xref: /illumos-gate/usr/src/cmd/tcpd/safe_finger.c (revision bde2df36223c26750e6e5e801907d885e088ee30) 
1  /*
2   * safe_finger - finger client wrapper that protects against nasty stuff
3   * from finger servers. Use this program for automatic reverse finger
4   * probes, not the raw finger command.
5   *
6   * Build with: cc -o safe_finger safe_finger.c
7   *
8   * The problem: some programs may react to stuff in the first column. Other
9   * programs may get upset by thrash anywhere on a line. File systems may
10   * fill up as the finger server keeps sending data. Text editors may bomb
11   * out on extremely long lines. The finger server may take forever because
12   * it is somehow wedged. The code below takes care of all this badness.
13   *
14   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
15   */
16 
17 #ifndef lint
18 static char sccsid[] = "@(#) safe_finger.c 1.4 94/12/28 17:42:41";
19 #endif
20 
21 /* System libraries */
22 
23 #include <sys/types.h>
24 #include <sys/stat.h>
25 #include <signal.h>
26 #include <stdio.h>
27 #include <ctype.h>
28 #include <pwd.h>
29 
30 extern void exit();
31 
32 /* Local stuff */
33 
34 char    path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin";
35 
36 #define	TIME_LIMIT	60		/* Do not keep listinging forever */
37 #define	INPUT_LENGTH	100000		/* Do not keep listinging forever */
38 #define	LINE_LENGTH	128		/* Editors can choke on long lines */
39 #define	FINGER_PROGRAM	"finger"	/* Most, if not all, UNIX systems */
40 #define	UNPRIV_NAME	"nobody"	/* Preferred privilege level */
41 #define	UNPRIV_UGID	32767		/* Default uid and gid */
42 
43 int     finger_pid;
44 
45 void    cleanup(sig)
46 int     sig;
47 {
48     kill(finger_pid, SIGKILL);
49     exit(0);
50 }
51 
52 int
53 main(argc, argv)
54 int     argc;
55 char  **argv;
56 {
57     int     c;
58     int     line_length = 0;
59     int     finger_status;
60     int     wait_pid;
61     int     input_count = 0;
62     struct passwd *pwd;
63 
64     /*
65      * First of all, let's don't run with superuser privileges.
66      */
67     if (getuid() == 0 || geteuid() == 0) {
68 	if ((pwd = getpwnam(UNPRIV_NAME)) && pwd->pw_uid > 0) {
69 	    setgid(pwd->pw_gid);
70 	    setuid(pwd->pw_uid);
71 	} else {
72 	    setgid(UNPRIV_UGID);
73 	    setuid(UNPRIV_UGID);
74 	}
75     }
76 
77     /*
78      * Redirect our standard input through the raw finger command.
79      */
80     if (putenv(path)) {
81 	fprintf(stderr, "%s: putenv: out of memory", argv[0]);
82 	exit(1);
83     }
84     argv[0] = FINGER_PROGRAM;
85     finger_pid = pipe_stdin(argv);
86 
87     /*
88      * Don't wait forever (Peter Wemm <peter@gecko.DIALix.oz.au>).
89      */
90     signal(SIGALRM, cleanup);
91     (void) alarm(TIME_LIMIT);
92 
93     /*
94      * Main filter loop.
95      */
96     while ((c = getchar()) != EOF) {
97 	if (input_count++ >= INPUT_LENGTH) {	/* don't listen forever */
98 	    fclose(stdin);
99 	    printf("\n\n Input truncated to %d bytes...\n", input_count - 1);
100 	    break;
101 	}
102 	if (c == '\n') {			/* good: end of line */
103 	    putchar(c);
104 	    line_length = 0;
105 	} else {
106 	    if (line_length >= LINE_LENGTH) {	/* force end of line */
107 		printf("\\\n");
108 		line_length = 0;
109 	    }
110 	    if (line_length == 0) {		/* protect left margin */
111 		putchar(' ');
112 		line_length++;
113 	    }
114 	    if (isascii(c) && (isprint(c) || isspace(c))) {	/* text */
115 		if (c == '\\') {
116 		    putchar(c);
117 		    line_length++;
118 		}
119 		putchar(c);
120 		line_length++;
121 	    } else {				/* quote all other thash */
122 		printf("\\%03o", c & 0377);
123 		line_length += 4;
124 	    }
125 	}
126     }
127 
128     /*
129      * Wait until the finger child process has terminated and account for its
130      * exit status. Which will always be zero on most systems.
131      */
132     while ((wait_pid = wait(&finger_status)) != -1 && wait_pid != finger_pid)
133 	 /* void */ ;
134     return (wait_pid != finger_pid || finger_status != 0);
135 }
136 
137 /* perror_exit - report system error text and terminate */
138 
139 void    perror_exit(text)
140 char   *text;
141 {
142     perror(text);
143     exit(1);
144 }
145 
146 /* pipe_stdin - pipe stdin through program (from my ANSI to OLD C converter) */
147 
148 int     pipe_stdin(argv)
149 char  **argv;
150 {
151     int     pipefds[2];
152     int     pid;
153     int     i;
154     struct stat st;
155 
156     /*
157      * The code that sets up the pipe requires that file descriptors 0,1,2
158      * are already open. All kinds of mysterious things will happen if that
159      * is not the case. The following loops makes sure that descriptors 0,1,2
160      * are set up properly.
161      */
162 
163     for (i = 0; i < 3; i++) {
164 	if (fstat(i, &st) == -1 && open("/dev/null", 2) != i)
165 	    perror_exit("open /dev/null");
166     }
167 
168     /*
169      * Set up the pipe that interposes the command into our standard input
170      * stream.
171      */
172 
173     if (pipe(pipefds))
174 	perror_exit("pipe");
175 
176     switch (pid = fork()) {
177     case -1:					/* error */
178 	perror_exit("fork");
179 	/* NOTREACHED */
180     case 0:					/* child */
181 	(void) close(pipefds[0]);		/* close reading end */
182 	(void) close(1);			/* connect stdout to pipe */
183 	if (dup(pipefds[1]) != 1)
184 	    perror_exit("dup");
185 	(void) close(pipefds[1]);		/* close redundant fd */
186 	(void) execvp(argv[0], argv);
187 	perror_exit(argv[0]);
188 	/* NOTREACHED */
189     default:					/* parent */
190 	(void) close(pipefds[1]);		/* close writing end */
191 	(void) close(0);			/* connect stdin to pipe */
192 	if (dup(pipefds[0]) != 0)
193 	    perror_exit("dup");
194 	(void) close(pipefds[0]);		/* close redundant fd */
195 	return (pid);
196     }
197 }
198