Bug 5311 - hosts deny configuration doesn't work with 3.2.0pre2
hosts deny configuration doesn't work with 3.2.0pre2
Status: RESOLVED FIXED
Product: Samba 3.2
Classification: Unclassified
Component: File services
3.2.0
x86 Linux
: P3 critical
: ---
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-06 07:45 UTC by Magnus Mertens
Modified: 2008-03-07 11:02 UTC (History)
0 users

See Also:


Attachments
Patch (1.30 KB, patch)
2008-03-06 16:29 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Magnus Mertens 2008-03-06 07:45:42 UTC
Connecting with smbclient from a host which was locked out with the "hosts deny" parameter before on a Samba 3.2.0pre2 server the clientaccess works nevertheless. 
The same configuration with Samba 3.0.28 works well.

the serverside (smbtest3):
****
smbtest3:~ # testparm /etc/sambatest/smb.conf.hostsdeny
Load smb config files from /etc/sambatest/smb.conf.hostsdeny
Processing section "[test]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        workgroup = LINUX
        netbios name = SAMBATEST

[test]
        path = /tmp
        read only = No
        hosts deny = 172.16.13.1
****

****
smbtest3:~ # testparm /etc/sambatest/smb.conf.hostsdeny localhost 172.16.13.1
Load smb config files from /etc/sambatest/smb.conf.hostsdeny
Processing section "[test]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Deny connection from localhost (172.16.13.1) to test
*****

*****
smbtest3:~ # ps auxf | grep smbd
root     25777  0.0  0.2   1884   624 pts/0    S+   14:43   0:00          \_ grep smbd
root     25617  0.0  1.2  11776  3228 ?        Ss   14:28   0:00 smbd -s /etc/sambatest/smb.conf.hostsdeny
root     25618  0.0  0.4  11776  1100 ?        S    14:28   0:00  \_ smbd -s /etc/sambatest/smb.conf.hostsdeny
smbtest3:~ # 
*****


clientside (smbtest2):

*****
smbtest1:~# ifconfig  | grep "inet addr"
          inet addr:172.16.13.1  Bcast:172.16.13.0  Mask:255.240.0.0
          inet addr:127.0.0.1  Mask:255.0.0.0
*****

*****
smbtest1:~# smbclient //172.16.13.3/test -Uroot -c 'dir'
Password: 
Domain=[SAMBATEST] OS=[Unix] Server=[Samba 3.2.0pre2-SerNet-SuSE]
  .                                   D        0  Thu Mar  6 14:45:01 2008
  ..                                  D        0  Mon Jul 23 17:11:46 2007
  cif                                 D        0  Mon Sep 25 23:27:32 2006
  new                                 D        0  Mon Mar  3 09:51:16 2008
******


smbtest3 smbstatus at the access time:
*****
Samba version 3.2.0pre2-SerNet-SuSE
PID     Username      Group         Machine                        
-------------------------------------------------------------------
25865     root          root          smbtest1     (::ffff:172.16.13.1)

Service      pid     machine       Connected at
-------------------------------------------------------
test         25865   smbtest1      Thu Mar  6 14:48:37 2008

No locked files
***********
Comment 1 Jeremy Allison 2008-03-06 15:54:01 UTC
Reproduced this. It's an IPv6 issue with the incoming address being returned as ::ffff:A.B.C.D and the smb.conf parameter being A.B.C.D. String match is failing. I'll fix this.

Jeremy.
Comment 2 Jeremy Allison 2008-03-06 16:29:49 UTC
Created attachment 3163 [details]
Patch

This patch fixes the problem for me. I'd appreciate it if you'd try more complex allow/deny settings to make sure I got this right. Thanks,
Jeremy.
Comment 3 Magnus Mertens 2008-03-07 09:37:13 UTC
Hi Jeremy,

thanks, your patches fixes the problem for me too. I tried out some different confgurations with hosts deny and allow with success.

Magnus
Comment 4 Jeremy Allison 2008-03-07 11:02:02 UTC
Confirmed fixed by submitter.
Thanks,
Jeremy.