Difference between revisions of "RFC1288"
imported>Admin (Created page with " Network Working Group D. Zimmerman Request for Comments: 1288 Center for Discrete Mathematics and Obsoletes: RFCs 1196, 1...") |
|||
Line 1: | Line 1: | ||
− | |||
Line 9: | Line 8: | ||
Obsoletes: RFCs 1196, 1194, 742 Theoretical Computer Science | Obsoletes: RFCs 1196, 1194, 742 Theoretical Computer Science | ||
December 1991 | December 1991 | ||
− | |||
The Finger User Information Protocol | The Finger User Information Protocol | ||
− | |||
Status of this Memo | Status of this Memo | ||
− | |||
This memo defines a protocol for the exchange of user information. | This memo defines a protocol for the exchange of user information. | ||
This RFC specifies an IAB standards track protocol for the Internet | This RFC specifies an IAB standards track protocol for the Internet | ||
Line 21: | Line 17: | ||
Standards" for the standardization state and status of this protocol. | Standards" for the standardization state and status of this protocol. | ||
Distribution of this memo is unlimited. | Distribution of this memo is unlimited. | ||
− | |||
Abstract | Abstract | ||
− | |||
This memo describes the Finger user information protocol. This is a | This memo describes the Finger user information protocol. This is a | ||
simple protocol which provides an interface to a remote user | simple protocol which provides an interface to a remote user | ||
information program. | information program. | ||
− | + | Based on RFC 742, a description of the original Finger protocol, this | |
− | Based on | ||
memo attempts to clarify the expected communication between the two | memo attempts to clarify the expected communication between the two | ||
ends of a Finger connection. It also tries not to invalidate the | ends of a Finger connection. It also tries not to invalidate the | ||
many existing implementations or add unnecessary restrictions to the | many existing implementations or add unnecessary restrictions to the | ||
original protocol definition. | original protocol definition. | ||
− | + | This edition corrects and clarifies RFC 1196. | |
− | This edition corrects and clarifies | ||
− | |||
Table of Contents | Table of Contents | ||
− | |||
1. Introduction ........................................... 2 | 1. Introduction ........................................... 2 | ||
1.1. Intent ............................................... 2 | 1.1. Intent ............................................... 2 | ||
Line 53: | Line 43: | ||
2.5.3. {U} ambiguity ...................................... 7 | 2.5.3. {U} ambiguity ...................................... 7 | ||
2.5.4. /W query token ..................................... 7 | 2.5.4. /W query token ..................................... 7 | ||
+ | |||
+ | |||
Line 78: | Line 70: | ||
6. Security Considerations ................................ 12 | 6. Security Considerations ................................ 12 | ||
7. Author's Address ....................................... 12 | 7. Author's Address ....................................... 12 | ||
− | + | == Introduction == | |
− | == Introduction == | + | 1.1. Intent |
− | |||
− | |||
− | |||
This memo describes the Finger user information protocol. This is a | This memo describes the Finger user information protocol. This is a | ||
simple protocol which provides an interface to a remote user | simple protocol which provides an interface to a remote user | ||
information program (RUIP). | information program (RUIP). | ||
− | + | Based on RFC 742, a description of the original Finger protocol, this | |
− | Based on | ||
memo attempts to clarify the expected communication between the two | memo attempts to clarify the expected communication between the two | ||
ends of a Finger connection. It also tries not to invalidate the | ends of a Finger connection. It also tries not to invalidate the | ||
many current implementations or add unnecessary restrictions to the | many current implementations or add unnecessary restrictions to the | ||
original protocol definition. | original protocol definition. | ||
− | |||
The most prevalent implementations of Finger today seem to be | The most prevalent implementations of Finger today seem to be | ||
primarily derived from the BSD UNIX work at the University of | primarily derived from the BSD UNIX work at the University of | ||
California, Berkeley. Thus, this memo is based around the BSD | California, Berkeley. Thus, this memo is based around the BSD | ||
version's behavior. | version's behavior. | ||
− | |||
However, the BSD version provides few options to tailor the Finger | However, the BSD version provides few options to tailor the Finger | ||
RUIP for a particular site's security policy, or to protect the user | RUIP for a particular site's security policy, or to protect the user | ||
Line 111: | Line 97: | ||
− | |||
+ | |||
+ | 1.2. History | ||
The FINGER program at SAIL, written by Les Earnest, was the | The FINGER program at SAIL, written by Les Earnest, was the | ||
inspiration for the NAME program on ITS. Earl Killian at MIT and | inspiration for the NAME program on ITS. Earl Killian at MIT and | ||
Brian Harvey at SAIL were jointly responsible for implementing the | Brian Harvey at SAIL were jointly responsible for implementing the | ||
original protocol. | original protocol. | ||
− | + | Ken Harrenstien is the author of RFC 742, "Name/Finger", which this | |
− | Ken Harrenstien is the author of | ||
memo began life as. | memo began life as. | ||
− | + | 1.3. Requirements | |
− | |||
− | |||
In this document, the words that are used to define the significance | In this document, the words that are used to define the significance | ||
of each particular requirement are capitalized. These words are: | of each particular requirement are capitalized. These words are: | ||
− | |||
* "MUST" | * "MUST" | ||
− | |||
This word or the adjective "REQUIRED" means that the item is an | This word or the adjective "REQUIRED" means that the item is an | ||
absolute requirement of the specification. | absolute requirement of the specification. | ||
− | |||
* "SHOULD" | * "SHOULD" | ||
− | |||
This word or the adjective "RECOMMENDED" means that there may | This word or the adjective "RECOMMENDED" means that there may | ||
exist valid reasons in particular circumstances to ignore this | exist valid reasons in particular circumstances to ignore this | ||
item, but the full implications should be understood and the case | item, but the full implications should be understood and the case | ||
carefully weighed before choosing a different course. | carefully weighed before choosing a different course. | ||
− | |||
* "MAY" | * "MAY" | ||
− | |||
This word or the adjective "OPTIONAL" means that this item is | This word or the adjective "OPTIONAL" means that this item is | ||
truly optional. One vendor may choose to include the item because | truly optional. One vendor may choose to include the item because | ||
a particular marketplace requires it or because it enhances the | a particular marketplace requires it or because it enhances the | ||
product, for example; another vendor may omit the same item. | product, for example; another vendor may omit the same item. | ||
− | |||
An implementation is not compliant if it fails to satisfy one or more | An implementation is not compliant if it fails to satisfy one or more | ||
of the MUST requirements. An implementation that satisfies all the | of the MUST requirements. An implementation that satisfies all the | ||
Line 150: | Line 127: | ||
compliant"; one that satisfies all the MUST requirements but not all | compliant"; one that satisfies all the MUST requirements but not all | ||
the SHOULD requirements is said to be "conditionally compliant". | the SHOULD requirements is said to be "conditionally compliant". | ||
− | + | 1.4. Updates | |
− | + | The differences of note between RFC 1196 and this memo are: | |
− | |||
− | The differences of note between | ||
− | |||
o the optional /W switch in the Finger query specification was | o the optional /W switch in the Finger query specification was | ||
mistakenly placed at the end of the line. The 4.3BSD Finger | mistakenly placed at the end of the line. The 4.3BSD Finger | ||
specifies it at the beginning, where this memo now also puts | specifies it at the beginning, where this memo now also puts | ||
it. | it. | ||
+ | |||
+ | |||
Line 167: | Line 143: | ||
treatment of blank space. This memo is more exacting by | treatment of blank space. This memo is more exacting by | ||
including an explicit token for it. | including an explicit token for it. | ||
− | |||
o The flow of events in a Finger connection is now better | o The flow of events in a Finger connection is now better | ||
defined on the topic of the close of the Finger connection. | defined on the topic of the close of the Finger connection. | ||
− | + | == Use of the protocol == | |
− | == Use of the protocol == | + | 2.1. Flow of events |
− | |||
− | |||
− | |||
Finger is based on the Transmission Control Protocol, using TCP port | Finger is based on the Transmission Control Protocol, using TCP port | ||
79 decimal (117 octal). The local host opens a TCP connection to a | 79 decimal (117 octal). The local host opens a TCP connection to a | ||
Line 184: | Line 156: | ||
of the connection. The local host receives the answer and the close | of the connection. The local host receives the answer and the close | ||
signal, then proceeds closing its end of the connection. | signal, then proceeds closing its end of the connection. | ||
− | + | 2.2. Data format | |
− | |||
− | |||
Any data transferred MUST be in ASCII format, with no parity, and | Any data transferred MUST be in ASCII format, with no parity, and | ||
with lines ending in CRLF (ASCII 13 followed by ASCII 10). This | with lines ending in CRLF (ASCII 13 followed by ASCII 10). This | ||
Line 192: | Line 162: | ||
means that any characters between ASCII 128 and ASCII 255 should | means that any characters between ASCII 128 and ASCII 255 should | ||
truly be international data, not 7-bit ASCII with the parity bit set. | truly be international data, not 7-bit ASCII with the parity bit set. | ||
− | + | 2.3. Query specifications | |
− | |||
− | |||
An RUIP MUST accept the entire Finger query specification. | An RUIP MUST accept the entire Finger query specification. | ||
− | |||
The Finger query specification is defined: | The Finger query specification is defined: | ||
− | |||
{Q1} ::= [{W}|{W}{S}{U}]{C} | {Q1} ::= [{W}|{W}{S}{U}]{C} | ||
− | |||
{Q2} ::= [{W}{S}][{U}]{H}{C} | {Q2} ::= [{W}{S}][{U}]{H}{C} | ||
− | |||
{U} ::= username | {U} ::= username | ||
− | |||
{H} ::= @hostname | @hostname{H} | {H} ::= @hostname | @hostname{H} | ||
− | |||
{W} ::= /W | {W} ::= /W | ||
+ | {S} ::= <SP> | <SP>{S} | ||
+ | {C} ::= <CRLF> | ||
− | |||
− | |||
Line 221: | Line 183: | ||
request specification, the number of @hostname tokens is limited to | request specification, the number of @hostname tokens is limited to | ||
two, simply for brevity. | two, simply for brevity. | ||
− | |||
Be aware that {Q1} and {Q2} do not refer to a user typing "finger | Be aware that {Q1} and {Q2} do not refer to a user typing "finger | ||
user@host" from an operating system prompt. It refers to the line | user@host" from an operating system prompt. It refers to the line | ||
Line 227: | Line 188: | ||
user@host<CRLF>", the RUIP on the remote host receives "user<CRLF>", | user@host<CRLF>", the RUIP on the remote host receives "user<CRLF>", | ||
which corresponds to {Q1}. | which corresponds to {Q1}. | ||
− | |||
As with anything in the IP protocol suite, "be liberal in what you | As with anything in the IP protocol suite, "be liberal in what you | ||
accept". | accept". | ||
− | + | 2.4. RUIP {Q2} behavior | |
− | |||
− | |||
A query of {Q2} is a request to forward a query to another RUIP. An | A query of {Q2} is a request to forward a query to another RUIP. An | ||
RUIP MUST either provide or actively refuse this forwarding service | RUIP MUST either provide or actively refuse this forwarding service | ||
(see section 3.2.1). If an RUIP provides this service, it MUST | (see section 3.2.1). If an RUIP provides this service, it MUST | ||
conform to the following behavior: | conform to the following behavior: | ||
− | |||
Given that: | Given that: | ||
− | |||
Host <H1> opens a Finger connection <F1-2> to an RUIP on host | Host <H1> opens a Finger connection <F1-2> to an RUIP on host | ||
<H2>. | <H2>. | ||
− | |||
<H1> gives the <H2> RUIP a query <Q1-2> of type {Q2} | <H1> gives the <H2> RUIP a query <Q1-2> of type {Q2} | ||
(e.g., FOO@HOST1@HOST2). | (e.g., FOO@HOST1@HOST2). | ||
− | |||
It should be derived that: | It should be derived that: | ||
− | |||
Host <H3> is the right-most host in <Q1-2> (i.e., HOST2) | Host <H3> is the right-most host in <Q1-2> (i.e., HOST2) | ||
− | |||
Query <Q2-3> is the remainder of <Q1-2> after removing the | Query <Q2-3> is the remainder of <Q1-2> after removing the | ||
right-most "@hostname" token in the query (i.e., FOO@HOST1) | right-most "@hostname" token in the query (i.e., FOO@HOST1) | ||
− | |||
And so: | And so: | ||
− | |||
The <H2> RUIP then must itself open a Finger connection <F2-3> | The <H2> RUIP then must itself open a Finger connection <F2-3> | ||
to <H3>, using <Q2-3>. | to <H3>, using <Q2-3>. | ||
− | |||
The <H2> RUIP must return any information received from <F2-3> | The <H2> RUIP must return any information received from <F2-3> | ||
to <H1> via <F1-2>. | to <H1> via <F1-2>. | ||
− | |||
The <H2> RUIP must close <F1-2> in normal circumstances only | The <H2> RUIP must close <F1-2> in normal circumstances only | ||
when the <H3> RUIP closes <F2-3>. | when the <H3> RUIP closes <F2-3>. | ||
Line 270: | Line 218: | ||
− | |||
+ | |||
+ | 2.5. Expected RUIP response | ||
For the most part, the output of an RUIP doesn't follow a strict | For the most part, the output of an RUIP doesn't follow a strict | ||
specification, since it is designed to be read by people instead of | specification, since it is designed to be read by people instead of | ||
programs. It should mainly strive to be informative. | programs. It should mainly strive to be informative. | ||
− | |||
Output of ANY query is subject to the discussion in the security | Output of ANY query is subject to the discussion in the security | ||
section. | section. | ||
− | + | 2.5.1. {C} query | |
− | |||
− | |||
A query of {C} is a request for a list of all online users. An RUIP | A query of {C} is a request for a list of all online users. An RUIP | ||
MUST either answer or actively refuse (see section 3.2.2). If it | MUST either answer or actively refuse (see section 3.2.2). If it | ||
Line 286: | Line 232: | ||
system administrator SHOULD be allowed to include other useful | system administrator SHOULD be allowed to include other useful | ||
information (per section 3.2.3), such as: | information (per section 3.2.3), such as: | ||
− | |||
- terminal location | - terminal location | ||
- office location | - office location | ||
Line 293: | Line 238: | ||
- idle time (number of minutes since last typed input, or | - idle time (number of minutes since last typed input, or | ||
since last job activity). | since last job activity). | ||
− | + | 2.5.2. {U}{C} query | |
− | |||
− | |||
A query of {U}{C} is a request for in-depth status of a specified | A query of {U}{C} is a request for in-depth status of a specified | ||
user {U}. If you really want to refuse this service, you probably | user {U}. If you really want to refuse this service, you probably | ||
don't want to be running Finger in the first place. | don't want to be running Finger in the first place. | ||
− | |||
An answer MUST include at least the full name of the user. If the | An answer MUST include at least the full name of the user. If the | ||
user is logged in, at least the same amount of information returned | user is logged in, at least the same amount of information returned | ||
by {C} for that user MUST also be returned by {U}{C}. | by {C} for that user MUST also be returned by {U}{C}. | ||
− | |||
Since this is a query for information on a specific user, the system | Since this is a query for information on a specific user, the system | ||
administrator SHOULD be allowed to choose to return additional useful | administrator SHOULD be allowed to choose to return additional useful | ||
information (per section 3.2.3), such as: | information (per section 3.2.3), such as: | ||
− | |||
- office location | - office location | ||
- office phone number | - office phone number | ||
Line 313: | Line 253: | ||
- status of login (not logged in, logout time, etc) | - status of login (not logged in, logout time, etc) | ||
- user information file | - user information file | ||
− | |||
A user information file is a feature wherein a user may leave a short | A user information file is a feature wherein a user may leave a short | ||
message that will be included in the response to Finger requests. | message that will be included in the response to Finger requests. | ||
(This is sometimes called a "plan" file.) This is easily implemented | (This is sometimes called a "plan" file.) This is easily implemented | ||
by (for example) having the program look for a specially named text | by (for example) having the program look for a specially named text | ||
+ | |||
+ | |||
Line 327: | Line 268: | ||
be allowed to specifically turn this feature on and off. See section | be allowed to specifically turn this feature on and off. See section | ||
3.2.4 for caveats. | 3.2.4 for caveats. | ||
− | |||
There MAY be a way for the user to run a program in response to a | There MAY be a way for the user to run a program in response to a | ||
Finger query. If this feature exists, the system administrator | Finger query. If this feature exists, the system administrator | ||
SHOULD be allowed to specifically turn it on and off. See section | SHOULD be allowed to specifically turn it on and off. See section | ||
3.2.5 for caveats. | 3.2.5 for caveats. | ||
− | + | 2.5.3. {U} ambiguity | |
− | |||
− | |||
Allowable "names" in the command line MUST include "user names" or | Allowable "names" in the command line MUST include "user names" or | ||
"login names" as defined by the system. If a name is ambiguous, the | "login names" as defined by the system. If a name is ambiguous, the | ||
Line 340: | Line 278: | ||
possible derivations should be returned in some fashion (per section | possible derivations should be returned in some fashion (per section | ||
3.2.6). | 3.2.6). | ||
− | + | 2.5.4. /W query token | |
− | |||
− | |||
The token /W in the {Q1} or {Q2} query types SHOULD at best be | The token /W in the {Q1} or {Q2} query types SHOULD at best be | ||
interpreted at the last RUIP to signify a higher level of verbosity | interpreted at the last RUIP to signify a higher level of verbosity | ||
in the user information output, or at worst be ignored. | in the user information output, or at worst be ignored. | ||
− | + | 2.5.5. Vending machines | |
− | |||
− | |||
Vending machines SHOULD respond to a {C} request with a list of all | Vending machines SHOULD respond to a {C} request with a list of all | ||
items currently available for purchase and possible consumption. | items currently available for purchase and possible consumption. | ||
Line 354: | Line 288: | ||
count or list of the particular product or product slot. Vending | count or list of the particular product or product slot. Vending | ||
machines should NEVER NEVER EVER eat money. | machines should NEVER NEVER EVER eat money. | ||
− | + | == Security == | |
− | == Security == | + | 3.1. Implementation security |
− | |||
− | |||
− | |||
Sound implementation of Finger is of the utmost importance. | Sound implementation of Finger is of the utmost importance. | ||
Implementations should be tested against various forms of attack. In | Implementations should be tested against various forms of attack. In | ||
Line 364: | Line 295: | ||
Vendors providing Finger with the operating system or network | Vendors providing Finger with the operating system or network | ||
software should subject their implementations to penetration testing. | software should subject their implementations to penetration testing. | ||
− | |||
Finger is one of the avenues for direct penetration, as the Morris | Finger is one of the avenues for direct penetration, as the Morris | ||
worm pointed out quite vividly. Like Telnet, FTP and SMTP, Finger is | worm pointed out quite vividly. Like Telnet, FTP and SMTP, Finger is | ||
Line 376: | Line 306: | ||
− | |||
+ | |||
+ | 3.2. RUIP security | ||
Warning!! Finger discloses information about users; moreover, such | Warning!! Finger discloses information about users; moreover, such | ||
information may be considered sensitive. Security administrators | information may be considered sensitive. Security administrators | ||
Line 389: | Line 320: | ||
run Finger without an explicit understanding of how much information | run Finger without an explicit understanding of how much information | ||
it is giving away. | it is giving away. | ||
− | + | 3.2.1. {Q2} refusal | |
− | |||
− | |||
For individual site security concerns, the system administrator | For individual site security concerns, the system administrator | ||
SHOULD be given an option to individually turn on or off RUIP | SHOULD be given an option to individually turn on or off RUIP | ||
Line 399: | Line 328: | ||
allow individual hosts to choose to not forward Finger requests, but | allow individual hosts to choose to not forward Finger requests, but | ||
if they do choose to, to do so consistently. | if they do choose to, to do so consistently. | ||
− | |||
Overall, there are few cases which would warrant processing of {Q2} | Overall, there are few cases which would warrant processing of {Q2} | ||
at all, and they are far outweighed by the number of cases for | at all, and they are far outweighed by the number of cases for | ||
Line 409: | Line 337: | ||
refuse processing. It certainly should not be enabled in gateway | refuse processing. It certainly should not be enabled in gateway | ||
machines without careful consideration of the security implications. | machines without careful consideration of the security implications. | ||
− | + | 3.2.2. {C} refusal | |
− | |||
− | |||
For individual site security concerns, the system administrator | For individual site security concerns, the system administrator | ||
SHOULD be given an option to individually turn on or off RUIP | SHOULD be given an option to individually turn on or off RUIP | ||
Line 418: | Line 344: | ||
user list denied" is adequate. The purpose of this is to allow | user list denied" is adequate. The purpose of this is to allow | ||
individual hosts to choose to not list the users currently online. | individual hosts to choose to not list the users currently online. | ||
− | + | 3.2.3. Atomic discharge | |
− | |||
− | |||
All implementations of Finger SHOULD allow individual system | All implementations of Finger SHOULD allow individual system | ||
administrators to tailor what atoms of information are returned to a | administrators to tailor what atoms of information are returned to a | ||
query. For example: | query. For example: | ||
+ | |||
+ | |||
Line 432: | Line 358: | ||
return office location, office phone number, home phone | return office location, office phone number, home phone | ||
number, and logged in/logout time. | number, and logged in/logout time. | ||
− | |||
- Administrator B should be allowed to specifically choose to | - Administrator B should be allowed to specifically choose to | ||
return only office location, and office phone number. | return only office location, and office phone number. | ||
− | |||
- Administrator C should be allowed to specifically choose to | - Administrator C should be allowed to specifically choose to | ||
return the minimum amount of required information, which is | return the minimum amount of required information, which is | ||
the person's full name. | the person's full name. | ||
− | + | 3.2.4. User information files | |
− | |||
− | |||
Allowing an RUIP to return information out of a user-modifiable file | Allowing an RUIP to return information out of a user-modifiable file | ||
should be seen as equivalent to allowing any information about your | should be seen as equivalent to allowing any information about your | ||
Line 449: | Line 371: | ||
straightforwardly. This should disturb the sleep of system | straightforwardly. This should disturb the sleep of system | ||
administrators who wish to control the returned information. | administrators who wish to control the returned information. | ||
− | + | 3.2.5. Execution of user programs | |
− | |||
− | |||
Allowing an RUIP to run a user program in response to a Finger query | Allowing an RUIP to run a user program in response to a Finger query | ||
is potentially dangerous. BE CAREFUL!! -- the RUIP MUST NOT allow | is potentially dangerous. BE CAREFUL!! -- the RUIP MUST NOT allow | ||
Line 458: | Line 378: | ||
bugs in operating systems, which could be exploited via this type of | bugs in operating systems, which could be exploited via this type of | ||
mechanism. | mechanism. | ||
− | + | 3.2.6. {U} ambiguity | |
− | |||
− | |||
Be aware that a malicious user's clever and/or persistent use of this | Be aware that a malicious user's clever and/or persistent use of this | ||
feature can result in a list of most of the usernames on a system. | feature can result in a list of most of the usernames on a system. | ||
Refusal of {U} ambiguity should be considered in the same vein as | Refusal of {U} ambiguity should be considered in the same vein as | ||
refusal of {C} requests (see section 3.2.2). | refusal of {C} requests (see section 3.2.2). | ||
− | + | 3.2.7. Audit trails | |
− | |||
− | |||
Implementations SHOULD allow system administrators to log Finger | Implementations SHOULD allow system administrators to log Finger | ||
queries. | queries. | ||
− | + | 3.3. Client security | |
− | |||
− | |||
It is expected that there will normally be some client program that | It is expected that there will normally be some client program that | ||
the user runs to query the initial RUIP. By default, this program | the user runs to query the initial RUIP. By default, this program | ||
SHOULD filter any unprintable data, leaving only printable 7-bit | SHOULD filter any unprintable data, leaving only printable 7-bit | ||
characters (ASCII 32 through ASCII 126), tabs (ASCII 9), and CRLFs. | characters (ASCII 32 through ASCII 126), tabs (ASCII 9), and CRLFs. | ||
+ | |||
+ | |||
Line 487: | Line 403: | ||
to modify this behavior, so that users may choose to view | to modify this behavior, so that users may choose to view | ||
international or control characters: | international or control characters: | ||
− | |||
- one to allow all characters less than ASCII 32 | - one to allow all characters less than ASCII 32 | ||
− | |||
- another to allow all characters greater than ASCII 126 | - another to allow all characters greater than ASCII 126 | ||
− | |||
For environments that live and breathe international data, the system | For environments that live and breathe international data, the system | ||
administrator SHOULD be given a mechanism to enable the latter option | administrator SHOULD be given a mechanism to enable the latter option | ||
by default for all users on a particular system. This can be done | by default for all users on a particular system. This can be done | ||
via a global environment variable or similar mechanism. | via a global environment variable or similar mechanism. | ||
− | + | == Examples == | |
− | == Examples == | + | 4.1. Example with a null command line ({C}) |
− | |||
− | |||
− | |||
Site: elbereth.rutgers.edu | Site: elbereth.rutgers.edu | ||
Command line: <CRLF> | Command line: <CRLF> | ||
− | |||
Login Name TTY Idle When Office | Login Name TTY Idle When Office | ||
rinehart Mark J. Rinehart p0 1:11 Mon 12:15 019 Hill x3166 | rinehart Mark J. Rinehart p0 1:11 Mon 12:15 019 Hill x3166 | ||
Line 516: | Line 425: | ||
laidlaw Angus Laidlaw q0 1:55 Mon 11:26 E313C 648-5592 | laidlaw Angus Laidlaw q0 1:55 Mon 11:26 E313C 648-5592 | ||
cje Chris Jarocha-Ernst q1 8 Mon 13:43 259 Hill x2413 | cje Chris Jarocha-Ernst q1 8 Mon 13:43 259 Hill x2413 | ||
− | + | 4.2. Example with name specified ({U}{C}) | |
− | |||
− | |||
Site: dimacs.rutgers.edu | Site: dimacs.rutgers.edu | ||
Command line: pirmann<CRLF> | Command line: pirmann<CRLF> | ||
Line 530: | Line 437: | ||
Work Schedule, Summer 1990 | Work Schedule, Summer 1990 | ||
Rutgers LCSR Operations, 908-932-2443 | Rutgers LCSR Operations, 908-932-2443 | ||
+ | |||
+ | |||
Line 540: | Line 449: | ||
Thursday 9am - 5pm | Thursday 9am - 5pm | ||
Saturday 9am - 5pm | Saturday 9am - 5pm | ||
− | |||
larf larf hoo hoo | larf larf hoo hoo | ||
− | + | 4.3. Example with ambiguous name specified ({U}{C}) | |
− | |||
− | |||
Site: elbereth.rutgers.edu | Site: elbereth.rutgers.edu | ||
Command line: ron<CRLF> | Command line: ron<CRLF> | ||
Line 563: | Line 469: | ||
e | e | ||
H | H | ||
− | |||
Login name: surak In real life: Ron Surak | Login name: surak In real life: Ron Surak | ||
Office: 000 OMB Dou, x9256 | Office: 000 OMB Dou, x9256 | ||
Line 569: | Line 474: | ||
Last login Fri Jul 27 09:55 on ttyq3 | Last login Fri Jul 27 09:55 on ttyq3 | ||
No Plan. | No Plan. | ||
− | |||
Login name: etter In real life: Ron Etter | Login name: etter In real life: Ron Etter | ||
Directory: /u2/etter Shell: /bin/tcsh | Directory: /u2/etter Shell: /bin/tcsh | ||
Never logged in. | Never logged in. | ||
No Plan. | No Plan. | ||
− | + | 4.4. Example of query type {Q2} ({U}{H}{H}{C}) | |
− | |||
− | |||
Site: dimacs.rutgers.edu | Site: dimacs.rutgers.edu | ||
Command line: [email protected]@pilot.njin.net<CRLF> | Command line: [email protected]@pilot.njin.net<CRLF> | ||
Line 583: | Line 485: | ||
Login name: hedrick In real life: Charles Hedrick | Login name: hedrick In real life: Charles Hedrick | ||
Office: 484 Hill, x3088 | Office: 484 Hill, x3088 | ||
+ | |||
+ | |||
Line 592: | Line 496: | ||
No unread mail | No unread mail | ||
No Plan. | No Plan. | ||
− | + | == Acknowledgments == | |
− | == Acknowledgments == | ||
− | |||
Thanks to everyone in the Internet Engineering Task Force for their | Thanks to everyone in the Internet Engineering Task Force for their | ||
comments. Special thanks to Steve Crocker for his security | comments. Special thanks to Steve Crocker for his security | ||
recommendations and prose. | recommendations and prose. | ||
− | + | == Security Considerations == | |
− | == Security Considerations == | ||
− | |||
Security issues are discussed in Section 3. | Security issues are discussed in Section 3. | ||
− | + | == Author's Address == | |
− | == Author's Address == | ||
− | |||
David Paul Zimmerman | David Paul Zimmerman | ||
Center for Discrete Mathematics and | Center for Discrete Mathematics and | ||
Line 611: | Line 509: | ||
P.O. Box 1179 | P.O. Box 1179 | ||
Piscataway, NJ 08855-1179 | Piscataway, NJ 08855-1179 | ||
− | |||
Phone: (908)932-4592 | Phone: (908)932-4592 | ||
− | |||
EMail: [email protected] | EMail: [email protected] |
Revision as of 00:53, 23 September 2020
Network Working Group D. Zimmerman Request for Comments: 1288 Center for Discrete Mathematics and Obsoletes: RFCs 1196, 1194, 742 Theoretical Computer Science
December 1991
The Finger User Information Protocol
Status of this Memo This memo defines a protocol for the exchange of user information. This RFC specifies an IAB standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This memo describes the Finger user information protocol. This is a simple protocol which provides an interface to a remote user information program. Based on RFC 742, a description of the original Finger protocol, this memo attempts to clarify the expected communication between the two ends of a Finger connection. It also tries not to invalidate the many existing implementations or add unnecessary restrictions to the original protocol definition. This edition corrects and clarifies RFC 1196. Table of Contents 1. Introduction ........................................... 2
1.1. Intent ............................................... 2 1.2. History .............................................. 3 1.3. Requirements ......................................... 3 1.4. Updates .............................................. 3
2. Use of the protocol .................................... 4
2.1. Flow of events ....................................... 4 2.2. Data format .......................................... 4 2.3. Query specifications ................................. 4 2.4. RUIP {Q2} behavior ................................... 5 2.5. Expected RUIP response ............................... 6 2.5.1. {C} query .......................................... 6 2.5.2. {U}{C} query ....................................... 6 2.5.3. {U} ambiguity ...................................... 7 2.5.4. /W query token ..................................... 7
2.5.5. Vending machines ................................... 7
3. Security ............................................... 7
3.1. Implementation security .............................. 7 3.2. RUIP security ........................................ 8 3.2.1. {Q2} refusal ....................................... 8 3.2.2. {C} refusal ........................................ 8 3.2.3. Atomic discharge ................................... 8 3.2.4. User information files ............................. 9 3.2.5. Execution of user programs ......................... 9 3.2.6. {U} ambiguity ...................................... 9 3.2.7. Audit trails ....................................... 9 3.3. Client security ...................................... 9
4. Examples ............................................... 10
4.1. Example with a null command line ({C}) ............... 10 4.2. Example with name specified ({U}{C}) ................. 10 4.3. Example with ambiguous name specified ({U}{C}) ....... 11 4.4. Example of query type {Q2} ({U}{H}{H}{C}) ............ 11
5. Acknowledgments ........................................ 12 6. Security Considerations ................................ 12 7. Author's Address ....................................... 12
Contents
- 1 Introduction
- 2 Use of the protocol
- 3 opens a Finger connection <F1-2> to an RUIP on host . gives the RUIP a query <Q1-2> of type {Q2} (e.g., FOO@HOST1@HOST2). It should be derived that: Host is the right-most host in <Q1-2> (i.e., HOST2) Query <Q2-3> is the remainder of <Q1-2> after removing the right-most "@hostname" token in the query (i.e., FOO@HOST1) And so: The RUIP then must itself open a Finger connection <F2-3> to , using <Q2-3>. The RUIP must return any information received from <F2-3> to via <F1-2>. The RUIP must close <F1-2> in normal circumstances only when the RUIP closes <F2-3>. 2.5. Expected RUIP response For the most part, the output of an RUIP doesn't follow a strict specification, since it is designed to be read by people instead of programs. It should mainly strive to be informative. Output of ANY query is subject to the discussion in the security section. 2.5.1. {C} query A query of {C} is a request for a list of all online users. An RUIP MUST either answer or actively refuse (see section 3.2.2). If it answers, then it MUST provide at least the user's full name. The system administrator SHOULD be allowed to include other useful information (per section 3.2.3), such as: - terminal location - office location - office phone number - job name - idle time (number of minutes since last typed input, or since last job activity). 2.5.2. {U}{C} query A query of {U}{C} is a request for in-depth status of a specified user {U}. If you really want to refuse this service, you probably don't want to be running Finger in the first place. An answer MUST include at least the full name of the user. If the user is logged in, at least the same amount of information returned by {C} for that user MUST also be returned by {U}{C}. Since this is a query for information on a specific user, the system administrator SHOULD be allowed to choose to return additional useful information (per section 3.2.3), such as: - office location - office phone number - home phone number - status of login (not logged in, logout time, etc) - user information file A user information file is a feature wherein a user may leave a short message that will be included in the response to Finger requests. (This is sometimes called a "plan" file.) This is easily implemented by (for example) having the program look for a specially named text file in the user's home directory or some common area; the exact method is left to the implementor. The system administrator SHOULD be allowed to specifically turn this feature on and off. See section 3.2.4 for caveats. There MAY be a way for the user to run a program in response to a Finger query. If this feature exists, the system administrator SHOULD be allowed to specifically turn it on and off. See section 3.2.5 for caveats. 2.5.3. {U} ambiguity Allowable "names" in the command line MUST include "user names" or "login names" as defined by the system. If a name is ambiguous, the system administrator SHOULD be allowed to choose whether or not all possible derivations should be returned in some fashion (per section 3.2.6). 2.5.4. /W query token The token /W in the {Q1} or {Q2} query types SHOULD at best be interpreted at the last RUIP to signify a higher level of verbosity in the user information output, or at worst be ignored. 2.5.5. Vending machines Vending machines SHOULD respond to a {C} request with a list of all items currently available for purchase and possible consumption. Vending machines SHOULD respond to a {U}{C} request with a detailed count or list of the particular product or product slot. Vending machines should NEVER NEVER EVER eat money. Security
Introduction
1.1. Intent This memo describes the Finger user information protocol. This is a simple protocol which provides an interface to a remote user information program (RUIP). Based on RFC 742, a description of the original Finger protocol, this memo attempts to clarify the expected communication between the two ends of a Finger connection. It also tries not to invalidate the many current implementations or add unnecessary restrictions to the original protocol definition. The most prevalent implementations of Finger today seem to be primarily derived from the BSD UNIX work at the University of California, Berkeley. Thus, this memo is based around the BSD version's behavior. However, the BSD version provides few options to tailor the Finger RUIP for a particular site's security policy, or to protect the user from dangerous data. Furthermore, there are MANY potential security holes that implementors and administrators need to be aware of, particularly since the purpose of this protocol is to return information about a system's users, a sensitive issue at best. Therefore, this memo makes a number of important security comments and recommendations.
1.2. History The FINGER program at SAIL, written by Les Earnest, was the inspiration for the NAME program on ITS. Earl Killian at MIT and Brian Harvey at SAIL were jointly responsible for implementing the original protocol. Ken Harrenstien is the author of RFC 742, "Name/Finger", which this memo began life as. 1.3. Requirements In this document, the words that are used to define the significance of each particular requirement are capitalized. These words are:
- "MUST"
This word or the adjective "REQUIRED" means that the item is an absolute requirement of the specification.
- "SHOULD"
This word or the adjective "RECOMMENDED" means that there may exist valid reasons in particular circumstances to ignore this item, but the full implications should be understood and the case carefully weighed before choosing a different course.
- "MAY"
This word or the adjective "OPTIONAL" means that this item is truly optional. One vendor may choose to include the item because a particular marketplace requires it or because it enhances the product, for example; another vendor may omit the same item.
An implementation is not compliant if it fails to satisfy one or more of the MUST requirements. An implementation that satisfies all the MUST and all the SHOULD requirements is said to be "unconditionally compliant"; one that satisfies all the MUST requirements but not all the SHOULD requirements is said to be "conditionally compliant". 1.4. Updates The differences of note between RFC 1196 and this memo are:
o the optional /W switch in the Finger query specification was mistakenly placed at the end of the line. The 4.3BSD Finger specifies it at the beginning, where this memo now also puts it.
o the BNF in the Finger query specification was not clear on the treatment of blank space. This memo is more exacting by including an explicit token for it. o The flow of events in a Finger connection is now better defined on the topic of the close of the Finger connection.
Use of the protocol
2.1. Flow of events Finger is based on the Transmission Control Protocol, using TCP port 79 decimal (117 octal). The local host opens a TCP connection to a remote host on the Finger port. An RUIP becomes available on the remote end of the connection to process the request. The local host sends the RUIP a one line query based upon the Finger query specification, and waits for the RUIP to respond. The RUIP receives and processes the query, returns an answer, then initiates the close of the connection. The local host receives the answer and the close signal, then proceeds closing its end of the connection. 2.2. Data format Any data transferred MUST be in ASCII format, with no parity, and with lines ending in CRLF (ASCII 13 followed by ASCII 10). This excludes other character formats such as EBCDIC, etc. This also means that any characters between ASCII 128 and ASCII 255 should truly be international data, not 7-bit ASCII with the parity bit set. 2.3. Query specifications An RUIP MUST accept the entire Finger query specification. The Finger query specification is defined:
{Q1} ::= [{W}|{W}{S}{U}]{C} {Q2} ::= [{W}{S}][{U}]{H}{C} {U} ::= username {H} ::= @hostname | @hostname{H} {W} ::= /W {S} ::= <SP> | <SP>{S} {C} ::= <CRLF>
{H}, being recursive, means that there is no arbitrary limit on the number of @hostname tokens in the query. In examples of the {Q2} request specification, the number of @hostname tokens is limited to two, simply for brevity. Be aware that {Q1} and {Q2} do not refer to a user typing "finger user@host" from an operating system prompt. It refers to the line that an RUIP actually receives. So, if a user types "finger user@host<CRLF>", the RUIP on the remote host receives "user<CRLF>", which corresponds to {Q1}. As with anything in the IP protocol suite, "be liberal in what you accept". 2.4. RUIP {Q2} behavior A query of {Q2} is a request to forward a query to another RUIP. An RUIP MUST either provide or actively refuse this forwarding service (see section 3.2.1). If an RUIP provides this service, it MUST conform to the following behavior: Given that:
Host