Illegal characters in contact groups imported from LDAP

Question

Illegal characters in contact groups imported from LDAP

proxyconcept opened this issue 2 years ago · 1 comments

proxyconcept commented 2 years ago

BUG REPORT INFORMATION

Prerequisites

Versions

centreon-web-22.04.1-8.el8.noarch

Operating System

Red Hat Enterprise Linux 8.6 (Ootpa)

Description

With LDAP backend, the imported contact groups are stored in the database without any check on the name.

This is not a real problem for Centreon Web: administration, synchronisation and authentication are working.
But if a contact group is used for notification, we can have a problem with illegal characters in the nagios configuration files generated.

Steps to Reproduce

Have a group in your LDAP server with a name containing a nagios illegal character (by default ~!$%^&*"|'<>?,()=)
Configure the LDAP backend in Centreon (with group support) and synchronize (LDAP groups imported as contact groups)
Edit a host and link for notifications the contact group from LDAP (with illegal chars)
Generate the nagios configuration files for the poller

Describe the received result

Generating files... NOK
Aborted.

Error The name of contact group 'xxx (zzz)' contains one or more illegal characters.
Error Cannot resolve contact group xxx (zzz)'

The generated files in /var/cache/centreon/config/engine/1 contains the contact group names with illegal characters.

Describe the expected result

Generating files... OK

The generated files in /var/cache/centreon/config/engine/1 should contains valid contact group names (with illegal characters removed).

Additional relevant information

It's a real problem because must be able to interconnect with the LDAP server and it's not possible to impose the naming of the LDAP groups.

Answer 1 · 2022-08-02T09:56:21.000Z

There is no problem with "normal" contact groups (created by centreon web or clapi) because they are sanitized before being saved (see #9220).

But nothing similar is doing when groups are imported from the LDAP backends.

At first I considered adding same sanitize function when contact groups are created from LDAP (before being saved)... But it seems difficult to store a name different from the original: there is a lot of impact if we don't want to break synchronisation process (it's necessary to verify the existence of a group in DB and in LDAP by it's name).

Then I gave up this input filtering, since the main problem lies in the output (nagios configuration files generation).