Hi,
The addr field of the output from utmpdump contains the ip address of the
connection. This is obtained by calling inet_ntoa on the ut.ut_addr field
(as depicted in the code below, utmpdump.c, Release 2.88). But in case the
ip address is an IPV6 address, the output contains the wrong ip address
(decimal value of first 4 octets only).
This code should be updated to call inet_ntop and should be checked whether
the ut_addr field contains IPV4 or IPV6 address. The check can be made
either by checking ut_addr_v6[1:3] for zero (this is based on the assumption
that login program zeroes out fields before filling utmp structure, though
it is not mentioned in man entry for utmp) or by introducing a flag in the
utmp structure that depicts whether the address field contains IPV4 or IPV6
address.
I would really appreciate your feedback on this.
void
print_utline(struct utmp ut)
{
char *addr_string, *time_string;
struct in_addr in;
in.s_addr = ut.ut_addr;
*addr_string = inet_ntoa(in); //Code statement causes issue in
case of IPV6 addresses*
time_string = timetostr(ut.ut_time);
cleanse(ut.ut_id);
cleanse(ut.ut_user);
cleanse(ut.ut_line);
cleanse(ut.ut_host);
/* pid id user line host addr
time */
printf("[%d] [%05d] [%-4.4s] [%-*.*s] [%-*.*s] [%-*.*s] [%-15.15s]
[%-28.28s]\n",
ut.ut_type, ut.ut_pid, ut.ut_id, 8, UT_NAMESIZE, ut.ut_user,
12, UT_LINESIZE, ut.ut_line, 20, UT_HOSTSIZE, ut.ut_host,
addr_string, time_string);
}
Thanks.
Regards,
Navdeep
