[rsh] rshd, rlogind: use sockaddr_in for non-native IPv6 clients

Michal Sekletar msekleta at fedoraproject.org
Wed Jun 26 16:25:49 UTC 2013 

commit 7c819271729ff79c91059dd6f2f620c586a78d42
Author: Michal Sekletar <msekleta at redhat.com>
Date:   Wed Jun 26 17:20:07 2013 +0200

    rshd, rlogind: use sockaddr_in for non-native IPv6 clients
    
    In case rshd or rlogind are handed IPv6 socket and connected
    client doesn't support IPv6 natively and it is presented as IPv4
    mapped IPv6, we will detect that and convert structure representing
    connected client to the form which is used for IPv4 clients.
    
    Signed-off-by: Michal Sekletar <msekleta at redhat.com>

 ...e-sockaddr_in-for-non-native-IPv6-clients.patch |   50 ++++++++++++++++++++
 ...se-sockaddr_in-for-non-native-IPv6-client.patch |   45 ++++++++++++++++++
 rsh.spec                                           |    7 ++-
 3 files changed, 101 insertions(+), 1 deletions(-)
---
diff --git a/0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch b/0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch
new file mode 100644
index 0000000..14eb61f
--- /dev/null
+++ b/0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch
@@ -0,0 +1,50 @@
+From dfc2da58520df75fc1a2506ebc4142085ed2ba1c Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta at redhat.com>
+Date: Fri, 14 Jun 2013 15:38:02 +0200
+Subject: [PATCH 1/2] rshd: use sockaddr_in for non-native IPv6 clients
+
+When client has IPv4 address but connection was made via AF_INET6
+socket, then convert socket structure representing client back
+to sockaddr_in so we don't confuse pam_rhosts authentication with
+IPv4-mapped IPv6 address.
+---
+ rshd/rshd.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/rshd/rshd.c b/rshd/rshd.c
+index d1ea0e9..e8cdfe2 100644
+--- a/rshd/rshd.c
++++ b/rshd/rshd.c
+@@ -644,6 +644,29 @@ static void network_init(int fd,
+ 		syslog(LOG_ERR, "getpeername: %m");
+ 		_exit(1);
+ 	}
++
++	if (((struct sockaddr_in *) fromp)->sin_family == AF_INET6 &&
++		IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *) fromp)->sin6_addr)) {
++
++		struct addrinfo *res, hints = {};
++		char client_addr[INET6_ADDRSTRLEN] = {};
++		char client_port[6] = {};
++
++		inet_ntop(AF_INET6, &((struct sockaddr_in6 *) fromp)->sin6_addr,
++			client_addr, sizeof(client_addr));
++
++		sprintf(client_port, "%d", ntohs(((struct sockaddr_in6 *) fromp)->sin6_port));
++
++		hints.ai_family = AF_INET;
++		hints.ai_socktype = SOCK_STREAM;
++		hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV;
++
++		getaddrinfo(client_addr, client_port, &hints, &res);
++
++		memcpy(fromp, res->ai_addr, sizeof(struct sockaddr_in6));
++		freeaddrinfo(res);
++	}
++
+ 	if (keepalive &&
+ 	    setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
+ 	    sizeof(on)) < 0)
+-- 
+1.8.1.4
+
diff --git a/0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch b/0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch
new file mode 100644
index 0000000..ba599d8
--- /dev/null
+++ b/0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch
@@ -0,0 +1,45 @@
+From 6e0abc319fa8d1f17c4cd1bfa633b9aa10ef5370 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta at redhat.com>
+Date: Fri, 14 Jun 2013 16:34:58 +0200
+Subject: [PATCH 2/2] rlogind: use sockaddr_in for non-native IPv6 client
+
+---
+ rlogind/network.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/rlogind/network.c b/rlogind/network.c
+index 8c2a975..db272fd 100644
+--- a/rlogind/network.c
++++ b/rlogind/network.c
+@@ -204,6 +204,28 @@ network_init(int f, int *hostokp)
+ #endif
+ 	fromp = &from;
+ 
++	if (((struct sockaddr_in *) fromp)->sin_family == AF_INET6 &&
++		IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *) fromp)->sin6_addr)) {
++
++		struct addrinfo *res, hints = {};
++		char client_addr[INET6_ADDRSTRLEN] = {};
++		char client_port[6] = {};
++
++		inet_ntop(AF_INET6, &((struct sockaddr_in6 *) fromp)->sin6_addr,
++			client_addr, sizeof(client_addr));
++
++		sprintf(client_port, "%d", ntohs(((struct sockaddr_in6 *) fromp)->sin6_port));
++
++		hints.ai_family = AF_INET;
++		hints.ai_socktype = SOCK_STREAM;
++		hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV;
++
++		getaddrinfo(client_addr, client_port, &hints, &res);
++
++		memcpy(fromp, res->ai_addr, sizeof(struct sockaddr_in6));
++		freeaddrinfo(res);
++	}
++
+ 	alarm(60);
+ 	read(f, &c, 1);
+ 
+-- 
+1.8.1.4
+
diff --git a/rsh.spec b/rsh.spec
index 860edf7..fdf86b4 100644
--- a/rsh.spec
+++ b/rsh.spec
@@ -83,6 +83,8 @@ Patch42: netkit-rsh-0.17-rh710987.patch
 Patch43: netkit-rsh-0.17-rh784467.patch
 Patch44: netkit-rsh-0.17-rh896583.patch
 Patch45: netkit-rsh-0.17-rh947213.patch
+Patch46: 0001-rshd-use-sockaddr_in-for-non-native-IPv6-clients.patch
+Patch47: 0002-rlogind-use-sockaddr_in-for-non-native-IPv6-client.patch
 
 %description
 The rsh package contains a set of programs which allow users to run
@@ -156,6 +158,8 @@ from other machines
 %patch43 -p1 -b .rh784467
 %patch44 -b .rh896583
 %patch45 -p1 -b .rh947213
+%patch46 -p1
+%patch47 -p1
 
 # No, I don't know what this is doing in the tarball.
 rm -f rexec/rexec
@@ -239,8 +243,9 @@ install -m644 %SOURCE10 %{buildroot}%{_unitdir}/rexec.socket
 %{_mandir}/man8/*.8*
 
 %changelog
-* Tue Apr 30 2013 Michal Sekletar <msekleta at redhat.com> - 0.17-72
+* Tue Jun 26 2013 Michal Sekletar <msekleta at redhat.com> - 0.17-72
 - unit files must not be marked as config files
+- fix handling of non-native IPv6 connections via AF_INET6 socket
 
 * Thu Apr 11 2013 Michal Sekletar <msekleta at redhat.com> - 0.17-71
 - resolves: RHBZ #737244 #896583 #947213

More information about the scm-commits mailing list