It takes guts to make mistakes

This is an article that I had posted in my livejournal on 6th-May-2006 06:58 pm. I’m trying to migrate the most valuable stuff to wordpress.

Last time we saw how to execute those special system tools(ssh, ftp, su, …) by providing the password through PTYs. But, the problem is that its not easy or ideal at all to write a C program to do such system maintenance or automation tasks. Also, if we need to process the output of the running child program and respond it with dynamic inputs, the task becomes very complicated. Then, the obvious guess would be… right, a script. Today, we’re going to see how ‘Expect’ can be used to do our task with ease.

Expect can be thought of as a tool which can run other programs in a PTY with the knowledge of what to expect from the child program. ie, Expect can be told how to behave towards the child program for its various outputs. And its being done through a script similar to Tcl. Unfortunately, I don’t know Tcl at all, but certainly know how to use expect for my needs. So here’s the code that does what we required when we wrote the last C program – ptymagic.c:

#!/usr/bin/expect

spawn [lrange $argv 0 0] [lrange $argv 1 $argc]

expect {

“Password:” {

expect_user -re “(.*)\n”
send_user “\n”
send “$expect_out(1,string)\r”
exp_continue

}

}

Suppose you name the file as ptymagic, and give execute permission for the same, test it as we did previously:

echo “Your_Root_Password” | ./ptymagic su -c “cat /etc/shadow”

May be it’ll seem slow, but hey, we are here to write maintenance script for the system and not any scientific supercomputing simulations…

best of luck…

This is an article that I had posted in my livejournal on 4th-May-2006 03:08 pm. I’m trying to migrate the most valuable stuff to wordpress.

Today we’ll discuss the getpass() library function and the hurdles it presents for a system administrator for system automation. The usual bash pipe (‘|’) wont help us in providing password for tools like ssh, ftp, su, etc. The main reason is the way in which getpass works to get the password from the terminal. Unlike other library routines like getchar() or scanf() which read from stdin, this one opens the /dev/tty to read the user input.

The only solution been provided to overcome this is to create pseudo terminals(pty) and run your application in that. One of the most useful of the various functions used for this is forkpty(). Yes, here I’m talking about writing your own program to create a new pty, fork and run its child in that pty, and exec the application(like ssh, ftp,…) in the child. You will get a file descriptor which can be used to read or write data to the pty(ie, the application i/o). Below is given a program that tries to make a connection between you and your application.

// ptymagic.c
#include <pty.h>
#include <utmp.h>

#include <stdio.h>
#include <stdlib.h>

#include <unistd.h>
#include <pthread.h>

int readtunnel(int pty) // thread for reading from appl
{

char ch;
while(read(pty,&ch,1) != -1)
write(1,&ch,1);

}

int writetunnel(int pty) // thread for writing to appl
{

char ch;
while(read(0,&ch,1))
write(pty,&ch,1);

}

main(int argc, char **argv)
{

int pty,child;
int ret;
pthread_t pread,pwrite;

if(argc < 2)
{

exit(-1);

}

child = forkpty(&pty,0,0,0);

if(!child)
{

struct termios tios;tcgetattr(0, &tios);
tios.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
tios.c_oflag &= ~(ONLCR);
tcsetattr(0, TCSANOW, &tios);

execv(argv[1],&argv[1]);

exit(-1);

}

if(child == -1)

exit(-1);

read(pty,&ret,1); // wait till the child has outputted atleast one character
write(1,&ret,1);

pthread_create(&pread,0,readtunnel,pty);
pthread_create(&pwrite,0, writetunnel,pty);

pthread_join(pread,0);

wait(&ret);

if(ret >= 0 && ret <= 255)

exit(ret);

exit(-1);

}

Compile the program as:

gcc -l pthread -l util -o ptymagic ptymagic.c

And try to run as:

echo “Your_Root_Password” | ./ptymagic su -c “cat /etc/shadow”

and see the magic.

Here, the defect is that we have to write a c program for every different kind of application which is going to be a tedious task. A better alternative is also there about which I’ll explain later.

Till then,

BYE.

This is an article that I had posted in my livejournal on 27th-Apr-2006 12:11 pm. I’m trying to migrate the most valuable stuff to wordpress.

Today I had to access a public cvs repository from my computer in the office. Unfortunately it seemed that the company firewall disallows any cvs :pserver: connections due to security reasons. I had to find a way to checkout a module from the repository. Then I noticed an article about ssh tunnelling in the internet and quickly found my solution. I’m describing it below:

There are presently two computers in our picture. One is my system (localhost) and the other is ecos.sourceware.org. I wanted to access the repository in /cvs/ecos of the sourceware.org server. The proper way of doing it is:

cvs -z3 -d :pserver:anoncvs@ecos.sourceware.org:/cvs/ecos checkout ecos

But, it seemed that my company firewall won’t allow it to proceed since its trying to use the pserver protocol. Then, I thought of making an ssh tunnel to the sourceware.org server as a work around. But, for that I need to have an ssh account on the server itself.

Now, its here that my sourceforge.net shell account helped me. I created an ssh tunnel from my system to the sourceforge.net system and forwarded all packets at port 2401 to it. The command to create the tunnel and port forwarding looked like this:

ssh -L localhost:2401:ecos.sourceware.org:2401 jineshkj@shell.sf.net

It says that, ssh should login to shell.sf.net with as jineshkj while forwarding the localhost:2401 to ecos.sourceware.org:2401 through it. So, now I’ve added another computer to the picture, which is the shell.sf.net.

Now, in order to access the ecos.sourceware.org:2401, I only need to connect to localhost:2401. The cvs command should thus be modified as given below:

cvs -z3 -d :pserver:anoncvs@localhost:/cvs/ecos checkout ecos

What happens now is that, I’ll try to access the localhost:2401 using the pserver protocol, which actually gets forwarded to ecos.sourceware.org:2401 through the ssh tunnel. In the local system you can use custom port number other than the standard one as shown below:

ssh -L localhost:8000:ecos.sourceware.org:2401 jineshkj@shell.sf.net

cvs -z3 -d :pserver:anoncvs@localhost:8000:/cvs/ecos checkout ecos

Note that the cvs command has to be executed in your local shell and not in the ssh shell.

Best of luck.

This is an article that I had posted in my livejournal on 22nd-Aug-2006 01:51 pm. I’m trying to migrate the most valuable stuff to wordpress.

Hi all,

Few weeks back I moved to a new apartment with my friends and the best part of it is the broadband connection we already have there. But the sad part is that we had to share the internet amonst us. One of many ways to do it is obviously the proxy. Proxying is fine to start with, but in long run it really gives us headache.

Few days back we started our experiments with iptables, but with a little or no success. It was then that I found the Masquerading Made Simple HOWTO . That’s it. Just two commands and my linux laptop became a router. Those commands are:

iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to X.X.X.X
echo 1 > /proc/sys/net/ipv4/ip_forward


where eth2 is connected to internet through an ADSL modem with IP X.X.X.X. Now everything works fine with a few optimizations left to be done.

My next job is to configure my wireless card and run a home wifi network. The main concern here is obviously the security. I’m right now refering the Wireless Howto .

I have been trying to use jingle with many of the jabber clients like, psi, jabbin, kopete, tapioca. the source code compilation of both psi and kopete with –enable-jingle was pretty hectic, not to mention how much a disaster was the efforts that I had put into it. All the way during their compilation, I got stuck at one message: undefined reference to `speex_wb’ and undefined reference to `pcmu8000′.

Surprisingly though, the psi compiled perfectly in my LFS system with the jingle enabled. But, since I could not find any option to compile the binary statically, I had to copy the executable with its shared library dependencies along with. To my great happiness, the psi worked with jingle and I could talk between two systems running my psi client. I’m still trying to figure out why the compilation had failed in my FC6.

It should be a happy news for windows users since the jabbin.exe works okay in windows, though it will crash if you try to do something really nasty with it. BTW, compiling libjingle with gcc gives you some simple errors which you can easily correct by modifying the source files appropriately. That’s it for now…