Ubuntu
nbd package

Problems with /etc/nbd-server/allow

Bug #1009393 reported by Alkis Georgopoulos
34
This bug affects 7 people
Affects Status Importance Assigned to Milestone
nbd (Debian)
Fix Released
Unknown
nbd (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

nbd-server 1:2.9.25-2ubuntu1

I was trying to use /etc/nbd-server/allow and I hit two problems, might be bugs:

1) If I'm using the shipped /etc/nbd-server/config file and this /etc/nbd-server/conf.d/ltsp_i386.conf file:
[/opt/ltsp/i386]
exportname = /opt/ltsp/images/i386.img
readonly = true

...then /etc/nbd-server/allow isn't parsed at all, I have to specifically add this in ltsp_i386.conf:
authfile = /etc/nbd-server/allow

2) The subnet mask handling doesn't work, I made it work by swapping the bit shifting in authorized_client():
   addr.s_addr<<=32-len;
   addr.s_addr>>=32-len;
   memcpy(&cltemp,&client,sizeof(client));
   cltemp.s_addr<<=32-len;
   cltemp.s_addr>>=32-len;

...not sure if it's network-order depended or not.

Tags: patch
Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

Patch for the endianness problem.

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Bug Watch Updater (bug-watch-updater)
Changed in nbd (Debian):
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in nbd (Debian):
status: New → Confirmed
Serge Hallyn (serge-hallyn)
Changed in nbd (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Bug Watch Updater (bug-watch-updater)
Changed in nbd (Debian):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nbd - 1:3.6-1ubuntu1

---------------
nbd (1:3.6-1ubuntu1) trusty; urgency=medium

  * Fix tests failing on 32bit architectures. Closes: #735258.
 -- Matthias Klose <email address hidden> Mon, 20 Jan 2014 12:34:36 +0100

Changed in nbd (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Oleg (oleg-lzh) wrote :

Problem 1:3.7-1 nbd-server_1:3.7-1_i386.deb ubuntu trusty
authorization file:
192.168.3.28

In syslog:
connect from 192.168.3.28, assigned file is /opt/ltsp/images/i386.img
Client '192.168.3.28' is not authorized to access
Child exited with 1

Revision history for this message
Qaxi (qaxi) wrote :

Package: nbd-server
Priority: optional
Section: admin
Installed-Size: 226 kB
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: Wouter Verhelst <email address hidden>
Source: nbd
Version: 1:3.7-1
Depends: libc6 (>= 2.15), libglib2.0-0 (>= 2.26.0), debconf (>= 1.2.9) | debconf-2.0, ucf, adduser
Download-Size: 58,3 kB
Homepage: http://nbd.sourceforge.net/
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
Supported: 5y
APT-Manual-Installed: no
APT-Sources: http://cz.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

cat /etc/ltsp/nbd-server.allow
10.60.1.87
10.60.0.0/16

in syslog
nosorozec nbd_server: connect from 10.60.1.87, assigned file is /opt/ltsp/images/i386.img
nosorozec nbd_server: Client '10.60.1.87' is not authorized to access
nosorozec nbd_server: Child exited with 1

192.168.3.28

In syslog:
connect from 192.168.3.28, assigned file is /opt/ltsp/images/i386.img
Client '192.168.3.28' is not authorized to access
Child exited with 1

Revision history for this message
Aaron C. de Bruyn (darkpixel2k) wrote :

I'm definitely still affected by this, and I'm running the latest version of nbd-server (just did an apt-get update && apt-get dist-upgrade a few minutes ago).

root@ltsp:~# dpkg -l | grep -i nbd
ii nbd-server 1:3.7-1ubuntu0.1 amd64 Network Block Device protocol - server
root@ltsp:~#

Jan 12 10:07:52 crfr-ltsp nbd_server[10891]: Spawned a child process
Jan 12 10:07:52 crfr-ltsp nbd_server[3471]: virststyle ipliteral
Jan 12 10:07:52 crfr-ltsp nbd_server[3471]: connect from 192.168.40.102, assigned file is /opt/ltsp/images/i386.img
Jan 12 10:07:52 crfr-ltsp nbd_server[3471]: Client '192.168.40.102' is not authorized to access
Jan 12 10:07:52 crfr-ltsp nbd_server[10891]: Child exited with 1

root@crfr-ltsp:~# cat /etc/ltsp/nbd-server.allow
192.168.40.0/24
root@crfr-ltsp:~#

Revision history for this message
icold (andrewcaveman) wrote :

Same here. This is still an issue. It ignores the /etc/ltsp/nbd-server.allow

Mar 22 12:09:09 ltsp01 nbd_server[851]: Spawned a child process
Mar 22 12:09:09 ltsp01 nbd_server[1163]: virststyle ipliteral
Mar 22 12:09:09 ltsp01 nbd_server[1163]: connect from 172.20.15.29, assigned file is /opt/ltsp/images/amd64.img
Mar 22 12:09:09 ltsp01 nbd_server[1163]: Client '172.20.15.29' is not authorized to access
Mar 22 12:09:09 ltsp01 nbd_server[851]: Child exited with 1

root@ltsp01:/var/log$ cat /etc/ltsp/nbd-server.allow
172.20.15.29

It's not just the subnet mask, it ignores anything in the file.

root@ltsp01:/var/log$ cat /etc/nbd-server/conf.d/ltsp_amd64.conf
[/opt/ltsp/amd64]
exportname = /opt/ltsp/images/amd64.img
readonly = true
authfile = /etc/ltsp/nbd-server.allow

Revision history for this message
Dominique Ramaekers (dominique-ramaekers) wrote :

The same for me.

I need to specify the authfile in every /etc/nbd-server/conf-d file to get it parsed (I don't mind so much about this).

More importantly, the ip-adresses in the authfile is ignored...

administrator@CmsrvVH3:/etc/nbd-server$ cat nbd_server.allow
127.0.0.1
10.3.1.3
10.3.1.10

administrator@CmsrvVH3:/etc/nbd-server$ cat conf.d/CmsrvSQL2-MIRROR.conf
[CmsrvSQL2-MIRROR]
 exportname = /dev/CmsrvVH3-vg/CmsrvSQL2-MIRROR
 authfile = /etc/nbd-server/nbd_server.allow

administrator@CmsrvVH3:/etc/nbd-server$ cat /var/log/syslog | tail
Mar 28 18:34:56 CmsrvVH3 systemd[1]: Stopped LSB: Network Block Device server.
Mar 28 18:34:58 CmsrvVH3 systemd[1]: Starting LSB: Network Block Device server...
Mar 28 18:34:58 CmsrvVH3 nbd-server[31040]: nbd-server.
Mar 28 18:34:58 CmsrvVH3 systemd[1]: Started LSB: Network Block Device server.
Mar 28 18:35:01 CmsrvVH3 CRON[31045]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Mar 28 18:35:02 CmsrvVH3 nbd_server[31043]: Spawned a child process
Mar 28 18:35:02 CmsrvVH3 nbd_server[31047]: virtstyle ipliteral
Mar 28 18:35:02 CmsrvVH3 nbd_server[31047]: connect from 10.3.1.3, assigned file is /dev/CmsrvVH3-vg/CmsrvSQL2-MIRROR
Mar 28 18:35:02 CmsrvVH3 nbd_server[31047]: Client '10.3.1.3' is not authorized to access
Mar 28 18:35:02 CmsrvVH3 nbd_server[31043]: Child exited with 1

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.