[feature] streamline and move manhole into core

4 files changed, 174 insertions, 145 deletions

diff --git a/src/leap/bitmask/core/manhole.py b/src/leap/bitmask/core/manhole.py
new file mode 100644
index 00000000..1a1b10dc
--- /dev/null
+++ b/src/leap/bitmask/core/manhole.py
@@ -0,0 +1,143 @@
+# -*- coding: utf-8 -*-
+# manhole.py
+# Copyright (C) 2014-2017 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Utilities for enabling the manhole administrative interface into Bitmask Core.
+"""
+
+PORT = 2222
+
+
+def getManholeFactory(namespace, user, secret, keydir=None):
+    """
+    Get an administrative manhole into the application.
+
+    :param namespace: the namespace to show in the manhole
+    :type namespace: dict
+    :param user: the user to authenticate into the administrative shell.
+    :type user: str
+    :param secret: pass for this manhole
+    :type secret: str
+    """
+    import string
+
+    from twisted.cred import portal
+    from twisted.conch import manhole, manhole_ssh
+    from twisted.conch import recvline
+    from twisted.conch.insults import insults
+    from twisted.conch.ssh import keys
+    from twisted.cred.checkers import (
+        InMemoryUsernamePasswordDatabaseDontUse as MemoryDB)
+    from twisted.python import filepath
+
+    try:
+        from IPython.core.completer import Completer
+    except ImportError:
+        from rlcompleter import Completer
+
+    class EnhancedColoredManhole(manhole.ColoredManhole):
+        """
+        A nicer Manhole with some autocomplete support.
+
+        See the patch in https://twistedmatrix.com/trac/ticket/6863
+        Since you're reading this, it'd be good if *you* can help getting that
+        patch into twisted :)
+        """
+
+        completion = True
+
+        def handle_TAB(self):
+            """
+            If tab completion is available and enabled then perform some tab
+            completion.
+            """
+            if not self.completion:
+                recvline.HistoricRecvLine.handle_TAB(self)
+                return
+            # If we only have whitespace characters on this line we pass
+            # through the tab
+            if set(self.lineBuffer).issubset(string.whitespace):
+                recvline.HistoricRecvLine.handle_TAB(self)
+                return
+            cp = Completer(namespace=self.namespace)
+            cp.limit_to__all__ = False
+            lineLeft, lineRight = self.currentLineBuffer()
+
+            # Extract all the matches
+            matches = []
+            n = 0
+            while True:
+                match = cp.complete(lineLeft, n)
+                if match is None:
+                    break
+                n += 1
+                matches.append(match)
+
+            if not matches:
+                return
+
+            if len(matches) == 1:
+                # Found the match so replace the line. This is apparently how
+                # we replace a line
+                self.handle_HOME()
+                self.terminal.eraseToLineEnd()
+
+                self.lineBuffer = []
+                self._deliverBuffer(matches[0] + lineRight)
+            else:
+                # Must have more than one match, display them
+                matches.sort()
+                self.terminal.write("\n")
+                self.terminal.write("   ".join(matches))
+                self.terminal.write("\n\n")
+                self.drawInputLine()
+
+        def keystrokeReceived(self, keyID, modifier):
+            """
+            Act upon any keystroke received.
+            """
+            self.keyHandlers.update({'\b': self.handle_BACKSPACE})
+            m = self.keyHandlers.get(keyID)
+            if m is not None:
+                m()
+            elif keyID in string.printable:
+                self.characterReceived(keyID, False)
+
+    class chainedProtocolFactory:
+        def __init__(self, namespace):
+            self.namespace = namespace
+
+        def __call__(self):
+            return insults.ServerProtocol(
+                EnhancedColoredManhole, self.namespace)
+
+    sshRealm = manhole_ssh.TerminalRealm()
+    sshRealm.chainedProtocolFactory = chainedProtocolFactory(namespace)
+
+    checker = MemoryDB(**{user: secret})
+    sshPortal = portal.Portal(sshRealm, [checker])
+    sshFactory = manhole_ssh.ConchFactory(sshPortal)
+
+    if not keydir:
+        from twisted.python._appdirs import getDataDirectory
+        keydir = getDataDirectory()
+
+    keyLocation = filepath.FilePath(keydir).child('id_rsa')
+    sshKey = keys._getPersistentRSAKey(keyLocation, 4096)
+    sshFactory.publicKeys[b"ssh-rsa"] = sshKey
+    sshFactory.privateKeys[b"ssh-rsa"] = sshKey
+    return sshFactory
diff --git a/src/leap/bitmask/core/service.py b/src/leap/bitmask/core/service.py
index 2972a51c..314c8899 100644
--- a/src/leap/bitmask/core/service.py
+++ b/src/leap/bitmask/core/service.py
@@ -20,18 +20,22 @@ Bitmask-core Service.
 import json
 import os
 import uuid
+import tempfile
 try:
     import resource
 except ImportError:
     pass
 
+from twisted.conch import manhole_tap
 from twisted.internet import reactor
+from twisted.internet.endpoints import TCP4ServerEndpoint
 from twisted.logger import Logger
 
 from leap.bitmask import __version__
 from leap.bitmask.core import configurable
-from leap.bitmask.core import _zmq
+from leap.bitmask.core import manhole
 from leap.bitmask.core import flags
+from leap.bitmask.core import _zmq
 from leap.bitmask.core import _session
 from leap.bitmask.core.web.service import HTTPDispatcherService
 from leap.bitmask.vpn.service import VPNService
@@ -80,6 +84,15 @@ class BitmaskBackend(configurable.ConfigurableService):
         def enabled(service):
             return self.get_config('services', service, False, boolean=True)
 
+        def with_manhole():
+            user = self.get_config('manhole', 'user', None)
+            passwd = self.get_config('manhole', 'passwd', None)
+            port = self.get_config('manhole', 'port', None)
+            if user and passwd:
+                conf = {'user': user, 'passwd': passwd, 'port': port}
+                return conf
+            return None
+
         on_start = reactor.callWhenRunning
 
         on_start(self.init_events)
@@ -102,6 +115,10 @@ class BitmaskBackend(configurable.ConfigurableService):
         if enabled('websockets'):
             on_start(self._init_websockets)
 
+        manholecfg = with_manhole()
+        if manhole:
+            on_start(self._init_manhole, manholecfg)
+
     def _touch_token_file(self):
         path = os.path.join(self.basedir, 'authtoken')
         with open(path, 'w') as f:
@@ -209,6 +226,19 @@ class BitmaskBackend(configurable.ConfigurableService):
             service.setServiceParent(self)
         return service
 
+    def _init_manhole(self, cfg):
+        try:
+            port = int(cfg.get('port'))
+        except ValueError:
+            port = manhole.PORT
+        user, passwd = cfg['user'], cfg['passwd']
+        sshFactory = manhole.getManholeFactory(
+            {'core': self}, user, passwd)
+        endpoint = TCP4ServerEndpoint(reactor, port)
+        endpoint.listen(sshFactory)
+
+        log.info('Started manhole in PORT {0!s}'.format(port))
+
     def do_stats(self):
         return self.core_commands.do_stats()
 
diff --git a/src/leap/bitmask/mail/imap/service/__init__.py b/src/leap/bitmask/mail/imap/service/__init__.py
index b3673c2e..712a2d64 100644
--- a/src/leap/bitmask/mail/imap/service/__init__.py
+++ b/src/leap/bitmask/mail/imap/service/__init__.py
@@ -39,12 +39,8 @@ from leap.bitmask.mail.imap.server import LEAPIMAPServer
 
 log = Logger()
 
-DO_MANHOLE = os.environ.get("LEAP_MAIL_MANHOLE", None)
-if DO_MANHOLE:
-    from leap.bitmask.mail.imap.service import manhole
 
 # The default port in which imap service will run
-
 IMAP_PORT = 1984
 
 #
@@ -180,16 +176,6 @@ def run_service(soledad_sessions, port=IMAP_PORT, factory=None):
         log.error("Error launching IMAP service: %r" % (exc,))
     else:
         # all good.
-
-        if DO_MANHOLE:
-            # TODO get pass from env var.too.
-            manhole_factory = manhole.getManholeFactory(
-                {'f': factory,
-                 'gm': factory.theAccount.getMailbox},
-                "boss", "leap")
-            # TODO  use Endpoints !!!
-            reactor.listenTCP(manhole.MANHOLE_PORT, manhole_factory,
-                              interface="127.0.0.1")
         log.debug('IMAP4 Server is RUNNING in port  %s' % (port,))
         emit_async(catalog.IMAP_SERVICE_STARTED, str(port))
 
diff --git a/src/leap/bitmask/mail/imap/service/manhole.py b/src/leap/bitmask/mail/imap/service/manhole.py
deleted file mode 100644
index c83ae899..00000000
--- a/src/leap/bitmask/mail/imap/service/manhole.py
+++ /dev/null
@@ -1,130 +0,0 @@
-# -*- coding: utf-8 -*-
-# manhole.py
-# Copyright (C) 2014 LEAP
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-"""
-Utilities for enabling the manhole administrative interface into the
-LEAP Mail application.
-"""
-MANHOLE_PORT = 2222
-
-
-def getManholeFactory(namespace, user, secret):
-    """
-    Get an administrative manhole into the application.
-
-    :param namespace: the namespace to show in the manhole
-    :type namespace: dict
-    :param user: the user to authenticate into the administrative shell.
-    :type user: str
-    :param secret: pass for this manhole
-    :type secret: str
-    """
-    import string
-
-    from twisted.cred.portal import Portal
-    from twisted.conch import manhole, manhole_ssh
-    from twisted.conch.insults import insults
-    from twisted.cred.checkers import (
-        InMemoryUsernamePasswordDatabaseDontUse as MemoryDB)
-
-    from rlcompleter import Completer
-
-    class EnhancedColoredManhole(manhole.ColoredManhole):
-        """
-        A Manhole with some primitive autocomplete support.
-        """
-        # TODO use introspection to make life easier
-
-        def find_common(self, l):
-            """
-            find common parts in thelist items
-            ex: 'ab' for ['abcd','abce','abf']
-            requires an ordered list
-            """
-            if len(l) == 1:
-                return l[0]
-
-            init = l[0]
-            for item in l[1:]:
-                for i, (x, y) in enumerate(zip(init, item)):
-                    if x != y:
-                        init = "".join(init[:i])
-                        break
-
-                if not init:
-                    return None
-            return init
-
-        def handle_TAB(self):
-            """
-            Trap the TAB keystroke.
-            """
-            necessarypart = "".join(self.lineBuffer).split(' ')[-1]
-            completer = Completer(globals())
-            if completer.complete(necessarypart, 0):
-                matches = list(set(completer.matches))  # has multiples
-
-                if len(matches) == 1:
-                    length = len(necessarypart)
-                    self.lineBuffer = self.lineBuffer[:-length]
-                    self.lineBuffer.extend(matches[0])
-                    self.lineBufferIndex = len(self.lineBuffer)
-                else:
-                    matches.sort()
-                    commons = self.find_common(matches)
-                    if commons:
-                        length = len(necessarypart)
-                        self.lineBuffer = self.lineBuffer[:-length]
-                        self.lineBuffer.extend(commons)
-                        self.lineBufferIndex = len(self.lineBuffer)
-
-                    self.terminal.nextLine()
-                    while matches:
-                        matches, part = matches[4:], matches[:4]
-                        for item in part:
-                            self.terminal.write('%s' % item.ljust(30))
-                            self.terminal.write('\n')
-                            self.terminal.nextLine()
-
-                self.terminal.eraseLine()
-                self.terminal.cursorBackward(self.lineBufferIndex + 5)
-                self.terminal.write("%s %s" % (
-                    self.ps[self.pn], "".join(self.lineBuffer)))
-
-        def keystrokeReceived(self, keyID, modifier):
-            """
-            Act upon any keystroke received.
-            """
-            self.keyHandlers.update({'\b': self.handle_BACKSPACE})
-            m = self.keyHandlers.get(keyID)
-            if m is not None:
-                m()
-            elif keyID in string.printable:
-                self.characterReceived(keyID, False)
-
-    sshRealm = manhole_ssh.TerminalRealm()
-
-    def chainedProtocolFactory():
-        return insults.ServerProtocol(EnhancedColoredManhole, namespace)
-
-    sshRealm = manhole_ssh.TerminalRealm()
-    sshRealm.chainedProtocolFactory = chainedProtocolFactory
-
-    portal = Portal(
-        sshRealm, [MemoryDB(**{user: secret})])
-
-    f = manhole_ssh.ConchFactory(portal)
-    return f