Return-Path: X-Original-To: rt@krbdev.mit.edu Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (Postfix) with ESMTP id 59FFA5C00D for ; Wed, 17 Jun 2009 00:18:26 +0000 (UTC) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n5H0IOTd017869; Tue, 16 Jun 2009 20:18:24 -0400 (EDT) Received: from [10.0.0.172] (c-66-30-113-194.hsd1.ma.comcast.net [66.30.113.194]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n5H0INFk012722 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 16 Jun 2009 20:18:23 -0400 (EDT) Message-ID: <31A248A7-9B38-4028-A692-836B824D63C6@mit.edu> From: Ken Raeburn To: rt@krbdev.mit.edu In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Subject: Re: [krbdev.mit.edu #6513] krb-1.7 kadmind not logging IP address of requests MIME-Version: 1.0 (Apple Message framework v935.3) Date: Tue, 16 Jun 2009 20:18:23 -0400 References: X-Mailer: Apple Mail (2.935.3) X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 1912 On Jun 16, 2009, at 18:08, Ed Ravin via RT wrote: > Looked a little deeper - it's this code in src/kadmin/server/schpw.c > that is kicking in: > > if (getnameinfo(ss2sa(&ss), salen, > addrbuf, sizeof(addrbuf), NULL, 0, > NI_NUMERICHOST | NI_NUMERICSERV) != 0) > strlcpy(addrbuf, "", sizeof(addrbuf)); > > And the return code from getnameinfo was 4 (name resolution failure). Since NI_NUMERICHOST means to return the numeric form of the host address and not look up a name, and NI_NUMERICSERV means to do likewise for the service/port, this sounds like a bug. Though, when no buffer for the service name is supplied, it is kind of odd to be passing the NI_NUMERICSERV flag. However, "name resolution failure" is kind of a strange way to complain about it. I just tried this little test program on my netbsd 5.0 system and it seems to work fine, printing out the address as "10.10.10.10": #include #include #include struct sockaddr_in s = { .sin_len = sizeof(s), .sin_family = AF_INET, .sin_addr = { .s_addr = 0x0a0a0a0a }, .sin_port = 47, }; char addrbuf[NI_MAXHOST]; int main () { int r = getnameinfo((struct sockaddr*)&s, sizeof s, addrbuf, sizeof(addrbuf), NULL, 0, NI_NUMERICHOST | NI_NUMERICSERV); printf("retval=%d/%s addrbuf=%s\n", r, gai_strerror(r), addrbuf); } Perhaps something else is amiss, like salen or ss.ss_len being incorrect and getnameinfo being picky? Or it's unhappy about some other field in a sockaddr_in6 structure? > I'm confused by this code, which appears in several spots in krb5 - it > seems to disable logging of source IP addresses of requests if there's > a local resolution error? Why not just show the IP address and > leave it > at that? We are, in fact, trying to do that. -- Ken Raeburn / raeburn@mit.edu / no longer at MIT Kerberos Consortium