[feature] streamline and move manhole into core

2 files changed, 174 insertions, 1 deletions

diff --git a/src/leap/bitmask/core/manhole.py b/src/leap/bitmask/core/manhole.py
new file mode 100644
index 00000000..1a1b10dc
--- /dev/null
+++ b/src/leap/bitmask/core/manhole.py
@@ -0,0 +1,143 @@
+# -*- coding: utf-8 -*-
+# manhole.py
+# Copyright (C) 2014-2017 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Utilities for enabling the manhole administrative interface into Bitmask Core.
+"""
+
+PORT = 2222
+
+
+def getManholeFactory(namespace, user, secret, keydir=None):
+    """
+    Get an administrative manhole into the application.
+
+    :param namespace: the namespace to show in the manhole
+    :type namespace: dict
+    :param user: the user to authenticate into the administrative shell.
+    :type user: str
+    :param secret: pass for this manhole
+    :type secret: str
+    """
+    import string
+
+    from twisted.cred import portal
+    from twisted.conch import manhole, manhole_ssh
+    from twisted.conch import recvline
+    from twisted.conch.insults import insults
+    from twisted.conch.ssh import keys
+    from twisted.cred.checkers import (
+        InMemoryUsernamePasswordDatabaseDontUse as MemoryDB)
+    from twisted.python import filepath
+
+    try:
+        from IPython.core.completer import Completer
+    except ImportError:
+        from rlcompleter import Completer
+
+    class EnhancedColoredManhole(manhole.ColoredManhole):
+        """
+        A nicer Manhole with some autocomplete support.
+
+        See the patch in https://twistedmatrix.com/trac/ticket/6863
+        Since you're reading this, it'd be good if *you* can help getting that
+        patch into twisted :)
+        """
+
+        completion = True
+
+        def handle_TAB(self):
+            """
+            If tab completion is available and enabled then perform some tab
+            completion.
+            """
+            if not self.completion:
+                recvline.HistoricRecvLine.handle_TAB(self)
+                return
+            # If we only have whitespace characters on this line we pass
+            # through the tab
+            if set(self.lineBuffer).issubset(string.whitespace):
+                recvline.HistoricRecvLine.handle_TAB(self)
+                return
+            cp = Completer(namespace=self.namespace)
+            cp.limit_to__all__ = False
+            lineLeft, lineRight = self.currentLineBuffer()
+
+            # Extract all the matches
+            matches = []
+            n = 0
+            while True:
+                match = cp.complete(lineLeft, n)
+                if match is None:
+                    break
+                n += 1
+                matches.append(match)
+
+            if not matches:
+                return
+
+            if len(matches) == 1:
+                # Found the match so replace the line. This is apparently how
+                # we replace a line
+                self.handle_HOME()
+                self.terminal.eraseToLineEnd()
+
+                self.lineBuffer = []
+                self._deliverBuffer(matches[0] + lineRight)
+            else:
+                # Must have more than one match, display them
+                matches.sort()
+                self.terminal.write("\n")
+                self.terminal.write("   ".join(matches))
+                self.terminal.write("\n\n")
+                self.drawInputLine()
+
+        def keystrokeReceived(self, keyID, modifier):
+            """
+            Act upon any keystroke received.
+            """
+            self.keyHandlers.update({'\b': self.handle_BACKSPACE})
+            m = self.keyHandlers.get(keyID)
+            if m is not None:
+                m()
+            elif keyID in string.printable:
+                self.characterReceived(keyID, False)
+
+    class chainedProtocolFactory:
+        def __init__(self, namespace):
+            self.namespace = namespace
+
+        def __call__(self):
+            return insults.ServerProtocol(
+                EnhancedColoredManhole, self.namespace)
+
+    sshRealm = manhole_ssh.TerminalRealm()
+    sshRealm.chainedProtocolFactory = chainedProtocolFactory(namespace)
+
+    checker = MemoryDB(**{user: secret})
+    sshPortal = portal.Portal(sshRealm, [checker])
+    sshFactory = manhole_ssh.ConchFactory(sshPortal)
+
+    if not keydir:
+        from twisted.python._appdirs import getDataDirectory
+        keydir = getDataDirectory()
+
+    keyLocation = filepath.FilePath(keydir).child('id_rsa')
+    sshKey = keys._getPersistentRSAKey(keyLocation, 4096)
+    sshFactory.publicKeys[b"ssh-rsa"] = sshKey
+    sshFactory.privateKeys[b"ssh-rsa"] = sshKey
+    return sshFactory
diff --git a/src/leap/bitmask/core/service.py b/src/leap/bitmask/core/service.py
index 2972a51c..314c8899 100644
--- a/src/leap/bitmask/core/service.py
+++ b/src/leap/bitmask/core/service.py
@@ -20,18 +20,22 @@ Bitmask-core Service.
 import json
 import os
 import uuid
+import tempfile
 try:
     import resource
 except ImportError:
     pass
 
+from twisted.conch import manhole_tap
 from twisted.internet import reactor
+from twisted.internet.endpoints import TCP4ServerEndpoint
 from twisted.logger import Logger
 
 from leap.bitmask import __version__
 from leap.bitmask.core import configurable
-from leap.bitmask.core import _zmq
+from leap.bitmask.core import manhole
 from leap.bitmask.core import flags
+from leap.bitmask.core import _zmq
 from leap.bitmask.core import _session
 from leap.bitmask.core.web.service import HTTPDispatcherService
 from leap.bitmask.vpn.service import VPNService
@@ -80,6 +84,15 @@ class BitmaskBackend(configurable.ConfigurableService):
         def enabled(service):
             return self.get_config('services', service, False, boolean=True)
 
+        def with_manhole():
+            user = self.get_config('manhole', 'user', None)
+            passwd = self.get_config('manhole', 'passwd', None)
+            port = self.get_config('manhole', 'port', None)
+            if user and passwd:
+                conf = {'user': user, 'passwd': passwd, 'port': port}
+                return conf
+            return None
+
         on_start = reactor.callWhenRunning
 
         on_start(self.init_events)
@@ -102,6 +115,10 @@ class BitmaskBackend(configurable.ConfigurableService):
         if enabled('websockets'):
             on_start(self._init_websockets)
 
+        manholecfg = with_manhole()
+        if manhole:
+            on_start(self._init_manhole, manholecfg)
+
     def _touch_token_file(self):
         path = os.path.join(self.basedir, 'authtoken')
         with open(path, 'w') as f:
@@ -209,6 +226,19 @@ class BitmaskBackend(configurable.ConfigurableService):
             service.setServiceParent(self)
         return service
 
+    def _init_manhole(self, cfg):
+        try:
+            port = int(cfg.get('port'))
+        except ValueError:
+            port = manhole.PORT
+        user, passwd = cfg['user'], cfg['passwd']
+        sshFactory = manhole.getManholeFactory(
+            {'core': self}, user, passwd)
+        endpoint = TCP4ServerEndpoint(reactor, port)
+        endpoint.listen(sshFactory)
+
+        log.info('Started manhole in PORT {0!s}'.format(port))
+
     def do_stats(self):
         return self.core_commands.do_stats()