Bug 33593 - Insufficient quoting univention-nagios/30univention-nagios-client.inst - join fails
Insufficient quoting univention-nagios/30univention-nagios-client.inst - join...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Join (univention-join)
UCS 3.1
Other Linux
: P5 normal (vote)
: UCS 3.2-0-errata
Assigned To: Felix Botner
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-27 13:53 CET by Philipp Hahn
Modified: 2014-01-29 11:18 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Cleanup, Internationalization, Troubleshooting
Max CVSS v3 score:
hahn: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2013-11-27 13:53:37 CET
In univention-nagios/30univention-nagios-client.inst "${ldap_base}" is not quoted, leading to a join failure when the LDAP-base contains a blank, e.g. "ou=Zentrale Bremen,o=Univention GmbH,c=de"

diff --git nagios/univention-nagios/30univention-nagios-client.inst nagios/univention-nagios/30univention-nagios-client.inst
index 12363f3..609c9e0 100755
--- nagios/univention-nagios/30univention-nagios-client.inst
+++ nagios/univention-nagios/30univention-nagios-client.inst
@@ -53,9 +53,9 @@ if [ ! "$nagios_client_autoregister" = "no" ] ; then
     # Enable Nagios for this host
     # Managed clients are still called "fatclient" in Config Registry
     if [ "$server_role" = "fatclient" ] ; then
-        univention-directory-manager computers/managedclient modify "$@" --dn ${ldap_hostdn} --append-option="nagios"
+        univention-directory-manager computers/managedclient modify "$@" --dn "${ldap_hostdn}" --append-option="nagios"
     else
-        univention-directory-manager computers/${server_role} modify "$@" --dn ${ldap_hostdn} --append-option="nagios"
+        univention-directory-manager "computers/${server_role}" modify "$@" --dn "${ldap_hostdn}" --append-option="nagios"
     fi
 
 	# remove obsolete services from host


Some more cleanup:
1. Use "udm --position" instead of "udm --filter | grep" which breaks if the LDAP dn contains regular-expression meta-characters.
2. Also remove use of "$?" is is useless when combined with ! or "| grep".
3. Convert large disjunction in "if" into "switch" statement.

diff --git nagios/univention-nagios/30univention-nagios-client.inst nagios/univention-nagios/30univention-nagios-client.inst
index 12363f3..99cddcd 100755
--- nagios/univention-nagios/30univention-nagios-client.inst
+++ nagios/univention-nagios/30univention-nagios-client.inst
@@ -41,11 +41,34 @@ eval "$(univention-config-registry shell)"
 
 univention-config-registry commit /etc/nagios/nrpe.cfg
 
+assign_service () {
+	local dn="cn=${1},cn=nagios,${ldap_base}"
+	shift 1
+	if udm nagios/service list "$@" --position "$dn" >/dev/null
+	then
+		univention-directory-manager nagios/service modify "$@" --dn "$dn" --append assignedHosts="$ldap_hostdn"
+	else
+		echo "Skipping $dn"
+	fi
+}
+
+remove_service () {
+	local dn="cn=${1},cn=nagios,${ldap_base}"
+	shift 1
+	if udm nagios/service list "$@" --position "$dn" >/dev/null
+	then
+		univention-directory-manager nagios/service modify "$@" --dn "$dn" --remove assignedHosts="$ldap_hostdn"
+	else
+		echo "Skipping $dn"
+	fi
+}
+
 # only register host to ldap if nagios/client/autoregister is not "no"
 if [ ! "$nagios_client_autoregister" = "no" ] ; then
 
-	if ! udm container/cn list "$@" --filter cn=nagios | grep "^DN: cn=nagios,$ldap_base$" 2>/dev/null >/dev/null ; then 
-		echo "Cannot find container cn=nagios,$ldap_base (ldapsearch error $?)"
+	if ! udm container/cn list "$@" --position "cn=nagios,$ldap_base$" >/dev/null
+	then
+		echo "Cannot find container cn=nagios,$ldap_base"
 		echo "Please check if univention-nagios-server is installed on a system in UCS domain."
 		exit 0
 	fi
@@ -53,80 +76,43 @@ if [ ! "$nagios_client_autoregister" = "no" ] ; then
     # Enable Nagios for this host
     # Managed clients are still called "fatclient" in Config Registry
     if [ "$server_role" = "fatclient" ] ; then
-        univention-directory-manager computers/managedclient modify "$@" --dn ${ldap_hostdn} --append-option="nagios"
+        univention-directory-manager computers/managedclient modify "$@" --dn "${ldap_hostdn}" --append-option="nagios"
     else
-        univention-directory-manager computers/${server_role} modify "$@" --dn ${ldap_hostdn} --append-option="nagios"
+        univention-directory-manager "computers/${server_role}" modify "$@" --dn "${ldap_hostdn}" --append-option="nagios"
     fi
 
 	# remove obsolete services from host
-	oldServices="UNIVENTION_SMTP UNIVENTION_LDAP"
-	for i in $oldServices; do
-		dn="cn=$i,cn=nagios,$ldap_base"
-		if udm nagios/service list "$@" --filter name="$i" | grep -q "^DN: cn=$i"; then
-			univention-directory-manager nagios/service modify "$@" --dn "$dn" \
-			--remove assignedHosts="${ldap_hostdn}"
-		fi
-	done
+	remove_service "UNIVENTION_SMTP" "$@"
+	remove_service "UNIVENTION_LDAP" "$@"
 
     # append host to default services
-    for dn in "cn=UNIVENTION_PING,cn=nagios,$ldap_base" \
-              "cn=UNIVENTION_DISK_ROOT,cn=nagios,$ldap_base" \
-              "cn=UNIVENTION_SWAP,cn=nagios,$ldap_base" \
-              "cn=UNIVENTION_DNS,cn=nagios,$ldap_base" \
-              "cn=UNIVENTION_SMTP2,cn=nagios,$ldap_base" \
-              "cn=UNIVENTION_REPLICATION,cn=nagios,$ldap_base" \
-              "cn=UNIVENTION_LOAD,cn=nagios,$ldap_base" \
-              "cn=UNIVENTION_NSCD,cn=nagios,$ldap_base" ; do
-		rdn="$(echo $dn | sed -e 's|,.*||')"
-		if udm nagios/service list "$@" --filter "$rdn" | grep "^DN: $dn" 2>/dev/null >/dev/null; then
-			univention-directory-manager nagios/service modify "$@" --append assignedHosts="${ldap_hostdn}" --dn "$dn"
-		else
-			echo "Skipping $dn (code $?)"
-		fi
-	done
+	assign_service "UNIVENTION_PING" "$@"
+	assign_service "UNIVENTION_DISK_ROOT" "$@"
+	assign_service "UNIVENTION_SWAP" "$@"
+	assign_service "UNIVENTION_DNS" "$@"
+	assign_service "UNIVENTION_SMTP2" "$@"
+	assign_service "UNIVENTION_REPLICATION" "$@"
+	assign_service "UNIVENTION_LOAD" "$@"
+	assign_service "UNIVENTION_NSCD" "$@"
 
     # add ssl check only on role "domaincontroler_master/backup"
-    if [ "$server_role" = "domaincontroller_master" -o \
-         "$server_role" = "domaincontroller_backup" ] ; then
-		for dn in "cn=UNIVENTION_SSL,cn=nagios,$ldap_base"; do
-			rdn="$(echo $dn | sed -e 's|,.*||')"
-			if udm nagios/service list "$@" --filter "$rdn" | grep "^DN: $dn" 2>/dev/null >/dev/null; then
-				univention-directory-manager nagios/service modify "$@" --append assignedHosts="${ldap_hostdn}" --dn "$dn"
-			else
-				echo "Skipping $dn (code $?)"
-			fi
-		done
-    fi
+	case "$server_role" in
+	domaincontroller_master|domaincontroller_backup)
+		assign_service "cn=UNIVENTION_SSL" "$@"
+	esac
 
     # add ldap check only on role "domaincontroler_*"
-    if [ "$server_role" = "domaincontroller_master" -o \
-         "$server_role" = "domaincontroller_backup" -o \
-         "$server_role" = "domaincontroller_slave" ] ; then
-		for dn in "cn=UNIVENTION_LDAP_AUTH,cn=nagios,$ldap_base" \
-                  "cn=UNIVENTION_NTP,cn=nagios,$ldap_base"; do
-			rdn="$(echo $dn | sed -e 's|,.*||')"
-			if udm nagios/service list "$@" --filter "$rdn" | grep "^DN: $dn" 2>/dev/null >/dev/null; then
-				univention-directory-manager nagios/service modify "$@" --append assignedHosts="${ldap_hostdn}" --dn "$dn"
-			else
-				echo "Skipping $dn (code $?)"
-			fi
-		done
-    fi
+	case "$server_role" in
+	domaincontroller_master|domaincontroller_backup|domaincontroller_slave)
+		assign_service "cn=UNIVENTION_LDAP_AUTH" "$@"
+		assign_service "cn=UNIVENTION_NTP" "$@"
+	esac
 
     # add joinstatus check only on role "domaincontroler_*, memberserver and managedclients"
-    if [ "$server_role" = "domaincontroller_master" -o \
-         "$server_role" = "domaincontroller_backup" -o \
-         "$server_role" = "domaincontroller_slave" -o \
-         "$server_role" = "memberserver" -o \
-         "$server_role" = "fatclient" ] ; then
-		dn="cn=UNIVENTION_JOINSTATUS,cn=nagios,$ldap_base"
-		rdn="$(echo $dn | sed -e 's|,.*||')"
-		if udm nagios/service list "$@" --filter "$rdn" | grep "^DN: $dn" 2>/dev/null >/dev/null; then
-			univention-directory-manager nagios/service modify "$@" --append assignedHosts="${ldap_hostdn}" --dn "$dn"
-		else
-			echo "Skipping $dn (code $?)"
-		fi
-    fi
+	case "$server_role" in
+	domaincontroller_master|domaincontroller_backup|domaincontroller_slave|memberserver|fatclient)
+		assign_service "cn=UNIVENTION_JOINSTATUS" "$@"
+	esac
 fi
 
 joinscript_save_current_version
Comment 1 Philipp Hahn univentionstaff 2013-11-27 13:57:38 CET
Patch for UCS-3.2 (the previous one was for UCS-3.0):

diff --git a/branches/ucs-3.2/ucs-3.2-0/nagios/univention-nagios/30univention-nagios-client.inst b/branches/ucs-3.2/ucs-3.2-0/nagios/univention-nagios/30univention-nagios-client.inst
index f1afb16..df05d48 100755
--- a/branches/ucs-3.2/ucs-3.2-0/nagios/univention-nagios/30univention-nagios-client.inst
+++ b/branches/ucs-3.2/ucs-3.2-0/nagios/univention-nagios/30univention-nagios-client.inst
@@ -53,9 +53,9 @@ if [ ! "$nagios_client_autoregister" = "no" ] ; then
     # Enable Nagios for this host
     # Managed clients are still called "fatclient" in Config Registry
     if [ "$server_role" = "fatclient" ] ; then
-        univention-directory-manager computers/managedclient modify "$@" --dn ${ldap_hostdn} --append-option="nagios" || die
+        univention-directory-manager computers/managedclient modify "$@" --dn "$ldap_hostdn" --append-option="nagios" || die
     else
-        univention-directory-manager computers/${server_role} modify "$@" --dn ${ldap_hostdn} --append-option="nagios" || die
+        univention-directory-manager computers/${server_role} modify "$@" --dn "$ldap_hostdn" --append-option="nagios" || die
     fi
 
 	# remove obsolete services from host
Comment 2 Felix Botner univentionstaff 2014-01-08 11:34:22 CET
fixed quoting in 30univention-nagios-client.inst and 28univention-nagios-server.inst

YAML: 2014-01-08-univention-nagios.yaml
Comment 3 Philipp Hahn univentionstaff 2014-01-17 13:20:33 CET
OK: univention-nagios r46949
OK: aptitude install univention-nagios-client=7.0.5-6.259.201401141920
> Calling joinscript 30univention-nagios-client.inst ...
> Joinscript 30univention-nagios-client.inst finished with exitcode 1

that message is expected and normal, but still confusing.

OK:  ./internal/repo-ng/announce/announce_errata -V ucs-3.2-0/doc/errata/staging/2014-01-08-univention-nagios.yaml 
"ucs-3.2-0/doc/errata/staging/2014-01-08-univention-nagios.yaml" looks valid


OK: Update
# printf univention >./univention
# ldap_position="ou=a b,dc=phahn,dc=qa" /usr/sbin/univention-join -dcaccount Administrator -dcpwd ./univention
...
Configure 30univention-nagios-client.inst                  failed
# tail /var/log/univention/join.log
Configure 30univention-nagios-client.inst Fri Jan 17 12:23:43 CET 2014
File: /etc/nagios/nrpe.cfg
WARNING: the following arguments are ignored: "b,dc=phahn,dc=qa" "--append-option=nagios"
E: object not found
Fri Jan 17 12:23:44 CET 2014: finish /usr/sbin/univention-join

# echo 'deb http://omar.knut.univention.de/build2 ucs_3.2-0-errata3.2-0/$(ARCH)/' >>/etc/apt/sources.list
# aptitude -q update
# aptitude install univention-nagios-client=7.0.5-7.260.201401151238
# echo -n univention > univention ; univention-run-join-scripts -dcaccount Administrator -dcpwd ./univention
...
Running 30univention-nagios-client.inst                    done
...
# univention-ldapsearch -xLLLb "$(ucr get ldap/hostdn)" univentionNagiosEnabled
dn: cn=nagios2,ou=a b,dc=phahn,dc=qa
univentionNagiosEnabled: 1

OK: Install
# ... /etc/apt/sources.list ; ... update ; ... install ; univention-join ...
...
Configure 30univention-nagios-client.inst                  done
Comment 4 Moritz Muehlenhoff univentionstaff 2014-01-29 11:18:39 CET
http://errata.univention.de/ucs/3.2/36.html