drop support for rsh/rlogin relaying.

use of .rhosts authentication should be discouraged with relaying service.
sync w/kame

usr.sbin/faithd/Makefile

@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.2 2001/02/15 17:58:55 itojun Exp $
+# $NetBSD: Makefile,v 1.3 2002/05/09 14:24:03 itojun Exp $
 
 PROG=	faithd
-SRCS=	faithd.c tcp.c ftp.c rsh.c prefix.c
+SRCS=	faithd.c tcp.c ftp.c prefix.c
 MAN=	faithd.8
 
 #CFLAGS+= -DFAITH4

usr.sbin/faithd/README

@@ -1,7 +1,7 @@
 Configuring FAITH IPv6-to-IPv4 TCP relay
 
 Kazu Yamamoto and Jun-ichiro itojun Hagino
-$KAME: README,v 1.6 2000/07/06 13:43:33 itojun Exp $
+$KAME: README,v 1.9 2002/05/09 14:10:06 itojun Exp $
 
 
 Introduction
@@ -73,8 +73,6 @@ The following example assumes:
 
     More examples:
 
-	# faithd login /usr/libexec/rlogin rlogind
-	# faithd shell /usr/libexec/rshd rshd
 	# faithd ftpd /usr/libexec/ftpd ftpd -l
 	# faithd sshd
 

usr.sbin/faithd/faithd.8

@@ -1,5 +1,5 @@
-.\"	$NetBSD: faithd.8,v 1.17 2002/01/19 03:12:56 wiz Exp $
-.\"	$KAME: faithd.8,v 1.32 2001/08/02 02:37:20 itojun Exp $
+.\"	$NetBSD: faithd.8,v 1.18 2002/05/09 14:24:03 itojun Exp $
+.\"	$KAME: faithd.8,v 1.37 2002/05/09 14:21:23 itojun Exp $
 .\"
 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 .\" All rights reserved.
@@ -168,8 +168,6 @@ Use privileged TCP port number as source port,
 for IPv4 TCP connection toward final destination.
 For relaying
 .Xr ftp 1
-and
-.Xr rlogin 1 ,
 this flag is not necessary as special program code is supplied.
 .El
 .Pp
@@ -178,9 +176,7 @@ will relay both normal and out-of-band TCP data.
 It is capable of emulating TCP half close as well.
 .Nm
 includes special support for protocols used by
-.Xr ftp 1
-and
-.Xr rlogin 1 .
+.Xr ftp 1 .
 When translating FTP protocol,
 .Nm
 translates network level addresses in
@@ -188,13 +184,6 @@ translates network level addresses in
 and
 .Li PASV/LPSV/EPSV
 commands.
-For RLOGIN protocol,
-.Nm
-will relay back connection from
-.Xr rlogind 8
-on the server to
-.Xr rlogin 1
-on client.
 .Pp
 Inactive sessions will be disconnected in 30 minutes,
 to avoid stale sessions from chewing up resources.
@@ -328,18 +317,11 @@ If you would like to pass extra arguments to the local daemon:
 Here are some other examples.
 You may need
 .Fl p
-to translate rsh/rlogin services.
+if the service checks the source port range.
 .Bd -literal -offset
 # faithd ssh
-# faithd login /usr/libexec/rlogin rlogind
-# faithd shell /usr/libexec/rshd rshd
+# faithd telnet /usr/libexec/telnetd telnetd
 .Ed
-.Pp
-However, you should be careful when translating rlogin or rsh
-connections.
-See
-.Sx SECURITY CONSIDERATIONS
-for more details.
 .Ss inetd mode samples
 Add the following lines into
 .Xr inetd.conf 5 .
@@ -396,9 +378,7 @@ The
 command first appeared in WIDE Hydrangea IPv6 protocol stack kit.
 .\"
 .Sh SECURITY CONSIDERATIONS
-It is very insecure to use
-.Xr rhosts 5
-and other IP-address based authentication, for connections relayed by
+It is very insecure to use IP-address based authentication, for connections relayed by
 .Nm Ns ,
 and any other TCP relaying services.
 .Pp

usr.sbin/faithd/faithd.c

@@ -1,5 +1,5 @@
-/*	$NetBSD: faithd.c,v 1.24 2002/04/24 12:14:42 itojun Exp $	*/
-/*	$KAME: faithd.c,v 1.47 2002/04/24 12:06:15 itojun Exp $	*/
+/*	$NetBSD: faithd.c,v 1.25 2002/05/09 14:24:03 itojun Exp $	*/
+/*	$KAME: faithd.c,v 1.50 2002/05/09 14:06:52 itojun Exp $	*/
 
 /*
  * Copyright (C) 1997 and 1998 WIDE Project.
@@ -568,18 +568,10 @@ play_child(int s_src, struct sockaddr *srcaddr)
 	else /* AF_INET */
 		hport = ntohs(((struct sockaddr_in *)&dstaddr4)->sin_port);
 
-	switch (hport) {
-	case RLOGIN_PORT:
-	case RSH_PORT:
+	if (pflag)
 		s_dst = rresvport_af(&nresvport, sa4->sa_family);
-		break;
-	default:
-		if (pflag)
-			s_dst = rresvport_af(&nresvport, sa4->sa_family);
-		else
-			s_dst = socket(sa4->sa_family, SOCK_STREAM, 0);
-		break;
-	}
+	else
+		s_dst = socket(sa4->sa_family, SOCK_STREAM, 0);
 	if (s_dst < 0) {
 		exit_failure("socket: %s", strerror(errno));
 		/*NOTREACHED*/
@@ -620,15 +612,6 @@ play_child(int s_src, struct sockaddr *srcaddr)
 	case FTP_PORT:
 		ftp_relay(s_src, s_dst);
 		break;
-	case RSH_PORT:
-		syslog(LOG_WARNING,
-		    "WARINNG: it is insecure to relay rsh port");
-		rsh_relay(s_src, s_dst);
-		break;
-	case RLOGIN_PORT:
-		syslog(LOG_WARNING,
-		    "WARINNG: it is insecure to relay rlogin port");
-		/*FALLTHROUGH*/
 	default:
 		tcp_relay(s_src, s_dst, service);
 		break;

usr.sbin/faithd/faithd.h

@@ -1,4 +1,5 @@
-/*	$KAME: faithd.h,v 1.8 2001/09/05 03:04:21 itojun Exp $	*/
+/*	$NetBSD: faithd.h,v 1.9 2002/05/09 14:24:03 itojun Exp $	*/
+/*	$KAME: faithd.h,v 1.9 2002/05/09 09:41:24 itojun Exp $	*/
 
 /*
  * Copyright (C) 1997 and 1998 WIDE Project.
@@ -36,8 +37,6 @@ extern void tcp_relay __P((int, int, const char *));
 extern void ftp_relay __P((int, int));
 extern int ftp_active __P((int, int, int *, int *));
 extern int ftp_passive __P((int, int, int *, int *));
-extern void rsh_relay __P((int, int));
-extern void rsh_dual_relay __P((int, int));
 extern void exit_success __P((const char *, ...))
 	__attribute__((__format__(__printf__, 1, 2)));
 extern void exit_failure __P((const char *, ...))

usr.sbin/faithd/prefix.h

@@ -1,5 +1,5 @@
-/*	$NetBSD: prefix.h,v 1.1 2001/02/15 17:58:55 itojun Exp $	*/
-/*	$KAME: prefix.h,v 1.3 2000/11/19 11:45:38 itojun Exp $	*/
+/*	$NetBSD: prefix.h,v 1.2 2002/05/09 14:24:03 itojun Exp $	*/
+/*	$KAME: prefix.h,v 1.4 2001/09/05 03:04:21 itojun Exp $	*/
 
 /*
  * Copyright (C) 2000 WIDE Project.