1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1989, 1993
5 *	The Regents of the University of California.  All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Tony Nardo of the Johns Hopkins University/Applied Physics Lab.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 *    may be used to endorse or promote products derived from this software
20 *    without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34
35/*
36 * Luke Mewburn <lm@rmit.edu.au> added the following on 940622:
37 *    - mail status ("No Mail", "Mail read:...", or "New Mail ...,
38 *	Unread since ...".)
39 *    - 4 digit phone extensions (3210 is printed as x3210.)
40 *    - host/office toggling in short format with -h & -o.
41 *    - short day names (`Tue' printed instead of `Jun 21' if the
42 *	login time is < 6 days.
43 */
44
45#ifndef lint
46static const char copyright[] =
47"@(#) Copyright (c) 1989, 1993\n\
48	The Regents of the University of California.  All rights reserved.\n";
49#endif /* not lint */
50
51#if 0
52#ifndef lint
53static char sccsid[] = "@(#)finger.c	8.5 (Berkeley) 5/4/95";
54#endif
55#endif
56
57#include <sys/cdefs.h>
58__FBSDID("$FreeBSD$");
59
60/*
61 * Finger prints out information about users.  It is not portable since
62 * certain fields (e.g. the full user name, office, and phone numbers) are
63 * extracted from the gecos field of the passwd file which other UNIXes
64 * may not have or may use for other things.
65 *
66 * There are currently two output formats; the short format is one line
67 * per user and displays login name, tty, login time, real name, idle time,
68 * and either remote host information (default) or office location/phone
69 * number, depending on if -h or -o is used respectively.
70 * The long format gives the same information (in a more legible format) as
71 * well as home directory, shell, mail info, and .plan/.project files.
72 */
73
74#include <sys/types.h>
75#include <sys/socket.h>
76#include <db.h>
77#include <err.h>
78#include <pwd.h>
79#include <stdio.h>
80#include <stdlib.h>
81#include <string.h>
82#include <time.h>
83#include <unistd.h>
84#include <utmpx.h>
85#include <locale.h>
86
87#include "finger.h"
88#include "pathnames.h"
89
90DB *db;
91time_t now;
92static int kflag, mflag, sflag;
93int entries, gflag, lflag, pplan, oflag;
94sa_family_t family = PF_UNSPEC;
95int d_first = -1;
96char tbuf[1024];
97int invoker_root = 0;
98
99static void loginlist(void);
100static int option(int, char **);
101static void usage(void);
102static void userlist(int, char **);
103
104static int
105option(int argc, char **argv)
106{
107	int ch;
108
109	optind = 1;		/* reset getopt */
110
111	while ((ch = getopt(argc, argv, "46gklmpsho")) != -1)
112		switch(ch) {
113		case '4':
114			family = AF_INET;
115			break;
116		case '6':
117			family = AF_INET6;
118			break;
119		case 'g':
120			gflag = 1;
121			break;
122		case 'k':
123			kflag = 1;		/* keep going without utmp */
124			break;
125		case 'l':
126			lflag = 1;		/* long format */
127			break;
128		case 'm':
129			mflag = 1;		/* force exact match of names */
130			break;
131		case 'p':
132			pplan = 1;		/* don't show .plan/.project */
133			break;
134		case 's':
135			sflag = 1;		/* short format */
136			break;
137		case 'h':
138			oflag = 0;		/* remote host info */
139			break;
140		case 'o':
141			oflag = 1;		/* office info */
142			break;
143		case '?':
144		default:
145			usage();
146		}
147
148	return optind;
149}
150
151static void
152usage(void)
153{
154	(void)fprintf(stderr,
155	    "usage: finger [-46gklmpsho] [user ...] [user@host ...]\n");
156	exit(1);
157}
158
159int
160main(int argc, char **argv)
161{
162	int envargc, argcnt;
163	char *envargv[3];
164	struct passwd *pw;
165	static char myname[] = "finger";
166
167	if (getuid() == 0 || geteuid() == 0) {
168		invoker_root = 1;
169		if ((pw = getpwnam(UNPRIV_NAME)) && pw->pw_uid > 0) {
170			if (setgid(pw->pw_gid) != 0)
171				err(1, "setgid()");
172			if (setuid(pw->pw_uid) != 0)
173				err(1, "setuid()");
174		} else {
175			if (setgid(UNPRIV_UGID) != 0)
176				err(1, "setgid()");
177			if (setuid(UNPRIV_UGID) != 0)
178				err(1, "setuid()");
179		}
180	}
181
182	(void) setlocale(LC_ALL, "");
183
184				/* remove this line to get remote host */
185	oflag = 1;		/* default to old "office" behavior */
186
187	/*
188	 * Process environment variables followed by command line arguments.
189	 */
190	if ((envargv[1] = getenv("FINGER"))) {
191		envargc = 2;
192		envargv[0] = myname;
193		envargv[2] = NULL;
194		(void) option(envargc, envargv);
195	}
196
197	argcnt = option(argc, argv);
198	argc -= argcnt;
199	argv += argcnt;
200
201	(void)time(&now);
202	setpassent(1);
203	if (!*argv) {
204		/*
205		 * Assign explicit "small" format if no names given and -l
206		 * not selected.  Force the -s BEFORE we get names so proper
207		 * screening will be done.
208		 */
209		if (!lflag)
210			sflag = 1;	/* if -l not explicit, force -s */
211		loginlist();
212		if (entries == 0)
213			(void)printf("No one logged on.\n");
214	} else {
215		userlist(argc, argv);
216		/*
217		 * Assign explicit "large" format if names given and -s not
218		 * explicitly stated.  Force the -l AFTER we get names so any
219		 * remote finger attempts specified won't be mishandled.
220		 */
221		if (!sflag)
222			lflag = 1;	/* if -s not explicit, force -l */
223	}
224	if (entries) {
225		if (lflag)
226			lflag_print();
227		else
228			sflag_print();
229	}
230	return (0);
231}
232
233static void
234loginlist(void)
235{
236	PERSON *pn;
237	DBT data, key;
238	struct passwd *pw;
239	struct utmpx *user;
240	int r, sflag1;
241
242	if (kflag)
243		errx(1, "can't list logins without reading utmp");
244
245	setutxent();
246	while ((user = getutxent()) != NULL) {
247		if (user->ut_type != USER_PROCESS)
248			continue;
249		if ((pn = find_person(user->ut_user)) == NULL) {
250			if ((pw = getpwnam(user->ut_user)) == NULL)
251				continue;
252			if (hide(pw))
253				continue;
254			pn = enter_person(pw);
255		}
256		enter_where(user, pn);
257	}
258	endutxent();
259	if (db && lflag)
260		for (sflag1 = R_FIRST;; sflag1 = R_NEXT) {
261			PERSON *tmp;
262
263			r = (*db->seq)(db, &key, &data, sflag1);
264			if (r == -1)
265				err(1, "db seq");
266			if (r == 1)
267				break;
268			memmove(&tmp, data.data, sizeof tmp);
269			enter_lastlog(tmp);
270		}
271}
272
273static void
274userlist(int argc, char **argv)
275{
276	PERSON *pn;
277	DBT data, key;
278	struct utmpx *user;
279	struct passwd *pw;
280	int r, sflag1, *used, *ip;
281	char **ap, **nargv, **np, **p;
282	FILE *conf_fp;
283	char conf_alias[LINE_MAX];
284	char *conf_realname;
285	int conf_length;
286
287	if ((nargv = malloc((argc+1) * sizeof(char *))) == NULL ||
288	    (used = calloc(argc, sizeof(int))) == NULL)
289		err(1, NULL);
290
291	/* Pull out all network requests. */
292	for (ap = p = argv, np = nargv; *p; ++p)
293		if (strchr(*p, '@'))
294			*np++ = *p;
295		else
296			*ap++ = *p;
297
298	*np++ = NULL;
299	*ap++ = NULL;
300
301	if (!*argv)
302		goto net;
303
304	/*
305	 * Mark any arguments beginning with '/' as invalid so that we
306	 * don't accidentally confuse them with expansions from finger.conf
307	 */
308	for (p = argv, ip = used; *p; ++p, ++ip)
309	    if (**p == '/') {
310		*ip = 1;
311		warnx("%s: no such user", *p);
312	    }
313
314	/*
315	 * Traverse the finger alias configuration file of the form
316	 * alias:(user|alias), ignoring comment lines beginning '#'.
317	 */
318	if ((conf_fp = fopen(_PATH_FINGERCONF, "r")) != NULL) {
319	    while(fgets(conf_alias, sizeof(conf_alias), conf_fp) != NULL) {
320		conf_length = strlen(conf_alias);
321		if (*conf_alias == '#' || conf_alias[--conf_length] != '\n')
322		    continue;
323		conf_alias[conf_length] = '\0';      /* Remove trailing LF */
324		if ((conf_realname = strchr(conf_alias, ':')) == NULL)
325		    continue;
326		*conf_realname = '\0';               /* Replace : with NUL */
327		for (p = argv; *p; ++p) {
328		    if (strcmp(*p, conf_alias) == 0) {
329			if ((*p = strdup(conf_realname+1)) == NULL) {
330			    err(1, NULL);
331			}
332		    }
333		}
334	    }
335	    (void)fclose(conf_fp);
336	}
337
338	/*
339	 * Traverse the list of possible login names and check the login name
340	 * and real name against the name specified by the user. If the name
341	 * begins with a '/', try to read the file of that name instead of
342	 * gathering the traditional finger information.
343	 */
344	if (mflag)
345		for (p = argv, ip = used; *p; ++p, ++ip) {
346			if (**p != '/' || *ip == 1 || !show_text("", *p, "")) {
347				if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
348					enter_person(pw);
349				else if (!*ip)
350					warnx("%s: no such user", *p);
351			}
352		}
353	else {
354		while ((pw = getpwent()) != NULL) {
355			for (p = argv, ip = used; *p; ++p, ++ip)
356				if (**p == '/' && *ip != 1
357				    && show_text("", *p, ""))
358					*ip = 1;
359				else if (match(pw, *p) && !hide(pw)) {
360					enter_person(pw);
361					*ip = 1;
362				}
363		}
364		for (p = argv, ip = used; *p; ++p, ++ip)
365			if (!*ip)
366				warnx("%s: no such user", *p);
367	}
368
369	/* Handle network requests. */
370net:	for (p = nargv; *p;) {
371		netfinger(*p++);
372		if (*p || entries)
373		    printf("\n");
374	}
375
376	free(nargv);
377	free(used);
378	if (entries == 0)
379		return;
380
381	if (kflag)
382		return;
383
384	/*
385	 * Scan thru the list of users currently logged in, saving
386	 * appropriate data whenever a match occurs.
387	 */
388	setutxent();
389	while ((user = getutxent()) != NULL) {
390		if (user->ut_type != USER_PROCESS)
391			continue;
392		if ((pn = find_person(user->ut_user)) == NULL)
393			continue;
394		enter_where(user, pn);
395	}
396	endutxent();
397	if (db)
398		for (sflag1 = R_FIRST;; sflag1 = R_NEXT) {
399			PERSON *tmp;
400
401			r = (*db->seq)(db, &key, &data, sflag1);
402			if (r == -1)
403				err(1, "db seq");
404			if (r == 1)
405				break;
406			memmove(&tmp, data.data, sizeof tmp);
407			enter_lastlog(tmp);
408		}
409}
410