Bug 56044 – UDM traceback with some patterns

Bug 56044 - UDM traceback with some patterns


Summary:	UDM traceback with some patterns

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-05-05 14:53 CEST by Frank Greif
Modified:	2023-05-09 13:02 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Frank Greif

2023-05-05 14:53:57 CEST

When searching for a single 'ü' (a german umlaut) the UDM frontend shows a traceback:
```
Internal server error during "udm/query (users/user)".
Request: udm/query (users/user)

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/notifier/threads.py", line 80, in _run
    result = self._function()
  File "/usr/lib/python3/dist-packages/notifier/__init__.py", line 105, in __call__
    return self._function(*tmp, **self._kwargs)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/udm/__init__.py", line 615, in _thread
    result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden, allow_asterisks=USE_ASTERISKS)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/udm/udm_ldap.py", line 678, in search
    result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1795, in lookup
    for dn, attrs in lo.search(filter_str, base, scope, attr, unique, required, timeout, sizelimit, serverctrls=serverctrls, response=response):
  File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 673, in search
    raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter))
univention.admin.uexceptions.ldapError: LDAP Error: Bad search filter: No such file or directory: (&(univentionObjectType=users/user)(!(uidNumber=0))(!(univentionObjectFlag=functional))(&(!(univentionObjectFlag=hidden))(|(|(uid=*ü*)(uid=ü))(|(givenName=*ü*)(givenName=ü))(|(sn=*ü*)(sn=ü))(|(description=*ü*)(description=ü))(|(mailPrimaryAddress=**)(mailPrimaryAddress=))))).```

The problematic 'bad search filter' is the expression `(|(mailPrimaryAddress=**)(mailPrimaryAddress=))`.

Seems the class univention.admin.filter.expression builds this invalid search filter when the syntax of the corresponding attribute cleans up invalid chars (like umlauts in a mail address).

I did not dive into the mode how UDM calls the functions of this class (which flags for asterisk handling are used). The error is reproducible also from @school, where the models construct their search filters (function build_easy_filter).

Comment 1 Frank Greif

2023-05-09 10:42:28 CEST

Sorry I omitted an important detail: the traceback is triggered whenever the mail address is in the attributes to be queried: (1) when 'default properties' is selected, and also (2) when I explicitly select 'search in E-Mail address'

Comment 2 Oliver Friedrich

2023-05-09 13:02:02 CEST

Also occurs for the following letters: ä,Ä,ö,Ö,ü,Ü,é (I guess every special character) as long as they are single.