Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 Apr 2008 23:48:12 +0100
From:      Bruce Cran <bruce@cran.org.uk>
To:        hackers@freebsd.org
Subject:   sshd patch to avoid DNS lookups when using 'UseDNS no' or -u0
Message-ID:  <4818F72C.90300@cran.org.uk>
next in thread | raw e-mail | index | archive | help 
While investigating PR bin/97499 I realised that revision 1.2 of
loginrec.c, which was in FreeBSD 4.6, introduced a DNS lookup into sshd
itself which is impossible to avoid even after specifying 'UseDNS no' or 
-u0, and which duplicates one which has already been done earlier.

The default OpenSSH behaviour is to decide whether or not to do the DNS
lookup in get_remote_name_or_ip based on both the UseDNS setting and
whether -u0 was specified on the command line.  This has the
disadvantage that unless the utmp length is specified on the command 
line the IP address may be resolved even when the hostname later has to 
be truncated to fit in the utmp record; it's this
that rev 1.2 of loginrec.c fixed.  A alternative solution which avoids 
the extra DNS lookup is to initialize the utmp_len variable in sshd.c to 
be UT_HOSTSIZE instead of MAXHOSTNAMELEN: this keeps the existing 
behaviour but still allows the user to override it
with the -u parameter.

I've attached a patch which implements this (the change to loginrec.c 
reverts it back to the default OpenSSH code) and was wondering if 
someone could take a look at it.

-- 
Bruce


  --- /usr/src/crypto/openssh/loginrec.c	2006-09-30 14:38:04.000000000 +0100
  +++ loginrec.c	2008-03-31 21:45:37.000000000 +0100
  @@ -688,8 +688,8 @@
   	strncpy(ut->ut_name, li->username,
   	    MIN_SIZEOF(ut->ut_name, li->username));
   # ifdef HAVE_HOST_IN_UTMP
  -	realhostname_sa(ut->ut_host, sizeof ut->ut_host,
  -	    &li->hostaddr.sa, li->hostaddr.sa.sa_len);
  +	strncpy(ut->ut_host, li->hostname,
  +	    MIN_SIZEOF(ut->ut_host, li->hostname));
   # endif
   # ifdef HAVE_ADDR_IN_UTMP
   	/* this is just a 32-bit IP address */


  --- /usr/src/crypto/openssh/sshd.c	2006-11-10 16:52:41.000000000 +0000
  +++ sshd.c	2008-03-31 21:45:41.000000000 +0100
  @@ -71,6 +71,7 @@
   #include <stdlib.h>
   #include <string.h>
   #include <unistd.h>
  +#include <utmp.h>

   #include <openssl/dh.h>
   #include <openssl/bn.h>
  @@ -235,7 +236,7 @@
   u_int session_id2_len = 0;

   /* record remote hostname or ip */
  -u_int utmp_len = MAXHOSTNAMELEN;
  +u_int utmp_len = UT_HOSTSIZE;

   /* options.max_startup sized array of fd ints */
   int *startup_pipes = NULL;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4818F72C.90300>