First Last Prev Next    This bug is not in your last search results.
Bug 54586 - [S4C] Sqlite3 database from UCS 4.4 contains bytestrings
[S4C] Sqlite3 database from UCS 4.4 contains bytestrings
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-3-errata
Assigned To: Florian Best
Arvid Requate
https://git.knut.univention.de/univen...
: python3-migration
Depends on:
Blocks: 54587
  Show dependency treegraph
 
Reported: 2022-03-24 13:52 CET by Florian Best
Modified: 2023-05-24 15:43 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.114
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2022032221000391, 2023012421000522, 2023040421000297
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2022-03-24 13:52:03 CET 
When values in the sqlite3 database of UCS 4.4 are used in UCS 5.0 (e.g. rejects) the sqlite3 engine returns them as bytestrings instead oder str/unicode.

This leads to followup errors like:

24.03.2022 12:42:29.853 LDAP        (PROCESS): Internal group membership cache was created
24.03.2022 12:42:29.968 LDAP        (INFO   ): Override identify function for container_dc
24.03.2022 12:42:29.971 LDAP        (INFO   ): sync UCS > AD: polling
24.03.2022 12:42:29.971 LDAP        (PROCESS): sync AD > UCS: Resync rejected dn: 'CN=dns,DC=***'
24.03.2022 12:42:29.972 LDAP        (ERROR  ): unexpected Error during s4.resync_rejected
24.03.2022 12:42:29.972 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 1814, in resync_rejected
    elements = self.__search_ad_changeUSN(change_usn, show_deleted=True)
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 981, in __search_ad_changeUSN
    usn_filter = format_escaped('(|(uSNChanged={0!e})(uSNCreated={0!e}))', changeUSN)
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 489, in format_escaped
    return LDAPEscapeFormatter().format(format_string, *args, **kwargs)
  File "/usr/lib/python3.7/string.py", line 186, in format
    return self.vformat(format_string, args, kwargs)
  File "/usr/lib/python3.7/string.py", line 190, in vformat
    result, _ = self._vformat(format_string, args, kwargs, used_args, 2)
  File "/usr/lib/python3.7/string.py", line 234, in _vformat
    obj = self.convert_field(obj, conversion)
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 474, in convert_field
    raise TypeError('Filter must be string, not bytes: %r' % (value,))
TypeError: Filter must be string, not bytes: b'3853'

We could fix this via scripts like the following in the `postup.sh` of the UCS 5.0 update (before the S4-connector is started again):

```
#!/usr/bin/python3
import sqlite3
d = sqlite3.connect('/etc/univention/connector/s4internal.sqlite')
c = d.cursor()
c.execute('select * from "S4 rejected";')
for k, v in c.fetchall():
    if isinstance(v, bytes):
        v = v.decode('UTF-8')
    if isinstance(k, bytes):
        k = k.decode('UTF-8')
    c.execute('delete from "S4 rejected"')
    c.execute('insert into "S4 rejected" (key, value) VALUES (?, ?)', (k, v)) 
d.commit()
```
Comment 2 Mirac Erdemiroglu univentionstaff 2023-01-27 14:26:19 CET 
Another customer effected Ticket#2023012421000522
UCS: 5.0-2 errata556
Installed: samba4=4.16 self-service=5.0 self-service-backend=5.0
Upgradable:
Comment 3 Mirac Erdemiroglu univentionstaff 2023-04-18 16:21:10 CEST 
Another customer is affected Ticket#2023040421000297
UCS: 5.0-3 errata642
Installed: cups=2.2.1 dhcp-server=12.0 radius=5.0 samba4=4.16 squid=3.5 ucsschool=5.0 v3 4.4/ucsschool-veyon-proxy=4.7.4.14-0
Upgradable:

samba4/role: DC
server/role: domaincontroller_slave
system/setup/boot/select/role: true

18.04.2023 16:14:16.995 LDAP        (ERROR  ): unexpected Error during s4.resync_rejected
18.04.2023 16:14:16.996 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 1760, in resync_rejected
    elements = self.__search_ad_changeUSN(change_usn, show_deleted=True)
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 965, in __search_ad_changeUSN
    usn_filter = format_escaped('(|(uSNChanged={0!e})(uSNCreated={0!e}))', changeUSN)
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 489, in format_escaped
    return LDAPEscapeFormatter().format(format_string, *args, **kwargs)
  File "/usr/lib/python3.7/string.py", line 186, in format
    return self.vformat(format_string, args, kwargs)
  File "/usr/lib/python3.7/string.py", line 190, in vformat
    result, _ = self._vformat(format_string, args, kwargs, used_args, 2)
  File "/usr/lib/python3.7/string.py", line 234, in _vformat
    obj = self.convert_field(obj, conversion)
  File "/usr/lib/python3/dist-packages/univention/s4connector/s4/__init__.py", line 474, in convert_field
    raise TypeError('Filter must be string, not bytes: %r' % (value,))
TypeError: Filter must be string, not bytes: b'822857'
Comment 5 Florian Best univentionstaff 2023-04-18 17:34:16 CEST 
The script was wrong because it removed all rejects except for the last one.
Fixed script is:
systemctl stop univention-s4-connector
python3 - <<EOF
#!/usr/bin/python3
import sqlite3
db = sqlite3.connect('/etc/univention/connector/s4internal.sqlite')
cursor = db.cursor()
cursor.execute('select * from "S4 rejected";')
rejects = cursor.fetchall()
cursor.execute('delete from "S4 rejected"')
for key, value in rejects:
    if isinstance(value, bytes):
        value = value.decode('UTF-8')
    if isinstance(key, bytes):
        key = key.decode('UTF-8')
    cursor.execute('insert into "S4 rejected" (key, value) VALUES (?, ?)', (key, value))
db.commit()
EOF
systemctl start univention-s4-connector
Comment 6 Florian Best univentionstaff 2023-04-18 18:41:55 CEST 
The sqlite database is now migrated during the UCS 5.0 postup.sh update and during the UCS 5.0-3-errata update.

UCS 5.0-3:
univention-s4-connector.yaml
4dcd69d7b69a | chore(univention-s4-connector): update advisory

univention-s4-connector (14.0.13-5)
05e1b9ec407c | Bug #54586: replace bytestrings in S4-Connector reject table which

UCS 5.0:
univention-updater (15.0.3-71)
f2f53a89b008 | Bug #54587: Bug #54586: replace bytestrings in AD/S4-Connector reject table after the upgrade to UCS 5.0-0
Comment 7 Arvid Requate univentionstaff 2023-04-18 21:46:26 CEST 
Verified:
* Code review
* Package update
* Advisory

Not-yet verified:
* postup.sh
Comment 8 Florian Best univentionstaff 2023-04-26 21:51:29 CEST 
univention-s4-connector (14.0.13-5)
d876ee0840c8 | fixup! Bug #54586: replace bytestrings in S4-Connector reject table which     were leftover from UCS 4.4 upgrade

univention-updater (15.0.3-71)
1e9515e8a3ff | fixup! Bug #54587: Bug #54586: replace bytestrings in AD/S4-Connector reject table after the upgrade to UCS 5.0-0
Comment 9 Arvid Requate univentionstaff 2023-05-24 13:17:04 CEST 
After the errata release we should also activate the new postup.sh
First Last Prev Next    This bug is not in your last search results.