150502 – authd maps IPv6 to IPv4 interactively but not from xinetd

Bug 150502 - authd maps IPv6 to IPv4 interactively but not from xinetd

Summary: authd maps IPv6 to IPv4 interactively but not from xinetd

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	authd
Sub Component:
Version:	3
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Martin Stransky
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-03-07 20:33 UTC by Tom Lane
Modified:	2013-07-03 03:03 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-06-24 14:26:02 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tom Lane 2005-03-07 20:33:15 UTC

Description of problem:
This is a continuation of bug #139956.  That was closed NOTABUG but
on further experimentation I am conviced there is something wrong
with authd's handling of IPv6 mapped connections.  It seems to work
fine when invoked manually, but it does NOT find the connections
when invoked via xinetd.

Version-Release number of selected component (if applicable):
authd-1.4.3-1

How reproducible:
100%

Steps to Reproduce:
1. Set up a loopback connection with, eg, telnet 127.0.0.1

2. Use lsof or your favorite tool to determine local and remote
port numbers.  Here I got 37493,23.

3. Interactive invocation of authd works, and so does xinetd:
$ /usr/sbin/in.authd --xerror --os  37493,23
37493 , 23 : USERID : Linux :tgl

$ telnet localhost 113
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
37493,23
37493 , 23 : USERID : Linux :tgl
Connection closed by foreign host.

4. Now try it with IPv6: telnet ::ffff:127.0.0.1

5. Again determine port numbers; I got 37495,23.

6. Interactive invocation works:
$ /usr/sbin/in.authd --xerror --os  37495,23
37495 , 23 : USERID : Linux :tgl
(But shouldn't this *fail*, since I didn't use --mapped??)

7. Through xinetd, no go:
$ telnet localhost 113
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
37495,23
37495 , 23 : ERROR :NO-USER
Connection closed by foreign host.

8. Also, it takes about five seconds for the above response to come
back, which seems way too long.

Here's my xinetd config file (and yes I did sighup xinetd)

$ cat /etc/xinetd.d/auth
# default: on
# description: The authd server handles ident protocol requests. \
# The Identification Protocol (a.k.a., "ident", a.k.a., "the Ident \
# Protocol") provides a means to determine the identity of a user of a
\
# particular TCP connection.  Given a TCP port number pair, it returns
\
# a character string which identifies the owner of that connection on
\
# the server's system. UNDERSTAND THE RISKS REGARDING PRIVACY (I.E. \
# SPAM HARVESTERS) BEFORE RUNNING THIS DAEMON WITH NO ARGUMENTS.
service auth
{
        disable = no
        socket_type     = stream
        wait            = no
        user            = ident
        cps             = 4096 10
        instances       = UNLIMITED
        server          = /usr/sbin/in.authd
        server_args     = -t60 --xerror --os --mapped=::ffff:0.0.0.0
}


Actual results:
Net result is that a service cannot identify local users if they
specify ::ffff:127.0.0.1 when connecting.

Expected results:
Should work ...

Additional info:

Comment 1 Ian Pilcher 2005-06-22 17:19:18 UTC

This bug is still present in FC4.

Note You need to log in before you can comment on or make changes to this bug.