summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2011-07-04 17:16:31 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-05-10 15:16:02 -0400
commit62826f0052c1d6b71f62c1149c894d40549828ad (patch)
tree3552b56aaae4c2533d90edd68e3d74b1d8bb7b17 /src
parent388214d8cc47968fa7f53c5a6624746b42865dde (diff)
downloadsssd-62826f0052c1d6b71f62c1149c894d40549828ad.tar.gz
sssd-62826f0052c1d6b71f62c1149c894d40549828ad.tar.bz2
sssd-62826f0052c1d6b71f62c1149c894d40549828ad.zip
Filter out IP addresses inappropriate for DNS forward records
https://fedorahosted.org/sssd/ticket/949
Diffstat (limited to 'src')
-rw-r--r--src/providers/ipa/ipa_dyndns.c58
1 files changed, 57 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_dyndns.c b/src/providers/ipa/ipa_dyndns.c
index 4224919b..66515e84 100644
--- a/src/providers/ipa/ipa_dyndns.c
+++ b/src/providers/ipa/ipa_dyndns.c
@@ -180,6 +180,60 @@ void ipa_dyndns_update(void *pvt)
tevent_req_set_callback(req, ipa_dyndns_update_done, NULL);
}
+static bool ok_for_dns(struct sockaddr *sa)
+{
+ char straddr[INET6_ADDRSTRLEN];
+
+ if (sa->sa_family == AF_INET6) {
+ struct in6_addr *addr = &((struct sockaddr_in6 *) sa)->sin6_addr;
+
+ if (inet_ntop(AF_INET6, addr, straddr, INET6_ADDRSTRLEN) == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("inet_ntop failed, won't log IP addresses\n"));
+ snprintf(straddr, INET6_ADDRSTRLEN, "unknown");
+ }
+
+ if (IN6_IS_ADDR_LINKLOCAL(addr)) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Link local IPv6 address %s\n", straddr));
+ return false;
+ } else if (IN6_IS_ADDR_LOOPBACK(addr)) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Loopback IPv6 address %s\n", straddr));
+ return false;
+ } else if (IN6_IS_ADDR_MULTICAST(addr)) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Multicast IPv6 address %s\n", straddr));
+ return false;
+ }
+ } else if (sa->sa_family == AF_INET) {
+ struct in_addr *addr = &((struct sockaddr_in *) sa)->sin_addr;
+
+ if (inet_ntop(AF_INET, addr, straddr, INET6_ADDRSTRLEN) == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("inet_ntop failed, won't log IP addresses\n"));
+ snprintf(straddr, INET6_ADDRSTRLEN, "unknown");
+ }
+
+ if (IN_MULTICAST(addr->s_addr)) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Multicast IPv4 address %s\n", straddr));
+ return false;
+ } else if (inet_netof(*addr) == IN_LOOPBACKNET) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Loopback IPv4 address %s\n", straddr));
+ return false;
+ } else if ((addr->s_addr & 0xffff0000) == 0xa9fe0000) {
+ /* 169.254.0.0/16 */
+ DEBUG(SSSDBG_FUNC_DATA, ("Link-local IPv4 address %s\n", straddr));
+ return false;
+ } else if (addr->s_addr == htonl(INADDR_BROADCAST)) {
+ DEBUG(SSSDBG_FUNC_DATA, ("Broadcast IPv4 address %s\n", straddr));
+ return false;
+ }
+ } else {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n"));
+ return false;
+ }
+
+ return true;
+}
+
static void ipa_dyndns_sdap_connect_done(struct tevent_req *subreq);
static int ipa_dyndns_add_ldap_iface(struct ipa_dyndns_ctx *state,
struct sdap_handle *sh);
@@ -233,7 +287,9 @@ ipa_dyndns_update_send(struct ipa_options *ctx)
/* Add IP addresses to the list */
if((ifa->ifa_addr->sa_family == AF_INET ||
ifa->ifa_addr->sa_family == AF_INET6) &&
- strcasecmp(ifa->ifa_name, iface) == 0) {
+ strcasecmp(ifa->ifa_name, iface) == 0 &&
+ ok_for_dns(ifa->ifa_addr)) {
+
/* Add this address to the IP address list */
address = talloc_zero(state, struct ipa_ipaddress);
if (!address) {