10 KiB
SYNOPSIS
xmppipe [options] [jid]
DESCRIPTION
xmppipe - stdio over XMPP
xmppipe redirects stdin/stdout in a shell pipeline to an XMPP MUC (XEP-0045) or a one to one chat:
- supports flow control using stream management (XEP-0198)
- optionally deals with overload by acting as a circuit breaker or by discarding messages
- works with line oriented tools like grep, sed and awk by outputting each message as a newline terminated, percent-encoded string
xmppipe can be used in shell scripts to quickly write interactive bots for monitoring systems or for sending alerts.
USAGE
xmppipe [*options*]
XMPPIPE_USERNAME=me@example.com
XMPPIPE_PASSWORD="password"
# default name: stdout-*hostname*-*uid*
xmpipe
xmppipe muc
xmppipe muc@example.com
REQUIREMENTS
-
libstrophe 0.9.2 or later is required for TLS certificate verification.
BUILD
$ make
Tests
# Install bats:
# apt-get install bats
# git clone https://github.com/sstephenson/bats.git # or from git
make test
PROCESS RESTRICTIONS
xmppipe restricts process operations at 2 points:
-
a permissive "init" sandbox allowing network connections to the XMPP server
-
once the connection is established, a stricter "stdio" sandbox limits the process to I/O operations
The effectiveness of the process restrictions depend on which mechanism is used. By default:
-
Linux:
- init: seccomp(2)
- stdio: seccomp(2)
-
OpenBSD:
- init: pledge(2)
- stdio: pledge(2)
-
FreeBSD:
- init: setrlimit(2)
- stdio: setrlimit(2)/capsicum(4)
-
other: setrlimit(2)
- init: setrlimit(2)
- stdio: setrlimit(2)
Selecting which process restrictions are enforced is done at compile time. For example, to use the "rlimit" process restrictions:
RESTRICT_PROCESS=rlimit make
If the process restrictions are interfering with normal operation, please open an issue. To disable all process restrictions, compile using the "null" sandbox:
RESTRICT_PROCESS=null make
OPTIONS
- -u, --username JID
- XMPP username: takes precedence over environment variable
- -p, --password password
- XMPP password: takes precedence over environment variable
- -r, --resource resource
- XMPP resource, used as the nickname in the MUC
- -S, --subject subject
- XMPP MUC subject
- -a, --address address[:port]
- Specify the IP address and port of the XMPP server
- -F, --format text:csv
- stdin is text (default) or colon separated values
- -d, --discard
- Discard stdin when MUC is empty
- -D, --discard-to-stdout
- Discard stdin and print to local stdout
- -e, --ignore-eof
- Ignore stdin EOF
- -s, --exit-when-empty
- Exit when MUC is empty
- -x, --base64
- Base64 encode/decode data
- -b, --buffer-size size
- Size of read buffer
- -I, --interval interval
- Request stream management status every interval messages
- -k, --keepalive seconds
- Periodically send a keepalive
- -K, --keepalive-failures count
- Number of keepalive failures before exiting
- -P, --poll-delay ms
- Poll delay
- -v, --verbose
- Increase verbosity
- -V, --version
- Display version
- --chat
- Use one to one chat
- --no-tls-verify
- Disable TLS certificate verification
ENVIRONMENT VARIABLES
- XMPPIPE_USERNAME
- XMPP jid
- XMPPIPE_PASSWORD
- XMPP password
DECODING PERCENT-ENCODED STRINGS
Using bash:
decode() {
printf '%b' "${1//%/\\x}"
}
EXAMPLES
Shell Bot
An interactive XMPP bot written in the shell:
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
decode() {
printf '%b' "${1//%/\\x}"
}
bot() {
while IFS=: read -r stanza type from to body; do
case "$stanza" in
m) ;;
p)
decode "$stanza:$type:$from:$to" 1>&2
echo 1>&2
continue
;;
*) continue ;;
esac
USER="$(decode "${from#*/}")"
MSG="$(decode "${body}")"
case $MSG in
*"has set the subject to:"*) ;;
"sudo make me a sandwich")
echo "$USER: you're a sandwich"
;;
sudo*)
echo "I'm sorry, $USER. I'm afraid I can't do that."
;;
uptime)
uptime
;;
exit)
echo "exiting ..."
exit 0
;;
*)
echo "$MSG"
;;
esac
done
}
coproc bot
xmppipe "$@" <&"${COPROC[0]}" >&"${COPROC[1]}"
Sending Notifications/Alerts
Start xmppipe
attached to a pipe:
mkfifo /tmp/xmpp
xmppipe -o groupchat <>/tmp/xmpp
Any data written to the pipe will be sent to the groupchat:
echo "test" >/tmp/xmpp
df -h >/tmp/xmpp
git diff >/tmp/xmpp
SSH over XMPP
# Server: has access to the destination SSH server
# ssh-over-xmpp server <conference> <IP address> <port>
ssh-over-xmpp server sshxmpp 1.2.3.4 22
## Client: has access to the XMPP server
ssh -o ProxyCommand="ssh-over-xmpp client sshxmpp" 127.0.0.1
Stream Events from Riemann
This example will stream events from a query to an XMPP MUC using Riemann's SSE interface. The events are written to a named pipe to avoid buffering.
coproc curl -s --get --data subscribe=true \
--data-urlencode 'query=(service ~= "^example")' \
http://example.com:80/index </dev/null
xmppipe --verbose --verbose \
--discard --subject "riemann events" muc <&"${COPROC[0]}"
Desktop Notifications
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
decode() {
printf '%b' "${1//%/\\x}"
}
MUC=""
while getopts ":o:" opt; do
case $opt in
o) MUC="$OPTARG" ;;
*) ;;
esac
done
xmppipe "$@" | while IFS=: read stanza type from to body; do
case "$stanza" in
m) notify-send "$MUC" "$(decode "$body")" ;;
*) continue ;;
esac
done
Mirror a terminal session using script(1)
- user
#!/bin/bash
MUC=console
TMPDIR=$(mktemp -d)
FIFO=$TMPDIR/console
mkfifo "$FIFO"
stty cols 80 rows 24
xmppipe --resource user -x $MUC < "$FIFO" >/dev/null 2>"$TMPDIR/stderr" &
script -q -f "$FIFO"
- viewers
#!/bin/bash
decode() {
printf '%b' "${1//%/\\x}"
}
stty cols 80 rows 24
xmppipe --resource viewer --base64 console |
while IFS=: read -r x s f t m; do
[ "$m" = "m" ] && decode "$m"
done
Image Upload
Upload an image using HTTP Upload (XEP-0363) then display it inline.
image-upload -o groupchat
# file must be in the same working directory as image-upload
echo "upload::::example.png" >/tmp/image_upload/stdin
FORMAT
Each message is terminated by a new line. Message fields are separated by ":" and percent encoded.
Colon separated values are accepted as input if the input format type
is set to csv (--format=csv
).
Presence
p:<available|unavailable>:<to jid>:<from jid>
Input/Output
Both
Example
p:available:test@muc.example.com/xmppipe:occupant@example.com/1234
Message
m:<chat|groupchat|normal|headline>:<from jid>:<to jid>:<message body>
Input/Output
Both
Example
m:groupchat:test@muc.example.com/mobile:user1@example.com/1234:Hello
m:chat:user1@example.com/mobile:user2@example.com:Message%20goes%20here
Inline Image
Inline images will add a hint so clients (notably Conversations) will display the image instead of a URL.
- type, from and to are optional
- message body: the percent escaped URL
I:<chat|groupchat|normal|headline>:<from jid>:<to jid>:<url>
Input/Output
Input only
Example
I::::https%3A%2F%2Fhttpstatusdogs.com%2Fimg%2F500.jpg
XEP-0363: HTTP Upload
HTTP uploads create an upload slot. The XMPP server will respond with
get
and put
URLs. The put
URL can be used to upload the file using,
e.g., curl
. The get
URL is used by clients for downloading the file.
Note: xmppipe creates the upload slot. Another utility, such as curl, can be used to upload the file.
The input format is:
- type, from and to are optional
- message body: percent escaped, pipe separated value
- filename
- size
- optional: MIME type
u:<chat|groupchat|normal|headline>:<from jid>:<to jid>:<filename>|<size (bytes)>[|<content-type>]
The output format is:
- type, from and to are optional
- message body: percent escaped, pipe separated value
- get URL
- put URL
U:<chat|groupchat|normal|headline>:<from jid>:<to jid>:<get URL>|<put URL>
Example
# $ stat --format="%s" example.png
# 16698
u::::example.png%7C16698
# also specify content type
u::::example.png%7C16698%7Cimage%2Fpng
# server response: slot created
U:groupchat:upload.example.com:user@example.com/123:https%3A//example.com/upload/0b9da82fea20a78778cbeddeab0472286cc35ed1/xyEaWFVZv3sv5ay9AGH5qBU02gglZRyUeGbjQg3k/example.png%7chttps%3A//example.com/upload/0b9da82fea20a78778cbeddeab0472286cc35ed1/xyEaWFVZv3sv5ay9AGH5qBU02gglZRyUeGbjQg3k/example.png
# to upload the file
curl https://example.com/upload/0b9da82fea20a78778cbeddeab0472286cc35ed1/xyEaWFVZv3sv5ay9AGH5qBU02gglZRyUeGbjQg3k/example.png --upload-file example.png
COMPATIBILITY
Testing is done with ejabberd.
Also confirmed to work with:
- ejabberd (creep.im)
- prosody (dismail.de)
- openfire (jab.im)
- tigase (tigase.im)
- mongooseim
LICENSE
Copyright (c) 2015-2023, Michael Santos michael.santos@gmail.com
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
TODO
-
support XEP-0384: OMEMO Encryption
-
support alternative input modes
- "raw" mode: XML input/output
-
HTTP Upload
- support PUT header elements
- handle error conditions