1.\" $OpenBSD: rcmd.3,v 1.7 1996/09/05 02:39:34 millert Exp $ 2.\" 3.\" Copyright (c) 1983, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. All advertising materials mentioning features or use of this software 15.\" must display the following acknowledgement: 16.\" This product includes software developed by the University of 17.\" California, Berkeley and its contributors. 18.\" 4. Neither the name of the University nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.Dd June 4, 1993 35.Dt RCMD 3 36.Os BSD 4.2 37.Sh NAME 38.Nm rcmd , 39.Nm rresvport , 40.Nm iruserok , 41.Nm ruserok 42.Nd routines for returning a stream to a remote command 43.Sh SYNOPSIS 44.Fd #include <unistd.h> 45.Ft int 46.Fn rcmd "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "int *fd2p" 47.Ft int 48.Fn rresvport "int *port" 49.Ft int 50.Fn iruserok "u_int32_t raddr" "int superuser" "const char *ruser" "const char *luser" 51.Ft int 52.Fn ruserok "const char *rhost" "int superuser" "const char *ruser" "const char *luser" 53.Sh DESCRIPTION 54The 55.Fn rcmd 56function 57is used by the super-user to execute a command on a remote 58machine using an authentication scheme based on reserved 59port numbers. If the calling process is not setuid and the 60.Li RSH 61environmental variable is set and 62.Fa inport 63is 64.Li shell/tcp , 65.Xr rcmdsh 3 66is called instead with the value of 67.Li RSH . 68Alternately, if the user is not the super-user, 69.Fn rcmd 70will invoke 71.Xr rcmdsh 3 72to run the command via 73.Xr rsh 1 . 74The 75.Fn rresvport 76function 77returns a descriptor to a socket 78with an address in the privileged port space. 79The 80.Fn iruserok 81and 82.Fn ruserok 83functions are used by servers 84to authenticate clients requesting service with 85.Fn rcmd . 86All four functions are present in the same file and are used 87by the 88.Xr rshd 8 89server (among others). 90.Pp 91The 92.Fn rcmd 93function 94looks up the host 95.Fa *ahost 96using 97.Xr gethostbyname 3 , 98returning \-1 if the host does not exist. 99Otherwise 100.Fa *ahost 101is set to the standard name of the host 102and a connection is established to a server 103residing at the well-known Internet port 104.Fa inport . 105If the user is not the super-user, the only valid port is 106.Li shell/tcp , 107(usually port 514). 108.Pp 109If the connection succeeds, 110a socket in the Internet domain of type 111.Dv SOCK_STREAM 112is returned to the caller, and given to the remote 113command as 114.Em stdin 115and 116.Em stdout . 117If 118.Fa fd2p 119is non-zero, then an auxiliary channel to a control 120process will be set up, and a descriptor for it will be placed 121in 122.Fa *fd2p . 123The control process will return diagnostic 124output from the command (unit 2) on this channel, and will also 125accept bytes on this channel as being 126.Tn UNIX 127signal numbers, to be 128forwarded to the process group of the command. 129If 130.Fa fd2p 131is 0, then the 132.Em stderr 133(unit 2 of the remote 134command) will be made the same as the 135.Em stdout 136and no 137provision is made for sending arbitrary signals to the remote process, 138although you may be able to get its attention by using out-of-band data. 139Note that if the user is not the super-user, 140.Fa fd2p 141must be 0. 142.Pp 143The protocol is described in detail in 144.Xr rshd 8 . 145.Pp 146The 147.Fn rresvport 148function is used to obtain a socket with a privileged 149address bound to it. This socket is suitable for use 150by 151.Fn rcmd 152and several other functions. Privileged Internet ports are those 153in the range 0 to 1023. Only the super-user 154is allowed to bind an address of this sort to a socket. 155.Fn rresvport 156needs to be seeded with a port number; if that port 157is not available it will find another. 158.Pp 159The 160.Fn iruserok 161and 162.Fn ruserok 163functions take a remote host's IP address or name, respectively, 164two user names and a flag indicating whether the local user's 165name is that of the super-user. 166Then, if the user is 167.Em NOT 168the super-user, it checks the 169.Pa /etc/hosts.equiv 170file. 171If that lookup is not done, or is unsuccessful, the 172.Pa .rhosts 173in the local user's home directory is checked to see if the request for 174service is allowed. 175.Pp 176If this file does not exist, is not a regular file, is owned by anyone 177other than the user or the super-user, or is writeable by anyone other 178than the owner, the check automatically fails. 179Zero is returned if the machine name is listed in the 180.Dq Pa hosts.equiv 181file, or the host and remote user name are found in the 182.Dq Pa .rhosts 183file; otherwise 184.Fn iruserok 185and 186.Fn ruserok 187return \-1. 188If the local domain (as obtained from 189.Xr gethostname 2 ) 190is the same as the remote domain, only the machine name need be specified. 191.Pp 192If the IP address of the remote host is known, 193.Fn iruserok 194should be used in preference to 195.Fn ruserok , 196as it does not require trusting the DNS server for the remote host's domain. 197.Sh DIAGNOSTICS 198The 199.Fn rcmd 200function 201returns a valid socket descriptor on success. 202It returns \-1 on error and prints a diagnostic message on the standard error. 203.Pp 204The 205.Fn rresvport 206function 207returns a valid, bound socket descriptor on success. 208It returns \-1 on error with the global value 209.Va errno 210set according to the reason for failure. 211The error code 212.Dv EAGAIN 213is overloaded to mean ``All network ports in use.'' 214.Sh SEE ALSO 215.Xr rlogin 1 , 216.Xr rsh 1 , 217.Xr intro 2 , 218.Xr rexec 3 , 219.Xr rcmdsh 3 , 220.Xr rexecd 8 , 221.Xr rlogind 8 , 222.Xr rshd 8 223.Sh HISTORY 224These 225functions appeared in 226.Bx 4.2 . 227