Metadata at your fingertips! (finger)
More than one year ago, I’ve read an article about how someone hacked into DNS servers because they weren’t maintained anymore (link). In this post, the author mentions a protocol that almost disappeared, except on the computers he hacked into (which are old and unmaintained). That intrigued me, so I wanted to know a little more.
In the first edition of UNIX, published in 1971, in order to find out who was currently logged in and active, you would use who. However, if you wanted to know when someone you wanted to meet was available, last time he was seen, where they currently are, and so on, this program wasn’t very convenient.
To solve this problem, Les Earnest invented a program named “finger”, which
came with a protocol which has been standardized for the first time in 1977
in RFC 742 by Ken Harrenstien, and uses the
This RFC evolved a few times up to 1991 in RFC 1288 while the
protocol was progressively being abandoned.
Nowadays, under Manjaro Linux, the
finger utility can be found in the
netkit-bsd-finger package. Very few Finger servers you can interact with
are available, but
finger also allows to make local requests to get results
such as this one (with a customized
Login: cake Name: Thomas Touhey Directory: /home/cake Shell: /bin/zsh Office: 0621612972, 016-943-9574 On since Mon Jan 8 13:17 (CET) on tty7 from :0 52 minutes 26 seconds idle No mail. Plan: __ _ _ / _(_)_ __ __ _ ___ _ __ __| | | |_| | '_ \ / _` |/ _ \ '__/ _` | | _| | | | | (_| | __/ | | (_| | |_| |_|_| |_|\__, |\___|_| \__,_| yet another |___/ finger daemon Find out more about the project on https://forge.touhey.org/fingerd.git
Here are the ways you can use the utility:
finger: requests a list of logged-in local users.
finger user: requests details about local users having
userin their name.
finger @host: requests a list of logged-in users to the
hosthost (some examples for hosts are
finger user@host: requests details about users having
userin their name to the
finger <…>@hehe@host: requests from
hostto transmit a query to the
hehehost (nowadays’ Finger servers will refuse to comply to that request).
These commands’ outputs, as for
whois, have an irregular format as they were
thought to be read by humans from the start; in the case of a distant request,
the utility will directly show you the server’s output.
As a challenge, I started making a server a server implementing this protocol. I chose Python, my favourite scripting language, and run the fingerd project last year. I work on it at an irregular rate.
cake@68 :: fingerd/public » python -m fingerd & Starting fingerd on [127.0.0.1]:3999. Starting fingerd on [::1]:3999. cake@68 :: fingerd/public » finger @localhost [localhost] [127.0.0.1] list connected users. Site: TOUHEY.FR Command line: Login Name TTY Idle Login Time Office john Johnny Boy ttyS2 =TODO= =TODO= Rob's office cake@68 :: fingerd/public » kill -INT %1 Stopping fingerd on [::1]:3999. Stopping fingerd on [127.0.0.1]:3999.
The project is still a work in progress, but I’ve already implemented the
protocol management (with the
socketserver module), decomposed the problem
into several objects, which are the server itself, the interface with the
rest of the system which gets the user information, the displayer which
produces the output, and the logger which logs the requests.
The fact that I’ve done interfaces gave me an idea which is already made in part: I wanted to make a fiction interface, which allows you to script user creations, editions, deletions, logins, logouts, working directory and shell changes, and so on, in order to tell a story. The protocol wasn’t thought out to tell stories, but to organize meetings, so that would be like watching a theatre play though a keyhole. But why not?
Anyway, I’ll continue this project at the same irregular rate as today,
and who knows, one day,
finger @touhey.fr might tell you something