#639000 NIS domain name handling erroneous in case NIS domain name contains special characters

Package:
isc-dhcp-client
Source:
isc-dhcp
Description:
DHCP client for automatically obtaining an IP address
Submitter:
Michael Fladerer
Date:
2011-09-15 13:13:06 UTC
Severity:
normal
#639000#5
Date:
2011-08-23 14:46:50 UTC
From:
To:
Hi.

When installing Debian Squeeze on amd64-based clients in a NIS
environment, where the NIS domain name is supplied as DHCP option
nis-domain "Some_NIS_Domain+01" (containing the special character '+')
setting the additional class NIS through

<code>
#!/bin/sh
# add NIS if YPDOMAIN is defined
if [ -n "$YPDOMAIN" ];then
   echo "NIS $YPDOMAIN" | tr '.a-z-' '_A-Z_'
fi
</code>

fails without further notification.

Changing the plus sign in the NIS domain name to minus or underscore
setting the NIS domain on the install client works just fine.

As a workaround, one can explicitly define the NIS class for each
client, but that's redundant as the information is already
supplied through dhcp and and also a little anoying.

Exactly the same scenario described above used to work for both, Etch
and Lenny installations, using something like 'Some_NIS_Domain+01' as
NIS domain name.

I tested this with 3.4.7 from the official Squeeze tree and with 3.4.8
from fai-project "koeln" repository for Squeeze, but the result was the
same.

Please contact me if you need any further information.

Best regards,
 Michael

#639000#10
Date:
2011-09-01 10:48:35 UTC
From:
To:
Hi Michael,
[...]

May I ask you for the following further information?

- Is it correct that the above code is executed as part of some script in
  class/? What is the name of that script?
- What exactly do you refer to as "fails" - is it that the resulting classes do
  not contain "NIS" (and neither do they contain "$YPDOMAIN")?
- Did you try to add debugging information like echo'ing "my XXYPDOMAIN:
  XX$YPDOMAIN" (which might in your case result in XX only, if $YPDOMAIN turns
  out to be empty)?
- What is the contents of boot.log on your client?

Greeting to Darmstadt,
Thanks a lot,
Michael

#639000#15
Date:
2011-09-01 17:43:25 UTC
From:
To:
Hi Michael,

thanks for looking into this!

Yes, that's right.  The script is $FAI_CONFIGDIR/class/60-nis with
permissions 755.

Exactly.
with "XX" in the resulting classes list.  So $YPDOMAIN obviously remains
unset (or empty?).

Here's the snippet from fai.log:
<...>
/usr/bin/fai-class: File 60-nis found.
Executing /var/lib/fai/config/class/60-nis.
60-nis               OK.
/usr/bin/fai-class: Adding class XX
<...>
The boot.log file on the client contains the following lines:

netdevices_all="eth0"
netdevices_up="eth0"
netdevices="eth0"
BROADCAST='192.168.0.255'
DOMAIN='my.network.domain'
DNSSRVS='192.168.0.11 192.168.0.12 192.168.0.13'
DNSSRVS_1='192.168.0.11'
DNSSRVS_2='192.168.0.12'
DNSSRVS_3='192.168.0.13'
HOSTNAME='demo0'
IPADDR='192.168.0.101'
NETWORK='192.168.0.0'
YPSRVR='192.168.0.2'
YPSRVR_1='192.168.0.2'
NTPSRVS='192.168.0.2'
NTPSRVS_1='192.168.0.2'
GATEWAYS='192.168.0.1'
GATEWAYS_1='192.168.0.1'
SERVER='192.168.0.10'
NETMASK='255.255.255.0'

All the above variables are correct, but the variable

YPDOMAIN='my-nis-domain+01'

is missing, although it's supllied by the DHCP server.

Here's the config line from dhcpd.conf:

option nis-domain "my-nis-domain+01";

When I replace the plus sign by a minus sign, so that the NIS domain
name is "my-nis-domain-01", and doing a faireboot on the install
client, then

1) the NIS domain gets properly set during the installation sequence and
2) the boot.log additionally contains the line

YPDOMAIN='my-nis-domain-01'

and the resulting classes do contain "NIS MY_NIS_DOMAIN_01".

Here's the relevant snippet from fai.log for this case:
<...>
/usr/bin/fai-class: File 60-nis found.
Executing /var/lib/fai/config/class/60-nis.
60-nis               OK.
/usr/bin/fai-class: Adding class NIS MY_NIS_DOMAIN_01
<...>

So the script generally works, if YPDOMAIN finds it's way into boot.log.

I'm not absolutely sure about if this bug should be filed against
fai-nfsroot package, but as far as I tried to debug this, I came across
/usr/share/fai/dhclient-fai-script which is provided as script file to
dhlclient (with -sf option) and simply executes 'perl
/usr/lib/fai/dhclient-perl'.  I filed this bug against fai-nfsroot,
because both those files are part of this package.

Regards,
 Michael

#639000#20
Date:
2011-09-02 12:42:57 UTC
From:
To:
Hi again,

Sorry for taking another day to respond.

[...]

Please don't worry about the exact package, but your assessment about this perl
script being executed is fully correct. May I ask you to add additional debug
output in

<YOUR NFSROOT>/usr/lib/fai/dhclient-perl

via simple

print "# some output\n"

statements? All of this should end up as comments in boot.log. I believe that
the key point must be the test in line 65 ("if ($ENV{$dhcpname}) ..."), which
should evaluate to true in case your NIS domain doesn't contain a "+", but
evaluates to false otherwise. You might also want to print the entire contents
of the %ENV hash at this point.

Thanks a lot,
Michael

#639000#25
Date:
2011-09-02 17:39:52 UTC
From:
To:
Hi,

On Fri Sep 02, 2011 at 13:42:57 +0100, Michael Tautschnig wrote:
[...]

ok, I added some print statements to dhclient-perl, just as you
suggested.  Unfortunately, it now prints most of the information
multiple times.

Anyway, I attached the boot.log for both cases
(nis-domain "my-NIS-Domain+01" -> nis_domain_with_plus_-_boot.log and
nis-domain "my-NIS-Domain-01" -> nis_domain_with_minus_-_boot.log).

I also attached my version of dhclient-perl as a reference on how the
boot.log files were created.
It indeed looks very much like the problem occurs during the evaluation
of $ENV{$dhcpname}.  I already tried to "escape" this part, like
"$ENV{$dhcpname}" and \Q$ENV{$dhcpname}\E, but neither worked.  It even
lead to a nearly empty boot.log file, which just contained the three
"netdevices" lines.

Any ideas?

Have a nice weekend!

Cheers,
 Michael

#639000#30
Date:
2011-09-02 19:25:37 UTC
From:
To:
Hi,

[...]
[...]

Hmm, it seems that dhclient doesn't even export new_nis_domain in the "plus"
case! (Check the diff of your two log files, new_nis_domain doesn't occur as
"envkey" in the "plus" case.)

Now either dhclient refuses to export the variable in this case, or it isn't
even transferred to the client. Could you use wireshark to sniff the packets
transmitted to the client? IMHO this is a problem with the dhcp client (BTW:
which package exactly are you using to supply dhclient?).

Best,
Michael

#639000#35
Date:
2011-09-02 20:40:19 UTC
From:
To:
Hi,

On Fri Sep 02, 2011 at 20:25:37 +0100, Michael Tautschnig wrote:
[...]

right, that's why I expect the cause to be in the dhclient-perl script.

Yeah, I already did that when I started investigating and before I filed
this bugreport and I just captured a tcpdump again.  The NIS domain name
gets transfered correctly, so I think it must be on the client-side.

Regards,
 Michael

#639000#40
Date:
2011-09-02 23:10:31 UTC
From:
To:
[...]

Hmm, no, I don't think this script is to blame. As $new_nis_domain is unset in
the environment, there isn't much that dhclient-perl could do about it. I'm
afraid this is a problem in dhclient itself. Could you please let me know which
package ships your version of dhclient (do chroot into NFSROOT and dpkg -S
/sbin/dhclient) and which architecture you are using? I'd then provide a
modified binary that has debugging output; obviously you can also do so yourself
if you feel like C hacking.

Best,
Michael

#639000#45
Date:
2011-09-05 13:53:27 UTC
From:
To:
Sorry for the delayed answer.

It's the latest 'isc-dhcp-client' version 4.1.1-P1-15+squeeze3 from
Squeeze (6.0.2) on AMD64.  I guess it's not sufficient to just install
isc-dhcp-client-dbg and gdb into the NFSROOT and modify the call of
dhclient somewhere.

Unfortunately, I'm not a great C hacker.  It's probably the best if
you'd provide the modified binary, so that we can focus on the problem,
not on implementation errors I probably would inject.

Thanks a lot!

Greetings,
 Michael

#639000#50
Date:
2011-09-05 14:33:30 UTC
From:
To:
IMO this is not a bug of FAI.

The FAI scripts calls following command in get-boot-info
    dhclient -lf /dev/null -cf /usr/share/fai/dhclient-fai.conf -sf /usr/share/fai/dhclient-fai-script $netdevices >>$bootlog 2> $LOGDIR/dhclient.log


I changed the dhclient-fai-script to a simple shell (/tmp/x) script which does
#! /bin/bash
printenv


If I now call
    # dhclient -lf /dev/null -cf /usr/share/fai/dhclient-fai.conf -sf /tmp/x eth0
on a test machine, and set the nis domain name to something containing a
plus (+), no nis variable is defined.

Without a plus I get this:
# dhclient -lf /dev/null -cf /usr/share/fai/dhclient-fai.conf -sf /tmp/x eth0|grep nis
new_nis_domain=some_nis_domain01


This proves, that it's a bug of dhclient (or the dhcpd server), but
not a problem of the dhcp related FAI scripts.

Please reassign this bug if you agree with me.


P.S.: Did anyone checked if a plus sign is allowed in nis domain
names?

#639000#53
Date:
2011-09-05 14:33:30 UTC
From:
To:
IMO this is not a bug of FAI.

The FAI scripts calls following command in get-boot-info
    dhclient -lf /dev/null -cf /usr/share/fai/dhclient-fai.conf -sf /usr/share/fai/dhclient-fai-script $netdevices >>$bootlog 2> $LOGDIR/dhclient.log


I changed the dhclient-fai-script to a simple shell (/tmp/x) script which does
#! /bin/bash
printenv


If I now call
    # dhclient -lf /dev/null -cf /usr/share/fai/dhclient-fai.conf -sf /tmp/x eth0
on a test machine, and set the nis domain name to something containing a
plus (+), no nis variable is defined.

Without a plus I get this:
# dhclient -lf /dev/null -cf /usr/share/fai/dhclient-fai.conf -sf /tmp/x eth0|grep nis
new_nis_domain=some_nis_domain01


This proves, that it's a bug of dhclient (or the dhcpd server), but
not a problem of the dhcp related FAI scripts.

Please reassign this bug if you agree with me.


P.S.: Did anyone checked if a plus sign is allowed in nis domain
names?

#639000#58
Date:
2011-09-05 15:33:07 UTC
From:
To:
Yes, I agree, the bug must be somewhere in dhcp.  Probably in the client
part, as the client-pc always received the nis-domain option in my case.
Even if it cotained a plus sign.

I'll reassing the bug to isc-dhcp-client.
Yes, I did, AFAICT it's OK.  As a matter of fact, I used exactly the
same nis domain name for more than 8 years, even in a heterogenous
(Linux - SunOS environment).  OK, this doesn't really prove, that it's
a valid character, but at least it didn't cause any problems until now.

dhcp-options(5) says:

       option nis-domain text;

         This  option  specifies  the  name  of  the client's NIS (Sun Network
         Information Services) domain.  The domain is formatted as a character
         string consisting of characters from the NVT ASCII character set.


As I understood RFC 854 - Telnet Protocol Specification, it is standard
7-bit USASCII (within an 8-bit field = a byte).  So, I would expect the
plus sign to be a valid character within a nis domain name.  Please
correct me, if I'm wrong.

Thanks,
 Michael

#639000#63
Date:
2011-09-05 15:33:07 UTC
From:
To:
Yes, I agree, the bug must be somewhere in dhcp.  Probably in the client
part, as the client-pc always received the nis-domain option in my case.
Even if it cotained a plus sign.

I'll reassing the bug to isc-dhcp-client.
Yes, I did, AFAICT it's OK.  As a matter of fact, I used exactly the
same nis domain name for more than 8 years, even in a heterogenous
(Linux - SunOS environment).  OK, this doesn't really prove, that it's
a valid character, but at least it didn't cause any problems until now.

dhcp-options(5) says:

       option nis-domain text;

         This  option  specifies  the  name  of  the client's NIS (Sun Network
         Information Services) domain.  The domain is formatted as a character
         string consisting of characters from the NVT ASCII character set.


As I understood RFC 854 - Telnet Protocol Specification, it is standard
7-bit USASCII (within an 8-bit field = a byte).  So, I would expect the
plus sign to be a valid character within a nis domain name.  Please
correct me, if I'm wrong.

Thanks,
 Michael

#639000#66
Date:
2011-09-05 15:33:07 UTC
From:
To:
Yes, I agree, the bug must be somewhere in dhcp.  Probably in the client
part, as the client-pc always received the nis-domain option in my case.
Even if it cotained a plus sign.

I'll reassing the bug to isc-dhcp-client.
Yes, I did, AFAICT it's OK.  As a matter of fact, I used exactly the
same nis domain name for more than 8 years, even in a heterogenous
(Linux - SunOS environment).  OK, this doesn't really prove, that it's
a valid character, but at least it didn't cause any problems until now.

dhcp-options(5) says:

       option nis-domain text;

         This  option  specifies  the  name  of  the client's NIS (Sun Network
         Information Services) domain.  The domain is formatted as a character
         string consisting of characters from the NVT ASCII character set.


As I understood RFC 854 - Telnet Protocol Specification, it is standard
7-bit USASCII (within an 8-bit field = a byte).  So, I would expect the
plus sign to be a valid character within a nis domain name.  Please
correct me, if I'm wrong.

Thanks,
 Michael

#639000#75
Date:
2011-09-08 12:03:12 UTC
From:
To:
Hi Michael,

[...]
[...]

Hmm, actually that might do. It would be all about break'ing on client_envadd to
inspect what dhclient tries to add to the script's environment.

Would you be comfortable with/able to provide me with remote access to one of
your install clients? If yes, feel free to contact me in private.

Best,
Michael

#639000#80
Date:
2011-09-08 12:07:56 UTC
From:
To:
Hi Michael,

[...]
[...]

Hmm, actually that might do. It would be all about break'ing on client_envadd to
inspect what dhclient tries to add to the script's environment.

Would you be comfortable with/able to provide me with remote access to one of
your install clients? If yes, feel free to contact me in private.

Best,
Michael