Группа :: Терминалы
Пакет: ttysnoop
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: ttysnoop_0.12d-3.diff
Скачать
Скачать
--- ttysnoop-0.12d.orig/snooptab.dist
+++ ttysnoop-0.12d/snooptab.dist
@@ -1,19 +1,29 @@
-#
# /etc/snooptab
#
+# these display directly on the specified tty.. no client necessary
+#
# tty snoopdev type execpgm
#
-ttyS1 /dev/tty7 login /bin/login
-ttyS2 /dev/tty8 login /bin/login
+#ttyS1 /dev/tty7 login /bin/login
+#ttyS2 /dev/tty8 login /bin/login
#
-# remember to inform your gettys on the above lines
-# that /etc/ttysnoops is the login program now
#
-# the 'socket' snoop-device is for use with the
-# ttysnoop client
-# (any tty not listed above will match the wildcard)
+# the 'socket' snoop-device is for use with the ttysnoop client (any tty not
+# listed above will match the wildcard)
#
* socket login /bin/login
#
-# remember to inform your telnetd that /etc/ttysnoops
-# is the login program now
+# remember to inform your incoming daemons that /usr/sbin/ttysnoops is
+# the login program
+#
+# example: (for /etc/inetd.conf)
+# telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd -L /usr/sbin/ttysnoops
+#
+# example /etc/inittab (using agetty):
+# s2:23:respawn:/sbin/getty 38400 ttyS2 vt100 -l /usr/sbin/ttysnoops
+#
+# or, if you're using mgetty: (/etc/mgetty/login.config) replace:
+# * - - /bin/login @
+# with:
+# * - - /usr/sbin/ttysnoops @
+
--- ttysnoop-0.12d.orig/ttysnoops.c
+++ ttysnoop-0.12d/ttysnoops.c
@@ -18,6 +18,7 @@
v0.12d 8-4-98 Carl Declerck - updated #includes a bit
*/
+#define _XOPEN_SOURCE /* ptsname() */
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
@@ -43,9 +44,10 @@
#endif
#include "config.h"
#include "common.h"
-
+#include "logwtmp.h"
#define BUFF_SIZE 256
+#define PASS_SIZE 256
char buff[BUFF_SIZE];
@@ -53,6 +55,7 @@
int pgmpid = -1, authpid = -1, servpid = -1;
int use_socket = 0, fdmax = 0, proctype = DEAD_PROCESS;
char snoopdev[32], ptynam[32], childproc[128], sockname[128];
+char *short_ptynam, *shorter_ptynam;
/* read a single line from a stream, ignoring all irrelevant stuff */
@@ -147,7 +150,17 @@
}
/* find & open a pty to be used by the pty-master */
+int open_unix98_master (char *ptyname)
+{
+ int fd = open("/dev/ptmx", O_RDWR);
+ char *name = "unknown";
+ if (fd >= 0)
+ name = ptsname(fd);
+ if (name)
+ strcpy(ptyname, name);
+ return fd;
+}
int find_ptyxx (char *ptyname)
{
int fd, i, j;
@@ -179,6 +192,20 @@
/* find & open a pty (tty) to be used by pty-client */
+int open_unix98_slave (int ptyfd)
+{
+ int fd;
+ char *name = ptsname(ptyfd);
+
+ grantpt(ptyfd);
+ unlockpt(ptyfd);
+
+ if ((fd = open(name, O_RDWR)) >= 0)
+ return fd;
+
+ close(ptyfd);
+ return -1;
+}
int find_ttyxx (char *ttyname, int ptyfd)
{
struct group *grp;
@@ -199,23 +226,36 @@
return (-1);
}
+void abbreviate_ptyname (char *name, char **shortname, char **shortername)
+{
+ *shortname = *shortername = name;
+ if (!name)
+ return;
+ if (strncmp(name, "/dev/", 5))
+ return;
+ *shortname = *shortername = name + 5;
+ if (!strncmp(name, "/dev/tty", 8))
+ *shortername = name + 8;
+ else if (!strncmp(name, "/dev/pts/", 9))
+ *shortername = name + 9;
+}
+
/* fork off the pty-client and redirect its stdin/out/err to the pty */
int fork_pty (int *ptyfd, char *ttynam)
{
struct termios term;
struct winsize twin;
- int ttyfd, pid;
- char name[32];
+ int ttyfd, pid, is_unix98 = 0;
tcgetattr (STDIN_FILENO, &term);
ioctl (STDIN_FILENO, TIOCGWINSZ, (char *) &twin);
- if ((*ptyfd = find_ptyxx(name)) < 0)
+ if ((*ptyfd = open_unix98_master(ttynam)) >= 0)
+ is_unix98 = 1;
+ else if ((*ptyfd = find_ptyxx(ttynam)) < 0)
errorf ("can't open pty\n");
- strcpy (ttynam, leafname(name));
-
if ((pid = fork()) < 0)
errorf ("can't fork\n");
@@ -223,8 +263,12 @@
{
if (setsid() < 0)
errorf ("setsid failed\n");
-
- if ((ttyfd = find_ttyxx(name, *ptyfd)) < 0)
+
+ if (is_unix98)
+ ttyfd = open_unix98_slave(*ptyfd);
+ else
+ ttyfd = find_ttyxx(ttynam, *ptyfd);
+ if (ttyfd < 0)
errorf ("can't open tty\n");
close (*ptyfd);
@@ -317,7 +361,7 @@
#endif
int ret = 0;
- char buff[16], *pwbuff;
+ char buff[PASS_SIZE], *pwbuff;
if ((authpid = fork()) == 0) /* authentication child */
{
@@ -374,6 +418,8 @@
*utmp.ut_user = 0;
pututline (&utmp);
endutent ();
+ /* fix wtmp. the above only fixes utmp. Fixed by wakko@ani.ml.org */
+ logwtmp(ptynam, "", "");
}
/* do a graceful closedown */
@@ -381,7 +427,7 @@
void closedown (void)
{
if (servpid == getpid()) /* only server must clear utmp entry */
- cleanup_utmp (ptynam);
+ cleanup_utmp (short_ptynam);
stty_orig ();
}
@@ -433,7 +479,7 @@
struct sockaddr_un serv_addr, cli_addr;
fd_set readset;
struct utmp utmp;
- int ptyfd, servfd, len, n, sel, susp = 0;
+ int ptyfd, servfd, len = sizeof(cli_addr), n, sel, susp = 0;
if (!isatty(STDIN_FILENO))
errorf ("stdin is not a tty\n");
@@ -452,14 +498,17 @@
/* fork off the client and load the new image */
- if ((pgmpid = fork_pty(&ptyfd, ptynam)) == 0) /* child */
+ if ((pgmpid = fork_pty(&ptyfd, ptynam)) < 0)
+ errorf ("cannot fork\n");
+ abbreviate_ptyname(ptynam, &short_ptynam, &shorter_ptynam);
+ if (pgmpid == 0) /* child */
{
/* should we update utmp to reflect the change to ttypX ? */
if (proctype == LOGIN_PROCESS)
{
- strncopy (utmp.ut_line, ptynam);
- strncopy (utmp.ut_id, ptynam + 3);
+ strncopy (utmp.ut_line, short_ptynam);
+ strncopy (utmp.ut_id, shorter_ptynam);
*utmp.ut_host = 0;
utmp.ut_addr = 0;
strncopy (utmp.ut_user, "LOGIN");
@@ -494,7 +543,7 @@
if ((servfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
errorf ("can't create server socket\n");
- sprintf (sockname, "%s/%s", SPOOLDIR, ptynam);
+ sprintf (sockname, "%s/%s", SPOOLDIR, shorter_ptynam);
unlink (sockname);
serv_addr.sun_family = AF_UNIX;
strncopy (serv_addr.sun_path, sockname);
--- ttysnoop-0.12d.orig/debian/README.debian
+++ ttysnoop-0.12d/debian/README.debian
@@ -0,0 +1,54 @@
+ttysnoop for debian
+-------------------
+
+First of all, for the impatient, there are a few setup hints in /etc/snooptab..
+check'em out.
+
+You can setup ttysnoop in a number of ways including:
+
+A virtual console
+-----------------
+
+Just edit /etc/inittab in your favorite text editor and modify any
+terminal line (X=number of the vt) from
+X:23:respawn:/sbin/getty 38400 ttyX
+to
+X:23:respawn:/sbin/getty 38400 ttyX -l /usr/sbin/ttysnoops
+
+Then have init re-read it running 'init q'
+
+A remote server (such as telnet)
+--------------------------------
+
+Modify your /etc/inetd.conf configuration file from
+telnet stream tcp nowait telnetd.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd
+to
+telnet stream tcp nowait root.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd -L /usr/sbin/ttysnoops
+
+And reload the 'inetd' server with '/etc/init.d/inetd reload'
+
+Notice that ttysnoops needs to run as 'root' or otherwise it won't work. Since
+it has not been thoroughly audited is not recommended to setup a network
+service using it (and giving it full priviledges) since it will probably
+not be a good idea.
+
+When users connect
+------------------
+
+To look at what users are doing you should use the program 'ttysnoop'.
+You will notice a number of files in the /var/spool/ttysnoop/ directory, like:
+ttyp0=
+ttyp1=
+
+These file are pseudo terminals you can hook ttysnoop to, just do
+'ttysnoop ttypX' enter the root password on request and you will
+be able to see what a user is typing and even write on his own terminal.
+
+NOTE: For obvious reasons the Debian package will not do any changes to your
+system's configuration by itself.
+
+-------------------
+Paul Haggart
+phaggart@debian.org
+Javier Fernandez-Sanguino
+jfs@debian.org
--- ttysnoop-0.12d.orig/debian/copyright
+++ ttysnoop-0.12d/debian/copyright
@@ -0,0 +1,35 @@
+This package was debianized by Paul Haggart <phaggart@debian.org> on
+Mon, 31 Mar 1997 01:10:54 -0500.
+
+It was downloaded from ftp.cc.gatech.edu
+
+Copyright:
+
+This software is distributed under the GNU GPL license, you can find
+a copy of it in your Debian system under /usr/share/common-licenses/
+
+There are no docs saying it explicitly, however the Debian maintainer
+-did- get an email back from the author clarifying the copyright.
+
+Date: Sun, 6 Apr 1997 11:58:59 +0100 (GMT+0100)
+From: Carl Declerck <carl@miskatonic.inbe.net>
+To: Paul Haggart <phaggart@cybertap.com>
+Subject: Re: ttysnoop copyright definition
+
+On Mon, 31 Mar 1997, Paul Haggart wrote:
+
+> I am packaging up your 'ttysnoop' program for use in debian linux systems.
+> Would it be possible for me to get a PGP signed message from you stating the
+> package's copyright? I couldn't find anything about the current status of
+> the program -anywhere- in the source tree.
+
+The copying & usage policy for ttysnoop is the standard GNU Public License.
+I know this is not in the current distribution archive (it will be in future
+ones), but there is an (old) entry for ttysnoop in the Linux Software Map
+stating this.
+
+Sorry, not PGP signed since I don't have PGP installed on this machine.
+
+Cheers, Carl.
+
+
--- ttysnoop-0.12d.orig/debian/dirs
+++ ttysnoop-0.12d/debian/dirs
@@ -0,0 +1,5 @@
+etc
+usr/sbin
+usr/share/man/man8
+usr/share/doc/ttysnoop
+var/spool/ttysnoop
--- ttysnoop-0.12d.orig/debian/conffiles
+++ ttysnoop-0.12d/debian/conffiles
@@ -0,0 +1 @@
+/etc/snooptab
--- ttysnoop-0.12d.orig/debian/rules
+++ ttysnoop-0.12d/debian/rules
@@ -0,0 +1,64 @@
+#!/usr/bin/make -f
+# Made with the aid of debmake, by Christoph Lameter,
+# based on the sample debian/rules file for GNU hello by Ian Jackson.
+
+package=ttysnoop
+
+build:
+ $(checkdir)
+ make CFLAGS="-O2 -g -Wall"
+ touch build
+
+clean:
+ $(checkdir)
+ -rm -f build
+ -make clean
+ -rm -f `find . -name "*~"`
+ -rm -rf debian/tmp debian/files* core debian/substvars
+
+binary-indep: checkroot build
+ $(checkdir)
+
+binary-arch: checkroot build
+ $(checkdir)
+ -rm -rf debian/tmp
+ install -d debian/tmp
+ cd debian/tmp && install -d `cat ../dirs`
+
+ install -s ttysnoop debian/tmp/usr/sbin
+ install -s ttysnoops debian/tmp/usr/sbin
+ install -m 0644 ttysnoop.8 debian/tmp/usr/share/man/man8
+ gzip -9 debian/tmp/usr/share/man/man8/ttysnoop.8
+ (cd debian/tmp/usr/share/man/man8; ln -s ttysnoop.8.gz ttysnoops.8.gz)
+ install -m 0644 snooptab.dist debian/tmp/etc/snooptab
+
+ install -m 0644 README debian/tmp/usr/share/doc/ttysnoop/
+ install -m 0644 debian/README.debian debian/tmp/usr/share/doc/ttysnoop/
+ install -m 0644 debian/copyright debian/tmp/usr/share/doc/ttysnoop/
+ install -m 0644 debian/changelog debian/tmp/usr/share/doc/ttysnoop/changelog.Debian
+ gzip -9 debian/tmp/usr/share/doc/ttysnoop/changelog.Debian
+
+ mkdir -p debian/tmp/DEBIAN
+ cp debian/conffiles debian/tmp/DEBIAN
+ dpkg-shlibdeps debian/tmp/usr/sbin/*
+ dpkg-gencontrol -isp
+ cd debian/tmp >/dev/null ;\
+ find * -type f ! -regex '^DEBIAN/.*' -print0 | xargs -r0 md5sum > DEBIAN/md5sums
+ pwd
+ chown -R root.root debian/tmp
+ chmod -R go=rX debian/tmp
+ dpkg --build debian/tmp ..
+
+define checkdir
+ test -f debian/rules
+endef
+
+# Below here is fairly generic really
+
+binary: binary-indep binary-arch
+
+checkroot:
+ $(checkdir)
+ test root = "`whoami`"
+
+.PHONY: binary binary-arch binary-indep clean checkroot
--- ttysnoop-0.12d.orig/debian/changelog
+++ ttysnoop-0.12d/debian/changelog
@@ -0,0 +1,103 @@
+ttysnoop (0.12d-3) unstable; urgency=low
+
+ * Patched ttysnoops.c to initialize 'len' var for accept() call.
+ Thanks Ken-ichirou MATSUZAWA for the patch.
+ * Bumped Standards-Version to 3.7.2.2, no change.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 22 Feb 2007 23:10:18 +0100
+
+ttysnoop (0.12d-2) unstable; urgency=low
+
+ * Applied patch to fix Unix98 PTYs. (Closes: #87371)
+ Big thanks to Peter Samuelson for the patch!
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 10 Nov 2005 18:43:26 +0100
+
+ttysnoop (0.12d-1) unstable; urgency=low
+
+ * New upstream release
+ * Changed maintainer email address
+ * Rewrote debian/rules and removed Build-Depends on debmake
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 25 Mar 2005 11:05:13 +0100
+
+ttysnoop (0.12c-8) unstable; urgency=low
+
+ * New maintainer. (Closes :#210892)
+ * Bumped Standards-Version to 3.6.1.0, no change.
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Sat, 20 Sep 2003 18:45:31 +0200
+
+ttysnoop (0.12c-7.2) unstable; urgency=low
+
+ * NMU, at request of previous NMU'er.
+ * Really add Build-Depends on debmake this time. Closes: #190609.
+
+ -- Daniel Schepler <schepler@debian.org> Sun, 24 Aug 2003 17:24:31 -0700
+
+ttysnoop (0.12c-7.1) unstable; urgency=low
+
+ * Non-Mainter-Upload
+ This package was getting quite rusty and bugs were easy to solve
+ anyhow so I'm going to spend a little time with it now that
+ the 0-day NMU is ok...
+ - Increased buffer for passwords to PASS_SIZE (set to 256 so
+ that's 255 chars for the password) (Closes: #122800, #122802)
+ - Added debmake to Build-Depends (Closes: #190609)
+ - Added GPL note to debian/copyright (Closes: #133506)
+ - Added more documentation on README.Debian which specifically
+ says that ttysnoop must run as root if going through inetd
+ (Closes: #97719)
+ - Fixed some lintians errors/warnings including the old emacs
+ note in debian/changelog and adding the '-isp' option to
+ dpkg-gencontrol to add Section and Priority information to the
+ control file.
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 20 Aug 2003 03:34:39 +0200
+
+ttysnoop (0.12c-7) unstable; urgency=low
+
+ * recompiled with glibc2.1
+ * updated standards version
+
+ -- Paul Haggart <phaggart@debian.org> Fri, 12 Nov 1999 09:38:32 -0500
+
+ttysnoop (0.12c-6) unstable; urgency=low
+
+ * fixed #11642: wtmp written properly (thanks again to wakko)
+
+ -- Paul Haggart <phaggart@debian.org> Fri, 19 Sep 1997 08:01:57 -0400
+
+ttysnoop (0.12c-5) unstable; urgency=low
+
+ * fixed to work with libc6 utmp (bug #12531, fixed by my favourite cartoon
+ eating machine)
+
+ -- Paul Haggart <phaggart@debian.org> Fri, 12 Sep 1997 07:59:53 -0400
+
+ttysnoop (0.12c-4) unstable; urgency=low
+
+ * recompiled with libc6
+
+ -- Paul Haggart <phaggart@debian.org> Mon, 26 May 1997 10:57:38 -0400
+
+ttysnoop (0.12c-3) unstable; urgency=low
+
+ * shadow password support added
+
+ -- Paul Haggart <phaggart@debian.org> Sun, 13 Apr 1997 21:10:02 -0400
+
+ttysnoop (0.12c-2) unstable; urgency=low
+
+ * added a few hints to /etc/snooptab on how to setup for getty, mgetty
+ and in.telnetd
+ * removed default behaviour of snooping on in.telnetd
+
+ -- Paul Haggart <phaggart@debian.org> Fri, 11 Apr 1997 08:02:53 -0400
+
+ttysnoop (0.12c-1) unstable; urgency=low
+
+ * initial release
+
+ -- Paul Haggart <phaggart@debian.org> Mon, 31 Mar 1997 01:10:54 -0500
+
--- ttysnoop-0.12d.orig/debian/control
+++ ttysnoop-0.12d/debian/control
@@ -0,0 +1,13 @@
+Source: ttysnoop
+Section: admin
+Priority: optional
+Maintainer: Alberto Gonzalez Iniesta <agi@inittab.org>
+Standards-Version: 3.7.2.2
+
+Package: ttysnoop
+Architecture: any
+Depends: ${shlibs:Depends}
+Description: TTY Snoop - allows you to spy on telnet+serial connections
+ TTYSnoop allows you to snoop on login tty's through another tty-device or
+ pseudo-tty. The snoop-tty becomes a 'clone' of the original tty,
+ redirecting both input and output from/to it.
--- ttysnoop-0.12d.orig/logwtmp.c
+++ ttysnoop-0.12d/logwtmp.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include <unistd.h>
+#include <utmp.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#include "logwtmp.h"
+
+void
+logwtmp(const char *line, const char *name, const char *host)
+{
+ struct utmp ut;
+ struct stat buf;
+ int fd;
+
+ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0)
+ return;
+ if (fstat(fd, &buf) == 0) {
+ ut.ut_pid = getpid();
+ ut.ut_type = (name[0] != '\0')? USER_PROCESS : DEAD_PROCESS;
+ strncpy(ut.ut_id, "", 2);
+ strncpy(ut.ut_line, line, sizeof(ut.ut_line));
+ strncpy(ut.ut_name, name, sizeof(ut.ut_name));
+ strncpy(ut.ut_host, host, sizeof(ut.ut_host));
+ time(&ut.ut_time);
+ if (write(fd, &ut, sizeof(struct utmp)) != sizeof(struct utmp))
+ ftruncate(fd, buf.st_size);
+ }
+ close(fd);
+}
--- ttysnoop-0.12d.orig/logwtmp.h
+++ ttysnoop-0.12d/logwtmp.h
@@ -0,0 +1 @@
+void logwtmp(const char *_line, const char *name, const char *host);
--- ttysnoop-0.12d.orig/Makefile
+++ ttysnoop-0.12d/Makefile
@@ -6,15 +6,15 @@
# Without shadow support
-CCOPTS = -O2
-LIBS = -lcrypt # remove -lcrypt if your system doesn't have it
+#CCOPTS = -O2
+#LIBS = -lcrypt # remove -lcrypt if your system doesn't have it
# For shadow support
-#CCOPTS = -O2 -DSHADOW_PWD
-#LIBS = -lshadow
+CCOPTS = -O2 -DSHADOW_PWD
+LIBS = -lcrypt
-SERVEROBJS = ttysnoops.o common.o
+SERVEROBJS = ttysnoops.o common.o logwtmp.o
CLIENTOBJS = ttysnoop.o common.o
SERVERSRCS = ttysnoops.c
CLIENTSRCS = ttysnoop.c
@@ -37,6 +37,9 @@
common.o: common.c common.h
$(CC) $(CCOPTS) -c -o common.o common.c
+logwtmp.o: common.c common.h
+ $(CC) $(CCOPTS) -c -o logwtmp.o logwtmp.c
+
clean:
rm -f *.o core ttysnoop ttysnoops