1 .\" $NetBSD: rcmd.3,v 1.9 1996/05/28 02:07:39 mrg Exp $
3 .\" Copyright (c) 1983, 1991, 1993
4 .\" The Regents of the University of California. All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. All advertising materials mentioning features or use of this software
15 .\" must display the following acknowledgement:
16 .\" This product includes software developed by the University of
17 .\" California, Berkeley and its contributors.
18 .\" 4. Neither the name of the University nor the names of its contributors
19 .\" may be used to endorse or promote products derived from this software
20 .\" without specific prior written permission.
22 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 .\" @(#)rcmd.3 8.1 (Berkeley) 6/4/93
36 .\" Contributed as Linux man page by David A. Holland, 970908
37 .\" I have not checked whether the Linux situation is exactly the same.
39 .\" 2007-12-08, mtk, Converted from mdoc to man macros
41 .TH RCMD 3 2012-04-23 "Linux" "Linux Programmer's Manual"
43 rcmd, rresvport, iruserok, ruserok, rcmd_af,
44 rresvport_af, iruserok_af, ruserok_af \- routines for returning a
45 stream to a remote command
48 .B #include <netdb.h> \ \ \fP/* Or <unistd.h> on some systems */
50 .BI "int rcmd(char **" ahost ", int " inport ", const char *" locuser ", "
51 .BI " const char *" remuser ", const char *" cmd ", int *" fd2p );
53 .BI "int rresvport(int *" port );
55 .BI "int iruserok(uint32_t " raddr ", int " superuser ", "
56 .BI " const char *" ruser ", const char *" luser );
58 .BI "int ruserok(const char *" rhost ", int " superuser ", "
59 .BI " const char *" ruser ", const char *" luser );
61 .BI "int rcmd_af(char **" ahost ", int " inport ", const char *" locuser ", "
62 .BI " const char *" remuser ", const char *" cmd ", int *" fd2p ,
63 .BI " sa_family_t " af );
65 .BI "int rresvport_af(int *" port ", sa_family_t " af );
67 .BI "int iruserok_af(uint32_t " raddr ", int " superuser ", "
68 .BI " const char *" ruser ", const char *" luser \
69 ", sa_family_t " af );
71 .BI "int ruserok_af(const char *" rhost ", int " superuser ", "
72 .BI " const char *" ruser ", const char *" luser \
73 ", sa_family_t " af );
77 Feature Test Macro Requirements for glibc (see
78 .BR feature_test_macros (7)):
93 function is used by the superuser to execute a command on
94 a remote machine using an authentication scheme based
95 on privileged port numbers.
99 returns a descriptor to a socket
100 with an address in the privileged port space.
105 functions are used by servers
106 to authenticate clients requesting service with
108 All four functions are used by the
110 server (among others).
119 .BR gethostbyname (3),
120 returning \-1 if the host does not exist.
123 is set to the standard name of the host
124 and a connection is established to a server
125 residing at the well-known Internet port
128 If the connection succeeds,
129 a socket in the Internet domain of type
131 is returned to the caller, and given to the remote
138 is nonzero, then an auxiliary channel to a control
139 process will be set up, and a descriptor for it will be placed
142 The control process will return diagnostic
143 output from the command (unit 2) on this channel, and will also
144 accept bytes on this channel as being UNIX signal numbers, to be
145 forwarded to the process group of the command.
150 (unit 2 of the remote
151 command) will be made the same as the
154 provision is made for sending arbitrary signals to the remote process,
155 although you may be able to get its attention by using out-of-band data.
157 The protocol is described in detail in
163 function is used to obtain a socket with a privileged
165 This socket is suitable for use by
167 and several other functions.
168 Privileged ports are those in the range 0 to 1023.
169 Only a privileged process
170 .RB ( CAP_NET_BIND_SERVICE )
171 is allowed to bind to a privileged port.
172 In the glibc implementation,
173 this function restricts its search to the ports from 512 to 1023.
176 argument is value-result:
177 the value it supplies to the call is used as the starting point
178 for a circular search of the port range;
179 on (successful) return, it contains the port number that was bound to.
181 .SS iruserok() and ruserok()
187 functions take a remote host's IP address or name, respectively,
188 two usernames and a flag indicating whether the local user's
189 name is that of the superuser.
192 the superuser, it checks the
195 If that lookup is not done, or is unsuccessful, the
197 in the local user's home directory is checked to see if the request for
200 If this file does not exist, is not a regular file, is owned by anyone
201 other than the user or the superuser, or is writable by anyone other
202 than the owner, the check automatically fails.
203 Zero is returned if the machine name is listed in the
205 file, or the host and remote username are found in the
212 If the local domain (as obtained from
214 is the same as the remote domain, only the machine name need be specified.
216 If the IP address of the remote host is known,
218 should be used in preference to
220 as it does not require trusting the DNS server for the remote host's domain.
222 All of the functions described above work with IPv4
225 The "_af" variants take an extra argument that allows the
226 socket address family to be specified.
227 For these functions, the
229 argument can be specified as
241 returns a valid socket descriptor on success.
242 It returns \-1 on error and prints a diagnostic message on the standard error.
247 returns a valid, bound socket descriptor on success.
248 It returns \-1 on error with the global value
250 set according to the reason for failure.
253 is overloaded to mean "All network ports in use."
255 For information on the return from
267 functions are provide in glibc since version 2.2.
270 Present on the BSDs, Solaris, and many other systems.
272 functions appeared in
274 The "_af" variants are more recent additions,
275 and are not present on as wide a range of systems.
280 are declared in glibc headers only since version 2.12.
281 .\" Bug filed 25 Nov 2007:
282 .\" http://sources.redhat.com/bugzilla/show_bug.cgi?id=5399