SVCMGR(8) SVCMGR(8)
NAME
svcmgr - service remote computing requests
SYNOPSIS
/usr/ipc/mgrs/svcmgr [ -d ]
DESCRIPTION
Svcmgr performes services such as login and command execu-
tion, often in response to requests from network listeners
like dkmgr and tcpmgr(8). It should be run once from rc(8).
Svcmgr is controlled by several files in directory services
are defined in files serv and serv.local, authorization in
auth and auth.local. The .local files are searched first.
The idea is that serv and auth will be the same throughout
an administrative cluster of machines, and anything peculiar
to specific systems will be kept in serv.local and
auth.local.
Each service is announced as a name in directory using the
routines in ipc(3). When a connection is requested to one of
these services, svcmgr receives a file descriptor connected
to the requester. A new process is created to perform the
actions listed for that service in the serv files, usually
resulting in a login(8) with standard input, output, and
error files attached to the connection. Often there are
flags to login specifying a local user name or a command to
be executed. Environment variable CSOURCE is set to a
string of the form
source=remote-machine user=ruser line=lineinfo
Remote-machine and ruser are supplied in the connection mes-
sage; lineinfo network-dependent stuff of varying interest
and meaning. If a particular command was specified (the cmd
or exec action), login sets environment variable REXEC to
`1'.
The auth files are used to translate remote user names to
local ones. They contain lines with four fields:
service name
calling system name
calling user name
local user name
The service, calling system, and calling user names are reg-
ular expressions in the style of regexp(3). The calling sys-
tem and calling user fields may be omitted; `.*' is
assumed. The local user name is a literal name, `&' to
repeat the calling user name provided in the request, or `:'
SVCMGR(8) SVCMGR(8)
to explicitly reject a call. If the local user name is
omitted, `&' is assumed.
Several service actions `look up the connection in the auth
files.' This means to find the first line in auth.local or
auth for which the service, calling system, and calling user
match the patterns, and return the local user name in that
line (the same as the calling user if `&'). If no matching
line is found, or if the first match has local user name
`:', the lookup fails.
The serv files contain lines with three fields:
service name
a list of actions, separated by `+'
the calling system name
The calling system name is a regular expression as in the
auth file. The line matching an incoming call is the first
whose service matches the requested service and whose regu-
lar expression matches the calling machine.
The possible actions are:
`user(x)' Use local username x.
`auth' Look up the connection in the auth files. If a
match is found, use the resulting local user.
Otherwise reject the call.
`v9auth' Look up the connection in the auth files; if a
match is found, send `OK' to the caller, and use
the result. If there is no match, send `NO', and
read a string of the form `login,passwd\n'. If
the login and password describe a valid local
user, send `OK' and use that user; otherwise send
`NO' and try again (until the caller gives up).
This is the authentication protocol used by
ipclogin (see ipc(3)), hence by con(1), push(1),
and pull.
`inauth' Read two null-terminated strings from the caller.
If they aren't the same, reject the call. Other-
wise look up the service, calling system, and the
null-terminated string (as a user name) in the
auth files, use the resulting local user if
there's a match, reject the call otherwise. This
is the authentication protocol used by ipcrogin,
hence by rsh and rlogin; see ipc(3) and con(1).
`ttyld' Push the terminal line discipline ttyld(4) onto
the connection.
SVCMGR(8) SVCMGR(8)
`mesgld' Push the reverse message line discipline (see
mesgld(4)) onto the connection.
`term' Read a null-terminated string from the caller, and
set environment variable TERM to the result.
`args' Read a null-terminated string from the caller, and
save the result as arguments to a possible com-
mand.
`s5parms' Extract arguments from the destination address in
a way compatible with the DKHOST network software
used by System V Datakit implementations, and save
for later use.
`cmd(x)' Execute shell command x, with any saved arguments,
and with the connection as standard input, output,
and error.
`login' Provide a login session with the connection as
standard input, output, and error.
`password'
Provide a login session, but ignore any local user
name; always demand a login and password.
`exec' Use any saved arguments as a shell command to be
executed.
`gateout(gateway)'
Call network address gateway and send the connec-
tion info there, If all is well, pass the new
connection's file descriptor to the original
caller: the result is a connection through the
gateway. Gateway should be a svcmgr service, per-
haps on some other machine, with action gateway.
`gateway(localout)'
The intended target for gateout: read new connec-
tion info from the connection, and place a call to
the new destination; if it succeeds, loop passing
data between the new connection and the original
one.
If the file can be opened, svcmgr prints miscellaneous chat-
ter there, including a record of each service request. The
-d (debug) option increases the chatter.
FILES
SEE ALSO
con(1), ipc(3), dkmgr(8), tcpmgr(8), ipc(3)