From owner-freebsd-questions@FreeBSD.ORG Thu Feb 25 21:07:38 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D2021065670 for ; Thu, 25 Feb 2010 21:07:38 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.ORG [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id E788E8FC13 for ; Thu, 25 Feb 2010 21:07:37 +0000 (UTC) Received: from [10.0.1.4] (pool-71-109-144-133.lsanca.dsl-w.verizon.net [71.109.144.133]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id o1PL7as2020736 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Thu, 25 Feb 2010 13:07:37 -0800 (PST) (envelope-from bc979@lafn.org) From: Doug Hardie Content-Type: text/plain; charset=us-ascii Message-Id: Date: Thu, 25 Feb 2010 13:07:36 -0800 To: freebsd-questions - Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v1077) X-Mailer: Apple Mail (2.1077) X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org X-Virus-Status: Clean Subject: getpwnam X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2010 21:07:38 -0000 I encountered a situation where sendmail was opening up what appeared to = be listening on random UDP ports. In the process of tracking this down = I discovered that the culprit is getpwnam. A ktrace of the following = simple program show whats happening: #include #include #include #include #include int main (int argc, char *argv[]) { struct passwd *pe; pe =3D getpwnam ("xxx"); } Note, xxx is a valid user id in that system. The ktrace output is way too large to include here, but below is the = interesting portion. Note that it creates a socket with address of = 0.0.0.0:932 and then sends data to it. Somehow it gets a response = although I can find nothing other than this program using that port. I = would think that it would use a unix socket rather than UDP to access = local NIS information. The "unknown address family" error is also = puzzling. I have traced this into _nsdispatch but it gets a bit = convoluted at that point with all the caching. What is this doing? 87443 test CALL socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP) 87443 test RET socket 4 87443 test CALL getsockname(0x4,0xbfbfe16c,0xbfbfe1f0) 87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:0 } 87443 test RET getsockname 0 87443 test CALL getsockopt(0x4,0,0x13,0xbfbfe1f8,0xbfbfe1ec) 87443 test RET getsockopt 0 87443 test CALL setsockopt(0x4,0,0x13,0xbfbfe1f4,0x4) 87443 test RET setsockopt 0 87443 test CALL bind(0x4,0xbfbfe16c,0x10) 87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:0 } 87443 test RET bind 0 87443 test CALL getsockname(0x4,0xbfbfe144,0xbfbfe1c8) 87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:932 } 87443 test RET getsockname 0 87443 test CALL = getsockopt(0x4,SOL_SOCKET,SO_TYPE,0xbfbfe1c4,0xbfbfe1c8) 87443 test RET getsockopt 0 87443 test CALL getrlimit(RLIMIT_NOFILE,0xbfbfe0f4) 87443 test RET getrlimit 0 87443 test CALL getsockname(0x4,0xbfbfe074,0xbfbfe0f8) 87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:932 } 87443 test RET getsockname 0 87443 test CALL = getsockopt(0x4,SOL_SOCKET,SO_TYPE,0xbfbfe0f4,0xbfbfe0f8) 87443 test RET getsockopt 0 87443 test CALL gettimeofday(0xbfbfe1c0,0) 87443 test RET gettimeofday 0 87443 test CALL getpid 87443 test RET getpid 87443/0x15593 87443 test CALL ioctl(0x4,FIONBIO,0xbfbfe1c8) 87443 test RET ioctl 0 87443 test CALL fcntl(0x4,F_SETFD,FD_CLOEXEC) 87443 test RET fcntl 0 87443 test CALL bind(0x4,0xbfbfe700,0x10) 87443 test STRU struct sockaddr { AF_UNSPEC, unknown address = family } 87443 test RET bind -1 errno 22 Invalid argument 87443 test CALL getsockname(0x4,0xbfbfe700,0xbfbfe740) 87443 test STRU struct sockaddr { AF_INET, 0.0.0.0:932 } 87443 test RET getsockname 0 87443 test CALL gettimeofday(0xbfbfe740,0) 87443 test RET gettimeofday 0 87443 test CALL kqueue 87443 test RET kqueue 5 87443 test CALL sendto(0x4,0x282359f4,0x48,0,0x28235008,0x10) 87443 test GIO fd 4 wrote 72 bytes 0x0000 4b8e 2491 0000 0000 0000 0002 0001 86a4 = |K.$.............| 0x0010 0000 0002 0000 000a 0000 0000 0000 0000 = |................| 0x0020 0000 0000 0000 0000 0000 0004 7465 7374 = |............test| 0x0030 0000 0014 6d61 7374 6572 2e70 6173 7377 = |....master.passw| 0x0040 642e 6279 6e61 6d65 |d.byname| 87443 test RET sendto 72/0x48 87443 test CALL = kevent(0x5,0x282350dc,0x1,0xbfbfe6fc,0x1,0xbfbfe730) 87443 test GIO fd 5 wrote 20 bytes 0x0000 0400 0000 ffff 0100 0000 0000 0000 0000 = |................| 0x0010 0000 0000 |....| 87443 test GIO fd 5 read 20 bytes 0x0000 0400 0000 ffff 0000 0000 0000 2000 0000 |............ = ...| 0x0010 0000 0000 |....| 87443 test RET kevent 1 87443 test CALL recvfrom(0x4,0x282350f4,0x900,0,0,0) 87443 test GIO fd 4 read 32 bytes 0x0000 4b8e 2491 0000 0001 0000 0000 0000 0000 = |K.$.............| 0x0010 0000 0000 0000 0000 0000 0001 4a3f f709 = |............J?..| 87443 test STRU struct sockaddr { AF_INET, 206.117.18.7:876 } 87443 test RET recvfrom 32/0x20 87443 test CALL close(0x5) 87443 test RET close 0