Bug 8429 – tracebacks when changing empty values in password policy

Bug 8429 - tracebacks when changing empty values in password policy


Summary:	tracebacks when changing empty values in password policy

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UMC - Domain management (Generic)
Version:	UCS 3.2
Hardware:	All Linux

Importance:	P4 normal (vote)
Target Milestone:	UCS 4.0-0-errata
Assigned To:	Drees Dormann
QA Contact:	Florian Best

URL:
Keywords:

Duplicates:	29772 37603 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-06-06 09:34 CEST by Wolf Wiegand
Modified:	2015-01-29 11:45 CET (History)
CC List:	10 users (show)

See Also:	33256
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Error handling, External feedback
Max CVSS v3 score:

Flags:	klaeser: Patch_Available+

Attachments
mapUNIX_TimeInterval_None.patch (392 bytes, patch) 2013-09-09 13:10 CEST, Arvid Requate	Details \| Diff
Patch for conversion handling (1.97 KB, patch) 2015-01-08 13:39 CET, Drees Dormann	Details \| Diff
Newest version of patch (1.74 KB, patch) 2015-01-21 16:57 CET, Drees Dormann	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolf Wiegand

2007-06-06 09:34:11 CEST

Für die Domäne ist per Default-Richtlinie gesetzt:

univentionPWHistoryLen: 3
univentionPWExpiryInterval: 90
univentionPWLength: 8

Für den Container cn=users ist folgende Richtline gesetzt:

emptyAttributes: univentionPWExpiryInterval
emptyAttributes: univentionPWHistoryLen

Ändert man jetzt bei einem Benutzer das Passwort und markiert nicht die Optionen "Passwort-{Historie,Länge} ignorieren", erhält man die Fehlermeldung 

"Beim Übernehmen der Änderungen ist ein Fehler aufgetreten: invalid literal for int():"

Comment 1 Janis Meybohm

2009-12-15 15:59:31 CET

Das Tritt unter 2.2-2 noch bzw. in leicht abgewandelter Form noch auf:
Mit und ohne ignorePWHistory/PWLen gibt es bei der Passwortänderung am udm cli den folgenden Traceback:

 Traceback (most recent call last):
   File 
 "/usr/share/univention-directory-manager-tools/univention-cli-server", 
 line 231, in doit
     output = univention.admincli.admin.doit(arglist)
   File "/usr/lib/python2.4/site-packages/univention/admincli/admin.py", 
 line 905, in doit
     dn=object.modify()
   File 
 "/usr/lib/python2.4/site-packages/univention/admin/handlers/__init__.py", 
 line 317, in modify
     return self._modify(modify_childs,ignore_license=ignore_license)
   File 
 "/usr/lib/python2.4/site-packages/univention/admin/handlers/__init__.py", 
 line 677, in _modify
     ml=self._ldap_modlist()
   File 
 "/usr/lib/python2.4/site-packages/univention/admin/handlers/users/user.py", 
 line 2302, in _ldap_modlist
     smbpwhlen = int(pwhistoryPolicy['length'])
 ValueError: invalid literal for int():

Comment 2 Lukas Walter

2011-12-16 12:12:50 CET

Das tritt in UCS 3.0 ebenfalls noch auf:
===============================================================
File '/usr/lib/pymodules/python2.6/notifier/threads.py', line 81, in _run
tmp = self._function()
File '/usr/lib/pymodules/python2.6/notifier/__init__.py', line 104, in __call__
return self._function( *tmp, **self._kwargs )
File '/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/__init__.py', line 267, in _thread
dn = module.create( properties, container = options.get( 'container' ), superordinate = options.get( 'superordinate' ) )
File '/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/udm_ldap.py', line 130, in wrapper_func
ret = func( *args, **kwargs )
File '/usr/lib/pymodules/python2.6/univention/management/console/modules/udm/udm_ldap.py', line 312, in create
obj.create()
File '/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py', line 332, in create
return self._create()
File '/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py', line 628, in _create
al.extend(self._ldap_modlist())
File '/usr/lib/pymodules/python2.6/univention/admin/handlers/users/user.py', line 2196, in _ldap_modlist
smbpwhlen = int(pwhistoryPolicy['length'])

ValueError: invalid literal for int() with base 10: ''
===================================================================

Comment 3 Arvid Requate

2013-09-09 13:05:54 CEST

*** Bug 29772 has been marked as a duplicate of this bug. ***

Comment 4 Arvid Requate

2013-09-09 13:10:11 CEST

Created attachment 5415 [details]
mapUNIX_TimeInterval_None.patch

Something like this needs to be done. I guess 0 is the proper equivalent to "None" in this context (see Bug #29918).

Comment 5 Florian Best

2013-11-11 16:34:40 CET

*** Bug 33256 has been marked as a duplicate of this bug. ***

Comment 6 Dirk Wiesenthal

2014-01-14 11:40:12 CET

Reported by user feedback. See Bug 33256 fot the traceback

Comment 7 Dirk Wiesenthal

2014-04-07 10:23:43 CEST

Reported again by traceback feedback

Comment 8 Dirk Wiesenthal

2014-05-27 12:12:54 CEST

The DNS Host record with empty TTL error reported again (Bug#33256)

Comment 9 Janis Meybohm

2014-11-19 09:01:11 CET

(In reply to Dirk Wiesenthal from comment #8)
> The DNS Host record with empty TTL error reported again (Bug#33256)

Again Ticket#2014111921000209

Comment 10 Florian Best

2014-12-01 09:47:24 CET

Reported with UCS 4.0:
  File "/usr/lib/pymodules/python2.7/univention/admin/mapping.py", line 100, in
mapUNIX_TimeInterval
    value = int( value )

ValueError: invalid literal for int() with base 10: ''

Comment 11 Drees Dormann

2015-01-08 13:39:07 CET

Created attachment 6581 [details]
Patch for conversion handling

This patch could possibly fix the issue since it intercepts an invalid value during list>string>integer conversion

Comment 12 Drees Dormann

2015-01-21 16:57:54 CET

Created attachment 6621 [details]
Newest version of patch

Comment 13 Drees Dormann

2015-01-22 15:10:13 CET

applied the patch

Comment 14 Philipp Hahn

2015-01-23 10:14:09 CET

Jenkins regression: <http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-0/job/Autotest%20MultiEnv/121/SambaVersion=s3,Systemrolle=master/testReport/junit/10_ldap/63univention-admingrp-user-passwordreset/test/>

len(pwhistoryPolicy['expiryInterval']) > 0:
TypeError: object of type 'int' has no len()

Comment 15 Philipp Hahn

2015-01-23 10:16:04 CET

(In reply to Philipp Hahn from comment #14)
> Jenkins regression:

<http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-0/job/Autotest%20MultiEnv/121/SambaVersion=s4,Systemrolle=master/testReport/junit/10_ldap/63univention-admingrp-user-passwordreset/test/>

And a 2nd one:
<http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-0/job/Autotest%20MultiEnv/121/SambaVersion=s3,Systemrolle=master/testReport/junit/60_umc/06_non-ucr-policies/test/>
<http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-0/job/Autotest%20MultiEnv/121/SambaVersion=s4,Systemrolle=backup/testReport/junit/60_umc/06_non-ucr-policies/test/>
<http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-0/job/Autotest%20MultiEnv/121/SambaVersion=s4,Systemrolle=master/testReport/junit/60_umc/06_non-ucr-policies/test/>
<http://jenkins.knut.univention.de:8080/job/UCS-4.0/job/UCS-4.0-0/job/Autotest%20MultiEnv/121/SambaVersion=s3,Systemrolle=backup/testReport/junit/60_umc/06_non-ucr-policies/test/>

The user object policy was reported as 'set([('length', 5), ('pwLength', 5)])', while should be 'set([('pwLength', '5'), ('length', '5')])'

Comment 16 Drees Dormann

2015-01-23 12:38:11 CET

the new mapping returned an int instead of a string, this has been fixed
(r57518)

Comment 17 Florian Best

2015-01-23 13:02:20 CET

*** Bug 37603 has been marked as a duplicate of this bug. ***

Comment 18 Florian Best

2015-01-23 13:30:55 CET

/usr/share/ucs-test/60_umc/06_non-ucr-policies passes again.
/usr/share/ucs-test/10_ldap/63univention-admingrp-user-passwordreset passes again.

Comment 19 Florian Best

2015-01-26 12:45:51 CET

With python-univention-directory-manager 10.0.29-20.1284.201501231232 this traceback is still present:

  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 2142, in _ldap_modlist
    smbpwhlen = int(pwhistoryPolicy['length'])
ValueError: invalid literal for int() with base 10: ''

Comment 20 Florian Best

2015-01-26 12:51:20 CET

This need to be fixed at that specific point as you can't use '0' as default value. The code uses -1 for some values as default value.

Comment 21 Florian Best

2015-01-26 13:14:25 CET

diff --git a/ucs-4.0-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/ucs-4.0-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
index e23967a..a0ce39b 100644
--- a/ucs-4.0-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
+++ b/ucs-4.0-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
@@ -2141 +2141 @@ def _ldap_modlist(self):
-                               if smbpwhistoryPolicy != None and smbpwhistoryPolicy['length'] != None:
+                               if smbpwhistoryPolicy is not None and smbpwhistoryPolicy['length'] != None and len(smbpwhistoryPolicy['length']) > 0:

Comment 22 Drees Dormann

2015-01-26 14:07:48 CET

applied the proposed fix

Comment 23 Florian Best

2015-01-26 14:20:28 CET

Fix: OK
YAML: OK

Comment 24 Janek Walkenhorst

2015-01-29 11:45:02 CET

<http://errata.univention.de/ucs/4.0/65.html>