August 2011 - tor-commits - lists.torproject.org

[arm/master] fix: skipping torrc backup when for system copy
by atagar＠torproject.org 06 Aug '11

06 Aug '11

commit 784d618b22a800f3abe148b0cb178b12cc7f3d05 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 27 13:35:40 2011 -0700 fix: skipping torrc backup when for system copy The wizard attempts to back up the torrc but, if we're editing the system copy, we'll lack the permissions for this. The override.py makes its own backup so this is fine. --- src/cli/wizard.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index 31f2f70..6d9d488 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -353,7 +353,7 @@ def showWizard(): # if the torrc already exists then save it to a _bak file isBackedUp = False - if os.path.exists(torrcLocation): + if os.path.exists(torrcLocation) and not isSystemReplace: try: shutil.copy(torrcLocation, torrcLocation + "_bak") isBackedUp = True

1 0

[arm/master] fix: hardcoding path for override script
by atagar＠torproject.org 06 Aug '11

06 Aug '11

commit f1792cdb7790c4dbfbff4f244aeb0a9bf0dc4f11 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 27 11:10:31 2011 -0700 fix: hardcoding path for override script Header file for the setuid wrapper required on the make file for determining the path for the python script it executes. Moving this into the header file instead. --- src/resources/torrcOverride/override.h | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/resources/torrcOverride/override.h b/src/resources/torrcOverride/override.h index 65adc9d..8bb8869 100644 --- a/src/resources/torrcOverride/override.h +++ b/src/resources/torrcOverride/override.h @@ -1 +1 @@ -#define TOR_ARM_REPLACE_TORRC HELPER_NAME +#define TOR_ARM_REPLACE_TORRC /usr/share/arm/resources/torrcOverride/override.py

1 0

[arm/master] fix: existance check before removing paths
by atagar＠torproject.org 06 Aug '11

06 Aug '11

commit 3af68f600f58f3a791958a94d274d70676efeec7 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 27 06:19:13 2011 -0700 fix: existance check before removing paths --- src/resources/torrcOverride/override.py | 23 ++++++++++++----------- 1 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/resources/torrcOverride/override.py b/src/resources/torrcOverride/override.py index 3e42892..21e6b28 100755 --- a/src/resources/torrcOverride/override.py +++ b/src/resources/torrcOverride/override.py @@ -102,18 +102,19 @@ def remove(): print "removing %s group..." % GROUP os.system("delgroup --quiet %s" % GROUP) - # might not exist since this is compiled and placed separately - try: - print "removing '/bin/torrc-override'..." - os.remove("/bin/torrc-override") - except OSError: - print " no such path" + if os.path.exists("/bin/torrc-override"): + try: + print "removing '/bin/torrc-override'..." + os.remove("/bin/torrc-override") + except OSError, exc: + print " unsuccessful: %s" % exc - try: - print "removing '/var/lib/tor-arm'..." - shutil.rmtree("/var/lib/tor-arm/") - except Exception, exc: - print " unsuccessful: %s" % exc + if os.path.exists("/var/lib/tor-arm/"): + try: + print "removing '/var/lib/tor-arm'..." + shutil.rmtree("/var/lib/tor-arm/") + except Exception, exc: + print " unsuccessful: %s" % exc def replaceTorrc(): orig_uid = os.getuid()

1 0

[arm/master] fix: renaming torrc-override to torrcOverride
by atagar＠torproject.org 06 Aug '11

06 Aug '11

commit b05003e808913ec89a206ae9abec7031392e902b Author: Damian Johnson <atagar(a)torproject.org> Date: Tue Jul 26 19:26:51 2011 -0700 fix: renaming torrc-override to torrcOverride Everything else uses camel case so changing to match. --- src/resources/torrc-override/override.c | 50 ------ src/resources/torrc-override/override.h | 1 - src/resources/torrc-override/override.py | 265 ------------------------------ src/resources/torrcOverride/override.c | 50 ++++++ src/resources/torrcOverride/override.h | 1 + src/resources/torrcOverride/override.py | 265 ++++++++++++++++++++++++++++++ 6 files changed, 316 insertions(+), 316 deletions(-) diff --git a/src/resources/torrc-override/override.c b/src/resources/torrc-override/override.c deleted file mode 100644 index b989584..0000000 --- a/src/resources/torrc-override/override.c +++ /dev/null @@ -1,50 +0,0 @@ -// -// This is a very small C wrapper that invokes -// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py to work around setuid scripting -// issues on the Gnu/Linux operating system. -// -// We assume you have installed it as such for GROUP -// "debian-arm" - This should ensure that only members of the GROUP group will -// be allowed to run this program. When run this program will execute the -// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py program and will run with the -// uid and group as marked by the OS. -// -// Compile it like so: -// -// make -// -// Or by hand like so: -// -// gcc -o tor-arm-replace-torrc tor-arm-replace-torrc.c -// -// Make it useful like so: -// -// chown root:debian-arm tor-arm-replace-torrc -// chmod 04750 tor-arm-replace-torrc -// -// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -// -// If you place a user inside of the $GROUP - they are now able to reconfigure -// Tor. This may lead them to do nasty things on your system. If you start Tor -// as root, you should consider that adding a user to $GROUP is similar to -// giving those users root directly. -// -// This program was written simply to help a users who run arm locally and is -// not required if arm is communicating with a remote Tor process. -// -// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -// -// - -#include <stdio.h> -#include <stdlib.h> -#include <sys/types.h> -#include <unistd.h> -#include "tor-arm-replace-torrc.h" - -int main() -{ - return execve(TOR_ARM_REPLACE_TORRC, NULL, NULL); -} diff --git a/src/resources/torrc-override/override.h b/src/resources/torrc-override/override.h deleted file mode 100644 index 65adc9d..0000000 --- a/src/resources/torrc-override/override.h +++ /dev/null @@ -1 +0,0 @@ -#define TOR_ARM_REPLACE_TORRC HELPER_NAME diff --git a/src/resources/torrc-override/override.py b/src/resources/torrc-override/override.py deleted file mode 100755 index 6cfdbc6..0000000 --- a/src/resources/torrc-override/override.py +++ /dev/null @@ -1,265 +0,0 @@ -#!/usr/bin/python - -""" -This overwrites the system wide torrc, located at /etc/tor/torrc, with the -contents of the ARM_CONFIG_FILE. The system wide torrc is owned by root so -this will effectively need root permissions and for us to be in GROUP. - -This file is completely unusable until we make a tor-arm user and perform -other prep by running with the '--init' argument. - -After that's done this is meant to either be used by arm automatically after -writing a torrc to ARM_CONFIG_FILE or by users manually. For arm to use this -automatically you'll either need to... - -- compile torrc-override.c, setuid on the binary, and move it to your path - cd /usr/share/arm/resources/torrc-override - make - chown root:tor-arm override - chmod 04750 override - mv override /usr/bin/torrc-override - -- allow passwordless sudo for this script - edit /etc/sudoers and add a line with: - <arm user> ALL= NOPASSWD: /usr/share/arm/resources/torrc-override/override.py - -To perform this manually run: -/usr/share/arm/resources/torrc-override/override.py -pkill -sighup tor -""" - -import os -import sys -import grp -import pwd -import time -import shutil -import tempfile -import signal - -USER = "tor-arm" -GROUP = "tor-arm" -TOR_CONFIG_FILE = "/etc/tor/torrc" -ARM_CONFIG_FILE = "/var/lib/tor-arm/torrc" - -HELP_MSG = """Usage %s [OPTION] - Backup the system wide torrc (%s) and replace it with the - contents of %s. - - --init creates the necessary user and paths - --remove reverts changes made with --init -""" % (os.path.basename(sys.argv[0]), TOR_CONFIG_FILE, ARM_CONFIG_FILE) - -def init(): - """ - Performs system preparation needed for this script to run, adding the tor-arm - user and setting up paths/permissions. - """ - - # the following is just here if we have a custom destination directory (which - # arm doesn't currently account for) - if not os.path.exists("/bin/"): - print "making '/bin'..." - os.mkdir("/bin") - - if not os.path.exists("/var/lib/tor-arm/"): - print "making '/var/lib/tor-arm'..." - os.makedirs("/var/lib/tor-arm") - - if not os.path.exists("/var/lib/tor-arm/torrc"): - print "making '/var/lib/tor-arm/torrc'..." - open("/var/lib/tor-arm/torrc", 'w').close() - - try: gid = grp.getgrnam(GROUP).gr_gid - except KeyError: - print "adding %s group..." % GROUP - os.system("addgroup --quiet --system %s" % GROUP) - gid = grp.getgrnam(GROUP).gr_gid - print " done, gid: %s" % gid - - try: pwd.getpwnam(USER).pw_uid - except KeyError: - print "adding %s user..." % USER - os.system("adduser --quiet --ingroup %s --no-create-home --home /var/lib/tor-arm/ --shell /bin/sh --system %s" % (GROUP, USER)) - uid = pwd.getpwnam(USER).pw_uid - print " done, uid: %s" % uid - - os.chown("/bin", 0, 0) - os.chown("/var/lib/tor-arm", 0, gid) - os.chmod("/var/lib/tor-arm", 0750) - os.chown("/var/lib/tor-arm/torrc", 0, gid) - os.chmod("/var/lib/tor-arm/torrc", 0760) - -def remove(): - """ - Reverts the changes made by init, and also removes the optional - /bin/torrc-override binary if it exists. - """ - - print "removing %s user..." % USER - os.system("deluser --quiet %s" % USER) - - print "removing %s group..." % GROUP - os.system("delgroup --quiet %s" % GROUP) - - # might not exist since this is compiled and placed separately - try: - print "removing '/bin/torrc-override'..." - os.remove("/bin/torrc-override") - except OSError: - print " no such path" - - try: - print "removing '/var/lib/tor-arm'..." - shutil.rmtree("/var/lib/tor-arm/") - except Exception, exc: - print " unsuccessful: %s" % exc - -def replaceTorrc(): - orig_uid = os.getuid() - orig_euid = os.geteuid() - - # the USER and GROUP must exist on this system - try: - dropped_uid = pwd.getpwnam(USER).pw_uid - dropped_gid = grp.getgrnam(GROUP).gr_gid - dropped_euid, dropped_egid = dropped_uid, dropped_gid - except KeyError: - print "tor-arm user and group was not found, have you run this script with '--init'?" - exit(1) - - # if we're actually root, we skip this group check - # root can get away with all of this - if orig_uid != 0: - # check that the user is in GROUP - if not dropped_gid in os.getgroups(): - print "Your user needs to be a member of the %s group for this to work" % GROUP - sys.exit(1) - - # drop to the unprivileged group, and lose the rest of the groups - os.setgid(dropped_gid) - os.setegid(dropped_egid) - os.setresgid(dropped_gid, dropped_egid, dropped_gid) - os.setgroups([dropped_gid]) - - # make a tempfile and write out the contents - try: - tf = tempfile.NamedTemporaryFile(delete=False) # uses mkstemp internally - - # allows our child process to write to tf.name (not only if their uid matches, not their gid) - os.chown(tf.name, dropped_uid, orig_euid) - except: - print "We were unable to make a temporary file" - sys.exit(1) - - fork_pid = os.fork() - - # open the suspect config after we drop privs - # we assume the dropped privs are still enough to write to the tf - if (fork_pid == 0): - signal.signal(signal.SIGCHLD, signal.SIG_IGN) - - # Drop privs forever in the child process - # I believe this drops os.setfsuid os.setfsgid stuff - # Clear all other supplemental groups for dropped_uid - os.setgroups([dropped_gid]) - os.setresgid(dropped_gid, dropped_egid, dropped_gid) - os.setresuid(dropped_uid, dropped_euid, dropped_uid) - os.setgid(dropped_gid) - os.setegid(dropped_egid) - os.setuid(dropped_uid) - os.seteuid(dropped_euid) - - try: - af = open(ARM_CONFIG_FILE) # this is totally unpriv'ed - - # ensure that the fd we opened has the properties we requrie - configStat = os.fstat(af.fileno()) # this happens on the unpriv'ed FD - if configStat.st_gid != dropped_gid: - print "Arm's configuration file (%s) must be owned by the group %s" % (ARM_CONFIG_FILE, GROUP) - sys.exit(1) - - # if everything checks out, we're as safe as we're going to get - armConfig = af.read(1024 * 1024) # limited read but not too limited - af.close() - tf.file.write(armConfig) - tf.flush() - except: - print "Unable to open the arm config as unpriv'ed user" - sys.exit(1) - finally: - tf.close() - sys.exit(0) - else: - # If we're here, we're in the parent waiting for the child's death - # man, unix is really weird... - _, status = os.waitpid(fork_pid, 0) - - if status != 0: - print "The child seems to have failed; exiting!" - tf.close() - sys.exit(1) - - # attempt to verify that the config is OK - if os.path.exists(tf.name): - # construct our SU string - SUSTRING = "su -c 'tor --verify-config -f " + str(tf.name) + "' " + USER - # We raise privs to drop them with 'su' - os.setuid(0) - os.seteuid(0) - os.setgid(0) - os.setegid(0) - # We drop privs here and exec tor to verify it as the dropped_uid - print "Using Tor to verify that arm will not break Tor's config:" - success = os.system(SUSTRING) - if success != 0: - print "Tor says the new configuration file is invalid: %s (%s)" % (ARM_CONFIG_FILE, tf.name) - sys.exit(1) - - # backup the previous tor config - if os.path.exists(TOR_CONFIG_FILE): - try: - backupFilename = "%s_backup_%i" % (TOR_CONFIG_FILE, int(time.time())) - shutil.copy(TOR_CONFIG_FILE, backupFilename) - except IOError, exc: - print "Unable to backup %s (%s)" % (TOR_CONFIG_FILE, exc) - sys.exit(1) - - # overwrites TOR_CONFIG_FILE with ARM_CONFIG_FILE as loaded into tf.name - try: - shutil.copy(tf.name, TOR_CONFIG_FILE) - print "Successfully reconfigured Tor" - except IOError, exc: - print "Unable to copy %s to %s (%s)" % (tf.name, TOR_CONFIG_FILE, exc) - sys.exit(1) - - # unlink our temp file - try: - os.remove(tf.name) - except: - print "Unable to close temp file %s" % tf.name - sys.exit(1) - - sys.exit(0) - -if __name__ == "__main__": - # sanity check that we're on linux - if os.name != "posix": - print "This is a script specifically for configuring Linux" - sys.exit(1) - - # check that we're running effectively as root - if os.geteuid() != 0: - print "This script needs to be run as root" - sys.exit(1) - - if len(sys.argv) < 2: - replaceTorrc() - elif len(sys.argv) == 2 and sys.argv[1] == "--init": - init() - elif len(sys.argv) == 2 and sys.argv[1] == "--remove": - remove() - else: - print HELP_MSG - sys.exit(1) - diff --git a/src/resources/torrcOverride/override.c b/src/resources/torrcOverride/override.c new file mode 100644 index 0000000..b989584 --- /dev/null +++ b/src/resources/torrcOverride/override.c @@ -0,0 +1,50 @@ +// +// This is a very small C wrapper that invokes +// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py to work around setuid scripting +// issues on the Gnu/Linux operating system. +// +// We assume you have installed it as such for GROUP +// "debian-arm" - This should ensure that only members of the GROUP group will +// be allowed to run this program. When run this program will execute the +// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py program and will run with the +// uid and group as marked by the OS. +// +// Compile it like so: +// +// make +// +// Or by hand like so: +// +// gcc -o tor-arm-replace-torrc tor-arm-replace-torrc.c +// +// Make it useful like so: +// +// chown root:debian-arm tor-arm-replace-torrc +// chmod 04750 tor-arm-replace-torrc +// +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +// +// If you place a user inside of the $GROUP - they are now able to reconfigure +// Tor. This may lead them to do nasty things on your system. If you start Tor +// as root, you should consider that adding a user to $GROUP is similar to +// giving those users root directly. +// +// This program was written simply to help a users who run arm locally and is +// not required if arm is communicating with a remote Tor process. +// +// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +// +// + +#include <stdio.h> +#include <stdlib.h> +#include <sys/types.h> +#include <unistd.h> +#include "tor-arm-replace-torrc.h" + +int main() +{ + return execve(TOR_ARM_REPLACE_TORRC, NULL, NULL); +} diff --git a/src/resources/torrcOverride/override.h b/src/resources/torrcOverride/override.h new file mode 100644 index 0000000..65adc9d --- /dev/null +++ b/src/resources/torrcOverride/override.h @@ -0,0 +1 @@ +#define TOR_ARM_REPLACE_TORRC HELPER_NAME diff --git a/src/resources/torrcOverride/override.py b/src/resources/torrcOverride/override.py new file mode 100755 index 0000000..3e42892 --- /dev/null +++ b/src/resources/torrcOverride/override.py @@ -0,0 +1,265 @@ +#!/usr/bin/python + +""" +This overwrites the system wide torrc, located at /etc/tor/torrc, with the +contents of the ARM_CONFIG_FILE. The system wide torrc is owned by root so +this will effectively need root permissions and for us to be in GROUP. + +This file is completely unusable until we make a tor-arm user and perform +other prep by running with the '--init' argument. + +After that's done this is meant to either be used by arm automatically after +writing a torrc to ARM_CONFIG_FILE or by users manually. For arm to use this +automatically you'll either need to... + +- compile override.c, setuid on the binary, and move it to your path + cd /usr/share/arm/resources/torrcOverride + make + chown root:tor-arm override + chmod 04750 override + mv override /usr/bin/torrc-override + +- allow passwordless sudo for this script + edit /etc/sudoers and add a line with: + <arm user> ALL= NOPASSWD: /usr/share/arm/resources/torrcOverride/override.py + +To perform this manually run: +/usr/share/arm/resources/torrcOverride/override.py +pkill -sighup tor +""" + +import os +import sys +import grp +import pwd +import time +import shutil +import tempfile +import signal + +USER = "tor-arm" +GROUP = "tor-arm" +TOR_CONFIG_FILE = "/etc/tor/torrc" +ARM_CONFIG_FILE = "/var/lib/tor-arm/torrc" + +HELP_MSG = """Usage %s [OPTION] + Backup the system wide torrc (%s) and replace it with the + contents of %s. + + --init creates the necessary user and paths + --remove reverts changes made with --init +""" % (os.path.basename(sys.argv[0]), TOR_CONFIG_FILE, ARM_CONFIG_FILE) + +def init(): + """ + Performs system preparation needed for this script to run, adding the tor-arm + user and setting up paths/permissions. + """ + + # the following is just here if we have a custom destination directory (which + # arm doesn't currently account for) + if not os.path.exists("/bin/"): + print "making '/bin'..." + os.mkdir("/bin") + + if not os.path.exists("/var/lib/tor-arm/"): + print "making '/var/lib/tor-arm'..." + os.makedirs("/var/lib/tor-arm") + + if not os.path.exists("/var/lib/tor-arm/torrc"): + print "making '/var/lib/tor-arm/torrc'..." + open("/var/lib/tor-arm/torrc", 'w').close() + + try: gid = grp.getgrnam(GROUP).gr_gid + except KeyError: + print "adding %s group..." % GROUP + os.system("addgroup --quiet --system %s" % GROUP) + gid = grp.getgrnam(GROUP).gr_gid + print " done, gid: %s" % gid + + try: pwd.getpwnam(USER).pw_uid + except KeyError: + print "adding %s user..." % USER + os.system("adduser --quiet --ingroup %s --no-create-home --home /var/lib/tor-arm/ --shell /bin/sh --system %s" % (GROUP, USER)) + uid = pwd.getpwnam(USER).pw_uid + print " done, uid: %s" % uid + + os.chown("/bin", 0, 0) + os.chown("/var/lib/tor-arm", 0, gid) + os.chmod("/var/lib/tor-arm", 0750) + os.chown("/var/lib/tor-arm/torrc", 0, gid) + os.chmod("/var/lib/tor-arm/torrc", 0760) + +def remove(): + """ + Reverts the changes made by init, and also removes the optional + /bin/torrc-override binary if it exists. + """ + + print "removing %s user..." % USER + os.system("deluser --quiet %s" % USER) + + print "removing %s group..." % GROUP + os.system("delgroup --quiet %s" % GROUP) + + # might not exist since this is compiled and placed separately + try: + print "removing '/bin/torrc-override'..." + os.remove("/bin/torrc-override") + except OSError: + print " no such path" + + try: + print "removing '/var/lib/tor-arm'..." + shutil.rmtree("/var/lib/tor-arm/") + except Exception, exc: + print " unsuccessful: %s" % exc + +def replaceTorrc(): + orig_uid = os.getuid() + orig_euid = os.geteuid() + + # the USER and GROUP must exist on this system + try: + dropped_uid = pwd.getpwnam(USER).pw_uid + dropped_gid = grp.getgrnam(GROUP).gr_gid + dropped_euid, dropped_egid = dropped_uid, dropped_gid + except KeyError: + print "tor-arm user and group was not found, have you run this script with '--init'?" + exit(1) + + # if we're actually root, we skip this group check + # root can get away with all of this + if orig_uid != 0: + # check that the user is in GROUP + if not dropped_gid in os.getgroups(): + print "Your user needs to be a member of the %s group for this to work" % GROUP + sys.exit(1) + + # drop to the unprivileged group, and lose the rest of the groups + os.setgid(dropped_gid) + os.setegid(dropped_egid) + os.setresgid(dropped_gid, dropped_egid, dropped_gid) + os.setgroups([dropped_gid]) + + # make a tempfile and write out the contents + try: + tf = tempfile.NamedTemporaryFile(delete=False) # uses mkstemp internally + + # allows our child process to write to tf.name (not only if their uid matches, not their gid) + os.chown(tf.name, dropped_uid, orig_euid) + except: + print "We were unable to make a temporary file" + sys.exit(1) + + fork_pid = os.fork() + + # open the suspect config after we drop privs + # we assume the dropped privs are still enough to write to the tf + if (fork_pid == 0): + signal.signal(signal.SIGCHLD, signal.SIG_IGN) + + # Drop privs forever in the child process + # I believe this drops os.setfsuid os.setfsgid stuff + # Clear all other supplemental groups for dropped_uid + os.setgroups([dropped_gid]) + os.setresgid(dropped_gid, dropped_egid, dropped_gid) + os.setresuid(dropped_uid, dropped_euid, dropped_uid) + os.setgid(dropped_gid) + os.setegid(dropped_egid) + os.setuid(dropped_uid) + os.seteuid(dropped_euid) + + try: + af = open(ARM_CONFIG_FILE) # this is totally unpriv'ed + + # ensure that the fd we opened has the properties we requrie + configStat = os.fstat(af.fileno()) # this happens on the unpriv'ed FD + if configStat.st_gid != dropped_gid: + print "Arm's configuration file (%s) must be owned by the group %s" % (ARM_CONFIG_FILE, GROUP) + sys.exit(1) + + # if everything checks out, we're as safe as we're going to get + armConfig = af.read(1024 * 1024) # limited read but not too limited + af.close() + tf.file.write(armConfig) + tf.flush() + except: + print "Unable to open the arm config as unpriv'ed user" + sys.exit(1) + finally: + tf.close() + sys.exit(0) + else: + # If we're here, we're in the parent waiting for the child's death + # man, unix is really weird... + _, status = os.waitpid(fork_pid, 0) + + if status != 0: + print "The child seems to have failed; exiting!" + tf.close() + sys.exit(1) + + # attempt to verify that the config is OK + if os.path.exists(tf.name): + # construct our SU string + SUSTRING = "su -c 'tor --verify-config -f " + str(tf.name) + "' " + USER + # We raise privs to drop them with 'su' + os.setuid(0) + os.seteuid(0) + os.setgid(0) + os.setegid(0) + # We drop privs here and exec tor to verify it as the dropped_uid + print "Using Tor to verify that arm will not break Tor's config:" + success = os.system(SUSTRING) + if success != 0: + print "Tor says the new configuration file is invalid: %s (%s)" % (ARM_CONFIG_FILE, tf.name) + sys.exit(1) + + # backup the previous tor config + if os.path.exists(TOR_CONFIG_FILE): + try: + backupFilename = "%s_backup_%i" % (TOR_CONFIG_FILE, int(time.time())) + shutil.copy(TOR_CONFIG_FILE, backupFilename) + except IOError, exc: + print "Unable to backup %s (%s)" % (TOR_CONFIG_FILE, exc) + sys.exit(1) + + # overwrites TOR_CONFIG_FILE with ARM_CONFIG_FILE as loaded into tf.name + try: + shutil.copy(tf.name, TOR_CONFIG_FILE) + print "Successfully reconfigured Tor" + except IOError, exc: + print "Unable to copy %s to %s (%s)" % (tf.name, TOR_CONFIG_FILE, exc) + sys.exit(1) + + # unlink our temp file + try: + os.remove(tf.name) + except: + print "Unable to close temp file %s" % tf.name + sys.exit(1) + + sys.exit(0) + +if __name__ == "__main__": + # sanity check that we're on linux + if os.name != "posix": + print "This is a script specifically for configuring Linux" + sys.exit(1) + + # check that we're running effectively as root + if os.geteuid() != 0: + print "This script needs to be run as root" + sys.exit(1) + + if len(sys.argv) < 2: + replaceTorrc() + elif len(sys.argv) == 2 and sys.argv[1] == "--init": + init() + elif len(sys.argv) == 2 and sys.argv[1] == "--remove": + remove() + else: + print HELP_MSG + sys.exit(1) +

1 0

[arm/master] Scripts for overriding system wide torrc
by atagar＠torproject.org 06 Aug '11

06 Aug '11

commit 881ae570ebbc486376ec1fe36488804c93a7976e Author: Damian Johnson <atagar(a)torproject.org> Date: Tue Jul 26 18:20:52 2011 -0700 Scripts for overriding system wide torrc Editing scripts made by Jake for overriding a root owned system wide torrc with an alternate made by arm. For more information see: https://trac.torproject.org/projects/tor/ticket/3629 --- src/resources/torrc-override/override.c | 50 ++++++ src/resources/torrc-override/override.h | 1 + src/resources/torrc-override/override.py | 265 ++++++++++++++++++++++++++++++ 3 files changed, 316 insertions(+), 0 deletions(-) diff --git a/src/resources/torrc-override/override.c b/src/resources/torrc-override/override.c new file mode 100644 index 0000000..b989584 --- /dev/null +++ b/src/resources/torrc-override/override.c @@ -0,0 +1,50 @@ +// +// This is a very small C wrapper that invokes +// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py to work around setuid scripting +// issues on the Gnu/Linux operating system. +// +// We assume you have installed it as such for GROUP +// "debian-arm" - This should ensure that only members of the GROUP group will +// be allowed to run this program. When run this program will execute the +// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py program and will run with the +// uid and group as marked by the OS. +// +// Compile it like so: +// +// make +// +// Or by hand like so: +// +// gcc -o tor-arm-replace-torrc tor-arm-replace-torrc.c +// +// Make it useful like so: +// +// chown root:debian-arm tor-arm-replace-torrc +// chmod 04750 tor-arm-replace-torrc +// +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +// +// If you place a user inside of the $GROUP - they are now able to reconfigure +// Tor. This may lead them to do nasty things on your system. If you start Tor +// as root, you should consider that adding a user to $GROUP is similar to +// giving those users root directly. +// +// This program was written simply to help a users who run arm locally and is +// not required if arm is communicating with a remote Tor process. +// +// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +// +// + +#include <stdio.h> +#include <stdlib.h> +#include <sys/types.h> +#include <unistd.h> +#include "tor-arm-replace-torrc.h" + +int main() +{ + return execve(TOR_ARM_REPLACE_TORRC, NULL, NULL); +} diff --git a/src/resources/torrc-override/override.h b/src/resources/torrc-override/override.h new file mode 100644 index 0000000..65adc9d --- /dev/null +++ b/src/resources/torrc-override/override.h @@ -0,0 +1 @@ +#define TOR_ARM_REPLACE_TORRC HELPER_NAME diff --git a/src/resources/torrc-override/override.py b/src/resources/torrc-override/override.py new file mode 100755 index 0000000..6cfdbc6 --- /dev/null +++ b/src/resources/torrc-override/override.py @@ -0,0 +1,265 @@ +#!/usr/bin/python + +""" +This overwrites the system wide torrc, located at /etc/tor/torrc, with the +contents of the ARM_CONFIG_FILE. The system wide torrc is owned by root so +this will effectively need root permissions and for us to be in GROUP. + +This file is completely unusable until we make a tor-arm user and perform +other prep by running with the '--init' argument. + +After that's done this is meant to either be used by arm automatically after +writing a torrc to ARM_CONFIG_FILE or by users manually. For arm to use this +automatically you'll either need to... + +- compile torrc-override.c, setuid on the binary, and move it to your path + cd /usr/share/arm/resources/torrc-override + make + chown root:tor-arm override + chmod 04750 override + mv override /usr/bin/torrc-override + +- allow passwordless sudo for this script + edit /etc/sudoers and add a line with: + <arm user> ALL= NOPASSWD: /usr/share/arm/resources/torrc-override/override.py + +To perform this manually run: +/usr/share/arm/resources/torrc-override/override.py +pkill -sighup tor +""" + +import os +import sys +import grp +import pwd +import time +import shutil +import tempfile +import signal + +USER = "tor-arm" +GROUP = "tor-arm" +TOR_CONFIG_FILE = "/etc/tor/torrc" +ARM_CONFIG_FILE = "/var/lib/tor-arm/torrc" + +HELP_MSG = """Usage %s [OPTION] + Backup the system wide torrc (%s) and replace it with the + contents of %s. + + --init creates the necessary user and paths + --remove reverts changes made with --init +""" % (os.path.basename(sys.argv[0]), TOR_CONFIG_FILE, ARM_CONFIG_FILE) + +def init(): + """ + Performs system preparation needed for this script to run, adding the tor-arm + user and setting up paths/permissions. + """ + + # the following is just here if we have a custom destination directory (which + # arm doesn't currently account for) + if not os.path.exists("/bin/"): + print "making '/bin'..." + os.mkdir("/bin") + + if not os.path.exists("/var/lib/tor-arm/"): + print "making '/var/lib/tor-arm'..." + os.makedirs("/var/lib/tor-arm") + + if not os.path.exists("/var/lib/tor-arm/torrc"): + print "making '/var/lib/tor-arm/torrc'..." + open("/var/lib/tor-arm/torrc", 'w').close() + + try: gid = grp.getgrnam(GROUP).gr_gid + except KeyError: + print "adding %s group..." % GROUP + os.system("addgroup --quiet --system %s" % GROUP) + gid = grp.getgrnam(GROUP).gr_gid + print " done, gid: %s" % gid + + try: pwd.getpwnam(USER).pw_uid + except KeyError: + print "adding %s user..." % USER + os.system("adduser --quiet --ingroup %s --no-create-home --home /var/lib/tor-arm/ --shell /bin/sh --system %s" % (GROUP, USER)) + uid = pwd.getpwnam(USER).pw_uid + print " done, uid: %s" % uid + + os.chown("/bin", 0, 0) + os.chown("/var/lib/tor-arm", 0, gid) + os.chmod("/var/lib/tor-arm", 0750) + os.chown("/var/lib/tor-arm/torrc", 0, gid) + os.chmod("/var/lib/tor-arm/torrc", 0760) + +def remove(): + """ + Reverts the changes made by init, and also removes the optional + /bin/torrc-override binary if it exists. + """ + + print "removing %s user..." % USER + os.system("deluser --quiet %s" % USER) + + print "removing %s group..." % GROUP + os.system("delgroup --quiet %s" % GROUP) + + # might not exist since this is compiled and placed separately + try: + print "removing '/bin/torrc-override'..." + os.remove("/bin/torrc-override") + except OSError: + print " no such path" + + try: + print "removing '/var/lib/tor-arm'..." + shutil.rmtree("/var/lib/tor-arm/") + except Exception, exc: + print " unsuccessful: %s" % exc + +def replaceTorrc(): + orig_uid = os.getuid() + orig_euid = os.geteuid() + + # the USER and GROUP must exist on this system + try: + dropped_uid = pwd.getpwnam(USER).pw_uid + dropped_gid = grp.getgrnam(GROUP).gr_gid + dropped_euid, dropped_egid = dropped_uid, dropped_gid + except KeyError: + print "tor-arm user and group was not found, have you run this script with '--init'?" + exit(1) + + # if we're actually root, we skip this group check + # root can get away with all of this + if orig_uid != 0: + # check that the user is in GROUP + if not dropped_gid in os.getgroups(): + print "Your user needs to be a member of the %s group for this to work" % GROUP + sys.exit(1) + + # drop to the unprivileged group, and lose the rest of the groups + os.setgid(dropped_gid) + os.setegid(dropped_egid) + os.setresgid(dropped_gid, dropped_egid, dropped_gid) + os.setgroups([dropped_gid]) + + # make a tempfile and write out the contents + try: + tf = tempfile.NamedTemporaryFile(delete=False) # uses mkstemp internally + + # allows our child process to write to tf.name (not only if their uid matches, not their gid) + os.chown(tf.name, dropped_uid, orig_euid) + except: + print "We were unable to make a temporary file" + sys.exit(1) + + fork_pid = os.fork() + + # open the suspect config after we drop privs + # we assume the dropped privs are still enough to write to the tf + if (fork_pid == 0): + signal.signal(signal.SIGCHLD, signal.SIG_IGN) + + # Drop privs forever in the child process + # I believe this drops os.setfsuid os.setfsgid stuff + # Clear all other supplemental groups for dropped_uid + os.setgroups([dropped_gid]) + os.setresgid(dropped_gid, dropped_egid, dropped_gid) + os.setresuid(dropped_uid, dropped_euid, dropped_uid) + os.setgid(dropped_gid) + os.setegid(dropped_egid) + os.setuid(dropped_uid) + os.seteuid(dropped_euid) + + try: + af = open(ARM_CONFIG_FILE) # this is totally unpriv'ed + + # ensure that the fd we opened has the properties we requrie + configStat = os.fstat(af.fileno()) # this happens on the unpriv'ed FD + if configStat.st_gid != dropped_gid: + print "Arm's configuration file (%s) must be owned by the group %s" % (ARM_CONFIG_FILE, GROUP) + sys.exit(1) + + # if everything checks out, we're as safe as we're going to get + armConfig = af.read(1024 * 1024) # limited read but not too limited + af.close() + tf.file.write(armConfig) + tf.flush() + except: + print "Unable to open the arm config as unpriv'ed user" + sys.exit(1) + finally: + tf.close() + sys.exit(0) + else: + # If we're here, we're in the parent waiting for the child's death + # man, unix is really weird... + _, status = os.waitpid(fork_pid, 0) + + if status != 0: + print "The child seems to have failed; exiting!" + tf.close() + sys.exit(1) + + # attempt to verify that the config is OK + if os.path.exists(tf.name): + # construct our SU string + SUSTRING = "su -c 'tor --verify-config -f " + str(tf.name) + "' " + USER + # We raise privs to drop them with 'su' + os.setuid(0) + os.seteuid(0) + os.setgid(0) + os.setegid(0) + # We drop privs here and exec tor to verify it as the dropped_uid + print "Using Tor to verify that arm will not break Tor's config:" + success = os.system(SUSTRING) + if success != 0: + print "Tor says the new configuration file is invalid: %s (%s)" % (ARM_CONFIG_FILE, tf.name) + sys.exit(1) + + # backup the previous tor config + if os.path.exists(TOR_CONFIG_FILE): + try: + backupFilename = "%s_backup_%i" % (TOR_CONFIG_FILE, int(time.time())) + shutil.copy(TOR_CONFIG_FILE, backupFilename) + except IOError, exc: + print "Unable to backup %s (%s)" % (TOR_CONFIG_FILE, exc) + sys.exit(1) + + # overwrites TOR_CONFIG_FILE with ARM_CONFIG_FILE as loaded into tf.name + try: + shutil.copy(tf.name, TOR_CONFIG_FILE) + print "Successfully reconfigured Tor" + except IOError, exc: + print "Unable to copy %s to %s (%s)" % (tf.name, TOR_CONFIG_FILE, exc) + sys.exit(1) + + # unlink our temp file + try: + os.remove(tf.name) + except: + print "Unable to close temp file %s" % tf.name + sys.exit(1) + + sys.exit(0) + +if __name__ == "__main__": + # sanity check that we're on linux + if os.name != "posix": + print "This is a script specifically for configuring Linux" + sys.exit(1) + + # check that we're running effectively as root + if os.geteuid() != 0: + print "This script needs to be run as root" + sys.exit(1) + + if len(sys.argv) < 2: + replaceTorrc() + elif len(sys.argv) == 2 and sys.argv[1] == "--init": + init() + elif len(sys.argv) == 2 and sys.argv[1] == "--remove": + remove() + else: + print HELP_MSG + sys.exit(1) +

1 0

[tor/master] Clear socks auth fields before free
by nickm＠torproject.org 06 Aug '11

06 Aug '11

commit 413574ad388d1f5bb756e818beb5ea9837b03bc3 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Aug 5 19:07:33 2011 -0400 Clear socks auth fields before free --- src/or/buffers.c | 10 ++++++++-- src/or/circuitlist.c | 10 ++++++++-- src/or/connection_edge.c | 10 ++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/or/buffers.c b/src/or/buffers.c index 5b9e55e..488289c 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1532,8 +1532,14 @@ socks_request_free(socks_request_t *req) { if (!req) return; - tor_free(req->username); - tor_free(req->password); + if (req->username) { + memset(req->username, 0x10, req->usernamelen); + tor_free(req->username); + } + if (req->password) { + memset(req->password, 0x04, req->passwordlen); + tor_free(req->password); + } memset(req, 0xCC, sizeof(socks_request_t)); tor_free(req); } diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 48c5afc..2222a25 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -552,8 +552,14 @@ circuit_free(circuit_t *circ) rend_data_free(ocirc->rend_data); tor_free(ocirc->dest_address); - tor_free(ocirc->socks_username); - tor_free(ocirc->socks_password); + if (ocirc->socks_username) { + memset(ocirc->socks_username, 0x12, ocirc->socks_username_len); + tor_free(ocirc->socks_username); + } + if (ocirc->socks_password) { + memset(ocirc->socks_password, 0x06, ocirc->socks_password_len); + tor_free(ocirc->socks_password); + } } else { or_circuit_t *ocirc = TO_OR_CIRCUIT(circ); /* Remember cell statistics for this circuit before deallocating. */ diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 83102ba..ae2dfd2 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3569,8 +3569,14 @@ circuit_clear_isolation(origin_circuit_t *circ) tor_free(circ->dest_address); circ->session_group = -1; circ->nym_epoch = 0; - tor_free(circ->socks_username); - tor_free(circ->socks_password); + if (circ->socks_username) { + memset(circ->socks_username, 0x11, circ->socks_username_len); + tor_free(circ->socks_username); + } + if (circ->socks_password) { + memset(circ->socks_password, 0x05, circ->socks_password_len); + tor_free(circ->socks_password); + } circ->socks_username_len = circ->socks_password_len = 0; }

1 0

[tor/master] Merge remote-tracking branch 'public/bug3683'
by nickm＠torproject.org 06 Aug '11

06 Aug '11

commit ce878874615cb1d1c1636d6706a20c77e90342a3 Merge: d690a99 413574a Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Aug 5 20:21:27 2011 -0400 Merge remote-tracking branch 'public/bug3683' src/or/buffers.c | 10 ++++++- src/or/circuitlist.c | 10 ++++++- src/or/connection_edge.c | 60 ++++++++++++++++++++++++++++++++++++--------- src/or/or.h | 6 ++++- 4 files changed, 69 insertions(+), 17 deletions(-)

1 0

[tor/master] Handle storing much longer socks4 authentication data.
by nickm＠torproject.org 06 Aug '11

06 Aug '11

commit e511a3a4dd4cacd8d2cd4f076ea321f75e5dfd22 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Aug 5 18:56:30 2011 -0400 Handle storing much longer socks4 authentication data. --- src/or/or.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/or/or.h b/src/or/or.h index e7670bb..eb271b5 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2524,7 +2524,7 @@ typedef struct origin_circuit_t { char *dest_address; int session_group; unsigned nym_epoch; - uint8_t socks_username_len; + size_t socks_username_len; uint8_t socks_password_len; /* Note that the next two values are NOT NUL-terminated; see socks_username_len and socks_password_len for their lengths. */ @@ -3404,7 +3404,7 @@ struct socks_request_t { unsigned int got_auth : 1; /**< Have we received any authentication data? */ /** Number of bytes in username; 0 if username is NULL */ - uint8_t usernamelen; + size_t usernamelen; /** Number of bytes in password; 0 if password is NULL */ uint8_t passwordlen; /** The negotiated username value if any (for socks5), or the entire

1 0

[tor/master] Treat socks_request->{username, password} as non-NUL-terminated
by nickm＠torproject.org 06 Aug '11

06 Aug '11

commit 8054e81e14e20101e355a7c58d7e5ea7ec231d96 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Aug 4 12:03:31 2011 -0400 Treat socks_request->{username,password} as non-NUL-terminated They *are* non-NUL-terminated, after all (and they have to be, since the SOCKS5 spec allows them to contain embedded NULs. But the code to implement proposal 171 was copying them with tor_strdup and comparing them with strcmp_opt. Fix for bug on 3683; bug not present in any yet-released version. --- src/or/connection_edge.c | 50 ++++++++++++++++++++++++++++++++++++--------- src/or/or.h | 4 +++ 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 8f550cf..83102ba 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3329,6 +3329,23 @@ parse_extended_hostname(char *address, int allowdotexit) return BAD_HOSTNAME; } +/** Return true iff the (possibly NULL) alen-byte chunk of memory at + * a is equal to the (possibly NULL) blen-byte chunk of memory + * at b. */ +static int +memeq_opt(const char *a, size_t alen, const char *b, size_t blen) +{ + if (a == NULL) { + return (b == NULL); + } else if (b == NULL) { + return 0; + } else if (alen != blen) { + return 0; + } else { + return tor_memeq(a, b, alen); + } +} + /** Return true iff a and b have isolation rules and fields that * make it permissible to put them on the same circuit.*/ int @@ -3336,6 +3353,8 @@ connection_edge_streams_are_compatible(const edge_connection_t *a, const edge_connection_t *b) { const uint8_t iso = a->isolation_flags | b->isolation_flags; + const socks_request_t *a_sr = a->socks_request; + const socks_request_t *b_sr = b->socks_request; if (! a->original_dest_address) { log_warn(LD_BUG, "Reached connection_edge_streams_are_compatible without " @@ -3359,8 +3378,10 @@ connection_edge_streams_are_compatible(const edge_connection_t *a, strcasecmp(a->original_dest_address, b->original_dest_address)) return 0; if ((iso & ISO_SOCKSAUTH) && - (strcmp_opt(a->socks_request->username, b->socks_request->username) || - strcmp_opt(a->socks_request->password, b->socks_request->password))) + (! memeq_opt(a_sr->username, a_sr->usernamelen, + b_sr->username, b_sr->usernamelen) || + ! memeq_opt(a_sr->password, a_sr->passwordlen, + b_sr->password, b_sr->passwordlen))) return 0; if ((iso & ISO_CLIENTPROTO) && (a->socks_request->listener_type != b->socks_request->listener_type || @@ -3386,6 +3407,7 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn, const origin_circuit_t *circ) { const uint8_t iso = conn->isolation_flags; + const socks_request_t *sr = conn->socks_request; /* If circ has never been used for an isolated connection, we can * totally use it for this one. */ @@ -3421,8 +3443,10 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn, strcasecmp(conn->original_dest_address, circ->dest_address)) return 0; if ((iso & ISO_SOCKSAUTH) && - (strcmp_opt(conn->socks_request->username, circ->socks_username) || - strcmp_opt(conn->socks_request->password, circ->socks_password))) + (! memeq_opt(sr->username, sr->usernamelen, + circ->socks_username, circ->socks_username_len) || + ! memeq_opt(sr->password, sr->passwordlen, + circ->socks_password, circ->socks_password_len))) return 0; if ((iso & ISO_CLIENTPROTO) && (conn->socks_request->listener_type != circ->client_proto_type || @@ -3452,6 +3476,7 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, origin_circuit_t *circ, int dry_run) { + const socks_request_t *sr = conn->socks_request; if (! conn->original_dest_address) { log_warn(LD_BUG, "Reached connection_update_circuit_isolation without " "having set conn->original_dest_address"); @@ -3469,10 +3494,12 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr); circ->session_group = conn->session_group; circ->nym_epoch = conn->nym_epoch; - circ->socks_username = conn->socks_request->username ? - tor_strdup(conn->socks_request->username) : NULL; - circ->socks_password = conn->socks_request->password ? - tor_strdup(conn->socks_request->password) : NULL; + circ->socks_username = sr->username ? + tor_memdup(sr->username, sr->usernamelen) : NULL; + circ->socks_password = sr->password ? + tor_memdup(sr->password, sr->passwordlen) : NULL; + circ->socks_username_len = sr->usernamelen; + circ->socks_password_len = sr->passwordlen; circ->isolation_values_set = 1; return 0; @@ -3482,8 +3509,10 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, mixed |= ISO_DESTPORT; if (strcasecmp(conn->original_dest_address, circ->dest_address)) mixed |= ISO_DESTADDR; - if (strcmp_opt(conn->socks_request->username, circ->socks_username) || - strcmp_opt(conn->socks_request->password, circ->socks_password)) + if (!memeq_opt(sr->username, sr->usernamelen, + circ->socks_username, circ->socks_username_len) || + !memeq_opt(sr->password, sr->passwordlen, + circ->socks_password, circ->socks_password_len)) mixed |= ISO_SOCKSAUTH; if ((conn->socks_request->listener_type != circ->client_proto_type || conn->socks_request->socks_version != circ->client_proto_socksver)) @@ -3542,5 +3571,6 @@ circuit_clear_isolation(origin_circuit_t *circ) circ->nym_epoch = 0; tor_free(circ->socks_username); tor_free(circ->socks_password); + circ->socks_username_len = circ->socks_password_len = 0; } diff --git a/src/or/or.h b/src/or/or.h index 150971b..e7670bb 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2524,6 +2524,10 @@ typedef struct origin_circuit_t { char *dest_address; int session_group; unsigned nym_epoch; + uint8_t socks_username_len; + uint8_t socks_password_len; + /* Note that the next two values are NOT NUL-terminated; see + socks_username_len and socks_password_len for their lengths. */ char *socks_username; char *socks_password; /**@}*/

1 0

[torouter/master] torouter-prep package
by ioerror＠torproject.org 05 Aug '11

05 Aug '11

commit 66def778a541f7d7241c9ba02be774adbc495dd8 Author: Jacob Appelbaum <jacob(a)appelbaum.net> Date: Fri Aug 5 15:45:36 2011 -0700 torouter-prep package --- packages/torouter-prep/Makefile | 14 ++ packages/torouter-prep/debian/README | 6 + packages/torouter-prep/debian/README.Debian | 8 + packages/torouter-prep/debian/changelog | 5 + packages/torouter-prep/debian/compat | 1 + packages/torouter-prep/debian/control | 14 ++ packages/torouter-prep/debian/copyright | 36 ++++ packages/torouter-prep/debian/dirs | 1 + packages/torouter-prep/debian/files | 1 + packages/torouter-prep/debian/postinst | 39 +++++ packages/torouter-prep/debian/postrm | 37 ++++ packages/torouter-prep/debian/preinst | 35 ++++ packages/torouter-prep/debian/prerm | 38 +++++ packages/torouter-prep/debian/rules | 6 + packages/torouter-prep/debian/source/format | 1 + packages/torouter-prep/debian/torouter.default | 11 ++ packages/torouter-prep/debian/torouter.substvars | 1 + packages/torouter-prep/src/linux-tor-prio.sh | 192 ++++++++++++++++++++++ packages/torouter-prep/src/torouter_config.sh | 157 ++++++++++++++++++ packages/torouter-prep/src/torouter_takeover.sh | 3 + 20 files changed, 606 insertions(+), 0 deletions(-) diff --git a/packages/torouter-prep/Makefile b/packages/torouter-prep/Makefile new file mode 100644 index 0000000..1d80201 --- /dev/null +++ b/packages/torouter-prep/Makefile @@ -0,0 +1,14 @@ +default: build + +build: + echo "nothing to build" + +install: + install -o root -g root -m 750 src/torouter_config.sh $(DESTDIR)/usr/bin + install -o root -g root -m 750 src/torouter_takeover.sh $(DESTDIR)/usr/bin + +clean: + echo "nothing to clean" + +deb: + dpkg-buildpackage -us -uc diff --git a/packages/torouter-prep/debian/README b/packages/torouter-prep/debian/README new file mode 100644 index 0000000..bf746d1 --- /dev/null +++ b/packages/torouter-prep/debian/README @@ -0,0 +1,6 @@ +The Debian Package torouter +---------------------------- + +This package is for the Torouter project from the Tor Project. + + -- Jacob Appelbaum <jacob(a)torproject.org> Wed, 27 Jul 2011 12:27:38 -0400 diff --git a/packages/torouter-prep/debian/README.Debian b/packages/torouter-prep/debian/README.Debian new file mode 100644 index 0000000..27e430c --- /dev/null +++ b/packages/torouter-prep/debian/README.Debian @@ -0,0 +1,8 @@ +torouter for Debian +------------------- + +This is a package for Debian that converts a DreamPlug into a Torouter. + +It will configure the system without prompting the user for any input. + + -- Jacob Appelbaum <jacob(a)torproject.org> Wed, 27 Jul 2011 09:51:21 -0400 diff --git a/packages/torouter-prep/debian/changelog b/packages/torouter-prep/debian/changelog new file mode 100644 index 0000000..f62a4bb --- /dev/null +++ b/packages/torouter-prep/debian/changelog @@ -0,0 +1,5 @@ +torouter (0.0.1-1) unstable; urgency=low + + * Initial release (Closes: #nnnn) <nnnn is the bug number of your ITP> + + -- Jacob Appelbaum <jacob(a)appelbaum.net> Wed, 27 Jul 2011 10:08:02 -0400 diff --git a/packages/torouter-prep/debian/compat b/packages/torouter-prep/debian/compat new file mode 100644 index 0000000..7f8f011 --- /dev/null +++ b/packages/torouter-prep/debian/compat @@ -0,0 +1 @@ +7 diff --git a/packages/torouter-prep/debian/control b/packages/torouter-prep/debian/control new file mode 100644 index 0000000..f9930d6 --- /dev/null +++ b/packages/torouter-prep/debian/control @@ -0,0 +1,14 @@ +Source: torouter-prep +Section: unknown +Priority: extra +Maintainer: Jacob Appelbaum <jacob(a)torproject.org> +Build-Depends: debhelper (>= 7.0.50~) +Standards-Version: 3.9.1 +Homepage: <https://www.torproject.org/> + +Package: torouter +Architecture: all +Depends: ${misc:Depends}, apt-utils, openssh-server, isc-dhcp-client, cron-apt +Description: Torouter meta-package to take over the DreamPlug + DreamPlug devices may use this package to convert to a Torouter. + This package only works if the DreamPlug is already running Debian. diff --git a/packages/torouter-prep/debian/copyright b/packages/torouter-prep/debian/copyright new file mode 100644 index 0000000..9f4ebf2 --- /dev/null +++ b/packages/torouter-prep/debian/copyright @@ -0,0 +1,36 @@ +Format: http://dep.debian.net/deps/dep5 +Upstream-Name: torouter +Source: <https://www.torproject.org/> + +Files: * +Copyright: 2011 Jacob Appelbaum <jacob(a)appelbaum.net> +License: BSD-3-Clause + +Files: debian/* +Copyright: 2011 Jacob Appelbaum <jacob(a)torproject.org> +License: BSD-3-Clause + +License: BSD-3-Clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. diff --git a/packages/torouter-prep/debian/dirs b/packages/torouter-prep/debian/dirs new file mode 100644 index 0000000..e772481 --- /dev/null +++ b/packages/torouter-prep/debian/dirs @@ -0,0 +1 @@ +usr/bin diff --git a/packages/torouter-prep/debian/files b/packages/torouter-prep/debian/files new file mode 100644 index 0000000..894b9ed --- /dev/null +++ b/packages/torouter-prep/debian/files @@ -0,0 +1 @@ +torouter_0.0.1-1_all.deb unknown extra diff --git a/packages/torouter-prep/debian/postinst b/packages/torouter-prep/debian/postinst new file mode 100644 index 0000000..97e9113 --- /dev/null +++ b/packages/torouter-prep/debian/postinst @@ -0,0 +1,39 @@ +#!/bin/sh +# postinst script for torouter +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <postinst> `abort-remove' +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/torouter-prep/debian/postrm b/packages/torouter-prep/debian/postrm new file mode 100644 index 0000000..632ac80 --- /dev/null +++ b/packages/torouter-prep/debian/postrm @@ -0,0 +1,37 @@ +#!/bin/sh +# postrm script for torouter +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postrm> `remove' +# * <postrm> `purge' +# * <old-postrm> `upgrade' <new-version> +# * <new-postrm> `failed-upgrade' <old-version> +# * <new-postrm> `abort-install' +# * <new-postrm> `abort-install' <old-version> +# * <new-postrm> `abort-upgrade' <old-version> +# * <disappearer's-postrm> `disappear' <overwriter> +# <overwriter-version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/torouter-prep/debian/preinst b/packages/torouter-prep/debian/preinst new file mode 100644 index 0000000..1cc598e --- /dev/null +++ b/packages/torouter-prep/debian/preinst @@ -0,0 +1,35 @@ +#!/bin/sh +# preinst script for torouter +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <new-preinst> `install' +# * <new-preinst> `install' <old-version> +# * <new-preinst> `upgrade' <old-version> +# * <old-preinst> `abort-upgrade' <new-version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + install|upgrade) + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/torouter-prep/debian/prerm b/packages/torouter-prep/debian/prerm new file mode 100644 index 0000000..4bb95dd --- /dev/null +++ b/packages/torouter-prep/debian/prerm @@ -0,0 +1,38 @@ +#!/bin/sh +# prerm script for torouter +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <prerm> `remove' +# * <old-prerm> `upgrade' <new-version> +# * <new-prerm> `failed-upgrade' <old-version> +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> +# * <deconfigured's-prerm> `deconfigure' `in-favour' +# <package-being-installed> <version> `removing' +# <conflicting-package> <version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove|upgrade|deconfigure) + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/torouter-prep/debian/rules b/packages/torouter-prep/debian/rules new file mode 100755 index 0000000..74439ab --- /dev/null +++ b/packages/torouter-prep/debian/rules @@ -0,0 +1,6 @@ +#!/usr/bin/make -f +# -*- makefile -*- +#export DH_VERBOSE=1 + +%: + dh $@ diff --git a/packages/torouter-prep/debian/source/format b/packages/torouter-prep/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/packages/torouter-prep/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/packages/torouter-prep/debian/torouter.default b/packages/torouter-prep/debian/torouter.default new file mode 100644 index 0000000..d5fcdf1 --- /dev/null +++ b/packages/torouter-prep/debian/torouter.default @@ -0,0 +1,11 @@ +# Defaults for torouter initscript +# sourced by /etc/init.d/torouter +# installed at /etc/default/torouter by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +# When the package is configured - we set this accordingly +#DREAMPLUG="" +#CONFIGURED="" diff --git a/packages/torouter-prep/debian/torouter.substvars b/packages/torouter-prep/debian/torouter.substvars new file mode 100644 index 0000000..abd3ebe --- /dev/null +++ b/packages/torouter-prep/debian/torouter.substvars @@ -0,0 +1 @@ +misc:Depends= diff --git a/packages/torouter-prep/src/linux-tor-prio.sh b/packages/torouter-prep/src/linux-tor-prio.sh new file mode 100644 index 0000000..ea9e0dd --- /dev/null +++ b/packages/torouter-prep/src/linux-tor-prio.sh @@ -0,0 +1,192 @@ +#!/bin/bash +# Written by Marco Bonetti & Mike Perry +# Based on instructions from Dan Singletary's ADSL BW Management HOWTO: +# http://www.faqs.org/docs/Linux-HOWTO/ADSL-Bandwidth-Management-HOWTO.html +# This script is Public Domain. + +############################### README ################################# + +# This script provides prioritization of Tor traffic below other +# traffic on a Linux server. It has two modes of operation: UID based +# and IP based. + +# UID BASED PRIORITIZATION +# +# The UID based method requires that Tor be launched from +# a specific user ID. The "User" Tor config setting is +# insufficient, as it sets the UID after the socket is created. +# Here is a C wrapper you can use to execute Tor and drop privs before +# it creates any sockets. +# +# Compile with: +# gcc -DUID=`id -u tor` -DGID=`id -g tor` tor_wrap.c -o tor_wrap +# +# #include <unistd.h> +# int main(int argc, char **argv) { +# if(initgroups("tor", GID) == -1) { perror("initgroups"); return 1; } +# if(setresgid(GID, GID, GID) == -1) { perror("setresgid"); return 1; } +# if(setresuid(UID, UID, UID) == -1) { perror("setresuid"); return 1; } +# execl("/bin/tor", "/bin/tor", "-f", "/etc/tor/torrc", NULL); +# perror("execl"); return 1; +# } + +# IP BASED PRIORITIZATION +# +# The IP setting requires that a separate IP address be dedicated to Tor. +# Your Torrc should be set to bind to this IP for "OutboundBindAddress", +# "ListenAddress", and "Address". + +# GENERAL USAGE +# +# You should also tune the individual connection rate parameters below +# to your individual connection. In particular, you should leave *some* +# minimum amount of bandwidth for Tor, so that Tor users are not +# completely choked out when you use your server's bandwidth. 30% is +# probably a reasonable choice. More is better of course. +# +# To start the shaping, run it as: +# ./linux-tor-prio.sh +# +# To get status information (useful to verify packets are getting marked +# and prioritized), run: +# ./linux-tor-prio.sh status +# +# And to stop prioritization: +# ./linux-tor-prio.sh stop +# +######################################################################## + +# BEGIN USER TUNABLE PARAMETERS + +DEV=eth0 + +# NOTE! You must START Tor under this UID. Using the Tor User +# config setting is NOT sufficient. See above. +TOR_UID=$(id -u tor) + +# If the UID mechanism doesn't work for you, you can set this parameter +# instead. If set, it will take precedence over the UID setting. Note that +# you need multiple IPs with one specifically devoted to Tor for this to +# work. +#TOR_IP="42.42.42.42" + +# Average ping to most places on the net, milliseconds +RTT_LATENCY=40 + +# RATE_UP must be less than your connection's upload capacity in +# kbits/sec. If it is larger, then the bottleneck will be at your +# router's queue, which you do not control. This will cause congestion +# and a revert to normal TCP fairness no matter what the queing +# priority is. +RATE_UP=5000 + +# RATE_UP_TOR is the minimum speed your Tor connections will have in +# kbits/sec. They will have at least this much bandwidth for upload. +# In general, you probably shouldn't set this too low, or else Tor +# users who use your node will be completely choked out whenever your +# machine does any other network activity. That is not very fun. +RATE_UP_TOR=1500 + +# RATE_UP_TOR_CEIL is the maximum rate allowed for all Tor trafic in +# kbits/sec. +RATE_UP_TOR_CEIL=5000 + +CHAIN=OUTPUT +#CHAIN=PREROUTING +#CHAIN=POSTROUTING + +MTU=1500 +AVG_PKT=900 # should be more like 600 for non-exit nodes + +# END USER TUNABLE PARAMETERS + + + +# The queue size should be no larger than your bandwidth-delay +# product. This is RT latency*bandwidth/MTU/2 + +BDP=$(expr $RTT_LATENCY \* $RATE_UP / $AVG_PKT) + +# Further research indicates that the BDP calculations should use +# RTT/sqrt(n) where n is the expected number of active connections.. + +BDP=$(expr $BDP / 4) + +if [ "$1" = "status" ] +then + echo "[qdisc]" + tc -s qdisc show dev $DEV + tc -s qdisc show dev imq0 + echo "[class]" + tc -s class show dev $DEV + tc -s class show dev imq0 + echo "[filter]" + tc -s filter show dev $DEV + tc -s filter show dev imq0 + echo "[iptables]" + iptables -t mangle -L TORSHAPER-OUT -v -x 2> /dev/null + exit +fi + + +# Reset everything to a known state (cleared) +tc qdisc del dev $DEV root 2> /dev/null > /dev/null +tc qdisc del dev imq0 root 2> /dev/null > /dev/null +iptables -t mangle -D POSTROUTING -o $DEV -j TORSHAPER-OUT 2> /dev/null > /dev/null +iptables -t mangle -D PREROUTING -o $DEV -j TORSHAPER-OUT 2> /dev/null > /dev/null +iptables -t mangle -D OUTPUT -o $DEV -j TORSHAPER-OUT 2> /dev/null > /dev/null +iptables -t mangle -F TORSHAPER-OUT 2> /dev/null > /dev/null +iptables -t mangle -X TORSHAPER-OUT 2> /dev/null > /dev/null +ip link set imq0 down 2> /dev/null > /dev/null +rmmod imq 2> /dev/null > /dev/null + +if [ "$1" = "stop" ] +then + echo "Shaping removed on $DEV." + exit +fi + +# Outbound Shaping (limits total bandwidth to RATE_UP) + +ip link set dev $DEV qlen $BDP + +# Add HTB root qdisc, default is high prio +tc qdisc add dev $DEV root handle 1: htb default 20 + +# Add main rate limit class +tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATE_UP}kbit + +# Create the two classes, giving Tor at least RATE_UP_TOR kbit and capping +# total upstream at RATE_UP so the queue is under our control. +tc class add dev $DEV parent 1:1 classid 1:20 htb rate $(expr $RATE_UP - $RATE_UP_TOR)kbit ceil ${RATE_UP}kbit prio 0 +tc class add dev $DEV parent 1:1 classid 1:21 htb rate $[$RATE_UP_TOR]kbit ceil ${RATE_UP_TOR_CEIL}kbit prio 10 + +# Start up pfifo +tc qdisc add dev $DEV parent 1:20 handle 20: pfifo limit $BDP +tc qdisc add dev $DEV parent 1:21 handle 21: pfifo limit $BDP + +# filter traffic into classes by fwmark +tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20 +tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21 + +# add TORSHAPER-OUT chain to the mangle table in iptables +iptables -t mangle -N TORSHAPER-OUT +iptables -t mangle -I $CHAIN -o $DEV -j TORSHAPER-OUT + + +# Set firewall marks +# Low priority to Tor +if [ ""$TOR_IP == "" ] +then + echo "Using UID-based QoS. UID $TOR_UID marked as low priority." + iptables -t mangle -A TORSHAPER-OUT -m owner --uid-owner $TOR_UID -j MARK --set-mark 21 +else + echo "Using IP-based QoS. $TOR_IP marked as low priority." + iptables -t mangle -A TORSHAPER-OUT -s $TOR_IP -j MARK --set-mark 21 +fi + +# High prio for everything else +iptables -t mangle -A TORSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 20 + +echo "Outbound shaping added to $DEV. Rate for Tor upload at least: ${RATE_UP_TOR}Kbyte/sec." + diff --git a/packages/torouter-prep/src/torouter_config.sh b/packages/torouter-prep/src/torouter_config.sh new file mode 100644 index 0000000..7a6a581 --- /dev/null +++ b/packages/torouter-prep/src/torouter_config.sh @@ -0,0 +1,157 @@ +#!/bin/bash -x + +echo "This program will reconfigure your Debian system into a Torouter" +exit 0 +echo "This is where we'd take over the entire Torouter system" + +# For every file we touch, move it to the temp_dir and then tar it up in the end +temp_dir="`mktemp -d`" + +# Add a user +ADMINUSER="toradmin" +ADMINGROUP="toradmin" + +# Install the Tor repo key +gpg --keyserver keys.gnupg.net --recv 886DDD89 +gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - + +cp /etc/hosts $temp_dir/ +# Stomp on the hosts file +cat << EOF > /etc/hosts +127.0.0.1 localhost +EOF + +cp /etc/hostname $temp_dir/ +# Set us to have a default host name +echo "torouter" > /etc/hostname + +# We need to prep apt to understand that we want packages from other repos +# We append to the current package list +cat << EOF >> /etc/apt/sources.list +# Tor's debian package repo: +deb http://deb.torproject.org/torproject.org squeeze main +deb http://deb.torproject.org/torproject.org experimental-squeeze main + +# Add Debian backports for OpenNTPD, libminiupnpc-dev, libminiupnpc5 +# http://packages.debian.org/squeeze-backports/libminiupnpc-dev +deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free + +# Add Debian experimental for libnatpmp0 +# http://packages.debian.org/experimental/libnatpmp0 +deb http://ftp.debian.org/debian experimental main +deb-src http://ftp.debian.org/debian experimental main + +EOF + +# We're creating this file to ensure we get updates +cat << 'EOF' > /etc/apt/preferences.d/backports +Package: * +Pin: release a=squeeze-backports +Pin-Priority: 200 +EOF + +apt-get -y update + +# Install some other packages here: +apt-get -y install denyhosts ufw + +# Allow us to set the clock: +apt-get -y -t squeeze-backports install openntpd + +# Install Tor and deps: +apt-get -y install tor tor-geoipdb + +# To build with natpmp support +apt-get -y -t experimental install libnatpmp0 + +# To build with miniupnpc support +apt-get -y -t squeeze-backports install libminiupnpc-dev +apt-get -y -t squeeze-backports install libminiupnpc5 + +# XXX +# We want to apt-get source tor and build it for the 0.2.3.x branch +# + +# Install a Tor controller: +apt-get -y install tor-arm + +# Install a normal dns cache for eth1 +apt-get -y install dnsmasq + +## +## Configuration stage of the script +## + +# Configure arm +zcat /usr/share/doc/tor-arm/armrc.sample.gz > ~$(ADMINUSER)/.armrc +# XXX This is where we will call torrc-takeover.py when it is packaged + +# XXX We should reconfigure /etc/inittab here + +# Configure the network +# eth0 is our "internet" interface with a dhcp client +cat << 'EOF' > /etc/network/interfaces +# The primary network interface +allow-hotplug eth0 +iface eth0 inet dhcp + +# +# XXX Configure eth1 and ap0 here +# + +EOF + +# XXX We should configure ufw here +# ufw allow +# XXX We should configure denyhosts +# XXX We should configure dnsmasq +# XXX We should configure the DHCP server here + +cp /etc/tor/torrc $temp_dir/ +# configure Tor and stomp on the current Tor config +cat << 'EOF' > /etc/tor/torrc +# Run Tor as a bridge/relay only, not as a client +SocksPort 0 + +# What port to advertise for incoming Tor connections +ORPort 443 + +# We're on a flash file system +AvoidDiskWrites 1 + +# Be a bridge +BridgeRelay 1 + +# Rate limited +BandwidthRate 50KB + +# Don't allow any Tor traffic to exit +Exitpolicy reject *:* + +# Allow a controller (tor-arm) on this system to configure Tor: +ControlPort 9051 +ControlListenAddress 127.0.0.1:9051 +CookieAuthentication 1 +EOF + +# Remove a bunch of stuff: +apt-get -y remove exim4-base exim4-config exim4-daemon-light dbus + +## Disable ipv6 support +cp /etc/sysctl.d/disableipv6.conf $temp_dir/ +echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf +cp /etc/sshd_config $temp_dir/ +echo "AddressFamily inet" >> /etc/ssh/ssh_config + +## +## Restart services here +## + +/etc/init.d/ssh restart +/etc/init.d/tor restart + +## +## Touch a stamp to show that we're now a Torouter +## + +echo "torouter" > /etc/torouter diff --git a/packages/torouter-prep/src/torouter_takeover.sh b/packages/torouter-prep/src/torouter_takeover.sh new file mode 100644 index 0000000..2b76502 --- /dev/null +++ b/packages/torouter-prep/src/torouter_takeover.sh @@ -0,0 +1,3 @@ +# This program will wrap debtakeover: +# http://www.hadrons.org/~guillem/debian/debtakeover/ +

1 0