1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
package finger
import (
"bufio"
"errors"
"io"
"net/url"
"strings"
"tildegit.org/tjp/sliderule/internal/types"
)
// ForwardingDenied is returned in response to requests for forwarding service.
var ForwardingDenied = errors.New("Finger forwarding service denied.")
// ParseRequest builds a sliderule.Request by reading a finger protocol request.
//
// At the time of writing, there is no firm standard on how to represent finger
// queries as URLs (the finger protocol itself predates URLs entirely), but there
// are a few helpful resources to go from.
// - The lynx browser supports finger URLs and documents the forms they may take:
// https://lynx.invisible-island.net/lynx_help/lynx_url_support.html#finger_url
// - There is an IETF draft:
// https://datatracker.ietf.org/doc/html/draft-ietf-uri-url-finger
//
// As this function builds a *sliderule.Request (which is mostly a wrapper around a URL)
// from nothing but an io.Reader, it doesn't have the context of the hostname which
// the receiving server was hosting. So it only has the host component if it
// arrived in the body of the query in the form username@hostname. Bear in mind that
// in sliderule handlers, request objects will also carry a reference to the server so
// that hostname is always available as request.Server.Hostname().
//
// The primary deviation from the IETF draft is that a query-specified host becomes
// the Host section of the URL, rather than remaining in the Path. Where the IETF draft
// would consider a query of "tjp@ctrl-c.club\r\n" to be "finger:/tjp@ctrl-c.club", this
// function will parse it into "finger://ctrl-c.club/tjp". This decision to separate the
// query-specified host from the username is intended to make it easier to avoid
// inadvertently acting as a jump host for example with:
// `exec.Command("/usr/bin/finger", request.Path[1:])`.
//
// Consistent with the IETF draft, the /W whois switch is dropped and not represented
// in the URL at all.
//
// In accordance with the recommendation of RFC 1288 section 3.2.1
// (https://datatracker.ietf.org/doc/html/rfc1288#section-3.2.1), any queries which
// include a jump-host (user@host1@host2) are rejected with the ForwardingDenied error.
func ParseRequest(rdr io.Reader) (*types.Request, error) {
line, err := bufio.NewReader(rdr).ReadString('\n')
if err != nil {
return nil, err
}
line = strings.TrimRight(line, " \t\r\n")
line = strings.TrimLeft(line, " \t")
line = strings.TrimPrefix(line, "/W")
line = strings.TrimLeft(line, " \t")
username, hostname, _ := strings.Cut(line, "@")
if strings.Contains(hostname, "@") {
return nil, ForwardingDenied
}
return &types.Request{URL: &url.URL{
Scheme: "finger",
Host: hostname,
Path: "/" + username,
OmitHost: true, //nolint:typecheck
// (for some reason typecheck on drone-ci doesn't realize OmitHost is a field in url.URL)
}}, nil
}
|
