5 files changed, 512 insertions, 0 deletions
diff --git a/fingerd/.cvsignore b/fingerd/.cvsignore
new file mode 100644
index 0000000..c65da7b
--- /dev/null
+++ b/fingerd/.cvsignore
@@ -0,0 +1 @@
+fingerd
diff --git a/fingerd/Makefile b/fingerd/Makefile
new file mode 100644
index 0000000..6f956bc
--- /dev/null
+++ b/fingerd/Makefile
@@ -0,0 +1,18 @@
+all: fingerd
+
+include ../MCONFIG
+include ../MRULES
+
+fingerd: fingerd.o
+	$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
+
+fingerd.o: pathnames.h ../version.h
+
+install: fingerd
+	install -s -m$(DAEMONMODE) fingerd $(INSTALLROOT)$(SBINDIR)/in.fingerd
+	install -m$(MANMODE) fingerd.8 $(INSTALLROOT)$(MANDIR)/man8/in.fingerd.8
+	ln -sf in.fingerd.8 $(INSTALLROOT)$(MANDIR)/man8/fingerd.8
+
+clean:
+	rm -f *.o fingerd
+
diff --git a/fingerd/fingerd.8 b/fingerd/fingerd.8
new file mode 100644
index 0000000..9daa95b
--- /dev/null
+++ b/fingerd/fingerd.8
@@ -0,0 +1,157 @@
+.\" Copyright (c) 1980, 1991 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     from: @(#)fingerd.8	6.4 (Berkeley) 3/16/91
+.\"	$Id: fingerd.8,v 1.18 2000/07/30 23:56:57 dholland Exp $
+.\"
+.Dd August 29, 1996
+.Dt FINGERD 8
+.Os "Linux NetKit (0.17)"
+.Sh NAME
+.Nm fingerd
+.Nd remote user information server
+.Sh SYNOPSIS
+.Nm fingerd
+.Op Fl wulf
+.Op Fl pL Ar path
+.Op Fl t Ar timeout
+.Sh DESCRIPTION
+.Nm Fingerd
+is a simple daemon based on
+.%T RFC1196
+that provides an interface to the
+.Dq finger
+program at most network sites.
+The program is supposed to return a friendly,
+human-oriented status report on either the system at the moment
+or a particular person in depth. 
+.Pp
+If the
+.Fl w
+option is given, remote users will get an additional 
+.Dq Welcome to ...
+banner
+which also shows some informations (e.g. uptime, operating system name and
+release) about the system the
+.Nm fingerd
+is running on. Some sites may consider this a security risk as it
+gives out information that may be useful to crackers. 
+.Pp
+If the 
+.Fl u
+option is given, requests of the form
+.Dq finger @host
+are rejected.
+.Pp
+If the
+.Fl l
+option is given, information about requests made is logged. This
+option probably violates users' privacy and should not be used on
+multiuser boxes.
+.Pp
+If the
+.Fl f
+option is given, finger forwarding (user@host1@host2) is allowed.
+Useful behind firewalls, but probably not wise for security and
+resource reasons.
+.Pp
+The 
+.Fl p
+option allows specification of an alternate location for fingerd to find
+the 
+.Dq finger
+program. The
+.Fl L
+option is equivalent.
+.Pp
+The
+.Fl t
+option specifies the time to wait for a request before closing the
+connection.  A value of 0 waits forever.  The default is 60 seconds.
+.Pp
+Options to fingerd should be specified in 
+.Pa /etc/inetd.conf .
+.Pp
+The finger protocol consists mostly of specifying command arguments.
+The 
+.Xr inetd 8
+.Dq super-server
+runs
+.Nm fingerd
+for 
+.Tn TCP
+requests received on port 79.
+Once connected 
+.Nm fingerd
+reads a single command line
+terminated by a
+.Aq Tn CRLF
+which is passed to
+.Xr finger 1 .
+It closes its connections as soon as all output is finished.
+.Pp
+If the line is empty (i.e. just a
+.Aq Tn CRLF
+is sent) then 
+.Xr finger
+returns a
+.Dq default
+report that lists all people logged into
+the system at that moment. This feature is blocked by the 
+.Fl u
+option.
+.Pp
+If a user name is specified (e.g.
+.Pf eric Aq Tn CRLF )
+then the
+response lists more extended information for only that particular user,
+whether logged in or not.
+Allowable
+.Dq names
+in the command line include both
+.Dq login names
+and
+.Dq user names .
+If a name is ambiguous, all possible derivations are returned.
+.Sh SEE ALSO
+.Xr finger 1 ,
+.Xr inetd 8
+.Sh RESTRICTIONS
+Connecting directly to the server from a
+.Tn TIP
+or an equally narrow-minded
+.Tn TELNET Ns \-protocol
+user program can result
+in meaningless attempts at option negotiation being sent to the
+server, which will foul up the command line interpretation.
+.Sh HISTORY
+The finger daemon appeared in
+.Bx 4.3 .
diff --git a/fingerd/fingerd.c b/fingerd/fingerd.c
new file mode 100644
index 0000000..856d2ba
--- /dev/null
+++ b/fingerd/fingerd.c
@@ -0,0 +1,295 @@
+/*
+ * Copyright (c) 1983 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+char copyright[] =
+  "@(#) Copyright (c) 1983 The Regents of the University of California.\n"
+  "All rights reserved.\n";
+
+/* 
+ * from: @(#)fingerd.c	5.6 (Berkeley) 6/1/90"
+ */
+char rcsid[] = 
+  "$Id: fingerd.c,v 1.23 1999/12/12 18:46:28 dholland Exp $";
+
+#include <pwd.h>
+#include <grp.h>
+#include <netdb.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <signal.h>
+#include <syslog.h>
+#include <getopt.h>
+#include <netinet/in.h>
+#include <sys/utsname.h>
+#include <sys/wait.h>
+
+#include "pathnames.h"
+#include "../version.h"
+
+#define	ENTRIES	50
+#define WS " \t\r\n"
+
+/* These are used in this order if the finger path compiled in doesn't work. */
+#define _ALT_PATH_FINGER_1 "/usr/local/bin/finger"
+#define _ALT_PATH_FINGER_2 "/usr/ucb/finger"
+#define _ALT_PATH_FINGER_3 "/usr/bin/finger"
+
+static
+void
+fatal(const char *msg, int use_errno, int tolog, int toclient)
+{
+	const char *err = "";
+	const char *sep = "";
+	if (use_errno) {
+		err = strerror(errno);
+		sep = ": ";
+	}
+	if (tolog) syslog(LOG_ERR, "%s%s%s\n", msg, sep, err);
+	if (toclient) fprintf(stderr, "fingerd: %s%s%s\r\n", msg, sep, err);
+	else fprintf(stderr, "fingerd: Internal error\r\n");
+	exit(1);
+}
+
+static
+void
+timeout(int sig)
+{
+	(void)sig;
+	errno = ETIMEDOUT;
+	fatal("Input timeout", 0, 1, 1);
+}
+
+
+int
+main(int argc, char *argv[])
+{
+#if 0
+	FILE *fp;
+	int p[2], ch;
+	pid_t pid;
+#endif
+	int ca;
+	const char *av[ENTRIES + 1];
+	const char **avy;
+	char *const *avx;
+	char line[1024];
+	int welcome = 0, heavylogging = 0, nouserlist = 0;
+	int patience = 60, forwarding = 0;
+	int k, nusers;
+	char *s, *t;
+	const char *fingerpath = NULL;
+	struct sockaddr_in sn;
+	socklen_t sval = sizeof(sn);
+
+
+	if (getpeername(0, (struct sockaddr *) &sn, &sval) < 0) {
+		fatal("getpeername", 1, 0, 1);
+	}
+
+	openlog("fingerd", LOG_PID, LOG_DAEMON);
+
+	if (!getuid() || !geteuid()) {
+		struct passwd *pwd = getpwnam("nobody");
+		if (pwd) {
+			initgroups(pwd->pw_name, pwd->pw_gid);
+			setgid(pwd->pw_gid);
+			setuid(pwd->pw_uid);
+		}
+		seteuid(0);   /* this should fail */
+		if (!getuid() || !geteuid()) {
+			fatal("setuid: couldn't drop root", 0, 1, 0);
+		}
+	}
+	/*endpwent();  -- is it safe to put this here? */
+
+	opterr = 0;
+	while ((ca = getopt(argc, argv, "wlL:p:uft:h?")) != EOF) {
+		switch(ca) {
+		  case 'w':
+			welcome = 1;
+			break;
+		  case 'l':
+		        heavylogging = 1;
+			break;
+		  case 'L': 
+		  case 'p':
+		        fingerpath = optarg;
+			break;
+		  case 'u':
+		        nouserlist = 1;
+			break;
+		  case 'f':
+		        forwarding = 1;
+			break;
+		  case 't':
+		        patience = atoi(optarg);
+			break;
+		  case '?':
+		  case 'h':
+		  default:
+			syslog(LOG_ERR, "usage: fingerd [-wulf]"
+					"[-pL /path/finger] [-t timeout]");
+			exit(1);
+		}
+	}
+	argc -= optind;
+	argv += optind;
+
+	/*
+	 * Hang up after a while so people can't DoS by leaving lots of
+	 * open sockets about.
+	 */
+	if (patience != 0) {
+		signal(SIGALRM, timeout);
+		alarm(patience);
+	}
+	if (!fgets(line, sizeof(line), stdin)) {
+		fatal("Client hung up - probable port-scan", 0, 1, 0);
+	}
+
+	if (welcome) {
+		char buf[256];
+		struct hostent *hp;
+		struct utsname utsname;
+
+		uname(&utsname);
+		gethostname(buf, sizeof(buf));
+		if ((hp = gethostbyname(buf))) {
+			/* paranoia: dns spoofing? */
+			strncpy(buf, hp->h_name, sizeof(buf));
+			buf[sizeof(buf)-1] = 0;
+		}
+		printf("\r\nWelcome to %s version %s at %s !\r\n\n",
+				utsname.sysname, utsname.release, buf);
+		fflush(stdout);
+		switch (fork()) {
+		 case -1: /* fork failed, oh well */
+		     break;
+		 case 0: /* child */
+		     execl(_PATH_UPTIME, _PATH_UPTIME, NULL);
+		     _exit(1);
+		 default: /* parent */
+		     wait(NULL);
+		     break;
+		}
+		fflush(stdout);
+		printf("\r\n");
+		fflush(stdout);
+	}
+
+	k = nusers = 0;
+	av[k++] = "finger";
+	for (s = strtok(line, WS); s && k<ENTRIES; s = strtok(NULL, WS)) {
+		/* RFC742: "/[Ww]" == "-l" */
+		if (!strncasecmp(s, "/w", 2)) memcpy(s, "-l", 2);
+		if (!forwarding) {
+		    t = strchr(s, '@');
+		    if (t) {
+			    fprintf(stderr,
+				    "fingerd: forwarding not allowed\r\n");
+			    syslog(LOG_WARNING, "rejected %s\n", s);
+			    exit(1);
+		    }
+		}
+		if (heavylogging) {
+		    if (*s=='-') syslog(LOG_INFO, "option %s\n", s);
+		    else syslog(LOG_INFO, "fingered %s\n", s);
+		}
+		av[k++] = s;
+		if (*s!='-') nusers++;
+	}
+	av[k] = NULL;
+	if (nusers==0) {
+		/* finger @host */
+		if (nouserlist) {
+			syslog(LOG_WARNING, "rejected finger @host\n");
+			printf("Please supply a username\r\n");
+			return 0;
+		}
+		if (heavylogging) syslog(LOG_INFO, "fingered @host\n");
+	}
+
+/* Yay! we don't need to do this any more - finger does it for us */
+#if 0
+	if (pipe(p) < 0) {
+		fatal("pipe", 1, 1, 0);
+	}
+
+	pid = fork();
+	if (pid<0) {
+		fatal("fork", 1, 1, 0);
+	}
+	if (pid==0) {
+		/* child */
+		close(p[0]);
+		dup2(p[1], 1);
+		if (p[1]!=1) close(p[1]);
+#endif
+		/*
+		 * execv() takes (char *const *), because (char const *const *)
+		 * doesn't work right in C (only in C++). C9x might fix this
+		 * if we're lucky. In the meantime we need to defeat the type
+		 * system to avoid warnings.
+		 */
+		avy = av;
+		/*avx = avy;*/
+		memcpy(&avx, &avy, sizeof(avx));
+
+		if (fingerpath) execv(fingerpath, avx);
+		execv(_PATH_FINGER, avx);
+		execv(_ALT_PATH_FINGER_1, avx);
+		execv(_ALT_PATH_FINGER_2, avx);
+		execv(_ALT_PATH_FINGER_3, avx);
+		syslog(LOG_ERR, "Finger program not found\n");
+		exit(1);
+#if 0
+	}
+	/* parent */
+	close(p[1]);
+
+	/* convert \n to \r\n. This should be an option to finger... */
+	fp = fdopen(p[0], "r");
+	if (!fp) {
+		fatal("fdopen", 1, 1, 0);
+	}
+
+	while ((ch = getc(fp)) != EOF) {
+		if (ch == '\n')	putchar('\r');
+		putchar(ch);
+	}
+	return 0;
+#endif
+}
diff --git a/fingerd/pathnames.h b/fingerd/pathnames.h
new file mode 100644
index 0000000..4fa4dff
--- /dev/null
+++ b/fingerd/pathnames.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 1989 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	from: @(#)pathnames.h	5.3 (Berkeley) 6/1/90
+ *	$Id: pathnames.h,v 1.3 1996/07/13 23:21:42 dholland Exp $
+ */
+
+/*
+ * These should maybe be determined at configure/install time.
+ */
+#define	_PATH_FINGER	"/usr/bin/finger"
+#define _PATH_UPTIME	"/usr/bin/uptime"