Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1007475
Description of problem:
Using the ldap attribute sudoHost, users always been refused to execute
a sudo command when the sudoHost is a IPV4 address or subnet.
Version-Release number of selected component (if applicable):
Always (But only using NetworkManager service... When switching to "network"
service, this bug disappears ! )
Steps to Reproduce:
1. In OpenLdap, fill a user entry with a "sudoHost" attribute with a subnet:
2. On a fresh Fedora 19 machine which is in the subnet "192.168.101.0/24", and
which has NetworkManager service installed, the user tries to execute the
command "sudo -l"
"User xxxx is not allowed to run sudo on machine"
The user is allowed to run sudo on the machine
This is an old anomaly we face for a long time.
After a little bit of debugging and digging in the code, it seems a filter on
multicast address is wrong in
In fact, a conversion with "ntohl" is needed here:
Without ntohl, the ipv4 addresses or subnets are seen has multicast and
therefore are filtered...
I see that a similar bug has been fixed in February for IPA:
It may also exist another similar bug in
./src/monitor/monitor_netlink.c:613: return IN_MULTICAST(addr4->s_addr);
You cannot imagine how much i'm looking forward that this bug be corrected :-)
design_review: => 0
patch: 0 => 1
review: True => 0
testsupdated: => 0
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=990143 (Red Hat Enterprise Linux 6)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1007475 1007475] => [https://bugzilla.redhat.com/show_bug.cgi?id=1007475 1007475], [https://bugzilla.redhat.com/show_bug.cgi?id=990143 990143]
owner: somebody => jhrozek
status: new => assigned
milestone: NEEDS_TRIAGE => SSSD 1.11.1
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=1007475 1007475], [https://bugzilla.redhat.com/show_bug.cgi?id=990143 990143] => [https://bugzilla.redhat.com/show_bug.cgi?id=1007475 1007475], [https://bugzilla.redhat.com/show_bug.cgi?id=990143 990143] [https://bugzilla.redhat.com/show_bug.cgi?id=1009914 1009914]
resolution: => fixed
status: assigned => closed
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.