tor-commits May 2016

tor-commits@lists.torproject.org

17 participants
1550 discussions

[translation/tails-misc] Update translations for tails-misc
by translation＠torproject.org 30 May '16

30 May '16

commit b880ec49547b6602a4440cfcb0ff6e45edd1a323 Author: Translation commit bot <translation(a)torproject.org> Date: Mon May 30 13:45:45 2016 +0000 Update translations for tails-misc --- et.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/et.po b/et.po index 6746ff2..273a531 100644 --- a/et.po +++ b/et.po @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2016-05-25 20:25+0200\n" -"PO-Revision-Date: 2016-05-27 10:12+0000\n" +"PO-Revision-Date: 2016-05-30 13:36+0000\n" "Last-Translator: carolyn <carolyn(a)anhalt.org>\n" "Language-Team: Estonian (http://www.transifex.com/otf/torproject/language/et/)\n" "MIME-Version: 1.0\n" @@ -537,7 +537,7 @@ msgstr "" #: ../config/chroot_local-includes/usr/share/applications/tor-browser.desktop.in.h:1 msgid "Tor Browser" -msgstr "" +msgstr "Tor Brauser" #: ../config/chroot_local-includes/usr/share/applications/tor-browser.desktop.in.h:2 msgid "Anonymous Web Browser"

1 0

[translation/tails-persistence-setup] Update translations for tails-persistence-setup
by translation＠torproject.org 30 May '16

30 May '16

commit 4e0fdf41d25c607b8c7e5cfd9b150a072ef63e45 Author: Translation commit bot <translation(a)torproject.org> Date: Mon May 30 13:45:24 2016 +0000 Update translations for tails-persistence-setup --- et/et.po | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/et/et.po b/et/et.po index 40dfda8..d86b84e 100644 --- a/et/et.po +++ b/et/et.po @@ -3,13 +3,14 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: +# Kristjan Räts <kristjanrats(a)gmail.com>, 2016 msgid "" msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: Tails developers <tails(a)boum.org>\n" "POT-Creation-Date: 2016-04-24 16:40+0200\n" -"PO-Revision-Date: 2016-04-25 08:33+0000\n" -"Last-Translator: carolyn <carolyn(a)anhalt.org>\n" +"PO-Revision-Date: 2016-05-30 13:45+0000\n" +"Last-Translator: Kristjan Räts <kristjanrats(a)gmail.com>\n" "Language-Team: Estonian (http://www.transifex.com/otf/torproject/language/et/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -39,7 +40,7 @@ msgstr "" #: ../lib/Tails/Persistence/Configuration/Presets.pm:70 msgid "SSH keys, configuration and known hosts" -msgstr "" +msgstr "SSH võtmed, häälestus ja tuntud hostid" #: ../lib/Tails/Persistence/Configuration/Presets.pm:78 msgid "Pidgin"

1 0

[translation/gettor] Update translations for gettor
by translation＠torproject.org 30 May '16

30 May '16

commit 1b42a737f2cea0cc4b0d0e2ef27f2a1e9b694181 Author: Translation commit bot <translation(a)torproject.org> Date: Mon May 30 13:45:06 2016 +0000 Update translations for gettor --- et/gettor.po | 502 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 502 insertions(+) diff --git a/et/gettor.po b/et/gettor.po new file mode 100644 index 0000000..f97c3af --- /dev/null +++ b/et/gettor.po @@ -0,0 +1,502 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +msgid "" +msgstr "" +"Project-Id-Version: The Tor Project\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2013-01-19 13:40+0100\n" +"PO-Revision-Date: 2010-11-30 05:01+0000\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: Estonian (http://www.transifex.com/otf/torproject/language/et/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: et\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: lib/gettor/i18n.py:27 +msgid "Hello, This is the \"GetTor\" robot." +msgstr "" + +#: lib/gettor/i18n.py:29 +msgid "Thank you for your request." +msgstr "" + +#: lib/gettor/i18n.py:31 +msgid "" +"Unfortunately, we won't answer you at this address. You should make\n" +"an account with GMAIL.COM, YAHOO.COM or YAHOO.CN and send the mail from\n" +"one of those." +msgstr "" + +#: lib/gettor/i18n.py:35 +msgid "" +"We only process requests from email services that support \"DKIM\",\n" +"which is an email feature that lets us verify that the address in the\n" +"\"From\" line is actually the one who sent the mail." +msgstr "" + +#: lib/gettor/i18n.py:39 +msgid "" +"(We apologize if you didn't ask for this mail. Since your email is from\n" +"a service that doesn't use DKIM, we're sending a short explanation,\n" +"and then we'll ignore this email address for the next day or so.)" +msgstr "" + +#: lib/gettor/i18n.py:43 lib/gettor/i18n.py:135 +msgid "" +"If you have any questions or it doesn't work, you can contact a\n" +"human at this support email address: help(a)rt.torproject.org" +msgstr "" + +#: lib/gettor/i18n.py:46 +msgid "" +"I will mail you a Tor package, if you tell me which one you want.\n" +"Please select one of the following package names:\n" +"\n" +" windows\n" +" macos-i386\n" +" macos-ppc\n" +" linux-i386\n" +" linux-x86_64\n" +" obfs-windows\n" +" obfs-macos-i386\n" +" obfs-macos-x86_64\n" +" obfs-linux-i386\n" +" obfs-linux-x86_64\n" +" source" +msgstr "" + +#: lib/gettor/i18n.py:61 +msgid "" +"Please reply to this mail, and tell me a single package name anywhere \n" +"in the body of your email." +msgstr "" + +#: lib/gettor/i18n.py:64 +msgid "" +"OBTAINING LOCALIZED VERSIONS OF TOR\n" +"===================================" +msgstr "" + +#: lib/gettor/i18n.py:67 +msgid "" +"To get a version of Tor translated into your language, specify the\n" +"language you want in the address you send the mail to:\n" +"\n" +" gettor+fa(a)torproject.org" +msgstr "" + +#: lib/gettor/i18n.py:72 +msgid "" +"This example will give you the requested package in a localized\n" +"version for Farsi (Persian). Check below for a list of supported language\n" +"codes. " +msgstr "" + +#: lib/gettor/i18n.py:76 +msgid " List of supported locales:" +msgstr "" + +#: lib/gettor/i18n.py:78 +msgid "Here is a list of all available languages:" +msgstr "" + +#: lib/gettor/i18n.py:80 +msgid "" +" gettor+ar(a)torproject.org: Arabic\n" +" gettor+de(a)torproject.org: German\n" +" gettor+en(a)torproject.org: English\n" +" gettor+es(a)torproject.org: Spanish\n" +" gettor+fa(a)torproject.org: Farsi (Iran)\n" +" gettor+fr(a)torproject.org: French\n" +" gettor+it(a)torproject.org: Italian\n" +" gettor+nl(a)torproject.org: Dutch\n" +" gettor+pl(a)torproject.org: Polish\n" +" gettor+ru(a)torproject.org: Russian\n" +" gettor+zh(a)torproject.org: Chinese" +msgstr "" + +#: lib/gettor/i18n.py:92 +msgid "If you select no language, you will receive the English version." +msgstr "" + +#: lib/gettor/i18n.py:94 +msgid "" +"SMALLER SIZED PACKAGES\n" +"======================" +msgstr "" + +#: lib/gettor/i18n.py:97 +msgid "" +"If your bandwith is low or your provider doesn't allow you to\n" +"receive large attachments in your email, GetTor can send you several\n" +"small packages instead of one big one." +msgstr "" + +#: lib/gettor/i18n.py:101 +msgid "" +"Simply include the keyword 'split' in a new line on its own (this part\n" +"is important!) like so: \n" +" \n" +" windows\n" +" split" +msgstr "" + +#: lib/gettor/i18n.py:107 +msgid "" +"Sending this text in an email to GetTor will cause it to send you \n" +"the Tor Browser Bundle in a number of 1,4MB attachments." +msgstr "" + +#: lib/gettor/i18n.py:110 +msgid "" +"After having received all parts, you need to re-assemble them to \n" +"one package again. This is done as follows:" +msgstr "" + +#: lib/gettor/i18n.py:113 +msgid "1.) Save all received attachments into one folder on your disk." +msgstr "" + +#: lib/gettor/i18n.py:115 +msgid "" +"2.) Unzip all files ending in \".z\". If you saved all attachments to\n" +"a fresh folder before, simply unzip all files in that folder. If you don't\n" +"know how to unzip the .z files, please see the UNPACKING THE FILES section." +msgstr "" + +#: lib/gettor/i18n.py:119 +msgid "" +"3.) Verify all files as described in the mail you received with \n" +"each package. (gpg --verify)" +msgstr "" + +#: lib/gettor/i18n.py:122 +msgid "" +"4.) Now unpack the multi-volume archive into one file by double-\n" +"clicking the file ending in \"..split.part01.exe\". This should start the \n" +"process automatically." +msgstr "" + +#: lib/gettor/i18n.py:126 +msgid "" +"5.) After unpacking is finished, you should find a newly created \n" +"\".exe\" file in your destination folder. Simply doubleclick\n" +"that and Tor Browser Bundle should start within a few seconds." +msgstr "" + +#: lib/gettor/i18n.py:130 +msgid "6.) That's it. You're done. Thanks for using Tor and have fun!" +msgstr "" + +#: lib/gettor/i18n.py:132 +msgid "" +"SUPPORT\n" +"=======" +msgstr "" + +#: lib/gettor/i18n.py:138 +msgid "" +"Here's your requested software as a zip file. Please unzip the\n" +"package and verify the signature." +msgstr "" + +#: lib/gettor/i18n.py:141 +msgid "" +"VERIFY SIGNATURE\n" +"================\n" +"If your computer has GnuPG installed, use the gpg commandline \n" +"tool as follows after unpacking the zip file:\n" +"\n" +" gpg --verify tor-browser-1.3.24_en-US.exe.asc tor-browser-1.3.24_en-US.exe" +msgstr "" + +#: lib/gettor/i18n.py:148 +msgid "" +"The output should look somewhat like this:\n" +"\n" +" gpg: Good signature from 'Erinn Clark <...>'" +msgstr "" + +#: lib/gettor/i18n.py:152 +msgid "" +"If you're not familiar with commandline tools, try looking for\n" +"a graphical user interface for GnuPG on this website:\n" +"\n" +" http://www.gnupg.org/related_software/frontends.html" +msgstr "" + +#: lib/gettor/i18n.py:157 +msgid "" +"BLOCKED ACCESS / CENSORSHIP\n" +"===========================" +msgstr "" + +#: lib/gettor/i18n.py:160 +msgid "" +"If your Internet connection blocks access to the Tor network, you\n" +"may need a bridge relay. Bridge relays (or \"bridges\" for short)\n" +"are Tor relays that aren't listed in the main directory. Since there\n" +"is no complete public list of them, even if your ISP is filtering\n" +"connections to all the known Tor relays, they probably won't be able\n" +"to block all the bridges." +msgstr "" + +#: lib/gettor/i18n.py:167 +msgid "" +"You can acquire a bridge by sending an email that contains \"get bridges\"\n" +"in the body of the email to the following email address:\n" +"\n" +" bridges(a)torproject.org" +msgstr "" + +#: lib/gettor/i18n.py:172 +msgid "" +"It is also possible to fetch bridges with a web browser at the following\n" +"url: https://bridges.torproject.org/" +msgstr "" + +#: lib/gettor/i18n.py:175 +msgid "" +"Another censorship circumvention tool you can request from GetTor is\n" +"the Tor Obfsproxy Browser Bundle. Please read the package descriptions for\n" +"which package you should request to receive this." +msgstr "" + +#: lib/gettor/i18n.py:179 +msgid "" +"IMPORTANT NOTE:\n" +"Since this is part of a split-file request, you need to wait for\n" +"all split files to be received by you before you can save them all\n" +"into the same directory and unpack them by double-clicking the\n" +"first file." +msgstr "" + +#: lib/gettor/i18n.py:185 +msgid "" +"Packages might arrive out of order! Please make sure you received\n" +"all packages before you attempt to unpack them!" +msgstr "" + +#: lib/gettor/i18n.py:188 +#, python-format +msgid "" +"It was successfully understood. Your request is currently being processed.\n" +"Your package (%s) should arrive within the next ten minutes." +msgstr "" + +#: lib/gettor/i18n.py:191 +msgid "" +"If it doesn't arrive, the package might be too big for your mail provider.\n" +"Try resending the mail from a GMAIL.COM, YAHOO.CN or YAHOO.COM account." +msgstr "" + +#: lib/gettor/i18n.py:194 +msgid "" +"Unfortunately we are currently experiencing problems and we can't fulfill\n" +"your request right now. Please be patient as we try to resolve this issue." +msgstr "" + +#: lib/gettor/i18n.py:197 +msgid "" +"Unfortunately there is no split package available for the package you\n" +"requested. Please send us another package name or request the same package \n" +"again, but remove the 'split' keyword. In that case we'll send you the whole \n" +"package. Make sure this is what you want." +msgstr "" + +#: lib/gettor/i18n.py:202 +msgid "" +"UNPACKING THE FILES\n" +"===================" +msgstr "" + +#: lib/gettor/i18n.py:205 +msgid "" +"The easiest way to unpack the files you received is to install 7-Zip,\n" +"a free file compression/uncompression tool. If it isn't installed on\n" +"your computer yet, you can download it here:\n" +"\n" +" http://www.7-zip.org/" +msgstr "" + +#: lib/gettor/i18n.py:211 +msgid "" +"When 7-Zip is installed, you can open the .z archive you received from\n" +"us by double-clicking on it." +msgstr "" + +#: lib/gettor/i18n.py:214 +msgid "" +"An alternative way to get the .z files extraced is to rename them to\n" +".zip. For example, if you recevied a file called \"windows.z\", rename it to \n" +"\"windows.zip\". You should then be able to extract the archive with common \n" +"file archiver programs that probably are already installed on your computer." +msgstr "" + +#: lib/gettor/i18n.py:219 +msgid "" +"Please reply to this mail, and tell me a single package name anywhere\n" +"in your reply. Here's a short explanation of what these packages are:" +msgstr "" + +#: lib/gettor/i18n.py:222 +msgid "" +"windows:\n" +"The Tor Browser Bundle package for Windows operating systems. If you're \n" +"running some version of Windows, like Windows XP, Windows Vista or \n" +"Windows 7, this is the package you should get." +msgstr "" + +#: lib/gettor/i18n.py:227 +msgid "" +"macos-i386:\n" +"The Tor Browser Bundle package for OS X, Intel CPU architecture. In \n" +"general, newer Mac hardware will require you to use this package." +msgstr "" + +#: lib/gettor/i18n.py:231 +msgid "" +"macos-ppc:\n" +"This is an older installer (the \"Vidalia bundle\") for older Macs running\n" +"OS X on PowerPC CPUs. Note that this package will be deprecated soon." +msgstr "" + +#: lib/gettor/i18n.py:235 +msgid "" +"linux-i386:\n" +"The Tor Browser Bundle package for Linux, 32bit versions." +msgstr "" + +#: lib/gettor/i18n.py:238 +msgid "" +"Note that this package is rather large and needs your email provider to \n" +"allow for attachments of about 30MB in size." +msgstr "" + +#: lib/gettor/i18n.py:241 +msgid "" +"linux-x86_64:\n" +"The Tor Browser Bundle package for Linux, 64bit versions." +msgstr "" + +#: lib/gettor/i18n.py:244 +msgid "" +"obfs-windows:\n" +"The Tor Obfsproxy Browser Bundle for Windows operating systems. If you need\n" +"strong censorship circumvention and you are running some version of the \n" +"Windows, like Windows XP, Windows Vista or Windows 7, this is the package\n" +"you should get." +msgstr "" + +#: lib/gettor/i18n.py:250 +msgid "" +"obfs-macos-i386:\n" +"The Tor Obfsproxy Browser Bundle package for OS X, 32bit Intel CPU \n" +"architecture." +msgstr "" + +#: lib/gettor/i18n.py:254 +msgid "" +"obfs-macos-x86_64:\n" +"The Tor Obfsproxy Browser Bundle package for OS X, 64bit Intel CPU \n" +"architecture." +msgstr "" + +#: lib/gettor/i18n.py:258 +msgid "" +"obfs-linux-i386:\n" +"The Tor Obfsproxy Browser Bundle package for Linux, 32bit Intel CPU \n" +"architecture." +msgstr "" + +#: lib/gettor/i18n.py:262 +msgid "" +"obfs-linux-x86_64:\n" +"The Tor Obfsproxy Browser Bundle package for Linux, 64bit Intel CPU \n" +"architecture." +msgstr "" + +#: lib/gettor/i18n.py:266 +msgid "" +"source:\n" +"The Tor source code, for experts. Most users do not want this package." +msgstr "" + +#: lib/gettor/i18n.py:269 +msgid "" +"FREQUENTLY ASKED QUESTIONS\n" +"==========================" +msgstr "" + +#: lib/gettor/i18n.py:272 +msgid "What is Tor?" +msgstr "" + +#: lib/gettor/i18n.py:274 +msgid "The name \"Tor\" can refer to several different components." +msgstr "" + +#: lib/gettor/i18n.py:276 +msgid "" +"The Tor software is a program you can run on your computer that helps \n" +"keep you safe on the Internet. Tor protects you by bouncing your \n" +"communications around a distributed network of relays run by volunteers \n" +"all around the world: it prevents somebody watching your Internet connection \n" +"from learning what sites you visit, and it prevents the sites you visit from \n" +"learning your physical location. This set of volunteer relays is called the \n" +"Tor network. You can read more about how Tor works here:\n" +"\n" +" https://www.torproject.org/about/overview.html.en" +msgstr "" + +#: lib/gettor/i18n.py:286 +msgid "What is the Tor Browser Bundle?" +msgstr "" + +#: lib/gettor/i18n.py:288 +msgid "" +"The Browser Bundle (TBB) is the package we recommend to most users. \n" +"The bundle comes with everything you need to safely browse the Internet.\n" +"Just extract it and run." +msgstr "" + +#: lib/gettor/i18n.py:292 +msgid "What package should I request?" +msgstr "" + +#: lib/gettor/i18n.py:294 +msgid "" +"This depends on the operating system you use. For instance, if your\n" +"operating system is Microsoft Windows, you should request \"windows\". Here\n" +"is a short explanation of all packages to request and what operating \n" +"systems there are suitable for:" +msgstr "" + +#: lib/gettor/i18n.py:299 +msgid "How do I extract the file(s) you sent me?" +msgstr "" + +#: lib/gettor/i18n.py:301 +msgid "QUESTION:" +msgstr "" + +#: lib/gettor/i18n.py:303 +msgid "ANSWER:" +msgstr "" + +#: lib/gettor/i18n.py:305 +#, python-format +msgid "" +"Sorry, but the package you requested (%s) is too large for your \n" +"provider to accept as an attachment. Try using another provider that allows \n" +"for larger email attachments. Or try one of the following mirrors:\n" +"\n" +" https://www.oignon.net/dist/torbrowser/\n" +" https://tor.beme-it.de/dist/torbrowser/\n" +" https://www.torservers.net/mirrors/torproject.org/dist/torbrowser/" +msgstr ""

1 0

[oonib/master] Map also the connect_error (#85)
by art＠torproject.org 30 May '16

30 May '16

commit 2b92f6327fc2bcb4da06e686fbc3b5b4fc4bbbe6 Author: Arturo Filastò <arturo(a)filasto.net> Date: Mon May 30 15:39:05 2016 +0200 Map also the connect_error (#85) --- oonib/testhelpers/http_helpers.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/oonib/testhelpers/http_helpers.py b/oonib/testhelpers/http_helpers.py index 1cddf24..a771a19 100644 --- a/oonib/testhelpers/http_helpers.py +++ b/oonib/testhelpers/http_helpers.py @@ -11,8 +11,10 @@ from cyclone.web import RequestHandler, Application, HTTPError from cyclone.web import asynchronous from twisted.internet import protocol, defer, reactor from twisted.internet.endpoints import TCP4ClientEndpoint -from twisted.internet.error import ConnectionRefusedError + +from twisted.internet.error import ConnectionRefusedError, ConnectError from twisted.internet.error import DNSLookupError, TimeoutError + from twisted.names import client as dns_client from twisted.names import dns from twisted.names.error import DNSNameError, DNSServerError @@ -359,6 +361,8 @@ class WebConnectivityCache(object): page_info['failure'] = 'generic_timeout_error' except ConnectionRefusedError: page_info['failure'] = 'connection_refused_error' + except ConnectError: + page_info['failure'] = 'connect_error' except: # XXX map more failures page_info['failure'] = 'unknown_error' @@ -390,6 +394,9 @@ class WebConnectivityCache(object): except ConnectionRefusedError: socket_info['status'] = False socket_info['failure'] = 'connection_refused_error' + except ConnectError: + socket_info['status'] = False + socket_info['failure'] = 'connect_error' except: socket_info['status'] = False socket_info['failure'] = 'unknown_error'

1 0

[oonib/master] keep old config behavior with new endpoint code
by art＠torproject.org 30 May '16

30 May '16

commit 575f0aa5a44d1f851fb3d4fbb1bcf1fbf36a4f2d Author: Joe Landers <joe(a)joelanders.net> Date: Sun May 15 18:25:41 2016 +0200 keep old config behavior with new endpoint code --- oonib/onion.py | 36 ++++++++++++++++++++++++++++++++---- oonib/oonibackend.py | 42 +++++++++++++++++++----------------------- 2 files changed, 51 insertions(+), 27 deletions(-) diff --git a/oonib/onion.py b/oonib/onion.py index 262e672..8abefe5 100644 --- a/oonib/onion.py +++ b/oonib/onion.py @@ -1,7 +1,7 @@ import tempfile from oonib import log from oonib.config import config -from twisted.internet import reactor, endpoints +from twisted.internet import reactor, endpoints, defer import os from random import randint @@ -53,9 +53,8 @@ def txSetupFailed(failure): log.err("Setup failed") log.exception(failure) -def configTor(torconfig): - def updates(prog, tag, summary): - print("%d%%: %s" % (prog, summary)) +def _configTor(): + torconfig = TorConfig() if config.main.socks_port: torconfig.SocksPort = config.main.socks_port @@ -89,3 +88,32 @@ def configTor(torconfig): config.main.socks_port = socks_port torconfig.save() + return torconfig + +# get_global_tor is a near-rip of that from txtorcon (so you can have some +# confidence in the logic of it), but we use our own _configTor() while +# the txtorcon function hardcodes some default values we don't want. +_global_tor_config = None +_global_tor_lock = defer.DeferredLock() +# we need the lock because we (potentially) yield several times while +# "creating" the TorConfig instance + +(a)defer.inlineCallbacks +def get_global_tor(reactor): + global _global_tor_config + global _global_tor_lock + yield _global_tor_lock.acquire() + + try: + if _global_tor_config is None: + _global_tor_config = config = _configTor() + + # start Tor launching + def updates(prog, tag, summary): + print("%d%%: %s" % (prog, summary)) + yield launch_tor(config, reactor, progress_updates=updates) + yield config.post_bootstrap + + defer.returnValue(_global_tor_config) + finally: + _global_tor_lock.release() diff --git a/oonib/oonibackend.py b/oonib/oonibackend.py index 337b797..18bacf0 100644 --- a/oonib/oonibackend.py +++ b/oonib/oonibackend.py @@ -11,14 +11,14 @@ from distutils.version import LooseVersion from oonib.api import ooniBackend, ooniBouncer from oonib.config import config -from oonib.onion import configTor +from oonib.onion import get_global_tor from oonib.testhelpers import dns_helpers, ssl_helpers from oonib.testhelpers import http_helpers, tcp_helpers import os from twisted.application import internet, service -from twisted.internet import reactor, endpoints, ssl +from twisted.internet import reactor, endpoints, ssl, defer from twisted.names import dns from txtorcon import TCPHiddenServiceEndpoint, TorConfig @@ -103,15 +103,17 @@ if config.helpers['http-return-json-headers'].port: http_return_request_helper.startService() def getHSEndpoint(endpoint_config): - if torconfig is None: - raise Exception("you probably need to set tor_hidden_service: true") - hsdir = os.path.join(torconfig.DataDirectory, endpoint_config['hsdir']) + hsdir = endpoint_config['hsdir'] + hsdir = os.path.expanduser(hsdir) + hsdir = os.path.realpath(hsdir) if LooseVersion(txtorcon_version) >= LooseVersion('0.10.0'): - return TCPHiddenServiceEndpoint.global_tor(reactor, + return TCPHiddenServiceEndpoint(reactor, + get_global_tor(reactor), 80, hidden_service_dir=hsdir) else: - return TCPHiddenServiceEndpoint.global_tor(reactor, + return TCPHiddenServiceEndpoint(reactor, + get_global_tor(reactor), 80, data_dir=hsdir) @@ -151,27 +153,21 @@ def createService(endpoint, role, endpoint_config): multiService.addService(service) service.startService() -torconfig = None -if config.main.tor_hidden_service: - torconfig = TorConfig() - configTor(torconfig) - # this is to ensure same behaviour with an old config file -if config.main.bouncer_endpoints is None and config.main.tor_hidden_service: - config.main.bouncer_endpoints = [ {'type': 'onion', 'hsdir': 'bouncer'} ] - -if config.main.collector_endpoints is None and config.main.tor_hidden_service: - config.main.collector_endpoints = [ {'type': 'onion', 'hsdir': 'collector'} ] - -config.main.bouncer_endpoints = config.main.get('bouncer_endpoints', []) -config.main.collector_endpoints = config.main.get('collector_endpoints', []) - -for endpoint_config in config.main.bouncer_endpoints: +if config.main.tor_hidden_service and \ + config.main.bouncer_endpoints is None and \ + config.main.collector_endpoints is None: + bouncer_hsdir = os.path.join(config.main.tor_datadir, 'bouncer') + collector_hsdir = os.path.join(config.main.tor_datadir, 'collector') + config.main.bouncer_endpoints = [ {'type': 'onion', 'hsdir': bouncer_hsdir} ] + config.main.collector_endpoints = [ {'type': 'onion', 'hsdir': collector_hsdir} ] + +for endpoint_config in config.main.get('bouncer_endpoints'): print "Starting bouncer with config %s" % endpoint_config endpoint = getEndpoint(endpoint_config) createService(endpoint, 'bouncer', endpoint_config) -for endpoint_config in config.main.collector_endpoints: +for endpoint_config in config.main.get('collector_endpoints'): print "Starting collector with config %s" % endpoint_config endpoint = getEndpoint(endpoint_config) createService(endpoint, 'collector', endpoint_config)

1 0

[oonib/master] pass tor_binary config to txtorcon (#79)
by art＠torproject.org 30 May '16

30 May '16

commit 0b6477c7af96663d2b0d853db66e413cdd599b30 Author: Joe Landers <joe(a)joelanders.net> Date: Mon May 23 17:51:52 2016 +0200 pass tor_binary config to txtorcon (#79) --- oonib/onion.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/oonib/onion.py b/oonib/onion.py index 8abefe5..0a7a155 100644 --- a/oonib/onion.py +++ b/oonib/onion.py @@ -106,13 +106,15 @@ def get_global_tor(reactor): try: if _global_tor_config is None: - _global_tor_config = config = _configTor() + _global_tor_config = _configTor() # start Tor launching def updates(prog, tag, summary): print("%d%%: %s" % (prog, summary)) - yield launch_tor(config, reactor, progress_updates=updates) - yield config.post_bootstrap + yield launch_tor(_global_tor_config, reactor, + progress_updates=updates, + tor_binary=config.main.tor_binary) + yield _global_tor_config.post_bootstrap defer.returnValue(_global_tor_config) finally:

1 0

[oonib/master] Fix privilege shedding and daemonisation of oonibackend (#80)
by art＠torproject.org 30 May '16

30 May '16

commit 5940999a49af50ff49aeabb1103543889c598312 Author: Arturo Filastò <arturo(a)filasto.net> Date: Mon May 30 15:24:07 2016 +0200 Fix privilege shedding and daemonisation of oonibackend (#80) * Fix privilege shedding and daemonisation of oonibackend * Rewrite to use twistd * Launch tor only after we have forked * Set the UID of when starting tor This fixes #65 * Add gitignore files and remove empty.txt files * Drop support for super old versions of txtorcon * Remove now unnecessary hacks to maintain backward compatibility * Fix permissions on temporary tor data directory --- bin/oonib | 38 ++----- data/archive/.gitignore | 2 + data/archive/empty.txt | 2 - data/decks/.gitignore | 3 + data/inputs/.gitignore | 3 + data/reports/.gitignore | 2 + data/tor/.gitignore | 2 + data/tor/empty.txt | 2 - oonib.conf.example | 4 - oonib/config.py | 2 + oonib/log.py | 61 +---------- oonib/onion.py | 63 +++++------ oonib/oonibackend.py | 280 ++++++++++++++++++++++++++---------------------- requirements.txt | 2 +- setup.py | 6 +- 15 files changed, 213 insertions(+), 259 deletions(-) diff --git a/bin/oonib b/bin/oonib index 109c74e..ccbe246 100755 --- a/bin/oonib +++ b/bin/oonib @@ -2,55 +2,35 @@ import sys import os -from twisted.python import log, usage -from twisted.internet import reactor -from twisted.application import app # Hack to set the proper sys.path. Overcomes the export PYTHONPATH pain. sys.path[:] = map(os.path.abspath, sys.path) sys.path.insert(0, os.path.abspath(os.getcwd())) -from oonib import errors as e +from oonib import errors from oonib.config import config -from oonib.log import LoggerFactory - try: config.load() -except e.ConfigFileNotSpecified: +except errors.ConfigFileNotSpecified: print "Config file not specified!" print "Use -c to specify one!" config.usageOptions() sys.exit(1) -except e.ConfigFileDoesNotExist, path: +except errors.ConfigFileDoesNotExist, path: print "Config file \"%s\" does not exist!" % path sys.exit(2) -except e.InvalidReportDirectory, path: +except errors.InvalidReportDirectory, path: print "Invalid report directory: %s!" % path sys.exit(3) -except e.InvalidArchiveDirectory, path: +except errors.InvalidArchiveDirectory, path: print "Invalid archive directory: %s!" % path sys.exit(4) -except e.InvalidInputDirectory, path: +except errors.InvalidInputDirectory, path: print "Invalid input directory: %s" % path sys.exit(5) -except e.InvalidDeckDirectory, path: +except errors.InvalidDeckDirectory, path: print "Invalid deck directory: %s" % path sys.exit(6) -if config.main.chroot: - sys.argv.append('--chroot') - sys.argv.append(config.chroot) - -if not config.main.nodaemon: - sys.argv.append('-y') - -from oonib.oonibackend import application - -from twisted.scripts._twistd_unix import UnixApplicationRunner -class OBaseRunner(UnixApplicationRunner): - temporary_data_dir = None - def createOrGetApplication(self): - return application - -OBaseRunner.loggerFactory = LoggerFactory -OBaseRunner(config.main).run() +from oonib import oonibackend +oonibackend.start() diff --git a/data/archive/.gitignore b/data/archive/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/data/archive/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/data/archive/empty.txt b/data/archive/empty.txt deleted file mode 100644 index 9a166f9..0000000 --- a/data/archive/empty.txt +++ /dev/null @@ -1,2 +0,0 @@ -In here will end up the archived reports. -This file may be deleted at any time. diff --git a/data/decks/.gitignore b/data/decks/.gitignore new file mode 100644 index 0000000..514e47a --- /dev/null +++ b/data/decks/.gitignore @@ -0,0 +1,3 @@ +* +!.gitignore +!README diff --git a/data/inputs/.gitignore b/data/inputs/.gitignore new file mode 100644 index 0000000..a0991ff --- /dev/null +++ b/data/inputs/.gitignore @@ -0,0 +1,3 @@ +* +!.gitignore +!Makefile diff --git a/data/reports/.gitignore b/data/reports/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/data/reports/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/data/tor/.gitignore b/data/tor/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/data/tor/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/data/tor/empty.txt b/data/tor/empty.txt deleted file mode 100644 index ec3be8f..0000000 --- a/data/tor/empty.txt +++ /dev/null @@ -1,2 +0,0 @@ -In here will end up all tor related files. -This file may be deleted at any time. diff --git a/oonib.conf.example b/oonib.conf.example index 6f4c7f3..bcf8393 100644 --- a/oonib.conf.example +++ b/oonib.conf.example @@ -7,8 +7,6 @@ main: bouncer_file: data/bouncer.yaml logfile: null - database_uri: 'sqlite://oonib_test_db.db' - db_threadpool_size: 10 tor_binary: null socks_port: 9055 tor2webmode: false @@ -21,9 +19,7 @@ main: euid: null uid: null gid: null - uuid: null no_save: true - profile: null debug: false stale_time: 3600 diff --git a/oonib/config.py b/oonib/config.py index 31128a9..be29ec1 100644 --- a/oonib/config.py +++ b/oonib/config.py @@ -28,6 +28,8 @@ class Config(object): raise e.ConfigFileDoesNotExist(config_file) self.main = Storage(configuration['main'].items()) + if self.main.logfile is None: + self.main.logfile = 'oonib.log' self.helpers = Storage() for name, helper in configuration['helpers'].items(): diff --git a/oonib/log.py b/oonib/log.py index a79199e..c229f35 100644 --- a/oonib/log.py +++ b/oonib/log.py @@ -6,18 +6,14 @@ Twisted logger for the ooni backend system. """ -import os import sys import codecs import logging import traceback from twisted.python import log as txlog -from twisted.python import util from twisted.python.failure import Failure -from twisted.python.logfile import DailyLogFile -from oonib import otime from oonib.config import config # Get rid of the annoying "No route found for @@ -47,56 +43,21 @@ def log_encode(logmsg): repr(logmsg))) -class LogWithNoPrefix(txlog.FileLogObserver): - def emit(self, eventDict): - text = txlog.textFromEventDict(eventDict) - if text is None: - return - - util.untilConcludes(self.write, "%s\n" % text) - util.untilConcludes(self.flush) # Hoorj! - - -def start(application_name="oonib"): - daily_logfile = None - - if not config.main.logfile: - logfile = 'oonib.log' - else: - logfile = config.main.logfile - - log_folder = os.path.dirname(logfile) - log_filename = os.path.basename(logfile) - - daily_logfile = DailyLogFile(log_filename, log_folder) - - txlog.msg("Starting %s on %s (%s UTC)" % (application_name, - otime.prettyDateNow(), - otime.utcPrettyDateNow())) - txlog.msg("oonib version %s" % config.backend_version) - txlog.startLoggingWithObserver(LogWithNoPrefix(sys.stdout).emit) - txlog.addObserver(txlog.FileLogObserver(daily_logfile).emit) - - -def stop(): - print "Stopping OONI" - - def msg(msg, *arg, **kw): - print "%s" % log_encode(msg) + txlog.msg("%s" % log_encode(msg)) def debug(msg, *arg, **kw): if config.main.get('debug'): - print "[D] %s" % log_encode(msg) + txlog.msg("[D] %s" % log_encode(msg)) def warn(msg, *arg, **kw): - print "[W] %s" % log_encode(msg) + txlog.msg("[W] %s" % log_encode(msg)) def err(msg, *arg, **kw): - print "[!] %s" % log_encode(msg) + txlog.err("[!] %s" % log_encode(msg)) def exception(error): @@ -109,17 +70,3 @@ def exception(error): else: exc_type, exc_value, exc_traceback = sys.exc_info() traceback.print_exception(exc_type, exc_value, exc_traceback) - - -class LoggerFactory(object): - """ - This is a logger factory to be used by oonib - """ - def __init__(self, options): - pass - - def start(self, application): - start("OONIB") - - def stop(self): - txlog.msg("Stopping OONIB") diff --git a/oonib/onion.py b/oonib/onion.py index 0a7a155..9a5c2c3 100644 --- a/oonib/onion.py +++ b/oonib/onion.py @@ -1,31 +1,17 @@ +import pwd import tempfile + from oonib import log from oonib.config import config -from twisted.internet import reactor, endpoints, defer +from twisted.internet import defer import os from random import randint import socket -from txtorcon import TCPHiddenServiceEndpoint, TorConfig +from txtorcon import TorConfig from txtorcon import launch_tor -from txtorcon import __version__ as txtorcon_version -if tuple(map(int, txtorcon_version.split('.'))) < (0, 9, 0): - """ - Fix for bug in txtorcon versions < 0.9.0 where TCPHiddenServiceEndpoint - listens on all interfaces by default. - """ - def create_listener(self, proto): - self._update_onion(self.hiddenservice.dir) - self.tcp_endpoint = endpoints.TCP4ServerEndpoint(self.reactor, - self.listen_port, - interface='127.0.0.1') - d = self.tcp_endpoint.listen(self.protocolfactory) - d.addCallback(self._add_attributes).addErrback(self._retry_local_port) - return d - TCPHiddenServiceEndpoint._create_listener = create_listener - def randomFreePort(addr="127.0.0.1"): """ Args: @@ -56,11 +42,15 @@ def txSetupFailed(failure): def _configTor(): torconfig = TorConfig() - if config.main.socks_port: - torconfig.SocksPort = config.main.socks_port - if config.main.control_port: - torconfig.ControlPort = config.main.control_port - if config.main.tor2webmode: + if config.main.socks_port is None: + config.main.socks_port = int(randomFreePort()) + torconfig.SocksPort = config.main.socks_port + + if config.main.control_port is None: + config.main.control_port = int(randomFreePort()) + torconfig.ControlPort = config.main.control_port + + if config.main.tor2webmode is True: torconfig.Tor2webMode = 1 torconfig.CircuitBuildTimeout = 60 if config.main.tor_datadir is None: @@ -68,26 +58,29 @@ def _configTor(): log.warn("Option 'tor_datadir' in oonib.conf is unspecified!") log.warn("Using %s" % temporary_data_dir) torconfig.DataDirectory = temporary_data_dir + uid = -1 + gid = -1 + if config.main.uid is not None: + uid = config.main.uid + if config.main.gid is not None: + gid = config.main.gid + os.chown(temporary_data_dir, uid, gid) else: if os.path.exists(config.main.tor_datadir): torconfig.DataDirectory = os.path.abspath(config.main.tor_datadir) else: raise Exception("Could not find tor datadir") + if config.main.uid is not None: + try: + user = pwd.getpwuid(config.main.uid)[0] + except KeyError: + raise Exception("Invalid user ID") + torconfig.User = user + tor_log_file = os.path.join(torconfig.DataDirectory, "tor.log") torconfig.Log = ["notice stdout", "notice file %s" % tor_log_file] torconfig.save() - if not hasattr(torconfig, 'ControlPort'): - control_port = int(randomFreePort()) - torconfig.ControlPort = control_port - config.main.control_port = control_port - - if not hasattr(torconfig, 'SocksPort'): - socks_port = int(randomFreePort()) - torconfig.SocksPort = socks_port - config.main.socks_port = socks_port - - torconfig.save() return torconfig # get_global_tor is a near-rip of that from txtorcon (so you can have some @@ -110,7 +103,7 @@ def get_global_tor(reactor): # start Tor launching def updates(prog, tag, summary): - print("%d%%: %s" % (prog, summary)) + log.msg("%d%%: %s" % (prog, summary)) yield launch_tor(_global_tor_config, reactor, progress_updates=updates, tor_binary=config.main.tor_binary) diff --git a/oonib/oonibackend.py b/oonib/oonibackend.py index ebf3c52..a57bf92 100644 --- a/oonib/oonibackend.py +++ b/oonib/oonibackend.py @@ -7,7 +7,9 @@ # In here we start all the test helpers that are required by ooniprobe and # start the report collector -from distutils.version import LooseVersion +import os +import sys + from oonib.api import ooniBackend, ooniBouncer from oonib.config import config @@ -15,107 +17,22 @@ from oonib.onion import get_global_tor from oonib.testhelpers import dns_helpers, ssl_helpers from oonib.testhelpers import http_helpers, tcp_helpers -import os - +from twisted.scripts import twistd +from twisted.python import usage from twisted.application import internet, service -from twisted.internet import reactor, endpoints, ssl, defer +from twisted.internet import reactor, endpoints, ssl from twisted.names import dns -from txtorcon import TCPHiddenServiceEndpoint, TorConfig -from txtorcon import __version__ as txtorcon_version - -if config.main.uid and config.main.gid: - application = service.Application('oonibackend', uid=config.main.uid, - gid=config.main.gid) -else: - application = service.Application('oonibackend') - -multiService = service.MultiService() - -if config.helpers['ssl'].port: - print "Starting SSL helper on %s" % config.helpers['ssl'].port - ssl_helper = internet.SSLServer(int(config.helpers['ssl'].port), - http_helpers.HTTPReturnJSONHeadersHelper(), - ssl_helpers.SSLContext(config)) - multiService.addService(ssl_helper) - ssl_helper.startService() - -# Start the DNS Server related services -if config.helpers['dns'].tcp_port: - print "Starting TCP DNS Helper on %s" % config.helpers['dns'].tcp_port - tcp_dns_helper = internet.TCPServer(int(config.helpers['dns'].tcp_port), - dns_helpers.DNSTestHelper()) - multiService.addService(tcp_dns_helper) - tcp_dns_helper.startService() - -if config.helpers['dns'].udp_port: - print "Starting UDP DNS Helper on %s" % config.helpers['dns'].udp_port - udp_dns_factory = dns.DNSDatagramProtocol(dns_helpers.DNSTestHelper()) - udp_dns_helper = internet.UDPServer(int(config.helpers['dns'].udp_port), - udp_dns_factory) - multiService.addService(udp_dns_helper) - udp_dns_helper.startService() - -if config.helpers['dns_discovery'].udp_port: - print ("Starting UDP DNS Discovery Helper on %s" % - config.helpers['dns_discovery'].udp_port) - udp_dns_discovery = internet.UDPServer( - int(config.helpers['dns_discovery'].udp_port), - dns.DNSDatagramProtocol(dns_helpers.DNSResolverDiscovery()) - ) - multiService.addService(udp_dns_discovery) - -if config.helpers['dns_discovery'].tcp_port: - print ("Starting TCP DNS Discovery Helper on %s" % - config.helpers['dns_discovery'].tcp_port) - tcp_dns_discovery = internet.TCPServer( - int(config.helpers['dns_discovery'].tcp_port), - dns_helpers.DNSResolverDiscovery() - ) - multiService.addService(tcp_dns_discovery) - tcp_dns_discovery.startService() - - -# XXX this needs to be ported -# Start the OONI daphn3 backend -if config.helpers['daphn3'].port: - print "Starting Daphn3 helper on %s" % config.helpers['daphn3'].port - daphn3_helper = internet.TCPServer(int(config.helpers['daphn3'].port), - tcp_helpers.Daphn3Server()) - multiService.addService(daphn3_helper) - daphn3_helper.startService() - - -if config.helpers['tcp-echo'].port: - print "Starting TCP echo helper on %s" % config.helpers['tcp-echo'].port - tcp_echo_helper = internet.TCPServer(int(config.helpers['tcp-echo'].port), - tcp_helpers.TCPEchoHelper()) - multiService.addService(tcp_echo_helper) - tcp_echo_helper.startService() - -if config.helpers['http-return-json-headers'].port: - print ("Starting HTTP return request helper on %s" % - config.helpers['http-return-json-headers'].port) - http_return_request_helper = internet.TCPServer( - int(config.helpers['http-return-json-headers'].port), - http_helpers.HTTPReturnJSONHeadersHelper()) - multiService.addService(http_return_request_helper) - http_return_request_helper.startService() def getHSEndpoint(endpoint_config): + from txtorcon import TCPHiddenServiceEndpoint hsdir = endpoint_config['hsdir'] hsdir = os.path.expanduser(hsdir) hsdir = os.path.realpath(hsdir) - if LooseVersion(txtorcon_version) >= LooseVersion('0.10.0'): - return TCPHiddenServiceEndpoint(reactor, - get_global_tor(reactor), - 80, - hidden_service_dir=hsdir) - else: - return TCPHiddenServiceEndpoint(reactor, - get_global_tor(reactor), - 80, - data_dir=hsdir) + return TCPHiddenServiceEndpoint(reactor, + config=get_global_tor(reactor), + public_port=80, + hidden_service_dir=hsdir) def getTCPEndpoint(endpoint_config): return endpoints.TCP4ServerEndpoint( @@ -159,35 +76,146 @@ def createService(endpoint, role, endpoint_config): endpoint, factory ) service.setName("-".join([endpoint_config['type'], role])) - multiService.addService(service) - service.startService() - -# this is to ensure same behaviour with an old config file -if config.main.tor_hidden_service and \ - config.main.bouncer_endpoints is None and \ - config.main.collector_endpoints is None: - base_dir = '.' - if config.main.tor_datadir is not None: - base_dir = config.main.tor_datadir - bouncer_hsdir = os.path.join(base_dir, 'bouncer') - collector_hsdir = os.path.join(base_dir, 'collector') - config.main.bouncer_endpoints = [ {'type': 'onion', 'hsdir': bouncer_hsdir} ] - config.main.collector_endpoints = [ {'type': 'onion', 'hsdir': collector_hsdir} ] - -for endpoint_config in config.main.get('bouncer_endpoints', []): - if config.main.bouncer_file: - print "Starting bouncer with config %s" % endpoint_config - endpoint = getEndpoint(endpoint_config) - createService(endpoint, 'bouncer', endpoint_config) - else: - print "No bouncer configured" - -for endpoint_config in config.main.get('collector_endpoints', []): - print "Starting collector with config %s" % endpoint_config - endpoint = getEndpoint(endpoint_config) - createService(endpoint, 'collector', endpoint_config) - -for endpoint_config in config.helpers.web_connectivity.get('endpoints', []): - print "Starting web_connectivity helper with config %s" % endpoint_config - endpoint = getEndpoint(endpoint_config) - createService(endpoint, 'web_connectivity', endpoint_config) + return service + +class StartOONIBackendPlugin: + tapname = "oonibackend" + def makeService(self, so): + ooniBackendService = service.MultiService() + + if config.helpers['ssl'].port: + print "Starting SSL helper on %s" % config.helpers['ssl'].port + ssl_helper = internet.SSLServer(int(config.helpers['ssl'].port), + http_helpers.HTTPReturnJSONHeadersHelper(), + ssl_helpers.SSLContext(config)) + ooniBackendService.addService(ssl_helper) + + # Start the DNS Server related services + if config.helpers['dns'].tcp_port: + print "Starting TCP DNS Helper on %s" % config.helpers['dns'].tcp_port + tcp_dns_helper = internet.TCPServer(int(config.helpers['dns'].tcp_port), + dns_helpers.DNSTestHelper()) + ooniBackendService.addService(tcp_dns_helper) + + if config.helpers['dns'].udp_port: + print "Starting UDP DNS Helper on %s" % config.helpers['dns'].udp_port + udp_dns_factory = dns.DNSDatagramProtocol(dns_helpers.DNSTestHelper()) + udp_dns_helper = internet.UDPServer(int(config.helpers['dns'].udp_port), + udp_dns_factory) + ooniBackendService.addService(udp_dns_helper) + + if config.helpers['dns_discovery'].udp_port: + print ("Starting UDP DNS Discovery Helper on %s" % + config.helpers['dns_discovery'].udp_port) + udp_dns_discovery = internet.UDPServer( + int(config.helpers['dns_discovery'].udp_port), + dns.DNSDatagramProtocol(dns_helpers.DNSResolverDiscovery()) + ) + ooniBackendService.addService(udp_dns_discovery) + + if config.helpers['dns_discovery'].tcp_port: + print ("Starting TCP DNS Discovery Helper on %s" % + config.helpers['dns_discovery'].tcp_port) + tcp_dns_discovery = internet.TCPServer( + int(config.helpers['dns_discovery'].tcp_port), + dns_helpers.DNSResolverDiscovery() + ) + ooniBackendService.addService(tcp_dns_discovery) + + # XXX this needs to be ported + # Start the OONI daphn3 backend + if config.helpers['daphn3'].port: + print "Starting Daphn3 helper on %s" % config.helpers['daphn3'].port + daphn3_helper = internet.TCPServer(int(config.helpers['daphn3'].port), + tcp_helpers.Daphn3Server()) + ooniBackendService.addService(daphn3_helper) + + if config.helpers['tcp-echo'].port: + print "Starting TCP echo helper on %s" % config.helpers['tcp-echo'].port + tcp_echo_helper = internet.TCPServer(int(config.helpers['tcp-echo'].port), + tcp_helpers.TCPEchoHelper()) + ooniBackendService.addService(tcp_echo_helper) + + if config.helpers['http-return-json-headers'].port: + print ("Starting HTTP return request helper on %s" % + config.helpers['http-return-json-headers'].port) + http_return_request_helper = internet.TCPServer( + int(config.helpers['http-return-json-headers'].port), + http_helpers.HTTPReturnJSONHeadersHelper()) + ooniBackendService.addService(http_return_request_helper) + + # this is to ensure same behaviour with an old config file + if config.main.tor_hidden_service and \ + config.main.bouncer_endpoints is None and \ + config.main.collector_endpoints is None: + bouncer_hsdir = os.path.join(config.main.tor_datadir, 'bouncer') + collector_hsdir = os.path.join(config.main.tor_datadir, 'collector') + config.main.bouncer_endpoints = [ {'type': 'onion', 'hsdir': bouncer_hsdir} ] + config.main.collector_endpoints = [ {'type': 'onion', 'hsdir': collector_hsdir} ] + + for endpoint_config in config.main.get('bouncer_endpoints', []): + if config.main.bouncer_file: + print "Starting bouncer with config %s" % endpoint_config + endpoint = getEndpoint(endpoint_config) + bouncer_service = createService(endpoint, 'bouncer', + endpoint_config) + ooniBackendService.addService(bouncer_service) + else: + print "No bouncer configured" + + for endpoint_config in config.main.get('collector_endpoints', []): + print "Starting collector with config %s" % endpoint_config + endpoint = getEndpoint(endpoint_config) + collector_service = createService(endpoint, 'collector', + endpoint_config) + ooniBackendService.addService(collector_service) + + for endpoint_config in config.helpers.web_connectivity.get('endpoints', []): + print "Starting web_connectivity helper with config %s" % endpoint_config + endpoint = getEndpoint(endpoint_config) + web_connectivity_service = createService(endpoint, + 'web_connectivity', + endpoint_config) + ooniBackendService.addService(web_connectivity_service) + + + return ooniBackendService + +class OONIBackendTwistdConfig(twistd.ServerOptions): + subCommands = [("StartOONIBackend", None, usage.Options, "node")] + +def start(): + twistd_args = [] + + flags = [ + 'nodaemon', + 'no_save' + ] + options = [ + 'pidfile', + 'logfile', + 'rundir', + 'euid', + 'gid', + 'uid', + 'umask' + ] + for option in options: + if config.main.get(option, None) is not None: + twistd_args.append('--%s' % option) + twistd_args.append(config.main.get(option)) + for flag in flags: + if config.main.get(flag, None) is True: + twistd_args.append('--%s'% flag) + + twistd_args.append('StartOONIBackend') # Point to our backend plugin + twistd_config = OONIBackendTwistdConfig() + try: + twistd_config.parseOptions(twistd_args) + except usage.error, ue: + print "Usage error from twistd" + sys.exit(7) + + twistd_config.loadedPlugins = {'StartOONIBackend': StartOONIBackendPlugin()} + twistd.runApp(twistd_config) + return 0 diff --git a/requirements.txt b/requirements.txt index b8c18a8..91a711a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,7 @@ Twisted>=13.2.0 cyclone>=1.1 ipaddr>=2.1.10 pygeoip>=0.2.6 -txtorcon>=0.7 +txtorcon>=0.11.0 pyOpenSSL>=0.13 zope.component>=4.0.0 zope.event>=4.0.0 diff --git a/setup.py b/setup.py index 2113d21..39cb1f9 100644 --- a/setup.py +++ b/setup.py @@ -67,9 +67,9 @@ data_files = [ (data_dir, ['oonib.conf.example']), (os.path.join(data_dir, 'decks'), ['data/decks/README']), (os.path.join(data_dir, 'inputs'), ['data/inputs/Makefile']), - (os.path.join(spool_dir, 'reports'), ['data/reports/empty.txt']), - (os.path.join(spool_dir, 'archive'), ['data/archive/empty.txt']), - (os.path.join(var_dir, 'tor'), ['data/tor/empty.txt']), + (os.path.join(spool_dir, 'reports'), ['data/reports/.gitignore']), + (os.path.join(spool_dir, 'archive'), ['data/archive/.gitignore']), + (os.path.join(var_dir, 'tor'), ['data/tor/.gitignore']), (var_dir, ['data/bouncer.yaml', 'data/policy.yaml']) ]

1 0

[oonib/master] Feature/web connectivity (#63)
by art＠torproject.org 30 May '16

30 May '16

commit 5178fc299d361c9ab57002e619e40b05061f5a7d Author: Arturo Filastò <arturo(a)filasto.net> Date: Sat May 28 19:05:42 2016 +0200 Feature/web connectivity (#63) * Add web connectivity test helper * Forward test helper addresses to the host machine * Align the request headers used by the web_connectivity test helper to those of the probe * Add monkey patch for bug in twisted RedirectAgent: https://twistedmatrix.com/trac/ticket/8265 * Add monkey patch for HTTPClientParser.statusReceived * Use TrueHeaders in control request * Add support for specifying endpoints in web_connectivity test helper * Add endpoint for checking the status of the WebConnectivity test helper * Add support for parsing test-helpers-alternate * Fix key for web_connectivity test in example configuration file * Implement on-disk web_connectivity cache * Add support for Gzip content decoding * Also record CNAME resolution. * Rename ips to addrs * Add support for retries in the http_request * Add support for extracting title * Encode the responses as well when debug mode * Handle partial downloads * Ignore errors when encoding headers * Cast title to unicode and ignore errors * Improvements based on feedback and comments by @bassosimone * Move twisted related patches into txextra module * Add support for returning the responses based on a key sent by the client. * Inherit from OONIBHandler so we can get the error message format * Stylistic improvements * Set defaults in a way that oonib.conf can start from the example * Avoid doing join on nonetype * Address comments by @bassosimone * Properly set the body also when we get a partial body downloaded * Move more code into shared oonib.common module * Fully sync the common module with ooni-probe (pulling in also other shared functionality so the Agents match entirely) * Fix location of comment for the patched HTTPClient * Add unittests and integration tests for web_connectivity --- Vagrantfile | 25 +++ oonib.conf.example | 18 +- oonib/bouncer/handlers.py | 14 +- oonib/common/__init__.py | 10 ++ oonib/common/http_utils.py | 54 ++++++ oonib/common/tcp_utils.py | 10 ++ oonib/common/txextra.py | 202 +++++++++++++++++++++ oonib/oonibackend.py | 29 ++- oonib/test/test_web_connectivity.py | 71 ++++++++ oonib/testhelpers/http_helpers.py | 344 +++++++++++++++++++++++++++++++++++- 10 files changed, 758 insertions(+), 19 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index b71e4e7..7aa5f71 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -4,6 +4,31 @@ Vagrant.configure("2") do |config| config.vm.box = "precise32" config.vm.box_url = "http://files.vagrantup.com/precise32.box" + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + config.vm.network :forwarded_port, guest: 57001, host: 57001 + config.vm.network :forwarded_port, guest: 57001, host: 57002 + config.vm.network :forwarded_port, guest: 57001, host: 57003 + config.vm.network :forwarded_port, guest: 57004, host: 57004 + config.vm.network :forwarded_port, guest: 57005, host: 57005 + config.vm.network :forwarded_port, guest: 57006, host: 57006 + config.vm.network :forwarded_port, guest: 57007, host: 57007 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network :private_network, ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network :public_network + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. config.vm.synced_folder ".", "/data/oonib" end diff --git a/oonib.conf.example b/oonib.conf.example index 1925d81..6f4c7f3 100644 --- a/oonib.conf.example +++ b/oonib.conf.example @@ -30,12 +30,13 @@ main: tor_datadir: null bouncer_endpoints: - - {type: tls, port: 10443, cert: "private/ssl-key-and-cert.pem"} + #- {type: tls, port: 10443, cert: "private/ssl-key-and-cert.pem"} - {type: tcp, port: 10080} - - {type: onion, hsdir: bouncer} + - {type: onion, hsdir: /tmp/bouncer} collector_endpoints: - - {type: tls, port: 11443, cert: "private/ssl-key-and-cert.pem"} + #- {type: tls, port: 11443, cert: "private/ssl-key-and-cert.pem"} + - {type: onion, hsdir: /tmp/collector} report_file_template: '{iso8601_timestamp}-{test_name}-{report_id}-{probe_asn}-{probe_cc}-probe-0.2.0.{ext}' helpers: @@ -62,12 +63,17 @@ helpers: dns_discovery: address: null - udp_port: 53 - tcp_port: 53 + udp_port: null + tcp_port: null resolver_address: null ssl: address: null private_key: 'private.key' certificate: 'certificate.crt' - port: 57006 + #port: 57006 + port: null + + web_connectivity: + endpoints: + - {type: tcp, port: 57007} diff --git a/oonib/bouncer/handlers.py b/oonib/bouncer/handlers.py index 1c7627c..a9370c0 100644 --- a/oonib/bouncer/handlers.py +++ b/oonib/bouncer/handlers.py @@ -159,9 +159,12 @@ class Bouncer(object): requested_nettest['input-hashes'], requested_nettest['test-helpers']) test_helpers = {} + test_helpers_alternate = {} for test_helper in requested_nettest['test-helpers']: + collector_info = self.bouncerFile['collector'][collector] try: - test_helpers[test_helper] = self.bouncerFile['collector'][collector]['test-helper'][test_helper] + test_helpers[test_helper] = \ + collector_info['test-helper'][test_helper] except KeyError: helpers = self.knownHelpers.get(test_helper) if not helpers: @@ -169,12 +172,19 @@ class Bouncer(object): helper = random.choice(helpers) test_helpers[test_helper] = helper['helper-address'] + try: + test_helpers_alternate[test_helper] = \ + collector_info['test-helper-alternate'][test_helper] + except KeyError: + pass + nettest = { 'name': requested_nettest['name'], 'version': requested_nettest['version'], 'input-hashes': requested_nettest['input-hashes'], 'test-helpers': test_helpers, - 'collector': collector, + 'test-helpers-alternate': test_helpers_alternate, + 'collector': collector } nettests.append(nettest) return {'net-tests': nettests} diff --git a/oonib/common/__init__.py b/oonib/common/__init__.py new file mode 100644 index 0000000..7f6cf73 --- /dev/null +++ b/oonib/common/__init__.py @@ -0,0 +1,10 @@ +""" +This modules contains functionality that is shared amongst ooni-probe and +ooni-backend. If the code in here starts growing too much I think it would +make sense to either: + + * Make the code in here into it's own package that is imported by + ooni-probe and ooni-backend. + + * Merge ooniprobe with oonibackend. +""" diff --git a/oonib/common/http_utils.py b/oonib/common/http_utils.py new file mode 100644 index 0000000..6f9db2d --- /dev/null +++ b/oonib/common/http_utils.py @@ -0,0 +1,54 @@ +import re +import codecs +from base64 import b64encode + +META_CHARSET_REGEXP = re.compile('<meta(?!\s*(?:name|value)\s*=)[^>]*?charset\s*=[\s"\']*([^\s"\'/>]*)') + +def representBody(body): + if not body: + return body + body = body.replace('\0', '') + decoded = False + charsets = ['ascii', 'utf-8'] + + # If we are able to detect the charset of body from the meta tag + # try to decode using that one first + charset = META_CHARSET_REGEXP.search(body, re.IGNORECASE) + if charset: + try: + encoding = charset.group(1).lower() + codecs.lookup(encoding) + charsets.insert(0, encoding) + except (LookupError, IndexError): + # Skip invalid codecs and partial regexp match + pass + + for encoding in charsets: + try: + body = unicode(body, encoding) + decoded = True + break + except UnicodeDecodeError: + pass + if not decoded: + body = { + 'data': b64encode(body), + 'format': 'base64' + } + return body + +TITLE_REGEXP = re.compile("<title>(.*?)</title>", re.IGNORECASE | re.DOTALL) + +def extractTitle(body): + m = TITLE_REGEXP.search(body, re.IGNORECASE | re.DOTALL) + if m: + return unicode(m.group(1), errors='ignore') + return '' + +REQUEST_HEADERS = { + 'User-Agent': ['Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, ' + 'like Gecko) Chrome/47.0.2526.106 Safari/537.36'], + 'Accept-Language': ['en-US;q=0.8,en;q=0.5'], + 'Accept': ['text/html,application/xhtml+xml,application/xml;q=0.9,' + '*/*;q=0.8'] +} diff --git a/oonib/common/tcp_utils.py b/oonib/common/tcp_utils.py new file mode 100644 index 0000000..7b7a8a4 --- /dev/null +++ b/oonib/common/tcp_utils.py @@ -0,0 +1,10 @@ +from twisted.internet.protocol import Factory, Protocol + +class TCPConnectProtocol(Protocol): + def connectionMade(self): + self.transport.loseConnection() + +class TCPConnectFactory(Factory): + noisy = False + def buildProtocol(self, addr): + return TCPConnectProtocol() diff --git a/oonib/common/txextra.py b/oonib/common/txextra.py new file mode 100644 index 0000000..7a84592 --- /dev/null +++ b/oonib/common/txextra.py @@ -0,0 +1,202 @@ +import itertools +from copy import copy + +from twisted.web.http_headers import Headers +from twisted.web import error + +from twisted.web.client import BrowserLikeRedirectAgent +from twisted.web._newclient import ResponseFailed +from twisted.web._newclient import HTTPClientParser, ParseError +from twisted.python.failure import Failure + +from twisted.web import client, _newclient + +from twisted.web._newclient import RequestNotSent, RequestGenerationFailed +from twisted.web._newclient import TransportProxyProducer, STATUS + +from twisted.internet import reactor +from twisted.internet.defer import Deferred, fail, maybeDeferred, failure + +from twisted.python import log + +class TrueHeaders(Headers): + def __init__(self, rawHeaders=None): + self._rawHeaders = dict() + if rawHeaders is not None: + for name, values in rawHeaders.iteritems(): + if type(values) is list: + self.setRawHeaders(name, values[:]) + elif type(values) is str: + self.setRawHeaders(name, values) + + def setRawHeaders(self, name, values): + if name.lower() not in self._rawHeaders: + self._rawHeaders[name.lower()] = dict() + self._rawHeaders[name.lower()]['name'] = name + self._rawHeaders[name.lower()]['values'] = values + + def getAllRawHeaders(self): + for _, v in self._rawHeaders.iteritems(): + yield v['name'], v['values'] + + def getRawHeaders(self, name, default=None): + if name.lower() in self._rawHeaders: + return self._rawHeaders[name.lower()]['values'] + return default + + + def getDiff(self, headers, ignore=[]): + """ + + Args: + + headers: a TrueHeaders object + + ignore: specify a list of header fields to ignore + + Returns: + + a set containing the header names that are not present in + header_dict or not present in self. + """ + diff = set() + field_names = [] + + headers_a = copy(self) + headers_b = copy(headers) + for name in ignore: + try: + del headers_a._rawHeaders[name.lower()] + except KeyError: + pass + try: + del headers_b._rawHeaders[name.lower()] + except KeyError: + pass + + for k, v in itertools.chain(headers_a.getAllRawHeaders(), + headers_b.getAllRawHeaders()): + field_names.append(k) + + for name in field_names: + if self.getRawHeaders(name) and headers.getRawHeaders(name): + pass + else: + diff.add(name) + return list(diff) + +class HTTPClientParser(_newclient.HTTPClientParser): + def logPrefix(self): + return 'HTTPClientParser' + + def connectionMade(self): + self.headers = TrueHeaders() + self.connHeaders = TrueHeaders() + self.state = STATUS + self._partialHeader = None + + def headerReceived(self, name, value): + if self.isConnectionControlHeader(name.lower()): + headers = self.connHeaders + else: + headers = self.headers + headers.addRawHeader(name, value) + + def statusReceived(self, status): + # This is a fix for invalid number of parts + try: + return _newclient.HTTPClientParser.statusReceived(self, status) + except ParseError as exc: + if exc.args[0] == 'wrong number of parts': + return _newclient.HTTPClientParser.statusReceived(self, + status + " XXX") + raise + +class HTTP11ClientProtocol(_newclient.HTTP11ClientProtocol): + def request(self, request): + if self._state != 'QUIESCENT': + return fail(RequestNotSent()) + + self._state = 'TRANSMITTING' + _requestDeferred = maybeDeferred(request.writeTo, self.transport) + self._finishedRequest = Deferred() + + self._currentRequest = request + + self._transportProxy = TransportProxyProducer(self.transport) + self._parser = HTTPClientParser(request, self._finishResponse) + self._parser.makeConnection(self._transportProxy) + self._responseDeferred = self._parser._responseDeferred + + def cbRequestWrotten(ignored): + if self._state == 'TRANSMITTING': + self._state = 'WAITING' + self._responseDeferred.chainDeferred(self._finishedRequest) + + def ebRequestWriting(err): + if self._state == 'TRANSMITTING': + self._state = 'GENERATION_FAILED' + self.transport.loseConnection() + self._finishedRequest.errback( + failure.Failure(RequestGenerationFailed([err]))) + else: + log.err(err, 'Error writing request, but not in valid state ' + 'to finalize request: %s' % self._state) + + _requestDeferred.addCallbacks(cbRequestWrotten, ebRequestWriting) + + return self._finishedRequest + + +class _HTTP11ClientFactory(client._HTTP11ClientFactory): + noisy = False + + def buildProtocol(self, addr): + return HTTP11ClientProtocol(self._quiescentCallback) + + +class HTTPConnectionPool(client.HTTPConnectionPool): + _factory = _HTTP11ClientFactory + +class TrueHeadersAgent(client.Agent): + def __init__(self, *args, **kw): + super(TrueHeadersAgent, self).__init__(*args, **kw) + self._pool = HTTPConnectionPool(reactor, False) + +class FixedRedirectAgent(BrowserLikeRedirectAgent): + """ + This is a redirect agent with this patch manually applied: + https://twistedmatrix.com/trac/ticket/8265 + """ + def _handleRedirect(self, response, method, uri, headers, redirectCount): + """ + Handle a redirect response, checking the number of redirects already + followed, and extracting the location header fields. + + This is patched to fix a bug in infinite redirect loop. + """ + if redirectCount >= self._redirectLimit: + err = error.InfiniteRedirection( + response.code, + b'Infinite redirection detected', + location=uri) + raise ResponseFailed([Failure(err)], response) + locationHeaders = response.headers.getRawHeaders(b'location', []) + if not locationHeaders: + err = error.RedirectWithNoLocation( + response.code, b'No location header field', uri) + raise ResponseFailed([Failure(err)], response) + location = self._resolveLocation( + # This is the fix to properly handle redirects + response.request.absoluteURI, + locationHeaders[0] + ) + deferred = self._agent.request(method, location, headers) + + def _chainResponse(newResponse): + newResponse.setPreviousResponse(response) + return newResponse + + deferred.addCallback(_chainResponse) + return deferred.addCallback( + self._handleResponse, method, uri, headers, redirectCount + 1) diff --git a/oonib/oonibackend.py b/oonib/oonibackend.py index 601a972..ebf3c52 100644 --- a/oonib/oonibackend.py +++ b/oonib/oonibackend.py @@ -118,15 +118,22 @@ def getHSEndpoint(endpoint_config): data_dir=hsdir) def getTCPEndpoint(endpoint_config): - return endpoints.TCP4ServerEndpoint(reactor, endpoint_config['port']) + return endpoints.TCP4ServerEndpoint( + reactor=reactor, + port=endpoint_config['port'], + interface=endpoint_config.get('address', '') + ) def getTLSEndpoint(endpoint_config): with open(endpoint_config['cert'], 'r') as f: cert_data = f.read() certificate = ssl.PrivateCertificate.loadPEM(cert_data) - return endpoints.SSL4ServerEndpoint(reactor, - endpoint_config['port'], - certificate.options()) + return endpoints.SSL4ServerEndpoint( + reactor=reactor, + port=endpoint_config['port'], + sslContextFactory=certificate.options(), + interface=endpoint_config.get('address', '') + ) def getEndpoint(endpoint_config): if endpoint_config['type'] == 'onion': @@ -143,6 +150,8 @@ def createService(endpoint, role, endpoint_config): factory = ooniBouncer elif role == 'collector': factory = ooniBackend + elif role == 'web_connectivity': + factory = http_helpers.WebConnectivityHelper else: raise Exception("unknown service type") @@ -157,8 +166,11 @@ def createService(endpoint, role, endpoint_config): if config.main.tor_hidden_service and \ config.main.bouncer_endpoints is None and \ config.main.collector_endpoints is None: - bouncer_hsdir = os.path.join(config.main.tor_datadir, 'bouncer') - collector_hsdir = os.path.join(config.main.tor_datadir, 'collector') + base_dir = '.' + if config.main.tor_datadir is not None: + base_dir = config.main.tor_datadir + bouncer_hsdir = os.path.join(base_dir, 'bouncer') + collector_hsdir = os.path.join(base_dir, 'collector') config.main.bouncer_endpoints = [ {'type': 'onion', 'hsdir': bouncer_hsdir} ] config.main.collector_endpoints = [ {'type': 'onion', 'hsdir': collector_hsdir} ] @@ -174,3 +186,8 @@ for endpoint_config in config.main.get('collector_endpoints', []): print "Starting collector with config %s" % endpoint_config endpoint = getEndpoint(endpoint_config) createService(endpoint, 'collector', endpoint_config) + +for endpoint_config in config.helpers.web_connectivity.get('endpoints', []): + print "Starting web_connectivity helper with config %s" % endpoint_config + endpoint = getEndpoint(endpoint_config) + createService(endpoint, 'web_connectivity', endpoint_config) diff --git a/oonib/test/test_web_connectivity.py b/oonib/test/test_web_connectivity.py new file mode 100644 index 0000000..24e2be0 --- /dev/null +++ b/oonib/test/test_web_connectivity.py @@ -0,0 +1,71 @@ +from hashlib import sha256 +from twisted.internet import defer +from twisted.trial import unittest + +from oonib.testhelpers.http_helpers import WebConnectivityCache + +class WebConnectivityCacheTestCase(unittest.TestCase): + def setUp(self): + self.web_connectivity_cache = WebConnectivityCache() + + def tearDown(self): + return self.web_connectivity_cache.expire_all() + + @defer.inlineCallbacks + def test_http_request(self): + value = yield self.web_connectivity_cache.http_request( + 'https://www.google.com/humans.txt') + self.assertEqual( + value['body_length'], 286 + ) + self.assertEqual( + value['status_code'], 200 + ) + self.assertIsInstance(value['headers'], + dict) + + @defer.inlineCallbacks + def test_dns_consistency(self): + # The twisted.names resolve set a reactor.callLater() on parsing the + # resolv.conf and this leads to the reactor being dirty. Look into + # a clean way to solve this and reactive this integration test. + self.skipTest("Skipping to avoid dirty reactor") + value = yield self.web_connectivity_cache.dns_consistency( + 'www.torproject.org') + self.assertIsInstance( + value['addrs'], + list + ) + self.assertIn( + 'failure', + value.keys() + ) + + @defer.inlineCallbacks + def test_tcp_connect(self): + value = yield self.web_connectivity_cache.tcp_connect( + '216.58.213.14:80') + self.assertIsInstance( + value['status'], + bool + ) + self.assertIn( + 'failure', + value.keys() + ) + + @defer.inlineCallbacks + def test_cache_lifecycle(self): + key = 'http://example.com' + key_hash = sha256(key).hexdigest() + value = {'spam': 'ham'} + + miss = yield self.web_connectivity_cache.lookup('http_request', key) + self.assertEqual(miss, None) + + yield self.web_connectivity_cache.cache_value('http_request', key, + value) + hit = yield self.web_connectivity_cache.lookup('http_request', key) + self.assertEqual(hit, value) + + yield self.web_connectivity_cache.expire('http_request', key_hash) diff --git a/oonib/testhelpers/http_helpers.py b/oonib/testhelpers/http_helpers.py index a28cbad..1cddf24 100644 --- a/oonib/testhelpers/http_helpers.py +++ b/oonib/testhelpers/http_helpers.py @@ -1,16 +1,37 @@ import json +import os import random +import re import string - -from twisted.internet import protocol, defer - -from cyclone.web import RequestHandler, Application - +import tempfile +from hashlib import sha256 +from urlparse import urlparse + +from cyclone.web import RequestHandler, Application, HTTPError +from cyclone.web import asynchronous +from twisted.internet import protocol, defer, reactor +from twisted.internet.endpoints import TCP4ClientEndpoint +from twisted.internet.error import ConnectionRefusedError +from twisted.internet.error import DNSLookupError, TimeoutError +from twisted.names import client as dns_client +from twisted.names import dns +from twisted.names.error import DNSNameError, DNSServerError from twisted.protocols import policies, basic +from twisted.web.client import readBody +from twisted.web.client import ContentDecoderAgent, GzipDecoder +from twisted.web.client import PartialDownloadError from twisted.web.http import Request from oonib import log, randomStr +from oonib.common.txextra import FixedRedirectAgent, TrueHeaders +from oonib.common.txextra import TrueHeadersAgent +from oonib.common.http_utils import representBody, extractTitle +from oonib.common.http_utils import REQUEST_HEADERS +from oonib.common.tcp_utils import TCPConnectFactory + +from oonib.handlers import OONIBHandler + class SimpleHTTPChannel(basic.LineReceiver, policies.TimeoutMixin): """ @@ -168,7 +189,320 @@ class HTTPRandomPage(HTTPTrapAll): length = 100000 self.write(self.genRandomPage(length, keyword)) + +def encodeResponse(response): + body = None + body_length = 0 + if (hasattr(response, 'body') and + response.body is not None): + body = response.body + body_length = len(response.body) + headers = {} + for k, v in response.headers.getAllRawHeaders(): + headers[k.lower()] = unicode(v[0], errors='ignore') + return { + 'headers': headers, + 'code': response.code, + 'body_length': body_length, + 'body': representBody(body) + } + +def encodeResponses(response): + responses = [] + responses += [encodeResponse(response)] + if response.previousResponse: + responses += encodeResponses(response.previousResponse) + return responses + + +class WebConnectivityCache(object): + expiration_time = 200 + enable_caching = True + http_retries = 2 + + def __init__(self): + self._response_types = ( + 'http_request', + 'tcp_connect', + 'dns_consistency' + ) + self._cache_lifecycle = {} + self._cache_dir = tempfile.mkdtemp() + for response_type in self._response_types: + os.mkdir(os.path.join(self._cache_dir, response_type)) + self._cache_lifecycle[response_type] = {} + + @defer.inlineCallbacks + def expire_all(self): + for response_type in self._cache_lifecycle.keys(): + for key_hash in self._cache_lifecycle[response_type].keys(): + yield self.expire(response_type, key_hash) + + @defer.inlineCallbacks + def cache_value(self, response_type, key, value): + if response_type not in self._response_types: + raise Exception("Invalid response type") + if self.enable_caching: + key_hash = sha256(key).hexdigest() + cache_file = os.path.join(self._cache_dir, response_type, key_hash) + + if key_hash in self._cache_lifecycle[response_type]: + yield self.expire(response_type, key_hash) + + self._cache_lifecycle[response_type][key_hash] = { + 'expiration': reactor.callLater(self.expiration_time, + self.expire, + response_type, key_hash), + 'lock': defer.DeferredLock() + } + lock = self._cache_lifecycle[response_type][key_hash]['lock'] + yield lock.acquire() + with open(cache_file, 'w+') as fw: + json.dump(value, fw) + lock.release() + + @defer.inlineCallbacks + def expire(self, response_type, key_hash): + if response_type not in self._response_types: + raise Exception("Invalid response type") + lifecycle = self._cache_lifecycle[response_type][key_hash] + if lifecycle['expiration'].active(): + lifecycle['expiration'].cancel() + + yield lifecycle['lock'].acquire() + try: + os.remove(os.path.join(self._cache_dir, response_type, key_hash)) + except OSError: + pass + lifecycle['lock'].release() + del self._cache_lifecycle[response_type][key_hash] + + @defer.inlineCallbacks + def lookup(self, response_type, key): + if not self.enable_caching: + defer.returnValue(None) + + key_hash = sha256(key).hexdigest() + cache_file = os.path.join(self._cache_dir, response_type, key_hash) + + if key_hash not in self._cache_lifecycle[response_type]: + defer.returnValue(None) + + lock = self._cache_lifecycle[response_type][key_hash]['lock'] + expiration = \ + self._cache_lifecycle[response_type][key_hash]['expiration'] + + yield lock.acquire() + + if not os.path.exists(cache_file): + lock.release() + defer.returnValue(None) + + with open(cache_file, 'r') as fh: + value = json.load(fh) + + expiration.reset(self.expiration_time) + lock.release() + defer.returnValue(value) + + @defer.inlineCallbacks + def http_request(self, url, include_http_responses=False): + cached_value = yield self.lookup('http_request', url) + if cached_value is not None: + if include_http_responses is not True: + cached_value.pop('responses', None) + defer.returnValue(cached_value) + + page_info = { + 'body_length': -1, + 'status_code': -1, + 'headers': {}, + 'failure': None + } + + agent = ContentDecoderAgent( + FixedRedirectAgent(TrueHeadersAgent(reactor)), + [('gzip', GzipDecoder)] + ) + try: + retries = 0 + while True: + try: + response = yield agent.request('GET', url, + TrueHeaders(REQUEST_HEADERS)) + headers = {} + for name, value in response.headers.getAllRawHeaders(): + headers[name] = unicode(value[0], errors='ignore') + body_length = -1 + body = None + try: + body = yield readBody(response) + body_length = len(body) + except PartialDownloadError as pde: + if pde.response: + body_length = len(pde.response) + body = pde.response + page_info['body_length'] = body_length + page_info['status_code'] = response.code + page_info['headers'] = headers + page_info['title'] = extractTitle(body) + response.body = body + page_info['responses'] = encodeResponses(response) + break + except: + if retries > self.http_retries: + raise + retries += 1 + except DNSLookupError: + page_info['failure'] = 'dns_lookup_error' + except TimeoutError: + page_info['failure'] = 'generic_timeout_error' + except ConnectionRefusedError: + page_info['failure'] = 'connection_refused_error' + except: + # XXX map more failures + page_info['failure'] = 'unknown_error' + + yield self.cache_value('http_request', url, page_info) + if include_http_responses is not True: + page_info.pop('responses', None) + defer.returnValue(page_info) + + @defer.inlineCallbacks + def tcp_connect(self, socket): + cached_value = yield self.lookup('tcp_connect', socket) + if cached_value is not None: + defer.returnValue(cached_value) + + socket_info = { + 'status': None, + 'failure': None + } + + ip_address, port = socket.split(":") + try: + point = TCP4ClientEndpoint(reactor, ip_address, int(port)) + yield point.connect(TCPConnectFactory()) + socket_info['status'] = True + except TimeoutError: + socket_info['status'] = False + socket_info['failure'] = 'generic_timeout_error' + except ConnectionRefusedError: + socket_info['status'] = False + socket_info['failure'] = 'connection_refused_error' + except: + socket_info['status'] = False + socket_info['failure'] = 'unknown_error' + yield self.cache_value('tcp_connect', socket, socket_info) + defer.returnValue(socket_info) + + @defer.inlineCallbacks + def dns_consistency(self, hostname): + cached_value = yield self.lookup('dns_consistency', hostname) + if cached_value is not None: + defer.returnValue(cached_value) + + dns_info = { + 'addrs': [], + 'failure': None + } + + try: + records = yield dns_client.lookupAddress(hostname) + answers = records[0] + for answer in answers: + if answer.type is dns.A: + dns_info['addrs'].append(answer.payload.dottedQuad()) + elif answer.type is dns.CNAME: + dns_info['addrs'].append(answer.payload.name.name) + except DNSNameError: + dns_info['failure'] = 'dns_name_error' + except DNSServerError: + dns_info['failure'] = 'dns_server_failure' + except: + dns_info['failure'] = 'unknown_error' + + yield self.cache_value('dns_consistency', hostname, dns_info) + defer.returnValue(dns_info) + + +# Taken from +# http://stackoverflow.com/questions/7160737/python-how-to-validate-a-url-in-… +HTTP_REQUEST_REGEXP = re.compile( + r'^(?:http)s?://' # http:// or https:// + r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' # domain... + r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip + r'(?::\d+)?' # optional port + r'(?:/?|[/?]\S+)$', re.IGNORECASE) + +SOCKET_REGEXP = re.compile(r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$') + +web_connectivity_cache = WebConnectivityCache() + +class WebConnectivity(OONIBHandler): + @defer.inlineCallbacks + def control_measurement(self, http_url, socket_list, + include_http_responses): + hostname = urlparse(http_url).netloc + dl = [ + web_connectivity_cache.http_request(http_url, include_http_responses), + web_connectivity_cache.dns_consistency(hostname) + ] + for socket in socket_list: + dl.append(web_connectivity_cache.tcp_connect(socket)) + responses = yield defer.DeferredList(dl) + http_request = responses[0][1] + dns = responses[1][1] + tcp_connect = {} + for idx, response in enumerate(responses[2:]): + tcp_connect[socket_list[idx]] = response[1] + self.finish({ + 'http_request': http_request, + 'tcp_connect': tcp_connect, + 'dns': dns + }) + + def validate_request(self, request): + required_keys = ['http_request', 'tcp_connect'] + for rk in required_keys: + if rk not in request.keys(): + raise HTTPError(400, "Missing %s" % rk) + if not HTTP_REQUEST_REGEXP.match(request['http_request']): + raise HTTPError(400, "Invalid http_request URL") + if any([not SOCKET_REGEXP.match(socket) + for socket in request['tcp_connect']]): + raise HTTPError(400, "Invalid tcp_connect URL") + + @asynchronous + def post(self): + try: + request = json.loads(self.request.body) + self.validate_request(request) + include_http_responses = request.get("include_http_responses", + False) + self.control_measurement( + str(request['http_request']), + request['tcp_connect'], + include_http_responses + ) + except HTTPError: + raise + except Exception as exc: + log.msg("Got invalid request") + log.exception(exc) + raise HTTPError(400, 'invalid request') + +class WebConnectivityStatus(RequestHandler): + def get(self): + self.write({"status": "ok"}) + + HTTPRandomPageHelper = Application([ # XXX add regexps here (r"/(.*)/(.*)", HTTPRandomPage) ]) + +WebConnectivityHelper = Application([ + (r"/status", WebConnectivityStatus), + (r"/", WebConnectivity) +])

1 0

[oonib/master] Handle empty bouncer_endpoints and collector_endpoints
by art＠torproject.org 30 May '16

30 May '16

commit 9437610ec476c2c20150a905fbeac7e01908c8b7 Author: Arturo Filastò <arturo(a)filasto.net> Date: Sat May 21 21:19:52 2016 +0200 Handle empty bouncer_endpoints and collector_endpoints * Set tor_data_dir to null in the default example --- oonib.conf.example | 2 +- oonib/oonibackend.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/oonib.conf.example b/oonib.conf.example index 0a5f4a5..95df448 100644 --- a/oonib.conf.example +++ b/oonib.conf.example @@ -28,7 +28,7 @@ main: stale_time: 3600 tor_hidden_service: false - tor_datadir: test_datadir + tor_datadir: null bouncer_endpoints: - {type: tls, port: 10443, cert: "private/ssl-key-and-cert.pem"} diff --git a/oonib/oonibackend.py b/oonib/oonibackend.py index 18bacf0..33ea92d 100644 --- a/oonib/oonibackend.py +++ b/oonib/oonibackend.py @@ -162,12 +162,12 @@ if config.main.tor_hidden_service and \ config.main.bouncer_endpoints = [ {'type': 'onion', 'hsdir': bouncer_hsdir} ] config.main.collector_endpoints = [ {'type': 'onion', 'hsdir': collector_hsdir} ] -for endpoint_config in config.main.get('bouncer_endpoints'): +for endpoint_config in config.main.get('bouncer_endpoints', []): print "Starting bouncer with config %s" % endpoint_config endpoint = getEndpoint(endpoint_config) createService(endpoint, 'bouncer', endpoint_config) -for endpoint_config in config.main.get('collector_endpoints'): +for endpoint_config in config.main.get('collector_endpoints', []): print "Starting collector with config %s" % endpoint_config endpoint = getEndpoint(endpoint_config) createService(endpoint, 'collector', endpoint_config)

1 0

[oonib/master] Vagrant: use box canonical name rather than URL (#84)
by art＠torproject.org 30 May '16

30 May '16

commit 973c9b0c2ae089e3043253890148d25dd550f756 Author: Simone Basso <bassosimone(a)gmail.com> Date: Mon May 30 10:50:21 2016 +0200 Vagrant: use box canonical name rather than URL (#84) This allows us to get updates running `vagrant box update`. While at it, add `/.vagrant/` to `.gitignore`. --- .gitignore | 3 +++ Vagrantfile | 3 +-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7fc5cbd..3f4029e 100644 --- a/.gitignore +++ b/.gitignore @@ -63,3 +63,6 @@ installed-files.txt oonib.conf oonib.pid + +# Local vagrant files +/.vagrant/ diff --git a/Vagrantfile b/Vagrantfile index 7aa5f71..a2abe0d 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -2,8 +2,7 @@ # vi: set ft=ruby : Vagrant.configure("2") do |config| - config.vm.box = "precise32" - config.vm.box_url = "http://files.vagrantup.com/precise32.box" + config.vm.box = "ubuntu/precise32" # Create a forwarded port mapping which allows access to a specific port # within the machine from a port on the host machine. In the example below,

1 0

← Newer
1
...
9
10
11
12
13
14
15
...
155
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits May 2016