NT FingerService Version 0.9
By Robert O'Callahan (roc+fingerd@cs.cmu.edu, http://www.cs.cmu.edu/~roc)

Finger Daemon for Windows NT

FEATURES
========
Runs as an NT service or as an interactive process
Strictly RFC 1288 compliant
Detailed log file
A plug-in dynamic library interface for customized responses to finger
queries. Supplied modules support
- idle time monitor
- OS version, machine uptime
- user list
- .plan files
FREE

Try it out by fingering "@majesty.fac.cs.cmu.edu".

The last-resort site for all associated files is
ftp://majesty.fac.cs.cmu.edu/users/roc/ntfingerd/package

INSTALLATION
============
Copy "fingerservice.exe" and the ".fpl" files into the directory where you
want them to live. Run "fingerservice" with the options "-add -start".
In a few seconds it should be installed and running.  Congratulations.

Installation as an NT service requires that you have administrator
privileges. If you don't, you can run it in interactive mode. Run
"fingerservice" with the "-run" option; it starts up as a normal interactive
process (so it won't be around when you log out or after the machine
restarts), but otherwise it will behave as normal.

UNINSTALLATION
==============
Run "fingerservice" with the "-remove" option. It should stop the service,
if necessary, and then delete the service from the service database. The files
can then be deleted.

.FPL MODULES
============
Whenever the service is (re)started, it scans its directory for .FPL files.
These are libraries that answer finger queries. There are two libraries
supplied:
- StdPlan.FPL: this library responds to every query, giving the operating
system name and version, the time the machine was restarted (and how long
ago that was), the idle time, and a list of logged-on users with their login
names, home domains, real names and logged-on-at times.
- PlanFile.FPL: this library appends ".plan" to every query and returns the
file with that name, if it exists (in the same directory as the .FPL and
"fingerservice" files). (Queries that contain "\", "/", ":" or "." are ignored.)
Thus you can add appropriately named files to the directory to return
preset tracts of data.

Third party FPLs can be easily written and integrated. Email me for
details.

SECURITY
========
As distributed the daemon is secure, except for possible bugs. The
distributed FPL modules don't do anything nasty. PlanFile lets an external
user read the contents of the ".plan" files in the directory of the service
program, but not anything else. Of course, if you use other FPL modules, all
bets are off.

Request forwarding (see RFC 1288) is not implemented.

The service can be run under any userid (this can be changed in Control
Panel/Services), but certain features, in particular the idle time monitor,
will only work if the service is run under the System account with "Allow
service to interact with desktop" turned ON. This is the way the service sets
itself up by default. The service does not ever present a user interface,
or even create a window, so allowing desktop interaction does not cause
any local security problems.  The user list feature requires the service to
run with at least Administrator privileges.

If you wish to use this software in an environment where security is a
serious concern, email me and I will consider giving access to the source.
But probably in such a case it would be best to not use software from
strange net-people.

IDLE TIMES
==========
Microsoft haven't documented a way to get at the idle time counters in
Windows (they must be there to support the screen-saver API). My approach
is to check periodically whether the screen-saver is up and work out an
approximate idle time from that; in practice it works rather well. The
only problem is that it's very difficult to find out when the screen-saver
is active. For this, I use one undocumented call from the mostly-
undocumented multiple desktop API: GetInputDesktop. When the screen-saver is
active the input desktop is different from the normal desktop and that is
what I check for. This means that certain other events may be interpreted
as idleness, such as the Ctrl-Alt-Del screen, and also logins and logouts
may cause problems. Also, this approach requires that the service be able
to interact with the user's desktop, so the idle time monitor will only
work if the service is run under the "System" account with "Allow service
to interact with desktop" turned ON.

LICENSE
=======
You can use this software for free.  Distribute it as you wish.

I'm not asking for money, but if you end up using this, I would be pleased
if you would mail me to let me know that you're using it and tell me what you
think of it.

SUPPORT
=======
Send any mail to "roc+fingerd@cs.cmu.edu". I'll try to deal with any
problems or requests whenever I can. I may also create a Web page if demand
warrants it.

Surface mail address can be obtained by fingering "roc+@cs.cmu.edu".

POSSIBLE ENHANCEMENTS
=====================
- make the FPLs more configurable
- add an FPL that provides a finger interface to the NT/LanMan user info
database
- make it work under Win95
- builds for other platforms (MIPS, Alpha, PPC)
- internationalise

If you need any of these, let me know. If you can provide any assistance,
even better.

VERSION HISTORY
===============
0.9:  Fixed bugs, added user list, strictly RFC 1288 compliant
0.8:  Added installation code, ubiquitous error checking and error messages.
      Hopefully other people can use it now.
0.7:  After lots of iterations of idle time methods and FPL interfaces,
      a hand-installed build is in use on MAJESTY, my personal machine.
