Bug 1172578 – CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression)

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1172578 - CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression)

Summary:	CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression)

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	7.1
Hardware:	Unspecified Unspecified

Priority	medium Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	IPA Maintainers
QA Contact:	Namita Soman
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2014-12-10 07:05 EST by Petr Vobornik
Modified:	2015-03-05 05:18 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	ipa-4.1.0-12.el7
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-03-05 05:18:53 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0442	normal	SHIPPED_LIVE	Moderate: ipa security, bug fix, and enhancement update	2015-03-05 09:50:39 EST

Groups: None (edit)

Description Petr Vobornik 2014-12-10 07:05:12 EST

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/4789

Error is caused by extra whitespace, which is added by named/nsupdate in fingerprint part.

{{{
$ dig ipa.example.com. sshfp
...
;; ANSWER SECTION:
ipa.example.com. 1200	IN	SSHFP	1 2 37BF6366A44B67F6CA8FF8A8313B7C964CEA971CCB3E092D775FDF08 2170AAA4
ipa.example.com. 1200	IN	SSHFP	3 1 3651173F6737DF24EB6494434AC5968B3C90B749
ipa.example.com. 1200	IN	SSHFP	1 1 8FD003E98D818E4E2813672234410835AB5844AC
ipa.example.com. 1200	IN	SSHFP	3 2 97EF4030A9DD471A3D4730A819B3A662E11994BB20AFC56FC3875AB1 662260BF
....

$ ipa dnsrecord-show example.com. ipa
  Record name: ipa
  SSHFP record: 1 1 8FD003E98D818E4E2813672234410835AB5844AC, 3 1 3651173F6737DF24EB6494434AC5968B3C90B749
...

$ ipa dnsrecord-show example.com ipa --raw
  idnsname: ipa
  sshfprecord: 1 1 8FD003E98D818E4E2813672234410835AB5844AC
  sshfprecord: 1 2 37BF6366A44B67F6CA8FF8A8313B7C964CEA971CCB3E092D775FDF08 2170AAA4
  sshfprecord: 3 1 3651173F6737DF24EB6494434AC5968B3C90B749
  sshfprecord: 3 2 97EF4030A9DD471A3D4730A819B3A662E11994BB20AFC56FC3875AB1 662260BF
...

}}}

Comment 1 Petr Vobornik 2014-12-10 07:07:33 EST

Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4790

Comment 2 Jan Cholasta 2014-12-10 13:37:12 EST

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/b5ff0b941efad5170ff5fdda4ab05b9f1c7a2113
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/d229c4a1cc397cfe6adf661b6bcc8360a758248c

Comment 4 Namita Soman 2015-01-27 08:23:03 EST

Verified using:
ipa-server-4.1.0-16.el7.x86_64

Installed client (qe-blade-09.testrelm.test)

# dig qe-blade-09.testrelm.test. sshfp
<..snip..>
;; ANSWER SECTION:
qe-blade-09.testrelm.test. 1200	IN	SSHFP	1 1 3708EC9B40C0ACDF5C6F6ADA5B318E5DBBED6FA4
qe-blade-09.testrelm.test. 1200	IN	SSHFP	3 2 F4CD5D3A35AF65BE8097BC9B423AEFFC1FEAAE470214F7B1D235C90B E6F7CD37
qe-blade-09.testrelm.test. 1200	IN	SSHFP	3 1 107636A8578166B4E6885ECD79C26D6465BF2BE9
qe-blade-09.testrelm.test. 1200	IN	SSHFP	1 2 A4C32A6CEBCA47D1E05BE5CC091617FBCA33ECBF530B1F64FA96BAC3 A585DED0
<..snip..>


# ipa dnsrecord-show testrelm.test  qe-blade-09 --all 
  dn: idnsName=qe-blade-09,idnsname=testrelm.test.,cn=dns,dc=testrelm,dc=test
  Record name: qe-blade-09
  Time to live: 1200
  A record: 10.16.76.40
  SSHFP record: 1 1 3708EC9B40C0ACDF5C6F6ADA5B318E5DBBED6FA4, 3 1 107636A8578166B4E6885ECD79C26D6465BF2BE9, 1 2 A4C32A6CEBCA47D1E05BE5CC091617FBCA33ECBF530B1F64FA96BAC3 A585DED0, 3 2
                F4CD5D3A35AF65BE8097BC9B423AEFFC1FEAAE470214F7B1D235C90B E6F7CD37
  objectclass: top, idnsRecord



# ipa dnsrecord-show testrelm.test  qe-blade-09 --all --raw
  dn: idnsName=qe-blade-09,idnsname=testrelm.test.,cn=dns,dc=testrelm,dc=test
  idnsname: qe-blade-09
  arecord: 10.16.76.40
  sshfprecord: 1 1 3708EC9B40C0ACDF5C6F6ADA5B318E5DBBED6FA4
  sshfprecord: 1 2 A4C32A6CEBCA47D1E05BE5CC091617FBCA33ECBF530B1F64FA96BAC3 A585DED0
  sshfprecord: 3 1 107636A8578166B4E6885ECD79C26D6465BF2BE9
  sshfprecord: 3 2 F4CD5D3A35AF65BE8097BC9B423AEFFC1FEAAE470214F7B1D235C90B E6F7CD37
  dNSTTL: 1200
  objectClass: idnsRecord
  objectClass: top

Comment 6 errata-xmlrpc 2015-03-05 05:18:53 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html

Note You need to log in before you can comment on or make changes to this bug.