#! /bin/env lua BASEDIR = "/var/tmp/wopr" POST_MAX = 512 method = os.getenv("REQUEST_METHOD") if (method == "POST") then local CL = tonumber(os.getenv("CONTENT_LENGTH")) or 0 if (CL > POST_MAX) then CL = POST_MAX end function getc() if (CL > 0) then CL = CL - 1 return io.read(1) else return nil end end elseif (method == "GET") then local query = os.getenv("QUERY_STRING") or "" local query_pos = 0 local query_len = string.len(query) if (query_len > POST_MAX) then query_len = POST_MAX end function getc() if (query_pos < query_len) then query_pos = query_pos + 1 return string.sub(query, query_pos, query_pos) else return nil end end else print("405 Method not allowed") print("Allow: GET POST") print("Content-Type: text/plain") print() print("I only do GET and POST.") os.exit(0) end function read_hex() local a = getc() or 0 local b = getc() or 0 return string.char(tonumber(a, 16)*16 + tonumber(b, 16)) end function cgi_item() local val = "" while (true) do local c = getc() if ((c == nil) or (c == "=") or (c == "&")) then return val elseif (c == "%") then c = read_hex() elseif (c == "+") then c = " " end val = val .. c end end function escape(s) s = string.gsub(s, "&", "&") s = string.gsub(s, "<", "<") s = string.gsub(s, ">", ">") return s end f = {} while (true) do local key = cgi_item() local val = cgi_item() if (key == "") then break end f[key] = val end -- lua doesn't seed its PRNG and provides nothing other than -- time in seconds. If you're on Windows, go fish. do local seed = 0 r = io.open("/dev/urandom") or io.open("/dev/random") for i = 1, 4 do seed = seed*256 + string.byte(r:read(1)) end io.close(r) math.randomseed(seed) end -- Get or create Session ID sid = f["s"] or "" if (sid == "") then sid = string.format("%08x.%04x", os.time(), math.random(65535)) end dirname = BASEDIR .. "/" .. sid -- Send back a page function reply(text, prompt, ...) print("Content-type: text/xml") print() print("") print(" " .. sid .. "") print(" " .. escape(text or "") .. "") print(" " .. escape(prompt or ">") .. "") if (arg[1]) then print(" " .. escape(arg[1]) .. "") end print("") os.exit(0) end -- -- Database functions -- function get(key, ...) local fn = string.format("%s.%s", dirname, key) local f = io.open(fn) if (not f) then return arg[1] else local ret = f:read(4000) or "" f:close() return ret end end function set(key, ...) local fn = string.format("%s.%s", dirname, key) local f f = io.open(fn, "w") if not f then error("Unable to write " .. fn) end f:write(arg[1] or "") f:close() end function del(key) local fn = string.format("%s.%s", dirname, key) os.remove(fn) end -- -- A string splitter -- function string:split(...) local sep = arg[1] or " " local ret = {} local start = 1 while true do local first, last = self:find(sep, start) if not first then break end table.insert(ret, self:sub(start, first - 1)) start = last + 1 end table.insert(ret, self:sub(start)) return ret end ------------------------------------- -- -- WOPR-specific stuff -- -- A list of all hosts, by name hosts_by_name = {} Host = {} function Host:new(name, ...) local o = {} setmetatable(o, self) self.__index = self o.name = name o.prompt = (arg[1] or ">") o.obuf = {} o.history = {} hosts_by_name[name] = o return o end function Host:add_commands(t) local cmds = {} local k, v for k,v in pairs(self.commands) do cmds[k] = v end for k,v in pairs(t) do cmds[k] = v end self.commands = cmds end function Host:get(key, ...) return get(self.name .. "." .. key, arg[1]) end function Host:set(key, ...) return set(self.name .. "." .. key, arg[1]) end function Host:del(key) return del(self.name .. "." .. key) end function Host:writeln(...) table.insert(self.obuf, (arg[1] or "")) end function Host:login(...) set("host", self.name) reply(arg[1] or self.motd, self.prompt) end function Host:cmd_help() local k, v self:writeln("Available commands:") for k,v in pairs(self.commands) do if (v[1]) then local s = string.format("%-15s %s", k, v[1]) self:writeln(s) end end end function Host:cmd_history() local k, v for k,v in ipairs(self.history) do self:writeln(string.format("%5d %s", k, v)) end end -- Call self:handle(req) and return what to send back function Host:handle_request(req) local t = "" local k, v self:handle(req) for k,v in ipairs(self.obuf) do t = t .. v .. "\n"; end reply(t, self.prompt) end -- Handle a request function Host:handle(req) self:do_cmd(req) end -- Run a command or return an error function Host:do_cmd(req) local argv = req:split() local cmd = self.commands[argv[1]:lower()] if (argv[1] == "") then return end -- First, update history if self.history then local h = self:get("history") if h then self.history = h:split("\n") end table.insert(self.history, req) self:set("history", table.concat(self.history, "\n")) end -- Now run the command if cmd then if cmd[2] then cmd[2](self, argv) else self:writeln("ERROR: no function defined") end else self:writeln("Unknown command") end end -- List of commands, with help string (nil hides from help) Host.commands = { ["?"] = {nil, Host.cmd_help}, ["help"] = {"List available commands", Host.cmd_help}, ["history"] = {"Display command history", Host.cmd_history}, } -- -- Login screen -- Login = Host:new("login", "Enter 12-digit access code:") Login.motd = [[ ┃┃┃┏━┃┏━┃┏━┃ ┃┃┃┃ ┃┏━┛┏┏┛ ━━┛━━┛┛ ┛ ┛ 3.0 War Operations Plan Response New Khavistan Ministry of Ministries This computer system is the property of the government of New Khavistan. It is for authorized use only. Any or all uses of this system and all files on this system are monitored and logged. By using this system, the user consents to such monitoring. Users who do not consent to such monitoring will be dispatched with the New Khavistan fiber-optic bullet delivery system. Users should have no expectation of privacy as to any communication on or information stored within the system, including but not limited to information stored within your brain, DNA, government tooth implants, or tinfoil hat. Unauthorized or improper use of this system may result in gnomes pooping in your underpants. By continuing to use this system, you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning. ]] function Login:handle(req) if (string.len(req) > 20) then -- Log them in to wopr Wopr:login([[ FLAGRANT SYSTEM ERROR: Memory segmentation violation Returning to command subsystem [wopr:xipir-cavud-libux] ]]) else if (req == "joshua") then self:writeln("wopr:xirak-zoses-gefox") elseif (req ~= "") then self:writeln("Incorrect code") end end end function Login:login(...) -- Since login is the default, we can *unset* host. -- This has the nice property of not allocating any -- storage for people who never make it past the front door. del("host") reply(arg[1] or self.motd, self.prompt) end -- -- Bulletin Board (bb) subsystem -- Bb = Host:new("bb", "[N]ext, (P)rev, (Q)uit, msg#:") Bb.posts = {[[ WOPR operational! ===== administrator ===== Aug 16 2003 Welcome to WOPR system. Authorized by FLD-853, system will be linked with all critical New Khavistan technical infrastructure. Mandated by FLD 897 will be full compliance by 2007. Waiting time, following services may be used: telecommunications, traffic control devices, payroll, and strategic missile offensive control. Finding any problems with this system, simply fill and submit form CPW-190. Royal Ministry Of Technology processes all properly-reported issues with utmost haste and concern. ::: FLD-711 Restricted Distribution ::: ]], [[ Clock problem ===== administrator ===== Sep 35, 1568 Royal Ministry Of Technology is aware of recent problems with system time. We strive to rectify this problem. Thank you for patience with issue. ::: FLD-711 Restricted Distribution ::: ]], [[ System Overhaul ===== Krdznyklyk ===== Dec 12, 2003 The entire system is being overhauled to fix security holes exposed by a recent attack on our systems. Your presence is requested at an all-hands briefing to roll out the new system this afternoon at 1500 hrs. ]], [[ Drill ===== wopr:xofic-belid-civox ===== Dec 15, 2003 There will be a drill to test our combat readiness today. Make sure you are familiar with the proper procedures to complete the task. Follow proper drilling procedures. ]], [[ Passwords ===== administrator ===== Jan 12, 2004 All passwords have been modified to end with character "!", to bring WOPR compliant with Fearless Leader Directive 1138 "standards for secure passwords". For example, a password once "cascade", is becoming "cascade!". Recent change improves important system resilience against attack from enemies. Your gracious understanding and support of New Khavistan is appreciated. ::: FLD-711 Restricted Distribution ::: ]], [[ ICBM control ===== administrator ==== Feb 2, 2004 Because of new security protocols in FLD-1205, you must now type, "override on" to get access to ICBM commands. ::: FLD-711 Restricted Distribution ::: ]], [[ attcon command ===== administrator ===== Feb 14, 2004 The WOPR system has been updated to include a new command! Purpose: To make it possible to change the attack condition level for all troops in the New Khavistan republic, simple and unified. Subsystems Affected: Small subset of WOPR subsystems Usage: Type "attcon" then number pertaining to correct readiness level (1-5). Also can get attcon level by only typing attcon. Expected loss of service: 30 min while WOPR system recycles ::: FLD-711 Restricted Distribution ::: ]], [[ Syistem Adimn ===== ACTION REQUIRED ==== 0573, Dec 32 2004 ACTION REQUIRED Dear empyoyee, We have an important message for you form your commanding officer. Please click here to veiw the messsage. ]], [[ Alert: message attack ===== administrator ===== Jun 20, 2004 NOT TO CLICK ON LINK. Perverted computer attackers from libellous Republic of Dweezil break WOPR system security and try to subvert glorious nation with tricksy electronic link. NT TO CLICK. New Khavistan secret infantry being dispatched to deal with computer threat from libellous Republic of Dweezil. ]], [[ Security Breach ===== administrator ===== Jun 21, 2004 Who click link? Now is time to come forward and accept judicious punishment from Fearless Leader. ]], [[ Mandatory Training ===== administrator ===== Jun 24, 2004 Phishing awareness training today at 1500 hrs ]], [[ FLD-1327 ===== administrator ===== Aug 10, 2004 FLD-1327 extends target date for full WOPR integration until June 22, 2058. Meantime WOPR subsystem continue to operate. ::: FLD-711 Restricted Distribution ::: ]], -- Message ID #-5: a snippet of the WOPR command program [-1] = "^A^@^@<8B>Uwopr:xetil-rokak-robyx^OMЉËEօuG<84>", [-2] = "^A<90><8D>t&^@@<8D>v^@<83>", [-3] = "[^_]Ð<8D>t&^@<89>^\$Ѐ^@^@<8B>=^E^H<80>;/<89>", [-4] = "<85>^?׃^T1[]Ít&^@^A^@^@^@븋C^D<89>", [-5] = [[ ^@^@^@^@^@^@on", n] => set attcon = n msg "attcon set to" n ["attcon enid"] => set_launch_trigger(1) ["attcon dennis"] => set_launch_trigger(0) ["bb"] => call_subsys bb ["test"] => msg "test out^D$<9F><9B>^E^Hb<84>A<[,[^_]WVS1 ]], [-6] = "^@^@1^E^@^@2^E^@^@3^E^@^@4", [-7] = "^^F^@^@!^F^@^@$^F^@^@&^F^@^@)", [-8] = "^@", } Bb.motd = [[ WOPR Message Board ==================================================== [N]ext message (P)revious message (Q)uit Enter message number to jump to that message ]] function Bb:read(inc) local msgid = tonumber(self:get("msgid")) or 0 msgid = msgid + inc self:jump(msgid) end function Bb:jump(msgid) self:set("msgid", msgid) self:writeln("::::::::::::::::::::::::: Message #" .. tostring(msgid)) self:writeln() self:writeln(self.posts[msgid]) end function Bb:do_cmd(req) local n = tonumber(req) if (req == "") then self:cmd_next() elseif n then self:jump(n) else Host.do_cmd(self, req) end end function Bb:cmd_next(argv) self:read(1) end function Bb:cmd_prev(argv) self:read(-1) end function Bb:cmd_help(argv) self:writeln(self.motd) end function Bb:cmd_quit(argv) Wopr:login() end Bb.commands = { ["?"] = {nil, Bb.cmd_help}, ["n"] = {nil, Bb.cmd_next}, ["p"] = {nil, Bb.cmd_prev}, ["q"] = {nil, Bb.cmd_quit}, } -- -- The WOPR host -- Wopr = Host:new("wopr", "WOPR%") Wopr.history = { 'subsys comm', 'wopr:xopev-zihuk-hubyx', 'exit', 'subsys comm', 'bb', 'subsys comm', 'exit', 'bb', 'subsys comm', 'exit', 'hlep', 'help', 'bb', 'help', 'subsys comm', 'exit', } Wopr.motd = "" function Wopr:cmd_subsys(argv) local sys = argv[2] if not sys then self:writeln("Usage: subsys SYSTEM") elseif sys == "?" then local k, v for k,v in pairs(hosts_by_name) do self:writeln(k) end else h = hosts_by_name[sys] if not h then self:writeln("No such subsystem (? to list)") else h:login() end end end function Wopr:cmd_bb(argv) Bb:login() end function Wopr:attcon() return tonumber(self:get("attcon") or 5) end -- This command should feel really shoddy: it was written -- in-house by the New Khavistan Ministry of Technology. function Wopr:cmd_attcon(argv) if argv[2] == "enid" then self:writeln("[[[ LAUNCH TRIGGER ENABLED ]]]") self:writeln("wopr:xelev-lepur-pozyx") self:set("launch") elseif argv[2] == "dennis" then self:writeln("[[[ LAUNCH TRIGGER DISABLED ]]]") self:del("launch") elseif argv[2] then local v = tonumber(argv[2]) or 5 self:set("attcon", v) self:writeln("attcon set to " .. tostring(v)) else self:writeln(tostring(self:attcon())) end end -- Some test code they didn't remove function Wopr:cmd_test(argv) self:writeln("test output:") self:writeln(" EIGEN58") self:writeln(" sub_malarkey reached") self:writeln(" DEBUG:453:wopr:xocom-bysik-mapix") self:writeln("$$END") end Wopr:add_commands{ ["subsys"] = {"Connect to subsystem", Wopr.cmd_subsys}, ["bb"] = {"Read bulletin board", Wopr.cmd_bb}, ["attcon"] = {"[Place command description here]", Wopr.cmd_attcon}, ["test"] = {nil, Wopr.cmd_test}, } --hosts["wopr"] = Wopr -- -- Communications subsystem -- Comm = Host:new("comm", "COMSYS>") Comm.motd = [[ _____IMPORTANT_____ IBM 3750 used for main switchboard in captiol building is currently running at half capacity until relays arrive. Please to remember not patching trunks to switch! ]] function Comm:cmd_exit(argv) Wopr:login() end function Comm:cmd_status(argv) self:writeln("[Not yet implemented]") self:writeln("wopr:xoroc-hunaz-vyhux") end Comm:add_commands{ ["status"] = {"Display phone system status", Comm.cmd_status}, ["exit"] = {"Exit this subsystem", Comm.cmd_exit}, } -- -- Missile subsystem -- Smoc = Host:new("smoc", "[SMOC]") Smoc.motd = [[ _______________VERY IMPORTANT READ_______________ Ministry of Weapons replacing all peanut brittle warheads with bubble gum, as mandated by FLD-1492 "Fearless Grandson Peanut Allergy". Launch capacity will be reduced until conversions are complete. ::: FLD-711 Restricted Distribution ::: wopr:xigeh-lydut-vinax ]] Smoc.authcode = "CPE-1704-TKS" Smoc.inventory = { "ready", "offline", "offline", "ready", "offline", "offline", "offline", "offline", "offline", "offline", "FileNotFound", "ready", [-1] = "program_invocation_short_name^@realm^@", [-2] = "^@^@^@^@^@^@^@^@^@^R^@^@^@3", [-3] = "%L^D^Hhx^@^@^@", [-4] = "^D^H^G^P^@^@P", [-5] = "^P<8B>=^D^H", [-6] = "WVS<83>\<8B>E^L<8B><8B>U^P", [-7] = "Y^@^@" .. Smoc.authcode .. "^@get_launch_trigger^@", [-8] = "^@", [-9] = "^@", [-10] = "^@", [-11] = "^@wopr:xipar-canit-zimyx^@", [-12] = "^@", [-13] = "^@", [-14] = "^@", [-15] = "^@", [-16] = "^@", } function Smoc:login() if self:get("nuked") then Wopr:login("*** LINK DOWN\n*** CONNECTION REFUSED") else Host.login(self) end end function Smoc:cmd_exit(argv) Wopr:login() end function Smoc:cmd_status(argv) local n = tonumber(argv[2]) if not n then local k, v, max local ready = 0 for k,v in ipairs(self.inventory) do if (v == "ready") then ready = ready + 1 end max = k end self:writeln(("%d total, %d ready"):format(max, ready)) self:writeln("Use \"status #\" to check status of individual missiles") else self:writeln(("---- Missile #%d Summary ----"):format(n)) self:writeln("Type: SS-256 SCUMM") self:writeln("Location: Fearless Missile Silo #1 (-44.76,-120.66)") self:writeln("Status: " .. (self.inventory[n] or "(null)")) end end function Smoc:cmd_authorize(argv) if not Wopr:get("launch") then self:writeln("ERROR: Launch trigger disabled.") elseif (argv[2] ~= self.authcode) then self:writeln("Invalid authorization code.") else self:writeln("Authorization code accepted.") self:writeln("wopr:xocec-lifoz-gasyx") self:set("auth") end end function Smoc:cmd_launch(argv) local n = tonumber(argv[2]) local lat = tonumber(argv[3]) local lon = tonumber(argv[4]) if Wopr:attcon() > 1 then self:writeln("ERROR: Missiles may only be launched during times of war.") elseif not self:get("auth") then self:writeln("ERROR: Not authorized") elseif (not n) then self:writeln("Usage: launch # LAT LONG") elseif (not lat) or (not lon) then self:writeln("ERROR: Invalid coordinates supplied") elseif (self.inventory[n] == "offline") then self:writeln("ERROR: Missile currently off-line") elseif (n < 1) then self:writeln("ERROR: No such missile") else self:writeln(("Launching to (%f,%f)..."):format(lat, lon)) self:writeln("wopr:xubif-hikig-mocox") if (lat ~= -44.76) or (lon ~= -120.66) then self:writeln("ERROR: No propulsion system attached") elseif (self.inventory[n] ~= "FileNotFound") then self:writeln("ERROR: Triggering device not installed") else self:set("nuked") Wopr:login("Detonating warhead...\nwopr:xoroz-hymaz-fivex wopr:xufov-sugig-zecox wopr:xocem-dabal-fisux wopr:xufez-dofas-tyvyx\s*** CONNECTION TERMINATED") end end end Smoc:add_commands{ ["status"] = {"Check missile status", Smoc.cmd_status}, ["launch"] = {"Launch missile", Smoc.cmd_launch}, ["authorize"] = {"Set authorization code", Smoc.cmd_authorize}, ["exit"] = {"Exit to WOPR", Smoc.cmd_exit}, } function main() if (not f["s"]) or (f["s"] == "") then Login:login() else local h = hosts_by_name[get("host")] or Login txt, prompt = h:handle_request(f["v"] or "") end end function err(msg) reply("", "A>", msg .. " wopr:xosov-tenoh-nebox\n\n" .. debug.traceback()) end xpcall(main, err)