torch-agent/torch-pub.py

83 lines
2.6 KiB
Python

from stem.control import Controller
import stem.connection
import paho.mqtt.client as mqtt
import ssl
import socks
import socket
import json
import configparser
import argparse
from datetime import datetime
parser = argparse.ArgumentParser(description='Broadcast SSH hidden service hostname via MQTT')
parser.add_argument('--config-dir', nargs='?', dest='configPath', default='/etc/torch',
help='configuration directory (default: /etc/torch)')
args = parser.parse_args()
configPath = args.configPath
if not configPath.endswith("/"):
configPath = configPath + "/"
config = configparser.ConfigParser()
config.read(configPath + "torch.conf")
torProxyPort = config['tor'].getint('ProxyPort', fallback = 9050)
torControllerPort = config['tor'].getint('ControllerPort', fallback = 9051)
sshPort = config['ssh'].getint('Port', fallback = 22)
mqttConfig = config['mqtt']
mqttBrokerHost = mqttConfig.get('BrokerHost', fallback = "localhost")
mqttBrokerPort = mqttConfig.getint('BrokerPort', fallback = 1883)
clientID = mqttConfig.get('ClientID', fallback = socket.gethostname())
mqttTopic = mqttConfig.get('Topic', fallback = "torch/%s/onion_url" % (clientID))
mqttRequireCertificate = mqttConfig.getboolean(
'RequireCertificate',
fallback = False)
mqttCaFile = configPath + mqttConfig.get('CaFile')
mqttCertFile = configPath + mqttConfig.get('CertFile')
mqttKeyFile = configPath + mqttConfig.get('KeyFile')
with Controller.from_port(port = torControllerPort) as controller:
protocolInfo = stem.connection.get_protocolinfo(controller)
stem.connection.authenticate_safecookie(
controller,
protocolInfo.cookie_path)
service = controller.create_ephemeral_hidden_service(
sshPort,
detached = True)
onionAddress = "%s.onion" % (service.service_id)
payload = {
'clientId': clientID,
'timestamp': datetime.now().strftime("%d-%b-%Y (%H:%M:%S.%f)"),
'onionAddress': onionAddress,
'sshPort': sshPort
}
client = mqtt.Client()
if mqttRequireCertificate:
client.tls_set(
ca_certs = mqttCaFile,
certfile = mqttCertFile,
keyfile = mqttKeyFile,
cert_reqs=ssl.CERT_REQUIRED)
if mqttBrokerHost.endswith(".onion"):
client.proxy_set(proxy_type=socks.SOCKS5, proxy_addr="localhost", proxy_port=torProxyPort)
client.tls_insecure_set(True)
client.connect(mqttBrokerHost, mqttBrokerPort, 60)
client.publish(mqttTopic, json.dumps(payload))
client.disconnect()