Bug 990143
Summary: | Filter out inappropriate multicast and subnet broadcast addresses from dynamic DNS update | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jakub Hrozek <jhrozek> | |
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> | |
Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | medium | |||
Version: | 6.4 | CC: | abokovoy, dpal, error, grajaiya, jgalipea, jhrozek, ksiddiqu, lslebodn, mkosek, nsoman, pbrezina, pspacek | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | sssd-1.11.5.1-1.el6 | Doc Type: | Bug Fix | |
Doc Text: |
Cause: SSSD's dynamic DNS update feature did not filter out milticast and broadcast addresses when ipa_dyndns_iface was used
Consequence: Addresses that are not suitable for DNS appeared in IPA's DNS
Fix: Multicast and broadcast addresses are now filtered out
when performing a DNS update with ipa_dyndns_iface
Result: Only the addresses that are appropriate
|
Story Points: | --- | |
Clone Of: | 909430 | |||
: | 1009914 (view as bug list) | Environment: | ||
Last Closed: | 2014-10-14 04:46:32 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 909430, 1112702, 1139361 | |||
Bug Blocks: | 1009914, 1061410 |
Comment 2
Jakub Hrozek
2013-08-29 12:00:28 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/2087 Fixed upstream: master: 6982b488e03b8e29e186f0c54cf5f80438cceadd sssd-1-11: a9b2c8fb47fc334c7ba9b229cde18d168059c096 Fixed upstream -> moving to POST Steps to Reproduce: 1. In LDAP, fill a user entry with a "sudoHost" attribute with a subnet: "192.168.101.0/24" 2. On a fresh Fedora 19 machine which is in the subnet "192.168.101.0/24", and which has NetworkManager service installed, the user tries to execute the command "sudo -l" Actual results: "User xxxx is not allowed to run sudo on machine" Expected results: The user is allowed to run sudo on the machine Verified for mulitcast address only as per https://bugzilla.redhat.com/show_bug.cgi?id=909430#c18 sssd version: ============= [root@rhel66-client1 ~]# rpm -q sssd sssd-1.11.6-29.el6.x86_64 [root@rhel66-client1 ~]# snip from sssd_domain_log ======================== (Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication. (Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ipa_dyndns_update_send] (0x0400): Performing update (Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Multicast IPv4 address 224.0.0.1 (Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Link local IPv6 address fe80::5054:ff:fe9e:7b8a Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1375.html |