# -*- coding: utf-8 -*- from __future__ import print_function import willie from datetime import datetime, timedelta import difflib from email.utils import mktime_tz from fnmatch import fnmatch import git import netaddr import json import urllib2 import re import os import random import shelve import subprocess import sys import time import dns.resolver, dns.reversename import SocketServer import threading # ensure our directory is on path (in order to load batcave module) __my_dir = os.path.dirname(__file__) if __my_dir not in sys.path: sys.path.append(__my_dir) from batcave import BatcaveClient msgserver = None peers_repo = None nodeaccess = None __batcave = None ffpb_resolver = dns.resolver.Resolver() ffpb_resolver.nameservers = ['10.132.254.53'] class MsgHandler(SocketServer.BaseRequestHandler): """Reads line from TCP stream and forwards it to configured IRC channels.""" def handle(self): data = self.request.recv(2048).strip() sender = self.resolve_name(self.client_address[0]) bot = self.server.bot if bot is None: print("ERROR: No bot in handle() :-(") return target = bot.config.core.owner if bot.config.has_section('ffpb'): is_public = data.lstrip().lower().startswith("public:") if is_public and not bot.config.ffpb.msg_target_public is None: data = data[7:].lstrip() target = bot.config.ffpb.msg_target_public elif not bot.config.ffpb.msg_target is None: target = bot.config.ffpb.msg_target bot.msg(target, "[{0}] {1}".format(sender, str(data))) def resolve_name(self, ipaddr): """ Resolves the host name of the given IP address and strips away the suffix (.infra)?.ffpb """ if ipaddr.startswith("127."): return "localhost" try: addr = dns.reversename.from_address(ipaddr) return re.sub("(.infra)?.ffpb.", "", str(ffpb_resolver.query(addr, "PTR")[0])) except dns.resolver.NXDOMAIN: return ipaddr class ThreadingTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer): """Defines a threaded TCP socket server.""" bot = None def setup(bot): """Called by willie upon loading this plugin.""" global __batcave, msgserver, peers_repo, nodeaccess # signal begin of setup routine bot.memory['ffpb_in_setup'] = True # load list of seen nodes from disk seen_nodes = shelve.open('nodes.seen', writeback=True) bot.memory['seen_nodes'] = seen_nodes # load list of node ACL from disk (used in playitsafe()) nodeaccess = shelve.open('nodes.acl', writeback=True) # no need to configure anything else if the ffpb config section is missing if not bot.config.has_section('ffpb'): bot.memory['ffpb_in_setup'] = False return # open the git repository containing the peers files if not bot.config.ffpb.peers_directory is None: peers_repo = git.Repo(bot.config.ffpb.peers_directory) assert peers_repo.bare is False # if configured, start the messaging server if int(bot.config.ffpb.msg_enable) == 1: host = "localhost" port = 2342 if not bot.config.ffpb.msg_host is None: host = bot.config.ffpb.msg_host if not bot.config.ffpb.msg_port is None: port = int(bot.config.ffpb.msg_port) msgserver = ThreadingTCPServer((host, port), MsgHandler) msgserver.bot = bot ipaddr, port = msgserver.server_address print("Messaging server listening on {}:{}".format(ipaddr, port)) msgserver_thread = threading.Thread(target=msgserver.serve_forever) msgserver_thread.daemon = True msgserver_thread.start() # initialize BATCAVE __batcave = BatcaveClient(bot.config.ffpb.batcave_url) # signal end of setup routine bot.memory['ffpb_in_setup'] = False def shutdown(bot): global msgserver, nodeaccess # store node acl if not nodeaccess is None: nodeaccess.sync() nodeaccess.close() nodeaccess = None # store seen nodes if 'seen_nodes' in bot.memory and bot.memory['seen_nodes'] != None: bot.memory['seen_nodes'].close() bot.memory['seen_nodes'] = None del bot.memory['seen_nodes'] # shutdown messaging server if not msgserver is None: msgserver.shutdown() print("Closed messaging server.") msgserver = None @willie.module.commands("help") @willie.module.commands("hilfe") @willie.module.commands("man") def ffpb_help(bot, trigger): """Display commony ulsed functions.""" functions = { "!ping ": "Prüfe ob der Knoten erreichbar ist.", "!status": "Aktuellen Status des Netzwerks (insb. Anzahl Knoten und Clients) ausgegeben.", "!highscore": "Höchstwerte von Anzahl Knoten und Clients", "!info ": "Allgemeine Information zu dem Knoten anzeigen.", "!link ": "MAC-Adresse und Link zur Status-Seite des Knotens anzeigen.", "!mesh ": "Zeige Mesh-Partner eines Knotens", "!lastseen ": "Zeitpunkt an dem der Knoten zuletzt gesehen wurde", } param = trigger.group(2) if param is None: bot.say("Funktionen: " + str.join(", ", sorted(functions.keys()))) return if param.startswith("!"): param = param[1:] for fun in functions.keys(): if fun.startswith("!" + param + " "): bot.say("Hilfe zu '" + fun + "': " + functions[fun]) return bot.say("Allgemeine Hilfe gibt's mit !help - ohne Parameter.") def playitsafe(bot, trigger, botadmin=False, admin_channel=False, via_channel=False, via_privmsg=False, need_op=False, node=None, reply_directly=True, debug_user=None, debug_ignorebotadmin=False): """ helper: checks that the triggering user has the necessary rights Returns true if everything is okay. If it's not, a reply is send via the bot and false is returned. """ if via_channel and via_privmsg: raise Exception('Der Entwickler ist ein dummer, dummer Junge. ' + '(playitsafe: via_channel && via_privmsg).') user = trigger.nick if debug_user is None else debug_user user = user.lower() # botadmin: you need to be configured as a bot admin if botadmin and not trigger.admin: if reply_directly: bot.say('Du brauchst Super-Kuh-Kräfte um dieses Kommando auszuführen.') return False # via_channel: the request must not be a private conversation if via_channel and trigger.is_privmsg: if reply_directly: bot.say('Bitte per Channel - mehr Transparenz wagen und so!') return False # via_privmsg: the request must be a private conversation if via_privmsg and not trigger.is_privmsg: if reply_directly: bot.say('Solche Informationen gibt es nur per PM, ' + 'da bin ich ja schon ein klein wenig sensibel ...') return False # need_op: if the message is in a channel, check that the user has OP there if need_op and (not trigger.is_privmsg) and \ (not user in bot.ops[trigger.sender]): if reply_directly: bot.say('Keine Zimtschnecke, keine Kekse.') return False # node: check that the user is whitelisted (or is admin) if not node is None and (debug_ignorebotadmin or not trigger.admin): acluser = [x for x in nodeaccess if x.lower() == user] acluser = acluser[0] if len(acluser) == 1 else None if nodeaccess is None or acluser is None: if reply_directly: bot.reply('You! Shall! Not! Access!') return False nodeid = node['node_id'] if 'node_id' in node else None matched = False for x in nodeaccess[acluser]: if x == nodeid or fnmatch(node['hostname'], x): matched = True break if not matched: if reply_directly: bot.reply('Mach das doch bitte auf deinen Knoten, kthxbye.') return False return True @willie.module.commands('nodeacl') def ffpb_nodeacl(bot, trigger): """Configure ACL for nodes.""" if not playitsafe(bot, trigger, botadmin=True): # the check function already gives a bot reply, just exit here return # ensure the user gave arguments if trigger.group(2) is None or len(trigger.group(2)) == 0: bot.say('Sag doch was du willst ... einmal mit Profis arbeiten, ey -.-') return # read additional arguments cmd = trigger.group(3).lower() if cmd == 'list': user = trigger.group(4) if user is None: usernames = [x for x in nodeaccess] bot.say('ACLs gesetzt für die User: ' + ', '.join(usernames)) return user = user.lower() uid = [x for x in nodeaccess if x.lower() == user] if len(uid) == 0: bot.say('Für \'{0}\' ist keine Node ACL gesetzt.'.format(user)) return bot.say('Node ACL für \'{0}\' = \'{1}\''.format( uid[0], '\', \''.join(nodeaccess[uid[0]])) ) return if cmd in ['add', 'del', 'check']: user = trigger.group(4) value = trigger.group(5) if user is None or value is None: bot.say('Du bist eine Pappnase - User und Knoten, bitte.') return user = str(user) print('NodeACL ' + cmd + ' \'' + value + '\' for user \'' + user + '\'') uid = [x for x in nodeaccess if x == user or x.lower() == user] if cmd == 'add': uid = uid[0] if len(uid) > 0 else user if not uid in nodeaccess: nodeaccess[uid] = [] if not value in nodeaccess[uid]: nodeaccess[uid].append(value) bot.say("201 nodeACL '{0}' +'{1}'".format(uid, value)) else: bot.say("304 nodeACL '{0}' contains '{1}'".format(uid, value)) elif cmd == 'del': if len(uid) == 0: bot.say("404 nodeACL '{0}'".format(uid)) return if value in nodeaccess[uid]: nodeaccess[uid].remove(value) bot.say("200 nodeACL '{0}' -'{1}'".format(uid, value)) else: bot.say("404 nodeACL '{0}' has no '{1}'".format(uid, value)) elif cmd == 'check': if len(uid) == 0: bot.say('Nope, keine ACL gesetzt.') return node = ffpb_findnode(value) if node is None: bot.say('Nope, kein Plan was für ein Knoten das ist.') return result = playitsafe(bot, trigger, debug_user=uid[0], debug_ignorebotadmin=True, node=node, reply_directly=False) if result is True: bot.say('Jupp.') elif result is False: bot.say('Nope.') else: bot.say('Huh? result=' + str(result)) return bot.say('Unbekanntes Kommando. Probier ' + '"list [user]", "add user value" oder "del user value". ' + 'Value kann node_id oder hostname-Maske sein.') def ffpb_ensurenodeid(nodedata): """Makes sure that the given dict has a 'node_id' field.""" if 'node_id' in nodedata: return nodedata # derive node's id nodeid = None if 'network' in nodedata and 'mac' in nodedata['network']: nodeid = nodedata['network']['mac'].replace(':', '') # assemble extended data result = {'node_id': nodeid} for key in nodedata: result[key] = nodedata[key] return result def ffpb_findnode(name, allow_fuzzymatching=True): """helper: try to identify the node the user meant by the given name""" # no name, no node if name is None or len(name) == 0: return None name = str(name).strip() # disable fuzzy matching if name is enclosed in quotes if name.startswith('\'') and name.endswith('\'') or \ name.startswith('"') and name.endswith('"'): name = name[1:-1] allow_fuzzymatching = False # try to match MAC m = re.search("^([0-9a-fA-F][0-9a-fA-F]:){5}[0-9a-fA-F][0-9a-fA-F]$", name) if not m is None: mac = m.group(0).lower() node = __batcave.find_node_by_mac(mac) if node is not None: return node else: nodeid = mac.replace(':', '').lower() return { 'nodeid': nodeid, 'hostname': '?-' + nodeid, 'network': { 'addresses': [mac2ipv6(mac, 'fdca:ffee:ff12:132:')], 'mac': mac, }, 'hardware': { 'model': 'derived-from-mac', }, } # try to find by NAME node = __batcave.find_node_by_name(name, fuzzymatch=allow_fuzzymatching) if node is not None: return node # not found in ALFRED data -> try peers_repo if not peers_repo is None: peer_name = None peer_mac = None peer_file = None for b in peers_repo.heads.master.commit.tree.blobs: if b.name.lower() == name.lower(): peer_name = b.name peer_file = b.abspath break if (not peer_file is None) and os.path.exists(peer_file): peerfile = open(peer_file, "r") for line in peerfile: if line.startswith("# MAC:"): peer_mac = line[6:].strip() peerfile.close() if not peer_mac is None: return { 'node_id': peer_mac.replace(':', ''), 'hostname': peer_name, 'network': { 'addresses': [mac2ipv6(peer_mac, 'fdca:ffee:ff12:132:'), ], 'mac': peer_mac, }, 'hardware': { 'model': 'derived-from-vpnkeys', }, } # none of the above was able to identify the requested node return None def ffpb_findnode_from_botparam(bot, name, ensure_recent_alfreddata=True): """helper: call ffpb_findnode() and give common answers via bot on error""" if name is None or len(name) == 0: if not bot is None: bot.reply("Grün.") return None node = ffpb_findnode(name) if node is None: if not bot is None: bot.say("Kein Plan wer oder was mit '" + name + "' gemeint ist :(") return node def mac2ipv6(mac, prefix=None): """Calculate IPv6 address from given MAC, optionally replacing the fe80:: prefix with a given one.""" result = str(netaddr.EUI(mac).ipv6_link_local()) if (not prefix is None) and (result.startswith("fe80::")): result = prefix + result[6:] return result def ffpb_notify_newly_seen_nodes(bot, new): if not isinstance(bot, dict): return if len(new) == 0 or bot.memory['ffpb_in_setup']: return action_msg = None if len(new) == 1: action_msg = random.choice(( 'bemerkt den neuen Knoten {0}', 'entdeckt {0}', 'reibt sich die Augen und erblickt einen verpackungsfrischen Knoten {0}', u'heißt {0} im Mesh willkommen', 'freut sich, dass {0} aufgetaucht ist', 'traut seinen Augen kaum. {0} sagt zum ersten Mal: Hallo Freifunk Paderborn', u'sieht die ersten Herzschläge von {0}', u'stellt einen großen Pott Heißgetränk zu {0} und fragt ob es hier Meshpartner gibt.', )).format('\'' + str(new[0][1]) + '\'') # try to fetch location from BATCAVE in order to add a geomap URL location = __batcave.get_nodefield(str.replace(new[0][0], ':', ''), 'location') if not location is None: action_msg += ' http://map.paderborn.freifunk.net/geomap.html?lat=' + location['latitude'] + '&lon=' + location['longitude'] else: action_msg = random.choice(( 'bemerkt die neuen Knoten {0} und {1}', 'hat {0} und {1} entdeckt', 'bewundert {0} sowie {1}', 'freut sich, dass {0} und {1} nun auch online sind', u'heißt {0} und {1} im Mesh willkommen', 'fragt sich ob die noch jungen Herzen von {0} und {1} synchron schlagen', )) all_but_last = [str(x[1]) for x in new[0:-1]] last = str(new[-1][1]) action_msg = action_msg.format( '\'' + '\', \''.join(all_but_last) + '\'', '\'' + last + '\'' ) action_target = bot.config.ffpb.msg_target if not bot.config.ffpb.msg_target_public is None: action_target = bot.config.ffpb.msg_target_public bot.msg(action_target, '\x01ACTION %s\x01' % action_msg) @willie.module.interval(60) def ffpb_updatepeers(bot): """Refresh list of peers and message the diff.""" if peers_repo is None: print('WARNING: peers_repo is None') return old_head = peers_repo.head.commit peers_repo.remotes.origin.pull() new_head = peers_repo.head.commit if new_head != old_head: print('git pull: from ' + str(old_head) + ' to ' + str(new_head)) added = [] changed = [] renamed = [] deleted = [] for f in old_head.diff(new_head): if f.new_file: added.append(f.b_blob.name) elif f.deleted_file: deleted.append(f.a_blob.name) elif f.renamed: renamed.append([f.rename_from, f.rename_to]) else: changed.append(f.a_blob.name) response = "Knoten-Update (VPN +{0} %{1} -{2}): ".format( len(added), len(renamed)+len(changed), len(deleted)) for f in added: response += " +'{}'".format(f) for f in changed: response += " %'{}'".format(f) for f in renamed: response += " '{}'->'{}'".format(f[0], f[1]) for f in deleted: response += " -'{}'".format(f) bot.msg(bot.config.ffpb.msg_target, response) def ffpb_fetch_stats(bot, url, memoryid): """Fetch a ffmap-style nodes.json from the given URL and store it in the bot's memory.""" response = urllib2.urlopen(url) data = json.load(response) nodes_active = 0 nodes_total = 0 clients_count = 0 for node in data['nodes']: if node['flags']['gateway'] or node['flags']['client']: continue nodes_total += 1 if node['flags']['online']: nodes_active += 1 if 'legacy' in node['flags'] and node['flags']['legacy']: clients_count -= 1 for link in data['links']: if link['type'] == 'client': clients_count += 1 if not memoryid in bot.memory: bot.memory[memoryid] = {} stats = bot.memory[memoryid] stats["fetchtime"] = time.time() stats["nodes_active"] = nodes_active stats["nodes_total"] = nodes_total stats["clients"] = clients_count return (nodes_active, nodes_total, clients_count) def pretty_date(timestamp=False): """ Get a datetime object or a int() Epoch timestamp and return a pretty string like 'an hour ago', 'Yesterday', '3 months ago', 'just now', etc """ now = datetime.now() compare = None if type(timestamp) is int: compare = datetime.fromtimestamp(timestamp) elif type(timestamp) is float: compare = datetime.fromtimestamp(int(timestamp)) elif isinstance(timestamp, datetime): compare = timestamp elif not timestamp: compare = now diff = now - compare second_diff = diff.seconds day_diff = diff.days if day_diff < 0: return '' if day_diff == 0: if second_diff < 10: return "gerade eben" if second_diff < 60: return "vor " + str(second_diff) + " Sekunden" if second_diff < 120: return "vor einer Minute" if second_diff < 3600: return "vor " + str(second_diff / 60) + " Minuten" if second_diff < 7200: return "vor einer Stunde" if second_diff < 86400: return "vor " + str(second_diff / 3600) + " Stunden" if day_diff == 1: return "gestern" if day_diff < 7: return "vor " + str(day_diff) + " Tagen" return "am " + compare.strftime('%d.%m.%Y um %H:%M Uhr') @willie.module.commands('ping') def ffpb_ping(bot, trigger=None, target_name=None, reply_directly=True): """Ping the given node""" # identify node or bail out if target_name is None: target_name = trigger.group(2) node = ffpb_findnode_from_botparam(bot, target_name, ensure_recent_alfreddata=False) if node is None: return None # get the first non-linklocal address from the node target = [x for x in node["network"]["addresses"] if not x.lower().startswith("fe80:")][0] target_alias = node["hostname"] # execute the actual ping and reply the result print("pinging '{0}' at {1} ...".format(target_name, target)) result = os.system('ping6 -c 2 -W 1 ' + target + ' >/dev/null') if result == 0: print("ping to '{0}' succeeded".format(target_name)) if reply_directly: bot.say('Knoten "' + target_alias + '" antwortet \\o/') return True elif result == 1 or result == 256: print("ping to '{0}' failed".format(target_name)) if reply_directly: bot.say('Keine Antwort von "' + target_alias + '" :-(') return False else: print("ping to '{0}' broken: result='{1}'".format(target_name, result)) if reply_directly: bot.say('Uh oh, irgendwas ist kaputt. Chef, ping result = ' + str(result) + ' - darf ich das essen?') return None @willie.module.commands('mesh') def ffpb_nodemesh(bot, trigger): """Display mesh partners of the given node.""" # identify node or bail out target_name = trigger.group(2) node = ffpb_findnode_from_botparam(bot, target_name, ensure_recent_alfreddata=False) if node is None: return None # derive node's id nodeid = node['node_id'] if 'node_id' in node else None if nodeid is None: msg = 'Mist, ich habe gerade den Zettel verlegt auf dem die Node-ID' + \ ' von \'{0}\' steht, bitte frag später noch einmal.' bot.say(msg.format(node.get('hostname', target_name))) return # query BATCAVE for node's neighbours (result is a list of MAC addresses) cave_result = node['neighbours'] if cave_result is None: msg = 'Hm, scheinbar liegen zu \'{0}\' keine Daten vor. ' + \ 'Klingt komisch, ist aber so.' bot.say(msg.format(node.get('hostname', target_name))) return # query BATCAVE for neighbour's names data = '&'.join([str(n) for n in cave_result]) req = urllib2.urlopen(bot.config.ffpb.batcave_url + '/idmac2name', data) # filter out duplicate names neighbours = set() gateways = set() for line in req: ident, name = line.strip().split('=') if ident == name and ident.startswith('c0:ff:ee:ba:be:'): gateways.add('Gateway ' + ident[len('c0:ff:ee:ba:be:'):]) else: neighbours.add(name) neighbours = [x for x in neighbours] gateways = sorted([x for x in gateways]) # respond to the user reply = node['hostname'] if len(neighbours) == 0: reply += ' hat keinen Mesh-Partner' elif len(neighbours) == 1: reply += u' mesht mit \'{0}\''.format(neighbours[0]) else: all_except_last = '\', \''.join(neighbours[:-1]) last = neighbours[-1] reply += ' mesht mit \'{0}\' und \'{1}\''.format(all_except_last, last) if len(gateways) > 0: if len(neighbours) == 0: reply += ', aber hat eine Verbindung zu ' else: reply += ' und hat zudem eine Verbindung zu ' if len(gateways) == 1: reply += gateways[0] else: all_except_last = '\', \''.join(gateways[:-1]) last = gateways[-1] reply += '{0} und {1}'.format(all_except_last, last) bot.say(reply) @willie.module.commands('exec-on-peer') def ffpb_remoteexec(bot, trigger): """Remote execution on the given node""" bot_params = trigger.group(2).split(' ', 1) if trigger.group(2) is not None else [] if len(bot_params) != 2: bot.say('Wenn du nicht sagst wo mach ich remote execution bei dir!') bot.say('Tipp: !exec-on-peer ') return target_name = bot_params[0] target_cmd = bot_params[1] # identify requested node or bail out node = ffpb_findnode_from_botparam(bot, target_name, ensure_recent_alfreddata=False) if node is None: return # check ACL if not playitsafe(bot, trigger, via_channel=True, node=node): return # use the node's first non-linklocal address naddrs = node["network"]["addresses"] target = [x for x in naddrs if not x.lower().startswith("fe80:")][0] target_alias = node["hostname"] # assemble SSH command cmd = [ 'ssh', '-6n', '-l', 'root', '-o', 'BatchMode=yes', '-o', 'StrictHostKeyChecking=no', target, target_cmd, ] print("REMOTE EXEC = " + str(cmd)) try: # call SSH result = subprocess.check_output( cmd, stderr=subprocess.STDOUT, shell=False, ) # fetch results and sent at most 8 of them as response lines = str(result).splitlines() if len(lines) == 0: bot.say('exec-on-peer(' + target_alias + '): No output') return msg = 'exec-on-peer({0}): {1} Zeilen'.format(target_alias, len(lines)) if len(lines) > 8: msg += ' (zeige max. 8)' bot.say(msg + ':') for line in lines[0:8]: bot.say(line) except subprocess.CalledProcessError as err: bot.say('Fehler {0} bei exec-on-peer({1}): {2}'.format( err.returncode, target_alias, err.output ))