Bug 40765 - broken ldap filters in printer.py and printergroup.py causes no validation when changing quota settings
broken ldap filters in printer.py and printergroup.py causes no validation wh...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Printers
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2-1-errata
Assigned To: Florian Best
Johannes Keiser
:
: 7430 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-24 12:49 CET by Florian Best
Modified: 2017-07-26 14:39 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Ticket number:
Bug group (optional): Cleanup, Error handling, Troubleshooting
Max CVSS v3 score:
best: Patch_Available+


Attachments
patch (5.63 KB, patch)
2016-02-24 15:29 CET, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2016-02-24 12:49:01 CET
univention/admin/handlers/shares/printer.py:
328 »   »   »   printergroups=self.lo.searchDn(filter='(&(objectClass=univentionPrinterGroup)(univentionPrinterQuotaSupport=1)(univentionPrinterSpoolHost=%s))' % self.info['spoolHost'])

>>> filter='(&(objectClass=univentionPrinterGroup)(univentionPrinterQuotaSupport=1)(univentionPrinterSpoolHost=%s))' % self.info['spoolHost']
>>> filter
"(&(objectClass=univentionPrinterGroup)(univentionPrinterQuotaSupport=1)(univentionPrinterSpoolHost=['master90.ucs.test']))"

→ Broken LDAP filter!
1. Filter is broken as it contains the python representation of a list
2. Filter is broken because a multivalue field is used to create one filter
3. There is no escaping of invalid characters leading to ldap search filter injections.

Broken in printer.py: _ldap_pre_modify, _ldap_pre_remove
Broken in printergroup.py: _ldap_modlist, _ldap_pre_remove, isValidPrinterObject
Comment 1 Florian Best univentionstaff 2016-02-24 15:29:56 CET
Created attachment 7501 [details]
patch

Patch (did not test it live but should work fine :))
Comment 2 Florian Best univentionstaff 2016-08-17 14:43:48 CEST
*** Bug 7430 has been marked as a duplicate of this bug. ***
Comment 3 Florian Best univentionstaff 2017-07-13 14:25:40 CEST
Rebased patch has been applied. Some changes like the escaping were already done. Some typos have been fixed which would cause tracebacks.

Now when trying to remove a printer which is part of a printer group with no other members an error message is shown and vice versa.
The detection for multiple spool hosts is also working, which is needed since Bug #29707.

univention-directory-manager-modules (12.0.17-88):
r81136 | Bug #40765: fix validation of modifying/removing of printers / printer groups

univention-directory-manager-modules.yaml:
r81137 | YAML Bug #40765
Comment 4 Johannes Keiser univentionstaff 2017-07-17 14:40:56 CEST
OK Deleting a printer with multiple spoolhosts from printergroup with only one member shows error

YAML: OK
-> verified
Comment 5 Erik Damrose univentionstaff 2017-07-26 14:39:21 CEST
<http://errata.software-univention.de/ucs/4.2/115.html>