1. /*

  2.  * Copyright 2001-2004 The Apache Software Foundation

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *     http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. package org.apache.commons.net.bsd;

  17. import java.io.IOException;

  18. import java.io.InputStream;

  19. import java.net.BindException;

  20. import java.net.InetAddress;

  21. import java.net.ServerSocket;

  22. import java.net.Socket;

  23. import java.net.SocketException;

  24. 

  25. import org.apache.commons.net.io.SocketInputStream;

  26. 

  27. /***

  28.  * RCommandClient is very similar to

  29.  * <a href="org.apache.commons.net.bsd.RExecClient.html"> RExecClient </a>,

  30.  * from which it is derived, and implements the rcmd() facility that

  31.  * first appeared in 4.2BSD Unix.  rcmd() is the facility used by the rsh

  32.  * (rshell) and other commands to execute a command on another machine

  33.  * from a trusted host without issuing a password.  The trust relationship

  34.  * between two machines is established by the contents of a machine's

  35.  * /etc/hosts.equiv file and a user's .rhosts file.  These files specify

  36.  * from which hosts and accounts on those hosts rcmd() requests will be

  37.  * accepted.  The only additional measure for establishing trust is that

  38.  * all client connections must originate from a port between 512 and 1023.

  39.  * Consequently, there is an upper limit to the number of rcmd connections

  40.  * that can be running simultaneously.   The required ports are reserved

  41.  * ports on Unix systems, and can only be bound by a

  42.  * process running with root permissions (to accomplish this rsh, rlogin,

  43.  * and related commands usualy have the suid bit set).  Therefore, on a

  44.  * Unix system, you will only be able to successfully use the RCommandClient

  45.  * class if the process runs as root.  However, there is no such restriction

  46.  * on Windows95 and some other systems.  The security risks are obvious.

  47.  * However, when carefully used, rcmd() can be very useful when used behind

  48.  * a firewall.

  49.  * <p>

  50.  * As with virtually all of the client classes in org.apache.commons.net, this

  51.  * class derives from SocketClient.  But it overrides most of its connection

  52.  * methods so that the local Socket will originate from an acceptable

  53.  * rshell port.  The way to use RCommandClient is to first connect

  54.  * to the server, call the <a href="#rcommand"> rcommand() </a> method,

  55.  * and then

  56.  * fetch the connection's input, output, and optionally error streams.

  57.  * Interaction with the remote command is controlled entirely through the

  58.  * I/O streams.  Once you have finished processing the streams, you should

  59.  * invoke <a href="org.apache.commons.net.bsd.RExecClient.html#disconnect">

  60.  * disconnect() </a> to clean up properly.

  61.  * <p>

  62.  * By default the standard output and standard error streams of the

  63.  * remote process are transmitted over the same connection, readable

  64.  * from the input stream returned by

  65.  * <a href="org.apache.commons.net.bsd.RExecClient.html#getInputStream">

  66.  * getInputStream() </a>.  However, it is

  67.  * possible to tell the rshd daemon to return the standard error

  68.  * stream over a separate connection, readable from the input stream

  69.  * returned by <a href="org.apache.commons.net.bsd.RExecClient.html#getErrorStream">

  70.  * getErrorStream() </a>.  You

  71.  * can specify that a separate connection should be created for standard

  72.  * error by setting the boolean <code> separateErrorStream </code>

  73.  * parameter of <a href="#rcommand"> rcommand() </a> to <code> true </code>.

  74.  * The standard input of the remote process can be written to through

  75.  * the output stream returned by

  76.  * <a href="org.apache.commons.net.bsd.RExecClient.html#getOutputStream">

  77.  * getOutputSream() </a>.

  78.  * <p>

  79.  * <p>

  80.  * @author Daniel F. Savarese

  81.  * @see org.apache.commons.net.SocketClient

  82.  * @see RExecClient

  83.  * @see RLoginClient

  84.  ***/

  85. 

  86. public class RCommandClient extends RExecClient

  87. {

  88.     /***

  89.      * The default rshell port.  Set to 514 in BSD Unix.

  90.      ***/

  91.     public static final int DEFAULT_PORT = 514;

  92. 

  93.     /***

  94.      * The smallest port number an rcmd client may use.  By BSD convention

  95.      * this number is 512.

  96.      ***/

  97.     public static final int MIN_CLIENT_PORT = 512;

  98. 

  99.     /***

  100.      * The largest port number an rcmd client may use.  By BSD convention

  101.      * this number is 1023.

  102.      ***/

  103.     public static final int MAX_CLIENT_PORT = 1023;

  104. 

  105.     // Overrides method in RExecClient in order to implement proper

  106.     // port number limitations.

  107.     InputStream _createErrorStream() throws IOException

  108.     {

  109.         int localPort;

  110.         ServerSocket server;

  111.         Socket socket;

  112. 

  113.         localPort = MAX_CLIENT_PORT;

  114.         server = null; // Keep compiler from barfing

  115. 

  116.         for (localPort = MAX_CLIENT_PORT; localPort >= MIN_CLIENT_PORT; --localPort)

  117.         {

  118.             try

  119.             {

  120.                 server = _socketFactory_.createServerSocket(localPort, 1,

  121.                          getLocalAddress());

  122.             }

  123.             catch (SocketException e)

  124.             {

  125.                 continue;

  126.             }

  127.             break;

  128.         }

  129. 

  130.         if (localPort < MIN_CLIENT_PORT)

  131.             throw new BindException("All ports in use.");

  132. 

  133.         _output_.write(Integer.toString(server.getLocalPort()).getBytes());

  134.         _output_.write('\0');

  135.         _output_.flush();

  136. 

  137.         socket = server.accept();

  138.         server.close();

  139. 

  140.         if (isRemoteVerificationEnabled() && !verifyRemote(socket))

  141.         {

  142.             socket.close();

  143.             throw new IOException(

  144.                 "Security violation: unexpected connection attempt by " +

  145.                 socket.getInetAddress().getHostAddress());

  146.         }

  147. 

  148.         return (new SocketInputStream(socket, socket.getInputStream()));

  149.     }

  150. 

  151.     /***

  152.      * The default RCommandClient constructor.  Initializes the

  153.      * default port to <code> DEFAULT_PORT </code>.

  154.      ***/

  155.     public RCommandClient()

  156.     {

  157.         setDefaultPort(DEFAULT_PORT);

  158.     }

  159. 

  160. 

  161.     /***

  162.      * Opens a Socket connected to a remote host at the specified port and

  163.      * originating from the specified local address using a port in a range

  164.      * acceptable to the BSD rshell daemon.

  165.      * Before returning, <a href="org.apache.commons.net.SocketClient.html#_connectAction_"> _connectAction_() </a>

  166.      * is called to perform connection initialization actions.

  167.      * <p>

  168.      * @param host  The remote host.

  169.      * @param port  The port to connect to on the remote host.

  170.      * @param localAddr  The local address to use.

  171.      * @exception SocketException If the socket timeout could not be set.

  172.      * @exception BindException If all acceptable rshell ports are in use.

  173.      * @exception IOException If the socket could not be opened.  In most

  174.      *  cases you will only want to catch IOException since SocketException is

  175.      *  derived from it.

  176.      ***/

  177.     public void connect(InetAddress host, int port, InetAddress localAddr)

  178.     throws SocketException, BindException, IOException

  179.     {

  180.         int localPort;

  181. 

  182.         localPort = MAX_CLIENT_PORT;

  183. 

  184.         for (localPort = MAX_CLIENT_PORT; localPort >= MIN_CLIENT_PORT; --localPort)

  185.         {

  186.             try

  187.             {

  188.                 _socket_ =

  189.                     _socketFactory_.createSocket(host, port, localAddr, localPort);

  190.             }

  191.             catch (SocketException e)

  192.             {

  193.                 continue;

  194.             }

  195.             break;

  196.         }

  197. 

  198.         if (localPort < MIN_CLIENT_PORT)

  199.             throw new BindException("All ports in use or insufficient permssion.");

  200. 

  201.         _connectAction_();

  202.     }

  203. 

  204. 

  205. 

  206.     /***

  207.      * Opens a Socket connected to a remote host at the specified port and

  208.      * originating from the current host at a port in a range acceptable

  209.      * to the BSD rshell daemon.

  210.      * Before returning, <a href="org.apache.commons.net.SocketClient.html#_connectAction_"> _connectAction_() </a>

  211.      * is called to perform connection initialization actions.

  212.      * <p>

  213.      * @param host  The remote host.

  214.      * @param port  The port to connect to on the remote host.

  215.      * @exception SocketException If the socket timeout could not be set.

  216.      * @exception BindException If all acceptable rshell ports are in use.

  217.      * @exception IOException If the socket could not be opened.  In most

  218.      *  cases you will only want to catch IOException since SocketException is

  219.      *  derived from it.

  220.      ***/

  221.     public void connect(InetAddress host, int port)

  222.     throws SocketException, IOException

  223.     {

  224.         connect(host, port, InetAddress.getLocalHost());

  225.     }

  226. 

  227. 

  228.     /***

  229.      * Opens a Socket connected to a remote host at the specified port and

  230.      * originating from the current host at a port in a range acceptable

  231.      * to the BSD rshell daemon.

  232.      * Before returning, <a href="org.apache.commons.net.SocketClient.html#_connectAction_"> _connectAction_() </a>

  233.      * is called to perform connection initialization actions.

  234.      * <p>

  235.      * @param hostname  The name of the remote host.

  236.      * @param port  The port to connect to on the remote host.

  237.      * @exception SocketException If the socket timeout could not be set.

  238.      * @exception BindException If all acceptable rshell ports are in use.

  239.      * @exception IOException If the socket could not be opened.  In most

  240.      *  cases you will only want to catch IOException since SocketException is

  241.      *  derived from it.

  242.      * @exception UnknownHostException If the hostname cannot be resolved.

  243.      ***/

  244.     public void connect(String hostname, int port)

  245.     throws SocketException, IOException

  246.     {

  247.         connect(InetAddress.getByName(hostname), port, InetAddress.getLocalHost());

  248.     }

  249. 

  250. 

  251.     /***

  252.      * Opens a Socket connected to a remote host at the specified port and

  253.      * originating from the specified local address using a port in a range

  254.      * acceptable to the BSD rshell daemon.

  255.      * Before returning, <a href="org.apache.commons.net.SocketClient.html#_connectAction_"> _connectAction_() </a>

  256.      * is called to perform connection initialization actions.

  257.      * <p>

  258.      * @param hostname  The remote host.

  259.      * @param port  The port to connect to on the remote host.

  260.      * @param localAddr  The local address to use.

  261.      * @exception SocketException If the socket timeout could not be set.

  262.      * @exception BindException If all acceptable rshell ports are in use.

  263.      * @exception IOException If the socket could not be opened.  In most

  264.      *  cases you will only want to catch IOException since SocketException is

  265.      *  derived from it.

  266.      ***/

  267.     public void connect(String hostname, int port, InetAddress localAddr)

  268.     throws SocketException, IOException

  269.     {

  270.         connect(InetAddress.getByName(hostname), port, localAddr);

  271.     }

  272. 

  273. 

  274.     /***

  275.      * Opens a Socket connected to a remote host at the specified port and

  276.      * originating from the specified local address and port. The

  277.      * local port must lie between <code> MIN_CLIENT_PORT </code> and

  278.      * <code> MAX_CLIENT_PORT </code> or an IllegalArgumentException will

  279.      * be thrown.

  280.      * Before returning, <a href="org.apache.commons.net.SocketClient.html#_connectAction_"> _connectAction_() </a>

  281.      * is called to perform connection initialization actions.

  282.      * <p>

  283.      * @param host  The remote host.

  284.      * @param port  The port to connect to on the remote host.

  285.      * @param localAddr  The local address to use.

  286.      * @param localPort  The local port to use.

  287.      * @exception SocketException If the socket timeout could not be set.

  288.      * @exception IOException If the socket could not be opened.  In most

  289.      *  cases you will only want to catch IOException since SocketException is

  290.      *  derived from it.

  291.      * @exception IllegalArgumentException If an invalid local port number

  292.      *            is specified.

  293.      ***/

  294.     public void connect(InetAddress host, int port,

  295.                         InetAddress localAddr, int localPort)

  296.     throws SocketException, IOException, IllegalArgumentException

  297.     {

  298.         if (localPort < MIN_CLIENT_PORT || localPort > MAX_CLIENT_PORT)

  299.             throw new IllegalArgumentException("Invalid port number " + localPort);

  300.         super.connect(host, port, localAddr, localPort);

  301.     }

  302. 

  303. 

  304.     /***

  305.      * Opens a Socket connected to a remote host at the specified port and

  306.      * originating from the specified local address and port. The

  307.      * local port must lie between <code> MIN_CLIENT_PORT </code> and

  308.      * <code> MAX_CLIENT_PORT </code> or an IllegalArgumentException will

  309.      * be thrown.

  310.      * Before returning, <a href="org.apache.commons.net.SocketClient.html#_connectAction_"> _connectAction_() </a>

  311.      * is called to perform connection initialization actions.

  312.      * <p>

  313.      * @param hostname  The name of the remote host.

  314.      * @param port  The port to connect to on the remote host.

  315.      * @param localAddr  The local address to use.

  316.      * @param localPort  The local port to use.

  317.      * @exception SocketException If the socket timeout could not be set.

  318.      * @exception IOException If the socket could not be opened.  In most

  319.      *  cases you will only want to catch IOException since SocketException is

  320.      *  derived from it.

  321.      * @exception UnknownHostException If the hostname cannot be resolved.

  322.      * @exception IllegalArgumentException If an invalid local port number

  323.      *            is specified.

  324.      ***/

  325.     public void connect(String hostname, int port,

  326.                         InetAddress localAddr, int localPort)

  327.     throws SocketException, IOException, IllegalArgumentException

  328.     {

  329.         if (localPort < MIN_CLIENT_PORT || localPort > MAX_CLIENT_PORT)

  330.             throw new IllegalArgumentException("Invalid port number " + localPort);

  331.         super.connect(hostname, port, localAddr, localPort);

  332.     }

  333. 

  334. 

  335.     /***

  336.      * Remotely executes a command through the rshd daemon on the server

  337.      * to which the RCommandClient is connected.  After calling this method,

  338.      * you may interact with the remote process through its standard input,

  339.      * output, and error streams.  You will typically be able to detect

  340.      * the termination of the remote process after reaching end of file

  341.      * on its standard output (accessible through

  342.      * <a href="#getInputStream"> getInputStream() </a>.  Disconnecting

  343.      * from the server or closing the process streams before reaching

  344.      * end of file will not necessarily terminate the remote process.

  345.      * <p>

  346.      * If a separate error stream is requested, the remote server will

  347.      * connect to a local socket opened by RCommandClient, providing an

  348.      * independent stream through which standard error will be transmitted.

  349.      * The local socket must originate from a secure port (512 - 1023),

  350.      * and rcommand() ensures that this will be so.

  351.      * RCommandClient will also do a simple security check when it accepts a

  352.      * connection for this error stream.  If the connection does not originate

  353.      * from the remote server, an IOException will be thrown.  This serves as

  354.      * a simple protection against possible hijacking of the error stream by

  355.      * an attacker monitoring the rexec() negotiation.  You may disable this

  356.      * behavior with

  357.      * <a href="org.apache.commons.net.bsd.RExecClient.html#setRemoteVerificationEnabled">

  358.      * setRemoteVerificationEnabled()</a>.

  359.      * <p>

  360.      * @param localUsername  The user account on the local machine that is

  361.      *        requesting the command execution.

  362.      * @param remoteUsername  The account name on the server through which to

  363.      *        execute the command.

  364.      * @param command   The command, including any arguments, to execute.

  365.      * @param separateErrorStream True if you would like the standard error

  366.      *        to be transmitted through a different stream than standard output.

  367.      *        False if not.

  368.      * @exception IOException If the rcommand() attempt fails.  The exception

  369.      *            will contain a message indicating the nature of the failure.

  370.      ***/

  371.     public void rcommand(String localUsername, String remoteUsername,

  372.                          String command, boolean separateErrorStream)

  373.     throws IOException

  374.     {

  375.         rexec(localUsername, remoteUsername, command, separateErrorStream);

  376.     }

  377. 

  378. 

  379.     /***

  380.      * Same as

  381.      * <code> rcommand(localUsername, remoteUsername, command, false); </code>

  382.      ***/

  383.     public void rcommand(String localUsername, String remoteUsername,

  384.                          String command)

  385.     throws IOException

  386.     {

  387.         rcommand(localUsername, remoteUsername, command, false);

  388.     }

  389. 

  390. }

  391.