1 | .\" Copyright (c) 1983, 1991, 1993 |
---|
2 | .\" The Regents of the University of California. All rights reserved. |
---|
3 | .\" |
---|
4 | .\" Redistribution and use in source and binary forms, with or without |
---|
5 | .\" modification, are permitted provided that the following conditions |
---|
6 | .\" are met: |
---|
7 | .\" 1. Redistributions of source code must retain the above copyright |
---|
8 | .\" notice, this list of conditions and the following disclaimer. |
---|
9 | .\" 2. Redistributions in binary form must reproduce the above copyright |
---|
10 | .\" notice, this list of conditions and the following disclaimer in the |
---|
11 | .\" documentation and/or other materials provided with the distribution. |
---|
12 | .\" 3. All advertising materials mentioning features or use of this software |
---|
13 | .\" must display the following acknowledgement: |
---|
14 | .\" This product includes software developed by the University of |
---|
15 | .\" California, Berkeley and its contributors. |
---|
16 | .\" 4. Neither the name of the University nor the names of its contributors |
---|
17 | .\" may be used to endorse or promote products derived from this software |
---|
18 | .\" without specific prior written permission. |
---|
19 | .\" |
---|
20 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
---|
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
---|
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
30 | .\" SUCH DAMAGE. |
---|
31 | .\" |
---|
32 | .\" From: @(#)rcmd.3 8.1 (Berkeley) 6/4/93 |
---|
33 | .\" $Id$ |
---|
34 | .\" |
---|
35 | .Dd February 15, 1996 |
---|
36 | .Dt RCMD 3 |
---|
37 | .Os BSD 4.2 |
---|
38 | .Sh NAME |
---|
39 | .Nm rcmd , |
---|
40 | .Nm rresvport , |
---|
41 | .Nm iruserok , |
---|
42 | .Nm ruserok |
---|
43 | .Nd routines for returning a stream to a remote command |
---|
44 | .Sh SYNOPSIS |
---|
45 | .Fd #include <unistd.h> |
---|
46 | .Ft int |
---|
47 | .Fn rcmd "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "int *fd2p" |
---|
48 | .Ft int |
---|
49 | .Fn rresvport "int *port" |
---|
50 | .Ft int |
---|
51 | .Fn iruserok "u_long raddr" "int superuser" "const char *ruser" "const char *luser" |
---|
52 | .Ft int |
---|
53 | .Fn ruserok "const char *rhost" "int superuser" "const char *ruser" "const char *luser" |
---|
54 | .Sh DESCRIPTION |
---|
55 | The |
---|
56 | .Fn rcmd |
---|
57 | function |
---|
58 | is used by the super-user to execute a command on |
---|
59 | a remote machine using an authentication scheme based |
---|
60 | on reserved port numbers. |
---|
61 | The |
---|
62 | .Fn rresvport |
---|
63 | function |
---|
64 | returns a descriptor to a socket |
---|
65 | with an address in the privileged port space. |
---|
66 | The |
---|
67 | .Fn ruserok |
---|
68 | function |
---|
69 | is used by servers |
---|
70 | to authenticate clients requesting service with |
---|
71 | .Fn rcmd . |
---|
72 | All three functions are present in the same file and are used |
---|
73 | by the |
---|
74 | .Xr rshd 8 |
---|
75 | server (among others). |
---|
76 | .Pp |
---|
77 | The |
---|
78 | .Fn rcmd |
---|
79 | function |
---|
80 | looks up the host |
---|
81 | .Fa *ahost |
---|
82 | using |
---|
83 | .Xr gethostbyname 3 , |
---|
84 | returning \-1 if the host does not exist. |
---|
85 | Otherwise |
---|
86 | .Fa *ahost |
---|
87 | is set to the standard name of the host |
---|
88 | and a connection is established to a server |
---|
89 | residing at the well-known Internet port |
---|
90 | .Fa inport . |
---|
91 | .Pp |
---|
92 | If the connection succeeds, |
---|
93 | a socket in the Internet domain of type |
---|
94 | .Dv SOCK_STREAM |
---|
95 | is returned to the caller, and given to the remote |
---|
96 | command as |
---|
97 | .Em stdin |
---|
98 | and |
---|
99 | .Em stdout . |
---|
100 | If |
---|
101 | .Fa fd2p |
---|
102 | is non-zero, then an auxiliary channel to a control |
---|
103 | process will be set up, and a descriptor for it will be placed |
---|
104 | in |
---|
105 | .Fa *fd2p . |
---|
106 | The control process will return diagnostic |
---|
107 | output from the command (unit 2) on this channel, and will also |
---|
108 | accept bytes on this channel as being |
---|
109 | .Tn UNIX |
---|
110 | signal numbers, to be |
---|
111 | forwarded to the process group of the command. |
---|
112 | If |
---|
113 | .Fa fd2p |
---|
114 | is 0, then the |
---|
115 | .Em stderr |
---|
116 | (unit 2 of the remote |
---|
117 | command) will be made the same as the |
---|
118 | .Em stdout |
---|
119 | and no |
---|
120 | provision is made for sending arbitrary signals to the remote process, |
---|
121 | although you may be able to get its attention by using out-of-band data. |
---|
122 | .Pp |
---|
123 | The protocol is described in detail in |
---|
124 | .Xr rshd 8 . |
---|
125 | .Pp |
---|
126 | The |
---|
127 | .Fn rresvport |
---|
128 | function is used to obtain a socket with a privileged |
---|
129 | address bound to it. This socket is suitable for use |
---|
130 | by |
---|
131 | .Fn rcmd |
---|
132 | and several other functions. Privileged Internet ports are those |
---|
133 | in the range 0 to 1023. Only the super-user |
---|
134 | is allowed to bind an address of this sort to a socket. |
---|
135 | .Pp |
---|
136 | The |
---|
137 | .Fn iruserok |
---|
138 | and |
---|
139 | .Fn ruserok |
---|
140 | functions take a remote host's IP address or name, as returned by the |
---|
141 | .Xr gethostbyname 3 |
---|
142 | routines, two user names and a flag indicating whether the local user's |
---|
143 | name is that of the super-user. |
---|
144 | Then, if the user is |
---|
145 | .Em NOT |
---|
146 | the super-user, it checks the |
---|
147 | .Pa /etc/hosts.equiv |
---|
148 | file. |
---|
149 | If that lookup is not done, or is unsuccessful, the |
---|
150 | .Pa .rhosts |
---|
151 | in the local user's home directory is checked to see if the request for |
---|
152 | service is allowed. |
---|
153 | .Pp |
---|
154 | If this file does not exist, is not a regular file, is owned by anyone |
---|
155 | other than the user or the super-user, or is writable by anyone other |
---|
156 | than the owner, the check automatically fails. |
---|
157 | Zero is returned if the machine name is listed in the |
---|
158 | .Dq Pa hosts.equiv |
---|
159 | file, or the host and remote user name are found in the |
---|
160 | .Dq Pa .rhosts |
---|
161 | file; otherwise |
---|
162 | .Fn iruserok |
---|
163 | and |
---|
164 | .Fn ruserok |
---|
165 | return \-1. |
---|
166 | If the local domain (as obtained from |
---|
167 | .Xr gethostname 3 ) |
---|
168 | is the same as the remote domain, only the machine name need be specified. |
---|
169 | .Pp |
---|
170 | The |
---|
171 | .Fn iruserok |
---|
172 | function is strongly preferred for security reasons. |
---|
173 | It requires trusting the local DNS at most, while the |
---|
174 | .Fn ruserok |
---|
175 | function requires trusting the entire DNS, which can be spoofed. |
---|
176 | .Sh DIAGNOSTICS |
---|
177 | The |
---|
178 | .Fn rcmd |
---|
179 | function |
---|
180 | returns a valid socket descriptor on success. |
---|
181 | It returns \-1 on error and prints a diagnostic message on the standard error. |
---|
182 | .Pp |
---|
183 | The |
---|
184 | .Fn rresvport |
---|
185 | function |
---|
186 | returns a valid, bound socket descriptor on success. |
---|
187 | It returns \-1 on error with the global value |
---|
188 | .Va errno |
---|
189 | set according to the reason for failure. |
---|
190 | The error code |
---|
191 | .Dv EAGAIN |
---|
192 | is overloaded to mean ``All network ports in use.'' |
---|
193 | .Sh SEE ALSO |
---|
194 | .Xr rlogin 1 , |
---|
195 | .Xr rsh 1 , |
---|
196 | .Xr intro 2 , |
---|
197 | .Xr rexec 3 , |
---|
198 | .Xr rexecd 8 , |
---|
199 | .Xr rlogind 8 , |
---|
200 | .Xr rshd 8 |
---|
201 | .Sh HISTORY |
---|
202 | These |
---|
203 | functions appeared in |
---|
204 | .Bx 4.2 . |
---|