Bug 1009914 - Filter out inappropriate multicast and subnet broadcast addresses from dynamic DNS update
Summary: Filter out inappropriate multicast and subnet broadcast addresses from dynami...
Keywords:
Status: CLOSED DUPLICATE of bug 909430
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On: 909430 990143
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-09-19 13:32 UTC by Dmitri Pal
Modified: 2020-05-02 17:28 UTC (History)
11 users (show)

Fixed In Version: sssd-1.11.1-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of: 990143
Environment:
Last Closed: 2014-03-20 14:43:42 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 3129 None None None 2020-05-02 17:28:40 UTC

Description Dmitri Pal 2013-09-19 13:32:56 UTC
+++ This bug was initially created as a clone of Bug #990143 +++

+++ This bug was initially created as a clone of Bug #909430 +++

Description of problem:

Multicast and subnet broadcast addresses are not being filtered out from IPA dynamic dns update While this works for loopback/link-local addresses.

Version-Release number of selected component (if applicable):
[root@rhel64client1 ~]# rpm -q sssd
sssd-1.9.2-82.el6.x86_64
[root@rhel64client1 ~]#

How reproducible:
Always.

Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=790105

--- Additional comment from RHEL Product and Program Management on 2013-02-08 13:13:44 EST ---

Since this bug report was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from Jakub Hrozek on 2013-02-08 13:34:36 EST ---

The broadcast addresses might be hard/not needed except for 255.255.255.255 which is already handled, but I have a patch for the multicast part.

--- Additional comment from Jakub Hrozek on 2013-02-08 13:37:17 EST ---

Upstream ticket:
https://fedorahosted.org/sssd/ticket/1804

--- Additional comment from Jakub Hrozek on 2013-02-25 08:51:33 EST ---

The upstream ticket was proposed for 1.10 so I moved the RHEL bug to RHEL7.

--- Additional comment from RHEL Product and Program Management on 2013-02-25 08:57:10 EST ---

Since this bug report was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from Jakub Hrozek on 2013-03-26 14:14:00 EDT ---

Fixed upstream.

--- Additional comment from Michael Hampton on 2013-07-30 02:51:57 EDT ---

Any chance of getting this bugfix in EL6? This is causing dynamic DNS address updates for RFC1918 A records to randomly fail.

--- Additional comment from Alexander Bokovoy on 2013-07-30 02:58:24 EDT ---

We really need this in RHEL 6. IN_MULTICAST(addr) is not the same as IN_MULTICAST(ntohl(addr)) on Intel architecture.As result of wrong byte order many innocent addresses are filtered out.

--- Additional comment from Petr Spacek on 2013-07-30 07:52:37 EDT ---

AFAIK it doesn't make much sense to filter IPv4 multicast addresses, because they are not considered valid *source* addresses. Multicast address is valid only as *destination* address, so no multicast address should ever appear on the IPv4 interface.

--- Additional comment from RHEL Product and Program Management on 2013-07-30 09:42:42 EDT ---

Since this bug report was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from Jakub Hrozek on 2013-08-29 08:00:28 EDT ---

Currently targeting 6.6

--- Additional comment from Jakub Hrozek on 2013-09-19 06:07:18 EDT ---

Upstream ticket:
https://fedorahosted.org/sssd/ticket/2087

Comment 1 Jakub Hrozek 2013-09-24 13:13:16 UTC
Fixed upstream:
    master: 6982b488e03b8e29e186f0c54cf5f80438cceadd
    sssd-1-11: a9b2c8fb47fc334c7ba9b229cde18d168059c096

Comment 2 Jakub Hrozek 2013-09-25 23:28:47 UTC
Steps to Reproduce:
1. In LDAP, fill a user entry with a "sudoHost" attribute with a subnet: "192.168.101.0/24"
2. On a fresh Fedora 19 machine which is in the subnet "192.168.101.0/24", and which has NetworkManager service installed, the user tries to execute the command "sudo -l"

Actual results:
"User xxxx is not allowed to run sudo on machine"

Expected results:
The user is allowed to run sudo on the machine

Comment 4 Jakub Hrozek 2013-10-04 13:24:21 UTC
Temporarily moving bugs to MODIFIED to work around errata tool bug

Comment 6 Jakub Hrozek 2014-03-20 14:43:42 UTC
As discussed on the SSSD meeting today, this bugzilla is actually a duplicate of #909430

*** This bug has been marked as a duplicate of bug 909430 ***


Note You need to log in before you can comment on or make changes to this bug.