Re: cfservd listens only on ipv6 on OpenBSD

bug-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfservd listens only on ipv6 on OpenBSD

From:	José M. Fandiño
Subject:	Re: cfservd listens only on ipv6 on OpenBSD
Date:	Thu, 11 Apr 2002 14:55:53 +0200

Panagiotis Kotsiopoulos wrote:
> 
> My problem is that when i run cfservd on OpenBSD box the daemon listens on
> tcp6 port cfengine (5308/tcp) and not on tcp port cfengine (5308/tcp).
> Below is some info for anyone who might know something about this:

Hello

yes, I reported this to Mark and he corrected the problem in the 2.0.1
version, just review the ftp site and download the 2.0.1 package.

and, I'm having problems between the interaction of cfrun (an OBSD box,
named info39) and cfservd (a Linux box named neo). Both boxes use the 
same configuration, asymmetric keys are correctly installed, grant 
permissions and allow users are correctly, but something fail. 

While cfrun-ning from the linux to OBSD works fine the opposite don't works.

the only difference between the outputs (which I attach below) are these
lines:

====
AccessControl(/usr/local/sbin/cfagent,info39.informatica.fadesa.) encrypt 
requested=0
FuzzyItemIn(10.20.13.39)
FuzzyItemIn(10.20.13.39)
FuzzyItemIn(10.20.13.39)
neo: Host info39.informatica.fadesa. denied access to /usr/local/sbin/cfagent
neo: Host authorization/authentication failed or access denied 
===

cfservd on the Linux box fail to grant access to run cfagent.

Do you have this problem also??

cfservd.conf:

====
control:

  Syslog = ( on )
  domain = ( fadesa )
  LogAllConnections = ( true )
  AllowUsers = ( root )

     cfrunCommand  = ( "/usr/local/sbin/cfagent" )

  IfElapsed = ( 1 )
  ExpireAfetr = ( 5 )
  MaxConnections = ( 10 )

#########################################################

admit:   # or grant:

        /var/cfengine/inputs    *.fadesa # internal domain
        /usr/local/sbin/cfagent *.fadesa # internal domain
===
-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/IT d- s+:+() a- C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP+>+++ t+ 5 X+$ R- tv-- b+++ DI D++>+++
G++ e- h+(++) !r !z
------END GEEK CODE BLOCK------

cfservd Debug mode: running in foreground
GetNameInfo()
AddClassToHeap(openbsd)
Appending [openbsd]
AddClassToHeap(info39)
Appending [info39]
AddClassToHeap(info39)
AddClassToHeap()
AddClassToHeap(info39)
GNU Cfengine server daemon - 
2.0.1
Free Software Foundation 1994-2001
Donated by Mark Burgess, Faculty of Engineering,
Oslo University College, 0254 Oslo, Norway

------------------------------------------------------------------------

Host name is: info39
Operating System Type is openbsd
Operating System Release is 3.0
Architecture = i386


Using internal soft-class openbsd for host openbsd

The time is now Wed Apr 10 19:00:09 2002


------------------------------------------------------------------------

AddClassToHeap(32_bit)
Appending [32_bit]
Additional hard class defined as: 32_bit
AddClassToHeap(openbsd_3_0)
Appending [openbsd_3_0]
AddClassToHeap(i386)
Appending [i386]
Additional hard class defined as: openbsd_3_0
AddClassToHeap(openbsd_i386)
Appending [openbsd_i386]
Additional hard class defined as: openbsd_i386
AddClassToHeap(openbsd_i386_3_0)
Appending [openbsd_i386_3_0]
Additional hard class defined as: openbsd_i386_3_0
AddClassToHeap(openbsd_i386_3_0_NUCLEO_2)
Appending [openbsd_i386_3_0_NUCLEO_2]
Additional hard class defined as: openbsd_i386_3_0_NUCLEO_2
AddClassToHeap(compiled_on_openbsd3_0)
Appending [compiled_on_openbsd3_0]

GNU autoconf class from compile time: compiled_on_openbsd3.0

Address given by nameserver: 10.20.13.39
Adding alias info39..
AddClassToHeap(info39)
Directory for /var/cfengine/test exists. Okay
CheckWorkDirectories()
Directory for /var/cfengine/test exists. Okay
Directory for /var/cfengine/ppkeys/test exists. Okay
RandomSeed() work directory is /var/cfengine
Looking for a source of entropy in /var/cfengine/randseed
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
GetInterfaceInfo()
Interface 1: lo0
New Parser Object::BEGIN PARSING /var/cfengine/inputs/cfservd.conf
RecordMacroId(Syslog)
AddMacroValue(Syslog=on)
Added Macro at hash address 927: Syslog=on
AddClassToHeap(info39_fadesa)
Appending [info39_fadesa]
RecordMacroId(LogAllConnections)
AddMacroValue(LogAllConnections=true)
Added Macro at hash address 544: LogAllConnections=true
Appending [root]
RecordMacroId(cfrunCommand)
AddMacroValue(cfrunCommand=/usr/local/sbin/cfagent)
Added Macro at hash address 614: cfrunCommand=/usr/local/sbin/cfagent
RecordMacroId(ExpireAfetr)
AddMacroValue(ExpireAfetr=5)
Added Macro at hash address 710: ExpireAfetr=5
RecordMacroId(MaxConnections)
AddMacroValue(MaxConnections=10)
Added Macro at hash address 892: MaxConnections=10
admit/deny varpath=/var/cfengine/inputs
SplitVarstring(/var/cfengine/inputs,:=58)
Appending [/var/cfengine/inputs]
Prepending *.fadesa
admit/deny varpath=/usr/local/sbin/cfagent
SplitVarstring(/usr/local/sbin/cfagent,:=58)
Appending [/usr/local/sbin/cfagent]
Prepending *.fadesa
Delete Parser Object::(END OF PARSING)
info39: cfservd Single threaded version
cfrunCommand is /usr/local/sbin/cfagent
$(MaxConnections) Expanded to 10
MaxConnections = 10
ACCESS GRANTED ----------------------:

Path: /var/cfengine/inputs (encrypt=0)
   Admit: *.fadesa root=
Path: /usr/local/sbin/cfagent (encrypt=0)
   Admit: *.fadesa root=
ACCESS DENIAL ------------------------ :

Host IPs allowed connection access :

Host IPs denied connection access :

Host IPs allowed multiple connection access :

Host IPs from whom we shall accept public keys on trust :

Host IPs from NAT which we don't verify :

IPV6 address
sockaddr_ntop(::)
Bound to address :: on openbsd=27
IPV4 address
sockaddr_ntop(0.0.0.0)
Bound to address 0.0.0.0 on openbsd=27
Listening for connections ...
Checking file updates on /var/cfengine/inputs/cfservd.conf (3cb423c8/3cb46f99)
IPV4 address
sockaddr_ntop(10.20.3.32)
FuzzyItemIn(10.20.3.32)
Purging Old Connections...
Done purging
FuzzyItemIn(10.20.3.32)
Prepending 10.20.3.32
*** New socket [6]
New connection...(from 10.20.3.32)
Single threaded...
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 45][]
RecvSocketStream(45)
    (Concatenated 45 from stream)
Received: [CAUTH 10.20.3.32 neo.servidores.fadesa root 0] on socket 6
Connecting host identifies itself as 10.20.3.32 neo.servidores.fadesa root 0
(ipstring=[10.20.3.32],fqname=[neo.servidores.fadesa],username=[root],socket=[10.20.3.32])
FuzzyItemIn(10.20.3.32)
Socket caller address appears honest (10.20.3.32 matches 10.20.3.32)
info39: Socket originates from 10.20.3.32=neo.servidores.fadesa
Attempting to look up hostname (neo.servidores.fadesa)
IPV4 address
sockaddr_ntop(10.20.3.32)
Host ID is neo.servidores.fadesa
User ID seems to be root
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 280][]
RecvSocketStream(280)
    (Concatenated 280 from stream)
Received: [SAUTH y 256 37] on socket 6
Challenge encryption = y, nonce = 37, buf = 256
ChecksumString(m)
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 261][]
RecvSocketStream(261)
    (Concatenated 261 from stream)
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 5][]
RecvSocketStream(5)
    (Concatenated 5 from stream)
Modulus (2048 bit):
    00:a6:7b:25:d3:b9:4e:69:e0:f9:b7:e8:e3:be:23:
    57:fc:d0:6c:65:e0:cb:27:98:4a:c1:c4:5b:12:97:
    5c:97:d3:60:2b:27:0b:b7:82:93:20:62:57:3e:71:
    d1:85:ba:0f:29:5c:78:99:d3:28:a9:5c:3d:bf:29:
    e7:c0:09:72:23:62:a2:ad:28:94:d1:ab:a9:76:fc:
    b6:af:ed:f5:0b:59:11:de:83:9c:f8:a3:4a:29:ee:
    50:01:c8:41:9c:48:7f:3e:bb:87:02:30:e1:e8:d5:
    dc:ec:c2:04:2c:52:84:22:d3:b0:3e:3f:b8:65:58:
    fb:81:7a:53:1f:7c:a3:16:09:9b:d0:13:46:82:5a:
    11:5b:68:37:7d:75:27:86:d3:b5:0b:e6:24:01:49:
    3b:b7:41:fe:c5:a8:b1:da:6b:ad:a7:2f:48:71:ce:
    67:05:39:55:ec:15:4a:7b:9d:6c:98:52:98:ca:dd:
    12:77:90:6a:b2:4f:f8:18:13:c2:21:59:c9:7b:bd:
    4d:07:f2:9b:0a:b1:43:59:87:3e:84:6e:6d:f9:ef:
    51:a7:f3:81:08:0b:21:0e:fc:65:0b:90:a8:51:0c:
    31:e4:2f:0d:e2:88:0f:65:34:28:1f:eb:d0:82:d0:
    c9:f9:b6:76:50:e4:13:f7:13:0e:8d:3a:66:29:6a:
    be:e3
Exponent: 35 (0x23)
Havekey(root-10.20.3.32)
Loaded /var/cfengine/ppkeys/root-10.20.3.32.pub
A public key was already known from neo.servidores.fadesa/10.20.3.32 - no trust 
required
The public key identity was confirmed as address@hidden
Transaction Send[t 16][Packed text]
SendSocketStream, sent 24
Transaction Send[t 16][Packed text]
SendSocketStream, sent 24
ChecksumString(m)
Transaction Send[t 256][Packed text]
SendSocketStream, sent 264
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
info39: Strongly authentication of client neo.servidores.fadesa/10.20.3.32
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
Got a session key...
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 6][]
RecvSocketStream(6)
    (Concatenated 6 from stream)
Received: [EXEC  ] on socket 6
User root granted connection privileges
AccessControl(/usr/local/sbin/cfagent)
AccessControl(/usr/local/sbin/cfagent,neo.servidores.fadesa) encrypt requested=0
FuzzyItemIn(10.20.3.32)
info39: Host neo.servidores.fadesa granted access to /usr/local/sbin/cfagent
Match classes
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 27][]
RecvSocketStream(27)
    (Concatenated 27 from stream)
Got class buffer ---cfXen/gine/cfXen/gine---
No classes were sent, assuming no restrictions...
info39: Executing command /usr/local/sbin/cfagent --no-splay --inform
cfpopen(/usr/local/sbin/cfagent --no-splay --inform)
cfpclose(pp)
cfpopen - Waiting for process 20068
Transaction Send[t 28][Packed text]
SendSocketStream, sent 36
***Closing socket 6 from 10.20.3.32
Deleted item 10.20.3.32
Checking file updates on /var/cfengine/inputs/cfservd.conf (3cb423c8/3cb46f99)
info39: Received signal SIGINT while doing []
info39: Logical start time Wed Apr 10 19:00:13 2002
info39: This sub-task started really at Thu Jan  1 01:00:00 1970

ReleaseCurrentLock()

cfservd Debug mode: running in foreground
Directory for /var/cfengine/test exists. Okay
CheckWorkDirectories()
Directory for /var/cfengine/test exists. Okay
Directory for /var/cfengine/ppkeys/test exists. Okay
RandomSeed() work directory is /var/cfengine
Looking for a source of entropy in /var/cfengine/randseed
Loaded /var/cfengine/ppkeys/localhost.priv
Loaded /var/cfengine/ppkeys/localhost.pub
GetInterfaceInfo()
Interface 1: lo
Interface 2: eth0
Adding hostip 10.20.3.32..
AddClassToHeap(10_20_3_32)
Appending [10_20_3_32]
Adding hostname neo.servidores.fadesa..
AddClassToHeap(neo_servidores_fadesa)
Appending [neo_servidores_fadesa]
Adding alias neo..
AddClassToHeap(neo)
AddClassToHeap(10_20_3)
Appending [10_20_3]
AddClassToHeap(ipv4_10_20_3_32)
Appending [ipv4_10_20_3_32]
AddClassToHeap(ipv4_10_20_3)
Appending [ipv4_10_20_3]
AddClassToHeap(ipv4_10_20)
Appending [ipv4_10_20]
AddClassToHeap(ipv4_10)
Appending [ipv4_10]
New Parser Object::BEGIN PARSING /var/cfengine/inputs/cfservd.conf
RecordMacroId(Syslog)
AddMacroValue(Syslog=on)
Added Macro at hash address 927: Syslog=on
AddClassToHeap(neo_fadesa)
Appending [neo_fadesa]
RecordMacroId(LogAllConnections)
AddMacroValue(LogAllConnections=true)
Added Macro at hash address 544: LogAllConnections=true
Appending [root]
Appending [10.20.13.39]
RecordMacroId(cfrunCommand)
AddMacroValue(cfrunCommand=/usr/local/sbin/cfagent)
Added Macro at hash address 614: cfrunCommand=/usr/local/sbin/cfagent
RecordMacroId(ExpireAfetr)
AddMacroValue(ExpireAfetr=5)
Added Macro at hash address 710: ExpireAfetr=5
RecordMacroId(MaxConnections)
AddMacroValue(MaxConnections=10)
Added Macro at hash address 892: MaxConnections=10
admit/deny varpath=/var/cfengine/inputs
SplitVarstring(/var/cfengine/inputs,:=58)
Appending [/var/cfengine/inputs]
Prepending info39.informatica.fadesa
admit/deny varpath=/usr/local/sbin/cfagent
SplitVarstring(/usr/local/sbin/cfagent,:=58)
Appending [/usr/local/sbin/cfagent]
Prepending info39.informatica.fadesa
Delete Parser Object::(END OF PARSING)
neo: cfservd Multithreaded version
cfrunCommand is /usr/local/sbin/cfagent
$(MaxConnections) Expanded to 10
MaxConnections = 10
ACCESS GRANTED ----------------------:

Path: /var/cfengine/inputs (encrypt=0)
   Admit: info39.informatica.fadesa root=
Path: /usr/local/sbin/cfagent (encrypt=0)
   Admit: info39.informatica.fadesa root=
ACCESS DENIAL ------------------------ :

Host IPs allowed connection access :

IP: 10.20.13.39
Host IPs denied connection access :

Host IPs allowed multiple connection access :

Host IPs from whom we shall accept public keys on trust :

Host IPs from NAT which we don't verify :

IPV4 address
sockaddr_ntop(0.0.0.0)
Bound to address 0.0.0.0
Listening for connections ...
Checking file updates on /var/cfengine/inputs/cfservd.conf (3cb42e6c/3cb46fcd)
IPV4 address
sockaddr_ntop(10.20.13.39)
FuzzyItemIn(10.20.13.39)
FuzzyItemIn(10.20.13.39)
Purging Old Connections...
Done purging
FuzzyItemIn(10.20.13.39)
Prepending 10.20.13.39
*** New socket [5]
New connection...(from 10.20.13.39)
Spawning new thread...
RecvSocketStream(8)
Checking file updates on /var/cfengine/inputs/cfservd.conf (3cb42e6c/3cb46fcd)
    (Concatenated 8 from stream)
Transaction Receive [t 51][]
RecvSocketStream(51)
    (Concatenated 51 from stream)
Received: [CAUTH 10.20.13.39 info39.informatica.fadesa. root 0] on socket 5
Connecting host identifies itself as 10.20.13.39 info39.informatica.fadesa. 
root 0
(ipstring=[10.20.13.39],fqname=[info39.informatica.fadesa.],username=[root],socket=[10.20.13.39])
FuzzyItemIn(10.20.13.39)
Socket caller address appears honest (10.20.13.39 matches 10.20.13.39)
neo: Socket originates from 10.20.13.39=info39.informatica.fadesa.
Attempting to look up hostname (info39.informatica.fadesa.)
IPV4 address
sockaddr_ntop(10.20.13.39)
Host ID is info39.informatica.fadesa.
User ID seems to be root
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 280][]
RecvSocketStream(280)
    (Concatenated 280 from stream)
Received: [SAUTH y 256 37] on socket 5
Challenge encryption = y, nonce = 37, buf = 256
ChecksumString(m)
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 261][]
RecvSocketStream(261)
    (Concatenated 261 from stream)
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 5][]
RecvSocketStream(5)
    (Concatenated 5 from stream)
Modulus (2048 bit):
    00:cb:aa:be:a0:d0:84:d0:e6:ec:29:62:2f:fb:c6:
    03:4b:ae:28:6a:73:7c:20:72:6e:ec:3a:ea:ed:f5:
    87:24:3b:3a:17:62:6d:7e:bb:b8:c0:31:95:73:56:
    47:be:67:35:a0:9f:d1:71:4e:38:80:bf:af:b0:cb:
    3d:bd:09:d8:ac:f0:f9:cc:1a:22:6a:5a:a1:a3:b3:
    ad:6d:90:df:c6:d6:6c:66:98:25:2f:96:a8:5b:2e:
    d5:92:5d:6d:93:22:12:ec:ea:6c:2f:c2:81:6e:ff:
    81:91:79:d1:56:a0:5e:28:6c:2a:e1:14:a2:76:99:
    ae:99:7d:90:39:96:d6:ea:58:5f:a9:17:f3:9a:d4:
    0e:48:ac:03:37:18:e0:72:1e:e7:69:02:5c:7a:38:
    d1:8d:13:52:33:83:c4:0d:b1:87:de:98:e1:fc:da:
    a5:b2:33:63:5d:ca:16:b5:da:2e:2a:e5:34:e3:f4:
    a0:30:25:2f:e5:d6:e7:40:c6:b9:e2:6e:cb:85:03:
    b0:d9:89:9f:ab:6d:1b:65:6f:46:70:16:d7:ce:4e:
    c5:fc:1a:e5:ca:91:21:75:9b:8f:d1:3c:f6:5d:ba:
    bf:09:aa:7f:ba:e2:68:92:8a:6b:b4:81:f3:a6:59:
    77:5c:0f:e4:63:e1:25:19:fd:36:29:2b:8e:c5:9b:
    39:03
Exponent: 35 (0x23)
Havekey(root-10.20.13.39)
Loaded /var/cfengine/ppkeys/root-10.20.13.39.pub
A public key was already known from info39.informatica.fadesa./10.20.13.39 - no 
trust required
The public key identity was confirmed as address@hidden
Transaction Send[t 16][Packed text]
SendSocketStream, sent 24
Transaction Send[t 16][Packed text]
SendSocketStream, sent 24
ChecksumString(m)
Transaction Send[t 256][Packed text]
SendSocketStream, sent 264
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
neo: Strongly authentication of client info39.informatica.fadesa./10.20.13.39
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
Got a session key...
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 6][]
RecvSocketStream(6)
    (Concatenated 6 from stream)
Received: [EXEC  ] on socket 5
User root granted connection privileges
AccessControl(/usr/local/sbin/cfagent)
AccessControl(/usr/local/sbin/cfagent,info39.informatica.fadesa.) encrypt 
requested=0
FuzzyItemIn(10.20.13.39)
FuzzyItemIn(10.20.13.39)
FuzzyItemIn(10.20.13.39)
neo: Host info39.informatica.fadesa. denied access to /usr/local/sbin/cfagent
neo: Host authorization/authentication failed or access denied
Transaction Send[t 64][Packed text]
SendSocketStream, sent 72
neo: From (host=info39.informatica.fadesa.,user=root,ip=10.20.13.39)
Terminating thread...
***Closing socket 5 from 10.20.13.39
Deleted item 10.20.13.39
neo: Received signal SIGINT while doing []
neo: Logical start time Thu Jan  1 01:00:00 1970
neo: This sub-task started really at Thu Jan  1 01:00:00 1970

ReleaseCurrentLock()

[Prev in Thread]

Current Thread

[Next in Thread]

Re: cfservd listens only on ipv6 on OpenBSD, José M. Fandiño <=

Prev by Date: [�ڱ��] ��ٹ� ��븮��(��ں�)
Next by Date: Have you heard of a no risk investment?
Previous by thread: [�ڱ��] ��ٹ� ��븮��(��ں�)
Next by thread: Have you heard of a no risk investment?
Index(es):
- Date
- Thread