RSHD.8
资源名称:os_source.zip [点击查看]
上传用户:datang2001
上传日期:2007-02-01
资源大小:53269k
文件大小:5k
源码类别:
操作系统开发
开发平台:
C/C++
- ." Copyright (c) 1983 Regents of the University of California.
- ." All rights reserved. The Berkeley software License Agreement
- ." specifies the terms and conditions for redistribution.
- ."
- ." @(#)rshd.8c 6.3 (Berkeley) 5/24/86
- ."
- .TH RSHD 8 "May 24, 1986"
- .UC 5
- .SH NAME
- rshd - remote shell server
- .SH SYNOPSIS
- .B "shell stream tcp nowait root /usr/sbin/in.rshd in.rshd"
- .br
- .B "tcpd shell /usr/sbin/in.rshd"
- .SH DESCRIPTION
- .B Rshd
- is the server for the
- .BR rcmd (3)
- routine and, consequently, for the
- .BR rsh (1)
- program. The server provides remote execution facilities
- with authentication based on privileged port numbers from trusted hosts.
- .PP
- .B Rshd
- listens for service requests at the port indicated in
- the ``cmd'' service specification; see
- .BR services (5).
- When a service request is received the following protocol
- is initiated:
- .IP 1)
- The server checks the client's source port.
- If the port is not in the range 0-1023, the server
- aborts the connection.
- .IP 2)
- The server reads characters from the socket up
- to a null (`e0') byte. The resultant string is
- interpreted as an ASCII number, base 10.
- .IP 3)
- If the number received in step 1 is non-zero,
- it is interpreted as the port number of a secondary
- stream to be used for the
- .BR stderr .
- A second connection is then created to the specified
- port on the client's machine. The source port of this
- second connection is also in the range 0-1023.
- .IP 4)
- The server checks the client's source address
- and requests the corresponding host name (see
- .BR gethostbyaddr (3N),
- .BR hosts (5)
- and
- .BR named (8)).
- If the hostname cannot be determined,
- the dot-notation representation of the host address is used.
- .IP 5)
- A null terminated user name of at most 16 characters
- is retrieved on the initial socket. This user name
- is interpreted as the user identity on the
- .BR client 's
- machine.
- .IP 6)
- A null terminated user name of at most 16 characters
- is retrieved on the initial socket. This user name
- is interpreted as a user identity to use on the
- .BR server 's
- machine.
- .IP 7)
- A null terminated command to be passed to a
- shell is retrieved on the initial socket. The length of
- the command is limited by the upper bound on the size of
- the system's argument list.
- .IP 8)
- .B Rshd
- then validates the user according to the following steps.
- The local (server-end) user name is looked up in the password file
- and a
- .B chdir
- is performed to the user's home directory. If either
- the lookup or
- .B chdir
- fail, the connection is terminated.
- If the user is not the super-user, (user id 0), the file
- .B /etc/hosts.equiv
- is consulted for a list of hosts considered ``equivalent''.
- If the client's host name is present in this file, the
- authentication is considered successful. If the lookup
- fails, or the user is the super-user, then the file
- .B .rhosts
- in the home directory of the remote user is checked for
- the machine name and identity of the user on the client's
- machine. If this lookup fails, the connection is terminated.
- .IP 9)
- A null byte is returned on the initial socket
- and the command line is passed to the normal login
- shell of the user. The
- shell inherits the network connections established
- by
- .IR rshd .
- .SH DIAGNOSTICS
- Except for the last one listed below,
- all diagnostic messages
- are returned on the initial socket,
- after which any network connections are closed.
- An error is indicated by a leading byte with a value of
- 1 (0 is returned in step 9 above upon successful completion
- of all the steps prior to the execution of the login shell).
- .PP
- .B ``locuser too long''
- .br
- The name of the user on the client's machine is
- longer than 16 characters.
- .PP
- .B ``remuser too long''
- .br
- The name of the user on the remote machine is
- longer than 16 characters.
- .PP
- .B ``command too long ''
- .br
- The command line passed exceeds the size of the argument
- list (as configured into the system).
- .PP
- .B ``Login incorrect.''
- .br
- No password file entry for the user name existed.
- .PP
- .B ``No remote directory.''
- .br
- The
- .B chdir
- command to the home directory failed.
- .PP
- .B ``Permission denied.''
- .br
- The authentication procedure described above failed.
- .PP
- .B ``Can't make pipe.''
- .br
- The pipe needed for the
- .BR stderr ,
- wasn't created.
- .PP
- .B ``Try again.''
- .br
- A
- .B fork
- by the server failed.
- .PP
- .B ``<shellname>: ...''
- .br
- The user's login shell could not be started. This message is returned
- on the connection associated with the
- .BR stderr ,
- and is not preceded by a flag byte.
- .SH SEE ALSO
- .BR rsh (1),
- .BR rcmd (3).
- .SH BUGS
- The authentication procedure used here assumes the integrity
- of each client machine and the connecting medium. This is
- insecure, but is useful in an ``open'' environment.
- .PP
- A facility to allow all data exchanges to be encrypted should be
- present.
- .PP
- A more extensible protocol should be used.