--- ttysnoop-0.12d.orig/snooptab.dist +++ ttysnoop-0.12d/snooptab.dist @@ -1,19 +1,29 @@ -# # /etc/snooptab # +# these display directly on the specified tty.. no client necessary +# # tty snoopdev type execpgm # -ttyS1 /dev/tty7 login /bin/login -ttyS2 /dev/tty8 login /bin/login +#ttyS1 /dev/tty7 login /bin/login +#ttyS2 /dev/tty8 login /bin/login # -# remember to inform your gettys on the above lines -# that /etc/ttysnoops is the login program now # -# the 'socket' snoop-device is for use with the -# ttysnoop client -# (any tty not listed above will match the wildcard) +# the 'socket' snoop-device is for use with the ttysnoop client (any tty not +# listed above will match the wildcard) # * socket login /bin/login # -# remember to inform your telnetd that /etc/ttysnoops -# is the login program now +# remember to inform your incoming daemons that /usr/sbin/ttysnoops is +# the login program +# +# example: (for /etc/inetd.conf) +# telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd -L /usr/sbin/ttysnoops +# +# example /etc/inittab (using agetty): +# s2:23:respawn:/sbin/getty 38400 ttyS2 vt100 -l /usr/sbin/ttysnoops +# +# or, if you're using mgetty: (/etc/mgetty/login.config) replace: +# * - - /bin/login @ +# with: +# * - - /usr/sbin/ttysnoops @ + --- ttysnoop-0.12d.orig/ttysnoops.c +++ ttysnoop-0.12d/ttysnoops.c @@ -18,6 +18,7 @@ v0.12d 8-4-98 Carl Declerck - updated #includes a bit */ +#define _XOPEN_SOURCE /* ptsname() */ #include #include #include @@ -43,9 +44,10 @@ #endif #include "config.h" #include "common.h" - +#include "logwtmp.h" #define BUFF_SIZE 256 +#define PASS_SIZE 256 char buff[BUFF_SIZE]; @@ -53,6 +55,7 @@ int pgmpid = -1, authpid = -1, servpid = -1; int use_socket = 0, fdmax = 0, proctype = DEAD_PROCESS; char snoopdev[32], ptynam[32], childproc[128], sockname[128]; +char *short_ptynam, *shorter_ptynam; /* read a single line from a stream, ignoring all irrelevant stuff */ @@ -147,7 +150,17 @@ } /* find & open a pty to be used by the pty-master */ +int open_unix98_master (char *ptyname) +{ + int fd = open("/dev/ptmx", O_RDWR); + char *name = "unknown"; + if (fd >= 0) + name = ptsname(fd); + if (name) + strcpy(ptyname, name); + return fd; +} int find_ptyxx (char *ptyname) { int fd, i, j; @@ -179,6 +192,20 @@ /* find & open a pty (tty) to be used by pty-client */ +int open_unix98_slave (int ptyfd) +{ + int fd; + char *name = ptsname(ptyfd); + + grantpt(ptyfd); + unlockpt(ptyfd); + + if ((fd = open(name, O_RDWR)) >= 0) + return fd; + + close(ptyfd); + return -1; +} int find_ttyxx (char *ttyname, int ptyfd) { struct group *grp; @@ -199,23 +226,36 @@ return (-1); } +void abbreviate_ptyname (char *name, char **shortname, char **shortername) +{ + *shortname = *shortername = name; + if (!name) + return; + if (strncmp(name, "/dev/", 5)) + return; + *shortname = *shortername = name + 5; + if (!strncmp(name, "/dev/tty", 8)) + *shortername = name + 8; + else if (!strncmp(name, "/dev/pts/", 9)) + *shortername = name + 9; +} + /* fork off the pty-client and redirect its stdin/out/err to the pty */ int fork_pty (int *ptyfd, char *ttynam) { struct termios term; struct winsize twin; - int ttyfd, pid; - char name[32]; + int ttyfd, pid, is_unix98 = 0; tcgetattr (STDIN_FILENO, &term); ioctl (STDIN_FILENO, TIOCGWINSZ, (char *) &twin); - if ((*ptyfd = find_ptyxx(name)) < 0) + if ((*ptyfd = open_unix98_master(ttynam)) >= 0) + is_unix98 = 1; + else if ((*ptyfd = find_ptyxx(ttynam)) < 0) errorf ("can't open pty\n"); - strcpy (ttynam, leafname(name)); - if ((pid = fork()) < 0) errorf ("can't fork\n"); @@ -223,8 +263,12 @@ { if (setsid() < 0) errorf ("setsid failed\n"); - - if ((ttyfd = find_ttyxx(name, *ptyfd)) < 0) + + if (is_unix98) + ttyfd = open_unix98_slave(*ptyfd); + else + ttyfd = find_ttyxx(ttynam, *ptyfd); + if (ttyfd < 0) errorf ("can't open tty\n"); close (*ptyfd); @@ -317,7 +361,7 @@ #endif int ret = 0; - char buff[16], *pwbuff; + char buff[PASS_SIZE], *pwbuff; if ((authpid = fork()) == 0) /* authentication child */ { @@ -374,6 +418,8 @@ *utmp.ut_user = 0; pututline (&utmp); endutent (); + /* fix wtmp. the above only fixes utmp. Fixed by wakko@ani.ml.org */ + logwtmp(ptynam, "", ""); } /* do a graceful closedown */ @@ -381,7 +427,7 @@ void closedown (void) { if (servpid == getpid()) /* only server must clear utmp entry */ - cleanup_utmp (ptynam); + cleanup_utmp (short_ptynam); stty_orig (); } @@ -433,7 +479,7 @@ struct sockaddr_un serv_addr, cli_addr; fd_set readset; struct utmp utmp; - int ptyfd, servfd, len, n, sel, susp = 0; + int ptyfd, servfd, len = sizeof(cli_addr), n, sel, susp = 0; if (!isatty(STDIN_FILENO)) errorf ("stdin is not a tty\n"); @@ -452,14 +498,17 @@ /* fork off the client and load the new image */ - if ((pgmpid = fork_pty(&ptyfd, ptynam)) == 0) /* child */ + if ((pgmpid = fork_pty(&ptyfd, ptynam)) < 0) + errorf ("cannot fork\n"); + abbreviate_ptyname(ptynam, &short_ptynam, &shorter_ptynam); + if (pgmpid == 0) /* child */ { /* should we update utmp to reflect the change to ttypX ? */ if (proctype == LOGIN_PROCESS) { - strncopy (utmp.ut_line, ptynam); - strncopy (utmp.ut_id, ptynam + 3); + strncopy (utmp.ut_line, short_ptynam); + strncopy (utmp.ut_id, shorter_ptynam); *utmp.ut_host = 0; utmp.ut_addr = 0; strncopy (utmp.ut_user, "LOGIN"); @@ -494,7 +543,7 @@ if ((servfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) errorf ("can't create server socket\n"); - sprintf (sockname, "%s/%s", SPOOLDIR, ptynam); + sprintf (sockname, "%s/%s", SPOOLDIR, shorter_ptynam); unlink (sockname); serv_addr.sun_family = AF_UNIX; strncopy (serv_addr.sun_path, sockname); --- ttysnoop-0.12d.orig/debian/README.debian +++ ttysnoop-0.12d/debian/README.debian @@ -0,0 +1,54 @@ +ttysnoop for debian +------------------- + +First of all, for the impatient, there are a few setup hints in /etc/snooptab.. +check'em out. + +You can setup ttysnoop in a number of ways including: + +A virtual console +----------------- + +Just edit /etc/inittab in your favorite text editor and modify any +terminal line (X=number of the vt) from +X:23:respawn:/sbin/getty 38400 ttyX +to +X:23:respawn:/sbin/getty 38400 ttyX -l /usr/sbin/ttysnoops + +Then have init re-read it running 'init q' + +A remote server (such as telnet) +-------------------------------- + +Modify your /etc/inetd.conf configuration file from +telnet stream tcp nowait telnetd.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd +to +telnet stream tcp nowait root.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd -L /usr/sbin/ttysnoops + +And reload the 'inetd' server with '/etc/init.d/inetd reload' + +Notice that ttysnoops needs to run as 'root' or otherwise it won't work. Since +it has not been thoroughly audited is not recommended to setup a network +service using it (and giving it full priviledges) since it will probably +not be a good idea. + +When users connect +------------------ + +To look at what users are doing you should use the program 'ttysnoop'. +You will notice a number of files in the /var/spool/ttysnoop/ directory, like: +ttyp0= +ttyp1= + +These file are pseudo terminals you can hook ttysnoop to, just do +'ttysnoop ttypX' enter the root password on request and you will +be able to see what a user is typing and even write on his own terminal. + +NOTE: For obvious reasons the Debian package will not do any changes to your +system's configuration by itself. + +------------------- +Paul Haggart +phaggart@debian.org +Javier Fernandez-Sanguino +jfs@debian.org --- ttysnoop-0.12d.orig/debian/copyright +++ ttysnoop-0.12d/debian/copyright @@ -0,0 +1,35 @@ +This package was debianized by Paul Haggart on +Mon, 31 Mar 1997 01:10:54 -0500. + +It was downloaded from ftp.cc.gatech.edu + +Copyright: + +This software is distributed under the GNU GPL license, you can find +a copy of it in your Debian system under /usr/share/common-licenses/ + +There are no docs saying it explicitly, however the Debian maintainer +-did- get an email back from the author clarifying the copyright. + +Date: Sun, 6 Apr 1997 11:58:59 +0100 (GMT+0100) +From: Carl Declerck +To: Paul Haggart +Subject: Re: ttysnoop copyright definition + +On Mon, 31 Mar 1997, Paul Haggart wrote: + +> I am packaging up your 'ttysnoop' program for use in debian linux systems. +> Would it be possible for me to get a PGP signed message from you stating the +> package's copyright? I couldn't find anything about the current status of +> the program -anywhere- in the source tree. + +The copying & usage policy for ttysnoop is the standard GNU Public License. +I know this is not in the current distribution archive (it will be in future +ones), but there is an (old) entry for ttysnoop in the Linux Software Map +stating this. + +Sorry, not PGP signed since I don't have PGP installed on this machine. + +Cheers, Carl. + + --- ttysnoop-0.12d.orig/debian/dirs +++ ttysnoop-0.12d/debian/dirs @@ -0,0 +1,5 @@ +etc +usr/sbin +usr/share/man/man8 +usr/share/doc/ttysnoop +var/spool/ttysnoop --- ttysnoop-0.12d.orig/debian/conffiles +++ ttysnoop-0.12d/debian/conffiles @@ -0,0 +1 @@ +/etc/snooptab --- ttysnoop-0.12d.orig/debian/rules +++ ttysnoop-0.12d/debian/rules @@ -0,0 +1,64 @@ +#!/usr/bin/make -f +# Made with the aid of debmake, by Christoph Lameter, +# based on the sample debian/rules file for GNU hello by Ian Jackson. + +package=ttysnoop + +build: + $(checkdir) + make CFLAGS="-O2 -g -Wall" + touch build + +clean: + $(checkdir) + -rm -f build + -make clean + -rm -f `find . -name "*~"` + -rm -rf debian/tmp debian/files* core debian/substvars + +binary-indep: checkroot build + $(checkdir) + +binary-arch: checkroot build + $(checkdir) + -rm -rf debian/tmp + install -d debian/tmp + cd debian/tmp && install -d `cat ../dirs` + + install -s ttysnoop debian/tmp/usr/sbin + install -s ttysnoops debian/tmp/usr/sbin + install -m 0644 ttysnoop.8 debian/tmp/usr/share/man/man8 + gzip -9 debian/tmp/usr/share/man/man8/ttysnoop.8 + (cd debian/tmp/usr/share/man/man8; ln -s ttysnoop.8.gz ttysnoops.8.gz) + install -m 0644 snooptab.dist debian/tmp/etc/snooptab + + install -m 0644 README debian/tmp/usr/share/doc/ttysnoop/ + install -m 0644 debian/README.debian debian/tmp/usr/share/doc/ttysnoop/ + install -m 0644 debian/copyright debian/tmp/usr/share/doc/ttysnoop/ + install -m 0644 debian/changelog debian/tmp/usr/share/doc/ttysnoop/changelog.Debian + gzip -9 debian/tmp/usr/share/doc/ttysnoop/changelog.Debian + + mkdir -p debian/tmp/DEBIAN + cp debian/conffiles debian/tmp/DEBIAN + dpkg-shlibdeps debian/tmp/usr/sbin/* + dpkg-gencontrol -isp + cd debian/tmp >/dev/null ;\ + find * -type f ! -regex '^DEBIAN/.*' -print0 | xargs -r0 md5sum > DEBIAN/md5sums + pwd + chown -R root.root debian/tmp + chmod -R go=rX debian/tmp + dpkg --build debian/tmp .. + +define checkdir + test -f debian/rules +endef + +# Below here is fairly generic really + +binary: binary-indep binary-arch + +checkroot: + $(checkdir) + test root = "`whoami`" + +.PHONY: binary binary-arch binary-indep clean checkroot --- ttysnoop-0.12d.orig/debian/changelog +++ ttysnoop-0.12d/debian/changelog @@ -0,0 +1,103 @@ +ttysnoop (0.12d-3) unstable; urgency=low + + * Patched ttysnoops.c to initialize 'len' var for accept() call. + Thanks Ken-ichirou MATSUZAWA for the patch. + * Bumped Standards-Version to 3.7.2.2, no change. + + -- Alberto Gonzalez Iniesta Thu, 22 Feb 2007 23:10:18 +0100 + +ttysnoop (0.12d-2) unstable; urgency=low + + * Applied patch to fix Unix98 PTYs. (Closes: #87371) + Big thanks to Peter Samuelson for the patch! + + -- Alberto Gonzalez Iniesta Thu, 10 Nov 2005 18:43:26 +0100 + +ttysnoop (0.12d-1) unstable; urgency=low + + * New upstream release + * Changed maintainer email address + * Rewrote debian/rules and removed Build-Depends on debmake + + -- Alberto Gonzalez Iniesta Fri, 25 Mar 2005 11:05:13 +0100 + +ttysnoop (0.12c-8) unstable; urgency=low + + * New maintainer. (Closes :#210892) + * Bumped Standards-Version to 3.6.1.0, no change. + + -- Alberto Gonzalez Iniesta Sat, 20 Sep 2003 18:45:31 +0200 + +ttysnoop (0.12c-7.2) unstable; urgency=low + + * NMU, at request of previous NMU'er. + * Really add Build-Depends on debmake this time. Closes: #190609. + + -- Daniel Schepler Sun, 24 Aug 2003 17:24:31 -0700 + +ttysnoop (0.12c-7.1) unstable; urgency=low + + * Non-Mainter-Upload + This package was getting quite rusty and bugs were easy to solve + anyhow so I'm going to spend a little time with it now that + the 0-day NMU is ok... + - Increased buffer for passwords to PASS_SIZE (set to 256 so + that's 255 chars for the password) (Closes: #122800, #122802) + - Added debmake to Build-Depends (Closes: #190609) + - Added GPL note to debian/copyright (Closes: #133506) + - Added more documentation on README.Debian which specifically + says that ttysnoop must run as root if going through inetd + (Closes: #97719) + - Fixed some lintians errors/warnings including the old emacs + note in debian/changelog and adding the '-isp' option to + dpkg-gencontrol to add Section and Priority information to the + control file. + + -- Javier Fernandez-Sanguino Pen~a Wed, 20 Aug 2003 03:34:39 +0200 + +ttysnoop (0.12c-7) unstable; urgency=low + + * recompiled with glibc2.1 + * updated standards version + + -- Paul Haggart Fri, 12 Nov 1999 09:38:32 -0500 + +ttysnoop (0.12c-6) unstable; urgency=low + + * fixed #11642: wtmp written properly (thanks again to wakko) + + -- Paul Haggart Fri, 19 Sep 1997 08:01:57 -0400 + +ttysnoop (0.12c-5) unstable; urgency=low + + * fixed to work with libc6 utmp (bug #12531, fixed by my favourite cartoon + eating machine) + + -- Paul Haggart Fri, 12 Sep 1997 07:59:53 -0400 + +ttysnoop (0.12c-4) unstable; urgency=low + + * recompiled with libc6 + + -- Paul Haggart Mon, 26 May 1997 10:57:38 -0400 + +ttysnoop (0.12c-3) unstable; urgency=low + + * shadow password support added + + -- Paul Haggart Sun, 13 Apr 1997 21:10:02 -0400 + +ttysnoop (0.12c-2) unstable; urgency=low + + * added a few hints to /etc/snooptab on how to setup for getty, mgetty + and in.telnetd + * removed default behaviour of snooping on in.telnetd + + -- Paul Haggart Fri, 11 Apr 1997 08:02:53 -0400 + +ttysnoop (0.12c-1) unstable; urgency=low + + * initial release + + -- Paul Haggart Mon, 31 Mar 1997 01:10:54 -0500 + --- ttysnoop-0.12d.orig/debian/control +++ ttysnoop-0.12d/debian/control @@ -0,0 +1,13 @@ +Source: ttysnoop +Section: admin +Priority: optional +Maintainer: Alberto Gonzalez Iniesta +Standards-Version: 3.7.2.2 + +Package: ttysnoop +Architecture: any +Depends: ${shlibs:Depends} +Description: TTY Snoop - allows you to spy on telnet+serial connections + TTYSnoop allows you to snoop on login tty's through another tty-device or + pseudo-tty. The snoop-tty becomes a 'clone' of the original tty, + redirecting both input and output from/to it. --- ttysnoop-0.12d.orig/logwtmp.c +++ ttysnoop-0.12d/logwtmp.c @@ -0,0 +1,63 @@ +/* + * Copyright (c) 1988 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include + +#include "logwtmp.h" + +void +logwtmp(const char *line, const char *name, const char *host) +{ + struct utmp ut; + struct stat buf; + int fd; + + if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + ut.ut_pid = getpid(); + ut.ut_type = (name[0] != '\0')? USER_PROCESS : DEAD_PROCESS; + strncpy(ut.ut_id, "", 2); + strncpy(ut.ut_line, line, sizeof(ut.ut_line)); + strncpy(ut.ut_name, name, sizeof(ut.ut_name)); + strncpy(ut.ut_host, host, sizeof(ut.ut_host)); + time(&ut.ut_time); + if (write(fd, &ut, sizeof(struct utmp)) != sizeof(struct utmp)) + ftruncate(fd, buf.st_size); + } + close(fd); +} --- ttysnoop-0.12d.orig/logwtmp.h +++ ttysnoop-0.12d/logwtmp.h @@ -0,0 +1 @@ +void logwtmp(const char *_line, const char *name, const char *host); --- ttysnoop-0.12d.orig/Makefile +++ ttysnoop-0.12d/Makefile @@ -6,15 +6,15 @@ # Without shadow support -CCOPTS = -O2 -LIBS = -lcrypt # remove -lcrypt if your system doesn't have it +#CCOPTS = -O2 +#LIBS = -lcrypt # remove -lcrypt if your system doesn't have it # For shadow support -#CCOPTS = -O2 -DSHADOW_PWD -#LIBS = -lshadow +CCOPTS = -O2 -DSHADOW_PWD +LIBS = -lcrypt -SERVEROBJS = ttysnoops.o common.o +SERVEROBJS = ttysnoops.o common.o logwtmp.o CLIENTOBJS = ttysnoop.o common.o SERVERSRCS = ttysnoops.c CLIENTSRCS = ttysnoop.c @@ -37,6 +37,9 @@ common.o: common.c common.h $(CC) $(CCOPTS) -c -o common.o common.c +logwtmp.o: common.c common.h + $(CC) $(CCOPTS) -c -o logwtmp.o logwtmp.c + clean: rm -f *.o core ttysnoop ttysnoops