Bug 745698 - --forwarder option of ipa-dns-install allows invalid IP address.
Summary: --forwarder option of ipa-dns-install allows invalid IP address.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.2
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks: 748554
TreeView+ depends on / blocked
 
Reported: 2011-10-13 06:09 UTC by Gowrishankar Rajaiyan
Modified: 2011-12-06 18:42 UTC (History)
2 users (show)

Fixed In Version: ipa-2.1.3-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: IPA install tools accept invalid IP addresses in their --forwarder or --ip-address parameter Consequence: installation will crash later, for example because of invalid name server configuration Fix: All IP addresses passed to ipa-server-install, ipa-replica-install and ipa-dns-install are checked for validity Result: IPA installation won't crash because of invalid IP address
Clone Of:
Environment:
Last Closed: 2011-12-06 18:42:51 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1533 normal SHIPPED_LIVE Moderate: ipa security and bug fix update 2011-12-06 01:23:31 UTC

Description Gowrishankar Rajaiyan 2011-10-13 06:09:54 UTC
Description of problem:
As part of negative testing, I provided an invalid ip address to "--forwarder" option while executing "ipa-dns-install".

Version-Release number of selected component (if applicable):
ipa-server-2.1.2-2.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Install IPA Server Master with all default options, do not install with --setup-dns
2. ipa-dns-install --forwarder=1.1.1

  
Actual results:  setup of DNS for the IPA Server is successful. 


Expected results:
ipa-dns-install: error: option --forwarder: invalid IP address 1.1.1: No network interface matches the provided IP address and netmask

Additional info:
We can see this behaviour with "--ip-address" option:

[root@bumblebee ~]# ipa-dns-install --ip-address=1.1.1
Usage: ipa-dns-install [options]

ipa-dns-install: error: option --ip-address: invalid IP address 1.1.1: No network interface matches the provided IP address and netmask
[root@bumblebee ~]#

Comment 2 Martin Kosek 2011-10-13 06:48:16 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1965

Comment 3 Martin Kosek 2011-10-13 13:59:29 UTC
Fixed upstream:

master: f7a9da8b3fb7da7a479e54ba4932fd07775d9a4e
ipa-2-1: c876461e10d57b49b3a692655c449dfbb125af17

Comment 6 Gowrishankar Rajaiyan 2011-10-19 11:28:37 UTC
[root@sideswipe ~]# ipa-dns-install --forwarder=1.1.1
Usage: ipa-dns-install [options]

ipa-dns-install: error: option --forwarder: invalid IP address 1.1.1: failed to detect a valid IP address from '1.1.1'
[root@sideswipe ~]# 


Verified in version: ipa-server-2.1.3-2.el6.x86_64

Comment 7 Martin Kosek 2011-10-31 18:42:46 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: IPA install tools accept invalid IP addresses in their --forwarder or --ip-address parameter
Consequence: installation will crash later, for example because of invalid name server configuration
Fix: All IP addresses passed to ipa-server-install, ipa-replica-install and ipa-dns-install are checked for validity
Result: IPA installation won't crash because of invalid IP address

Comment 8 errata-xmlrpc 2011-12-06 18:42:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html


Note You need to log in before you can comment on or make changes to this bug.