Univention Bugzilla – Bug 42404
univention.admin.mapping.mapValue('foo', '') does not raise KeyError
Last modified: 2017-01-05 11:22:39 CET
Inconsistent behavior in the mapValue() method of univention.admin.mapping.mapValue causes Bugs like Bug #41986. >>> m.mapValue('foo', '') '' >>> m.mapValue('foo', '1') KeyError: 'foo' mapName('foo') doesn't raise KeyError at all. A greater problem is that mapRewrite() & co. are used for different purposes (e.g. creating filters for search, map the value for the add/modlist).
mapValue is used in multiple UDM handlers but only with keys which are registered in the mapping. mapValue is used in mapDiffAl which is nowhere used. mapValue is used in mapDiff which is used to create the simpleLdap._ldap_modlist() with the values got from simpleLdap.diff(). These might contain properties which are not present in the mapping. But as they are not in the mapping they have to be added in _ldap_modlist. The KeyError there is already catched. mapValue is called in mapRewrite which is called in a lot of lookup functions. And this is the actual case where this error happens: def mapRewrite(filter, mapping): » try: » » k = mapping.mapName(filter.variable) » » v = mapping.mapValue(filter.variable, filter.value) » except KeyError: » » return » filter.variable = k » filter.value = v mapName(foobar) → return an empty string if mapValue(foobar, '') also returns an empty string the filter is broken: '(=)' univention-directory-manager-modules (11.0.3-44): r74294 | Bug #42404: fix mapping.mapValue to raise KeyError univention-directory-manager-modules.yaml: r74296 | YAML Bug #42404 Merge to UCS 4.2: univention-directory-manager-modules (12.0.5-3): r74295 | Bug #42404: fix mapping.mapValue to raise KeyError
By the way: This bug is the reason for all the reported tracebacks we got in the past until we appended '*' to the search value in Bug #24341 / Bug #16387 svn r35873.
Since we have Bug #42388 this is now also again reproducible: ucr set directory/manager/web/auto_substring_search=false directory/manager/web/allow_wildcard_search=false $ python >>> import univention.admin.modules >>> univention.admin.modules.update() >>> for module in univention.admin.modules.modules.values(): ... if not hasattr(module, 'mapping') # users/self users/password ... continue ... for name, property in module.property_descriptions.items(): ... if not module.mapping.mapName(name) and not property.dontsearch: ... print module.module, name → This reveals a quite long list. Picking one example: umc-client -s 10.200.27.117 -U Administrator -P univention COMMAND udm/query -f dns/dns -e -o '{"container":"all","objectType":"dns/reverse_zone","objectProperty":"contact","objectPropertyValue":""}' Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run tmp = self._function() File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 543, in _thread result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 88, in _decorated return method(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 141, in _decorated result = func(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 476, in search result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/dns/reverse_zone.py", line 302, in lookup for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 339, in search raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter)) ldapError: Bad search filter: (&(objectClass=dNSZone)(relativeDomainName=@)(|(zoneName=*.in-addr.arpa)(zoneName=*.ip6.arpa))(=))
OK: UCS-4.1-4 r74477 r74296 r74294 r75046 + r75048 mapping: New style python class unregister: Clever use of .pop() mapName: Clever use of .get() unmapName: Clever use of .get() mapValue: Previously returned '' in case of empty value, now may raise KeyError first if map_name is unknown. This is what is described in comment 0. unmapValue: Refactored mapRewrite: Previously returned empty LDAP attribute name if unknown UDM property name was given OK: UCS-4.2-0 r75047 r75049 r74295 OK: univention-directory-manager-modules.yaml OK: errata-announce -V --only univention-directory-manager-modules.yaml OK: aptitude install '?source-package(univention-directory-manager-modules)~i' # 11.0.3-51.1445.201612061711 OK: zless /usr/share/doc/python-univention-directory-manager/changelog.Debian.gz OK: umc-client -s localhost -U Administrator -P univention COMMAND udm/query -f dns/dns -e -o '{"container":"all","objectType":"dns/reverse_zone","objectProperty":"contact","objectPropertyValue":""}'
<http://errata.software-univention.de/ucs/4.1/367.html>