Bug 1418968 - chrony-helper should escape domain for SRV records
Summary: chrony-helper should escape domain for SRV records
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: chrony
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Lichvar
QA Contact: Karel Volný
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-03 10:07 UTC by Miroslav Lichvar
Modified: 2017-08-01 16:20 UTC (History)
2 users (show)

Fixed In Version: chrony-3.1-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1374767
Environment:
Last Closed: 2017-08-01 16:20:39 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1908 0 normal SHIPPED_LIVE chrony bug fix and enhancement update 2017-08-01 17:54:45 UTC

Description Miroslav Lichvar 2017-02-03 10:07:19 UTC
+++ This bug was initially created as a clone of Bug #1374767 +++

Description of problem:
'chrony-helper enable-dnssrv _ntp._udp.DOMAIN' enables instance of a timer 'chrony-dnssrv@DOMAIN.timer'. systemd requires for '-' character to be escaped in unit names. (There are few more escaping rules, but for characters which are not used in domain names).

Therefore lines like this:
#v+
set_dnssrv_timer() {
…
    local timer=$dnssrv_timer_prefix$name.timer
#v-

have to be written as

    local timer=$dnssrv_timer_prefix$(systemd-escape $name).timer

'systemd-escape' is a helper program, part of systemd suite.

Version-Release number of selected component (if applicable):
chrony-2.4-2.fc25.x86_64

Comment 2 Karel Volný 2017-03-08 16:54:14 UTC
is there some way to test this except for code review?

I see this is in local variable, so it cannot be queried, the only way would be to check whether systemctl enable/disable actions worked, but how do I know that it worked because of correct escaping or because some error tolerance?

- the original report doesn't mention any real world issue with that, and running the example

# /usr/libexec/chrony-helper enable-dnssrv _ntp._udp.DOMAIN

results in the same both with and without systemd-escape:

Created symlink from /etc/systemd/system/timers.target.wants/chrony-dnssrv@_ntp._udp.DOMAIN.timer to /usr/lib/systemd/system/chrony-dnssrv@.timer.

Comment 3 Miroslav Lichvar 2017-03-09 08:55:17 UTC
A domain with "-" should show make difference in the systemd unit name.

# /usr/libexec/chrony-helper enable-dnssrv _ntp._udp.a-b.example.com
Created symlink /etc/systemd/system/timers.target.wants/chrony-dnssrv@_ntp._udp.a\x2db.example.com.timer → /usr/lib/systemd/system/chrony-dnssrv@.timer.
# systemctl list-units | grep chrony-dnssrv
chrony-dnssrv@_ntp._udp.a\x2db.example.com.timer

Comment 5 errata-xmlrpc 2017-08-01 16:20:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1908


Note You need to log in before you can comment on or make changes to this bug.