We have moved at community.getvera.com

Author Topic: Execute Lua code remotely? e.g. through HTTP request  (Read 5977 times)

Offline mikkelj

  • Sr. Newbie
  • *
  • Posts: 42
  • Karma: +0/-0
Execute Lua code remotely? e.g. through HTTP request
« on: May 06, 2011, 10:57:09 am »
Hi guys! :)

I have a bunch of Vera-boxes that I would like to install some new stuff on. It is very inconvenient for me to get physical/LAN access to them, but I have remote access through UI4.

Now I know I can do it through UI4 -> Mios Developer -> Test Luup code (Lua) and paste something like this in the window and click go:

os.execute("wget http://domain.com/file  -O /tmp/script && sh /tmp/script")

That way I could upload (actually get the Vera box to download) some script and get the Vera box to run it and I can do all sorts of fancy stuff.

However, the forementioned "bunch" of boxes count quite a few - a hundred or so - so I'd _really_ love to do this through some HTTP call or something, so I can automate it. Some of the boxes are NAT'd so I can't easily script my way through SSHing into them etc.

Now is this possible?

Kind regards

/Mikkel
8)

Offline guessed

  • Community Beta
  • Master Member
  • ******
  • Posts: 5301
  • Karma: +92/-22
  • Release compat is not a bolted-on afterthought
Re: Execute Lua code remotely? e.g. through HTTP request
« Reply #1 on: May 06, 2011, 11:26:21 am »
Absolutely possible.  Run Firefox with Firebug plugin and watch what happens when you run test lua.  That plugin can be used to show the discrete URLs being called, along with the parameters and the responses.

From memory, there's an action called RunLua that gets invoked.... Great way to hack a remote Vera you own...

Offline Ap15e

  • Beta Testers
  • Hero Member
  • *****
  • Posts: 1998
  • Karma: +12/-0
Re: Execute Lua code remotely? e.g. through HTTP request
« Reply #2 on: May 06, 2011, 12:20:36 pm »
UPnP service: urn:micasaverde-com:serviceId:HomeAutomationGateway1
UPnP action: RunLua

Offline mikkelj

  • Sr. Newbie
  • *
  • Posts: 42
  • Karma: +0/-0
Re: Execute Lua code remotely? e.g. through HTTP request
« Reply #3 on: May 06, 2011, 07:48:19 pm »
Perfect! You guys are great :) I'll look into it..

But how do I authenticate and connect? I can't connect over WAN with the usual http://ipaddress:3480/yadda_yadda, since some of the boxes are nat'ed. I faintly remember something like http://fwd2.mios.com/PK_AccessPoint/user/pass/something-else - will that work?

Or will I have to connect through mios-cp and hijack the session id or what :) ?

Offline guessed

  • Community Beta
  • Master Member
  • ******
  • Posts: 5301
  • Karma: +92/-22
  • Release compat is not a bolted-on afterthought

Offline mikkelj

  • Sr. Newbie
  • *
  • Posts: 42
  • Karma: +0/-0


Offline futzle

  • Beta Testers
  • Master Member
  • *****
  • Posts: 3260
  • Karma: +192/-9
Re: Execute Lua code remotely? e.g. through HTTP request
« Reply #7 on: May 13, 2011, 07:50:05 am »
https://fwd2.mios.com/john/tokyo/12345/data_request?id=lu_action&serviceId=urn:micasaverde-com:serviceId:HomeAutomationGateway1&action=RunLua&Code=os.execute("touch /tmp/i_was-here")

Anyone who isn't astonished by this one hasn't really thought about it.

Put simply: you* can get Vera to run anything, as root, with a simple web request.

(On the bright side, I think we found a way to reset the root password for people who've lost theirs...)

* For "you", read "anyone who has access to your browser's history", because the password is part of the URL.

Offline mikkelj

  • Sr. Newbie
  • *
  • Posts: 42
  • Karma: +0/-0
Re: Execute Lua code remotely? e.g. through HTTP request
« Reply #8 on: May 13, 2011, 08:02:09 am »
Anyone who isn't astonished by this one hasn't really thought about it.

Put simply: you* can get Vera to run anything, as root, with a simple web request.

(On the bright side, I think we found a way to reset the root password for people who've lost theirs...)

* For "you", read "anyone who has access to your browser's history", because the password is part of the URL.

os.execute runs the input through sh -c, like the C stdlib syscall system(3).

The commands are run with the LuaUPnP daemon's privileges: root.

Code: [Select]
os.execute("id > /tmp/id") ->

root@MiOS_xxxxx:/tmp# cat /tmp/id
uid=0(root) gid=0(root)

This is what makes it so useful for me :)

But you're right, one should consider the security implications of this.
« Last Edit: May 13, 2011, 08:10:52 am by mikkelj »

Offline Ap15e

  • Beta Testers
  • Hero Member
  • *****
  • Posts: 1998
  • Karma: +12/-0
Re: Execute Lua code remotely? e.g. through HTTP request
« Reply #9 on: May 13, 2011, 08:12:53 am »
Quote
Anyone who isn't astonished by this one hasn't really thought about it.

... or knew about it (and other security risks) before.  :)