1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Tony Nardo of the Johns Hopkins University/Applied Physics Lab.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34
35 /*
36 * Luke Mewburn <lm@rmit.edu.au> added the following on 940622:
37 * - mail status ("No Mail", "Mail read:...", or "New Mail ...,
38 * Unread since ...".)
39 * - 4 digit phone extensions (3210 is printed as x3210.)
40 * - host/office toggling in short format with -h & -o.
41 * - short day names (`Tue' printed instead of `Jun 21' if the
42 * login time is < 6 days.
43 */
44
45 /*
46 * Finger prints out information about users. It is not portable since
47 * certain fields (e.g. the full user name, office, and phone numbers) are
48 * extracted from the gecos field of the passwd file which other UNIXes
49 * may not have or may use for other things.
50 *
51 * There are currently two output formats; the short format is one line
52 * per user and displays login name, tty, login time, real name, idle time,
53 * and either remote host information (default) or office location/phone
54 * number, depending on if -h or -o is used respectively.
55 * The long format gives the same information (in a more legible format) as
56 * well as home directory, shell, mail info, and .plan/.project files.
57 */
58
59 #include <sys/types.h>
60 #include <sys/socket.h>
61 #include <db.h>
62 #include <err.h>
63 #include <pwd.h>
64 #include <stdio.h>
65 #include <stdlib.h>
66 #include <string.h>
67 #include <time.h>
68 #include <unistd.h>
69 #include <utmpx.h>
70 #include <locale.h>
71
72 #include "finger.h"
73 #include "pathnames.h"
74
75 DB *db;
76 time_t now;
77 static int kflag, mflag, sflag;
78 int entries, gflag, lflag, pplan, oflag;
79 sa_family_t family = PF_UNSPEC;
80 int d_first = -1;
81 char tbuf[1024];
82 int invoker_root = 0;
83
84 static void loginlist(void);
85 static int option(int, char **);
86 static void usage(void) __dead2;
87 static void userlist(int, char **);
88
89 static int
option(int argc,char ** argv)90 option(int argc, char **argv)
91 {
92 int ch;
93
94 optind = 1; /* reset getopt */
95
96 while ((ch = getopt(argc, argv, "46gklmpsho")) != -1)
97 switch(ch) {
98 case '4':
99 family = AF_INET;
100 break;
101 case '6':
102 family = AF_INET6;
103 break;
104 case 'g':
105 gflag = 1;
106 break;
107 case 'k':
108 kflag = 1; /* keep going without utmp */
109 break;
110 case 'l':
111 lflag = 1; /* long format */
112 break;
113 case 'm':
114 mflag = 1; /* force exact match of names */
115 break;
116 case 'p':
117 pplan = 1; /* don't show .plan/.project */
118 break;
119 case 's':
120 sflag = 1; /* short format */
121 break;
122 case 'h':
123 oflag = 0; /* remote host info */
124 break;
125 case 'o':
126 oflag = 1; /* office info */
127 break;
128 case '?':
129 default:
130 usage();
131 }
132
133 return optind;
134 }
135
136 static void
usage(void)137 usage(void)
138 {
139 (void)fprintf(stderr,
140 "usage: finger [-46gklmpsho] [user ...] [user@host ...]\n");
141 exit(1);
142 }
143
144 int
main(int argc,char ** argv)145 main(int argc, char **argv)
146 {
147 int envargc, argcnt;
148 char *envargv[3];
149 struct passwd *pw;
150 static char myname[] = "finger";
151
152 if (getuid() == 0 || geteuid() == 0) {
153 invoker_root = 1;
154 if ((pw = getpwnam(UNPRIV_NAME)) && pw->pw_uid > 0) {
155 if (setgid(pw->pw_gid) != 0)
156 err(1, "setgid()");
157 if (setuid(pw->pw_uid) != 0)
158 err(1, "setuid()");
159 } else {
160 if (setgid(UNPRIV_UGID) != 0)
161 err(1, "setgid()");
162 if (setuid(UNPRIV_UGID) != 0)
163 err(1, "setuid()");
164 }
165 }
166
167 (void) setlocale(LC_ALL, "");
168
169 /* remove this line to get remote host */
170 oflag = 1; /* default to old "office" behavior */
171
172 /*
173 * Process environment variables followed by command line arguments.
174 */
175 if ((envargv[1] = getenv("FINGER"))) {
176 envargc = 2;
177 envargv[0] = myname;
178 envargv[2] = NULL;
179 (void) option(envargc, envargv);
180 }
181
182 argcnt = option(argc, argv);
183 argc -= argcnt;
184 argv += argcnt;
185
186 (void)time(&now);
187 setpassent(1);
188 if (!*argv) {
189 /*
190 * Assign explicit "small" format if no names given and -l
191 * not selected. Force the -s BEFORE we get names so proper
192 * screening will be done.
193 */
194 if (!lflag)
195 sflag = 1; /* if -l not explicit, force -s */
196 loginlist();
197 if (entries == 0)
198 (void)printf("No one logged on.\n");
199 } else {
200 userlist(argc, argv);
201 /*
202 * Assign explicit "large" format if names given and -s not
203 * explicitly stated. Force the -l AFTER we get names so any
204 * remote finger attempts specified won't be mishandled.
205 */
206 if (!sflag)
207 lflag = 1; /* if -s not explicit, force -l */
208 }
209 if (entries) {
210 if (lflag)
211 lflag_print();
212 else
213 sflag_print();
214 }
215 return (0);
216 }
217
218 static void
loginlist(void)219 loginlist(void)
220 {
221 PERSON *pn;
222 DBT data, key;
223 struct passwd *pw;
224 struct utmpx *user;
225 int r, sflag1;
226
227 if (kflag)
228 errx(1, "can't list logins without reading utmp");
229
230 setutxent();
231 while ((user = getutxent()) != NULL) {
232 if (user->ut_type != USER_PROCESS)
233 continue;
234 if ((pn = find_person(user->ut_user)) == NULL) {
235 if ((pw = getpwnam(user->ut_user)) == NULL)
236 continue;
237 if (hide(pw))
238 continue;
239 pn = enter_person(pw);
240 }
241 enter_where(user, pn);
242 }
243 endutxent();
244 if (db && lflag)
245 for (sflag1 = R_FIRST;; sflag1 = R_NEXT) {
246 PERSON *tmp;
247
248 r = (*db->seq)(db, &key, &data, sflag1);
249 if (r == -1)
250 err(1, "db seq");
251 if (r == 1)
252 break;
253 memmove(&tmp, data.data, sizeof tmp);
254 enter_lastlog(tmp);
255 }
256 }
257
258 static void
userlist(int argc,char ** argv)259 userlist(int argc, char **argv)
260 {
261 PERSON *pn;
262 DBT data, key;
263 struct utmpx *user;
264 struct passwd *pw;
265 int r, sflag1, *used, *ip;
266 char **ap, **nargv, **np, **p;
267 FILE *conf_fp;
268 char conf_alias[LINE_MAX];
269 char *conf_realname;
270 int conf_length;
271
272 if ((nargv = malloc((argc+1) * sizeof(char *))) == NULL ||
273 (used = calloc(argc, sizeof(int))) == NULL)
274 err(1, NULL);
275
276 /* Pull out all network requests. */
277 for (ap = p = argv, np = nargv; *p; ++p)
278 if (strchr(*p, '@'))
279 *np++ = *p;
280 else
281 *ap++ = *p;
282
283 *np++ = NULL;
284 *ap++ = NULL;
285
286 if (!*argv)
287 goto net;
288
289 /*
290 * Mark any arguments beginning with '/' as invalid so that we
291 * don't accidentally confuse them with expansions from finger.conf
292 */
293 for (p = argv, ip = used; *p; ++p, ++ip)
294 if (**p == '/') {
295 *ip = 1;
296 warnx("%s: no such user", *p);
297 }
298
299 /*
300 * Traverse the finger alias configuration file of the form
301 * alias:(user|alias), ignoring comment lines beginning '#'.
302 */
303 if ((conf_fp = fopen(_PATH_FINGERCONF, "r")) != NULL) {
304 while(fgets(conf_alias, sizeof(conf_alias), conf_fp) != NULL) {
305 conf_length = strlen(conf_alias);
306 if (*conf_alias == '#' || conf_alias[--conf_length] != '\n')
307 continue;
308 conf_alias[conf_length] = '\0'; /* Remove trailing LF */
309 if ((conf_realname = strchr(conf_alias, ':')) == NULL)
310 continue;
311 *conf_realname = '\0'; /* Replace : with NUL */
312 for (p = argv; *p; ++p) {
313 if (strcmp(*p, conf_alias) == 0) {
314 if ((*p = strdup(conf_realname+1)) == NULL) {
315 err(1, NULL);
316 }
317 }
318 }
319 }
320 (void)fclose(conf_fp);
321 }
322
323 /*
324 * Traverse the list of possible login names and check the login name
325 * and real name against the name specified by the user. If the name
326 * begins with a '/', try to read the file of that name instead of
327 * gathering the traditional finger information.
328 */
329 if (mflag)
330 for (p = argv, ip = used; *p; ++p, ++ip) {
331 if (**p != '/' || *ip == 1 || !show_text("", *p, "")) {
332 if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
333 enter_person(pw);
334 else if (!*ip)
335 warnx("%s: no such user", *p);
336 }
337 }
338 else {
339 while ((pw = getpwent()) != NULL) {
340 for (p = argv, ip = used; *p; ++p, ++ip)
341 if (**p == '/' && *ip != 1
342 && show_text("", *p, ""))
343 *ip = 1;
344 else if (match(pw, *p) && !hide(pw)) {
345 enter_person(pw);
346 *ip = 1;
347 }
348 }
349 for (p = argv, ip = used; *p; ++p, ++ip)
350 if (!*ip)
351 warnx("%s: no such user", *p);
352 }
353
354 /* Handle network requests. */
355 net: for (p = nargv; *p;) {
356 netfinger(*p++);
357 if (*p || entries)
358 printf("\n");
359 }
360
361 free(nargv);
362 free(used);
363 if (entries == 0)
364 return;
365
366 if (kflag)
367 return;
368
369 /*
370 * Scan thru the list of users currently logged in, saving
371 * appropriate data whenever a match occurs.
372 */
373 setutxent();
374 while ((user = getutxent()) != NULL) {
375 if (user->ut_type != USER_PROCESS)
376 continue;
377 if ((pn = find_person(user->ut_user)) == NULL)
378 continue;
379 enter_where(user, pn);
380 }
381 endutxent();
382 if (db)
383 for (sflag1 = R_FIRST;; sflag1 = R_NEXT) {
384 PERSON *tmp;
385
386 r = (*db->seq)(db, &key, &data, sflag1);
387 if (r == -1)
388 err(1, "db seq");
389 if (r == 1)
390 break;
391 memmove(&tmp, data.data, sizeof tmp);
392 enter_lastlog(tmp);
393 }
394 }
395