1*61151Sbostic.\" Copyright (c) 1983, 1991, 1993 2*61151Sbostic.\" The Regents of the University of California. All rights reserved. 320580Smckusick.\" 443572Strent.\" %sccs.include.redist.man% 520580Smckusick.\" 6*61151Sbostic.\" @(#)rcmd.3 8.1 (Berkeley) 06/04/93 736313Sbostic.\" 848352Scael.Dd 948352Scael.Dt RCMD 3 1048352Scael.Os BSD 4.2 1148352Scael.Sh NAME 1248352Scael.Nm rcmd , 1348352Scael.Nm rresvport , 1448352Scael.Nm ruserok 1548352Scael.Nd routines for returning a stream to a remote command 1648352Scael.Sh SYNOPSIS 1748352Scael.Fd #include <unistd.h> 1848352Scael.Ft int 1948352Scael.Fn rcmd "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "int *fd2p" 2048352Scael.Ft int 2148352Scael.Fn rresvport "int *port" 2248352Scael.Ft int 2354575Sbostic.Fn iruserok "u_long raddr" "int superuser" "const char *ruser" "const char *luser" 2454575Sbostic.Ft int 2548352Scael.Fn ruserok "const char *rhost" "int superuser" "const char *ruser" "const char *luser" 2648352Scael.Sh DESCRIPTION 2748352ScaelThe 2848352Scael.Fn rcmd 2948352Scaelfunction 3048352Scaelis used by the super-user to execute a command on 3120580Smckusicka remote machine using an authentication scheme based 3220580Smckusickon reserved port numbers. 3348352ScaelThe 3448352Scael.Fn rresvport 3548352Scaelfunction 3648352Scaelreturns a descriptor to a socket 3720580Smckusickwith an address in the privileged port space. 3848352ScaelThe 3948352Scael.Fn ruserok 4048352Scaelfunction 4148352Scaelis used by servers 4220580Smckusickto authenticate clients requesting service with 4348352Scael.Fn rcmd . 4420580SmckusickAll three functions are present in the same file and are used 4520580Smckusickby the 4648352Scael.Xr rshd 8 4720580Smckusickserver (among others). 4848352Scael.Pp 4948352ScaelThe 5048352Scael.Fn rcmd 5148352Scaelfunction 5220580Smckusicklooks up the host 5348352Scael.Fa *ahost 5420580Smckusickusing 5548352Scael.Xr gethostbyname 3 , 5620580Smckusickreturning \-1 if the host does not exist. 5720580SmckusickOtherwise 5848352Scael.Fa *ahost 5920580Smckusickis set to the standard name of the host 6020580Smckusickand a connection is established to a server 6120580Smckusickresiding at the well-known Internet port 6248352Scael.Fa inport . 6348352Scael.Pp 6428174SkarelsIf the connection succeeds, 6548352Scaela socket in the Internet domain of type 6648352Scael.Dv SOCK_STREAM 6720580Smckusickis returned to the caller, and given to the remote 6820580Smckusickcommand as 6948352Scael.Em stdin 7020580Smckusickand 7148352Scael.Em stdout . 7220580SmckusickIf 7348352Scael.Fa fd2p 7420580Smckusickis non-zero, then an auxiliary channel to a control 7520580Smckusickprocess will be set up, and a descriptor for it will be placed 7620580Smckusickin 7748352Scael.Fa *fd2p . 7820580SmckusickThe control process will return diagnostic 7920580Smckusickoutput from the command (unit 2) on this channel, and will also 8048352Scaelaccept bytes on this channel as being 8148352Scael.Tn UNIX 8248352Scaelsignal numbers, to be 8320580Smckusickforwarded to the process group of the command. 8420580SmckusickIf 8548352Scael.Fa fd2p 8620580Smckusickis 0, then the 8748352Scael.Em stderr 8820580Smckusick(unit 2 of the remote 8920580Smckusickcommand) will be made the same as the 9048352Scael.Em stdout 9120580Smckusickand no 9220580Smckusickprovision is made for sending arbitrary signals to the remote process, 9320580Smckusickalthough you may be able to get its attention by using out-of-band data. 9448352Scael.Pp 9520580SmckusickThe protocol is described in detail in 9648352Scael.Xr rshd 8 . 9748352Scael.Pp 9820580SmckusickThe 9948352Scael.Fn rresvport 10048352Scaelfunction is used to obtain a socket with a privileged 10120580Smckusickaddress bound to it. This socket is suitable for use 10220580Smckusickby 10348352Scael.Fn rcmd 10448352Scaeland several other functions. Privileged Internet ports are those 10528174Skarelsin the range 0 to 1023. Only the super-user 10620580Smckusickis allowed to bind an address of this sort to a socket. 10748352Scael.Pp 10848352ScaelThe 10954575Sbostic.Fn iruserok 11054575Sbosticand 11148352Scael.Fn ruserok 11254575Sbosticfunctions take a remote host's IP address or name, as returned by the 11354575Sbostic.Xr gethostbyname 3 11454575Sbosticroutines, two user names and a flag indicating whether the local user's 11554575Sbosticname is that of the super-user. 11654575SbosticThen, if the user is 11748352Scael.Em NOT 11854575Sbosticthe super-user, it checks the 11954575Sbostic.Pa /etc/hosts.equiv 12054575Sbosticfile. 12136313SbosticIf that lookup is not done, or is unsuccessful, the 12248352Scael.Pa .rhosts 12336313Sbosticin the local user's home directory is checked to see if the request for 12454575Sbosticservice is allowed. 12554575Sbostic.Pp 12654575SbosticIf this file does not exist, is not a regular file, is owned by anyone 12754575Sbosticother than the user or the super-user, or is writeable by anyone other 12854575Sbosticthan the owner, the check automatically fails. 12954575SbosticZero is returned if the machine name is listed in the 13048352Scael.Dq Pa hosts.equiv 13154575Sbosticfile, or the host and remote user name are found in the 13248352Scael.Dq Pa .rhosts 13348352Scaelfile; otherwise 13454575Sbostic.Fn iruserok 13554575Sbosticand 13648352Scael.Fn ruserok 13754575Sbosticreturn \-1. 13848352ScaelIf the local domain (as obtained from 13948352Scael.Xr gethostname 2 ) 14028021Skarelsis the same as the remote domain, only the machine name need be specified. 14154575Sbostic.Pp 14254575SbosticThe 14354575Sbostic.Fn iruserok 14454575Sbosticfunction is strongly preferred for security reasons. 14554575SbosticIt requires trusting the local DNS at most, while the 14654575Sbostic.Fn ruserok 14754575Sbosticfunction requires trusting the entire DNS, which can be spoofed. 14848352Scael.Sh DIAGNOSTICS 14948352ScaelThe 15048352Scael.Fn rcmd 15148352Scaelfunction 15228174Skarelsreturns a valid socket descriptor on success. 15348352ScaelIt returns \-1 on error and prints a diagnostic message on the standard error. 15448352Scael.Pp 15548352ScaelThe 15648352Scael.Fn rresvport 15748352Scaelfunction 15828174Skarelsreturns a valid, bound socket descriptor on success. 15948352ScaelIt returns \-1 on error with the global value 16048352Scael.Va errno 16128174Skarelsset according to the reason for failure. 16248352ScaelThe error code 16348352Scael.Dv EAGAIN 16448352Scaelis overloaded to mean ``All network ports in use.'' 16548352Scael.Sh SEE ALSO 16648352Scael.Xr rlogin 1 , 16748352Scael.Xr rsh 1 , 16848352Scael.Xr intro 2 , 16948352Scael.Xr rexec 3 , 17048352Scael.Xr rexecd 8 , 17148352Scael.Xr rlogind 8 , 17248352Scael.Xr rshd 8 17348352Scael.Sh HISTORY 17448352ScaelThese 17548352Scaelfunctions appeared in 17648352Scael.Bx 4.2 . 177