Bug 990143

Summary: Filter out inappropriate multicast and subnet broadcast addresses from dynamic DNS update
Product: Red Hat Enterprise Linux 6 Reporter: Jakub Hrozek <jhrozek>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.4CC: abokovoy, dpal, error, grajaiya, jgalipea, jhrozek, ksiddiqu, lslebodn, mkosek, nsoman, pbrezina, pspacek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.11.5.1-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: SSSD's dynamic DNS update feature did not filter out milticast and broadcast addresses when ipa_dyndns_iface was used Consequence: Addresses that are not suitable for DNS appeared in IPA's DNS Fix: Multicast and broadcast addresses are now filtered out when performing a DNS update with ipa_dyndns_iface Result: Only the addresses that are appropriate
 Story Points: ---
Clone Of: 909430
: 1009914 (view as bug list) Environment:
Last Closed: 2014-10-14 04:46:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 909430, 1112702, 1139361    
Bug Blocks: 1009914, 1061410    

Comment 2 Jakub Hrozek 2013-08-29 12:00:28 UTC 
Currently targeting 6.6
Comment 3 Jakub Hrozek 2013-09-19 10:07:18 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2087
Comment 4 Jakub Hrozek 2013-09-24 13:13:01 UTC 
Fixed upstream:
    master: 6982b488e03b8e29e186f0c54cf5f80438cceadd
    sssd-1-11: a9b2c8fb47fc334c7ba9b229cde18d168059c096
Comment 5 Jakub Hrozek 2013-09-25 23:02:03 UTC 
Fixed upstream -> moving to POST
Comment 6 Jakub Hrozek 2013-09-25 23:28:58 UTC 
Steps to Reproduce:
1. In LDAP, fill a user entry with a "sudoHost" attribute with a subnet: "192.168.101.0/24"
2. On a fresh Fedora 19 machine which is in the subnet "192.168.101.0/24", and which has NetworkManager service installed, the user tries to execute the command "sudo -l"

Actual results:
"User xxxx is not allowed to run sudo on machine"

Expected results:
The user is allowed to run sudo on the machine
Comment 9 Kaleem 2014-09-12 12:32:02 UTC 
Verified for mulitcast address only as per https://bugzilla.redhat.com/show_bug.cgi?id=909430#c18 

sssd version:
=============
[root@rhel66-client1 ~]# rpm -q sssd
sssd-1.11.6-29.el6.x86_64
[root@rhel66-client1 ~]# 


snip from sssd_domain_log
========================
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication.
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ipa_dyndns_update_send] (0x0400): Performing update
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Multicast IPv4 address 224.0.0.1
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Link local IPv6 address fe80::5054:ff:fe9e:7b8a
Comment 10 errata-xmlrpc 2014-10-14 04:46:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1375.html