Hide Forgot
Description of problem: When IPA dyndns update is used to update an AAAA records with an address detected from the LDAP socket, the address is truncated. The getsockname call still passes, so the user does not see any error except for the wrong IP address in DNS. The root cause is that getsockname call uses struct sockaddr that is not big enough to hold v6 address. We should use sockaddr_storage. Version-Release number of selected component (if applicable): sssd-1.5.1-34.el6_1.2 How reproducible: Every time Steps to Reproduce: 1. Enroll an IPA client 2. In sssd.conf, set ipa_dyndns_update = True 3. In sssd.conf, set ipa_dyndns_iface = eth0 (or another appropriate interface) Actual results: An incorrect IPv6 address will be updated into the DNS server for the AAAA record. Expected results: The correct IPv6 address is stored in the AAAA record. Additional info: Fixed upstream: https://fedorahosted.org/sssd/ticket/915
# ifconfig eth0 Link encap:Ethernet HWaddr 52:54:00:A6:0E:C8 inet6 addr: 2620:52:0:41c9:5054:ff:fea6:ec8/64 Scope:Global inet6 addr: fe80::5054:ff:fea6:ec8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:863751 errors:0 dropped:0 overruns:0 frame:0 TX packets:53833 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:233203133 (222.3 MiB) TX bytes:17569208 (16.7 MiB) [domain/lab.eng.pnq.redhat.com] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = lab.eng.pnq.redhat.com id_provider = ipa auth_provider = ipa access_provider = permit ipa_hostname = ratchet.lab.eng.pnq.redhat.com chpass_provider = ipa ipa_server = _srv_, jetfire.lab.eng.pnq.redhat.com ldap_tls_cacert = /etc/ipa/ca.crt debug_level = 9 ipa_dyndns_update = True ipa_dyndns_iface = eth0 # ipa dnsrecord-find lab.eng.pnq.redhat.com Record name: @ NS record: jetfire.lab.eng.pnq.redhat.com. Record name: _kerberos TXT record: LAB.ENG.PNQ.REDHAT.COM Record name: _kerberos-master._tcp SRV record: 0 100 88 jetfire Record name: _kerberos-master._udp SRV record: 0 100 88 jetfire Record name: _kerberos._tcp SRV record: 0 100 88 jetfire Record name: _kerberos._udp SRV record: 0 100 88 jetfire Record name: _kpasswd._tcp SRV record: 0 100 464 jetfire Record name: _kpasswd._udp SRV record: 0 100 464 jetfire Record name: _ldap._tcp SRV record: 0 100 389 jetfire Record name: _ntp._udp SRV record: 0 100 123 jetfire Record name: jetfire AAAA record: 2620:52:0:41c9:5054:ff:fea8:b669 ----------------------------- Number of entries returned 11 ----------------------------- # ssh -l shanks $HOSTNAME shanks.eng.pnq.redhat.com's password: Password expired. Change your password now. ca issue with dual entries in /etc/hosts WARNING: Your password has expired. You must change your password now and login again! Changing password for user shanks. Current Password: New password: Retype new password: passwd: all authentication tokens updated successfully. Connection to ratchet.lab.eng.pnq.redhat.com closed. [root@jetfire ~]# ipa dnsrecord-find lab.eng.pnq.redhat.com Record name: @ NS record: jetfire.lab.eng.pnq.redhat.com. Record name: _kerberos TXT record: LAB.ENG.PNQ.REDHAT.COM Record name: _kerberos-master._tcp SRV record: 0 100 88 jetfire Record name: _kerberos-master._udp SRV record: 0 100 88 jetfire Record name: _kerberos._tcp SRV record: 0 100 88 jetfire Record name: _kerberos._udp SRV record: 0 100 88 jetfire Record name: _kpasswd._tcp SRV record: 0 100 464 jetfire Record name: _kpasswd._udp SRV record: 0 100 464 jetfire Record name: _ldap._tcp SRV record: 0 100 389 jetfire Record name: _ntp._udp SRV record: 0 100 123 jetfire Record name: jetfire AAAA record: 2620:52:0:41c9:5054:ff:fea8:b669 Record name: ratchet AAAA record: fe80::5054:ff:fea6:ec8, 2620:52:0:41c9:5054:ff:fea6:ec8 ----------------------------- Number of entries returned 12 ----------------------------- [root@ratchet ~]# nslookup -type=AAAA ratchet.lab.eng.pnq.redhat.com Server: 2620:52:0:41c9:5054:ff:fea8:b669 Address: 2620:52:0:41c9:5054:ff:fea8:b669#53 ratchet.lab.eng.pnq.redhat.com has AAAA address fe80::5054:ff:fea6:ec8 ratchet.lab.eng.pnq.redhat.com has AAAA address 2620:52:0:41c9:5054:ff:fea6:ec8 Verified. # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 53.el6 Build Date: Fri 30 Sep 2011 10:10:28 AM EDT Install Date: Mon 03 Oct 2011 08:54:42 AM EDT Build Host: hs20-bc2-3.build.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-53.el6.src.rpm Size : 3551489 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: The buffer used by the dynamic DNS update code was not big enough to contain IPv6 addresses Consequence: Only part of the address was written into DNS, mangling the records Fix: A larger buffer that is able to contain all address families is used Result: dynamic DNS updates work correctly in an IPv6 environment
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1529.html