This plugin executes a command in a pseudo terminal on remote host (i.e. a buddy PC running pidgin/finch). How it works:
Let’s say that Buddy A wants to run a shell session on Buddy B’s host computer. So in A’s PC the plugin client is installed and in B’s PC the server.
- A opens a chat and sends ‘#IMRA_REQ#’ to B, create input and output FIFO (named pipe)
- B receives ‘#IMRA_REQ#’ and opens pseudo teminal and execs the shell (you can exec any command, bash is the default command)
- A writes input on input FIFO and writes output on output FIFO (I wrote a little console to make it easy but you can use 2 cat instead)
- input data from A to B and responses (terminal output) from B to A are exchanged by messages translated in base64. Text is prefixed with ‘#IMRA_DAT#’ header
- data flow until A or B close the conversation sending a ‘#IMRA_QUI#’ message (if A or B closes the conversation window, ‘#IMRA_QUI#’ is sent automatically)
Why this plugin?
I’ve tried to make a plugin to realize a virtual terminal emulator in a chat between two buddies but I could create only a small, very incomplete (and buggy!) proof of concept. The problem with that plugin was that a terminal emulator it’s something very complex and there’s no complete libraries that implements the “backend” only (I mean that manages only the virtual terminal) so I had to develop the terminal emulator inside the plugin and that was a huge work (and of course incomplete!).
The real problem are escape and control sequences, how to pipe in and out form terminal and manage them.
There are libraries like VTE but you can’t use them without a GUI (the main reason that push me to develop such plugins is that I want a remote access through nat in a remote (home obviously :)) server without GUI). There’re some libraries not really well done (IMHO) like libROTE (no more developed) and a derivate libvterm but they do, maybe a little better, what I already do with ImVT plugin but far away to be effectively usable.
To write such kind of library it’s a very very hard task and although I’d like to develop a new one that manage several aspects (i.e. colours, bold, …), I know it will take too long. Maybe one day…
Take a look at Miguel de Icaza’s blog to get an idea of what should be done.
The idea behind this plugin is to forward raw user input (signals included) from local host to terminal and forward all terminal output (escape and control sequences) to a virtual terminal emulator (i.e. xterm). Doing this then the virtual terminal emulator will interpret escape and control sequences correctly. The screenshots show how I could run safetly htop and vim (no more problem using arrows).
The console is a little application to simplify client input/output.
There are huge security problems in doing this so you should absolutely limit as much as possible the privileges of the user running the terminal. Of course it’s not such a great idea give your root password to Gmail (unless you disable chat recording Gmail logs all your chats!) so don’t execute programs like su or SSH (although in theory you can do).
I’ve added Access Control List mechanism to choose which buddies are allowed to REQUEST, STEAL or RESET sessions. ACLs are the default choice for each operation. You can modify default policy in the server plugin settings. To add/remove a buddy to a ACL just right click on the buddy and choose the operation. “Which ACLs” tells in which ACLs buddy is subscibed.
You should not even let all your buddies to control the terminal. What I’ve done to test this plugin is create a new account and add only personal accounts as contacts.
I could see some odd behavior i.e. with Home key. Let’s debug!
For now take it carefully and in no way consider this plugin safe or stable.
Dummy Protocol used:
- CLIENT to SERVER: #IMRA_REQ# (or #IMRA_STL#)
- SERVER to CLIENT: #IMRA_ACP# (or #IMRA_DNY# if server don’t accept for any reason such as steal not allowed)
- CLIENT to SERVER and SERVER to CLIENT: #IMRA_DAT#[BASE64 I/O]
- CLIENT to SERVER or SERVER to CLIENT: #IMRA_QUI# (on closing the conversation window client or server side)
Command #IMRA_RST# implies SERVER close the active session if any and listen for new requests.
- Secure Session that is to encrypt data
Compiled on libpurple 2.7.11 (this means you have to use 2.7.X or newer!).
||Added ACLs to server to improve security
For bugs reports, hints, … email me at federico.zanco ( at ) gmail.com.
How to install:
These are general instructions to build and install my purple plugins.
To build the plugin you have to install gcc, GNU make, pkg-config and pidgin developing dependencies (or maybe only libpurple if in your os they are distribuited separately). I.e. in Debian/Ubuntu, open a terminal and type:
sudo apt-get install gcc make pkg-config pidgin-dev
then to build type:
to install (default directory is ~/.purple/plugins) type:
You can also create a compressed tar by typing:
How to use:
Compile and Install (read INSTALL) or Download (from this page) the plugin for your arch.
Linux: if you don’t have GNU make program installed on your system, to install the plugin manually copy instant-messaging-remote-access-[client/server].so in your purple dir:
(if ~/.purple/plugins/ does not exist: $ mkdir ~/.purple/plugins/ )
$ cp instant-messaging-remote-access-[client/server].so ~/.purple/plugins/
Restart Pidgin and in Tools/Plugins you should see ImRA [client/server]
If you want to use imra_console (recommended) you should install it in a directory on your path (make install will install it in /usr/local/bin and you have to be root to do this).
Once enabled you should adjust settings. Buffer dimensions it’a a try/catch task. I’ve noticed that Gmail starts to loose messages if you send a lot of messages in a short interval.
To start the remote access just open a chat with the “buddy server” and send the message:
it’s case sensitive so write it exactly as above. If there’re no errors, two FIFOs will be created. Default paths are /tmp/imra_input and /tmp/imra_output. Open a virtual terminal emulator (i.e. xterm, gnome-terminal, konsole, …). In the virtual terminal emulator you can use cat command to write input (i.e. $ cat >/tmp/imra_input) and read output (i.e. $ cat /tmp/imra_output) or simply start imra_console (it tries to open default FIFOs but you can specify them passing -i and -o options). That’s all.
- install and enable client plugin (presumably in your local PC)
- install and enable serverplugin (presumably in the PC of a buddy)
- open a virtual terminal emulator(gnome-terminal, konsole, xterm, rxvt, … world is full of vte!) and start imra_console
- start a chat with the buddy which has the server installed
- send msg #IMRA_REQ# and come back to imra_console
- if all is gone well you shoud see a very slow remote shell
I’ve implemented other 2 commands:
- #IMRA_STL: to steal a session (steal has to be enabled in server options)
- #IMRA_RST: to reset a session (reset has to be enabled in server options). This command will kill forcedly the active session if any
Policy settings are available in server plugin settings. To add/remove a buddy to a ACL just right click on the buddy and choose the operation. “Which ACLs” tells in which ACLs buddy is subscibed.
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
Street, Fifth Floor, Boston, MA 02111-1301, USA.