Bug 1009914

Summary: Filter out inappropriate multicast and subnet broadcast addresses from dynamic DNS update
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED DUPLICATE QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: abokovoy, error, grajaiya, jgalipea, jhrozek, ksiddiqu, lslebodn, mkosek, nsoman, pbrezina, pspacek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.11.1-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 990143 Environment:
Last Closed: 2014-03-20 14:43:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 909430, 990143    
Bug Blocks:    

Description Dmitri Pal 2013-09-19 13:32:56 UTC 
+++ This bug was initially created as a clone of Bug #990143 +++

+++ This bug was initially created as a clone of Bug #909430 +++

Description of problem:

Multicast and subnet broadcast addresses are not being filtered out from IPA dynamic dns update While this works for loopback/link-local addresses.

Version-Release number of selected component (if applicable):
[root@rhel64client1 ~]# rpm -q sssd
sssd-1.9.2-82.el6.x86_64
[root@rhel64client1 ~]#

How reproducible:
Always.

Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=790105

--- Additional comment from RHEL Product and Program Management on 2013-02-08 13:13:44 EST ---

Since this bug report was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from Jakub Hrozek on 2013-02-08 13:34:36 EST ---

The broadcast addresses might be hard/not needed except for 255.255.255.255 which is already handled, but I have a patch for the multicast part.

--- Additional comment from Jakub Hrozek on 2013-02-08 13:37:17 EST ---

Upstream ticket:
https://fedorahosted.org/sssd/ticket/1804

--- Additional comment from Jakub Hrozek on 2013-02-25 08:51:33 EST ---

The upstream ticket was proposed for 1.10 so I moved the RHEL bug to RHEL7.

--- Additional comment from RHEL Product and Program Management on 2013-02-25 08:57:10 EST ---

Since this bug report was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from Jakub Hrozek on 2013-03-26 14:14:00 EDT ---

Fixed upstream.

--- Additional comment from Michael Hampton on 2013-07-30 02:51:57 EDT ---

Any chance of getting this bugfix in EL6? This is causing dynamic DNS address updates for RFC1918 A records to randomly fail.

--- Additional comment from Alexander Bokovoy on 2013-07-30 02:58:24 EDT ---

We really need this in RHEL 6. IN_MULTICAST(addr) is not the same as IN_MULTICAST(ntohl(addr)) on Intel architecture.As result of wrong byte order many innocent addresses are filtered out.

--- Additional comment from Petr Spacek on 2013-07-30 07:52:37 EDT ---

AFAIK it doesn't make much sense to filter IPv4 multicast addresses, because they are not considered valid *source* addresses. Multicast address is valid only as *destination* address, so no multicast address should ever appear on the IPv4 interface.

--- Additional comment from RHEL Product and Program Management on 2013-07-30 09:42:42 EDT ---

Since this bug report was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from Jakub Hrozek on 2013-08-29 08:00:28 EDT ---

Currently targeting 6.6

--- Additional comment from Jakub Hrozek on 2013-09-19 06:07:18 EDT ---

Upstream ticket:
https://fedorahosted.org/sssd/ticket/2087
Comment 1 Jakub Hrozek 2013-09-24 13:13:16 UTC 
Fixed upstream:
    master: 6982b488e03b8e29e186f0c54cf5f80438cceadd
    sssd-1-11: a9b2c8fb47fc334c7ba9b229cde18d168059c096
Comment 2 Jakub Hrozek 2013-09-25 23:28:47 UTC 
Steps to Reproduce:
1. In LDAP, fill a user entry with a "sudoHost" attribute with a subnet: "192.168.101.0/24"
2. On a fresh Fedora 19 machine which is in the subnet "192.168.101.0/24", and which has NetworkManager service installed, the user tries to execute the command "sudo -l"

Actual results:
"User xxxx is not allowed to run sudo on machine"

Expected results:
The user is allowed to run sudo on the machine
Comment 4 Jakub Hrozek 2013-10-04 13:24:21 UTC 
Temporarily moving bugs to MODIFIED to work around errata tool bug
Comment 6 Jakub Hrozek 2014-03-20 14:43:42 UTC 
As discussed on the SSSD meeting today, this bugzilla is actually a duplicate of #909430

*** This bug has been marked as a duplicate of bug 909430 ***