Univention Bugzilla – Full Text Bug Listing |
Summary: | DHCP policy statements applied to wrong DHCP types | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | DHCP | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, michelsmidt, requate, scheinig, schwardt |
Version: | UCS 4.3 | Flags: | hahn:
Patch_Available+
|
Target Milestone: | UCS 4.4-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 4: Minor Usability: Impairs usability in secondary scenarios |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 5: Blocking further progress on the daily work |
User Pain: | 0.229 | Enterprise Customer affected?: | |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2018111921000247 | Bug group (optional): | Cleanup |
Max CVSS v3 score: | |||
Bug Depends on: | 3595, 7832 | ||
Bug Blocks: | 20226 | ||
Attachments: | syslog2dhcpd.conf |
Description
Philipp Hahn
2010-10-01 14:21:46 CEST
Aus dem Patch 50_dhcp_policy.patch für dhcp3: Funktion univention_parse_policy(...): + case STATEMENT_NORMAL: + /* Add comma separated list of attribute values after statement name */ + strncat(buf, dhcp_name, bufsize); + strncat(buf, " ", bufsize); + for (i=0; presult->values[i] != NULL; i++) { + if (i > 0) + strncat(buf, ", ", bufsize); + if (quotes) + strncat(buf, "\"", bufsize); + strncat(buf, presult->values[i], bufsize); + if (quotes) + strncat(buf, "\"", bufsize); + } + strncat(buf, ";\n", bufsize); + break; Hier wird immer dhcp_name (==> "option domain-name-servers") eingefügt und mit ";\n" abgeschlossen, auch wenn presult->values[0] == NULL (==> Liste leer) ist. Das führt dann zu falschen Configeinträgen. Auch STATEMENT_REVERSE sollte geprüft werden. Das sieht auf den ersten Blick nicht richtiger aus. Created attachment 2729 [details]
syslog2dhcpd.conf
sed-Skript zum extrahieren der dhcpd.conf aus /var/log/syslog
*** Bug 20578 has been marked as a duplicate of this bug. *** Innerhalb eines Pool{}-Statment sind u.a. folgende Statement illegal: deny client-updates; ddns-hostname Für univentionDhcpAuthoritative ist nur folgendes sinnvoll: if (context & (CONTEXT_SHARED_NETWORK | CONTEXT_SUBNET | CONTEXT_SERVICE)) This issue has been filed against UCS 2.4. UCS 2.4 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug". In this case please provide detailed information on how this issue is affecting you. *** Bug 23402 has been marked as a duplicate of this bug. *** DHCP policy "policies/dhcp_scope" cannot be applied to dhcp/pool, but its values fo "unknownClients" is still affecting it. ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/policies/dhcp_scope.py:65 > policy_apply_to = ["dhcp/service", "dhcp/subnet", "dhcp/host", "dhcp/sharedsubnet", "dhcp/shared"] From a950995fd047f273ca2b729b2b3e921acefba0ba Mon Sep 17 00:00:00 2001 Message-Id: <a950995fd047f273ca2b729b2b3e921acefba0ba.1542702578.git.hahn@univention.de> From: Philipp Hahn <hahn@univention.de> Date: Tue, 20 Nov 2018 09:28:29 +0100 Subject: [PATCH] Bug #20222: remove univentionDhcpUnknownClients for pools --- server/ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/ldap.c b/server/ldap.c index c6c1ce3b..e71d68fa 100644 --- a/server/ldap.c +++ b/server/ldap.c @@ -645,7 +645,7 @@ univention_parse_policies (enum CONTEXT context, LDAPMessage * ent, struct parse univention_parse_policy(phandle, "univentionDhcpLeaseTimeMax", "max-lease-time", NULL, 0, STATEMENT_NORMAL, cfile); if (context & (CONTEXT_CLASS | CONTEXT_SUBCLASS | CONTEXT_HOST | CONTEXT_SHARED_NETWORK | CONTEXT_SUBNET | CONTEXT_POOL | CONTEXT_GROUP | CONTEXT_SERVICE)) // Bug #20222 univention_parse_policy(phandle, "univentionDhcpLeaseTimeDefault", "default-lease-time", NULL, 0, STATEMENT_NORMAL, cfile); - if (context & (CONTEXT_CLASS | CONTEXT_SUBCLASS | CONTEXT_HOST | CONTEXT_SHARED_NETWORK | CONTEXT_SUBNET | CONTEXT_POOL | CONTEXT_GROUP | CONTEXT_SERVICE)) // Bug #20222 + if (context & (CONTEXT_CLASS | CONTEXT_SUBCLASS | CONTEXT_HOST | CONTEXT_SHARED_NETWORK | CONTEXT_SUBNET | CONTEXT_GROUP | CONTEXT_SERVICE)) // Bug #20222 univention_parse_policy(phandle, "univentionDhcpUnknownClients", "unknown-clients", NULL, 0, STATEMENT_REVERSE, cfile); if (context & (CONTEXT_CLASS | CONTEXT_SUBCLASS | CONTEXT_HOST | CONTEXT_SHARED_NETWORK | CONTEXT_SUBNET | CONTEXT_GROUP | CONTEXT_SERVICE)) // Bug #20222 univention_parse_policy(phandle, "univentionDhcpBootp", "bootp", NULL, 0, STATEMENT_REVERSE, cfile); -- 2.11.0 r18525 | Bug #20222 dhcp: unknownClients @ -POOL Package: isc-dhcp Version: 4.3.5-3+deb9u1A~4.4.0.201903251533 Branch: ucs_4.4-0 Scope: errata4.4-0 [4.4-0] 3a9e33d784 Bug #20222: isc-dhcp 4.3.5-3+deb9u1A~4.4.0.201903251533 doc/errata/staging/isc-dhcp.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) QA: ~/BUG/20222-dhcp-policy.sh @arvid, sorry i couldn't make it, please find somebody else for qa if this is important Ok, works. Once activated the log file /var/log/dhcp-ldap-startup.log shows that the pool config now has "deny known clients;" instead of "deny unknown clients;" after using UMC to configure the pool as described in the ticket. Advisory: Ok. Note: It's a bit ugly that the 30_policy.quilt file still contains 27 comments referencing this bug. But apparently there are still things to be improved, so we better keep the "pointer" to this bug there. |