Date: Mon, 12 Nov 2007 19:10:02 GMT From: Bob Van Zant <bob@veznat.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/117773: 'w -n' still dispalys names for IPv6 connections Message-ID: <200711121910.lACJA2aI018039@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/117773; it has been noted by GNATS. From: Bob Van Zant <bob@veznat.com> To: bug-followup@FreeBSD.org, petefrench@ticketswitch.com Cc: Subject: Re: bin/117773: 'w -n' still dispalys names for IPv6 connections Date: Tue, 13 Nov 2007 00:18:03 +0530 I did manage to repro this and have found that what's in /var/run/utmp contains the hostname of the connected host, not the IP (or IPv6) address. I think pam_lastlog is what keeps utmp current and this comes from pam_lastlog.c::pam_sm_open_session(). The IP address that should be written comes in via pam_handle_t. It appears that pam_lastlog.c simply dumps whatever comes in for PAM_RHOST. Digging down into openpam we see that PAM_RHOST is "The name of the applicant's host." Falling back up into OpenSSH's auth-pam.c we see that it sets PAM_RHOST to the remote name or IP (get_remote_name_or_ip()). So this sets up pam_lastlog to log the hostname if it knows it and only if it can't find the reverse name it logs the IP. The gist of this is, quite simply, that what's in /var/run/utmp is correct. It is supposed to be the hostname, if known and otherwise the IP address. w(1) -n does exactly what it's supposed to: it does "not attempt to resolve network addresses." So rest assured that no reverse DNS queries are being done even though hostnames are showing up. All of that said I believe this bug can be closed without doing any work. -Bob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711121910.lACJA2aI018039>