1 |
158 |
chris |
.\" Copyright (c) 1983, 1991, 1993
|
2 |
|
|
.\" The Regents of the University of California. All rights reserved.
|
3 |
|
|
.\"
|
4 |
|
|
.\" Redistribution and use in source and binary forms, with or without
|
5 |
|
|
.\" modification, are permitted provided that the following conditions
|
6 |
|
|
.\" are met:
|
7 |
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
8 |
|
|
.\" notice, this list of conditions and the following disclaimer.
|
9 |
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
10 |
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
11 |
|
|
.\" documentation and/or other materials provided with the distribution.
|
12 |
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
13 |
|
|
.\" must display the following acknowledgement:
|
14 |
|
|
.\" This product includes software developed by the University of
|
15 |
|
|
.\" California, Berkeley and its contributors.
|
16 |
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
17 |
|
|
.\" may be used to endorse or promote products derived from this software
|
18 |
|
|
.\" without specific prior written permission.
|
19 |
|
|
.\"
|
20 |
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
21 |
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
22 |
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
23 |
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
24 |
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
25 |
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
26 |
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
27 |
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
28 |
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
29 |
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
30 |
|
|
.\" SUCH DAMAGE.
|
31 |
|
|
.\"
|
32 |
|
|
.\" From: @(#)rcmd.3 8.1 (Berkeley) 6/4/93
|
33 |
208 |
chris |
.\" $Id: rcmd.3,v 1.2 2001-09-27 12:01:53 chris Exp $
|
34 |
158 |
chris |
.\"
|
35 |
|
|
.Dd February 15, 1996
|
36 |
|
|
.Dt RCMD 3
|
37 |
|
|
.Os BSD 4.2
|
38 |
|
|
.Sh NAME
|
39 |
|
|
.Nm rcmd ,
|
40 |
|
|
.Nm rresvport ,
|
41 |
|
|
.Nm iruserok ,
|
42 |
|
|
.Nm ruserok
|
43 |
|
|
.Nd routines for returning a stream to a remote command
|
44 |
|
|
.Sh SYNOPSIS
|
45 |
|
|
.Fd #include
|
46 |
|
|
.Ft int
|
47 |
|
|
.Fn rcmd "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "int *fd2p"
|
48 |
|
|
.Ft int
|
49 |
|
|
.Fn rresvport "int *port"
|
50 |
|
|
.Ft int
|
51 |
|
|
.Fn iruserok "u_long raddr" "int superuser" "const char *ruser" "const char *luser"
|
52 |
|
|
.Ft int
|
53 |
|
|
.Fn ruserok "const char *rhost" "int superuser" "const char *ruser" "const char *luser"
|
54 |
|
|
.Sh DESCRIPTION
|
55 |
|
|
The
|
56 |
|
|
.Fn rcmd
|
57 |
|
|
function
|
58 |
|
|
is used by the super-user to execute a command on
|
59 |
|
|
a remote machine using an authentication scheme based
|
60 |
|
|
on reserved port numbers.
|
61 |
|
|
The
|
62 |
|
|
.Fn rresvport
|
63 |
|
|
function
|
64 |
|
|
returns a descriptor to a socket
|
65 |
|
|
with an address in the privileged port space.
|
66 |
|
|
The
|
67 |
|
|
.Fn ruserok
|
68 |
|
|
function
|
69 |
|
|
is used by servers
|
70 |
|
|
to authenticate clients requesting service with
|
71 |
|
|
.Fn rcmd .
|
72 |
|
|
All three functions are present in the same file and are used
|
73 |
|
|
by the
|
74 |
|
|
.Xr rshd 8
|
75 |
|
|
server (among others).
|
76 |
|
|
.Pp
|
77 |
|
|
The
|
78 |
|
|
.Fn rcmd
|
79 |
|
|
function
|
80 |
|
|
looks up the host
|
81 |
|
|
.Fa *ahost
|
82 |
|
|
using
|
83 |
|
|
.Xr gethostbyname 3 ,
|
84 |
|
|
returning \-1 if the host does not exist.
|
85 |
|
|
Otherwise
|
86 |
|
|
.Fa *ahost
|
87 |
|
|
is set to the standard name of the host
|
88 |
|
|
and a connection is established to a server
|
89 |
|
|
residing at the well-known Internet port
|
90 |
|
|
.Fa inport .
|
91 |
|
|
.Pp
|
92 |
|
|
If the connection succeeds,
|
93 |
|
|
a socket in the Internet domain of type
|
94 |
|
|
.Dv SOCK_STREAM
|
95 |
|
|
is returned to the caller, and given to the remote
|
96 |
|
|
command as
|
97 |
|
|
.Em stdin
|
98 |
|
|
and
|
99 |
|
|
.Em stdout .
|
100 |
|
|
If
|
101 |
|
|
.Fa fd2p
|
102 |
|
|
is non-zero, then an auxiliary channel to a control
|
103 |
|
|
process will be set up, and a descriptor for it will be placed
|
104 |
|
|
in
|
105 |
|
|
.Fa *fd2p .
|
106 |
|
|
The control process will return diagnostic
|
107 |
|
|
output from the command (unit 2) on this channel, and will also
|
108 |
|
|
accept bytes on this channel as being
|
109 |
|
|
.Tn UNIX
|
110 |
|
|
signal numbers, to be
|
111 |
|
|
forwarded to the process group of the command.
|
112 |
|
|
If
|
113 |
|
|
.Fa fd2p
|
114 |
|
|
is 0, then the
|
115 |
|
|
.Em stderr
|
116 |
|
|
(unit 2 of the remote
|
117 |
|
|
command) will be made the same as the
|
118 |
|
|
.Em stdout
|
119 |
|
|
and no
|
120 |
|
|
provision is made for sending arbitrary signals to the remote process,
|
121 |
|
|
although you may be able to get its attention by using out-of-band data.
|
122 |
|
|
.Pp
|
123 |
|
|
The protocol is described in detail in
|
124 |
|
|
.Xr rshd 8 .
|
125 |
|
|
.Pp
|
126 |
|
|
The
|
127 |
|
|
.Fn rresvport
|
128 |
|
|
function is used to obtain a socket with a privileged
|
129 |
|
|
address bound to it. This socket is suitable for use
|
130 |
|
|
by
|
131 |
|
|
.Fn rcmd
|
132 |
|
|
and several other functions. Privileged Internet ports are those
|
133 |
|
|
in the range 0 to 1023. Only the super-user
|
134 |
|
|
is allowed to bind an address of this sort to a socket.
|
135 |
|
|
.Pp
|
136 |
|
|
The
|
137 |
|
|
.Fn iruserok
|
138 |
|
|
and
|
139 |
|
|
.Fn ruserok
|
140 |
|
|
functions take a remote host's IP address or name, as returned by the
|
141 |
|
|
.Xr gethostbyname 3
|
142 |
|
|
routines, two user names and a flag indicating whether the local user's
|
143 |
|
|
name is that of the super-user.
|
144 |
|
|
Then, if the user is
|
145 |
|
|
.Em NOT
|
146 |
|
|
the super-user, it checks the
|
147 |
|
|
.Pa /etc/hosts.equiv
|
148 |
|
|
file.
|
149 |
|
|
If that lookup is not done, or is unsuccessful, the
|
150 |
|
|
.Pa .rhosts
|
151 |
|
|
in the local user's home directory is checked to see if the request for
|
152 |
|
|
service is allowed.
|
153 |
|
|
.Pp
|
154 |
|
|
If this file does not exist, is not a regular file, is owned by anyone
|
155 |
|
|
other than the user or the super-user, or is writable by anyone other
|
156 |
|
|
than the owner, the check automatically fails.
|
157 |
|
|
Zero is returned if the machine name is listed in the
|
158 |
|
|
.Dq Pa hosts.equiv
|
159 |
|
|
file, or the host and remote user name are found in the
|
160 |
|
|
.Dq Pa .rhosts
|
161 |
|
|
file; otherwise
|
162 |
|
|
.Fn iruserok
|
163 |
|
|
and
|
164 |
|
|
.Fn ruserok
|
165 |
|
|
return \-1.
|
166 |
|
|
If the local domain (as obtained from
|
167 |
|
|
.Xr gethostname 3 )
|
168 |
|
|
is the same as the remote domain, only the machine name need be specified.
|
169 |
|
|
.Pp
|
170 |
|
|
The
|
171 |
|
|
.Fn iruserok
|
172 |
|
|
function is strongly preferred for security reasons.
|
173 |
|
|
It requires trusting the local DNS at most, while the
|
174 |
|
|
.Fn ruserok
|
175 |
|
|
function requires trusting the entire DNS, which can be spoofed.
|
176 |
|
|
.Sh DIAGNOSTICS
|
177 |
|
|
The
|
178 |
|
|
.Fn rcmd
|
179 |
|
|
function
|
180 |
|
|
returns a valid socket descriptor on success.
|
181 |
|
|
It returns \-1 on error and prints a diagnostic message on the standard error.
|
182 |
|
|
.Pp
|
183 |
|
|
The
|
184 |
|
|
.Fn rresvport
|
185 |
|
|
function
|
186 |
|
|
returns a valid, bound socket descriptor on success.
|
187 |
|
|
It returns \-1 on error with the global value
|
188 |
|
|
.Va errno
|
189 |
|
|
set according to the reason for failure.
|
190 |
|
|
The error code
|
191 |
|
|
.Dv EAGAIN
|
192 |
|
|
is overloaded to mean ``All network ports in use.''
|
193 |
|
|
.Sh SEE ALSO
|
194 |
|
|
.Xr rlogin 1 ,
|
195 |
|
|
.Xr rsh 1 ,
|
196 |
|
|
.Xr intro 2 ,
|
197 |
|
|
.Xr rexec 3 ,
|
198 |
|
|
.Xr rexecd 8 ,
|
199 |
|
|
.Xr rlogind 8 ,
|
200 |
|
|
.Xr rshd 8
|
201 |
|
|
.Sh HISTORY
|
202 |
|
|
These
|
203 |
|
|
functions appeared in
|
204 |
|
|
.Bx 4.2 .
|