Execute Lua code remotely? e.g. through HTTP request

Hi guys!

I have a bunch of Vera-boxes that I would like to install some new stuff on. It is very inconvenient for me to get physical/LAN access to them, but I have remote access through UI4.

Now I know I can do it through UI4 → Mios Developer → Test Luup code (Lua) and paste something like this in the window and click go:

os.execute(“wget http://domain.com/file -O /tmp/script && sh /tmp/script”)

That way I could upload (actually get the Vera box to download) some script and get the Vera box to run it and I can do all sorts of fancy stuff.

However, the forementioned “bunch” of boxes count quite a few - a hundred or so - so I’d really love to do this through some HTTP call or something, so I can automate it. Some of the boxes are NAT’d so I can’t easily script my way through SSHing into them etc.

Now is this possible?

Kind regards

/Mikkel
8)

Absolutely possible. Run Firefox with Firebug plugin and watch what happens when you run test lua. That plugin can be used to show the discrete URLs being called, along with the parameters and the responses.

From memory, there’s an action called RunLua that gets invoked… Great way to hack a remote Vera you own…

UPnP service: [tt]urn:micasaverde-com:serviceId:HomeAutomationGateway1[/tt]
UPnP action: [tt]RunLua[/tt]

Perfect! You guys are great I’ll look into it…

But how do I authenticate and connect? I can’t connect over WAN with the usual http://ipaddress:3480/yadda_yadda, since some of the boxes are nat’ed. I faintly remember something like http://fwd2.mios.com/PK_AccessPoint/user/pass/something-else - will that work?

Or will I have to connect through mios-cp and hijack the session id or what ?

I think you meant this:
http://wiki.micasaverde.com/index.php/UI_Simple#Mode_1:_Basic_setup_and_locating_the_engine

[quote=“guessed, post:5, topic:168273”]I think you meant this:
http://wiki.micasaverde.com/index.php/UI_Simple#Mode_1:_Basic_setup_and_locating_the_engine[/quote]

Exactly right Thanks a lot

Just to finish this off. To run Lua-code remotely:

http://ip-address:3480/data_request?id=lu_action&serviceId=urn:micasaverde-com:serviceId:HomeAutomationGateway1&action=RunLua&Code=LUA_CODE_GOES_HERE

or

https://fwd2.mios.com/USERNAME/PASSWORD/PK_ACCESSPOINT/data_request?id=lu_action&serviceId=urn:micasaverde-com:serviceId:HomeAutomationGateway1&action=RunLua&Code=LUA_CODE_GOES_HERE

e.g.

https://fwd2.mios.com/john/tokyo/12345/data_request?id=lu_action&serviceId=urn:micasaverde-com:serviceId:HomeAutomationGateway1&action=RunLua&Code=os.execute(“touch /tmp/i_was-here”)

Anyone who isn’t astonished by this one hasn’t really thought about it.

Put simply: you* can get Vera to run anything, as root, with a simple web request.

(On the bright side, I think we found a way to reset the root password for people who’ve lost theirs…)

• For “you”, read “anyone who has access to your browser’s history”, because the password is part of the URL.

[quote=“futzle, post:8, topic:168273”]Anyone who isn’t astonished by this one hasn’t really thought about it.

Put simply: you* can get Vera to run anything, as root, with a simple web request.

(On the bright side, I think we found a way to reset the root password for people who’ve lost theirs…)

• For “you”, read “anyone who has access to your browser’s history”, because the password is part of the URL.[/quote]

os.execute runs the input through sh -c, like the C stdlib syscall system(3).

The commands are run with the LuaUPnP daemon’s privileges: root.

[code]os.execute(“id > /tmp/id”) →

root@MiOS_xxxxx:/tmp# cat /tmp/id
uid=0(root) gid=0(root)[/code]

This is what makes it so useful for me

But you’re right, one should consider the security implications of this.

Anyone who isn't astonished by this one hasn't really thought about it.

… or knew about it (and other security risks) before.