Bug 7383 - When using hosts allow samba uses IPV6 ip addresses
When using hosts allow samba uses IPV6 ip addresses
Status: RESOLVED FIXED
Product: Samba 3.5
Classification: Unclassified
Component: File services
3.5.1
x86 Windows XP
: P3 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-04-22 04:42 UTC by Paul Bakker
Modified: 2011-06-07 11:13 UTC (History)
3 users (show)

See Also:


Attachments
Patch for v3-5 (1.97 KB, patch)
2011-06-06 13:26 UTC, Stefan Metzmacher
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Bakker 2010-04-22 04:42:14 UTC
We use hosts allow in smb.conf to restrict access to shares.
After upgrading to 3.5.1 host allow only functions based on ip addresses and not on names.
If we put in the host file the following entry as an exaple

::ffff:10.1.100.12 ntserver.dom.nl

Then hosts allow work.
It looks like version 3.5.1 uses ipv6 ip addresses
Is there a way to use old ipv4 behaviour?
System is redhat V4
Comment 1 Stefan Metzmacher 2010-04-22 06:37:53 UTC
I think this fixable, by using IPV6_V6ONLY on ipv6 the sockets.
And I planed to change that, but I was unsure about the side effects.
maybe people rely on that bug in there setups.

Volker, Jeremy and Günther what do you think, should be change the behavior?
Comment 2 Volker Lendecke 2010-04-24 05:00:38 UTC
Can we check for both?

Volker
Comment 3 Stefan Metzmacher 2010-04-24 06:04:22 UTC
For access checks we could.

The problem I see is the %I substitution for things like include = .
Where we might need to change the behavior.

My preference would be to never represent ipv4 addresses as ipv6
addresses in %I.
Comment 4 Guenther Deschner 2011-04-20 13:28:18 UTC
(In reply to comment #3)
> For access checks we could.
> 
> The problem I see is the %I substitution for things like include = .
> Where we might need to change the behavior.
> 
> My preference would be to never represent ipv4 addresses as ipv6
> addresses in %I.

Yes. That sounds good. I find it way confusing when %I resolves to ::ffff:10.1.100.12 on ipv4 interfaces.
Comment 5 Stefan Metzmacher 2011-06-06 13:26:51 UTC
Created attachment 6524 [details]
Patch for v3-5

In 3.6 we have the full fix including usage of IPV6_V6ONLY.
(c4c49be416aeac890628c9a9f2fd7975860884d4)

For 3.5.x we should only backport the patch with less impact.
(62b2083c627abeb8a2fb7e5adc793c630d0d561c)
Comment 6 Jeremy Allison 2011-06-06 22:06:26 UTC
Comment on attachment 6524 [details]
Patch for v3-5

Looks good to me.
Comment 7 Jeremy Allison 2011-06-06 22:06:49 UTC
Re-assigning to Karolin for inclusion in 3.5.9.
Jeremy.
Comment 8 Karolin Seeger 2011-06-07 11:13:45 UTC
Pushed to v3-5-test, will be included in 3.5.9.
Closing out bug report.

Thanks!