From cheek@mars-systems.com Tue Jul 3 09:55:22 2001 Received: from mars-systems.com (porky.mars-systems.com [150.212.17.5]) by underdog.stansell.org (8.11.4/8.11.4) with ESMTP id f63GtLZ00689 for ; Tue, 3 Jul 2001 09:55:22 -0700 (PDT) Received: from mars-systems.com (farnham.mars-systems.com [150.212.17.233]) by mars-systems.com (8.9.3+Sun/8.9.1) with ESMTP id MAA12840 for ; Tue, 3 Jul 2001 12:55:38 -0400 (EDT) Message-ID: <3B41F8F0.76C05A8@mars-systems.com> Date: Tue, 03 Jul 2001 12:55:12 -0400 From: Matthew Cheek X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.16-22 i686) X-Accept-Language: en MIME-Version: 1.0 To: users@conserver.com Subject: Line-oriented timestamps in conserver 7.0.2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: I just upgraded from 6.15 to 7.0.2 and was looking forward to line-oriented timestamps in the logs. I set the logging to "1l" (one-el) to get the timestamp on every line of console output. However, I see some peculiar behavior with this setting. Here is a sample session with no line-oriented timestamps from the log where I login, cat the /etc/group file, and logout: ============= nova01 console login: cheek^M Password: ^M Last login: Mon Jul 2 16:24:36 on console^M Sun Microsystems Inc. SunOS 5.8 Generic February 2000^M nova01[/home/cheek] cat /etc/group^M root::0:root^M other::1:^M bin::2:root,bin,daemon^M sys::3:root,bin,sys,adm^M adm::4:root,adm,daemon^M uucp::5:root,uucp^M mail::6:root^M tty::7:root,tty,adm^M lp::8:root,lp,adm^M nuucp::9:root,nuucp^M staff::10:^M daemon::12:root,daemon^M sysadmin::14:^M nobody::60001:^M noaccess::60002:^M nogroup::65534:^M nova01[/home/cheek] exit^M ^M^M nova01 console login: =============== Here is a session where I do the same steps as above after enabling line-oriented timestamps (1 per line) and stop/restart conserver: =============== [Mon Jul 2 16:24:04 2001]nova01 console login: p^?{^A^?{^C^?{ coheek^M [Mon Jul 2 16:24:30 2001]Password: ^M [Mon Jul 2 16:24:36 2001]eLast login: Mon Jul 2 16:11:18 on console^M [Mon Jul 2 16:24:36 2001]Sun Microsystems Inc. SunOS 5.8 Generic Februa ry 2000^M [Mon Jul 2 16:24:41 2001]nova01[/home/cheek] c1a1t1 1/1e1t1c1/1g1r1o1u1p1^M [Mon Jul 2 16:24:42 2001]0root::0:root^M [Mon Jul 2 16:24:43 2001]other::1:^M [Mon Jul 2 16:24:43 2001]bin::2:root,bin,daemon^M [Mon Jul 2 16:24:43 2001]sys::3:root,bin,sys,adm^M [Mon Jul 2 16:24:43 2001]adm::4:root,adm,daemon^M [Mon Jul 2 16:24:43 2001]uucp::5:root,uucp^M [Mon Jul 2 16:24:43 2001]maiol::6:root^M [Mon Jul 2 16:24:43 2001]tty::7:root,tty,adm^M [Mon Jul 2 16:24:43 2001]lp::8:root,lp,adm^M [Mon Jul 2 16:24:43 2001]nuucp::9:root,nuucp^M [Mon Jul 2 16:24:43 2001]staff::10:^M [Mon Jul 2 16:24:43 2001]daemon::1m2:root,daemon^M [Mon Jul 2 16:24:43 2001]sysadmin::14:^M [Mon Jul 2 16:24:43 2001]nobody::60001:^M [Mon Jul 2 16:24:43 2001]noaccess::60002:^M [Mon Jul 2 16:24:43 2001]nogroup::65534:^M [Mon Jul 2 16:24:43 2001]nova01[/home/cheek] esxsists^M [Mon Jul 2 16:24:44 2001]nova01 console login: ================= The curious thing is my typing in the logfile. When I have 1 timestamp per line, my command "cat /etc/group" looks like "c1a1t1 1/1e1t1c1/1g1r1o1u1p1" and my "exit" looks like "esxsists". Anyone have any ideas? Here is my conserver configuration: $ conserver -V conserver (15939): conserver.com version 7.0.2 conserver (15939): default access type `r' conserver (15939): default escape sequence `^Ec' conserver (15939): configuration in `/usr/local/etc/conserver.cf' conserver (15939): password in `/usr/local/etc/conserver.passwd' conserver (15939): pidfile in `/var/run/conserver.pid' conserver (15939): limited to 32 groups with 16 members conserver (15939): high-bit of data stripped (7-bit clean) conserver (15939): on port 782 Note that I originally compiled conserver with 8bit on and saw the exact same behavior. (I tried recompiling with 8bit off hoping this was the problem. :-) Matt -- Matthew Cheek | Medical Archival Systems, Inc. (A/K/A MARS) Systems Analyst III | 1370 Beulah Road | Pittsburgh, PA 15235-5084 cheek@mars-systems.com | v: 412-473-6565 | f: 412-473-6538 From bryan@stansell.org Tue Jul 3 11:17:34 2001 Received: (from bryan@localhost) by underdog.stansell.org (8.11.4/8.11.4) id f63IHYc04536 for users@conserver.com; Tue, 3 Jul 2001 11:17:34 -0700 (PDT) Date: Tue, 3 Jul 2001 11:17:34 -0700 From: Bryan Stansell To: users@conserver.com Subject: Re: Line-oriented timestamps in conserver 7.0.2 Message-ID: <20010703111734.U20104@underdog.stansell.org> References: <3B41F8F0.76C05A8@mars-systems.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B41F8F0.76C05A8@mars-systems.com>; from cheek@mars-systems.com on Tue, Jul 03, 2001 at 12:55:12PM -0400 Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: On Tue, Jul 03, 2001 at 12:55:12PM -0400, Matthew Cheek wrote: > I just upgraded from 6.15 to 7.0.2 and was looking forward to > line-oriented timestamps in the logs. I set the logging to "1l" (one-el) > to get the timestamp on every line of console output. However, I see > some peculiar behavior with this setting. Here is a sample session with > Anyone have any ideas? Oy! Talk about feeling like an idiot - I let the code out with an "off by 1" bug. Here's a patch for 7.0.2 that fixes the bug (and it is only if line-oriented timestamps are enabled). Sorry about that folks. Thanks for testing the code Matt! :-/ *** conserver-7.0.2/conserver/group.c.old Fri Jun 15 11:34:18 2001 --- conserver-7.0.2/conserver/group.c Tue Jul 3 11:12:56 2001 *************** *** 272,279 **** } } } ! if ( i <= j ) { ! (void)write(pCE->fdlog, s+i, j-i+1); } } --- 272,279 ---- } } } ! if ( i < j ) { ! (void)write(pCE->fdlog, s+i, j-i); } } Bryan From bryan@stansell.org Thu Jul 5 09:47:42 2001 Received: (from bryan@localhost) by underdog.stansell.org (8.11.4/8.11.4) id f65GlgF03795; Thu, 5 Jul 2001 09:47:42 -0700 (PDT) Date: Thu, 5 Jul 2001 09:47:42 -0700 From: Bryan Stansell To: users@conserver.com, announce@conserver.com Subject: conserver 7.0.3 is available Message-ID: <20010705094742.C20104@underdog.stansell.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: Well folks, 7.0.3 is definitely a variety pack of changes. The only true bug fix is the "off by 1" error that was in 7.0.2. Everything else is dead code removal, documentation updates (things kinda match reality now), compatibility changes, and some VERY cool new features! If anyone has any questions, just ask. I hope you all enjoy it! version 7.0.3 (Jul 5, 2001): - "Off by 1" bug in 7.0.2 line-oriented timestamp code fixed (extra chars in logfile) reported by Matthew Cheek - TODO file added to distribution - 'attached', 'detached', and 'bumped' actions now written to console logs that have 'a' in timestamp-spec field - Default timestamp specification with TIMESTAMP= in .cf file - config file much more forgiving about whitespace in fields - gethostbyaddr() failures are no longer fatal - Added -M for server to specify the address to listen on - Added -p option to client and server to specify the port to connect to and listen on (--with-port still sets the default) - Added logfile output when going into daemon mode - Added --with-logfile to configure - Added -L to override compile-time logfile location - SIGHUP reopens this logfile as well as previous behavior - Run as root only restriction removed - warning now (if necessary) - More #defines for FreeBSD compatibility - Using inet_ntoa() now instead of peeking at bytes - Fixed up -V (and -Vv) output for client and server - Increased conserver.passwd read buffer (CheckPasswd()) - Removed DO_VIRTUAL #if's - always build that code now - Removed ORIGINAL_CODE #if's (old non-CIDR access list parsing) - Changed undocumented -p option to -P in console client - man pages updated to reflect a little more reality Bryan Stansell From Ernie.Oporto@viragelogic.com Fri Jul 6 07:30:09 2001 Received: from viragelogic.com ([209.101.115.247]) by underdog.stansell.org (8.11.4/8.11.4) with ESMTP id f66EU9Z16178 for ; Fri, 6 Jul 2001 07:30:09 -0700 (PDT) Received: by viragelogic.com; id KAA18112; Fri, 6 Jul 2001 10:31:13 -0400 (EDT) Received: from nodnsquery(129.200.11.40) by webshield.viragelogic.com via smap (V1.0) id xma018101; Fri, 6 Jul 01 10:31:03 -0400 From: "Ernie Oporto" To: Subject: resolving hostnames Date: Fri, 6 Jul 2001 10:30:03 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <20010705094742.C20104@underdog.stansell.org> Importance: Normal Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am running conserver 7.0.3 on Red Hat 7 and this is a problem I've had since the 6.0 versions. For some reason, a line in conserver.cf like this works, allow: 127.0.0.1 129.200.11.69 129.200.11.10 129.200.11.40 129.200.11.128 but a line like this does not allow: 127.0.0.1 viragelogic.com nj.viragelogic.com Ideally I will not give the entire domain client access to this machine, but no DNS hostnames seem to work at all, so I thought this would be the best place to start. Ernie -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 iQA/AwUBO0XLaiR82yCKxinQEQID3QCfajcYiNSyoLU2h4Gcz9vMGTtecBUAnifg EWau+4gzE2aMul6hRybJnpVm =LzRu -----END PGP SIGNATURE----- From bryan@stansell.org Fri Jul 6 13:04:54 2001 Received: (from bryan@localhost) by underdog.stansell.org (8.11.4/8.11.4) id f66K4sG18972 for users@conserver.com; Fri, 6 Jul 2001 13:04:54 -0700 (PDT) Date: Fri, 6 Jul 2001 13:04:54 -0700 From: Bryan Stansell To: users@conserver.com Subject: Re: resolving hostnames Message-ID: <20010706130454.L20104@underdog.stansell.org> References: <20010705094742.C20104@underdog.stansell.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from Ernie.Oporto@viragelogic.com on Fri, Jul 06, 2001 at 10:30:03AM -0400 Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: So, this is how the host checking is done. First, the server takes the IP address of the client and tries to look up it's hostname. It then walks through the access list and tries to find a match with either thing. The client hostname is also repeatedly pruned ('host.domain.com' becomes 'domain.com' and then just 'com') and checked as well. So, in theory, if the ip address can be mapped to a hostname and you have viragelogic.com in the access list, it should match. One thing you *can* see with debugging output is the access list matching code. With 7.0.3, you can (as yourself, not even root) do 'conserver -n -p 7777 -C /tmp/conserver.cf -D' and then connect to the test conserver with 'console -p 7777 -w'. The conserver.cf file could be something as simple as two lines: %% allow: 127.0.0.1 viragelogic.com nj.viragelogic.com If you use this example, you'll get an unexpected message from the client about master forwarding being broken - but it gets you the debugging output. It will look something like: conserver (18871): DEBUG: Access check: hostname=localhost, ip=127.0.0.1 conserver (18871): DEBUG: Access check: who=localhost, trust=a followed by this: conserver (18871): DEBUG: Access check: name=localhost or: conserver (18871): DEBUG: Access check: host=7f000001(7f000001/ffffffff) conserver (18871): DEBUG: Access check: acl=a0a0a0a(a0a0a0a/ffffffff) The hostname= and ip= are the client hostname and ip address (hostname based on reverse lookup of ip). You'll see multiple sets of the next data. First is who= and trust=, which are the entries in the access list and their trust type. The name= entries will be the hostname in it's various pruned forms. The host= and acl= entries are the client ip address and access list ip address in hex form. So, for access to be granted, the who= and name= lines need to match or the host= and acl= lines need to be the same. Feel free to send me the debug output if you need help figuring out why things aren't matching. But it is up to the server to do all the lookups, and if it can't rev map the ip to a hostname, no hostnames can be used in the config file. Well, there's a longer-than-expected "answer". Hope it helps. Bryan On Fri, Jul 06, 2001 at 10:30:03AM -0400, Ernie Oporto wrote: > I am running conserver 7.0.3 on Red Hat 7 and this is a problem I've > had since the 6.0 versions. For some reason, a line in conserver.cf > like this works, > > allow: 127.0.0.1 129.200.11.69 129.200.11.10 129.200.11.40 > 129.200.11.128 > > but a line like this does not > > allow: 127.0.0.1 viragelogic.com nj.viragelogic.com > > Ideally I will not give the entire domain client access to this > machine, but no DNS hostnames seem to work at all, so I thought this > would be the best place to start. > > Ernie From bryan@stansell.org Thu Jul 26 17:05:26 2001 Received: (from bryan@localhost) by underdog.stansell.org (8.11.4/8.11.4) id f6R05Qo18376; Thu, 26 Jul 2001 17:05:26 -0700 (PDT) Date: Thu, 26 Jul 2001 17:05:26 -0700 From: Bryan Stansell To: users@conserver.com, announce@conserver.com Subject: 7.1.0 released Message-ID: <20010726170526.A17925@underdog.stansell.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: users-admin@conserver.com Errors-To: users-admin@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Conserver Users List-Unsubscribe: , List-Archive: Hello all! We'll, I'm finally packaging up version 7.1.0. There are two important things to realize about this version. First, there have been a lot of changes, enhancements, and a couple bug fixes (some very cool stuff - check out the list below). Second, to upgrade, you *must* upgrade both the client and server - this version is not backward compatible with previous versions. I hated to do that, but it was necessary since there were some fairly nasty bugs that couldn't be fixed without it. Here's the info about upgrading from the INSTALL file: - The client/server protocol has changed. You *MUST* use a 7.1.0 client with a 7.1.0 and above server. A 7.1.0 client is *not* backward compatible with a pre-7.1.0 server. - Some of the flags in the client (-d, -D, and -r) and server (-n) have been given new identities to make the client and server flags more uniform. - The conserver.passwd file now uses the first username match to determine access rights - if you have multiple instances of a username in an existing password file, they must be combined into one to continue to work. Here's a list of systems that have been known to successfully compile conserver 7.1.0: - Solaris 2.5.1 thru 8 (sparc/x86), gcc - BSDI 3.X, gcc - MacOS X - Linux 2.2.18 (x86), gcc - Linux 2.4.2 (x86), gcc - FreeBSD 4.2 (x86), gcc - cygwin (w2k),gcc 2.95.3 - DEC Tru64 4.0, gcc - DEC Tru64 4.0/5.1, DEC cc - HP-UX 10.20, gcc And, as always, here's the list of changes. Enjoy! version 7.1.0 (Jul 26, 2001): - Hostname in access list that began with a digit was treated as an IP address - only strings using [0-9./] are considered CIDR notation and they must be of the form a.b.c.d[/n] - Fixed SIGHUP always opening logfile(-L) - shouldn't without -d - Fixed 'make install' problem under MacOS X and cygwin - Client -l option totally broken in 7.0.3 - patch by Daniel E. Singer - Client now accepts IP addresses from server and server now sends the IP of the socket instead of its hostname to the client, fixing part of the multi-interface problem - Client no longer passes hostname to server along with username - Client now turns off IEXTEN so stuff like ^V passes through - Server now pauses one second when reopening a TCP-based console to give the terminal server a chance to clean up - Master server process now fork()s when accepting clients - timestamp-spec can be numeric only ('m' default) - Ambiguous console name error now shows ambiguous list - Console list in conserver.passwd can now have whitespace - Access lists in conserver.cf can now use ',' as a separator - Added special '*any*' username in conserver.passwd - Username match (real or '*any*') now stops conserver.passwd file processing - allowing you to lock out users - Added -u flag to server to enable "unloved" output - this is the opposite of the old -n flag, which now does nothing - Added -7 flag to client and server for stripping the high bit of data on either side (--disable-8bit removed) - Added -b to server to specify the base port number for the secondary communication channel - based on code from Enrik Berkhan - Changed -d and -D flags to -r and -R in client - now -D enables debugging mode in the client (and -d is unused) - Changed -r to -G in client so -r could be used for the above - Client now uses getpassphrase() (if available) for > 8 char passwords - pointed out by Gregory Bond - Improved signal handling - Improved process handling (POSIX waitpid() now necessary) - Significant rework of STREAMS-based pseudo-tty code - TCP connections ('!' config syntax) now have some Telnet protocol knowledge, removing the "noise" seen when conneting to a terminal server - reported by Todd Stansell - Various code and message "pretty-printing" done - Client and server both run in Windows (tested with Windows 2000) under the cygwin environment thanks to a debug-fest with Emmett Hogan - Using autoconf version 2.50 - Man pages reworked and conserver.passwd page created by Dave Stuit - the pain he suffered documenting the program (and pointing out many of the bugs fixed above) should help endless others Bryan Stansell