Thomas Touhey
:
Metadata at your fingertips! (finger)
More than one year ago, I’ve read an article about how someone hacked into DNS servers because they weren’t maintained anymore (link). In this post, the author mentions a protocol that almost disappeared, except on the computers he hacked into (which are old and unmaintained). That intrigued me, so I wanted to know a little more.
In the first edition of UNIX, published in 1971, in order to find out who was currently logged in and active, you would use who. However, if you wanted to know when someone you wanted to meet was available, last time he was seen, where they currently are, and so on, this program wasn’t very convenient.
To solve this problem, Les Earnest invented a program named “finger”, which
came with a protocol which has been standardized for the first time in 1977
in RFC 742 by Ken Harrenstien, and uses the tcp/79 port.
This RFC evolved a few times up to 1991 in RFC 1288 while the
protocol was progressively being abandoned.
Nowadays, under Manjaro Linux, the finger utility can be found in the
netkit-bsd-finger package. Very few Finger servers you can interact with
are available, but finger also allows to make local requests to get results
such as this one (with a customized .plan file):
Login: cake Name: Thomas Touhey
Directory: /home/cake Shell: /bin/zsh
Office: 0621612972, 016-943-9574
On since Mon Jan 8 13:17 (CET) on tty7 from :0
52 minutes 26 seconds idle
No mail.
Plan:
__ _ _
/ _(_)_ __ __ _ ___ _ __ __| |
| |_| | '_ \ / _` |/ _ \ '__/ _` |
| _| | | | | (_| | __/ | | (_| |
|_| |_|_| |_|\__, |\___|_| \__,_|
yet another |___/ finger daemon
Find out more about the project on
https://forge.touhey.org/fingerd.git
Here are the ways you can use the utility:
finger: requests a list of logged-in local users.finger user: requests details about local users havinguserin their name.finger @host: requests a list of logged-in users to thehosthost (some examples for hosts arelocalhostortouhey.fr);finger user@host: requests details about users havinguserin their name to thehosthost.finger <…>@hehe@host: requests fromhostto transmit a query to thehehehost (nowadays’ Finger servers will refuse to comply to that request).
These commands’ outputs, as for whois, have an irregular format as they were
thought to be read by humans from the start; in the case of a distant request,
the utility will directly show you the server’s output.
As a challenge, I started making a server a server implementing this protocol. I chose Python, my favourite scripting language, and run the fingerd project last year. I work on it at an irregular rate.
cake@68 :: fingerd/public » python -m fingerd &
Starting fingerd on [127.0.0.1]:3999.
Starting fingerd on [::1]:3999.
cake@68 :: fingerd/public » finger @localhost
[localhost]
[127.0.0.1] list connected users.
Site: TOUHEY.FR
Command line:
Login Name TTY Idle Login Time Office
john Johnny Boy ttyS2 =TODO= =TODO= Rob's office
cake@68 :: fingerd/public » kill -INT %1
Stopping fingerd on [::1]:3999.
Stopping fingerd on [127.0.0.1]:3999.
The project is still a work in progress, but I’ve already implemented the
protocol management (with the socketserver module), decomposed the problem
into several objects, which are the server itself, the interface with the
rest of the system which gets the user information, the displayer which
produces the output, and the logger which logs the requests.
The fact that I’ve done interfaces gave me an idea which is already made in part: I wanted to make a fiction interface, which allows you to script user creations, editions, deletions, logins, logouts, working directory and shell changes, and so on, in order to tell a story. The protocol wasn’t thought out to tell stories, but to organize meetings, so that would be like watching a theatre play though a keyhole. But why not?
Anyway, I’ll continue this project at the same irregular rate as today,
and who knows, one day, finger @touhey.fr might tell you something
interesting!
Version française