2004-11-03 13:51:07 +00:00
|
|
|
.\" $NetBSD: rcmd.3,v 1.9 1996/05/28 02:07:39 mrg Exp $
|
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 1983, 1991, 1993
|
|
|
|
.\" The Regents of the University of California. All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
|
|
.\" must display the following acknowledgement:
|
|
|
|
.\" This product includes software developed by the University of
|
|
|
|
.\" California, Berkeley and its contributors.
|
|
|
|
.\" 4. Neither the name of the University nor the names of its contributors
|
|
|
|
.\" may be used to endorse or promote products derived from this software
|
|
|
|
.\" without specific prior written permission.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
|
|
|
.\"
|
|
|
|
.\" @(#)rcmd.3 8.1 (Berkeley) 6/4/93
|
|
|
|
.\"
|
|
|
|
.\" Contributed as Linux man page by David A. Holland, 970908
|
|
|
|
.\" I have not checked whether the Linux situation is exactly the same.
|
2007-12-03 19:53:53 +00:00
|
|
|
.\"
|
2007-12-03 19:59:38 +00:00
|
|
|
.\" 2007-12-08, mtk, Converted from mdoc to man macros
|
2007-12-03 19:53:53 +00:00
|
|
|
.\"
|
2007-12-28 05:38:10 +00:00
|
|
|
.TH RCMD 3 2007-12-28 "Linux" "Linux Programmer's Manual"
|
2007-12-03 19:53:53 +00:00
|
|
|
.SH NAME
|
|
|
|
rcmd, rresvport, iruserok, ruserok \- routines for returning a
|
|
|
|
stream to a remote command
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.nf
|
|
|
|
.B #include <netdb.h> \ \ \fP/* Or <unistd.h> on some systems */
|
|
|
|
.sp
|
|
|
|
.BI "int rcmd(char **" ahost ", int " inport ", const char *" locuser ", "
|
2007-12-28 04:49:49 +00:00
|
|
|
.BI " const char *" remuser ", const char *" cmd ", int *" fd2p );
|
2007-12-03 19:53:53 +00:00
|
|
|
.sp
|
|
|
|
.BI "int rresvport(int *" port );
|
|
|
|
.sp
|
2007-12-23 17:26:26 +00:00
|
|
|
.BI "int iruserok(uint32_t " raddr ", int " superuser ", "
|
2007-12-03 19:53:53 +00:00
|
|
|
.BI " const char *" ruser ", const char *" luser );
|
|
|
|
.sp
|
|
|
|
.BI "int ruserok(const char *" rhost ", int " superuser ", "
|
|
|
|
.BI " const char *" ruser ", const char *" luser );
|
|
|
|
.fi
|
2007-12-14 07:21:33 +00:00
|
|
|
.sp
|
|
|
|
.in -4n
|
|
|
|
Feature Test Macro Requirements for glibc (see
|
|
|
|
.BR feature_test_macros (7)):
|
|
|
|
.in
|
|
|
|
.sp
|
|
|
|
.BR rcmd (),
|
|
|
|
.BR rresvport (),
|
|
|
|
.BR ruserok ():
|
|
|
|
_BSD_SOURCE
|
2007-12-03 19:53:53 +00:00
|
|
|
.SH DESCRIPTION
|
2004-11-03 13:51:07 +00:00
|
|
|
The
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR rcmd ()
|
2008-12-04 11:37:25 +00:00
|
|
|
function is used by the superuser to execute a command on
|
2004-11-03 13:51:07 +00:00
|
|
|
a remote machine using an authentication scheme based
|
2008-12-04 11:37:25 +00:00
|
|
|
on privileged port numbers.
|
2004-11-03 13:51:07 +00:00
|
|
|
The
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR rresvport ()
|
2004-11-03 13:51:07 +00:00
|
|
|
function
|
|
|
|
returns a descriptor to a socket
|
|
|
|
with an address in the privileged port space.
|
|
|
|
The
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR iruserok ()
|
2004-11-03 13:51:07 +00:00
|
|
|
and
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR ruserok ()
|
2004-11-03 13:51:07 +00:00
|
|
|
functions are used by servers
|
|
|
|
to authenticate clients requesting service with
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR rcmd ().
|
2004-11-03 13:51:07 +00:00
|
|
|
All four functions are present in the same file and are used
|
|
|
|
by the
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR rshd (8)
|
2004-11-03 13:51:07 +00:00
|
|
|
server (among others).
|
2007-12-28 05:38:10 +00:00
|
|
|
.PP
|
2004-11-03 13:51:07 +00:00
|
|
|
The
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR rcmd ()
|
2004-11-03 13:51:07 +00:00
|
|
|
function
|
|
|
|
looks up the host
|
2007-12-03 19:53:53 +00:00
|
|
|
.I *ahost
|
2004-11-03 13:51:07 +00:00
|
|
|
using
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR gethostbyname (3),
|
2004-11-03 13:51:07 +00:00
|
|
|
returning \-1 if the host does not exist.
|
|
|
|
Otherwise
|
2007-12-03 19:53:53 +00:00
|
|
|
.I *ahost
|
2004-11-03 13:51:07 +00:00
|
|
|
is set to the standard name of the host
|
|
|
|
and a connection is established to a server
|
|
|
|
residing at the well-known Internet port
|
2007-12-03 19:53:53 +00:00
|
|
|
.IR inport .
|
2007-12-28 05:38:10 +00:00
|
|
|
.PP
|
2004-11-03 13:51:07 +00:00
|
|
|
If the connection succeeds,
|
|
|
|
a socket in the Internet domain of type
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR SOCK_STREAM
|
2004-11-03 13:51:07 +00:00
|
|
|
is returned to the caller, and given to the remote
|
2007-04-12 22:42:49 +00:00
|
|
|
command as
|
2007-12-03 19:53:53 +00:00
|
|
|
.IR stdin
|
2004-11-03 13:51:07 +00:00
|
|
|
and
|
2007-12-03 19:53:53 +00:00
|
|
|
.IR stdout .
|
2004-11-03 13:51:07 +00:00
|
|
|
If
|
2007-12-03 19:53:53 +00:00
|
|
|
.I fd2p
|
intro.1, time.1, adjtimex.2, capget.2, eventfd.2, fcntl.2, getrlimit.2, getsockopt.2, gettimeofday.2, intro.2, ioctl_list.2, ioperm.2, mlock.2, pivot_root.2, poll.2, prctl.2, ptrace.2, sched_setscheduler.2, select_tut.2, semget.2, sigaltstack.2, signalfd.2, sysctl.2, timer_settime.2, timerfd_create.2, wait.2, CPU_SET.3, argz_add.3, assert_perror.3, atexit.3, backtrace.3, bcmp.3, clearenv.3, ctime.3, dl_iterate_phdr.3, dlopen.3, ecvt.3, errno.3, error.3, ether_aton.3, exit.3, fenv.3, ferror.3, finite.3, flockfile.3, fnmatch.3, fpathconf.3, fpclassify.3, ftime.3, ftok.3, ftw.3, fwide.3, getaddrinfo.3, gethostbyname.3, getlogin.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getrpcent.3, getservent.3, glob.3, hsearch.3, inet.3, isalpha.3, iswalnum.3, iswalpha.3, iswblank.3, iswcntrl.3, iswctype.3, iswdigit.3, iswgraph.3, iswlower.3, iswprint.3, iswpunct.3, iswspace.3, iswupper.3, iswxdigit.3, longjmp.3, lsearch.3, malloc.3, matherr.3, mblen.3, mbsinit.3, mbtowc.3, on_exit.3, printf.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_equal.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setschedparam.3, pthread_setschedprio.3, ptsname.3, putenv.3, putgrent.3, raise.3, rcmd.3, regex.3, rexec.3, rpc.3, rpmatch.3, rtnetlink.3, scandir.3, sem_init.3, setaliasent.3, setbuf.3, setenv.3, setjmp.3, signbit.3, stdio_ext.3, strtod.3, strtol.3, strtoul.3, system.3, termios.3, timeradd.3, tzset.3, ualarm.3, wctomb.3, xdr.3, st.4, tty_ioctl.4, core.5, elf.5, proc.5, bootparam.7, capabilities.7, icmp.7, ip.7, ipv6.7, math_error.7, mdoc.samples.7, mq_overview.7, pthreads.7, raw.7, regex.7, socket.7, tcp.7, tzselect.8: Global fix: s/non-zero/nonzero/
The tendency in English, as prescribed in style guides like
Chicago MoS, is towards removing hyphens after prefixes
like "non-" etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-01-16 16:40:55 +00:00
|
|
|
is nonzero, then an auxiliary channel to a control
|
2004-11-03 13:51:07 +00:00
|
|
|
process will be set up, and a descriptor for it will be placed
|
|
|
|
in
|
2007-12-03 19:53:53 +00:00
|
|
|
.IR *fd2p .
|
2004-11-03 13:51:07 +00:00
|
|
|
The control process will return diagnostic
|
|
|
|
output from the command (unit 2) on this channel, and will also
|
2007-12-03 19:53:53 +00:00
|
|
|
accept bytes on this channel as being Unix signal numbers, to be
|
2004-11-03 13:51:07 +00:00
|
|
|
forwarded to the process group of the command.
|
|
|
|
If
|
2007-12-03 19:53:53 +00:00
|
|
|
.I fd2p
|
2007-04-12 22:42:49 +00:00
|
|
|
is 0, then the
|
2007-12-03 19:53:53 +00:00
|
|
|
.IR stderr
|
2004-11-03 13:51:07 +00:00
|
|
|
(unit 2 of the remote
|
2007-04-12 22:42:49 +00:00
|
|
|
command) will be made the same as the
|
2007-12-03 19:53:53 +00:00
|
|
|
.IR stdout
|
2004-11-03 13:51:07 +00:00
|
|
|
and no
|
|
|
|
provision is made for sending arbitrary signals to the remote process,
|
|
|
|
although you may be able to get its attention by using out-of-band data.
|
2007-12-28 05:38:10 +00:00
|
|
|
.PP
|
2004-11-03 13:51:07 +00:00
|
|
|
The protocol is described in detail in
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR rshd (8).
|
2007-12-28 05:38:10 +00:00
|
|
|
.PP
|
2004-11-03 13:51:07 +00:00
|
|
|
The
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR rresvport ()
|
2004-11-03 13:51:07 +00:00
|
|
|
function is used to obtain a socket with a privileged
|
2007-04-12 22:42:49 +00:00
|
|
|
address bound to it.
|
|
|
|
This socket is suitable for use by
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR rcmd ()
|
2007-04-12 22:42:49 +00:00
|
|
|
and several other functions.
|
|
|
|
Privileged Internet ports are those in the range 0 to 1023.
|
|
|
|
Only the superuser is allowed to bind an address of this sort to a socket.
|
2007-12-28 05:38:10 +00:00
|
|
|
.PP
|
2004-11-03 13:51:07 +00:00
|
|
|
The
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR iruserok ()
|
2004-11-03 13:51:07 +00:00
|
|
|
and
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR ruserok ()
|
2004-11-03 13:51:07 +00:00
|
|
|
functions take a remote host's IP address or name, respectively,
|
2008-06-30 14:36:59 +00:00
|
|
|
two usernames and a flag indicating whether the local user's
|
2004-11-10 18:17:26 +00:00
|
|
|
name is that of the superuser.
|
2004-11-03 13:51:07 +00:00
|
|
|
Then, if the user is
|
2007-12-03 19:53:53 +00:00
|
|
|
.I not
|
2004-11-10 18:17:26 +00:00
|
|
|
the superuser, it checks the
|
2007-12-03 19:53:53 +00:00
|
|
|
.IR /etc/hosts.equiv
|
2004-11-03 13:51:07 +00:00
|
|
|
file.
|
|
|
|
If that lookup is not done, or is unsuccessful, the
|
2007-12-03 19:53:53 +00:00
|
|
|
.IR .rhosts
|
2004-11-03 13:51:07 +00:00
|
|
|
in the local user's home directory is checked to see if the request for
|
|
|
|
service is allowed.
|
2007-12-28 05:38:10 +00:00
|
|
|
.PP
|
2004-11-03 13:51:07 +00:00
|
|
|
If this file does not exist, is not a regular file, is owned by anyone
|
2006-05-29 01:20:08 +00:00
|
|
|
other than the user or the superuser, or is writable by anyone other
|
2004-11-03 13:51:07 +00:00
|
|
|
than the owner, the check automatically fails.
|
|
|
|
Zero is returned if the machine name is listed in the
|
2007-12-03 19:53:53 +00:00
|
|
|
.IR hosts.equiv
|
2008-06-30 14:36:59 +00:00
|
|
|
file, or the host and remote username are found in the
|
2007-12-03 19:53:53 +00:00
|
|
|
.IR .rhosts
|
2004-11-03 13:51:07 +00:00
|
|
|
file; otherwise
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR iruserok ()
|
2004-11-03 13:51:07 +00:00
|
|
|
and
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR ruserok ()
|
2004-11-03 13:51:07 +00:00
|
|
|
return \-1.
|
|
|
|
If the local domain (as obtained from
|
2008-09-18 12:30:39 +00:00
|
|
|
.BR gethostname (2))
|
2004-11-03 13:51:07 +00:00
|
|
|
is the same as the remote domain, only the machine name need be specified.
|
2007-12-28 05:38:10 +00:00
|
|
|
.PP
|
2004-11-03 13:51:07 +00:00
|
|
|
If the IP address of the remote host is known,
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR iruserok ()
|
2004-11-03 13:51:07 +00:00
|
|
|
should be used in preference to
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR ruserok (),
|
2004-11-03 13:51:07 +00:00
|
|
|
as it does not require trusting the DNS server for the remote host's domain.
|
2007-12-03 19:53:53 +00:00
|
|
|
.SH RETURN VALUE
|
2004-11-03 13:51:07 +00:00
|
|
|
The
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR rcmd ()
|
2004-11-03 13:51:07 +00:00
|
|
|
function
|
|
|
|
returns a valid socket descriptor on success.
|
|
|
|
It returns \-1 on error and prints a diagnostic message on the standard error.
|
2007-12-28 05:38:10 +00:00
|
|
|
.PP
|
2004-11-03 13:51:07 +00:00
|
|
|
The
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR rresvport ()
|
2004-11-03 13:51:07 +00:00
|
|
|
function
|
|
|
|
returns a valid, bound socket descriptor on success.
|
|
|
|
It returns \-1 on error with the global value
|
2007-12-03 19:53:53 +00:00
|
|
|
.I errno
|
2004-11-03 13:51:07 +00:00
|
|
|
set according to the reason for failure.
|
|
|
|
The error code
|
2007-12-03 19:53:53 +00:00
|
|
|
.BR EAGAIN
|
|
|
|
is overloaded to mean "All network ports in use."
|
|
|
|
.SH "CONFORMING TO"
|
2006-08-04 12:39:17 +00:00
|
|
|
Not in POSIX.1-2001.
|
|
|
|
Present on the BSDs, Solaris, and many other systems.
|
|
|
|
These
|
2007-04-12 22:42:49 +00:00
|
|
|
functions appeared in
|
2007-12-03 19:53:53 +00:00
|
|
|
4.2BSD.
|
2007-12-14 07:21:33 +00:00
|
|
|
.SH BUGS
|
|
|
|
.BR iruserok ()
|
|
|
|
is not declared in glibc headers.
|
|
|
|
.\" Bug filed 25 Nov 2007:
|
|
|
|
.\" http://sources.redhat.com/bugzilla/show_bug.cgi?id=5399
|
2007-12-03 19:53:53 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR rlogin (1),
|
|
|
|
.BR rsh (1),
|
|
|
|
.BR intro (2),
|
|
|
|
.BR rexec (3),
|
|
|
|
.BR rexecd (8),
|
|
|
|
.BR rlogind (8),
|
|
|
|
.BR rshd (8)
|