From owner-freebsd-audit Sat Aug 11 10: 3:10 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.chem.msu.ru (mail.chem.msu.ru [195.208.208.19]) by hub.freebsd.org (Postfix) with ESMTP id D165237B406 for ; Sat, 11 Aug 2001 10:02:52 -0700 (PDT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su ([158.250.32.97]) by mail.chem.msu.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id NHPRWWT0; Sat, 11 Aug 2001 20:54:24 +0400 Received: (from yar@localhost) by comp.chem.msu.su (8.11.1/8.11.1) id f7BH2kA02623 for audit@FreeBSD.ORG; Sat, 11 Aug 2001 21:02:46 +0400 (MSD) (envelope-from yar) Date: Sat, 11 Aug 2001 21:02:45 +0400 From: Yar Tikhiy To: audit@FreeBSD.ORG Subject: finger(1) & fingerd(8): take 2 Message-ID: <20010811210245.H80842@comp.chem.msu.su> References: <20010728155159.A35483@snark.rinet.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010728155159.A35483@snark.rinet.ru>; from yar@FreeBSD.ORG on Sat, Jul 28, 2001 at 03:51:59PM +0400 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi everybody, Here's the second version of the patches for finger(1) and fingerd(8), which implement the option of hiding users whose home directories are protected from "other". Please review them. Thank you. -- Yar Index: finger/finger.1 =================================================================== RCS file: /home/ncvs/src/usr.bin/finger/finger.1,v retrieving revision 1.22 diff -u -r1.22 finger.1 --- finger/finger.1 2001/07/10 14:15:57 1.22 +++ finger/finger.1 2001/08/11 16:51:00 @@ -40,7 +40,7 @@ .Nd user information lookup program .Sh SYNOPSIS .Nm -.Op Fl lmpshoT +.Op Fl lmpshoHT .Op Ar user ...\& .Op Ar user@host ...\& .Sh DESCRIPTION @@ -149,6 +149,12 @@ .Nm is case insensitive. .Pp +.It Fl H +If the user's home directory exists, but is unaccessible, +behave as though there is the +.Dq Pa .nofinger +file in it, i.e. pretend the user is nonexistent. +.Pp .It Fl T Disable the piggybacking of data on the initial connection request. This option is needed to finger hosts with a broken TCP implementation. @@ -191,6 +197,9 @@ exists in the user's home directory, .Nm behaves as if the user in question does not exist. +See also the +.Fl H +option. .Pp The optional .Xr finger.conf 5 Index: finger/finger.c =================================================================== RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v retrieving revision 1.24 diff -u -r1.24 finger.c --- finger/finger.c 2001/03/21 18:43:49 1.24 +++ finger/finger.c 2001/08/11 16:51:00 @@ -88,7 +88,7 @@ DB *db; time_t now; -int entries, lflag, mflag, pplan, sflag, oflag, Tflag; +int entries, lflag, mflag, pplan, sflag, oflag, Hflag, Tflag; int d_first = -1; char tbuf[1024]; @@ -105,7 +105,7 @@ optind = 1; /* reset getopt */ - while ((ch = getopt(argc, argv, "lmpshoT")) != -1) + while ((ch = getopt(argc, argv, "lmpshoHT")) != -1) switch(ch) { case 'l': lflag = 1; /* long format */ @@ -125,6 +125,9 @@ case 'o': oflag = 1; /* office info */ break; + case 'H': + Hflag = 1; /* hide if protected homedir */ + break; case 'T': Tflag = 1; /* disable T/TCP */ break; @@ -139,7 +142,7 @@ static void usage() { - (void)fprintf(stderr, "usage: finger [-lmpshoT] [login ...]\n"); + (void)fprintf(stderr, "usage: finger [-lmpshoHT] [login ...]\n"); exit(1); } Index: finger/util.c =================================================================== RCS file: /home/ncvs/src/usr.bin/finger/util.c,v retrieving revision 1.15 diff -u -r1.15 util.c --- finger/util.c 2001/08/08 21:22:48 1.15 +++ finger/util.c 2001/08/11 16:51:00 @@ -412,6 +412,7 @@ hide(pw) struct passwd *pw; { + extern int Hflag; struct stat st; char buf[MAXPATHLEN]; @@ -421,6 +422,8 @@ snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, _PATH_NOFINGER); if (stat(buf, &st) == 0) + return 1; + if (Hflag && errno != ENOENT) return 1; return 0; Index: fingerd/fingerd.8 =================================================================== RCS file: /home/ncvs/src/libexec/fingerd/fingerd.8,v retrieving revision 1.8 diff -u -r1.8 fingerd.8 --- fingerd/fingerd.8 2001/08/10 13:45:21 1.8 +++ fingerd/fingerd.8 2001/08/11 16:51:00 @@ -42,6 +42,7 @@ .Nm .Op Fl s .Op Fl l +.Op Fl H .Op Fl p Ar filename .Sh DESCRIPTION .Nm Fingerd @@ -117,6 +118,10 @@ this option allows a system manager to have more control over what information is provided to remote sites. +.It Fl H +Hide users whose home directories exist, but are unaccessible. +The option is just passed to +.Xr finger 1 . .El .Sh SEE ALSO .Xr finger 1 , Index: fingerd/fingerd.c =================================================================== RCS file: /home/ncvs/src/libexec/fingerd/fingerd.c,v retrieving revision 1.17 diff -u -r1.17 fingerd.c --- fingerd/fingerd.c 2001/01/20 00:29:31 1.17 +++ fingerd/fingerd.c 2001/08/11 16:51:00 @@ -73,16 +73,16 @@ register int ch; register char *lp; struct sockaddr_storage ss; - int p[2], logging, secure, sval; + int p[2], hideprotected, logging, secure, sval; #define ENTRIES 50 - char **ap, *av[ENTRIES + 1], **comp, line[1024], *prog; + char **ap, *av[ENTRIES + 1], **avlast, **comp, line[1024], *prog; char rhost[MAXHOSTNAMELEN]; prog = _PATH_FINGER; - logging = secure = 0; + hideprotected = logging = secure = 0; openlog("fingerd", LOG_PID | LOG_CONS, LOG_DAEMON); opterr = 0; - while ((ch = getopt(argc, argv, "slp:")) != -1) + while ((ch = getopt(argc, argv, "slp:H")) != -1) switch (ch) { case 'l': logging = 1; @@ -93,6 +93,9 @@ case 's': secure = 1; break; + case 'H': + hideprotected = 1; + break; case '?': default: logerr("illegal option -- %c", optopt); @@ -140,12 +143,15 @@ syslog(LOG_NOTICE, "query from %s: `%s'", rhost, t); } - comp = &av[1]; - av[2] = "--"; - for (lp = line, ap = &av[3];;) { + avlast = &av[1]; + comp = avlast++; + if (hideprotected) + *avlast++ = "-H"; + *avlast++ = "--"; + for (lp = line, ap = avlast;;) { *ap = strtok(lp, " \t\r\n"); if (!*ap) { - if (secure && ap == &av[3]) { + if (secure && ap == avlast) { puts("must provide username\r\n"); exit(1); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message