--- origsrc/inetutils-2.5/configure.ac 2023-08-01 03:32:24.000000000 +0900 +++ src/inetutils-2.5/configure.ac 2023-12-30 20:53:27.818375100 +0900 @@ -215,7 +215,8 @@ AM_CONDITIONAL([ENABLE_libls], [test "$e # At least OpenSolaris is missing . AC_CHECK_HEADER(protocols/talkd.h, , , [IU_FLUSHLEFT([#include - #include ])]) + #include + #include ])]) if test "$ac_cv_header_protocols_talkd_h" = no; then AC_MSG_WARN([protocols/talkd.h is not available, not building talk, nor talkd]) --- origsrc/inetutils-2.5/doc/inetutils.texi 2023-01-01 09:35:18.000000000 +0900 +++ src/inetutils-2.5/doc/inetutils.texi 2023-12-30 20:53:27.843360700 +0900 @@ -27,32 +27,32 @@ @dircategory Individual utilities @direntry -* dnsdomainname: (inetutils)dnsdomainname invocation. Show DNS domain name. +@c * dnsdomainname: (inetutils)dnsdomainname invocation. Show DNS domain name. * ftp: (inetutils)ftp invocation. FTP client. * ftpd: (inetutils)ftpd invocation. FTP Daemon. -* hostname: (inetutils)hostname invocation. Show or set system host name. +@c * hostname: (inetutils)hostname invocation. Show or set system host name. * ifconfig: (inetutils)ifconfig invocation. Configure network interfaces. * inetd: (inetutils)inetd invocation. Internet super-server. -* logger: (inetutils)logger invocation. Send messages to the system log. -* ping6: (inetutils)ping6 invocation. Packets to IPv6 network hosts. -* ping: (inetutils)ping invocation. Packets to network hosts. -* rcp: (inetutils)rcp invocation. Remote copy -* rexec: (inetutils)rexec invocation. Remote execution client. -* rexecd: (inetutils)rexecd invocation. Remote execution server. -* rlogin: (inetutils)rlogin invocation. Remote login. -* rlogind: (inetutils)rlogind invocation. Remote login server. -* rsh: (inetutils)rsh invocation. Remote shell. -* rshd: (inetutils)rshd invocation. Remote shell server. +@c * logger: (inetutils)logger invocation. Send messages to the system log. +@c * ping6: (inetutils)ping6 invocation. Packets to IPv6 network hosts. +@c * ping: (inetutils)ping invocation. Packets to network hosts. +@c * rcp: (inetutils)rcp invocation. Remote copy +@c * rexec: (inetutils)rexec invocation. Remote execution client. +@c * rexecd: (inetutils)rexecd invocation. Remote execution server. +@c * rlogin: (inetutils)rlogin invocation. Remote login. +@c * rlogind: (inetutils)rlogind invocation. Remote login server. +@c * rsh: (inetutils)rsh invocation. Remote shell. +@c * rshd: (inetutils)rshd invocation. Remote shell server. * syslogd: (inetutils)syslogd invocation. Syslog server. * talk: (inetutils)talk invocation. Talk client. * talkd: (inetutils)talkd invocation. Talk server. * telnet: (inetutils)telnet invocation. User interface to TELNET. * telnetd: (inetutils)telnetd invocation. Telnet server. -* tftp: (inetutils)tftp invocation. TFTP client. -* tftpd: (inetutils)tftpd invocation. TFTP server. -* traceroute: (inetutils)traceroute invocation. Trace the route to a host. +@c * tftp: (inetutils)tftp invocation. TFTP client. +@c * tftpd: (inetutils)tftpd invocation. TFTP server. +@c * traceroute: (inetutils)traceroute invocation. Trace the route to a host. * uucpd: (inetutils)uucpd invocation. Unix to Unix Copy. -* whois: (inetutils)whois invocation. Whois user interface. +@c * whois: (inetutils)whois invocation. Whois user interface. @end direntry @copying @@ -95,39 +95,39 @@ Documentation License''. * Introduction:: Caveats, overview, and authors. * Common options:: Common options. -Diagnostic programs - -* dnsdomainname invocation:: Show DNS domain name. -* hostname invocation:: Show or set system host name. -* ifconfig invocation:: Configure network interfaces. -* logger invocation:: Send messages to system log. -* ping invocation:: Packets to network hosts. -* ping6 invocation:: Packets to IPv6 network hosts. -* traceroute invocation:: Trace the route to a host. -* whois invocation:: Whois user interface. - +@c Diagnostic programs +@c +@c * dnsdomainname invocation:: Show DNS domain name. +@c * hostname invocation:: Show or set system host name. +@c * ifconfig invocation:: Configure network interfaces. +@c * logger invocation:: Send messages to system log. +@c * ping invocation:: Packets to network hosts. +@c * ping6 invocation:: Packets to IPv6 network hosts. +@c * traceroute invocation:: Trace the route to a host. +@c * whois invocation:: Whois user interface. +@c Clients * ftp invocation:: FTP client. -* rcp invocation:: Remote copy -* rexec invocation:: Remote execution client. -* rlogin invocation:: Remote login. -* rsh invocation:: Remote shell. +@c * rcp invocation:: Remote copy +@c * rexec invocation:: Remote execution client. +@c * rlogin invocation:: Remote login. +@c * rsh invocation:: Remote shell. * talk invocation:: Talk client. * telnet invocation:: User interface to TELNET. -* tftp invocation:: TFTP client. +@c * tftp invocation:: TFTP client. Daemons * inetd invocation:: Internet super-server. * syslogd invocation:: Syslog server. * ftpd invocation:: FTP Daemon. -* rexecd invocation:: Remote execution server. -* rlogind invocation:: Remote login server. -* rshd invocation:: Remote shell server. +@c * rexecd invocation:: Remote execution server. +@c * rlogind invocation:: Remote login server. +@c * rshd invocation:: Remote shell server. * talkd invocation:: Talk server. * telnetd invocation:: Telnet server. -* tftpd invocation:: TFTP server. +@c * tftpd invocation:: TFTP server. * uucpd invocation:: Unix to Unix Copy. Appendix @@ -228,1288 +228,1288 @@ Failure is indicated by a nonzero value it may differ on unusual platforms, as POSIX requires only that it be nonzero. -@node dnsdomainname invocation -@chapter @command{dnsdomainname}: Show DNS domain name -@pindex dnsdomainname - -@command{dnsdomainname} is a program to show the domain part of the -system's fully qualified domain name. For example, if the FQDN of the -system is @code{name.example.org} the command will show -@code{example.org}. -The output is not necessarily related to the NIS/YP domain name. - -The tool uses gethostname to get the host name of the system and -then getaddrinfo to resolve it into a canonical name. -The domain part of the canonical name is shown, i.e., the part -after the first period@tie{}(@code{.}) of the official name. - -@noindent -Synopsis: - -@example -dnsdomainname [@var{option}@dots{}] -@end example - -@noindent -There is no command specific option. - -@node hostname invocation -@chapter @command{hostname}: Show or set system host name. -@pindex hostname - -@command{hostname} is a program to show or to set the name of a -host system. - -@noindent -Synopsis: - -@example -hostname [@var{option}@dots{}] -hostname @var{name} -@end example - -@noindent -where @var{name} is the name to be used by the running host. - -@section Command line options -@anchor{hostname options} - -@table @option -@item -a -@itemx --aliases -@opindex -a -@opindex --aliases -Get alias names. - -@item -d -@itemx --domain -@opindex -d -@opindex --domain -Get DNS domain name. - -@item -f -@itemx --fqdn -@itemx --long -@opindex -f -@opindex --fqdn -@opindex --long -Get DNS host name or Fully Qualified Domain Name. - -@item -F @var{file} -@itemx --file=@var{file} -@opindex -F -@opindex --file -Set host name or NIS domain name from FILE. - -@item -i -@itemx --ip-addresses -@opindex -i -@opindex --ip-addresses -Get addresses for the host name. - -@item -s -@itemx --short -@opindex -s -@opindex --short -Get short host name. - -@item -y -@itemx --yp -@itemx --nis -@opindex -y -@opindex --yp -@opindex --nis -Get NIS/YP domain name. -@end table - -@node ifconfig invocation -@chapter @command{ifconfig}: Configure network interfaces -@pindex ifconfig - -@command{ifconfig} is a program to retrieve and to set selected -properties of network interfaces. It is best viewed as a tool to -get information, rather than for changing the behaviour of adapters, -since it is hard to support property setting in a portable manner. - -@noindent -Synopsis: - -@example -ifconfig @var{iface} [@var{arg}@dots{}] -ifconfig -i @var{iface} [@var{option}@dots{}] [-i @var{iface2} [@var{option}@dots{}]] -@end example - -@section Command line options -@anchor{ifconfig options} - -@table @option -@item -a -@itemx --all -@opindex -a -@opindex --all -Display all available interfaces, including those that not are -marked as `up', i.e., also the inactive interfaces. - -@item -A @var{addr} -@itemx --address=@var{addr} -@opindex -A -@opindex --address -Set address of selected interface to @var{addr}. - -@item -b @var{addr} -@itemx -B @var{addr} -@itemx --brdaddr=@var{addr} -@itemx --broadcast=@var{addr} -@opindex -b -@opindex -B -@opindex --brdaddr -@opindex --broadcast -Set broadcast address of selected interface to @var{addr}. - -@item -d @var{addr} -@itemx -p @var{addr} -@itemx --dstaddr=@var{addr} -@itemx --peer=@var{addr} -@opindex -d -@opindex -p -@opindex --dstaddr -@opindex --peer -Set destination (peer) address of selected interface. - -@item --down -@opindex --down -Deactivate the selected interface. - -@item -F @var{list} -@itemx --flags=@var{list} -@opindex -F -@opindex --flags -Change those interface flags mentioned in @var{list}. -The argument is a comma separated list of one ore more -flag names to be set, or in case the name is prepended -with @samp{no}, the corresponding flag is cleared. -The output of @command{ifconfig} with the option @option{--help} -contains a list of available flag names. - -@item --format=@var{format} -@opindex --format -Select output format; the value @samp{help} prints a list -of all available formats. - -@item -i @var{name} -@itemx --interface=@var{name} -@opindex -i -@opindex --interface -Select the named interface for any following action. - -@item -l -@itemx --list -@opindex -l -@opindex --list -List, with name only, all available interfaces, or only those -selected should at least one option @option{-i} have specified. - -@item -m @var{mask} -@itemx --netmask=@var{mask} -@opindex -m -@opindex --netmask -Set netmask of selected interface to @var{mask}. - -@item --metric=@var{n} -@opindex --metric -Set the metric of selected interface to the number @var{n}. - -@item -M @var{n} -@itemx --mtu=@var{n} -@opindex -M -@opindex --mtu -Set MTU of selected interface to the number @var{n}. - -@item -s -@itemx --short -@opindex -s -@opindex --short -Use short output format. This is identical to specifying -@samp{--format=netstat}. - -@item --up -@opindex --up -Activate the selected interface. - -@item -v -@itemx --verbose -@opindex -v -@opindex --verbose -Print informational messages when configuring an interface. -@end table - -Observe that the use of program options is the only manner -in which @command{ifconfig} is able to handle multiple -interfaces in one invocation. Once a particular interface -has been selected using @option{-i}, it is affected by any -following option until replaced by another interface selector. -This is also the main cause, that @command{ifconfig} is -unable to treat options independently of their order, as is -mostly the case in other GNU software. - -@section Formatted status output -@anchor{ifconfig formats} - -The status of one or more interfaces can be presented in a number -of different formats. A list of them is printed by the option -@option{--format=help}. In the following table the valid formats -are given, each is used in the form @option{--format=@var{name}}. - -@table @asis -@item check -@itemx check-existence -@itemx ? -Place holders for the ability to check whether the interfaces -selected by one or more options @option{-i} are determining -existing interfaces in the running system. No output in case -of success, an error message in case of a failure. - -@item gnu -@itemx default -Standard GNU output format. - -@item gnu-one-entry -Like the previous format, but with intermediary newlines removed. - -@item help -Display a list of valid formats, together with a short description -for each choice. - -@item net-tools -Imitation of presentation used by the implementation in @samp{net-tools}. -Default format for GNU/Linux. - -@item netstat -Terse output with statistics, similar to that of @code{netstat -i}. - -@item osf -Format variant of @samp{unix} preferred by OSF's implementation. - -@item unix -Traditional UNIX type format. Default for BSD, HPUX and Solaris. -@end table - -@section Legacy syntax -@anchor{ifconfig legacy syntax} - -The traditional mode of invoking @command{ifconfig} is via -a parsed command line, without all use of program switches -and options, relying fully on argument parsing. This mode -of use is supported also in the present implementation, -but keep in mind that only one interface can be manipulated -using this legacy syntax. - -@example -ifconfig NAME [ADDR [DSTADDR]] [broadcast BRDADDR] [netmask MASK] - [metric N] [mtu N] [up|down] -@end example - -As is conventional, only the primary address and possibly the -peer destination address are stated as bare arguments, without -a specifying keyword. -Some slight variation on this syntax will depend on the target -system for which the program is being built, as not all platforms -support identical abilities. -The best information is found via the usage massage -@samp{ifconfig --usage}. - -@node logger invocation -@chapter @command{logger}: Send messages to system log -@pindex logger - -@command{logger} is a program to send entries to system log. It -provides a shell command interface similar to the system log module. -For background information, -@pxref{Syslog, , Syslog, libc, The GNU C Library Reference Manual}. - -@noindent -Synopsis: - -@example -logger [@var{option}@dots{}] [@var{message}] -@end example - -@section Command line options -@anchor{logger options} - -@table @option -@item -4 -@itemx --ipv4 -@opindex -4 -@opindex --ipv4 -Use IPv4 as transport when logging to a host. The default behaviour -is to use whatever IP version that matches the host. - -@item -6 -@itemx --ipv6 -@opindex -6 -@opindex --ipv6 -Use IPv6 as transport when logging to a host. The option is present -also on systems without support for IPv6, but will then issue a warning -and then fall back to IPv4 when delivering the message. - -Both options are most influencial when the target host is named using -a symbolic name, but numerical addresses for host or source must also -match if either of @option{--ipv4} or @option{--ipv6} is stated. - -@item -f @var{file} -@itemx --file=@var{file} -@opindex -f -@opindex --file -Log the content of the specified file. If @var{file} is @samp{-} then -standard input is assumed. - -@item -h @var{host} -@itemx --host=@var{host} -@opindex -h -@opindex --host -Send messages to the given host or socket. The @var{host} argument -can be either a local UNIX socket name (containing a slash @samp{/}), -or be of the form - -@example -@var{host}[:@var{port}] -@end example - -@noindent -where @var{host} is the remote host name or IP address, and the -optional @var{port} is a decimal port number or symbolic service -name from @file{/etc/services}. If @var{port} is not specified, -the port number corresponding to the @samp{syslog} service is used. -If a numerical IPv6 address is given without a port specification, -then the address must be enclosed within brackets (like [::1]). - -@item -i[@var{pid}] -@itemx --id=[@var{pid}] -@opindex -i -@opindex --id -Add process ID to each message. If @var{pid} is not supplied, use the -process ID of the logger process with each line. Notice, that -@var{pid} is an optional argument. When supplied to the @option{-i} -option, it must follow the @samp{i} letter immediately, without any -separating whitespace. When supplied to the @option{--id} form, it -must be separated from it by exactly one equals sign. - -@item -p @var{priority} -@itemx --priority=@var{priority} -@opindex -p -@opindex --priority -Enter the message with the specified priority. The priority may be -specified numerically or as a @samp{facility.level} pair. For -example, @option{-p local3.info} logs the message at the informational -level in the @samp{local3} facility. The default is -@samp{user.notice}. - -The actual list of supported facilities and levels is system specific. - -@item -s -@itemx --stderr -@opindex -s -@opindex --stderr -Log the message to standard error, as well as to the system log. - -@item -S @var{addr} -@itemx --source=@var{addr} -@opindex -S -@opindex --source -Supply the source IP address for INET connections. This option is -useful in conjunction with @option{--host} (see above). The kind of -address specified here (IPv4 or IPv6) will propagate to influence -the resolution of the host address, if it is a symbolic name. - -@item -t @var{tag} -@itemx --tag=@var{tag} -@opindex -t -@opindex --tag -Mark every line in the log with the specified tag. - -@item -u @var{socket} -@itemx --unix=@var{socket} -@opindex -h -@opindex --host -Send messages to the given local UNIX socket. The @var{socket} argument -can be either an absolute path (starting with a slash @samp{/}), or a relative -path understood relative to the current working directory. -@end table - -The options are followed by the message which should be written to the -log. If not specified, and the @option{-f} flag is not provided, -standard input is logged. - -@section Examples -@anchor{logger examples} - -The following examples illustrate the usage of the @command{logger} -command: - -@enumerate 1 -@item Log the message @samp{System rebooted} to the local syslog. -Use default facility and priority: - -@example -logger System rebooted -@end example - -@item Run command and send its error output to the channel -@samp{local0.err}. Mark each message with tag @samp{cmd}: - -@example -command 2>&1 | logger -p local0.err -t cmd -@end example - -@item Log each line from file @file{warnings} to channel -@samp{daemon.warn} on host @samp{logger.runasimi.org}, -using the source IP @samp{10.10.10.1}: - -@example -logger -p daemon.warn -h logger.runasimi.org -S 10.10.10.1 \ -@verb{| |}--file warnings -@end example -@end enumerate - -@node ping invocation -@chapter @command{ping}: Packets to network hosts -@pindex ping - -@c FIXME: The text is far to detailed about the actual implementation -@c of ping. A user doesn't need to know that we are using TIMEVAL, or -@c how things are padded. - -@command{ping} uses ICMP datagrams to provoke a response -from the chosen destination host, mainly intending to probe -whether it is alive. - -The used datagram, of type @code{ECHO_REQUEST}, contains some header -information and some additional payload, usually a time stamp. -By a suitable choice of payload, different host or router properties -are detectable, as the emitted datagram travels to its destination. - -@ignore %* Too detailed for end user. -@command{ping} uses the ICMP protocol's mandatory -@code{ECHO_REQUEST} datagram to elicit an ICMP type @code{ECHO_REPLY} -packet from a host or gateway. -@code{ECHO_REQUEST} datagrams (@dfn{pings}) have an IP and -an ICMP header, followed by a @dfn{struct timeval} and then -an arbitrary number of @dfn{padding} bytes used to fill out the packet. -@end ignore - -@noindent -Synopsis: - -@example -ping [@var{option}@dots{}] @var{host} -@end example - -@noindent -Sending echo requests is the standard use of @command{ping}, -but by far not the only use case. - -@menu -* Ping options:: -* Fault isolation:: -* Duplicate and damaged packets:: -* Data patterns:: -* TTL details:: -* Further remarks:: -@end menu - -@node Ping options -@section Command line options -@anchor{ping options} - -@c Options controlling ICMP request types: -@c --address Send ICMP_ADDRESS packets (root only) -@c --echo Send ICMP_ECHO packets (default) -@c --mask Same as --address -@c --timestamp Send ICMP_TIMESTAMP packets -@c -t, --type=TYPE Send TYPE packets - -Selection of packet type is handled by these first options: - -@table @option -@item --address -@opindex --address -Send ICMP_ADDRESS packets, thus requesting the address netmask -in use by the targetted host. - -@item --echo -@opindex --echo -Send ICMP_ECHO requests. -This is the default action. - -@item --mask -@opindex --mask -Identical to @option{--address}. - -@item --timestamp -@opindex --timestamp -Send ICMP_TIMESTAMP packets, thereby requesting a timed response -from the targetted host. - -In successful cases three time values are returned. -All are expected to state the number of milliseconds since -midnight@tie{}UTC. -The first of these, @samp{icmp_otime}, contains the original -time of sending the request. -Then comes @samp{icmp_rtime}, the time of reception by the target, -and finally, @samp{icmp_ttime}, the time of transmitting an answer -back to the originator. - -@item -t @var{type} -@itemx --type=@var{type} -@opindex --type -@opindex -t -Send @var{type} packets. Accepted values are @samp{address}, -@samp{echo}, @samp{mask}, and @samp{timestamp}. -@end table - -@c Options valid for all request types: -@c -c, --count=NUMBER Stop after sending NUMBER packets -@c -d, --debug Set the SO_DEBUG option -@c -i, --interval=NUMBER Wait NUMBER seconds between sending each packet -@c -n, --numeric Do not resolve host addresses -@c -r, --ignore-routing Send directly to a host on an attached network -@c -T, --tos=NUM Set type-of-service to NUM -@c --ttl=NUMBER Set specified time-to-live on packet - -@noindent -The following options are available for all packet types: - -@table @option -@item -c @var{n} -@itemx --count=@var{n} -@opindex -c -@opindex --count -Stop after sending and receiving answers to a total of -@var{n} packets. - -@item -d -@itemx --debug -@opindex -d -@opindex --debug -Set the SO_DEBUG option on the socket being used. - -@item -i @var{n} -@itemx --interval=@var{n} -@opindex -i -@opindex --interval -Wait @var{n} seconds until sending next packet. -The default is to wait for one second between packets. -This option is incompatible with the option @option{-f}. - -@item -n -@itemx --numeric -@opindex -n -@opindex --numeric -Numeric output only. No attempt will be made to resolve -symbolic names for host addresses. - -@item -r -@itemx --ignore-routing -@opindex -r -@opindex --ignore-routing-log -Bypass the normal routing tables and send directly to a host on an -attached network. If the host is not on a directly attached network, -an error is returned. This option can be used to ping a local host -through an interface that has no route through it (e.g., after the -interface was dropped by @command{routed}). - -@item -T @var{num} -@itemx --tos=@var{num} -@opindex -T -@opindex --tos -Set type-of-service, TOS field, to @var{num} on -transmitted packets. - -@item --ttl=@var{n} -@opindex --ttl -Set the specified number @var{n} as value of time-to-live when -transmitting packets. Acceptable values are 1 to 255, inclusive. - -@item -v -@itemx --verbose -@opindex -v -@opindex --verbose -Produce more verbose output, giving more statistics. - -@item -w @var{n} -@itemx --timeout=@var{n} -@opindex -w -@opindex --timeout -Stop after @var{n} seconds. - -@item -W @var{n} -@itemx --linger=@var{n} -@opindex -W -@opindex --linger -Maximum number of seconds @var{n} to wait for a response. -@end table - -@c Options valid for --echo requests: -@c -f, --flood Flood ping (root only) -@c --ip-timestamp=FLAG Timestamp IP option of types tsonly, -@c tsaddr, or (not yet implemented) prespec. -@c -l, --preload=NUMBER Send NUMBER packets as fast as possible before -@c falling into normal mode of behavior (root only) -@c -p, --pattern=PATTERN Fill ICMP packet with given pattern (hex) -@c -q, --quiet no packet message -@c -R, --route Record route IP option -@c -s, --size=NUMBER Send NUMBER data octets - -Finally, these last options are relevant only for sending echo requests, -allowing many variations in order to detect various peculiarities of -the targeted host, or the intermediary routers for that matter. - -@table @option -@item -f -@itemx --flood -@opindex -f -@opindex --flood -Flood ping. Outputs packets as fast as they come back or one hundred -times per second, whichever is more. For every ECHO_REQUEST packet -sent, a period @samp{.} is printed, while for every ECHO_REPLY -received in reply, a backspace is printed. -This provides a rapid display of how many packets are being dropped. -Only the super-user may use this option. -This can be very hard on a network and should be used with caution. - -@item --ip-timestamp=@var{flag} -@opindex --ip-timestamp -Include IP option Timestamp in transmitted packets. -The value @var{flag} is either @samp{tsonly}, which only records up -to nine time stamps, or @samp{tsaddr}, which records IP -addresses as well as time stamps, but for at most four hosts. - -@item -l @var{n} -@itemx --preload=@var{n} -@opindex -l -@opindex --preload -If @var{n} is specified, ping sends that many packets as fast as -possible before falling into its normal mode of operation. - -@item -p @var{pat} -@itemx --pattern=@var{pat} -@opindex -p -@opindex --pattern -You may specify up to 16 pad bytes to fill out the packet you send. -This is useful for diagnosing data-dependent problems in a network. -For example, @option{-p ff} will cause the sent packet to be filled -with all ones. - -@item -q -@itemx --quiet -@opindex -q -@opindex --quiet -Do not print timing for each transmitted packet. -@item -R -@itemx --route -@opindex -R -@opindex --route -Record route. Includes the @code{RECORD_ROUTE} field in the -ECHO_REQUEST packet and displays the route buffer on returned packets. -Note that the IP header is only large enough for nine -such routes. -Many hosts ignore or discard this option. - -@item -s @var{n} -@itemx --size=@var{n} -@opindex -s -@opindex --size -Specifies the number of data bytes to be sent. The default is 56, -which translates into 64@tie{}ICMP data bytes, taking -the 8@tie{}bytes of ICMP header data into account. -@end table - -@node Fault isolation -@section Using ping for network fault isolation - -When using @command{ping} for fault isolation, it should first be run -on the local host, to verify that the local network interface is up -and running. Then, hosts and gateways further and further away should -be pinged. Round-trip times and packet loss statistics are computed. -If duplicate packets are received, they are not included in the packet -loss calculation, although the round trip time of these packets is -used in calculating the minimum/average/maximum round-trip time -numbers. When the specified number of packets have been sent (and -received) or if the program is terminated with a @samp{SIGINT}, a -brief summary is displayed. - -This program is intended for use in network testing, measurement and -management. Because of the load it can impose on the network, it is -unwise to use ping during normal operations or from automated scripts. - -@ignore -@section ICMP Packet Details - -An IP header without options consists of 20 bytes. -An ICMP type ECHO_REQUEST packet contains an additional -8 bytes worth of ICMP header followed by an arbitrary -amount of data. -When a packet size is stated, that indicates -the size of the extra piece of data (the default is 56). -Thus the amount of data received as an IP packet -with an ICMP type ECHO_REPLY, will always be 8 bytes larger -than the requested data space (the ICMP header). - -If the data space is at least eight bytes large, ping uses the first -eight bytes of this space to include a timestamp which it uses in the -computation of round trip times. If less than eight bytes of pad are -specified, no round trip times are given. -@end ignore - -@node Duplicate and damaged packets -@section Duplicate and damaged packets - -Ping will report duplicate and damaged packets. Duplicate packets -should never occur, and seem to be caused by inappropriate link-level -retransmissions. Duplicates may occur in many situations and are -rarely (if ever) a good sign, although the presence of low levels of -duplicates may not always be cause for alarm. - -Damaged packets are obviously serious cause for alarm and often -indicate broken hardware somewhere in the ping packet's path (in the -network or in the hosts). - -@node Data patterns -@section Trying different data patterns - -The (inter)network layer should never treat packets differently -depending on the data contained in the data portion. Unfortunately, -data-dependent problems have been known to sneak into networks and -remain undetected for long periods of time. In many cases the -particular pattern that will have problems is something that doesn't -have sufficient ``transitions'', such as all ones or all zeros, or a -pattern right at the edge, such as almost all zeros. It isn't -necessarily enough to specify a data pattern of all zeros (for -example) on the command line because the pattern that is of interest -is at the data link level, and the relationship between what you type -and what the controllers transmit can be complicated. - -This means that if you have a data-dependent problem you will probably -have to do a lot of testing to find it. If you are lucky, you may -manage to find a file that either can't be sent across your network or -that takes much longer to transfer than other similar length files. -You can then examine this file for repeated patterns that you can test -using the @option{-p} option of ping. - -@node TTL details -@section TTL details - -The TTL field, @dfn{Time To Live}, of an IP -packet represents the maximum number of IP routers -that the packet can go through before being discarded. -In current practice you can expect each router on the -Internet to decrement the TTL field by exactly one. - -The TCP/IP specification states that the TTL field -of a new TCP packet should be set to 60, -but many systems use smaller values (4.3BSD used 30 -and 4.2BSD used 15). - -The maximum possible value of this field is 255, and most UNIX systems -set the TTL field of ICMP (type @code{ECHO_REQUEST}) -packets to 255. This is why you will find you can ping some hosts, -but not reach them with @command{telnet} or @command{ftp}. - -During normal operation, @command{ping} prints the TTL value -for every packet it receives. -When a remote system receives an ICMP packet, -it can do one of three things to the TTL field -in its response packet: - -@itemize @bullet -@item -Not to change it. This is what Berkeley UNIX systems did before the -4.3BSD-Tahoe release. In this case the TTL value in the -received packet will be 255 minus the number of routers in the -round-trip path. - -@item -Set it to 255. This is what current Berkeley UNIX systems do. In this -case the TTL value in the received packet will be 255 minus the -number of routers in the path from the remote system to the pinging -host. - -@item -Set it to some other value. Some machines use the same value for -ICMP packets that they use for TCP packets, -for example either 30 or 60. -Others may use completely arbitrary values. - -@end itemize - -@node Further remarks -@section Further observations -Many hosts and gateways ignore the @code{RECORD_ROUTE} field, since -the maximum IP header length is far to small to hold all -the routes. -There is not much that can be done about this. - -Flood pinging is not recommended in general, and flood pinging the -broadcast address should only be done under very controlled -conditions. - -Some BSD variants offer a kernel setting to inhibit all replies -to ICMP_MASKREQ packets, but in general, Unices are designed either -to answer the request with a valid netmask, or to drop the request, -causing @command{ping} to wait for a timeout condition. - -@node ping6 invocation -@chapter @command{ping6}: Packets to IPv6 network hosts -@pindex ping6 - -@command{ping6} uses ICMPv6 datagrams to get a response -from the chosen destination host. -The most common use is to probe whether the remote -system is responsive. -Observe that this program only uses IPv6 datagrams. - -Each datagram, of type @code{ECHO_REQUEST}, carries some header -information and some additional payload, usually a time stamp. -Making a suitable choice of payload, it is possible to probe -different host or router properties on the way as the emitted -datagram travels to its destination. - -@noindent -Synopsis: - -@example -ping6 [@var{option}@dots{}] @var{host} -@end example - -@noindent -Sending simple, timed echo requests is the standard use -of @command{ping6}, but is by far not the only use case. - -This command is a close parallel to @command{ping}, -except that it handles IPv6 and is thus not able -to handle peculiarities of IPv4. - -@section Command line options -@anchor{ping6 options} - -@table @option -@item -c @var{n} -@itemx --count=@var{n} -@opindex -c -@opindex --count -Stop after sending and receiving answers to a total of -@var{n} packets. - -@item -d -@itemx --debug -@opindex -d -@opindex --debug -Set the SO_DEBUG option on the socket being used. - -@item -f -@itemx --flood -@opindex -f -@opindex --flood -Flood ping. -Outputs packets as fast as they come back, -or one hundred times per second, whichever is more. -For every ECHO_REQUEST packet sent, a period @samp{.} is printed, -while for every ECHO_REPLY received in reply, a backspace is printed. - -This provides a rapid display of how many packets are being dropped. -Only the super-user may use this option. -This mode can be very hard on a network. -It should be used with caution! - -@item --hoplimit=@var{n} -@opindex --hoplimit -Limit maximal distance to @var{n}. -Acceptable values are 1 to 255, inclusive. - -@item -i @var{n} -@itemx --interval=@var{n} -@opindex -i -@opindex --interval -Wait @var{n} seconds until sending next packet. -The default is to wait for one second between packets. -This option is incompatible with the option @option{-f}. - -@item -l @var{n} -@itemx --preload=@var{n} -@opindex -l -@opindex --preload -Sends @var{n} packets as fast as possible before falling -back to the normal mode of operation. - -@item -n -@itemx --numeric -@opindex -n -@opindex --numeric -Numeric output only. -No attempt will be made to resolve symbolic names for host addresses. - -@item -p @var{pattern} -@itemx --pattern=@var{pattern} -@opindex -p -@opindex --pattern -Up to 16 hexadecimal pad bytes are given as @var{pattern}. -These are use for filling out the packets you send. -This option is useful for diagnosing data-dependent problems -within a network. -As an example, @option{-p ff} will cause the sent packets -to have payloads with every bit set to one. - -@item -q -@itemx --quiet -@opindex -q -@opindex --quiet -Do not print timing result of each transmitted packet. - -@item -r -@itemx --ignore-routing -@opindex -r -@opindex --ignore-routing-log -Bypass the normal routing tables and send directly -to a host on an attached network. -If the host is not on a directly attached network, -an error is returned. -This option can be used to ping a local host -through an interface, for which there is no -assigned route, such as when the interface -was dropped by @command{routed}. - -@item -s @var{n} -@itemx --size=@var{n} -@opindex -s -@opindex --size -Specifies the number of data bytes to be sent. The default is 56, -which translates into 64@tie{}ICMP data bytes, taking -the 8@tie{}bytes of ICMP header data into account. - -@item -T @var{num} -@itemx --tos=@var{num} -@opindex -T -@opindex --tos -Set the traffic class to @var{num} on transmitted packets. - -@item --ttl=@var{n} -@opindex --ttl -Synonym for @option{--hoplimit}. - -@item -v -@itemx --verbose -@opindex -v -@opindex --verbose -Produce more verbose output, giving more statistics. - -@item -w @var{n} -@itemx --timeout=@var{n} -@opindex -w -@opindex --timeout -Stop after @var{n} seconds. -@end table - -The documentation of @command{ping} provides several -pieces of information, and discussions, relevant to -the use of @command{ping6}. -Keep in mind, though, that the differing address family -causes some discrepancy. -@xref{ping invocation}. - -@node traceroute invocation -@chapter @command{traceroute}: Trace the route to a host -@pindex traceroute - -@command{traceroute} prints a trace of the route -IP@tie{}packets are travelling to a remote host. - -@noindent -Synopsis: - -@example -traceroute [@var{option}@dots{}] @var{host} -@end example - -@section Command line options -@anchor{traceroute options} - -@table @option -@item -f @var{num} -@itemx --first-hop=@var{num} -@opindex -f -@opindex --first-hop -Set the initial hop distance to @var{num}, instead of the default 1. -This immediately allows probing packets to sense routing -properties closer to the target host, skipping routers close -to the local host. Quicker analysis of problems known to lie -at some routing distance is the outcome. - -@item -g @var{gates} -@itemx --gateways=@var{gates} -@opindex -g -@opindex --gateways -Set intermediary hosts used in loose source routing. -The argument @var{gates} is a list of gateways, -using spaces, commata, or semicola as separators. -These hosts must be traversed in the given order -before the intended host receives any datagram. -At most eight host names or addresses may be specified. -Multiple uses of @option{-g} produce a concatenated list. - -@item -I -@itemx --icmp -@opindex -I -@opindex --icmp -Use ICMP ECHO datagrams for probing the remote host. - -@item -m @var{num} -@itemx --max-hop=@var{num} -@opindex -m -@opindex --max-hop -Set the maximum time-to-live allowed for probing. -In other words, stop probing when the hop distance -is in excess of @var{num}. -The default limit is 64. - -@item -M @var{method} -@itemx --type=@var{method} -@opindex -M -@opindex --type -Use @var{method} as carrier packets for traceroute operations. -Supported choices are @samp{icmp} and @samp{udp}, where @samp{udp} -is the default type. - -@item -p @var{port} -@itemx --port=@var{port} -@opindex -p -@opindex --port -Set destination port of target to @var{port}. -The default value is 33434. - -@item -q @var{num} -@itemx --tries=@var{num} -@opindex -q -@opindex --tries -Send a total of @var{num} probe packets per hop, defaulting to 3. - -@item --resolve-hostnames -@opindex --resolve-hostnames -Attempt to resolve all addresses as hostnames. - -@item -t @var{num} -@itemx --tos=@var{num} -@opindex -t -@opindex --tos -Set type-of-service, TOS field, to @var{num} on -transmitted packets. - -@item -w @var{num} -@itemx --wait=@var{num} -@opindex -w -@opindex --wait -Set timeout in seconds, within which a returning response -packet is accepted as such. -Default waiting time is three seconds. -@end table - -@section Diagnostic tokens -@anchor{traceroute printing} - -During execution, @command{traceroute} sends three datagrams -for each value for the TTL field, printing a diagnostic line -of output for these. The TTL field is then steadily increased -until the intended host responds, or some intermediary gateway -returns a datagram to the effect that the target cannot be -reached due to one reason or another. - -Each line of output displays a sequence number, followed by -diagnostic annotation. Any responding host has its address -printed without repetition, together with a measured timing. -In case there is no response within a time period of three seconds, -an asterisque @samp{*} is printed. - -When an intermediate router responds with an exceptional state, -the time elapsed since emitting the original datagram is printed, -followed by an additional short hand hint of the reason: - -@table @samp -@item !F -Fragmentation needed by gateway. - -@item !H -Host not reachable from gateway. - -@item !N -Network not reachable from gateway. - -@item !P -Protocol not usable at host, or within network. - -@item !S -Source routing failed at gateway. - -@item !T -Host or network not reachable for stated type of service, TOS. - -@item !U -Isolated host, not reachable. - -@item !X -Forbidden by remote administration. -@end table - -@node whois invocation -@chapter @command{whois}: User interface to WHOIS data bases. -@pindex whois - -The functionality of a world wide Internet is dependent on -stored node information of different kinds. -Registrars keep much relevant material in WHOIS data bases. -This utility @command{whois} is able to query those sources -for general and for particular properties of most domains. - -For many domains there are names of suitable data base servers -hard coded into @command{whois}, ready to query for domain -relevant information. -Since servers' names do change from time to time, -this utility might occasionally need some guidance using -a suitable command line option. - -@noindent -Synopsis: - -@example -whois [@var{OPTION}@dots{}] @var{OBJECT}@dots{} -@end example - -@section Command line options -@anchor{whois options} - -@table @option -@item -a -@opindex -a -Search all data bases. - -@item -F -@opindex -F -Fast and raw output. Implies @option{-r}. - -@item -g @var{source}:@var{first}-@var{last} -@opindex -g -Find updates for an object from provider @var{source}, -starting from the version with serial key @var{first}, -and ending with serial key @var{last}. - -@item -h @var{host} -@itemx --server=@var{host} -@opindex -h -@opindex --server -Connect to server @var{host}. - -@item -H -@opindex -H -Hide legal disclaimers. - -@item -i @var{attr}[,@var{attr2}@dots{}] -@opindex -i -Do an inverse lookup for specified attributes. -Use a comma separated list for multiple attributes. - -@item -l -@opindex -l -One level less specific lookup. -Applies to RPSL only. - -@item -L -@opindex -L -Find all less specific matches. - -@item -m -@opindex -m -Find more specific matches, one level deeper. - -@item -M -@opindex -M -Find all more specific matches. - -@item -p @var{port} -@opindex -p -Connect to server port @var{port}. - -@item -q @{version|sources@} -@opindex -q -Query specified server info. -Applies to RPSL only. - -@item -r -@opindex -r -Turn off recursive lookups. - -@item -R -@opindex -R -Force output to show local copy of the domain object, -even if it contains a referral. - -@item -s @var{source}[,@var{source2}@dots{}] -@opindex -s -Search the data base at @var{source}. -A comma separated list queries multiple providers. - -@item -S -@opindex -S -Tell server to refrain from syntactic sugar. - -@item -t @var{type} -@opindex -t -Request a template for objects of type @var{type}. -Use the value @samp{all} for a list of possible types. - -@item -T @var{type}[,@var{type2}@dots{}] -@opindex -T -Search only for objects of type @var{type}. -A comma separated list allows for multiple types. - -@item -V -@itemx --verbose -@opindex -V -@opindex --verbose -Verbosely explain all actions taken. - -@item -x -@opindex -x -Search only for exact matches. -Applicable only to RPSL. -@end table - -@section Environment variables -@anchor{whois environment} - -@command{whois} holds an internal list of information servers -and their assigned data bases. -Queries are examined against this list to select the most -plausible server, but the hint can always be overruled on -the command line by use of the option @option{-h}. -If neither of these have a say, then the default server to ask -is @samp{whois.internic.net}, but this name is in turn overruled -by a server name in the environment variable @env{WHOIS_SERVER}. - -@table @env -@item LANG -When the server @samp{whois.nic.ad.jp} is queried, and only then, -any non-Japanese locale in @env{LANG} will ask the server to reply -with English text, not Japanese. - -@item WHOIS_HIDE -When set, the effect on @command{whois} is as if the -option @option{-H} had been given. - -@item WHOIS_SERVER -Data base server to query when internal hinting is inconclusive. -When unset, @samp{whois.internic.net} is used as default server. - -@end table - +@c @node dnsdomainname invocation +@c @chapter @command{dnsdomainname}: Show DNS domain name +@c @pindex dnsdomainname +@c +@c @command{dnsdomainname} is a program to show the domain part of the +@c system's fully qualified domain name. For example, if the FQDN of the +@c system is @code{name.example.org} the command will show +@c @code{example.org}. +@c The output is not necessarily related to the NIS/YP domain name. +@c +@c The tool uses gethostname to get the host name of the system and +@c then getaddrinfo to resolve it into a canonical name. +@c The domain part of the canonical name is shown, i.e., the part +@c after the first period@tie{}(@code{.}) of the official name. +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c dnsdomainname [@var{option}@dots{}] +@c @end example +@c +@c @noindent +@c There is no command specific option. +@c +@c @node hostname invocation +@c @chapter @command{hostname}: Show or set system host name. +@c @pindex hostname +@c +@c @command{hostname} is a program to show or to set the name of a +@c host system. +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c hostname [@var{option}@dots{}] +@c hostname @var{name} +@c @end example +@c +@c @noindent +@c where @var{name} is the name to be used by the running host. +@c +@c @section Command line options +@c @anchor{hostname options} +@c +@c @table @option +@c @item -a +@c @itemx --aliases +@c @opindex -a +@c @opindex --aliases +@c Get alias names. +@c +@c @item -d +@c @itemx --domain +@c @opindex -d +@c @opindex --domain +@c Get DNS domain name. +@c +@c @item -f +@c @itemx --fqdn +@c @itemx --long +@c @opindex -f +@c @opindex --fqdn +@c @opindex --long +@c Get DNS host name or Fully Qualified Domain Name. +@c +@c @item -F @var{file} +@c @itemx --file=@var{file} +@c @opindex -F +@c @opindex --file +@c Set host name or NIS domain name from FILE. +@c +@c @item -i +@c @itemx --ip-addresses +@c @opindex -i +@c @opindex --ip-addresses +@c Get addresses for the host name. +@c +@c @item -s +@c @itemx --short +@c @opindex -s +@c @opindex --short +@c Get short host name. +@c +@c @item -y +@c @itemx --yp +@c @itemx --nis +@c @opindex -y +@c @opindex --yp +@c @opindex --nis +@c Get NIS/YP domain name. +@c @end table +@c +@c @node ifconfig invocation +@c @chapter @command{ifconfig}: Configure network interfaces +@c @pindex ifconfig +@c +@c @command{ifconfig} is a program to retrieve and to set selected +@c properties of network interfaces. It is best viewed as a tool to +@c get information, rather than for changing the behaviour of adapters, +@c since it is hard to support property setting in a portable manner. +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c ifconfig @var{iface} [@var{arg}@dots{}] +@c ifconfig -i @var{iface} [@var{option}@dots{}] [-i @var{iface2} [@var{option}@dots{}]] +@c @end example +@c +@c @section Command line options +@c @anchor{ifconfig options} +@c +@c @table @option +@c @item -a +@c @itemx --all +@c @opindex -a +@c @opindex --all +@c Display all available interfaces, including those that not are +@c marked as `up', i.e., also the inactive interfaces. +@c +@c @item -A @var{addr} +@c @itemx --address=@var{addr} +@c @opindex -A +@c @opindex --address +@c Set address of selected interface to @var{addr}. +@c +@c @item -b @var{addr} +@c @itemx -B @var{addr} +@c @itemx --brdaddr=@var{addr} +@c @itemx --broadcast=@var{addr} +@c @opindex -b +@c @opindex -B +@c @opindex --brdaddr +@c @opindex --broadcast +@c Set broadcast address of selected interface to @var{addr}. +@c +@c @item -d @var{addr} +@c @itemx -p @var{addr} +@c @itemx --dstaddr=@var{addr} +@c @itemx --peer=@var{addr} +@c @opindex -d +@c @opindex -p +@c @opindex --dstaddr +@c @opindex --peer +@c Set destination (peer) address of selected interface. +@c +@c @item --down +@c @opindex --down +@c Deactivate the selected interface. +@c +@c @item -F @var{list} +@c @itemx --flags=@var{list} +@c @opindex -F +@c @opindex --flags +@c Change those interface flags mentioned in @var{list}. +@c The argument is a comma separated list of one ore more +@c flag names to be set, or in case the name is prepended +@c with @samp{no}, the corresponding flag is cleared. +@c The output of @command{ifconfig} with the option @option{--help} +@c contains a list of available flag names. +@c +@c @item --format=@var{format} +@c @opindex --format +@c Select output format; the value @samp{help} prints a list +@c of all available formats. +@c +@c @item -i @var{name} +@c @itemx --interface=@var{name} +@c @opindex -i +@c @opindex --interface +@c Select the named interface for any following action. +@c +@c @item -l +@c @itemx --list +@c @opindex -l +@c @opindex --list +@c List, with name only, all available interfaces, or only those +@c selected should at least one option @option{-i} have specified. +@c +@c @item -m @var{mask} +@c @itemx --netmask=@var{mask} +@c @opindex -m +@c @opindex --netmask +@c Set netmask of selected interface to @var{mask}. +@c +@c @item --metric=@var{n} +@c @opindex --metric +@c Set the metric of selected interface to the number @var{n}. +@c +@c @item -M @var{n} +@c @itemx --mtu=@var{n} +@c @opindex -M +@c @opindex --mtu +@c Set MTU of selected interface to the number @var{n}. +@c +@c @item -s +@c @itemx --short +@c @opindex -s +@c @opindex --short +@c Use short output format. This is identical to specifying +@c @samp{--format=netstat}. +@c +@c @item --up +@c @opindex --up +@c Activate the selected interface. +@c +@c @item -v +@c @itemx --verbose +@c @opindex -v +@c @opindex --verbose +@c Print informational messages when configuring an interface. +@c @end table +@c +@c Observe that the use of program options is the only manner +@c in which @command{ifconfig} is able to handle multiple +@c interfaces in one invocation. Once a particular interface +@c has been selected using @option{-i}, it is affected by any +@c following option until replaced by another interface selector. +@c This is also the main cause, that @command{ifconfig} is +@c unable to treat options independently of their order, as is +@c mostly the case in other GNU software. +@c +@c @section Formatted status output +@c @anchor{ifconfig formats} +@c +@c The status of one or more interfaces can be presented in a number +@c of different formats. A list of them is printed by the option +@c @option{--format=help}. In the following table the valid formats +@c are given, each is used in the form @option{--format=@var{name}}. +@c +@c @table @asis +@c @item check +@c @itemx check-existence +@c @itemx ? +@c Place holders for the ability to check whether the interfaces +@c selected by one or more options @option{-i} are determining +@c existing interfaces in the running system. No output in case +@c of success, an error message in case of a failure. +@c +@c @item gnu +@c @itemx default +@c Standard GNU output format. +@c +@c @item gnu-one-entry +@c Like the previous format, but with intermediary newlines removed. +@c +@c @item help +@c Display a list of valid formats, together with a short description +@c for each choice. +@c +@c @item net-tools +@c Imitation of presentation used by the implementation in @samp{net-tools}. +@c Default format for GNU/Linux. +@c +@c @item netstat +@c Terse output with statistics, similar to that of @code{netstat -i}. +@c +@c @item osf +@c Format variant of @samp{unix} preferred by OSF's implementation. +@c +@c @item unix +@c Traditional UNIX type format. Default for BSD, HPUX and Solaris. +@c @end table +@c +@c @section Legacy syntax +@c @anchor{ifconfig legacy syntax} +@c +@c The traditional mode of invoking @command{ifconfig} is via +@c a parsed command line, without all use of program switches +@c and options, relying fully on argument parsing. This mode +@c of use is supported also in the present implementation, +@c but keep in mind that only one interface can be manipulated +@c using this legacy syntax. +@c +@c @example +@c ifconfig NAME [ADDR [DSTADDR]] [broadcast BRDADDR] [netmask MASK] +@c [metric N] [mtu N] [up|down] +@c @end example +@c +@c As is conventional, only the primary address and possibly the +@c peer destination address are stated as bare arguments, without +@c a specifying keyword. +@c Some slight variation on this syntax will depend on the target +@c system for which the program is being built, as not all platforms +@c support identical abilities. +@c The best information is found via the usage massage +@c @samp{ifconfig --usage}. +@c +@c @node logger invocation +@c @chapter @command{logger}: Send messages to system log +@c @pindex logger +@c +@c @command{logger} is a program to send entries to system log. It +@c provides a shell command interface similar to the system log module. +@c For background information, +@c @pxref{Syslog, , Syslog, libc, The GNU C Library Reference Manual}. +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c logger [@var{option}@dots{}] [@var{message}] +@c @end example +@c +@c @section Command line options +@c @anchor{logger options} +@c +@c @table @option +@c @item -4 +@c @itemx --ipv4 +@c @opindex -4 +@c @opindex --ipv4 +@c Use IPv4 as transport when logging to a host. The default behaviour +@c is to use whatever IP version that matches the host. +@c +@c @item -6 +@c @itemx --ipv6 +@c @opindex -6 +@c @opindex --ipv6 +@c Use IPv6 as transport when logging to a host. The option is present +@c also on systems without support for IPv6, but will then issue a warning +@c and then fall back to IPv4 when delivering the message. +@c +@c Both options are most influencial when the target host is named using +@c a symbolic name, but numerical addresses for host or source must also +@c match if either of @option{--ipv4} or @option{--ipv6} is stated. +@c +@c @item -f @var{file} +@c @itemx --file=@var{file} +@c @opindex -f +@c @opindex --file +@c Log the content of the specified file. If @var{file} is @samp{-} then +@c standard input is assumed. +@c +@c @item -h @var{host} +@c @itemx --host=@var{host} +@c @opindex -h +@c @opindex --host +@c Send messages to the given host or socket. The @var{host} argument +@c can be either a local UNIX socket name (containing a slash @samp{/}), +@c or be of the form +@c +@c @example +@c @var{host}[:@var{port}] +@c @end example +@c +@c @noindent +@c where @var{host} is the remote host name or IP address, and the +@c optional @var{port} is a decimal port number or symbolic service +@c name from @file{/etc/services}. If @var{port} is not specified, +@c the port number corresponding to the @samp{syslog} service is used. +@c If a numerical IPv6 address is given without a port specification, +@c then the address must be enclosed within brackets (like [::1]). +@c +@c @item -i[@var{pid}] +@c @itemx --id=[@var{pid}] +@c @opindex -i +@c @opindex --id +@c Add process ID to each message. If @var{pid} is not supplied, use the +@c process ID of the logger process with each line. Notice, that +@c @var{pid} is an optional argument. When supplied to the @option{-i} +@c option, it must follow the @samp{i} letter immediately, without any +@c separating whitespace. When supplied to the @option{--id} form, it +@c must be separated from it by exactly one equals sign. +@c +@c @item -p @var{priority} +@c @itemx --priority=@var{priority} +@c @opindex -p +@c @opindex --priority +@c Enter the message with the specified priority. The priority may be +@c specified numerically or as a @samp{facility.level} pair. For +@c example, @option{-p local3.info} logs the message at the informational +@c level in the @samp{local3} facility. The default is +@c @samp{user.notice}. +@c +@c The actual list of supported facilities and levels is system specific. +@c +@c @item -s +@c @itemx --stderr +@c @opindex -s +@c @opindex --stderr +@c Log the message to standard error, as well as to the system log. +@c +@c @item -S @var{addr} +@c @itemx --source=@var{addr} +@c @opindex -S +@c @opindex --source +@c Supply the source IP address for INET connections. This option is +@c useful in conjunction with @option{--host} (see above). The kind of +@c address specified here (IPv4 or IPv6) will propagate to influence +@c the resolution of the host address, if it is a symbolic name. +@c +@c @item -t @var{tag} +@c @itemx --tag=@var{tag} +@c @opindex -t +@c @opindex --tag +@c Mark every line in the log with the specified tag. +@c +@c @item -u @var{socket} +@c @itemx --unix=@var{socket} +@c @opindex -h +@c @opindex --host +@c Send messages to the given local UNIX socket. The @var{socket} argument +@c can be either an absolute path (starting with a slash @samp{/}), or a relative +@c path understood relative to the current working directory. +@c @end table +@c +@c The options are followed by the message which should be written to the +@c log. If not specified, and the @option{-f} flag is not provided, +@c standard input is logged. +@c +@c @section Examples +@c @anchor{logger examples} +@c +@c The following examples illustrate the usage of the @command{logger} +@c command: +@c +@c @enumerate 1 +@c @item Log the message @samp{System rebooted} to the local syslog. +@c Use default facility and priority: +@c +@c @example +@c logger System rebooted +@c @end example +@c +@c @item Run command and send its error output to the channel +@c @samp{local0.err}. Mark each message with tag @samp{cmd}: +@c +@c @example +@c command 2>&1 | logger -p local0.err -t cmd +@c @end example +@c +@c @item Log each line from file @file{warnings} to channel +@c @samp{daemon.warn} on host @samp{logger.runasimi.org}, +@c using the source IP @samp{10.10.10.1}: +@c +@c @example +@c logger -p daemon.warn -h logger.runasimi.org -S 10.10.10.1 \ +@c @verb{| |}--file warnings +@c @end example +@c @end enumerate +@c +@c @node ping invocation +@c @chapter @command{ping}: Packets to network hosts +@c @pindex ping +@c +@c @c FIXME: The text is far to detailed about the actual implementation +@c @c of ping. A user doesn't need to know that we are using TIMEVAL, or +@c @c how things are padded. +@c +@c @command{ping} uses ICMP datagrams to provoke a response +@c from the chosen destination host, mainly intending to probe +@c whether it is alive. +@c +@c The used datagram, of type @code{ECHO_REQUEST}, contains some header +@c information and some additional payload, usually a time stamp. +@c By a suitable choice of payload, different host or router properties +@c are detectable, as the emitted datagram travels to its destination. +@c +@c @ignore %* Too detailed for end user. +@c @command{ping} uses the ICMP protocol's mandatory +@c @code{ECHO_REQUEST} datagram to elicit an ICMP type @code{ECHO_REPLY} +@c packet from a host or gateway. +@c @code{ECHO_REQUEST} datagrams (@dfn{pings}) have an IP and +@c an ICMP header, followed by a @dfn{struct timeval} and then +@c an arbitrary number of @dfn{padding} bytes used to fill out the packet. +@c @end ignore +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c ping [@var{option}@dots{}] @var{host} +@c @end example +@c +@c @noindent +@c Sending echo requests is the standard use of @command{ping}, +@c but by far not the only use case. +@c +@c @menu +@c * Ping options:: +@c * Fault isolation:: +@c * Duplicate and damaged packets:: +@c * Data patterns:: +@c * TTL details:: +@c * Further remarks:: +@c @end menu +@c +@c @node Ping options +@c @section Command line options +@c @anchor{ping options} +@c +@c @c Options controlling ICMP request types: +@c @c --address Send ICMP_ADDRESS packets (root only) +@c @c --echo Send ICMP_ECHO packets (default) +@c @c --mask Same as --address +@c @c --timestamp Send ICMP_TIMESTAMP packets +@c @c -t, --type=TYPE Send TYPE packets +@c +@c Selection of packet type is handled by these first options: +@c +@c @table @option +@c @item --address +@c @opindex --address +@c Send ICMP_ADDRESS packets, thus requesting the address netmask +@c in use by the targetted host. +@c +@c @item --echo +@c @opindex --echo +@c Send ICMP_ECHO requests. +@c This is the default action. +@c +@c @item --mask +@c @opindex --mask +@c Identical to @option{--address}. +@c +@c @item --timestamp +@c @opindex --timestamp +@c Send ICMP_TIMESTAMP packets, thereby requesting a timed response +@c from the targetted host. +@c +@c In successful cases three time values are returned. +@c All are expected to state the number of milliseconds since +@c midnight@tie{}UTC. +@c The first of these, @samp{icmp_otime}, contains the original +@c time of sending the request. +@c Then comes @samp{icmp_rtime}, the time of reception by the target, +@c and finally, @samp{icmp_ttime}, the time of transmitting an answer +@c back to the originator. +@c +@c @item -t @var{type} +@c @itemx --type=@var{type} +@c @opindex --type +@c @opindex -t +@c Send @var{type} packets. Accepted values are @samp{address}, +@c @samp{echo}, @samp{mask}, and @samp{timestamp}. +@c @end table +@c +@c @c Options valid for all request types: +@c @c -c, --count=NUMBER Stop after sending NUMBER packets +@c @c -d, --debug Set the SO_DEBUG option +@c @c -i, --interval=NUMBER Wait NUMBER seconds between sending each packet +@c @c -n, --numeric Do not resolve host addresses +@c @c -r, --ignore-routing Send directly to a host on an attached network +@c @c -T, --tos=NUM Set type-of-service to NUM +@c @c --ttl=NUMBER Set specified time-to-live on packet +@c +@c @noindent +@c The following options are available for all packet types: +@c +@c @table @option +@c @item -c @var{n} +@c @itemx --count=@var{n} +@c @opindex -c +@c @opindex --count +@c Stop after sending and receiving answers to a total of +@c @var{n} packets. +@c +@c @item -d +@c @itemx --debug +@c @opindex -d +@c @opindex --debug +@c Set the SO_DEBUG option on the socket being used. +@c +@c @item -i @var{n} +@c @itemx --interval=@var{n} +@c @opindex -i +@c @opindex --interval +@c Wait @var{n} seconds until sending next packet. +@c The default is to wait for one second between packets. +@c This option is incompatible with the option @option{-f}. +@c +@c @item -n +@c @itemx --numeric +@c @opindex -n +@c @opindex --numeric +@c Numeric output only. No attempt will be made to resolve +@c symbolic names for host addresses. +@c +@c @item -r +@c @itemx --ignore-routing +@c @opindex -r +@c @opindex --ignore-routing-log +@c Bypass the normal routing tables and send directly to a host on an +@c attached network. If the host is not on a directly attached network, +@c an error is returned. This option can be used to ping a local host +@c through an interface that has no route through it (e.g., after the +@c interface was dropped by @command{routed}). +@c +@c @item -T @var{num} +@c @itemx --tos=@var{num} +@c @opindex -T +@c @opindex --tos +@c Set type-of-service, TOS field, to @var{num} on +@c transmitted packets. +@c +@c @item --ttl=@var{n} +@c @opindex --ttl +@c Set the specified number @var{n} as value of time-to-live when +@c transmitting packets. Acceptable values are 1 to 255, inclusive. +@c +@c @item -v +@c @itemx --verbose +@c @opindex -v +@c @opindex --verbose +@c Produce more verbose output, giving more statistics. +@c +@c @item -w @var{n} +@c @itemx --timeout=@var{n} +@c @opindex -w +@c @opindex --timeout +@c Stop after @var{n} seconds. +@c +@c @item -W @var{n} +@c @itemx --linger=@var{n} +@c @opindex -W +@c @opindex --linger +@c Maximum number of seconds @var{n} to wait for a response. +@c @end table +@c +@c @c Options valid for --echo requests: +@c @c -f, --flood Flood ping (root only) +@c @c --ip-timestamp=FLAG Timestamp IP option of types tsonly, +@c @c tsaddr, or (not yet implemented) prespec. +@c @c -l, --preload=NUMBER Send NUMBER packets as fast as possible before +@c @c falling into normal mode of behavior (root only) +@c @c -p, --pattern=PATTERN Fill ICMP packet with given pattern (hex) +@c @c -q, --quiet no packet message +@c @c -R, --route Record route IP option +@c @c -s, --size=NUMBER Send NUMBER data octets +@c +@c Finally, these last options are relevant only for sending echo requests, +@c allowing many variations in order to detect various peculiarities of +@c the targeted host, or the intermediary routers for that matter. +@c +@c @table @option +@c @item -f +@c @itemx --flood +@c @opindex -f +@c @opindex --flood +@c Flood ping. Outputs packets as fast as they come back or one hundred +@c times per second, whichever is more. For every ECHO_REQUEST packet +@c sent, a period @samp{.} is printed, while for every ECHO_REPLY +@c received in reply, a backspace is printed. +@c This provides a rapid display of how many packets are being dropped. +@c Only the super-user may use this option. +@c This can be very hard on a network and should be used with caution. +@c +@c @item --ip-timestamp=@var{flag} +@c @opindex --ip-timestamp +@c Include IP option Timestamp in transmitted packets. +@c The value @var{flag} is either @samp{tsonly}, which only records up +@c to nine time stamps, or @samp{tsaddr}, which records IP +@c addresses as well as time stamps, but for at most four hosts. +@c +@c @item -l @var{n} +@c @itemx --preload=@var{n} +@c @opindex -l +@c @opindex --preload +@c If @var{n} is specified, ping sends that many packets as fast as +@c possible before falling into its normal mode of operation. +@c +@c @item -p @var{pat} +@c @itemx --pattern=@var{pat} +@c @opindex -p +@c @opindex --pattern +@c You may specify up to 16 pad bytes to fill out the packet you send. +@c This is useful for diagnosing data-dependent problems in a network. +@c For example, @option{-p ff} will cause the sent packet to be filled +@c with all ones. +@c +@c @item -q +@c @itemx --quiet +@c @opindex -q +@c @opindex --quiet +@c Do not print timing for each transmitted packet. +@c @item -R +@c @itemx --route +@c @opindex -R +@c @opindex --route +@c Record route. Includes the @code{RECORD_ROUTE} field in the +@c ECHO_REQUEST packet and displays the route buffer on returned packets. +@c Note that the IP header is only large enough for nine +@c such routes. +@c Many hosts ignore or discard this option. +@c +@c @item -s @var{n} +@c @itemx --size=@var{n} +@c @opindex -s +@c @opindex --size +@c Specifies the number of data bytes to be sent. The default is 56, +@c which translates into 64@tie{}ICMP data bytes, taking +@c the 8@tie{}bytes of ICMP header data into account. +@c @end table +@c +@c @node Fault isolation +@c @section Using ping for network fault isolation +@c +@c When using @command{ping} for fault isolation, it should first be run +@c on the local host, to verify that the local network interface is up +@c and running. Then, hosts and gateways further and further away should +@c be pinged. Round-trip times and packet loss statistics are computed. +@c If duplicate packets are received, they are not included in the packet +@c loss calculation, although the round trip time of these packets is +@c used in calculating the minimum/average/maximum round-trip time +@c numbers. When the specified number of packets have been sent (and +@c received) or if the program is terminated with a @samp{SIGINT}, a +@c brief summary is displayed. +@c +@c This program is intended for use in network testing, measurement and +@c management. Because of the load it can impose on the network, it is +@c unwise to use ping during normal operations or from automated scripts. +@c +@c @ignore +@c @section ICMP Packet Details +@c +@c An IP header without options consists of 20 bytes. +@c An ICMP type ECHO_REQUEST packet contains an additional +@c 8 bytes worth of ICMP header followed by an arbitrary +@c amount of data. +@c When a packet size is stated, that indicates +@c the size of the extra piece of data (the default is 56). +@c Thus the amount of data received as an IP packet +@c with an ICMP type ECHO_REPLY, will always be 8 bytes larger +@c than the requested data space (the ICMP header). +@c +@c If the data space is at least eight bytes large, ping uses the first +@c eight bytes of this space to include a timestamp which it uses in the +@c computation of round trip times. If less than eight bytes of pad are +@c specified, no round trip times are given. +@c @end ignore +@c +@c @node Duplicate and damaged packets +@c @section Duplicate and damaged packets +@c +@c Ping will report duplicate and damaged packets. Duplicate packets +@c should never occur, and seem to be caused by inappropriate link-level +@c retransmissions. Duplicates may occur in many situations and are +@c rarely (if ever) a good sign, although the presence of low levels of +@c duplicates may not always be cause for alarm. +@c +@c Damaged packets are obviously serious cause for alarm and often +@c indicate broken hardware somewhere in the ping packet's path (in the +@c network or in the hosts). +@c +@c @node Data patterns +@c @section Trying different data patterns +@c +@c The (inter)network layer should never treat packets differently +@c depending on the data contained in the data portion. Unfortunately, +@c data-dependent problems have been known to sneak into networks and +@c remain undetected for long periods of time. In many cases the +@c particular pattern that will have problems is something that doesn't +@c have sufficient ``transitions'', such as all ones or all zeros, or a +@c pattern right at the edge, such as almost all zeros. It isn't +@c necessarily enough to specify a data pattern of all zeros (for +@c example) on the command line because the pattern that is of interest +@c is at the data link level, and the relationship between what you type +@c and what the controllers transmit can be complicated. +@c +@c This means that if you have a data-dependent problem you will probably +@c have to do a lot of testing to find it. If you are lucky, you may +@c manage to find a file that either can't be sent across your network or +@c that takes much longer to transfer than other similar length files. +@c You can then examine this file for repeated patterns that you can test +@c using the @option{-p} option of ping. +@c +@c @node TTL details +@c @section TTL details +@c +@c The TTL field, @dfn{Time To Live}, of an IP +@c packet represents the maximum number of IP routers +@c that the packet can go through before being discarded. +@c In current practice you can expect each router on the +@c Internet to decrement the TTL field by exactly one. +@c +@c The TCP/IP specification states that the TTL field +@c of a new TCP packet should be set to 60, +@c but many systems use smaller values (4.3BSD used 30 +@c and 4.2BSD used 15). +@c +@c The maximum possible value of this field is 255, and most UNIX systems +@c set the TTL field of ICMP (type @code{ECHO_REQUEST}) +@c packets to 255. This is why you will find you can ping some hosts, +@c but not reach them with @command{telnet} or @command{ftp}. +@c +@c During normal operation, @command{ping} prints the TTL value +@c for every packet it receives. +@c When a remote system receives an ICMP packet, +@c it can do one of three things to the TTL field +@c in its response packet: +@c +@c @itemize @bullet +@c @item +@c Not to change it. This is what Berkeley UNIX systems did before the +@c 4.3BSD-Tahoe release. In this case the TTL value in the +@c received packet will be 255 minus the number of routers in the +@c round-trip path. +@c +@c @item +@c Set it to 255. This is what current Berkeley UNIX systems do. In this +@c case the TTL value in the received packet will be 255 minus the +@c number of routers in the path from the remote system to the pinging +@c host. +@c +@c @item +@c Set it to some other value. Some machines use the same value for +@c ICMP packets that they use for TCP packets, +@c for example either 30 or 60. +@c Others may use completely arbitrary values. +@c +@c @end itemize +@c +@c @node Further remarks +@c @section Further observations +@c Many hosts and gateways ignore the @code{RECORD_ROUTE} field, since +@c the maximum IP header length is far to small to hold all +@c the routes. +@c There is not much that can be done about this. +@c +@c Flood pinging is not recommended in general, and flood pinging the +@c broadcast address should only be done under very controlled +@c conditions. +@c +@c Some BSD variants offer a kernel setting to inhibit all replies +@c to ICMP_MASKREQ packets, but in general, Unices are designed either +@c to answer the request with a valid netmask, or to drop the request, +@c causing @command{ping} to wait for a timeout condition. +@c +@c @node ping6 invocation +@c @chapter @command{ping6}: Packets to IPv6 network hosts +@c @pindex ping6 +@c +@c @command{ping6} uses ICMPv6 datagrams to get a response +@c from the chosen destination host. +@c The most common use is to probe whether the remote +@c system is responsive. +@c Observe that this program only uses IPv6 datagrams. +@c +@c Each datagram, of type @code{ECHO_REQUEST}, carries some header +@c information and some additional payload, usually a time stamp. +@c Making a suitable choice of payload, it is possible to probe +@c different host or router properties on the way as the emitted +@c datagram travels to its destination. +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c ping6 [@var{option}@dots{}] @var{host} +@c @end example +@c +@c @noindent +@c Sending simple, timed echo requests is the standard use +@c of @command{ping6}, but is by far not the only use case. +@c +@c This command is a close parallel to @command{ping}, +@c except that it handles IPv6 and is thus not able +@c to handle peculiarities of IPv4. +@c +@c @section Command line options +@c @anchor{ping6 options} +@c +@c @table @option +@c @item -c @var{n} +@c @itemx --count=@var{n} +@c @opindex -c +@c @opindex --count +@c Stop after sending and receiving answers to a total of +@c @var{n} packets. +@c +@c @item -d +@c @itemx --debug +@c @opindex -d +@c @opindex --debug +@c Set the SO_DEBUG option on the socket being used. +@c +@c @item -f +@c @itemx --flood +@c @opindex -f +@c @opindex --flood +@c Flood ping. +@c Outputs packets as fast as they come back, +@c or one hundred times per second, whichever is more. +@c For every ECHO_REQUEST packet sent, a period @samp{.} is printed, +@c while for every ECHO_REPLY received in reply, a backspace is printed. +@c +@c This provides a rapid display of how many packets are being dropped. +@c Only the super-user may use this option. +@c This mode can be very hard on a network. +@c It should be used with caution! +@c +@c @item --hoplimit=@var{n} +@c @opindex --hoplimit +@c Limit maximal distance to @var{n}. +@c Acceptable values are 1 to 255, inclusive. +@c +@c @item -i @var{n} +@c @itemx --interval=@var{n} +@c @opindex -i +@c @opindex --interval +@c Wait @var{n} seconds until sending next packet. +@c The default is to wait for one second between packets. +@c This option is incompatible with the option @option{-f}. +@c +@c @item -l @var{n} +@c @itemx --preload=@var{n} +@c @opindex -l +@c @opindex --preload +@c Sends @var{n} packets as fast as possible before falling +@c back to the normal mode of operation. +@c +@c @item -n +@c @itemx --numeric +@c @opindex -n +@c @opindex --numeric +@c Numeric output only. +@c No attempt will be made to resolve symbolic names for host addresses. +@c +@c @item -p @var{pattern} +@c @itemx --pattern=@var{pattern} +@c @opindex -p +@c @opindex --pattern +@c Up to 16 hexadecimal pad bytes are given as @var{pattern}. +@c These are use for filling out the packets you send. +@c This option is useful for diagnosing data-dependent problems +@c within a network. +@c As an example, @option{-p ff} will cause the sent packets +@c to have payloads with every bit set to one. +@c +@c @item -q +@c @itemx --quiet +@c @opindex -q +@c @opindex --quiet +@c Do not print timing result of each transmitted packet. +@c +@c @item -r +@c @itemx --ignore-routing +@c @opindex -r +@c @opindex --ignore-routing-log +@c Bypass the normal routing tables and send directly +@c to a host on an attached network. +@c If the host is not on a directly attached network, +@c an error is returned. +@c This option can be used to ping a local host +@c through an interface, for which there is no +@c assigned route, such as when the interface +@c was dropped by @command{routed}. +@c +@c @item -s @var{n} +@c @itemx --size=@var{n} +@c @opindex -s +@c @opindex --size +@c Specifies the number of data bytes to be sent. The default is 56, +@c which translates into 64@tie{}ICMP data bytes, taking +@c the 8@tie{}bytes of ICMP header data into account. +@c +@c @item -T @var{num} +@c @itemx --tos=@var{num} +@c @opindex -T +@c @opindex --tos +@c Set the traffic class to @var{num} on transmitted packets. +@c +@c @item --ttl=@var{n} +@c @opindex --ttl +@c Synonym for @option{--hoplimit}. +@c +@c @item -v +@c @itemx --verbose +@c @opindex -v +@c @opindex --verbose +@c Produce more verbose output, giving more statistics. +@c +@c @item -w @var{n} +@c @itemx --timeout=@var{n} +@c @opindex -w +@c @opindex --timeout +@c Stop after @var{n} seconds. +@c @end table +@c +@c The documentation of @command{ping} provides several +@c pieces of information, and discussions, relevant to +@c the use of @command{ping6}. +@c Keep in mind, though, that the differing address family +@c causes some discrepancy. +@c @xref{ping invocation}. +@c +@c @node traceroute invocation +@c @chapter @command{traceroute}: Trace the route to a host +@c @pindex traceroute +@c +@c @command{traceroute} prints a trace of the route +@c IP@tie{}packets are travelling to a remote host. +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c traceroute [@var{option}@dots{}] @var{host} +@c @end example +@c +@c @section Command line options +@c @anchor{traceroute options} +@c +@c @table @option +@c @item -f @var{num} +@c @itemx --first-hop=@var{num} +@c @opindex -f +@c @opindex --first-hop +@c Set the initial hop distance to @var{num}, instead of the default 1. +@c This immediately allows probing packets to sense routing +@c properties closer to the target host, skipping routers close +@c to the local host. Quicker analysis of problems known to lie +@c at some routing distance is the outcome. +@c +@c @item -g @var{gates} +@c @itemx --gateways=@var{gates} +@c @opindex -g +@c @opindex --gateways +@c Set intermediary hosts used in loose source routing. +@c The argument @var{gates} is a list of gateways, +@c using spaces, commata, or semicola as separators. +@c These hosts must be traversed in the given order +@c before the intended host receives any datagram. +@c At most eight host names or addresses may be specified. +@c Multiple uses of @option{-g} produce a concatenated list. +@c +@c @item -I +@c @itemx --icmp +@c @opindex -I +@c @opindex --icmp +@c Use ICMP ECHO datagrams for probing the remote host. +@c +@c @item -m @var{num} +@c @itemx --max-hop=@var{num} +@c @opindex -m +@c @opindex --max-hop +@c Set the maximum time-to-live allowed for probing. +@c In other words, stop probing when the hop distance +@c is in excess of @var{num}. +@c The default limit is 64. +@c +@c @item -M @var{method} +@c @itemx --type=@var{method} +@c @opindex -M +@c @opindex --type +@c Use @var{method} as carrier packets for traceroute operations. +@c Supported choices are @samp{icmp} and @samp{udp}, where @samp{udp} +@c is the default type. +@c +@c @item -p @var{port} +@c @itemx --port=@var{port} +@c @opindex -p +@c @opindex --port +@c Set destination port of target to @var{port}. +@c The default value is 33434. +@c +@c @item -q @var{num} +@c @itemx --tries=@var{num} +@c @opindex -q +@c @opindex --tries +@c Send a total of @var{num} probe packets per hop, defaulting to 3. +@c +@c @item --resolve-hostnames +@c @opindex --resolve-hostnames +@c Attempt to resolve all addresses as hostnames. +@c +@c @item -t @var{num} +@c @itemx --tos=@var{num} +@c @opindex -t +@c @opindex --tos +@c Set type-of-service, TOS field, to @var{num} on +@c transmitted packets. +@c +@c @item -w @var{num} +@c @itemx --wait=@var{num} +@c @opindex -w +@c @opindex --wait +@c Set timeout in seconds, within which a returning response +@c packet is accepted as such. +@c Default waiting time is three seconds. +@c @end table +@c +@c @section Diagnostic tokens +@c @anchor{traceroute printing} +@c +@c During execution, @command{traceroute} sends three datagrams +@c for each value for the TTL field, printing a diagnostic line +@c of output for these. The TTL field is then steadily increased +@c until the intended host responds, or some intermediary gateway +@c returns a datagram to the effect that the target cannot be +@c reached due to one reason or another. +@c +@c Each line of output displays a sequence number, followed by +@c diagnostic annotation. Any responding host has its address +@c printed without repetition, together with a measured timing. +@c In case there is no response within a time period of three seconds, +@c an asterisque @samp{*} is printed. +@c +@c When an intermediate router responds with an exceptional state, +@c the time elapsed since emitting the original datagram is printed, +@c followed by an additional short hand hint of the reason: +@c +@c @table @samp +@c @item !F +@c Fragmentation needed by gateway. +@c +@c @item !H +@c Host not reachable from gateway. +@c +@c @item !N +@c Network not reachable from gateway. +@c +@c @item !P +@c Protocol not usable at host, or within network. +@c +@c @item !S +@c Source routing failed at gateway. +@c +@c @item !T +@c Host or network not reachable for stated type of service, TOS. +@c +@c @item !U +@c Isolated host, not reachable. +@c +@c @item !X +@c Forbidden by remote administration. +@c @end table +@c +@c @node whois invocation +@c @chapter @command{whois}: User interface to WHOIS data bases. +@c @pindex whois +@c +@c The functionality of a world wide Internet is dependent on +@c stored node information of different kinds. +@c Registrars keep much relevant material in WHOIS data bases. +@c This utility @command{whois} is able to query those sources +@c for general and for particular properties of most domains. +@c +@c For many domains there are names of suitable data base servers +@c hard coded into @command{whois}, ready to query for domain +@c relevant information. +@c Since servers' names do change from time to time, +@c this utility might occasionally need some guidance using +@c a suitable command line option. +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c whois [@var{OPTION}@dots{}] @var{OBJECT}@dots{} +@c @end example +@c +@c @section Command line options +@c @anchor{whois options} +@c +@c @table @option +@c @item -a +@c @opindex -a +@c Search all data bases. +@c +@c @item -F +@c @opindex -F +@c Fast and raw output. Implies @option{-r}. +@c +@c @item -g @var{source}:@var{first}-@var{last} +@c @opindex -g +@c Find updates for an object from provider @var{source}, +@c starting from the version with serial key @var{first}, +@c and ending with serial key @var{last}. +@c +@c @item -h @var{host} +@c @itemx --server=@var{host} +@c @opindex -h +@c @opindex --server +@c Connect to server @var{host}. +@c +@c @item -H +@c @opindex -H +@c Hide legal disclaimers. +@c +@c @item -i @var{attr}[,@var{attr2}@dots{}] +@c @opindex -i +@c Do an inverse lookup for specified attributes. +@c Use a comma separated list for multiple attributes. +@c +@c @item -l +@c @opindex -l +@c One level less specific lookup. +@c Applies to RPSL only. +@c +@c @item -L +@c @opindex -L +@c Find all less specific matches. +@c +@c @item -m +@c @opindex -m +@c Find more specific matches, one level deeper. +@c +@c @item -M +@c @opindex -M +@c Find all more specific matches. +@c +@c @item -p @var{port} +@c @opindex -p +@c Connect to server port @var{port}. +@c +@c @item -q @{version|sources@} +@c @opindex -q +@c Query specified server info. +@c Applies to RPSL only. +@c +@c @item -r +@c @opindex -r +@c Turn off recursive lookups. +@c +@c @item -R +@c @opindex -R +@c Force output to show local copy of the domain object, +@c even if it contains a referral. +@c +@c @item -s @var{source}[,@var{source2}@dots{}] +@c @opindex -s +@c Search the data base at @var{source}. +@c A comma separated list queries multiple providers. +@c +@c @item -S +@c @opindex -S +@c Tell server to refrain from syntactic sugar. +@c +@c @item -t @var{type} +@c @opindex -t +@c Request a template for objects of type @var{type}. +@c Use the value @samp{all} for a list of possible types. +@c +@c @item -T @var{type}[,@var{type2}@dots{}] +@c @opindex -T +@c Search only for objects of type @var{type}. +@c A comma separated list allows for multiple types. +@c +@c @item -V +@c @itemx --verbose +@c @opindex -V +@c @opindex --verbose +@c Verbosely explain all actions taken. +@c +@c @item -x +@c @opindex -x +@c Search only for exact matches. +@c Applicable only to RPSL. +@c @end table +@c +@c @section Environment variables +@c @anchor{whois environment} +@c +@c @command{whois} holds an internal list of information servers +@c and their assigned data bases. +@c Queries are examined against this list to select the most +@c plausible server, but the hint can always be overruled on +@c the command line by use of the option @option{-h}. +@c If neither of these have a say, then the default server to ask +@c is @samp{whois.internic.net}, but this name is in turn overruled +@c by a server name in the environment variable @env{WHOIS_SERVER}. +@c +@c @table @env +@c @item LANG +@c When the server @samp{whois.nic.ad.jp} is queried, and only then, +@c any non-Japanese locale in @env{LANG} will ask the server to reply +@c with English text, not Japanese. +@c +@c @item WHOIS_HIDE +@c When set, the effect on @command{whois} is as if the +@c option @option{-H} had been given. +@c +@c @item WHOIS_SERVER +@c Data base server to query when internal hinting is inconclusive. +@c When unset, @samp{whois.internic.net} is used as default server. +@c +@c @end table +@c @node ftp invocation @chapter @command{ftp}: FTP client @pindex ftp @@ -2369,521 +2369,521 @@ encountered. If a macro named init is d executed as the last step in the auto-login process. @end table -@node rcp invocation -@chapter @command{rcp}: Copy files between machines -@pindex rcp - -@command{rcp} copies files between machines. Each file or directory -argument is either a remote file name of the form -@samp{rname@@rhost:path}, or a local file name (containing no @samp{:} -characters, or a @samp{/} before any @samp{:}s). - -@noindent -Synopsis: - -@example -rcp [@var{option}]@dots{} @var{old-file} @var{new-file} -rcp [@var{option}]@dots{} @var{files}@dots{} @var{directory} -@end example - -@section Command line options -@anchor{rcp options} - -@table @option -@item -4 -@itemx --ipv4 -@opindex -4 -@opindex --ipv4 -Use only IPv4. - -@item -6 -@itemx --ipv6 -@opindex -6 -@opindex --ipv6 -Use only IPv6. - -@item -d @var{directory} -@itemx --target-directory=@var{directory} -@opindex -d -@opindex --target-directory -Copy all source arguments into @var{directory}. - -@item -f -@itemx --from -@opindex -f -@opindex --from -(Server mode only.) Copying from remote host. - -@item -k @var{realm} -@itemx --realm=@var{realm} -@opindex -k -@opindex --realm -The option requests rcp to obtain tickets for the remote host in -realm @var{realm} instead of the remote host's realm. - -@item -K -@itemx --kerberos -@opindex -K -@opindex --kerberos -Turns off all Kerberos authentication. - -@item -p -@itemx --preserve -@opindex -p -@opindex --preserve -Causes @code{rcp} to attempt to preserve (duplicate) in its copies the -modification times and modes of the source files, ignoring the umask. -By default, the mode and owner of the target file are preserved -if the target itself already exists; otherwise the mode of the source -file is modified by the @code{umask} setting on the destination host. - -@item -r -@itemx --recursive -@opindex -r -@opindex --recursive -If any of the source files are directories, @command{rcp} copies each -subtree rooted at that name; in this case the destination must be a -directory. - -@item -t -@itemx --to -@opindex -t -@opindex --to -(Server mode only.) Copying to remote host. - -@item -x -@itemx --encrypt -@opindex -x -@opindex --encrypt -Turns on encryption for all data passed via the @command{rcp} session. -This may impact response time and CPU utilization, but provides increased -security. - -@end table - -@command{rcp} doesn't detect all cases where the target of a copy -might be a file in cases where only a directory should be legal. - -@command{rcp} can be confused by any output generated by commands in a -@file{.login}, @file{.profile}, or @file{.cshrc} file on the remote -host. - -The destination user and hostname may have to be specified as -@samp{rhost.rname} when the destination machine is running the 4.2BSD -version of @command{rcp}. - -@node rexec invocation -@chapter @command{rexec}: a remote execution program -@pindex rexec - -@command{rexec} is a program that executes a program on another host. - -@noindent -Synopsis: - -@example -rexec --user=@var{login} --password=@var{pass} --host=@var{host} \ -@verb{| |}[OPTION] @var{command} -@end example - -@section Command line options -@anchor{rexec options} - -@table @option -@item -4 -@itemx --ipv4 -@opindex -4 -@opindex --ipv4 -Use only IPv4 connections as all times. - -@item -6 -@itemx --ipv6 -@opindex -6 -@opindex --ipv6 -Use only IPv6 connections. - -@item -a -@itemx --ipany -@opindex -a -@opindex --ipany -Allow any address family for connections. This is the default. - -@item -e -@itemx --error=@var{port} -@opindex -e -@opindex --error -Specify the TCP port to use for stderr redirection, in case it is not -specified a random port will be used. - -@item -h -@item --host=@var{name} -@opindex -h -@opindex --host -Specify the host with whom to connect: symbolic name or address. - -@item -n -@itemx --noerr -@opindex -n -@opindex --noerr -If specified, an error stream will not be created. - -@item -p -@itemx --password=@var{passwd} -@opindex -p -@opindex --password -Specify the password for logging-in. The special value -consisting of a single dash @samp{-} will make @command{rexec} -read a single line from stdin. This input is then used -as password and is passed as such to the remote server. -Thus it is possible to hide vital access information -slightly better than the full disclosure implicit in -the text of a command line option. - -@item -P -@itemx --port=@var{num} -@opindex -P -@opindex --port -Specify to which numerical port a connection shall be sought. -If it is not specified, then use port 512/tcp by default. - -@item -u -@itemx --user=@var{name} -@opindex -u -@opindex --user -Specify the user with whom to log into the server. -@end table - -@node rlogin invocation -@chapter @command{rlogin}: Remote login -@pindex rlogin - -The @command{rlogin} command starts a terminal session on the -specified remote host, provided the required authentication -is successful. The remote terminal type is the same as that -given in the @env{TERM} local environment variable. -The terminal and the window size stay the same, if the remote -host supports them, and any changes in size are transferred -as need may be. - -When using the @command{rlogin} command, you can create a link -in your path, using a host name as the link name. For example: - -@example -# ln -s /usr/bin/rlogin @var{hostname} -# @var{hostname} -8 -@end example - -@noindent -Afterwards, the use of @var{hostname} will automatically invoke -@command{rlogin} to direct a log in request to the remote host -named @var{hostname}. - -@command{rlogin} allows access to the remote host without the use of a -password. The prerequisite is a suitable specification in @file{~/.rhosts}. -For details, @xref{rcmd, , rcmd, libc, The GNU C Library Reference Manual}. - -@section Command line options -@anchor{rlogin options} - -The options are as follows : - -@table @option -@item -4 -@itemx --ipv4 -@opindex -4 -@opindex --ipv4 -Use only IPv4. - -@item -6 -@itemx --ipv6 -@opindex -6 -@opindex --ipv6 -Use only IPv6. - -@item -8 -@itemx --8-bit -@opindex -8 -@opindex --8-bit -Allows an eight-bit input data path at all times; otherwise parity -bits are stripped except when the remote side's stop and start -characters are other than @kbd{C-S}/@kbd{C-Q}. - -@item -d -@itemx --debug -@opindex -d -@opindex --debug -Turns on socket debugging on the TCP sockets used for communication -with the remote host. - -@item -e @var{char} -@itemx --escape=@var{char} -@opindex -e -@opindex --escape -Allows user specification of the escape character, which is @samp{~} -by default. This specification may be as a literal character, or as -an octal value in the form @samp{\nnn}. - -@item -E -@itemx --no-escape -@opindex -E -@opindex --no-escape -Stops any character from being recognized as an escape character. -When used with the @option{-8} option, this provides a completely -transparent connection. - -@item -l @var{user} -@itemx --user=@var{user} -@opindex -l -@opindex --user -By default, the remote username is the same as the local username. -This option, and the @samp{user@@host} format, allow the remote -user name to be made explicit, or changed. -@end table - -@noindent -The next three options are available only if the program -has been compiled with support for Kerberos authentication. - -@table @option -@item -k @var{realm} -@itemx --realm=@var{realm} -@opindex -k -@opindex --realm -The option requests rlogin to obtain tickets for the remote host in -realm @var{realm} instead of the remote host's realm. - -@item -K -@itemx --kerberos -@opindex -K -@opindex --kerberos -Turns off all Kerberos authentication. - -@item -x -@itemx --encrypt -@opindex -x -@opindex --encrypt -Turns on encryption for all data passed via the rlogin session. -This may impact response time and CPU utilization, but provides -increased security. -@end table - -@section Escape characters and flow control - -As long as the connection stands, the client program @command{rsh} -is observing the input stream in order to detect so called -escape sequences, allowing the user to execute some local -actions without having to tear down the remote connection. - -The sequences consist of two characters, the first of which -always is the distinguished character @var{escape-char}. -The following sequences are supported: - -@c An input line of the form of the two-character sequence -@itemize @bullet -@item -@kbd{@var{escape-char} .} disconnects from the remote host. - -@item -@kbd{@var{escape-char} C-d} does the same. -(Termios character @samp{VEOF}.) - -@item -@kbd{@var{escape-char} C-z} suspends the session, halting the -remote process, but keeping it ready for resumed processing. -The user is given access to a local shell. -(Termios character @samp{VSUSP}.) - -@item -@kbd{@var{escape-char} @var{delayed-suspend-char}} implements -a half-way suspend, in the sense of stopping local input from -reaching the remote side, but still displaying all output from -the remote host on the local terminal. The remote process is -still running, but the local user is given a local shell until -the resuming the original command. -Normally, only BSD systems offer this mode. -(Termios character @samp{VDSUSP}.) -@end itemize - -@noindent -By default, the character tilde @samp{~} is assigned to @var{escape-char}, -but it can be changed using the option @option{--escape}. -The processing of escape sequences can even be disable using -the option @option{--no-escape}. -On BSD systems, @var{delayed-suspend-char} is usually set to @kbd{C-Y}. -It displays as @samp{dsusp} using @command{stty}. - -All echoing takes place at the remote site, so that the @command{rlogin} -is transparent except possibly for transmission delays. -Flow control via @kbd{C-S} and @kbd{C-Q}, if at all supported, -will stop and start the flow of data on the local terminal. -Flushing of input and output on interrupts is also -handled properly. - -On the server side the @code{iruserok} and @code{ruserok} functions -are used to authenticate the connection request, unless Kerberised -mode is in effect. See the appropriate man pages for more information. - -@section Kerberos Authentication - -If @command{rlogin} was compiled with kerberos support, options -@option{-x}, @option{-k}, @option{-K} are available. Each user may -have a private authorization list in the file @file{.k5login} in their -home directory. Each line in this file should contain a Kerberos -principal name of the form @samp{principal/instance@@realm}. If the -originating user is authenticated to one of the principals named in -@file{.k5login}, access is granted to the account. The principal -@samp{accountname@@localrealm} is granted access if there is no -@file{.k5login} file. Otherwise a login and password will be prompted -for on the remote machine as in @command{login}. To avoid certain -security problems, the @file{.k5login} file must be owned by the remote -user. If Kerberos authentication fails, a warning message is printed -and the standard Berkeley rlogin is used instead. - -@node rsh invocation -@chapter @command{rsh}: Remote shell -@pindex rsh - -@command{rsh} executes commands on a remote host and copies its local -standard input to that of the remote command, as well as the remote -standard output to the local standard output, and the remote standard -error to the local standard error. Locally raised interrupt, quit and -terminate signals are all propagated to the remote command. Normally -@command{rsh} terminates when the remote command does so. - -When using the @command{rsh} command, you can for convenience create -a link in your path, using a host name as name of the link. For example: - -@example -# ln -s /usr/bin/rsh @var{hostname} -# @var{hostname} ls -@end example - -@noindent -Afterwards, @var{hostname} will be passed to @command{rsh} as host name -whenever the command @var{hostname} is issued. - -@command{rsh} allows access to the remote host without the use of a -password. The prerequisite is a suitable specification in @file{~/.rhosts}. -For details, @xref{rcmd, , rcmd, libc, The GNU C Library Reference Manual}. - -If no command is specified for @command{rsh} ar argument following the -host name, then you will be logged in on the remote host using @command{rlogin}. - -@section Command line options -@anchor{rsh options} - -The options are as follows : - -@table @option -@item -4 -@itemx --ipv4 -@opindex -4 -@opindex --ipv4 -Use only IPv4. - -@item -6 -@itemx --ipv6 -@opindex -6 -@opindex --ipv6 -Use only IPv6. - -@item -d -@itemx --debug -@opindex -d -@opindex --debug -Turns on socket debugging used for communication with the remote host. - -@item -l @var{user} -@itemx --user=@var{user} -@opindex -l -@opindex --user -By default, the remote username is the same as the local username. -The @option{-l} option and the @samp{username@@host} format allow the -remote user name to be specified. Kerberos authentication is used, -whenever available, and authorization is determined as in @command{rlogin} -(@pxref{rlogin invocation}). - -@item -n -@itemx --no-input -@opindex -n -@opindex --no-input -Use @file{/dev/null} for all input, telling the server side that -we send no material. This can prevent the remote process from -blocking, should it optionally accept more input. -The option is void together with encryption. -@end table - -@noindent -The next three options are available only if the program -has been compiled with support for Kerberos authentication. - -@table @option -@item -k @var{realm} -@itemx --realm=@var{realm} -@opindex -k -@opindex --realm -The option requests rsh to obtain tickets for the remote host in -realm @var{realm} instead of the remote host's realm. - -@item -K -@itemx --kerberos -@opindex -K -@opindex --kerberos -Turns off all Kerberos authentication. - -@item -x -@itemx --encrypt -@opindex -x -@opindex --encrypt -Turns on encryption for all data passed via the rsh session. This -may impact response time and CPU utilization, but provides increased -security. -@end table - -@noindent -Finally, some compatibility options are present: - -@table @option -@item -8 -@itemx --8-bit -@itemx -e @var{char} -@itemx --escape=@var{char} -@itemx -E -@itemx --no-escape -Ignored during normal operation, but passed on to @command{rlogin} -when @command{rsh} is invoked without a command argument. -@end table - -@section Note on stream redirections - -Beware that non-quoted shell metacharacters are interpreted on the local -machine, while quoted metacharacters are interpreted on the remote -machine. For example: - -@example -rsh otherhost cat remotefile >> localfile -rsh otherhost cat remotefile ">>" otherfile -@end example - -@noindent -The first command appends the contents of @file{remotefile}, as found -on the remote host, to the file @file{localfile} on the local host, -since the local shell will intercept the redirection and will thus -receive whatever the remote process directs to stdout. - -In contrast, the second command will append the contents of the same -file @file{remotefile} to a file named @file{otherfile} again, but this -time the file is located on the remote host. The effect of quoting -the redirection operator is to execute the command - -@example -cat remotefile >> localfile -@end example - -@noindent -entirely on the remote most, whence stdout at the remote host will -have nothing to transmit to the listening local host!. - +@c @node rcp invocation +@c @chapter @command{rcp}: Copy files between machines +@c @pindex rcp +@c +@c @command{rcp} copies files between machines. Each file or directory +@c argument is either a remote file name of the form +@c @samp{rname@@rhost:path}, or a local file name (containing no @samp{:} +@c characters, or a @samp{/} before any @samp{:}s). +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c rcp [@var{option}]@dots{} @var{old-file} @var{new-file} +@c rcp [@var{option}]@dots{} @var{files}@dots{} @var{directory} +@c @end example +@c +@c @section Command line options +@c @anchor{rcp options} +@c +@c @table @option +@c @item -4 +@c @itemx --ipv4 +@c @opindex -4 +@c @opindex --ipv4 +@c Use only IPv4. +@c +@c @item -6 +@c @itemx --ipv6 +@c @opindex -6 +@c @opindex --ipv6 +@c Use only IPv6. +@c +@c @item -d @var{directory} +@c @itemx --target-directory=@var{directory} +@c @opindex -d +@c @opindex --target-directory +@c Copy all source arguments into @var{directory}. +@c +@c @item -f +@c @itemx --from +@c @opindex -f +@c @opindex --from +@c (Server mode only.) Copying from remote host. +@c +@c @item -k @var{realm} +@c @itemx --realm=@var{realm} +@c @opindex -k +@c @opindex --realm +@c The option requests rcp to obtain tickets for the remote host in +@c realm @var{realm} instead of the remote host's realm. +@c +@c @item -K +@c @itemx --kerberos +@c @opindex -K +@c @opindex --kerberos +@c Turns off all Kerberos authentication. +@c +@c @item -p +@c @itemx --preserve +@c @opindex -p +@c @opindex --preserve +@c Causes @code{rcp} to attempt to preserve (duplicate) in its copies the +@c modification times and modes of the source files, ignoring the umask. +@c By default, the mode and owner of the target file are preserved +@c if the target itself already exists; otherwise the mode of the source +@c file is modified by the @code{umask} setting on the destination host. +@c +@c @item -r +@c @itemx --recursive +@c @opindex -r +@c @opindex --recursive +@c If any of the source files are directories, @command{rcp} copies each +@c subtree rooted at that name; in this case the destination must be a +@c directory. +@c +@c @item -t +@c @itemx --to +@c @opindex -t +@c @opindex --to +@c (Server mode only.) Copying to remote host. +@c +@c @item -x +@c @itemx --encrypt +@c @opindex -x +@c @opindex --encrypt +@c Turns on encryption for all data passed via the @command{rcp} session. +@c This may impact response time and CPU utilization, but provides increased +@c security. +@c +@c @end table +@c +@c @command{rcp} doesn't detect all cases where the target of a copy +@c might be a file in cases where only a directory should be legal. +@c +@c @command{rcp} can be confused by any output generated by commands in a +@c @file{.login}, @file{.profile}, or @file{.cshrc} file on the remote +@c host. +@c +@c The destination user and hostname may have to be specified as +@c @samp{rhost.rname} when the destination machine is running the 4.2BSD +@c version of @command{rcp}. +@c +@c @node rexec invocation +@c @chapter @command{rexec}: a remote execution program +@c @pindex rexec +@c +@c @command{rexec} is a program that executes a program on another host. +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c rexec --user=@var{login} --password=@var{pass} --host=@var{host} \ +@c @verb{| |}[OPTION] @var{command} +@c @end example +@c +@c @section Command line options +@c @anchor{rexec options} +@c +@c @table @option +@c @item -4 +@c @itemx --ipv4 +@c @opindex -4 +@c @opindex --ipv4 +@c Use only IPv4 connections as all times. +@c +@c @item -6 +@c @itemx --ipv6 +@c @opindex -6 +@c @opindex --ipv6 +@c Use only IPv6 connections. +@c +@c @item -a +@c @itemx --ipany +@c @opindex -a +@c @opindex --ipany +@c Allow any address family for connections. This is the default. +@c +@c @item -e +@c @itemx --error=@var{port} +@c @opindex -e +@c @opindex --error +@c Specify the TCP port to use for stderr redirection, in case it is not +@c specified a random port will be used. +@c +@c @item -h +@c @item --host=@var{name} +@c @opindex -h +@c @opindex --host +@c Specify the host with whom to connect: symbolic name or address. +@c +@c @item -n +@c @itemx --noerr +@c @opindex -n +@c @opindex --noerr +@c If specified, an error stream will not be created. +@c +@c @item -p +@c @itemx --password=@var{passwd} +@c @opindex -p +@c @opindex --password +@c Specify the password for logging-in. The special value +@c consisting of a single dash @samp{-} will make @command{rexec} +@c read a single line from stdin. This input is then used +@c as password and is passed as such to the remote server. +@c Thus it is possible to hide vital access information +@c slightly better than the full disclosure implicit in +@c the text of a command line option. +@c +@c @item -P +@c @itemx --port=@var{num} +@c @opindex -P +@c @opindex --port +@c Specify to which numerical port a connection shall be sought. +@c If it is not specified, then use port 512/tcp by default. +@c +@c @item -u +@c @itemx --user=@var{name} +@c @opindex -u +@c @opindex --user +@c Specify the user with whom to log into the server. +@c @end table +@c +@c @node rlogin invocation +@c @chapter @command{rlogin}: Remote login +@c @pindex rlogin +@c +@c The @command{rlogin} command starts a terminal session on the +@c specified remote host, provided the required authentication +@c is successful. The remote terminal type is the same as that +@c given in the @env{TERM} local environment variable. +@c The terminal and the window size stay the same, if the remote +@c host supports them, and any changes in size are transferred +@c as need may be. +@c +@c When using the @command{rlogin} command, you can create a link +@c in your path, using a host name as the link name. For example: +@c +@c @example +@c # ln -s /usr/bin/rlogin @var{hostname} +@c # @var{hostname} -8 +@c @end example +@c +@c @noindent +@c Afterwards, the use of @var{hostname} will automatically invoke +@c @command{rlogin} to direct a log in request to the remote host +@c named @var{hostname}. +@c +@c @command{rlogin} allows access to the remote host without the use of a +@c password. The prerequisite is a suitable specification in @file{~/.rhosts}. +@c For details, @xref{rcmd, , rcmd, libc, The GNU C Library Reference Manual}. +@c +@c @section Command line options +@c @anchor{rlogin options} +@c +@c The options are as follows : +@c +@c @table @option +@c @item -4 +@c @itemx --ipv4 +@c @opindex -4 +@c @opindex --ipv4 +@c Use only IPv4. +@c +@c @item -6 +@c @itemx --ipv6 +@c @opindex -6 +@c @opindex --ipv6 +@c Use only IPv6. +@c +@c @item -8 +@c @itemx --8-bit +@c @opindex -8 +@c @opindex --8-bit +@c Allows an eight-bit input data path at all times; otherwise parity +@c bits are stripped except when the remote side's stop and start +@c characters are other than @kbd{C-S}/@kbd{C-Q}. +@c +@c @item -d +@c @itemx --debug +@c @opindex -d +@c @opindex --debug +@c Turns on socket debugging on the TCP sockets used for communication +@c with the remote host. +@c +@c @item -e @var{char} +@c @itemx --escape=@var{char} +@c @opindex -e +@c @opindex --escape +@c Allows user specification of the escape character, which is @samp{~} +@c by default. This specification may be as a literal character, or as +@c an octal value in the form @samp{\nnn}. +@c +@c @item -E +@c @itemx --no-escape +@c @opindex -E +@c @opindex --no-escape +@c Stops any character from being recognized as an escape character. +@c When used with the @option{-8} option, this provides a completely +@c transparent connection. +@c +@c @item -l @var{user} +@c @itemx --user=@var{user} +@c @opindex -l +@c @opindex --user +@c By default, the remote username is the same as the local username. +@c This option, and the @samp{user@@host} format, allow the remote +@c user name to be made explicit, or changed. +@c @end table +@c +@c @noindent +@c The next three options are available only if the program +@c has been compiled with support for Kerberos authentication. +@c +@c @table @option +@c @item -k @var{realm} +@c @itemx --realm=@var{realm} +@c @opindex -k +@c @opindex --realm +@c The option requests rlogin to obtain tickets for the remote host in +@c realm @var{realm} instead of the remote host's realm. +@c +@c @item -K +@c @itemx --kerberos +@c @opindex -K +@c @opindex --kerberos +@c Turns off all Kerberos authentication. +@c +@c @item -x +@c @itemx --encrypt +@c @opindex -x +@c @opindex --encrypt +@c Turns on encryption for all data passed via the rlogin session. +@c This may impact response time and CPU utilization, but provides +@c increased security. +@c @end table +@c +@c @section Escape characters and flow control +@c +@c As long as the connection stands, the client program @command{rsh} +@c is observing the input stream in order to detect so called +@c escape sequences, allowing the user to execute some local +@c actions without having to tear down the remote connection. +@c +@c The sequences consist of two characters, the first of which +@c always is the distinguished character @var{escape-char}. +@c The following sequences are supported: +@c +@c @c An input line of the form of the two-character sequence +@c @itemize @bullet +@c @item +@c @kbd{@var{escape-char} .} disconnects from the remote host. +@c +@c @item +@c @kbd{@var{escape-char} C-d} does the same. +@c (Termios character @samp{VEOF}.) +@c +@c @item +@c @kbd{@var{escape-char} C-z} suspends the session, halting the +@c remote process, but keeping it ready for resumed processing. +@c The user is given access to a local shell. +@c (Termios character @samp{VSUSP}.) +@c +@c @item +@c @kbd{@var{escape-char} @var{delayed-suspend-char}} implements +@c a half-way suspend, in the sense of stopping local input from +@c reaching the remote side, but still displaying all output from +@c the remote host on the local terminal. The remote process is +@c still running, but the local user is given a local shell until +@c the resuming the original command. +@c Normally, only BSD systems offer this mode. +@c (Termios character @samp{VDSUSP}.) +@c @end itemize +@c +@c @noindent +@c By default, the character tilde @samp{~} is assigned to @var{escape-char}, +@c but it can be changed using the option @option{--escape}. +@c The processing of escape sequences can even be disable using +@c the option @option{--no-escape}. +@c On BSD systems, @var{delayed-suspend-char} is usually set to @kbd{C-Y}. +@c It displays as @samp{dsusp} using @command{stty}. +@c +@c All echoing takes place at the remote site, so that the @command{rlogin} +@c is transparent except possibly for transmission delays. +@c Flow control via @kbd{C-S} and @kbd{C-Q}, if at all supported, +@c will stop and start the flow of data on the local terminal. +@c Flushing of input and output on interrupts is also +@c handled properly. +@c +@c On the server side the @code{iruserok} and @code{ruserok} functions +@c are used to authenticate the connection request, unless Kerberised +@c mode is in effect. See the appropriate man pages for more information. +@c +@c @section Kerberos Authentication +@c +@c If @command{rlogin} was compiled with kerberos support, options +@c @option{-x}, @option{-k}, @option{-K} are available. Each user may +@c have a private authorization list in the file @file{.k5login} in their +@c home directory. Each line in this file should contain a Kerberos +@c principal name of the form @samp{principal/instance@@realm}. If the +@c originating user is authenticated to one of the principals named in +@c @file{.k5login}, access is granted to the account. The principal +@c @samp{accountname@@localrealm} is granted access if there is no +@c @file{.k5login} file. Otherwise a login and password will be prompted +@c for on the remote machine as in @command{login}. To avoid certain +@c security problems, the @file{.k5login} file must be owned by the remote +@c user. If Kerberos authentication fails, a warning message is printed +@c and the standard Berkeley rlogin is used instead. +@c +@c @node rsh invocation +@c @chapter @command{rsh}: Remote shell +@c @pindex rsh +@c +@c @command{rsh} executes commands on a remote host and copies its local +@c standard input to that of the remote command, as well as the remote +@c standard output to the local standard output, and the remote standard +@c error to the local standard error. Locally raised interrupt, quit and +@c terminate signals are all propagated to the remote command. Normally +@c @command{rsh} terminates when the remote command does so. +@c +@c When using the @command{rsh} command, you can for convenience create +@c a link in your path, using a host name as name of the link. For example: +@c +@c @example +@c # ln -s /usr/bin/rsh @var{hostname} +@c # @var{hostname} ls +@c @end example +@c +@c @noindent +@c Afterwards, @var{hostname} will be passed to @command{rsh} as host name +@c whenever the command @var{hostname} is issued. +@c +@c @command{rsh} allows access to the remote host without the use of a +@c password. The prerequisite is a suitable specification in @file{~/.rhosts}. +@c For details, @xref{rcmd, , rcmd, libc, The GNU C Library Reference Manual}. +@c +@c If no command is specified for @command{rsh} ar argument following the +@c host name, then you will be logged in on the remote host using @command{rlogin}. +@c +@c @section Command line options +@c @anchor{rsh options} +@c +@c The options are as follows : +@c +@c @table @option +@c @item -4 +@c @itemx --ipv4 +@c @opindex -4 +@c @opindex --ipv4 +@c Use only IPv4. +@c +@c @item -6 +@c @itemx --ipv6 +@c @opindex -6 +@c @opindex --ipv6 +@c Use only IPv6. +@c +@c @item -d +@c @itemx --debug +@c @opindex -d +@c @opindex --debug +@c Turns on socket debugging used for communication with the remote host. +@c +@c @item -l @var{user} +@c @itemx --user=@var{user} +@c @opindex -l +@c @opindex --user +@c By default, the remote username is the same as the local username. +@c The @option{-l} option and the @samp{username@@host} format allow the +@c remote user name to be specified. Kerberos authentication is used, +@c whenever available, and authorization is determined as in @command{rlogin} +@c (@pxref{rlogin invocation}). +@c +@c @item -n +@c @itemx --no-input +@c @opindex -n +@c @opindex --no-input +@c Use @file{/dev/null} for all input, telling the server side that +@c we send no material. This can prevent the remote process from +@c blocking, should it optionally accept more input. +@c The option is void together with encryption. +@c @end table +@c +@c @noindent +@c The next three options are available only if the program +@c has been compiled with support for Kerberos authentication. +@c +@c @table @option +@c @item -k @var{realm} +@c @itemx --realm=@var{realm} +@c @opindex -k +@c @opindex --realm +@c The option requests rsh to obtain tickets for the remote host in +@c realm @var{realm} instead of the remote host's realm. +@c +@c @item -K +@c @itemx --kerberos +@c @opindex -K +@c @opindex --kerberos +@c Turns off all Kerberos authentication. +@c +@c @item -x +@c @itemx --encrypt +@c @opindex -x +@c @opindex --encrypt +@c Turns on encryption for all data passed via the rsh session. This +@c may impact response time and CPU utilization, but provides increased +@c security. +@c @end table +@c +@c @noindent +@c Finally, some compatibility options are present: +@c +@c @table @option +@c @item -8 +@c @itemx --8-bit +@c @itemx -e @var{char} +@c @itemx --escape=@var{char} +@c @itemx -E +@c @itemx --no-escape +@c Ignored during normal operation, but passed on to @command{rlogin} +@c when @command{rsh} is invoked without a command argument. +@c @end table +@c +@c @section Note on stream redirections +@c +@c Beware that non-quoted shell metacharacters are interpreted on the local +@c machine, while quoted metacharacters are interpreted on the remote +@c machine. For example: +@c +@c @example +@c rsh otherhost cat remotefile >> localfile +@c rsh otherhost cat remotefile ">>" otherfile +@c @end example +@c +@c @noindent +@c The first command appends the contents of @file{remotefile}, as found +@c on the remote host, to the file @file{localfile} on the local host, +@c since the local shell will intercept the redirection and will thus +@c receive whatever the remote process directs to stdout. +@c +@c In contrast, the second command will append the contents of the same +@c file @file{remotefile} to a file named @file{otherfile} again, but this +@c time the file is located on the remote host. The effect of quoting +@c the redirection operator is to execute the command +@c +@c @example +@c cat remotefile >> localfile +@c @end example +@c +@c @noindent +@c entirely on the remote most, whence stdout at the remote host will +@c have nothing to transmit to the listening local host!. +@c @node talk invocation @chapter @command{talk}: a communication program @pindex talk @@ -3082,104 +3082,104 @@ is to be disabled. Standard choices are @samp{kerberos_v4}, and @samp{kerberos_v5}. @end table -@node tftp invocation -@chapter @command{tftp}: TFTP client -@pindex tftp - -@command{tftp} is the user interface to the Internet TFTP, Trivial -File Transfer Protocol, which allows users to transfer files to and -from a remote machine. The remote host may be specified on the -command line, in which case @command{tftp} uses host as the default -host for future transfers. - -@noindent -Synopsis: - -@example -tftp [@var{option}]@dots{} @var{host} -@end example - -@section Commands - -Once @command{tftp} is running, it issues the prompt and recognizes -the following commands: - -@table @code -@item ? @var{command-name} -Print help information. - -@item ascii -Shorthand for @code{mode ascii} - -@item binary -Shorthand for @code{mode binary} - -@item connect @var{host-name} [@var{port}] -Set the host (and optionally port) for transfers. Note that the TFTP -protocol, unlike the FTP protocol, does not maintain connections -between transfers; thus, the connect command does not actually create -a connection, but merely remembers what host is to be used for -transfers. You do not have to use the connect command; the remote -host can be specified as part of the get or put commands. - -@item get @var{file-name} -@itemx get @var{remotename} @var{localname} -@itemx get @var{file}@dots{} -Get a file, or a set of files, from the specified sources. The source can -be in one of two forms: a file name on the remote host, if the host has -already been specified, or a string of the form @samp{host:filename} -to specify both a host and file name at the same time. If the latter -form is used, the last hostname specified becomes the default for -future transfers. When specifying a numeric IPv6 address as host -part, then this address must be enclosed between square brackets, -since it contains colons and would interfere with the delimiter -before the file name. Brackets are optional for IPv4 addresses. - -@example -tftp> get [2001:1234::12]:issue -@end example - -@item mode @var{transfer-mode} -Set the mode for transfers; @var{transfer-mode} may be one of -@samp{ascii} or @samp{binary}. The default is @samp{ascii}. - -@item put @var{file} -@itemx put @var{localfile} @var{remotefile} -@itemx put @var{file}@dots{} @var{remote-directory} -Put a file or set of files to the specified remote file or directory. -The destination can be in one of two forms: a filename on the remote -host, if the host has already been specified, or a string of the form -@samp{host:filename} to specify both a host and filename at the same -time. If the latter form is used, the hostname specified becomes the -default for future transfers. If the @file{remote-directory} form is -used, the remote host is assumed to be a UNIX machine. The same use -of square brackets for enclosing numeric IPv6 addresses applies here, -as was mentioned for the command @command{get}. - -@item quit -Exit @command{tftp}. An end of file also exits. - -@item rexmt @var{retransmission-timeout} -Set the per-packet retransmission timeout, in seconds. - -@item status -Show current status. - -@item timeout @var{total-transmission-timeout} -Set the total transmission timeout, in seconds. - -@item trace -Toggle packet tracing. - -@item verbose -Toggle verbose mode. -@end table - -Because there is no user-login or validation within the @command{tftp} -protocol, the remote site will probably have some sort of file-access -restrictions in place. The exact methods are specific to each site -and therefore difficult to document here. - +@c @node tftp invocation +@c @chapter @command{tftp}: TFTP client +@c @pindex tftp +@c +@c @command{tftp} is the user interface to the Internet TFTP, Trivial +@c File Transfer Protocol, which allows users to transfer files to and +@c from a remote machine. The remote host may be specified on the +@c command line, in which case @command{tftp} uses host as the default +@c host for future transfers. +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c tftp [@var{option}]@dots{} @var{host} +@c @end example +@c +@c @section Commands +@c +@c Once @command{tftp} is running, it issues the prompt and recognizes +@c the following commands: +@c +@c @table @code +@c @item ? @var{command-name} +@c Print help information. +@c +@c @item ascii +@c Shorthand for @code{mode ascii} +@c +@c @item binary +@c Shorthand for @code{mode binary} +@c +@c @item connect @var{host-name} [@var{port}] +@c Set the host (and optionally port) for transfers. Note that the TFTP +@c protocol, unlike the FTP protocol, does not maintain connections +@c between transfers; thus, the connect command does not actually create +@c a connection, but merely remembers what host is to be used for +@c transfers. You do not have to use the connect command; the remote +@c host can be specified as part of the get or put commands. +@c +@c @item get @var{file-name} +@c @itemx get @var{remotename} @var{localname} +@c @itemx get @var{file}@dots{} +@c Get a file, or a set of files, from the specified sources. The source can +@c be in one of two forms: a file name on the remote host, if the host has +@c already been specified, or a string of the form @samp{host:filename} +@c to specify both a host and file name at the same time. If the latter +@c form is used, the last hostname specified becomes the default for +@c future transfers. When specifying a numeric IPv6 address as host +@c part, then this address must be enclosed between square brackets, +@c since it contains colons and would interfere with the delimiter +@c before the file name. Brackets are optional for IPv4 addresses. +@c +@c @example +@c tftp> get [2001:1234::12]:issue +@c @end example +@c +@c @item mode @var{transfer-mode} +@c Set the mode for transfers; @var{transfer-mode} may be one of +@c @samp{ascii} or @samp{binary}. The default is @samp{ascii}. +@c +@c @item put @var{file} +@c @itemx put @var{localfile} @var{remotefile} +@c @itemx put @var{file}@dots{} @var{remote-directory} +@c Put a file or set of files to the specified remote file or directory. +@c The destination can be in one of two forms: a filename on the remote +@c host, if the host has already been specified, or a string of the form +@c @samp{host:filename} to specify both a host and filename at the same +@c time. If the latter form is used, the hostname specified becomes the +@c default for future transfers. If the @file{remote-directory} form is +@c used, the remote host is assumed to be a UNIX machine. The same use +@c of square brackets for enclosing numeric IPv6 addresses applies here, +@c as was mentioned for the command @command{get}. +@c +@c @item quit +@c Exit @command{tftp}. An end of file also exits. +@c +@c @item rexmt @var{retransmission-timeout} +@c Set the per-packet retransmission timeout, in seconds. +@c +@c @item status +@c Show current status. +@c +@c @item timeout @var{total-transmission-timeout} +@c Set the total transmission timeout, in seconds. +@c +@c @item trace +@c Toggle packet tracing. +@c +@c @item verbose +@c Toggle verbose mode. +@c @end table +@c +@c Because there is no user-login or validation within the @command{tftp} +@c protocol, the remote site will probably have some sort of file-access +@c restrictions in place. The exact methods are specific to each site +@c and therefore difficult to document here. +@c @node inetd invocation @chapter @command{inetd}: Internet super-server @pindex inetd @@ -4186,574 +4186,574 @@ that a single @samp{@@} on a line by its upon every user allowed to access the FTP service. This gives a Draconian, protective configuration. -@node rexecd invocation -@chapter @command{rexecd}: server for @code{rexec} -@pindex rexecd - -@command{rexecd} is the server for the @code{rexec} routine. The -server provides remote execution facilities with authentication based -on user names and passwords. It passes error messages and notices -to the @code{syslog} facility @samp{LOG_DAEMON}. - -@example -rexecd [@var{option}]@dots{} -@end example - -@command{rexecd} listens for service requests at the port indicated in -the @samp{exec} service specification. When a service request is -received the following protocol is initiated: - -@enumerate -@item -The server reads characters from the socket up to a NUL (@samp{\0}) -byte. The resultant string is interpreted as an ASCII number, base -10. - -@item -If the number received in step 1 is non-zero, it is interpreted as the -port number of a secondary stream to be used for the stderr. A second -connection is then created to the specified port on the client's -machine. - -@item -A NUL terminated user name of at most 16 characters is retrieved on -the initial socket. - -@item -A NUL terminated, unencrypted password of at most 16 characters is -retrieved on the initial socket. - -@item -A NUL terminated command to be passed to a shell is retrieved on the -initial socket. The length of the command is limited by the upper -bound on the size of the system's argument list. - -@item -@command{rexecd} then validates the user as is done at login time and, -if the authentication was successful, changes to the user's home -directory, and establishes the user and group protections of the user. -If any of these steps fail the connection is aborted with a diagnostic -message returned. - -@item -A NUL byte is returned on the initial socket and the command line is -passed to the normal login shell of the user. The shell inherits the -network connections established by rexecd. -@end enumerate - -@section Invoking - -The only option is as follows: - -@table @option -@item -l -@itemx --logging -@opindex -l -@opindex --logging -Raise logging level for this service; use more than once for -increased verbosity. The @code{syslog} facility in use is -@samp{LOG_DAEMON}. - -@end table - -Should @command{rexecd} have been built with PAM support, -it reads any setting specified for a service named @samp{rexec}. - -@section Diagnostics - -Except for the last one listed below, all diagnostic messages are -returned on the initial socket, after which any network connections -are closed. An error is indicated by a leading byte with a value of 1 -(0 is returned in step 7 above upon successful completion of all the -steps prior to the command execution). - -@table @samp -@item username too long -The name is longer than 16 characters. - -@item password too long -The password is longer than 16 characters. - -@item command too long -The command line passed exceeds the size of the argument list (as -configured into the system). - -@item Login incorrect. -No password file entry for the user name existed. - -@item Password incorrect. -The wrong password was supplied. - -@item No remote directory. -The chdir command to the home directory failed. - -@item Try again. -A fork by the server failed. - -@item : @dots{} -The user's login shell could not be started. This message is returned -on the connection associated with the stderr, and is not ... -@c FIXME: Fill this out. -@end table - -@emph{Note}, that indicating @samp{Login incorrect} as opposed to -@samp{Password incorrect} is a security breach which allows people to -probe a system for users with null passwords. - -@node rlogind invocation -@chapter @command{rlogind}: Remote login server -@pindex rlogind - -@command{rlogind} is the server for the @command{rlogin} client program -(@pxref{rlogin invocation}). The server provides a remote login -facility with authentication based on privileged port numbers from -trusted hosts, or using authentication according to a Kerberos -protocol. - -@command{rlogind} in daemon mode listens for service requests at the -port indicated in the @samp{login} service specification. A common -alternative is to have the super-server @command{inetd} listen at -the same port, which then invokes @command{rlogind} as demand arises. -In Kerberised mode, the port is either @samp{eklogin}, or -@samp{klogin}, depending on preset encryption, or none. - -The standard authentication procedure assumes the integrity of each -client machine and of the connecting medium. This is insecure, since -it transmits credentials in clear text, but is useful in an ``open'' -environment. This weakness is reduced when running the service -in Kerberised version, at the price of a larger complexity of the -supporting infrastructure. Using an encrypting Kerberised service -even avoids all clear text processing. - -@section Invoking - -The available options are as follows: - -@table @option -@item -4 -@itemx --ipv4 -@opindex -4 -@opindex --ipv4 -Accept only IPv4 connections in daemon mode. - -@item -6 -@itemx --ipv6 -@opindex -6 -@opindex --ipv6 -Only IPv6 connections in daemon mode. - -@item -a -@itemx --verify-hostname -@opindex -a -@opindex --verify-hostname -Ask hostname for verification. - -@item -d[@var{max}] -@itemx --daemon[=@var{max}] -@opindex -d -@opindex --daemon -Run in background daemon mode, optionally setting the maximal -number of simultaneously running client sessions. The default -limit is 10. - -@item -D[@var{level}] -@itemx --debug[=@var{level}] -@opindex -D -@opindex -debug -Set debug level, not implemented. - -@item -l -@itemx --no-rhosts -@opindex -l -@opindex --no-rhosts -Ignore client's @file{.rhosts} file. - -@item -L @var{name} -@itemx --local-domain=@var{name} -@opindex -L -@opindex --local-domain -Set local domain name, to which the server host belongs. By default -the domain is recovered from the canonical name of the host. - -@item -n -@itemx --no-keepalive -@opindex -n -@opindex --no-keepalive -Do not set SO_KEEPALIVE on sockets. This decreases the ability -to close lost connections to once active clients. - -@item -o -@itemx --allow-root -@opindex -o -@opindex --allow-root -Allow the root user to login, which is disallowed by default. - -@item -p @var{port} -@itemx --port=@var{port} -@opindex -p -@opindex --port -Listen on given port. Applicable only in daemon mode. - -@item -r -@itemx --reverse-required -@opindex -r -@opindex --reverse-required -Require reverse resolvability of remote host's numerical IP. -@end table - -For sites requiring improved authentication, Kerberos -authentication is a viable decision, and possibly even -with encryption for enhanced integrity. Three additional -options are available for an executable @command{rlogind} -compiled with Kerberos support. - -@table @option -@item -k -@itemx --kerberos -@opindex -k -@opindex --kerberos -Activate Kerberos authentication on all incoming requests. - -@item -S @var{name} -@itemx --server-principal=@var{name} -@opindex -S -@opindex --server-principal -Set Kerberos server name, overriding canonical hostname. - -@item -x -@itemx --encrypt -@opindex -x -@opindex --encrypt -Activate encryption of all data passed via the @command{rlogind} session. -This may impact response time and CPU utilization, but provides -increased security. Only for Kerberised mode of operation. -@end table - -Should @command{rlogind} have been built with PAM support, -it reads any setting specified for a service named either -@samp{rlogin} or @samp{krlogin}, the latter name for clients -using Kerberised authentication. - -@section Kerberos specific details - -The option @option{-k} is mandatory for Kerberised operation mode, -while addition of the option @option{-x} will also demand encryption -of every request to this particular server. - -@command{rlogind} will, in Kerberised operation mode, as default -instantiate itself using the principal name -@samp{host/canonical_name@@DEFAULT_REALM}, a compound arranged -from the running host's canonical name, and from the default realm -configured for the system. Either of these can be overridden -using the option @option{--server-principal}, as follows: - -@example -rlogind -k -S alias.server.our -rlogind --kerberos --server-principal=@@NEW.REALM -rlogind -k -x -S rlogin/backup.ex.org@@OUR.REALM -@end example - -When overriding only the realm, with the option @option{-S}, -an initial at-sign is mandatory. - -@section Protocol details - -When a service request is received, in non-Kerberised mode, -the following protocol is initiated: - -@enumerate -@item -The server checks the client's source port. If the port is not in the -range 512-1023, the server aborts the connection. - -@item -The server next checks the client's source address and requests the -corresponding host name. If the hostname cannot be determined, the -numerical representation of the host address is used. If the -hostname is in the same domain as the server (according to the last -two components of the domain name), or if the option @option{-a} is -in effect, the address for the hostname is requested, verifying that -the name and address correspond. Normal authentication is considered -as failed, should this address verification fail. -@end enumerate - -Once the source port and address have been checked, @command{rlogind} -proceeds -with the authentication process as described in @ref{rshd invocation}. -The server -then allocates a pseudo terminal, and manipulates file descriptors so -that the slave half of the pseudo terminal becomes the stdin, stdout, -and stderr for a login process. The login process is an instance of -the @command{login} program, invoked with the option @option{-f} if -authentication had succeeded. If automatic authentication had failed, -the user is prompted to log in as if on a standard terminal line. - -The parent of the login process manipulates the master side of the -pseudo terminal, operating as an intermediary between the login -process and the client instance of the rlogin program. In normal -operation, the packet protocol described in @samp{PTY} is invoked to -provide flow control using @kbd{C-S}/@kbd{C-Q}, and to propagate interrupt -signals to the remote program. The login process transmits the -client terminal's baud rate, and its terminal type, as found in the -environment variable @env{TERM}. The screen or window size of the -terminal is requested from the client, and any later window size changes -at the client's side are propagated to the pseudo terminal as well. - -Transport-level keepalive messages are enabled unless the -option @option{-n} was in effect when starting @code{rlogind}. -The use of keepalive messages allows sessions to be timed out, -should the client crash, or otherwise become unreachable. - -@xref{ruserok, , ruserok, libc, The GNU C Library Reference Manual}, -for details. - -@section Diagnostics - -The exchange protocol states that a negotiation reaches a successful -completion as soon as the server @command{rlogind} transmits back to -the client a single null byte, marking the completion of all -information exchange. - -Error conditions are instead transmitted back to the client as -a message containing an initial byte value 1, followed by a C-string -indicating the cause of failure. All network connections are closed -at the server side after this message. Some common messages follow: - -@table @samp -@item Permission denied. -The client presented insufficient credentials, -or the client's address is not sufficiently resolvable -to pass the checks induced by options @option{-a} or @option{-r}. - -@item Try again. -A fork by the server failed. -@end table - -@node rshd invocation -@chapter @command{rshd}: Remote shell server -@pindex rshd - -The @command{rshd} server is the server for the @code{rcmd} routine -and, consequently, for the @command{rsh} (@pxref{rsh invocation}) -program. The server provides remote execution facilities with -authentication based on privileged port numbers from trusted hosts. -The @command{rshd} server listens for service requests at the port -indicated in the @samp{cmd} service specification. When a service -request is received the following protocol is initiated: - -@enumerate -@item -The server checks the client's source port. If the port is not in the -range 512--1023, the server aborts the connection. However, this -condition is not applied for Kerberized service. - -@item -The server reads characters from the socket up to a NUL (@samp{\0}) -byte. The resultant string is interpreted as an ASCII number, base -10. - -@item -If the number received in step 2 is non-zero, it is interpreted as the -port number of a secondary stream to be used for the stderr. A second -connection is then created to the specified port on the client's -machine. The source port of this second connection is also in the -range 512--1023. - -@item -The server checks the client's source address and requests the -corresponding host name. If the hostname cannot be determined, the -dot-notation representation of the host address is used. If the -hostname is in the same domain as the server (according to the last -two components of the domain name), or if the @option{-a} option is -given, the addresses for the hostname are requested, verifying that -the name and address correspond. If address verification fails, the -connection is aborted with the message, @samp{Host address mismatch.} - -@item -A null terminated user name of at most 16 characters is retrieved on -the initial socket. This user name is interpreted as the user -identity on the client's machine. - -@item -A null terminated user name of at most 16 characters is retrieved on -the initial socket. This user name is interpreted as a user identity -to use on the server's machine. - -@item -A null terminated command to be passed to a shell is retrieved on the -initial socket. The length of the command is limited by the upper -bound on the size of the system's argument list. - -@item -Rshd then validates the user using @code{ruserok}, which uses the file -@file{/etc/hosts.equiv} and the @file{.rhosts} file found in the -user's home directory. The @option{-l} option prevents @code{ruserok} -from doing any validation based on the user's @file{.rhosts} file, -unless the user is the superuser. - -@item -If the file @file{/etc/nologin} exists and the user is not the -superuser, the connection is closed. - -@item -A null byte is returned on the initial socket and the command line is -passed to the normal login shell of the user. The shell inherits the -network connections established by @command{rshd}. - -@item -Transport-level keepalive messages are enabled unless the @option{-n} -option is present. The use of keepalive messages allows sessions to -be timed out if the client crashes or becomes unreachable. - -@item -The @option{-L} option causes all successful accesses to be logged to -@command{syslogd} (@pxref{syslogd invocation}) as @samp{auth.info} -messages. -@end enumerate - -@xref{ruserok, , ruserok, libc, The GNU C Library Reference Manual}, -for details. - -@section Invoking - -The options are as follows: - -@table @option -@item -a -@itemx --verify-hostname -@opindex -a -@opindex --verify-hostname -Ask hostname for verification. - -@c @item -d -@c @itemx --daemon +@c @node rexecd invocation +@c @chapter @command{rexecd}: server for @code{rexec} +@c @pindex rexecd +@c +@c @command{rexecd} is the server for the @code{rexec} routine. The +@c server provides remote execution facilities with authentication based +@c on user names and passwords. It passes error messages and notices +@c to the @code{syslog} facility @samp{LOG_DAEMON}. +@c +@c @example +@c rexecd [@var{option}]@dots{} +@c @end example +@c +@c @command{rexecd} listens for service requests at the port indicated in +@c the @samp{exec} service specification. When a service request is +@c received the following protocol is initiated: +@c +@c @enumerate +@c @item +@c The server reads characters from the socket up to a NUL (@samp{\0}) +@c byte. The resultant string is interpreted as an ASCII number, base +@c 10. +@c +@c @item +@c If the number received in step 1 is non-zero, it is interpreted as the +@c port number of a secondary stream to be used for the stderr. A second +@c connection is then created to the specified port on the client's +@c machine. +@c +@c @item +@c A NUL terminated user name of at most 16 characters is retrieved on +@c the initial socket. +@c +@c @item +@c A NUL terminated, unencrypted password of at most 16 characters is +@c retrieved on the initial socket. +@c +@c @item +@c A NUL terminated command to be passed to a shell is retrieved on the +@c initial socket. The length of the command is limited by the upper +@c bound on the size of the system's argument list. +@c +@c @item +@c @command{rexecd} then validates the user as is done at login time and, +@c if the authentication was successful, changes to the user's home +@c directory, and establishes the user and group protections of the user. +@c If any of these steps fail the connection is aborted with a diagnostic +@c message returned. +@c +@c @item +@c A NUL byte is returned on the initial socket and the command line is +@c passed to the normal login shell of the user. The shell inherits the +@c network connections established by rexecd. +@c @end enumerate +@c +@c @section Invoking +@c +@c The only option is as follows: +@c +@c @table @option +@c @item -l +@c @itemx --logging +@c @opindex -l +@c @opindex --logging +@c Raise logging level for this service; use more than once for +@c increased verbosity. The @code{syslog} facility in use is +@c @samp{LOG_DAEMON}. +@c +@c @end table +@c +@c Should @command{rexecd} have been built with PAM support, +@c it reads any setting specified for a service named @samp{rexec}. +@c +@c @section Diagnostics +@c +@c Except for the last one listed below, all diagnostic messages are +@c returned on the initial socket, after which any network connections +@c are closed. An error is indicated by a leading byte with a value of 1 +@c (0 is returned in step 7 above upon successful completion of all the +@c steps prior to the command execution). +@c +@c @table @samp +@c @item username too long +@c The name is longer than 16 characters. +@c +@c @item password too long +@c The password is longer than 16 characters. +@c +@c @item command too long +@c The command line passed exceeds the size of the argument list (as +@c configured into the system). +@c +@c @item Login incorrect. +@c No password file entry for the user name existed. +@c +@c @item Password incorrect. +@c The wrong password was supplied. +@c +@c @item No remote directory. +@c The chdir command to the home directory failed. +@c +@c @item Try again. +@c A fork by the server failed. +@c +@c @item : @dots{} +@c The user's login shell could not be started. This message is returned +@c on the connection associated with the stderr, and is not ... +@c @c FIXME: Fill this out. +@c @end table +@c +@c @emph{Note}, that indicating @samp{Login incorrect} as opposed to +@c @samp{Password incorrect} is a security breach which allows people to +@c probe a system for users with null passwords. +@c +@c @node rlogind invocation +@c @chapter @command{rlogind}: Remote login server +@c @pindex rlogind +@c +@c @command{rlogind} is the server for the @command{rlogin} client program +@c (@pxref{rlogin invocation}). The server provides a remote login +@c facility with authentication based on privileged port numbers from +@c trusted hosts, or using authentication according to a Kerberos +@c protocol. +@c +@c @command{rlogind} in daemon mode listens for service requests at the +@c port indicated in the @samp{login} service specification. A common +@c alternative is to have the super-server @command{inetd} listen at +@c the same port, which then invokes @command{rlogind} as demand arises. +@c In Kerberised mode, the port is either @samp{eklogin}, or +@c @samp{klogin}, depending on preset encryption, or none. +@c +@c The standard authentication procedure assumes the integrity of each +@c client machine and of the connecting medium. This is insecure, since +@c it transmits credentials in clear text, but is useful in an ``open'' +@c environment. This weakness is reduced when running the service +@c in Kerberised version, at the price of a larger complexity of the +@c supporting infrastructure. Using an encrypting Kerberised service +@c even avoids all clear text processing. +@c +@c @section Invoking +@c +@c The available options are as follows: +@c +@c @table @option +@c @item -4 +@c @itemx --ipv4 +@c @opindex -4 +@c @opindex --ipv4 +@c Accept only IPv4 connections in daemon mode. +@c +@c @item -6 +@c @itemx --ipv6 +@c @opindex -6 +@c @opindex --ipv6 +@c Only IPv6 connections in daemon mode. +@c +@c @item -a +@c @itemx --verify-hostname +@c @opindex -a +@c @opindex --verify-hostname +@c Ask hostname for verification. +@c +@c @item -d[@var{max}] +@c @itemx --daemon[=@var{max}] @c @opindex -d @c @opindex --daemon -@c Daemon mode. - -@item -k -@itemx --kerberos -@opindex -k -@opindex --kerberos -Use Kerberos authentication. - -@item -l -@itemx --no-rhosts -@opindex -l -@opindex --no-rhosts -Ignore @file{.rhosts} file. - -@item -L -@itemx --log-sessions -@opindex -L -@opindex --log-sessions -Log successful logins. - -@item -n -@itemx --no-keepalive -@opindex -n -@opindex --no-keepalive -Do not set SO_KEEPALIVE. - -@item -S @var{name} -@itemx --servername=@var{name} -@opindex -S -@opindex --servername -Set Kerberos server name, overriding canonical hostname. - -@item -v -@itemx --vacuous -@opindex -v -@opindex --vacuous -Fail any call asking for non-Kerberos authentication. - -@c OBSOLETE? -@c @item -x -@c @itemx --encrypt -@c @opindex -x -@c @opindex --encrypt -@c Turns on DES encryption for all data passed via the @command{rshd} -@c session. This may impact response time and CPU utilization, but -@c provides increased security. - +@c Run in background daemon mode, optionally setting the maximal +@c number of simultaneously running client sessions. The default +@c limit is 10. +@c @c @item -D[@var{level}] @c @itemx --debug[=@var{level}] @c @opindex -D @c @opindex -debug @c Set debug level, not implemented. - +@c +@c @item -l +@c @itemx --no-rhosts +@c @opindex -l +@c @opindex --no-rhosts +@c Ignore client's @file{.rhosts} file. +@c +@c @item -L @var{name} +@c @itemx --local-domain=@var{name} +@c @opindex -L +@c @opindex --local-domain +@c Set local domain name, to which the server host belongs. By default +@c the domain is recovered from the canonical name of the host. +@c +@c @item -n +@c @itemx --no-keepalive +@c @opindex -n +@c @opindex --no-keepalive +@c Do not set SO_KEEPALIVE on sockets. This decreases the ability +@c to close lost connections to once active clients. +@c @c @item -o @c @itemx --allow-root @c @opindex -o @c @opindex --allow-root -@c Allow uid == 0 to login, disabled by default - +@c Allow the root user to login, which is disallowed by default. +@c @c @item -p @var{port} @c @itemx --port=@var{port} @c @opindex -p @c @opindex --port -@c Listen on given port (valid only in daemon mode). - -@item -r -@itemx --reverse-required -@opindex -r -@opindex --reverse-required -Demand that the client's IP address be resolvable -as a host name. -@end table - -Should @command{rshd} have been built with PAM support, -it reads any setting specified for a service named either -@samp{rsh} or @samp{krsh}, the latter name for clients -seeking Kerberised authentication. - -@section Diagnostics - -Except for the last one listed below, all diagnostic messages are -returned on the initial socket, after which any network connections -are closed. An error is indicated by a leading byte with a value of 1 -(0 is returned in step 10 above upon successful completion of all the -steps prior to the execution of the login shell). - -@table @samp -@item Locuser too long -The name of the user on the client's machine is longer than 16 -characters. - -@item Ruser too long -The name of the user on the remote machine is longer than 16 -characters. - -@item Command too long -The command line passed exceeds the size of the argument list (as -configured into the system). - -@item Login incorrect -No password file entry for the user name existed. - -@item Remote directory -The chdir command to the home directory failed. - -@item Permission denied -The authentication procedure described above failed, -or address resolution was insufficient. - -@item Can't make pipe. -The pipe needed for the stderr, wasn't created. - -@item Can't fork; try again. -A fork by the server failed. - -@item : @dots{} -The user's login shell could not be started. This message is returned -on the connection associated with the stderr, and is not preceded by a -flag byte. -@end table - -The authentication procedure used here assumes the integrity of each -client machine and the connecting medium. This is insecure, but is -useful in an ``open'' environment. - +@c Listen on given port. Applicable only in daemon mode. +@c +@c @item -r +@c @itemx --reverse-required +@c @opindex -r +@c @opindex --reverse-required +@c Require reverse resolvability of remote host's numerical IP. +@c @end table +@c +@c For sites requiring improved authentication, Kerberos +@c authentication is a viable decision, and possibly even +@c with encryption for enhanced integrity. Three additional +@c options are available for an executable @command{rlogind} +@c compiled with Kerberos support. +@c +@c @table @option +@c @item -k +@c @itemx --kerberos +@c @opindex -k +@c @opindex --kerberos +@c Activate Kerberos authentication on all incoming requests. +@c +@c @item -S @var{name} +@c @itemx --server-principal=@var{name} +@c @opindex -S +@c @opindex --server-principal +@c Set Kerberos server name, overriding canonical hostname. +@c +@c @item -x +@c @itemx --encrypt +@c @opindex -x +@c @opindex --encrypt +@c Activate encryption of all data passed via the @command{rlogind} session. +@c This may impact response time and CPU utilization, but provides +@c increased security. Only for Kerberised mode of operation. +@c @end table +@c +@c Should @command{rlogind} have been built with PAM support, +@c it reads any setting specified for a service named either +@c @samp{rlogin} or @samp{krlogin}, the latter name for clients +@c using Kerberised authentication. +@c +@c @section Kerberos specific details +@c +@c The option @option{-k} is mandatory for Kerberised operation mode, +@c while addition of the option @option{-x} will also demand encryption +@c of every request to this particular server. +@c +@c @command{rlogind} will, in Kerberised operation mode, as default +@c instantiate itself using the principal name +@c @samp{host/canonical_name@@DEFAULT_REALM}, a compound arranged +@c from the running host's canonical name, and from the default realm +@c configured for the system. Either of these can be overridden +@c using the option @option{--server-principal}, as follows: +@c +@c @example +@c rlogind -k -S alias.server.our +@c rlogind --kerberos --server-principal=@@NEW.REALM +@c rlogind -k -x -S rlogin/backup.ex.org@@OUR.REALM +@c @end example +@c +@c When overriding only the realm, with the option @option{-S}, +@c an initial at-sign is mandatory. +@c +@c @section Protocol details +@c +@c When a service request is received, in non-Kerberised mode, +@c the following protocol is initiated: +@c +@c @enumerate +@c @item +@c The server checks the client's source port. If the port is not in the +@c range 512-1023, the server aborts the connection. +@c +@c @item +@c The server next checks the client's source address and requests the +@c corresponding host name. If the hostname cannot be determined, the +@c numerical representation of the host address is used. If the +@c hostname is in the same domain as the server (according to the last +@c two components of the domain name), or if the option @option{-a} is +@c in effect, the address for the hostname is requested, verifying that +@c the name and address correspond. Normal authentication is considered +@c as failed, should this address verification fail. +@c @end enumerate +@c +@c Once the source port and address have been checked, @command{rlogind} +@c proceeds +@c with the authentication process as described in @ref{rshd invocation}. +@c The server +@c then allocates a pseudo terminal, and manipulates file descriptors so +@c that the slave half of the pseudo terminal becomes the stdin, stdout, +@c and stderr for a login process. The login process is an instance of +@c the @command{login} program, invoked with the option @option{-f} if +@c authentication had succeeded. If automatic authentication had failed, +@c the user is prompted to log in as if on a standard terminal line. +@c +@c The parent of the login process manipulates the master side of the +@c pseudo terminal, operating as an intermediary between the login +@c process and the client instance of the rlogin program. In normal +@c operation, the packet protocol described in @samp{PTY} is invoked to +@c provide flow control using @kbd{C-S}/@kbd{C-Q}, and to propagate interrupt +@c signals to the remote program. The login process transmits the +@c client terminal's baud rate, and its terminal type, as found in the +@c environment variable @env{TERM}. The screen or window size of the +@c terminal is requested from the client, and any later window size changes +@c at the client's side are propagated to the pseudo terminal as well. +@c +@c Transport-level keepalive messages are enabled unless the +@c option @option{-n} was in effect when starting @code{rlogind}. +@c The use of keepalive messages allows sessions to be timed out, +@c should the client crash, or otherwise become unreachable. +@c +@c @xref{ruserok, , ruserok, libc, The GNU C Library Reference Manual}, +@c for details. +@c +@c @section Diagnostics +@c +@c The exchange protocol states that a negotiation reaches a successful +@c completion as soon as the server @command{rlogind} transmits back to +@c the client a single null byte, marking the completion of all +@c information exchange. +@c +@c Error conditions are instead transmitted back to the client as +@c a message containing an initial byte value 1, followed by a C-string +@c indicating the cause of failure. All network connections are closed +@c at the server side after this message. Some common messages follow: +@c +@c @table @samp +@c @item Permission denied. +@c The client presented insufficient credentials, +@c or the client's address is not sufficiently resolvable +@c to pass the checks induced by options @option{-a} or @option{-r}. +@c +@c @item Try again. +@c A fork by the server failed. +@c @end table +@c +@c @node rshd invocation +@c @chapter @command{rshd}: Remote shell server +@c @pindex rshd +@c +@c The @command{rshd} server is the server for the @code{rcmd} routine +@c and, consequently, for the @command{rsh} (@pxref{rsh invocation}) +@c program. The server provides remote execution facilities with +@c authentication based on privileged port numbers from trusted hosts. +@c The @command{rshd} server listens for service requests at the port +@c indicated in the @samp{cmd} service specification. When a service +@c request is received the following protocol is initiated: +@c +@c @enumerate +@c @item +@c The server checks the client's source port. If the port is not in the +@c range 512--1023, the server aborts the connection. However, this +@c condition is not applied for Kerberized service. +@c +@c @item +@c The server reads characters from the socket up to a NUL (@samp{\0}) +@c byte. The resultant string is interpreted as an ASCII number, base +@c 10. +@c +@c @item +@c If the number received in step 2 is non-zero, it is interpreted as the +@c port number of a secondary stream to be used for the stderr. A second +@c connection is then created to the specified port on the client's +@c machine. The source port of this second connection is also in the +@c range 512--1023. +@c +@c @item +@c The server checks the client's source address and requests the +@c corresponding host name. If the hostname cannot be determined, the +@c dot-notation representation of the host address is used. If the +@c hostname is in the same domain as the server (according to the last +@c two components of the domain name), or if the @option{-a} option is +@c given, the addresses for the hostname are requested, verifying that +@c the name and address correspond. If address verification fails, the +@c connection is aborted with the message, @samp{Host address mismatch.} +@c +@c @item +@c A null terminated user name of at most 16 characters is retrieved on +@c the initial socket. This user name is interpreted as the user +@c identity on the client's machine. +@c +@c @item +@c A null terminated user name of at most 16 characters is retrieved on +@c the initial socket. This user name is interpreted as a user identity +@c to use on the server's machine. +@c +@c @item +@c A null terminated command to be passed to a shell is retrieved on the +@c initial socket. The length of the command is limited by the upper +@c bound on the size of the system's argument list. +@c +@c @item +@c Rshd then validates the user using @code{ruserok}, which uses the file +@c @file{/etc/hosts.equiv} and the @file{.rhosts} file found in the +@c user's home directory. The @option{-l} option prevents @code{ruserok} +@c from doing any validation based on the user's @file{.rhosts} file, +@c unless the user is the superuser. +@c +@c @item +@c If the file @file{/etc/nologin} exists and the user is not the +@c superuser, the connection is closed. +@c +@c @item +@c A null byte is returned on the initial socket and the command line is +@c passed to the normal login shell of the user. The shell inherits the +@c network connections established by @command{rshd}. +@c +@c @item +@c Transport-level keepalive messages are enabled unless the @option{-n} +@c option is present. The use of keepalive messages allows sessions to +@c be timed out if the client crashes or becomes unreachable. +@c +@c @item +@c The @option{-L} option causes all successful accesses to be logged to +@c @command{syslogd} (@pxref{syslogd invocation}) as @samp{auth.info} +@c messages. +@c @end enumerate +@c +@c @xref{ruserok, , ruserok, libc, The GNU C Library Reference Manual}, +@c for details. +@c +@c @section Invoking +@c +@c The options are as follows: +@c +@c @table @option +@c @item -a +@c @itemx --verify-hostname +@c @opindex -a +@c @opindex --verify-hostname +@c Ask hostname for verification. +@c +@c @c @item -d +@c @c @itemx --daemon +@c @c @opindex -d +@c @c @opindex --daemon +@c @c Daemon mode. +@c +@c @item -k +@c @itemx --kerberos +@c @opindex -k +@c @opindex --kerberos +@c Use Kerberos authentication. +@c +@c @item -l +@c @itemx --no-rhosts +@c @opindex -l +@c @opindex --no-rhosts +@c Ignore @file{.rhosts} file. +@c +@c @item -L +@c @itemx --log-sessions +@c @opindex -L +@c @opindex --log-sessions +@c Log successful logins. +@c +@c @item -n +@c @itemx --no-keepalive +@c @opindex -n +@c @opindex --no-keepalive +@c Do not set SO_KEEPALIVE. +@c +@c @item -S @var{name} +@c @itemx --servername=@var{name} +@c @opindex -S +@c @opindex --servername +@c Set Kerberos server name, overriding canonical hostname. +@c +@c @item -v +@c @itemx --vacuous +@c @opindex -v +@c @opindex --vacuous +@c Fail any call asking for non-Kerberos authentication. +@c +@c @c OBSOLETE? +@c @c @item -x +@c @c @itemx --encrypt +@c @c @opindex -x +@c @c @opindex --encrypt +@c @c Turns on DES encryption for all data passed via the @command{rshd} +@c @c session. This may impact response time and CPU utilization, but +@c @c provides increased security. +@c +@c @c @item -D[@var{level}] +@c @c @itemx --debug[=@var{level}] +@c @c @opindex -D +@c @c @opindex -debug +@c @c Set debug level, not implemented. +@c +@c @c @item -o +@c @c @itemx --allow-root +@c @c @opindex -o +@c @c @opindex --allow-root +@c @c Allow uid == 0 to login, disabled by default +@c +@c @c @item -p @var{port} +@c @c @itemx --port=@var{port} +@c @c @opindex -p +@c @c @opindex --port +@c @c Listen on given port (valid only in daemon mode). +@c +@c @item -r +@c @itemx --reverse-required +@c @opindex -r +@c @opindex --reverse-required +@c Demand that the client's IP address be resolvable +@c as a host name. +@c @end table +@c +@c Should @command{rshd} have been built with PAM support, +@c it reads any setting specified for a service named either +@c @samp{rsh} or @samp{krsh}, the latter name for clients +@c seeking Kerberised authentication. +@c +@c @section Diagnostics +@c +@c Except for the last one listed below, all diagnostic messages are +@c returned on the initial socket, after which any network connections +@c are closed. An error is indicated by a leading byte with a value of 1 +@c (0 is returned in step 10 above upon successful completion of all the +@c steps prior to the execution of the login shell). +@c +@c @table @samp +@c @item Locuser too long +@c The name of the user on the client's machine is longer than 16 +@c characters. +@c +@c @item Ruser too long +@c The name of the user on the remote machine is longer than 16 +@c characters. +@c +@c @item Command too long +@c The command line passed exceeds the size of the argument list (as +@c configured into the system). +@c +@c @item Login incorrect +@c No password file entry for the user name existed. +@c +@c @item Remote directory +@c The chdir command to the home directory failed. +@c +@c @item Permission denied +@c The authentication procedure described above failed, +@c or address resolution was insufficient. +@c +@c @item Can't make pipe. +@c The pipe needed for the stderr, wasn't created. +@c +@c @item Can't fork; try again. +@c A fork by the server failed. +@c +@c @item : @dots{} +@c The user's login shell could not be started. This message is returned +@c on the connection associated with the stderr, and is not preceded by a +@c flag byte. +@c @end table +@c +@c The authentication procedure used here assumes the integrity of each +@c client machine and the connecting medium. This is insecure, but is +@c useful in an ``open'' environment. +@c @node talkd invocation @chapter @command{talkd}: a server for communication between users @pindex talkd @@ -5141,162 +5141,162 @@ In all other cases the result would be where @code{$USER} is the value of the corresponding environment variable and could possibly be empty. -@node tftpd invocation -@chapter @command{tftpd}: TFTP server -@pindex tftpd - -@command{tftpd} is intended to be invoked via @command{inetd} -at all times. - -@noindent -Synopsis: - -@example -tftpd [@var{options}] [@var{directory} @dots{}] -@end example - -@table @option -@item -g @var{group} -@itemx --group=@var{group} -@opindex -g -@opindex --group -Specify group membership of the process owner. -This is used only along with the option @option{-s}, -and replaces the group membership that comes from -the process owner himself. - -@item -l -@itemx --logging -@opindex -l -@opindex --logging -Enable logging. - -@item -n -@itemx --nonexistent -@opindex -n -@opindex --nonexistent -Supress negative acknowledgement of requests for nonexistent relative -filenames. - -@item -s @var{dir} -@itemx --secure-dir=@var{dir} -@opindex -s -@opindex --secure-dir -Let the serving process change its root directory to @var{dir} -before attending to any requests. -This directory is not observable by any client, but improves -server isolation, since servable contents must be located -below this chrooted directory @var{dir}. - -@item -u @var{user} -@itemx --user=@var{user} -@opindex -u -@opindex --user -Specify the process owner for serving requests. -Only relevant along with the option @option{-s}. -The default name is @samp{nobody}. -@end table - -@section Directory prefixes -@anchor{tftpd validation} - -In addition to options, an invocation of @command{tftpd} can -specify an optional list of directory prefixes. -These are approved of according to two principles: - -@itemize @bullet -@item -Relative pathnames are ignored. - -@item -At most twenty prefixes are approved, the rest is discarded. -@end itemize - -@noindent -A request for a file is decided upon as a consequence -of evaluating these criteria: - -@itemize @bullet -@item -Every file request containing the substring @samp{/../} is denied, -as is a file name beginning with @samp{../}. - -@item -Write requests must specify absolute locations. - -@item -A file request, if specified as an @emph{absolute} pathname, -must begin with one of the approved directory prefixes, -should at least one such prefix have been accepted. - -@item -In the absence of a prefix collection, any absolute pathname is -accepted, should the corresponding file exist. - -@item -A file request, if specified as a @emph{relative} name, -will only be searched for below the acceptable prefixes, -should at least one such prefix have been approved. - -@item -A request for a relatively named file, is denied in the absence -of approved directory prefixes. - -@item -The resulting file must be world readable, or world writable, -for a read request, or a write request, to succeed. -@end itemize - -@section Use cases -@anchor{tftpd setup cases} - -The standard use case is an entry in @file{/etc/inetd.conf} like - -@example -tftp dgram udp4 wait root /usr/sbin/tftpd \ -@verb{ } tftpd /tftpboot /altboot -@end example - -@noindent -This would allow the TFTP client to use any of - -@example -get kernel -get /tftpboot/kernel -get kernel.alt -get /altboot/kernel.alt -get /etc/motd -@end example - -@noindent -given that @file{/tftpboot/kernel} and @file{/altboot/kernel.alt} exist. -Observe that also @file{/etc/motd} is accessible, inspite there being -no explicit mention of standard file locations. - -A stronger mode of running a TFTP server is to use the `secure mode', -meaning that the serving process is running in a chrooted mode. -Then a suitable configuration could be - -@example -tftp dgram udp4 wait root /usr/sbin/tftpd \ -@verb{ } tftpd --secure-dir=/srv/tftp-root /tftpboot /altboot -@end example - -@noindent -Supposing the files @file{kernel} and @file{kernel.alt} to exist -in the common directory @file{/srv/tftp-root/altboot/}, -all the previously suggested client requests for a kernel would -still be granted, but now any request for @file{/etc/motd} -would be declined, and would get a reply `File not found' back. - -The chrooted setting is denying access outside of -@file{/srv/tftp-root}, yet is not indicating this lock-in -to the client, and is thus improving server isolation. -Since neither of @option{-u} and @option{-g} were specified, -the configuration reproduced above will in fact have the -transmitting server process running with the default -owner set to @samp{nobody:nogroup}. - +@c @node tftpd invocation +@c @chapter @command{tftpd}: TFTP server +@c @pindex tftpd +@c +@c @command{tftpd} is intended to be invoked via @command{inetd} +@c at all times. +@c +@c @noindent +@c Synopsis: +@c +@c @example +@c tftpd [@var{options}] [@var{directory} @dots{}] +@c @end example +@c +@c @table @option +@c @item -g @var{group} +@c @itemx --group=@var{group} +@c @opindex -g +@c @opindex --group +@c Specify group membership of the process owner. +@c This is used only along with the option @option{-s}, +@c and replaces the group membership that comes from +@c the process owner himself. +@c +@c @item -l +@c @itemx --logging +@c @opindex -l +@c @opindex --logging +@c Enable logging. +@c +@c @item -n +@c @itemx --nonexistent +@c @opindex -n +@c @opindex --nonexistent +@c Supress negative acknowledgement of requests for nonexistent relative +@c filenames. +@c +@c @item -s @var{dir} +@c @itemx --secure-dir=@var{dir} +@c @opindex -s +@c @opindex --secure-dir +@c Let the serving process change its root directory to @var{dir} +@c before attending to any requests. +@c This directory is not observable by any client, but improves +@c server isolation, since servable contents must be located +@c below this chrooted directory @var{dir}. +@c +@c @item -u @var{user} +@c @itemx --user=@var{user} +@c @opindex -u +@c @opindex --user +@c Specify the process owner for serving requests. +@c Only relevant along with the option @option{-s}. +@c The default name is @samp{nobody}. +@c @end table +@c +@c @section Directory prefixes +@c @anchor{tftpd validation} +@c +@c In addition to options, an invocation of @command{tftpd} can +@c specify an optional list of directory prefixes. +@c These are approved of according to two principles: +@c +@c @itemize @bullet +@c @item +@c Relative pathnames are ignored. +@c +@c @item +@c At most twenty prefixes are approved, the rest is discarded. +@c @end itemize +@c +@c @noindent +@c A request for a file is decided upon as a consequence +@c of evaluating these criteria: +@c +@c @itemize @bullet +@c @item +@c Every file request containing the substring @samp{/../} is denied, +@c as is a file name beginning with @samp{../}. +@c +@c @item +@c Write requests must specify absolute locations. +@c +@c @item +@c A file request, if specified as an @emph{absolute} pathname, +@c must begin with one of the approved directory prefixes, +@c should at least one such prefix have been accepted. +@c +@c @item +@c In the absence of a prefix collection, any absolute pathname is +@c accepted, should the corresponding file exist. +@c +@c @item +@c A file request, if specified as a @emph{relative} name, +@c will only be searched for below the acceptable prefixes, +@c should at least one such prefix have been approved. +@c +@c @item +@c A request for a relatively named file, is denied in the absence +@c of approved directory prefixes. +@c +@c @item +@c The resulting file must be world readable, or world writable, +@c for a read request, or a write request, to succeed. +@c @end itemize +@c +@c @section Use cases +@c @anchor{tftpd setup cases} +@c +@c The standard use case is an entry in @file{/etc/inetd.conf} like +@c +@c @example +@c tftp dgram udp4 wait root /usr/sbin/tftpd \ +@c @verb{ } tftpd /tftpboot /altboot +@c @end example +@c +@c @noindent +@c This would allow the TFTP client to use any of +@c +@c @example +@c get kernel +@c get /tftpboot/kernel +@c get kernel.alt +@c get /altboot/kernel.alt +@c get /etc/motd +@c @end example +@c +@c @noindent +@c given that @file{/tftpboot/kernel} and @file{/altboot/kernel.alt} exist. +@c Observe that also @file{/etc/motd} is accessible, inspite there being +@c no explicit mention of standard file locations. +@c +@c A stronger mode of running a TFTP server is to use the `secure mode', +@c meaning that the serving process is running in a chrooted mode. +@c Then a suitable configuration could be +@c +@c @example +@c tftp dgram udp4 wait root /usr/sbin/tftpd \ +@c @verb{ } tftpd --secure-dir=/srv/tftp-root /tftpboot /altboot +@c @end example +@c +@c @noindent +@c Supposing the files @file{kernel} and @file{kernel.alt} to exist +@c in the common directory @file{/srv/tftp-root/altboot/}, +@c all the previously suggested client requests for a kernel would +@c still be granted, but now any request for @file{/etc/motd} +@c would be declined, and would get a reply `File not found' back. +@c +@c The chrooted setting is denying access outside of +@c @file{/srv/tftp-root}, yet is not indicating this lock-in +@c to the client, and is thus improving server isolation. +@c Since neither of @option{-u} and @option{-g} were specified, +@c the configuration reproduced above will in fact have the +@c transmitting server process running with the default +@c owner set to @samp{nobody:nogroup}. +@c @node uucpd invocation @chapter @command{uucpd}: Unix to Unix Copy relay daemon. @pindex uucpd --- origsrc/inetutils-2.5/ftp/cmds.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/ftp/cmds.c 2023-12-30 20:53:27.874344900 +0900 @@ -100,6 +100,10 @@ # endif #endif /* !DEFPORT */ +#ifdef __CYGWIN__ +typedef _sig_func_ptr sig_t; +#endif + /* Returns true if STR is entirely lower case. */ static int all_lower (char *str) @@ -309,6 +313,13 @@ setpeer (int argc, char **argv) if (autologin) login (host); +#ifdef __CYGWIN__ +# ifndef unix +# define unix +# endif +# define NBBY 8 +#endif /* __CYGWIN__ */ + #if (defined unix || defined __unix || defined __unix__) && NBBY == 8 /* * this ifdef is to keep someone form "porting" this to an incompatible @@ -1917,7 +1928,7 @@ quote1 (char *initial, int argc, char ** len += strlen (strcpy (&buf[len], argv[i])); } } - if (command (buf) == PRELIM) + if (command ("%s", buf) == PRELIM) { while (getreply (0) == PRELIM) continue; --- origsrc/inetutils-2.5/ftp/ftp.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/ftp/ftp.c 2023-12-30 20:58:32.165422000 +0900 @@ -90,6 +90,11 @@ #include "ftp_var.h" #include "attribute.h" +#ifdef __CYGWIN__ +#include +typedef _sig_func_ptr sig_t; +#endif + #if !HAVE_DECL_FCLOSE /* Some systems don't declare fclose in , so do it ourselves. */ extern int fclose (FILE *); @@ -674,7 +679,15 @@ sendrequest (char *cmd, char *local, cha } else { +#ifdef __CYGWIN__ + if (curtype != TYPE_A) { + fin = fopen (local, "rb"); + } else { + fin = fopen (local, "r"); + } +#else fin = fopen (local, "r"); +#endif if (fin == NULL) { error (0, errno, "local: %s", local); @@ -718,6 +731,7 @@ sendrequest (char *cmd, char *local, cha break; case TYPE_I: case TYPE_L: + setmode (fileno (fin), O_BINARY); rc = lseek (fileno (fin), restart_point, SEEK_SET); break; } @@ -786,6 +800,8 @@ sendrequest (char *cmd, char *local, cha case TYPE_I: case TYPE_L: + setmode (fileno (fin), O_BINARY); + setmode (fileno (dout), O_BINARY); errno = d = 0; while ((c = read (fileno (fin), buf, bufsize)) > 0) { @@ -1021,7 +1037,17 @@ recvrequest (char *cmd, char *local, cha { struct stat st; +#ifdef __CYGWIN__ + { + char nmode[8]; + strcpy (nmode, lmode); + if (curtype != TYPE_A) + strcat (nmode, "b"); + fout = fopen (local, nmode); + } +#else fout = fopen (local, lmode); +#endif if (fout == NULL || fstat (fileno (fout), &st) < 0) { error (0, errno, "local: %s", local); @@ -1050,6 +1076,8 @@ recvrequest (char *cmd, char *local, cha case TYPE_I: case TYPE_L: + setmode (fileno (fout), O_BINARY); + setmode (fileno (din), O_BINARY); if (restart_point && lseek (fileno (fout), restart_point, SEEK_SET) < 0) { error (0, errno, "local: %s", local); @@ -1528,10 +1556,15 @@ noport: result = ERROR; /* For success detection. */ if (data_addr.ss_family != AF_INET || doepsv4) { + char *p; /* Use EPRT mode. */ getnameinfo ((struct sockaddr *) &data_addr, ctladdrlen, ia, sizeof (ia), portstr, sizeof (portstr), NI_NUMERICHOST | NI_NUMERICSERV); + /* Remove IPv6 link local address postfix */ + p = strchr (ia, '%'); + if (p) + *p = '\0'; result = command ("EPRT |%d|%s|%s|", (data_addr.ss_family == AF_INET) ? 1 : 2, ia, portstr); --- origsrc/inetutils-2.5/ftpd/auth.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/ftpd/auth.c 2023-12-30 20:53:27.895330400 +0900 @@ -18,6 +18,17 @@ #include +#ifdef __CYGWIN__ +# undef ERROR +# include +# include +# include +# include +# define is_winnt (GetVersion() < 0x80000000) +#else +# define is_winnt (0) +#endif + #include #include #include @@ -43,6 +54,9 @@ shell as returned by getusershell(). Disallow anyone mentioned in the file PATH_FTPUSERS to allow people such as root and uucp to be avoided. */ +static int +do_cygwin_auth (const char* passwd, struct credentials *pcred); + int auth_user (const char *name, struct credentials *pcred) { @@ -92,8 +106,8 @@ auth_user (const char *name, struct cred */ if (strcmp (name, "ftp") == 0 || strcmp (name, "anonymous") == 0) { - if (checkuser (PATH_FTPUSERS, "ftp") - || checkuser (PATH_FTPUSERS, "anonymous")) + if (checkuser (PATH_FTPUSERS, "ftp", NULL) + || checkuser (PATH_FTPUSERS, "anonymous", NULL)) { snprintf (pcred->message, len, "User %s access denied.", name); @@ -110,6 +124,8 @@ auth_user (const char *name, struct cred snprintf (pcred->message, len, "User %s unknown.", name); err = 1; } + if (err == 0) + checkuser (PATH_FTPCHROOT, pcred->name, &pcred->rootdir); return err; } @@ -128,7 +144,7 @@ auth_user (const char *name, struct cred break; endusershell (); - if (cp == NULL || checkuser (PATH_FTPUSERS, name)) + if (cp == NULL || checkuser (PATH_FTPUSERS, name, NULL)) { sprintf (pcred->message, "User %s access denied.", name); return 1; @@ -148,7 +164,8 @@ auth_user (const char *name, struct cred if (err == 0) { - pcred->dochroot = checkuser (PATH_FTPCHROOT, pcred->name); + pcred->dochroot = + checkuser (PATH_FTPCHROOT, pcred->name, &pcred->rootdir); #if defined WITH_PAM && !defined WITH_LINUX_PAM if (pcred->auth_type == AUTH_TYPE_PAM) @@ -183,18 +200,49 @@ auth_pass (const char *passwd, struct cr case AUTH_TYPE_PASSWD: default: { +#ifdef __CYGWIN__ + if (!is_winnt) + { +#endif /* __CYGWIN__ */ char *xpasswd; char *salt = pcred->passwd; /* Try to authenticate the user. */ if (pcred->passwd == NULL || *pcred->passwd == '\0') return 1; /* Failed. */ - xpasswd = crypt (passwd, salt); + xpasswd = (char*) crypt (passwd, salt); return (!xpasswd || strcmp (xpasswd, pcred->passwd) != 0); +#ifdef __CYGWIN__ + } else { + return do_cygwin_auth (passwd, pcred); + } +#endif /* __CYGWIN__ */ } } /* switch (auth_type) */ return -1; } +#ifdef __CYGWIN__ +static int +do_cygwin_auth (const char* passwd, struct credentials *pcred) +{ + struct passwd *p; + if ((pcred == NULL) || (pcred->name == NULL) || (pcred->name[0] == '\0')) + return 1; + + /* can't "recreate" p from contents of pcred, because + struct passwd might contain extension elements + unknown to us + */ + p = getpwnam (pcred->name); + if (p == NULL) + return 1; + + HANDLE hToken = (HANDLE) cygwin_logon_user (p, passwd); + cygwin_set_impersonation_token (hToken); + return (hToken == INVALID_HANDLE_VALUE); // non-zero on error +} +#endif /* __CYGWIN__ */ + int sgetcred (const char *name, struct credentials *pcred) { --- origsrc/inetutils-2.5/ftpd/conf.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/ftpd/conf.c 2023-12-30 21:01:38.957327700 +0900 @@ -58,11 +58,11 @@ display_file (const char *name, int code * Return 1 if yes, 0 otherwise. */ int -checkuser (const char *filename, const char *name) +checkuser (const char *filename, const char *name, char **path) { FILE *fp; int found = 0, ngroups = 0; - char *p, line[BUFSIZ]; + char *p = NULL, line[BUFSIZ]; gid_t *groups = NULL; struct passwd *pwd = NULL; @@ -88,6 +88,7 @@ checkuser (const char *filename, const c /* Wildcard entry, a single '@'. */ if (p[0] == '@' && (p[1] == 0 || isblank (p[1]))) { + p++; found = 1; break; } @@ -116,7 +117,8 @@ checkuser (const char *filename, const c while (*p && (isalnum (*p) || *p == '_' || *p == '-')) p++; - *p = '\0'; /* Group name ends here. */ + if (*p) + *p++ = '\0'; /* Group name ends here. */ grp = getgrnam (gname); if (grp) @@ -135,13 +137,46 @@ checkuser (const char *filename, const c } /* User name ends at the first blank character. */ - if (strncmp (p, name, strlen (name)) == 0 + if (strncasecmp (p, name, strlen (name)) == 0 && (p[strlen (name)] == 0 || isblank (p[strlen (name)]))) { + p += strlen (name); found = 1; break; } } + + /* Extract the second field and set to *path */ + if (found && path && p) + { + char *pend; + while (*p && isblank (*p)) + p++; + pend = p; + while (*pend && !isblank (*pend)) + pend++; + *pend = '\0'; + if (*p) + { + char *buf = malloc (strlen (*path) + strlen (p) + 2); + if (buf) + { + if (*p != '/') + sprintf(buf, "%s/%s", *path, p); + else + sprintf(buf, "%s", p); + free (*path); + *path = sgetsave (buf); + free(buf); + } + else + { + perror_reply (421, "Local resource failure: malloc"); + dologout (1); + } + } + } + free (groups); fclose (fp); } --- origsrc/inetutils-2.5/ftpd/extern.h 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/ftpd/extern.h 2023-12-30 20:53:27.920316500 +0900 @@ -53,7 +53,7 @@ #include extern void cwd (const char *); -extern int checkuser (const char *filename, const char *name); +extern int checkuser (const char *filename, const char *name, char **path); extern void delete (const char *); extern int display_file (const char *name, int code); extern void dologout (int); --- origsrc/inetutils-2.5/ftpd/ftpcmd.y 2023-01-01 09:35:18.000000000 +0900 +++ src/inetutils-2.5/ftpd/ftpcmd.y 2023-12-30 20:53:27.925313600 +0900 @@ -593,7 +593,7 @@ cmd # endif /* BSD */ #endif /* !HAVE_UNAME */ -#if defined unix || defined __unix || defined __unix__ +#if defined unix || defined __unix || defined __unix__ || defined __CYGWIN__ sys_type = "UNIX"; #else sys_type = "UNKNOWN"; --- origsrc/inetutils-2.5/ftpd/ftpd.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/ftpd/ftpd.c 2023-12-30 21:05:35.998333100 +0900 @@ -111,6 +111,10 @@ # define LOG_FTP LOG_DAEMON /* Use generic facility. */ #endif +#ifndef LARGE_TRANSFER_BLOCKSIZE +# define LARGE_TRANSFER_BLOCKSIZE 4096 +#endif + #ifndef MAP_FAILED # define MAP_FAILED (void*)-1 #endif @@ -446,11 +450,21 @@ static struct argp argp = { NULL }; +#if defined(WITH_WRAP) && defined(__CYGWIN__) +extern int allow_severity; /* set value in main() */ +extern int deny_severity; /* set value in main() */ +#endif + int main (int argc, char *argv[], char **envp) { int index; +#if defined(WITH_WRAP) && defined(__CYGWIN__) + allow_severity = LOG_INFO; + deny_severity = LOG_NOTICE; +#endif + set_program_name (argv[0]); #ifdef HAVE_TZSET @@ -561,7 +575,7 @@ main (int argc, char *argv[], char **env } #endif -#ifdef F_SETOWN +#if defined(F_SETOWN) && !defined(__CYGWIN__) if (fcntl (STDIN_FILENO, F_SETOWN, getpid ()) == -1) syslog (LOG_ERR, "fcntl F_SETOWN: %m"); #endif @@ -685,19 +699,55 @@ complete_login (struct credentials *pcre /* We MUST do a chdir () after the chroot. Otherwise the old current directory will be accessible as "." outside the new root! */ - if (chroot (pcred->rootdir) < 0 || chdir (pcred->homedir) < 0) + char *subdir = strstr(pcred->rootdir, "/./"); + if (subdir) + *subdir++ = '\0'; + if (chroot (pcred->rootdir) < 0) { reply (550, "Can't set guest privileges."); goto bad; } + if (seteuid ((uid_t)pcred->uid) < 0) + { + reply(550, "Can't set uid."); + goto bad; + } + if (chdir (pcred->homedir) < 0) + { + reply(550, "Can't access home directory."); + goto bad; + } + if (subdir && chdir (subdir) < 0) + { + reply(550, "Can't change directory to %s.", subdir); + goto bad; + } } else if (pcred->dochroot) { - if (chroot (pcred->rootdir) < 0 || chdir (pcred->homedir) < 0) + char *subdir = strstr(pcred->rootdir, "/./"); + if (subdir) + *subdir++ = '\0'; + if (chroot (pcred->rootdir) < 0) { reply (550, "Can't change root."); goto bad; } + if (seteuid ((uid_t)pcred->uid) < 0) + { + reply(550, "Can't set uid."); + goto bad; + } + if (chdir (pcred->homedir) < 0) + { + reply(550, "Can't access home directory."); + goto bad; + } + if (subdir && chdir (subdir) < 0) + { + reply(550, "Can't change directory to %s.", subdir); + goto bad; + } } if (seteuid ((uid_t) pcred->uid) < 0) @@ -708,6 +758,11 @@ complete_login (struct credentials *pcre if (!pcred->guest && !pcred->dochroot) /* Remaining case. */ { + if (seteuid ((uid_t)pcred->uid) < 0) + { + reply(550, "Can't set uid."); + goto bad; + } if (chdir (pcred->rootdir) < 0) { if (chdir ("/") < 0) @@ -863,7 +918,7 @@ end_login (struct credentials *pcred) char *remotehost = pcred->remotehost; int atype = pcred->auth_type; - if (seteuid ((uid_t) 0) == -1) + if (seteuid (getuid ()) == -1) _exit (EXIT_FAILURE); if (pcred->logged_in) @@ -975,6 +1030,11 @@ retrieve (const char *cmd, const char *n if (cmd == 0) { +#ifdef __CYGWIN__ + if (type != TYPE_A) + fin = fopen (name, "rb"), closefunc = fclose; + else +#endif fin = fopen (name, "r"), closefunc = fclose; st.st_size = 0; } @@ -1062,6 +1122,13 @@ store (const char *name, const char *mod FILE *fout, *din; struct stat st; int (*closefunc) (FILE *); + char nmode[8]; + + strcpy (nmode, mode); +#ifdef __CYGWIN__ + if (type != TYPE_A) + strcat (nmode, "b"); +#endif if (unique && stat (name, &st) == 0) { @@ -1077,8 +1144,16 @@ store (const char *name, const char *mod } if (restart_point) - mode = "r+"; - fout = fopen (name, mode); + { +#ifdef __CYGWIN__ + if (type != TYPE_A) + mode = "rb+"; + else +#endif + mode = "r+"; + strcpy (nmode, mode); + } + fout = fopen (name, nmode); closefunc = fclose; if (fout == NULL || fstat (fileno (fout), &st) < 0) { @@ -1154,7 +1229,7 @@ getdatasock (const char *mode) if (data >= 0) return fdopen (data, mode); - if (seteuid ((uid_t) 0) == -1) + if (seteuid (getuid ()) == -1) _exit (EXIT_FAILURE); s = socket (ctrl_addr.ss_family, SOCK_STREAM, 0); if (s < 0) @@ -1321,9 +1396,12 @@ static void send_data (FILE *instr, FILE *outstr, off_t blksize) { int c, cnt, filefd, netfd; - char *buf = MAP_FAILED, *bp; + char *buf = MAP_FAILED; off_t curpos; +#ifdef HAVE_MMAP + char *bp; off_t len, filesize; +#endif transflag++; if (setjmp (urgcatch)) @@ -1416,7 +1494,14 @@ send_data (FILE *instr, FILE *outstr, of len = filesize; do { +#ifdef __CYGWIN__ + cnt = write (netfd, bp, + (len < LARGE_TRANSFER_BLOCKSIZE ? + len : LARGE_TRANSFER_BLOCKSIZE)); +#else cnt = write (netfd, bp, len); +#endif /* __CYGWIN__ */ + len -= cnt; bp += cnt; if (cnt > 0) @@ -1441,6 +1526,9 @@ send_data (FILE *instr, FILE *outstr, of syslog (LOG_DEBUG, "Starting at position %jd.", curpos); } + if (blksize <= 0) + blksize = LARGE_TRANSFER_BLOCKSIZE; + buf = malloc ((u_int) blksize); if (buf == NULL) { @@ -1980,7 +2068,7 @@ passive (int epsv, int af) else /* !AF_INET6 */ ((struct sockaddr_in *) &pasv_addr)->sin_port = 0; - if (seteuid ((uid_t) 0) == -1) + if (seteuid (getuid ()) == -1) _exit (EXIT_FAILURE); if (bind (pdata, (struct sockaddr *) &pasv_addr, pasv_addrlen) < 0) { --- origsrc/inetutils-2.5/ftpd/server_mode.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/ftpd/server_mode.c 2023-12-30 20:53:27.941303900 +0900 @@ -57,8 +57,14 @@ static void reapchild (int); extern int hosts_ctl (char *, char *, char *, char *); # endif +#ifdef __CYGWIN__ +/* provided by library (e.g. extern, here) on cygwin */ +extern int allow_severity; /* set value in main() */ +extern int deny_severity; /* set value in main() */ +#else int allow_severity = LOG_INFO; int deny_severity = LOG_NOTICE; +#endif static int check_host (struct sockaddr *sa, socklen_t len) --- origsrc/inetutils-2.5/lib/sys_select.in.h 2023-12-30 03:04:55.000000000 +0900 +++ src/inetutils-2.5/lib/sys_select.in.h 2023-12-30 20:53:27.975103800 +0900 @@ -42,7 +42,7 @@ # @INCLUDE_NEXT@ @NEXT_SYS_SELECT_H@ #elif (@HAVE_SYS_SELECT_H@ \ - && (defined _CYGWIN_SYS_TIME_H \ + && (defined __CYGWIN__ \ || (!defined _GL_SYS_SELECT_H_REDIRECT_FROM_SYS_TIME_H \ && ((defined __osf__ && defined _SYS_TIME_H_ \ && defined _OSF_SOURCE) \ --- origsrc/inetutils-2.5/libinetutils/daemon.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/libinetutils/daemon.c 2023-12-30 20:53:27.985101900 +0900 @@ -49,6 +49,7 @@ #include #include #include +#include #include #include #include @@ -101,13 +102,87 @@ #define MAXFD 64 +/* copy signal stuff from inetd.c -- POSIX says that the various + signal interfaces should not be mixed in the same program. + Because inetd uses 'most recent signal interface' it can find, + we should too. +*/ + +#define SIGBLOCK (sigmask(SIGCHLD)|sigmask(SIGHUP)|sigmask(SIGALRM)) +#if defined(HAVE_SIGACTION) +# define SIGSTATUS sigset_t +# define sigstatus_empty(s) sigemptyset(&s) +#else +# define SIGSTATUS long +# define sigstatus_empty(s) s = 0 +#endif + +static void +signal_set_handler (int signo, void (*handler) ()) +{ +#if defined(HAVE_SIGACTION) + struct sigaction sa; + memset ((char *)&sa, 0, sizeof(sa)); + sigemptyset (&sa.sa_mask); + sigaddset (&sa.sa_mask, signo); +#ifdef SA_RESTART + sa.sa_flags = SA_RESTART; +#endif + sa.sa_handler = handler; + sigaction (signo, &sa, NULL); +#elif defined(HAVE_SIGVEC) + struct sigvec sv; + memset (&sv, 0, sizeof(sv)); + sv.sv_mask = SIGBLOCK; + sv.sv_handler = handler; + sigvec (signo, &sv, NULL); +#else /* !HAVE_SIGVEC */ + signal (signo, handler); +#endif /* HAVE_SIGACTION */ +} + +static void +signal_block (SIGSTATUS *old_status) +{ +#ifdef HAVE_SIGACTION + sigset_t sigs; + + sigemptyset (&sigs); + sigaddset (&sigs, SIGCHLD); + sigaddset (&sigs, SIGHUP); + sigaddset (&sigs, SIGALRM); + sigprocmask (SIG_BLOCK, &sigs, old_status); +#else + long omask = sigblock (SIGBLOCK); + if (old_status) + *old_status = omask; +#endif +} + +static void +signal_unblock (SIGSTATUS *status) +{ +#ifdef HAVE_SIGACTION + if (status) + sigprocmask (SIG_SETMASK, status, 0); + else + { + sigset_t empty; + sigemptyset (&empty); + sigprocmask (SIG_SETMASK, &empty, 0); + } +#else + sigsetmask (status ? *status : 0); +#endif +} + void waitdaemon_timeout (int signo MAYBE_UNUSED) { int left; left = alarm (0); - signal (SIGALRM, SIG_DFL); + signal_set_handler (SIGALRM, SIG_DFL); if (left == 0) error (EXIT_FAILURE, 0, "timed out waiting for child"); } @@ -136,9 +211,29 @@ waitdaemon (int nochdir, int noclose, in default: /* In the parent. */ if (maxwait > 0) { - signal (SIGALRM, waitdaemon_timeout); + int status; + pid_t wpid; + + signal_unblock(NULL); + signal_set_handler (SIGALRM, waitdaemon_timeout); alarm (maxwait); - pause (); + do + { + wpid = waitpid(childpid, &status, WUNTRACED +#ifdef WCONTINUED /* Not all implementations support this */ + | WCONTINUED +#endif + ); + if (wpid == -1) + { + /* should't happen for timeouts, because the + SIGALRM handler will error (and exit). However, + we may recieve some OTHER signal... + */ + error (1, 0, "interrupted while waiting for child"); + } + } + while (!WIFEXITED(status) && !WIFSIGNALED(status)); } _exit (EXIT_SUCCESS); } @@ -150,7 +245,7 @@ waitdaemon (int nochdir, int noclose, in then SIGHUP is sent to all process belonging to the same session, i.e., also to the second child. */ - signal (SIGHUP, SIG_IGN); + signal_set_handler (SIGHUP, SIG_IGN); switch (fork ()) { @@ -200,5 +295,9 @@ waitdaemon (int nochdir, int noclose, in int daemon (int nochdir, int noclose) { +#ifdef __CYGWIN__ + return (waitdaemon (nochdir, noclose, 5) == -1) ? -1 : 0; +#else return (waitdaemon (nochdir, noclose, 0) == -1) ? -1 : 0; +#endif } --- origsrc/inetutils-2.5/libinetutils/logwtmp.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/libinetutils/logwtmp.c 2023-12-30 20:53:27.991097000 +0900 @@ -48,6 +48,10 @@ extern int errno; #endif +#ifndef O_BINARY +#define O_BINARY 0 +#endif + #ifdef HAVE_UTMPX_H static void _logwtmp (struct utmpx *ut) @@ -60,9 +64,9 @@ _logwtmp (struct utmp *ut) static int fd = -1; if (fd < 0) - fd = open (OUR_WTMP, O_WRONLY | O_APPEND, 0); + fd = open (OUR_WTMP, O_WRONLY | O_APPEND | O_BINARY, 0); #else - int fd = open (OUR_WTMP, O_WRONLY | O_APPEND, 0); + int fd = open (OUR_WTMP, O_WRONLY | O_APPEND | O_BINARY, 0); #endif if (fd >= 0) --- origsrc/inetutils-2.5/libinetutils/setsig.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/libinetutils/setsig.c 2023-12-30 20:53:27.997094200 +0900 @@ -24,6 +24,10 @@ #include +#ifdef __CYGWIN__ +typedef _sig_func_ptr sig_t; +#endif + /* This is exactly like the traditional signal function, but turns on the SA_RESTART bit where possible. */ sighandler_t --- origsrc/inetutils-2.5/ping/ping.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/ping/ping.c 2023-12-30 20:53:28.014082200 +0900 @@ -276,8 +276,12 @@ main (int argc, char **argv) setlocale (LC_ALL, ""); #endif +#ifdef __CYGWIN__ + is_root = true; +#else if (getuid () == 0) is_root = true; +#endif /* Parse command line */ iu_argp_init ("ping", program_authors); --- origsrc/inetutils-2.5/ping/ping6.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/ping/ping6.c 2023-12-30 20:53:28.020078700 +0900 @@ -142,6 +142,7 @@ parse_opt (int key, char *arg, struct ar { char *endptr; static unsigned char pattern[MAXPATTERN]; + double v; switch (key) { @@ -169,9 +170,11 @@ parse_opt (int key, char *arg, struct ar #endif case 'i': + v = strtod (arg, &endptr); + if (*endptr) + argp_error (state, "invalid value (`%s' near `%s')", arg, endptr); options |= OPT_INTERVAL; - interval = ping_cvt_number (arg, 0, 0); - interval *= PING_PRECISION; + interval = v * PING_PRECISION; if (!is_root && interval < PING_MIN_USER_INTERVAL) error (EXIT_FAILURE, 0, "option value too small: %s", arg); break; @@ -252,8 +255,12 @@ main (int argc, char **argv) setlocale (LC_ALL, ""); #endif +#ifdef __CYGWIN__ + is_root = true; +#else if (getuid () == 0) is_root = true; +#endif /* Parse command line */ iu_argp_init ("ping6", program_authors); @@ -850,6 +857,7 @@ ping_init (int type MAYBE_UNUSED, int id return NULL; } +#if defined(ICMP6_FILTER) & !defined(__CYGWIN__) /* Tell which ICMPs we are interested in. */ ICMP6_FILTER_SETBLOCKALL (&filter); ICMP6_FILTER_SETPASS (ICMP6_ECHO_REPLY, &filter); @@ -865,13 +873,16 @@ ping_init (int type MAYBE_UNUSED, int id close (fd); return NULL; } +#endif +#ifdef IPV6_RECVHOPLIMIT err = setsockopt (fd, IPPROTO_IPV6, IPV6_RECVHOPLIMIT, &on, sizeof (on)); if (err) { close (fd); return NULL; } +#endif /* Allocate PING structure and initialize it to default values */ p = malloc (sizeof (*p)); --- origsrc/inetutils-2.5/src/inetd.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/src/inetd.c 2023-12-30 21:07:07.459315500 +0900 @@ -136,6 +136,12 @@ #include "version-etc.h" #include "attribute.h" +#ifdef __CYGWIN__ +#include +#include +#endif /* __CYGWIN__ */ + + #ifndef EAI_ADDRFAMILY # define EAI_ADDRFAMILY 1 #endif @@ -149,7 +155,14 @@ #endif #define SIGBLOCK (sigmask(SIGCHLD)|sigmask(SIGHUP)|sigmask(SIGALRM)) +enum { + NO_DAEMON = 0, + UNIX_DAEMON +}; + bool debug = false; +static int daemonize = UNIX_DAEMON; + int nsock, maxsock; fd_set allsock; int options; @@ -197,6 +210,13 @@ static struct argp_option argp_options[] {"resolve", OPT_RESOLVE, NULL, 0, "resolve IP addresses when setting environment variables " "(see --environment)", GRP + 1}, +#ifdef __CYGWIN__ + {0,0,0,0,"Cygwin-specific options:",GRP + 2}, + {"no-daemonize", 'D', NULL, 0, + "Do not run as a daemon", GRP + 2}, + {"traditional-daemon", 'T', NULL, 0, + "This option is present for backwards compatibility.", GRP + 2}, +#endif /* __CYGWIN__ */ #undef GRP {NULL, 0, NULL, 0, NULL, 0} }; @@ -237,6 +257,16 @@ parse_opt (int key, char *arg, struct ar resolve_option = true; break; +#ifdef __CYGWIN__ + case 'D': /* don't become a daemon */ + daemonize = NO_DAEMON; + break; + + case 'T': /* act like a normal unix daemon */ + daemonize = UNIX_DAEMON; + break; +#endif /* __CYGWIN__ */ + default: return ARGP_ERR_UNKNOWN; } @@ -411,6 +441,44 @@ signal_unblock (SIGSTATUS *status) #endif } +#ifdef __CYGWIN__ +void +hide_console () +{ + HMODULE lib; + HWND WINAPI (*GetConsoleWindow) (void) = NULL; + HWND console = NULL; + + AllocConsole (); + if (lib = LoadLibrary ("kernel32.dll")) + GetConsoleWindow = (HWND WINAPI (*) (void)) + GetProcAddress (lib, "GetConsoleWindow"); + + if (GetConsoleWindow) + /* If GetConsoleWindow exists (W2K and newer), use it. */ + console = GetConsoleWindow (); + if (!console) + { + /* Get console window handle as described in KB article Q124103 */ + char title[32]; + snprintf (title, 32, "inetd.%d", getpid ()); + SetConsoleTitle (title); + Sleep (40); + console = FindWindow (NULL, title); + if (console) + { + char ctitle[256]; + if (!GetWindowText (console, ctitle, 256) || strcmp (title, ctitle)) + console = NULL; + } + } + if (console) + ShowWindow (console, SW_HIDE); +} +#endif /* __CYGWIN__ */ + + + void run_service (int ctrl, struct servtab *sep) { @@ -430,6 +498,10 @@ run_service (int ctrl, struct servtab *s close (ctrl); dup2 (0, 1); dup2 (0, 2); +#ifdef __CYGWIN__ + if (strcmp (sep->se_user, "root")) + { +#endif pwd = getpwnam (sep->se_user); if (pwd == NULL) { @@ -451,6 +523,13 @@ run_service (int ctrl, struct servtab *s _exit (EXIT_FAILURE); } } +#ifdef __CYGWIN__ + } + else + { + pwd = getpwuid (getuid ()); + } +#endif if (pwd->pw_uid) { if (grp && grp->gr_gid) @@ -464,8 +543,8 @@ run_service (int ctrl, struct servtab *s } else if (setgid (pwd->pw_gid) < 0) { - syslog (LOG_ERR, "%s: can't set gid %d: %m", - sep->se_service, pwd->pw_gid); + syslog (LOG_ERR, "%s: can't set gid %d uid(%d): %m", + sep->se_service, pwd->pw_gid, pwd->pw_uid); _exit (EXIT_FAILURE); } #ifdef HAVE_INITGROUPS @@ -1271,6 +1350,10 @@ nextconfig (const char *file) } while ((sep = getconfigent (fconfig, file, &line))) { +#ifdef __CYGWIN__ + if (strcmp (sep->se_user, "root")) + { +#endif pwd = getpwnam (sep->se_user); if (pwd == NULL) { @@ -1288,6 +1371,9 @@ nextconfig (const char *file) continue; } } +#ifdef __CYGWIN__ + } +#endif if (ISMUX (sep)) { sep->se_fd = -1; @@ -1491,10 +1577,48 @@ set_proc_title (char *a, int s) } else snprintf (buf, sizeof buf, "-%s", a); - strncpy (cp, buf, LastArg - cp); - cp += strlen (cp); - while (cp < LastArg) - *cp++ = ' '; + + /* the non-portable code in the #else block relies on + the system allocating all of the strings in argv[] + contiguously. On cygwin this is not necessarily so, + and to assume otherwise will lead to segfaults. + The downside here is we get supposed ps entries for + internal services like: + '-echo' instead of '-echo [remoteIP]' (okay?) + '-char' instead of '-chargen [remoteIP]' (awful) + '-disc' instead of '-discard [remoteIP]' (awful) + because the original argv[0] might be 'inetd' unless + it was specifically invoked with a full path. However, + this is mostly moot: + (1) cygwin's ps uses its own internal version of the + exe name (or GetModuleName) and then calls + cygwin_conv_xxx() for display. + (2) procps DOES use the modified argv[0] value + */ + { +#ifdef __CYGWIN__ + char* LastNullChar = cp + strlen(cp); + char** scan; +#else + char* LastNullChar = LastArg; +#endif + + strncpy (cp, buf, LastNullChar - cp); + cp += strlen (cp); + while (cp < LastNullChar) + *cp++ = ' '; + +#ifdef __CYGWIN__ + /* individually blank out the rest of the args */ + for (scan = Argv + 1; *scan != NULL; scan++) + { + char* nullChar = *scan + strlen(*scan); + cp = *scan; + while (cp < nullChar) + *cp++ = ' '; + } +#endif + } } /* @@ -1933,6 +2057,16 @@ main (int argc, char *argv[], char *envp envp++; LastArg = envp[-1] + strlen (envp[-1]); +#ifdef __CYGWIN__ + /* on cygwin, open the log early -- because even + help and cmdline processing messages go directly + to syslog. This is because inetd is often run + under the SYSTEM account (which is not quite like + the *nix 'root') + */ + openlog("inetd", LOG_PID | LOG_NOWAIT, LOG_DAEMON); +#endif + /* Parse command line */ iu_argp_init ("inetd", program_authors); argp_parse (&argp, argc, argv, 0, &index, NULL); @@ -1956,7 +2090,7 @@ main (int argc, char *argv[], char *envp config_files[1] = newstr (PATH_INETDDIR); } - if (!debug) + if ((debug == 0) && daemonize) { if (daemon (0, 0) < 0) { @@ -1966,6 +2100,12 @@ main (int argc, char *argv[], char *envp }; } +#ifndef __CYGWIN__ + exception_list except_list; + cygwin_internal (CW_INIT_EXCEPTIONS, &except_list); + hide_console (); +#endif /* __CYGWIN__ */ + openlog ("inetd", LOG_PID | LOG_NOWAIT, LOG_DAEMON); if (pidfile_option) @@ -1988,6 +2128,7 @@ main (int argc, char *argv[], char *envp signal_set_handler (SIGCHLD, reapchild); signal_set_handler (SIGPIPE, SIG_IGN); +#ifndef __CYGWIN__ { /* space for daemons to overwrite environment for ps */ #define DUMMYSIZE 100 @@ -1997,6 +2138,7 @@ main (int argc, char *argv[], char *envp dummy[DUMMYSIZE - 1] = '\0'; setenv ("inetd_dummy", dummy, 1); } +#endif /* __CYGWIN__ */ for (;;) { --- origsrc/inetutils-2.5/src/syslogd.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/src/syslogd.c 2023-12-30 21:21:29.053148100 +0900 @@ -338,7 +338,8 @@ enum OPT_NO_FORWARD = 256, OPT_NO_KLOG, OPT_NO_UNIXAF, - OPT_IPANY + OPT_IPANY, + OPT_RCDIR }; static struct argp_option argp_options[] = { @@ -365,6 +366,7 @@ static struct argp_option argp_options[] {"mark", 'm', "INTVL", 0, "specify timestamp interval in minutes" " (0 for no timestamping)", GRP + 1}, {"no-detach", 'n', NULL, 0, "do not enter daemon mode", GRP + 1}, + {"no-daemonize", 'D', NULL, 0, "Synonym for -n", GRP + 1}, {"no-forward", OPT_NO_FORWARD, NULL, 0, "do not forward any messages " "(overrides --hop)", GRP + 1}, #ifdef PATH_KLOG @@ -378,7 +380,7 @@ static struct argp_option argp_options[] {"rcfile", 'f', "FILE", 0, "override configuration file (default: " PATH_LOGCONF ")", GRP + 1}, - {"rcdir", 'D', "DIR", 0, "override configuration directory (default: " + {"rcdir", OPT_RCDIR, "DIR", 0, "override configuration directory (default: " PATH_LOGCONFD ")", GRP + 1}, {"socket", 'p', "FILE", 0, "override default unix domain socket " PATH_LOG, GRP + 1}, @@ -450,6 +452,7 @@ parse_opt (int key, char *arg, struct ar break; case 'n': + case 'D': NoDetach = 1; break; @@ -473,7 +476,7 @@ parse_opt (int key, char *arg, struct ar ConfFile = arg; break; - case 'D': + case OPT_RCDIR: ConfDir = arg; break; @@ -1128,7 +1131,11 @@ printsys (const char *msg) char *lp, *q, line[MAXLINE + 1]; const char *p; +#ifdef __CYGWIN__ + strcpy (line, "kernel: "); +#else strcpy (line, "vmunix: "); +#endif lp = line + strlen (line); for (p = msg; *p != '\0';) { --- origsrc/inetutils-2.5/src/uucpd.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/src/uucpd.c 2023-12-30 20:53:28.080045400 +0900 @@ -88,6 +88,12 @@ #include #include +#ifdef __CYGWIN__ +#include +#include +#define is_winnt (GetVersion() < 0x80000000) +#endif + void dologin (struct passwd *pw, struct sockaddr *sap, socklen_t salen); void dologout (void); void doit (struct sockaddr *sap, socklen_t salen); @@ -180,6 +186,8 @@ readline (register char *p, register int if (c == '\n' || c == '\r') { *p = '\0'; + if (c == '\r') + continue; return (0); } *p++ = c; @@ -229,12 +237,29 @@ doit (struct sockaddr *sap, socklen_t sa fprintf (stderr, "passwd read\n"); return; } +#ifdef __CYGWIN__ + if (!is_winnt) + { +#endif xpasswd = crypt (passwd, pw->pw_passwd); if (strcmp (xpasswd, pw->pw_passwd)) { fprintf (stderr, "Login incorrect."); return; } +#ifdef __CYGWIN__ + } + else + { + HANDLE hToken = cygwin_logon_user (pw, passwd); + if (hToken == INVALID_HANDLE_VALUE) + { + fprintf (stderr, "Login incorrect."); + return; + } + cygwin_set_impersonation_token (hToken); + } +#endif } /* XXX: Compare only shell base name to "uucico"? --- origsrc/inetutils-2.5/talk/Makefile.am 2023-01-01 09:35:18.000000000 +0900 +++ src/inetutils-2.5/talk/Makefile.am 2023-12-30 20:53:28.095036900 +0900 @@ -17,6 +17,7 @@ # along with this program. If not, see `http://www.gnu.org/licenses/'. AM_CPPFLAGS = \ + -I$(top_srcdir)/headers \ $(iu_INCLUDES) \ $(NCURSES_INCLUDE) $(INCIDN) --- origsrc/inetutils-2.5/talk/ctl.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/talk/ctl.c 2023-12-30 20:53:28.100033000 +0900 @@ -55,6 +55,7 @@ #include #include +#include #include #include #include "talk.h" @@ -85,7 +86,7 @@ open_sockt (void) #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN my_addr.sin_len = sizeof (my_addr); #endif - my_addr.sin_addr = my_machine_addr; + my_addr.sin_addr.s_addr = INADDR_ANY; my_addr.sin_port = 0; sockt = socket (AF_INET, SOCK_STREAM, 0); if (sockt <= 0) @@ -95,6 +96,7 @@ open_sockt (void) length = sizeof (my_addr); if (getsockname (sockt, (struct sockaddr *) &my_addr, &length) == -1) p_error ("Bad address for socket"); + my_addr.sin_addr = my_machine_addr; return 0; } @@ -110,7 +112,7 @@ open_ctl (void) ctl_addr.sin_len = sizeof (ctl_addr); #endif ctl_addr.sin_port = 0; - ctl_addr.sin_addr = my_machine_addr; + ctl_addr.sin_addr.s_addr = INADDR_ANY; ctl_sockt = socket (AF_INET, SOCK_DGRAM, 0); if (ctl_sockt <= 0) p_error ("Bad socket"); @@ -119,6 +121,7 @@ open_ctl (void) length = sizeof (ctl_addr); if (getsockname (ctl_sockt, (struct sockaddr *) &ctl_addr, &length) == -1) p_error ("Bad address for ctl socket"); + ctl_addr.sin_addr = my_machine_addr; return 0; } --- origsrc/inetutils-2.5/talk/ctl_transact.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/talk/ctl_transact.c 2023-12-30 20:53:28.104030900 +0900 @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include "talk_ctl.h" @@ -88,11 +89,11 @@ ctl_transact (struct in_addr target, CTL */ do { - wait.tv_sec = CTL_WAIT; - wait.tv_usec = 0; /* resend message until a response is obtained */ do { + wait.tv_sec = CTL_WAIT; + wait.tv_usec = 0; cc = sendto (ctl_sockt, (char *) &msg, sizeof (msg), 0, (struct sockaddr *) &daemon_addr, sizeof (daemon_addr)); --- origsrc/inetutils-2.5/talk/get_addrs.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/talk/get_addrs.c 2023-12-30 21:14:23.839832200 +0900 @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include @@ -71,7 +72,11 @@ get_addrs (char *my_machine_name, char * #if HAVE_DECL_GETADDRINFO || defined HAVE_IDN || defined HAVE_IDN2 int err; #endif +#ifdef HAVE_IDN char *lhost, *rhost; +#else + char *rhost; +#endif #if HAVE_DECL_GETADDRINFO struct addrinfo hints, *res, *ai; #else /* !HAVE_DECL_GETADDRINFO */ @@ -96,7 +101,6 @@ get_addrs (char *my_machine_name, char * exit (-1); } #else /* !HAVE_IDN && !HAVE_IDN2 */ - lhost = my_machine_name; rhost = his_machine_name; #endif @@ -114,16 +118,14 @@ get_addrs (char *my_machine_name, char * hints.ai_flags |= AI_IDN; # endif - err = getaddrinfo (lhost, NULL, &hints, &res); + err = getaddrinfo (rhost, NULL, &hints, &res); if (err) { - fprintf (stderr, "talk: %s: %s\n", lhost, gai_strerror (err)); + fprintf (stderr, "talk: %s: %s\n", rhost, gai_strerror (err)); exit (-1); } - /* Perform all sanity checks available. - * Reduction of tests? - */ + /* Perform all sanity checks available. */ for (ai = res; ai; ai = ai->ai_next) { int f; @@ -135,98 +137,33 @@ get_addrs (char *my_machine_name, char * if (f < 0) continue; - /* Attempt binding to this local address. */ - if (bind (f, ai->ai_addr, ai->ai_addrlen)) - { - close (f); - f = -1; - continue; - } - - /* We have a usable address. */ + /* We have a usable address family! */ close (f); break; } if (ai) - memcpy (&my_machine_addr, + memcpy (&his_machine_addr, &((struct sockaddr_in *) ai->ai_addr)->sin_addr, - sizeof (my_machine_addr)); + sizeof (his_machine_addr)); freeaddrinfo (res); if (!ai) { - fprintf (stderr, "talk: %s: %s\n", lhost, "address not found"); + fprintf (stderr, "talk: %s: %s\n", rhost, "address not found"); exit (-1); } #else /* !HAVE_DECL_GETADDRINFO */ - hp = gethostbyname (lhost); + hp = gethostbyname (rhost); if (hp == NULL) { - fprintf (stderr, "talk: %s(%s): ", lhost, my_machine_name); + fprintf (stderr, "talk: %s(%s): ", rhost, his_machine_name); herror ((char *) NULL); exit (-1); } - memmove (&my_machine_addr, hp->h_addr, hp->h_length); -#endif /* !HAVE_DECL_GETADDRINFO */ - - /* - * If the callee is on-machine, just copy the - * network address, otherwise do a lookup... - */ - if (strcmp (rhost, lhost)) - { -#if HAVE_DECL_GETADDRINFO - err = getaddrinfo (rhost, NULL, &hints, &res); - if (err) - { - fprintf (stderr, "talk: %s: %s\n", rhost, gai_strerror (err)); - exit (-1); - } - - /* Perform all sanity checks available. */ - for (ai = res; ai; ai = ai->ai_next) - { - int f; - - if (ai->ai_family != AF_INET) - continue; - - f = socket (ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (f < 0) - continue; - - /* We have a usable address family! */ - close (f); - break; - } - - if (ai) - memcpy (&his_machine_addr, - &((struct sockaddr_in *) ai->ai_addr)->sin_addr, - sizeof (his_machine_addr)); - - freeaddrinfo (res); - if (!ai) - { - fprintf (stderr, "talk: %s: %s\n", rhost, "address not found"); - exit (-1); - } - -#else /* !HAVE_DECL_GETADDRINFO */ - hp = gethostbyname (rhost); - if (hp == NULL) - { - fprintf (stderr, "talk: %s(%s): ", rhost, his_machine_name); - herror ((char *) NULL); - exit (-1); - } - memmove (&his_machine_addr, hp->h_addr, hp->h_length); + memmove (&his_machine_addr, hp->h_addr, hp->h_length); #endif /* !HAVE_DECL_GETADDRINFO */ - } - else - his_machine_addr = my_machine_addr; /* Find the server's port. */ sp = getservbyname ("ntalk", "udp"); @@ -238,6 +175,41 @@ get_addrs (char *my_machine_name, char * } daemon_port = ntohs (sp->s_port); + /* look up the address of the local host + which can communicate with remote host */ + { + int f; + struct sockaddr_in addr; + socklen_t length; + + f = socket (AF_INET, SOCK_DGRAM, 0); + if (f < 0) + { + fprintf (stderr, "talk: Bad socket: "); + herror ((char *) NULL); + exit (-1); + } + memset (&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons (daemon_port); + addr.sin_addr = his_machine_addr; + if (connect (f, (struct sockaddr *)&addr, sizeof(addr)) < 0) + { + fprintf (stderr, "talk: Coundn't connect to control socket: "); + herror ((char *) NULL); + exit (-1); + } + length = sizeof (addr); + if (getsockname (f, (struct sockaddr *)&addr, &length) < 0) + { + fprintf (stderr, "talk: Bad address for ctl socket: "); + herror ((char *) NULL); + exit (-1); + } + close (f); + my_machine_addr = addr.sin_addr; + } + #if defined HAVE_IDN || defined HAVE_IDN2 free (lhost); free (rhost); --- origsrc/inetutils-2.5/talk/get_names.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/talk/get_names.c 2023-12-30 20:53:28.117022700 +0900 @@ -54,6 +54,7 @@ #include #include #include +#include #include #include #include --- origsrc/inetutils-2.5/talk/invite.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/talk/invite.c 2023-12-30 20:53:28.154003100 +0900 @@ -55,6 +55,7 @@ #include #include #include +#include #include #include #include --- origsrc/inetutils-2.5/talk/io.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/talk/io.c 2023-12-30 20:53:28.158999200 +0900 @@ -67,6 +67,8 @@ #include #include "talk.h" +#include + #define A_LONG_TIME 10000000 /* --- origsrc/inetutils-2.5/talk/look_up.c 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/talk/look_up.c 2023-12-30 20:53:28.164996300 +0900 @@ -52,6 +52,7 @@ #include #include #include +#include #include #include #include --- origsrc/inetutils-2.5/talkd/Makefile.am 2023-01-01 09:35:18.000000000 +0900 +++ src/inetutils-2.5/talkd/Makefile.am 2023-12-30 20:53:28.169992400 +0900 @@ -19,6 +19,7 @@ @PATHDEFS_MAKE@ AM_CPPFLAGS = \ + -I$(top_srcdir)/headers \ $(iu_INCLUDES) \ $(PATHDEF_DEV) \ $(PATHDEF_TTY_PFX) $(PATHDEF_UTMP) $(PATHDEF_UTMPX) --- origsrc/inetutils-2.5/talkd/intalkd.h 2023-12-30 02:34:46.000000000 +0900 +++ src/inetutils-2.5/talkd/intalkd.h 2023-12-30 20:53:28.173991000 +0900 @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include