From muir@idiom.com  Fri Jun 20 10:20:07 2003
Return-Path: <muir@idiom.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B0B9D37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 20 Jun 2003 10:20:07 -0700 (PDT)
Received: from idiom.com (idiom.com [216.240.32.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3A9F843F75
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 20 Jun 2003 10:20:07 -0700 (PDT)
	(envelope-from muir@idiom.com)
Received: from idiom.com (localhost [127.0.0.1])
	by idiom.com (8.12.8p1/8.12.6) with ESMTP id h5KHK6mP083213
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 20 Jun 2003 10:20:06 -0700 (PDT)
	(envelope-from muir@idiom.com)
Received: (from muir@localhost)
	by idiom.com (8.12.8p1/8.12.6/Submit) id h5KHK46E083210;
	Fri, 20 Jun 2003 10:20:04 -0700 (PDT)
	(envelope-from muir)
Message-Id: <200306201720.h5KHK46E083210@idiom.com>
Date: Fri, 20 Jun 2003 10:20:04 -0700 (PDT)
From: David Muir Sharnoff <muir@idiom.com>
Reply-To: David Muir Sharnoff <muir@idiom.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: logging domain names in wtmp is retarded
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         53560
>Category:       bin
>Synopsis:       logging domain names in wtmp is retarded
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 20 10:30:16 PDT 2003
>Closed-Date:    
>Last-Modified:  Wed Jul  9 12:10:17 PDT 2003
>Originator:     David Muir Sharnoff
>Release:        FreeBSD 4.8-RELEASE i386
>Organization:
Idiom
>Environment:
System: FreeBSD idiom.com 4.8-RELEASE FreeBSD 4.8-RELEASE #15: Thu Apr 10 13:51:32 PDT 2003 muir@staid.idiom.com:/build/obj/build/src/sys/IDIOM i386


	The fully qualified domain name is logged in wtmp.  The FQDN often
	doesn't fit and has no guarantee of accuracy.

>Description:
	
>How-To-Repeat:
	
>Fix:

	Log the domain name if it fits and the reverse matches the
	forward.  Otherwise log the IP address.


>Release-Note:
>Audit-Trail:

From: Matthew George <mdg@secureworks.net>
To: freebsd-gnats-submit@freebsd.org, muir@idiom.com
Cc:  
Subject: Re: bin/53560: logging domain names in wtmp is retarded
Date: Thu, 3 Jul 2003 17:52:14 -0400 (EDT)

 This patch will attempt to translate hostnames to IP addresses if they
 aren't going to end up fitting inside of the ll.ll_host buffer.  It
 doesn't do anything to hostnames shorter than the buffer.
 
 ===================================================================
 RCS file: /home/ncvs/src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v
 retrieving revision 1.18
 diff -r1.18 pam_lastlog.c
 59a60
 > #include <netdb.h>
 66a68,69
 > #include <arpa/inet.h>
 >
 73a77
 >       struct addrinfo *ai;
 75a80
 >       char numeric_rhost[16];
 133,134c138,149
 <               /* note: does not need to be NUL-terminated */
 <               strncpy(ll.ll_host, rhost, sizeof(ll.ll_host));
 ---
 >         {
 >           if (strlen(rhost) >= UT_HOSTSIZE && getaddrinfo(rhost, NULL, NULL, &ai) == 0)
 >             {
 >               addr2ascii(ai->ai_family, ai->ai_addr, sizeof(struct in_addr), numeric_rhost);
 >               rhost = numeric_rhost;
 >               freeaddrinfo(ai);
 >             }
 >
 >           /* note: does not need to be NUL-terminated */
 >           strncpy(ll.ll_host, rhost, sizeof(ll.ll_host));
 >         }
 >
 
 -- 
 Matthew George
 SecureWorks Technical Operations
 

From: Matthew George <mdg@secureworks.net>
To: freebsd-gnats-submit@freebsd.org, muir@idiom.com
Cc:  
Subject: Re: bin/53560: logging domain names in wtmp is retarded
Date: Thu, 3 Jul 2003 18:37:54 -0400 (EDT)

 My apologies, the last patch I sent was slightly braindead, as I was only
 considering the IPv4 case.  This patch should be used instead, as it will
 deal with any address family.  If the resolved address is longer than 16
 bytes, it will still be truncated by lastlog/utmp, but any IPv4 address
 should fit.  Perhaps someone should consider raising UT_HOSTSIZE in
 utmp.h to handle this?  IPv6 is already one of these cases, others I'm
 sure.
 
 ===================================================================
 RCS file: /home/ncvs/src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v
 retrieving revision 1.18
 diff -r1.18 pam_lastlog.c
 59a60
 > #include <netdb.h>
 66a68,69
 > #include <arpa/inet.h>
 >
 73a77
 >       struct addrinfo *ai;
 75a80
 >       char *numeric_rhost;
 133,134c138,151
 <               /* note: does not need to be NUL-terminated */
 <               strncpy(ll.ll_host, rhost, sizeof(ll.ll_host));
 ---
 >         {
 >           if (strlen(rhost) >= UT_HOSTSIZE && getaddrinfo(rhost, NULL, NULL, &ai) == 0)
 >             {
 >               numeric_rhost = addr2ascii(ai->ai_family, ai->ai_addr, ai->ai_addrlen, NULL);
 >               if (numeric_rhost != NULL)
 >                 rhost = numeric_rhost;
 >
 >               freeaddrinfo(ai);
 >             }
 >
 >           /* note: does not need to be NUL-terminated */
 >           strncpy(ll.ll_host, rhost, sizeof(ll.ll_host));
 >         }
 >
 
 
 -- 
 Matthew George
 SecureWorks Technical Operations

From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=)
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/53560
Date: Wed, 09 Jul 2003 20:59:55 +0200

 There is no point in trying to fix this in pam_lastlog(8) since there
 is no guarantee that getaddrinfo(3) will return an address at all,
 much less the correct address.  The correct fix is to modify the
 application so it passes the IP address (obtained from accept(2) or
 getpeername(2)) to PAM instead of the host name.
 
 DES
 --=20
 Dag-Erling Sm=F8rgrav - des@des.no
>Unformatted:
