[src/trunk]: src/usr.sbin/faithd drop support for rsh/rlogin relaying.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/usr.sbin/faithd drop support for rsh/rlogin relaying.
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 10:59:08 +0000

details:   https://anonhg.NetBSD.org/src/rev/f4e86627cc78
branches:  trunk
changeset: 526748:f4e86627cc78
user:      itojun <itojun%NetBSD.org@localhost>
date:      Thu May 09 14:24:03 2002 +0000

description:
drop support for rsh/rlogin relaying.
use of .rhosts authentication should be discouraged with relaying service.
sync w/kame

diffstat:

 usr.sbin/faithd/Makefile |   4 ++--
 usr.sbin/faithd/README   |   4 +---
 usr.sbin/faithd/faithd.8 |  32 ++++++--------------------------
 usr.sbin/faithd/faithd.c |  27 +++++----------------------
 usr.sbin/faithd/faithd.h |   5 ++---
 usr.sbin/faithd/prefix.h |   4 ++--
 6 files changed, 18 insertions(+), 58 deletions(-)

diffs (190 lines):

diff -r 4610785fe85d -r f4e86627cc78 usr.sbin/faithd/Makefile
--- a/usr.sbin/faithd/Makefile  Thu May 09 12:42:08 2002 +0000
+++ b/usr.sbin/faithd/Makefile  Thu May 09 14:24:03 2002 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.2 2001/02/15 17:58:55 itojun Exp $
+# $NetBSD: Makefile,v 1.3 2002/05/09 14:24:03 itojun Exp $
 
 PROG=  faithd
-SRCS=  faithd.c tcp.c ftp.c rsh.c prefix.c
+SRCS=  faithd.c tcp.c ftp.c prefix.c
 MAN=   faithd.8
 
 #CFLAGS+= -DFAITH4
diff -r 4610785fe85d -r f4e86627cc78 usr.sbin/faithd/README
--- a/usr.sbin/faithd/README    Thu May 09 12:42:08 2002 +0000
+++ b/usr.sbin/faithd/README    Thu May 09 14:24:03 2002 +0000
@@ -1,7 +1,7 @@
 Configuring FAITH IPv6-to-IPv4 TCP relay
 
 Kazu Yamamoto and Jun-ichiro itojun Hagino
-$KAME: README,v 1.6 2000/07/06 13:43:33 itojun Exp $
+$KAME: README,v 1.9 2002/05/09 14:10:06 itojun Exp $
 
 
 Introduction
@@ -73,8 +73,6 @@
 
     More examples:
 
-       # faithd login /usr/libexec/rlogin rlogind
-       # faithd shell /usr/libexec/rshd rshd
        # faithd ftpd /usr/libexec/ftpd ftpd -l
        # faithd sshd
 
diff -r 4610785fe85d -r f4e86627cc78 usr.sbin/faithd/faithd.8
--- a/usr.sbin/faithd/faithd.8  Thu May 09 12:42:08 2002 +0000
+++ b/usr.sbin/faithd/faithd.8  Thu May 09 14:24:03 2002 +0000
@@ -1,5 +1,5 @@
-.\"    $NetBSD: faithd.8,v 1.17 2002/01/19 03:12:56 wiz Exp $
-.\"    $KAME: faithd.8,v 1.32 2001/08/02 02:37:20 itojun Exp $
+.\"    $NetBSD: faithd.8,v 1.18 2002/05/09 14:24:03 itojun Exp $
+.\"    $KAME: faithd.8,v 1.37 2002/05/09 14:21:23 itojun Exp $
 .\"
 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 .\" All rights reserved.
@@ -168,8 +168,6 @@
 for IPv4 TCP connection toward final destination.
 For relaying
 .Xr ftp 1
-and
-.Xr rlogin 1 ,
 this flag is not necessary as special program code is supplied.
 .El
 .Pp
@@ -178,9 +176,7 @@
 It is capable of emulating TCP half close as well.
 .Nm
 includes special support for protocols used by
-.Xr ftp 1
-and
-.Xr rlogin 1 .
+.Xr ftp 1 .
 When translating FTP protocol,
 .Nm
 translates network level addresses in
@@ -188,13 +184,6 @@
 and
 .Li PASV/LPSV/EPSV
 commands.
-For RLOGIN protocol,
-.Nm
-will relay back connection from
-.Xr rlogind 8
-on the server to
-.Xr rlogin 1
-on client.
 .Pp
 Inactive sessions will be disconnected in 30 minutes,
 to avoid stale sessions from chewing up resources.
@@ -328,18 +317,11 @@
 Here are some other examples.
 You may need
 .Fl p
-to translate rsh/rlogin services.
+if the service checks the source port range.
 .Bd -literal -offset
 # faithd ssh
-# faithd login /usr/libexec/rlogin rlogind
-# faithd shell /usr/libexec/rshd rshd
+# faithd telnet /usr/libexec/telnetd telnetd
 .Ed
-.Pp
-However, you should be careful when translating rlogin or rsh
-connections.
-See
-.Sx SECURITY CONSIDERATIONS
-for more details.
 .Ss inetd mode samples
 Add the following lines into
 .Xr inetd.conf 5 .
@@ -396,9 +378,7 @@
 command first appeared in WIDE Hydrangea IPv6 protocol stack kit.
 .\"
 .Sh SECURITY CONSIDERATIONS
-It is very insecure to use
-.Xr rhosts 5
-and other IP-address based authentication, for connections relayed by
+It is very insecure to use IP-address based authentication, for connections relayed by
 .Nm Ns ,
 and any other TCP relaying services.
 .Pp
diff -r 4610785fe85d -r f4e86627cc78 usr.sbin/faithd/faithd.c
--- a/usr.sbin/faithd/faithd.c  Thu May 09 12:42:08 2002 +0000
+++ b/usr.sbin/faithd/faithd.c  Thu May 09 14:24:03 2002 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: faithd.c,v 1.24 2002/04/24 12:14:42 itojun Exp $       */
-/*     $KAME: faithd.c,v 1.47 2002/04/24 12:06:15 itojun Exp $ */
+/*     $NetBSD: faithd.c,v 1.25 2002/05/09 14:24:03 itojun Exp $       */
+/*     $KAME: faithd.c,v 1.50 2002/05/09 14:06:52 itojun Exp $ */
 
 /*
  * Copyright (C) 1997 and 1998 WIDE Project.
@@ -568,18 +568,10 @@
        else /* AF_INET */
                hport = ntohs(((struct sockaddr_in *)&dstaddr4)->sin_port);
 
-       switch (hport) {
-       case RLOGIN_PORT:
-       case RSH_PORT:
+       if (pflag)
                s_dst = rresvport_af(&nresvport, sa4->sa_family);
-               break;
-       default:
-               if (pflag)
-                       s_dst = rresvport_af(&nresvport, sa4->sa_family);
-               else
-                       s_dst = socket(sa4->sa_family, SOCK_STREAM, 0);
-               break;
-       }
+       else
+               s_dst = socket(sa4->sa_family, SOCK_STREAM, 0);
        if (s_dst < 0) {
                exit_failure("socket: %s", strerror(errno));
                /*NOTREACHED*/
@@ -620,15 +612,6 @@
        case FTP_PORT:
                ftp_relay(s_src, s_dst);
                break;
-       case RSH_PORT:
-               syslog(LOG_WARNING,
-                   "WARINNG: it is insecure to relay rsh port");
-               rsh_relay(s_src, s_dst);
-               break;
-       case RLOGIN_PORT:
-               syslog(LOG_WARNING,
-                   "WARINNG: it is insecure to relay rlogin port");
-               /*FALLTHROUGH*/
        default:
                tcp_relay(s_src, s_dst, service);
                break;
diff -r 4610785fe85d -r f4e86627cc78 usr.sbin/faithd/faithd.h
--- a/usr.sbin/faithd/faithd.h  Thu May 09 12:42:08 2002 +0000
+++ b/usr.sbin/faithd/faithd.h  Thu May 09 14:24:03 2002 +0000
@@ -1,4 +1,5 @@
-/*     $KAME: faithd.h,v 1.8 2001/09/05 03:04:21 itojun Exp $  */
+/*     $NetBSD: faithd.h,v 1.9 2002/05/09 14:24:03 itojun Exp $        */
+/*     $KAME: faithd.h,v 1.9 2002/05/09 09:41:24 itojun Exp $  */
 
 /*
  * Copyright (C) 1997 and 1998 WIDE Project.
@@ -36,8 +37,6 @@
 extern void ftp_relay __P((int, int));
 extern int ftp_active __P((int, int, int *, int *));
 extern int ftp_passive __P((int, int, int *, int *));
-extern void rsh_relay __P((int, int));
-extern void rsh_dual_relay __P((int, int));
 extern void exit_success __P((const char *, ...))
        __attribute__((__format__(__printf__, 1, 2)));
 extern void exit_failure __P((const char *, ...))
diff -r 4610785fe85d -r f4e86627cc78 usr.sbin/faithd/prefix.h
--- a/usr.sbin/faithd/prefix.h  Thu May 09 12:42:08 2002 +0000
+++ b/usr.sbin/faithd/prefix.h  Thu May 09 14:24:03 2002 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: prefix.h,v 1.1 2001/02/15 17:58:55 itojun Exp $        */
-/*     $KAME: prefix.h,v 1.3 2000/11/19 11:45:38 itojun Exp $  */
+/*     $NetBSD: prefix.h,v 1.2 2002/05/09 14:24:03 itojun Exp $        */
+/*     $KAME: prefix.h,v 1.4 2001/09/05 03:04:21 itojun Exp $  */
 
 /*
  * Copyright (C) 2000 WIDE Project.

Prev by Date: [src/trunk]: src/sys Move code shared by procfs and the kernel proper out of ...
Next by Date: [src/trunk]: src/etc/etc.sparc64 /usr/mdec/installboot no longer exists
Previous by Thread: [src/trunk]: src/sys Move code shared by procfs and the kernel proper out of ...
Next by Thread: [src/trunk]: src/etc/etc.sparc64 /usr/mdec/installboot no longer exists
Indexes:

Home | Main Index | Thread Index | Old Index