RCommandClient.java

  1. /*
  2.  * Licensed to the Apache Software Foundation (ASF) under one or more
  3.  * contributor license agreements.  See the NOTICE file distributed with
  4.  * this work for additional information regarding copyright ownership.
  5.  * The ASF licenses this file to You under the Apache License, Version 2.0
  6.  * (the "License"); you may not use this file except in compliance with
  7.  * the License.  You may obtain a copy of the License at
  8.  *
  9.  *      http://www.apache.org/licenses/LICENSE-2.0
  10.  *
  11.  * Unless required by applicable law or agreed to in writing, software
  12.  * distributed under the License is distributed on an "AS IS" BASIS,
  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14.  * See the License for the specific language governing permissions and
  15.  * limitations under the License.
  16.  */

  18. package org.apache.commons.net.bsd;

  20. import java.io.IOException;
  21. import java.io.InputStream;
  22. import java.net.BindException;
  23. import java.net.InetAddress;
  24. import java.net.ServerSocket;
  25. import java.net.Socket;
  26. import java.net.SocketException;
  27. import java.net.UnknownHostException;
  28. import java.nio.charset.StandardCharsets;

  30. import org.apache.commons.net.io.SocketInputStream;

  32. /**
  33.  * RCommandClient is very similar to {@link org.apache.commons.net.bsd.RExecClient}, from which it is derived, and implements the rcmd() facility that first
  34.  * appeared in 4.2BSD Unix. rcmd() is the facility used by the rsh (rshell) and other commands to execute a command on another machine from a trusted host
  35.  * without issuing a password. The trust relationship between two machines is established by the contents of a machine's /etc/hosts.equiv file and a user's
  36.  * .rhosts file. These files specify from which hosts and accounts on those hosts rcmd() requests will be accepted. The only additional measure for establishing
  37.  * trust is that all client connections must originate from a port between 512 and 1023. Consequently, there is an upper limit to the number of rcmd connections
  38.  * that can be running simultaneously. The required ports are reserved ports on UNIX systems, and can only be bound by a process running with root permissions
  39.  * (to accomplish this rsh, rlogin, and related commands usualy have the suid bit set). Therefore, on a UNIX system, you will only be able to successfully use
  40.  * the RCommandClient class if the process runs as root. However, there is no such restriction on Windows95 and some other systems. The security risks are
  41.  * obvious. However, when carefully used, rcmd() can be very useful when used behind a firewall.
  42.  * <p>
  43.  * As with virtually all the client classes in org.apache.commons.net, this class derives from SocketClient. But it overrides most of its connection methods
  44.  * so that the local Socket will originate from an acceptable rshell port. The way to use RCommandClient is to first connect to the server, call the
  45.  * {@link #rcommand rcommand() } method, and then fetch the connection's input, output, and optionally error streams. Interaction with the remote command is
  46.  * controlled entirely through the I/O streams. Once you have finished processing the streams, you should invoke
  47.  * {@link org.apache.commons.net.bsd.RExecClient#disconnect disconnect() } to clean up properly.
  48.  * </p>
  49.  * <p>
  50.  * By default, the standard output and standard error streams of the remote process are transmitted over the same connection, readable from the input stream
  51.  * returned by {@link org.apache.commons.net.bsd.RExecClient#getInputStream getInputStream() } . However, it is possible to tell the rshd daemon to return the
  52.  * standard error stream over a separate connection, readable from the input stream returned by {@link org.apache.commons.net.bsd.RExecClient#getErrorStream
  53.  * getErrorStream() } . You can specify that a separate connection should be created for standard error by setting the boolean
  54.  * <code>separateErrorStream</code> parameter of {@link #rcommand rcommand() } to <code>true</code>. The standard input of the remote process can be written
  55.  * to through the output stream returned by {@link org.apache.commons.net.bsd.RExecClient#getOutputStream getOutputStream() } .
  56.  * </p>
  57.  *
  58.  * @see org.apache.commons.net.SocketClient
  59.  * @see RExecClient
  60.  * @see RLoginClient
  61.  */
  62. public class RCommandClient extends RExecClient {

  64.     /**
  65.      * The default rshell port. Set to 514 in BSD Unix.
  66.      */
  67.     public static final int DEFAULT_PORT = 514;

  69.     /**
  70.      * The smallest port number a rcmd client may use. By BSD convention this number is 512.
  71.      */
  72.     public static final int MIN_CLIENT_PORT = 512;

  74.     /**
  75.      * The largest port number a rcmd client may use. By BSD convention this number is 1023.
  76.      */
  77.     public static final int MAX_CLIENT_PORT = 1023;

  79.     /**
  80.      * The default RCommandClient constructor. Initializes the default port to <code>DEFAULT_PORT</code>.
  81.      */
  82.     public RCommandClient() {
  83.         setDefaultPort(DEFAULT_PORT);
  84.     }

  86.     /**
  87.      * Opens a Socket connected to a remote host at the specified port and originating from the current host at a port in a range acceptable to the BSD rshell
  88.      * daemon. Before returning, {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() } is called to perform connection initialization
  89.      * actions.
  90.      *
  91.      * @param host The remote host.
  92.      * @param port The port to connect to on the remote host.
  93.      * @throws SocketException If the socket timeout could not be set.
  94.      * @throws BindException   If all acceptable rshell ports are in use.
  95.      * @throws IOException     If the socket could not be opened. In most cases you will only want to catch IOException since SocketException is derived from
  96.      *                         it.
  97.      */
  98.     @Override
  99.     public void connect(final InetAddress host, final int port) throws SocketException, IOException {
  100.         connect(host, port, InetAddress.getLocalHost());
  101.     }

  103.     /**
  104.      * Opens a Socket connected to a remote host at the specified port and originating from the specified local address using a port in a range acceptable to
  105.      * the BSD rshell daemon. Before returning, {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() } is called to perform connection
  106.      * initialization actions.
  107.      *
  108.      * @param host      The remote host.
  109.      * @param port      The port to connect to on the remote host.
  110.      * @param localAddr The local address to use.
  111.      * @throws SocketException If the socket timeout could not be set.
  112.      * @throws BindException   If all acceptable rshell ports are in use.
  113.      * @throws IOException     If the socket could not be opened. In most cases you will only want to catch IOException since SocketException is derived from
  114.      *                         it.
  115.      */
  116.     public void connect(final InetAddress host, final int port, final InetAddress localAddr) throws SocketException, BindException, IOException {
  117.         int localPort;

  119.         for (localPort = MAX_CLIENT_PORT; localPort >= MIN_CLIENT_PORT; --localPort) {
  120.             try {
  121.                 _socket_ = _socketFactory_.createSocket(host, port, localAddr, localPort);
  122.             } catch (final SocketException e) {
  123.                 continue;
  124.             }
  125.             break;
  126.         }

  128.         if (localPort < MIN_CLIENT_PORT) {
  129.             throw new BindException("All ports in use or insufficient permssion.");
  130.         }

  132.         _connectAction_();
  133.     }

  135.     /**
  136.      * Opens a Socket connected to a remote host at the specified port and originating from the specified local address and port. The local port must lie
  137.      * between <code>MIN_CLIENT_PORT</code> and <code>MAX_CLIENT_PORT</code> or an IllegalArgumentException will be thrown. Before returning,
  138.      * {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() } is called to perform connection initialization actions.
  139.      *
  140.      * @param host      The remote host.
  141.      * @param port      The port to connect to on the remote host.
  142.      * @param localAddr The local address to use.
  143.      * @param localPort The local port to use.
  144.      * @throws SocketException          If the socket timeout could not be set.
  145.      * @throws IOException              If the socket could not be opened. In most cases you will only want to catch IOException since SocketException is
  146.      *                                  derived from it.
  147.      * @throws IllegalArgumentException If an invalid local port number is specified.
  148.      */
  149.     @Override
  150.     public void connect(final InetAddress host, final int port, final InetAddress localAddr, final int localPort)
  151.             throws SocketException, IOException, IllegalArgumentException {
  152.         if (localPort < MIN_CLIENT_PORT || localPort > MAX_CLIENT_PORT) {
  153.             throw new IllegalArgumentException("Invalid port number " + localPort);
  154.         }
  155.         super.connect(host, port, localAddr, localPort);
  156.     }

  158.     /**
  159.      * Opens a Socket connected to a remote host at the specified port and originating from the current host at a port in a range acceptable to the BSD rshell
  160.      * daemon. Before returning, {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() } is called to perform connection initialization
  161.      * actions.
  162.      *
  163.      * @param hostname The name of the remote host.
  164.      * @param port     The port to connect to on the remote host.
  165.      * @throws SocketException      If the socket timeout could not be set.
  166.      * @throws BindException        If all acceptable rshell ports are in use.
  167.      * @throws IOException          If the socket could not be opened. In most cases you will only want to catch IOException since SocketException is derived
  168.      *                              from it.
  169.      * @throws UnknownHostException If the hostname cannot be resolved.
  170.      */
  171.     @Override
  172.     public void connect(final String hostname, final int port) throws SocketException, IOException, UnknownHostException {
  173.         connect(InetAddress.getByName(hostname), port, InetAddress.getLocalHost());
  174.     }

  176.     /**
  177.      * Opens a Socket connected to a remote host at the specified port and originating from the specified local address using a port in a range acceptable to
  178.      * the BSD rshell daemon. Before returning, {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() } is called to perform connection
  179.      * initialization actions.
  180.      *
  181.      * @param hostname  The remote host.
  182.      * @param port      The port to connect to on the remote host.
  183.      * @param localAddr The local address to use.
  184.      * @throws SocketException If the socket timeout could not be set.
  185.      * @throws BindException   If all acceptable rshell ports are in use.
  186.      * @throws IOException     If the socket could not be opened. In most cases you will only want to catch IOException since SocketException is derived from
  187.      *                         it.
  188.      */
  189.     public void connect(final String hostname, final int port, final InetAddress localAddr) throws SocketException, IOException {
  190.         connect(InetAddress.getByName(hostname), port, localAddr);
  191.     }

  193.     /**
  194.      * Opens a Socket connected to a remote host at the specified port and originating from the specified local address and port. The local port must lie
  195.      * between <code>MIN_CLIENT_PORT</code> and <code>MAX_CLIENT_PORT</code> or an IllegalArgumentException will be thrown. Before returning,
  196.      * {@link org.apache.commons.net.SocketClient#_connectAction_ _connectAction_() } is called to perform connection initialization actions.
  197.      *
  198.      * @param hostname  The name of the remote host.
  199.      * @param port      The port to connect to on the remote host.
  200.      * @param localAddr The local address to use.
  201.      * @param localPort The local port to use.
  202.      * @throws SocketException          If the socket timeout could not be set.
  203.      * @throws IOException              If the socket could not be opened. In most cases you will only want to catch IOException since SocketException is
  204.      *                                  derived from it.
  205.      * @throws UnknownHostException     If the hostname cannot be resolved.
  206.      * @throws IllegalArgumentException If an invalid local port number is specified.
  207.      */
  208.     @Override
  209.     public void connect(final String hostname, final int port, final InetAddress localAddr, final int localPort)
  210.             throws SocketException, IOException, IllegalArgumentException, UnknownHostException {
  211.         if (localPort < MIN_CLIENT_PORT || localPort > MAX_CLIENT_PORT) {
  212.             throw new IllegalArgumentException("Invalid port number " + localPort);
  213.         }
  214.         super.connect(hostname, port, localAddr, localPort);
  215.     }

  217.     // Overrides method in RExecClient in order to implement proper
  218.     // port number limitations.
  219.     @Override
  220.     InputStream createErrorStream() throws IOException {
  221.         final Socket socket;

  223.         try (ServerSocket server = createServer()) {
  224.             _output_.write(Integer.toString(server.getLocalPort()).getBytes(StandardCharsets.UTF_8));
  225.             _output_.write(NULL_CHAR);
  226.             _output_.flush();
  227.             socket = server.accept();
  228.         }

  230.         if (isRemoteVerificationEnabled() && !verifyRemote(socket)) {
  231.             socket.close();
  232.             throw new IOException("Security violation: unexpected connection attempt by " + socket.getInetAddress().getHostAddress());
  233.         }

  235.         return new SocketInputStream(socket, socket.getInputStream());
  236.     }

  238.     private ServerSocket createServer() throws IOException {
  239.         for (int localPort = MAX_CLIENT_PORT; localPort >= MIN_CLIENT_PORT; --localPort) {
  240.             try {
  241.                 return _serverSocketFactory_.createServerSocket(localPort, 1, getLocalAddress());
  242.             } catch (final SocketException e) {
  243.                 continue;
  244.             }
  245.         }
  246.         throw new BindException("All ports in use.");
  247.     }

  249.     /**
  250.      * Same as <code>rcommand(localUserName, remoteUserName, command, false);</code>
  251.      *
  252.      * @param localUser  the local user
  253.      * @param remoteUser the remote user
  254.      * @param command        the command
  255.      * @throws IOException on error
  256.      */
  257.     public void rcommand(final String localUser, final String remoteUser, final String command) throws IOException {
  258.         rcommand(localUser, remoteUser, command, false);
  259.     }

  261.     /**
  262.      * Remotely executes a command through the rshd daemon on the server to which the RCommandClient is connected. After calling this method, you may interact
  263.      * with the remote process through its standard input, output, and error streams. You will typically be able to detect the termination of the remote process
  264.      * after reaching end of file on its standard output (accessible through {@link #getInputStream getInputStream()}). Disconnecting from the server or closing
  265.      * the process streams before reaching end of file will not necessarily terminate the remote process.
  266.      * <p>
  267.      * If a separate error stream is requested, the remote server will connect to a local socket opened by RCommandClient, providing an independent stream
  268.      * through which standard error will be transmitted. The local socket must originate from a secure port (512 - 1023), and rcommand() ensures that this will
  269.      * be so. RCommandClient will also do a simple security check when it accepts a connection for this error stream. If the connection does not originate from
  270.      * the remote server, an IOException will be thrown. This serves as a simple protection against possible hijacking of the error stream by an attacker
  271.      * monitoring the rexec() negotiation. You may disable this behavior with {@link org.apache.commons.net.bsd.RExecClient#setRemoteVerificationEnabled
  272.      * setRemoteVerificationEnabled()} .
  273.      * </p>
  274.      *
  275.      * @param localUser       The user account on the local machine that is requesting the command execution.
  276.      * @param remoteUser      The account name on the server through which to execute the command.
  277.      * @param command             The command, including any arguments, to execute.
  278.      * @param separateErrorStream True if you would like the standard error to be transmitted through a different stream than standard output. False if not.
  279.      * @throws IOException If the rcommand() attempt fails. The exception will contain a message indicating the nature of the failure.
  280.      */
  281.     public void rcommand(final String localUser, final String remoteUser, final String command, final boolean separateErrorStream) throws IOException {
  282.         rexec(localUser, remoteUser, command, separateErrorStream);
  283.     }

  285. }
Created with JaCoCo 0.8.12.202403310830