Bug 1030163

Summary: gdm fails to answer XDMCP queries when DNS is not configured
Product: Red Hat Enterprise Linux 6 Reporter: Ben Stanley <ben.stanley>
Component: gdmAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.4CC: jwright, maci, mdomonko, tpelka
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gdm-2.30.4-63.el6 Doc Type: Bug Fix
Doc Text:
Cause: errors in debug logging code make daemon go into infinite loop when debugging is enabled and DNS is misconfigured. Consequence: XDMCP doesn't work, or works sporadically when debug mode is enabled. debug code prints NULL instead of remote server host in failure scenarios. Fix: change debug code to not call itself and to not nullify/leak hostname. Result: daemon doesn't lock up anymore and prints more intelligible error messages.
 Story Points: ---
Clone Of:
: 1286631 (view as bug list) Environment:
Last Closed: 2014-10-14 08:20:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1286631    

Description Ben Stanley 2013-11-14 04:09:37 UTC 
Description of problem:
gdm-binary does not respond to QUERY or connection requests when reverse host lookup is misconfigured, and also when DNS is misconfigured. Error messages are not helpful.

Version-Release number of selected component (if applicable):
2.30.4-33.el6_2

How reproducible:
Always

Steps to Reproduce:
1. Install a clean system, hostname "test-gdm". Include GNOME Desktop.
2. Turn off SELinux
Edit /etc/selinux/config
Change SELINUX=enforcing to SELINUX=disabled
reboot
verify:
getenforce
-> Disabled
3. Disable firewall
    service iptables stop
    chkconfig iptables off
verify:
    iptables -L
tables should be empty.
4. Enable XDMCP
Edit the file /etc/gdm/custom.conf
Insert line "Enabled=true" in the [xdmcp] section.
Insert line "Enabled=true" in the [debug] section - we will need it later.
5. Re-start XDMCP
    telinit 4
    telinit 5
(May need to fiddle with virtual terminals CTRL-ALT-F1 etc if working on the console)
6. Verify
Inspect /var/log/messages for GdmXdmcpDisplayFactory: Starting to listen on XDMCP port
7. Log packets on test-gdm machine (as root):
    tcpdump -i any "udp and port 177"
Leave this running in a window somewhere.
7. Connect:
From another machine:
    Xnest :1 -query test-gdm
Should display gdm login.
Also note the output of tcpdump indicates a two-way conversation.
8. Break it: destroy DNS configuration
Edit /etc/resolv.conf
Comment out whatever nameserver line is there
Insert a new nameserver line pointing to a non-existent machine
e.g
nameserver 192.168.200.200
7. Re-start XDMCP
    telinit 4
    telinit 5
8. Connect:
From another machine:
    Xnest :1 -query test-gdm
Shows only black screen
Also note the output of tcpdump indicates incoming packets only. There are no replies.

The log file displays
Nov 13 14:16:54 test-gdm gdm-binary[20376]: DEBUG(+): GdmXdmcpDisplayFactory: decode_packet: GIOCondition 1
Nov 13 14:16:54 test-gdm gdm-binary[20376]: DEBUG(+): Address family:2 (inet) hostname:(null) host:(null) port:(null) local:1 loopback:1
Nov 13 14:16:54 test-gdm gdm-binary[20376]: DEBUG(+): Address family:2 (inet) hostname:(null) host:(null) port:(null) local:0 loopback:0
Nov 13 14:17:04 test-gdm gdm-binary[20376]: WARNING: Unable to lookup hostname: Temporary failure in name resolution
Nov 13 14:17:04 test-gdm gdm-binary[20376]: DEBUG(+): Address family:2 (inet) hostname:(null) host:(null) port:(null) local:1 loopback:1
Nov 13 14:17:04 test-gdm gdm-binary[20376]: DEBUG(+): Address family:2 (inet) hostname:(null) host:(null) port:(null) local:0 loopback:0
Nov 13 14:17:14 test-gdm gdm-binary[20376]: WARNING: Unable to lookup hostname: Temporary failure in name resolution


The log output may be found in /var/log/messages
(or /var/log/gdm/gdm-binary for gdm 2.30.4-34)
The problem is that the name lookup fails, and reverse lookup also fails, and gdm gets caught in a recursive mess trying to look up the names for the debug messages.

Additional info:
There is a non-terminating mutually recursive set of functions in common/gdm-address.c . The recursion takes the following form:
lookup failure in gdm_address_get_hostname
     -> calls _gdm_address_debug
     -> calls gdm_address_is_local
     -> calls gdm_address_peek_local_list
     -> calls add_local_siocgifconf
     -> calls gdm_address_debug
     -> calls gdm_address_get_hostname

Even if the recursion is broken (the best place seems to be to remove gdm_address_debug call from add_local_siocgifconf), gdm-binary still fails to respond to XDMCP requests when the DNS is broken.

It would be helpful if the debug log indicated what lookup failed. The log includes lines like
Unable to lookup hostname: Temporary failure in name resolution
but these lines are then followed by non-informative nonsense. It would be better if the software printed what it did know (without failing or delaying further) in this case!

Related problems are found when the DNS is mis-configured for reverse lookups.
Comment 2 RHEL Program Management 2013-11-17 08:34:51 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 3 Ray Strode [halfline] 2014-04-03 13:12:42 UTC 
devack+
Comment 12 Marcel Wysocki 2014-07-22 12:22:22 UTC 
+1
Comment 19 errata-xmlrpc 2014-10-14 08:20:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1591.html