debian/0000755000000000000000000000000012163064506007171 5ustar debian/README.debian0000644000000000000000000000324412163044046011272 0ustar ttysnoop for debian ------------------- First of all, for the impatient, there are a few setup hints in /etc/snooptab.. check'em out. You can setup ttysnoop in a number of ways including: A virtual console ----------------- Just edit /etc/inittab in your favorite text editor and modify any terminal line (X=number of the vt) from X:23:respawn:/sbin/getty 38400 ttyX to X:23:respawn:/sbin/getty 38400 ttyX -l /usr/sbin/ttysnoops Then have init re-read it running 'init q' A remote server (such as telnet) -------------------------------- Modify your /etc/inetd.conf configuration file from telnet stream tcp nowait telnetd.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd to telnet stream tcp nowait root.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd -L /usr/sbin/ttysnoops And reload the 'inetd' server with '/etc/init.d/inetd reload' Notice that ttysnoops needs to run as 'root' or otherwise it won't work. Since it has not been thoroughly audited is not recommended to setup a network service using it (and giving it full privileges) since it will probably not be a good idea. When users connect ------------------ To look at what users are doing you should use the program 'ttysnoop'. You will notice a number of files in the /var/spool/ttysnoop/ directory, like: ttyp0= ttyp1= These file are pseudo terminals you can hook ttysnoop to, just do 'ttysnoop ttypX' enter the root password on request and you will be able to see what a user is typing and even write on his own terminal. NOTE: For obvious reasons the Debian package will not do any changes to your system's configuration by itself. ------------------- Paul Haggart phaggart@debian.org Javier Fernandez-Sanguino jfs@debian.org debian/NEWS0000644000000000000000000000106111661164420007664 0ustar ttysnoop (0.12d-5) unstable; urgency=low GNU/kFreeBSD now has working code, after a slight alteration to the old patch for UNIX98 PTY support. -- Mats Erik Andersson Thu, 17 Nov 2011 11:58:02 +0100 ttysnoop (0.12d-4) unstable; urgency=low Both executables "ttysnoops" and "ttysnoop" have been modified to require enhanced user privileges in order to be usable! Snooping on others should not be possible by the common man. -- Mats Erik Andersson Mon, 21 Jun 2010 20:00:37 +0200 debian/ttysnoop.docs0000644000000000000000000000000711404221373011731 0ustar README debian/ttysnoop.links0000644000000000000000000000007511404221373012126 0ustar usr/share/man/man8/ttysnoop.8 usr/share/man/man8/ttysnoops.8 debian/control0000644000000000000000000000122312163064275010575 0ustar Source: ttysnoop Section: admin Priority: optional Maintainer: Mats Erik Andersson Standards-Version: 3.9.4 Build-Depends: debhelper (>= 8) Vcs-Svn: svn://anonscm.debian.org/collab-maint/deb-maint/ttysnoop/trunk/ Vcs-Browser: http://anonscm.debian.org/viewvc/collab-maint/deb-maint/ttysnoop/trunk/ Package: ttysnoop Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: allows you to spy on telnet+serial connections TTYSnoop allows you to snoop on login tty's through another tty-device or pseudo-tty. The snoop-tty becomes a 'clone' of the original tty, redirecting both input and output from/to it. debian/copyright0000644000000000000000000000241511404221373011120 0ustar This package was debianized by Paul Haggart on Mon, 31 Mar 1997 01:10:54 -0500. It was downloaded from ftp.cc.gatech.edu Copyright 1994 - 1998 Carl Declerck This software is distributed under the GNU GPL license, you can find a copy of it in your Debian system under /usr/share/common-licenses/ There are no docs saying it explicitly, however the Debian maintainer -did- get an email back from the author clarifying the copyright. Date: Sun, 6 Apr 1997 11:58:59 +0100 (GMT+0100) From: Carl Declerck To: Paul Haggart Subject: Re: ttysnoop copyright definition On Mon, 31 Mar 1997, Paul Haggart wrote: > I am packaging up your 'ttysnoop' program for use in debian linux systems. > Would it be possible for me to get a PGP signed message from you stating the > package's copyright? I couldn't find anything about the current status of > the program -anywhere- in the source tree. The copying & usage policy for ttysnoop is the standard GNU Public License. I know this is not in the current distribution archive (it will be in future ones), but there is an (old) entry for ttysnoop in the Linux Software Map stating this. Sorry, not PGP signed since I don't have PGP installed on this machine. Cheers, Carl. debian/changelog0000644000000000000000000001345712163061033011045 0ustar ttysnoop (0.12d-6) unstable; urgency=low * Standards 3.9.4, no changes were needed. * Incomplete hardening. + debian/rules: Add CPPFLAGS for fortified hardening. + debian/patches/18_hardening.diff: New file. * [lintian] Update Vcs-* fields in control file. * [lintian] Trivial spelling in README.debian. -- Mats Erik Andersson Thu, 27 Jun 2013 18:02:25 +0200 ttysnoop (0.12d-5) unstable; urgency=low * Standards 3.9.2, compatibility 8. + debian/control: Build depends on "debhelper" (>= 8). + debian/compat: Updated. * debian/rules: Use "dpkg-buildflags" for CFLAGS and LDFLAGS. * Simplify time computation in compatibility mode: + debian/patches/10_compiler_warnings.diff: Simplified. * Adaption to GNU/kFreeBSD (Closes: #648549): + debian/patches/02_unix98_pty.diff: Updated file. + Refresh the patches 03_*, 10_*, and 14_*. + debian/NEWS: Mention this step. * Pedantic check of UNIX socket name lengths. + debian/patches/15_socket_name_length.diff: New file. * Incorrect registration of UTMP items (Closes: #648548) + debian/patches/16_corrupt_utmp_for_pts.diff: New file. * Code review for portability: + debian/patches/17_portability_and_qa.diff: New file. * [lintian] Overriding with explicit reasons: + Mis-spelled license name. + No home page exists. + debian/ttysnoop.lintian-overrides: New file. -- Mats Erik Andersson Fri, 25 Nov 2011 20:52:07 +0100 ttysnoop (0.12d-4) unstable; urgency=low * New maintainer. * Migration to format "3.0 (quilt)". * Standards 3.8.4, compatibility 7. + Build depends on debhelper (>= 7.0.50~). + Binary dependence enhanced with ${misc:Depends}. + Minor changes in 'debian/' caused by the upgrade. * debian/rules: Rewritten using support from 'dh'. * debian/control: Added stanzas Vcs-Svn and Vcs-Browser. * debian/NEWS: New file. * Separation of old patching applied to original source tree: + 01_from_package_0_12d_1.diff: New file. + 02_unix98_pty.diff: New file. + 03_address_length.diff: New file. * Some cleaning of upstream source: + 10_compiler_warnings.diff: New file. * Functionality repair and error message interaction: + debian/patches/12_tailor_makefile.diff: New file. + debian/patches/13_predictable_client.diff: New file. + debian/patches/14_predictable_server.diff: New file. -- Mats Erik Andersson Mon, 21 Jun 2010 20:01:34 +0200 ttysnoop (0.12d-3) unstable; urgency=low * Patched ttysnoops.c to initialize 'len' var for accept() call. Thanks Ken-ichirou MATSUZAWA for the patch. * Bumped Standards-Version to 3.7.2.2, no change. -- Alberto Gonzalez Iniesta Thu, 22 Feb 2007 23:10:18 +0100 ttysnoop (0.12d-2) unstable; urgency=low * Applied patch to fix Unix98 PTYs. (Closes: #87371) Big thanks to Peter Samuelson for the patch! -- Alberto Gonzalez Iniesta Thu, 10 Nov 2005 18:43:26 +0100 ttysnoop (0.12d-1) unstable; urgency=low * New upstream release * Changed maintainer email address * Rewrote debian/rules and removed Build-Depends on debmake -- Alberto Gonzalez Iniesta Fri, 25 Mar 2005 11:05:13 +0100 ttysnoop (0.12c-8) unstable; urgency=low * New maintainer. (Closes :#210892) * Bumped Standards-Version to 3.6.1.0, no change. -- Alberto Gonzalez Iniesta Sat, 20 Sep 2003 18:45:31 +0200 ttysnoop (0.12c-7.2) unstable; urgency=low * NMU, at request of previous NMU'er. * Really add Build-Depends on debmake this time. Closes: #190609. -- Daniel Schepler Sun, 24 Aug 2003 17:24:31 -0700 ttysnoop (0.12c-7.1) unstable; urgency=low * Non-Mainter-Upload This package was getting quite rusty and bugs were easy to solve anyhow so I'm going to spend a little time with it now that the 0-day NMU is ok... - Increased buffer for passwords to PASS_SIZE (set to 256 so that's 255 chars for the password) (Closes: #122800, #122802) - Added debmake to Build-Depends (Closes: #190609) - Added GPL note to debian/copyright (Closes: #133506) - Added more documentation on README.Debian which specifically says that ttysnoop must run as root if going through inetd (Closes: #97719) - Fixed some lintians errors/warnings including the old emacs note in debian/changelog and adding the '-isp' option to dpkg-gencontrol to add Section and Priority information to the control file. -- Javier Fernandez-Sanguino Pen~a Wed, 20 Aug 2003 03:34:39 +0200 ttysnoop (0.12c-7) unstable; urgency=low * recompiled with glibc2.1 * updated standards version -- Paul Haggart Fri, 12 Nov 1999 09:38:32 -0500 ttysnoop (0.12c-6) unstable; urgency=low * fixed #11642: wtmp written properly (thanks again to wakko) -- Paul Haggart Fri, 19 Sep 1997 08:01:57 -0400 ttysnoop (0.12c-5) unstable; urgency=low * fixed to work with libc6 utmp (bug #12531, fixed by my favourite cartoon eating machine) -- Paul Haggart Fri, 12 Sep 1997 07:59:53 -0400 ttysnoop (0.12c-4) unstable; urgency=low * recompiled with libc6 -- Paul Haggart Mon, 26 May 1997 10:57:38 -0400 ttysnoop (0.12c-3) unstable; urgency=low * shadow password support added -- Paul Haggart Sun, 13 Apr 1997 21:10:02 -0400 ttysnoop (0.12c-2) unstable; urgency=low * added a few hints to /etc/snooptab on how to setup for getty, mgetty and in.telnetd * removed default behaviour of snooping on in.telnetd -- Paul Haggart Fri, 11 Apr 1997 08:02:53 -0400 ttysnoop (0.12c-1) unstable; urgency=low * initial release -- Paul Haggart Mon, 31 Mar 1997 01:10:54 -0500 debian/compat0000644000000000000000000000000211657022127010367 0ustar 8 debian/watch0000644000000000000000000000013211404221373010210 0ustar #version=3 # # The location used to be at http://ftp.cc.gatech.edu//, but is now extinct. debian/ttysnoop.manpages0000644000000000000000000000001311404221373012571 0ustar ttysnoop.8 debian/patches/0000755000000000000000000000000012163064506010620 5ustar debian/patches/12_tailor_makefile.diff0000644000000000000000000000422711660550275015114 0ustar Description: Minor changes to improve on previous adaptions. Correct a mistaken target dependency. . Let additional compiler flags influence the build process. . Minor errors in the manual page. . A compiler attribute. Author: Mats Erik Andersson Forwarded: not-needed Last-Update: 2010-06-21 --- ttysnoop-0.12d/Makefile.debian +++ ttysnoop-0.12d/Makefile @@ -11,7 +11,7 @@ # For shadow support -CCOPTS = -O2 -DSHADOW_PWD +CCOPTS = -O2 -DSHADOW_PWD $(CFLAGS) LIBS = -lcrypt SERVEROBJS = ttysnoops.o common.o logwtmp.o @@ -37,7 +37,7 @@ common.o: common.c common.h $(CC) $(CCOPTS) -c -o common.o common.c -logwtmp.o: common.c common.h +logwtmp.o: logwtmp.c common.h $(CC) $(CCOPTS) -c -o logwtmp.o logwtmp.c clean: --- ttysnoop-0.12d.debian/ttysnoop.8 +++ ttysnoop-0.12d/ttysnoop.8 @@ -8,7 +8,7 @@ .Nm ttysnoop .Op Ar pty .Nm ttysnoops -.Op Ar loginname +. .Sh DESCRIPTION The .Nm ttysnoop @@ -24,9 +24,11 @@ to find out which tty's should be cloned fixed) device, or through a dynamically allocated pseudo-tty (pty). This is also specified in the .Nm /etc/snooptab -file. To connect to the pty, the +file. To connect to the pty, the client .Nm ttysnoop -client should be used. +should be used. The available pseudo terminals \fIpty\fR are present as +sockets in the directory \fI/var/spool/ttysnoop/\fR. +. .Ss Format of /etc/snooptab The .Nm /etc/snooptab @@ -51,7 +53,7 @@ latter is used to tell that the snoop-device will be a dynamically allocated pty. .Pa type specifies the type of program that should be run, currently recognized -types are "init", "user" and "login" altough the former two aren't really +types are "init", "user" and "login" although the former two aren't really needed. Finally, .Pa program is the full pathname to the program to run when --- ttysnoop-0.12d.debian/common.h +++ ttysnoop-0.12d/common.h @@ -5,7 +5,7 @@ #define max(x,y) ((x) > (y) ? (x) : (y)) #define strncopy(x,y) strncpy (x, y, sizeof(x)) -void errorf (char *fmt, ...); +void errorf (char *fmt, ...) __attribute__ ((noreturn)); int fdprintf (int fd, char *fmt, ...); char *leafname (char *path); void stty_initstore (void); debian/patches/03_address_length.diff0000644000000000000000000000073411657062303014746 0ustar Description: Properly initialize address length in accept socket. Author: Ken-ichirou MATSUZAWA Forwarded: no Last-Update: 2007-02-22 --- ttysnoop-0.12d/ttysnoops.c +++ ttysnoop-0.12d/ttysnoops.c @@ -484,7 +484,7 @@ struct sockaddr_un serv_addr, cli_addr; fd_set readset; struct utmp utmp; - int ptyfd, servfd, len, n, sel, susp = 0; + int ptyfd, servfd, len = sizeof(cli_addr), n, sel, susp = 0; if (!isatty(STDIN_FILENO)) errorf ("stdin is not a tty\n"); debian/patches/series0000644000000000000000000000042412163047327012037 0ustar 01_from_package_0_12d_1.diff 02_unix98_pty.diff 03_address_length.diff 10_compiler_warnings.diff 12_tailor_makefile.diff 13_predictable_client.diff 14_predictable_server.diff 15_socket_name_length.diff 16_corrupt_utmp_for_pts.diff 17_portability_and_qa.diff 18_hardening.diff debian/patches/17_portability_and_qa.diff0000644000000000000000000000744011663766072015646 0ustar Description: Improve portability to achieve better QA Relax as far as possible any coding that disturbs building in other unices. Target GNU/OpenSolaris as a first step. . Legacy coding for UTMP remains at the time being. . It is hoped that the measures undertaken is this patch set will improve the quality of this software, by successively identifying the corner cases. Author: Mats Erik Andersson Forwarded: no Last-Update: 11-11-25 diff -Naurp ttysnoop-0.12d.debian/logwtmp.c ttysnoop-0.12d/logwtmp.c --- ttysnoop-0.12d.debian/logwtmp.c +++ ttysnoop-0.12d/logwtmp.c @@ -47,15 +47,18 @@ logwtmp(const char *line, const char *na struct stat buf; int fd; - if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0) + if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) return; if (fstat(fd, &buf) == 0) { + memset(&ut, 0, sizeof(ut)); ut.ut_pid = getpid(); ut.ut_type = (name[0] != '\0')? USER_PROCESS : DEAD_PROCESS; strncpy(ut.ut_id, "", 2); strncpy(ut.ut_line, line, sizeof(ut.ut_line)); strncpy(ut.ut_name, name, sizeof(ut.ut_name)); +#if __GLIBC__ strncpy(ut.ut_host, host, sizeof(ut.ut_host)); +#endif ut.ut_time = time(NULL); if (write(fd, &ut, sizeof(struct utmp)) != sizeof(struct utmp)) diff -Naurp ttysnoop-0.12d.debian/Makefile ttysnoop-0.12d/Makefile --- ttysnoop-0.12d.debian/Makefile +++ ttysnoop-0.12d/Makefile @@ -4,6 +4,11 @@ CC = gcc +OS = $(shell uname -s) + +PREFIX ?= /usr/sbin +MANPREFIX ?= /usr/share/man + # Without shadow support #CCOPTS = -O2 @@ -14,12 +19,21 @@ CC = gcc CCOPTS = -O2 -DSHADOW_PWD $(CFLAGS) LIBS = -lcrypt -SERVEROBJS = ttysnoops.o common.o logwtmp.o +SERVEROBJS = ttysnoops.o common.o CLIENTOBJS = ttysnoop.o common.o SERVERSRCS = ttysnoops.c CLIENTSRCS = ttysnoop.c INCLUDES = config.h common.h +ifeq "$(OS)" "SunOS" + # At least for GNU/OpenSolaris + LIBS += -lsocket + SERVEROBJS += logwtmp.o +else + # Hoping for Glibc + LIBS += -lutil +endif + all: ttysnoops ttysnoop ttysnoops: $(SERVEROBJS) @@ -44,8 +58,7 @@ clean: rm -f *.o core ttysnoop ttysnoops install: - install -s ttysnoop /sbin - install -s ttysnoops /sbin - install -m 644 ttysnoop.8 /usr/man/man8/ + install -s ttysnoop $(DESTDIR)$(PREFIX)/ + install -s ttysnoops $(DESTDIR)$(PREFIX)/ + install -m 644 ttysnoop.8 $(DESTDIR)$(MANPREFIX)/man8/ @echo ... copy snooptab.dist to /etc/snooptab and edit it ... - diff -Naurp ttysnoop-0.12d.debian/ttysnoops.c ttysnoop-0.12d/ttysnoops.c --- ttysnoop-0.12d.debian/ttysnoops.c +++ ttysnoop-0.12d/ttysnoops.c @@ -18,14 +18,18 @@ v0.12d 8-4-98 Carl Declerck - updated #includes a bit */ -#define _XOPEN_SOURCE 600 /* ptsname(), posix_openpt() */ -#define _BSD_SOURCE /* SUN_LEN from */ +#ifndef __sun__ +# define _XOPEN_SOURCE 600 /* ptsname(), posix_openpt() */ +# define _BSD_SOURCE /* SUN_LEN from */ +#else /* __sun__ */ +# define __EXTENSIONS__ +#endif #include #include #include #include -#include +#include #include #include #include @@ -48,7 +52,9 @@ #endif #include "config.h" #include "common.h" -#include "logwtmp.h" +#ifndef __GLIBC__ +# include "logwtmp.h" +#endif #define BUFF_SIZE 256 #define PASS_SIZE 256 @@ -540,10 +546,9 @@ int main (int argc, char *argv[]) if (proctype == LOGIN_PROCESS) { + memset (&utmp, 0, sizeof(utmp)); strncopy (utmp.ut_line, short_ptynam); strncopy (utmp.ut_id, shorter_ptynam); - *utmp.ut_host = 0; - utmp.ut_addr = 0; strncopy (utmp.ut_user, "LOGIN"); utmp.ut_pid = getpid(); utmp.ut_type = proctype; debian/patches/13_predictable_client.diff0000644000000000000000000000616611407714177015610 0ustar Description: Predictable behaviour of client program. Better error recovery and exeption handling. . Ignore the SIGPIPE trigger. . Give priority to reading the device being snooped at, only then reading from standard input. Author: Mats Erik Andersson Forwarded: no Last-Update: 2010-06-21 --- ttysnoop-0.12d.debian/ttysnoop.c +++ ttysnoop-0.12d/ttysnoop.c @@ -25,6 +25,7 @@ #include #include #include +#include #include "config.h" #include "common.h" @@ -33,6 +34,11 @@ char buff[BUFF_SIZE]; +void message (void) +{ + printf ("\r\nBack at local tty.\r\n"); +} + int main (int argc, char *argv[]) { fd_set readset; @@ -40,24 +46,30 @@ int main (int argc, char *argv[]) int sockfd, fdmax, quit = 0, n; char sockname[128]; + if (geteuid()) + errorf("Insufficient privileges.\n"); + if (argc < 2) errorf ("Usage: ttysnoop \n"); /* create the client socket */ if ((sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) - errorf ("can't create client socket\n"); + errorf ("Cannot create client socket.\n"); - sprintf (sockname, "%s/%s", SPOOLDIR, argv[1]); + snprintf (sockname, sizeof(sockname), "%s/%s", SPOOLDIR, argv[1]); + memset (&sock_addr, '\0', sizeof(sock_addr)); sock_addr.sun_family = AF_UNIX; strncopy (sock_addr.sun_path, sockname); + if (connect(sockfd, (struct sockaddr *) &sock_addr, sizeof(sock_addr)) < 0) - errorf ("can't connect to server\n"); + errorf ("Cannot connect to server. Is it really a valid socket?\n"); /* put stdin into raw mode */ stty_initstore (); atexit (stty_orig); + atexit (message); if (isatty(STDIN_FILENO)) stty_raw (STDIN_FILENO); @@ -67,32 +79,52 @@ int main (int argc, char *argv[]) /* do our thing */ + signal(SIGPIPE, SIG_IGN); + FD_ZERO (&readset); + while (!quit) { - FD_ZERO (&readset); + int ret; + FD_SET (STDIN_FILENO, &readset); FD_SET (sockfd, &readset); - select (fdmax + 1, &readset, NULL, NULL, NULL); - - if (FD_ISSET(STDIN_FILENO, &readset)) - { - n = read(STDIN_FILENO, buff, BUFF_SIZE); + if ( (ret = select (fdmax + 1, &readset, NULL, NULL, NULL)) < 0 ) { + if ( errno == EINTR ) + continue; - if (write(sockfd, buff, n) < 0) - quit = 1; + break; /* Cannot recover. */ } + /* Give precedence to the end point where we snoop. */ if (FD_ISSET(sockfd, &readset)) { - if ((n = read(sockfd, buff, BUFF_SIZE)) < 1) - quit = 1; + if ((n = read(sockfd, buff, BUFF_SIZE)) <= 0) { + if ( (n < 0) && (errno == EINTR) ) + continue; + if ( n == 0 ) + break; /* EOF on socket. */ + quit = 1; /* Will soon exit! */ + } if (n > 0) write (STDOUT_FILENO, buff, n); } + + if (FD_ISSET(STDIN_FILENO, &readset)) + { + n = read(STDIN_FILENO, buff, BUFF_SIZE); + if ( n == 0 ) { + /* The observer has left. Close down! */ + shutdown(sockfd, SHUT_WR); + FD_CLR(STDIN_FILENO, &readset); + quit = 1; + } + + if ( ( n > 0 ) && ( write(sockfd, buff, n) < 0 ) ) + quit = 1; /* The terminal service has already closed down. */ + } } - printf ("\r\nBack at local tty.\r\n"); return 0; } debian/patches/10_compiler_warnings.diff0000644000000000000000000000776311663700660015513 0ustar Description: Cleaning of compiler warnings and minor observations. A handful missing prototypes need suitable header files. . Neglected va_end(). . Missing return values. . Differing time representation length for 64 bits systems is overcome by a direct assignment, instead of passing a pointer in time(). . Separation of assignment and test when executing a switch in suspend state. This improves code readability. Author: Mats Erik Andersson Forwarded: no Last-Update: 2011-11-25 --- ttysnoop-0.12d/common.c.debian 1994-09-07 14:32:37.000000000 +0200 +++ ttysnoop-0.12d/common.c 2010-05-10 19:48:44.000000000 +0200 @@ -7,6 +7,8 @@ #include #include #include +#include +#include #include "common.h" @@ -21,6 +23,7 @@ void errorf (char *fmt, ...) va_start (args, fmt); vfprintf (stderr, fmt, args); + va_end (args); exit (1); } @@ -32,6 +35,7 @@ int fdprintf (int fd, char *fmt, ...) va_start (args, fmt); r = vsprintf(str, fmt, args); + va_end (args); write (fd, str, r); return (r); --- ttysnoop-0.12d/logwtmp.c.debian 2011-11-25 12:32:05.000000000 +0100 +++ ttysnoop-0.12d/logwtmp.c 2011-11-25 12:39:49.000000000 +0100 @@ -33,6 +33,7 @@ #include #include +#include #include #include #include @@ -55,7 +56,8 @@ logwtmp(const char *line, const char *na strncpy(ut.ut_line, line, sizeof(ut.ut_line)); strncpy(ut.ut_name, name, sizeof(ut.ut_name)); strncpy(ut.ut_host, host, sizeof(ut.ut_host)); - time(&ut.ut_time); + ut.ut_time = time(NULL); + if (write(fd, &ut, sizeof(struct utmp)) != sizeof(struct utmp)) ftruncate(fd, buf.st_size); } --- ttysnoop-0.12d/ttysnoop.c.debian 1998-04-08 20:29:28.000000000 +0200 +++ ttysnoop-0.12d/ttysnoop.c 2010-05-10 20:21:42.000000000 +0200 @@ -94,4 +94,5 @@ int main (int argc, char *argv[]) } printf ("\r\nBack at local tty.\r\n"); + return 0; } --- ttysnoop-0.12d/ttysnoops.c.debian 2010-05-10 17:17:53.000000000 +0200 +++ ttysnoop-0.12d/ttysnoops.c 2010-05-10 20:43:16.000000000 +0200 @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -33,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -147,6 +149,7 @@ int process_snooptab (void) fclose (f); errorf ("no entry for %s in %s\n", tty, SNOOPTAB); + return (0); /* Is still ignored. */ } /* find & open a pty to be used by the pty-master */ @@ -343,7 +346,8 @@ int inputs (char *buff, int max, FILE *f break; default : - if (b >= 32 && b < 127) + if ((b >= 32) && (b < 127)) + { if ((l = strlen(buff)) < max) { buff[l] = b; @@ -351,6 +355,7 @@ int inputs (char *buff, int max, FILE *f } else beep (); + } } } @@ -366,7 +371,7 @@ void authenticate (int fd) #endif int ret = 0; - char buff[PASS_SIZE], *pwbuff; + char buff[PASS_SIZE]; if ((authpid = fork()) == 0) /* authentication child */ { @@ -484,7 +489,8 @@ int main (int argc, char *argv[]) struct sockaddr_un serv_addr, cli_addr; fd_set readset; struct utmp utmp; - int ptyfd, servfd, len = sizeof(cli_addr), n, sel, susp = 0; + int ptyfd, servfd = -1, n, sel, susp = 0; + socklen_t len = sizeof(cli_addr); if (!isatty(STDIN_FILENO)) errorf ("stdin is not a tty\n"); @@ -615,7 +621,9 @@ int main (int argc, char *argv[]) } else if ((*buff == SUSP_CHAR) && (n == 1) && use_socket) { - if (susp = !susp) + susp = ~susp; /* Complement state now, instead of inside the if-clause. + * This reads better. */ + if (susp) fdprintf (snoopfd, "\r\nSnoop suspended. %s (ASCII %d) to resume.\r\n", SC_STRING, SUSP_CHAR); else debian/patches/16_corrupt_utmp_for_pts.diff0000644000000000000000000000250311661205764016264 0ustar Description: Use distinct UTMP identity. The original code implemented an incorrect abbreviation of pseudo terminal names in the PTY name space. This corrupts the UTMP_FILE of GNU/Linux systems. Author: Mats Erik Andersson Bug-Debian: http://bugs.debian.org/648548 Forwarded: no Last-Update: 11-11-17 diff -Naurp ttysnoop-0.12d.debian/ttysnoops.c ttysnoop-0.12d/ttysnoops.c --- ttysnoop-0.12d.debian/ttysnoops.c +++ ttysnoop-0.12d/ttysnoops.c @@ -246,8 +246,8 @@ void abbreviate_ptyname (char *name, cha *shortname = *shortername = name + 5; if (!strncmp(name, "/dev/tty", 8)) *shortername = name + 8; - else if (!strncmp(name, "/dev/pts/", 9)) - *shortername = name + 9; + else if (!strncmp(name, "/dev/pts", 8)) + *shortername = name + 8; } /* fork off the pty-client and redirect its stdin/out/err to the pty */ @@ -576,7 +576,10 @@ int main (int argc, char *argv[]) if ((servfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) errorf ("Cannot create server socket.\n"); - sprintf (sockname, "%s/%s", SPOOLDIR, shorter_ptynam); + /* Ignore an initial slash in PTS identity. */ + sprintf (sockname, "%s/%s", SPOOLDIR, + (*shorter_ptynam == '/') ? shorter_ptynam + 1 + : shorter_ptynam); unlink (sockname); memset(&serv_addr, '\0', sizeof(serv_addr)); serv_addr.sun_family = AF_UNIX; debian/patches/14_predictable_server.diff0000644000000000000000000000673611657063156015645 0ustar Description: Predictable behaviour of server. Deny executaion without sufficient priviliges. . Closing of sockets as the client user is leaving. This sets an otherwise blocking connection free again, ready to receive new login attempts. . Removal of the extinct UNIX socket from '/var/spool/ttysnoop/' . Minor health checks. Author: Mats Erik Andersson Forwarded: no Last-Update: 2010-06-21 --- ttysnoop-0.12d.debian/ttysnoops.c +++ ttysnoop-0.12d/ttysnoops.c @@ -422,6 +422,9 @@ void cleanup_utmp (char ptynam[]) { struct utmp utmp; + if (ptynam == NULL) + return; + setutent (); strcpy (utmp.ut_line, ptynam); utmp = *(getutline(&utmp)); @@ -439,6 +442,16 @@ void closedown (void) if (servpid == getpid()) /* only server must clear utmp entry */ cleanup_utmp (short_ptynam); stty_orig (); + if (snoopfd >= 0) { + tcflush (snoopfd, TCIOFLUSH); + close (snoopfd); + } + if (authfd >= 0) { + tcflush (authfd, TCIOFLUSH); + close (authfd); + } + if ( *sockname && (servpid == getpid()) ) + unlink (sockname); } /* signal handlers */ @@ -452,6 +465,7 @@ void sighup (int sig) void sigpipe (int sig) { sig = sig; + close (snoopfd); snoopfd = -1; signal (SIGPIPE, sigpipe); @@ -464,7 +478,7 @@ void sigchld (int sig) if ((pid = wait(&status)) == authpid) { - if (((status >> 8) & 0xff) == 1) + if (WEXITSTATUS(status) == 1) { snoopfd = authfd; fdmax = max(fdmax, snoopfd); @@ -492,6 +506,9 @@ int main (int argc, char *argv[]) int ptyfd, servfd = -1, n, sel, susp = 0; socklen_t len = sizeof(cli_addr); + if ( geteuid() ) + errorf("Insufficient privileges for execution.\n"); + if (!isatty(STDIN_FILENO)) errorf ("stdin is not a tty\n"); @@ -505,13 +522,16 @@ int main (int argc, char *argv[]) stty_initstore (); process_snooptab (); openlog ("ttysnoops", LOG_PID, LOG_AUTH); + atexit (closedown); /* fork off the client and load the new image */ if ((pgmpid = fork_pty(&ptyfd, ptynam)) < 0) errorf ("cannot fork\n"); + abbreviate_ptyname(ptynam, &short_ptynam, &shorter_ptynam); + if (pgmpid == 0) /* child */ { /* should we update utmp to reflect the change to ttypX ? */ @@ -552,10 +572,11 @@ int main (int argc, char *argv[]) /* create the main server socket */ if ((servfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) - errorf ("can't create server socket\n"); + errorf ("Cannot create server socket.\n"); sprintf (sockname, "%s/%s", SPOOLDIR, shorter_ptynam); unlink (sockname); + memset(&serv_addr, '\0', sizeof(serv_addr)); serv_addr.sun_family = AF_UNIX; strncopy (serv_addr.sun_path, sockname); if (bind(servfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) @@ -572,6 +593,9 @@ int main (int argc, char *argv[]) { /* open snoop-device and put it into raw mode */ + if (snoopdev == NULL) + errorf ("No valid snoop device could be established.\n"); + if ((snoopfd = open(snoopdev, O_RDWR)) < 0) errorf ("can't open snoop device %s\n", snoopdev); @@ -597,11 +621,11 @@ int main (int argc, char *argv[]) else if (use_socket && authfd == -1) FD_SET (servfd, &readset); - sel = select(fdmax + 1, &readset, NULL, NULL, NULL); + sel = select (fdmax + 1, &readset, NULL, NULL, NULL); } while (sel == -1 && errno == EINTR); if (sel == -1 && errno != EINTR) - errorf ("select failed. errno = %d\n", errno); + errorf ("select failed, errno = %d: %s\n", errno, strerror(errno)); if (FD_ISSET(STDIN_FILENO, &readset)) { debian/patches/15_socket_name_length.diff0000644000000000000000000000400411657063677015625 0ustar Description: Better protection of UNIX socket names. Ensure that a NUL character is always present in the socket name. Use SUN_LEN to calculate name lengths for optimal portability. Author: Mats Erik Andersson Last-Update: 2011-11-11 diff -Naurp ttysnoop-0.12d.debian/ttysnoop.c ttysnoop-0.12d/ttysnoop.c --- ttysnoop-0.12d.debian/ttysnoop.c +++ ttysnoop-0.12d/ttysnoop.c @@ -10,6 +10,8 @@ v0.12 6-9-94 "" - see ttysnoops.c */ +#define _BSD_SOURCE /* SUN_LEN from */ + #include #include #include @@ -60,9 +62,9 @@ int main (int argc, char *argv[]) snprintf (sockname, sizeof(sockname), "%s/%s", SPOOLDIR, argv[1]); memset (&sock_addr, '\0', sizeof(sock_addr)); sock_addr.sun_family = AF_UNIX; - strncopy (sock_addr.sun_path, sockname); + strncpy (sock_addr.sun_path, sockname, sizeof(sock_addr.sun_path) - 1); - if (connect(sockfd, (struct sockaddr *) &sock_addr, sizeof(sock_addr)) < 0) + if (connect(sockfd, (struct sockaddr *) &sock_addr, SUN_LEN(&sock_addr)) < 0) errorf ("Cannot connect to server. Is it really a valid socket?\n"); /* put stdin into raw mode */ diff -Naurp ttysnoop-0.12d.debian/ttysnoops.c ttysnoop-0.12d/ttysnoops.c --- ttysnoop-0.12d.debian/ttysnoops.c +++ ttysnoop-0.12d/ttysnoops.c @@ -19,6 +19,8 @@ */ #define _XOPEN_SOURCE 600 /* ptsname(), posix_openpt() */ +#define _BSD_SOURCE /* SUN_LEN from */ + #include #include #include @@ -578,8 +580,8 @@ int main (int argc, char *argv[]) unlink (sockname); memset(&serv_addr, '\0', sizeof(serv_addr)); serv_addr.sun_family = AF_UNIX; - strncopy (serv_addr.sun_path, sockname); - if (bind(servfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) + strncpy (serv_addr.sun_path, sockname, sizeof(serv_addr.sun_path) - 1); + if (bind(servfd, (struct sockaddr *) &serv_addr, SUN_LEN(&serv_addr)) < 0) errorf ("can't bind server socket (%s)\n", sockname); if (listen(servfd, 5) < 0) debian/patches/18_hardening.diff0000644000000000000000000000272612163053310013717 0ustar Description: Improve hardening. The existing makefile does not make use of CPPFLAGS and LDFLAGS. Thus hardened builds are never successful. Add these two flags. . Add checks on return values from chown() and chmod() in source `ttysnoops.c', failing if either one is unsuccessful. Author: Mats Erik Andersson Forwarded: no Last-Update: 2013-06-27 --- ttysnoop-0.12d.debian2/Makefile +++ ttysnoop-0.12d/Makefile @@ -16,7 +16,7 @@ MANPREFIX ?= /usr/share/man # For shadow support -CCOPTS = -O2 -DSHADOW_PWD $(CFLAGS) +CCOPTS = -O2 -DSHADOW_PWD $(CPPFLAGS) $(CFLAGS) LIBS = -lcrypt SERVEROBJS = ttysnoops.o common.o @@ -37,10 +37,10 @@ endif all: ttysnoops ttysnoop ttysnoops: $(SERVEROBJS) - $(CC) $(SERVEROBJS) -o ttysnoops $(LIBS) + $(CC) $(LDFLAGS) $(SERVEROBJS) -o ttysnoops $(LIBS) ttysnoop: $(CLIENTOBJS) - $(CC) $(CLIENTOBJS) -o ttysnoop $(LIBS) + $(CC) $(LDFLAGS) $(CLIENTOBJS) -o ttysnoop $(LIBS) ttysnoops.o: $(SERVERSRCS) $(INCLUDES) $(CC) $(CCOPTS) -c -o ttysnoops.o $(SERVERSRCS) --- ttysnoop-0.12d.debian2/ttysnoops.c +++ ttysnoop-0.12d/ttysnoops.c @@ -232,8 +232,13 @@ else gid = -1; - chown (ttyname, getuid(), gid); - chmod (ttyname, S_IRUSR | S_IWUSR | S_IWGRP); + /* Abort on failure to set owner or access mode. */ + if (chown (ttyname, getuid(), gid) + || chmod (ttyname, S_IRUSR | S_IWUSR | S_IWGRP)) + { + close (ptyfd); + return (-1); + } if ((fd = open(ttyname, O_RDWR)) >= 0) return (fd); debian/patches/02_unix98_pty.diff0000644000000000000000000001045611657062102014016 0ustar Description: Implement support for UNIX98 pty's. Author: Peter Samuelson X-Closes: #87371 X-Original: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=ttysnoop_unix98.diff;att=1;bug=87371 Forwarded: unknown Last-Update: 2011-11-11 --- ttysnoop-0.12d.debian/ttysnoops.c +++ ttysnoop-0.12d/ttysnoops.c @@ -18,6 +18,7 @@ v0.12d 8-4-98 Carl Declerck - updated #includes a bit */ +#define _XOPEN_SOURCE 600 /* ptsname(), posix_openpt() */ #include #include #include @@ -54,6 +55,7 @@ int snoopfd = -1, authfd = -1; int pgmpid = -1, authpid = -1, servpid = -1; int use_socket = 0, fdmax = 0, proctype = DEAD_PROCESS; char snoopdev[32], ptynam[32], childproc[128], sockname[128]; +char *short_ptynam, *shorter_ptynam; /* read a single line from a stream, ignoring all irrelevant stuff */ @@ -148,7 +150,17 @@ int process_snooptab (void) } /* find & open a pty to be used by the pty-master */ +int open_unix98_master (char *ptyname) +{ + int fd = posix_openpt(O_RDWR); + char *name = "unknown"; + if (fd >= 0) + name = ptsname(fd); + if (name) + strcpy(ptyname, name); + return fd; +} int find_ptyxx (char *ptyname) { int fd, i, j; @@ -180,6 +192,25 @@ int find_ptyxx (char *ptyname) /* find & open a pty (tty) to be used by pty-client */ +int open_unix98_slave (int ptyfd) +{ + int fd; + char *name = ptsname(ptyfd); + + grantpt(ptyfd); + unlockpt(ptyfd); + + if ((fd = open(name, O_RDWR)) >= 0) + { +#ifdef TIOCSCTTY /* GNU/kFreeBSD */ + (void) ioctl(fd, TIOCSCTTY, 0); +#endif + return fd; + } + + close(ptyfd); + return -1; +} int find_ttyxx (char *ttyname, int ptyfd) { struct group *grp; @@ -200,23 +231,36 @@ int find_ttyxx (char *ttyname, int ptyfd return (-1); } +void abbreviate_ptyname (char *name, char **shortname, char **shortername) +{ + *shortname = *shortername = name; + if (!name) + return; + if (strncmp(name, "/dev/", 5)) + return; + *shortname = *shortername = name + 5; + if (!strncmp(name, "/dev/tty", 8)) + *shortername = name + 8; + else if (!strncmp(name, "/dev/pts/", 9)) + *shortername = name + 9; +} + /* fork off the pty-client and redirect its stdin/out/err to the pty */ int fork_pty (int *ptyfd, char *ttynam) { struct termios term; struct winsize twin; - int ttyfd, pid; - char name[32]; + int ttyfd, pid, is_unix98 = 0; tcgetattr (STDIN_FILENO, &term); ioctl (STDIN_FILENO, TIOCGWINSZ, (char *) &twin); - if ((*ptyfd = find_ptyxx(name)) < 0) + if ((*ptyfd = open_unix98_master(ttynam)) >= 0) + is_unix98 = 1; + else if ((*ptyfd = find_ptyxx(ttynam)) < 0) errorf ("can't open pty\n"); - strcpy (ttynam, leafname(name)); - if ((pid = fork()) < 0) errorf ("can't fork\n"); @@ -224,8 +268,12 @@ int fork_pty (int *ptyfd, char *ttynam) { if (setsid() < 0) errorf ("setsid failed\n"); - - if ((ttyfd = find_ttyxx(name, *ptyfd)) < 0) + + if (is_unix98) + ttyfd = open_unix98_slave(*ptyfd); + else + ttyfd = find_ttyxx(ttynam, *ptyfd); + if (ttyfd < 0) errorf ("can't open tty\n"); close (*ptyfd); @@ -384,7 +432,7 @@ void cleanup_utmp (char ptynam[]) void closedown (void) { if (servpid == getpid()) /* only server must clear utmp entry */ - cleanup_utmp (ptynam); + cleanup_utmp (short_ptynam); stty_orig (); } @@ -455,14 +503,17 @@ int main (int argc, char *argv[]) /* fork off the client and load the new image */ - if ((pgmpid = fork_pty(&ptyfd, ptynam)) == 0) /* child */ + if ((pgmpid = fork_pty(&ptyfd, ptynam)) < 0) + errorf ("cannot fork\n"); + abbreviate_ptyname(ptynam, &short_ptynam, &shorter_ptynam); + if (pgmpid == 0) /* child */ { /* should we update utmp to reflect the change to ttypX ? */ if (proctype == LOGIN_PROCESS) { - strncopy (utmp.ut_line, ptynam); - strncopy (utmp.ut_id, ptynam + 3); + strncopy (utmp.ut_line, short_ptynam); + strncopy (utmp.ut_id, shorter_ptynam); *utmp.ut_host = 0; utmp.ut_addr = 0; strncopy (utmp.ut_user, "LOGIN"); @@ -497,7 +548,7 @@ int main (int argc, char *argv[]) if ((servfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) errorf ("can't create server socket\n"); - sprintf (sockname, "%s/%s", SPOOLDIR, ptynam); + sprintf (sockname, "%s/%s", SPOOLDIR, shorter_ptynam); unlink (sockname); serv_addr.sun_family = AF_UNIX; strncopy (serv_addr.sun_path, sockname); debian/patches/01_from_package_0_12d_1.diff0000644000000000000000000001361411660550266015506 0ustar Description: Debian specific patches to ttysnoop-0.12d. Recovered from ttysnoop_0.12d-1.diff.gz. Author: Alberto Gonzalez Iniesta Javier Fernandez-Sanguino Pen~a Paul Haggart Forwarded: unknown Last-Update: 2005-03-25 --- ttysnoop-0.12d.orig/snooptab.dist +++ ttysnoop-0.12d/snooptab.dist @@ -1,19 +1,29 @@ -# # /etc/snooptab # +# these display directly on the specified tty.. no client necessary +# # tty snoopdev type execpgm # -ttyS1 /dev/tty7 login /bin/login -ttyS2 /dev/tty8 login /bin/login +#ttyS1 /dev/tty7 login /bin/login +#ttyS2 /dev/tty8 login /bin/login # -# remember to inform your gettys on the above lines -# that /etc/ttysnoops is the login program now # -# the 'socket' snoop-device is for use with the -# ttysnoop client -# (any tty not listed above will match the wildcard) +# the 'socket' snoop-device is for use with the ttysnoop client (any tty not +# listed above will match the wildcard) # * socket login /bin/login # -# remember to inform your telnetd that /etc/ttysnoops -# is the login program now +# remember to inform your incoming daemons that /usr/sbin/ttysnoops is +# the login program +# +# example: (for /etc/inetd.conf) +# telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd -L /usr/sbin/ttysnoops +# +# example /etc/inittab (using agetty): +# s2:23:respawn:/sbin/getty 38400 ttyS2 vt100 -l /usr/sbin/ttysnoops +# +# or, if you're using mgetty: (/etc/mgetty/login.config) replace: +# * - - /bin/login @ +# with: +# * - - /usr/sbin/ttysnoops @ + --- ttysnoop-0.12d.orig/ttysnoops.c +++ ttysnoop-0.12d/ttysnoops.c @@ -43,9 +43,10 @@ #endif #include "config.h" #include "common.h" - +#include "logwtmp.h" #define BUFF_SIZE 256 +#define PASS_SIZE 256 char buff[BUFF_SIZE]; @@ -317,7 +318,7 @@ #endif int ret = 0; - char buff[16], *pwbuff; + char buff[PASS_SIZE], *pwbuff; if ((authpid = fork()) == 0) /* authentication child */ { @@ -374,6 +375,8 @@ *utmp.ut_user = 0; pututline (&utmp); endutent (); + /* fix wtmp. the above only fixes utmp. Fixed by wakko@ani.ml.org */ + logwtmp(ptynam, "", ""); } /* do a graceful closedown */ --- ttysnoop-0.12d.orig/logwtmp.c +++ ttysnoop-0.12d/logwtmp.c @@ -0,0 +1,63 @@ +/* + * Copyright (c) 1988 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include + +#include "logwtmp.h" + +void +logwtmp(const char *line, const char *name, const char *host) +{ + struct utmp ut; + struct stat buf; + int fd; + + if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (fstat(fd, &buf) == 0) { + ut.ut_pid = getpid(); + ut.ut_type = (name[0] != '\0')? USER_PROCESS : DEAD_PROCESS; + strncpy(ut.ut_id, "", 2); + strncpy(ut.ut_line, line, sizeof(ut.ut_line)); + strncpy(ut.ut_name, name, sizeof(ut.ut_name)); + strncpy(ut.ut_host, host, sizeof(ut.ut_host)); + time(&ut.ut_time); + if (write(fd, &ut, sizeof(struct utmp)) != sizeof(struct utmp)) + ftruncate(fd, buf.st_size); + } + close(fd); +} --- ttysnoop-0.12d.orig/logwtmp.h +++ ttysnoop-0.12d/logwtmp.h @@ -0,0 +1 @@ +void logwtmp(const char *_line, const char *name, const char *host); --- ttysnoop-0.12d.orig/Makefile +++ ttysnoop-0.12d/Makefile @@ -6,15 +6,15 @@ # Without shadow support -CCOPTS = -O2 -LIBS = -lcrypt # remove -lcrypt if your system doesn't have it +#CCOPTS = -O2 +#LIBS = -lcrypt # remove -lcrypt if your system doesn't have it # For shadow support -#CCOPTS = -O2 -DSHADOW_PWD -#LIBS = -lshadow +CCOPTS = -O2 -DSHADOW_PWD +LIBS = -lcrypt -SERVEROBJS = ttysnoops.o common.o +SERVEROBJS = ttysnoops.o common.o logwtmp.o CLIENTOBJS = ttysnoop.o common.o SERVERSRCS = ttysnoops.c CLIENTSRCS = ttysnoop.c @@ -37,6 +37,9 @@ common.o: common.c common.h $(CC) $(CCOPTS) -c -o common.o common.c +logwtmp.o: common.c common.h + $(CC) $(CCOPTS) -c -o logwtmp.o logwtmp.c + clean: rm -f *.o core ttysnoop ttysnoops debian/ttysnoop.lintian-overrides0000644000000000000000000000053711663770731014465 0ustar # The license can only be found in an email from Carl Declerck, # a message which contains the very same form "GNU Public License". # A change to that text would nullify authenticity. ttysnoop: spelling-error-in-copyright GNU Public License GNU General Public License # The software is extinct and abandoned; no home page! ttysnoop: no-homepage-field debian/rules0000755000000000000000000000100712163044512010242 0ustar #!/usr/bin/make -f CPPFLAGS ?= $(shell dpkg-buildflags --get CPPFLAGS) CFLAGS ?= -Wall $(shell dpkg-buildflags --get CFLAGS) LDFLAGS ?= $(shell dpkg-buildflags --get LDFLAGS) export CPPFLAGS CFLAGS LDFLAGS DESTDIR = debian/ttysnoop %: dh $@ override_dh_auto_install: mkdir -p $(DESTDIR)/usr/sbin install ttysnoop $(DESTDIR)/usr/sbin/ install ttysnoops $(DESTDIR)/usr/sbin/ mkdir -p $(DESTDIR)/etc install -m 644 snooptab.dist $(DESTDIR)/etc/snooptab override_dh_install: dh_installchangelogs README dh $@ debian/ttysnoop.dirs0000644000000000000000000000002311404221373011740 0ustar var/spool/ttysnoop debian/source/0000755000000000000000000000000012163064506010471 5ustar debian/source/format0000644000000000000000000000001411404221373011671 0ustar 3.0 (quilt)