tor-commits September 2011

tor-commits@lists.torproject.org

19 participants
865 discussions

[arm/release] fix: renaming torrc-override to torrcOverride
by atagar＠torproject.org 25 Sep '11

25 Sep '11

commit b05003e808913ec89a206ae9abec7031392e902b Author: Damian Johnson <atagar(a)torproject.org> Date: Tue Jul 26 19:26:51 2011 -0700 fix: renaming torrc-override to torrcOverride Everything else uses camel case so changing to match. --- src/resources/torrc-override/override.c | 50 ------ src/resources/torrc-override/override.h | 1 - src/resources/torrc-override/override.py | 265 ------------------------------ src/resources/torrcOverride/override.c | 50 ++++++ src/resources/torrcOverride/override.h | 1 + src/resources/torrcOverride/override.py | 265 ++++++++++++++++++++++++++++++ 6 files changed, 316 insertions(+), 316 deletions(-) diff --git a/src/resources/torrc-override/override.c b/src/resources/torrc-override/override.c deleted file mode 100644 index b989584..0000000 --- a/src/resources/torrc-override/override.c +++ /dev/null @@ -1,50 +0,0 @@ -// -// This is a very small C wrapper that invokes -// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py to work around setuid scripting -// issues on the Gnu/Linux operating system. -// -// We assume you have installed it as such for GROUP -// "debian-arm" - This should ensure that only members of the GROUP group will -// be allowed to run this program. When run this program will execute the -// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py program and will run with the -// uid and group as marked by the OS. -// -// Compile it like so: -// -// make -// -// Or by hand like so: -// -// gcc -o tor-arm-replace-torrc tor-arm-replace-torrc.c -// -// Make it useful like so: -// -// chown root:debian-arm tor-arm-replace-torrc -// chmod 04750 tor-arm-replace-torrc -// -// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -// -// If you place a user inside of the $GROUP - they are now able to reconfigure -// Tor. This may lead them to do nasty things on your system. If you start Tor -// as root, you should consider that adding a user to $GROUP is similar to -// giving those users root directly. -// -// This program was written simply to help a users who run arm locally and is -// not required if arm is communicating with a remote Tor process. -// -// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -// -// - -#include <stdio.h> -#include <stdlib.h> -#include <sys/types.h> -#include <unistd.h> -#include "tor-arm-replace-torrc.h" - -int main() -{ - return execve(TOR_ARM_REPLACE_TORRC, NULL, NULL); -} diff --git a/src/resources/torrc-override/override.h b/src/resources/torrc-override/override.h deleted file mode 100644 index 65adc9d..0000000 --- a/src/resources/torrc-override/override.h +++ /dev/null @@ -1 +0,0 @@ -#define TOR_ARM_REPLACE_TORRC HELPER_NAME diff --git a/src/resources/torrc-override/override.py b/src/resources/torrc-override/override.py deleted file mode 100755 index 6cfdbc6..0000000 --- a/src/resources/torrc-override/override.py +++ /dev/null @@ -1,265 +0,0 @@ -#!/usr/bin/python - -""" -This overwrites the system wide torrc, located at /etc/tor/torrc, with the -contents of the ARM_CONFIG_FILE. The system wide torrc is owned by root so -this will effectively need root permissions and for us to be in GROUP. - -This file is completely unusable until we make a tor-arm user and perform -other prep by running with the '--init' argument. - -After that's done this is meant to either be used by arm automatically after -writing a torrc to ARM_CONFIG_FILE or by users manually. For arm to use this -automatically you'll either need to... - -- compile torrc-override.c, setuid on the binary, and move it to your path - cd /usr/share/arm/resources/torrc-override - make - chown root:tor-arm override - chmod 04750 override - mv override /usr/bin/torrc-override - -- allow passwordless sudo for this script - edit /etc/sudoers and add a line with: - <arm user> ALL= NOPASSWD: /usr/share/arm/resources/torrc-override/override.py - -To perform this manually run: -/usr/share/arm/resources/torrc-override/override.py -pkill -sighup tor -""" - -import os -import sys -import grp -import pwd -import time -import shutil -import tempfile -import signal - -USER = "tor-arm" -GROUP = "tor-arm" -TOR_CONFIG_FILE = "/etc/tor/torrc" -ARM_CONFIG_FILE = "/var/lib/tor-arm/torrc" - -HELP_MSG = """Usage %s [OPTION] - Backup the system wide torrc (%s) and replace it with the - contents of %s. - - --init creates the necessary user and paths - --remove reverts changes made with --init -""" % (os.path.basename(sys.argv[0]), TOR_CONFIG_FILE, ARM_CONFIG_FILE) - -def init(): - """ - Performs system preparation needed for this script to run, adding the tor-arm - user and setting up paths/permissions. - """ - - # the following is just here if we have a custom destination directory (which - # arm doesn't currently account for) - if not os.path.exists("/bin/"): - print "making '/bin'..." - os.mkdir("/bin") - - if not os.path.exists("/var/lib/tor-arm/"): - print "making '/var/lib/tor-arm'..." - os.makedirs("/var/lib/tor-arm") - - if not os.path.exists("/var/lib/tor-arm/torrc"): - print "making '/var/lib/tor-arm/torrc'..." - open("/var/lib/tor-arm/torrc", 'w').close() - - try: gid = grp.getgrnam(GROUP).gr_gid - except KeyError: - print "adding %s group..." % GROUP - os.system("addgroup --quiet --system %s" % GROUP) - gid = grp.getgrnam(GROUP).gr_gid - print " done, gid: %s" % gid - - try: pwd.getpwnam(USER).pw_uid - except KeyError: - print "adding %s user..." % USER - os.system("adduser --quiet --ingroup %s --no-create-home --home /var/lib/tor-arm/ --shell /bin/sh --system %s" % (GROUP, USER)) - uid = pwd.getpwnam(USER).pw_uid - print " done, uid: %s" % uid - - os.chown("/bin", 0, 0) - os.chown("/var/lib/tor-arm", 0, gid) - os.chmod("/var/lib/tor-arm", 0750) - os.chown("/var/lib/tor-arm/torrc", 0, gid) - os.chmod("/var/lib/tor-arm/torrc", 0760) - -def remove(): - """ - Reverts the changes made by init, and also removes the optional - /bin/torrc-override binary if it exists. - """ - - print "removing %s user..." % USER - os.system("deluser --quiet %s" % USER) - - print "removing %s group..." % GROUP - os.system("delgroup --quiet %s" % GROUP) - - # might not exist since this is compiled and placed separately - try: - print "removing '/bin/torrc-override'..." - os.remove("/bin/torrc-override") - except OSError: - print " no such path" - - try: - print "removing '/var/lib/tor-arm'..." - shutil.rmtree("/var/lib/tor-arm/") - except Exception, exc: - print " unsuccessful: %s" % exc - -def replaceTorrc(): - orig_uid = os.getuid() - orig_euid = os.geteuid() - - # the USER and GROUP must exist on this system - try: - dropped_uid = pwd.getpwnam(USER).pw_uid - dropped_gid = grp.getgrnam(GROUP).gr_gid - dropped_euid, dropped_egid = dropped_uid, dropped_gid - except KeyError: - print "tor-arm user and group was not found, have you run this script with '--init'?" - exit(1) - - # if we're actually root, we skip this group check - # root can get away with all of this - if orig_uid != 0: - # check that the user is in GROUP - if not dropped_gid in os.getgroups(): - print "Your user needs to be a member of the %s group for this to work" % GROUP - sys.exit(1) - - # drop to the unprivileged group, and lose the rest of the groups - os.setgid(dropped_gid) - os.setegid(dropped_egid) - os.setresgid(dropped_gid, dropped_egid, dropped_gid) - os.setgroups([dropped_gid]) - - # make a tempfile and write out the contents - try: - tf = tempfile.NamedTemporaryFile(delete=False) # uses mkstemp internally - - # allows our child process to write to tf.name (not only if their uid matches, not their gid) - os.chown(tf.name, dropped_uid, orig_euid) - except: - print "We were unable to make a temporary file" - sys.exit(1) - - fork_pid = os.fork() - - # open the suspect config after we drop privs - # we assume the dropped privs are still enough to write to the tf - if (fork_pid == 0): - signal.signal(signal.SIGCHLD, signal.SIG_IGN) - - # Drop privs forever in the child process - # I believe this drops os.setfsuid os.setfsgid stuff - # Clear all other supplemental groups for dropped_uid - os.setgroups([dropped_gid]) - os.setresgid(dropped_gid, dropped_egid, dropped_gid) - os.setresuid(dropped_uid, dropped_euid, dropped_uid) - os.setgid(dropped_gid) - os.setegid(dropped_egid) - os.setuid(dropped_uid) - os.seteuid(dropped_euid) - - try: - af = open(ARM_CONFIG_FILE) # this is totally unpriv'ed - - # ensure that the fd we opened has the properties we requrie - configStat = os.fstat(af.fileno()) # this happens on the unpriv'ed FD - if configStat.st_gid != dropped_gid: - print "Arm's configuration file (%s) must be owned by the group %s" % (ARM_CONFIG_FILE, GROUP) - sys.exit(1) - - # if everything checks out, we're as safe as we're going to get - armConfig = af.read(1024 * 1024) # limited read but not too limited - af.close() - tf.file.write(armConfig) - tf.flush() - except: - print "Unable to open the arm config as unpriv'ed user" - sys.exit(1) - finally: - tf.close() - sys.exit(0) - else: - # If we're here, we're in the parent waiting for the child's death - # man, unix is really weird... - _, status = os.waitpid(fork_pid, 0) - - if status != 0: - print "The child seems to have failed; exiting!" - tf.close() - sys.exit(1) - - # attempt to verify that the config is OK - if os.path.exists(tf.name): - # construct our SU string - SUSTRING = "su -c 'tor --verify-config -f " + str(tf.name) + "' " + USER - # We raise privs to drop them with 'su' - os.setuid(0) - os.seteuid(0) - os.setgid(0) - os.setegid(0) - # We drop privs here and exec tor to verify it as the dropped_uid - print "Using Tor to verify that arm will not break Tor's config:" - success = os.system(SUSTRING) - if success != 0: - print "Tor says the new configuration file is invalid: %s (%s)" % (ARM_CONFIG_FILE, tf.name) - sys.exit(1) - - # backup the previous tor config - if os.path.exists(TOR_CONFIG_FILE): - try: - backupFilename = "%s_backup_%i" % (TOR_CONFIG_FILE, int(time.time())) - shutil.copy(TOR_CONFIG_FILE, backupFilename) - except IOError, exc: - print "Unable to backup %s (%s)" % (TOR_CONFIG_FILE, exc) - sys.exit(1) - - # overwrites TOR_CONFIG_FILE with ARM_CONFIG_FILE as loaded into tf.name - try: - shutil.copy(tf.name, TOR_CONFIG_FILE) - print "Successfully reconfigured Tor" - except IOError, exc: - print "Unable to copy %s to %s (%s)" % (tf.name, TOR_CONFIG_FILE, exc) - sys.exit(1) - - # unlink our temp file - try: - os.remove(tf.name) - except: - print "Unable to close temp file %s" % tf.name - sys.exit(1) - - sys.exit(0) - -if __name__ == "__main__": - # sanity check that we're on linux - if os.name != "posix": - print "This is a script specifically for configuring Linux" - sys.exit(1) - - # check that we're running effectively as root - if os.geteuid() != 0: - print "This script needs to be run as root" - sys.exit(1) - - if len(sys.argv) < 2: - replaceTorrc() - elif len(sys.argv) == 2 and sys.argv[1] == "--init": - init() - elif len(sys.argv) == 2 and sys.argv[1] == "--remove": - remove() - else: - print HELP_MSG - sys.exit(1) - diff --git a/src/resources/torrcOverride/override.c b/src/resources/torrcOverride/override.c new file mode 100644 index 0000000..b989584 --- /dev/null +++ b/src/resources/torrcOverride/override.c @@ -0,0 +1,50 @@ +// +// This is a very small C wrapper that invokes +// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py to work around setuid scripting +// issues on the Gnu/Linux operating system. +// +// We assume you have installed it as such for GROUP +// "debian-arm" - This should ensure that only members of the GROUP group will +// be allowed to run this program. When run this program will execute the +// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py program and will run with the +// uid and group as marked by the OS. +// +// Compile it like so: +// +// make +// +// Or by hand like so: +// +// gcc -o tor-arm-replace-torrc tor-arm-replace-torrc.c +// +// Make it useful like so: +// +// chown root:debian-arm tor-arm-replace-torrc +// chmod 04750 tor-arm-replace-torrc +// +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +// +// If you place a user inside of the $GROUP - they are now able to reconfigure +// Tor. This may lead them to do nasty things on your system. If you start Tor +// as root, you should consider that adding a user to $GROUP is similar to +// giving those users root directly. +// +// This program was written simply to help a users who run arm locally and is +// not required if arm is communicating with a remote Tor process. +// +// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +// +// + +#include <stdio.h> +#include <stdlib.h> +#include <sys/types.h> +#include <unistd.h> +#include "tor-arm-replace-torrc.h" + +int main() +{ + return execve(TOR_ARM_REPLACE_TORRC, NULL, NULL); +} diff --git a/src/resources/torrcOverride/override.h b/src/resources/torrcOverride/override.h new file mode 100644 index 0000000..65adc9d --- /dev/null +++ b/src/resources/torrcOverride/override.h @@ -0,0 +1 @@ +#define TOR_ARM_REPLACE_TORRC HELPER_NAME diff --git a/src/resources/torrcOverride/override.py b/src/resources/torrcOverride/override.py new file mode 100755 index 0000000..3e42892 --- /dev/null +++ b/src/resources/torrcOverride/override.py @@ -0,0 +1,265 @@ +#!/usr/bin/python + +""" +This overwrites the system wide torrc, located at /etc/tor/torrc, with the +contents of the ARM_CONFIG_FILE. The system wide torrc is owned by root so +this will effectively need root permissions and for us to be in GROUP. + +This file is completely unusable until we make a tor-arm user and perform +other prep by running with the '--init' argument. + +After that's done this is meant to either be used by arm automatically after +writing a torrc to ARM_CONFIG_FILE or by users manually. For arm to use this +automatically you'll either need to... + +- compile override.c, setuid on the binary, and move it to your path + cd /usr/share/arm/resources/torrcOverride + make + chown root:tor-arm override + chmod 04750 override + mv override /usr/bin/torrc-override + +- allow passwordless sudo for this script + edit /etc/sudoers and add a line with: + <arm user> ALL= NOPASSWD: /usr/share/arm/resources/torrcOverride/override.py + +To perform this manually run: +/usr/share/arm/resources/torrcOverride/override.py +pkill -sighup tor +""" + +import os +import sys +import grp +import pwd +import time +import shutil +import tempfile +import signal + +USER = "tor-arm" +GROUP = "tor-arm" +TOR_CONFIG_FILE = "/etc/tor/torrc" +ARM_CONFIG_FILE = "/var/lib/tor-arm/torrc" + +HELP_MSG = """Usage %s [OPTION] + Backup the system wide torrc (%s) and replace it with the + contents of %s. + + --init creates the necessary user and paths + --remove reverts changes made with --init +""" % (os.path.basename(sys.argv[0]), TOR_CONFIG_FILE, ARM_CONFIG_FILE) + +def init(): + """ + Performs system preparation needed for this script to run, adding the tor-arm + user and setting up paths/permissions. + """ + + # the following is just here if we have a custom destination directory (which + # arm doesn't currently account for) + if not os.path.exists("/bin/"): + print "making '/bin'..." + os.mkdir("/bin") + + if not os.path.exists("/var/lib/tor-arm/"): + print "making '/var/lib/tor-arm'..." + os.makedirs("/var/lib/tor-arm") + + if not os.path.exists("/var/lib/tor-arm/torrc"): + print "making '/var/lib/tor-arm/torrc'..." + open("/var/lib/tor-arm/torrc", 'w').close() + + try: gid = grp.getgrnam(GROUP).gr_gid + except KeyError: + print "adding %s group..." % GROUP + os.system("addgroup --quiet --system %s" % GROUP) + gid = grp.getgrnam(GROUP).gr_gid + print " done, gid: %s" % gid + + try: pwd.getpwnam(USER).pw_uid + except KeyError: + print "adding %s user..." % USER + os.system("adduser --quiet --ingroup %s --no-create-home --home /var/lib/tor-arm/ --shell /bin/sh --system %s" % (GROUP, USER)) + uid = pwd.getpwnam(USER).pw_uid + print " done, uid: %s" % uid + + os.chown("/bin", 0, 0) + os.chown("/var/lib/tor-arm", 0, gid) + os.chmod("/var/lib/tor-arm", 0750) + os.chown("/var/lib/tor-arm/torrc", 0, gid) + os.chmod("/var/lib/tor-arm/torrc", 0760) + +def remove(): + """ + Reverts the changes made by init, and also removes the optional + /bin/torrc-override binary if it exists. + """ + + print "removing %s user..." % USER + os.system("deluser --quiet %s" % USER) + + print "removing %s group..." % GROUP + os.system("delgroup --quiet %s" % GROUP) + + # might not exist since this is compiled and placed separately + try: + print "removing '/bin/torrc-override'..." + os.remove("/bin/torrc-override") + except OSError: + print " no such path" + + try: + print "removing '/var/lib/tor-arm'..." + shutil.rmtree("/var/lib/tor-arm/") + except Exception, exc: + print " unsuccessful: %s" % exc + +def replaceTorrc(): + orig_uid = os.getuid() + orig_euid = os.geteuid() + + # the USER and GROUP must exist on this system + try: + dropped_uid = pwd.getpwnam(USER).pw_uid + dropped_gid = grp.getgrnam(GROUP).gr_gid + dropped_euid, dropped_egid = dropped_uid, dropped_gid + except KeyError: + print "tor-arm user and group was not found, have you run this script with '--init'?" + exit(1) + + # if we're actually root, we skip this group check + # root can get away with all of this + if orig_uid != 0: + # check that the user is in GROUP + if not dropped_gid in os.getgroups(): + print "Your user needs to be a member of the %s group for this to work" % GROUP + sys.exit(1) + + # drop to the unprivileged group, and lose the rest of the groups + os.setgid(dropped_gid) + os.setegid(dropped_egid) + os.setresgid(dropped_gid, dropped_egid, dropped_gid) + os.setgroups([dropped_gid]) + + # make a tempfile and write out the contents + try: + tf = tempfile.NamedTemporaryFile(delete=False) # uses mkstemp internally + + # allows our child process to write to tf.name (not only if their uid matches, not their gid) + os.chown(tf.name, dropped_uid, orig_euid) + except: + print "We were unable to make a temporary file" + sys.exit(1) + + fork_pid = os.fork() + + # open the suspect config after we drop privs + # we assume the dropped privs are still enough to write to the tf + if (fork_pid == 0): + signal.signal(signal.SIGCHLD, signal.SIG_IGN) + + # Drop privs forever in the child process + # I believe this drops os.setfsuid os.setfsgid stuff + # Clear all other supplemental groups for dropped_uid + os.setgroups([dropped_gid]) + os.setresgid(dropped_gid, dropped_egid, dropped_gid) + os.setresuid(dropped_uid, dropped_euid, dropped_uid) + os.setgid(dropped_gid) + os.setegid(dropped_egid) + os.setuid(dropped_uid) + os.seteuid(dropped_euid) + + try: + af = open(ARM_CONFIG_FILE) # this is totally unpriv'ed + + # ensure that the fd we opened has the properties we requrie + configStat = os.fstat(af.fileno()) # this happens on the unpriv'ed FD + if configStat.st_gid != dropped_gid: + print "Arm's configuration file (%s) must be owned by the group %s" % (ARM_CONFIG_FILE, GROUP) + sys.exit(1) + + # if everything checks out, we're as safe as we're going to get + armConfig = af.read(1024 * 1024) # limited read but not too limited + af.close() + tf.file.write(armConfig) + tf.flush() + except: + print "Unable to open the arm config as unpriv'ed user" + sys.exit(1) + finally: + tf.close() + sys.exit(0) + else: + # If we're here, we're in the parent waiting for the child's death + # man, unix is really weird... + _, status = os.waitpid(fork_pid, 0) + + if status != 0: + print "The child seems to have failed; exiting!" + tf.close() + sys.exit(1) + + # attempt to verify that the config is OK + if os.path.exists(tf.name): + # construct our SU string + SUSTRING = "su -c 'tor --verify-config -f " + str(tf.name) + "' " + USER + # We raise privs to drop them with 'su' + os.setuid(0) + os.seteuid(0) + os.setgid(0) + os.setegid(0) + # We drop privs here and exec tor to verify it as the dropped_uid + print "Using Tor to verify that arm will not break Tor's config:" + success = os.system(SUSTRING) + if success != 0: + print "Tor says the new configuration file is invalid: %s (%s)" % (ARM_CONFIG_FILE, tf.name) + sys.exit(1) + + # backup the previous tor config + if os.path.exists(TOR_CONFIG_FILE): + try: + backupFilename = "%s_backup_%i" % (TOR_CONFIG_FILE, int(time.time())) + shutil.copy(TOR_CONFIG_FILE, backupFilename) + except IOError, exc: + print "Unable to backup %s (%s)" % (TOR_CONFIG_FILE, exc) + sys.exit(1) + + # overwrites TOR_CONFIG_FILE with ARM_CONFIG_FILE as loaded into tf.name + try: + shutil.copy(tf.name, TOR_CONFIG_FILE) + print "Successfully reconfigured Tor" + except IOError, exc: + print "Unable to copy %s to %s (%s)" % (tf.name, TOR_CONFIG_FILE, exc) + sys.exit(1) + + # unlink our temp file + try: + os.remove(tf.name) + except: + print "Unable to close temp file %s" % tf.name + sys.exit(1) + + sys.exit(0) + +if __name__ == "__main__": + # sanity check that we're on linux + if os.name != "posix": + print "This is a script specifically for configuring Linux" + sys.exit(1) + + # check that we're running effectively as root + if os.geteuid() != 0: + print "This script needs to be run as root" + sys.exit(1) + + if len(sys.argv) < 2: + replaceTorrc() + elif len(sys.argv) == 2 and sys.argv[1] == "--init": + init() + elif len(sys.argv) == 2 and sys.argv[1] == "--remove": + remove() + else: + print HELP_MSG + sys.exit(1) +

1 0

[arm/release] Scripts for overriding system wide torrc
by atagar＠torproject.org 25 Sep '11

25 Sep '11

commit 881ae570ebbc486376ec1fe36488804c93a7976e Author: Damian Johnson <atagar(a)torproject.org> Date: Tue Jul 26 18:20:52 2011 -0700 Scripts for overriding system wide torrc Editing scripts made by Jake for overriding a root owned system wide torrc with an alternate made by arm. For more information see: https://trac.torproject.org/projects/tor/ticket/3629 --- src/resources/torrc-override/override.c | 50 ++++++ src/resources/torrc-override/override.h | 1 + src/resources/torrc-override/override.py | 265 ++++++++++++++++++++++++++++++ 3 files changed, 316 insertions(+), 0 deletions(-) diff --git a/src/resources/torrc-override/override.c b/src/resources/torrc-override/override.c new file mode 100644 index 0000000..b989584 --- /dev/null +++ b/src/resources/torrc-override/override.c @@ -0,0 +1,50 @@ +// +// This is a very small C wrapper that invokes +// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py to work around setuid scripting +// issues on the Gnu/Linux operating system. +// +// We assume you have installed it as such for GROUP +// "debian-arm" - This should ensure that only members of the GROUP group will +// be allowed to run this program. When run this program will execute the +// $(DESTDIR)/usr/bin/tor-arm-replace-torrc.py program and will run with the +// uid and group as marked by the OS. +// +// Compile it like so: +// +// make +// +// Or by hand like so: +// +// gcc -o tor-arm-replace-torrc tor-arm-replace-torrc.c +// +// Make it useful like so: +// +// chown root:debian-arm tor-arm-replace-torrc +// chmod 04750 tor-arm-replace-torrc +// +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +// +// If you place a user inside of the $GROUP - they are now able to reconfigure +// Tor. This may lead them to do nasty things on your system. If you start Tor +// as root, you should consider that adding a user to $GROUP is similar to +// giving those users root directly. +// +// This program was written simply to help a users who run arm locally and is +// not required if arm is communicating with a remote Tor process. +// +// XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +// !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +// +// + +#include <stdio.h> +#include <stdlib.h> +#include <sys/types.h> +#include <unistd.h> +#include "tor-arm-replace-torrc.h" + +int main() +{ + return execve(TOR_ARM_REPLACE_TORRC, NULL, NULL); +} diff --git a/src/resources/torrc-override/override.h b/src/resources/torrc-override/override.h new file mode 100644 index 0000000..65adc9d --- /dev/null +++ b/src/resources/torrc-override/override.h @@ -0,0 +1 @@ +#define TOR_ARM_REPLACE_TORRC HELPER_NAME diff --git a/src/resources/torrc-override/override.py b/src/resources/torrc-override/override.py new file mode 100755 index 0000000..6cfdbc6 --- /dev/null +++ b/src/resources/torrc-override/override.py @@ -0,0 +1,265 @@ +#!/usr/bin/python + +""" +This overwrites the system wide torrc, located at /etc/tor/torrc, with the +contents of the ARM_CONFIG_FILE. The system wide torrc is owned by root so +this will effectively need root permissions and for us to be in GROUP. + +This file is completely unusable until we make a tor-arm user and perform +other prep by running with the '--init' argument. + +After that's done this is meant to either be used by arm automatically after +writing a torrc to ARM_CONFIG_FILE or by users manually. For arm to use this +automatically you'll either need to... + +- compile torrc-override.c, setuid on the binary, and move it to your path + cd /usr/share/arm/resources/torrc-override + make + chown root:tor-arm override + chmod 04750 override + mv override /usr/bin/torrc-override + +- allow passwordless sudo for this script + edit /etc/sudoers and add a line with: + <arm user> ALL= NOPASSWD: /usr/share/arm/resources/torrc-override/override.py + +To perform this manually run: +/usr/share/arm/resources/torrc-override/override.py +pkill -sighup tor +""" + +import os +import sys +import grp +import pwd +import time +import shutil +import tempfile +import signal + +USER = "tor-arm" +GROUP = "tor-arm" +TOR_CONFIG_FILE = "/etc/tor/torrc" +ARM_CONFIG_FILE = "/var/lib/tor-arm/torrc" + +HELP_MSG = """Usage %s [OPTION] + Backup the system wide torrc (%s) and replace it with the + contents of %s. + + --init creates the necessary user and paths + --remove reverts changes made with --init +""" % (os.path.basename(sys.argv[0]), TOR_CONFIG_FILE, ARM_CONFIG_FILE) + +def init(): + """ + Performs system preparation needed for this script to run, adding the tor-arm + user and setting up paths/permissions. + """ + + # the following is just here if we have a custom destination directory (which + # arm doesn't currently account for) + if not os.path.exists("/bin/"): + print "making '/bin'..." + os.mkdir("/bin") + + if not os.path.exists("/var/lib/tor-arm/"): + print "making '/var/lib/tor-arm'..." + os.makedirs("/var/lib/tor-arm") + + if not os.path.exists("/var/lib/tor-arm/torrc"): + print "making '/var/lib/tor-arm/torrc'..." + open("/var/lib/tor-arm/torrc", 'w').close() + + try: gid = grp.getgrnam(GROUP).gr_gid + except KeyError: + print "adding %s group..." % GROUP + os.system("addgroup --quiet --system %s" % GROUP) + gid = grp.getgrnam(GROUP).gr_gid + print " done, gid: %s" % gid + + try: pwd.getpwnam(USER).pw_uid + except KeyError: + print "adding %s user..." % USER + os.system("adduser --quiet --ingroup %s --no-create-home --home /var/lib/tor-arm/ --shell /bin/sh --system %s" % (GROUP, USER)) + uid = pwd.getpwnam(USER).pw_uid + print " done, uid: %s" % uid + + os.chown("/bin", 0, 0) + os.chown("/var/lib/tor-arm", 0, gid) + os.chmod("/var/lib/tor-arm", 0750) + os.chown("/var/lib/tor-arm/torrc", 0, gid) + os.chmod("/var/lib/tor-arm/torrc", 0760) + +def remove(): + """ + Reverts the changes made by init, and also removes the optional + /bin/torrc-override binary if it exists. + """ + + print "removing %s user..." % USER + os.system("deluser --quiet %s" % USER) + + print "removing %s group..." % GROUP + os.system("delgroup --quiet %s" % GROUP) + + # might not exist since this is compiled and placed separately + try: + print "removing '/bin/torrc-override'..." + os.remove("/bin/torrc-override") + except OSError: + print " no such path" + + try: + print "removing '/var/lib/tor-arm'..." + shutil.rmtree("/var/lib/tor-arm/") + except Exception, exc: + print " unsuccessful: %s" % exc + +def replaceTorrc(): + orig_uid = os.getuid() + orig_euid = os.geteuid() + + # the USER and GROUP must exist on this system + try: + dropped_uid = pwd.getpwnam(USER).pw_uid + dropped_gid = grp.getgrnam(GROUP).gr_gid + dropped_euid, dropped_egid = dropped_uid, dropped_gid + except KeyError: + print "tor-arm user and group was not found, have you run this script with '--init'?" + exit(1) + + # if we're actually root, we skip this group check + # root can get away with all of this + if orig_uid != 0: + # check that the user is in GROUP + if not dropped_gid in os.getgroups(): + print "Your user needs to be a member of the %s group for this to work" % GROUP + sys.exit(1) + + # drop to the unprivileged group, and lose the rest of the groups + os.setgid(dropped_gid) + os.setegid(dropped_egid) + os.setresgid(dropped_gid, dropped_egid, dropped_gid) + os.setgroups([dropped_gid]) + + # make a tempfile and write out the contents + try: + tf = tempfile.NamedTemporaryFile(delete=False) # uses mkstemp internally + + # allows our child process to write to tf.name (not only if their uid matches, not their gid) + os.chown(tf.name, dropped_uid, orig_euid) + except: + print "We were unable to make a temporary file" + sys.exit(1) + + fork_pid = os.fork() + + # open the suspect config after we drop privs + # we assume the dropped privs are still enough to write to the tf + if (fork_pid == 0): + signal.signal(signal.SIGCHLD, signal.SIG_IGN) + + # Drop privs forever in the child process + # I believe this drops os.setfsuid os.setfsgid stuff + # Clear all other supplemental groups for dropped_uid + os.setgroups([dropped_gid]) + os.setresgid(dropped_gid, dropped_egid, dropped_gid) + os.setresuid(dropped_uid, dropped_euid, dropped_uid) + os.setgid(dropped_gid) + os.setegid(dropped_egid) + os.setuid(dropped_uid) + os.seteuid(dropped_euid) + + try: + af = open(ARM_CONFIG_FILE) # this is totally unpriv'ed + + # ensure that the fd we opened has the properties we requrie + configStat = os.fstat(af.fileno()) # this happens on the unpriv'ed FD + if configStat.st_gid != dropped_gid: + print "Arm's configuration file (%s) must be owned by the group %s" % (ARM_CONFIG_FILE, GROUP) + sys.exit(1) + + # if everything checks out, we're as safe as we're going to get + armConfig = af.read(1024 * 1024) # limited read but not too limited + af.close() + tf.file.write(armConfig) + tf.flush() + except: + print "Unable to open the arm config as unpriv'ed user" + sys.exit(1) + finally: + tf.close() + sys.exit(0) + else: + # If we're here, we're in the parent waiting for the child's death + # man, unix is really weird... + _, status = os.waitpid(fork_pid, 0) + + if status != 0: + print "The child seems to have failed; exiting!" + tf.close() + sys.exit(1) + + # attempt to verify that the config is OK + if os.path.exists(tf.name): + # construct our SU string + SUSTRING = "su -c 'tor --verify-config -f " + str(tf.name) + "' " + USER + # We raise privs to drop them with 'su' + os.setuid(0) + os.seteuid(0) + os.setgid(0) + os.setegid(0) + # We drop privs here and exec tor to verify it as the dropped_uid + print "Using Tor to verify that arm will not break Tor's config:" + success = os.system(SUSTRING) + if success != 0: + print "Tor says the new configuration file is invalid: %s (%s)" % (ARM_CONFIG_FILE, tf.name) + sys.exit(1) + + # backup the previous tor config + if os.path.exists(TOR_CONFIG_FILE): + try: + backupFilename = "%s_backup_%i" % (TOR_CONFIG_FILE, int(time.time())) + shutil.copy(TOR_CONFIG_FILE, backupFilename) + except IOError, exc: + print "Unable to backup %s (%s)" % (TOR_CONFIG_FILE, exc) + sys.exit(1) + + # overwrites TOR_CONFIG_FILE with ARM_CONFIG_FILE as loaded into tf.name + try: + shutil.copy(tf.name, TOR_CONFIG_FILE) + print "Successfully reconfigured Tor" + except IOError, exc: + print "Unable to copy %s to %s (%s)" % (tf.name, TOR_CONFIG_FILE, exc) + sys.exit(1) + + # unlink our temp file + try: + os.remove(tf.name) + except: + print "Unable to close temp file %s" % tf.name + sys.exit(1) + + sys.exit(0) + +if __name__ == "__main__": + # sanity check that we're on linux + if os.name != "posix": + print "This is a script specifically for configuring Linux" + sys.exit(1) + + # check that we're running effectively as root + if os.geteuid() != 0: + print "This script needs to be run as root" + sys.exit(1) + + if len(sys.argv) < 2: + replaceTorrc() + elif len(sys.argv) == 2 and sys.argv[1] == "--init": + init() + elif len(sys.argv) == 2 and sys.argv[1] == "--remove": + remove() + else: + print HELP_MSG + sys.exit(1) +

1 0

[arm/release] Added validation that torrc is wizard generated
by atagar＠torproject.org 25 Sep '11

25 Sep '11

commit 8f313c620eeec6bfa3c5845fb5c3a7ff187f82ea Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 27 07:44:34 2011 -0700 Added validation that torrc is wizard generated Doing regex checks that the options match what the arm wizard would produce. --- src/resources/torrcOverride/override.py | 92 ++++++++++++++++++++++++++++--- 1 files changed, 83 insertions(+), 9 deletions(-) diff --git a/src/resources/torrcOverride/override.py b/src/resources/torrcOverride/override.py index 21e6b28..dffa3a5 100755 --- a/src/resources/torrcOverride/override.py +++ b/src/resources/torrcOverride/override.py @@ -29,6 +29,7 @@ pkill -sighup tor """ import os +import re import sys import grp import pwd @@ -41,13 +42,40 @@ USER = "tor-arm" GROUP = "tor-arm" TOR_CONFIG_FILE = "/etc/tor/torrc" ARM_CONFIG_FILE = "/var/lib/tor-arm/torrc" +RUN_VERIFY = True # use 'tor --verify-config' to check the torrc + +# regex patterns for options the wizard may include +WIZARD_OPT = ("^DataDirectory \S+$", + "^Log notice file \S+$", + "^ControlPort 9052$", + "^CookieAuthentication 1$", + "^RunAsDaemon 1$", + "^User \S+$", + "^ORPort (443|9001)$", + "^DirPort (80|9030)$", + "^Nickname ", + "^ContactInfo ", + "^BridgeRelay 1$", + "^PublishServerDescriptor 0$", + "^RelayBandwidthRate ", + "^RelayBandwidthBurst ", + "^AccountingMax ", + "^SocksPort 0$", + "^PortForwarding 1$", + "^ExitPolicy (accept|reject) \S+$", + "^DirPortFrontPage \S+$", + "^ClientOnly 1$", + "^MaxCircuitDirtiness ", + "^UseBridges 1$", + "^Bridge ") HELP_MSG = """Usage %s [OPTION] Backup the system wide torrc (%s) and replace it with the contents of %s. - --init creates the necessary user and paths - --remove reverts changes made with --init + --init creates the necessary user and paths + --remove reverts changes made with --init + --validate PATH checks if the given file is wizard generated """ % (os.path.basename(sys.argv[0]), TOR_CONFIG_FILE, ARM_CONFIG_FILE) def init(): @@ -196,27 +224,37 @@ def replaceTorrc(): # man, unix is really weird... _, status = os.waitpid(fork_pid, 0) - if status != 0: + if status != 0 or not os.path.exists(tf.name): print "The child seems to have failed; exiting!" tf.close() sys.exit(1) # attempt to verify that the config is OK - if os.path.exists(tf.name): - # construct our SU string - SUSTRING = "su -c 'tor --verify-config -f " + str(tf.name) + "' " + USER - # We raise privs to drop them with 'su' + if RUN_VERIFY: + # raise privilages to drop them with 'su' os.setuid(0) os.seteuid(0) os.setgid(0) os.setegid(0) - # We drop privs here and exec tor to verify it as the dropped_uid + + # drop privilages and exec tor to verify it as the dropped_uid print "Using Tor to verify that arm will not break Tor's config:" - success = os.system(SUSTRING) + verifyCmd = "su -c 'tor --verify-config -f %s' %s" % (tf.name, USER) + success = os.system(verifyCmd) + if success != 0: print "Tor says the new configuration file is invalid: %s (%s)" % (ARM_CONFIG_FILE, tf.name) sys.exit(1) + # validates that the torrc matches what the wizard could produce + torrcFile = open(tf.name) + torrcContents = torrcFile.readlines() + torrcFile.close() + + if not isWizardGenerated(torrcContents): + print "torrc doesn't match what we'd expect from the setup wizard" + sys.exit(1) + # backup the previous tor config if os.path.exists(TOR_CONFIG_FILE): try: @@ -243,6 +281,34 @@ def replaceTorrc(): sys.exit(0) +def isWizardGenerated(torrcLines): + """ + True if the given torrc contents could be generated by the wizard, false + otherwise. This just checks the basic format and options used, not the + validity of most generated values so this could still be rejected by tor. + """ + + wizardPatterns = [re.compile(opt) for opt in WIZARD_OPT] + + for line in torrcLines: + commentStart = line.find("#") + if commentStart != -1: line = line[:commentStart] + + line = line.strip() + if not line: continue # blank line + + isRecognized = False + for pattern in wizardPatterns: + if pattern.match(line): + isRecognized = True + break + + if not isRecognized: + print "Unrecognized torrc contents: %s" % line + return False + + return True + if __name__ == "__main__": # sanity check that we're on linux if os.name != "posix": @@ -260,6 +326,14 @@ if __name__ == "__main__": init() elif len(sys.argv) == 2 and sys.argv[1] == "--remove": remove() + elif len(sys.argv) == 3 and sys.argv[1] == "--validate": + torrcFile = open(sys.argv[2]) + torrcContents = torrcFile.readlines() + torrcFile.close() + + isValid = isWizardGenerated(torrcContents) + if isValid: print "torrc validated" + else: print "torrc invalid" else: print HELP_MSG sys.exit(1)

1 0

[arm/release] fix: hardcoding path for override script
by atagar＠torproject.org 25 Sep '11

25 Sep '11

commit f1792cdb7790c4dbfbff4f244aeb0a9bf0dc4f11 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 27 11:10:31 2011 -0700 fix: hardcoding path for override script Header file for the setuid wrapper required on the make file for determining the path for the python script it executes. Moving this into the header file instead. --- src/resources/torrcOverride/override.h | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/resources/torrcOverride/override.h b/src/resources/torrcOverride/override.h index 65adc9d..8bb8869 100644 --- a/src/resources/torrcOverride/override.h +++ b/src/resources/torrcOverride/override.h @@ -1 +1 @@ -#define TOR_ARM_REPLACE_TORRC HELPER_NAME +#define TOR_ARM_REPLACE_TORRC /usr/share/arm/resources/torrcOverride/override.py

1 0

[arm/release] fix: existance check before removing paths
by atagar＠torproject.org 25 Sep '11

25 Sep '11

commit 3af68f600f58f3a791958a94d274d70676efeec7 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 27 06:19:13 2011 -0700 fix: existance check before removing paths --- src/resources/torrcOverride/override.py | 23 ++++++++++++----------- 1 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/resources/torrcOverride/override.py b/src/resources/torrcOverride/override.py index 3e42892..21e6b28 100755 --- a/src/resources/torrcOverride/override.py +++ b/src/resources/torrcOverride/override.py @@ -102,18 +102,19 @@ def remove(): print "removing %s group..." % GROUP os.system("delgroup --quiet %s" % GROUP) - # might not exist since this is compiled and placed separately - try: - print "removing '/bin/torrc-override'..." - os.remove("/bin/torrc-override") - except OSError: - print " no such path" + if os.path.exists("/bin/torrc-override"): + try: + print "removing '/bin/torrc-override'..." + os.remove("/bin/torrc-override") + except OSError, exc: + print " unsuccessful: %s" % exc - try: - print "removing '/var/lib/tor-arm'..." - shutil.rmtree("/var/lib/tor-arm/") - except Exception, exc: - print " unsuccessful: %s" % exc + if os.path.exists("/var/lib/tor-arm/"): + try: + print "removing '/var/lib/tor-arm'..." + shutil.rmtree("/var/lib/tor-arm/") + except Exception, exc: + print " unsuccessful: %s" % exc def replaceTorrc(): orig_uid = os.getuid()

1 0

[arm/release] Wizard hooks for configuring system wide torrc
by atagar＠torproject.org 25 Sep '11

25 Sep '11

commit ec49c74ba52d9410d6f108a4e76dfad063d40500 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Jul 27 12:10:02 2011 -0700 Wizard hooks for configuring system wide torrc Providing an option to apply the wizard config to the system wide torrc if it's available (user has already done the --init prep). --- src/cli/wizard.py | 98 +++++++++++++++++++++++++++++++++++++++++++++++------ src/settings.cfg | 4 ++ 2 files changed, 91 insertions(+), 11 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index 08e9d0b..31f2f70 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -24,7 +24,7 @@ TORRC_TEMPLATE = "resources/torrcTemplate.txt" RelayType = enum.Enum("RESUME", "RELAY", "EXIT", "BRIDGE", "CLIENT") # all options that can be configured -Options = enum.Enum("DIVIDER", "CONTROL", "NICKNAME", "CONTACT", "NOTIFY", "BANDWIDTH", "LIMIT", "CLIENT", "LOWPORTS", "PORTFORWARD", "STARTUP", "RSHUTDOWN", "CSHUTDOWN", "NOTICE", "POLICY", "WEBSITES", "EMAIL", "IM", "MISC", "PLAINTEXT", "DISTRIBUTE", "BRIDGED", "BRIDGE1", "BRIDGE2", "BRIDGE3", "REUSE") +Options = enum.Enum("DIVIDER", "CONTROL", "NICKNAME", "CONTACT", "NOTIFY", "BANDWIDTH", "LIMIT", "CLIENT", "LOWPORTS", "PORTFORWARD", "SYSTEM", "STARTUP", "RSHUTDOWN", "CSHUTDOWN", "NOTICE", "POLICY", "WEBSITES", "EMAIL", "IM", "MISC", "PLAINTEXT", "DISTRIBUTE", "BRIDGED", "BRIDGE1", "BRIDGE2", "BRIDGE3", "REUSE") RelayOptions = {RelayType.RELAY: (Options.NICKNAME, Options.CONTACT, Options.NOTIFY, @@ -34,7 +34,8 @@ RelayOptions = {RelayType.RELAY: (Options.NICKNAME, Options.LOWPORTS, Options.PORTFORWARD, Options.STARTUP, - Options.RSHUTDOWN), + Options.RSHUTDOWN, + Options.SYSTEM), RelayType.EXIT: (Options.NICKNAME, Options.CONTACT, Options.NOTIFY, @@ -45,6 +46,7 @@ RelayOptions = {RelayType.RELAY: (Options.NICKNAME, Options.PORTFORWARD, Options.STARTUP, Options.RSHUTDOWN, + Options.SYSTEM, Options.DIVIDER, Options.NOTICE, Options.POLICY, @@ -60,13 +62,15 @@ RelayOptions = {RelayType.RELAY: (Options.NICKNAME, Options.LOWPORTS, Options.PORTFORWARD, Options.STARTUP, - Options.RSHUTDOWN), + Options.RSHUTDOWN, + Options.SYSTEM), RelayType.CLIENT: (Options.BRIDGED, Options.BRIDGE1, Options.BRIDGE2, Options.BRIDGE3, Options.REUSE, - Options.CSHUTDOWN)} + Options.CSHUTDOWN, + Options.SYSTEM)} # option sets CUSTOM_POLICIES = (Options.WEBSITES, Options.EMAIL, Options.IM, Options.MISC, Options.PLAINTEXT) @@ -95,6 +99,12 @@ VERSION_REQUIREMENTS = {Options.PORTFORWARD: "0.2.3.1-alpha"} TOR_DEFAULTS = {Options.BANDWIDTH: "5 MB", Options.REUSE: "10 minutes"} +# path for the torrc to be placed if replacing the torrc for the system wide +# tor instance +SYSTEM_DROP_PATH = "/var/lib/tor-arm/torrc" +OVERRIDE_SCRIPT = "/usr/share/arm/resources/torrcOverride/override.py" +OVERRIDE_SETUID_SCRIPT = "/usr/bin/torrc-override" + CONFIG = {"wizard.message.role": "", "wizard.message.relay": "", "wizard.message.exit": "", @@ -306,6 +316,13 @@ def showWizard(): if not sysTools.isAvailable("tor-fw-helper"): disabledOpt.append(Options.PORTFORWARD) + # If we haven't run 'resources/torrcOverride/override.py --init' or lack + # permissions then we aren't able to deal with the system wide tor instance. + # Also drop the optoin if we aren't installed since override.py won't be at + # the expected path. + if not os.path.exists(SYSTEM_DROP_PATH) or not os.path.exists(OVERRIDE_SCRIPT): + disabledOpt.append(Options.SYSTEM) + while True: if relayType == None: selection = promptRelayType(relaySelection) @@ -331,16 +348,26 @@ def showWizard(): if confirmationSelection == NEXT: log.log(log.INFO, "Writing torrc to '%s':\n%s" % (torrcLocation, generatedTorrc)) + isSystemReplace = not Options.SYSTEM in disabledOpt and config[Options.SYSTEM].getValue() + if isSystemReplace: torrcLocation = SYSTEM_DROP_PATH + # if the torrc already exists then save it to a _bak file isBackedUp = False if os.path.exists(torrcLocation): - shutil.copy(torrcLocation, torrcLocation + "_bak") - isBackedUp = True + try: + shutil.copy(torrcLocation, torrcLocation + "_bak") + isBackedUp = True + except IOError, exc: + log.log(log.WARN, "Unable to backup the torrc: %s" % exc) # writes the torrc contents - torrcFile = open(torrcLocation, "w") - torrcFile.write(generatedTorrc) - torrcFile.close() + try: + torrcFile = open(torrcLocation, "w") + torrcFile.write(generatedTorrc) + torrcFile.close() + except IOError, exc: + log.log(log.ERR, "Unable to make torrc: %s" % exc) + break # logs where we placed the torrc msg = "Tor configuration placed at '%s'" % torrcLocation @@ -367,7 +394,53 @@ def showWizard(): msg = "Exit notice placed at '%s/index.html'. Some of the sections are specific to US relay operators so please change the \"FIXME\" sections if this is inappropriate." % dst log.log(log.NOTICE, msg) - if manager.isTorrcAvailable(): + runCommand, exitCode = None, 1 + + if isSystemReplace: + # running override.py needs root so... + # - if running as root (bad user, no biscuit!) then run it directly + # - if the setuid binary is available at '/usr/bin/torrc-override' + # then use that + # - attempt sudo in case passwordless sudo is available + # - if all of the above fail then log instructions + + if os.geteuid() == 0: runCommand = OVERRIDE_SCRIPT + elif os.path.exists(OVERRIDE_SETUID_SCRIPT): runCommand = OVERRIDE_SETUID_SCRIPT + else: + # The -n argument to sudo is *supposed* to be available starting + # with 1.7.0 [1] however this is a dirty lie (Ubuntu 9.10 uses + # 1.7.0 and even has the option in its man page, but it doesn't + # work). Instead checking for version 1.7.1. + # + # [1] http://www.sudo.ws/pipermail/sudo-users/2009-January/003889.html + + sudoVersionResult = sysTools.call("sudo -V") + + # version output looks like "Sudo version 1.7.2p7" + if len(sudoVersionResult) == 1 and sudoVersionResult.count(" ") >= 2: + versionNum = 0 + + for comp in sudoVersionResult[0].split(" ")[2].split("."): + if comp and comp[0].isdigit(): + versionNum = (10 * versionNum) + int(comp) + else: + # invalid format + log.log(log.INFO, "Unrecognized sudo version string: %s" % sudoVersionResult[0]) + versionNum = 0 + break + + if versionNum >= 171: + runCommand = "sudo -n %s" % OVERRIDE_SCRIPT + else: + log.log(log.INFO, "Insufficient sudo version for the -n argument") + + if runCommand: exitCode = os.system("%s > /dev/null 2>&1" % runCommand) + + if exitCode != 0: + msg = "Tor needs root permissions to replace the system wide torrc. To continue...\n- open another terminal\n- run \"sudo %s\"\n- press 'x' here to tell tor to reload" % OVERRIDE_SCRIPT + log.log(log.NOTICE, msg) + else: torTools.getConn().reload() + elif manager.isTorrcAvailable(): # If we're connected to a managed instance then just need to # issue a sighup to pick up the new settings. Otherwise starts # a new tor instance. @@ -603,9 +676,12 @@ def getTorrc(relayType, config, disabledOpt): dataDir = cli.controller.getController().getDataDirectory() templateOptions["NOTICE_PATH"] = "%sexitNotice/index.html" % dataDir templateOptions["LOG_ENTRY"] = "notice file %stor_log" % dataDir - templateOptions["DATA_DIR"] = "%stor_data" % dataDir templateOptions["USERNAME"] = getpass.getuser() + # using custom data directory, unless this is for a system wide instance + if not config[Options.SYSTEM].getValue() or Options.SYSTEM in disabledOpt: + templateOptions["DATA_DIR"] = "%stor_data" % dataDir + policyCategories = [] if not config[Options.POLICY].getValue(): policyCategories = ["web", "mail", "im", "misc"] diff --git a/src/settings.cfg b/src/settings.cfg index 750ae9e..9154ed5 100644 --- a/src/settings.cfg +++ b/src/settings.cfg @@ -354,6 +354,7 @@ wizard.toggle Portforward => Enabled, Disabled wizard.toggle Startup => Yes, No wizard.toggle Rshutdown => Yes, No wizard.toggle Cshutdown => Yes, No +wizard.toggle System => Yes, No wizard.toggle Notice => Yes, No wizard.toggle Policy => Custom, Default wizard.toggle Websites => Allow, Block @@ -383,6 +384,7 @@ wizard.default Bandwidth => 5 MB/s wizard.default Startup => true wizard.default Rshutdown => false wizard.default Cshutdown => true +wizard.default System => true wizard.default Client => false wizard.default Lowports => true wizard.default Portforward => true @@ -421,6 +423,7 @@ wizard.label.opt Portforward => Port Forwarding wizard.label.opt Startup => Run At Startup wizard.label.opt Rshutdown => Shutdown With Arm wizard.label.opt Cshutdown => Shutdown With Arm +wizard.label.opt System => Use System Instance wizard.label.opt Notice => Disclaimer Notice wizard.label.opt Policy => Exit Policy wizard.label.opt Websites => Web Browsing @@ -452,6 +455,7 @@ wizard.description.opt Portforward => If needed, attempts NAT traversal using UP wizard.description.opt Startup => Runs Tor in the background when the system starts. wizard.description.opt Rshutdown => When you quit arm the Tor process is stopped thirty seconds later. This delay is so people using you can gracefully switch their circuits. wizard.description.opt Cshutdown => Stops the Tor process when you quit arm. +wizard.description.opt System => Use the system wide tor instance rather than making one of our own. wizard.description.opt Notice => Provides a disclaimer that this is an exit on port 80 (http://www.atagar.com/exitNotice). wizard.description.opt Policy => Ports allowed to exit from your relay. The default policy allows for common services while limiting the chance of getting a DMCA takedown for torrent traffic (http://www.atagar.com/exitPolicy). wizard.description.opt Websites => General Internet browsing including HTTP (80), HTTPS (443), common alternatives (81, 8008), and proxies (3128, 8080)

1 0

[arm/release] Support += operations for list-model wrapper.
by atagar＠torproject.org 25 Sep '11

25 Sep '11

commit 6b4d1e8ff8d7872bb1cb4bf88bf17f31e61fee1e Author: Kamran Riaz Khan <krkhan(a)inspirated.com> Date: Sun Jul 24 03:57:47 2011 +0500 Support += operations for list-model wrapper. --- src/gui/configPanel.py | 11 ++++------- src/util/gtkTools.py | 14 +++++++++++++- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/src/gui/configPanel.py b/src/gui/configPanel.py index e0fb8dc..a8d7f02 100644 --- a/src/gui/configPanel.py +++ b/src/gui/configPanel.py @@ -32,26 +32,23 @@ class ConfigPanel(object, CliConfigPanel): listStore = self.builder.get_object('liststore_config') self._confImportantContents = ConfContents(self.confImportantContents, listStore) - self.confImportantContents = self.confImportantContents[-5:] + self.confImportantContents += self.confImportantContents[-5:] @property def confImportantContents(self): if hasattr(self, '_confImportantContents'): - return self._confImportantContents + return self._confImportantContents.container else: return [] @confImportantContents.setter def confImportantContents(self, value): if hasattr(self, '_confImportantContents'): - try: - self._confImportantContents.empty() - except AttributeError: - pass + self._confImportantContents.empty() for entry in value: self._confImportantContents.append(entry) else: - self._confImportantContents = value + self._confImportantContents = ConfContents(value) def pack_widgets(self): treeView = self.builder.get_object('treeview_config') diff --git a/src/util/gtkTools.py b/src/util/gtkTools.py index 5ad321e..b60a829 100644 --- a/src/util/gtkTools.py +++ b/src/util/gtkTools.py @@ -21,7 +21,7 @@ class Theme: self.colors[key] = getattr(widget.style, prop)[state] class ListWrapper(object): - def __init__(self, container, model): + def __init__(self, container, model=None): self.container = [] self.model = model @@ -63,17 +63,29 @@ class ListWrapper(object): gobject.idle_add(self.__model_set, key, entry) def __model_append(self, entry): + if not self.model: + return + row = self._create_row_from_entry(entry) self.model.append(row) def __model_clear(self): + if not self.model: + return + self.model.clear() def __model_del(self, key): + if not self.model: + return + treeIter = self.model.get_iter(key) self.model.remove(treeIter) def __model_set(self, key, entry): + if not self.model: + return + row = self._create_row_from_entry(entry) self.model[key] = row

1 0

[arm/release] Use tuple instead of dict to init panel (for maintaining order).
by atagar＠torproject.org 25 Sep '11

25 Sep '11

commit aea32ec50157270b4e7f3835496dd2c358444931 Author: Kamran Riaz Khan <krkhan(a)inspirated.com> Date: Sun Jul 17 16:11:01 2011 +0500 Use tuple instead of dict to init panel (for maintaining order). --- src/gui/controller.py | 18 +++++++++--------- 1 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/gui/controller.py b/src/gui/controller.py index 7172aa7..bf2e0f9 100644 --- a/src/gui/controller.py +++ b/src/gui/controller.py @@ -19,15 +19,15 @@ class GuiController: self.builder.add_from_file(filename) self.builder.connect_signals(self) - self.panels = { - logPanel.LogPanel : None, - bandwidthStats.BandwidthStats : None, - connPanel.ConnectionPanel : None, - generalPanel.GeneralPanel : None } - - for panel in self.panels.keys(): - self.panels[panel] = panel(self.builder) - self.panels[panel].pack_widgets() + panelClasses = (logPanel.LogPanel, + bandwidthStats.BandwidthStats, + connPanel.ConnectionPanel, + generalPanel.GeneralPanel) + self.panels = {} + + for panelClass in panelClasses: + self.panels[panelClass] = panelClass(self.builder) + self.panels[panelClass].pack_widgets() def run(self): window = self.builder.get_object('window_main')

1 0

[arm/release] Add authors.
by atagar＠torproject.org 25 Sep '11

25 Sep '11

commit 82d89ad3fd63c898e8865242f11178483c24f52b Author: Kamran Riaz Khan <krkhan(a)inspirated.com> Date: Sun Jul 17 16:24:24 2011 +0500 Add authors. --- src/gui/arm.xml | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/gui/arm.xml b/src/gui/arm.xml index 56112c9..2b9ad95 100644 --- a/src/gui/arm.xml +++ b/src/gui/arm.xml @@ -1228,6 +1228,8 @@ the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read <http://www.gnu.org/philosophy/why-not-lgpl.html>. </property> + <property name="authors">Kamran Riaz Khan <krkhan(a)inspirated.com> +Damian Johnson <atagar1(a)gmail.com></property> <signal name="response" handler="on_aboutdialog_response"/> <child internal-child="vbox"> <object class="GtkVBox" id="aboutdialog_vbox">

1 0

[arm/release] Merge branch 'master' of git://git.torproject.org/arm
by atagar＠torproject.org 25 Sep '11

25 Sep '11

commit c63b7426b89a3be97ba28dff345ef4d60ba78d52 Merge: 82d89ad e9a02dd Author: Kamran Riaz Khan <krkhan(a)inspirated.com> Date: Sun Jul 17 17:15:38 2011 +0500 Merge branch 'master' of git://git.torproject.org/arm ChangeLog | 53 +++++++++++++++++++++++++++++++++++++++++++++++++ install | 2 +- setup.py | 3 +- src/gui/__init__.py | 2 +- src/gui/controller.py | 13 +++++++++-- src/prereq.py | 6 +++- src/util/__init__.py | 2 +- src/util/panel.py | 1 - src/util/torConfig.py | 2 +- src/version.py | 4 +- 10 files changed, 75 insertions(+), 13 deletions(-) diff --cc src/gui/controller.py index bf2e0f9,4979ea1..19b9513 --- a/src/gui/controller.py +++ b/src/gui/controller.py @@@ -13,21 -13,31 +13,28 @@@ gobject.threads_init( class GuiController: def __init__(self): - filename = 'src/gui/arm.xml' - self.builder = gtk.Builder() - self.builder.add_from_file(filename) + + try: + self.builder.add_from_file('src/gui/arm.xml') + except: + # when installed the above path doesn't work (the 'src' prefix doesn't + # exist and whichever path it's working off of doens't seem to exist), + # so using absolute path instead + + self.builder.add_from_file('/usr/share/arm/gui/arm.xml') + self.builder.connect_signals(self) - self.logPanel = logPanel.LogPanel(self.builder) - self.logPanel.pack_widgets() - - self.bwStats = bandwidthStats.BandwidthStats(self.builder) - self.bwStats.pack_widgets() - - self.connPanel = connPanel.ConnectionPanel(self.builder) - self.connPanel.pack_widgets() - self.connPanel.start() + panelClasses = (logPanel.LogPanel, + bandwidthStats.BandwidthStats, + connPanel.ConnectionPanel, + generalPanel.GeneralPanel) + self.panels = {} - self.generalPanel = generalPanel.GeneralPanel(self.builder) - self.generalPanel.pack_widgets() + for panelClass in panelClasses: + self.panels[panelClass] = panelClass(self.builder) + self.panels[panelClass].pack_widgets() def run(self): window = self.builder.get_object('window_main')

1 0

← Newer
1
...
20
21
22
23
24
25
26
...
87
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits September 2011