Univention Bugzilla – Full Text Bug Listing |
Summary: | univention.admin.mapping.mapValue('foo', '') does not raise KeyError | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | UDM (Generic) | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann |
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.1-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=41986 https://forge.univention.org/bugzilla/show_bug.cgi?id=16387 https://forge.univention.org/bugzilla/show_bug.cgi?id=24341 |
||
What kind of report is it?: | Bug Report | What type of bug is this?: | 3: Simply Wrong: The implementation doesn't match the docu |
Who will be affected by this bug?: | 3: Will affect average number of installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
User Pain: | 0.103 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Cleanup, Error handling, Troubleshooting | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 41986 |
Description
Florian Best
2016-09-15 13:18:13 CEST
mapValue is used in multiple UDM handlers but only with keys which are registered in the mapping. mapValue is used in mapDiffAl which is nowhere used. mapValue is used in mapDiff which is used to create the simpleLdap._ldap_modlist() with the values got from simpleLdap.diff(). These might contain properties which are not present in the mapping. But as they are not in the mapping they have to be added in _ldap_modlist. The KeyError there is already catched. mapValue is called in mapRewrite which is called in a lot of lookup functions. And this is the actual case where this error happens: def mapRewrite(filter, mapping): » try: » » k = mapping.mapName(filter.variable) » » v = mapping.mapValue(filter.variable, filter.value) » except KeyError: » » return » filter.variable = k » filter.value = v mapName(foobar) → return an empty string if mapValue(foobar, '') also returns an empty string the filter is broken: '(=)' univention-directory-manager-modules (11.0.3-44): r74294 | Bug #42404: fix mapping.mapValue to raise KeyError univention-directory-manager-modules.yaml: r74296 | YAML Bug #42404 Merge to UCS 4.2: univention-directory-manager-modules (12.0.5-3): r74295 | Bug #42404: fix mapping.mapValue to raise KeyError By the way: This bug is the reason for all the reported tracebacks we got in the past until we appended '*' to the search value in Bug #24341 / Bug #16387 svn r35873. Since we have Bug #42388 this is now also again reproducible: ucr set directory/manager/web/auto_substring_search=false directory/manager/web/allow_wildcard_search=false $ python >>> import univention.admin.modules >>> univention.admin.modules.update() >>> for module in univention.admin.modules.modules.values(): ... if not hasattr(module, 'mapping') # users/self users/password ... continue ... for name, property in module.property_descriptions.items(): ... if not module.mapping.mapName(name) and not property.dontsearch: ... print module.module, name → This reveals a quite long list. Picking one example: umc-client -s 10.200.27.117 -U Administrator -P univention COMMAND udm/query -f dns/dns -e -o '{"container":"all","objectType":"dns/reverse_zone","objectProperty":"contact","objectPropertyValue":""}' Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run tmp = self._function() File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 543, in _thread result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 88, in _decorated return method(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 141, in _decorated result = func(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 476, in search result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/dns/reverse_zone.py", line 302, in lookup for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 339, in search raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter)) ldapError: Bad search filter: (&(objectClass=dNSZone)(relativeDomainName=@)(|(zoneName=*.in-addr.arpa)(zoneName=*.ip6.arpa))(=)) OK: UCS-4.1-4 r74477 r74296 r74294 r75046 + r75048 mapping: New style python class unregister: Clever use of .pop() mapName: Clever use of .get() unmapName: Clever use of .get() mapValue: Previously returned '' in case of empty value, now may raise KeyError first if map_name is unknown. This is what is described in comment 0. unmapValue: Refactored mapRewrite: Previously returned empty LDAP attribute name if unknown UDM property name was given OK: UCS-4.2-0 r75047 r75049 r74295 OK: univention-directory-manager-modules.yaml OK: errata-announce -V --only univention-directory-manager-modules.yaml OK: aptitude install '?source-package(univention-directory-manager-modules)~i' # 11.0.3-51.1445.201612061711 OK: zless /usr/share/doc/python-univention-directory-manager/changelog.Debian.gz OK: umc-client -s localhost -U Administrator -P univention COMMAND udm/query -f dns/dns -e -o '{"container":"all","objectType":"dns/reverse_zone","objectProperty":"contact","objectPropertyValue":""}' |