Bug 38663 - requiredObjectClass not evaluated in getPolicies() python lib
requiredObjectClass not evaluated in getPolicies() python lib
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Policies
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-2-errata
Assigned To: Florian Best
Philipp Hahn
:
Depends on: 36256
Blocks: 38712
  Show dependency treegraph
 
Reported: 2015-06-08 15:52 CEST by Florian Best
Modified: 2015-07-03 14:10 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2015-06-08 15:52:37 CEST
The requiredObjectClass and prohibitedObjectClasses attributes of a policy aren't evaluated in the python implementation of the policy-result in uldap:access.getPolicies().

This is currently not used very widely. It resulted in errors when displaying the policy result in UMC and the following modules are using it:
* UMC-ACL evaluation
 → univention-management-console/src/univention/management/console/acl.py
* univention-python/modules/password.py
* univention-directory-reports/modules/univention/directory/reports/admin.py
* univention-printquota/univention-printquota-setuser
* univention-s4-connector/modules/univention/s4connector/s4/password.py

The C implementation of the policy-result also uses strcmp() to compare the object classes. This is wrong as object classes are case insensitive.
Comment 1 Florian Best univentionstaff 2015-06-08 15:56:40 CEST
(In reply to Florian Best from comment #0)
> The C implementation of the policy-result also uses strcmp() to compare the
> object classes. This is wrong as object classes are case insensitive.
This applies also to fixedAttributes and emptyAttributes.
Comment 2 Florian Best univentionstaff 2015-06-08 16:40:54 CEST
univention-policy (6.0.2-8):
r61121 | Bug #38663: case insensitive comparision

univention-python (8.0.3-5):
r61122 | Bug #38663: getPolicies: evaluate requiredObjectClass and prohibitedObjectClasses
Comment 3 Alexander Kläser univentionstaff 2015-06-09 11:00:00 CEST
Do we already have bugs for corresponding test cases? I think this would be very helpful for us.
Comment 4 Philipp Hahn univentionstaff 2015-06-16 16:53:01 CEST
(In reply to Alexander Kläser from comment #3)
> Do we already have bugs for corresponding test cases? I think this would be
> very helpful for us.

r61276 | Bug #38663 ucs-test: UDM CLI tests
 ucs-test/tests/59_udm/
  01_requiredObjectClasses
  02_prohibitedObjectClasses
  03_ldapFilter
  04_fixedAttributes
  05_emptyAttributes

Package: ucs-test
Version: 5.0.148-18.1062.201506161256
Branch: ucs_4.0-0
Scope: errata4.0-2

(In reply to Florian Best from comment #2)
> univention-policy (6.0.2-8):
> r61121 | Bug #38663: case insensitive comparision

OK

> univention-python (8.0.3-5):
> r61122 | Bug #38663: getPolicies: evaluate requiredObjectClass and
> prohibitedObjectClasses

FIXED → Bug #38712

OK: apt-get install python-univention
OK: 2015-06-05-univention-python.yaml
OK: errata-announce -V 2015-06-05-univention-python.yaml

TODO: UMC Policy is currently broken
Comment 5 Philipp Hahn univentionstaff 2015-06-18 14:27:54 CEST
(In reply to Philipp Hahn from comment #4)
> TODO: UMC Policy is currently broken

FIXED: r61344 → Bug #36256
Comment 6 Janek Walkenhorst univentionstaff 2015-07-03 14:09:43 CEST
<http://errata.univention.de/ucs/4.0/221.html>
Comment 7 Janek Walkenhorst univentionstaff 2015-07-03 14:10:55 CEST
<http://errata.univention.de/ucs/4.0/222.html>