potential bug with hosts allow and hosts deny
Markus Krieger
krieger at rz.uni-wuerzburg.de
Wed Feb 23 21:10:07 GMT 2000
hello,
when trying to allow or deny hosts the access to my samba server and
testing
the access with testparm i found the following irritating behaviour:
both samba and testparm don't properly resolve names.
When providing an unqualified hostname in "hosts allow", "hosts deny" or
to testparm, then the name resolver obviously doesn't expand the name
and
retreive the correct ip.
The problem concerns both samba 2.0.6 and pre-3.0.0 CVS from 23.02.2000
with SuSE linux 6.3 on Intel x86
example:
i have a private network and within i have a samba server and a host:
172.16.13.15 shadow00.private
172.16.13.152 shadow12.private
i've put the following line into my smb.conf
hosts deny = 172.16.
when i call "testparm hostname 172.16.13.152" the output is
Load smb config files from /usr/local/samba21/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Deny connection from hostname (172.16.13.152) to homes
Deny connection from hostname (172.16.13.152) to printers
When i call "testparm hostname shadow12" i get
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Allow connection from hostname (shadow12) to homes
Allow connection from hostname (shadow12) to printers
However i'm not able to connect to the service
The problem gets worse, when i try to do something like
hosts deny = shadow12
(I.E. not providing a fully quallified name)
Now i get:
shadow00:~ # testparm hostname 172.16.13.152
Load smb config files from /usr/local/samba21/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Allow connection from hostname (172.16.13.152) to homes
Allow connection from hostname (172.16.13.152) to printers
shadow00:~ # testparm hostname shadow12
Load smb config files from /usr/local/samba21/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Deny connection from hostname (shadow12) to homes
Deny connection from hostname (shadow12) to printers
And most of all, i'm able to connect to the service!
markus at shadow00:~ > smbclient -L shadow00
added interface ip=172.16.13.152 bcast=172.16.255.255 nmask=255.255.0.0
Password:
Domain=[SAMBA] OS=[Unix] Server=[Samba pre-3.0.0]
.
.
.
when i supply the fully qualified hostname, the service is again
unavailable,
but testparm tells me the folowing:
shadow00:~ # testparm hostname 172.16.13.152
Load smb config files from /usr/local/samba21/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Allow connection from hostname (172.16.13.152) to homes
Allow connection from hostname (172.16.13.152) to printers
shadow00:~ # testparm hostname shadow12
Load smb config files from /usr/local/samba21/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Allow connection from hostname (shadow12) to homes
Allow connection from hostname (shadow12) to printers
shadow00:~ # testparm hostname shadow12.private
Load smb config files from /usr/local/samba21/lib/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Deny connection from hostname (shadow12.private) to homes
Deny connection from hostname (shadow12.private) to printers
If you need further information, please contact me
regards,
markus krieger
e-mail: krieger at rz.uni-wuerzburg.de
More information about the samba
mailing list