+++ This bug was initially created as a clone of Bug #990143 +++
+++ This bug was initially created as a clone of Bug #909430 +++
Description of problem:
Multicast and subnet broadcast addresses are not being filtered out from IPA dynamic dns update While this works for loopback/link-local addresses.
Version-Release number of selected component (if applicable):
[root@rhel64client1 ~]# rpm -q sssd
sssd-1.9.2-82.el6.x86_64
[root@rhel64client1 ~]#
How reproducible:
Always.
Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=790105
--- Additional comment from RHEL Product and Program Management on 2013-02-08 13:13:44 EST ---
Since this bug report was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
--- Additional comment from Jakub Hrozek on 2013-02-08 13:34:36 EST ---
The broadcast addresses might be hard/not needed except for 255.255.255.255 which is already handled, but I have a patch for the multicast part.
--- Additional comment from Jakub Hrozek on 2013-02-08 13:37:17 EST ---
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1804
--- Additional comment from Jakub Hrozek on 2013-02-25 08:51:33 EST ---
The upstream ticket was proposed for 1.10 so I moved the RHEL bug to RHEL7.
--- Additional comment from RHEL Product and Program Management on 2013-02-25 08:57:10 EST ---
Since this bug report was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
--- Additional comment from Jakub Hrozek on 2013-03-26 14:14:00 EDT ---
Fixed upstream.
--- Additional comment from Michael Hampton on 2013-07-30 02:51:57 EDT ---
Any chance of getting this bugfix in EL6? This is causing dynamic DNS address updates for RFC1918 A records to randomly fail.
--- Additional comment from Alexander Bokovoy on 2013-07-30 02:58:24 EDT ---
We really need this in RHEL 6. IN_MULTICAST(addr) is not the same as IN_MULTICAST(ntohl(addr)) on Intel architecture.As result of wrong byte order many innocent addresses are filtered out.
--- Additional comment from Petr Spacek on 2013-07-30 07:52:37 EDT ---
AFAIK it doesn't make much sense to filter IPv4 multicast addresses, because they are not considered valid *source* addresses. Multicast address is valid only as *destination* address, so no multicast address should ever appear on the IPv4 interface.
--- Additional comment from RHEL Product and Program Management on 2013-07-30 09:42:42 EDT ---
Since this bug report was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
--- Additional comment from Jakub Hrozek on 2013-08-29 08:00:28 EDT ---
Currently targeting 6.6
--- Additional comment from Jakub Hrozek on 2013-09-19 06:07:18 EDT ---
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2087
Steps to Reproduce:
1. In LDAP, fill a user entry with a "sudoHost" attribute with a subnet: "192.168.101.0/24"
2. On a fresh Fedora 19 machine which is in the subnet "192.168.101.0/24", and which has NetworkManager service installed, the user tries to execute the command "sudo -l"
Actual results:
"User xxxx is not allowed to run sudo on machine"
Expected results:
The user is allowed to run sudo on the machine