--- cfingerd-1.4.3.orig/CREDITS +++ cfingerd-1.4.3/CREDITS @@ -48,7 +48,7 @@ - Shadow password testing - Secure (NOBODY PATCH) finger help -cc@spork.neonexus.com +David Muench - Finger forwarding idea Rich Salz @@ -76,3 +76,13 @@ Alexey M. Zelkin - Support for FreeBSD + +Kevin Rosenberg + - Get UTMP file entries for BSD compatibility + +Thomas Koenig + - Management of e?uid switching + +Lars Mathiesen + - ABORT code for wildmat + --- cfingerd-1.4.3.orig/Configure +++ cfingerd-1.4.3/Configure @@ -17,10 +17,10 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -require 'perl/question.pl'; -require 'perl/filemagic.pl'; -require 'perl/gethost.pl'; -require 'perl/generic.pl'; +require './perl/question.pl'; +require './perl/filemagic.pl'; +require './perl/gethost.pl'; +require './perl/generic.pl'; $VERSION = "1.4.2"; $| = 1; --- cfingerd-1.4.3.orig/Makefile.cfg.in +++ cfingerd-1.4.3/Makefile.cfg.in @@ -1,6 +1,6 @@ # CFINGERD - Main Makefile configuration # -# $Id: Makefile.cfg.in,v 1.4 1999/08/31 00:46:46 joey Exp $ +# $Id: Makefile.cfg.in,v 1.4 1999-08-31 00:46:46 joey Exp $ # # Copyright (c) 1999 by Martin Schulze # --- cfingerd-1.4.3.orig/RECOMMEND +++ cfingerd-1.4.3/RECOMMEND @@ -4,7 +4,7 @@ After running cfingerd for quite a while, I have found that if you make the cfingerd setup the most secure, you will have the least problems. -CFINGERD currently stops all files from being symbolic links, char +CFINGERD currently stops for all files from being symbolic links, char devices, block devices, etc. Basically, each file has to be a normal file in order to be read by cfingerd. With that in mind, you should keep all files (whether or not they are read by root) as normal files. This --- cfingerd-1.4.3.orig/debian/bottom_finger.txt +++ cfingerd-1.4.3/debian/bottom_finger.txt @@ -0,0 +1,2 @@ +----------------------------------------------------------------------------- +Debian GNU/Linux Copyright (c) 1993-1999 Software in the Public Interest --- cfingerd-1.4.3.orig/debian/cfingerd.conf +++ cfingerd-1.4.3/debian/cfingerd.conf @@ -0,0 +1,219 @@ +############################################################################ +## +## Configurable Finger Daemon CONFIGURATION FILE version 1.40 +## by Ken Hollis (khollis@bitgate.com) +## Dated July 28, 1996 +## +## IMPORTANT NOTICE: DO NOT substitute spaces for tabs. You will corrupt +## cfingerd.conf, and will most likely cause a SIGSEGV. Only change the +## text of the option, DO NOT rewrite the option, or the name. +## +############################################################################ + +## These are the files that are used in displaying specific finger-query +## information. These may be changed at the System Administrator's +## disgression only. +FILES display_files = { + PLAN = ".plan", + PROJECT = ".project", + PGP_KEY = ".pgpkey", + XFACE = ".xface", + NO_FINGER = ".nofinger", + USERLOG = ".fingerlog", + MAILBOX = "/var/spool/mail/$USER", + LOGFILE = "/var/log/cfingerd.log", + HEADER_DISPLAY = "/etc/cfingerd/top_finger.txt", + FOOTER_DISPLAY = "/etc/cfingerd/bottom_finger.txt", + NO_NAME_BANNER = "/etc/cfingerd/noname_banner.txt", + NO_USER_BANNER = "/etc/cfingerd/nouser_banner.txt", + REJECTED_BANNER = "/etc/cfingerd/rejected_banner.txt" +} + +## These are the finger display options that are used for local, and remote +## hosts. The first option is for remote hosts, the second is for local. +## +## If "ALLOW_USER_OVERRIDE" is available, these are the only options that +## can be enabled/disabled. +CONFIG finger_display = { + -HEADER_FILE = [TRUE, FALSE], + -FOOTER_FILE = [TRUE, FALSE], + +LOGIN_ID = [TRUE, TRUE], + +REAL_NAME = [TRUE, TRUE], + +DIRECTORY = [FALSE, TRUE], + +SHELL = [FALSE, TRUE], + +ROOM_NUMBER = [FALSE, TRUE], + +WORK_NUMBER = [FALSE, TRUE], + +HOME_NUMBER = [FALSE, TRUE], + +OTHER = [FALSE, TRUE], + +LAST_TIME_ON = [FALSE, TRUE], + +IF_ONLINE = [FALSE, TRUE], + +TIME_MAIL_READ = [FALSE, TRUE], + +DAY_MAIL_READ = [FALSE, TRUE], + +ORIGINATION = [FALSE, TRUE], + +PLAN = [TRUE, TRUE], + +PROJECT = [TRUE, TRUE], + +PGP = [TRUE, TRUE], + +XFACE = [TRUE, TRUE], + -NO_NAME_BANNER = [TRUE, TRUE], + -REJECTED_BANNER = [TRUE, TRUE], + -SYSTEM_LIST = [FALSE, TRUE], + -CLOCK24 = [FALSE, FALSE], + -NO_USER = [TRUE, TRUE] +} + +## These are the internal configuration options that cfingerd uses to +## determine how to handle finger-queries. Note that each item that you +## want to enable or disable is used with a "+" to enable, and a "-" to +## disable. If you don't have the option listed, it is assumed to be +## enabled. +CONFIG internal_config = { + +ALLOW_MULTIPLE_FINGER_DISPLAY, + -ALLOW_SEARCHABLE_FINGER, + +ALLOW_NO_IP_MATCH_FINGER, + +ALLOW_USER_OVERRIDE, + +ALLOW_USERLIST_ONLY, + -ALLOW_FINGER_FORWARDING, + -ALLOW_STRICT_FORMATTING, + -ALLOW_VERBOSE_TIMESTAMPING, + +ALLOW_FINGER_LOGGING, + -ALLOW_EXECUTION, + -ALLOW_NONIDENT_ACCESS, + +ALLOW_LINE_PARSING, + +ALLOW_USERLOG, + +ALLOW_FAKEUSER_FINGER, + +ALLOW_CONFESSION, + +ONLY_SHOW_HEADERS_IF_FILE_EXISTS, + +ONLY_CREATE_FINGERLOG_IF_FILE_EXISTS +} + +## These are the sites that are queried for an entire listing when the +## user listing is requested. The sites listed below are fingered, and the +## entire listing is then sorted, and a final output is displayed. +## +## For the time being, if you want your site to display finger information +## in the userlisting, you *MUST* include the line below. This will soon +## (hopefully) change. +CONFIG system_list_sites = { +} + +## These are hosts that can finger your site and act as local-access hosts. +## In other words, these sites get the same displayed output that normal +## users on the localhost get. You can trust all sites by using a "*". +HOSTS trusted = { +} + +## These are sites that are not allowed to finger your system, and they +## are displayed corresponding files. You can reject all systems using +## "*". +HOSTS rejected = { +} + +## These are the forwarded hosts that are used when doing a finger-forward. +## This lets you forward a user to another system if the username could +## not be located on this system. +HOSTS finger_forward = { +} + +## These are the strings that are displayed in the actual finger display. +## These strings get displayed in the correct positions based on what +## information you have allowed to be released. +CONFIG finger_strings = { + USER_NAME = "Username: ", + REAL_NAME = "In real life: ", + DIRECTORY = "Home directory: ", + SHELL = "Shell: ", + ROOM_NUMBER = "Room: ", + WORK_NUMBER = "Work phone: ", + HOME_NUMBER = "Home phone: ", + OTHER = "Other: ", + PLAN = "Plan:", + PROJECT = "Project:", + PGPKEY = "PGP Public Key:", + NO_PLAN = "This user has no plan.", + NO_PROJECT = "This user has no project.", + NO_PGP = "This user has no PGP public key.", + WAIT = "Gathering system data...", + XFACE = "XFace:", + NO_XFACE = "This user has no xface file." +} + +## These strings are displayed in syslogging. +CONFIG internal_strings = { + NO_IP_HOST = "IP: Hostname not matched", + RENICE_FATAL = "Fatal - Nice died: ", + STDIN_EMPTY = "STDIN contains no data", + TRUSTED_HOST = "<- Trusted", + REJECTED_HOST = "<- Rejected", + ROOT_FINGER = "Root", + SERVICE_FINGER = "Service listing", + USER_LIST = "User listing", + FAKE_USER = "Fake user", + WHOIS_USER = "Whois request", + FORWARD_DENY = "Finger forwarding service denied.", + IDENT_CONREF = "", + IDENT_ILLEGAL = "", + IDENT_TIMEOUT = "" +} + +## These are the strings that you can change for display when a signal +## is encountered. Only these strings and associated signals are displayed +## or detected. If you don't know what you're doing, don't change these +## signal text displays. +CONFIG signal_strings = { + SIGHUP = "Hangup signal", + SIGINT = "Keyboard interruption signal", + SIGQUIT = "Keyboard quit signal", + SIGILL = "Illegal instruction", + SIGTRAP = "Trace/Breakpoint reached", + SIGABRT = "Aborted", + SIGFPE = "Floating Point Exception", + SIGUSR1 = "User-defined", + SIGSEGV = "Segmentation violation", + SIGUSR2 = "User-defined", + SIGPIPE = "Write to pipe w/o headers", + SIGALRM = "Script or program timed out", + SIGTERM = "Terminated", + SIGCONT = "Continued from stopped job", + SIGTSTP = "Stopped at TTY (Inetd-related?)", + SIGTTIN = "TTY input from bgnd process (Inetd-related?)", + SIGTTOU = "TTY output from bgnd process (Inetd-related?)", + SIGIO = "I/O Error (on socket/non-socket)", + SIGXCPU = "CPU Time limit exceeded", + SIGXFSZ = "File size limit exceeded", + SIGVTALRM = "Virtual timer alarm", + SIGPROF = "Profiler", + SIGWINCH = "VT/X Window size changed" +} + +## These are the programs that are called when a finger or whois command +## needs to be called. These are local programs, so they can be whatever +## you want. (Remember, this is a daemon, not a client.) +FILES finger_programs = { + FINGER = "/usr/sbin/userlist", + WHOIS = "/usr/bin/whois" +} + +## These are the users that don't exist on your system, but can be called +## on as scripts. Read over cfingerd.conf(5) for more details on these +## options. '-' can be prepended to avoid displaying on the service list. +FILES finger_fakeusers = { +} +# "uptime", "System Uptime", FALSE, "/etc/cfingerd/scripts/uptime", +# "trace", "Trace route", TRUE, "/etc/cfingerd/scripts/trace" +# "ping", "Ping a host", TRUE, "/etc/cfingerd/scripts/ping" + +## This is the header that is displayed at the top of your services display. +CONFIG services_header = { + *** Services provided by this system *** + + User: Service name: Searchable: + -------- -------------------- ----------- + %-8s %-20s %-s +} + +## These are the positions of the actual items in the header. +CONFIG services_positions = { + USER = 1, + SERVICE = 2, + SEARCH = 3 +} --- cfingerd-1.4.3.orig/debian/cfingerd.xinetd +++ cfingerd-1.4.3/debian/cfingerd.xinetd @@ -0,0 +1,14 @@ +service finger +{ + disable = no + socket_type = stream + protocol = tcp + flags = IPv6 + wait = no + user = root + server = /usr/sbin/cfingerd + log_type = SYSLOG daemon info + log_on_success = HOST + log_on_failure = HOST +} + --- cfingerd-1.4.3.orig/debian/changelog +++ cfingerd-1.4.3/debian/changelog @@ -0,0 +1,423 @@ +cfingerd (1.4.3-3.2) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS due to lack of "." in Perl's @INC. (Closes: #837267) + + -- Chris Lamb Sat, 24 Sep 2016 17:37:58 +0200 + +cfingerd (1.4.3-3.1) unstable; urgency=high + + * Non-maintainer upload. + * [SECURITY] CVE-2013-1049: fix buffer overflow in rfc1413 (ident) client. + Thanks to Malcolm Scott and Marc Deslauriers + (Closes: #700098) (LP: #1104425) + + -- Salvatore Bonaccorso Sat, 09 Feb 2013 18:38:28 +0100 + +cfingerd (1.4.3-3) unstable; urgency=low + + * Approve NMU + * Applied IPv6 patch from Mats Erik Andersson + (closes: Bug#570024) + + -- Joey Schulze Sat, 19 Jun 2010 22:03:31 +0200 + +cfingerd (1.4.3-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add Depends on update-inetd for DebianNet Perl module used in postinst. + (Closes: #502741) + + -- Chris Lamb Tue, 21 Oct 2008 00:10:05 +0100 + +cfingerd (1.4.3-2) unstable; urgency=low + + * Partially imported NMU + * Updated URLs in copyright file + * Removed /usr/doc support code from postinst since the transition is + completed + * Updated debian/rules + * Converted changelog to UTF-8 (closes: Bug#453963) + * Applied patch by Cyril Brulebois to make GNU/kFreeBSD and GNU/Hurd act + as GNU/Linux (closes: Bug#414308) + * Remove deprecated tail syntax (closes: Bug#381119) + * Fixed problem with removing double characters in search strings + (closes: Bug#66440) + * Adjusted addresses in Debian files (closes: Bug#380219) + + -- Martin Schulze Mon, 25 Feb 2008 10:43:57 +0100 + +cfingerd (1.4.3-1.2) unstable; urgency=low + + * Non-maintainer upload (RC bug more than 2 years old). + * debian/rules: + + Removed the {foo,bar} shell wildcard bashisms. + + Call dpkg-gencontrol with -isp so that the binary package has a control + and a priority field. + * debian/control: + + Set policy to 3.5.10. + * Replaced malloc()/sprintf() calls with strdup(). + * Replaced log() with mylog() because log is a built-in gcc-3.x function. + * Replaced a snprintf() with sprintf() in util.c to fix a security issue + that could cause information leakage (Closes: #76918). + * In idle.c and standard.c, do not display the idle time if stat() on the + TTY device failed. + * In idle.c and standard.c, if the TTY device's timestamp is 0, do not + display the idle time (Closes: #64359). + * In idle.c and standard.c, if TTY modification time is more recent + than access time, use access time to make idle reports more meaningful + (Closes: #86138). + * Applied a patch from Amir Shamsuddin for standard.c to retrieve proper + privileges before looking for files in the user's home (Closes: #64915). + * Fixed the display_file argument in standard.c so that ~/.XFace is + properly displayed (Closes: #126984, #117255). + * In display.c, use 8 characters from user names instead of 7, so that we + can fetch the data from the passwd entry (Closes: #74672, #73041). + + -- Sam Hocevar (Debian packages) Fri, 20 Jun 2003 15:39:25 +0200 + +cfingerd (1.4.3-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Apply relevant portions of the security fix applied to stable for + DSA-066 (Closes: #104394) + * Tidy up extended description, and remove claims about security + + -- Matt Zimmerman Sat, 11 Aug 2001 15:51:06 -0400 + +cfingerd (1.4.3-1) unstable; urgency=high + + * New upstream source + * Fixes some buffer overflows introduced by sscanf() + * Fixes some nice format string issues and a nice off-by-one error + (closes: Bug#93930) + * Corrected source URL + * Corrected path to GPL + * Added /usr/doc -> /usr/share/doc snippets to postinst and prerm + * Moved manpages to /usr/share/man (closes: Bug#91128) + * And other cruft as well (closes: Bug#91431) + * Bumped Standards-Version to 3.5.2.0, Thanks to Bas Zoetekouw + (closes: Bug#93121) + * Corrected RFC number (closes: Bug#48418) + * Added support for removing /etc/cfingerd (closes: Bug#75292) + * Removed potential debug output (closes: Bug#85016) + * This version now provides a and conflicts with finger-server (closes: + Bug#64480) + + -- Martin Schulze Sat, 21 Apr 2001 16:58:14 +0200 + +cfingerd (1.4.1-1) unstable; urgency=low + + * New upstreap source + * Reworked debian/rules + + -- Martin Schulze Sun, 29 Aug 1999 20:16:14 +0200 + +cfingerd (1.4.0-1) unstable; urgency=high, closes=39574 33667 + + * New upstream version + * Russ Coker's patch wrt. qmail was applied (closes: Bug#39574) + * Finger userlist@ to see who's online (idle less than 1 day) (closes: + Bug#33667) + * Fixes security bug + + -- Martin Schulze Mon, 9 Aug 1999 12:04:18 +0200 + +cfingerd (1.3.2-19) unstable; urgency=low, closes=33408 32924 + + * Fixed bug wrt empty .plan files (closes: Bug#33408) + * Also added -g to Makefiles. + * Disabled ALLOW_SEARCHABLE_FINGER in default configuration (closes: + Bug#32924) + + -- Martin Schulze Mon, 15 Feb 1999 21:02:12 +0100 + +cfingerd (1.3.2-18) frozen unstable; urgency=low, closes=31488 31489 + + * Corrected mail directory to /var/spool in conffile (closes: Bug#31488) + * Corrected current year to 1999 in all banner files (closes: Bug#31489) + + -- Martin Schulze Wed, 6 Jan 1999 00:34:14 +0100 + +cfingerd (1.3.2-17) frozen unstable; urgency=medium, closes=31243 + + * cfingerd now uses the same IP number on which it receives a request to + connect to a remote ident server. Thanks for help from Torsten + Landschoff (closes: Bug#31243) + * cfingerd now honors broken or negative ident answers (closes: Bug#31243) + + -- Martin Schulze Tue, 5 Jan 1999 01:18:18 +0100 + +cfingerd (1.3.2-16) frozen unstable; urgency=low, closes=24904 24969 27779 24897 24895 + + * Increased limit of tty per user, now I'm fingerable again. :) + * Don't cut off random parts of the domain when it's too long, cut it at + the `.' dot. + * If logged in via screen the leading `:' is stripped off now + * Display local hostname correctly, not only three characters + * Removed double count of fingered hosts + * Hidden people won't be shown when search.*'ed. (closes: Bug#24904) + * Display the proper tty with userlist instead of the id from + /etc/inittab (closes: Bug#24969) + * The user .fingerlog will now be created as regular user, and it will + be created if not defined otherwise in cfingerd.conf + * The user .fingerlog will now be created as appropriate user. + Incorporated a newer privs.h and adjusted it properly (closes: + Bug#27779) + * Updated FAQ (Bug#24897) + * Updated cfingerd(8). Thanks to Bøhm Jensen . (Bug#24897) + * Updated cfingerd.conf(5). Thanks to Bøhm Jensen . (Bug#24897) + * Updated cfingerd.text(5). Thanks to Bøhm Jensen . (Bug#24897) + * The MAILBOX variable now also understands the lowercase 'qmail' + keyword. + * A "userlist-only" query may only be issued if a regular system listing + is allowed. + + -- Martin Schulze Sat, 19 Dec 1998 18:34:09 +0100 + +cfingerd (1.3.2-15) unstable; urgency=low, closes=28479 + + * Fixed thinko in src/userlist.c which caused userlist to stop + working. (closes: Bug#28479) + + -- Martin Schulze Sat, 24 Oct 1998 15:45:53 +0200 + +cfingerd (1.3.2-14) unstable; urgency=low, closes=28142 + + * Fixed typo in userlist/display.c which crashed userlist (closes: Bug#28142) + * Fixed thinko in postrm + + -- Martin Schulze Thu, 22 Oct 1998 12:55:48 +0200 + +cfingerd (1.3.2-12) unstable; urgency=medium, closes=24898 24903 24905 24906 24907 24908 24909 24901 24964 24965 24966 25849 + + * Converted all dangerous occurrances of sprintf() to snprintf() + * Converted all dangerous occurrances of strcpy() to strncpy() + * Improved support for ignoring /L and /W from Microsoft's + bloated finger program + * Converted all dangerous occurrances of strcat() to strncat() + * Restricted length of username, fixes possible overflow in + show_search() and handle_fakeuser() (Bug#24898) + * Fixed possible overflow wrt. the `search.' feature. Thanks to Jakob + Bøhm Jensen . + * These all fixes several possible buffer overruns (closes: Bug#24898) + * Converted bzero() to memset(), POSIX transition + * Added information about .nofinger to the documentation. Thanks to + Jakob Bøhm Jensen (closes: Bug#24903) + * Reworked search.* routine. (closes: Bug#24906) + * Fixed bug that caused cfingerd to crash when trying to display the + rejected banner, well, it was commented out for that reason. Scary? + Indeed. (closes: Bug#24901) + * Used absolute pathnames for `userlist' and `tail' (closed: Bug#24908) + * Applied patch from John Goerzen (closes: + Bug#24964, Bug#24965, Bug#24966) + * The postinst will now remove old logfiles (closes: Bug#25849) + + -- Martin Schulze Sat, 17 Oct 1998 20:32:13 +0200 + +cfingerd (1.3.2-11.0) stable unstable; urgency=high + + * Non-maintainer upload: Fixed a security hole in privs.h. This security + hole could lead to a root compromise. + + -- John Goerzen Thu, 23 Jul 1998 22:16:40 -0500 + +cfingerd (1.3.2-11) frozen unstable; urgency=low, closes=23050 + + * Added /etc/cron.weekly/cfingerd as conffile (closes: Bug#23050) + + -- Martin Schulze Mon, 8 Jun 1998 01:40:28 +0200 + +cfingerd (1.3.2-10) frozen unstable; urgency=low, closes=23039 22816 + + * Added support for non-world-writable tty's owned by group tty (closes: + Bug#23039) + . Added define HAVE_TTY_GROUP + * Handling of .nofinger files corrected (closes: Bug#22816) + . Corrected check_illegal() + . Corrected wrong calls for check_illegal() + . Used config option for .nofinger file + * Added space before [MSG-N] + + -- Martin Schulze Sun, 31 May 1998 22:53:49 +0200 + +cfingerd (1.3.2-9) frozen unstable; urgency=medium, closes=21230 21566 + + * Corrected search_fake() which depended on 80 char strings but received + a 100 character one. (closes: Bug#21230) + * Protected defines.h with ifdef + * Added reference to new development team + * Added reference to new mailing list + * Changed error address to the new mailing list + * When the remote identd refuses the request cfingerd will handle this + correctly (closes: Bug#21566) + + -- Martin Schulze Tue, 12 May 1998 00:52:11 +0200 + +cfingerd (1.3.2-8) frozen unstable; urgency=low, closes=19982 + + * Priority switched to extra as of request by IanJ + * Moved scripts from /etc to /usr/doc + * Removed sample uptime script from configuration (closes: Bug#19982) + * Added copy mechanism to preinst/postinst to save already installed + scripts + + -- Martin Schulze Sat, 11 Apr 1998 10:16:50 +0200 + +cfingerd (1.3.2-7) unstable; urgency=low, closes=19121 19200 + + * Removed setuid bit from userlist (lintian) + * Corrected ownership for control scripts (lintian) + * Corrected search for lastlog (closes: Bug#19121) + * Corrected logfile writing as user, thanks to Thomas Gebhardt + (closes: Bug#19200) + * Corrected ownership of changelog.Debian (non-lintian) + * Added patch to support Qmail mailboxes, thanks to Russell Coker + + * Updated manpage properly + + -- Martin Schulze Tue, 10 Mar 1998 05:52:52 +0100 + +cfingerd (1.3.2-6) unstable; urgency=low, closes=17639 + + * Corrected FSF's address (lintian) + * Flagged SIGPIPE as fatal (closes: Bug#17639) + + -- Martin Schulze Wed, 11 Feb 1998 11:27:06 +0100 + +cfingerd (1.3.2-5) unstable; urgency=low, closes=16752 + + * Corrected Standards-Version to 2.3.0.1 (Bug#16752) + + -- Martin Schulze Fri, 9 Jan 1998 01:59:25 +0100 + +cfingerd (1.3.2-4) unstable; urgency=low, closes=12405 14546 16244 + + * Changed tail +3 to tail +2 in src/usrlist.c (Bug#12405) + * Linked against libc6 + * Added /bin/bash for debian/rules + * Fixed string bugs in standard.c. + * Ignore empty lines when collecting remote data (#14546) + * Included the patch from Herbert Xu (Bug#16244) + + -- Martin Schulze Fri, 2 Jan 1998 13:52:35 +0100 + +cfingerd (1.3.2-3.2) unstable; urgency=low + + * Non-maintainer release. + * Compiled for libc6. + * Use tail +2 for userlist (#12405). + * Fixed string bugs in standard.c. + * Ignore empty lines when collecting remote data (#14546). + + -- Herbert Xu Sat, 8 Nov 1997 19:39:27 +1100 + +cfingerd (1.3.2-3) unstable; urgency=low + + * Corrected version information, last stable release is 1.3.2. + * src/search.c: Initialized variables for search lookup + * An old /etc/cfingerd.conf now will be saved in + /etc/cfingerd/saved.cfingerd.conf + * Fixed silly bug in src/search.c (Bug#10341) + * src/main.c: Added support for /W, actually it's ignored... (Bug#9738) + + -- Martin Schulze Tue, 17 Jun 1997 10:27:05 +0200 + +cfingerd (1.3.2-2) unstable; urgency=low + + * Made /etc/cron.weekly/cfingerd executable (Bug#7759, Bug#7763) + * Changed "Debian Association..." to "Software in the Public Interest" + in all banner files (Bug#8630) + * New maintainer address + + -- Martin Schulze Mon, 28 Apr 1997 12:39:00 +0200 + +cfingerd (1.3.2-1) unstable; urgency=low + + * Removed -m486 in all Makefiles, + * src/search.c: If the internal search.*@ is used the whole + GCOS field won't be sent out anymore. + * Removed investigation of the hostname within Configure script + * Converted into new packaging scheme + + -- Martin Schulze Sun, 23 Feb 1997 12:21:29 +0100 + +cfingerd (1.3.0-1) unstable; urgency=low + + * New upstream release + + -- Martin Schulze Fri, 21 Feb 1997 08:56:45 +0100 + +Sat Sep 14 00:10:39 1996 Martin Schulze + + * src/search.c: If the internal search.*@ is used the whole GCOS + field won't be sent out anymore. + + * Approved llucius' changes to compile under m68k as well (only + removing -m486 from Makefiles). Thanks to Leeland Lucius + for providing me with a patch. + + * src/standard.c: Changed identification of MSG-N. Thanks to Joerg + Kleuver who pointed me to the + mistake and provided me with a fix. + + * debian.rules: Merged Debian release and Infodrom release together. + +Thu Jun 27 09:59:45 1996 Martin Schulze + + * Edited Description field (thanks to Susan Kleinmann + (sgk@sgk.tiac.net) + +Wed Jun 12 23:37:32 1996 Martin Schulze + + * changed description (Bug#3250) + +Tue May 21 09:55:00 1996 Martin Schulze + + * debian.rules: Corrected permission problem + +Wed May 16 22:13:31 1996 Martin Schulze + + * Added handling of user and group ids. Programs are called as + nobody.nogroup, files are read with the same permissins, but user + logfiles are written with user priviliges. Added privs.h - idea and + source mostly taken from T-Rex' file. + + Commented out odd checks about uid/euid. + + Commented out unused routines become_nobody() and become_user(). + +Wed May 15 20:05:53 1996 Martin Schulze + + * Corrected local hostname. + + * Modified the search.@ service to work properly, which + wasn't the case before. + + * Corrected the output of HEADER_FILE and FOOTER_FILE in some + places, see diff-file for details. + + * Altered the behaviour of NO_NAME_BANNER and NO_USER_BANNER. + + * changed from /var/adm/{lastlog,wtmp} to /var/log/{lastlog,wtmp} + in Configure script. + + * Added special handling of forward requests: "Finger forwarding + service denied." Added string variable to /etc/cfingerd.conf: + FORWARD_DENY. + + * Increased the size of syslog_str, becaus if it is too short username + will be overwritten. + + * Changed some manpages to fit into the Linux manpages structure. + Changed some sections. + + * Hostnames are no longer case-sensitive. + + * Removed some options for userlist, because they're only + confusing and not supported yet. + +Wed May 5 13:20:21 1996 Martin Schulze + + * Added Debian packaging files. + --- cfingerd-1.4.3.orig/debian/compat +++ cfingerd-1.4.3/debian/compat @@ -0,0 +1 @@ +7 --- cfingerd-1.4.3.orig/debian/conffiles +++ cfingerd-1.4.3/debian/conffiles @@ -0,0 +1,7 @@ +/etc/cfingerd/cfingerd.conf +/etc/cfingerd/top_finger.txt +/etc/cfingerd/bottom_finger.txt +/etc/cfingerd/noname_banner.txt +/etc/cfingerd/nouser_banner.txt +/etc/cfingerd/rejected_banner.txt +/etc/cron.weekly/cfingerd --- cfingerd-1.4.3.orig/debian/control +++ cfingerd-1.4.3/debian/control @@ -0,0 +1,20 @@ +Source: cfingerd +Section: net +Priority: extra +Maintainer: Martin Schulze +Build-Depends: debhelper (>= 7) +Standards-Version: 3.8.4 + +Package: cfingerd +Architecture: any +Provides: finger-server +Conflicts: finger-server +Depends: ${shlibs:Depends}, ${misc:Depends}, update-inetd, netbase (>=2.00) +Description: configurable finger daemon + This is a free replacement for standard finger daemons such as GNU + fingerd and MIT fingerd. Cfingerd can enable/disable finger services + to individual users, rather than to all users on a given host. It is + able to respond to a finger request to a specified user by running a + shell script (e.g., finger doorbell@mysite.mydomain might cause a + sound file to be sent) rather than just a plain text file. +Homepage: http://www.infodrom.org/projects/cfingerd/ --- cfingerd-1.4.3.orig/debian/copyright +++ cfingerd-1.4.3/debian/copyright @@ -0,0 +1,31 @@ +This is the Debian GNU/Linux prepackaged version of cfingerd, +the configurable MIT/GNU compatible finger daemon. + +This package was put together by Martin Schulze , +from sources obtained from: + http://www.infodrom.org/projects/cfingerd/download/cfingerd-1.4.3.tar.gz + +cfingerd is Copyright (c) 1994-6 by Ken Hollis + 1996-9 by Martin Schulze + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL-2'. + +The project's homepage is at . + +If you wish to join the cfingerd (users and development) mailing list, +please send a message to majordomo@lists.infodrom.org with "subscribe +infodrom-cfingerd" in the body. --- cfingerd-1.4.3.orig/debian/cron +++ cfingerd-1.4.3/debian/cron @@ -0,0 +1,14 @@ +#! /bin/sh +# +# cron script to rotate cfingerd log files. +# +# Writen by Martin Schulze . + +cd /var/log +for LOG in cfingerd.log +do + if [ -f "$LOG" ]; then + savelog -g adm -m 644 -u root -c 4 $LOG >/dev/null + fi +done + --- cfingerd-1.4.3.orig/debian/noname_banner.txt +++ cfingerd-1.4.3/debian/noname_banner.txt @@ -0,0 +1,7 @@ + +Debian GNU/Linux Copyright (c) 1993-1999 Software in the Public Interest + +$center You haven't specified a user. + +$center A general listing is not provided to the public. + --- cfingerd-1.4.3.orig/debian/nouser_banner.txt +++ cfingerd-1.4.3/debian/nouser_banner.txt @@ -0,0 +1,5 @@ + +Debian GNU/Linux Copyright (c) 1993-1999 Software in the Public Interest + +$center There is no such user. + --- cfingerd-1.4.3.orig/debian/ping +++ cfingerd-1.4.3/debian/ping @@ -0,0 +1,34 @@ +#! /usr/bin/perl +# +# Nice little script to do a ping to someone else's site... +# Version 1.0 by Martin Schulze (joey@infodrom.org) +# based on trace 1.0.1 by Ken Hollis (khollis@bitgate.com) + +$ENV{'PATH'} = '/bin:/usr/bin'; +$path = $ENV{'PATH'}; + +# Turn non-buffered input/output on +$| = 1; + +# Get our site that we want a traceroute to be performed for +$pingsite = $ARGV[0]; +$pingsite =~ tr/,/./; + +# Set maximum packets to send +$max_packets = "-k 5"; + +# And check to make sure they entered a site +if ($pingsite) { + print "Performing a ping to $pingsite... \n\n"; + system("ping $max_packets $pingsite"); + print "\nDone.\n"; +} else { + print <<"EOT"; + Ping script 1.0 + by Ken Hollis and Martin Schulze + + Please finger \"site.whatever\" with your \".\" marks converted to \",\" + marks instead. This is because the finger daemon separates all options + by a \".\". +EOT +} --- cfingerd-1.4.3.orig/debian/postinst +++ cfingerd-1.4.3/debian/postinst @@ -0,0 +1,26 @@ +#! /usr/bin/perl +# post install script for the Debian GNU/Linux cfingerd package + +require DebianNet; + +open(INETD, "/etc/inetd.conf"); + @inetd=; +close(INETD); + +if (grep(/.*cfingerd.*/, @inetd)) { + $DebianNet::sep = "## "; DebianNet::disable_service("finger", "in.fingerd"); + $DebianNet::sep = "## "; DebianNet::enable_service("finger", "cfingerd"); +} else { + $DebianNet::sep = "## "; DebianNet::disable_service("finger", "in.fingerd"); + $fingentry = 'finger stream tcp nowait root /usr/sbin/tcpd /usr/sbin/cfingerd'; + $DebianNet::sep = "## "; DebianNet::add_service($fingentry, "INFO"); +} +undef(@inetd); + +foreach $f ("uptime","ping") { + if (-f "/etc/cfingerd/saved.$f") { + system "mv -f /etc/cfingerd/saved.$f /etc/cfingerd/scripts/$f"; + } +} + +system "/etc/init.d/netbase reload"; --- cfingerd-1.4.3.orig/debian/postrm +++ cfingerd-1.4.3/debian/postrm @@ -0,0 +1,22 @@ +#! /bin/sh + +set -e + +if [ "$1" = "purge" ] +then + rm -f /var/log/cfingerd.log* + if [ -d /var/log/OLD ] + then + rm -f /var/log/OLD/cfingerd.log* + fi + test -d /etc/cfingerd && rm -rf /etc/cfingerd +fi + +# This will be executed on removal and purging of the package. +if [ "$1" = "remove" ]; then + update-inetd --remove cfingerd + if grep -s "^[^ *#]" /etc/xinetd.conf | grep -q cfingerd; then + echo "Please remove the cfingerd entry from your /etc/xinetd.conf file" + echo "manually." + fi +fi --- cfingerd-1.4.3.orig/debian/preinst +++ cfingerd-1.4.3/debian/preinst @@ -0,0 +1,21 @@ +#! /bin/sh +# pre install script for the Debian GNU/Linux cfingerd package + +set -e + +if [ "$1" = "upgrade" ]; then + case $2 in + 1.2*) + if [ -f /etc/cfingerd.conf ]; then + test -d /etc/cfingerd || mkdir /etc/cfingerd + cp /etc/cfingerd.conf /etc/cfingerd/saved.cfingerd.conf + echo "Old /etc/cfingerd.conf saved as /etc/cfingerd/saved.cfingerd.conf" + fi + ;; + esac + if `dpkg --compare-versions $2 lt 1.3.2-8`; then + for f in uptime ping; do + cp /etc/cfingerd/scripts/$f /etc/cfingerd/saved.$f + done + fi +fi --- cfingerd-1.4.3.orig/debian/prerm +++ cfingerd-1.4.3/debian/prerm @@ -0,0 +1,14 @@ +#! /bin/sh +# post removal script for the Debian GNU/Linux cfingerd package + +set -e + +# Remove /usr/doc symlink +if [ \( "$1" = "upgrade" -o "$1" = "remove" \) -a -L /usr/doc/cfingerd ] +then + rm -f /usr/doc/cfingerd +fi + +update-inetd --pattern cfingerd --disable finger +update-inetd --comment-chars '## ' --pattern in.fingerd --enable finger + --- cfingerd-1.4.3.orig/debian/rejected_banner.txt +++ cfingerd-1.4.3/debian/rejected_banner.txt @@ -0,0 +1,9 @@ + +Debian GNU/Linux Copyright (c) 1993-1999 Software in the Public Interest + +$center Your site has been rejected for some reason. + +$center This may be caused by a missing RFC 1413 identd on your site. + +$center Contact your and/or our system administrator. + --- cfingerd-1.4.3.orig/debian/rules +++ cfingerd-1.4.3/debian/rules @@ -0,0 +1,131 @@ +#! /usr/bin/make -f + +# Copyright (c) 1994-99 by joey@infodrom.org (Martin Schulze) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 dated June, 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave., Cambridge, MA 02139, USA. + +SHELL=/bin/bash + +# The name and version of the source +# +source = $(shell grep "^Source: " debian/control|head -1|sed 's/Source: \(.*\)/\1/g') +package = $(shell grep "^Package: " debian/control|head -1|sed 's/Package: \(.*\)/\1/g') +version = $(shell grep "^$(source) " debian/changelog|head -1 |sed 's/.*(\(.*\)\-[^\-]*).*/\1/g') +revision = $(shell grep "^$(source) " debian/changelog|head -1 |sed 's/.*([^\-]*\-\(.*\)).*/\1/g') + +installbin = install -g root -o root -m 755 +installdoc = install -g root -o root -m 644 + +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) +CFLAGS = -g -O2 -Wall +else +CFLAGS = -O2 -Wall +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) +STRIP = -s +endif + +build: + -test -f Makefile.cfg || ./Configure -c config=/etc/cfingerd/cfingerd.conf \ + -c mandir=/usr/share/man -c man_owner=root -c man_group=root \ + -c cflags="$(CFLAGS)" + $(MAKE) all + touch stamp-build + +clean: debclean + rm -f stamp-build + $(MAKE) clean + rm -rf *~ + +debclean: +# Cleans debian binary directories to allow binary creation + rm -rf debian/tmp + rm -f debian/{files,substvars} + +binary-indep: +# Nothing to be done here + +binary-arch: debclean + -test -f stamp-build || $(MAKE) -f debian/rules build + $(installbin) -d debian/tmp/DEBIAN + chmod -R g-ws debian/tmp + $(installbin) debian/{preinst,postinst,prerm,postrm} debian/tmp/DEBIAN/ + $(installdoc) debian/conffiles debian/tmp/DEBIAN/ + # + $(installbin) -d debian/tmp/usr/share/doc/$(package) + $(installdoc) debian/copyright debian/tmp/usr/share/doc/$(package)/copyright + $(installdoc) debian/changelog debian/tmp/usr/share/doc/$(package)/changelog.Debian + $(installdoc) CREDITS FAQ RECOMMEND TODO debian/tmp/usr/share/doc/$(package) + $(installdoc) CHANGES debian/tmp/usr/share/doc/$(package)/changelog + $(installdoc) README debian/tmp/usr/share/doc/$(package)/readme + gzip -9f debian/tmp/usr/share/doc/$(package)/{changelog.Debian,changelog} + gzip -9f debian/tmp/usr/share/doc/$(package)/{readme,CREDITS,FAQ,RECOMMEND,TODO} + # + $(installbin) -d debian/tmp/usr/sbin + $(installbin) $(STRIP) src/cfingerd debian/tmp/usr/sbin + $(installbin) $(STRIP) userlist/userlist debian/tmp/usr/sbin + # + $(installbin) -d debian/tmp/usr/share/man/man{5,8} + cd docs && $(MAKE) MANDIR=../debian/tmp/usr/share/man install + $(installdoc) userlist/userlist.1 debian/tmp/usr/share/man/man8/userlist.8 + gzip -9 debian/tmp/usr/share/man/man?/* + # + $(installbin) -d debian/tmp/etc/cfingerd{,/scripts} + $(installdoc) debian/{top_finger,bottom_finger}.txt debian/tmp/etc/cfingerd + $(installdoc) debian/{noname,nouser,rejected}_banner.txt debian/tmp/etc/cfingerd + $(installdoc) debian/cfingerd.conf debian/tmp/etc/cfingerd + $(installbin) -d debian/tmp/etc/cron.weekly + $(installbin) debian/cron debian/tmp/etc/cron.weekly/cfingerd + $(installbin) -d debian/tmp/var/log + # +# $(installbin) -d debian/tmp/usr/doc/$(package)/scripts +# $(installdoc) debian/{ping,uptime} debian/tmp/usr/doc/$(package)/scripts +# $(installdoc) scripts/trace debian/tmp/usr/doc/$(package)/scripts + $(installbin) -d debian/tmp/usr/share/doc/$(package)/examples + $(installdoc) debian/{ping,uptime} debian/tmp/usr/share/doc/$(package)/examples + $(installdoc) scripts/trace debian/tmp/usr/share/doc/$(package)/examples + $(installdoc) debian/cfingerd.xinetd debian/tmp/usr/share/doc/$(package)/examples + # + dh_strip --tmpdir=debian/tmp + dh_md5sums --tmpdir=debian/tmp + dpkg-shlibdeps debian/tmp/usr/sbin/{cfingerd,userlist} + dpkg-gencontrol -isp + chmod -R og=rX debian/tmp + dpkg --build debian/tmp .. + +binary: binary-indep binary-arch + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b' or dsc; false + +dsc: + -test -d debian/tmp && $(MAKE) -f debian/rules clean + if [ ! -f ../$(source)_$(version).orig.tar.gz -a -f ../orig/$(source)_$(version).orig.tar.gz ]; \ + then \ + ln -s orig/$(source)_$(version).orig.tar.gz ../$(source)_$(version).orig.tar.gz; \ + touch /tmp/stamp-$(source)-link; \ + fi; \ + cd .. && dpkg-source -b $(source)-$(version) + if [ -f /tmp/stamp-$(source)-link ]; then \ + rm ../$(source)_$(version).orig.tar.gz /tmp/stamp-$(source)-link; \ + fi + +checkroot: + $(checkdir) + test root = "`whoami`" + +dist: binary dsc + +.PHONY: binary binary-arch binary-indep clean checkroot + --- cfingerd-1.4.3.orig/debian/source/format +++ cfingerd-1.4.3/debian/source/format @@ -0,0 +1 @@ +1.0 --- cfingerd-1.4.3.orig/debian/top_finger.txt +++ cfingerd-1.4.3/debian/top_finger.txt @@ -0,0 +1,2 @@ +Debian GNU/Linux Copyright (C) 1993-1999 Software in the Public Interest +----------------------------------------------------------------------------- --- cfingerd-1.4.3.orig/debian/uptime +++ cfingerd-1.4.3/debian/uptime @@ -0,0 +1,12 @@ +#! /bin/sh + +header=/etc/cfingerd/top_finger.txt +footer=/etc/cfingerd/bottom_finger.txt + +cat $header + echo + echo "System statistical information:" + echo + ruptime + echo +cat $footer --- cfingerd-1.4.3.orig/docs/cfingerd.8 +++ cfingerd-1.4.3/docs/cfingerd.8 @@ -33,7 +33,7 @@ is a totally new, and totally configurable finger daemon \- one of the first. It listenes on the finger port (port 79) to provide useful information about each user that is on your system according to -the finger protocol as described in RFC 1228. Only thing is, cfingerd +the finger protocol as described in RFC 1288. Only thing is, cfingerd provides a unique twist. .PP .B CFINGERD --- cfingerd-1.4.3.orig/docs/cfingerd.conf.5 +++ cfingerd-1.4.3/docs/cfingerd.conf.5 @@ -8,8 +8,8 @@ .SH DESCRIPTION .I cfingerd.conf is the configuration file for cfingerd. -+.I cfingerd -+has been totally rewritten +.B cfingerd +has been totally rewritten to support a more readable configuration file. This version of the new configuration file is .B NOT @@ -24,7 +24,7 @@ explained next. .PP Subtext of each option is either boolean options, string options, or -switchable options, all changable by the system administrator. +switchable options, all changeable by the system administrator. .PP Each section is split into a series of sections that resembles C type definition; not exact, but close enough to be familiar with it. :) @@ -529,7 +529,7 @@ other sites for a user listing. .br .SH "INTERNAL STRINGS SECTION (CONFIG internal_strings)" -These strings are changable, and can be any length you want (within +These strings are changeable, and can be any length you want (within reason). These strings are concattenated into the syslogging display when the appropriate finger has been issued. This section also includes error messages that may occur. @@ -607,9 +607,9 @@ called for your use. .PP The format is as follows for fake users: -.sh +.br "fake_username", "Script name", SEARCHBOOL, "script" -.PP +.br where... .PP .B fake_username --- cfingerd-1.4.3.orig/docs/cfingerd.text.5 +++ cfingerd-1.4.3/docs/cfingerd.text.5 @@ -1,6 +1,6 @@ .TH CFINGERD.TEXT 5 "7 Aug 1999" "1.4.2" "Configurable Finger Daemon" .SH NAME -cfingerd text rules +cfingerd.text \- cfingerd text rules .br .SH "EXPLANATION" .B cfingerd --- cfingerd-1.4.3.orig/perl/generic.pl +++ cfingerd-1.4.3/perl/generic.pl @@ -14,6 +14,11 @@ chop($uname); $uname =~ tr/a-z/A-Z/; + # Tiny hack to make GNU/kFreeBSD and GNU/Hurd act as GNU/Linux + if (($uname eq 'GNU/KFREEBSD') || ($uname eq 'GNU')) { + $uname = 'LINUX'; + } + $ver = `uname -r`; chop($ver); --- cfingerd-1.4.3.orig/src/cfingerd.h +++ cfingerd-1.4.3/src/cfingerd.h @@ -278,10 +278,11 @@ extern CONFIG prog_config; extern ECRUFT errors[]; -extern char *remote_addr, *localhost, *ident_user, *ip_address; +extern char remote_addr[], ip_address[]; +extern char *localhost, *ident_user; extern int trusted_host_num, rejected_host_num, forward_host_num, - fakeuser_num, num_finger_sites, num_headers, local_port, - remote_port, can_log; + fakeuser_num, num_finger_sites, num_headers, can_log; +extern unsigned short local_port, remote_port; extern FILE *top_display, *bottom_display, *noname_display, *nouser_display, *rejected_display, *identd_display; extern BOOL local_finger, emulated; @@ -293,4 +294,4 @@ #include "defines.h" -#endif _CFINGERD_H_ +#endif /* _CFINGERD_H_ */ --- cfingerd-1.4.3.orig/src/fakeuser.c +++ cfingerd-1.4.3/src/fakeuser.c @@ -79,7 +79,7 @@ printf("\n Sorry, you specified too many options.\n\n"); fflush(stdout); show_bottom(); - log(LOG_WARN, "Too many options specified in fake user finger", NULL); + mylog(LOG_WARN, "Too many options specified in fake user finger", NULL); return; } @@ -105,7 +105,7 @@ sscanf(username, "%[^.].%[^.].%[^.].%[^.].%[^\r\n]\r\n", data[0], data[1], data[2], data[3], data[4]); - log(LOG_USER, "Fakeuser: ", username); + mylog(LOG_USER, "Fakeuser: ", username); funum = search_fake_pos(data[0]); @@ -133,7 +133,7 @@ } else { printf("\n"); printf(" Sorry, this system does not have any fake users enabled!\n\n"); - log(LOG_WARN, "Fake user requested, but rejected - disabled.", " "); + mylog(LOG_WARN, "Fake user requested, but rejected - disabled.", " "); } show_bottom(); --- cfingerd-1.4.3.orig/src/internal.c +++ cfingerd-1.4.3/src/internal.c @@ -72,26 +72,26 @@ else if (!strncmp(username, "services", 8)) { show_services(); syslog(LOG_NOTICE, "%s", prog_config.p_strings[D_SVC_FINGER]); - log(LOG_USER, "Service request", " "); + mylog(LOG_USER, "Service request", " "); exit(PROGRAM_OKAY); } else if (!strncmp(username, "search", 6)) { show_search(username); exit(PROGRAM_OKAY); } else if (!strncmp(username, "userlist-only", 13)) { - if ((buf = safe_exec(NOBODY_UID, NOBODY_GID, "/usr/sbin/userlist | /usr/bin/tail +2")) != NULL) { + if ((buf = safe_exec(NOBODY_UID, NOBODY_GID, "/usr/sbin/userlist | /usr/bin/tail -n +2")) != NULL) { printf ("%s", buf); fflush(stdout); free (buf); } - log(LOG_USER, "Userlist-only", " "); + mylog(LOG_USER, "Userlist-only", " "); exit(PROGRAM_OKAY); } else if (!strncmp(username, "userlist-online", 15)) { - if ((buf = safe_exec(NOBODY_UID, NOBODY_GID, "/usr/sbin/userlist -c -n | /usr/bin/tail +2")) != NULL) { + if ((buf = safe_exec(NOBODY_UID, NOBODY_GID, "/usr/sbin/userlist -c -n | /usr/bin/tail -n +2")) != NULL) { printf ("%s", buf); fflush(stdout); free (buf); } - log(LOG_USER, "Userlist-only", " "); + mylog(LOG_USER, "Userlist-only", " "); exit(PROGRAM_OKAY); } else if (!strncmp(username, "help", 4)) { show_top(); --- cfingerd-1.4.3.orig/src/log.c +++ cfingerd-1.4.3/src/log.c @@ -17,7 +17,7 @@ #include "proto.h" #include "privs.h" -void log(int logtype, char *msg, char *user) +void mylog(int logtype, char *msg, char *user) { if (can_log && (prog_config.config_bits3 & SHOW_LOG)) { time_t tim = time(NULL); @@ -80,7 +80,7 @@ } else { if (!(prog_config.config_bits3 & SHOW_CREATE_FLG)) { syslog(LOG_WARNING, "Userlog: %s (%s)", filename, strerror(errno)); - log(LOG_ERROR, "Cannot write to userlog: ", strerror(errno)); + mylog(LOG_ERROR, "Cannot write to userlog: ", strerror(errno)); } } } --- cfingerd-1.4.3.orig/src/main.c +++ cfingerd-1.4.3/src/main.c @@ -20,11 +20,13 @@ #include "privs.h" CONFIG prog_config; -char *remote_addr, *localhost, *ident_user, *ip_address; +char *localhost, *ident_user; +char ip_address[INET6_ADDRSTRLEN] = ""; +char remote_addr[INET6_ADDRSTRLEN] = ""; FILE *top_display, *bottom_display, *noname_display, *nouser_display, *rejected_display, *identd_display; BOOL local_finger, emulated; -int local_port, remote_port; +unsigned short local_port, remote_port; unsigned short listen_port; unsigned long listen_addr; @@ -62,14 +64,15 @@ char line[100], username[80], syslog_str[200]; int un_type; char *cp; - struct sockaddr_in local_addr; + struct sockaddr_storage local_addr; + struct sockaddr_in *sloc4 = (struct sockaddr_in *) &local_addr; + struct sockaddr_in6 *sloc6 = (struct sockaddr_in6 *) &local_addr; struct servent *serv; if ((serv = getservbyname("finger","tcp")) != NULL) listen_port = serv->s_port; else listen_port = htons(79); - listen_addr = htonl(INADDR_ANY); /* Initialize CFINGERD */ start_handler(); @@ -108,12 +111,12 @@ /* Make sure there is actually data waiting in the finger port */ if (!emulated) { if (!fgets(username, sizeof(username), stdin)) { - if (remote_addr != NULL) { + if (remote_addr != NULL && *remote_addr) { syslog(LOG_ERR, "Null query from %s: %m", remote_addr); - log(LOG_ERROR, remote_addr, strerror(errno)); + mylog(LOG_ERROR, remote_addr, strerror(errno)); } else { syslog(LOG_ERR, "Null query: %m"); - log(LOG_ERROR, strerror(errno), strerror(0)); + mylog(LOG_ERROR, strerror(errno), strerror(0)); } closelog(); exit(PROGRAM_SYSLOG); @@ -147,33 +150,64 @@ /* If we're not doing emulated stuff, we can assume that we are running either as a daemon, or under INETD. In that case... */ if (!emulated) { - struct sockaddr_in socket_addr; + struct sockaddr_storage socket_addr; + struct sockaddr_in *srem4 = (struct sockaddr_in *) &socket_addr; + struct sockaddr_in6 *srem6 = (struct sockaddr_in6 *) &socket_addr; struct hostent *host_ent; - int psize = 0; + socklen_t locsize = 0, remsize = 0; /* Can't run from command line (but this should already be checked) */ - psize = sizeof(socket_addr); + locsize = sizeof(local_addr); - if (getsockname(0, (struct sockaddr *) &local_addr, &psize)) { + if (getsockname(0, (struct sockaddr *) &local_addr, &locsize)) { syslog(LOG_WARNING, "getsockname: %s", strerror(errno)); local_port = 0; } else - local_port = ntohs(local_addr.sin_port); + switch (local_addr.ss_family) { + case AF_INET6: + local_port = ntohs(sloc6->sin6_port); + break; + case AF_INET: + default: + local_port = ntohs(sloc4->sin_port); + } + + remsize = sizeof(socket_addr); - if (getpeername(0, (struct sockaddr *) &socket_addr, &psize)) { + if (getpeername(0, (struct sockaddr *) &socket_addr, &remsize)) { printf("Internal error - not running as either a daemon or under INETD.\n"); printf("Fatal - getpeername: %s\n", strerror(errno)); closelog(); - log(LOG_ERROR, "getpeername: ", strerror(errno)); + mylog(LOG_ERROR, "getpeername: ", strerror(errno)); exit(PROGRAM_BUG); } else - remote_port = ntohs(socket_addr.sin_port); + switch (socket_addr.ss_family) { + case AF_INET6: + remote_port = ntohs(srem6->sin6_port); + break; + case AF_INET: + default: + remote_port = ntohs(srem4->sin_port); + } - ip_address = inet_ntoa (socket_addr.sin_addr); + inet_ntop(socket_addr.ss_family, &socket_addr, + ip_address, INET6_ADDRSTRLEN); /* Get our host entry */ - host_ent = (struct hostent *) gethostbyaddr((char *) &socket_addr.sin_addr, - sizeof(socket_addr.sin_addr), AF_INET); + switch (socket_addr.ss_family) { + case AF_INET6: + host_ent = (struct hostent *) + gethostbyaddr((char *) &srem6->sin6_addr, + sizeof(struct in6_addr), + socket_addr.ss_family); + break; + case AF_INET: + default: + host_ent = (struct hostent *) + gethostbyaddr((char *) &srem4->sin_addr, + sizeof(struct in_addr), + socket_addr.ss_family); + } /* And get our local-host name */ #ifndef ACTUAL_HOSTNAME @@ -184,14 +218,14 @@ /* Make sure we can get the remote host's address name */ if (host_ent == NULL) { - remote_addr = inettos(socket_addr.sin_addr.s_addr); + strncpy(remote_addr, ip_address, INET6_ADDRSTRLEN); syslog(LOG_WARNING, "%s %s", prog_config.p_strings[D_IP_NO_MATCH], remote_addr); if (!(prog_config.config_bits2 & SHOW_IP_MATCH)) CF_ERROR(E_NOIP); } else - remote_addr = (char *) host_ent->h_name; + strncpy(remote_addr, host_ent->h_name, INET6_ADDRSTRLEN); /* Convert any uppercase letters in the hostname to lowercase */ for (cp = remote_addr; *cp; cp++) @@ -200,14 +234,17 @@ /* And find out if this is a local finger */ if (!strncasecmp(remote_addr, "127.0.0.1", 9) || + !strncasecmp(remote_addr, "::1", 3) || !strncasecmp(remote_addr, "localhost", 9) || + !strncasecmp(remote_addr, "ip6-localhost", 9) || + !strncasecmp(remote_addr, "ip6-loopback", 9) || !strncasecmp(remote_addr, "127.0.0.0", 9) || /* KTH 07/26/96 */ !strncasecmp(remote_addr, localhost, strlen(localhost))) local_finger = TRUE; else local_finger = FALSE; - ident_user = get_rfc1413_data(local_addr); + ident_user = get_rfc1413_data(&local_addr, &socket_addr); set_time_format(); } else @@ -220,9 +257,9 @@ memset (ident_user, 0, sizeof (ident_user)); strcpy (ident_user, "emulated"); #ifndef ACTUAL_LOOPBACK - remote_addr = "127.0.0.1"; + strcpy(remote_addr,"127.0.0.1"); #else - remote_addr = ACTUAL_LOOPBACK; + strcpy(remote_addr, ACTUAL_LOOPBACK); #endif } @@ -242,7 +279,7 @@ if (!emulated) { snprintf(syslog_str, sizeof(syslog_str), "%s fingered (internal) from %s", username, ident_user); - syslog(LOG_NOTICE, (char *) syslog_str); + syslog(LOG_NOTICE, "%s", (char *) syslog_str); } handle_internal(username); @@ -255,7 +292,7 @@ snprintf(syslog_str, sizeof(syslog_str), "%s fingered from %s", prog_config.p_strings[D_ROOT_FINGER], ident_user); - syslog(LOG_NOTICE, (char *) syslog_str); + syslog(LOG_NOTICE, "%s", (char *) syslog_str); } handle_standard(username); @@ -265,7 +302,7 @@ snprintf(syslog_str, sizeof(syslog_str), "%s %s from %s", username, prog_config.p_strings[D_FAKE_USER], ident_user); - syslog(LOG_NOTICE, (char *) syslog_str); + syslog(LOG_NOTICE, "%s", (char *) syslog_str); } handle_fakeuser(username); --- cfingerd-1.4.3.orig/src/parse.c +++ cfingerd-1.4.3/src/parse.c @@ -137,14 +137,14 @@ if (ret == U_FORWARD) { printf("%s\n", prog_config.p_strings[D_FORWARD_DENY]); fflush(stdout); - log(LOG_USER, "Denied forward: ", username); + mylog(LOG_USER, "Denied forward: ", username); exit(1); } if (ret == U_ILLEGAL) { printf("Illegal character in username.\n"); fflush(stdout); - log(LOG_USER, "Illegal: ", username); + mylog(LOG_USER, "Illegal: ", username); exit(1); } --- cfingerd-1.4.3.orig/src/proto.h +++ cfingerd-1.4.3/src/proto.h @@ -45,9 +45,9 @@ void become_nobody(void); void become_user(char *); int wildmat(char *, char *); -char *get_rfc1413_data(struct sockaddr_in ); +char *get_rfc1413_data(struct sockaddr_storage *, struct sockaddr_storage *); void check_unknown(char *); -void log(int, char *, char *); +void mylog(int, char *, char *); void userlog(uid_t, gid_t, char *, char *); void check_blank_configurations(void); int search_fake_pos(char *); --- cfingerd-1.4.3.orig/src/rfc1413.c +++ cfingerd-1.4.3/src/rfc1413.c @@ -25,45 +25,75 @@ * the implementation. Completely rewritten by yours truly to be self- * contained in a single program. Simple, easy to use. */ -#define BUFLEN 256 -char *get_rfc1413_data( struct sockaddr_in local_addr ) +#define UNAMELEN 64 +#define BUFLEN UNAMELEN + INET6_ADDRSTRLEN + 2 +#define INPUTLEN 256 +char *get_rfc1413_data(struct sockaddr_storage * local_addr, + struct sockaddr_storage * peer_addr ) { int i, j; - struct sockaddr_in sin; - char buffer[1024], buf[BUFLEN], uname[64], *bleah; + unsigned short newport; + struct sockaddr_storage sin; + struct sockaddr_in *sa4 = (struct sockaddr_in *) &sin; + struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *) &sin; + char buffer[1024], buf[INPUTLEN], uname[UNAMELEN], *bleah; char *cp, *xp; struct servent *serv; bleah = (char *) malloc(BUFLEN); memset(bleah, 0, BUFLEN); - j = socket(AF_INET, SOCK_STREAM, 0); + j = socket(local_addr->ss_family, SOCK_STREAM, 0); if (j < 2) { snprintf(bleah, BUFLEN, "unknown@%s", remote_addr); syslog(LOG_ERR, "rfc1413-socket: %s", strerror(errno)); return(bleah); } - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = local_addr.sin_addr.s_addr; - sin.sin_port = 0; - i = bind(j, (struct sockaddr *) &sin, sizeof(sin)); + memcpy(&sin, local_addr, sizeof(sin)); + switch (sin.ss_family) { + case AF_INET6: + sa6->sin6_port = 0; + break; + case AF_INET: + default: + sa4->sin_port = 0; + } + + i = bind(j, (struct sockaddr *) &sin, + (sin.ss_family == AF_INET6 ) + ? sizeof(struct sockaddr_in6) + : sizeof(struct sockaddr_in)); + if (i < 0) { snprintf(bleah, BUFLEN, "unknown@%s", remote_addr); syslog(LOG_ERR, "rfc1413-socket: %s", strerror(errno)); return(bleah); } - sin.sin_family = AF_INET; if ((serv = getservbyname("auth","tcp")) != NULL) - sin.sin_port = serv->s_port; + newport = serv->s_port; else - sin.sin_port = htons(113); - sin.sin_addr.s_addr = inet_addr(ip_address); + newport = htons(113); + + memcpy(&sin, peer_addr, sizeof(sin)); + switch (sin.ss_family) { + case AF_INET6: + sa6->sin6_port = newport; + break; + case AF_INET: + default: + sa4->sin_port = newport; + } + signal(SIGALRM, rfc1413_alarm); alarm(5); - i = connect(j, (struct sockaddr *) &sin, sizeof(sin)); + i = connect(j, (struct sockaddr *) &sin, + (sin.ss_family == AF_INET6 ) + ? sizeof(struct sockaddr_in6) + : sizeof(struct sockaddr_in)); + if (i < 0) { syslog(LOG_ERR, "rfc1413-connect: %s", strerror(errno)); close(j); @@ -98,7 +128,8 @@ if (*(++cp) == ' ') cp++; memset(uname, 0, sizeof(uname)); - for (xp=uname; *cp != '\0' && *cp!='\r'&&*cp!='\n'&&strlen(uname) 0) { if ((size += strlen (line)) < MAX_POPEN_BUF) { - syslog (LOG_INFO, "Reallocating %d bytes", size); if ((result = (char *) realloc (result, size+1)) == NULL) { return NULL; } --- cfingerd-1.4.3.orig/src/version.c +++ cfingerd-1.4.3/src/version.c @@ -45,7 +45,7 @@ printf("The last stable version of CFINGERD is %s\n\n", LAST_STABLE_RELEASE); #endif - log(LOG_USER, "Version information", " "); + mylog(LOG_USER, "Version information", " "); fflush(stdout); exit(PROGRAM_OKAY); --- cfingerd-1.4.3.orig/userlist/display.c +++ cfingerd-1.4.3/userlist/display.c @@ -79,7 +79,7 @@ if (strlen((char *) tty_list[i].username) > 1) { char *username=NULL; - char ru[8], fn[STRLEN]; + char ru[9], fn[STRLEN]; memset(ru, 0, sizeof (ru)); memset(fn, 0, sizeof (fn)); @@ -89,6 +89,8 @@ pwent = getpwnam((char *) ru); if (pwent) { + char *cp, *x; + cp = pwent->pw_gecos; if ((x = index (pwent->pw_gecos, ',')) != NULL) /* username */ *x = '\0'; --- cfingerd-1.4.3.orig/userlist/idle.c +++ cfingerd-1.4.3/userlist/idle.c @@ -24,10 +24,16 @@ snprintf(dev_file, sizeof (dev_file), "/dev/%s", tty); - stat((char *) dev_file, &buf); + if (stat((char *) dev_file, &buf) != 0 || !buf.st_atime || !buf.st_mtime) { + sprintf(idledisp, "-"); + return idledisp; + } cur_time = time(NULL); - - diff_time = (long) cur_time - (long) buf.st_mtime; + diff_time = buf.st_mtime < buf.st_atime + ? (long) cur_time - (long) buf.st_mtime + : (long) cur_time - (long) buf.st_atime; + if (diff_time < 0) + diff_time = 0; min = hour = day = 0; @@ -45,7 +51,7 @@ if (day) { if (no_idle) return NULL; - snprintf(idledisp, sizeof (idledisp), "%1dd ", day); + snprintf(idledisp, sizeof (idledisp), "%1dd", day); return idledisp; } --- cfingerd-1.4.3.orig/userlist/userlist.1 +++ cfingerd-1.4.3/userlist/userlist.1 @@ -8,7 +8,7 @@ .SH DESCRIPTION This program simply gives you a listing of who is connected to your system. It is used primarily in the sorted listing of -.Br cfingerd , +.BR cfingerd , which utilitizes the same method of display for a more uniform output between systems. (It also made more sense to do it this way instead of having @@ -40,7 +40,7 @@ .B "\-c" Give standard CFINGERD (custom) output. .TP -.B. "\-n" +.B "\-n" List only people idle less than one day. .br .SH ADDITIONAL