diff options
87 files changed, 1651 insertions, 82 deletions
@@ -3,8 +3,11 @@ a.out *.o *.a .svn/ +/god/Reaktor/tmp/ /bin/ /node/src /node/out /ovh/soapi/src /ovh/soapi/SOAPpy +/Reaktor/IRC/irclib.py +/Reaktor/public_commands/* diff --git a/.gitmodules b/.gitmodules index cbc61522..3677b710 100644 --- a/.gitmodules +++ b/.gitmodules @@ -13,9 +13,6 @@ [submodule "submodules/github/tautologistics/node-htmlparser"] path = submodules/github/tautologistics/node-htmlparser url = https://github.com/tautologistics/node-htmlparser -[submodule "krebsbeam/c-beam"] - path = krebsbeam/c-beam - url = git://dev.c-base.org/c-beam/c-beam.git [submodule "submodules/github/makefu/dpfhack_display"] path = submodules/github/makefu/dpfhack_display url = https://github.com/makefu/dpfhack_pearl diff --git a/Reaktor/IRC/README.md b/Reaktor/IRC/README.md new file mode 100644 index 00000000..63a0ebd2 --- /dev/null +++ b/Reaktor/IRC/README.md @@ -0,0 +1,49 @@ +# //Reaktor/IRC + +This component implements a remote shell daemon that exposes the +executable files (which may be symlinks) below +`//Reaktor/public_commands/` through IRC. + +## Security + +Access to the IRC server implies full access to all the exposed executable +files. The daemon is executing the commands without dropping privileges. + +## Quickstart + + #? /bin/sh + set -euf + + export nick="$LOGNAME|$HOSTNAME" + export host=irc.freenode.org + export target='#tincspasm' + + exec Reaktor/IRC/index + +## Environment variables + +The following environment variables are processed by `//Reaktor/IRC`: + +### nick + +Use a specific nickname. + +Optional if the node running `//Reaktor/IRC` is part of Retiolum, in +which case it defaults to `Name` in `/etc/tinc/retiolum/tinc.conf`. + +### host and port + +Connect to a specific IRC server. + +Optional if the node running `//Reaktor/IRC` is part of Retiolum, in +which case it defaults to `supernode` and `6667` (well, it always +defaults to these two, but they only make science in Retiolum^_^). + +### target + +Join a specific channel. + +As always, this does the right thing for properly configured hosts: it +uses the default `#retiolum`, which is the only really relevant +channel.^_^ + diff --git a/Reaktor/IRC/bot.py b/Reaktor/IRC/bot.py new file mode 100755 index 00000000..af974f4e --- /dev/null +++ b/Reaktor/IRC/bot.py @@ -0,0 +1,34 @@ +#! /usr/bin/env python2 + +from irclib import IRC, ServerConnectionError, is_channel +from sys import exit +from os import environ as env + +host = str(env.get('host', 'irc.freenode.org')) +port = int(env.get('port', 6667)) +nick = str(env.get('nick', 'crabspasm')) +channel = str(env.get('channel', '#tincspasm')) +print '====> irc://%s@%s:%s/%s' % (nick, host, port, channel) + +irc = IRC() +try: + client = irc.server().connect(host, port, nick) +except ServerConnectionError, error: + print error + exit + +def on_connect(connection, event): + connection.join(channel) + print 'Es passiert...' + +def on_join(connection, event): + connection.privmsg(channel, 'lol') + +def on_disconnect(connection, event): + exit + +client.add_global_handler('welcome', on_connect) +client.add_global_handler('join', on_join) +client.add_global_handler('disconnect', on_disconnect) + +irc.process_forever() diff --git a/Reaktor/IRC/bot2.py b/Reaktor/IRC/bot2.py new file mode 100755 index 00000000..f8273ffa --- /dev/null +++ b/Reaktor/IRC/bot2.py @@ -0,0 +1,130 @@ +#! /usr/bin/env python +# +# //Reaktor/IRC/bot2.py +# + +from __future__ import print_function +from irclib import SimpleIRCClient, ServerConnectionError, is_channel +from sys import exit +from os import environ as env +import re + +class IRCBot(SimpleIRCClient): + def __init__(self, target): + SimpleIRCClient.__init__(self) + self.target = target + + def on_pubmsg(self, connection, event): + + def PRIVMSG(target, text): + self.connection.privmsg(target, text) + + def ME(target, text): + PRIVMSG(target, 'ACTION ' + text + '') + + def is_executable(x): + import os + return os.path.exists(x) and os.access(x, os.X_OK) + + _nickname = connection.get_nickname() + _source = event.source() + _from = _source.split('!', 1)[0] + _target = event.target() + + try: + _, _handle, _command, _argument, _ = re.split( + '^(\w+):\s*(\w+)(?:\s+(.*))?$', event.arguments()[0]) + except ValueError, error: + if re.search(_nickname, event.arguments()[0]): + PRIVMSG(self.target, 'I\'m so famous') + return # ignore + + if _handle == _nickname or _handle == 'ALL': + + from os.path import realpath, dirname, join + from subprocess import Popen as popen, PIPE + + Reaktor_dir = dirname(realpath(dirname(__file__))) + public_commands = join(Reaktor_dir, 'public_commands') + command = join(public_commands, _command) + + if is_executable(command): + + env = {} + if _argument != None: + env['argument'] = _argument + + try: + p = popen([command], stdin=PIPE, stdout=PIPE, stderr=PIPE, env=env) + except OSError, error: + ME(self.target, 'is made of stupid') + print('OSError@%s: %s' % (command, error)) + return + + stdout, stderr = [ x[:len(x)-1] for x in + [ x.split('\n') for x in p.communicate()]] + code = p.returncode + pid = p.pid + + print('command: %s -> %s' % (command, code)) + [print('%s stdout: %s' % (pid, x)) for x in stdout] + [print('%s stderr: %s' % (pid, x)) for x in stderr] + + if code == 0: + [PRIVMSG(self.target, x) for x in stdout] + [PRIVMSG(_source, x) for x in stderr] + else: + ME(self.target, 'mimimi') + + else: + if _handle != 'ALL': + PRIVMSG(self.target, _from + ': you are made of stupid') + + def on_welcome(self, connection, event): + print('I\'m welcome! :D joining to %s now...' % (self.target)) + if is_channel(self.target): + connection.join(self.target) + else: + self.connection.privmsg(self.target, 'lol') + self.connection.quit('Pong timeout: 423 seconds') + + def on_join(self, connection, event): + print('Es passiert in %s' % (self.target)) + + def on_disconnect(self, connection, event): + # TODO reconnect + exit(0) + +# retrieve the value of a [singleton] variable from a tinc.conf(5)-like file +def getconf1(x, path): + from re import findall + pattern = '(?:^|\n)\s*' + x + '\s*=\s*(.*\w)\s*(?:\n|$)' + y = findall(pattern, open(path, 'r').read()) + if len(y) < 1: + raise AttributeError("len(getconf1('%s', '%s') < 1)" % (x, path)) + if len(y) > 1: + y = ' '.join(y) + raise AttributeError("len(getconf1('%s', '%s') > 1)\n ====> %s" + % (x, path, y)) + return y[0] + +def main(): + name = getconf1('Name', '/etc/tinc/retiolum/tinc.conf') + nick = str(env.get('nick', name)) + host = str(env.get('host', 'supernode')) + port = int(env.get('port', 6667)) + target = str(env.get('target', '#retiolum')) + print('====> irc://%s@%s:%s/%s' % (nick, host, port, target)) + + client = IRCBot(target) + try: + from getpass import getuser + client.connect(host, port, nick, username=getuser(), + ircname='//Reaktor running at %s.retiolum' % (name)) + except ServerConnectionError, error: + print(error) + exit(1) + client.start() + +if __name__ == "__main__": + main() diff --git a/Reaktor/IRC/content b/Reaktor/IRC/content new file mode 100644 index 00000000..e0292376 --- /dev/null +++ b/Reaktor/IRC/content @@ -0,0 +1 @@ +python-irclib-0.4.6/ircbot.py diff --git a/Reaktor/IRC/index b/Reaktor/IRC/index new file mode 100755 index 00000000..41e3a227 --- /dev/null +++ b/Reaktor/IRC/index @@ -0,0 +1,8 @@ +#! /bin/sh +set -xeuf + +cd $(dirname $(readlink -f $0)) + +./install + +exec python bot2.py "$@" diff --git a/Reaktor/IRC/install b/Reaktor/IRC/install new file mode 100755 index 00000000..95e05199 --- /dev/null +++ b/Reaktor/IRC/install @@ -0,0 +1,27 @@ +#! /bin/sh +set -xeuf + +cd $(dirname $(readlink -f $0)) + +# install irclib.py +{ + PV=0.4.6 + PN=python-irclib + P=$PN-$PV + tarball=$P.tar.gz + URL=http://downloads.sourceforge.net/$PN/$tarball + SHA1SUM=c6271e44293ed51c21af0f44ce106667d3006e6f + + file=irclib.py + + if ! echo "$SHA1SUM $file" | sha1sum -c; then + temp=`mktemp` + trap "rm -f $temp" EXIT INT + + echo $P/$file > $temp + curl -LfsS $URL | tar --strip-components=1 -zxT $temp + fi + echo "$SHA1SUM $file" | sha1sum -c +} + + diff --git a/Reaktor/README.md b/Reaktor/README.md new file mode 100644 index 00000000..464af015 --- /dev/null +++ b/Reaktor/README.md @@ -0,0 +1,26 @@ +# //Reaktor + +## Quickstart + + ## 1. prepare Reaktor for nobody + //Reaktor/install + + ## 2. marry Reaktor with /sbin/init + + ## 2a. /etc/inittab-like foo + echo 10:2345:respawn:/bin/su nobody -c /krebs/Reaktor/index >>/etc/inittab + # or 10:2345:respawn:/usr/bin/sudo -u nobody /krebs/Reaktor/index + # if nobody's shell is /bin/false or similar + # [check with e.g getent passwd nobody] + telinit q + + ## 2b. upstart-like foo + + cat > /etc/init/Reaktor.conf <<EOF + description "Krebs Reaktor" + author "The Ministerium" + stop on runlevel [016] + respawn + exec /usr/bin/sudo -u nobody /krebs/Reaktor/index + EOF + start Reaktor diff --git a/Reaktor/commands/hello b/Reaktor/commands/hello new file mode 100755 index 00000000..df3b6bb9 --- /dev/null +++ b/Reaktor/commands/hello @@ -0,0 +1,2 @@ +#! /bin/sh +echo "Hello${argument+, $argument}!" diff --git a/Reaktor/commands/retard b/Reaktor/commands/retard new file mode 100755 index 00000000..c59b4d1c --- /dev/null +++ b/Reaktor/commands/retard @@ -0,0 +1 @@ +#? //retard diff --git a/Reaktor/commands/rev b/Reaktor/commands/rev new file mode 100755 index 00000000..9964fe3f --- /dev/null +++ b/Reaktor/commands/rev @@ -0,0 +1,2 @@ +#! /bin/sh +git rev-parse --short HEAD diff --git a/Reaktor/index b/Reaktor/index new file mode 100755 index 00000000..4584e4af --- /dev/null +++ b/Reaktor/index @@ -0,0 +1,6 @@ +#! /bin/sh +set -euf + +cd $(dirname $(readlink -f $0)) + +exec IRC/index diff --git a/Reaktor/install b/Reaktor/install new file mode 100755 index 00000000..761bc437 --- /dev/null +++ b/Reaktor/install @@ -0,0 +1,6 @@ +#! /bin/sh +set -euf + +cd $(dirname $(readlink -f $0)) + +exec IRC/install diff --git a/Reaktor/public_commands/hello b/Reaktor/public_commands/hello new file mode 120000 index 00000000..4509249b --- /dev/null +++ b/Reaktor/public_commands/hello @@ -0,0 +1 @@ +../commands/hello
\ No newline at end of file |