Univention Bugzilla – Full Text Bug Listing |
Summary: | uid=foo+cn=bar,cn=users,dc=foo DN breaks UDM handlers | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | UDM (Generic) | Assignee: | UMC maintainers <umc-maintainers> |
Status: | CLOSED DUPLICATE | QA Contact: | |
Severity: | normal | ||
Priority: | P5 | Flags: | best:
Patch_Available+
|
Version: | UCS 4.1 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Error handling, Security | |
Max CVSS v3 score: | |||
Attachments: | patch |
*** This bug has been marked as a duplicate of bug 40041 *** |
Created attachment 7589 [details] patch If there is a DN with multiple components in the RDN UDM handles this incorrectly. It prevents e.g. searching/listing objects. It e.g. causes objects to raise the following exception which is masked by another exception (below): File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 108, in __init__ self.position.setDn(dn) File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 150, in setDn mytype, ign = string.split(i,'=') ValueError: too many values to unpack Die Ausführung des Kommandos udm/query users/user ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/notifier/threads.py", line 82, in _run tmp = self._function() File "%PY2.7%/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "%PY2.7%/univention/management/console/modules/udm/__init__.py", line 536, in _thread result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden) File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 84, in _decorated return method(*args, **kwargs) File "%PY2.7%/univention/management/console/ldap.py", line 135, in _decorated result = func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 488, in search UDM_Error(e).reraise() File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 471, in search result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit) File "%PY2.7%/univention/admin/handlers/users/user.py", line 2766, in lookup res.append( object( co, lo, None, dn, attributes = attrs ) ) File "%PY2.7%/univention/admin/handlers/users/user.py", line 1352, in __init__ univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes = attributes ) File "%PY2.7%/univention/admin/handlers/__init__.py", line 562, in __init__ base.__init__(self, co, lo, position, dn, superordinate ) File "%PY2.7%/univention/admin/handlers/__init__.py", line 108, in __init__ self.position.setDn(dn) File "%PY2.7%/univention/admin/uldap.py", line 155, in setDn raise univention.admin.uexceptions.noObject, _("DN not found: %s.") % dn UDM_Error: Das Objekt existiert nicht. DN nicht gefunden: cn=Anton Meyer+uid=anton3,cn=schueler,cn=users,ou=gsmitte,dc=school,dc=local. This may be used for DoS in UCS@school when we allow to make changes via machine connection. The patch fixes the search and the correct modification of such objects.