From 57c3e5149a22015252121640a60eea4bf3fcbc55 Mon Sep 17 00:00:00 2001 From: Deon George Date: Tue, 16 Mar 2021 20:59:44 +1100 Subject: [PATCH] Moved Doorparty out into its own container --- Dockerfile | 40 +---------- doorparty.js | 38 +++++++++++ doorparty.sh | 20 ------ init | 1 - sshd_config | 129 ----------------------------------- supervisord.d/doorparty.conf | 3 - supervisord.d/openssh.conf | 3 - 7 files changed, 39 insertions(+), 195 deletions(-) create mode 100644 doorparty.js delete mode 100755 doorparty.sh delete mode 100644 sshd_config delete mode 100644 supervisord.d/doorparty.conf delete mode 100644 supervisord.d/openssh.conf diff --git a/Dockerfile b/Dockerfile index 3c7c210..387c6f6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,43 +53,6 @@ RUN apt-get update \ && rm -rf /opt/sbbs/repo \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -# Add SSH -RUN apt-get update \ - && apt-get install -yqq openssh-server \ - && apt-get -y autoremove \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -# Add Doorparty -RUN apt-get update \ - && apt-get install -yqq golang git \ - && cd /tmp && git clone https://github.com/echicken/dpc2 \ - && cd dpc2 && echo -n 'ZGlmZiAtLWdpdCBhL2Rvb3JwYXJ0eS1jb25uZWN0b3IuZ28gYi9kb29ycGFydHktY29ubmVjdG9y\ -LmdvCmluZGV4IDE4NzNhZTUuLjc3NmFhOGUgMTAwNjQ0Ci0tLSBhL2Rvb3JwYXJ0eS1jb25uZWN0\ -b3IuZ28KKysrIGIvZG9vcnBhcnR5LWNvbm5lY3Rvci5nbwpAQCAtMTMyLDcgKzEzMiw3IEBAIGZ1\ -bmMgaW5pdCgpIHsKIAogZnVuYyBtYWluKCkgewogCi0JY2ZnLCBlcnIgOj0gaW5pLkxvYWQoImRv\ -b3JwYXJ0eS1jb25uZWN0b3IuaW5pIikKKwljZmcsIGVyciA6PSBpbmkuTG9hZCgiL29wdC9zYmJz\ -L2N0cmwvZG9vcnBhcnR5LWNvbm5lY3Rvci5pbmkiKQogCWlmIGVyciAhPSBuaWwgewogCQlsb2cu\ -RmF0YWxmKCJFcnJvciByZWFkaW5nIGRvb3JwYXJ0eS1jb25uZWN0b3IuaW5pOiAldiIsIGVycikK\ -IAl9Cg=='|base64 -d |git apply \ - && go get gopkg.in/ini.v1 \ - && go get golang.org/x/crypto/ssh \ - && go build -i doorparty-connector.go \ - && echo -n 'LS0tIC9zcnYvZG9ja2VyL3NiYnMvbW9kcy9kb29ycGFydHkuanMJMjAyMS0wMS0xMyAyMjozNTox\ -Ni4wNzQyNzk2MDggKzExMDAKKysrIC4vc3luY2hyb25ldC9kb29ycGFydHkuanMJMjAyMS0wMS0x\ -MyAyMzoyMjoyMi44MzgwNjU4MzIgKzExMDAKQEAgLTMzLDcgKzMzLDcgQEAKICAgICAoY2ZnLnR1\ -bm5lbF9ob3N0IHx8ICdsb2NhbGhvc3QnKSArICc6JyArIChjZmcudHVubmVsX3BvcnQgfHwgOTk5\ -OSksCiAgICAgZ2V0X3Bhc3N3b3JkKCksIC8vIHBhc3N3b3JkCiAgICAgdXNlci5hbGlhcywKLSAg\ -ICBhcmd2Lmxlbmd0aCA/IGFyZ3ZbMF0gOiB1bmRlZmluZWQKKyAgICBhcmd2Lmxlbmd0aCA/ICd4\ -dHJuPScrYXJndlswXSA6IHVuZGVmaW5lZAogKTsKIAogY29uc29sZS5hdHRyaWJ1dGVzID0gYXR0\ -cjsK'|base64 -d |git apply \ - && mv doorparty-connector synchronet/doorparty.js /opt/sbbs/exec \ - && mv doorparty-connector.ini /opt/sbbs/ctrl.orig \ - && apt-get -y purge golang git \ - && apt-get -y autoremove \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - # Add PHP RUN apt-get update \ && apt-get install -yqq composer php-cgi php-fpm php-gd php-sqlite3 php-xml \ @@ -103,9 +66,8 @@ ENV SBBSEXEC=/opt/sbbs/exec ENV PATH=$PATH:${SBBSEXEC} COPY start.sh ${SBBSEXEC}/ -COPY doorparty.sh ${SBBSEXEC}/ +COPY doorparty.js ${SBBSEXEC}/ COPY main.cnf /opt/sbbs/ctrl.orig/ -COPY sshd_config /opt/sbbs/ctrl.orig/ VOLUME [ "/var/lib/zerotier-one" ] VOLUME [ "/opt/sbbs/data","/opt/sbbs/ctrl","/opt/sbbs/fido","/opt/sbbs/mods","/opt/sbbs/text" ] diff --git a/doorparty.js b/doorparty.js new file mode 100644 index 0000000..32ce7df --- /dev/null +++ b/doorparty.js @@ -0,0 +1,38 @@ +load('sbbsdefs.js'); +var userprops = load({}, "userprops.js"); +var cfg = load({}, 'modopts.js', "doorparty") || {}; + +var attr = console.attributes; + +function make_password() { + var c; + var p = []; + while (p.length < 8) { + c = ascii(Math.ceil(Math.random() * 58) + 32); + if (p.indexOf(c) > -1) continue; + p.push(c); + } + return p.join(''); +} + +function get_password() { + if (cfg.password) return cfg.password; // If a system-wide password has been set, use it + var password = userprops.get('doorparty', 'password', ''); + if (password != '') return password; // If the user has a DoorParty password on file, use it + password = make_password(); + userprops.set('doorparty', 'password', password); // Store a DoorParty password for this user + return password; +} + +console.clear(LIGHTGRAY); +console.putmsg('Connecting to DoorParty, please wait ...'); + +bbs.rlogin_gate( + (cfg.tunnel_host || 'localhost') + ':' + (cfg.tunnel_port || 9999), + get_password(), // password + user.alias, + argv.length ? 'xtrn='+argv[0] : undefined +); + +console.attributes = attr; +console.clear(); diff --git a/doorparty.sh b/doorparty.sh deleted file mode 100755 index 6e23a34..0000000 --- a/doorparty.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -GROUP=doorparty -GID=1000 -USERS=${SBBSCTRL}/doorparty-connector.users - -if ! grep -qe ^${GROUP}: /etc/group; then - groupadd -g ${GID} ${GROUP} -fi - -if [ -r ${USERS} ]; then - cat ${USERS} | while read line; do - user=$(echo ${line}|awk -F: '{print $1}') - if ! grep -qe ^${user}: /etc/passwd; then - echo "+ Adding Door Party User: ${user}" - useradd -c "Door Party User" -g ${GROUP} -MN -s /usr/sbin/nologin ${user} - echo -n $line | chpasswd - fi - done -fi diff --git a/init b/init index 689652c..6c98aa4 100755 --- a/init +++ b/init @@ -43,6 +43,5 @@ if [ -n "$1" ]; then else # Start Supervisord echo "* Starting supervisord" - mkdir /run/sshd exec /usr/bin/supervisord -nc /etc/supervisor/supervisord.conf fi diff --git a/sshd_config b/sshd_config deleted file mode 100644 index f55f69e..0000000 --- a/sshd_config +++ /dev/null @@ -1,129 +0,0 @@ -# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -Port 2022 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin prohibit-password -PermitRootLogin no -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes -PubkeyAuthentication no - -# Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM no - -#AllowAgentForwarding yes -AllowAgentForwarding no -#AllowTcpForwarding yes -AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PermitTTY no -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#ChrootDirectory /tmp -#VersionAddendum none - -# no default banner path -#Banner none - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# override default of no subsystems -#Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server -#DisableForwarding yes -PermitOpen haproxy_tcp:513 diff --git a/supervisord.d/doorparty.conf b/supervisord.d/doorparty.conf deleted file mode 100644 index cdb6fa0..0000000 --- a/supervisord.d/doorparty.conf +++ /dev/null @@ -1,3 +0,0 @@ -[program:doorparty] -command=/opt/sbbs/exec/doorparty-connector -stopwaitsecs=60 diff --git a/supervisord.d/openssh.conf b/supervisord.d/openssh.conf deleted file mode 100644 index 3ab7d72..0000000 --- a/supervisord.d/openssh.conf +++ /dev/null @@ -1,3 +0,0 @@ -[program:openssh] -command=/usr/sbin/sshd -f /opt/sbbs/ctrl/sshd_config -D -stopwaitsecs=60