/
IcculusFinger_daemon.pl
executable file
·1083 lines (886 loc) · 36 KB
/
IcculusFinger_daemon.pl
OlderNewer
1
#!/usr/bin/perl -w -T
2
3
#-----------------------------------------------------------------------------
#
4
# Copyright (C) 2002 Ryan C. Gordon (icculus@icculus.org)
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#-----------------------------------------------------------------------------
#-----------------------------------------------------------------------------
# Revision history:
# (1.0 series comments removed. Check the download archives if you need them.)
# 2.0.0 : Rewrite into an actual finger daemon. MILLIONS of changes.
26
27
# 2.0.1 : Fixed > and < conversion.
# MUCH better Lynx support (thanks, Chunky_Ks)
28
# Added an "embed" arg.
29
30
# changed \r and \n in protocol chatter to \015 and \012.
# Made syslogging optional.
31
# Added "root" as a fakeuser.
32
# 2.0.2 : Added "time" and "ipaddr" fakeusers.
33
# 2.0.3 : Added "linkdigest" arg, and made it the default for text output.
34
35
# 2.0.4 : Added "noarchive" tagblocks and optional "plan written on"
# date/time output.
36
# 2.0.5 : Can now run as a full daemon, without inetd. Bunch of secutity
37
38
# cleanups, and enables taint mode (-T). Input can now timeout, so
# connections can't be hogged indefinitely anymore.
39
# 2.0.6 : Some syslogging added, minor fix in input reading.
40
# Zombie processes are cleaned up reliably, even under heavy load.
41
42
#-----------------------------------------------------------------------------
43
44
# !!! TODO: Let [img] tags nest inside [link] tags.
# !!! TODO: Make [center] tags attempt to format plain text.
45
46
47
48
49
use strict; # don't touch this line, nootch.
use warnings; # don't touch this line, either.
use DBI; # or this. I guess. Maybe.
50
51
# Version of IcculusFinger. Change this if you are forking the code.
52
my $version = "v2.0.6";
53
54
55
56
57
58
59
#-----------------------------------------------------------------------------#
# CONFIGURATION VARIABLES: Change to suit your needs... #
#-----------------------------------------------------------------------------#
# This is a the hostname you want to claim to be...
60
61
62
# This reports "Finger info for $user\@$host ..." in the web interface,
# and is used for listing finger requests to finger clients:
# "Finger $user?section=sectionname\@$host", etc.
63
64
my $host = 'icculus.org';
65
66
67
68
# This is the URL for fingering accounts, for when we need to generate
# URLs. "$url?user=$user§ion=sectionname".
my $base_url = 'http://icculus.org/cgi-bin/finger/finger.pl';
69
70
71
72
73
74
# The processes path is replaced with this string, for security reasons, and
# to satisfy the requirements of Taint mode. Make this as simple as possible.
# Currently, the only thing that uses the PATH environment var is the
# "fortune" fakeuser, which can be safely removed.
my $safe_path = '/usr/bin:/usr/local/bin';
75
76
# Turn the process into a daemon. This will handle creating/answering socket
# connections, and forking off children to handle them. This flag can be
77
78
# toggled via command line options (--daemonize, --no-daemonize, -d), but
# this sets the default. Daemonizing tends to speed up processing (since the
79
80
81
82
83
84
85
86
87
88
89
90
# script stays loaded/compiled), but may cause problems on systems that
# don't have a functional fork() or IO::Socket::INET package. If you don't
# daemonize, this program reads requests from stdin and writes results to
# stdout, which makes it suitable for command line use or execution from
# inetd and equivalents.
my $daemonize = 0;
# This is only used when daemonized. Specify the port on which to listen for
# incoming connections. The RFC standard finger port is 79.
my $server_port = 79;
# Set this to immediately drop priveledges by setting uid and gid to these
91
92
# values. Set to undef to not attempt to drop privs. You will probably need
# to leave these as undef and run as root (risky!) if you plan to enable
93
94
95
96
97
98
99
100
101
102
103
104
# $the use_homedir variable, below.
#my $wanted_uid = undef;
#my $wanted_gid = undef;
my $wanted_uid = 1056; # (This is the uid of "finger" ON _MY_ SYSTEM.)
my $wanted_gid = 971; # (This is the gid of "iccfinger" ON _MY_ SYSTEM.)
# This is only used when daemonized. Specify the maximum number of finger
# requests to service at once. A separate child process is fork()ed off for
# each request, and if there are more requests then this value, the extra
# clients will be made to wait until some of the current requests are
# serviced. 5 to 10 is usually a good number. Set it higher if you get a
# massive amount of finger requests simultaneously.
105
106
107
108
109
110
111
112
113
my $max_connects = 10;
# This is how long, in seconds, before an idle connection will be summarily
# dropped. This prevents abuse from people hogging a connection without
# actually sending a request, without this, enough connections like this
# will block legitimate ones. At worst, they can only block for this long
# before being booted and thus freeing their connection slot for the next
# guy in line. Setting this to undef lets people sit forever, but removes
# reliance on the IO::Select package. Note that this timeout is how long
114
# the user has to complete the read_request() function, so don't set it so
115
116
# low that legitimate lag can kill them. The default is usually safe.
my $read_timeout = 15;
117
118
119
120
121
# Set this to non-zero to log all finger requests via the standard Unix
# syslog facility (requires Sys::Syslog qw(:DEFAULT setlogsock) ...)
my $use_syslog = 1;
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# Set $use_homedir to something nonzero if want to read planfiles from the
# standard Unix location ("/home/$user/.plan"). Note that this is a security
# hole, as it means that either IcculusFinger must run as root to insure
# access to a user's homedir, or user's have to surrender a little more
# privacy to give a non-root user access to their homedirs. You should
# consider setting this to zero and reading the comments for $fingerspace,
# below. Note that IcculusFinger comes with a perl script for automating the
# moving of a system's planfiles from the the insecure method to the more
# secure $fingerspace method, including creating the symlinks so your users
# won't really notice a difference.
my $use_homedir = 0;
# If you set $use_homedir to 0, this is the directory that contains the
# planfiles in the format "$fingerdir$username" Note that THIS MUST HAVE
# THE TRAILING DIR SEPARATOR! This is ignored if $use_homedir is NOT zero.
my $fingerspace = '/fingerspace/';
# This is the maximum amount of data that IcculusFinger will read from a
# planfile. If this cuts off in the middle of an opened formatting tag,
# tough luck. IcculusFinger reads the entire planfile (up to the max you
# specify here) into memory before processing tags. Theoretically, this could
# be changed to handle tags on the fly, in which case users that would
# otherwise be over the limit might not be after processing sections, etc,
# but this is not the case here and now.
# Note that images specified inside [img] tags, etc are not counted towards
# this limit (since the web browser would be requesting those images
# separately), and only applies to the max bytes to be read directly from the
# planfile. This is merely here to prevent someone from symlinking their
# planfile to /dev/zero or something that could fill all available memory.
# This value is specified in bytes.
my $max_plan_size = (100 * 1024);
# This is the maximum size, in bytes, that a finger request can be. This is
# to prevent malicious finger clients from trying to fill all of system
# memory.
157
my $max_request_size = 512;
158
159
160
161
162
163
164
165
166
# This is what is reported to the finger client if the desired user's planfile
# is missing or empty, or the user is unknown (we make NO distinction, for
# the sake of security and privacy). This string can use IcculusFinger
# markup tags (we'll convert as appropriate), but must NOT use HTML directly,
# since it will confuse the regular finger client users. You should not
# leave this blank or undef it, since that's confusing for everyone.
my $no_report_string = "[center][i]Nothing to report.[/i][/center]";
167
168
169
170
# List at the bottom of the finger output (above wittyremark) when the .plan
# was last updated?
my $show_revision_date = 1;
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
# This is the default title for the webpage. The user can override it with
# the [title] tag in their .plan file. Do not use HTML. You can specify an
# empty string (""), but not undef; however, you should REALLY have a
# default here...
my $title = "IcculusFinger $version";
# Alternately, you can populate this array with strings, and IcculusFinger
# will randomly pick one at runtime. Note that the user's [title] tags also
# land in here, so you are interfering with their ability to override the
# title if you add to this array. The $title variable above is used only if
# this array is empty, and thus gives you a comfortable default in case the
# user doesn't supply her own title. Do as you will.
my @title_array;
# If you are a content-Nazi, you can prevent the user's [title] tags from
# being included in the parsing.
my $permit_user_titles = 1;
# This is printed after the credits at the bottom. Change it to whatever you
# like. Do not use HTML. You can specify an empty string (""), but undef
# doesn't fly here. The user can change this with [wittyremark] tags.
my $wittyremark = "Stick it in the camel and go.";
# Alternately, you can populate this array with strings, and IcculusFinger
# will randomly pick one at runtime. Note that the user's [wittyremark] tags
# also land in here, so you are interfering with their ability to override
# if you add to this array. The $wittyremark variable above is used only if
# this array is empty, and thus gives you a comfortable default in case the
# user doesn't supply her own content. Do as you will.
my @wittyremark_array;
# If you are a content-Nazi, you can prevent the user's [wittyremark] tags
# from being included in the parsing.
my $permit_user_wittyremarks = 1;
# You can screw up your output with this, if you like.
# You can append "?debug=1" to your finger request to enable this without
# changing the source.
my $debug = 0;
# This is the URL to where the script can be obtained. Feel free to change
# it if you you are forking the code, but unless you've got a good reason,
# I'd appreciate it if you'd leave my (ahem) official IcculusFinger webpage
# in this variable. Set it to undef to not supply a link at all in the
# final HTML output.
#my $scripturl = undef;
#my $scripturl = "/misc/finger.pl";
my $scripturl = "http://icculus.org/IcculusFinger/";
# This is only used in the HTML-formatted output.
# I'd prefer you leave this be, but change it if you must.
my $html_credits = (defined $scripturl) ?
"Powered by <a href=\"$scripturl\">IcculusFinger $version</a>" :
"Powered by IcculusFinger $version" ;
# This is only used in the plaintext-formatted output.
# I'd prefer you leave this be, but change it if you must.
my $text_credits = "Powered by IcculusFinger $version" .
((defined $scripturl) ? " ($scripturl)" : "");
# Set this to zero to disable planfile archive lookups.
my $use_database = 1;
# This is the host to connect to for database access.
my $dbhost = 'localhost';
# This is the username for the database connection.
my $dbuser = 'fingermgr';
# The database password can be entered in three ways: Either hardcode it into
# $dbpass, (which is a security risk, but is faster if you have a completely
# closed system), or leave $dbpass set to undef, in which case this script
# will try to read the password from the file specified in $dbpassfile (which
# means that this script and the database can be touched by anyone with read
# access to that file), or leave both undef to have DBI get the password from
# the DBI_PASS environment variable, which is the most secure, but least
# convenient.
my $dbpass = undef;
my $dbpassfile = '/etc/IcculusFinger_dbpass.txt';
# The name of the database to use once connected to the database server.
my $dbname = 'IcculusFinger';
# The name of the table inside the database we're using.
my $dbtable_archive = 'finger_archive';
# These are special finger accounts; when a user queries for this fake
# user, we hand back the string returned from the attached function as if
# it was the contents of a planfile. Be careful with this, as it opens up
# potential security holes.
# These subs do NOT have a maximum size limit imposed by the
# $max_plan_size setting, above.
# This hash is checked before actual planfiles, so you can override an
# existing user through this mechanism.
my %fakeusers; # the hash has to exist; don't comment this line.
$fakeusers{'fortune'} = sub {
return(`/usr/games/fortune`);
};
273
274
275
276
$fakeusers{'root'} = sub {
return("ph34r me, for i am root. I'm l33t as kittens.");
};
277
278
279
280
281
282
283
$fakeusers{'time'} = sub {
return("At the sound of the beep, it will be: " . scalar localtime() .
"\012\012\012\012 ...[b][i][u]BEEP.[/u][/i][/b]");
};
# This works if run from qmail's tcp-env, and not tcpd.
284
# also note that this is pretty useless for hits through the web
285
286
# interface, since the webserver's IP will be reported, not the
# browser's IP.
287
288
$fakeusers{'ipaddr'} = sub {
if (defined $ENV{'TCPREMOTEIP'}) {
289
return("Your IP address appears to be $ENV{'TCPREMOTEIP'}");
290
291
292
293
} else {
return(undef);
}
};
294
295
296
297
298
299
300
301
302
303
304
305
#-----------------------------------------------------------------------------#
# The rest is probably okay without you laying yer dirty mits on it. #
#-----------------------------------------------------------------------------#
my $is_web_interface = 0;
my $do_html_formatting = 0;
my $browser = "";
my $wanted_section = undef;
my $output_text = "";
my $archive_date = undef;
my $archive_time = undef;
306
307
my $list_sections = 0;
my $list_archives = 0;
308
my $embed = 0;
309
my $do_link_digest = undef;
310
311
312
313
314
315
316
317
318
319
my $did_output_start = 0;
sub output_start {
my ($user, $host) = @_;
return if ((not $is_web_interface) and (not $do_html_formatting));
return if $did_output_start;
$did_output_start = 1;
320
print <<__EOF__ if not $embed;
321
322
323
324
325
326
327
328
329
330
331
332
<html>
<head>
<title> $title </title>
</head>
<body>
<center><h1>Finger info for $user\@$host...</h1></center>
<hr>
__EOF__
333
print "\n<pre>\n" if ($browser !~ /Lynx/);
334
335
336
337
338
}
sub output_ending {
339
if (($is_web_interface) or ($do_html_formatting) and ($browser !~ /Lynx/)) {
340
341
342
print(" </pre>\n");
}
343
344
return if $embed;
345
346
347
348
349
my $revision = undef;
if (($show_revision_date) and (defined $archive_date)) {
$revision = "When this .plan was written: $archive_date";
}
350
if ($do_html_formatting) {
351
352
$revision = ((defined $revision) ? "$revision<br>\n" : '');
353
354
355
356
357
print <<__EOF__;
<hr>
<center>
<font size="-3">
358
$revision
359
360
361
362
363
364
365
366
367
$html_credits<br>
<i>$wittyremark</i>
</font>
</center>
__EOF__
} else {
# !!! FIXME : Make that ------ line fit the length of the strings.
print "-------------------------------------------------------------------------\n";
368
print "$revision\n" if (defined $revision);
369
370
371
372
373
374
375
376
377
378
379
380
381
382
print "$text_credits\n";
print "$wittyremark\n\n";
}
if (($is_web_interface) or ($do_html_formatting)) {
print(" </body>\n");
print("</html>\n");
print("\n");
}
}
sub parse_args {
my $args = shift;
383
384
if ((defined $args) and ($args ne '')) {
$args =~ s/\A\?//;
385
386
387
388
if ($args =~ s/(\A|&)web=(.*?)(&|\Z)/$1/) {
$is_web_interface = $2;
}
389
390
391
392
if ($args =~ s/(\A|&)html=(.*?)(&|\Z)/$1/) {
$do_html_formatting = $2;
}
393
394
395
396
if ($args =~ s/(\A|&)browser=(.*?)(&|\Z)/$1/) {
$browser = $2;
}
397
398
399
400
if ($args =~ s/(\A|&)debug=(.*?)(&|\Z)/$1/) {
$debug = $2;
}
401
402
403
404
405
if ($args =~ s/(\A|&)section=(.*?)(&|\Z)/$1/) {
$wanted_section = $2;
$wanted_section =~ tr/A-Z/a-z/;
}
406
407
408
409
if ($args =~ s/(\A|&)date=(.*?)(&|\Z)/$1/) {
$archive_date = $2;
}
410
411
412
413
if ($args =~ s/(\A|&)time=(.*?)(&|\Z)/$1/) {
$archive_time = $2;
}
414
415
416
417
if ($args =~ s/(\A|&)listsections=(.*?)(&|\Z)/$1/) {
$list_sections = $2;
}
418
419
420
421
if ($args =~ s/(\A|&)listarchives=(.*?)(&|\Z)/$1/) {
$list_archives = $2;
}
422
423
424
425
426
427
428
429
if ($args =~ s/(\A|&)embed=(.*?)(&|\Z)/$1/) {
$embed = $2;
}
if ($args =~ s/(\A|&)linkdigest=(.*?)(&|\Z)/$1/) {
$do_link_digest = $2;
}
430
431
}
432
433
434
# default behaviours that depend on output target...
$do_link_digest = !$do_html_formatting if (not defined $do_link_digest);
435
436
437
438
return($args);
}
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
sub get_sqldate {
my $mtime = shift;
my @t = localtime($mtime);
$t[5] = "0000" . ($t[5] + 1900);
$t[5] =~ s/.*?(\d\d\d\d)\Z/$1/;
$t[4] = "00" . ($t[4] + 1);
$t[4] =~ s/.*?(\d\d)\Z/$1/;
$t[3] = "00" . $t[3];
$t[3] =~ s/.*?(\d\d)\Z/$1/;
$t[2] = "00" . $t[2];
$t[2] =~ s/.*?(\d\d)\Z/$1/;
$t[1] = "00" . $t[1];
$t[1] =~ s/.*?(\d\d)\Z/$1/;
$t[0] = "00" . $t[0];
$t[0] =~ s/.*?(\d\d)\Z/$1/;
return('' . ($t[5]) . '-' . ($t[4]) . '-' . ($t[3]) . ' ' .
($t[2]) . ':' . ($t[1]) . ':' . ($t[0]));
}
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
sub get_database_link {
if (not defined $dbpass) {
if (defined $dbpassfile) {
open(FH, $dbpassfile) or return("failed to open $dbpassfile: $!\n");
$dbpass = <FH>;
chomp($dbpass);
$dbpass =~ s/\A\s*//;
$dbpass =~ s/\s*\Z//;
close(FH);
}
}
my $dsn = "DBI:mysql:database=$dbname;host=$dbhost";
$_[0] = DBI->connect($dsn, $dbuser, $dbpass) or
return(DBI::errstr);
return(undef);
}
sub load_archive_list {
480
my $user = shift;
481
482
483
my $link;
my $err = get_database_link($link);
return($err) if defined $err;
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
my $u = $link->quote($user);
my $sql = "select postdate from $dbtable_archive where username=$u" .
" order by postdate desc";
my $sth = $link->prepare($sql);
if (not $sth->execute()) {
$link->disconnect();
return "can't execute the query: $sth->errstr";
}
my @archivelist;
while (my @row = $sth->fetchrow_array()) {
push @archivelist, $row[0];
}
if ($#archivelist < 0) {
$output_text = ''; # will use $no_report_string.
} else {
$output_text = "Available archives:\n";
foreach (@archivelist) {
my ($d, $t) = /(\d\d\d\d-\d\d-\d\d) (\d\d:\d\d:\d\d)/;
$t =~ s/(..):(..):(..)/$1-$2-$3/;
if ($do_html_formatting) {
my $url = "$base_url?user=$user&date=$d&time=$t";
$output_text .= " \[link=\"$url\"\]$_\[/link\]\n";
} else {
$output_text .= " finger $user\@$host?&date=$d&time=$t\n";
}
}
}
$sth->finish();
$link->disconnect();
return(undef);
}
sub load_archive {
my $user = shift;
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
my $sqldate;
if (defined $archive_date) {
if ($archive_date =~ /\A\d\d\d\d-\d\d-\d\d\Z/) {
$sqldate = $archive_date;
} else {
return("Archive date must be in yyyy-mm-dd format.");
}
} else {
my @t = localtime(time());
$t[5] = "0000" . ($t[5] + 1900);
$t[5] =~ s/.*?(\d\d\d\d)\Z/$1/;
$t[4] = "00" . ($t[4] + 1);
$t[4] =~ s/.*?(\d\d)\Z/$1/;
$t[3] = "00" . $t[3];
$t[3] =~ s/.*?(\d\d)\Z/$1/;
$sqldate = '' . ($t[5]) . '-' . ($t[4]) . '-' . ($t[3]);
}
if (defined $archive_time) {
if ($archive_time =~ /\A(\d\d)-(\d\d)-(\d\d)\Z/) {
$sqldate .= " $1:$2:$3";
} else {
return("Archive date must be in hh-mm-ss format.");
}
} else {
$sqldate .= " 23:59:59"; # end of day.
}
553
554
555
my $link;
my $err = get_database_link($link);
return($err) if defined $err;
556
557
my $u = $link->quote($user);
558
559
my $sql = "select postdate, text from $dbtable_archive where username=$u" .
" and postdate<='$sqldate' order by postdate desc limit 1";
560
561
562
563
564
565
566
567
my $sth = $link->prepare($sql);
if (not $sth->execute()) {
$link->disconnect();
return "can't execute the query: $sth->errstr";
}
my @row = $sth->fetchrow_array();
if (not @row) {
568
$output_text = ''; # will use $no_report_string.
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
} else {
$row[1] =~ s/(\A.{0, $max_plan_size}).*\Z/$1/s;
$archive_date = $row[0];
$output_text = $row[1];
}
$sth->finish();
$link->disconnect();
return(undef);
}
sub load_file {
my $user = shift;
my $fname = ($use_homedir) ? "/home/$user/.plan" : "$fingerspace$user";
my $errormsg = undef;
if (not -f "$fname") { # this is NOT an error.
$output_text = "";
} else {
589
my $modtime = (stat($fname))[9];
590
591
592
593
594
595
596
597
if (not open(FINGER, '<', "$fname")) {
$errormsg = "Couldn't open planfile: $!";
} else {
if (not defined read(FINGER, $output_text, $max_plan_size)) {
$errormsg = "Couldn't read planfile: $!";
}
close(FINGER);
}
598
599
$archive_date = get_sqldate($modtime);
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
}
return($errormsg);
}
sub verify_and_load_request {
my ($args, $user) = @_;
my $errormsg = undef;
if ((defined $args) and ($args ne '')) {
$errormsg = "Unrecognized query arguments: \"$args\"";
} elsif (not defined $user) {
$errormsg = "No user specified.";
} elsif ($user =~ /\@/) {
$errormsg = "Finger request forwarding is forbidden.";
} elsif (length($user) > 20) {
# The 20 char limit is just for safety against potential buffer overflows
# in finger servers, but it's more or less arbitrary.
# !!! TODO FIXME: Check for bogus characters in username/host.
$errormsg = "Bogus user specified.";
} else {
if (defined $fakeusers{$user}) {
$output_text = $fakeusers{$user}->();
}
625
elsif ($list_archives) {
626
$errormsg = load_archive_list($user);
627
}
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
elsif ((defined $archive_date) or (defined $archive_time)) {
$errormsg = load_archive($user);
} else {
$errormsg = load_file($user);
}
}
if (defined $errormsg) {
output_start($user, $host);
print " <center><h1>" if $do_html_formatting;
print "$errormsg";
print "</h1></center>" if $do_html_formatting;
print "\n";
output_ending();
return(0);
}
return(1);
}
sub do_fingering {
my ($query_string, $user) = @_;
651
my @link_digest;
652
653
654
655
656
657
658
659
660
661
if ($debug) {
$title = "debugging...";
output_start($user, $host);
print("WARNING: Debug output is enabled in this finger request!\n");
print("Original query string: \"$query_string\"\n");
print("fingering $user ...\n");
print("HTML formatting: $do_html_formatting ...\n");
print("Is web interface: $is_web_interface ...\n");
print("Browser: $browser ...\n");
662
663
print("Embedding: $embed ...\n");
print("Doing link digest: $do_link_digest ...\n");
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
}
if ((not defined $output_text) or ($output_text eq "")) {
$output_text = $no_report_string;
}
# Change [title][/title] tags.
while ($output_text =~ s/\[title\](.*?)\[\/title\](\r\n|\n|\b)//is) {
push @title_array, $1 if $permit_user_titles;
}
# Change [wittyremark][/wittyremark] tags.
while ($output_text =~ s/\[wittyremark\](.*?)\[\/wittyremark\](\r\n|\n|\b)//is) {
push @wittyremark_array, $1 if $permit_user_wittyremarks;
}
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
# !!! FIXME: Make this a separate subroutine?
if ($list_sections) {
my @sectionlist;
while ($output_text =~ s/\[section=\"(.*?)\"\](\r\n|\n|\b)(.*?)\[\/section\](\r\n|\n|\b)/$3/is) {
push @sectionlist, $1;
}
$output_text = "Available sections:\n";
if ($do_html_formatting) {
foreach (@sectionlist) {
my $url = "$base_url?user=$user§ion=$_";
$output_text .= " \[link=\"$url\"\]$_\[/link\]\n";
}
} else {
foreach (@sectionlist) {
$output_text .= " finger $user\@$host?section=$_\n";
}
}
}
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
# Select a section.
while ($output_text =~ s/\[defaultsection=\"(\w*)\"\](\r\n|\n|\b)//) {
$wanted_section = $1 if (not defined $wanted_section);
}
if (defined $wanted_section) {
print("Using specific section: $wanted_section ...\n") if $debug;
# !!! FIXME: Why isn't the substitution working? I need to assign $2 directly for some reason...
if ($output_text =~ s/\[section=\"$wanted_section\"\](\r\n|\n|\b)(.*?)\[\/section\](\r\n|\n|\b)/$2/is) {
$output_text = $2;
} else {
$output_text = "section \"$wanted_section\" not found.\n";
}
} else {
1 while ($output_text =~ s/\[section=\".*?\"\](.*?)\[\/section\](\r\n|\n|\b)/$1/is);
}
if (($do_html_formatting) or ($is_web_interface)) {
# HTMLify some characters...
1 while ($output_text =~ s/</</s);
1 while ($output_text =~ s/>/>/s);
}
# Change [b][/b] tags.
if ($do_html_formatting) {
1 while ($output_text =~ s/\[b](.*?)\[\/b\]/<b>$1<\/b>/is);
} else {
1 while ($output_text =~ s/\[b](.*?)\[\/b\]/$1/is);
}
# Change [i][/i] tags.
if ($do_html_formatting) {
1 while ($output_text =~ s/\[i](.*?)\[\/i\]/<i>$1<\/i>/is);
} else {
1 while ($output_text =~ s/\[i](.*?)\[\/i\]/$1/is);
}
# Change [u][/u] tags.
if ($do_html_formatting) {
1 while ($output_text =~ s/\[u](.*?)\[\/u\]/<u>$1<\/u>/is);
} else {
1 while ($output_text =~ s/\[u](.*?)\[\/u\]/$1/is);
}
# Change [center][/center] tags.
if ($do_html_formatting) {
if ($browser =~ /Opera/) {
while ($output_text =~ /\[center](.*?)\[\/center\]/is) {
my $buf = $1;
1 while ($buf =~ s/\n/<br>/s);
$output_text =~ s/\[center](.*?)\[\/center\]/<\/pre><center><code>$buf<\/code><\/center><pre>/is;
}
} else {
1 while ($output_text =~ s/\[center](.*?)\[\/center\]/<center>$1<\/center>/is);
}
} else {
1 while ($output_text =~ s/\[center](.*?)\[\/center\]/$1/is);
}
# Change [font][/font] tags.
if ($do_html_formatting) {
1 while ($output_text =~ s/\[font (.*?)](.*?)\[\/font\]/<font $1>$2<\/font>/is);
} else {
1 while ($output_text =~ s/\[font (.*?)](.*?)\[\/font\]/$2/is);
}
# Change [link][/link] tags.
if ($do_html_formatting) {
1 while ($output_text =~ s/\[link=\"(.*?)\"\](.*?)\[\/link\]/<a href=\"$1\">$2<\/a>/is);
770
771
772
773
774
775
776
} elsif ($do_link_digest) {
my $x = $#link_digest + 2; # start at one.
while ($output_text =~ s/\[link=\"(.*?)\"\](.*?)\[\/link\]/$2 \[$x\]/is) {
push @link_digest, $1;
$x++;
}
} else { # ugly-ass text output.
777
778
779
780
781
782
783
784
785
786
1 while ($output_text =~ s/\[link=\"(.*?)\"\](.*?)\[\/link\]/$2 \[$1\]/is);
}
# Change [img][/img] tags.
if ($do_html_formatting) {
1 while ($output_text =~ s/\[img=\"(.*?)\"\](.*?)\[\/img\]/<img src=\"$1\" alt=\"$2\">/is);
} else {
1 while ($output_text =~ s/\[img=\"(.*?)\"\](.*?)\[\/img\]/$2/is);
}
787
788
789
# Ditch [noarchive][/noarchive] tags ... those are metadata.
1 while ($output_text =~ s/\[noarchive](.*?)\[\/noarchive\]/$1/is);
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
if ($do_html_formatting) {
# try to make URLs into hyperlinks in the HTML output.
1 while ($output_text =~ s/(?<!href=")(?<!src=")(?<!">)\b([a-zA-Z]+?:\/\/[-~=\w&\.\/?]+)/<a href="$1">$1<\/a>/);
# try to make email addresses into hyperlinks in the HTML output.
1 while ($output_text =~ s/\b(?<!href="mailto:)(?<!">)\b([\w\.]+?\@[\w\.]+)(\b|\.)/<a href=\"mailto:$1\">$1<\/a>/);
# HTMLify newlines.
#1 while ($output_text =~ s/\r//s);
#1 while ($output_text =~ s/(?<!<br>)\n/<br>\n/s);
}
# this has to be done after any possible URL detection...
# convert ampersands for the browser.
if (($do_html_formatting) or ($is_web_interface)) {
805
806
807
808
1 while ($output_text =~ s/(?<!">)\&(?!lt)(?!gt)(?!amp)/&/s);
}
if ($do_html_formatting and ($browser =~ /Lynx/)) {
809
810
811
# !!! FIXME: executable regexps suck.
# !!! FIXME: This doesn't work very well.
1 while ($output_text =~ s/^( +)/" " x length($1)/mse);
812
813
1 while ($output_text =~ s/\r//s);
1 while ($output_text =~ s/\n/<br>/s);
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
}
if ($#title_array >= 0) {
$title = $title_array[int(rand($#title_array + 1))];
}
if ($#wittyremark_array >= 0) {
$wittyremark = $wittyremark_array[int(rand($#wittyremark_array + 1))];
}
# Pick a random title...
if ($debug) {
my $x;
$x = $#title_array + 1;
print("Number of titles: $x ...\n");
print(" titles:\n");
foreach (@title_array) {
print(" - [$_]\n");
}
print("Chosen: [$title].\n");
$x = $#wittyremark_array + 1;
print("Number of witty remarks: $x ...\n");
print(" witty remarks:\n");
foreach (@wittyremark_array) {
print(" - [$_]\n");
}
print("Chosen: [$wittyremark].\n");
844
845
846
$x = $#link_digest + 1;
print("Items in link digest: $x ... \n");
847
848
849
850
851
852
853
854
855
print("\n");
print("Actual finger output begins below line...\n");
print("---------------------------------------------------\n");
}
if ((not $do_html_formatting) and (not $is_web_interface)) {
$output_text = "$title\n\n" . $output_text;
}
856
857
858
859
860
861
862
863
864
865
if (($do_link_digest) and ($#link_digest >= 0)) {
$output_text .= "\n\n";
my $idx = 0;
foreach (@link_digest) {
$idx++; # start at one.
$output_text .= " [$idx] $_\n";
}
}
866
867
868
869
870
871
872
873
874
875
876
1 while ($output_text =~ s/\A\n//s); # Remove starting newlines.
1 while ($output_text =~ s/\n\Z//s); # Remove trailing newlines.
output_start($user, $host);
print("$output_text\n");
output_ending();
}
sub read_request {
my $retval = '';
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
my $count = 0;
my $s = undef;
my $elapsed = undef;
my $starttime = undef;
if (defined $read_timeout) {
$s = new IO::Select();
$s->add(fileno(STDIN));
$starttime = time();
$elapsed = 0;
}
while (1) {
if (defined $read_timeout) {
my $ready = scalar($s->can_read($read_timeout - $elapsed));
return undef if (not $ready);
$elapsed = (time() - $starttime);
}
895
896
897
898
my $ch;
my $rc = sysread(STDIN, $ch, 1);
return undef if ($rc != 1);
899
if ($ch ne "\015") {
900
return($retval) if ($ch eq "\012");
901
$retval .= $ch;
902
903
$count++;
return($retval) if ($count >= $max_request_size);
904
905
906
}
}
907
return(undef); # shouldn't ever hit this.
908
909
910
}
911
912
913
sub finger_mainline {
my $query_string = read_request();
914
915
916
917
918
919
920
921
922
923
924
my $syslog_text;
if (not defined $query_string) {
$syslog_text = "input timeout on finger request. Dropped client.\n";
print($syslog_text); # tell the client, if they care.
syslog("info", $syslog_text) if ($use_syslog);
} else {
$syslog_text = "finger request: \"$query_string\"\n";
if ($use_syslog) {
syslog("info", $syslog_text) or
die("Couldn't write to syslog: $!\n");
}
925
926
927
928
my ($user, $args) = $query_string =~ /\A(.*?)(\?.*|\b)\Z/;
$user =~ tr/A-Z/a-z/ if defined $user;
$args = parse_args($args);
929
930
931
932
if (verify_and_load_request($args, $user)) {
do_fingering($query_string, $user)
}
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
}
return(0);
}
sub syslog_and_die {
my $err = shift;
$err .= "\n";
syslog("info", $err) if ($use_syslog);
die($err);
}
sub go_to_background {
use POSIX 'setsid';
chdir('/') or syslog_and_die("Can't chdir to '/': $!");
open STDIN,'/dev/null' or syslog_and_die("Can't read '/dev/null': $!");
open STDOUT,'>/dev/null' or syslog_and_die("Can't write '/dev/null': $!");
defined(my $pid=fork) or syslog_and_die("Can't fork: $!");
exit if $pid;
setsid or syslog_and_die("Can't start new session: $!");
open STDERR,'>&STDOUT' or syslog_and_die("Can't duplicate stdout: $!");
956
syslog("info", "Daemon process is now detached") if ($use_syslog);
957
958
959
960
961
}
sub drop_privileges {
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
962
$ENV{'PATH'} = $safe_path;
963
964
965
966
967
$) = $wanted_gid if (defined $wanted_gid);
$> = $wanted_uid if (defined $wanted_uid);
}
968
969
970
971
972
973
974
sub signal_catcher {
my $sig = shift;
syslog("info", "Got signal $sig. Shutting down.") if ($use_syslog);
exit 0;
}
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
my @kids;
use POSIX ":sys_wait_h";
sub reap_kids {
my $i = 0;
my $x = scalar(@kids);
while ($i < scalar(@kids)) {
my $rc = waitpid($kids[$i], &WNOHANG);
if ($rc != 0) { # reaped a zombie.
splice(@kids, $i, 1); # take it out of the array.
} else { # still alive, try next one.
$i++;
}
}
$SIG{CHLD} = \&reap_kids; # make sure this works on crappy SysV systems.
}
993
994
# Mainline.
995
996
997
998
if (defined $read_timeout) {
use IO::Select;
}
999
1000
foreach (@ARGV) {
$daemonize = 1, next if $_ eq '--daemonize';