NAME
rexecd — remote execution server
DESCRIPTION
rexecd
is the server for the
rexec(3N)
routine; it expects to be started by the internet daemon (see
inetd(1M)).
rexecd
provides remote execution facilities with authentication
based on user account names and unencrypted passwords.
inetd(1M)
calls
rexecd
when a service request is received at the port indicated
for the ``exec'' service specification in
/etc/services;
see
services(4).
To run
rexecd,
the following line should be present in
/etc/inetd.conf:
exec stream tcp nowait root /usr/lbin/rexecd rexecd
When a service request is received, the following protocol is initiated:
- 1.
The server reads characters from the socket up to a null
(\0)
byte.
The resultant string is interpreted as an
ASCII
number, base 10.
- 2.
If the number received in step 1 is non-zero,
it is interpreted as the port number of a secondary stream
to be used for the
stderr.
A second connection is then created to the specified port
on the client's host.
If the first character sent is a null
(\0),
no secondary connection is made and the
stderr
of the command is sent to the primary stream.
If the secondary connection has been made,
rexecd
interprets bytes it receives on that socket as signal numbers
and passes them to the command as signals (see
signal(2)).
- 3.
A null-terminated user name of not more than 16 characters
is retrieved on the initial socket.
- 4.
A null-terminated, unencrypted, password of not more than 16 characters
is retrieved on the initial socket.
- 5.
A null-terminated command to be passed to a shell
is retrieved on the initial socket.
The length of the command is limited by the upper bound on the size of
the system's argument list.
- 6.
rexecd
then validates the user as is done by
login
(see
login(1)).
But it does not use any PAM modules of
login
for authentication.
If the authentication succeeds,
rexecd
changes to the user's home directory
and establishes the user and group protections of the user.
If any of these steps fail,
rexecd
returns a diagnostic message through the connection,
then closes the connection.
- 7.
A null byte is returned on the connection associated with
stderr
and the command line is passed to the normal login shell
of the user with that shell's
-c
option.
The shell inherits the network connections established by
rexecd.
rexecd
uses the following path when executing the specified command:
/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin
Transport-level keepalive messages are enabled unless the
-n
option is present.
The use of keepalive messages allows sessions to be timed out
if the client crashes or becomes unreachable.
DIAGNOSTICS
All diagnostic messages are returned on the connection
associated with the
stderr,
after which any network connections are closed.
An error is indicated by a leading byte with a value of
1 (0 is returned in step 7 above upon successful completion
of all the steps prior to the command execution).
- Username too long
The user name is longer than 16 characters.
- Password too long
The password is longer than 16 characters.
- Command too long
The command line passed exceeds the size of the argument list
(as configured into the system).
- Login incorrect
No password file entry for the user name existed
or the wrong password was supplied.
- No remote directory
The
chdir
command to the home directory failed.
- No more processes
The server was unable to fork a process to handle the incoming connection.
Next step:
Wait a period of time and try again. If the message persists, then
the server's host may have a runaway process that is using all the
entries in the process table.
- shellname: ...
The user's login shell could not be started via
exec(2)
for the given reason.
WARNINGS
The password is sent unencrypted through the socket connection.
AUTHOR
rexecd
was developed by the University of California, Berkeley.
