Bug 990143 - Filter out inappropriate multicast and subnet broadcast addresses from dynamic DNS update
Summary: Filter out inappropriate multicast and subnet broadcast addresses from dynami...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.4
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On: 909430 1112702 1139361
Blocks: 1009914 1061410
TreeView+ depends on / blocked
 
Reported: 2013-07-30 13:22 UTC by Jakub Hrozek
Modified: 2014-10-14 04:46 UTC (History)
12 users (show)

Fixed In Version: sssd-1.11.5.1-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: SSSD's dynamic DNS update feature did not filter out milticast and broadcast addresses when ipa_dyndns_iface was used Consequence: Addresses that are not suitable for DNS appeared in IPA's DNS Fix: Multicast and broadcast addresses are now filtered out when performing a DNS update with ipa_dyndns_iface Result: Only the addresses that are appropriate
Clone Of: 909430
: 1009914 (view as bug list)
Environment:
Last Closed: 2014-10-14 04:46:32 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1375 normal SHIPPED_LIVE sssd bug fix and enhancement update 2014-10-14 01:06:25 UTC

Comment 2 Jakub Hrozek 2013-08-29 12:00:28 UTC
Currently targeting 6.6

Comment 3 Jakub Hrozek 2013-09-19 10:07:18 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2087

Comment 4 Jakub Hrozek 2013-09-24 13:13:01 UTC
Fixed upstream:
    master: 6982b488e03b8e29e186f0c54cf5f80438cceadd
    sssd-1-11: a9b2c8fb47fc334c7ba9b229cde18d168059c096

Comment 5 Jakub Hrozek 2013-09-25 23:02:03 UTC
Fixed upstream -> moving to POST

Comment 6 Jakub Hrozek 2013-09-25 23:28:58 UTC
Steps to Reproduce:
1. In LDAP, fill a user entry with a "sudoHost" attribute with a subnet: "192.168.101.0/24"
2. On a fresh Fedora 19 machine which is in the subnet "192.168.101.0/24", and which has NetworkManager service installed, the user tries to execute the command "sudo -l"

Actual results:
"User xxxx is not allowed to run sudo on machine"

Expected results:
The user is allowed to run sudo on the machine

Comment 9 Kaleem 2014-09-12 12:32:02 UTC
Verified for mulitcast address only as per https://bugzilla.redhat.com/show_bug.cgi?id=909430#c18 

sssd version:
=============
[root@rhel66-client1 ~]# rpm -q sssd
sssd-1.11.6-29.el6.x86_64
[root@rhel66-client1 ~]# 


snip from sssd_domain_log
========================
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication.
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ipa_dyndns_update_send] (0x0400): Performing update
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Multicast IPv4 address 224.0.0.1
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Link local IPv6 address fe80::5054:ff:fe9e:7b8a

Comment 10 errata-xmlrpc 2014-10-14 04:46:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1375.html


Note You need to log in before you can comment on or make changes to this bug.