On Jun 16, 2009, at 18:08, Ed Ravin via RT wrote: > Looked a little deeper - it's this code in src/kadmin/server/schpw.c > that is kicking in: > > if (getnameinfo(ss2sa(&ss), salen, > addrbuf, sizeof(addrbuf), NULL, 0, > NI_NUMERICHOST | NI_NUMERICSERV) != 0) > strlcpy(addrbuf, "", sizeof(addrbuf)); > > And the return code from getnameinfo was 4 (name resolution failure). Since NI_NUMERICHOST means to return the numeric form of the host address and not look up a name, and NI_NUMERICSERV means to do likewise for the service/port, this sounds like a bug. Though, when no buffer for the service name is supplied, it is kind of odd to be passing the NI_NUMERICSERV flag. However, "name resolution failure" is kind of a strange way to complain about it. I just tried this little test program on my netbsd 5.0 system and it seems to work fine, printing out the address as "10.10.10.10": #include #include #include struct sockaddr_in s = { .sin_len = sizeof(s), .sin_family = AF_INET, .sin_addr = { .s_addr = 0x0a0a0a0a }, .sin_port = 47, }; char addrbuf[NI_MAXHOST]; int main () { int r = getnameinfo((struct sockaddr*)&s, sizeof s, addrbuf, sizeof(addrbuf), NULL, 0, NI_NUMERICHOST | NI_NUMERICSERV); printf("retval=%d/%s addrbuf=%s\n", r, gai_strerror(r), addrbuf); } Perhaps something else is amiss, like salen or ss.ss_len being incorrect and getnameinfo being picky? Or it's unhappy about some other field in a sockaddr_in6 structure? > I'm confused by this code, which appears in several spots in krb5 - it > seems to disable logging of source IP addresses of requests if there's > a local resolution error? Why not just show the IP address and > leave it > at that? We are, in fact, trying to do that. -- Ken Raeburn / raeburn@mit.edu / no longer at MIT Kerberos Consortium