From petefrench@ticketswitch.com Fri Nov 2 20:14:03 2007 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D4CE16A469 for ; Fri, 2 Nov 2007 20:14:03 +0000 (UTC) (envelope-from petefrench@ticketswitch.com) Received: from angel.ticketswitch.com (angel.ticketswitch.com [IPv6:2002:57e0:1d4e::1]) by mx1.freebsd.org (Postfix) with ESMTP id 3DFB313C4A7 for ; Fri, 2 Nov 2007 20:14:03 +0000 (UTC) (envelope-from petefrench@ticketswitch.com) Received: from smaug.rattatosk ([10.50.50.2]) by angel.ticketswitch.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.67 (FreeBSD)) (envelope-from ) id 1InydH-0002pW-Ro for FreeBSD-gnats-submit@freebsd.org; Fri, 02 Nov 2007 15:40:27 +0000 Received: from dilbert.rattatosk ([10.50.50.6] helo=dilbert.ticketswitch.com) by smaug.rattatosk with esmtp (Exim 4.67 (FreeBSD)) (envelope-from ) id 1InydH-000PUN-Pg for FreeBSD-gnats-submit@freebsd.org; Fri, 02 Nov 2007 15:40:27 +0000 Received: from petefrench by dilbert.ticketswitch.com with local (Exim 4.68 (FreeBSD)) (envelope-from ) id 1InydH-0004qg-OL for FreeBSD-gnats-submit@freebsd.org; Fri, 02 Nov 2007 15:40:27 +0000 Message-Id: Date: Fri, 02 Nov 2007 15:40:27 +0000 From: Pete French Reply-To: Pete French To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: 'w -n' still dispalys names for IPv6 connections X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 117773 >Category: bin >Synopsis: w(1): 'w -n' still displays names for IPv6 connections, not numbers >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Nov 02 20:20:01 UTC 2007 >Closed-Date: Fri Nov 21 04:08:37 UTC 2008 >Last-Modified: Fri Nov 21 04:08:37 UTC 2008 >Originator: Pete French >Release: FreeBSD 6.3-PRERELEASE i386 >Organization: TicketSwitch Ltd >Environment: System: FreeBSD dilbert.rattatosk 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #0: Fri Nov 2 12:44:50 GMT 2007 petefrench@dilbert.rattatosk:/usr/obj/usr/src/sys/DILBERT i386 >Description: Login to a machine over ssh or telnet. Typing 'w' shows the logged in users, along with the machine they are logging in from. Typing 'w -n' should give the same information, but without resolving the IP addresses to names. This works for IPv4 connections, but not for IPv6 >How-To-Repeat: Login over an IPv6 connection and observe the output of 'w -n' compared to logging in over IPv4 >Fix: >Release-Note: >Audit-Trail: From: bob To: bug-followup@FreeBSD.org, petefrench@ticketswitch.com Cc: Subject: Re: bin/117773: 'w -n' still dispalys names for IPv6 connections Date: Thu, 8 Nov 2007 6:34:41 -0800 I tried reproducing this bug hoping to be able to fix it but had a little bit of trouble reproducing it. From what I can see on RELENG_7 and RELENG_6 the -n flag will work the same way for IPv4 and IPv6. In the case that -n is set w(1) just reads from /var/run/utmp and basically dumps the address that's written there. On my machine I'm seeing IPv6 addresses being written into /var/run/utmp and w(1) is working as designed. If I ssh to ::1 or 127.0.0.1 then localhost is written to /var/run/utmp and `w -n` prints localhost even though I said -n. I'm wondering if you can share part of your utmp file to verify that the hostname is being written in to that file rather than the IPv6 address? If there is a bug here I believe that it's in whatever writes to /var/run/utmp, not w(1). -Bob From: Bob Van Zant To: bug-followup@FreeBSD.org, petefrench@ticketswitch.com Cc: Subject: Re: bin/117773: 'w -n' still dispalys names for IPv6 connections Date: Tue, 13 Nov 2007 00:18:03 +0530 I did manage to repro this and have found that what's in /var/run/utmp contains the hostname of the connected host, not the IP (or IPv6) address. I think pam_lastlog is what keeps utmp current and this comes from pam_lastlog.c::pam_sm_open_session(). The IP address that should be written comes in via pam_handle_t. It appears that pam_lastlog.c simply dumps whatever comes in for PAM_RHOST. Digging down into openpam we see that PAM_RHOST is "The name of the applicant's host." Falling back up into OpenSSH's auth-pam.c we see that it sets PAM_RHOST to the remote name or IP (get_remote_name_or_ip()). So this sets up pam_lastlog to log the hostname if it knows it and only if it can't find the reverse name it logs the IP. The gist of this is, quite simply, that what's in /var/run/utmp is correct. It is supposed to be the hostname, if known and otherwise the IP address. w(1) -n does exactly what it's supposed to: it does "not attempt to resolve network addresses." So rest assured that no reverse DNS queries are being done even though hostnames are showing up. All of that said I believe this bug can be closed without doing any work. -Bob From: Pete French To: bob@norcalttora.com, bug-followup@FreeBSD.org Cc: Subject: Re: bin/117773: 'w -n' still dispalys names for IPv6 connections Date: Sat, 08 Dec 2007 13:29:48 +0000 > I tried reproducing this bug hoping to be able to fix it but had > a little bit of trouble reproducing it. From what I can see on > RELENG_7 and RELENG_6 the -n flag will work the same way for IPv4 > and IPv6. In the case that -n is set w(1) just reads from /var/run/utmp > and basically dumps the address that's written there. Sorry for not getting back to you before now! Had lost this email in a pile of about 400 others. Thanks for starting to look at the issue for me. I suspect you are right, and that something is back resolving the hostnames before writing them into the utmp file. 'last' has the same erreft - downs the hostnames if the resolve. > I'm wondering if you can share part of your utmp file to verify > that the hostname is being written in to that file rather than the > IPv6 address? Sure - heres todays from a 6.2-STABLE machine with the same problem http://toybox.twisted.org.uk/~pete/utmp.gz The login from dilbert.ticketswitch.com should be comming from 2002:57e0:1d4e:1:20e:cff:fedc:c380 cheers, -pete. State-Changed-From-To: open->closed State-Changed-By: matteo State-Changed-When: Ven 21 Nov 2008 04:05:35 UTC State-Changed-Why: w(1) is working as expected. http://www.freebsd.org/cgi/query-pr.cgi?pr=117773 >Unformatted: