Bug 49842 - vfs objects are wrongly quoted in share configuration
vfs objects are wrongly quoted in share configuration
Status: NEW
Product: UCS
Classification: Unclassified
Component: UMC - Shares
UCS 4.4
Other Linux
: P5 normal with 5 votes (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-12 15:32 CEST by Florian Best
Modified: 2020-10-16 13:09 CEST (History)
8 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020070921000788, 2020101621000259
Bug group (optional): External feedback, Regression
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2019-07-12 15:32:16 CEST
We received a Pull Request:
https://github.com/univention/univention-corporate-server/pull/12

The "vfs objects" configuration of a share is wrongly quoted since Bug #44054.
Comment 1 Florian Best univentionstaff 2019-07-12 15:40:35 CEST
I think a better patch would be to make the UDM property a multivalue:

diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/shares/share.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/shares/share.py
index 211d6a6f3f..800f25038f 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/shares/share.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/shares/share.py
@@ -414,6 +414,7 @@ property_descriptions = {
                short_description=_('VFS objects'),
                long_description=_('Specifies which VFS Objects to use.'),
                syntax=univention.admin.syntax.string,
+               multivalue=True,
                options=['samba'],
        ),
        'sambaMSDFSRoot': univention.admin.property(
Comment 2 Arvid Requate univentionstaff 2019-07-16 13:12:37 CEST
I guess the order matters (would be a case for openldap x-ordered).
Comment 3 Julian Helfferich 2019-11-11 10:36:10 CET
I have applied both suggested patches on a running UCS system. I can confirm that the fix from the GitHub pull request fixes the problem. I could not confirm that the problem was fixed applying the patch from Florian Best posted in the comments above.

Problem description:

Before the fix, setting VFS_Object to

catia fruit streams_xattr

results in the file /etc/samba/shares.conf.d/Share containing the line

vfs objects = acl_xattr "catia fruit streams_xattr"

The quotation marks around the added objects lead to the following error message in /var/log/samba/log.smbd

Error loading module '/usr/lib/x86_64-linux-gnu/samba/vfs/catia fruit streams_xattr.so': /usr/lib/x86_64-linux-gnu/samba/vfs/catia fruit streams_xattr.so: cannot open shared object file: No such file or directory

I confirmed that manually removing the quotation marks from the configuration file restores connectivity.

What I did to test the patches:

A) GitHub pull request

* Apply patch to /usr/lib/univention-directory-listener/system/samba-shares.py
* Restart univention-directory-listener

-> Result: When adding VFS_Objects, no quotation marks are added.

B) Florian Best's patch

* Apply patch to /usr/share/pyshared/univention/admin/handlers/shares/share.py
* Remove /usr/lib/pymodules/python2.7/univention/admin/handlers/shares/share.py[co]
* Restart univention-directory-manager-rest and univention-directory-listener

-> Result: When adding VFS_Objects, quotation marks are still added.
Comment 4 Florian Best univentionstaff 2019-11-13 12:03:15 CET
Thank you for the feedback.

(In reply to Julian Helfferich from comment #3)
> B) Florian Best's patch
> 
> * Apply patch to
> /usr/share/pyshared/univention/admin/handlers/shares/share.py
> * Remove
> /usr/lib/pymodules/python2.7/univention/admin/handlers/shares/share.py[co]
> * Restart univention-directory-manager-rest and univention-directory-listener
> 
> -> Result: When adding VFS_Objects, quotation marks are still added.

Another necessary step after applying the patch is "service restart univention-management-console-server" and "pkill -f univention-cli-server".
Then my patch would work. But, as described in comment #2, the order of the attributes matter and therefore we cannot use my patch :-(

The Patch from github will re-introduce a security vulnerability because the sanitizing of invalid characters is missing then.

We need something based on the github pull request, which does additionally sanitization/validation without adding quotes.
Comment 5 Florian Best univentionstaff 2019-11-13 12:03:54 CET
The initial commit/bug description was:

With _map_quote the vfs objects are wrongly quoted:

with (wrong):
vfs objects = acl_xattr "recycle crossrename"

without (correct):
vfs objects = acl_xattr recycle crossrename
Comment 7 Dirk Schnick univentionstaff 2020-07-10 14:45:28 CEST
Customer asks for patch of this bug. -> "Would be nice to have this fixed before next school-year starts."
Christina already filled in ticket and customer id.
Comment 8 Christian Völker univentionstaff 2020-10-16 13:09:00 CEST
Customer affected and posted in forum.
https://help.univention.com/t/samba-share-not-accesible-anymore/16315