rcmd , rresvport , iruserok , ruserok — routines for returning a stream to a remote command
#include <netdb.h> /* Or <unistd.h> on some systems */
int
rcmd( |
char ** | ahost, |
int | inport, | |
const char * | locuser, | |
const char * | remuser, | |
const char * | cmd, | |
int * | fd2p) ; |
int
rresvport( |
int * | port) ; |
int
iruserok( |
u_int32_t | raddr, |
int | superuser, | |
const char * | ruser, | |
const char * | luser) ; |
int
ruserok( |
const char * | rhost, |
int | superuser, | |
const char * | ruser, | |
const char * | luser) ; |
The rcmd
() function is used
by the superuser to execute a command on a remote machine
using an authentication scheme based on reserved port
numbers. The rresvport
()
function returns a descriptor to a socket with an address in
the privileged port space. The iruserok
() and ruserok
() functions are used by servers to
authenticate clients requesting service with rcmd
(). All four functions are present in
the same file and are used by the rshd(8) server (among
others).
The rcmd
() function looks up
the host *ahost
using gethostbyname(3), returning
−1 if the host does not exist. Otherwise *ahost
is set to the standard
name of the host and a connection is established to a server
residing at the well-known Internet port inport
.
If the connection succeeds, a socket in the Internet
domain of type SOCK_STREAM
is
returned to the caller, and given to the remote command as
stdin
and stdout
. If fd2p
is non-zero, then an
auxiliary channel to a control process will be set up, and a
descriptor for it will be placed in *fd2p
. The control process
will return diagnostic output from the command (unit 2) on
this channel, and will also accept bytes on this channel as
being UNIX signal numbers, to be forwarded to the process
group of the command. If fd2p
is 0, then the
stderr
(unit 2 of the remote
command) will be made the same as the stdout
and no provision is made for sending
arbitrary signals to the remote process, although you may be
able to get its attention by using out-of-band data.
The protocol is described in detail in rshd(8).
The rresvport
() function is
used to obtain a socket with a privileged address bound to
it. This socket is suitable for use by rcmd
() and several other functions.
Privileged Internet ports are those in the range 0 to 1023.
Only the superuser is allowed to bind an address of this sort
to a socket.
The iruserok
() and
ruserok
() functions take a
remote host's IP address or name, respectively, two user
names and a flag indicating whether the local user's name is
that of the superuser. Then, if the user is NOT
the superuser, it checks the
/etc/hosts.equiv
file. If that
lookup is not done, or is unsuccessful, the .rhosts
in the local user's
home directory is checked to see if the request for service
is allowed.
If this file does not exist, is not a regular file, is
owned by anyone other than the user or the superuser, or is
writable by anyone other than the owner, the check
automatically fails. Zero is returned if the machine name is
listed in the “hosts.equiv” file, or the host and
remote user name are found in the “.rhosts” file;
otherwise iruserok
() and
ruserok
() return −1. If
the local domain (as obtained from gethostname(2)) is the same
as the remote domain, only the machine name need be
specified.
If the IP address of the remote host is known,
iruserok
() should be used in
preference to ruserok
(), as it
does not require trusting the DNS server for the remote
host's domain.
The rcmd
() function returns
a valid socket descriptor on success. It returns −1 on
error and prints a diagnostic message on the standard
error.
The rresvport
() function
returns a valid, bound socket descriptor on success. It
returns −1 on error with the global value errno
set according to the reason for
failure. The error code EAGAIN
is overloaded to mean ``All network ports in use.''
Not in POSIX.1-2001. Present on the BSDs, Solaris, and
many other systems. These functions appeared in BSD4.2
.
rlogin(1), rsh(1), intro(2), rexec(3), rexecd(8), rlogind(8), rshd(8)
|