vines-agent 0.1.0

data/conf/config.rb

@@ -0,0 +1,16 @@
+# encoding: UTF-8
+
+# This is the Vines agent configuration file. Restart the agent with
+# 'vines-agent restart' after updating this file.
+
+Vines::Agent::Config.configure do
+  # Set the logging level to debug, info, warn, error, or fatal. The debug
+  # level logs all XML sent and received by the agent.
+  log :info
+
+  domain 'wonderland.lit' do
+    upstream 'localhost', 5222
+    password 'secr3t'
+    download 'data'
+  end
+end

data/lib/vines/agent.rb

@@ -0,0 +1,30 @@
+# encoding: UTF-8
+
+%w[
+  logger
+  blather
+  digest
+  etc
+  fiber
+  fileutils
+  json
+  ohai
+  session
+  slave
+
+  blather/client/client
+
+  vines/log
+  vines/daemon
+
+  vines/agent/version
+  vines/agent/agent
+  vines/agent/config
+  vines/agent/connection
+  vines/agent/shell
+
+  vines/agent/command/init
+  vines/agent/command/restart
+  vines/agent/command/start
+  vines/agent/command/stop
+].each {|f| require f }

data/lib/vines/agent/agent.rb

@@ -0,0 +1,24 @@
+# encoding: UTF-8
+
+module Vines
+  module Agent
+    # The main starting point for the Vines Agent process. Starts the
+    # EventMachine processing loop and registers the agent with the configured
+    # servers.
+    class Agent
+      include Vines::Log
+
+      def initialize(config)
+        @config = config
+      end
+
+      def start
+        log.info('Vines agent started')
+        at_exit { log.fatal('Vines agent stopped') }
+        EM.run do
+          @config.start
+        end
+      end
+    end
+  end
+end

data/lib/vines/agent/command/init.rb

@@ -0,0 +1,55 @@
+# encoding: UTF-8
+
+module Vines
+  module Agent
+    module Command
+      class Init
+        def run(opts)
+          raise 'vines-agent init <domain>' unless opts[:args].size == 1
+          domain = opts[:args].first.downcase
+          dir = File.expand_path(domain)
+          raise "Directory already initialized: #{domain}" if File.exists?(dir)
+          Dir.mkdir(dir)
+
+          FileUtils.cp_r(File.expand_path("../../../../../conf", __FILE__), dir)
+
+          data, log, pid = %w[data log pid].map do |sub|
+            File.join(dir, sub).tap {|subdir| Dir.mkdir(subdir) }
+          end
+
+          update_config(domain, File.expand_path('conf/config.rb', dir))
+          fix_perms(dir)
+
+          puts "Initialized agent directory: #{domain}"
+          puts "Run 'cd #{domain} && vines-agent start' to begin"
+        end
+
+        private
+
+        # The config.rb file contains the agent's password so restrict access
+        # to just the agent user.
+        def fix_perms(dir)
+          File.chmod(0600, File.expand_path('conf/config.rb', dir))
+        end
+
+        def update_config(domain, config)
+          text = File.read(config)
+          File.open(config, 'w') do |f|
+            replaced = text
+              .gsub('wonderland.lit', domain.downcase)
+              .gsub('secr3t', password)
+            f.write(replaced)
+          end
+        end
+
+        # Create a large, random password with which to authenticate the
+        # agent bot's JID.
+        def password
+          hash = Digest::SHA512.new
+          1024.times { hash << rand.to_s }
+          hash.hexdigest
+        end
+      end
+    end
+  end
+end

data/lib/vines/agent/command/restart.rb

@@ -0,0 +1,14 @@
+# encoding: UTF-8
+
+module Vines
+  module Agent
+    module Command
+      class Restart
+        def run(opts)
+          Stop.new.run(opts)
+          Start.new.run(opts)
+        end
+      end
+    end
+  end
+end

data/lib/vines/agent/command/start.rb

@@ -0,0 +1,30 @@
+# encoding: UTF-8
+
+module Vines
+  module Agent
+    module Command
+      class Start
+        def run(opts)
+          raise 'vines-agent [--pid FILE] start' unless opts[:args].size == 0
+          require opts[:config]
+          agent = Vines::Agent::Agent.new(Config.instance)
+          daemonize(opts) if opts[:daemonize]
+          agent.start
+        end
+
+        private
+
+        def daemonize(opts)
+          daemon = Vines::Daemon.new(:pid => opts[:pid], :stdout => opts[:log],
+            :stderr => opts[:log])
+          if daemon.running?
+            raise "The vines agent is running as process #{daemon.pid}"
+          else
+            puts "The vines agent has started"
+            daemon.start
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/agent/command/stop.rb

@@ -0,0 +1,20 @@
+# encoding: UTF-8
+
+module Vines
+  module Agent
+    module Command
+      class Stop
+        def run(opts)
+          raise 'vines-agent [--pid FILE] stop' unless opts[:args].size == 0
+          daemon = Vines::Daemon.new(:pid => opts[:pid])
+          if daemon.running?
+            daemon.stop
+            puts 'The vines agent has been shutdown'
+          else
+            puts 'The vines agent is not running'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/vines/agent/config.rb

@@ -0,0 +1,106 @@
+# encoding: UTF-8
+
+module Vines
+  module Agent
+
+    # A Config object is passed to the xmpp connections to give them access
+    # to configuration information like server host names, passwords, etc.
+    # This class provides the DSL methods used in the conf/config.rb file.
+    class Config
+      LOG_LEVELS = %w[debug info warn error fatal].freeze
+
+      @@instance = nil
+      def self.configure(&block)
+        @@instance = self.new(&block)
+      end
+
+      def self.instance
+        @@instance
+      end
+
+      def initialize(&block)
+        @domain = nil
+        instance_eval(&block)
+        raise "must define a domain" unless @domain
+      end
+
+      def log(level)
+        const = Logger.const_get(level.to_s.upcase) rescue nil
+        unless LOG_LEVELS.include?(level.to_s) && const
+          raise "log level must be one of: #{LOG_LEVELS.join(', ')}"
+        end
+        log = Class.new.extend(Vines::Log).log
+        log.progname = 'vines-agent'
+        log.level = const
+      end
+
+      def domain(name, &block)
+        raise 'multiple domains not allowed' if @domain
+        @domain = Domain.new(name, &block)
+      end
+
+      def start
+        @domain.start
+      end
+
+      class Domain
+        def initialize(name, &block)
+          @name, @password, @upstream = name, nil, []
+          instance_eval(&block) if block
+          validate_domain(@name)
+          raise "password required" unless @password && !@password.strip.empty?
+          raise "duplicate upstream connections not allowed" if @upstream.uniq!
+          unless @download
+            @download = File.expand_path('data')
+            FileUtils.mkdir_p(@download)
+          end
+        end
+
+        def password(password)
+          @password = password
+        end
+
+        def download(dir)
+          @download = File.expand_path(dir)
+          begin
+            FileUtils.mkdir_p(@download)
+          rescue
+            raise "can't create #{@download}"
+          end
+        end
+
+        def upstream(host, port)
+          raise 'host and port required for upstream connections' unless host && port
+          @upstream << {host: host, port: port}
+        end
+
+        def start
+          base = {
+            password: @password,
+            domain:   @name,
+            download: @download
+          }
+          options = @upstream.map do |info|
+            base.clone.tap do |opts|
+              opts[:host] = info[:host]
+              opts[:port] = info[:port]
+            end
+          end
+          # no upstream so use DNS SRV discovery for host and port
+          options << base if options.empty?
+          options.each do |args|
+            Vines::Agent::Connection.new(args).start
+          end
+        end
+
+        private
+
+        # Prevent domains in config files that won't form valid JID's.
+        def validate_domain(name)
+          jid = Blather::JID.new(name)
+          raise "incorrect domain: #{name}" if jid.node || jid.resource
+        end
+      end
+    end
+  end
+end

data/lib/vines/agent/connection.rb

@@ -0,0 +1,274 @@
+# encoding: UTF-8
+
+module Vines
+  module Agent
+
+    # Connects the agent process to the chat server and provides service
+    # discovery and command execution abilities. Users are authorized against
+    # an access control list before being allowed to run commands.
+    class Connection
+      include Vines::Log
+
+      NS = 'http://getvines.com/protocol'.freeze
+      SYSTEMS = 'http://getvines.com/protocol/systems'.freeze
+
+      def initialize(options)
+        domain, password, host, port, download =
+          *options.values_at(:domain, :password, :host, :port, :download)
+
+        @permissions, @services, @sessions, @component = {}, {}, {}, nil
+        @ready = false
+
+        jid = Blather::JID.new(fqdn, domain, 'vines')
+        @stream = Blather::Client.setup(jid, password, host, port)
+
+        @stream.register_handler(:disconnected) do
+          log.info("Stream disconnected, reconnecting . . .")
+          EM::Timer.new(rand(16) + 5) do
+            self.class.new(options).start
+          end
+          true # prevent EM.stop
+        end
+
+        @stream.register_handler(:ready) do
+          # prevent handler called twice
+          unless @ready
+            log.info("Connected #{@stream.jid} agent to #{host}:#{port}")
+            @ready = true
+            startup
+          end
+        end
+
+        @stream.register_handler(:subscription, :request?) do |node|
+          # ignore, rather than refuse, requests from users lacking
+          # permissions, so agents are invisible to them
+          @stream.write(node.approve!) if valid_user?(node.from)
+        end
+
+        @stream.register_handler(:file_transfer) do |iq|
+          transfer_file(iq)
+        end
+
+        @stream.register_handler(:disco_info, :get?) do |node|
+          disco_info(node)
+        end
+
+        @stream.register_handler(:iq, '/iq[@type="set"]/ns:query', :ns => SYSTEMS) do |node|
+          update_permissions(node)
+        end
+
+        @stream.register_handler(:iq, '/iq[@type="get"]/ns:query', :ns => 'jabber:iq:version') do |node|
+          version(node)
+        end
+
+        @stream.register_handler(:message, :chat?, :body) do |msg|
+          process_message(msg)
+        end
+      end
+
+      def start
+        @stream.run
+      end
+
+      private
+
+      # After the bot connects to the chat server, discover the component, send
+      # our ohai system description data, and initialize permissions.
+      def startup
+        cb = proc do |component|
+          if component
+            log.info("Found vines component at #{component}")
+            @component = component
+            send_system_info
+            request_permissions
+          else
+            log.info("Vines component not found, rediscovering . . .")
+            EM::Timer.new(10) { discover_component(&cb) }
+          end
+        end
+        discover_component(&cb)
+      end
+
+      def version(node)
+        return unless from_service?(node) || valid_user?(node.from)
+        iq = Blather::Stanza::Iq::Query.new(:result)
+        iq.id, iq.to = node.id, node.from
+        iq.query.add_child("<name>Vines Agent</name>")
+        iq.query.add_child("<version>#{VERSION}</version>")
+        @stream.write(iq)
+      end
+
+      def disco_info(node)
+        return unless from_service?(node) || valid_user?(node.from)
+        disco = Blather::Stanza::DiscoInfo.new(:result)
+        disco.id = node.id
+        disco.to = node.from
+        disco.identities = {
+          name: 'Vines Agent',
+          type: 'bot',
+          category: 'client'
+        }
+        disco.features = %w[
+          http://jabber.org/protocol/bytestreams
+          http://jabber.org/protocol/disco#info
+          http://jabber.org/protocol/si
+          http://jabber.org/protocol/si/profile/file-transfer
+          http://jabber.org/protocol/xhtml-im
+          jabber:iq:version
+        ]
+        @stream.write(disco)
+      end
+
+      def transfer_file(iq)
+        return unless from_service?(iq) || valid_user?(iq.from)
+        name, size = iq.si.file['name'], iq.si.file['size'].to_i
+        log.info("Receiving file: #{name}")
+        transfer = Blather::FileTransfer.new(@stream, iq)
+        file = absolute_path(download, name) rescue nil
+        if file
+          transfer.accept(Blather::FileTransfer::SimpleFileReceiver, file, size)
+        else
+          transfer.decline
+        end
+      end
+
+      def absolute_path(dir, name)
+        File.expand_path(name, dir).tap do |absolute|
+          raise 'path traversal' unless File.dirname(absolute) == dir
+        end
+      end
+
+      # Collect and send ohai system data for this machine back to the
+      # component.
+      def send_system_info
+        system = Ohai::System.new.tap do |sys|
+          sys.all_plugins
+        end
+        iq = Blather::Stanza::Iq::Query.new(:set).tap do |node|
+          node.to = @component
+          node.query.content = system.to_json
+          node.query.namespace = SYSTEMS
+        end
+        @stream.write(iq)
+      end
+
+      # Return the fully qualified domain name for this machine. This is used
+      # to determine the agent's JID.
+      def fqdn
+        system = Ohai::System.new
+        system.require_plugin('os')
+        system.require_plugin('hostname')
+        system.fqdn.downcase
+      end
+
+      # Use service discovery to find the JID of our Vines component. We ask the
+      # server for its list of components, then ask each component for it's info.
+      # The component broadcasting the http://getvines.com/protocol feature is our
+      # Vines service.
+      def discover_component
+        disco = Blather::Stanza::DiscoItems.new
+        disco.to = @stream.jid.domain
+        @stream.write_with_handler(disco) do |result|
+          items = result.error? ? [] : result.items
+          Fiber.new do
+            # use fiber instead of EM::Iterator until EM 1.0.0 release
+            found = items.find {|item| component?(item.jid) }
+            yield found ? found.jid : nil
+          end.resume
+        end
+      end
+
+      # Return true if this JID is the Vines component with which we need to
+      # communicate. This method suspends the Fiber that calls it in order to
+      # turn the disco#info requests synchronous.
+      def component?(jid)
+        fiber = Fiber.current
+        info = Blather::Stanza::DiscoInfo.new
+        info.to = jid
+        @stream.write_with_handler(info) do |reply|
+          features = reply.error? ? [] : reply.features
+          found = !!features.find {|f| f.var == NS }
+          fiber.resume(found)
+        end
+        Fiber.yield
+      end
+
+      # Download the list of unix user accounts and the JID's that are allowed
+      # to use them. This is used to determine if a change user command like
+      # +v user root+ is allowed.
+      def request_permissions
+        iq = Blather::Stanza::Iq::Query.new(:get).tap do |node|
+          node.to = @component
+          node.query['name'] = @stream.jid.node
+          node.query.namespace = SYSTEMS
+        end
+        @stream.write_with_handler(iq) do |reply|
+          update_permissions(reply) unless reply.error?
+        end
+      end
+
+      def update_permissions(node)
+        return unless node.from == @component
+        obj = JSON.parse(node.content) rescue {}
+        @permissions = obj['permissions'] || {}
+        @services = (obj['services'] || {}).map {|s| s['jid'] }
+        @sessions.values.each {|shell| shell.permissions = @permissions }
+      end
+
+      # Execute the incoming XMPP message as a shell command if the sender is
+      # allowed to execute commands on this agent as the requested user name.
+      def process_message(message)
+        bare, full = message.from.stripped.to_s, message.from.to_s
+        forward_to = nil
+
+        if from_service?(message)
+          jid = message.xpath('/message/ns:jid', 'ns' => NS).first
+          jid = Blather::JID.new(jid.content) rescue nil
+          return unless jid
+          bare, full = jid.stripped.to_s, jid.to_s
+          forward_to = full
+        end
+
+        return unless valid_user?(bare)
+        session = @sessions[full] ||= Shell.new(bare, @permissions)
+        session.run(message.body.strip) do |output|
+          @stream.write(reply(message, output, forward_to))
+        end
+      end
+
+      # Reply to the sender's message with the command's output. The component
+      # uses the thread attribute to pair command messages with their output
+      # replies.
+      def reply(message, body, forward_to)
+        Blather::Stanza::Message.new(message.from, body).tap do |node|
+          node << node.document.create_element('jid', forward_to, xmlns: NS) if forward_to
+          node.thread = message.thread if message.thread
+          node.xhtml = '<span style="font-family:Menlo,Courier,monospace;"></span>'
+          span = node.xhtml_node.elements.first
+          body.each_line do |line|
+            span.add_child(Nokogiri::XML::Text.new(line.chomp, span.document))
+            span.add_child(span.document.create_element('br'))
+          end
+        end
+      end
+
+      # Return true if the JID is allowed to run commands as a unix user
+      # account on the system. Return false if the agent doesn't have a
+      # permissions entry for this JID.
+      def valid_user?(jid)
+        jid = jid.stripped.to_s if jid.respond_to?(:stripped)
+        valid = !!@permissions.find {|unix, jids| jids.include?(jid) }
+        log.warn("Denied access to #{jid}") unless valid
+        valid
+      end
+
+      # Return true if the stanza was sent to the agent by a service JID to
+      # which the agent belongs. The agent will only reply to stanzas sent from
+      # users it trusts or from services of which it's a member. Stanzas
+      # received from untrusted JID's are ignored.
+      def from_service?(node)
+        @services.include?(node.from.stripped.to_s.downcase)
+      end
+    end
+  end
+end