Samba 2.2.0 "allow hosts" issue

Andrew Dawson ccaaand at ucl.ac.uk
Thu Apr 19 22:50:54 GMT 2001


We've been attempting to upgrade from Samba 2.0.7 to 2.2.0 in the light of
the recent security issue. However, we found that smb.conf lines of the form
	allow hosts = .dept1.xxx.ac.uk .dept2.xxx.ac.uk
would no longer grant access to systems within these DNS domains (this worked
in 2.0.7 and appears to still be documented for 2.2.0).

After some investigation, I believe that the problem lies with line 269 of
source/lib/access.c. In the absence of a '/' character in the input string,
this simply returns a pointer to the entire string. This is then incorrectly
assumed to be an IP address and hostname-based authentication breaks.

Replacing the strtok() function call with a simple strchr() call, along with
a change to the corresponding DEBUG line (see diff below) seems to have
resolved the problem for us, although I can't guarantee this hasn't caused
something else to break!


*** source/lib/access.c.orig	Sat Apr 14 22:22:02 2001
--- source/lib/access.c	Thu Apr 19 22:46:07 2001
***************
*** 264,277 ****
  			/* 
  			 * if we failed, make surethat it was not because the token
  			 * was a network/netmask pair.  Only network/netmask pairs
  			 * have a '/' in them
  			 */
! 			if ((p=strtok(tok, "/")) == NULL)
  			{
  				only_ip = False;
! 				DEBUG(3,("only_ipaddrs_in_list: list [%s] has non-ip address %s\n", list, p));
  				break;
  			}
  		}
  	}
  	
--- 264,277 ----
  			/* 
  			 * if we failed, make surethat it was not because the token
  			 * was a network/netmask pair.  Only network/netmask pairs
  			 * have a '/' in them
  			 */
! 			if ((p=strchr(tok, '/')) == NULL)
  			{
  				only_ip = False;
! 				DEBUG(3,("only_ipaddrs_in_list: list [%s] has non-ip address %s\n", list, tok));
  				break;
  			}
  		}
  	}


I hope this is of some use to someone!

Regards,

Andrew.
  	
-- 
+-----------------------------------------------------------------------------+
|   Andrew Dawson, Operating Systems Group Manager, Information Systems,      |
|   Education & Information Support Division, University College London       |
+-----------------------------------------------------------------------------+




More information about the samba mailing list