Winsock REXECD/NT Change Log

1.08.06 - Changed to avoid a problem that could occur with the order in which the pipes used to capture stdin/stdout/stderr where closed, possibly resulting in the truncation of output or the appearance that the rexec was hung for a period of time.

1.08.05 - It was possible that stderr output could be truncated when sent back to the client if there was a large amount of output queued to be sent.

1.08.04 - Fixed problem with sorting environment variables when using an Environment Variable File. If variables contained embedded
characters other than letters or numbers (such as the underscore), they may not be sorted correctly in the command's environment.

- Strips any leading spaces in commands received from rexec. A bug in the Linux port of rexec adds a space to the beginning of the command, and the Windows CreateProcess API calls do not like this. So REXECD will now strip off any leading spaces.

1.08.03 - Improved detection of process ending when capturing stdout/stderr.

1.08.02 - If files were rcp'd from the system running REXECD using the -p option of the rcp command to preserve file modification times, the time on the files created on the destination system (where the rcp command was issued) was off by 1 hour when standard time was in effect.

1.08.01 - A "connection aborted" TCP/IP error was occurring at random times when data was received from the rexec client. This usually occurred when two nearly simultaneous rexec commands were received. It would result in a "Protocol negotiation error" appearing in the REXECD error log file and a "Connection Aborted" error in the REXECD message log file. On the client side, the rexec command would either appear hung or would time out, depending on how gracefully the rexec command handled it. This was due to a timing problem in REXECD and has been fixed.

1.08.00 - Added the ability to use "subst" commands in the automap.ini file in addition to "net use" commands to map drives to local directories. See the manual for details.

- Added command line options /m (minimize) and /h (hide) to minimize or hide the window when running as a stand alone application using /s. The option must be specified after /s and there must be a space between /s and /m or /h. For example: wrexecnt.exe /s /m

- Added the ability to specify "*EventLog" for the Request Log, Deny Log, and Error Log fields in the Control Panel applet. If "*EventLog" is specified in these fields, the data that would have normally been written to a file will be written to the Windows Application Event Log instead. The Truncate button will have no effect.

- Added an option to the installer to specify whether windows of programs run through the service should be hidden. This option has always been available in the Control Panel applet, but it now asks for it during new installs.

1.07.02 - If a system had a Layered Service Provider (LSP) installed in Windows Sockets, REXECD/NT could fail to service rsh and rcp commands. The Message Log would show Winsock error 10038's when trying to
read data from the socket.

1.07.01 - The correct version was not being displayed on the Service Control tab of the REXECD Control Panel applet.

1.07.00 - It will now kill the command started if it detects that the client has disconnected. This is to allow remote commands to be killed even when the client does not properly send the interrupt signal (such as the native Windows rexec command). This will only work if stdin/stdout/stderr is being redirected and the "buffer" option is
not checked. This can be disabled by checking the option "Disable Killing Command on Client Disconnect?".

- When the -p option was used in the rcp command on the client to preserve the date, time, and permissions of the file(s) copied, and the files were being copied from the system running REXECD/NT to the client, the time was sometimes off by one hour.

1.06.05 - When using rcp through rexec, if you checked the option to validate remote users only (do not log in), it would validate the user, but then still try to log in as that user to do the rcp. It did this incorrectly, so the rcp would fail even though the user/password was valid.

1.06.04 - When running as an application (instead of a service), it would not start if the Message Level was set to 4 or higher. This did not affect it when running as a service.

1.06.03 - If you unchecked the option "Attempt Redirection on Every Command?", the REXECD Control Panel applet was not saving the value correctly in the registry, so the service would ignore that you had unchecked
the option and continue to do redirection. Also, the service was ignoring the option "Wait for Command to Complete?" (which can only be checked if you uncheck the "Attempt Redirection..." option.

1.06.02 - There was a problem with the REXECD Control Panel applet, where it was saving the answer to the question "Only Validate Remote User/Password (Do not log in)?" under an incorrect registry entry name. So the Control Panel applet was saving it under one name, and the service was looking for it under a different name, so the default was always used (which is unchecked, so it would always actually log in as the remote user).

1.06.01 - If a malicious user wrote an rexec-like client that sent a negative number as the stderr port, the wrexecsp.exe process would go into a loop for a long period, eating up CPU cycles. This condition will now be trapped.

- Starting with version 1.06, you have the option of adding a selection to the Start menu to run the REXECD Control Panel applet instead of using the Control Panel. The optional program that starts the applet was remaining in memory even after the applet was closed. It did not cause any harm in doing that - the process was idle and took
up little memory, but it was there. This has been corrected.

- Some of the .exe files and the wrexecnt.cpl file had prior version numbers encoded in the embeded version information, so if you looked at the File Properties in Windows Explorer, the Version tab showed
an incorrect version. This had no effect on the actual function of the software, but it has been corrected.

1.06.00 - Changed to a two-process architecture, where a new process is started to handle each rexec connection rather than handle them with threads inside the service. This greatly reduces the chance of any one rexec
command stopping the service and also cleans up some desktop and windowstation resource contention issues.

- REXECD/NT will now watch for a "kill" or interrupt signal from the rexec command on the client. If the signal is received, it will attempt to kill the command being executed. Note that not all rexec commands pass through the kill signal - in particular, the native rexec command that comes with Windows NT/2000 does NOT send it, so pressing Control-C when using the native NT/2000 rexec command will NOT kill the command on the server running REXECD/NT. But the Unix rexecd command does pass the signal as does the rexec in Denicomp's Winsock RCP/RSH/REXEC for Win32 software. There is an option on the REXEC Options tab to disable the watching for the kill signal if you prefer to not allow remote users to kill commands once they start.

- REXECD/NT will now load the profile and user-specific environment variables. There are also options available there to disable the loading of the profile and user-specific environment variables.

- There is a new option that allows you to restrict all file accesses through the rcp command to the RCP Home Directory. This can be found on the RCP Options tab and when enabled, all files referenced in the rcp command where either the source or destination system is the system running REXECD/NT will be relative to that directory you specify. Note that this only affects the rcp command, not rexec commands.

- Added new option "Wait for Command to Complete" on the REXEC Options tab. This is only available if you uncheck the option "Attempt Redirection on Every Command". It tells REXECD/NT to wait for commands to complete before ending the rexec on the client, but no stdin/stdout/stderr will be redirected from the command.

- In all of the settings in the Control Panel applet that require a filename to be specified (except the Location field), you can use an environment variable in the name (example: %TEMP%\rexecdnt.log). These variables must be available to the service - you cannot set them through the Environment Variable File and they will not be taken from
user-specific environment variables. They are taken from the environment the service inherits from the Service Manager. Also, you can use a variable %REXECD%, which will be set to the directory where REXECD/NT has been installed.
 
- The Service Control button has been removed from the REXECD Control Panel applet and the functions are now on a separate tab. The new Service Control tab will also display the current service status (Running, Stopped, etc.) and the REXECD/NT version installed.

- The Apply button is now active in the REXECD Control Panel applet, allowing you to save changes without exiting the window.

- If you use the Edit Security button in the REXECD Control Panel applet and the Security File does not exist, it will create the file with some comments showing the format of the file.

- Truncate buttons have been added for each of the logs available in the REXECD Control Panel applet to allow you to easily truncate the logs to keep them from growing too large.

- When installing, you have the option of creating an entry on the Start menu to get to the REXECD Control Panel applet instead of going through the Control Panel. This is especially useful when running under 64-bit versions of Windows, since the 64-bit Control Panel cannot load our 32-bit applet.

1.05.03 - A malicious program could connect to the service and send a large string on the connection and cause the service to abort. It will now prevent this from occurring.

1.05.02 - If an Environment Variable File was specified in the REXECD Control Panel applet and the file did not exist, it could cause the service to abort with an exception error.

1.05.01 - Was skipping the last line in the Environment Variable File, so the variable specified on the last line was not set.

1.05.00 - Changed some internal memory allocation methods to solve problem where the service sometimes stopped for no good reason.
 
1.04.08 - The internal shutdown and reboot commands were always returning an "access denied" error.

- The internal CD command could potentially return a "path not found" error if the CD command contained quotes around a directory name that contained spaces (for example, cd \"\program files\"). It usually worked, but the potential was there that it would not.

1.04.07 - The option "Only Validate Remote User/Password (Do not log in)?" in the REXECD Control Panel applet was not working. Using it would result in either an error on every rexec (privilege not held by client) or it would abort with an exception. This has been corrected. Reworked thread startup and cleanup code (internal stuff). On a very few systems/commands, NT was telling us that the command had not yet completed, even though it had really ended.

1.04.06 - If an Environment Variable File was specified in the REXECD Control Panel applet and the file did not exist, it could cause the service to abort with an exception error.

1.04.05 - Was not allowing some rcp's when the -x option was used in our Winsock RCP/RSH/REXEC for Win32 (rcp through rexec).

1.04.04 - Was combining stdout and stderr onto stdout, even though it did establish a second connection for a separate stderr channel.

1.04.03 - Was not releasing a desktop resource, so eventually you would begin receiving an error 1816 (quota error).

1.04.02 - Allows a virtually unlimited command line from rexec (limited by memory). However, NT itself only allows a command line of up to 32767 bytes and CMD.EXE allows only 128 bytes.

1.04.01 - Was dropping the connection if you tried to rcp multiple files to the NT system.

1.04 - There is now a method available for more easily using network drives (and printers) through REXECD/NT. This requires an explanation that is beyond the scope of this document (it is fully explained in the REXECD/NT
reference manual). Briefly, you can create a file AUTOMAP.INI in the REXECD/NT installation directory and place NET USE commands in it and REXECD/NT will map the drives before each rexec/rcp command and unmap them afterward.

- There is a new indicator available that allows you to tell REXECD/NT to run the command in its own virtual Windows machine. This only affects DOS and 16-bit Windows programs executed through REXECD/NT.
Normally, NT executes them all within a single virtual machine. If you use the special "<[SEPARATE]>" or "<[SEP]>" in the rexec command, it will tell Windows NT to create a separate virtual machine for that
command. This has no effect on 32-bit programs. This indicator is currently undocumented (except for here), but is supported.
 
- There is a registry entry that can be set that affects the way REXECD/NT closes TCP/IP connections. Normally, REXECD/NT closes the rexec/rcp connection gracefully (normally). This leaves the connection(s) in a TCP/IP TIME_WAIT state (seen with netstat). This is normal. If you create the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\DenicompSystems\WREXECD\Setup\KillTimeWait

REXECD/NT will do an "abortive" close and will effectively avoid the TIME_WAIT state on the connection(s). Create this as a new String Value and set it to a number greater than zero (0). The value used indicates the number of seconds REXECD/NT should wait before doing the abortive close. When the connection is aborted, it is likely that some data may not make it to the client (such as the tail end of stdout or the end of a file rcp'd). This delay gives the data an opportunity to reach the client before the connection is aborted. You will experience a pause (of the number of seconds specified) after each rexec/rcp command.

This option is UNSUPPORTED - it may or may not work for you. Use at your own discretion.

- There are now one minute timeouts on rcp send and receive operations. During an rcp, if no data is received in one minute or a send is not acknowledged within one minute, it is assumed that the connection is broken and the rcp will be terminated. Previously, the TCP/IP stack default was used. Note that the one minute timeout is not for the entire file - it is for one individual send or receive operation within the file. If your network is extremely slow and it possible that data cannot be sent or received in one minute, you can increase the timeout with the following registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\DenicompSystems\WREXECD\Setup\RCPSendTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\DenicompSystems\WREXECD\Setup\RCPRecvTimeout

Create these as new String Values and set them to the number of seconds required for a timeout. Setting them to "0" uses the TCP/IP default.

- You can now set a registry option that allows you to overwrite files with rcp if another process has them opened for reading. Normally, REXECD/NT would not allow this because it would detect that the file was in use and return an error to the rcp command. In our view this should not normally be permitted. However, at times it may be desired. One example would be files used by Microsoft IIS, which apparently caches files and keeps them open for reading while they are cached. To allow the overwriting of files opened for reading by other processes, create the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\DenicompSystems\WREXECD\Setup\RCPAllowOpens

Create as a new String Value and set to a value of "1" to allow the open files to be overwritten or "0" to disallow it. Keep in mind that this only allows files opened *non-exclusively* and for *reading* by another process to be overwritten.

- Corrected a problem with the error message returned to rcp when the disk was full. It was incorrectly reporting an error number of 0.

- The control panel applet was not saving the "Attempt Redirection on Every Command?" option correctly. If you unchecked the option, it would remain unchecked on the screen, but it was still being saved to the registry as if it were checked.

1.03 - Was always using a port numbered 1023 or below for stderr (like rshd), which is not required for rexec (although it works).

 - In some instances, the password was being used instead of the user name when checking the security file (i.e. password@host instead of user@host).

- Now allows you to log in with the user format DOMAIN\User (i.e. rexec -l DOMAIN\user host cmd).
- There is an "undocumented" registry entry "KillTimeWait" that can be set in HKEY_LOCAL_MACHINE\SOFTWARE\DenicompSystems\WREXECDNT\Setup that will do an "abortive close" and effectively avoid the TIME_WAIT state on the REXECD side of the connection. However, this can cause standard I/O to be truncated and can cause error messages on the client (rexec). You can now set this any non-zero value to enable the abortive close. REXECD take the value specified and pause that number of seconds before doing the abortive close (to potentially allow data to be fully sent first). You can experiment with values to obtain the results you desire, but this option is still not supported for standard operation and should be used at your own discretion.

1.02 - Standard error was being combined with standard output and being sent back to the rexec command on the standard output channel. Fixed so that they are sent separately.

1.01 - Changed rcp to handle 64-bit file size (greater than 2GB).

1.00 - Initial public release.