Removed/changed secrets, no more secrets in git

This commit is contained in:
Neale Pickett 2017-07-08 20:52:18 +00:00
parent 9575a71cc2
commit 32956e2591
17 changed files with 242 additions and 396 deletions

View File

@ -1,23 +0,0 @@
#! /bin/sh
cd /home/neale/lib/images/chumby
echo Content-type: image/jpeg
echo
fn=$(ls *.jpg | shuf | head -n1)
# Guess at scale based on file size
s=$(du "$fn" | cut -d' ' -f1)
if [ $s -lt 100 ]; then
scale=1/1
elif [ $s -lt 1000 ]; then
scale=1/2
elif [ $s -lt 10000 ]; then
scale=1/4
else
scale=1/8
fi
djpeg -scale $scale "$fn" | pnmscale -xysize 320 240 | cjpeg

13
dirlist
View File

@ -1,13 +0,0 @@
#! /bin/sh
cat $1; shift
echo '<dl>'
for i in "$@"; do
size=$(du --si $i | cut -f1)
desc=$(sed -n '1,3 s/.*\(Description: \|Title: \|-- \)//p' $i)
fn=$(basename $i)
echo " <dt><a href=\"$fn\">$fn</a> ($size)</dt>"
echo " <dd>$desc</dd>"
done
echo '</dl>'

View File

@ -1,6 +1,7 @@
package main
import (
"bufio"
"crypto/md5"
"fmt"
"log"
@ -9,12 +10,9 @@ import (
"strings"
)
const GitProjectRoot = "/home/neale/projects"
// printf "USER:PASS" | base64 | while read a; do printf "%s" "$a" | md5sum; done
var allowed = []string{
"2c64993e88c06e297d4f01cf3b5aebdf", // neale
}
const AuthFilename = "/home/neale/.config/g.cgi/authorization"
const GitProjectRoot = "/home/neale/projects"
func execv(name string, arg ...string) {
c := exec.Command(name, arg...)
@ -32,6 +30,7 @@ func Authenticated() bool {
return false
}
// Build up a string to match
parts := strings.Split(auth, " ")
switch {
case len(parts) != 2:
@ -43,8 +42,19 @@ func Authenticated() bool {
hash := md5.Sum([]byte(parts[1]))
hashhex := fmt.Sprintf("%x", hash)
for _, a := range allowed {
if a == hashhex {
authfile, err := os.Open(AuthFilename)
if err != nil {
log.Fatal(err)
}
defer authfile.Close()
scanner := bufio.NewScanner(authfile)
for scanner.Scan() {
line := scanner.Text()
if line == "" || strings.HasPrefix(line, "#") {
continue;
}
if line == hashhex {
os.Setenv("AUTH_TYPE", parts[0])
os.Setenv("REMOTE_USER", "XXX-neale")
return true
@ -79,12 +89,11 @@ func main() {
//log.SetOutput(os.Stdout)
//log.SetPrefix("Status: 500 CGI Go Boom\nContent-type: text/plain\n\nERROR: ")
os.Setenv("GIT_PROJECT_ROOT", GitProjectRoot)
uri := os.Getenv("REQUEST_URI")
switch {
case strings.HasSuffix(uri, "git-receive-pack"):
case strings.HasSuffix(uri, "git-upload-pack") || strings.HasSuffix(uri, "git-receive-pack"):
if Authenticated() {
os.Setenv("GIT_PROJECT_ROOT", GitProjectRoot)
execv("git", "http-backend")
} else {
fmt.Println("Status: 401 Not Authorized")
@ -93,8 +102,6 @@ func main() {
fmt.Println()
fmt.Println("Nope", os.Getenv("HTTP_AUTHORIZATION"))
}
case strings.HasSuffix(uri, "git-upload-pack"):
execv("git", "http-backend")
default:
notice()
}

View File

@ -1,9 +0,0 @@
#include <unistd.h>
int
main(int argc, char *argv[])
{
chdir("/home/neale/lib/geneweb");
execl("/usr/bin/gwd", "gwd", "-cgi", NULL);
return 0;
}

208
images/haderp.svg Normal file

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 61 KiB

View File

@ -1 +0,0 @@
COPY += $(wildcard images/*.png images/*.gif images/*.jpg)

BIN
images/mqdefault.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 8.3 KiB

View File

@ -74,7 +74,7 @@ git ls-files | while read fn; do
*/install)
install $fn
;;
trigger.cgi.go)
trigger.cgi.go|g.cgi.go)
gc $fn
setuid $fn
;;

View File

@ -1,5 +0,0 @@
COPY += $(wildcard misc/*.png)
COPY += $(wildcard misc/*.jpg)
COPY += misc/chupas.svg
COPY += misc/cherry-bombs.svg

View File

@ -1,87 +0,0 @@
package main
import (
"net"
"fmt"
"time"
"sync"
)
// Internal port: 19132
var hosts = []HostEntry{
{"h.woozle.org:26548", "Ginnie"},
{"h.dirtbags.net:29837", "Neale"},
}
const MAGIC = "\x00\xff\xff\x00\xfe\xfe\xfe\xfe\xfd\xfd\xfd\xfd\x12\x34\x56\x78"
func isAlive(host string) bool {
conn, err := net.Dial("udp", host)
if err != nil {
return false
}
conn.SetReadDeadline(time.Now().Add(5 * time.Second))
pkt := "\x01" + "\x00\x00\x00\x00MERF" + MAGIC
conn.Write([]byte(pkt))
resp := make([]byte, 40)
rlen, err := conn.Read(resp)
if (err != nil) || (rlen == 0) {
return false
}
return true
}
var wg sync.WaitGroup
func waitClose(c chan<- string) {
wg.Wait()
close(c)
}
type HostEntry struct {
host string
owner string
}
func ping(results chan<- string, e HostEntry) {
defer wg.Done()
if isAlive(e.host) {
results <- e.owner
}
}
func main() {
results := make(chan string, 5)
for _, host := range hosts {
wg.Add(1)
go ping(results, host)
}
go waitClose(results)
fmt.Println("Content-type: text/html")
fmt.Println("")
fmt.Println("<!DOCTYPE html>")
fmt.Println("<html>")
fmt.Println("<head>")
fmt.Println("<meta name=\"viewport\" content=\"width=device-width\">")
fmt.Println("<style type=\"text/css\">#a{font-size: 120%; background: silver;}</style>")
fmt.Println("<title>Minecraft PE ping</title></head>")
fmt.Println("<body>")
fmt.Println("<h1>Who is playing Minecraft PE?</h1>")
fmt.Println("<ul id=\"a\">")
count := 0
for msg := range results {
fmt.Printf("<li>%s</li>\n", msg)
count += 1
}
fmt.Println("</ul>")
if count == 0 {
fmt.Println("<p>Sorry, looks like nobody's playing right now.</p>")
}
fmt.Println("</body></html>")
}

View File

@ -1 +0,0 @@
COPY += $(wildcard papers/clovis-*.png)

View File

@ -1,114 +0,0 @@
#! /bin/sh
case "$HTTP_USER_AGENT" in
*MIDP*)
TINY=1
NOCAL=1
;;
*Mobile*)
NOCAL=1
;;
esac
weather () {
curl -s 'http://rss.wunderground.com/auto/rss_full/NM/Los_Alamos.xml?units=metric' | \
awk -F ' [-:] ' '
(/Current Conditions/) {
print "<p class=\"weather\"><a href=\"http://m.wund.com/cgi-bin/findweather/getForecast?brand=mobile&query=87544\">" $2 "</a></p>";
}
(c == 2) {
print "<p class=\"weather\">" $0 "</p>";
exit;
}
(/CDATA/) {
c++;
}'
}
section () {
echo "<h2><a href=\"$2\">$1</a></h2>"
echo "<ul>"
[ "$TINY" ] && pfx="http://news.google.com/gwt/x?u="
curl -s "$3" | \
awk -F '>' -v RS='<' -v m=${4:-5} -v pfx="$pfx" '
(/^item[> ]/) {
a++;
}
(/^title/) {
title=$2;
}
(a && a<m+1 && /^link/) {
l=$2;
sub(/.*url=/, "", l);
print "<li><a href=\"" pfx l "\">" title "</a></li>";
}'
echo "</ul>"
}
cat <<EOF
Content-type: text/html; charset=utf-8
Refresh: 500
<!DOCTYPE html>
<html>
<head>
<title>Houyhnhnm</title>
<style type="text/css">
h1 {
font-size: large;
font-weight: bold;
text-align: center;
}
h2 {
font-size: large;
font-weight: normal;
font-style: italic;
}
.calendar {
height: 300px;
float: right;
}
</style>
<link rel="icon" type="image/png" href="portal.png">
<meta name="viewport" content="width=device-width" />
</head>
<body>
EOF
if ! [ "$NOCAL" ]; then
printf '<iframe class="calendar" src="%s"></iframe>\n' \
'https://www.google.com/calendar/embed?title=Calendar&showTitle=0&showDate=0&showPrint=0&showTz=0&mode=AGENDA&height=350&wkst=1&bgcolor=%23FFFFFF&src=2cdrf19kah6jkonhom8evck38c%40group.calendar.google.com&color=%23333333&src=s531giqfiotabht4qrn59tjf9g%40group.calendar.google.com&color=%231B887A&src=dartcatcher%40gmail.com&color=%23125A12&src=laderbydames%40gmail.com&color=%2323164E&src=uulosalamos.org_gu7e0s8dsh1tn8iktt468tk95k%40group.calendar.google.com&color=%232F6309&src=en.usa%23holiday%40group.v.calendar.google.com&color=%238D6F47&ctz=America%2FDenver'
fi
if [ "$TINY" ]; then
echo '<form action="http://www.google.com/"><input name="q" size="12"><input type="submit" value="G">'
echo '</form>'
fi
weather
section LA \
'http://ladailypost.com/' \
'http://www.ladailypost.com/rss.xml'
section "Ars Technica" \
'http://m.arstechnica.com/' \
'http://feeds.arstechnica.com/arstechnica/index?format=xml'
section NPR \
'http://thin.npr.org/t.php?tid=1001' \
'http://www.npr.org/rss/rss.php?id=1001'
section CSM \
'http://www.csmonitor.com/textedition' \
'http://rss.csmonitor.com/feeds/csm'
section AJE \
'http://m.aljazeera.net' \
'http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989'
cat <<EOF
</body>
</html>
EOF

Binary file not shown.

Before

Width:  |  Height:  |  Size: 929 B

View File

@ -1,99 +0,0 @@
#include <stdlib.h>
#include <string.h>
#include <stdbool.h>
#include <unistd.h> // only for chdir
#include <stdio.h>
#include "cgi.h"
char const *botdir = "/home/neale/bot";
void
jputchar(unsigned char c)
{
if (c == '\n') {
printf("\\n");
} else if (c < 0x20) {
printf("\\u%04x", c);
} else if ((c == '\\') || (c == '"')) {
putchar('\\');
putchar(c);
} else {
putchar(c);
}
}
int
main(int argc, char *argv[])
{
char key[80];
char val[2000];
bool its_me = false;
cgi_init(argv);
for (;;) {
size_t len;
len = cgi_item(key, sizeof(key));
len = cgi_item(val, sizeof(val));
if (0 == len) {
break;
}
if (0 == strcmp(key, "user_id")) {
if (0 == strcmp(val, "USLACKBOT")) {
its_me = true;
}
} else if (0 == strcmp(key, "channel_name")) {
char chan[40];
snprintf(chan, sizeof(chan), "#%s", val);
setenv("forum", chan, true);
} else if (0 == strcmp(key, "user_name")) {
setenv("sender", val, true);
} else if (0 == strcmp(key, "text")) {
setenv("text", val, true);
} else if (0 == strcmp(key, "token")) {
setenv("token", val, true);
}
}
cgi_header("text/json");
if (its_me) {
printf("{}");
return 0;
}
setenv("command", "PRIVMSG", true);
chdir(botdir);
{
FILE *p = popen("./handler", "r");
int newlines = 0;
printf("{\"text\":\"");
for (;;) {
int c = fgetc(p);
if (EOF == c) {
break;
} else if ('\n' == c) {
newlines += 1;
} else {
for (; newlines > 0; newlines -= 1) {
jputchar('\n');
}
jputchar(c);
}
}
printf("\",\"parse\":\"full\"}\n");
pclose(p);
}
return 0;
}

View File

@ -1,17 +0,0 @@
HTML += $(patsubst %.mdwn, %.html, $(wildcard src/*.mdwn src/*/*.mdwn))
HTML += $(patsubst %/index.head.mdwn, %/index.html, $(wildcard src/*/index.head.mdwn))
COPY += $(wildcard src/ipqueue/*.tar.*) src/eguile/eguile.scm
include src/*/*.mk
$(DESTDIR)/src/%/index.html: src/%/index.head.mdwn
@mkdir -p $(@D)
cp $(wordlist 2, $(words $^), $^) $(@D)
./dirlist $+ | $(MDWNTOHTML) > $@
$(DESTDIR)/src/misc/index.html: src/misc/*
$(DESTDIR)/src/postscript/index.html: src/postscript/*.ps
$(DESTDIR)/src/python/index.html: src/python/*.py

View File

@ -1,4 +0,0 @@
PLAIN += toys
COPY += $(wildcard toys/*.cgi toys/cards/*.png)
COPY += toys/timer.html

View File

@ -11,7 +11,7 @@ import (
"os"
)
const authtok = "~!Jf5!uYFxhK"
// These are not actually secrets, and get posted around various forums
const clientId = "81527cff06843c8634fdc09e8ac0abefb46ac849f38fe1e431c2ef2106796384"
const clientSec = "c7257eb71a564034f9419ee651c7d0e5f7aa6bfbd18bafb5c5c033b093bb2fa3"
@ -42,16 +42,18 @@ type Handler struct {
cgi.Handler
}
func (h Handler) TriggerHvac(w http.ResponseWriter, r *http.Request) {
os.Setenv("HOME", "/home/neale")
func getSecret(host string) netrc.Entry {
n, _ := netrc.Parse()
secrets := n["gitosis.com"] // Requiring a password here is such bullshit.
return n[host]
}
func (h Handler) TriggerHvac(w http.ResponseWriter, r *http.Request) {
secret := getSecret("teslamotors.com")
auth := tesla.Auth{
ClientID: clientId,
ClientSecret: clientSec,
Email: secrets.Login,
Password: secrets.Password,
Email: secret.Login,
Password: secret.Password,
}
cli, err := tesla.NewClient(&auth)
if err != nil {
@ -83,7 +85,8 @@ func (h Handler) TriggerHvac(w http.ResponseWriter, r *http.Request) {
}
func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.FormValue("auth") != authtok {
secret := getSecret("host:trigger.cgi")
if r.FormValue("auth") != secret.Password {
http.Error(w, "Invalid authtok", 401)
return
}
@ -101,6 +104,7 @@ func main() {
log.SetOutput(os.Stdout)
log.SetFlags(0)
log.SetPrefix("Status: 500 CGI Go Boom\nContent-type: text/plain\n\nERROR: ")
os.Setenv("HOME", "/home/neale") // required by netrc library
h := Handler{}
if err := cgi.Serve(h); err != nil {
log.Fatal(err)