add -s flag; if specified in inetd, does not allow forwarding @ requests

2 files changed, 36 insertions, 7 deletions

diff --git a/libexec/fingerd/fingerd.8 b/libexec/fingerd/fingerd.8
index efb5226a9cd..072de359ca2 100644
--- a/libexec/fingerd/fingerd.8
+++ b/libexec/fingerd/fingerd.8
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     from: @(#)fingerd.8	6.4 (Berkeley) 3/16/91
-.\"	$Id: fingerd.8,v 1.1 1995/10/18 08:43:15 deraadt Exp $
+.\"	$Id: fingerd.8,v 1.2 1996/06/24 17:41:06 deraadt Exp $
 .\"
 .Dd March 16, 1991
 .Dt FINGERD 8
@@ -40,6 +40,7 @@
 .Nd remote user information server
 .Sh SYNOPSIS
 .Nm fingerd
+.Op Fl s
 .Sh DESCRIPTION
 .Nm Fingerd
 is a simple protocol based on
@@ -53,6 +54,13 @@ There is no required format and the
 protocol consists mostly of specifying a single
 .Dq command line .
 .Pp
+The
+.Fl s
+option prevents
+.Nm fingerd
+from doing lookups on names which have @ in them.  This allows subnetworks
+to be hidden from prying eyes.
+.Pp
 .Nm Fingerd
 listens for
 .Tn TCP
diff --git a/libexec/fingerd/fingerd.c b/libexec/fingerd/fingerd.c
index 04fac1d0538..2d4fbb9e6e1 100644
--- a/libexec/fingerd/fingerd.c
+++ b/libexec/fingerd/fingerd.c
@@ -39,13 +39,16 @@ char copyright[] =
 
 #ifndef lint
 /*static char sccsid[] = "from: @(#)fingerd.c	5.6 (Berkeley) 6/1/90";*/
-static char rcsid[] = "$Id: fingerd.c,v 1.2 1996/05/30 08:44:11 deraadt Exp $";
+static char rcsid[] = "$Id: fingerd.c,v 1.3 1996/06/24 17:41:07 deraadt Exp $";
 #endif /* not lint */
 
 #include <stdio.h>
 #include "pathnames.h"
 
-main()
+int
+main(argc, argv)
+	int argc;
+	char *argv[];
 {
 	register FILE *fp;
 	register int ch;
@@ -53,7 +56,8 @@ main()
 	int p[2];
 #define	ENTRIES	50
 	char **ap, *av[ENTRIES + 1], line[1024], *strtok();
-	int i;
+	int forward = 1, nvalid;
+	int i, j, l;
 
 #ifdef LOGGING					/* unused for now */
 #include <netinet/in.h>
@@ -65,6 +69,9 @@ main()
 		fatal("getpeername");
 #endif
 
+	if (argc > 1 && strcmp(argv[1], "-s") == 0)
+		forward = 0;
+
 	if (!fgets(line, sizeof(line), stdin))
 		exit(1);
 
@@ -81,13 +88,26 @@ main()
 		lp = NULL;
 	}
 
-	for (i = 1; av[i]; i++) {
-		int l = strlen(av[i]);
+	nvalid = 0;
+	if (av[1] == NULL)
+		nvalid = 1;
+	for (i = 1; av[i];) {
+		if (forward == 0 && strchr(av[i], '@')) {
+			/* no way, delete it! */
+			for (j = i; av[j]; j++)
+				av[j] = av[j+1];
+			if (av[i])
+				continue;
+			break;
+		}
 
+		l = strlen(av[i]);
 		while (av[i][l-1] == '@')
 			av[i][--l] = '\0';
 		if (av[i][0] == '\0')
 			av[i] = NULL;
+		nvalid++;
+		i++;
 	}
 
 	if (pipe(p) < 0)
@@ -100,7 +120,8 @@ main()
 			(void)dup2(p[1], 1);
 			(void)close(p[1]);
 		}
-		execv(_PATH_FINGER, av);
+		if (nvalid)
+			execv(_PATH_FINGER, av);
 		_exit(1);
 	case -1:
 		fatal("fork");