b6cbf7203b
This patch imports the unmodified current version of NetBSD libc. The NetBSD includes are in /nbsd_include, while the libc code itself is split between lib/nbsd_libc and common/lib/libc.
312 lines
8.1 KiB
Groff
312 lines
8.1 KiB
Groff
.\" $NetBSD: rcmd.3,v 1.28 2010/03/22 19:30:54 joerg Exp $
|
|
.\"
|
|
.\" Copyright (c) 1983, 1991, 1993
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. Neither the name of the University nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" @(#)rcmd.3 8.1 (Berkeley) 6/4/93
|
|
.\"
|
|
.Dd March 30, 2005
|
|
.Dt RCMD 3
|
|
.Os
|
|
.Sh NAME
|
|
.Nm rcmd ,
|
|
.Nm orcmd ,
|
|
.Nm rcmd_af ,
|
|
.Nm orcmd_af ,
|
|
.Nm rresvport ,
|
|
.Nm rresvport_af ,
|
|
.Nm iruserok ,
|
|
.Nm ruserok ,
|
|
.Nm iruserok_sa
|
|
.Nd routines for returning a stream to a remote command
|
|
.Sh LIBRARY
|
|
.Lb libc
|
|
.Sh SYNOPSIS
|
|
.In unistd.h
|
|
.Ft int
|
|
.Fn rcmd "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "int *fd2p"
|
|
.Ft int
|
|
.Fn orcmd "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "int *fd2p"
|
|
.Ft int
|
|
.Fn rcmd_af "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "int *fd2p" "int af"
|
|
.Ft int
|
|
.Fn orcmd_af "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "int *fd2p" "int af"
|
|
.Ft int
|
|
.Fn rresvport "int *port"
|
|
.Ft int
|
|
.Fn rresvport_af "int *port" "int family"
|
|
.Ft int
|
|
.Fn iruserok "uint32_t raddr" "int superuser" "const char *ruser" "const char *luser"
|
|
.Ft int
|
|
.Fn ruserok "const char *rhost" "int superuser" "const char *ruser" "const char *luser"
|
|
.Ft int
|
|
.Fn iruserok_sa "const void *raddr" "int rlen" "int superuser" "const char *ruser" "const char *luser"
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Fn rcmd
|
|
function is available for use by anyone to run commands on a
|
|
remote system. It acts like the
|
|
.Fn orcmd
|
|
command, with the exception that it makes a call out to the
|
|
.Xr rcmd 1
|
|
command, or any other user-specified command, to perform the
|
|
actual connection (thus not requiring
|
|
that the caller be running as the super-user), and is only
|
|
available for the
|
|
.Dq shell/tcp
|
|
port.
|
|
The
|
|
.Fn orcmd
|
|
function
|
|
is used by the super-user to execute a command on
|
|
a remote machine using an authentication scheme based
|
|
on reserved port numbers.
|
|
While
|
|
.Fn rcmd
|
|
and
|
|
.Fn orcmd
|
|
can only handle IPv4 address in the first argument,
|
|
.Fn rcmd_af
|
|
and
|
|
.Fn orcmd_af
|
|
can handle other cases as well.
|
|
The
|
|
.Fn rresvport
|
|
function
|
|
returns a descriptor to a socket
|
|
with an address in the privileged port space.
|
|
The
|
|
.Fn rresvport_af
|
|
function is similar to
|
|
.Fn rresvport ,
|
|
but you can explicitly specify the address family to use.
|
|
Calling
|
|
.Fn rresvport_af
|
|
with
|
|
.Dv AF_INET
|
|
has the same effect as
|
|
.Fn rresvport .
|
|
The
|
|
.Fn iruserok
|
|
and
|
|
.Fn ruserok
|
|
functions are used by servers
|
|
to authenticate clients requesting service with
|
|
.Fn rcmd .
|
|
All six functions are present in the same file and are used
|
|
by the
|
|
.Xr rshd 8
|
|
server (among others).
|
|
.Fn iruserok_sa
|
|
is an address family independent variant of
|
|
.Fn iruserok .
|
|
.Pp
|
|
The
|
|
.Fn rcmd
|
|
function
|
|
looks up the host
|
|
.Fa *ahost
|
|
using
|
|
.Xr gethostbyname 3 ,
|
|
returning \-1 if the host does not exist.
|
|
Otherwise
|
|
.Fa *ahost
|
|
is set to the standard name of the host
|
|
and a connection is established to a server
|
|
residing at the well-known Internet port
|
|
.Fa inport .
|
|
.Pp
|
|
If the connection succeeds,
|
|
a socket in the Internet domain of type
|
|
.Dv SOCK_STREAM
|
|
is returned to the caller, and given to the remote
|
|
command as
|
|
.Em stdin
|
|
and
|
|
.Em stdout .
|
|
If
|
|
.Fa fd2p
|
|
is non-zero, then an auxiliary channel to a control
|
|
process will be set up, and a descriptor for it will be placed
|
|
in
|
|
.Fa *fd2p .
|
|
The control process will return diagnostic
|
|
output from the command (unit 2) on this channel, and will also
|
|
accept bytes on this channel as being
|
|
.Ux
|
|
signal numbers, to be
|
|
forwarded to the process group of the command.
|
|
If
|
|
.Fa fd2p
|
|
is 0, then the
|
|
.Em stderr
|
|
(unit 2 of the remote
|
|
command) will be made the same as the
|
|
.Em stdout
|
|
and no
|
|
provision is made for sending arbitrary signals to the remote process,
|
|
although you may be able to get its attention by using out-of-band data.
|
|
.Pp
|
|
.Fn rcmd_af
|
|
and
|
|
.Fn orcmd_af
|
|
take address family in the last argument.
|
|
If the last argument is
|
|
.Dv PF_UNSPEC ,
|
|
interpretation of
|
|
.Fa *ahost
|
|
will obey the underlying address resolution like DNS.
|
|
.Pp
|
|
The protocol is described in detail in
|
|
.Xr rshd 8 .
|
|
.Pp
|
|
The
|
|
.Fn rresvport
|
|
and
|
|
.Fn rresvport_af
|
|
functions are used to obtain a socket with a privileged
|
|
address bound to it. This socket is suitable for use
|
|
by
|
|
.Fn rcmd
|
|
and several other functions. Privileged Internet ports are those
|
|
in the range 0 to 1023. Only the super-user
|
|
is allowed to bind an address of this sort to a socket.
|
|
.Pp
|
|
The
|
|
.Fn iruserok
|
|
and
|
|
.Fn ruserok
|
|
functions take a remote host's IP address or name, respectively,
|
|
two user names and a flag indicating whether the local user's
|
|
name is that of the super-user.
|
|
Then, if the user is
|
|
.Em NOT
|
|
the super-user, it checks the
|
|
.Pa /etc/hosts.equiv
|
|
file.
|
|
If that lookup is not done, or is unsuccessful, the
|
|
.Pa .rhosts
|
|
in the local user's home directory is checked to see if the request for
|
|
service is allowed.
|
|
.Pp
|
|
If this file does not exist, is not a regular file, is owned by anyone
|
|
other than the user or the super-user, or is writable by anyone other
|
|
than the owner, the check automatically fails.
|
|
Zero is returned if the machine name is listed in the
|
|
.Dq Pa hosts.equiv
|
|
file, or the host and remote user name are found in the
|
|
.Dq Pa .rhosts
|
|
file; otherwise
|
|
.Fn iruserok
|
|
and
|
|
.Fn ruserok
|
|
return \-1.
|
|
If the local domain (as obtained from
|
|
.Xr gethostname 3 )
|
|
is the same as the remote domain, only the machine name need be specified.
|
|
.Pp
|
|
If the IP address of the remote host is known,
|
|
.Fn iruserok
|
|
should be used in preference to
|
|
.Fn ruserok ,
|
|
as it does not require trusting the DNS server for the remote host's domain.
|
|
.Pp
|
|
While
|
|
.Fn iruserok
|
|
can handle IPv4 addresses only,
|
|
.Fn iruserok_sa
|
|
and
|
|
.Fn ruserok
|
|
can handle other address families as well, like IPv6.
|
|
The first argument of
|
|
.Fn iruserok_sa
|
|
is typed as
|
|
.Fa "void *"
|
|
to avoid dependency between
|
|
.In unistd.h
|
|
and
|
|
.In sys/socket.h .
|
|
.Sh ENVIRONMENT
|
|
.Bl -tag -width RCMD_CMDxx -compact
|
|
.It Ev RCMD_CMD
|
|
When using the
|
|
.Fn rcmd
|
|
function, this variable is used as the program to run instead of
|
|
.Xr rcmd 1 .
|
|
.El
|
|
.Sh DIAGNOSTICS
|
|
The
|
|
.Fn rcmd
|
|
function
|
|
returns a valid socket descriptor on success.
|
|
It returns \-1 on error and prints a diagnostic message on the standard error.
|
|
.Pp
|
|
The
|
|
.Fn rresvport
|
|
and
|
|
.Fn rresvport_af
|
|
function
|
|
return a valid, bound socket descriptor on success.
|
|
They return \-1 on error with the global value
|
|
.Va errno
|
|
set according to the reason for failure.
|
|
The error code
|
|
.Dv EAGAIN
|
|
is overloaded to mean ``All network ports in use.''
|
|
.Sh SEE ALSO
|
|
.Xr rcmd 1 ,
|
|
.Xr rlogin 1 ,
|
|
.Xr rsh 1 ,
|
|
.Xr intro 2 ,
|
|
.Xr rexec 3 ,
|
|
.Xr hosts.equiv 5 ,
|
|
.Xr rhosts 5 ,
|
|
.Xr rexecd 8 ,
|
|
.Xr rlogind 8 ,
|
|
.Xr rshd 8
|
|
.Sh HISTORY
|
|
The
|
|
.Fn orcmd ,
|
|
.Fn rresvport ,
|
|
.Fn iruserok
|
|
and
|
|
.Fn ruserok
|
|
functions appeared in
|
|
.Bx 4.2 ,
|
|
where the
|
|
.Fn orcmd
|
|
function was called
|
|
.Fn rcmd .
|
|
The (newer)
|
|
.Fn rcmd
|
|
function appeared in
|
|
.Nx 1.3 .
|
|
.Fn rcmd_af
|
|
and
|
|
.Fn rresvport_af
|
|
were defined in RFC2292.
|