diff options
author | KatolaZ <katolaz@freaknet.org> | 2019-02-08 05:13:11 +0000 |
---|---|---|
committer | KatolaZ <katolaz@freaknet.org> | 2019-02-08 05:13:11 +0000 |
commit | 172540a4a29fa4c0c5f0431bb5bf5b3d08ec92c0 (patch) | |
tree | ac15b0b8ae60a42ffe04b3fd37cf2fbc97b2ddd6 /fingerd |
New upstream version 0.17upstream
Diffstat (limited to 'fingerd')
-rw-r--r-- | fingerd/.cvsignore | 1 | ||||
-rw-r--r-- | fingerd/Makefile | 18 | ||||
-rw-r--r-- | fingerd/fingerd.8 | 157 | ||||
-rw-r--r-- | fingerd/fingerd.c | 295 | ||||
-rw-r--r-- | fingerd/pathnames.h | 41 |
5 files changed, 512 insertions, 0 deletions
diff --git a/fingerd/.cvsignore b/fingerd/.cvsignore new file mode 100644 index 0000000..c65da7b --- /dev/null +++ b/fingerd/.cvsignore @@ -0,0 +1 @@ +fingerd diff --git a/fingerd/Makefile b/fingerd/Makefile new file mode 100644 index 0000000..6f956bc --- /dev/null +++ b/fingerd/Makefile @@ -0,0 +1,18 @@ +all: fingerd + +include ../MCONFIG +include ../MRULES + +fingerd: fingerd.o + $(CC) $(LDFLAGS) $^ $(LIBS) -o $@ + +fingerd.o: pathnames.h ../version.h + +install: fingerd + install -s -m$(DAEMONMODE) fingerd $(INSTALLROOT)$(SBINDIR)/in.fingerd + install -m$(MANMODE) fingerd.8 $(INSTALLROOT)$(MANDIR)/man8/in.fingerd.8 + ln -sf in.fingerd.8 $(INSTALLROOT)$(MANDIR)/man8/fingerd.8 + +clean: + rm -f *.o fingerd + diff --git a/fingerd/fingerd.8 b/fingerd/fingerd.8 new file mode 100644 index 0000000..9daa95b --- /dev/null +++ b/fingerd/fingerd.8 @@ -0,0 +1,157 @@ +.\" Copyright (c) 1980, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" from: @(#)fingerd.8 6.4 (Berkeley) 3/16/91 +.\" $Id: fingerd.8,v 1.18 2000/07/30 23:56:57 dholland Exp $ +.\" +.Dd August 29, 1996 +.Dt FINGERD 8 +.Os "Linux NetKit (0.17)" +.Sh NAME +.Nm fingerd +.Nd remote user information server +.Sh SYNOPSIS +.Nm fingerd +.Op Fl wulf +.Op Fl pL Ar path +.Op Fl t Ar timeout +.Sh DESCRIPTION +.Nm Fingerd +is a simple daemon based on +.%T RFC1196 +that provides an interface to the +.Dq finger +program at most network sites. +The program is supposed to return a friendly, +human-oriented status report on either the system at the moment +or a particular person in depth. +.Pp +If the +.Fl w +option is given, remote users will get an additional +.Dq Welcome to ... +banner +which also shows some informations (e.g. uptime, operating system name and +release) about the system the +.Nm fingerd +is running on. Some sites may consider this a security risk as it +gives out information that may be useful to crackers. +.Pp +If the +.Fl u +option is given, requests of the form +.Dq finger @host +are rejected. +.Pp +If the +.Fl l +option is given, information about requests made is logged. This +option probably violates users' privacy and should not be used on +multiuser boxes. +.Pp +If the +.Fl f +option is given, finger forwarding (user@host1@host2) is allowed. +Useful behind firewalls, but probably not wise for security and +resource reasons. +.Pp +The +.Fl p +option allows specification of an alternate location for fingerd to find +the +.Dq finger +program. The +.Fl L +option is equivalent. +.Pp +The +.Fl t +option specifies the time to wait for a request before closing the +connection. A value of 0 waits forever. The default is 60 seconds. +.Pp +Options to fingerd should be specified in +.Pa /etc/inetd.conf . +.Pp +The finger protocol consists mostly of specifying command arguments. +The +.Xr inetd 8 +.Dq super-server +runs +.Nm fingerd +for +.Tn TCP +requests received on port 79. +Once connected +.Nm fingerd +reads a single command line +terminated by a +.Aq Tn CRLF +which is passed to +.Xr finger 1 . +It closes its connections as soon as all output is finished. +.Pp +If the line is empty (i.e. just a +.Aq Tn CRLF +is sent) then +.Xr finger +returns a +.Dq default +report that lists all people logged into +the system at that moment. This feature is blocked by the +.Fl u +option. +.Pp +If a user name is specified (e.g. +.Pf eric Aq Tn CRLF ) +then the +response lists more extended information for only that particular user, +whether logged in or not. +Allowable +.Dq names +in the command line include both +.Dq login names +and +.Dq user names . +If a name is ambiguous, all possible derivations are returned. +.Sh SEE ALSO +.Xr finger 1 , +.Xr inetd 8 +.Sh RESTRICTIONS +Connecting directly to the server from a +.Tn TIP +or an equally narrow-minded +.Tn TELNET Ns \-protocol +user program can result +in meaningless attempts at option negotiation being sent to the +server, which will foul up the command line interpretation. +.Sh HISTORY +The finger daemon appeared in +.Bx 4.3 . diff --git a/fingerd/fingerd.c b/fingerd/fingerd.c new file mode 100644 index 0000000..856d2ba --- /dev/null +++ b/fingerd/fingerd.c @@ -0,0 +1,295 @@ +/* + * Copyright (c) 1983 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +char copyright[] = + "@(#) Copyright (c) 1983 The Regents of the University of California.\n" + "All rights reserved.\n"; + +/* + * from: @(#)fingerd.c 5.6 (Berkeley) 6/1/90" + */ +char rcsid[] = + "$Id: fingerd.c,v 1.23 1999/12/12 18:46:28 dholland Exp $"; + +#include <pwd.h> +#include <grp.h> +#include <netdb.h> +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <signal.h> +#include <syslog.h> +#include <getopt.h> +#include <netinet/in.h> +#include <sys/utsname.h> +#include <sys/wait.h> + +#include "pathnames.h" +#include "../version.h" + +#define ENTRIES 50 +#define WS " \t\r\n" + +/* These are used in this order if the finger path compiled in doesn't work. */ +#define _ALT_PATH_FINGER_1 "/usr/local/bin/finger" +#define _ALT_PATH_FINGER_2 "/usr/ucb/finger" +#define _ALT_PATH_FINGER_3 "/usr/bin/finger" + +static +void +fatal(const char *msg, int use_errno, int tolog, int toclient) +{ + const char *err = ""; + const char *sep = ""; + if (use_errno) { + err = strerror(errno); + sep = ": "; + } + if (tolog) syslog(LOG_ERR, "%s%s%s\n", msg, sep, err); + if (toclient) fprintf(stderr, "fingerd: %s%s%s\r\n", msg, sep, err); + else fprintf(stderr, "fingerd: Internal error\r\n"); + exit(1); +} + +static +void +timeout(int sig) +{ + (void)sig; + errno = ETIMEDOUT; + fatal("Input timeout", 0, 1, 1); +} + + +int +main(int argc, char *argv[]) +{ +#if 0 + FILE *fp; + int p[2], ch; + pid_t pid; +#endif + int ca; + const char *av[ENTRIES + 1]; + const char **avy; + char *const *avx; + char line[1024]; + int welcome = 0, heavylogging = 0, nouserlist = 0; + int patience = 60, forwarding = 0; + int k, nusers; + char *s, *t; + const char *fingerpath = NULL; + struct sockaddr_in sn; + socklen_t sval = sizeof(sn); + + + if (getpeername(0, (struct sockaddr *) &sn, &sval) < 0) { + fatal("getpeername", 1, 0, 1); + } + + openlog("fingerd", LOG_PID, LOG_DAEMON); + + if (!getuid() || !geteuid()) { + struct passwd *pwd = getpwnam("nobody"); + if (pwd) { + initgroups(pwd->pw_name, pwd->pw_gid); + setgid(pwd->pw_gid); + setuid(pwd->pw_uid); + } + seteuid(0); /* this should fail */ + if (!getuid() || !geteuid()) { + fatal("setuid: couldn't drop root", 0, 1, 0); + } + } + /*endpwent(); -- is it safe to put this here? */ + + opterr = 0; + while ((ca = getopt(argc, argv, "wlL:p:uft:h?")) != EOF) { + switch(ca) { + case 'w': + welcome = 1; + break; + case 'l': + heavylogging = 1; + break; + case 'L': + case 'p': + fingerpath = optarg; + break; + case 'u': + nouserlist = 1; + break; + case 'f': + forwarding = 1; + break; + case 't': + patience = atoi(optarg); + break; + case '?': + case 'h': + default: + syslog(LOG_ERR, "usage: fingerd [-wulf]" + "[-pL /path/finger] [-t timeout]"); + exit(1); + } + } + argc -= optind; + argv += optind; + + /* + * Hang up after a while so people can't DoS by leaving lots of + * open sockets about. + */ + if (patience != 0) { + signal(SIGALRM, timeout); + alarm(patience); + } + if (!fgets(line, sizeof(line), stdin)) { + fatal("Client hung up - probable port-scan", 0, 1, 0); + } + + if (welcome) { + char buf[256]; + struct hostent *hp; + struct utsname utsname; + + uname(&utsname); + gethostname(buf, sizeof(buf)); + if ((hp = gethostbyname(buf))) { + /* paranoia: dns spoofing? */ + strncpy(buf, hp->h_name, sizeof(buf)); + buf[sizeof(buf)-1] = 0; + } + printf("\r\nWelcome to %s version %s at %s !\r\n\n", + utsname.sysname, utsname.release, buf); + fflush(stdout); + switch (fork()) { + case -1: /* fork failed, oh well */ + break; + case 0: /* child */ + execl(_PATH_UPTIME, _PATH_UPTIME, NULL); + _exit(1); + default: /* parent */ + wait(NULL); + break; + } + fflush(stdout); + printf("\r\n"); + fflush(stdout); + } + + k = nusers = 0; + av[k++] = "finger"; + for (s = strtok(line, WS); s && k<ENTRIES; s = strtok(NULL, WS)) { + /* RFC742: "/[Ww]" == "-l" */ + if (!strncasecmp(s, "/w", 2)) memcpy(s, "-l", 2); + if (!forwarding) { + t = strchr(s, '@'); + if (t) { + fprintf(stderr, + "fingerd: forwarding not allowed\r\n"); + syslog(LOG_WARNING, "rejected %s\n", s); + exit(1); + } + } + if (heavylogging) { + if (*s=='-') syslog(LOG_INFO, "option %s\n", s); + else syslog(LOG_INFO, "fingered %s\n", s); + } + av[k++] = s; + if (*s!='-') nusers++; + } + av[k] = NULL; + if (nusers==0) { + /* finger @host */ + if (nouserlist) { + syslog(LOG_WARNING, "rejected finger @host\n"); + printf("Please supply a username\r\n"); + return 0; + } + if (heavylogging) syslog(LOG_INFO, "fingered @host\n"); + } + +/* Yay! we don't need to do this any more - finger does it for us */ +#if 0 + if (pipe(p) < 0) { + fatal("pipe", 1, 1, 0); + } + + pid = fork(); + if (pid<0) { + fatal("fork", 1, 1, 0); + } + if (pid==0) { + /* child */ + close(p[0]); + dup2(p[1], 1); + if (p[1]!=1) close(p[1]); +#endif + /* + * execv() takes (char *const *), because (char const *const *) + * doesn't work right in C (only in C++). C9x might fix this + * if we're lucky. In the meantime we need to defeat the type + * system to avoid warnings. + */ + avy = av; + /*avx = avy;*/ + memcpy(&avx, &avy, sizeof(avx)); + + if (fingerpath) execv(fingerpath, avx); + execv(_PATH_FINGER, avx); + execv(_ALT_PATH_FINGER_1, avx); + execv(_ALT_PATH_FINGER_2, avx); + execv(_ALT_PATH_FINGER_3, avx); + syslog(LOG_ERR, "Finger program not found\n"); + exit(1); +#if 0 + } + /* parent */ + close(p[1]); + + /* convert \n to \r\n. This should be an option to finger... */ + fp = fdopen(p[0], "r"); + if (!fp) { + fatal("fdopen", 1, 1, 0); + } + + while ((ch = getc(fp)) != EOF) { + if (ch == '\n') putchar('\r'); + putchar(ch); + } + return 0; +#endif +} diff --git a/fingerd/pathnames.h b/fingerd/pathnames.h new file mode 100644 index 0000000..4fa4dff --- /dev/null +++ b/fingerd/pathnames.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 1989 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * from: @(#)pathnames.h 5.3 (Berkeley) 6/1/90 + * $Id: pathnames.h,v 1.3 1996/07/13 23:21:42 dholland Exp $ + */ + +/* + * These should maybe be determined at configure/install time. + */ +#define _PATH_FINGER "/usr/bin/finger" +#define _PATH_UPTIME "/usr/bin/uptime" |