Univention Bugzilla – Full Text Bug Listing |
Summary: | bad subnet number/mask combination fails dhcpd | ||
---|---|---|---|
Product: | UCS | Reporter: | Philipp Hahn <hahn> |
Component: | UMC - DHCP | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P5 | CC: | best, voelker |
Version: | UCS 4.4 | Flags: | hahn:
Patch_Available+
|
Target Milestone: | UCS 4.4-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=50687 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 3: Simply Wrong: The implementation doesn't match the docu |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.103 | Enterprise Customer affected?: | |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2019112221000702 | Bug group (optional): | |
Max CVSS v3 score: |
*** Bug 37149 has been marked as a duplicate of this bug. *** Happened for a customer. Having no clue how to troubleshoot. Can be found only on second view. UMC should either not allow to add such (sub)networks or zero out the non-masked values. Nov 25 16:26:50 master dhcpd[34640]: LDAP line 11: subnet 192.168.142.0 netmask 255.255.0.0: bad subnet number/mask combination. Nov 25 16:26:50 master dhcpd[34640]: subnet 192.168.142.0 netmask 255.255.0.0 Nov 25 16:26:50 master dhcpd[34640]: ^ Nov 25 16:26:50 master dhcpd[34640]: LDAP: cannot parse dhcpService entry 'cn=multi.ucs,cn=dhcp,dc=multi,dc=ucs' Nov 25 16:26:50 master dhcpd[34640]: Configuration file errors encountered -- exiting server/confpars.c > 2821 »·······»·······parse_warn (cfile, > 2822 »·······»······· "subnet %s netmask %s: bad subnet number/mask combination.", > 2823 »·······»·······»······· piaddr (subnet -> net), maskstr); This is only a warning > 2825 »·······»·······subnet_dereference (&subnet, MDL); but the broken declaration is removed and the server probably fails as the last subnet declaration was removed, which is invalid. A simple fix here would be to mask out any host bits by using subnet_number() if host_addr() returns any set host bits: @ server/confpars.c - 2825 »·······»·······subnet_dereference (&subnet, MDL); - 2826 »·······»·······skip_to_semi (cfile); - 2827 »·······»·······return; + 2825 »·······»·······subnet -> net = subnet_number(subnet -> net, subnet -> netmask); Untested! Basis for a UDM patch in git:fbest/44135-dhcp-bad-subnet-number-mask-combination → use the ready() method for consistency checks univention-directory-manager-modules (14.0.14-22) cdde67c8c829 | Bug #44135: prevent adding DHCP (sub)nets which break the dhcpd configuration univention-directory-manager-modules.yaml 6cf9cf50e0b1 | YAML Bug #44135 ucs-test (9.0.3-133) 102aeb34eb6c | Bug #44135: add tests/65_udm-dhcp/62_dhcp_subnets_invalid_values OK: errata-announce -V --only univention-directory-manager-modules.yaml FIXED: univention-directory-manager-modules.yaml 5107cd9298 OK: apt install -t apt univention-directory-manager-tools python-univention-directory-manager OK: 1.2.3.0/8 -> rejected OK: 1.2.3.0/24 -> accepted OK: 1.2.3.0/25 + 1.2.3.10…127 -> rejected OK: 1.2.3.0/24 + 1.2.3.10…253 -> accepted ~FAIL: subnetmask can be changed after creating the network; the pool definitions thus can become invalid if the pools are no longer contained in the subnet. OK: cdde67c8c82950edbd8eeb9e6aba41bac80518fb udm OK: 102aeb34eb6c ucs-test OK: python 62_dhcp_subnets_invalid_values |
When a DHCP (shared) subnet is created, care must be taken to zero out all host bits; otherwise dhcpd fails to start: > dhcpd: LDAP line 11: subnet 172.17.42.1 netmask 255.255.0.0: bad subnet number/mask combination. > dhcpd: }subnet 172.17.42.1 netmask 255.255.0.0 As the subnet address cannot be changed afterwards, the full LDAP hierarchy must be deleted and re-added by hand. assert ipaddr.IPv4Network('%(subnet)s/%(subnetmask)s' % udm.info).network == ipaddr.IPv4Address('%(subnet)s' % udm.info)