Bug 743253
Summary: | duplicate hostgroup and netgroup | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jenny Severance <jgalipea> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
Severity: | medium | Docs Contact: | |
Priority: | urgent | ||
Version: | 6.1 | CC: | dpal, grajaiya, jgalipea, mkosek, nsoman, sigbjorn |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-2.1.3-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Due to compatibility with NIS when a hostgroup is added, a netgroup with the same name is added. However, when the hostgroup is created, it is not checked if there is not a netgroup with the same name already which may have been added separately (without a hostgroup).
Consequence: Hostgroup is created but the netgroup cannot be added and user is not notified about this event. This can lead to unexpected and surprising behavior.
Fix: When a hostgroup is added, IPA server checks first if the netgroup name is free and refuses to add hostgroup otherwise
Result: New hostgroups cannot get into conflict with existing netgroups.
|
Story Points: | --- |
Clone Of: | 743071 | Environment: | |
Last Closed: | 2011-12-06 18:41:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 743071 | ||
Bug Blocks: | 748554 |
Description
Jenny Severance
2011-10-04 11:38:05 UTC
additional information : # ipa hostgroup-find ipa: ERROR: The search criteria was not specific enough. Expected 1 and found 2. # ipa netgroup-del test ipa: ERROR: The search criteria was not specific enough. Expected 1 and found 2. Fixed upstream: master: a85bb7fa9e5a03b391d684e2850bfe4663f94e21 ipa-2-1: 92dbd68677b3166ebb8897c5fac7d6a142226ac1 This fix is causing a regression : :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-hostgroup-cli-23: Add duplicate host group :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Executing: ipa hostgroup-add --desc=test hostgrp1 :: [ LOG ] :: "ipa hostgroup-add --desc=test hostgrp1" failed as expected. :: [ LOG ] :: ERROR: Message not as expected. GOT: ipa: ERROR: netgroup with name hostgrp1 already exists EXP: ipa: ERROR: host group with name hostgrp1 already exists :: [ FAIL ] :: Verify expected error message. (Expected 0, got 1) :: [ LOG ] :: Duration: 6s :: [ LOG ] :: Assertions: 0 good, 1 bad :: [ FAIL ] :: RESULT: ipa-hostgroup-cli-23: Add duplicate host group Should be checking to see if a duplicate hostgroup exists first and then check for a netgroup - only if Netgroup Plugin is enabled. version tested : ipa-server-2.1.2-100.20111014T0057zgit16fc9f8.el6.x86_64 Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/99d938152fbef41f2d48d4088e5ba39bc820e9de ipa-2-1: https://fedorahosted.org/freeipa/changeset/5a3268fc7d731232844eb9391be722db2179f24c Just a note: The netgroup/hostgroup collision checks are run in all cases, we don't test if netgroup plugin is enabled/disabled. This is a precausion. If user enables the plugin again, he would get into trouble if he had colliding hostgroups/netgroups. We wanted to play on the safe side here. Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: Due to compatibility with NIS when a hostgroup is added, a netgroup with the same name is added. However, when the hostgroup is created, it is not checked if there is not a netgroup with the same name already which may have been added separately (without a hostgroup). Consequence: Hostgroup is created but the netgroup cannot be added and user is not notified about this event. This can lead to unexpected and surprising behavior. Fix: When a hostgroup is added, IPA server checks first if the netgroup name is free and refuses to add hostgroup otherwise Result: New hostgroups cannot get into conflict with existing netgroups. [root@decepticons ~]# ipa netgroup-add test Description: test --------------------- Added netgroup "test" --------------------- Netgroup name: test Description: test NIS domain name: lab.eng.pnq.redhat.com IPA unique ID: c6354608-05dc-11e1-90bc-525400f56e2e [root@decepticons ~]# ipa hostgroup-add test Description: test ipa: ERROR: netgroup with name "test" already exists. Hostgroups and netgroups share a common namespace [root@decepticons ~]# [root@decepticons ~]# ipa hostgroup-add test2 Description: test2 ----------------------- Added hostgroup "test2" ----------------------- Host-group: test2 Description: test2 [root@decepticons ~]# ipa netgroup-add test2 Description: test2 ipa: ERROR: netgroup with name "test2" already exists [root@decepticons ~]# WebUI works as expected and regression failure as in comment #5 not detected: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-hostgroup-cli-23: Add duplicate host group :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [14:58:13] :: Executing: ipa hostgroup-add --desc=test hostgrp1 ipa: ERROR: host group with name "hostgrp1" already exists :: [14:58:14] :: "ipa hostgroup-add --desc=test hostgrp1" failed as expected. :: [14:58:16] :: Error message as expected: ipa: ERROR: host group with name hostgrp1 already exists :: [ PASS ] :: Verify expected error message. 'a3e07589-5cac-469f-981d-797db909df4a' ipa-hostgroup-cli-23 result: PASS metric: 0 Log: /tmp/beakerlib-3401817/journal.txt Info: Searching AVC errors produced since 1319741893.51 (Thu Oct 27 14:58:13 2011) Searching logs... Info: No AVC messages found. Writing to /mnt/testarea/tmp.AQhtw9 : AvcLog: /mnt/testarea/tmp.AQhtw9 Verified in version: [root@decepticons ~]# rpm -qi ipa-server | head Name : ipa-server Relocations: (not relocatable) Version : 2.1.3 Vendor: Red Hat, Inc. Release : 8.el6 Build Date: Wed 02 Nov 2011 03:21:27 AM IST Install Date: Thu 03 Nov 2011 10:13:53 AM IST Build Host: x86-012.build.bos.redhat.com Group : System Environment/Base Source RPM: ipa-2.1.3-8.el6.src.rpm Size : 3381421 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.freeipa.org/ Summary : The IPA authentication server [root@decepticons ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html |