First Last Prev Next    This bug is not in your last search results.
Bug 54063 - UDM REST API doesn't handle ms/* (MS group policy) objects / modules
UDM REST API doesn't handle ms/* (MS group policy) objects / modules
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM - REST API
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-1-errata
Assigned To: Florian Best
Christian Castens
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-11-15 15:34 CET by Daniel Tröder
Modified: 2022-03-23 14:14 CET (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): bitesize
Max CVSS v3 score:
best: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2021-11-15 15:34:21 CET 
Although the ms/* UDM modules are listed in the UDM REST API navigation, it is not possible to use them:

  ms/gpipsec-filter
  ms/gpipsec-isakmp-policy
  ms/gpipsec-negotiation-policy
  ms/gpipsec-nfa
  ms/gpipsec-policy
  ms/gpsi-category-registration
  ms/gpsi-class-store
  ms/gpsi-package-registration
  ms/gpwl-wired
  ms/gpwl-wireless
  ms/gpwl-wireless-blob

Accessing http://$HOST/univention/udm/ms/gpwl-wired/ retuns 404.
Comment 1 Florian Best univentionstaff 2021-11-15 15:41:16 CET 
Yep. The regex for module names is too restrictive.

Patch:
diff --git management/univention-directory-manager-rest/src/univention/admin/rest/module.py management/univention-directory-manager-rest/src/univention/admin/rest/module.py
index 1fa6707162..613dc6f03b 100755
--- management/univention-directory-manager-rest/src/univention/admin/rest/module.py
+++ management/univention-directory-manager-rest/src/univention/admin/rest/module.py
@@ -3707,7 +3707,7 @@ class Application(tornado.web.Application):
        def __init__(self, **kwargs):
                #module_type = '([a-z]+)'
                module_type = '(%s)' % '|'.join(re.escape(mod) for mod in Modules.mapping)
-               object_type = '([a-z]+/[a-z_]+)'
+               object_type = '([a-z_-]+/[a-z_-]+)'
                policies_object_type = '(policies/[a-z_]+)'
                dn = '((?:[^/]+%s.+%s)?%s)' % (self.multi_regex('='), self.multi_regex(','), self.multi_regex(ucr['ldap/base']),)
                # FIXME: with that dn regex, it is not possible to have urls like (/udm/$dn/foo/$dn/) because ldap-base at the end matches the last dn
Comment 3 Florian Best univentionstaff 2022-03-10 12:30:52 CET 
UDM object types containing "-" are now detected as well.

univention-directory-manager-rest.yaml
ae2d382be92a | Bug #54063: Merge branch 'fbest/54063-udm-rest-api-object-type-regex' into 5.0-1
5a5d33e8ab3c | Bug #54063: support more characters for UDM object types

univention-directory-manager-rest (10.0.2-8)
ae2d382be92a | Bug #54063: Merge branch 'fbest/54063-udm-rest-api-object-type-regex' into 5.0-1
5a5d33e8ab3c | Bug #54063: support more characters for UDM object types
Comment 4 Florian Best univentionstaff 2022-03-10 13:58:00 CET 
QA: no 404 HTTP error anymore by: curl -i http://Administrator:univention@localhost/univention/udm/ms/gpipsec-filter/ -H 'Accept: application/json'
(after univention-app install samba4)
Comment 5 Christian Castens univentionstaff 2022-03-10 14:26:09 CET 
Functionality tested:
- no 404 HTTP error anymore by: curl -i http://Administrator:univention@localhost/univention/udm/ms/gpipsec-filter/ -H 'Accept: application/json'

OK

code review OK
yaml, changelog OK
First Last Prev Next    This bug is not in your last search results.