Date: Sat, 11 Aug 2001 21:02:45 +0400 From: Yar Tikhiy <yar@FreeBSD.ORG> To: audit@FreeBSD.ORG Subject: finger(1) & fingerd(8): take 2 Message-ID: <20010811210245.H80842@comp.chem.msu.su> In-Reply-To: <20010728155159.A35483@snark.rinet.ru>; from yar@FreeBSD.ORG on Sat, Jul 28, 2001 at 03:51:59PM %2B0400 References: <20010728155159.A35483@snark.rinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi everybody,
Here's the second version of the patches for finger(1) and fingerd(8),
which implement the option of hiding users whose home directories are
protected from "other". Please review them. Thank you.
--
Yar
Index: finger/finger.1
===================================================================
RCS file: /home/ncvs/src/usr.bin/finger/finger.1,v
retrieving revision 1.22
diff -u -r1.22 finger.1
--- finger/finger.1 2001/07/10 14:15:57 1.22
+++ finger/finger.1 2001/08/11 16:51:00
@@ -40,7 +40,7 @@
.Nd user information lookup program
.Sh SYNOPSIS
.Nm
-.Op Fl lmpshoT
+.Op Fl lmpshoHT
.Op Ar user ...\&
.Op Ar user@host ...\&
.Sh DESCRIPTION
@@ -149,6 +149,12 @@
.Nm
is case insensitive.
.Pp
+.It Fl H
+If the user's home directory exists, but is unaccessible,
+behave as though there is the
+.Dq Pa .nofinger
+file in it, i.e. pretend the user is nonexistent.
+.Pp
.It Fl T
Disable the piggybacking of data on the initial connection request.
This option is needed to finger hosts with a broken TCP implementation.
@@ -191,6 +197,9 @@
exists in the user's home directory,
.Nm
behaves as if the user in question does not exist.
+See also the
+.Fl H
+option.
.Pp
The optional
.Xr finger.conf 5
Index: finger/finger.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v
retrieving revision 1.24
diff -u -r1.24 finger.c
--- finger/finger.c 2001/03/21 18:43:49 1.24
+++ finger/finger.c 2001/08/11 16:51:00
@@ -88,7 +88,7 @@
DB *db;
time_t now;
-int entries, lflag, mflag, pplan, sflag, oflag, Tflag;
+int entries, lflag, mflag, pplan, sflag, oflag, Hflag, Tflag;
int d_first = -1;
char tbuf[1024];
@@ -105,7 +105,7 @@
optind = 1; /* reset getopt */
- while ((ch = getopt(argc, argv, "lmpshoT")) != -1)
+ while ((ch = getopt(argc, argv, "lmpshoHT")) != -1)
switch(ch) {
case 'l':
lflag = 1; /* long format */
@@ -125,6 +125,9 @@
case 'o':
oflag = 1; /* office info */
break;
+ case 'H':
+ Hflag = 1; /* hide if protected homedir */
+ break;
case 'T':
Tflag = 1; /* disable T/TCP */
break;
@@ -139,7 +142,7 @@
static void
usage()
{
- (void)fprintf(stderr, "usage: finger [-lmpshoT] [login ...]\n");
+ (void)fprintf(stderr, "usage: finger [-lmpshoHT] [login ...]\n");
exit(1);
}
Index: finger/util.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/finger/util.c,v
retrieving revision 1.15
diff -u -r1.15 util.c
--- finger/util.c 2001/08/08 21:22:48 1.15
+++ finger/util.c 2001/08/11 16:51:00
@@ -412,6 +412,7 @@
hide(pw)
struct passwd *pw;
{
+ extern int Hflag;
struct stat st;
char buf[MAXPATHLEN];
@@ -421,6 +422,8 @@
snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, _PATH_NOFINGER);
if (stat(buf, &st) == 0)
+ return 1;
+ if (Hflag && errno != ENOENT)
return 1;
return 0;
Index: fingerd/fingerd.8
===================================================================
RCS file: /home/ncvs/src/libexec/fingerd/fingerd.8,v
retrieving revision 1.8
diff -u -r1.8 fingerd.8
--- fingerd/fingerd.8 2001/08/10 13:45:21 1.8
+++ fingerd/fingerd.8 2001/08/11 16:51:00
@@ -42,6 +42,7 @@
.Nm
.Op Fl s
.Op Fl l
+.Op Fl H
.Op Fl p Ar filename
.Sh DESCRIPTION
.Nm Fingerd
@@ -117,6 +118,10 @@
this option allows a system manager
to have more control over what information is
provided to remote sites.
+.It Fl H
+Hide users whose home directories exist, but are unaccessible.
+The option is just passed to
+.Xr finger 1 .
.El
.Sh SEE ALSO
.Xr finger 1 ,
Index: fingerd/fingerd.c
===================================================================
RCS file: /home/ncvs/src/libexec/fingerd/fingerd.c,v
retrieving revision 1.17
diff -u -r1.17 fingerd.c
--- fingerd/fingerd.c 2001/01/20 00:29:31 1.17
+++ fingerd/fingerd.c 2001/08/11 16:51:00
@@ -73,16 +73,16 @@
register int ch;
register char *lp;
struct sockaddr_storage ss;
- int p[2], logging, secure, sval;
+ int p[2], hideprotected, logging, secure, sval;
#define ENTRIES 50
- char **ap, *av[ENTRIES + 1], **comp, line[1024], *prog;
+ char **ap, *av[ENTRIES + 1], **avlast, **comp, line[1024], *prog;
char rhost[MAXHOSTNAMELEN];
prog = _PATH_FINGER;
- logging = secure = 0;
+ hideprotected = logging = secure = 0;
openlog("fingerd", LOG_PID | LOG_CONS, LOG_DAEMON);
opterr = 0;
- while ((ch = getopt(argc, argv, "slp:")) != -1)
+ while ((ch = getopt(argc, argv, "slp:H")) != -1)
switch (ch) {
case 'l':
logging = 1;
@@ -93,6 +93,9 @@
case 's':
secure = 1;
break;
+ case 'H':
+ hideprotected = 1;
+ break;
case '?':
default:
logerr("illegal option -- %c", optopt);
@@ -140,12 +143,15 @@
syslog(LOG_NOTICE, "query from %s: `%s'", rhost, t);
}
- comp = &av[1];
- av[2] = "--";
- for (lp = line, ap = &av[3];;) {
+ avlast = &av[1];
+ comp = avlast++;
+ if (hideprotected)
+ *avlast++ = "-H";
+ *avlast++ = "--";
+ for (lp = line, ap = avlast;;) {
*ap = strtok(lp, " \t\r\n");
if (!*ap) {
- if (secure && ap == &av[3]) {
+ if (secure && ap == avlast) {
puts("must provide username\r\n");
exit(1);
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010811210245.H80842>