xref: /titanic_41/usr/src/cmd/tcpd/safe_finger.c (revision 7c478bd95313f5f23a4c958a745db2134aa03244) 
1  /*
2   * safe_finger - finger client wrapper that protects against nasty stuff
3   * from finger servers. Use this program for automatic reverse finger
4   * probes, not the raw finger command.
5   *
6   * Build with: cc -o safe_finger safe_finger.c
7   *
8   * The problem: some programs may react to stuff in the first column. Other
9   * programs may get upset by thrash anywhere on a line. File systems may
10   * fill up as the finger server keeps sending data. Text editors may bomb
11   * out on extremely long lines. The finger server may take forever because
12   * it is somehow wedged. The code below takes care of all this badness.
13   *
14   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
15   */
16 
17 #ifndef lint
18 static char sccsid[] = "@(#) safe_finger.c 1.4 94/12/28 17:42:41";
19 #endif
20 
21 /* System libraries */
22 
23 #include <sys/types.h>
24 #include <sys/stat.h>
25 #include <signal.h>
26 #include <stdio.h>
27 #include <ctype.h>
28 #include <pwd.h>
29 
30 extern void exit();
31 
32 /* Local stuff */
33 
34 char    path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin";
35 
36 #define	TIME_LIMIT	60		/* Do not keep listinging forever */
37 #define	INPUT_LENGTH	100000		/* Do not keep listinging forever */
38 #define	LINE_LENGTH	128		/* Editors can choke on long lines */
39 #define	FINGER_PROGRAM	"finger"	/* Most, if not all, UNIX systems */
40 #define	UNPRIV_NAME	"nobody"	/* Preferred privilege level */
41 #define	UNPRIV_UGID	32767		/* Default uid and gid */
42 
43 int     finger_pid;
44 
45 void    cleanup(sig)
46 int     sig;
47 {
48     kill(finger_pid, SIGKILL);
49     exit(0);
50 }
51 
52 main(argc, argv)
53 int     argc;
54 char  **argv;
55 {
56     int     c;
57     int     line_length = 0;
58     int     finger_status;
59     int     wait_pid;
60     int     input_count = 0;
61     struct passwd *pwd;
62 
63     /*
64      * First of all, let's don't run with superuser privileges.
65      */
66     if (getuid() == 0 || geteuid() == 0) {
67 	if ((pwd = getpwnam(UNPRIV_NAME)) && pwd->pw_uid > 0) {
68 	    setgid(pwd->pw_gid);
69 	    setuid(pwd->pw_uid);
70 	} else {
71 	    setgid(UNPRIV_UGID);
72 	    setuid(UNPRIV_UGID);
73 	}
74     }
75 
76     /*
77      * Redirect our standard input through the raw finger command.
78      */
79     if (putenv(path)) {
80 	fprintf(stderr, "%s: putenv: out of memory", argv[0]);
81 	exit(1);
82     }
83     argv[0] = FINGER_PROGRAM;
84     finger_pid = pipe_stdin(argv);
85 
86     /*
87      * Don't wait forever (Peter Wemm <peter@gecko.DIALix.oz.au>).
88      */
89     signal(SIGALRM, cleanup);
90     (void) alarm(TIME_LIMIT);
91 
92     /*
93      * Main filter loop.
94      */
95     while ((c = getchar()) != EOF) {
96 	if (input_count++ >= INPUT_LENGTH) {	/* don't listen forever */
97 	    fclose(stdin);
98 	    printf("\n\n Input truncated to %d bytes...\n", input_count - 1);
99 	    break;
100 	}
101 	if (c == '\n') {			/* good: end of line */
102 	    putchar(c);
103 	    line_length = 0;
104 	} else {
105 	    if (line_length >= LINE_LENGTH) {	/* force end of line */
106 		printf("\\\n");
107 		line_length = 0;
108 	    }
109 	    if (line_length == 0) {		/* protect left margin */
110 		putchar(' ');
111 		line_length++;
112 	    }
113 	    if (isascii(c) && (isprint(c) || isspace(c))) {	/* text */
114 		if (c == '\\') {
115 		    putchar(c);
116 		    line_length++;
117 		}
118 		putchar(c);
119 		line_length++;
120 	    } else {				/* quote all other thash */
121 		printf("\\%03o", c & 0377);
122 		line_length += 4;
123 	    }
124 	}
125     }
126 
127     /*
128      * Wait until the finger child process has terminated and account for its
129      * exit status. Which will always be zero on most systems.
130      */
131     while ((wait_pid = wait(&finger_status)) != -1 && wait_pid != finger_pid)
132 	 /* void */ ;
133     return (wait_pid != finger_pid || finger_status != 0);
134 }
135 
136 /* perror_exit - report system error text and terminate */
137 
138 void    perror_exit(text)
139 char   *text;
140 {
141     perror(text);
142     exit(1);
143 }
144 
145 /* pipe_stdin - pipe stdin through program (from my ANSI to OLD C converter) */
146 
147 int     pipe_stdin(argv)
148 char  **argv;
149 {
150     int     pipefds[2];
151     int     pid;
152     int     i;
153     struct stat st;
154 
155     /*
156      * The code that sets up the pipe requires that file descriptors 0,1,2
157      * are already open. All kinds of mysterious things will happen if that
158      * is not the case. The following loops makes sure that descriptors 0,1,2
159      * are set up properly.
160      */
161 
162     for (i = 0; i < 3; i++) {
163 	if (fstat(i, &st) == -1 && open("/dev/null", 2) != i)
164 	    perror_exit("open /dev/null");
165     }
166 
167     /*
168      * Set up the pipe that interposes the command into our standard input
169      * stream.
170      */
171 
172     if (pipe(pipefds))
173 	perror_exit("pipe");
174 
175     switch (pid = fork()) {
176     case -1:					/* error */
177 	perror_exit("fork");
178 	/* NOTREACHED */
179     case 0:					/* child */
180 	(void) close(pipefds[0]);		/* close reading end */
181 	(void) close(1);			/* connect stdout to pipe */
182 	if (dup(pipefds[1]) != 1)
183 	    perror_exit("dup");
184 	(void) close(pipefds[1]);		/* close redundant fd */
185 	(void) execvp(argv[0], argv);
186 	perror_exit(argv[0]);
187 	/* NOTREACHED */
188     default:					/* parent */
189 	(void) close(pipefds[1]);		/* close writing end */
190 	(void) close(0);			/* connect stdin to pipe */
191 	if (dup(pipefds[0]) != 0)
192 	    perror_exit("dup");
193 	(void) close(pipefds[0]);		/* close redundant fd */
194 	return (pid);
195     }
196 }
197