1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1989, 1993
5 *	The Regents of the University of California.  All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Tony Nardo of the Johns Hopkins University/Applied Physics Lab.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 *    may be used to endorse or promote products derived from this software
20 *    without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34
35/*
36 * Luke Mewburn <lm@rmit.edu.au> added the following on 940622:
37 *    - mail status ("No Mail", "Mail read:...", or "New Mail ...,
38 *	Unread since ...".)
39 *    - 4 digit phone extensions (3210 is printed as x3210.)
40 *    - host/office toggling in short format with -h & -o.
41 *    - short day names (`Tue' printed instead of `Jun 21' if the
42 *	login time is < 6 days.
43 */
44
45/*
46 * Finger prints out information about users.  It is not portable since
47 * certain fields (e.g. the full user name, office, and phone numbers) are
48 * extracted from the gecos field of the passwd file which other UNIXes
49 * may not have or may use for other things.
50 *
51 * There are currently two output formats; the short format is one line
52 * per user and displays login name, tty, login time, real name, idle time,
53 * and either remote host information (default) or office location/phone
54 * number, depending on if -h or -o is used respectively.
55 * The long format gives the same information (in a more legible format) as
56 * well as home directory, shell, mail info, and .plan/.project files.
57 */
58
59#include <sys/types.h>
60#include <sys/socket.h>
61#include <db.h>
62#include <err.h>
63#include <pwd.h>
64#include <stdio.h>
65#include <stdlib.h>
66#include <string.h>
67#include <time.h>
68#include <unistd.h>
69#include <utmpx.h>
70#include <locale.h>
71
72#include "finger.h"
73#include "pathnames.h"
74
75DB *db;
76time_t now;
77static int kflag, mflag, sflag;
78int entries, gflag, lflag, pplan, oflag;
79sa_family_t family = PF_UNSPEC;
80int d_first = -1;
81char tbuf[1024];
82int invoker_root = 0;
83
84static void loginlist(void);
85static int option(int, char **);
86static void usage(void) __dead2;
87static void userlist(int, char **);
88
89static int
90option(int argc, char **argv)
91{
92	int ch;
93
94	optind = 1;		/* reset getopt */
95
96	while ((ch = getopt(argc, argv, "46gklmpsho")) != -1)
97		switch(ch) {
98		case '4':
99			family = AF_INET;
100			break;
101		case '6':
102			family = AF_INET6;
103			break;
104		case 'g':
105			gflag = 1;
106			break;
107		case 'k':
108			kflag = 1;		/* keep going without utmp */
109			break;
110		case 'l':
111			lflag = 1;		/* long format */
112			break;
113		case 'm':
114			mflag = 1;		/* force exact match of names */
115			break;
116		case 'p':
117			pplan = 1;		/* don't show .plan/.project */
118			break;
119		case 's':
120			sflag = 1;		/* short format */
121			break;
122		case 'h':
123			oflag = 0;		/* remote host info */
124			break;
125		case 'o':
126			oflag = 1;		/* office info */
127			break;
128		case '?':
129		default:
130			usage();
131		}
132
133	return optind;
134}
135
136static void
137usage(void)
138{
139	(void)fprintf(stderr,
140	    "usage: finger [-46gklmpsho] [user ...] [user@host ...]\n");
141	exit(1);
142}
143
144int
145main(int argc, char **argv)
146{
147	int envargc, argcnt;
148	char *envargv[3];
149	struct passwd *pw;
150	static char myname[] = "finger";
151
152	if (getuid() == 0 || geteuid() == 0) {
153		invoker_root = 1;
154		if ((pw = getpwnam(UNPRIV_NAME)) && pw->pw_uid > 0) {
155			if (setgid(pw->pw_gid) != 0)
156				err(1, "setgid()");
157			if (setuid(pw->pw_uid) != 0)
158				err(1, "setuid()");
159		} else {
160			if (setgid(UNPRIV_UGID) != 0)
161				err(1, "setgid()");
162			if (setuid(UNPRIV_UGID) != 0)
163				err(1, "setuid()");
164		}
165	}
166
167	(void) setlocale(LC_ALL, "");
168
169				/* remove this line to get remote host */
170	oflag = 1;		/* default to old "office" behavior */
171
172	/*
173	 * Process environment variables followed by command line arguments.
174	 */
175	if ((envargv[1] = getenv("FINGER"))) {
176		envargc = 2;
177		envargv[0] = myname;
178		envargv[2] = NULL;
179		(void) option(envargc, envargv);
180	}
181
182	argcnt = option(argc, argv);
183	argc -= argcnt;
184	argv += argcnt;
185
186	(void)time(&now);
187	setpassent(1);
188	if (!*argv) {
189		/*
190		 * Assign explicit "small" format if no names given and -l
191		 * not selected.  Force the -s BEFORE we get names so proper
192		 * screening will be done.
193		 */
194		if (!lflag)
195			sflag = 1;	/* if -l not explicit, force -s */
196		loginlist();
197		if (entries == 0)
198			(void)printf("No one logged on.\n");
199	} else {
200		userlist(argc, argv);
201		/*
202		 * Assign explicit "large" format if names given and -s not
203		 * explicitly stated.  Force the -l AFTER we get names so any
204		 * remote finger attempts specified won't be mishandled.
205		 */
206		if (!sflag)
207			lflag = 1;	/* if -s not explicit, force -l */
208	}
209	if (entries) {
210		if (lflag)
211			lflag_print();
212		else
213			sflag_print();
214	}
215	return (0);
216}
217
218static void
219loginlist(void)
220{
221	PERSON *pn;
222	DBT data, key;
223	struct passwd *pw;
224	struct utmpx *user;
225	int r, sflag1;
226
227	if (kflag)
228		errx(1, "can't list logins without reading utmp");
229
230	setutxent();
231	while ((user = getutxent()) != NULL) {
232		if (user->ut_type != USER_PROCESS)
233			continue;
234		if ((pn = find_person(user->ut_user)) == NULL) {
235			if ((pw = getpwnam(user->ut_user)) == NULL)
236				continue;
237			if (hide(pw))
238				continue;
239			pn = enter_person(pw);
240		}
241		enter_where(user, pn);
242	}
243	endutxent();
244	if (db && lflag)
245		for (sflag1 = R_FIRST;; sflag1 = R_NEXT) {
246			PERSON *tmp;
247
248			r = (*db->seq)(db, &key, &data, sflag1);
249			if (r == -1)
250				err(1, "db seq");
251			if (r == 1)
252				break;
253			memmove(&tmp, data.data, sizeof tmp);
254			enter_lastlog(tmp);
255		}
256}
257
258static void
259userlist(int argc, char **argv)
260{
261	PERSON *pn;
262	DBT data, key;
263	struct utmpx *user;
264	struct passwd *pw;
265	int r, sflag1, *used, *ip;
266	char **ap, **nargv, **np, **p;
267	FILE *conf_fp;
268	char conf_alias[LINE_MAX];
269	char *conf_realname;
270	int conf_length;
271
272	if ((nargv = malloc((argc+1) * sizeof(char *))) == NULL ||
273	    (used = calloc(argc, sizeof(int))) == NULL)
274		err(1, NULL);
275
276	/* Pull out all network requests. */
277	for (ap = p = argv, np = nargv; *p; ++p)
278		if (strchr(*p, '@'))
279			*np++ = *p;
280		else
281			*ap++ = *p;
282
283	*np++ = NULL;
284	*ap++ = NULL;
285
286	if (!*argv)
287		goto net;
288
289	/*
290	 * Mark any arguments beginning with '/' as invalid so that we
291	 * don't accidentally confuse them with expansions from finger.conf
292	 */
293	for (p = argv, ip = used; *p; ++p, ++ip)
294	    if (**p == '/') {
295		*ip = 1;
296		warnx("%s: no such user", *p);
297	    }
298
299	/*
300	 * Traverse the finger alias configuration file of the form
301	 * alias:(user|alias), ignoring comment lines beginning '#'.
302	 */
303	if ((conf_fp = fopen(_PATH_FINGERCONF, "r")) != NULL) {
304	    while(fgets(conf_alias, sizeof(conf_alias), conf_fp) != NULL) {
305		conf_length = strlen(conf_alias);
306		if (*conf_alias == '#' || conf_alias[--conf_length] != '\n')
307		    continue;
308		conf_alias[conf_length] = '\0';      /* Remove trailing LF */
309		if ((conf_realname = strchr(conf_alias, ':')) == NULL)
310		    continue;
311		*conf_realname = '\0';               /* Replace : with NUL */
312		for (p = argv; *p; ++p) {
313		    if (strcmp(*p, conf_alias) == 0) {
314			if ((*p = strdup(conf_realname+1)) == NULL) {
315			    err(1, NULL);
316			}
317		    }
318		}
319	    }
320	    (void)fclose(conf_fp);
321	}
322
323	/*
324	 * Traverse the list of possible login names and check the login name
325	 * and real name against the name specified by the user. If the name
326	 * begins with a '/', try to read the file of that name instead of
327	 * gathering the traditional finger information.
328	 */
329	if (mflag)
330		for (p = argv, ip = used; *p; ++p, ++ip) {
331			if (**p != '/' || *ip == 1 || !show_text("", *p, "")) {
332				if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
333					enter_person(pw);
334				else if (!*ip)
335					warnx("%s: no such user", *p);
336			}
337		}
338	else {
339		while ((pw = getpwent()) != NULL) {
340			for (p = argv, ip = used; *p; ++p, ++ip)
341				if (**p == '/' && *ip != 1
342				    && show_text("", *p, ""))
343					*ip = 1;
344				else if (match(pw, *p) && !hide(pw)) {
345					enter_person(pw);
346					*ip = 1;
347				}
348		}
349		for (p = argv, ip = used; *p; ++p, ++ip)
350			if (!*ip)
351				warnx("%s: no such user", *p);
352	}
353
354	/* Handle network requests. */
355net:	for (p = nargv; *p;) {
356		netfinger(*p++);
357		if (*p || entries)
358		    printf("\n");
359	}
360
361	free(nargv);
362	free(used);
363	if (entries == 0)
364		return;
365
366	if (kflag)
367		return;
368
369	/*
370	 * Scan thru the list of users currently logged in, saving
371	 * appropriate data whenever a match occurs.
372	 */
373	setutxent();
374	while ((user = getutxent()) != NULL) {
375		if (user->ut_type != USER_PROCESS)
376			continue;
377		if ((pn = find_person(user->ut_user)) == NULL)
378			continue;
379		enter_where(user, pn);
380	}
381	endutxent();
382	if (db)
383		for (sflag1 = R_FIRST;; sflag1 = R_NEXT) {
384			PERSON *tmp;
385
386			r = (*db->seq)(db, &key, &data, sflag1);
387			if (r == -1)
388				err(1, "db seq");
389			if (r == 1)
390				break;
391			memmove(&tmp, data.data, sizeof tmp);
392			enter_lastlog(tmp);
393		}
394}
395