abalone 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 84a963023ccdf4286214f6e0bfcf7392c12289e6
-  data.tar.gz: 887a90254e4836b4dab02a1e4efc8b4e0dcb6914
+  metadata.gz: 1de9af9802ec0b416470cec7b62a3cd7b3dfa053
+  data.tar.gz: ea85d95749bb862e9b3f1edd9e69fe4cc73781f7
 SHA512:
-  metadata.gz: 9b628557aadd49c273a684830203c2190be6945fc9f5bf081b0a5dcd0a1d750ab0a9b1266c107605e3dcbff094929f51bac3b1152fbfc85b6dcc1e7353f0ecdc
-  data.tar.gz: 3d530f9fa812d1ab3a4fc753de0df5a763997c70655dd2487a05b83e0cae5f1948b7ea0010c2aceaac6b2aeced8a4790507e3d6535f9058fd76e4c337463ca54
+  metadata.gz: d7d724d615b6e25db425b2d8aaaae18521053dce1c4bfbaee14b1fa6f7b26670ea603d6920e4408e15168103abd364bdd4c1b09c9a072e581bf422350bef5ce3
+  data.tar.gz: d3b76310ff77bb549dea12f1e333d8e390d19ef9e98faef383e8ae7cac3ba3b5400278dad667a7363435828adddd586b3aad5e85f7c001a257375a143084dc7a

data/README.md

@@ -1,5 +1,125 @@
 # abalone
 A simple Sinatra & hterm based web terminal.
 
+#### Table of Contents
+
+1. [Overview](#overview)
+1. [Configuration](#configuration)
+1. [Limitations](#limitations)
+
+## Overview
+
 Simply exposes a login shell to a web browser. This is currently
 nowhere near to production quality, so don't actually use it.
+
+It supports three methods for providing a shell:
+
+1. Simply running the `login` binary and logging in as a system user. (default)
+1. Using SSH to connect to localhost or a remote machine. This can be configured
+   with credentials to automatically connect, or it can request a username and
+   password from the end user.
+1. Running custom command, which can be configured with arbitrary parameters.
+
+## Configuration
+
+Abalone defaults to loading configuration from `/etc/abalone/config.yaml`. You
+can pass the path to another config file at the command line. In that file, you
+can set one of `:command` or `:ssh`.
+
+### Configuring SSH
+
+The following parameters may be used to configure SSH login. The `:host` setting
+is required. `:user` and `:cert` are optional. If `:user` is not set, then the
+user will be prompted for a login name, and if `:cert` is not set then
+the user will be prompted to log in with a password. If the SSH server is running
+on a non-standard port, you may specify that with the `:port` setting.
+
+``` Yaml
+---
+:ssh:
+  :host: shellserver.example.com
+  :user: centos
+  :cert: /etc/abalone/centos.pem
+```
+
+### Configuring a custom command
+
+A custom command can be configured in several ways. If you just want to run a
+command without providing any options, the config file would look like:
+
+``` Yaml
+---
+:command: /usr/local/bin/run-container
+```
+
+#### Simple options
+
+You can also allow the user to pass in a arbitrary options. These must be
+whitelisted. You can simply list allowed options in an Array: 
+
+``` Yaml
+---
+:command: /usr/local/bin/run-container
+:params: [ 'username', 'image' ]
+```
+
+The options will be passed to the command in this way, ignoring the option
+that was not whitelisted:
+
+* http://localhost:9000/?username=bob&image=testing&invalid=value
+* `/usr/local/bin/run-container --username bob --image testing`
+
+#### Customized options
+
+Finally, you can fully customize the options which may be passed in, including
+remapping them to command line arguments and filtering accepted values. In this
+case, `:params` must be a Hash.
+
+``` Yaml
+---
+:command: /usr/local/bin/run-container
+:params:
+  username:
+  type:
+    :values: ['demo', 'testing']
+  image:
+    :map: '--create-image'
+    :values: [ 'ubuntu', 'rhel', /centos[5,6,7]/ ]
+```
+
+Notice that `username` has nothing on the right side. It will be treated exactly
+the same as `username` in the *Simple options* array above.
+
+The `image` parameter is more complex though. It has two keys specified. Both are
+optional. If `:map` is set, then its value will be used when running the command.
+The `:values` key can be used to specify a list of valid values. Note that these
+can be specified as Strings or regular expressions. 
+
+The options in this case will be passed to the command like:
+
+* An option is mapped to a different command line argument:
+  * http://localhost:9000/?username=bob&image=centos6
+  * `/usr/local/bin/run-container --username bob --create-image centos6`
+* An option without a `:map` is passed directly through to the command:
+  * http://localhost:9000/?username=bob&type=demo
+  * `/usr/local/bin/run-container --username bob --type demo`
+* Image name that doesn't pass validation is ignored:
+  * http://localhost:9000/?username=bob&image=testing
+  * `/usr/local/bin/run-container --username bob`
+* Invalid options and values are ignored:
+  * http://localhost:9000/?username=bob&image=testing&invalid=value
+  * `/usr/local/bin/run-container --username bob`
+
+## Limitations
+
+This is super early in development and has not yet been battle tested.
+
+## Disclaimer
+
+I take no liability for the use of this tool.
+
+Contact
+-------
+
+binford2k@gmail.com
+

data/bin/abalone

@@ -3,36 +3,36 @@
 require 'rubygems'
 require 'optparse'
 require 'abalone'
+require 'yaml'
 
-gemroot = File.expand_path(File.join(File.dirname(__FILE__), '..'))
-options = {
+defaults = {
   :port           => 9000,
   :host           => '0.0.0.0',
   :bind           => '0.0.0.0',
 }
-logfile  = $stderr
-loglevel = Logger::WARN
-
+logfile    = $stderr
+loglevel   = Logger::WARN
+configfile = '/etc/abalone/config.yaml'
+options    = {}
 optparse = OptionParser.new { |opts|
     opts.banner = "Usage : abalone [-p <port>] [-l [logfile]] [-d]
          -- Runs the Abalone web shell.
 
 "
 
-    opts.on("-d", "--debug", "Display or log debugging messages") do
-        loglevel = Logger::DEBUG
+    opts.on("-c CONFIGFILE", "--config CONFIGFILE", "Load configuration from a file. (/etc/abalone/config.yaml)") do
+        configfile = arg
     end
 
-    opts.on("--disable DISABLED_CHECKS", "Lint checks to disable. Either comma-separated list or filename.") do |arg|
-        puts "Disabling #{arg}"
-        options[:disabled_lint_checks] = arg
+    opts.on("-d", "--debug", "Display or log debugging messages") do
+        loglevel = Logger::DEBUG
     end
 
     opts.on("-l [LOGFILE]", "--logfile [LOGFILE]", "Path to logfile. Defaults to no logging, or /var/log/abalone if no filename is passed.") do |arg|
         logfile = arg || '/var/log/abalone'
     end
 
-    opts.on("-p PORT", "--port", "Port to listen on. Defaults to 9000.") do |arg|
+    opts.on("-p PORT", "--port PORT", "Port to listen on. Defaults to 9000.") do |arg|
         options[:port] = arg
     end
 
@@ -51,6 +51,38 @@ logger           = Logger.new(logfile)
 logger.level     = loglevel
 options[:logger] = logger
 
+config  = YAML.load_file(configfile) rescue {}
+options = defaults.merge(config.merge(options))
+
+if options[:params].class == Hash
+  options[:params].each do |param, data|
+    next if data.nil?
+    next unless data.include? :values
+
+    data[:values].collect! do |value|
+      case value
+      when Regexp
+        value
+      when String
+        # if a string encapsulated regex, replace with that regex
+        value =~ /^\/(.*)\/$/ ? Regexp.new($1) : value
+      end
+    end
+  end
+end
+
+raise 'Specify only one of a login command or SSH settings' if options.include? :command and options.include? :ssh
+
+if options.include? :command
+  raise ":params must be an Array or Hash, not #{options[:params].class}" unless [Array, Hash].include? options[:params].class
+  raise ":command should be a String or an Array, not a #{options[:command].class}." unless [Array, String].include? options[:command].class
+end
+
+if options.include? :ssh
+  raise "SSH configuration should be a Hash, not a #{options[:ssh].class}." unless options[:ssh].class == Hash
+  raise "SSH configuration must include the host" unless options[:ssh].include? :host
+end
+
 puts
 puts
 puts "Starting Abalone Web Shell. Browse to http://localhost:#{options[:port]}"

data/bin/em.rb

@@ -0,0 +1,50 @@
+#! /usr/bin/env ruby
+
+require 'rubygems'
+require "eventmachine"
+
+
+module ProcessWatcher
+  def receive_data(data)
+    puts "Got: #{data}"
+  end
+  def process_exited
+    puts 'the forked child died!'
+  end
+end
+
+pid = fork{
+  sleep 1
+  puts 'booger'
+  sleep 1
+  puts 'oogles'
+}
+
+EM.kqueue=true
+EventMachine.run {
+  EventMachine.watch_process(pid, ProcessWatcher)
+  EventMachine.add_timer(5){ Process.kill('TERM', pid) }
+}
+
+#EM.run{
+#  EM.system('sh', proc { |process|
+#    process.send_data("echo hello\n")
+#    process.send_data("exit\n")
+#    sleep 5
+#    EM.stop
+#  },
+#  proc{ |out,status|
+#    puts(out)
+#  })
+#}
+
+#EM.run do
+#  EM.add_periodic_timer(1) { puts 'sec' }
+#  EM.add_timer(1.01) { puts '1 second passed by' }
+#  EM.add_timer(2.01) { puts '2 seconds passed by'; }
+#  EM.add_timer(5.01) do
+#    puts '5 seconds passed by: stopping...'
+#    EM.stop
+#  end
+#end
+

data/lib/abalone.rb

@@ -10,21 +10,39 @@ class Abalone < Sinatra::Base
   set :logging, true
   set :strict, true
   set :public_folder, 'public'
+  set :views, 'views'
 
   before {
     env["rack.logger"] = settings.logger if settings.logger
   }
 
-  get '/' do
+  get '/?:user?' do
     if !request.websocket?
-      redirect '/index.html'
+      #redirect '/index.html'
+      @requestUsername = (settings.respond_to?(:ssh) and ! settings.ssh.include?(:user)) rescue false
+      erb :index
     else
       request.websocket do |ws|
+
         ws.onopen do
           warn("websocket opened")
-          reader, @writer, @pid = PTY.spawn(login_binary)
+          reader, @writer, @pid = PTY.spawn(*shell_command)
           @writer.winsize = [24,80]
 
+#           reader.sync = true
+#           EM.add_periodic_timer(0.05) do
+#             begin
+#               PTY.check(@pid, true)
+#               data = reader.read_nonblock(512) # we read non-blocking to stream data as quickly as we can
+#               ws.send({'event' => 'output', 'data' => data}.to_json)
+#             rescue IO::WaitReadable
+#               # nop
+#             rescue PTY::ChildExited => e
+#               puts "Terminal has exited!"
+#               ws.send({'event' => 'logout'}.to_json)
+#             end
+#           end
+
           # there must be some form of event driven pty interaction, EM or some gem maybe?
           reader.sync = true
           @term = Thread.new do
@@ -41,7 +59,7 @@ class Abalone < Sinatra::Base
                 Thread.exit
               end
               ws.send({'event' => 'output', 'data' => data}.to_json)
-              sleep(0.01)
+              sleep(0.05)
             end
           end
 
@@ -93,11 +111,73 @@ class Abalone < Sinatra::Base
       @term.join
     end
 
-    def login_binary()
-      [ '/bin/login', '/usr/bin/login' ].each do |path|
-        return path if File.executable? path
+    def sanitized(params)
+      params.reject do |key,val|
+        ['captures','splat'].include? key
       end
-      raise 'No login binary found.'
+    end
+
+    def allowed(param, value)
+      return false unless settings.params.include? param
+
+      config = settings.params[param]
+      return true if config.nil?
+      return true unless config.include? :values
+
+      config[:values].each do |pattern|
+        case pattern
+        when String
+          return true if value == pattern
+        when Regexp
+          return true if pattern.match(value)
+        end
+      end
+
+      false
+    end
+
+    def shell_command()
+      if settings.respond_to? :command
+        return settings.command unless settings.respond_to? :params
+
+        command = settings.command
+        command = command.split if command.class == String
+
+        sanitized(params).each do |param, value|
+          next unless allowed(param, value)
+
+          config = settings.params[param]
+          case config
+          when nil
+            command << "--#{param}" << value
+          when Hash
+            command << (config[:map] || "--#{param}")
+            command << value
+          end
+        end
+
+        return command
+      end
+
+      if settings.respond_to? :ssh
+        config = settings.ssh.dup
+        config[:user] ||= params['user'] # if not in the config file, it must come from the user
+
+        if config[:user].nil?
+          warn "SSH configuration must include the user"
+          return ['echo', 'no username provided']
+        end
+
+        command = ['ssh', config[:host] ]
+        command << '-l' << config[:user] if config.include? :user
+        command << '-p' << config[:port] if config.include? :port
+        command << '-i' << config[:cert] if config.include? :cert
+
+        return command
+      end
+
+      # default just to running login
+      'login'
     end
   end
 end

data/public/index.html

@@ -36,8 +36,8 @@
       </style>
   </head>
 
-  <body>
-      <div id="overlay"><input type="button" onclick="javascript:location.reload();" value="reconnect" /></div>
+  <body onload="connect(boogers);">
+      <div id="overlay"><input type="button" onclick="javascript:connect();" value="reconnect" /></div>
       <div id="terminal"></div>
   </body>
 

data/public/js/abalone.js

@@ -1,11 +1,28 @@
 var term;
 var buf = '';
-var protocol = (location.protocol === 'https:') ? 'wss://' : 'ws://';
-var socket   = new WebSocket(protocol + location.host)
+var socket;
 
-socket.onopen    = function()  { connected();            };
-socket.onclose   = function()  { disconnected();         }
-socket.onmessage = function(m) { messageHandler(m.data); };
+function connect(userPrompt) {
+  var protocol = (location.protocol === 'https:') ? 'wss://' : 'ws://';
+
+  if(socket) {
+    socket.onclose = null;
+    socket.close();
+    document.getElementById("overlay").style.display = "none";
+  }
+
+  if(userPrompt && location.pathname == '/') {
+    var username = prompt('What username would you like to connect with?');
+    socket = new WebSocket(protocol + location.host + '/' + username + location.search);
+  }
+  else {
+    socket = new WebSocket(protocol + location.host + location.pathname + location.search);
+  }
+
+  socket.onopen    = function()  { connected();            };
+  socket.onclose   = function()  { disconnected();         }
+  socket.onmessage = function(m) { messageHandler(m.data); };
+}
 
 function connected() {
   console.log('Client connected');

data/views/index.erb

@@ -0,0 +1,44 @@
+<!doctype html>
+<html lang="en">
+  <head>
+      <meta charset="UTF-8">
+      <title>Abalone Web Shell</title>
+      <script src="js/hterm_all.js"></script>
+      <script src="js/abalone.js"></script>
+      <style>
+          html,
+          body {
+              height: 100%;
+              width: 100%;
+              margin: 0px;
+          }
+          #overlay {
+              position: absolute;
+              z-index: 1000;
+              height: 100%;
+              width: 100%;
+              background-color: rgba(0,0,0,0.75);
+              display: none;
+          }
+          #overlay input {
+              display: block;
+              margin: auto;
+              position: relative;
+              top: 50%;
+              transform: translateY(-50%);
+          }
+          #terminal {
+              display: block;
+              position: relative;
+              width: 100%;
+              height: 100%;
+          }
+      </style>
+  </head>
+
+  <body onload="connect(<%= @requestUsername %>);">
+      <div id="overlay"><input type="button" onclick="javascript:connect(<%= @requestUsername %>);" value="reconnect" /></div>
+      <div id="terminal"></div>
+  </body>
+
+</html>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: abalone
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Ben Ford
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-14 00:00:00.000000000 Z
+date: 2016-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
@@ -53,6 +53,8 @@ files:
 - LICENSE
 - bin/abalone
 - lib/abalone.rb
+- bin/em.rb
+- views/index.erb
 - public/index.html
 - public/js/abalone.js
 - public/js/hterm_all.js