Univention Bugzilla – Bug 54582
Migrate ppolicy patch/overlay to Python 3
Last modified: 2022-03-30 12:41:33 CEST
Our patch against the ppolicy overlay module is still linked against Python 2.7. ldd /usr/lib/ldap/ppolicy.so | grep python libpython2.7.so.1.0 => /lib/x86_64-linux-gnu/libpython2.7.so.1.0 (0x00007ff88d800000) We should migrate the code to Python 3.
r19547 | Migrate to Python3 670ab0d0c7 | Advisory Package: openldap Version: 2.4.47+dfsg-3+deb10u6A~5.0.0.202203232138 Branch: ucs_5.0-0 but something's still broken: >>>>> Starting test022-ppolicy for bdb... running defines.sh Starting slapd on TCP/IP port 9011... Using ldapsearch to check that slapd is running... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... Waiting 5 seconds for slapd to start... ldapsearch failed (255)! ../../../tests/scripts/test022-ppolicy: 57: kill: No such process >>>>> test022-ppolicy failed for bdb
r19548 | Migrate to Python3 r19549 | Migrate to Python3 r19550 | Migrate to Python3 21a05cca21 | Advisory Package: openldap Version: 2.4.47+dfsg-3+deb10u6A~5.0.0.202203232305 Branch: ucs_5.0-0 Bug Florian rightfully pointed out, that the `PyUnicode_Check` looks both useless and fishy. And indeed, a quick test showed that it's not usable as a check for a NULL pointer.. as then it would segfault. More research required..
r19551 | Avoid redundant PyUnicode_Check f2b3ebf8d8 | Advisory update
Prior: # lsof -p $(pidof slapd) | grep python slapd 9721 root mem REG 253,0 14808 3423264 /usr/lib/python2.7/dist-packages/_cracklib.so slapd 9721 root mem REG 253,0 77344 3414745 /usr/lib/python2.7/lib-dynload/pyexpat.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 566816 4195342 /usr/lib/python2.7/dist-packages/M2Crypto/_m2crypto.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 81392 3423592 /usr/lib/python2.7/dist-packages/heimdal.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 174520 3423244 /usr/lib/python2.7/dist-packages/_cffi_backend.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 336992 3423578 /usr/lib/python2.7/dist-packages/_ruamel_yaml.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 14752 3414737 /usr/lib/python2.7/lib-dynload/crypt.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 39080 4194103 /usr/lib/python2.7/dist-packages/bcrypt/_bcrypt.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 355072 3423238 /usr/lib/python2.7/dist-packages/apt_pkg.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 28768 3414748 /usr/lib/python2.7/lib-dynload/termios.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 148336 3414721 /usr/lib/python2.7/lib-dynload/_ctypes.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 24544 3438734 /usr/lib/python2.7/dist-packages/_scandir.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 370744 4192434 /usr/lib/python2.7/dist-packages/PIL/_imaging.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 15840 3414739 /usr/lib/python2.7/lib-dynload/future_builtins.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 66344 3414728 /usr/lib/python2.7/lib-dynload/_json.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 28840 3415727 /usr/lib/python2.7/dist-packages/lazy_object_proxy/cext.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 14592 3423597 /usr/lib/python2.7/dist-packages/univention/license.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 43792 3423585 /usr/lib/python2.7/dist-packages/univention/_debug.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 50856 3414736 /usr/lib/python2.7/lib-dynload/bz2.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 110408 3414733 /usr/lib/python2.7/lib-dynload/_ssl.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 64768 3423383 /usr/lib/python2.7/dist-packages/_ldap.x86_64-linux-gnu.so slapd 9721 root mem REG 253,0 3439776 3426603 /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0 slapd 9721 root mem REG 253,0 25192 3414726 /usr/lib/python2.7/lib-dynload/_hashlib.x86_64-linux-gnu.so Now: # lsof -p $(pidof slapd) | grep python slapd 11092 root mem REG 253,0 14936 3419110 /usr/lib/python3/dist-packages/_cracklib.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 562752 4197636 /usr/lib/python3/dist-packages/M2Crypto/_m2crypto.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 14856 3413962 /usr/lib/python3.7/lib-dynload/_crypt.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 345344 3423805 /usr/lib/python3/dist-packages/_ruamel_yaml.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 274544 3685808 /usr/lib/x86_64-linux-gnu/samba/libsamba-net.cpython-37m-x86-64-linux-gnu.so.0 slapd 11092 root mem REG 253,0 31480 3441282 /usr/lib/python3/dist-packages/samba/net.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 111368 3682509 /usr/lib/python3/dist-packages/samba/dcerpc/security.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 256680 3682502 /usr/lib/python3/dist-packages/samba/dcerpc/nbt.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 50952 3682498 /usr/lib/python3/dist-packages/samba/dcerpc/misc.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 29128 3682209 /usr/lib/python3/dist-packages/samba/dcerpc/base.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 59176 3409233 /usr/lib/python3/dist-packages/samba/_ldb.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 22448 3685809 /usr/lib/x86_64-linux-gnu/samba/libsamba-python.cpython-37m-x86-64-linux-gnu.so.0 slapd 11092 root mem REG 253,0 18968 3408750 /usr/lib/python3/dist-packages/samba/_glue.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 15688 3417909 /usr/lib/python3/dist-packages/talloc.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 22448 3423844 /usr/lib/x86_64-linux-gnu/libpyldb-util.cpython-37m-x86-64-linux-gnu.so.2.2.3 slapd 11092 root mem REG 253,0 100272 3423843 /usr/lib/python3/dist-packages/ldb.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 183200 3413969 /usr/lib/python3.7/lib-dynload/_decimal.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 18352 3417910 /usr/lib/x86_64-linux-gnu/libpytalloc-util.cpython-37m-x86-64-linux-gnu.so.2.3.2 slapd 11092 root mem REG 253,0 32504 3441286 /usr/lib/python3/dist-packages/samba/param.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 355136 3418932 /usr/lib/python3/dist-packages/apt_pkg.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 131008 3413964 /usr/lib/python3.7/lib-dynload/_ctypes.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 29064 3413990 /usr/lib/python3.7/lib-dynload/termios.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 374936 3934685 /usr/lib/python3/dist-packages/PIL/_imaging.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 66632 3413970 /usr/lib/python3.7/lib-dynload/_json.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 14504 3413981 /usr/lib/python3.7/lib-dynload/_uuid.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 21136 3413975 /usr/lib/python3.7/lib-dynload/_queue.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 14632 3409973 /usr/lib/python3.7/lib-dynload/_opcode.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 28976 3415526 /usr/lib/python3/dist-packages/lazy_object_proxy/cext.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 81528 3419432 /usr/lib/python3/dist-packages/heimdal.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 178816 3423613 /usr/lib/python3/dist-packages/_cffi_backend.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 43176 3423617 /usr/lib/python3/dist-packages/bcrypt/_bcrypt.abi3.so slapd 11092 root mem REG 253,0 14880 3423618 /usr/lib/python3/dist-packages/univention/license.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 37688 3413972 /usr/lib/python3.7/lib-dynload/_lzma.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 116568 3409974 /usr/lib/python3.7/lib-dynload/_ssl.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 48512 3419121 /usr/lib/python3/dist-packages/univention/_debug.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 26136 3413954 /usr/lib/python3.7/lib-dynload/_bz2.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 34008 3409972 /usr/lib/python3.7/lib-dynload/_hashlib.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 64896 3418937 /usr/lib/python3/dist-packages/_ldap.cpython-37m-x86_64-linux-gnu.so slapd 11092 root mem REG 253,0 5080176 3417894 /usr/lib/x86_64-linux-gnu/libpython3.7m.so.1.0 FYI: as the "samba" lib is available in Python 3 but not in Python 3 this is now also imported. OK: functionality # univention-ldapsearch -LLLb "cn=default,cn=ppolicy,cn=univention,$(ucr get ldap/base)" pwdMaxFailure dn: cn=default,cn=ppolicy,cn=univention,l=school,l=dev pwdMaxFailure: 5 # udm users/user create --set username=ppolicy-test --set password=univention --set lastname=foo Object created: uid=ppolicy-test,l=school,l=dev # binddn="uid=ppolicy-test,$ldap_base" # ldapsearch -LLL -D "$binddn" -w univention uid=ppolicy-test uid dn: uid=ppolicy-test,l=school,l=dev uid: ppolicy-test # for ((i=0;i<=6;i++)); do ldapsearch -LLL -D "$binddn" -w "univention$i" uid=ppolicy-test uid; done ldap_bind: Invalid credentials (49) ldap_bind: Invalid credentials (49) ldap_bind: Invalid credentials (49) ldap_bind: Invalid credentials (49) ldap_bind: Invalid credentials (49) ldap_bind: Invalid credentials (49) ldap_bind: Invalid credentials (49) # ldapsearch -LLL -D "$binddn" -w univention uid=ppolicy-test uid ldap_bind: Invalid credentials (49) # udm users/user list --position "$binddn" | grep locked locked: 1 lockedTime: 20220324114417Z OK: error handling: --- /usr/lib/python3/dist-packages/univention/lib/account.py 2022-03-24 12:57:15.987341189 +0100 +++ /usr/lib/python3/dist-packages/univention/lib/account.py.org 2022-03-24 12:56:26.941222732 +0100 @@ -89,7 +89,6 @@ object = module.object(None, lo, pos, userdn) object.open() - raise univention.admin.uexceptions.valueError('this is a test') states = (object.descriptions['locked'].editable, object.descriptions['locked'].may_change, object.descriptions['lockedTime'].editable, object.descriptions['lockedTime'].may_change) object.descriptions['locked'].editable, object.descriptions['locked'].may_change, object.descriptions['lockedTime'].editable, object.descriptions['lockedTime'].may_change = (True, True, True, True) object['locked'] = "1" logs: `ppolicy udm_lock_account failed: <class 'univention.admin.uexceptions.valueError'>` TODO: why not logging "errtraceback" ? OK: YAML
<https://errata.software-univention.de/#/?erratum=5.0x272>