From netch@sivka.carrier.kiev.ua  Thu Oct  4 03:50:28 2001
Return-Path: <netch@sivka.carrier.kiev.ua>
Received: from sivka.carrier.kiev.ua (sivka.carrier.kiev.ua [193.193.193.101])
	by hub.freebsd.org (Postfix) with ESMTP id 0C86C37B405
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  4 Oct 2001 03:50:24 -0700 (PDT)
Received: from sivka.carrier.kiev.ua (root@sivka.carrier.kiev.ua [193.193.193.101])
        by sivka.carrier.kiev.ua (8/Kilkenny_is_better) with ESMTP id NTI04509;
        Thu, 4 Oct 2001 13:50:16 +0300 (EEST)
        (envelope-from netch@sivka.carrier.kiev.ua)
Received: (from netch@localhost)
	by sivka.carrier.kiev.ua (8) id NTI04503;
	Thu, 4 Oct 2001 13:50:16 +0300 (EEST)
	(envelope-from netch)
Message-Id: <200110041050.NTI04503@sivka.carrier.kiev.ua>
Date: Thu, 4 Oct 2001 13:50:16 +0300 (EEST)
From: Valentin Nechayev <netch@lucky.net>
Reply-To: Valentin Nechayev <netch@segfault.kiev.ua>
To: FreeBSD-gnats-submit@freebsd.org
Subject: regularly add original address logging for tcpwrappers address mismatch diagnostics
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         31034
>Category:       bin
>Synopsis:       regularly add original address logging for tcpwrappers address mismatch diagnostics
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 04 04:00:01 PDT 2001
>Closed-Date:    
>Last-Modified:  Tue Jul 10 03:41:40 UTC 2012
>Originator:     Valentin Nechayev
>Release:        FreeBSD 4.4-RELEASE-20010916 i386
>Organization:
Lucky Net Ltd.
>Environment:

FreeBSD 4.4-RELEASE
FreeBSD 5.0-CURRENT
	
>Description:

When tcp_wrappers try to obtain host name for known host address, and
paranoidal or relaxed resolving failed, it only prints part of information
to find bad address, resulting in messages similar to

Oct  4 13:42:57 sivka inetd[3393]: warning: /etc/hosts.allow, line 25: can't verify hostname: getaddrinfo(eux.kiev.ua, AF_INET) failed

which only annoy and don't help to fix the problem.

Most of this warning loggings are not part of original (Venema's)
tcp_wrappers, but were added in FreeBSD during IPv6'fication.

>How-To-Repeat:

Connect from host with bad resolving.

>Fix:

The following patch adds wanted logging to all cases when resolving fails.
In some places it can be considered superfluous, but nobody knows what
will be really needed ;)

It supposes that sock_hostaddr() is always called before sock_hostname(),
which is true for all normal usage I hope.

As the file to patch is already FreeBSD local version, there is no
harm to add patch in contrib subdirectory.

--- src/contrib/tcp_wrappers/socket.c.0	Wed Jul 11 14:47:43 2001
+++ src/contrib/tcp_wrappers/socket.c	Thu Oct  4 13:35:32 2001
@@ -225,8 +225,8 @@
 	if ((err = getaddrinfo(host->name, NULL, &hints, &res0)) == 0) {
 	    freeaddrinfo(res0);
 	    tcpd_warn("host name/name mismatch: "
-		      "reverse lookup results in non-FQDN %s",
-		      host->name);
+		      "reverse lookup for %s results in non-FQDN %s",
+		      host->addr, host->name);
 	    strcpy(host->name, paranoid);	/* name is bad, clobber it */
 	}
 	err = !err;
@@ -258,9 +258,10 @@
 	     * may be a transient problem or a botched name server setup.
 	     */
 
-	    tcpd_warn("can't verify hostname: getaddrinfo(%s, %s) failed",
+	    tcpd_warn("can't verify hostname: getaddrinfo(%s, %s) failed for %s",
 		      host->name,
-		      (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6");
+		      (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6",
+		      host->addr);
 
 	} else if ((res0->ai_canonname == NULL
 		    || STR_NE(host->name, res0->ai_canonname))
@@ -272,9 +273,10 @@
 	     * problem. It could also be that someone is trying to spoof us.
 	     */
 
-	    tcpd_warn("host name/name mismatch: %s != %.*s",
+	    tcpd_warn("host name/name mismatch: %s != %.*s, addr=%s",
 		      host->name, STRING_LENGTH,
-		      (res0->ai_canonname == NULL) ? "" : res0->ai_canonname);
+		      (res0->ai_canonname == NULL) ? "" : res0->ai_canonname,
+		      host->addr);
 
 	} else {
 
@@ -317,9 +319,10 @@
 
 	    getnameinfo(sin, salen, hname, sizeof(hname),
 			NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID);
-	    tcpd_warn("host name/address mismatch: %s != %.*s",
+	    tcpd_warn("host name/address mismatch: %s != %.*s, origaddr=%s",
 		      hname, STRING_LENGTH,
-		      (res0->ai_canonname == NULL) ? "" : res0->ai_canonname);
+		      (res0->ai_canonname == NULL) ? "" : res0->ai_canonname,
+		      host->addr);
 	}
 	strcpy(host->name, paranoid);		/* name is bad, clobber it */
 	if (res0)
@@ -363,8 +366,8 @@
 	     * may be a transient problem or a botched name server setup.
 	     */
 
-	    tcpd_warn("can't verify hostname: gethostbyname(%s) failed",
-		      host->name);
+	    tcpd_warn("can't verify hostname: gethostbyname(%s) failed for origaddr %s",
+		      host->name, host->addr);
 
 	} else if (STR_NE(host->name, hp->h_name)
 		   && STR_NE(host->name, "localhost")) {
@@ -375,8 +378,8 @@
 	     * problem. It could also be that someone is trying to spoof us.
 	     */
 
-	    tcpd_warn("host name/name mismatch: %s != %.*s",
-		      host->name, STRING_LENGTH, hp->h_name);
+	    tcpd_warn("host name/name mismatch: %s != %.*s, addr=%s",
+		      host->name, STRING_LENGTH, hp->h_name, host->addr);
 
 	} else {
 
@@ -400,8 +403,9 @@
 	     * server.
 	     */
 
-	    tcpd_warn("host name/address mismatch: %s != %.*s",
-		      inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
+	    tcpd_warn("host name/address mismatch: %s != %.*s, origaddr=%s",
+		      inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name,
+		      host->addr);
 	}
 	strcpy(host->name, paranoid);		/* name is bad, clobber it */
     }
>Release-Note:
>Audit-Trail:

From: Valentin Nechayev <netch@netch.kiev.ua>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/31034: regularly add original address logging for tcpwrappers a ddress mismatch diagnostics
Date: Wed, 9 Jan 2002 14:59:15 +0200

 I want to update the patch from original report.
 Now it uses syslog(allow_severity,...) instead of tcpd_warn(), because
 tcpd_warn() uses LOG_ERR always, which is quite unreasonable fixed and too
 high for this problem.
 
 --- socket.c.0	Wed Jul 11 14:47:43 2001
 +++ socket.c	Wed Jan  9 12:38:59 2002
 @@ -224,9 +224,9 @@
  	hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST;
  	if ((err = getaddrinfo(host->name, NULL, &hints, &res0)) == 0) {
  	    freeaddrinfo(res0);
 -	    tcpd_warn("host name/name mismatch: "
 -		      "reverse lookup results in non-FQDN %s",
 -		      host->name);
 +	    syslog(allow_severity, "host name/name mismatch: "
 +		      "reverse lookup for %s results in non-FQDN %s",
 +		      host->addr, host->name);
  	    strcpy(host->name, paranoid);	/* name is bad, clobber it */
  	}
  	err = !err;
 @@ -258,9 +258,11 @@
  	     * may be a transient problem or a botched name server setup.
  	     */
  
 -	    tcpd_warn("can't verify hostname: getaddrinfo(%s, %s) failed",
 +	    syslog(allow_severity,
 +		"can't verify hostname: getaddrinfo(%s, %s) failed for %s",
  		      host->name,
 -		      (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6");
 +		      (sin->sa_family == AF_INET) ? "AF_INET" : "AF_INET6",
 +		      host->addr);
  
  	} else if ((res0->ai_canonname == NULL
  		    || STR_NE(host->name, res0->ai_canonname))
 @@ -272,9 +274,10 @@
  	     * problem. It could also be that someone is trying to spoof us.
  	     */
  
 -	    tcpd_warn("host name/name mismatch: %s != %.*s",
 +	    syslog(allow_severity, "host name/name mismatch: %s != %.*s, addr=%s",
  		      host->name, STRING_LENGTH,
 -		      (res0->ai_canonname == NULL) ? "" : res0->ai_canonname);
 +		      (res0->ai_canonname == NULL) ? "" : res0->ai_canonname,
 +		      host->addr);
  
  	} else {
  
 @@ -317,9 +320,11 @@
  
  	    getnameinfo(sin, salen, hname, sizeof(hname),
  			NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID);
 -	    tcpd_warn("host name/address mismatch: %s != %.*s",
 +	    syslog(allow_severity,
 +		"host name/address mismatch: %s != %.*s, origaddr=%s",
  		      hname, STRING_LENGTH,
 -		      (res0->ai_canonname == NULL) ? "" : res0->ai_canonname);
 +		      (res0->ai_canonname == NULL) ? "" : res0->ai_canonname,
 +		      host->addr);
  	}
  	strcpy(host->name, paranoid);		/* name is bad, clobber it */
  	if (res0)
 @@ -363,8 +368,9 @@
  	     * may be a transient problem or a botched name server setup.
  	     */
  
 -	    tcpd_warn("can't verify hostname: gethostbyname(%s) failed",
 -		      host->name);
 +	    syslog(allow_severity,
 +		"can't verify hostname: gethostbyname(%s) failed for origaddr %s",
 +		      host->name, host->addr);
  
  	} else if (STR_NE(host->name, hp->h_name)
  		   && STR_NE(host->name, "localhost")) {
 @@ -375,8 +381,8 @@
  	     * problem. It could also be that someone is trying to spoof us.
  	     */
  
 -	    tcpd_warn("host name/name mismatch: %s != %.*s",
 -		      host->name, STRING_LENGTH, hp->h_name);
 +	    syslog(allow_severity, "host name/name mismatch: %s != %.*s, addr=%s",
 +		      host->name, STRING_LENGTH, hp->h_name, host->addr);
  
  	} else {
  
 @@ -400,8 +406,10 @@
  	     * server.
  	     */
  
 -	    tcpd_warn("host name/address mismatch: %s != %.*s",
 -		      inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
 +	    syslog(allow_severity,
 +		"host name/address mismatch: %s != %.*s, origaddr=%s",
 +		      inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name,
 +		      host->addr);
  	}
  	strcpy(host->name, paranoid);		/* name is bad, clobber it */
      }
Responsible-Changed-From-To: freebsd-bugs->dwmalone 
Responsible-Changed-By: iedowse 
Responsible-Changed-When: Sun Dec 1 10:49:23 PST 2002 
Responsible-Changed-Why:  

dwmalone says he'll have a look at this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=31034 
Responsible-Changed-From-To: dwmalone->freebsd-bugs 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Tue Jul 10 03:41:39 UTC 2012 
Responsible-Changed-Why:  
over to the pool (approved by bugmeister) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=31034 
>Unformatted:
