Reputation: 11253
Creating a bot-like configuration with ejabberd?
How to implement a bot with ejabberd?
The idea is that on my (Debian 7.0 Wheezy) VPS, I'm running ejabberd and there I have a special bot Jabber user with limited set of commands that he can run. Let's call him [email protected].
On another box (say, my android phone), I have a Jabber client connected to my account at possibly a third party server. Let's call it [email protected].
Now I want ejabberd to:
allow only one specific Jabber ID, [email protected] to ever communicate with this [email protected].
have everything typed into chat with [email protected] passed to shell and executed as a command, possibly in a chrooted or another protected environment (e.g. using a specific limited user). (And the STDOUT + STDERR returned as a reply, of course.)
I understand there can be security risks, but for now I just want to know if this the way to go.
Upvotes: 0
Views: 1723
Answers (1)
Reputation: 7924
You can simply write a bot in any language and have it connect to the XMPP server as a client. A list of XMPP client libraries can be found here.
The bot can check the JID in the 'from' attribute of messages it receives to verify identity. It is not generally possible to forge a JID in XMPP, as servers authenticate their clients and also each other. In reality however it is only as secure as the authentication methods used (and the server containing no bugs).
To execute commands and read the results, a PTY is a good easy solution. There are PTY libraries available in many languages, including Python, Ruby and Lua.
You are right that security is an issue, as with any system. Years of effort have gone into securing ssh, and issues still arise occasionally.
It is worth noting that Google's XMPP server does not support encryption for server-to-server connections, so someone on a network between your XMPP server and Google's would be able to see your messages, and potentially modify and/or forge them completely.
And finally, even if they did support encryption for the server-to-server link... Google themselves technically have the ability to send messages as you, and your phone would also be a potential weak point.
Isolating the target process will remove a lot of security concerns. If the server runs on Linux, LXC containers might be a good solution for you.
Hopefully this covers all aspects of your question!
Upvotes: 1
Related Questions
- Is there an ejabberd module that sends stanzas using webhooks?
- How to call ejabberd Administrator API
- Ejabberd - Send & Receive messages via Bot
- Simulating online user in eJabberd with Tsung
- In XMPP How to have contact JIDs that are actually "virtual bots" that inherit from a single physical "super bot"?
- How to plan messages on ejabberd?
- XMPP Ejabberd chat server
- EJabberd Simple Examples
- Ejabberd, Python: Check user, if not create
- Xmpp ejabberd and add-user command