Bug #1554
closed
SMB has no concept of IPv6 host access lists
100%
Description
In looking at an RTI of Yuri's I appear to have stumbled into a minefield.
CIFS has no concept of an IPv6 access check, and blindly calls the share open if accessed via v6, as best as I can tell (this appears to be regardless of v4 access lists, possibly containing matching host names).
I'm hoping I'm misunderstanding the code, but I'm struggling to follow it in a way that makes this anything less than "terrible"
Updated by Yuri Pankov about 12 years ago
If we are to implement this correctly, how would IPv6 access list entry look like, rw=[2001:470:28:4ba:20c:29ff:fec5:3a03]:[2001:470:28:4ba:20c:29ff:fec5:3a03]:@192.168.1.4 ?
Updated by Yuri Pankov about 12 years ago
The problem seems to be more serious than that, enabling IPv6 support via `sharectl set -p ipv6_enable=true smb` makes host access checks for IPv4 addresses be skipped as well, as they became IPv6-mapped:
family=26 host access check ::ffff:192.168.1.107
so we just return SMB_SHRF_ACC_OPEN here: http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/smbsrv/libmlsvc/common/smb_share.c#757
Need to double-check it though...
Updated by Yuri Pankov about 12 years ago
- Assignee set to Yuri Pankov
- % Done changed from 0 to 50
Updated by Rich Lowe about 12 years ago
- Category set to cifs - CIFS server and client
- Status changed from New to Resolved
- % Done changed from 50 to 100
- Tags deleted (
needs-triage)
Resolved in r13500 commit:f077aa5fa57c