001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018 package org.apache.commons.net.bsd;
019
020 import java.io.IOException;
021 import java.io.InputStream;
022 import java.net.BindException;
023 import java.net.InetAddress;
024 import java.net.ServerSocket;
025 import java.net.Socket;
026 import java.net.SocketException;
027
028 import org.apache.commons.net.io.SocketInputStream;
029
030 /***
031 * RCommandClient is very similar to
032 * {@link org.apache.commons.net.bsd.RExecClient},
033 * from which it is derived, and implements the rcmd() facility that
034 * first appeared in 4.2BSD Unix. rcmd() is the facility used by the rsh
035 * (rshell) and other commands to execute a command on another machine
036 * from a trusted host without issuing a password. The trust relationship
037 * between two machines is established by the contents of a machine's
038 * /etc/hosts.equiv file and a user's .rhosts file. These files specify
039 * from which hosts and accounts on those hosts rcmd() requests will be
040 * accepted. The only additional measure for establishing trust is that
041 * all client connections must originate from a port between 512 and 1023.
042 * Consequently, there is an upper limit to the number of rcmd connections
043 * that can be running simultaneously. The required ports are reserved
044 * ports on Unix systems, and can only be bound by a
045 * process running with root permissions (to accomplish this rsh, rlogin,
046 * and related commands usualy have the suid bit set). Therefore, on a
047 * Unix system, you will only be able to successfully use the RCommandClient
048 * class if the process runs as root. However, there is no such restriction
049 * on Windows95 and some other systems. The security risks are obvious.
050 * However, when carefully used, rcmd() can be very useful when used behind
051 * a firewall.
052 * <p>
053 * As with virtually all of the client classes in org.apache.commons.net, this
054 * class derives from SocketClient. But it overrides most of its connection
055 * methods so that the local Socket will originate from an acceptable
056 * rshell port. The way to use RCommandClient is to first connect
057 * to the server, call the {@link #rcommand rcommand() } method,
058 * and then
059 * fetch the connection's input, output, and optionally error streams.
060 * Interaction with the remote command is controlled entirely through the
061 * I/O streams. Once you have finished processing the streams, you should
062 * invoke {@link org.apache.commons.net.bsd.RExecClient#disconnect disconnect() }
063 * to clean up properly.
064 * <p>
065 * By default the standard output and standard error streams of the
066 * remote process are transmitted over the same connection, readable
067 * from the input stream returned by
068 * {@link org.apache.commons.net.bsd.RExecClient#getInputStream getInputStream() }
069 * . However, it is
070 * possible to tell the rshd daemon to return the standard error
071 * stream over a separate connection, readable from the input stream
072 * returned by {@link org.apache.commons.net.bsd.RExecClient#getErrorStream getErrorStream() }
073 * . You
074 * can specify that a separate connection should be created for standard
075 * error by setting the boolean <code> separateErrorStream </code>
076 * parameter of {@link #rcommand rcommand() } to <code> true </code>.
077 * The standard input of the remote process can be written to through
078 * the output stream returned by
079 * {@link org.apache.commons.net.bsd.RExecClient#getOutputStream getOutputStream() }
080 * .
081 * <p>
082 * <p>
083 * @author Daniel F. Savarese
084 * @see org.apache.commons.net.SocketClient
085 * @see RExecClient
086 * @see RLoginClient
087 ***/
088
089 public class RCommandClient extends RExecClient
090 {
091 /***
092 * The default rshell port. Set to 514 in BSD Unix.
093 ***/
094 public static final int DEFAULT_PORT = 514;
095
096 /***
097 * The smallest port number an rcmd client may use. By BSD convention
098 * this number is 512.
099 ***/
100 public static final int MIN_CLIENT_PORT = 512;
101
102 /***
103 * The largest port number an rcmd client may use. By BSD convention
104 * this number is 1023.
105 ***/
106 public static final int MAX_CLIENT_PORT = 1023;
107
108 // Overrides method in RExecClient in order to implement proper
109 // port number limitations.
110 @Override
111 InputStream _createErrorStream() throws IOException
112 {
113 int localPort;
114 ServerSocket server;
115 Socket socket;
116
117 localPort = MAX_CLIENT_PORT;
118 server = null; // Keep compiler from barfing
119
120 for (localPort = MAX_CLIENT_PORT; localPort >= MIN_CLIENT_PORT; --localPort)
121 {
122 try
123 {
124 server = _serverSocketFactory_.createServerSocket(localPort, 1,
125 getLocalAddress());
126 }
127 catch (SocketException e)
128 {
129 continue;
130 }
131 break;
132 }
133
134 if (localPort < MIN_CLIENT_PORT)
135 throw new BindException("All ports in use.");
136
137 _output_.write(Integer.toString(server.getLocalPort()).getBytes());
138 _output_.write('\0');
139 _output_.flush();
140
141 socket = server.accept();
142 server.close();
143
144 if (isRemoteVerificationEnabled() && !verifyRemote(socket))
145 {
146 socket.close();
147 throw new IOException(
148 "Security violation: unexpected connection attempt by " +
149 socket.getInetAddress().getHostAddress());
150 }
151
152 return (new SocketInputStream(socket, socket.getInputStream()));
153 }
154
155 /***
156 * The default RCommandClient constructor. Initializes the
157 * default port to <code> DEFAULT_PORT </code>.
158 ***/
159 public RCommandClient()
160 {
161 setDefaultPort(DEFAULT_PORT);
162 }
163
164
165 /***
166 * Opens a Socket connected to a remote host at the specified port and
167 * originating from the specified local address using a port in a range
168 * acceptable to the BSD rshell daemon.
169 * Before returning, {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() }
170 * is called to perform connection initialization actions.
171 * <p>
172 * @param host The remote host.
173 * @param port The port to connect to on the remote host.
174 * @param localAddr The local address to use.
175 * @exception SocketException If the socket timeout could not be set.
176 * @exception BindException If all acceptable rshell ports are in use.
177 * @exception IOException If the socket could not be opened. In most
178 * cases you will only want to catch IOException since SocketException is
179 * derived from it.
180 ***/
181 public void connect(InetAddress host, int port, InetAddress localAddr)
182 throws SocketException, BindException, IOException
183 {
184 int localPort;
185
186 localPort = MAX_CLIENT_PORT;
187
188 for (localPort = MAX_CLIENT_PORT; localPort >= MIN_CLIENT_PORT; --localPort)
189 {
190 try
191 {
192 _socket_ =
193 _socketFactory_.createSocket(host, port, localAddr, localPort);
194 }
195 catch (BindException be) {
196 continue;
197 }
198 catch (SocketException e)
199 {
200 continue;
201 }
202 break;
203 }
204
205 if (localPort < MIN_CLIENT_PORT)
206 throw new BindException("All ports in use or insufficient permssion.");
207
208 _connectAction_();
209 }
210
211
212
213 /***
214 * Opens a Socket connected to a remote host at the specified port and
215 * originating from the current host at a port in a range acceptable
216 * to the BSD rshell daemon.
217 * Before returning, {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() }
218 * is called to perform connection initialization actions.
219 * <p>
220 * @param host The remote host.
221 * @param port The port to connect to on the remote host.
222 * @exception SocketException If the socket timeout could not be set.
223 * @exception BindException If all acceptable rshell ports are in use.
224 * @exception IOException If the socket could not be opened. In most
225 * cases you will only want to catch IOException since SocketException is
226 * derived from it.
227 ***/
228 @Override
229 public void connect(InetAddress host, int port)
230 throws SocketException, IOException
231 {
232 connect(host, port, InetAddress.getLocalHost());
233 }
234
235
236 /***
237 * Opens a Socket connected to a remote host at the specified port and
238 * originating from the current host at a port in a range acceptable
239 * to the BSD rshell daemon.
240 * Before returning, {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() }
241 * is called to perform connection initialization actions.
242 * <p>
243 * @param hostname The name of the remote host.
244 * @param port The port to connect to on the remote host.
245 * @exception SocketException If the socket timeout could not be set.
246 * @exception BindException If all acceptable rshell ports are in use.
247 * @exception IOException If the socket could not be opened. In most
248 * cases you will only want to catch IOException since SocketException is
249 * derived from it.
250 * @exception UnknownHostException If the hostname cannot be resolved.
251 ***/
252 @Override
253 public void connect(String hostname, int port)
254 throws SocketException, IOException
255 {
256 connect(InetAddress.getByName(hostname), port, InetAddress.getLocalHost());
257 }
258
259
260 /***
261 * Opens a Socket connected to a remote host at the specified port and
262 * originating from the specified local address using a port in a range
263 * acceptable to the BSD rshell daemon.
264 * Before returning, {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() }
265 * is called to perform connection initialization actions.
266 * <p>
267 * @param hostname The remote host.
268 * @param port The port to connect to on the remote host.
269 * @param localAddr The local address to use.
270 * @exception SocketException If the socket timeout could not be set.
271 * @exception BindException If all acceptable rshell ports are in use.
272 * @exception IOException If the socket could not be opened. In most
273 * cases you will only want to catch IOException since SocketException is
274 * derived from it.
275 ***/
276 public void connect(String hostname, int port, InetAddress localAddr)
277 throws SocketException, IOException
278 {
279 connect(InetAddress.getByName(hostname), port, localAddr);
280 }
281
282
283 /***
284 * Opens a Socket connected to a remote host at the specified port and
285 * originating from the specified local address and port. The
286 * local port must lie between <code> MIN_CLIENT_PORT </code> and
287 * <code> MAX_CLIENT_PORT </code> or an IllegalArgumentException will
288 * be thrown.
289 * Before returning, {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() }
290 * is called to perform connection initialization actions.
291 * <p>
292 * @param host The remote host.
293 * @param port The port to connect to on the remote host.
294 * @param localAddr The local address to use.
295 * @param localPort The local port to use.
296 * @exception SocketException If the socket timeout could not be set.
297 * @exception IOException If the socket could not be opened. In most
298 * cases you will only want to catch IOException since SocketException is
299 * derived from it.
300 * @exception IllegalArgumentException If an invalid local port number
301 * is specified.
302 ***/
303 @Override
304 public void connect(InetAddress host, int port,
305 InetAddress localAddr, int localPort)
306 throws SocketException, IOException, IllegalArgumentException
307 {
308 if (localPort < MIN_CLIENT_PORT || localPort > MAX_CLIENT_PORT)
309 throw new IllegalArgumentException("Invalid port number " + localPort);
310 super.connect(host, port, localAddr, localPort);
311 }
312
313
314 /***
315 * Opens a Socket connected to a remote host at the specified port and
316 * originating from the specified local address and port. The
317 * local port must lie between <code> MIN_CLIENT_PORT </code> and
318 * <code> MAX_CLIENT_PORT </code> or an IllegalArgumentException will
319 * be thrown.
320 * Before returning, {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() }
321 * is called to perform connection initialization actions.
322 * <p>
323 * @param hostname The name of the remote host.
324 * @param port The port to connect to on the remote host.
325 * @param localAddr The local address to use.
326 * @param localPort The local port to use.
327 * @exception SocketException If the socket timeout could not be set.
328 * @exception IOException If the socket could not be opened. In most
329 * cases you will only want to catch IOException since SocketException is
330 * derived from it.
331 * @exception UnknownHostException If the hostname cannot be resolved.
332 * @exception IllegalArgumentException If an invalid local port number
333 * is specified.
334 ***/
335 @Override
336 public void connect(String hostname, int port,
337 InetAddress localAddr, int localPort)
338 throws SocketException, IOException, IllegalArgumentException
339 {
340 if (localPort < MIN_CLIENT_PORT || localPort > MAX_CLIENT_PORT)
341 throw new IllegalArgumentException("Invalid port number " + localPort);
342 super.connect(hostname, port, localAddr, localPort);
343 }
344
345
346 /***
347 * Remotely executes a command through the rshd daemon on the server
348 * to which the RCommandClient is connected. After calling this method,
349 * you may interact with the remote process through its standard input,
350 * output, and error streams. You will typically be able to detect
351 * the termination of the remote process after reaching end of file
352 * on its standard output (accessible through
353 * {@link #getInputStream getInputStream() }. Disconnecting
354 * from the server or closing the process streams before reaching
355 * end of file will not necessarily terminate the remote process.
356 * <p>
357 * If a separate error stream is requested, the remote server will
358 * connect to a local socket opened by RCommandClient, providing an
359 * independent stream through which standard error will be transmitted.
360 * The local socket must originate from a secure port (512 - 1023),
361 * and rcommand() ensures that this will be so.
362 * RCommandClient will also do a simple security check when it accepts a
363 * connection for this error stream. If the connection does not originate
364 * from the remote server, an IOException will be thrown. This serves as
365 * a simple protection against possible hijacking of the error stream by
366 * an attacker monitoring the rexec() negotiation. You may disable this
367 * behavior with
368 * {@link org.apache.commons.net.bsd.RExecClient#setRemoteVerificationEnabled setRemoteVerificationEnabled()}
369 * .
370 * <p>
371 * @param localUsername The user account on the local machine that is
372 * requesting the command execution.
373 * @param remoteUsername The account name on the server through which to
374 * execute the command.
375 * @param command The command, including any arguments, to execute.
376 * @param separateErrorStream True if you would like the standard error
377 * to be transmitted through a different stream than standard output.
378 * False if not.
379 * @exception IOException If the rcommand() attempt fails. The exception
380 * will contain a message indicating the nature of the failure.
381 ***/
382 public void rcommand(String localUsername, String remoteUsername,
383 String command, boolean separateErrorStream)
384 throws IOException
385 {
386 rexec(localUsername, remoteUsername, command, separateErrorStream);
387 }
388
389
390 /***
391 * Same as
392 * <code> rcommand(localUsername, remoteUsername, command, false); </code>
393 ***/
394 public void rcommand(String localUsername, String remoteUsername,
395 String command)
396 throws IOException
397 {
398 rcommand(localUsername, remoteUsername, command, false);
399 }
400
401 }
402