Bug 53204 - Invalid dhcp/host entry with empty univentionDhcpFixedAddress - no IP address returned
Invalid dhcp/host entry with empty univentionDhcpFixedAddress - no IP address...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - DHCP
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0
Assigned To: Philipp Hahn
Florian Best
: interim-2
Depends on: 24668
Blocks:
  Show dependency treegraph
 
Reported: 2021-04-30 18:14 CEST by Philipp Hahn
Modified: 2021-05-25 15:59 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2021-04-30 18:14:57 CEST
When editing the DHCP entry through an UDM computer object the "IP address" can be let empty: This is used to mark the computer as "known" by its MAC address, but not assign a STATIC address to it. In that case the computer receives a DYNAMIC address from the "dhcp/pool", which provides the optional to restrict it to only KNOWN hosts. (in contrast to UNKNOWN host which do NOT have any "dhcp/host" address matching their MAC address.)

This mechanism is most often used to ONLY provide IP addresses to REGISTERED computers, whose MAC address have been recorded as "dhcp/host" entries.

This mechanism is broken is creates an "invalid" LDAP entry, which has the attribute "univentionDhcpFixedAddress", but with no value:


# univention-ldapsearch -LLLb cn=ucs22,cn=phahn0.qa,cn=dhcp,dc=phahn0,dc=qa
> dn: cn=ucs22,cn=phahn0.qa,cn=dhcp,dc=phahn0,dc=qa
> objectClass: top
> objectClass: univentionObject
> objectClass: univentionDhcpHost
> univentionObjectType: dhcp/host
> cn: ucs22
> univentionDhcpFixedAddress:
> dhcpHWAddress: ethernet 52:54:00:95:dd:7c


When this computers then tries to get an IP address the isc-dhcp-server prints an error message and hands out NO address:

# journalctl  -u isc-dhcp-server
> dhcpd[26025]: DHCPDISCOVER from 00:15:65:d4:a3:77 via eth0: network 10.200.17.0/24: no free leases
> dhcpd[26025]: LDAP-HOST line 1: ; (59): expecting IP address or hostname
> dhcpd[26025]: fixed-address ;
> dhcpd[26025]:                ^

This is triggered by our patch patches/isc-dhcp/5.0-0-0-ucs/4.4.1-2/28_ldap_oc.quilt which generates "fixed-address %s;" for each attribute "ipHostNumber" and "univentionDhcpFixedAddress", even when they are empty.

Fix
===
There are two things to fix:

1. Our patch should not generate those statements when the value is empty.
2. UDM should not generate empty attributes, but remove them completely.


Reproducer
==========
```
LB="$(ucr get ldap/base)"
UNIQUE='42'
udm dhcp/service create --set service="dhcp$UNIQUE"
udm computers/ipmanagedclient create --set name="host$UNIQUE" --set mac=00:11:22:33:44:55 --set dhcpEntryZone="\"cn=dhcp$UNIQUE,$LB\"  \"00:11:22:33:44:55\""
univention-ldapsearch -LLLb "cn=dhcp$UNIQUE,$LB" "(cn=host$UNIQUE)"
```


+++ This bug was initially created as a clone of Bug #24668 +++
Comment 1 Philipp Hahn univentionstaff 2021-05-04 12:32:55 CEST
[5.0-0] cccd2bdb24 fix[udm]: Fix creating dhcp/host entry without IP
 doc/changelog/changelog-5.0-0.xml                               |  5 +++-
 .../univention-directory-manager-modules/debian/changelog       |  7 +++++
 .../modules/univention/admin/handlers/__init__.py               | 20 +++++++------
 test/ucs-test/tests/66_udm-computers/59_remove_ipv6_ptr         | 45 +++++++++++++---------------
 test/ucs-test/tests/66_udm-computers/60_create_empty_dhcp       | 46 +++++++++++++++++++++++++++++
 5 files changed, 89 insertions(+), 34 deletions(-)

Package: univention-directory-manager-modules
Version: 15.0.10-2A~5.0.0.202105041225

Package: ucs-test
Version: 10.0.5-13A~5.0.0.202105041227

OK: /usr/share/ucs-test/66_udm-computers/59_remove_ipv6_ptr
OK: /usr/share/ucs-test/66_udm-computers/60_create_empty_dhcp -vf
Comment 2 Philipp Hahn univentionstaff 2021-05-04 14:54:22 CEST
For completeness I also patched "isc-dchp" to no longer generate invalid statements. It alone is not enough as an old UCS-4 does still create those invalid entries, which the UDM part fixed.

r19367 | fix[dhcp]: Skip empty univentionDhcpFixedAddress

Package: isc-dhcp
Version: 4.4.1-2A~5.0.0.202105041300

OK: I already did QA for this during DNS/DHCP PT for UCS 5.0-0
Comment 3 Florian Best univentionstaff 2021-05-05 15:07:05 CEST
OK: creating computer without DHCP-IP-Address
OK: opening computer without DHCP-IP-Address in UMC
OK: opening computer without DHCP-IP-Address in UDM-CLI
OK: opening computer without DHCP-IP-Address in UDM-REST-API
OK: isc-dhcp patch
OK: changelog entry
Comment 4 Florian Best univentionstaff 2021-05-25 15:59:28 CEST
UCS 5.0 has been released:
 https://docs.software-univention.de/release-notes-5.0-0-en.html
 https://docs.software-univention.de/release-notes-5.0-0-de.html

If this error occurs again, please use "Clone This Bug".