HardenedBSD/contrib/tcp_wrappers/safe_finger.c
Mark Murray 2aef693010 Clean import of TCP-wrappers by Wietse Venema.
Rest of build to follow.
1999-03-14 17:13:19 +00:00

197 lines
5.0 KiB
C

/*
* safe_finger - finger client wrapper that protects against nasty stuff
* from finger servers. Use this program for automatic reverse finger
* probes, not the raw finger command.
*
* Build with: cc -o safe_finger safe_finger.c
*
* The problem: some programs may react to stuff in the first column. Other
* programs may get upset by thrash anywhere on a line. File systems may
* fill up as the finger server keeps sending data. Text editors may bomb
* out on extremely long lines. The finger server may take forever because
* it is somehow wedged. The code below takes care of all this badness.
*
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
*/
#ifndef lint
static char sccsid[] = "@(#) safe_finger.c 1.4 94/12/28 17:42:41";
#endif
/* System libraries */
#include <sys/types.h>
#include <sys/stat.h>
#include <signal.h>
#include <stdio.h>
#include <ctype.h>
#include <pwd.h>
extern void exit();
/* Local stuff */
char path[] = "PATH=/bin:/usr/bin:/usr/ucb:/usr/bsd:/etc:/usr/etc:/usr/sbin";
#define TIME_LIMIT 60 /* Do not keep listinging forever */
#define INPUT_LENGTH 100000 /* Do not keep listinging forever */
#define LINE_LENGTH 128 /* Editors can choke on long lines */
#define FINGER_PROGRAM "finger" /* Most, if not all, UNIX systems */
#define UNPRIV_NAME "nobody" /* Preferred privilege level */
#define UNPRIV_UGID 32767 /* Default uid and gid */
int finger_pid;
void cleanup(sig)
int sig;
{
kill(finger_pid, SIGKILL);
exit(0);
}
main(argc, argv)
int argc;
char **argv;
{
int c;
int line_length = 0;
int finger_status;
int wait_pid;
int input_count = 0;
struct passwd *pwd;
/*
* First of all, let's don't run with superuser privileges.
*/
if (getuid() == 0 || geteuid() == 0) {
if ((pwd = getpwnam(UNPRIV_NAME)) && pwd->pw_uid > 0) {
setgid(pwd->pw_gid);
setuid(pwd->pw_uid);
} else {
setgid(UNPRIV_UGID);
setuid(UNPRIV_UGID);
}
}
/*
* Redirect our standard input through the raw finger command.
*/
if (putenv(path)) {
fprintf(stderr, "%s: putenv: out of memory", argv[0]);
exit(1);
}
argv[0] = FINGER_PROGRAM;
finger_pid = pipe_stdin(argv);
/*
* Don't wait forever (Peter Wemm <peter@gecko.DIALix.oz.au>).
*/
signal(SIGALRM, cleanup);
(void) alarm(TIME_LIMIT);
/*
* Main filter loop.
*/
while ((c = getchar()) != EOF) {
if (input_count++ >= INPUT_LENGTH) { /* don't listen forever */
fclose(stdin);
printf("\n\n Input truncated to %d bytes...\n", input_count - 1);
break;
}
if (c == '\n') { /* good: end of line */
putchar(c);
line_length = 0;
} else {
if (line_length >= LINE_LENGTH) { /* force end of line */
printf("\\\n");
line_length = 0;
}
if (line_length == 0) { /* protect left margin */
putchar(' ');
line_length++;
}
if (isascii(c) && (isprint(c) || isspace(c))) { /* text */
if (c == '\\') {
putchar(c);
line_length++;
}
putchar(c);
line_length++;
} else { /* quote all other thash */
printf("\\%03o", c & 0377);
line_length += 4;
}
}
}
/*
* Wait until the finger child process has terminated and account for its
* exit status. Which will always be zero on most systems.
*/
while ((wait_pid = wait(&finger_status)) != -1 && wait_pid != finger_pid)
/* void */ ;
return (wait_pid != finger_pid || finger_status != 0);
}
/* perror_exit - report system error text and terminate */
void perror_exit(text)
char *text;
{
perror(text);
exit(1);
}
/* pipe_stdin - pipe stdin through program (from my ANSI to OLD C converter) */
int pipe_stdin(argv)
char **argv;
{
int pipefds[2];
int pid;
int i;
struct stat st;
/*
* The code that sets up the pipe requires that file descriptors 0,1,2
* are already open. All kinds of mysterious things will happen if that
* is not the case. The following loops makes sure that descriptors 0,1,2
* are set up properly.
*/
for (i = 0; i < 3; i++) {
if (fstat(i, &st) == -1 && open("/dev/null", 2) != i)
perror_exit("open /dev/null");
}
/*
* Set up the pipe that interposes the command into our standard input
* stream.
*/
if (pipe(pipefds))
perror_exit("pipe");
switch (pid = fork()) {
case -1: /* error */
perror_exit("fork");
/* NOTREACHED */
case 0: /* child */
(void) close(pipefds[0]); /* close reading end */
(void) close(1); /* connect stdout to pipe */
if (dup(pipefds[1]) != 1)
perror_exit("dup");
(void) close(pipefds[1]); /* close redundant fd */
(void) execvp(argv[0], argv);
perror_exit(argv[0]);
/* NOTREACHED */
default: /* parent */
(void) close(pipefds[1]); /* close writing end */
(void) close(0); /* connect stdin to pipe */
if (dup(pipefds[0]) != 0)
perror_exit("dup");
(void) close(pipefds[0]); /* close redundant fd */
return (pid);
}
}