1 .\" $NetBSD: rcmd.3,v 1.9 1996/05/28 02:07:39 mrg Exp $
3 .\" Copyright (c) 1983, 1991, 1993
4 .\" The Regents of the University of California. All rights reserved.
6 .\" SPDX-License-Identifier: BSD-4-Clause-UC
8 .\" @(#)rcmd.3 8.1 (Berkeley) 6/4/93
10 .\" Contributed as Linux man page by David A. Holland, 970908
11 .\" I have not checked whether the Linux situation is exactly the same.
13 .\" 2007-12-08, mtk, Converted from mdoc to man macros
15 .TH RCMD 3 2021-03-22 "Linux" "Linux Programmer's Manual"
17 rcmd, rresvport, iruserok, ruserok, rcmd_af,
18 rresvport_af, iruserok_af, ruserok_af \- routines for returning a
19 stream to a remote command
22 .RI ( libc ", " \-lc )
25 .BR "#include <netdb.h> " "/* Or <unistd.h> on some systems */"
27 .BI "int rcmd(char **restrict " ahost ", unsigned short " inport ,
28 .BI " const char *restrict " locuser ,
29 .BI " const char *restrict " remuser ,
30 .BI " const char *restrict " cmd ", int *restrict " fd2p );
32 .BI "int rresvport(int *" port );
34 .BI "int iruserok(uint32_t " raddr ", int " superuser ,
35 .BI " const char *" ruser ", const char *" luser );
36 .BI "int ruserok(const char *" rhost ", int " superuser ,
37 .BI " const char *" ruser ", const char *" luser );
39 .BI "int rcmd_af(char **restrict " ahost ", unsigned short " inport ,
40 .BI " const char *restrict " locuser ,
41 .BI " const char *restrict " remuser ,
42 .BI " const char *restrict " cmd ", int *restrict " fd2p ,
43 .BI " sa_family_t " af );
45 .BI "int rresvport_af(int *" port ", sa_family_t " af );
47 .BI "int iruserok_af(const void *restrict " raddr ", int " superuser ,
48 .BI " const char *restrict " ruser ", const char *restrict " luser ,
49 .BI " sa_family_t " af );
50 .BI "int ruserok_af(const char *" rhost ", int " superuser ,
51 .BI " const char *" ruser ", const char *" luser ,
52 .BI " sa_family_t " af );
56 Feature Test Macro Requirements for glibc (see
57 .BR feature_test_macros (7)):
72 Glibc 2.19 and earlier:
79 function is used by the superuser to execute a command on
80 a remote machine using an authentication scheme based
81 on privileged port numbers.
85 returns a file descriptor to a socket
86 with an address in the privileged port space.
91 functions are used by servers
92 to authenticate clients requesting service with
94 All four functions are used by the
96 server (among others).
104 .BR gethostbyname (3),
105 returning \-1 if the host does not exist.
108 is set to the standard name of the host
109 and a connection is established to a server
110 residing at the well-known Internet port
113 If the connection succeeds,
114 a socket in the Internet domain of type
116 is returned to the caller, and given to the remote
123 is nonzero, then an auxiliary channel to a control
124 process will be set up, and a file descriptor for it will be placed
127 The control process will return diagnostic
128 output from the command (unit 2) on this channel, and will also
129 accept bytes on this channel as being UNIX signal numbers, to be
130 forwarded to the process group of the command.
135 (unit 2 of the remote
136 command) will be made the same as the
139 provision is made for sending arbitrary signals to the remote process,
140 although you may be able to get its attention by using out-of-band data.
142 The protocol is described in detail in
147 function is used to obtain a socket with a privileged
149 This socket is suitable for use by
151 and several other functions.
152 Privileged ports are those in the range 0 to 1023.
153 Only a privileged process
154 (on Linux, a process that has the
155 .B CAP_NET_BIND_SERVICE
156 capability in the user namespace governing its network namespace)
157 is allowed to bind to a privileged port.
158 In the glibc implementation,
159 this function restricts its search to the ports from 512 to 1023.
162 argument is value-result:
163 the value it supplies to the call is used as the starting point
164 for a circular search of the port range;
165 on (successful) return, it contains the port number that was bound to.
167 .SS iruserok() and ruserok()
172 functions take a remote host's IP address or name, respectively,
173 two usernames and a flag indicating whether the local user's
174 name is that of the superuser.
177 the superuser, it checks the
180 If that lookup is not done, or is unsuccessful, the
182 in the local user's home directory is checked to see if the request for
185 If this file does not exist, is not a regular file, is owned by anyone
186 other than the user or the superuser, is writable by anyone other
187 than the owner, or is hardlinked anywhere, the check automatically fails.
188 Zero is returned if the machine name is listed in the
190 file, or the host and remote username are found in the
197 If the local domain (as obtained from
199 is the same as the remote domain, only the machine name need be specified.
201 If the IP address of the remote host is known,
203 should be used in preference to
205 as it does not require trusting the DNS server for the remote host's domain.
207 All of the functions described above work with IPv4
210 The "_af" variants take an extra argument that allows the
211 socket address family to be specified.
212 For these functions, the
214 argument can be specified as
226 returns a valid socket descriptor on success.
227 It returns \-1 on error and prints a diagnostic message on the standard error.
232 returns a valid, bound socket descriptor on success.
233 On failure, it returns \-1 and sets
235 to indicate the error.
238 is overloaded to mean: "All network ports in use".
240 For information on the return from
252 functions are provide in glibc since version 2.2.
254 For an explanation of the terms used in this section, see
262 Interface Attribute Value
266 T} Thread safety MT-Unsafe
270 T} Thread safety MT-Safe
276 T} Thread safety MT-Safe locale
283 Present on the BSDs, Solaris, and many other systems.
285 functions appeared in
287 The "_af" variants are more recent additions,
288 and are not present on as wide a range of systems.
293 are declared in glibc headers only since version 2.12.
294 .\" Bug filed 25 Nov 2007:
295 .\" http://sources.redhat.com/bugzilla/show_bug.cgi?id=5399