Bug 35580 - Import of license with long base DN fails
Import of license with long base DN fails
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Domain management (Generic)
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-3-errata
Assigned To: Alexander Kläser
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-08-07 15:23 CEST by Dirk Wiesenthal
Modified: 2014-09-10 17:34 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): External feedback
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2014-08-07 15:23:07 CEST
Bug #30156 introduced a new check whether the license if valid:

Something like

for line in license:
  if line.startswith('dn: '):
    if not line.endswith(ldapBase):

Problem: Long base DNs are written in two lines. So the license is rejected although the import would (presumably) work. One should use some LDIF library instead of reading the file.

Workaround: Manually merge the lines before importing.
Comment 1 Dirk Wiesenthal univentionstaff 2014-08-07 15:28:27 CEST
This is a regression. We should really fix it.
Comment 2 Sönke Schwardt-Krummrich univentionstaff 2014-08-07 16:45:15 CEST
In ucs-3.2-2/management/univention-management-console-module-udm/umc/python/udm/__init__.py:280 the with-block checks if the local base DN matches exactly with the DN within the license file (and not only with a substring).

The second with-block uses LicenseImport().check(ldapBase) from 
umc/python/udm/tools.py, which seems to do the same. What is the reason for checking the DN twice?
Comment 3 Alexander Kläser univentionstaff 2014-09-02 17:28:29 CEST
(In reply to Sönke Schwardt-Krummrich from comment #2)
> In
> ucs-3.2-2/management/univention-management-console-module-udm/umc/python/udm/
> __init__.py:280 the with-block checks if the local base DN matches exactly
> with the DN within the license file (and not only with a substring).
> 
> The second with-block uses LicenseImport().check(ldapBase) from 
> umc/python/udm/tools.py, which seems to do the same. What is the reason for
> checking the DN twice?

Correct observation. I moved the functionality of the first with-block into the class LicenseImport. There the handling of multi-line values is already handled correctly. I check various error cases for the LDIF license file, they worked fine.

univention-management-console-module-udm (4.0.99-4):
* Bug #35580: fix handling of license LDIF files to allow for long DNs

The YAML file 2014-08-26-univention-management-console-module-udm.yaml has been extended.
Comment 4 Dirk Wiesenthal univentionstaff 2014-09-02 17:48:10 CEST
You do not need to pass "base" to the function. There is self.base
Comment 5 Alexander Kläser univentionstaff 2014-09-03 10:58:31 CEST
(In reply to Dirk Wiesenthal from comment #4)
> You do not need to pass "base" to the function. There is self.base

It was already there and I won't touch it ;) .
Comment 6 Alexander Kläser univentionstaff 2014-09-03 11:41:26 CEST
(In reply to Dirk Wiesenthal from comment #4)
> You do not need to pass "base" to the function. There is self.base

If I see it correctly, "base" is the value from UCR ldap/base, and self.base is the base that is registered in the license, i.e., FFPU for a FFPU license.
Comment 7 Alexander Kläser univentionstaff 2014-09-04 10:34:25 CEST
Changes have been merged to 4.0 branch.
Comment 8 Florian Best univentionstaff 2014-09-05 11:13:07 CEST
Fix: OK, various error formats are still recognized, LDIF-line breakings are working, ~ error message is a little bit wrong if cn=univention is missing in the DN but that will probably not occur.
Code-Review: OK
UCS4 merge: OK
YAML: OK
Comment 9 Janek Walkenhorst univentionstaff 2014-09-10 17:34:07 CEST
http://errata.univention.de/ucs/3.2/187.html