Bug 990143 - Filter out inappropriate multicast and subnet broadcast addresses from dynamic DNS update
Filter out inappropriate multicast and subnet broadcast addresses from dynami...
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
Depends On: 909430 1112702 1139361
Blocks: 1009914 1061410
  Show dependency treegraph
Reported: 2013-07-30 09:22 EDT by Jakub Hrozek
Modified: 2014-10-14 00:46 EDT (History)
12 users (show)

See Also:
Fixed In Version: sssd-
Doc Type: Bug Fix
Doc Text:
Cause: SSSD's dynamic DNS update feature did not filter out milticast and broadcast addresses when ipa_dyndns_iface was used Consequence: Addresses that are not suitable for DNS appeared in IPA's DNS Fix: Multicast and broadcast addresses are now filtered out when performing a DNS update with ipa_dyndns_iface Result: Only the addresses that are appropriate
Story Points: ---
Clone Of: 909430
: 1009914 (view as bug list)
Last Closed: 2014-10-14 00:46:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 2 Jakub Hrozek 2013-08-29 08:00:28 EDT
Currently targeting 6.6
Comment 3 Jakub Hrozek 2013-09-19 06:07:18 EDT
Upstream ticket:
Comment 4 Jakub Hrozek 2013-09-24 09:13:01 EDT
Fixed upstream:
    master: 6982b488e03b8e29e186f0c54cf5f80438cceadd
    sssd-1-11: a9b2c8fb47fc334c7ba9b229cde18d168059c096
Comment 5 Jakub Hrozek 2013-09-25 19:02:03 EDT
Fixed upstream -> moving to POST
Comment 6 Jakub Hrozek 2013-09-25 19:28:58 EDT
Steps to Reproduce:
1. In LDAP, fill a user entry with a "sudoHost" attribute with a subnet: ""
2. On a fresh Fedora 19 machine which is in the subnet "", and which has NetworkManager service installed, the user tries to execute the command "sudo -l"

Actual results:
"User xxxx is not allowed to run sudo on machine"

Expected results:
The user is allowed to run sudo on the machine
Comment 9 Kaleem 2014-09-12 08:32:02 EDT
Verified for mulitcast address only as per https://bugzilla.redhat.com/show_bug.cgi?id=909430#c18 

sssd version:
[root@rhel66-client1 ~]# rpm -q sssd
[root@rhel66-client1 ~]# 

snip from sssd_domain_log
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication.
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ipa_dyndns_update_send] (0x0400): Performing update
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Multicast IPv4 address
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Link local IPv6 address fe80::5054:ff:fe9e:7b8a
Comment 10 errata-xmlrpc 2014-10-14 00:46:32 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.