Project

General

Profile

Bug #1554

SMB has no concept of IPv6 host access lists

Added by Rich Lowe almost 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
cifs - CIFS server and client
Start date:
2011-09-22
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

In looking at an RTI of Yuri's I appear to have stumbled into a minefield.

CIFS has no concept of an IPv6 access check, and blindly calls the share open if accessed via v6, as best as I can tell (this appears to be regardless of v4 access lists, possibly containing matching host names).

I'm hoping I'm misunderstanding the code, but I'm struggling to follow it in a way that makes this anything less than "terrible"

History

#1

Updated by Yuri Pankov almost 8 years ago

If we are to implement this correctly, how would IPv6 access list entry look like, rw=[2001:470:28:4ba:20c:29ff:fec5:3a03]:[2001:470:28:4ba:20c:29ff:fec5:3a03]:@192.168.1.4 ?

#2

Updated by Yuri Pankov almost 8 years ago

The problem seems to be more serious than that, enabling IPv6 support via `sharectl set -p ipv6_enable=true smb` makes host access checks for IPv4 addresses be skipped as well, as they became IPv6-mapped:

family=26
host access check ::ffff:192.168.1.107

so we just return SMB_SHRF_ACC_OPEN here: http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/smbsrv/libmlsvc/common/smb_share.c#757

Need to double-check it though...

#3

Updated by Yuri Pankov almost 8 years ago

  • Assignee set to Yuri Pankov
  • % Done changed from 0 to 50
#4

Updated by Rich Lowe almost 8 years ago

  • Category set to cifs - CIFS server and client
  • Status changed from New to Resolved
  • % Done changed from 50 to 100
  • Tags deleted (needs-triage)

Resolved in r13500 commit:f077aa5fa57c

Also available in: Atom PDF