First Last Prev Next    This bug is not in your last search results.
Bug 41032 - uid=foo+cn=bar,cn=users,dc=foo DN breaks UDM handlers
uid=foo+cn=bar,cn=users,dc=foo DN breaks UDM handlers
Status: CLOSED DUPLICATE of bug 40041
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 4.1
Other Linux
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-12 09:57 CEST by Florian Best
Modified: 2018-04-13 13:29 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Error handling, Security
Max CVSS v3 score:
best: Patch_Available+

Attachments
patch (3.65 KB, patch)
2016-04-12 09:57 CEST, Florian Best 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2016-04-12 09:57:15 CEST 
Created attachment 7589 [details]
patch

If there is a DN with multiple components in the RDN UDM handles this incorrectly. It prevents e.g. searching/listing objects.

It e.g. causes objects to raise the following exception which is masked by another exception (below):
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 108, in __init__
    self.position.setDn(dn)
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 150, in setDn
    mytype, ign = string.split(i,'=')
ValueError: too many values to unpack

Die Ausführung des Kommandos udm/query users/user ist fehlgeschlagen:

Traceback (most recent call last):
  File "%PY2.7%/notifier/threads.py", line 82, in _run
    tmp = self._function()
  File "%PY2.7%/notifier/__init__.py", line 104, in __call__
    return self._function( *tmp, **self._kwargs )
  File "%PY2.7%/univention/management/console/modules/udm/__init__.py", line 536, in _thread
    result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden)
  File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 84, in _decorated
    return method(*args, **kwargs)
  File "%PY2.7%/univention/management/console/ldap.py", line 135, in _decorated
    result = func(*args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 488, in search
    UDM_Error(e).reraise()
  File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 471, in search
    result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit)
  File "%PY2.7%/univention/admin/handlers/users/user.py", line 2766, in lookup
    res.append( object( co, lo, None, dn, attributes = attrs ) )
  File "%PY2.7%/univention/admin/handlers/users/user.py", line 1352, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes = attributes )
  File "%PY2.7%/univention/admin/handlers/__init__.py", line 562, in __init__
    base.__init__(self, co, lo, position, dn, superordinate )
  File "%PY2.7%/univention/admin/handlers/__init__.py", line 108, in __init__
    self.position.setDn(dn)
  File "%PY2.7%/univention/admin/uldap.py", line 155, in setDn
    raise univention.admin.uexceptions.noObject, _("DN not found: %s.") % dn
UDM_Error: Das Objekt existiert nicht. DN nicht gefunden: cn=Anton Meyer+uid=anton3,cn=schueler,cn=users,ou=gsmitte,dc=school,dc=local.

This may be used for DoS in UCS@school when we allow to make changes via machine connection.

The patch fixes the search and the correct modification of such objects.
Comment 1 Florian Best univentionstaff 2016-08-17 14:52:26 CEST 

*** This bug has been marked as a duplicate of bug 40041 ***
First Last Prev Next    This bug is not in your last search results.