potential bug with hosts allow and hosts deny

Markus Krieger krieger at rz.uni-wuerzburg.de
Wed Feb 23 21:10:07 GMT 2000 

hello, 
when trying to allow or deny hosts the access to my samba server and
testing
the access with testparm i found the following irritating behaviour:

both samba and testparm don't properly resolve names.
When providing an unqualified hostname in "hosts allow", "hosts deny" or
to testparm, then the name resolver obviously doesn't expand the name
and
retreive the correct ip.

The problem concerns both samba 2.0.6 and pre-3.0.0 CVS from 23.02.2000
with SuSE linux 6.3 on Intel x86

example:

i have a private network and within i have a samba server and a host:
172.16.13.15  shadow00.private
172.16.13.152 shadow12.private

i've put the following line into my smb.conf

 hosts deny = 172.16.

when i call "testparm hostname 172.16.13.152" the output is

 Load smb config files from /usr/local/samba21/lib/smb.conf
 Processing section "[homes]"
 Processing section "[printers]"
 Loaded services file OK.
 Deny connection from hostname (172.16.13.152) to homes
 Deny connection from hostname (172.16.13.152) to printers

When i call "testparm hostname shadow12" i get

 Processing section "[homes]"
 Processing section "[printers]"
 Loaded services file OK.
 Allow connection from hostname (shadow12) to homes
 Allow connection from hostname (shadow12) to printers

However i'm not able to connect to the service

The problem gets worse, when i try to do something like
  
  hosts deny = shadow12

(I.E. not providing a fully quallified name)

Now i get:
shadow00:~ # testparm hostname 172.16.13.152
 Load smb config files from /usr/local/samba21/lib/smb.conf
 Processing section "[homes]"
 Processing section "[printers]"
 Loaded services file OK.
 Allow connection from hostname (172.16.13.152) to homes
 Allow connection from hostname (172.16.13.152) to printers
shadow00:~ # testparm hostname shadow12
 Load smb config files from /usr/local/samba21/lib/smb.conf
 Processing section "[homes]"
 Processing section "[printers]"
 Loaded services file OK.
 Deny connection from hostname (shadow12) to homes
 Deny connection from hostname (shadow12) to printers

And most of all, i'm able to connect to the service!

markus at shadow00:~ > smbclient -L shadow00                 
 added interface ip=172.16.13.152 bcast=172.16.255.255 nmask=255.255.0.0
 Password: 
 Domain=[SAMBA] OS=[Unix] Server=[Samba pre-3.0.0]
 .
 .
 .

when i supply the fully qualified hostname, the service is again
unavailable,
but testparm tells me the folowing:

 shadow00:~ # testparm hostname 172.16.13.152
 Load smb config files from /usr/local/samba21/lib/smb.conf
 Processing section "[homes]"
 Processing section "[printers]"
 Loaded services file OK.
 Allow connection from hostname (172.16.13.152) to homes
 Allow connection from hostname (172.16.13.152) to printers

 shadow00:~ # testparm hostname shadow12
 Load smb config files from /usr/local/samba21/lib/smb.conf
 Processing section "[homes]"
 Processing section "[printers]"
 Loaded services file OK.
 Allow connection from hostname (shadow12) to homes
 Allow connection from hostname (shadow12) to printers

 shadow00:~ # testparm hostname shadow12.private
 Load smb config files from /usr/local/samba21/lib/smb.conf
 Processing section "[homes]" 
 Processing section "[printers]"
 Loaded services file OK.
 Deny connection from hostname (shadow12.private) to homes
 Deny connection from hostname (shadow12.private) to printers

If you need further information, please contact me

regards,
markus krieger
e-mail: krieger at rz.uni-wuerzburg.de

More information about the samba mailing list