Tuesday, April 24, 2018

Controlling invisible machines with emails, from Java

Here is the problem

You have your network at home, with several machines connected to it (laptops, tablets, Raspberry PIs, phones, etc). Your home network is a Local Area Network (aka LAN), the machines can see each other, but they cannot be seen from outside, from the Internet.
You may very well want to deal with those machines while away from home, to restart services, launch a new program, or even reboot.
In the configuration mentioned above, this is simple, you just cannot do it. And that is frustrating!
There is a way though. Those machines on your home LAN can send and receive emails...

Using JavaMail

JavaMail is a Java package that has been available for ever, it understands the email protocols (IMAP, POP3, SMTP, etc), and can be used to interact with email accounts programmatically.

An example

There is an example of such an interaction on this github repository.
The fastest way to get it running is to run the following commands (these are for Linux - and MacOS - on Windows, use the git shell):
$ git clone https://github.com/OlivierLD/raspberry-pi4j-samples.git
$ cd raspberry-pi4j-samples
$ cd common-utils
$ ../gradlew shadowJar
$ cp email.properties.sample email.properties
$ vi email.properties
$ # Here you modify your properties file to match your email account
$ java -cp ./build/libs/common-utils-1.0-all.jar email.examples.EmailWatcher -send:google -receive:google
The -send:google -receive:google depends on the settings in your email.properties.
Then, to the account mentioned in the email.properties, send a message like this:
Subject: execute
uname -a
Note: this example requires the content to be in plain/text.
Once the message is received by the EmailWatcher, it sends you an acknowledgement:
Then, the 3 commands are processed by the EmailWatcher, you would see in its console an output like that:
Start receiving.
uname -a

Operation: [execute], sent for processing...
lo0: flags=8049 mtu 16384
 inet netmask 0xff000000 
 inet6 ::1 prefixlen 128 
And finally, you receive an email like that:
... meaning that the commands you've sent have been executed.

You can also attach the script to execute to a blank email, with topic execute-script:
Attach a file like this:

ps -ef | grep EmailWatcher
... and just wait for the result to come back to you:
Scripts execution returned: 
eth0: flags=4099  mtu 1500
        ether a4:ba:db:c9:04:2e  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 18  

lo: flags=73  mtu 65536
        inet  netmask
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 1  (Local Loopback)
        RX packets 9215  bytes 2022884 (1.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9215  bytes 2022884 (1.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163  mtu 1500
        inet  netmask  broadcast
        inet6 fe80::4038:1f53:b94f:ccc2  prefixlen 64  scopeid 0x20
        ether 78:e4:00:78:ad:8f  txqueuelen 1000  (Ethernet)
        RX packets 8848724  bytes 696021134 (663.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 18848059
        TX packets 6040965  bytes 795472510 (758.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 17  base 0xc000  

pi      12476 12472  1 16:39 pts/0    00:00:53 java -cp ./build/libs/RasPISamples-1.0-all.jar weatherstation.email.EmailWatcher -send:google -receive:google
pi      16204 16199  0 18:04 pts/0    00:00:00 grep EmailWatcher
>> sh ./attachments/2018-04-26_18-04-27/sample.sh returned status 0


This process is not synchronous, this could be a drawback... But still, it allows you to interact remotely with machines invisible from the Internet.

Having the command

java -cp ./build/libs/common-utils-1.0-all.jar email.examples.EmailWatcher -send:google -receive:google
fired when the machine boots will allow you make sure it is waiting for your emails as soon as the machine is up.

This EmailWatcher as it is also allows you to execute scripts, attached to the email. Look into the code for details ;)
It is even possible to ssh to another machine and execute a bunch of commands stored in a script... The command you send in the email's body would be like

ssh pi@ bash -s < ~/nodepi.banner.sh
If a password is required, use sshpass:
sshpass -p 'secret-password' ssh pi@ bash -s < ~/nodepi.sudo.sh
You can even sudo:
echo 'secret-password' | sudo -S privilegedCommand
This can be dangerous, hey? With great power come great responsibilities...

No comments:

Post a Comment