Bug 990143 - Filter out inappropriate multicast and subnet broadcast addresses from dynamic DNS update
Filter out inappropriate multicast and subnet broadcast addresses from dynami...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.4
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
:
Depends On: 909430 1112702 1139361
Blocks: 1009914 1061410
  Show dependency treegraph
 
Reported: 2013-07-30 09:22 EDT by Jakub Hrozek
Modified: 2014-10-14 00:46 EDT (History)
12 users (show)

See Also:
Fixed In Version: sssd-1.11.5.1-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: SSSD's dynamic DNS update feature did not filter out milticast and broadcast addresses when ipa_dyndns_iface was used Consequence: Addresses that are not suitable for DNS appeared in IPA's DNS Fix: Multicast and broadcast addresses are now filtered out when performing a DNS update with ipa_dyndns_iface Result: Only the addresses that are appropriate
Story Points: ---
Clone Of: 909430
: 1009914 (view as bug list)
Environment:
Last Closed: 2014-10-14 00:46:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 2 Jakub Hrozek 2013-08-29 08:00:28 EDT
Currently targeting 6.6
Comment 3 Jakub Hrozek 2013-09-19 06:07:18 EDT
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2087
Comment 4 Jakub Hrozek 2013-09-24 09:13:01 EDT
Fixed upstream:
    master: 6982b488e03b8e29e186f0c54cf5f80438cceadd
    sssd-1-11: a9b2c8fb47fc334c7ba9b229cde18d168059c096
Comment 5 Jakub Hrozek 2013-09-25 19:02:03 EDT
Fixed upstream -> moving to POST
Comment 6 Jakub Hrozek 2013-09-25 19:28:58 EDT
Steps to Reproduce:
1. In LDAP, fill a user entry with a "sudoHost" attribute with a subnet: "192.168.101.0/24"
2. On a fresh Fedora 19 machine which is in the subnet "192.168.101.0/24", and which has NetworkManager service installed, the user tries to execute the command "sudo -l"

Actual results:
"User xxxx is not allowed to run sudo on machine"

Expected results:
The user is allowed to run sudo on the machine
Comment 9 Kaleem 2014-09-12 08:32:02 EDT
Verified for mulitcast address only as per https://bugzilla.redhat.com/show_bug.cgi?id=909430#c18 

sssd version:
=============
[root@rhel66-client1 ~]# rpm -q sssd
sssd-1.11.6-29.el6.x86_64
[root@rhel66-client1 ~]# 


snip from sssd_domain_log
========================
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication.
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ipa_dyndns_update_send] (0x0400): Performing update
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Multicast IPv4 address 224.0.0.1
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Link local IPv6 address fe80::5054:ff:fe9e:7b8a
Comment 10 errata-xmlrpc 2014-10-14 00:46:32 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1375.html

Note You need to log in before you can comment on or make changes to this bug.