15619 – Problem with IPv6 ranges in "hosts allow/deny"

Bug 15619 - Problem with IPv6 ranges in "hosts allow/deny"

Summary: Problem with IPv6 ranges in "hosts allow/deny"

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.19.5
Hardware:	All Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-04-02 11:05 UTC by Veiko Aasa
Modified:	2024-04-02 11:05 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Veiko Aasa 2024-04-02 11:05:42 UTC

I discovered that IPv6 ranges are not working correctly in Samba server configuration section 'hosts allow/deny'. Seems that Samba server allows client connections from outside specified IPv6 ranges:

´´´
$ sudo testparm -V
Version 4.19.5-Debian
´´´

´´´
$ cat smb-test.conf
[global]
   hosts allow = fc00::/7
   hosts deny = all
[disk_home]
   path = /test/%u
   read only = No
   valid users = @users
´´´

´´´
$ sudo testparm -s smb-test.conf  host-ip ffff::
Load smb config files from smb-test.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility
fallback)

WARNING: lock directory /run/samba does not exist

WARNING: pid directory /run/samba does not exist

Server role: ROLE_STANDALONE

Allow connection from host-ip (ffff::) to disk_home
´´´