Bug 150502 - authd maps IPv6 to IPv4 interactively but not from xinetd
authd maps IPv6 to IPv4 interactively but not from xinetd
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: authd (Show other bugs)
3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Martin Stransky
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-07 15:33 EST by Tom Lane
Modified: 2013-07-02 23:03 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-24 10:26:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tom Lane 2005-03-07 15:33:15 EST
Description of problem:
This is a continuation of bug #139956.  That was closed NOTABUG but
on further experimentation I am conviced there is something wrong
with authd's handling of IPv6 mapped connections.  It seems to work
fine when invoked manually, but it does NOT find the connections
when invoked via xinetd.

Version-Release number of selected component (if applicable):
authd-1.4.3-1

How reproducible:
100%

Steps to Reproduce:
1. Set up a loopback connection with, eg, telnet 127.0.0.1

2. Use lsof or your favorite tool to determine local and remote
port numbers.  Here I got 37493,23.

3. Interactive invocation of authd works, and so does xinetd:
$ /usr/sbin/in.authd --xerror --os  37493,23
37493 , 23 : USERID : Linux :tgl

$ telnet localhost 113
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
37493,23
37493 , 23 : USERID : Linux :tgl
Connection closed by foreign host.

4. Now try it with IPv6: telnet ::ffff:127.0.0.1

5. Again determine port numbers; I got 37495,23.

6. Interactive invocation works:
$ /usr/sbin/in.authd --xerror --os  37495,23
37495 , 23 : USERID : Linux :tgl
(But shouldn't this *fail*, since I didn't use --mapped??)

7. Through xinetd, no go:
$ telnet localhost 113
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
37495,23
37495 , 23 : ERROR :NO-USER
Connection closed by foreign host.

8. Also, it takes about five seconds for the above response to come
back, which seems way too long.

Here's my xinetd config file (and yes I did sighup xinetd)

$ cat /etc/xinetd.d/auth
# default: on
# description: The authd server handles ident protocol requests. \
# The Identification Protocol (a.k.a., "ident", a.k.a., "the Ident \
# Protocol") provides a means to determine the identity of a user of a
\
# particular TCP connection.  Given a TCP port number pair, it returns
\
# a character string which identifies the owner of that connection on
\
# the server's system. UNDERSTAND THE RISKS REGARDING PRIVACY (I.E. \
# SPAM HARVESTERS) BEFORE RUNNING THIS DAEMON WITH NO ARGUMENTS.
service auth
{
        disable = no
        socket_type     = stream
        wait            = no
        user            = ident
        cps             = 4096 10
        instances       = UNLIMITED
        server          = /usr/sbin/in.authd
        server_args     = -t60 --xerror --os --mapped=::ffff:0.0.0.0
}


Actual results:
Net result is that a service cannot identify local users if they
specify ::ffff:127.0.0.1 when connecting.

Expected results:
Should work ...

Additional info:
Comment 1 Ian Pilcher 2005-06-22 13:19:18 EDT
This bug is still present in FC4.

Note You need to log in before you can comment on or make changes to this bug.