Bug 990143 - Filter out inappropriate multicast and subnet broadcast addresses from dynamic DNS update
Summary: Filter out inappropriate multicast and subnet broadcast addresses from dynami...
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd
Version: 6.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
Depends On: 909430 1112702 1139361
Blocks: 1009914 1061410
TreeView+ depends on / blocked
Reported: 2013-07-30 13:22 UTC by Jakub Hrozek
Modified: 2020-05-02 17:28 UTC (History)
12 users (show)

Fixed In Version: sssd-
Doc Type: Bug Fix
Doc Text:
Cause: SSSD's dynamic DNS update feature did not filter out milticast and broadcast addresses when ipa_dyndns_iface was used Consequence: Addresses that are not suitable for DNS appeared in IPA's DNS Fix: Multicast and broadcast addresses are now filtered out when performing a DNS update with ipa_dyndns_iface Result: Only the addresses that are appropriate
Clone Of: 909430
: 1009914 (view as bug list)
Last Closed: 2014-10-14 04:46:32 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 3129 0 None None None 2020-05-02 17:28:52 UTC
Red Hat Product Errata RHBA-2014:1375 0 normal SHIPPED_LIVE sssd bug fix and enhancement update 2014-10-14 01:06:25 UTC

Comment 2 Jakub Hrozek 2013-08-29 12:00:28 UTC
Currently targeting 6.6

Comment 3 Jakub Hrozek 2013-09-19 10:07:18 UTC
Upstream ticket:

Comment 4 Jakub Hrozek 2013-09-24 13:13:01 UTC
Fixed upstream:
    master: 6982b488e03b8e29e186f0c54cf5f80438cceadd
    sssd-1-11: a9b2c8fb47fc334c7ba9b229cde18d168059c096

Comment 5 Jakub Hrozek 2013-09-25 23:02:03 UTC
Fixed upstream -> moving to POST

Comment 6 Jakub Hrozek 2013-09-25 23:28:58 UTC
Steps to Reproduce:
1. In LDAP, fill a user entry with a "sudoHost" attribute with a subnet: ""
2. On a fresh Fedora 19 machine which is in the subnet "", and which has NetworkManager service installed, the user tries to execute the command "sudo -l"

Actual results:
"User xxxx is not allowed to run sudo on machine"

Expected results:
The user is allowed to run sudo on the machine

Comment 9 Kaleem 2014-09-12 12:32:02 UTC
Verified for mulitcast address only as per https://bugzilla.redhat.com/show_bug.cgi?id=909430#c18 

sssd version:
[root@rhel66-client1 ~]# rpm -q sssd
[root@rhel66-client1 ~]# 

snip from sssd_domain_log
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [delayed_online_authentication_callback] (0x0200): Backend is online, starting delayed online authentication.
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ipa_dyndns_update_send] (0x0400): Performing update
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Multicast IPv4 address
(Wed Sep 10 14:01:19 2014) [sssd[be[testrelm.test]]] [ok_for_dns] (0x0200): Link local IPv6 address fe80::5054:ff:fe9e:7b8a

Comment 10 errata-xmlrpc 2014-10-14 04:46:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.