diff --git a/usr.sbin/faithd/Makefile b/usr.sbin/faithd/Makefile index 67428c1d7662..13e59a5a2ab1 100644 --- a/usr.sbin/faithd/Makefile +++ b/usr.sbin/faithd/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.2 2001/02/15 17:58:55 itojun Exp $ +# $NetBSD: Makefile,v 1.3 2002/05/09 14:24:03 itojun Exp $ PROG= faithd -SRCS= faithd.c tcp.c ftp.c rsh.c prefix.c +SRCS= faithd.c tcp.c ftp.c prefix.c MAN= faithd.8 #CFLAGS+= -DFAITH4 diff --git a/usr.sbin/faithd/README b/usr.sbin/faithd/README index 356f7ec91b85..06af99fd8515 100644 --- a/usr.sbin/faithd/README +++ b/usr.sbin/faithd/README @@ -1,7 +1,7 @@ Configuring FAITH IPv6-to-IPv4 TCP relay Kazu Yamamoto and Jun-ichiro itojun Hagino -$KAME: README,v 1.6 2000/07/06 13:43:33 itojun Exp $ +$KAME: README,v 1.9 2002/05/09 14:10:06 itojun Exp $ Introduction @@ -73,8 +73,6 @@ The following example assumes: More examples: - # faithd login /usr/libexec/rlogin rlogind - # faithd shell /usr/libexec/rshd rshd # faithd ftpd /usr/libexec/ftpd ftpd -l # faithd sshd diff --git a/usr.sbin/faithd/faithd.8 b/usr.sbin/faithd/faithd.8 index ef95584bd914..dfea76b42322 100644 --- a/usr.sbin/faithd/faithd.8 +++ b/usr.sbin/faithd/faithd.8 @@ -1,5 +1,5 @@ -.\" $NetBSD: faithd.8,v 1.17 2002/01/19 03:12:56 wiz Exp $ -.\" $KAME: faithd.8,v 1.32 2001/08/02 02:37:20 itojun Exp $ +.\" $NetBSD: faithd.8,v 1.18 2002/05/09 14:24:03 itojun Exp $ +.\" $KAME: faithd.8,v 1.37 2002/05/09 14:21:23 itojun Exp $ .\" .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. .\" All rights reserved. @@ -168,8 +168,6 @@ Use privileged TCP port number as source port, for IPv4 TCP connection toward final destination. For relaying .Xr ftp 1 -and -.Xr rlogin 1 , this flag is not necessary as special program code is supplied. .El .Pp @@ -178,9 +176,7 @@ will relay both normal and out-of-band TCP data. It is capable of emulating TCP half close as well. .Nm includes special support for protocols used by -.Xr ftp 1 -and -.Xr rlogin 1 . +.Xr ftp 1 . When translating FTP protocol, .Nm translates network level addresses in @@ -188,13 +184,6 @@ translates network level addresses in and .Li PASV/LPSV/EPSV commands. -For RLOGIN protocol, -.Nm -will relay back connection from -.Xr rlogind 8 -on the server to -.Xr rlogin 1 -on client. .Pp Inactive sessions will be disconnected in 30 minutes, to avoid stale sessions from chewing up resources. @@ -328,18 +317,11 @@ If you would like to pass extra arguments to the local daemon: Here are some other examples. You may need .Fl p -to translate rsh/rlogin services. +if the service checks the source port range. .Bd -literal -offset # faithd ssh -# faithd login /usr/libexec/rlogin rlogind -# faithd shell /usr/libexec/rshd rshd +# faithd telnet /usr/libexec/telnetd telnetd .Ed -.Pp -However, you should be careful when translating rlogin or rsh -connections. -See -.Sx SECURITY CONSIDERATIONS -for more details. .Ss inetd mode samples Add the following lines into .Xr inetd.conf 5 . @@ -396,9 +378,7 @@ The command first appeared in WIDE Hydrangea IPv6 protocol stack kit. .\" .Sh SECURITY CONSIDERATIONS -It is very insecure to use -.Xr rhosts 5 -and other IP-address based authentication, for connections relayed by +It is very insecure to use IP-address based authentication, for connections relayed by .Nm Ns , and any other TCP relaying services. .Pp diff --git a/usr.sbin/faithd/faithd.c b/usr.sbin/faithd/faithd.c index ebd053fe6ef7..8ae61f7e1d99 100644 --- a/usr.sbin/faithd/faithd.c +++ b/usr.sbin/faithd/faithd.c @@ -1,5 +1,5 @@ -/* $NetBSD: faithd.c,v 1.24 2002/04/24 12:14:42 itojun Exp $ */ -/* $KAME: faithd.c,v 1.47 2002/04/24 12:06:15 itojun Exp $ */ +/* $NetBSD: faithd.c,v 1.25 2002/05/09 14:24:03 itojun Exp $ */ +/* $KAME: faithd.c,v 1.50 2002/05/09 14:06:52 itojun Exp $ */ /* * Copyright (C) 1997 and 1998 WIDE Project. @@ -568,18 +568,10 @@ play_child(int s_src, struct sockaddr *srcaddr) else /* AF_INET */ hport = ntohs(((struct sockaddr_in *)&dstaddr4)->sin_port); - switch (hport) { - case RLOGIN_PORT: - case RSH_PORT: + if (pflag) s_dst = rresvport_af(&nresvport, sa4->sa_family); - break; - default: - if (pflag) - s_dst = rresvport_af(&nresvport, sa4->sa_family); - else - s_dst = socket(sa4->sa_family, SOCK_STREAM, 0); - break; - } + else + s_dst = socket(sa4->sa_family, SOCK_STREAM, 0); if (s_dst < 0) { exit_failure("socket: %s", strerror(errno)); /*NOTREACHED*/ @@ -620,15 +612,6 @@ play_child(int s_src, struct sockaddr *srcaddr) case FTP_PORT: ftp_relay(s_src, s_dst); break; - case RSH_PORT: - syslog(LOG_WARNING, - "WARINNG: it is insecure to relay rsh port"); - rsh_relay(s_src, s_dst); - break; - case RLOGIN_PORT: - syslog(LOG_WARNING, - "WARINNG: it is insecure to relay rlogin port"); - /*FALLTHROUGH*/ default: tcp_relay(s_src, s_dst, service); break; diff --git a/usr.sbin/faithd/faithd.h b/usr.sbin/faithd/faithd.h index 0f81c0fc1402..2b1219da79a4 100644 --- a/usr.sbin/faithd/faithd.h +++ b/usr.sbin/faithd/faithd.h @@ -1,4 +1,5 @@ -/* $KAME: faithd.h,v 1.8 2001/09/05 03:04:21 itojun Exp $ */ +/* $NetBSD: faithd.h,v 1.9 2002/05/09 14:24:03 itojun Exp $ */ +/* $KAME: faithd.h,v 1.9 2002/05/09 09:41:24 itojun Exp $ */ /* * Copyright (C) 1997 and 1998 WIDE Project. @@ -36,8 +37,6 @@ extern void tcp_relay __P((int, int, const char *)); extern void ftp_relay __P((int, int)); extern int ftp_active __P((int, int, int *, int *)); extern int ftp_passive __P((int, int, int *, int *)); -extern void rsh_relay __P((int, int)); -extern void rsh_dual_relay __P((int, int)); extern void exit_success __P((const char *, ...)) __attribute__((__format__(__printf__, 1, 2))); extern void exit_failure __P((const char *, ...)) diff --git a/usr.sbin/faithd/prefix.h b/usr.sbin/faithd/prefix.h index c5dfa3145291..87a18e88a9fa 100644 --- a/usr.sbin/faithd/prefix.h +++ b/usr.sbin/faithd/prefix.h @@ -1,5 +1,5 @@ -/* $NetBSD: prefix.h,v 1.1 2001/02/15 17:58:55 itojun Exp $ */ -/* $KAME: prefix.h,v 1.3 2000/11/19 11:45:38 itojun Exp $ */ +/* $NetBSD: prefix.h,v 1.2 2002/05/09 14:24:03 itojun Exp $ */ +/* $KAME: prefix.h,v 1.4 2001/09/05 03:04:21 itojun Exp $ */ /* * Copyright (C) 2000 WIDE Project.