rcmd() is a routine used by the superuser to execute
a command on a remote machine using an authentication scheme based on reserved
port numbers. It is assumed that an AF_INET socket is
returned with rcmd(). rcmd_af() allows
the application to choose which type of socket is returned by passing in
the address family, either AF_INET or AF_INET6.
rresvport() is a routine that returns a descriptor
to a socket with an address in the privileged port space. rresvport_af() is equivalent to rresvport(), except that
you can choose the type of socket address family that will be returned by rresvport_af(), either AF_INET or AF_INET6.
ruserok() is a routine used by servers to authenticate
clients requesting service with rcmd.
All of these functions are present in the same file and are used by
the in.rshd(1M)
server (among others).
rcmd() and rcmd_af() look up
the host *ahost using getipnodebyname(3SOCKET), returning -1 if
the host does not exist. Otherwise *ahost is
set to the standard name of the host and a connection is established to
a server residing at the well-known Internet port inport.
If the connection succeeds, a socket in the Internet domain of type SOCK_STREAM is returned to the caller,
and given to the remote command as its standard input (file descriptor 0)
and standard output (file descriptor 1). If fd2p
is non-zero, then an auxiliary channel to a control process will be set
up, and a descriptor for it will be placed in *fd2p.
The control process will return diagnostic output from the command (file
descriptor 2) on this channel, and will also accept bytes on this channel
as signal numbers, to be forwarded to the process group of the command.
If fd2p is 0, then the standard error (file descriptor
2) of the remote command will be made the same as its standard output and
no provision is made for sending arbitrary signals to the remote process,
although you may be able to get its attention by using out-of-band data.
The protocol is described in detail in in.rshd(1M).
The rresvport() and rresvport_af()
routines are used to obtain a socket bound to a privileged port number.
This socket is suitable for use by rcmd() and rresvport_af() and several other routines. Privileged Internet
ports are those in the range 1 to 1023. Only the superuser is allowed to
bind a socket to a privileged port number. The application must pass in port, which must be in the range 512 to 1023. The system
first tries to bind to that port number. If it fails, the system then tries
to bind to another unused privileged port, if one is available.
ruserok() takes a remote host's name, as returned
by a gethostbyaddr() routine, two user names and a flag
indicating whether the local user's name is that of the superuser. See gethostbyname(3NSL). It then
checks the files /etc/hosts.equiv and possibly .rhosts in the local user's home directory to see if the request
for service is allowed. 0 is returned if the machine
name is listed in the /etc/hosts.equiv file, or the host
and remote user name are found in the .rhosts file; otherwise ruserok() returns -1. If the superuser
flag is 1, the checking of the /etc/hosts.equiv file is bypassed.
|