From owner-freebsd-questions@FreeBSD.ORG  Thu May  8 04:49:05 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id E949B37B401; Thu,  8 May 2003 04:49:04 -0700 (PDT)
Received: from mail.uni-bielefeld.de (mail2.uni-bielefeld.de [129.70.4.90])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6983043FEA; Thu,  8 May 2003 04:49:03 -0700 (PDT)
	(envelope-from lars.koeller@uni-bielefeld.de)
Received: from rayadm.hrz.uni-bielefeld.de
 (rayadm.hrz.uni-bielefeld.de [129.70.202.15])
 by mail.uni-bielefeld.de (Sun Internet Mail Server
 sims.4.0.2000.10.12.16.25.p8)
 with ESMTP id <0HEK007SYGP5PE@mail.uni-bielefeld.de>; Thu,
 8 May 2003 13:46:19 +0200 (MET DST)
Received: from rayadm.hrz.uni-bielefeld.de (lkoeller@localhost)
	h48BkHP13996; Thu, 08 May 2003 13:46:17 +0200 (MEST)
Date: Thu, 08 May 2003 13:46:16 +0200
From: Lars =?iso-8859-1?Q?K=F6ller?= <Lars.Koeller@Uni-Bielefeld.DE>
X-Face: eCcoCV}FjV*O{6>[1$XP/e%]TJhEw2MF33dFh)^HM7Gfd=[/(4+0a$~<a~$&$fGIkE9,
 Z#ASoDTT`c'^<e2\j?vaa;_VsBAKPw(&{w\d"S&AGJkz{G^*NJtwqVIlh#'Xj+HKe8=LS_J"H0
 +nBW8e!F.S"/C[pW||0^.Sin*LOZKcR$@B&w2)I'BD_An!)ZU~$oqer\q*8h(!V9YB;k(@bp),E
 ~:aN4x.Q/we6{XZ"4t5D^?K}h~
In-reply-to: Message from Ian Freislich <ianf@za.uu.net>
 "of Thu, 08 May 2003 13:05:23 +0200." <40144.1052391923@wcom.com>
Sender: lars.koeller@uni-bielefeld.de
To: Ian Freislich <ianf@za.uu.net>
Message-id: <200305081146.h48BkHP13996@rayadm.hrz.uni-bielefeld.de>
MIME-version: 1.0
X-Mailer: exmh version 2.6.1 02/18/2003 with nmh-1.0.4
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: quoted-printable
cc: freebsd-net@freebsd.org
cc: Jeffrey Hsu <hsu@freebsd.org>
cc: freebsd-questions@freebsd.org
cc: Lars =?iso-8859-1?Q?K=F6ller?= <Lars.Koeller@Uni-Bielefeld.DE>
Subject: Re: Please, Urgent: Need ideas/help to solve PR bin/51586
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 May 2003 11:49:05 -0000

----------

Hi!

In reply to Ian Freislich who wrote:
 =

> Lars =3D?iso-8859-1?Q?K=3DF6ller?=3D wrote:
> > --------
> > =

> > Dear experts,
> > =

> > i've discussed the reported problem with our experts here at the =3D
> > computing center, and we don't have a clue for the problem reported i=
n =3D
> > PR 51586.
> =

> It seems that your problem relates to rshd using privileged ports
> to create the stderr socket back to the originating rsh client.
> The interesting log message is in the messages file of the server
> running the remote shell daemon:
> =

> May  8 12:45:11 brane rshd[13988]: can't get stderr port: Can't assign =
requested address
> =

> rresvport_af(3) returns this error because I suspect that it thinks
> this address is already in use, perhaps because the address/port
> pair is in TIME_WAIT, although I don't have time to test this
> suspicion and my network programming and protocol experience is not
> good enough to say this is the case outright without testing.

NO,NO! Netstat says nothing about that. Even I tune msl time to go out =

of TIME_WAIT very fast (only intranet connection on same switch!).

The ethereal dump in the PR shown, that an initial communication takes =

place, but the final ACK to establish the connection fails!

> It seems that this problem is further compounded by inetd terminating
> the shell service when one of the rshd programs it ran returns an
> exit status other than 0, which rshd does when it encounters this
> error.  This simple patch to rshd.c (which is an unholy cludge until
> someone can fix the rresvport_af(3) function) makes rshd return an
> exit status of 0 on this particular error so at least inetd doesn't
> stop the service requiring a SIGHUP to restart it.  You can then
> test the return status of your rsh ($?) for a value of 1 and 'select:
> protocol failure in circuit setup' on stderr and retry that test.
> =

> (/usr/src/libexec/rshd, apply this, make and make install the patched r=
shd)
> --- rshd.c.orig Thu May  8 12:55:46 2003
> +++ rshd.c      Thu May  8 12:43:31 2003
> @@ -296,7 +296,7 @@
>                 s =3D rresvport_af(&lport, af);
>                 if (s < 0) {
>                         syslog(LOG_ERR, "can't get stderr port: %m");
> -                       exit(1);
> +                       exit(0);
>                 }
>                 if (port >=3D IPPORT_RESERVED ||
>                     port < IPPORT_RESERVED/2) {
> =

> I know this is a horrible solution and shouldn't be committed, but
> at least you have a work-around so you can get your virus scanner
> farm up in the mean time while someone fixes this propperly.

This dosen't help, cause the port can be reserved by the rshd. The =

problem is the establishing of the connection, so this is not the right =

place in the source.

However, the mailserver, which calls the rsh client is a solaris
8 machine :-(

A better solution was the possibility to disable the backport on the =

client side with a flag. But I don't know if the protocol works in this =

state, cause signaling is also send over this connection.

Many thanks for your suggestions

Lars

-- =

E-Mail: Lars.Koeller@Uni-Bielefeld.DE        \  Lars K=F6ller
            lkoeller@FreeBSD.org              \  CC University of
PGP: http://www.uk.pgp.net/pgpnet/wwwkeys.html \  Bielefeld, Germany =

     Key-ID: A430D499                           \  Tel: +49 521 106 4964
----------- FreeBSD, what else? ---- http://www.freebsd.org -------------=