[2984] in Kerberos-V5-bugs
krb5-appl/646: New feature add to rsh
daemon@ATHENA.MIT.EDU (Chris P. Ross)
Mon Oct 19 16:58:29 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, cross@eng.us.uu.net
Date: Mon, 19 Oct 1998 16:51:42 -0400 (EDT)
From: cross@eng.us.uu.net (Chris P. Ross)
Reply-To: cross@eng.us.uu.net
To: krb5-bugs@MIT.EDU
Cc: cross@eng.us.uu.net
>Number: 646
>Category: krb5-appl
>Synopsis: Add a -S command line option to rsh
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Mon Oct 19 16:52:00 EDT 1998
>Last-Modified:
>Originator: Chris P. Ross
>Organization:
UUNET Technologies, Inc.
>Release: krb5-1.0.5
>Environment:
BSD/OS 3.1/4.0, x86/sparc
System: BSD/OS ballista.eng.us.uu.net 3.1 BSDI BSD/OS 3.1 Kernel #2: Wed Jul 29 15:38:24 EDT 1998 cross@pembroke.eng.us.uu.net:/export/src/bsdi/sys/compile/DESKTOP i386
>Description:
The rsh shipped with BSD/OS includes a -S option, which causes rsh
to not initiate a separate TCP connection to pass stderr over. Some things
on BSD/OS expect the installed "rsh" to accept this option. Rather than have
the option be taken but ignored, I implemented (and documented) this
functionality. Please incorporate this change to the base krb5 rsh. Thanks.
>How-To-Repeat:
>Fix:
Index: krsh.c
===================================================================
RCS file: /export/src/CVS/usr.local/krb5/src/appl/bsd/krsh.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 krsh.c
--- krsh.c 1997/12/17 15:14:43 1.1.1.1
+++ krsh.c 1998/10/19 20:43:39
@@ -144,6 +144,7 @@
krb5_error_code status;
int fflag = 0, Fflag = 0;
#endif /* KERBEROS */
+ int Sflag = 0;
int debug_port = 0;
memset(&defaultservent, 0, sizeof(struct servent));
@@ -230,6 +231,11 @@
goto another;
}
#endif /* KERBEROS */
+ if (argc > 0 && !strncmp(*argv, "-S", 2)) {
+ Sflag++;
+ argv++, argc--;
+ goto another;
+ }
/*
* Ignore the -L, -w, -e and -8 flags to allow aliases with rlogin
* to work
@@ -350,7 +356,7 @@
status = kcmd(&rem, &host, debug_port,
pwd->pw_name,
user ? user : pwd->pw_name,
- args, &rfd2, "host", krb_realm,
+ args, Sflag ? NULL : &rfd2, "host", krb_realm,
&cred,
0, /* No need for sequence number */
0, /* No need for server seq # */
@@ -384,19 +390,23 @@
#else /* !KERBEROS */
rem = rcmd(&host, debug_port, pwd->pw_name,
- user ? user : pwd->pw_name, args, &rfd2);
+ user ? user : pwd->pw_name, args, Sflag ? NULL : &rfd2);
if (rem < 0)
exit(1);
#endif /* KERBEROS */
- if (rfd2 < 0) {
- fprintf(stderr, "rsh: can't establish stderr\n");
- exit(2);
+ if (!Sflag) {
+ if (rfd2 < 0) {
+ fprintf(stderr, "rsh: can't establish stderr\n");
+ exit(2);
+ }
+ } else {
+ rfd2 = -1;
}
if (options & SO_DEBUG) {
if (setsockopt(rem, SOL_SOCKET, SO_DEBUG,
(const char *) &one, sizeof (one)) < 0)
perror("setsockopt (stdin)");
- if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG,
+ if (rfd2 != -1 && setsockopt(rfd2, SOL_SOCKET, SO_DEBUG,
(const char *) &one, sizeof (one)) < 0)
perror("setsockopt (stderr)");
}
@@ -444,7 +454,8 @@
}
}
if (!encrypt_flag) {
- ioctl(rfd2, FIONBIO, &one);
+ if (rfd2 != -1)
+ ioctl(rfd2, FIONBIO, &one);
ioctl(rem, FIONBIO, &one);
}
if (nflag == 0 && pid == 0) {
@@ -452,7 +463,8 @@
int wc;
fd_set rembits;
- (void) close(rfd2);
+ if (rfd2 != -1)
+ (void) close(rfd2);
reread:
errno = 0;
cc = read(0, buf, sizeof buf);
@@ -493,7 +505,8 @@
#endif
#endif /* POSIX_SIGNALS */
FD_ZERO(&readfrom);
- FD_SET(rfd2, &readfrom);
+ if (rfd2 != -1)
+ FD_SET(rfd2, &readfrom);
FD_SET(rem, &readfrom);
do {
ready = readfrom;
@@ -504,7 +517,7 @@
}
continue;
}
- if (FD_ISSET(rfd2, &ready)) {
+ if (rfd2 != -1 && FD_ISSET(rfd2, &ready)) {
errno = 0;
cc = des_read(rfd2, buf, sizeof buf);
if (cc <= 0) {
@@ -522,7 +535,8 @@
} else
(void) write(1, buf, cc);
}
- } while (FD_ISSET(rem, &readfrom) || FD_ISSET(rfd2, &readfrom));
+ } while (FD_ISSET(rem, &readfrom) ||
+ (rfd2 != -1 && FD_ISSET(rfd2, &readfrom)));
if (nflag == 0)
(void) kill(pid, SIGKILL);
exit(0);
Index: rsh.M
===================================================================
RCS file: /export/src/CVS/usr.local/krb5/src/appl/bsd/rsh.M,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 rsh.M
--- rsh.M 1997/12/17 15:14:43 1.1.1.1
+++ rsh.M 1998/10/19 20:43:39
@@ -23,7 +23,7 @@
.SH SYNOPSIS
.B rsh
.I host
-[\fB\-l\fP \fIusername\fP] [\fB\-n\fP] [\fB\-d\fP] [\fB\-k\fP
+[\fB\-l\fP \fIusername\fP] [\fB\-S\fP] [\fB\-n\fP] [\fB\-d\fP] [\fB\-k\fP
\fIrealm\fP] [\fB\-f\fP | \fB\-F\fP] [\fB\-x\fP]
.I command
.SH DESCRIPTION
@@ -101,6 +101,24 @@
redirects input from the special device
.I /dev/null
(see the BUGS section below).
+.TP
+.B \-S
+The
+.I rsh
+protocol requires the remote host to establish a TCP connection back
+to the local host. This connection provides the standard error from
+the remote command and propagation of signals to the remote command.
+In some cases, IP firewalls prevent this connection from being formed.
+.sp
+When the
+.B \-S
+option is specified this second connection will not be established.
+The standard error output from the remote command will be merged with its
+standard output and appear on \fIrdist\fP's
+standard output. The interrupt, quit and terminate signals will cause
+.I rdist
+to terminate and close the TCP connection. The remote command will terminate
+when it attempts to write to the network connection.
.PP
If you omit
.IR command ,
>Audit-Trail:
>Unformatted:
