From 36bfcfdf3bb9e740d342107c755860482decd9f7 Mon Sep 17 00:00:00 2001
Message-Id: <36bfcfdf3bb9e740d342107c755860482decd9f7.1476196168.git.hahn@univention.de>
From: Philipp Hahn <hahn@univention.de>
Date: Tue, 11 Oct 2016 16:27:35 +0200
Subject: [PATCH] Bug #34420 log: Fix base64 encoding
Organization: Univention GmbH, Bremen, Germany

Correctly detect needed base64 encoding and use '::' then.
---
 .../univention-directory-logger/debian/changelog   |  1 +
 .../directory_logger.py                            | 24 ++++++++--------------
 2 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/changelog b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/changelog
index a4b3fc2..904565c 100644
--- a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/changelog
+++ b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/changelog
@@ -2,6 +2,7 @@ univention-directory-logger (7.0.1-2) unstable; urgency=low
 
   * Bug #25404: Fix old LDAP parsing
   * Bug #34739: Switch md5 implementation
+  * Bug #34420: Fix base64 encoding
 
  -- Philipp Hahn <hahn@univention.de>  Mon, 10 Oct 2016 18:26:27 +0200
 
diff --git a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py
index e25ebe8..acb06c2 100755
--- a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py
+++ b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py
@@ -32,12 +32,10 @@
 
 __package__ = ''  # workaround for PEP 366
 import listener
-import string
 import time
 import syslog
 import re
 from hashlib import md5 as digest
-import base64
 import grp
 import subprocess
 import os
@@ -68,22 +66,18 @@ gidNumber = 0  # fallback
 filemode = '0640'
 cleanupDellog = True  # remove missed dellog entries (after reporting about them)
 
-
-def needsConversion(char):
-	return char > '\x7f'
-
-
-def base64Filter(str):
-	if [char for char in str if needsConversion(char)]:
-		str = string.rstrip(base64.encodestring(str))
-	return str
+SAFE_STRING_PATTERN = '(^(\000|\n|\r| |:|<)|[\000\n\r\200-\377]+|[ ]+$)'
+safe_string_re = re.compile(SAFE_STRING_PATTERN)
 
 
 def ldapEntry2string(entry):
-	str = ''
-	for (key, valuelist) in entry.iteritems():
-		str += ''.join(['%s: %s\n' % (key, base64Filter(value)) for value in valuelist])
-	return str
+	return ''.join(
+		'%s:: %s\n' % (key, value.encode('base64'))
+		if safe_string_re.search(value) else
+		'%s: %s\n' % (key, value)
+		for key, values in entry.iteritems()
+		for value in values
+	)
 
 
 def ldapTime2string(timestamp):
-- 
2.1.4