Bug 53883 – no quoting of univentionNFSMounts - broken if space in NFS share DN or mount point

Bug 53883 - no quoting of univentionNFSMounts - broken if space in NFS share DN or mount point


Summary:	no quoting of univentionNFSMounts - broken if space in NFS share DN or mount ...

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	NFS
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-10-07 17:47 CEST by Florian Best
Modified:	2023-02-22 07:34 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2021-10-07 17:47:38 CEST

I created a policies/nfsmounts with NFS share DN "cn=foo bar freedom,dc=base" and mount point "/foo bar":

dn: cn=test,dc=base
cn: test
objectClass: univentionPolicy
objectClass: univentionPolicyNFSMounts
objectClass: top
objectClass: univentionObject
univentionObjectType: policies/nfsmounts
univentionNFSMounts: cn=foo bar freedom,dc=base /foo bar

Now the unmapping breaks, e.g. UDM-UMC sets DN="cn=foo" and mount point="bar" - the rest is thrown away.

DN: cn=test,dc=base
  ldapFilter: None
  name: test
  nfsMounts: None

dn: cn=foo bar freedom,cn=base
cn: foo bar freedom
univentionSharePath: /path
objectClass: univentionShareNFS
objectClass: univentionObject
objectClass: top
objectClass: univentionShareSamba
objectClass: univentionShare
univentionObjectType: shares/share

The evaluation of these policies is also broken then (splits as well at spaces):
base/univention-base-files/univention-directory-policy/nfsmounts.py

# univention_policy_result -D "$(ucr get ldap/hostdn)" -y /etc/machine.secret -s "$(ucr get ldap/hostdn)"
univentionNFSMounts="cn=foo bar freedom,dc=base /foo bar"

Comment 1 Florian Best

2021-10-07 19:08:03 CEST

Can we use the "/" of the path as indicator to split?
Note, that DN's can also contain " /"s as well as paths can contain " /".

DN="dc=base /foo" path="/path /foo":
"dc=base /foo /path /foo"
→ how do i know if the base is "base", "base /foo" or "base /foo /path" ?

Seems only quoting is a valid option?!
but not backwards compatible.

Comment 2 Philipp Hahn

2023-02-22 07:34:00 CET

base/univention-base-files/univention-directory-policy/nfsmounts.py:145
> fields = nfs_mount.split(' ')  # dn_univentionShareNFS mount_point

management/univention-directory-manager-modules/modules/univention/admin/syntax.py:6072ff
> class nfsShare(UDM_Objects):
>     udm_modules = ('shares/share', )
> class nfsMounts(complex):
>     subsyntaxes = [(_('NFS share'), nfsShare), ('Mount point', string)]
>     subsyntax_names = ('nfs-share', 'mount-point')

We know that `univentionNFSMounts="%s %s" % (nfs_share, mount_point)` where `nfs_share` is a DN, which ends on `ldap/base`. So at least we could improve the code to split at ",%(ldap/base)s ", which still is not perfect, but better than the current code.