utmp stores IP not hostname

ian j hart ianjhart at ntlworld.com
Sun Mar 10 07:32:04 GMT 2002 

ian j hart wrote:
> 
> Andrew Bartlett wrote:
> >
> > ian j hart wrote:
> > >
> > > I would like to start using wtmp for recording
> > > logons. This is with 2.2.3a under FreeBSD 4.5.
> > >
> > > It appears that session.c doesn't do a name lookup
> > > and so the IP address is stored in the wtmp file.
> > >
> > > <quote>
> > > /* Don't resolve the hostname in smbd as we can pause for a long
> > > time while waiting for DNS timeouts to occur.  The correct
> > > place to do this is in the code that displays the session
> > > information. */
> > >
> > > hostname = client_addr();
> > > </quote>
> > >
> > > Fair enough, but, we have dynamic IP addresses.
> > > Quite often I need to check on some "mischief" which
> > > happened many days ago.
> >
> > This is why I 'fixed' this in HEAD, I wasn't aware it had been broken in
> > 2.2 as well.  I've just looked at HEAD again, and I'll be making a
> > couple more changes.

Got it! I was looking at the cross reference, not the cvsweb.
Must remember to sleep :)

> >
> > > e.g. spoofing email sender.
> > > Since the hostname is in the mail header I can use
> > > "last" to find who was logged into the box at that
> > > time. I need to be able to do this even if the IP
> > > address has changed.
> > >
> > > Two questions:-
> > > Does the tdb support storing IPs AND hostnames (Or
> > > will this corrupt it)?.
> > >
> > > Is there a drop in function for the line of code above.
> > > A function like...
> > >
> > > char * client_hostname(void);
> >
> > That should be fine, the function is 'client_name()'.  In HEAD I made
> > this conditional on 'hostname lookups = yes'.  This paramater needs to
> > be moved into 2.2.
> >
> > Andrew Bartlett
> 

I've unconditionally changed this and it works okay.
Needs a slight adjustment though.

This is from last.c (FreeBSD 4.5)

/*
 * hostconv --
 *      convert the hostname to search pattern; if the supplied host
name
 *      has a domain attached that is the same as the current domain,
rip
 *      off the domain suffix since that's what login(1) does.
 */

I've confirmed this by doing

last -f /var/log/samba/wtmp -h beta.private.lan.private.lan
(sic)
which fetches records okay, whereas
last -f /var/log/samba/wtmp -h beta.private.lan
doesn't match anything.

Let's hope all versions of last do the same.

-- 
ian j hart

More information about the samba-technical mailing list