8181/job/UCS-5.0/job/UCS-5.0-0/view/Default/job/ADConnectorMultiEnv/lastCompletedBuild/testReport/

Comment 5 Florian Best

2021-09-10 09:21:36 CEST

Ah, it seems a regular "Publish UCS 5.0 errata test scopes to testing" does not work for the Jenkins Tests, as there is:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/connector/__init__.py", line 817, in __sync_file_from_ucs
    if not self.sync_from_ucs(key, mapped_object, pre_mapped_ucs_dn, old_dn, object_old):
  File "/usr/lib/python3/dist-packages/univention/connector/ad/__init__.py", line 2327, in sync_from_ucs
    post_con_modify_function(self, property_type, object)
  File "/usr/lib/python3/dist-packages/univention/connector/ad/password.py", line 387, in password_sync_ucs
    if not pwd or pwd.startswith("NO PASSWORD"):
TypeError: startswith first arg must be bytes or a tuple of bytes, not str

Comment 6 Florian Best

2021-09-10 17:25:08 CEST

OK: The test failures were interim issues.
OK: skipping of various invalid password values
OK: advisory
OK: Code review & comments

Comment 7 Erik Damrose

2021-09-15 17:41:56 CEST

<https://errata.software-univention.de/#/?erratum=5.0x87>