diff options
Diffstat (limited to 'Reaktor')
-rw-r--r-- | Reaktor/IRC/README.md | 49 | ||||
-rwxr-xr-x | Reaktor/IRC/bot.py | 34 | ||||
-rwxr-xr-x | Reaktor/IRC/bot2.py | 130 | ||||
-rw-r--r-- | Reaktor/IRC/content | 1 | ||||
-rwxr-xr-x | Reaktor/IRC/index | 9 | ||||
-rwxr-xr-x | Reaktor/IRC/install | 28 | ||||
-rw-r--r-- | Reaktor/README.md | 29 | ||||
-rwxr-xr-x | Reaktor/commands/caps | 4 | ||||
-rwxr-xr-x | Reaktor/commands/hello | 2 | ||||
-rwxr-xr-x | Reaktor/commands/reload | 2 | ||||
-rwxr-xr-x | Reaktor/commands/retard | 1 | ||||
-rwxr-xr-x | Reaktor/commands/rev | 2 | ||||
-rwxr-xr-x | Reaktor/commands/uptime | 8 | ||||
-rwxr-xr-x | Reaktor/index | 7 | ||||
-rwxr-xr-x | Reaktor/install | 6 | ||||
l--------- | Reaktor/public_commands/caps | 1 | ||||
l--------- | Reaktor/public_commands/hello | 1 | ||||
l--------- | Reaktor/public_commands/reload | 1 | ||||
l--------- | Reaktor/public_commands/retard | 1 | ||||
l--------- | Reaktor/public_commands/rev | 1 | ||||
l--------- | Reaktor/public_commands/uptime | 1 |
21 files changed, 318 insertions, 0 deletions
diff --git a/Reaktor/IRC/README.md b/Reaktor/IRC/README.md new file mode 100644 index 00000000..63a0ebd2 --- /dev/null +++ b/Reaktor/IRC/README.md @@ -0,0 +1,49 @@ +# //Reaktor/IRC + +This component implements a remote shell daemon that exposes the +executable files (which may be symlinks) below +`//Reaktor/public_commands/` through IRC. + +## Security + +Access to the IRC server implies full access to all the exposed executable +files. The daemon is executing the commands without dropping privileges. + +## Quickstart + + #? /bin/sh + set -euf + + export nick="$LOGNAME|$HOSTNAME" + export host=irc.freenode.org + export target='#tincspasm' + + exec Reaktor/IRC/index + +## Environment variables + +The following environment variables are processed by `//Reaktor/IRC`: + +### nick + +Use a specific nickname. + +Optional if the node running `//Reaktor/IRC` is part of Retiolum, in +which case it defaults to `Name` in `/etc/tinc/retiolum/tinc.conf`. + +### host and port + +Connect to a specific IRC server. + +Optional if the node running `//Reaktor/IRC` is part of Retiolum, in +which case it defaults to `supernode` and `6667` (well, it always +defaults to these two, but they only make science in Retiolum^_^). + +### target + +Join a specific channel. + +As always, this does the right thing for properly configured hosts: it +uses the default `#retiolum`, which is the only really relevant +channel.^_^ + diff --git a/Reaktor/IRC/bot.py b/Reaktor/IRC/bot.py new file mode 100755 index 00000000..af974f4e --- /dev/null +++ b/Reaktor/IRC/bot.py @@ -0,0 +1,34 @@ +#! /usr/bin/env python2 + +from irclib import IRC, ServerConnectionError, is_channel +from sys import exit +from os import environ as env + +host = str(env.get('host', 'irc.freenode.org')) +port = int(env.get('port', 6667)) +nick = str(env.get('nick', 'crabspasm')) +channel = str(env.get('channel', '#tincspasm')) +print '====> irc://%s@%s:%s/%s' % (nick, host, port, channel) + +irc = IRC() +try: + client = irc.server().connect(host, port, nick) +except ServerConnectionError, error: + print error + exit + +def on_connect(connection, event): + connection.join(channel) + print 'Es passiert...' + +def on_join(connection, event): + connection.privmsg(channel, 'lol') + +def on_disconnect(connection, event): + exit + +client.add_global_handler('welcome', on_connect) +client.add_global_handler('join', on_join) +client.add_global_handler('disconnect', on_disconnect) + +irc.process_forever() diff --git a/Reaktor/IRC/bot2.py b/Reaktor/IRC/bot2.py new file mode 100755 index 00000000..326dd8f5 --- /dev/null +++ b/Reaktor/IRC/bot2.py @@ -0,0 +1,130 @@ +#! /usr/bin/env python +# +# //Reaktor/IRC/bot2.py +# + +from __future__ import print_function +from irclib import SimpleIRCClient, ServerConnectionError, is_channel +from sys import exit +from os import environ as env +import re + +class IRCBot(SimpleIRCClient): + def __init__(self, target): + SimpleIRCClient.__init__(self) + self.target = target + + def on_pubmsg(self, connection, event): + + def PRIVMSG(target, text): + self.connection.privmsg(target, text) + + def ME(target, text): + PRIVMSG(target, 'ACTION ' + text + '') + + def is_executable(x): + import os + return os.path.exists(x) and os.access(x, os.X_OK) + + _nickname = connection.get_nickname() + _source = event.source() + _from = _source.split('!', 1)[0] + _target = event.target() + + try: + _, _handle, _command, _argument, _ = re.split( + '^(\w+|\*):\s*(\w+)(?:\s+(.*))?$', event.arguments()[0]) + except ValueError, error: + if re.search(_nickname, event.arguments()[0]): + PRIVMSG(self.target, 'I\'m so famous') + return # ignore + + if _handle == _nickname or _handle == '*': + + from os.path import realpath, dirname, join + from subprocess import Popen as popen, PIPE + + Reaktor_dir = dirname(realpath(dirname(__file__))) + public_commands = join(Reaktor_dir, 'public_commands') + command = join(public_commands, _command) + + if is_executable(command): + + env = {} + if _argument != None: + env['argument'] = _argument + + try: + p = popen([command], stdin=PIPE, stdout=PIPE, stderr=PIPE, env=env) + except OSError, error: + ME(self.target, 'is made of stupid') + print('OSError@%s: %s' % (command, error)) + return + + stdout, stderr = [ x[:len(x)-1] for x in + [ x.split('\n') for x in p.communicate()]] + code = p.returncode + pid = p.pid + + print('command: %s -> %s' % (command, code)) + [print('%s stdout: %s' % (pid, x)) for x in stdout] + [print('%s stderr: %s' % (pid, x)) for x in stderr] + + if code == 0: + [PRIVMSG(self.target, x) for x in stdout] + [PRIVMSG(_source, x) for x in stderr] + else: + ME(self.target, 'mimimi') + + else: + if _handle != '*': + PRIVMSG(self.target, _from + ': you are made of stupid') + + def on_welcome(self, connection, event): + print('I\'m welcome! :D joining to %s now...' % (self.target)) + if is_channel(self.target): + connection.join(self.target) + else: + self.connection.privmsg(self.target, 'lol') + self.connection.quit('Pong timeout: 423 seconds') + + def on_join(self, connection, event): + print('Es passiert in %s' % (self.target)) + + def on_disconnect(self, connection, event): + # TODO reconnect + exit(0) + +# retrieve the value of a [singleton] variable from a tinc.conf(5)-like file +def getconf1(x, path): + from re import findall + pattern = '(?:^|\n)\s*' + x + '\s*=\s*(.*\w)\s*(?:\n|$)' + y = findall(pattern, open(path, 'r').read()) + if len(y) < 1: + raise AttributeError("len(getconf1('%s', '%s') < 1)" % (x, path)) + if len(y) > 1: + y = ' '.join(y) + raise AttributeError("len(getconf1('%s', '%s') > 1)\n ====> %s" + % (x, path, y)) + return y[0] + +def main(): + name = getconf1('Name', '/etc/tinc/retiolum/tinc.conf') + nick = str(env.get('nick', name)) + host = str(env.get('host', 'supernode')) + port = int(env.get('port', 6667)) + target = str(env.get('target', '#retiolum')) + print('====> irc://%s@%s:%s/%s' % (nick, host, port, target)) + + client = IRCBot(target) + try: + from getpass import getuser + client.connect(host, port, nick, username=getuser(), + ircname='//Reaktor running at %s.retiolum' % (name)) + except ServerConnectionError, error: + print(error) + exit(1) + client.start() + +if __name__ == "__main__": + main() diff --git a/Reaktor/IRC/content b/Reaktor/IRC/content new file mode 100644 index 00000000..e0292376 --- /dev/null +++ b/Reaktor/IRC/content @@ -0,0 +1 @@ +python-irclib-0.4.6/ircbot.py diff --git a/Reaktor/IRC/index b/Reaktor/IRC/index new file mode 100755 index 00000000..68b6cf33 --- /dev/null +++ b/Reaktor/IRC/index @@ -0,0 +1,9 @@ +#! /bin/sh +set -xeuf + +# cd //Reaktor +cd $(dirname $(readlink -f $0))/.. + +IRC/install + +exec python IRC/bot2.py "$@" diff --git a/Reaktor/IRC/install b/Reaktor/IRC/install new file mode 100755 index 00000000..d5f7a8c1 --- /dev/null +++ b/Reaktor/IRC/install @@ -0,0 +1,28 @@ +#! /bin/sh +set -xeuf + +# cd //Reaktor/IRC +cd $(dirname $(readlink -f $0)) + +# install irclib.py +{ + PV=0.4.6 + PN=python-irclib + P=$PN-$PV + tarball=$P.tar.gz + URL=http://downloads.sourceforge.net/$PN/$tarball + SHA1SUM=c6271e44293ed51c21af0f44ce106667d3006e6f + + file=irclib.py + + if ! echo "$SHA1SUM $file" | sha1sum -c; then + temp=`mktemp` + trap "rm -f $temp" EXIT INT + + echo $P/$file > $temp + curl -LfsS $URL | tar --strip-components=1 -zxT $temp + fi + echo "$SHA1SUM $file" | sha1sum -c +} + + diff --git a/Reaktor/README.md b/Reaktor/README.md new file mode 100644 index 00000000..05af8ef5 --- /dev/null +++ b/Reaktor/README.md @@ -0,0 +1,29 @@ +# //Reaktor + +## Quickstart + + ## 1. prepare Reaktor + //Reaktor/install + + ## 2. create a dedicated user + useradd Reaktor + + ## 3. marry Reaktor with /sbin/init + + ## 3a. /etc/inittab-like foo + echo 10:2345:respawn:/bin/su Reaktor -c /krebs/Reaktor/index >>/etc/inittab + # or 10:2345:respawn:/usr/bin/sudo -u Reaktor /krebs/Reaktor/index + # if Reaktor's shell is /bin/false or similar + # [check with e.g getent passwd Reaktor] + telinit q + + ## 3b. upstart-like foo + + cat > /etc/init/Reaktor.conf <<EOF + description "Krebs Reaktor" + author "The Ministerium" + stop on runlevel [016] + respawn + exec /usr/bin/sudo -u Reaktor /krebs/Reaktor/index + EOF + start Reaktor diff --git a/Reaktor/commands/caps b/Reaktor/commands/caps new file mode 100755 index 00000000..bc3d7ba2 --- /dev/null +++ b/Reaktor/commands/caps @@ -0,0 +1,4 @@ +#! /bin/sh +set -euf +cd public_commands +echo `ls` diff --git a/Reaktor/commands/hello b/Reaktor/commands/hello new file mode 100755 index 00000000..df3b6bb9 --- /dev/null +++ b/Reaktor/commands/hello @@ -0,0 +1,2 @@ +#! /bin/sh +echo "Hello${argument+, $argument}!" diff --git a/Reaktor/commands/reload b/Reaktor/commands/reload new file mode 100755 index 00000000..2b78b178 --- /dev/null +++ b/Reaktor/commands/reload @@ -0,0 +1,2 @@ +#! /bin/sh +exec pkill -U Reaktor diff --git a/Reaktor/commands/retard b/Reaktor/commands/retard new file mode 100755 index 00000000..c59b4d1c --- /dev/null +++ b/Reaktor/commands/retard @@ -0,0 +1 @@ +#? //retard diff --git a/Reaktor/commands/rev b/Reaktor/commands/rev new file mode 100755 index 00000000..a8681ab9 --- /dev/null +++ b/Reaktor/commands/rev @@ -0,0 +1,2 @@ +#! /bin/sh +git log -1 --format="%h by %an, %ar" diff --git a/Reaktor/commands/uptime b/Reaktor/commands/uptime new file mode 100755 index 00000000..7ff64168 --- /dev/null +++ b/Reaktor/commands/uptime @@ -0,0 +1,8 @@ +#! /bin/sh +# +# //Reactor/commands/uptime - IRC-optimized uptime output +# +uptime | sed ' + s/^\(.*\) up \(.*\) days\?, *\(.*\), *\(.*\) users\?, *load average: \(.*\)$/\1; \2d \3; \4u; \5/;t + s/^\(.*\) up *\(.*\), *\(.*\) users\?, *load average: \(.*\)$/\1; 0d \2; \3u; \4/;t +' diff --git a/Reaktor/index b/Reaktor/index new file mode 100755 index 00000000..ac647ca3 --- /dev/null +++ b/Reaktor/index @@ -0,0 +1,7 @@ +#! /bin/sh +set -euf + +# cd //Reaktor +cd $(dirname $(readlink -f $0)) + +exec IRC/index diff --git a/Reaktor/install b/Reaktor/install new file mode 100755 index 00000000..761bc437 --- /dev/null +++ b/Reaktor/install @@ -0,0 +1,6 @@ +#! /bin/sh +set -euf + +cd $(dirname $(readlink -f $0)) + +exec IRC/install diff --git a/Reaktor/public_commands/caps b/Reaktor/public_commands/caps new file mode 120000 index 00000000..43c0a342 --- /dev/null +++ b/Reaktor/public_commands/caps @@ -0,0 +1 @@ +../commands/caps
\ No newline at end of file diff --git a/Reaktor/public_commands/hello b/Reaktor/public_commands/hello new file mode 120000 index 00000000..4509249b --- /dev/null +++ b/Reaktor/public_commands/hello @@ -0,0 +1 @@ +../commands/hello
\ No newline at end of file diff --git a/Reaktor/public_commands/reload b/Reaktor/public_commands/reload new file mode 120000 index 00000000..9a337850 --- /dev/null +++ b/Reaktor/public_commands/reload @@ -0,0 +1 @@ +../commands/reload
\ No newline at end of file diff --git a/Reaktor/public_commands/retard b/Reaktor/public_commands/retard new file mode 120000 index 00000000..29ae4b01 --- /dev/null +++ b/Reaktor/public_commands/retard @@ -0,0 +1 @@ +../commands/retard
\ No newline at end of file diff --git a/Reaktor/public_commands/rev b/Reaktor/public_commands/rev new file mode 120000 index 00000000..f5433412 --- /dev/null +++ b/Reaktor/public_commands/rev @@ -0,0 +1 @@ +../commands/rev
\ No newline at end of file diff --git a/Reaktor/public_commands/uptime b/Reaktor/public_commands/uptime new file mode 120000 index 00000000..ffe5fbd7 --- /dev/null +++ b/Reaktor/public_commands/uptime @@ -0,0 +1 @@ +../commands/uptime
\ No newline at end of file |