Bug 53213 - Traceback removing IPv6 address from host with multiple DNS PTR-RR
Traceback removing IPv6 address from host with multiple DNS PTR-RR
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Computers
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0
Assigned To: Philipp Hahn
Florian Best
: interim-2
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-05-04 08:23 CEST by Philipp Hahn
Modified: 2021-05-25 16:03 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.257
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): IPv6
Max CVSS v3 score:
hahn: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2021-05-04 08:23:42 CEST
+++ This bug was initially created as a clone of Bug #53165 comment 2 +++

FYI: You can only add a reverse record if a corresponding forward record exists

Setup
=====
LB="$(ucr get ldap/base)"
udm dns/forward_zone create --set zone=bug53165.qa --set nameserver="$(hostname -f)"
udm dns/reverse_zone create --set subnet=1.2.3 --set nameserver="$(hostname -f)"
udm dns/reverse_zone create --set subnet=2001:0001:0002 --set nameserver="$(hostname -f)"
udm computers/ipmanagedclient create --set name=bug53165 \
  --append ip=1.2.3.4 \
  --append dnsEntryZoneReverse="\"zoneName=3.2.1.in-addr.arpa,$LB\" \"1.2.3.4\"" \
  --append dnsEntryZoneForward="\"zoneName=bug53165.qa,$LB\" \"1.2.3.4\"" \
  --append ip=2001:1:2::f \
  --append dnsEntryZoneForward="\"zoneName=bug53165.qa,$LB\" \"2001:1:2::f\"" \
  --append dnsEntryZoneReverse="\"zoneName=2.0.0.0.1.0.0.0.1.0.0.2.ip6.arpa,$LB\" \"2001:1:2::f\""

Test
====
Remove IPv4
-----------
udm computers/ipmanagedclient modify --dn "cn=bug53165,$LB" --remove ip=1.2.3.4
# LDAP Error: Type or value exists: modify/add: aAAARecord: value #0 already exists

IMHO this should work

Remove IPv6.short
-----------------
udm computers/ipmanagedclient modify --dn cn=bug53165,$LB --remove ip=2001:1:2::f
# WARNING: cannot remove 2001:1:2::f from ip, value does not exist
# No modification: cn=bug53165,dc=phahn,dc=dev

It would be nice if UDM would expand IPv6 addresses itself

Remove IPv6.expanded
--------------------
udm computers/ipmanagedclient modify --dn cn=bug53165,$LB --remove ip=2001:0001:0002:0000:0000:0000:0000:000f
> Traceback (most recent call last):
>   File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 210, in doit
>     output = univention.admincli.admin.doit(arglist)
>   File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 388, in doit
>     out = _doit(arglist)
>   File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 659, in _doit
>     out.extend(cli.modify(input, append, remove, parsed_append_options, parsed_remove_options, parsed_options, policy_reference, policy_dereference, ignore_not_exists=ignore_not_exists))
>   File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 688, in modify
>     return self._modify(self.module_name, self.module, self.dn, self.lo, self.position, self.superordinate, *args, **kwargs)
>   File "/usr/lib/python3/dist-packages/univention/admincli/admin.py", line 894, in _modify
>     dn = object.modify()
>   File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 641, in modify
>     dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
>   File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1325, in _modify
>     self._ldap_post_modify()
>   File "/usr/lib/python3/dist-packages/univention/admin/handlers/computers/ipmanagedclient.py", line 219, in _ldap_post_modify
>     univention.admin.handlers.simpleComputer._ldap_post_modify(self)
>   File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 2717, in _ldap_post_modify
>     self.__remove_dns_reverse_object(self['name'], None, entry)
>   File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 2285, in __remove_dns_reverse_object
>     rdn = self.calc_dns_reverse_entry_name(ip, zone)
>   File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 2905, in calc_dns_reverse_entry_name
>     assert rev.endswith(subnet)
> AssertionError


Bug is in __remove_dns_reverse_object(), which searches for *ALL* DNS PTR RRs *by name*, e.g. "pTRRecord=$hostname".
This will return both IPv4 and IPv6 RRs - even multiple if the host has multiple IPv4 or IPv6 addresses.
For each zone calc_dns_reverse_entry_name() is called, even when the IP address is not in that zone.
In that case the assert() is raised.
Comment 2 Philipp Hahn univentionstaff 2021-05-04 09:54:33 CEST
(In reply to Philipp Hahn from comment #1)
> https://git.knut.univention.de/univention/ucs/-/merge_requests/90

Accidentally merged into 5.0-0

[phahn/53213-dns-ptr-ipv6] 1e61bc3ed9 fix[udm]: Remove one of multiple DNS PTR RRs
 .../modules/univention/admin/handlers/__init__.py               | 31 +++++++++++++++++++----------
 1 file changed, 20 insertions(+), 11 deletions(-)

[phahn:~/REPOS/ucs/test/ucs-test/tests/66_udm-computers] phahn/53213-dns-ptr-ipv6+* ± git cl -2
[phahn/53213-dns-ptr-ipv6] cd0e26fd40 doc[udm]: PEP 484 type annotations
 base/univention-python/modules/uldap.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

[phahn/53213-dns-ptr-ipv6] 9c4bd717d5 fix[test/udm]: Remove one of multiple DNS PTR RRs
 test/ucs-test/tests/66_udm-computers/59_remove_ipv6_ptr | 44 +++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

[5.0-0] 435dabf59a doc[udm]: Remove one of multiple DNS PTR RRs
 doc/changelog/changelog-5.0-0.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Package: univention-directory-manager-modules
Version: 15.0.10-1A~5.0.0.202105040940

Package: ucs-test
Version: 10.0.5-13A~5.0.0.202105040942

OK: /usr/share/ucs-test/66_udm-computers/59_remove_ipv6_ptr -vf

PS: On UCS 4.4-8 the test also fails, but differently:
Traceback (most recent call last):
  File "/root/59_remove_ipv6_ptr", line 41, in <module>
    udm.modify_object('computers/ipmanagedclient', dn=computer, remove={'ip': [IP6]})
  File "/usr/lib/python2.7/dist-packages/univention/testing/udm.py", line 384, in modify_object
    raise UCSTestUDM_ModifyUDMObjectFailed({'module': modulename, 'kwargs': kwargs, 'returncode': child.returncode, 'stdout': stdout, 'stderr': stderr})
univention.testing.udm.UCSTestUDM_ModifyUDMObjectFailed: returncode=3
stdout=Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 219, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 409, in doit
    out = _doit(arglist)
  File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 908, in _doit
    dn = object.modify()
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 650, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1334, in _modify
    self._ldap_post_modify()
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/computers/ipmanagedclient.py", line 222, in _ldap_post_modify
    univention.admin.handlers.simpleComputer._ldap_post_modify(self)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 2724, in _ldap_post_modify
    self.__remove_dns_forward_object(self['name'], None, entry)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 2392, in __remove_dns_forward_object
    zone = self.lo.parentDn(zoneDn)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 981, in parentDn
    return self.lo.parentDn(dn)
  File "/usr/lib/python2.7/dist-packages/univention/uldap.py", line 904, in parentDn
    return parentDn(dn, self.base)
  File "/usr/lib/python2.7/dist-packages/univention/uldap.py", line 61, in parentDn
    if dn.lower() == base.lower():
AttributeError: 'NoneType' object has no attribute 'lower'
Comment 3 Florian Best univentionstaff 2021-05-05 14:04:00 CEST
(In reply to Philipp Hahn from comment #0)
> Test
> ====
> Remove IPv4
> -----------
> udm computers/ipmanagedclient modify --dn "cn=bug53165,$LB" --remove
> ip=1.2.3.4
> # LDAP Error: Type or value exists: modify/add: aAAARecord: value #0 already
> exists
> 
> IMHO this should work
state:
dn: relativeDomainName=bug53165,zoneName=bug53165.qa,l=school,l=dev
objectClass: dNSZone                 
objectClass: univentionObject                                                                                                                                                                                                                 
objectClass: top                                                                      
univentionObjectType: dns/host_record                                             
zoneName: bug53165.qa                                                               
aRecord: 1.2.3.4                      
relativeDomainName: bug53165                                                    
aAAARecord: 2001:0001:0002:0000:0000:0000:0000:000f 

reproducer:
import univention.admin.uldap
lo,po=univention.admin.uldap.getAdminConnection()
lo.modify('relativeDomainName=bug53165,zoneName=bug53165.qa,l=school,l=dev', [('aAAARecord', [], [b'2001:0001:0002:0000:0000:0000:0000:000f']), ('aRecord', [b'1.2.3.4'], [])])

python-ldap modlist:
[(ldap.MOD_ADD, 'aAAARecord', [b'2001:0001:0002:0000:0000:0000:0000:000f']), (ldap.MOD_DELETE, 'aRecord', [b'1.2.3.4'])]
Comment 4 Florian Best univentionstaff 2021-05-05 14:43:28 CEST
(In reply to Florian Best from comment #3)
> (In reply to Philipp Hahn from comment #0)
> > Test
> > ====
> > Remove IPv4
> > -----------
> > udm computers/ipmanagedclient modify --dn "cn=bug53165,$LB" --remove
> > ip=1.2.3.4
> > # LDAP Error: Type or value exists: modify/add: aAAARecord: value #0 already
> > exists
> > 
> > IMHO this should work
Fixed in:

univention-directory-manager-modules (15.0.10-2)
55fe683a0628 | Bug #53213: fix removing IPv4 addresses from host records having a aAAARecord assigned
Comment 5 Florian Best univentionstaff 2021-05-05 15:16:05 CEST
OK: removal of IPv4/IPv6 ptr records from host
OK: changelog entry

(In reply to Philipp Hahn from comment #0)
> Remove IPv6.short
> -----------------
> udm computers/ipmanagedclient modify --dn cn=bug53165,$LB --remove
> ip=2001:1:2::f
> # WARNING: cannot remove 2001:1:2::f from ip, value does not exist
> # No modification: cn=bug53165,dc=phahn,dc=dev
> 
> It would be nice if UDM would expand IPv6 addresses itself

This is Bug #43286.
Comment 6 Florian Best univentionstaff 2021-05-25 16:03:05 CEST
UCS 5.0 has been released:
 https://docs.software-univention.de/release-notes-5.0-0-en.html
 https://docs.software-univention.de/release-notes-5.0-0-de.html

If this error occurs again, please use "Clone This Bug".