tor-commits June 2013

tor-commits@lists.torproject.org

19 participants
1571 discussions

[translation/vidalia] Update translations for vidalia
by translation＠torproject.org 02 Jun '13

02 Jun '13

commit ed41c77b68bf485f5a1cdc932aa286ee83d1bf10 Author: Translation commit bot <translation(a)torproject.org> Date: Sun Jun 2 06:15:22 2013 +0000 Update translations for vidalia --- si_LK/vidalia_si_LK.po | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/si_LK/vidalia_si_LK.po b/si_LK/vidalia_si_LK.po index 0994304..c1744ee 100644 --- a/si_LK/vidalia_si_LK.po +++ b/si_LK/vidalia_si_LK.po @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: https://trac.torproject.org/projects/tor\n" "POT-Creation-Date: 2012-03-21 17:52+0000\n" -"PO-Revision-Date: 2013-06-02 05:40+0000\n" +"PO-Revision-Date: 2013-06-02 06:15+0000\n" "Last-Translator: ganeshwaki <ganeshwaki(a)gmail.com>\n" "Language-Team: Sinhala (Sri Lanka) (http://www.transifex.com/projects/p/torproject/language/si_LK/)\n" "MIME-Version: 1.0\n" @@ -262,7 +262,7 @@ msgstr "සිටවුම් පෙන්වන්න" msgctxt "BandwidthGraph" msgid "Tor Bandwidth Usage" -msgstr "" +msgstr "Tor කලාප පළල භාවිතය " msgctxt "BandwidthGraph" msgid "Reset" @@ -414,7 +414,7 @@ msgstr "බෙදාගැනීම" msgctxt "ConfigDialog" msgid "Services" -msgstr "" +msgstr "සේවාවන් " msgctxt "ConfigDialog" msgid "Appearance" @@ -458,11 +458,11 @@ msgstr "පාලක සොකට්ටුව සම්බන්ධවී නො msgctxt "ControlPasswordInputDialog" msgid "Password Required" -msgstr "" +msgstr "මුරපදය අවශ්‍යය " msgctxt "ControlPasswordInputDialog" msgid "Remember my password" -msgstr "" +msgstr "මගේ මුරපදය මතක තබා ගන්න " msgctxt "ControlPasswordInputDialog" msgid "" @@ -1316,7 +1316,7 @@ msgctxt "CrashReportDialog" msgid "" "<a " "href=\"https://trac.torproject.org/projects/tor/newticket\">https://trac.torproject.org/projects/tor/newticket</a>" -msgstr "" +msgstr "<a href=\"https://trac.torproject.org/projects/tor/newticket\">https://trac.torproject.org/projects/tor/newticket</a>" msgctxt "CrashReportDialog" msgid "" @@ -1329,7 +1329,7 @@ msgctxt "CrashReportDialog" msgid "" "with a description of what you were doing before the application crashed, " "along with the following files corresponding to the crash report:" -msgstr "" +msgstr "ඔබ යෙදුම අඩාල වීමට ප්‍රථම කුමක් කලේද යන්න සම්බන්ධ විස්තරයක්, සමග අඩාල වාර්තාව සම්බන්ධ පහත සදහන් ගොනු:" msgctxt "GeneralPage" msgid "Executables (*.exe)" @@ -1509,7 +1509,7 @@ msgstr "ඊළඟ දේ සොයන්න" msgctxt "HelpBrowser" msgid "Case sensitive" -msgstr "" +msgstr "කැපිටල් සිම්පල් අකුරු ගැන සැලකිලිමත් " msgctxt "HelpBrowser" msgid "Whole words only" @@ -1578,7 +1578,7 @@ msgstr "බලපත්‍රය" msgctxt "LicenseDialog" msgid "Credits" -msgstr "" +msgstr "ගෞරවය " msgctxt "LogEvent" msgid "Debug" @@ -2418,7 +2418,7 @@ msgctxt "MessageLog" msgid "" "Messages that only appear when \n" "something has gone wrong with Tor." -msgstr "" +msgstr "පණිවිඩ දැකගත හැකිවන්නේ\nTor හි යම් දෙයක් වැරදුනුවිටය." msgctxt "MessageLog" msgid "" @@ -2426,7 +2426,7 @@ msgid "" "during normal Tor operation and are \n" "not considered errors, but you may \n" "care about." -msgstr "" +msgstr "නොනවත්වා දැකගත හැකි පණිවිඩ\n Tor සාමාන්‍ය භාවිතයදී \nදෝෂ ලෙස නොසලකයි, නමුත් ඔබ \nඒවා ගැන සැලකිලිමත් වේ." msgctxt "MessageLog" msgid "" @@ -2438,7 +2438,7 @@ msgctxt "MessageLog" msgid "" "Hyper-verbose messages primarily of \n" "interest to Tor developers." -msgstr "" +msgstr "Hyper-verbose පණිවිඩ ප්‍රාථමිකව \nතනුම්කරුවන්ගේ අවධානයටය." msgctxt "MessageLog" msgid "" @@ -3127,7 +3127,7 @@ msgctxt "ServerPage" msgid "" "Email address at which you may be reached if there is a\n" "problem with your relay. You might also include your PGP or GPG fingerprint." -msgstr "" +msgstr "ඔබගේ ප්‍රතියෝජකයේ වරදක් තිබුන නිසා මෙම විද්‍යුත් තැපෑලට ලගාවී ඇත \n එසේම ඔබ PGP or GPG fingerprint ඇතුලත්කර තිබෙන්නට පුළුවන." msgctxt "ServicePage" msgid "Error while trying to unpublish all services" @@ -3436,13 +3436,13 @@ msgstr "ඔබගේ ප්‍රතියෝජකයේ ඩිරෙක්ට msgctxt "StatusEventWidget" msgid "Relay Descriptor Rejected" -msgstr "" +msgstr "ප්‍රතියෝජක විස්තරකාරකය ප්‍රතික්ෂේප විය." msgctxt "StatusEventWidget" msgid "" "Your relay's descriptor, which enables clients to connect to your relay, was" " rejected by the directory server at %1:%2. The reason given was: %3" -msgstr "" +msgstr "ඔබේ ප්‍රතියෝජකයේ විස්තරකාරකය, දායකයන්ට ප්‍රතියෝජකය සමග සම්බන්ධ වීමට උදවුවෙන, නාමාවලි සේවාදායකයා විසින් ප්‍රතික්ෂේප කරන ලදී %1:%2. හේතුව වශයෙන් දී ඇත්තේ: %3" msgctxt "StatusEventWidget" msgid "Your Relay is Online" @@ -3454,7 +3454,7 @@ msgid "" "see an increase in network traffic shown by the Bandwidth Graph within a few" " hours as more clients learn about your relay. Thank you for contributing to" " the Tor network!" -msgstr "" +msgstr "ඔබගේ ප්‍රතියෝජකය දැන් Tor සේවාලාභීන් භාවිතා කිරීමට සබැදි සිටි. ඔබට පැය කිහිපයකින් ජාල තදබදයේ වැඩිවීමක් කලාපපලල ප්‍රස්තාරයෙන් දක්නට ලැබිය යුත්තේ තවත් සේවාලාභීන් ඔබේ ප්‍රතියෝජකය පිලිබද දැනගන්නා නිසාය. Tor ජාලයට දායක වීම සම්බන්ධව ස්තුතියි! " msgctxt "Stream" msgid "New" @@ -3506,7 +3506,7 @@ msgstr "Tor සේවාව ඇරඹීමට නොහැකි විය." msgctxt "TorSettings" msgid "Failed to hash the control password." -msgstr "" +msgstr "පාලක මුරපදය පුරණය කිරීම අසාර්ථක විය." msgctxt "TorrcDialog" msgid "Editing torrc" @@ -3584,7 +3584,7 @@ msgstr "වලංගු UPnP-සබල කල අන්තර්ජාල වා msgctxt "UPNPControl" msgid "WSAStartup failed" -msgstr "" +msgstr "WSAඇරඹුම අසාර්ථකයි" msgctxt "UPNPControl" msgid "Failed to add a port mapping" @@ -3624,7 +3624,7 @@ msgstr "UPnP උදව් පරීක්ෂා කරමින්" msgctxt "UPNPTestDialog" msgid "Testing Universal Plug & Play Support" -msgstr "" +msgstr "Universal Plug & Play Support පරීකෂ කරමින් " msgctxt "UpdateProcess" msgid "" @@ -3772,7 +3772,7 @@ msgstr "විදාලියා ලොග්ගොනුවේ නාමය ස msgctxt "Vidalia" msgid "Sets the verbosity of Vidalia's logging." -msgstr "" +msgstr "විදාලියා හි ලොගනයේ වාග්බාහුල්‍ය සකසයි" msgctxt "Vidalia" msgid "Sets Vidalia's interface style."

1 0

[flashproxy/master] Tested the Gmail instructions recently.
by dcf＠torproject.org 02 Jun '13

02 Jun '13

commit 3016b2024e908aa6b29e353e4b38f68a43336d32 Author: David Fifield <david(a)bamsoftware.com> Date: Sat Jun 1 23:01:11 2013 -0700 Tested the Gmail instructions recently. However, I can't seem to create more than one account with the same phone number anymore. I got one account created for App Engine. When I created a second for backup, it forcibly logged me out after a few seconds on the Gmail inbox view and disabled the account. Just now, a few weeks later, I tried creating a third. After logging out of Gmail, I got a phone verification on logging back in, and it said the number had already been used for verification too many times. --- doc/gmail-setup.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/gmail-setup.txt b/doc/gmail-setup.txt index 44f5124..b51ce90 100644 --- a/doc/gmail-setup.txt +++ b/doc/gmail-setup.txt @@ -1,6 +1,6 @@ These are instructions for setting up a Gmail account for use with the email-based rendezvous and flashproxy-reg-email. These instructions were -current as of October 2012. +current as of May 2013. You may have trouble if you are using Tor to create the account, for two reasons. The first is that exit nodes are a source of abuse and Google

1 0

[translation/vidalia_alpha] Update translations for vidalia_alpha
by translation＠torproject.org 02 Jun '13

02 Jun '13

commit 2cb7d009d3cbff2b9b2bcb3bec206f118752cf13 Author: Translation commit bot <translation(a)torproject.org> Date: Sun Jun 2 05:45:24 2013 +0000 Update translations for vidalia_alpha --- si_LK/vidalia_si_LK.po | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/si_LK/vidalia_si_LK.po b/si_LK/vidalia_si_LK.po index 2052c60..3a81c9b 100644 --- a/si_LK/vidalia_si_LK.po +++ b/si_LK/vidalia_si_LK.po @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: https://trac.torproject.org/projects/tor\n" "POT-Creation-Date: 2012-03-21 17:46+0000\n" -"PO-Revision-Date: 2013-06-01 17:30+0000\n" +"PO-Revision-Date: 2013-06-02 05:44+0000\n" "Last-Translator: Randika.Pathirage <randika.pathirage(a)gmail.com>\n" "Language-Team: Sinhala (Sri Lanka) (http://www.transifex.com/projects/p/torproject/language/si_LK/)\n" "MIME-Version: 1.0\n" @@ -3432,7 +3432,7 @@ msgid "" "Tor is trying to determine if your relay's server port is reachable from the" " Tor network by connecting to itself at %1:%2. This test could take several " "minutes." -msgstr "Tor උත්සහ කරන්නේ ඔබගේ ප්‍රතියෝජකයේ සේවාදායක පෝර්ටය Tor ජාලයේ සිට ලගාවිය හැකි ලෙස එයට %1:%2කිං සබැදිය හැකි බව නිර්ණය කිරීමයි. මෙම පරීක්ෂණයට මිනිත්තු කිහිපයක් ගනු ඇත. " +msgstr "Tor උත්සහ කරන්නේ ඔබගේ ප්‍රතියෝජකයේ සේවාදායක පෝර්ටය Tor ජාලයේ සිට ලගාවිය හැකි ලෙස එයට %1:%2කින් සබැදිය හැකි බව නිර්ණය කිරීමයි. මෙම පරීක්ෂණයට මිනිත්තු කිහිපයක් ගනු ඇත. " msgctxt "StatusEventWidget" msgid "Server Port Reachability Test Successful!" @@ -3452,18 +3452,18 @@ msgid "" "happen if you are behind a router or firewall that requires you to set up " "port forwarding. If %1:%2 is not your correct IP address and server port, " "please check your relay's configuration." -msgstr "" +msgstr "ඔබගේ ප්‍රතියෝජකයේ සේවාදායක පෝර්ටය වෙනත් Tor සේවාලාබීන් මගින් ලගා කරගැනීමට නොහැක. මෙය ඔබ පොර්ට ඉදිරිකරණයක් සැකසීමට අවශ්‍යවන රවුටරයක් හෝ ෆයර්වෝල් එකක් නිසා විය හැක. %1:%2 ඔබේ නිවැරදි IP ලිපිනය සහ සේවාදායක පෝර්ටය නොවේනම්, කරුණාකර ඔබේ ප්‍රතියෝජක වින්‍යාසය පරීක්ෂා කරන්න." msgctxt "StatusEventWidget" msgid "Checking Directory Port Reachability" -msgstr "" +msgstr "ඩිරෙක්ටරි පොර්ට ලගාවීමේ හැකියාව පරීක්ෂා කරමින්" msgctxt "StatusEventWidget" msgid "" "Tor is trying to determine if your relay's directory port is reachable from " "the Tor network by connecting to itself at %1:%2. This test could take " "several minutes." -msgstr "" +msgstr "Tor උත්සහ කරන්නේ ඔබගේ ප්‍රතියෝජකයේ ඩිරෙක්ටරි පෝර්ටය Tor ජාලයේ සිට ලගාවිය හැකි ලෙස එයට %1:%2කින් සබැදිය හැකි බව නිර්ණය කිරීමයි. මෙම පරීක්ෂණයට මිනිත්තු කිහිපයක් ගනු ඇත. " msgctxt "StatusEventWidget" msgid "Directory Port Reachability Test Successful!" @@ -3483,7 +3483,7 @@ msgid "" "happen if you are behind a router or firewall that requires you to set up " "port forwarding. If %1:%2 is not your correct IP address and directory port," " please check your relay's configuration." -msgstr "" +msgstr "ඔබගේ ප්‍රතියෝජකයේ ඩිරෙක්ටරි පෝර්ටය වෙනත් Tor සේවාලාබීන් මගින් ලගා කරගැනීමට නොහැක. මෙය ඔබ පොර්ට ඉදිරිකරණයක් සැකසීමට අවශ්‍යවන රවුටරයක් හෝ ෆයර්වෝල් එකක් නිසා විය හැක. %1:%2 ඔබේ නිවැරදි IP ලිපිනය සහ ඩිරෙක්ටරි පෝර්ටය නොවේනම්, කරුණාකර ඔබේ ප්‍රතියෝජක වින්‍යාසය පරීක්ෂා කරන්න." msgctxt "StatusEventWidget" msgid "Relay Descriptor Rejected" @@ -3505,7 +3505,7 @@ msgid "" "see an increase in network traffic shown by the Bandwidth Graph within a few" " hours as more clients learn about your relay. Thank you for contributing to" " the Tor network!" -msgstr "" +msgstr "ඔබගේ ප්‍රතියෝජකය දැන් Tor සේවාලාභීන් භාවිතා කිරීමට සබැදි සිටි. ඔබට පැය කිහිපයකින් ජාල තදබදයේ වැඩිවීමක් කලාපපලල ප්‍රස්තාරයෙන් දක්නට ලැබිය යුත්තේ තවත් සේවාලාභීන් ඔබේ ප්‍රතියෝජකය පිලිබද දැනගන්නා නිසාය. Tor ජාලයට දායක වීම සම්බන්ධව ස්තුතියි! " msgctxt "StatusTab" msgid "Status" @@ -3521,7 +3521,7 @@ msgstr "Tor තත්ත්වය " msgctxt "StatusTab" msgid "Show on startup" -msgstr "" +msgstr "ඇරඹුමේදී පෙන්වන්න" msgctxt "Stream" msgid "New" @@ -3595,7 +3595,7 @@ msgstr "Tor සේවාව ඇරඹීමට නොහැකි විය." msgctxt "TorSettings" msgid "Failed to hash the control password." -msgstr "" +msgstr "පාලක මුරපදය පුරණය කිරීම අසාර්ථක විය." msgctxt "TorrcDialog" msgid "Editing torrc" @@ -3671,7 +3671,7 @@ msgstr "වලංගු UPnP-සබල කල අන්තර්ජාල වා msgctxt "UPNPControl" msgid "WSAStartup failed" -msgstr "" +msgstr "WSAඇරඹුම අසාර්ථකයි" msgctxt "UPNPControl" msgid "Failed to add a port mapping"

1 0

[translation/vidalia] Update translations for vidalia
by translation＠torproject.org 02 Jun '13

02 Jun '13

commit 317345d342bb6474554a56552e3993adce0e34c1 Author: Translation commit bot <translation(a)torproject.org> Date: Sun Jun 2 05:45:17 2013 +0000 Update translations for vidalia --- si_LK/vidalia_si_LK.po | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/si_LK/vidalia_si_LK.po b/si_LK/vidalia_si_LK.po index 1ccc51c..0994304 100644 --- a/si_LK/vidalia_si_LK.po +++ b/si_LK/vidalia_si_LK.po @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: https://trac.torproject.org/projects/tor\n" "POT-Creation-Date: 2012-03-21 17:52+0000\n" -"PO-Revision-Date: 2013-06-01 17:30+0000\n" +"PO-Revision-Date: 2013-06-02 05:40+0000\n" "Last-Translator: ganeshwaki <ganeshwaki(a)gmail.com>\n" "Language-Team: Sinhala (Sri Lanka) (http://www.transifex.com/projects/p/torproject/language/si_LK/)\n" "MIME-Version: 1.0\n" @@ -3401,18 +3401,18 @@ msgid "" "happen if you are behind a router or firewall that requires you to set up " "port forwarding. If %1:%2 is not your correct IP address and server port, " "please check your relay's configuration." -msgstr "" +msgstr "ඔබගේ ප්‍රතියෝජකයේ සේවාදායක පෝර්ටය වෙනත් Tor සේවාලාබීන් මගින් ලගා කරගැනීමට නොහැක. මෙය ඔබ පොර්ට ඉදිරිකරණයක් සැකසීමට අවශ්‍යවන රවුටරයක් හෝ ෆයර්වෝල් එකක් නිසා විය හැක. %1:%2 ඔබේ නිවැරදි IP ලිපිනය සහ සේවාදායක පෝර්ටය නොවේනම්, කරුණාකර ඔබේ ප්‍රතියෝජක වින්‍යාසය පරීක්ෂා කරන්න." msgctxt "StatusEventWidget" msgid "Checking Directory Port Reachability" -msgstr "" +msgstr "ඩිරෙක්ටරි පොර්ට ලගාවීමේ හැකියාව පරීක්ෂා කරමින්" msgctxt "StatusEventWidget" msgid "" "Tor is trying to determine if your relay's directory port is reachable from " "the Tor network by connecting to itself at %1:%2. This test could take " "several minutes." -msgstr "" +msgstr "Tor උත්සහ කරන්නේ ඔබගේ ප්‍රතියෝජකයේ ඩිරෙක්ටරි පෝර්ටය Tor ජාලයේ සිට ලගාවිය හැකි ලෙස එයට %1:%2කින් සබැදිය හැකි බව නිර්ණය කිරීමයි. මෙම පරීක්ෂණයට මිනිත්තු කිහිපයක් ගනු ඇත. " msgctxt "StatusEventWidget" msgid "Directory Port Reachability Test Successful!" @@ -3432,7 +3432,7 @@ msgid "" "happen if you are behind a router or firewall that requires you to set up " "port forwarding. If %1:%2 is not your correct IP address and directory port," " please check your relay's configuration." -msgstr "" +msgstr "ඔබගේ ප්‍රතියෝජකයේ ඩිරෙක්ටරි පෝර්ටය වෙනත් Tor සේවාලාබීන් මගින් ලගා කරගැනීමට නොහැක. මෙය ඔබ පොර්ට ඉදිරිකරණයක් සැකසීමට අවශ්‍යවන රවුටරයක් හෝ ෆයර්වෝල් එකක් නිසා විය හැක. %1:%2 ඔබේ නිවැරදි IP ලිපිනය සහ ඩිරෙක්ටරි පෝර්ටය නොවේනම්, කරුණාකර ඔබේ ප්‍රතියෝජක වින්‍යාසය පරීක්ෂා කරන්න." msgctxt "StatusEventWidget" msgid "Relay Descriptor Rejected"

1 0

[flashproxy/master] Break getopt lines.
by dcf＠torproject.org 02 Jun '13

02 Jun '13

commit 053dcd502d9342e4528fccb7a7c0c07a07d99a37 Author: David Fifield <david(a)bamsoftware.com> Date: Sat Jun 1 22:35:43 2013 -0700 Break getopt lines. --- facilitator/facilitator-email-poller | 3 ++- facilitator/facilitator-reg-daemon | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/facilitator/facilitator-email-poller b/facilitator/facilitator-email-poller index 6b5dd60..2e6bd4a 100755 --- a/facilitator/facilitator-email-poller +++ b/facilitator/facilitator-email-poller @@ -127,7 +127,8 @@ def log(msg): options.email_addr = DEFAULT_EMAIL_ADDRESS options.imap_addr = (DEFAULT_IMAP_HOST, DEFAULT_IMAP_PORT) -opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "disable-pin", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "privdrop-user=", "unsafe-logging"]) +opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", + ["debug", "disable-pin", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "privdrop-user=", "unsafe-logging"]) for o, a in opts: if o == "-d" or o == "--debug": options.daemonize = False diff --git a/facilitator/facilitator-reg-daemon b/facilitator/facilitator-reg-daemon index b250e71..bf39696 100755 --- a/facilitator/facilitator-reg-daemon +++ b/facilitator/facilitator-reg-daemon @@ -136,7 +136,8 @@ class Server(SocketServer.ThreadingMixIn, SocketServer.TCPServer): def main(): global rsa - opts, args = getopt.gnu_getopt(sys.argv[1:], "dhk:l:p:", ["debug", "help", "key=", "log=", "port=", "pidfile=", "privdrop-user=", "unsafe-logging"]) + opts, args = getopt.gnu_getopt(sys.argv[1:], "dhk:l:p:", + ["debug", "help", "key=", "log=", "port=", "pidfile=", "privdrop-user=", "unsafe-logging"]) for o, a in opts: if o == "-d" or o == "--debug": options.daemonize = False

1 0

[flashproxy/master] Add facilitator-nobody user to facilitator-howto.txt.
by dcf＠torproject.org 02 Jun '13

02 Jun '13

commit 304095ecdefeec98a595b92eda00a7392d2d91e0 Author: Alex <alex(a)alex-macair.(none)> Date: Mon Mar 25 21:44:13 2013 -0400 Add facilitator-nobody user to facilitator-howto.txt. --- doc/facilitator-howto.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/facilitator-howto.txt b/doc/facilitator-howto.txt index 1945a17..1308a8e 100644 --- a/doc/facilitator-howto.txt +++ b/doc/facilitator-howto.txt @@ -105,6 +105,12 @@ Restart servers. == Facilitator program installation +Create the user the daemons will run as. + + # useradd --shell /usr/sbin/nologin --system --home /nonexistent -M facilitator-nobody + +Install the programs. + # apt-get install git python-m2crypto make # git clone https://git.torproject.org/flashproxy.git # cd flashproxy/facilitator

1 0

[flashproxy/master] Use --privdrop-user facilitator-nobody in init scripts.
by dcf＠torproject.org 02 Jun '13

02 Jun '13

commit 309a025c80f53d918f40bd2c08361321d85cb174 Author: David Fifield <david(a)bamsoftware.com> Date: Sat Jun 1 22:10:21 2013 -0700 Use --privdrop-user facilitator-nobody in init scripts. --- facilitator/init.d/facilitator | 3 ++- facilitator/init.d/facilitator-email-poller | 3 ++- facilitator/init.d/facilitator-reg-daemon | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/facilitator/init.d/facilitator b/facilitator/init.d/facilitator index b2f4d19..19bb482 100755 --- a/facilitator/init.d/facilitator +++ b/facilitator/init.d/facilitator @@ -23,8 +23,9 @@ DESC="Flash proxy facilitator" NAME=facilitator PIDFILE=/var/run/$NAME.pid LOGFILE=/var/log/$NAME.log +PRIVDROP_USER=facilitator-nobody DAEMON=/usr/local/bin/$NAME -DAEMON_ARGS="-r $RELAY --log $LOGFILE --pidfile $PIDFILE" +DAEMON_ARGS="-r $RELAY --log $LOGFILE --pidfile $PIDFILE --privdrop-user $PRIVDROP_USER" SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed diff --git a/facilitator/init.d/facilitator-email-poller b/facilitator/init.d/facilitator-email-poller index 5f1c3d7..2c9ecb8 100755 --- a/facilitator/init.d/facilitator-email-poller +++ b/facilitator/init.d/facilitator-email-poller @@ -20,8 +20,9 @@ NAME=facilitator-email-poller PIDFILE=/var/run/$NAME.pid LOGFILE=/var/log/$NAME.log CONFDIR=/etc/flashproxy +PRIVDROP_USER=facilitator-nobody DAEMON=/usr/local/bin/$NAME -DAEMON_ARGS="--pass $CONFDIR/reg-email.pass --log $LOGFILE --pidfile $PIDFILE" +DAEMON_ARGS="--pass $CONFDIR/reg-email.pass --log $LOGFILE --pidfile $PIDFILE --privdrop-user $PRIVDROP_USER" SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed diff --git a/facilitator/init.d/facilitator-reg-daemon b/facilitator/init.d/facilitator-reg-daemon index 810f697..e299468 100755 --- a/facilitator/init.d/facilitator-reg-daemon +++ b/facilitator/init.d/facilitator-reg-daemon @@ -20,8 +20,9 @@ NAME=facilitator-reg-daemon PIDFILE=/var/run/$NAME.pid LOGFILE=/var/log/$NAME.log CONFDIR=/etc/flashproxy +PRIVDROP_USER=facilitator-nobody DAEMON=/usr/local/bin/$NAME -DAEMON_ARGS="--key $CONFDIR/reg-daemon.key --log $LOGFILE --pidfile $PIDFILE" +DAEMON_ARGS="--key $CONFDIR/reg-daemon.key --log $LOGFILE --pidfile $PIDFILE --privdrop-user $PRIVDROP_USER" SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed

1 0

[flashproxy/master] Add --privdrop-user option to allow dropping privileges.
by dcf＠torproject.org 02 Jun '13

02 Jun '13

commit ccb77ceafb744dca40e9602ec1ee6cd63f4a45f4 Author: David Fifield <david(a)bamsoftware.com> Date: Sat Jun 1 20:49:27 2013 -0700 Add --privdrop-user option to allow dropping privileges. --- facilitator/facilitator | 28 ++++++++++++++++++++-------- facilitator/facilitator-email-poller | 34 +++++++++++++++++++++++----------- facilitator/facilitator-reg-daemon | 28 ++++++++++++++++++++-------- 3 files changed, 63 insertions(+), 27 deletions(-) diff --git a/facilitator/facilitator b/facilitator/facilitator index b1f761b..cd3473a 100755 --- a/facilitator/facilitator +++ b/facilitator/facilitator @@ -34,6 +34,7 @@ class options(object): relay_spec = None daemonize = True pid_filename = None + privdrop_username = None safe_logging = True @staticmethod @@ -47,13 +48,14 @@ Usage: %(progname)s -r RELAY <OPTIONS> Flash proxy facilitator: Register client addresses and serve them out again. Listen on 127.0.0.1 and port PORT (by default %(port)d). - -d, --debug don't daemonize, log to stdout. - -h, --help show this help. - -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). - -p, --port PORT listen on PORT (by default %(port)d). - --pidfile FILENAME write PID to FILENAME after daemonizing. - -r, --relay RELAY send RELAY (host:port) to proxies as the relay to use. - --unsafe-logging don't scrub IP addresses from logs.\ + -d, --debug don't daemonize, log to stdout. + -h, --help show this help. + -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). + -p, --port PORT listen on PORT (by default %(port)d). + --pidfile FILENAME write PID to FILENAME after daemonizing. + --privdrop-user USER switch UID and GID to those of USER. + -r, --relay RELAY send RELAY (host:port) to proxies as the relay to use. + --unsafe-logging don't scrub IP addresses from logs.\ """ % { "progname": sys.argv[0], "port": DEFAULT_LISTEN_PORT, @@ -326,7 +328,7 @@ def put_reg(reg): def main(): opts, args = getopt.gnu_getopt(sys.argv[1:], "dhl:p:r:", - ["debug", "help", "log=", "port=", "pidfile=", "relay=", "unsafe-logging"]) + ["debug", "help", "log=", "port=", "pidfile=", "privdrop-user=", "relay=", "unsafe-logging"]) for o, a in opts: if o == "-d" or o == "--debug": options.daemonize = False @@ -340,6 +342,8 @@ def main(): options.listen_port = int(a) elif o == "--pidfile": options.pid_filename = a + elif o == "--privdrop-user": + options.privdrop_username = a elif o == "-r" or o == "--relay": try: options.set_relay_spec(a) @@ -380,6 +384,14 @@ The -r option is required. Give it the relay that will be sent to proxies. f.close() sys.exit(0) + if options.privdrop_username is not None: + log(u"dropping privileges to those of user %s" % options.privdrop_username) + try: + fac.drop_privs(options.privdrop_username) + except BaseException, e: + print >> sys.stderr, "Can't drop privileges:", str(e) + sys.exit(1) + try: server.serve_forever() except KeyboardInterrupt: diff --git a/facilitator/facilitator-email-poller b/facilitator/facilitator-email-poller index 349a1fe..6b5dd60 100755 --- a/facilitator/facilitator-email-poller +++ b/facilitator/facilitator-email-poller @@ -72,6 +72,7 @@ class options(object): log_file = sys.stdout daemonize = True pid_filename = None + privdrop_username = None safe_logging = True imaplib_debug = False use_certificate_pin = True @@ -94,16 +95,17 @@ Facilitator-side helper for the facilitator-reg-email rendezvous. Polls an IMAP server for email messages with client registrations, deletes them, and forwards the registrations to the facilitator. - -d, --debug don't daemonize, log to stdout. - --disable-pin don't check server public key against a known pin. - -e, --email=ADDRESS log in as ADDRESS (default "%(email_addr)s"). - -h, --help show this help. - -i, --imap=HOST[:PORT] use the given IMAP server (default "%(imap_addr)s"). - --imaplib-debug show raw IMAP messages (will include email password). - -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). - -p, --pass=PASSFILE use the email password contained in PASSFILE. - --pidfile FILENAME write PID to FILENAME after daemonizing. - --unsafe-logging don't scrub email password and IP addresses from logs.\ + -d, --debug don't daemonize, log to stdout. + --disable-pin don't check server public key against a known pin. + -e, --email=ADDRESS log in as ADDRESS (default "%(email_addr)s"). + -h, --help show this help. + -i, --imap=HOST[:PORT] use the given IMAP server (default "%(imap_addr)s"). + --imaplib-debug show raw IMAP messages (will include email password). + -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). + -p, --pass=PASSFILE use the email password contained in PASSFILE. + --pidfile FILENAME write PID to FILENAME after daemonizing. + --privdrop-user USER switch UID and GID to those of USER. + --unsafe-logging don't scrub email password and IP addresses from logs.\ """ % { "progname": sys.argv[0], "email_addr": DEFAULT_EMAIL_ADDRESS, @@ -125,7 +127,7 @@ def log(msg): options.email_addr = DEFAULT_EMAIL_ADDRESS options.imap_addr = (DEFAULT_IMAP_HOST, DEFAULT_IMAP_PORT) -opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "disable-pin", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "unsafe-logging"]) +opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "disable-pin", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "privdrop-user=", "unsafe-logging"]) for o, a in opts: if o == "-d" or o == "--debug": options.daemonize = False @@ -147,6 +149,8 @@ for o, a in opts: options.password_filename = a elif o == "--pidfile": options.pid_filename = a + elif o == "--privdrop-user": + options.privdrop_username = a elif o == "--unsafe-logging": options.safe_logging = False @@ -191,6 +195,14 @@ if options.daemonize: f.close() sys.exit(0) +if options.privdrop_username is not None: + log(u"dropping privileges to those of user %s" % options.privdrop_username) + try: + fac.drop_privs(options.privdrop_username) + except BaseException, e: + print >> sys.stderr, "Can't drop privileges:", str(e) + sys.exit(1) + if options.imaplib_debug: imaplib.Debug = 4 diff --git a/facilitator/facilitator-reg-daemon b/facilitator/facilitator-reg-daemon index a935650..b250e71 100755 --- a/facilitator/facilitator-reg-daemon +++ b/facilitator/facilitator-reg-daemon @@ -35,6 +35,7 @@ class options(object): log_file = sys.stdout daemonize = True pid_filename = None + privdrop_username = None safe_logging = True def usage(f = sys.stdout): @@ -45,13 +46,14 @@ registrations and registers them with a local facilitator. This program exists on its own in order to isolate the reading of key material in a single process. - -d, --debug don't daemonize, log to stdout. - -h, --help show this help. - -k, --key=KEYFILE read the private key from KEYFILE (required). - -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). - -p, --port PORT listen on PORT (by default %(port)d). - --pidfile FILENAME write PID to FILENAME after daemonizing. - --unsafe-logging don't scrub email password and IP addresses from logs.\ + -d, --debug don't daemonize, log to stdout. + -h, --help show this help. + -k, --key=KEYFILE read the private key from KEYFILE (required). + -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). + -p, --port PORT listen on PORT (by default %(port)d). + --pidfile FILENAME write PID to FILENAME after daemonizing. + --privdrop-user USER switch UID and GID to those of USER. + --unsafe-logging don't scrub email password and IP addresses from logs.\ """ % { "progname": sys.argv[0], "log": DEFAULT_LOG_FILENAME, @@ -134,7 +136,7 @@ class Server(SocketServer.ThreadingMixIn, SocketServer.TCPServer): def main(): global rsa - opts, args = getopt.gnu_getopt(sys.argv[1:], "dhk:l:p:", ["debug", "help", "key=", "log=", "port=", "pidfile=", "unsafe-logging"]) + opts, args = getopt.gnu_getopt(sys.argv[1:], "dhk:l:p:", ["debug", "help", "key=", "log=", "port=", "pidfile=", "privdrop-user=", "unsafe-logging"]) for o, a in opts: if o == "-d" or o == "--debug": options.daemonize = False @@ -150,6 +152,8 @@ def main(): options.listen_port = int(a) elif o == "--pidfile": options.pid_filename = a + elif o == "--privdrop-user": + options.privdrop_username = a elif o == "--unsafe-logging": options.safe_logging = False @@ -198,6 +202,14 @@ def main(): f.close() sys.exit(0) + if options.privdrop_username is not None: + log(u"dropping privileges to those of user %s" % options.privdrop_username) + try: + fac.drop_privs(options.privdrop_username) + except BaseException, e: + print >> sys.stderr, "Can't drop privileges:", str(e) + sys.exit(1) + try: server.serve_forever() except KeyboardInterrupt:

1 0

[flashproxy/master] Add fac.drop_privs function.
by dcf＠torproject.org 02 Jun '13

02 Jun '13

commit 80387d661788de565b4c1e40613897d0f59021c3 Author: David Fifield <david(a)bamsoftware.com> Date: Sat Jun 1 20:49:16 2013 -0700 Add fac.drop_privs function. --- facilitator/fac.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/facilitator/fac.py b/facilitator/fac.py index d43a522..70d482d 100644 --- a/facilitator/fac.py +++ b/facilitator/fac.py @@ -4,6 +4,7 @@ import re import socket import stat import subprocess +import pwd # Return true iff the given fd is readable, writable, and executable only by its # owner. @@ -11,6 +12,23 @@ def check_perms(fd): mode = os.fstat(fd)[0] return (mode & (stat.S_IRWXG | stat.S_IRWXO)) == 0 +# Drop privileges by switching ID to that of the given user. +# http://stackoverflow.com/questions/2699907/dropping-root-permissions-in-pyt… +# https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Obser… +# https://www.securecoding.cert.org/confluence/display/seccode/POS37-C.+Ensur… +def drop_privs(username): + uid = pwd.getpwnam(username).pw_uid + gid = pwd.getpwnam(username).pw_gid + os.setgroups([]) + os.setgid(gid) + os.setuid(uid) + try: + os.setuid(0) + except OSError: + pass + else: + raise AssertionError("setuid(0) succeeded after attempting to drop privileges") + # A decorator to ignore "broken pipe" errors. def catch_epipe(fn): def ret(self, *args):

1 0

[flashproxy/master] ChangeLog for --privdrop-user.
by dcf＠torproject.org 02 Jun '13

02 Jun '13

commit 6141ae616d64d76c264782f21426ec4cd34871e6 Author: David Fifield <david(a)bamsoftware.com> Date: Sat Jun 1 22:37:32 2013 -0700 ChangeLog for --privdrop-user. --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index be2ee15..8183bcd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ + o The facilitator daemons have a --privdrop-user option that causes + them to change to another user ID after reading keys and opening log + files. facilitator-howto.txt shows how to configure them to use an + unprivileged facilitator-nobody user. Patch by Alexandre Allaire and + David Fifield. Fixes bug 8424. + Changes in version 1.1 o Programs that use certificate pins now take a --disable-pin option that causes pins to be ignored.

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits June 2013