September 2021 - tor-commits - lists.torproject.org

[tor-browser/tor-browser-78.14.0esr-11.0-1] Bug 1673237 - Always allow SVGs on about: pages r=acat, tjr, emilio
by sysrqb＠torproject.org 07 Sep '21

07 Sep '21

commit e114db4649c6e37340ce60240c091baddc551d5a Author: sanketh <me(a)snkth.com> Date: Tue Nov 3 17:34:20 2020 +0000 Bug 1673237 - Always allow SVGs on about: pages r=acat,tjr,emilio - Updated layout/svg/tests/test_disabled.html to ensure that this doesn't allow rendering SVGs on about:blank and about:srcdoc. Differential Revision: https://phabricator.services.mozilla.com/D95139 --- dom/base/nsNodeInfoManager.cpp | 18 ++++++++++------- layout/svg/tests/file_disabled_iframe.html | 31 +++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 8 deletions(-) diff --git a/dom/base/nsNodeInfoManager.cpp b/dom/base/nsNodeInfoManager.cpp index b0534b661a23..8bc6b0ba2bd6 100644 --- a/dom/base/nsNodeInfoManager.cpp +++ b/dom/base/nsNodeInfoManager.cpp @@ -352,9 +352,12 @@ void nsNodeInfoManager::RemoveNodeInfo(NodeInfo* aNodeInfo) { MOZ_ASSERT(ret, "Can't find mozilla::dom::NodeInfo to remove!!!"); } -static bool IsSystemOrAddonPrincipal(nsIPrincipal* aPrincipal) { +static bool IsSystemOrAddonOrAboutPrincipal(nsIPrincipal* aPrincipal) { return aPrincipal->IsSystemPrincipal() || - BasePrincipal::Cast(aPrincipal)->AddonPolicy(); + BasePrincipal::Cast(aPrincipal)->AddonPolicy() || + // NOTE: about:blank and about:srcdoc inherit the principal of their + // parent, so aPrincipal->SchemeIs("about") returns false for them. + aPrincipal->SchemeIs("about"); } bool nsNodeInfoManager::InternalSVGEnabled() { @@ -375,17 +378,18 @@ bool nsNodeInfoManager::InternalSVGEnabled() { } // We allow SVG (regardless of the pref) if this is a system or add-on - // principal, or if this load was requested for a system or add-on principal - // (e.g. a remote image being served as part of system or add-on UI) + // principal or about: page, or if this load was requested for a system or + // add-on principal or about: page (e.g. a remote image being served as part + // of system or add-on UI or about: page) bool conclusion = - (SVGEnabled || IsSystemOrAddonPrincipal(mPrincipal) || + (SVGEnabled || IsSystemOrAddonOrAboutPrincipal(mPrincipal) || (loadInfo && (loadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_IMAGE || loadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_OTHER) && - (IsSystemOrAddonPrincipal(loadInfo->GetLoadingPrincipal()) || - IsSystemOrAddonPrincipal(loadInfo->TriggeringPrincipal())))); + (IsSystemOrAddonOrAboutPrincipal(loadInfo->GetLoadingPrincipal()) || + IsSystemOrAddonOrAboutPrincipal(loadInfo->TriggeringPrincipal())))); mSVGEnabled = Some(conclusion); return conclusion; } diff --git a/layout/svg/tests/file_disabled_iframe.html b/layout/svg/tests/file_disabled_iframe.html index 6feae3024730..55eda75fdefb 100644 --- a/layout/svg/tests/file_disabled_iframe.html +++ b/layout/svg/tests/file_disabled_iframe.html @@ -48,5 +48,34 @@ t.firstChild.firstChild.textContent = "1&2<3>4\xA0"; is(t.innerHTML, '<svg><style>1&2<3>4 \u003C/style></svg>'); - SimpleTest.finish(); + // + // Tests for Bug 1673237 + // + + // This test fails if about:blank renders SVGs + t.innerHTML = null; + var iframe = document.createElement("iframe"); + iframe.setAttribute("src", "about:blank") + t.appendChild(iframe); + iframe.appendChild(document.createElementNS("http://www.w3.org/2000/svg", "svg:svg")); + iframe.firstChild.textContent = "<foo>"; + is(iframe.innerHTML, "<svg:svg><foo></svg:svg>"); + + // This test fails if about:blank renders SVGs + var win = window.open("about:blank"); + win.document.body.appendChild(document.createElementNS("http://www.w3.org/2000/svg", "svg:svg")) + win.document.body.firstChild.textContent = "<foo>"; + is(win.document.body.innerHTML, "<svg:svg><foo></svg:svg>"); + win.close(); + + // This test fails if about:srcdoc renders SVGs + t.innerHTML = null; + iframe = document.createElement("iframe"); + iframe.srcdoc = "<svg:svg></svg:svg>"; + iframe.onload = function() { + iframe.contentDocument.body.firstChild.textContent = "<foo>"; + is(iframe.contentDocument.body.innerHTML, "<svg:svg><foo></svg:svg>"); + SimpleTest.finish(); + } + t.appendChild(iframe); </script>

1 0

[tor-browser/tor-browser-78.14.0esr-11.0-1] 40209: Implement Basic Crypto Safety
by sysrqb＠torproject.org 07 Sep '21

07 Sep '21

commit d57e030cbc7e7ec51b410718442ccffea05329f9 Author: sanketh <me(a)snkth.com> Date: Mon Feb 8 20:12:44 2021 -0500 40209: Implement Basic Crypto Safety Adds a CryptoSafety actor which detects when you've copied a crypto address from a HTTP webpage and shows a warning. Closes #40209. Bug 40428: Fix string attribute names --- browser/actors/CryptoSafetyChild.jsm | 87 ++++++++++++++++ browser/actors/CryptoSafetyParent.jsm | 142 +++++++++++++++++++++++++++ browser/actors/moz.build | 2 + browser/base/content/popup-notifications.inc | 14 +++ browser/components/BrowserGlue.jsm | 17 ++++ browser/modules/TorStrings.jsm | 48 +++++++++ browser/themes/shared/browser.inc.css | 5 + toolkit/content/license.html | 32 ++++++ toolkit/modules/Bech32Decode.jsm | 103 +++++++++++++++++++ toolkit/modules/moz.build | 1 + 10 files changed, 451 insertions(+) diff --git a/browser/actors/CryptoSafetyChild.jsm b/browser/actors/CryptoSafetyChild.jsm new file mode 100644 index 000000000000..87ff261d4915 --- /dev/null +++ b/browser/actors/CryptoSafetyChild.jsm @@ -0,0 +1,87 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* Copyright (c) 2020, The Tor Project, Inc. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +var EXPORTED_SYMBOLS = ["CryptoSafetyChild"]; + +const { Bech32Decode } = ChromeUtils.import( + "resource://gre/modules/Bech32Decode.jsm" +); + +const { XPCOMUtils } = ChromeUtils.import( + "resource://gre/modules/XPCOMUtils.jsm" +); + +const kPrefCryptoSafety = "security.cryptoSafety"; + +XPCOMUtils.defineLazyPreferenceGetter( + this, + "isCryptoSafetyEnabled", + kPrefCryptoSafety, + true /* defaults to true */ +); + +function looksLikeCryptoAddress(s) { + // P2PKH and P2SH addresses + // https://stackoverflow.com/a/24205650 + const bitcoinAddr = /^[13][a-km-zA-HJ-NP-Z1-9]{25,39}$/; + if (bitcoinAddr.test(s)) { + return true; + } + + // Bech32 addresses + if (Bech32Decode(s) !== null) { + return true; + } + + // regular addresses + const etherAddr = /^0x[a-fA-F0-9]{40}$/; + if (etherAddr.test(s)) { + return true; + } + + // t-addresses + // https://www.reddit.com/r/zec/comments/8mxj6x/simple_regex_to_validate_a_zca… + const zcashAddr = /^t1[a-zA-Z0-9]{33}$/; + if (zcashAddr.test(s)) { + return true; + } + + // Standard, Integrated, and 256-bit Integrated addresses + // https://monero.stackexchange.com/a/10627 + const moneroAddr = /^4(?:[0-9AB]|[1-9A-HJ-NP-Za-km-z]{12}(?:[1-9A-HJ-NP-Za-km-z]{30})?)[1-9A-HJ-NP-Za-km-z]{93}$/; + if (moneroAddr.test(s)) { + return true; + } + + return false; +} + +class CryptoSafetyChild extends JSWindowActorChild { + handleEvent(event) { + if (isCryptoSafetyEnabled) { + // Ignore non-HTTP addresses + if (!this.document.documentURIObject.schemeIs("http")) { + return; + } + // Ignore onion addresses + if (this.document.documentURIObject.host.endsWith(".onion")) { + return; + } + + if (event.type == "copy" || event.type == "cut") { + this.contentWindow.navigator.clipboard.readText().then(clipText => { + const selection = clipText.trim(); + if (looksLikeCryptoAddress(selection)) { + this.sendAsyncMessage("CryptoSafety:CopiedText", { + selection, + }); + } + }); + } + } + } +} diff --git a/browser/actors/CryptoSafetyParent.jsm b/browser/actors/CryptoSafetyParent.jsm new file mode 100644 index 000000000000..bac151df5511 --- /dev/null +++ b/browser/actors/CryptoSafetyParent.jsm @@ -0,0 +1,142 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* Copyright (c) 2020, The Tor Project, Inc. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +var EXPORTED_SYMBOLS = ["CryptoSafetyParent"]; + +const { XPCOMUtils } = ChromeUtils.import( + "resource://gre/modules/XPCOMUtils.jsm" +); + +XPCOMUtils.defineLazyModuleGetters(this, { + TorStrings: "resource:///modules/TorStrings.jsm", +}); + +const kPrefCryptoSafety = "security.cryptoSafety"; + +XPCOMUtils.defineLazyPreferenceGetter( + this, + "isCryptoSafetyEnabled", + kPrefCryptoSafety, + true /* defaults to true */ +); + +class CryptoSafetyParent extends JSWindowActorParent { + getBrowser() { + return this.browsingContext.top.embedderElement; + } + + receiveMessage(aMessage) { + if (isCryptoSafetyEnabled) { + if (aMessage.name == "CryptoSafety:CopiedText") { + showPopup(this.getBrowser(), aMessage.data.selection); + } + } + } +} + +function trimAddress(cryptoAddr) { + if (cryptoAddr.length <= 32) { + return cryptoAddr; + } + return cryptoAddr.substring(0, 32) + "..."; +} + +function showPopup(aBrowser, cryptoAddr) { + const chromeDoc = aBrowser.ownerDocument; + if (chromeDoc) { + const win = chromeDoc.defaultView; + const cryptoSafetyPrompt = new CryptoSafetyPrompt( + aBrowser, + win, + cryptoAddr + ); + cryptoSafetyPrompt.show(); + } +} + +class CryptoSafetyPrompt { + constructor(aBrowser, aWin, cryptoAddr) { + this._browser = aBrowser; + this._win = aWin; + this._cryptoAddr = cryptoAddr; + } + + show() { + const primaryAction = { + label: TorStrings.cryptoSafetyPrompt.primaryAction, + accessKey: TorStrings.cryptoSafetyPrompt.primaryActionAccessKey, + callback: () => { + this._win.torbutton_new_circuit(); + }, + }; + + const secondaryAction = { + label: TorStrings.cryptoSafetyPrompt.secondaryAction, + accessKey: TorStrings.cryptoSafetyPrompt.secondaryActionAccessKey, + callback: () => {}, + }; + + let _this = this; + const options = { + popupIconURL: "chrome://browser/skin/cert-error.svg", + eventCallback(aTopic) { + if (aTopic === "showing") { + _this._onPromptShowing(); + } + }, + }; + + const cryptoWarningText = TorStrings.cryptoSafetyPrompt.cryptoWarning.replace( + "%S", + trimAddress(this._cryptoAddr) + ); + + if (this._win.PopupNotifications) { + this._prompt = this._win.PopupNotifications.show( + this._browser, + "crypto-safety-warning", + cryptoWarningText, + null /* anchor ID */, + primaryAction, + [secondaryAction], + options + ); + } + } + + _onPromptShowing() { + let xulDoc = this._browser.ownerDocument; + + let whatCanHeading = xulDoc.getElementById( + "crypto-safety-warning-notification-what-can-heading" + ); + if (whatCanHeading) { + whatCanHeading.textContent = TorStrings.cryptoSafetyPrompt.whatCanHeading; + } + + let whatCanBody = xulDoc.getElementById( + "crypto-safety-warning-notification-what-can-body" + ); + if (whatCanBody) { + whatCanBody.textContent = TorStrings.cryptoSafetyPrompt.whatCanBody; + } + + let learnMoreElem = xulDoc.getElementById( + "crypto-safety-warning-notification-learnmore" + ); + if (learnMoreElem) { + learnMoreElem.setAttribute( + "value", + TorStrings.cryptoSafetyPrompt.learnMore + ); + learnMoreElem.setAttribute( + "href", + TorStrings.cryptoSafetyPrompt.learnMoreURL + ); + } + } +} diff --git a/browser/actors/moz.build b/browser/actors/moz.build index e70f0f09fe3a..9eb5ca397060 100644 --- a/browser/actors/moz.build +++ b/browser/actors/moz.build @@ -50,6 +50,8 @@ FINAL_TARGET_FILES.actors += [ 'ContentSearchParent.jsm', 'ContextMenuChild.jsm', 'ContextMenuParent.jsm', + 'CryptoSafetyChild.jsm', + 'CryptoSafetyParent.jsm', 'DOMFullscreenChild.jsm', 'DOMFullscreenParent.jsm', 'FormValidationChild.jsm', diff --git a/browser/base/content/popup-notifications.inc b/browser/base/content/popup-notifications.inc index 42e17e90c648..ff6f8cdeca80 100644 --- a/browser/base/content/popup-notifications.inc +++ b/browser/base/content/popup-notifications.inc @@ -114,3 +114,17 @@ </vbox> </popupnotificationfooter> </popupnotification> + + <popupnotification id="crypto-safety-warning-notification" hidden="true"> + <popupnotificationcontent orient="vertical"> + <description id="crypto-safety-warning-notification-desc"/> + <html:div id="crypto-safety-warning-notification-what-can"> + <html:strong id="crypto-safety-warning-notification-what-can-heading" /> + <html:br/> + <html:span id="crypto-safety-warning-notification-what-can-body" /> + </html:div> + <label id="crypto-safety-warning-notification-learnmore" + class="popup-notification-learnmore-link" + is="text-link"/> + </popupnotificationcontent> + </popupnotification> diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm index 3750230a250b..5f708fca3d5c 100644 --- a/browser/components/BrowserGlue.jsm +++ b/browser/components/BrowserGlue.jsm @@ -297,6 +297,23 @@ let JSWINDOWACTORS = { allFrames: true, }, + CryptoSafety: { + parent: { + moduleURI: "resource:///actors/CryptoSafetyParent.jsm", + }, + + child: { + moduleURI: "resource:///actors/CryptoSafetyChild.jsm", + group: "browsers", + events: { + copy: { mozSystemGroup: true }, + cut: { mozSystemGroup: true }, + }, + }, + + allFrames: true, + }, + DOMFullscreen: { parent: { moduleURI: "resource:///actors/DOMFullscreenParent.jsm", diff --git a/browser/modules/TorStrings.jsm b/browser/modules/TorStrings.jsm index e8a8d37ae373..1e08b168e4af 100644 --- a/browser/modules/TorStrings.jsm +++ b/browser/modules/TorStrings.jsm @@ -101,6 +101,54 @@ class TorPropertyStringBundle { Security Level Strings */ var TorStrings = { + /* + CryptoSafetyPrompt Strings + */ + cryptoSafetyPrompt: (function() { + let tsb = new TorPropertyStringBundle( + "chrome://torbutton/locale/torbutton.properties", + "cryptoSafetyPrompt." + ); + let getString = function(key, fallback) { + return tsb.getString(key, fallback); + }; + + let retval = { + cryptoWarning: getString( + "cryptoWarning", + "A cryptocurrency address (%S) has been copied from an insecure website. It could have been modified." + ), + whatCanHeading: getString( + "whatCanHeading", + "What can you do about it?" + ), + whatCanBody: getString( + "whatCanBody", + "You can try reconnecting with a new circuit to establish a secure connection, or accept the risk and dismiss this warning." + ), + learnMore: getString("learnMore", "Learn more"), + learnMoreURL: `https://support.torproject.org/${getLocale()}/`, + primaryAction: getString( + "primaryAction", + "Reload Tab with a New Circuit" + ), + primaryActionAccessKey: getString( + "primaryActionAccessKey", + "R" + ), + secondaryAction: getString( + "secondaryAction", + "Dismiss Warning" + ), + secondaryActionAccessKey: getString( + "secondaryActionAccessKey", + "D" + ), + }; + + return retval; + })() /* CryptoSafetyPrompt Strings */, + /* Tor Browser Security Level Strings */ diff --git a/browser/themes/shared/browser.inc.css b/browser/themes/shared/browser.inc.css index 0113466e8e56..4ef27d880754 100644 --- a/browser/themes/shared/browser.inc.css +++ b/browser/themes/shared/browser.inc.css @@ -620,3 +620,8 @@ menupopup::part(drop-indicator) { #sharing-warning-proceed-to-tab:hover { background-color: rgb(0,62,170); } + +#crypto-safety-warning-notification-what-can { + display: block; + margin: 5px; +} diff --git a/toolkit/content/license.html b/toolkit/content/license.html index e44c31ec6d4e..90995236b41b 100644 --- a/toolkit/content/license.html +++ b/toolkit/content/license.html @@ -72,6 +72,7 @@ <li><a href="about:license#arm">ARM License</a></li> <li><a href="about:license#babel">Babel License</a></li> <li><a href="about:license#babylon">Babylon License</a></li> + <li><a href="about:license#bech32">Bech32 License</a></li> <li><a href="about:license#bincode">bincode License</a></li> <li><a href="about:license#bsd2clause">BSD 2-Clause License</a></li> <li><a href="about:license#bsd3clause">BSD 3-Clause License</a></li> @@ -2795,6 +2796,37 @@ furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +</pre> + + + <hr> + + <h1><a id="bech32"></a>Bech32 License</h1> + + <p>This license applies to the file + <code>toolkit/modules/Bech32Decode.jsm</code>. + </p> + +<pre> +Copyright (c) 2017 Pieter Wuille + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE diff --git a/toolkit/modules/Bech32Decode.jsm b/toolkit/modules/Bech32Decode.jsm new file mode 100644 index 000000000000..3a2bc7ae0a10 --- /dev/null +++ b/toolkit/modules/Bech32Decode.jsm @@ -0,0 +1,103 @@ +// Adapted from the reference implementation of Bech32 +// https://github.com/sipa/bech32 + +// Copyright (c) 2017 Pieter Wuille +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +"use strict"; + +/** + * JS module implementation of Bech32 decoding adapted from the reference + * implementation https://github.com/sipa/bech32. + */ + +var EXPORTED_SYMBOLS = ["Bech32Decode"]; + +var CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l"; +var GENERATOR = [0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3]; + +function polymod(values) { + var chk = 1; + for (var p = 0; p < values.length; ++p) { + var top = chk >> 25; + chk = ((chk & 0x1ffffff) << 5) ^ values[p]; + for (var i = 0; i < 5; ++i) { + if ((top >> i) & 1) { + chk ^= GENERATOR[i]; + } + } + } + return chk; +} + +function hrpExpand(hrp) { + var ret = []; + var p; + for (p = 0; p < hrp.length; ++p) { + ret.push(hrp.charCodeAt(p) >> 5); + } + ret.push(0); + for (p = 0; p < hrp.length; ++p) { + ret.push(hrp.charCodeAt(p) & 31); + } + return ret; +} + +function verifyChecksum(hrp, data) { + return polymod(hrpExpand(hrp).concat(data)) === 1; +} + +function Bech32Decode(bechString) { + var p; + var has_lower = false; + var has_upper = false; + for (p = 0; p < bechString.length; ++p) { + if (bechString.charCodeAt(p) < 33 || bechString.charCodeAt(p) > 126) { + return null; + } + if (bechString.charCodeAt(p) >= 97 && bechString.charCodeAt(p) <= 122) { + has_lower = true; + } + if (bechString.charCodeAt(p) >= 65 && bechString.charCodeAt(p) <= 90) { + has_upper = true; + } + } + if (has_lower && has_upper) { + return null; + } + bechString = bechString.toLowerCase(); + var pos = bechString.lastIndexOf("1"); + if (pos < 1 || pos + 7 > bechString.length || bechString.length > 90) { + return null; + } + var hrp = bechString.substring(0, pos); + var data = []; + for (p = pos + 1; p < bechString.length; ++p) { + var d = CHARSET.indexOf(bechString.charAt(p)); + if (d === -1) { + return null; + } + data.push(d); + } + if (!verifyChecksum(hrp, data)) { + return null; + } + return { hrp: hrp, data: data.slice(0, data.length - 6) }; +} diff --git a/toolkit/modules/moz.build b/toolkit/modules/moz.build index e1f1eb5759c5..698d2773a7ed 100644 --- a/toolkit/modules/moz.build +++ b/toolkit/modules/moz.build @@ -160,6 +160,7 @@ EXTRA_JS_MODULES += [ 'ActorManagerParent.jsm', 'AppMenuNotifications.jsm', 'AsyncPrefs.jsm', + 'Bech32Decode.jsm', 'BinarySearch.jsm', 'BrowserUtils.jsm', 'CanonicalJSON.jsm',

1 0

[tor-browser/tor-browser-78.14.0esr-11.0-1] Bug 27476: Implement about:torconnect captive portal within Tor Browser
by sysrqb＠torproject.org 07 Sep '21

07 Sep '21

commit 8b2cf8458bc402f49506e53853c0baa8e2e2e5e7 Author: Richard Pospesel <richard(a)torproject.org> Date: Wed Apr 28 23:09:34 2021 -0500 Bug 27476: Implement about:torconnect captive portal within Tor Browser - implements new about:torconnect page as tor-launcher replacement - adds tor connection status to url bar and tweaks UX when not online - adds new torconnect component to browser - tor process management functionality remains implemented in tor-launcher through the TorProtocolService module - the onion pattern from about:tor migrated to an .inc.xhtml file now used by both about:tor and about:torconnect - various design tweaks and resusability fixes to onion pattern - adds warning/error box to about:preferences#tor when not connected to tor - explicitly allows about:torconnect URIs to ignore Resist Fingerprinting (RFP) - various tweaks to info-pages.inc.css for about:torconnect (also affects other firefox info pages) --- browser/actors/NetErrorParent.jsm | 8 + browser/base/content/aboutNetError.js | 12 +- browser/base/content/browser-siteIdentity.js | 2 +- browser/base/content/browser.js | 66 ++- browser/base/content/browser.xhtml | 3 + browser/base/content/utilityOverlay.js | 8 + .../alpha/content/identity-icons-brand.svg | 26 +- browser/branding/alpha/content/jar.mn | 1 + browser/branding/alpha/content/tor-styles.css | 13 + .../nightly/content/identity-icons-brand.svg | 30 +- browser/branding/nightly/content/jar.mn | 1 + browser/branding/nightly/content/tor-styles.css | 13 + .../official/content/identity-icons-brand.svg | 32 +- browser/branding/official/content/jar.mn | 1 + browser/branding/official/content/tor-styles.css | 14 + browser/branding/tor-styles.inc.css | 87 ++++ browser/components/BrowserGlue.jsm | 37 +- browser/components/about/AboutRedirector.cpp | 4 + browser/components/about/components.conf | 1 + browser/components/moz.build | 1 + .../onionservices/HttpsEverywhereControl.jsm | 17 +- browser/components/sessionstore/SessionStore.jsm | 4 + browser/components/torconnect/TorConnectChild.jsm | 9 + browser/components/torconnect/TorConnectParent.jsm | 150 +++++++ .../torconnect/content/aboutTorConnect.css | 155 +++++++ .../torconnect/content/aboutTorConnect.js | 304 +++++++++++++ .../torconnect/content/aboutTorConnect.xhtml | 45 ++ .../components/torconnect/content/onion-slash.svg | 7 + browser/components/torconnect/content/onion.svg | 3 + .../torconnect/content/torBootstrapUrlbar.js | 93 ++++ .../torconnect/content/torconnect-urlbar.css | 57 +++ .../torconnect/content/torconnect-urlbar.inc.xhtml | 10 + browser/components/torconnect/jar.mn | 7 + browser/components/torconnect/moz.build | 6 + .../components/torpreferences/content/torPane.js | 90 ++++ .../torpreferences/content/torPane.xhtml | 34 ++ .../torpreferences/content/torPreferences.css | 123 +++++ browser/components/urlbar/UrlbarInput.jsm | 31 ++ browser/modules/TorConnect.jsm | 499 +++++++++++++++++++++ browser/modules/TorProcessService.jsm | 12 + browser/modules/TorProtocolService.jsm | 179 +++++++- browser/modules/TorStrings.jsm | 80 ++++ browser/modules/moz.build | 2 + .../shared/identity-block/identity-block.inc.css | 16 +- browser/themes/shared/jar.inc.mn | 1 + browser/themes/shared/onionPattern.css | 124 +++++ browser/themes/shared/onionPattern.inc.xhtml | 210 +++++++++ browser/themes/shared/urlbar-searchbar.inc.css | 2 + dom/base/Document.cpp | 51 ++- dom/base/nsGlobalWindowOuter.cpp | 2 + .../processsingleton/MainProcessSingleton.jsm | 5 + toolkit/modules/AsyncPrefs.jsm | 2 + toolkit/modules/RemotePageAccessManager.jsm | 16 + toolkit/mozapps/update/UpdateService.jsm | 68 ++- .../themes/shared/in-content/info-pages.inc.css | 15 +- .../lib/environments/browser-window.js | 4 + 56 files changed, 2650 insertions(+), 143 deletions(-) diff --git a/browser/actors/NetErrorParent.jsm b/browser/actors/NetErrorParent.jsm index 035195391554..6dce9af5aad0 100644 --- a/browser/actors/NetErrorParent.jsm +++ b/browser/actors/NetErrorParent.jsm @@ -17,6 +17,10 @@ const { SessionStore } = ChromeUtils.import( ); const { HomePage } = ChromeUtils.import("resource:///modules/HomePage.jsm"); +const { TorConnect } = ChromeUtils.import( + "resource:///modules/TorConnect.jsm" +); + const PREF_SSL_IMPACT_ROOTS = [ "security.tls.version.", "security.ssl3.", @@ -318,6 +322,10 @@ class NetErrorParent extends JSWindowActorParent { break; } } + break; + case "ShouldShowTorConnect": + return TorConnect.shouldShowTorConnect; } + return undefined; } } diff --git a/browser/base/content/aboutNetError.js b/browser/base/content/aboutNetError.js index 60db17f46eb9..32bd5576de3e 100644 --- a/browser/base/content/aboutNetError.js +++ b/browser/base/content/aboutNetError.js @@ -194,8 +194,18 @@ async function setErrorPageStrings(err) { document.l10n.setAttributes(titleElement, title); } -function initPage() { +async function initPage() { var err = getErrorCode(); + + // proxyConnectFailure because no-tor running daemon would return this error + if ( + (err === "proxyConnectFailure") && + (await RPMSendQuery("ShouldShowTorConnect")) + ) { + // pass orginal destination as redirect param + const encodedRedirect = encodeURIComponent(document.location.href); + document.location.replace(`about:torconnect?redirect=${encodedRedirect}`); + } // List of error pages with an illustration. let illustratedErrors = [ "malformedURI", diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js index 539d6d4056a3..2a3431172886 100644 --- a/browser/base/content/browser-siteIdentity.js +++ b/browser/base/content/browser-siteIdentity.js @@ -57,7 +57,7 @@ var gIdentityHandler = { * RegExp used to decide if an about url should be shown as being part of * the browser UI. */ - _secureInternalUIWhitelist: (AppConstants.TOR_BROWSER_UPDATE ? /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|tor|tbupdate)(?:[?#]|$)/i : /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|tor)(?:[?#]|$)/i), + _secureInternalUIWhitelist: (AppConstants.TOR_BROWSER_UPDATE ? /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|tor|torconnect|tbupdate)(?:[?#]|$)/i : /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|tor|torconnect)(?:[?#]|$)/i), /** * Whether the established HTTPS connection is considered "broken". diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 04f8752b93f4..37d67f7680af 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -77,6 +77,7 @@ XPCOMUtils.defineLazyModuleGetters(this, { TabModalPrompt: "chrome://global/content/tabprompts.jsm", TabCrashHandler: "resource:///modules/ContentCrashHandlers.jsm", TelemetryEnvironment: "resource://gre/modules/TelemetryEnvironment.jsm", + TorConnect: "resource:///modules/TorConnect.jsm", Translation: "resource:///modules/translation/TranslationParent.jsm", OnionAliasStore: "resource:///modules/OnionAliasStore.jsm", UITour: "resource:///modules/UITour.jsm", @@ -633,6 +634,7 @@ var gPageIcons = { var gInitialPages = [ "about:tor", + "about:torconnect", "about:blank", "about:newtab", "about:home", @@ -1959,6 +1961,8 @@ var gBrowserInit = { } this._loadHandled = true; + + TorBootstrapUrlbar.init(); }, _cancelDelayedStartup() { @@ -2490,32 +2494,48 @@ var gBrowserInit = { let uri = window.arguments[0]; let defaultArgs = BrowserHandler.defaultArgs; - // If the given URI is different from the homepage, we want to load it. - if (uri != defaultArgs) { - AboutNewTab.noteNonDefaultStartup(); + // figure out which URI to actually load (or a Promise to get the uri) + uri = ((uri) => { + // If the given URI is different from the homepage, we want to load it. + if (uri != defaultArgs) { + AboutNewTab.noteNonDefaultStartup(); + + if (uri instanceof Ci.nsIArray) { + // Transform the nsIArray of nsISupportsString's into a JS Array of + // JS strings. + return Array.from( + uri.enumerate(Ci.nsISupportsString), + supportStr => supportStr.data + ); + } else if (uri instanceof Ci.nsISupportsString) { + return uri.data; + } + return uri; + } - if (uri instanceof Ci.nsIArray) { - // Transform the nsIArray of nsISupportsString's into a JS Array of - // JS strings. - return Array.from( - uri.enumerate(Ci.nsISupportsString), - supportStr => supportStr.data - ); - } else if (uri instanceof Ci.nsISupportsString) { - return uri.data; + // The URI appears to be the the homepage. We want to load it only if + // session restore isn't about to override the homepage. + let willOverride = SessionStartup.willOverrideHomepage; + if (typeof willOverride == "boolean") { + return willOverride ? null : uri; } - return uri; - } + return willOverride.then(willOverrideHomepage => + willOverrideHomepage ? null : uri + ); + })(uri); + + // if using TorConnect, convert these uris to redirects + if (TorConnect.shouldShowTorConnect) { + return Promise.resolve(uri).then((uri) => { + if (uri == null) { + uri = []; + } - // The URI appears to be the the homepage. We want to load it only if - // session restore isn't about to override the homepage. - let willOverride = SessionStartup.willOverrideHomepage; - if (typeof willOverride == "boolean") { - return willOverride ? null : uri; + uri = TorConnect.getURIsToLoad(uri); + return uri; + }); } - return willOverride.then(willOverrideHomepage => - willOverrideHomepage ? null : uri - ); + return uri; })()); }, @@ -2582,6 +2602,8 @@ var gBrowserInit = { OnionAuthPrompt.uninit(); + TorBootstrapUrlbar.uninit(); + gAccessibilityServiceIndicator.uninit(); AccessibilityRefreshBlocker.uninit(); diff --git a/browser/base/content/browser.xhtml b/browser/base/content/browser.xhtml index c2caecc1a416..134ab8e087e1 100644 --- a/browser/base/content/browser.xhtml +++ b/browser/base/content/browser.xhtml @@ -10,6 +10,7 @@ override rules using selectors with the same specificity. This applies to both "content" and "skin" packages, which bug 1385444 will unify later. --> <?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?> +<?xml-stylesheet href="chrome://branding/content/tor-styles.css" type="text/css"?>  +<!DOCTYPE html> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Security-Policy" content="default-src chrome:; object-src 'none'" /> + <link rel="stylesheet" href="chrome://browser/skin/onionPattern.css" type="text/css" media="all" /> + <link rel="stylesheet" href="chrome://browser/content/torconnect/aboutTorConnect.css" type="text/css" media="all" /> + </head> + <body> + <div id="progressBackground"></div> + <div id="connectPageContainer" class="container"> + <div id="text-container"> + <div class="title"> + <h1 class="title-text"/> + </div> + <div id="connectLongContent"> + <div id="connectShortDesc"> + <p id="connectShortDescText" /> + </div> + </div> + + <div id="copyLogContainer"> + <span id="copyLogLink" hidden="true"> + <div id="copyLogTooltip"> + <span id="copyLogTooltipText"/> + </div> + </span> + </div> + + <div id="quickstartContainer"> + <input id="quickstartCheckbox" type="checkbox" /> + <label id="quickstartCheckboxLabel" for="quickstartCheckbox"/> + </div> + + <div id="connectButtonContainer" class="button-container"> + <button id="advancedButton" hidden="true"></button> + <button id="cancelButton" hidden="true"></button> + <button id="connectButton" class="primary try-again" hidden="true"></button> + </div> + </div> + </div> +#include ../../../themes/shared/onionPattern.inc.xhtml + </body> + <script src="chrome://browser/content/torconnect/aboutTorConnect.js"/> +</html> diff --git a/browser/components/torconnect/content/onion-slash.svg b/browser/components/torconnect/content/onion-slash.svg new file mode 100644 index 000000000000..efb09700ec0b --- /dev/null +++ b/browser/components/torconnect/content/onion-slash.svg @@ -0,0 +1,7 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"> + <g fill-opacity="context-fill-opacity" fill="context-fill"> + <path d="M3.409559 13.112147C3.409559 13.112147 8.200807 8.103115 8.200807 8.103115C8.200807 8.103115 8.200807 6.516403 8.200807 6.516403C8.620819 6.516403 9.009719 6.703075 9.274171 6.998639C9.274171 6.998639 10.160863 6.080835 10.160863 6.080835C9.663071 5.567487 8.978607 5.256367 8.200807 5.256367C8.200807 5.256367 8.200807 4.400787 8.200807 4.400787C9.196391 4.400787 10.098639 4.805243 10.736435 5.458595C10.736435 5.458595 11.623127 4.540791 11.623127 4.540791C10.751991 3.669655 9.538623 3.125195 8.200807 3.125195C8.200807 3.125195 8.200807 2.269615 8.200807 2.269615C9.756407 2.269615 11.172003 2.907411 12.214255 3.918551C12.214255 3.918551 13.100947 3.000747 13.100947 3.000747C11.825355 1.756267 10.098639 0.994023 8.185251 0.994023C4.311807 0.994023 1.185051 4.120779 1.185051 7.994223C1.185051 10.016503 2.040631 11.836555 3.409559 13.112147C3.409559 13.112147 3.409559 13.112147 3.409559 13.112147"/> + <path d="M14.205423 4.416343C14.205423 4.416343 13.287619 5.380815 13.287619 5.380815C13.692075 6.158615 13.909859 7.045307 13.909859 7.994223C13.909859 11.152091 11.358675 13.718831 8.200807 13.718831C8.200807 13.718831 8.200807 12.863251 8.200807 12.863251C10.891995 12.863251 13.069835 10.669855 13.069835 7.978667C13.069835 7.278647 12.929831 6.625295 12.665379 6.018611C12.665379 6.018611 11.685351 7.045307 11.685351 7.045307C11.763131 7.340871 11.809799 7.651991 11.809799 7.963111C11.809799 9.954279 10.207531 11.556547 8.216363 11.572103C8.216363 11.572103 8.216363 10.716523 8.216363 10.716523C9.725295 10.700967 10.954219 9.472043 10.954219 7.963111C10.954219 7.916443 10.954219 7.854219 10.954219 7.807551C10.954219 7.807551 4.887379 14.169955 4.887379 14.169955C5.867407 14.698859 6.987439 14.994423 8.185251 14.994423C12.058695 14.994423 15.185451 11.867667 15.185451 7.994223C15.185451 6.687519 14.827663 5.474151 14.205423 4.416343C14.205423 4.416343 14.205423 4.416343 14.20542 3 4.416343"/> + <path d="M1.791735 15.461103C1.402835 15.461103 1.045047 15.212207 0.889487 14.838863C0.733927 14.465519 0.827267 14.014395 1.107271 13.734387C1.107271 13.734387 13.458735 0.822907 13.458735 0.822907C13.847635 0.434007 14.454319 0.449563 14.827663 0.838467C15.201007 1.227367 15.216563 1.865163 14.843223 2.269619C14.843223 2.269619 2.491759 15.181099 2.491759 15.181099C2.289531 15.352215 2.040635 15.461107 1.791739 15.461107C1.791739 15.461107 1.791735 15.461103 1.791735 15.461103"/> + </g> +</svg> diff --git a/browser/components/torconnect/content/onion.svg b/browser/components/torconnect/content/onion.svg new file mode 100644 index 000000000000..30cd52ba5c51 --- /dev/null +++ b/browser/components/torconnect/content/onion.svg @@ -0,0 +1,3 @@ +<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> + <path fill="context-fill" fill-opacity="context-fill-opacity" d="M12.0246161,21.8174863 L12.0246161,20.3628098 C16.6324777,20.3495038 20.3634751,16.6108555 20.3634751,11.9996673 C20.3634751,7.38881189 16.6324777,3.65016355 12.0246161,3.63685757 L12.0246161,2.18218107 C17.4358264,2.1958197 21.8178189,6.58546322 21.8178189,11.9996673 C21.8178189,17.4142042 17.4358264,21.8041803 12.0246161,21.8174863 L12.0246161,21.8174863 Z M12.0246161,16.7259522 C14.623607,16.7123136 16.7272828,14.6023175 16.7272828,11.9996673 C16.7272828,9.39734991 14.623607,7.28735377 12.0246161,7.27371516 L12.0246161,5.81937131 C15.4272884,5.8326773 18.1819593,8.59400123 18.1819593,11.9996673 C18.1819593,15.4056661 15.4272884,18.1669901 12.0246161,18.1802961 L12.0246161,16.7259522 Z M12.0246161,9.45556355 C13.4187503,9.46886953 14.5454344,10.6022066 14.5454344,11.9996673 C14.5454344,13.3974608 13.4187503,14.5307978 12.0246161,14.5441038 L12.0246161,9.45556355 Z M0,11.9996673 C0,18.6273771 5.37229031,24 12,24 C18 .6273771,24 24,18.6273771 24,11.9996673 C24,5.37229031 18.6273771,0 12,0 C5.37229031,0 0,5.37229031 0,11.9996673 Z"/> +</svg> \ No newline at end of file diff --git a/browser/components/torconnect/content/torBootstrapUrlbar.js b/browser/components/torconnect/content/torBootstrapUrlbar.js new file mode 100644 index 000000000000..7843b80be8b9 --- /dev/null +++ b/browser/components/torconnect/content/torBootstrapUrlbar.js @@ -0,0 +1,93 @@ +// Copyright (c) 2021, The Tor Project, Inc. + +"use strict"; + +const { TorConnect, TorConnectTopics, TorConnectState } = ChromeUtils.import( + "resource:///modules/TorConnect.jsm" +); +const { TorStrings } = ChromeUtils.import( + "resource:///modules/TorStrings.jsm" +); + +var TorBootstrapUrlbar = { + selectors: Object.freeze({ + torConnect: { + box: "hbox#torconnect-box", + label: "label#torconnect-label", + }, + }), + + elements: null, + + updateTorConnectBox: function(state) { + switch(state) + { + case TorConnectState.Initial: + case TorConnectState.Configuring: + case TorConnectState.AutoConfiguring: + case TorConnectState.Error: + case TorConnectState.FatalError: { + this.elements.torConnectBox.removeAttribute("hidden"); + this.elements.torConnectLabel.textContent = + TorStrings.torConnect.torNotConnectedConcise; + this.elements.inputContainer.setAttribute("torconnect", "offline"); + break; + } + case TorConnectState.Bootstrapping: { + this.elements.torConnectBox.removeAttribute("hidden"); + this.elements.torConnectLabel.textContent = + TorStrings.torConnect.torConnectingConcise; + this.elements.inputContainer.setAttribute("torconnect", "connecting"); + break; + } + case TorConnectState.Bootstrapped: { + this.elements.torConnectBox.removeAttribute("hidden"); + this.elements.torConnectLabel.textContent = + TorStrings.torConnect.torConnectedConcise; + this.elements.inputContainer.setAttribute("torconnect", "connected"); + // hide torconnect box after 5 seconds + setTimeout(() => { + this.elements.torConnectBox.setAttribute("hidden", "true"); + }, 5000); + break; + } + case TorConnectState.Disabled: { + this.elements.torConnectBox.setAttribute("hidden", "true"); + break; + } + default: + break; + } + }, + + observe: function(aSubject, aTopic, aData) { + if (aTopic === TorConnectTopics.StateChange) { + const obj = aSubject?.wrappedJSObject; + this.updateTorConnectBox(obj?.state); + } + }, + + init: function() { + if (TorConnect.shouldShowTorConnect) { + // browser isn't populated until init + this.elements = Object.freeze({ + torConnectBox: browser.ownerGlobal.document.querySelector(this.selectors.torConnect.box), + torConnectLabel: browser.ownerGlobal.document.querySelector(this.selectors.torConnect.label), + inputContainer: gURLBar._inputContainer, + }) + this.elements.torConnectBox.addEventListener("click", () => { + window.openTrustedLinkIn("about:torconnect", "tab"); + }); + Services.obs.addObserver(this, TorConnectTopics.StateChange); + this.observing = true; + this.updateTorConnectBox(TorConnect.state); + } + }, + + uninit: function() { + if (this.observing) { + Services.obs.removeObserver(this, TorConnectTopics.StateChange); + } + }, +}; + diff --git a/browser/components/torconnect/content/torconnect-urlbar.css b/browser/components/torconnect/content/torconnect-urlbar.css new file mode 100644 index 000000000000..5aabcffedbd0 --- /dev/null +++ b/browser/components/torconnect/content/torconnect-urlbar.css @@ -0,0 +1,57 @@ +/* + ensure our torconnect button is always visible (same rule as for the bookmark button) +*/ +hbox.urlbar-page-action#torconnect-box { + display: -moz-inline-box!important; + height: 28px; +} + +label#torconnect-label { + line-height: 28px; + margin: 0; + opacity: 0.6; + padding: 0 0.5em; +} + +/* set appropriate sizes for the non-standard ui densities */ +:root[uidensity=compact] hbox.urlbar-page-action#torconnect-box { + height: 24px; +} +:root[uidensity=compact] label#torconnect-label { + line-height: 24px; +} + + +:root[uidensity=touch] hbox.urlbar-page-action#torconnect-box { + height: 30px; +} +:root[uidensity=touch] label#torconnect-label { + line-height: 30px; +} + + +/* hide when hidden attribute is set */ +hbox.urlbar-page-action#torconnect-box[hidden="true"], +/* hide when user is typing in URL bar */ +#urlbar[usertyping] > #urlbar-input-container > #page-action-buttons > #torconnect-box { + display: none!important; +} + +/* hide urlbar's placeholder text when not connectd to tor */ +hbox#urlbar-input-container[torconnect="offline"] input#urlbar-input::placeholder, +hbox#urlbar-input-container[torconnect="connecting"] input#urlbar-input::placeholder { + opacity: 0; +} + +/* hide search suggestions when not connected to tor */ +hbox#urlbar-input-container[torconnect="offline"] + vbox.urlbarView, +hbox#urlbar-input-container[torconnect="connecting"] + vbox.urlbarView { + display: none!important; +} + +/* hide search icon when we are not connected to tor */ +hbox#urlbar-input-container[torconnect="offline"] > #identity-box[pageproxystate="invalid"] > #identity-icon, +hbox#urlbar-input-container[torconnect="connecting"] > #identity-box[pageproxystate="invalid"] > #identity-icon +{ + display: none!important; +} diff --git a/browser/components/torconnect/content/torconnect-urlbar.inc.xhtml b/browser/components/torconnect/content/torconnect-urlbar.inc.xhtml new file mode 100644 index 000000000000..60e985a72691 --- /dev/null +++ b/browser/components/torconnect/content/torconnect-urlbar.inc.xhtml @@ -0,0 +1,10 @@ +# Copyright (c) 2021, The Tor Project, Inc. + +<hbox id="torconnect-box" + class="urlbar-icon-wrapper urlbar-page-action" + role="status" + hidden="true"> + <hbox id="torconnect-container"> + <label id="torconnect-label"/> + </hbox> +</hbox> \ No newline at end of file diff --git a/browser/components/torconnect/jar.mn b/browser/components/torconnect/jar.mn new file mode 100644 index 000000000000..ed8a4de299b2 --- /dev/null +++ b/browser/components/torconnect/jar.mn @@ -0,0 +1,7 @@ +browser.jar: + content/browser/torconnect/torBootstrapUrlbar.js (content/torBootstrapUrlbar.js) + content/browser/torconnect/aboutTorConnect.css (content/aboutTorConnect.css) +* content/browser/torconnect/aboutTorConnect.xhtml (content/aboutTorConnect.xhtml) + content/browser/torconnect/aboutTorConnect.js (content/aboutTorConnect.js) + content/browser/torconnect/onion.svg (content/onion.svg) + content/browser/torconnect/onion-slash.svg (content/onion-slash.svg) diff --git a/browser/components/torconnect/moz.build b/browser/components/torconnect/moz.build new file mode 100644 index 000000000000..eb29c31a4243 --- /dev/null +++ b/browser/components/torconnect/moz.build @@ -0,0 +1,6 @@ +JAR_MANIFESTS += ['jar.mn'] + +EXTRA_JS_MODULES += [ + 'TorConnectChild.jsm', + 'TorConnectParent.jsm', +] diff --git a/browser/components/torpreferences/content/torPane.js b/browser/components/torpreferences/content/torPane.js index 49054b5dac6a..59ecdec6d1d9 100644 --- a/browser/components/torpreferences/content/torPane.js +++ b/browser/components/torpreferences/content/torPane.js @@ -1,9 +1,15 @@ "use strict"; +/* global Services */ + const { TorProtocolService } = ChromeUtils.import( "resource:///modules/TorProtocolService.jsm" ); +const { TorConnect } = ChromeUtils.import( + "resource:///modules/TorConnect.jsm" +); + const { TorBridgeSource, TorBridgeSettings, @@ -51,6 +57,10 @@ const { parsePort, parseBridgeStrings, parsePortList } = ChromeUtils.import( "chrome://browser/content/torpreferences/parseFunctions.jsm" ); +const TorLauncherPrefs = { + quickstart: "extensions.torlauncher.quickstart", +} + /* Tor Pane @@ -62,11 +72,21 @@ const gTorPane = (function() { category: { title: "label#torPreferences-labelCategory", }, + messageBox: { + box: "div#torPreferences-connectMessageBox", + message: "td#torPreferences-connectMessageBox-message", + button: "button#torPreferences-connectMessageBox-button", + }, torPreferences: { header: "h1#torPreferences-header", description: "span#torPreferences-description", learnMore: "label#torPreferences-learnMore", }, + quickstart: { + header: "h2#torPreferences-quickstart-header", + description: "span#torPreferences-quickstart-description", + enableQuickstartCheckbox: "checkbox#torPreferences-quickstart-toggle", + }, bridges: { header: "h2#torPreferences-bridges-header", description: "span#torPreferences-bridges-description", @@ -112,6 +132,10 @@ const gTorPane = (function() { let retval = { // cached frequently accessed DOM elements + _messageBox: null, + _messageBoxMessage: null, + _messageBoxButton: null, + _enableQuickstartCheckbox: null, _useBridgeCheckbox: null, _bridgeSelectionRadiogroup: null, _builtinBridgeOption: null, @@ -161,6 +185,43 @@ const gTorPane = (function() { let prefpane = document.getElementById("mainPrefPane"); + // 'Connect to Tor' Message Bar + + this._messageBox = prefpane.querySelector(selectors.messageBox.box); + this._messageBoxMessage = prefpane.querySelector(selectors.messageBox.message); + this._messageBoxButton = prefpane.querySelector(selectors.messageBox.button); + // wire up connect button + this._messageBoxButton.addEventListener("click", () => { + TorConnect.beginBootstrap(); + let win = Services.wm.getMostRecentWindow("navigator:browser"); + // switch to existing about:torconnect tab or create a new one + win.switchToTabHavingURI("about:torconnect", true); + }); + + let populateMessagebox = () => { + if (TorConnect.shouldShowTorConnect) { + // set messagebox style and text + if (TorProtocolService.torBootstrapErrorOccurred()) { + this._messageBox.className = "error"; + this._messageBoxMessage.innerText = TorStrings.torConnect.tryAgainMessage; + this._messageBoxButton.innerText = TorStrings.torConnect.tryAgain; + } else { + this._messageBox.className = "warning"; + this._messageBoxMessage.innerText = TorStrings.torConnect.connectMessage; + this._messageBoxButton.innerText = TorStrings.torConnect.torConnectButton; + } + } else { + this._messageBox.className = "hidden"; + this._messageBoxMessage.innerText = ""; + this._messageBoxButton.innerText = ""; + } + } + populateMessagebox(); + // update the messagebox whenever we come back to the page + window.addEventListener("focus", val => { + populateMessagebox(); + }); + // Heading prefpane.querySelector(selectors.torPreferences.header).innerText = TorStrings.settings.torPreferencesHeading; @@ -177,6 +238,26 @@ const gTorPane = (function() { ); } + // Quickstart + prefpane.querySelector(selectors.quickstart.header).innerText = + TorStrings.settings.quickstartHeading; + prefpane.querySelector(selectors.quickstart.description).textContent = + TorStrings.settings.quickstartDescription; + + this._enableQuickstartCheckbox = prefpane.querySelector( + selectors.quickstart.enableQuickstartCheckbox + ); + this._enableQuickstartCheckbox.setAttribute( + "label", + TorStrings.settings.quickstartCheckbox + ); + this._enableQuickstartCheckbox.addEventListener("command", e => { + const checked = this._enableQuickstartCheckbox.checked; + Services.prefs.setBoolPref(TorLauncherPrefs.quickstart, checked); + }); + this._enableQuickstartCheckbox.checked = Services.prefs.getBoolPref(TorLauncherPrefs.quickstart); + Services.prefs.addObserver(TorLauncherPrefs.quickstart, this); + // Bridge setup prefpane.querySelector(selectors.bridges.header).innerText = TorStrings.settings.bridgesHeading; @@ -537,6 +618,15 @@ const gTorPane = (function() { // Callbacks // + // callback for when the quickstart pref changes + observe(subject, topic, data) { + if (topic != "nsPref:changed") return; + if (data === TorLauncherPrefs.quickstart) { + this._enableQuickstartCheckbox.checked = + Services.prefs.getBoolPref(TorLauncherPrefs.quickstart); + } + }, + // callback when using bridges toggled onToggleBridge(enabled) { this._useBridgeCheckbox.checked = enabled; diff --git a/browser/components/torpreferences/content/torPane.xhtml b/browser/components/torpreferences/content/torPane.xhtml index 3c966b2b3726..7c8071f2cf10 100644 --- a/browser/components/torpreferences/content/torPane.xhtml +++ b/browser/components/torpreferences/content/torPane.xhtml @@ -3,6 +3,29 @@ <script type="application/javascript" src="chrome://browser/content/torpreferences/torPane.js"/> <html:template id="template-paneTor"> + + +<groupbox data-category="paneTor" hidden="true"> + <html:div id="torPreferences-connectMessageBox" + class="subcategory" + data-category="paneTor" + hidden="true"> + <html:table > + <html:tr> + <html:td> + <html:div id="torPreferences-connectMessageBox-icon"/> + </html:td> + <html:td id="torPreferences-connectMessageBox-message"> + </html:td> + <html:td> + <html:button id="torPreferences-connectMessageBox-button"> + </html:button> + </html:td> + </html:tr> + </html:table> + </html:div> +</groupbox> + <hbox id="torPreferencesCategory" class="subcategory" data-category="paneTor" @@ -18,6 +41,17 @@ </description> </groupbox> + +<groupbox id="torPreferences-quickstart-group" + data-category="paneTor" + hidden="true"> + <html:h2 id="torPreferences-quickstart-header"/> + <description flex="1"> + <html:span id="torPreferences-quickstart-description"/> + </description> + <checkbox id="torPreferences-quickstart-toggle"/> +</groupbox> +  <groupbox id="torPreferences-bridges-group" data-category="paneTor" diff --git a/browser/components/torpreferences/content/torPreferences.css b/browser/components/torpreferences/content/torPreferences.css index 4dac2c457823..47b8ff18e0af 100644 --- a/browser/components/torpreferences/content/torPreferences.css +++ b/browser/components/torpreferences/content/torPreferences.css @@ -1,7 +1,130 @@ +@import url("chrome://branding/content/tor-styles.css"); + #category-tor > .category-icon { list-style-image: url("chrome://browser/content/torpreferences/torPreferencesIcon.svg"); } +/* Connect Message Box */ + +#torPreferences-connectMessageBox { + display: block; + position: relative; + + width: auto; + min-height: 32px; + border-radius: 4px; + padding: 4px; +} + +#torPreferences-connectMessageBox.hidden { + display: none; +} + +#torPreferences-connectMessageBox.error { + background-color: var(--red-60); + color: white; +} + +#torPreferences-connectMessageBox.warning { + background-color: var(--purple-50); + color: white; +} + +#torPreferences-connectMessageBox table { + border-collapse: collapse; + width: 100%; +} + +#torPreferences-connectMessageBox td { + vertical-align: top; + padding: 0px; +} + +#torPreferences-connectMessageBox td:first-child { + width: 24px; +} + +#torPreferences-connectMessageBox-icon { + display: block; + width: 16px; + height: 16px; + padding: 4px; + + mask-repeat: no-repeat !important; + mask-size: 16px !important; + mask-position: 4px 4px !important; +} + +#torPreferences-connectMessageBox.error #torPreferences-connectMessageBox-icon +{ + mask: url("chrome://browser/skin/onion-slash.svg"); + background-color: white; +} + +#torPreferences-connectMessageBox.warning #torPreferences-connectMessageBox-icon +{ + mask: url("chrome://browser/skin/onion.svg"); + background-color: white; +} + +#torPreferences-connectMessageBox-message { + display: block; + line-height: 16px; + font-size: 13px; + margin-right: 8px; + padding-left: 4px!important; + padding-top: 4px!important; +} + +#torPreferences-connectMessageBox-button { + display: block; + width: auto; + height: 24px; + line-height: 24px; + min-height: 24px; + max-height: 24px; + margin: 0px; + + border-radius: 2px; + border: 0; + padding-left: 8px; + padding-right: 8px; + margin-left: auto; + margin-right: 0px; + + font-size: 11px; + font-weight: 400; + white-space: nowrap; +} + +#torPreferences-connectMessageBox.error #torPreferences-connectMessageBox-button { + background-color: var(--red-70); +} + +#torPreferences-connectMessageBox.error #torPreferences-connectMessageBox-button:hover { + background-color: var(--red-80); +} + +#torPreferences-connectMessageBox.error #torPreferences-connectMessageBox-button:active { + background-color: var(--red-90); +} + +#torPreferences-connectMessageBox.warning #torPreferences-connectMessageBox-button { + background-color: var(--purple-70); +} + +#torPreferences-connectMessageBox.warning #torPreferences-connectMessageBox-button:hover { + background-color: var(--purple-80); + color: white!important; +} + +#torPreferences-connectMessageBox.warning #torPreferences-connectMessageBox-button:active { + background-color: var(--purple-90); + color: white!important; +} + +/* Advanced Settings */ + #torPreferences-advanced-grid { display: grid; grid-template-columns: auto 1fr; diff --git a/browser/components/urlbar/UrlbarInput.jsm b/browser/components/urlbar/UrlbarInput.jsm index 13b1279105f2..60b5b9163d67 100644 --- a/browser/components/urlbar/UrlbarInput.jsm +++ b/browser/components/urlbar/UrlbarInput.jsm @@ -10,6 +10,33 @@ const { XPCOMUtils } = ChromeUtils.import( "resource://gre/modules/XPCOMUtils.jsm" ); +const { TorConnect } = ChromeUtils.import( + "resource:///modules/TorConnect.jsm" +); + +// in certain scenarios we want user input uris to open in a new tab if they do so from the +// about:torconnect tab +function maybeUpdateOpenLocationForTorConnect(openUILinkWhere, currentURI, destinationURI) { + try { + // only open in new tab if: + if (// user is navigating away from about:torconnect + currentURI === "about:torconnect" && + // we are trying to open in same tab + openUILinkWhere === "current" && + // only if user still has not bootstrapped + TorConnect.shouldShowTorConnect && + // and user is not just navigating to about:torconnect + destinationURI !== "about:torconnect") { + return "tab"; + } + } catch (e) { + // swallow exception and fall through returning original so we don't accidentally break + // anything if an exception is thrown + } + + return openUILinkWhere; +}; + XPCOMUtils.defineLazyModuleGetters(this, { AppConstants: "resource://gre/modules/AppConstants.jsm", BrowserUtils: "resource://gre/modules/BrowserUtils.jsm", @@ -1832,6 +1859,10 @@ class UrlbarInput { // area when the current tab is re-selected. browser.focus(); + openUILinkWhere = maybeUpdateOpenLocationForTorConnect( + openUILinkWhere, + this.window.gBrowser.currentURI.asciiSpec, + url); if (openUILinkWhere != "current") { this.handleRevert(); } diff --git a/browser/modules/TorConnect.jsm b/browser/modules/TorConnect.jsm new file mode 100644 index 000000000000..bd5c998a6063 --- /dev/null +++ b/browser/modules/TorConnect.jsm @@ -0,0 +1,499 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["TorConnect", "TorConnectTopics", "TorConnectState"]; + +const { Services } = ChromeUtils.import( + "resource://gre/modules/Services.jsm" +); + +const { BrowserWindowTracker } = ChromeUtils.import( + "resource:///modules/BrowserWindowTracker.jsm" +); + +const { TorProtocolService, TorProcessStatus } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); + +const { TorLauncherUtil } = ChromeUtils.import( + "resource://torlauncher/modules/tl-util.jsm" +); + +/* Browser observer topis */ +const BrowserTopics = Object.freeze({ + ProfileAfterChange: "profile-after-change", +}); + +/* tor-launcher observer topics */ +const TorTopics = Object.freeze({ + ProcessIsReady: "TorProcessIsReady", + BootstrapStatus: "TorBootstrapStatus", + BootstrapError: "TorBootstrapError", + ProcessExited: "TorProcessExited", + LogHasWarnOrErr: "TorLogHasWarnOrErr", +}); + +/* Relevant prefs used by tor-launcher */ +const TorLauncherPrefs = Object.freeze({ + quickstart: "extensions.torlauncher.quickstart", + prompt_at_startup: "extensions.torlauncher.prompt_at_startup", +}); + +const TorConnectState = Object.freeze({ + /* Our initial state */ + Initial: "Initial", + /* In-between initial boot and bootstrapping, users can change tor network settings during this state */ + Configuring: "Configuring", + /* Geo-location and setting bridges/etc */ + AutoConfiguring: "AutoConfiguring", + /* Tor is bootstrapping */ + Bootstrapping: "Bootstrapping", + /* Passthrough state back to Configuring or Fatal */ + Error: "Error", + /* An unrecoverable error */ + FatalError: "FatalError", + /* Final state, after successful bootstrap */ + Bootstrapped: "Bootstrapped", + /* If we are using System tor or the legacy Tor-Launcher */ + Disabled: "Disabled", +}); + +/* + + TorConnect State Transitions + + ┌──────────────────────┐ + │ Disabled │ + └──────────────────────┘ + ▲ + │ legacyOrSystemTor() + │ + ┌──────────────────────┐ + ┌────────────────────── │ Initial │ ───────────────────────────┐ + │ └──────────────────────┘ │ + │ │ │ + │ │ beginBootstrap() │ + │ ▼ │ +┌────────────────┐ │ bootstrapComplete() ┌────────────────────────────────────────────────┐ │ beginBootstrap() +│ Bootstrapped │ ◀──┼────────────────────── │ Bootstrapping │ ◀┼─────────────────┐ +└────────────────┘ │ └────────────────────────────────────────────────┘ │ │ + │ │ ▲ │ │ │ + │ │ cancelBootstrap() │ beginBootstrap() └────┼─────────────┐ │ + │ ▼ │ │ │ │ + │ beginConfigure() ┌────────────────────────────────────────────────┐ │ │ │ + └─────────────────────▶ │ │ │ │ │ + │ │ │ │ │ + beginConfigure() │ │ │ │ │ + ┌──────────────────────────▶ │ Configuring │ │ │ │ + │ │ │ │ │ │ + │ │ │ │ │ │ + │ ┌─────────────────────▶ │ │ │ │ │ + │ │ └────────────────────────────────────────────────┘ │ │ │ + │ │ │ │ │ │ │ + │ │ cancelAutoconfigure() │ autoConfigure() │ ┌────┼─────────────┼───┘ + │ │ ▼ │ │ │ │ + │ │ ┌──────────────────────┐ │ │ │ │ + │ └────────────────────── │ AutoConfiguring │ ─┼────────────────────┘ │ │ + │ └──────────────────────┘ │ │ │ + │ │ │ │ onError() │ + │ │ onError() │ onError() │ │ + │ ▼ ▼ │ │ + │ ┌────────────────────────────────────────────────┐ │ │ + └─────────────────────────── │ Error │ ◀┘ │ + └────────────────────────────────────────────────┘ │ + │ ▲ onError() │ + │ onFatalError() └──────────────────┘ + ▼ + ┌──────────────────────┐ + │ FatalError │ + └──────────────────────┘ + +*/ + + +/* Maps allowed state transitions + TorConnectStateTransitions[state] maps to an array of allowed states to transition to +*/ +const TorConnectStateTransitions = + Object.freeze(new Map([ + [TorConnectState.Initial, + [TorConnectState.Disabled, + TorConnectState.Bootstrapping, + TorConnectState.Configuring, + TorConnectState.Error]], + [TorConnectState.Configuring, + [TorConnectState.AutoConfiguring, + TorConnectState.Bootstrapping, + TorConnectState.Error]], + [TorConnectState.AutoConfiguring, + [TorConnectState.Configuring, + TorConnectState.Bootstrapping, + TorConnectState.Error]], + [TorConnectState.Bootstrapping, + [TorConnectState.Configuring, + TorConnectState.Bootstrapped, + TorConnectState.Error]], + [TorConnectState.Error, + [TorConnectState.Configuring, + TorConnectState.FatalError]], + // terminal states + [TorConnectState.FatalError, []], + [TorConnectState.Bootstrapped, []], + [TorConnectState.Disabled, []], + ])); + +/* Topics Notified by the TorConnect module */ +const TorConnectTopics = Object.freeze({ + StateChange: "torconnect:state-change", + BootstrapProgress: "torconnect:bootstrap-progress", + BootstrapComplete: "torconnect:bootstrap-complete", + BootstrapError: "torconnect:bootstrap-error", + FatalError: "torconnect:fatal-error", +}); + +const TorConnect = (() => { + let retval = { + + _state: TorConnectState.Initial, + _bootstrapProgress: 0, + _bootstrapStatus: null, + _errorMessage: null, + _errorDetails: null, + _logHasWarningOrError: false, + + /* These functions are called after transitioning to a new state */ + _transitionCallbacks: Object.freeze(new Map([ + /* Initial is never transitioned to */ + [TorConnectState.Initial, null], + /* Configuring */ + [TorConnectState.Configuring, (self, prevState) => { + // TODO move this to the transition function + if (prevState === TorConnectState.Bootstrapping) { + TorProtocolService.torStopBootstrap(); + } + }], + /* AutoConfiguring */ + [TorConnectState.AutoConfiguring, (self, prevState) => { + + }], + /* Bootstrapping */ + [TorConnectState.Bootstrapping, (self, prevState) => { + let error = TorProtocolService.connect(); + if (error) { + self.onError(error.message, error.details); + } else { + self._errorMessage = self._errorDetails = null; + } + }], + /* Bootstrapped */ + [TorConnectState.Bootstrapped, (self,prevState) => { + // notify observers of bootstrap completion + Services.obs.notifyObservers(null, TorConnectTopics.BootstrapComplete); + }], + /* Error */ + [TorConnectState.Error, (self, prevState, errorMessage, errorDetails, fatal) => { + self._errorMessage = errorMessage; + self._errorDetails = errorDetails; + + Services.obs.notifyObservers({message: errorMessage, details: errorDetails}, TorConnectTopics.BootstrapError); + if (fatal) { + self.onFatalError(); + } else { + self.beginConfigure(); + } + }], + /* FatalError */ + [TorConnectState.FatalError, (self, prevState) => { + Services.obs.notifyObservers(null, TorConnectTopics.FatalError); + }], + /* Disabled */ + [TorConnectState.Disabled, (self, prevState) => { + + }], + ])), + + _changeState: function(newState, ...args) { + const prevState = this._state; + + // ensure this is a valid state transition + if (!TorConnectStateTransitions.get(prevState)?.includes(newState)) { + throw Error(`TorConnect: Attempted invalid state transition from ${prevState} to ${newState}`); + } + + console.log(`TorConnect: transitioning state from ${prevState} to ${newState}`); + + // set our new state first so that state transitions can themselves trigger + // a state transition + this._state = newState; + + // call our transition function and forward any args + this._transitionCallbacks.get(newState)(this, prevState, ...args); + + Services.obs.notifyObservers({state: newState}, TorConnectTopics.StateChange); + }, + + // init should be called on app-startup in MainProcessingSingleton.jsm + init : function() { + console.log("TorConnect: Init"); + + // delay remaining init until after profile-after-change + Services.obs.addObserver(this, BrowserTopics.ProfileAfterChange); + }, + + observe: function(subject, topic, data) { + console.log(`TorConnect: observed ${topic}`); + + switch(topic) { + + /* Determine which state to move to from Initial */ + case BrowserTopics.ProfileAfterChange: { + if (TorLauncherUtil.useLegacyLauncher || !TorProtocolService.ownsTorDaemon) { + // Disabled + this.legacyOrSystemTor(); + } else { + // register the Tor topics we always care about + for (const topicKey in TorTopics) { + const topic = TorTopics[topicKey]; + Services.obs.addObserver(this, topic); + console.log(`TorConnect: observing topic '${topic}'`); + } + + if (TorProtocolService.torProcessStatus == TorProcessStatus.Running) { + if (this.shouldQuickStart) { + // Quickstart + this.beginBootstrap(); + } else { + // Configuring + this.beginConfigure(); + } + } + } + + Services.obs.removeObserver(this, topic); + break; + } + /* Transition out of Initial if Tor daemon wasn't running yet in BrowserTopics.ProfileAfterChange */ + case TorTopics.ProcessIsReady: { + if (this.state === TorConnectState.Initial) + { + if (this.shouldQuickStart) { + // Quickstart + this.beginBootstrap(); + } else { + // Configuring + this.beginConfigure(); + } + } + break; + } + /* Updates our bootstrap status */ + case TorTopics.BootstrapStatus: { + if (this._state != TorConnectState.Bootstrapping) { + console.log(`TorConnect: observed ${TorTopics.BootstrapStatus} topic while in state TorConnectState.${this._state}`); + break; + } + + const obj = subject?.wrappedJSObject; + if (obj) { + this._bootstrapProgress= obj.PROGRESS; + this._bootstrapStatus = TorLauncherUtil.getLocalizedBootstrapStatus(obj, "TAG"); + + console.log(`TorConnect: Bootstrapping ${this._bootstrapProgress}% complete (${this._bootstrapStatus})`); + Services.obs.notifyObservers({ + progress: this._bootstrapProgress, + status: this._bootstrapStatus, + hasWarnings: this._logHasWarningOrError + }, TorConnectTopics.BootstrapProgress); + + if (this._bootstrapProgress === 100) { + this.bootstrapComplete(); + } + } + break; + } + /* Handle bootstrap error*/ + case TorTopics.BootstrapError: { + const obj = subject?.wrappedJSObject; + TorProtocolService.torStopBootstrap(); + this.onError(obj.message, obj.details); + break; + } + case TorTopics.LogHasWarnOrErr: { + this._logHasWarningOrError = true; + break; + } + default: + // ignore + break; + } + }, + + /* + Various getters + */ + + get shouldShowTorConnect() { + // TorBrowser must control the daemon + return (TorProtocolService.ownsTorDaemon && + // and we're not using the legacy launcher + !TorLauncherUtil.useLegacyLauncher && + // legacy checks, TODO: maybe this should be in terms of our own state? + (TorProtocolService.isNetworkDisabled() || !TorProtocolService.isBootstrapDone())); + }, + + get shouldQuickStart() { + // quickstart must be enabled + return Services.prefs.getBoolPref(TorLauncherPrefs.quickstart, false) && + // and the previous bootstrap attempt must have succeeded + !Services.prefs.getBoolPref(TorLauncherPrefs.prompt_at_startup, true); + }, + + get state() { + return this._state; + }, + + get bootstrapProgress() { + return this._bootstrapProgress; + }, + + get bootstrapStatus() { + return this._bootstrapStatus; + }, + + get errorMessage() { + return this._errorMessage; + }, + + get errorDetails() { + return this._errorDetails; + }, + + get logHasWarningOrError() { + return this._logHasWarningOrError; + }, + + /* + These functions tell TorConnect to transition states + */ + + legacyOrSystemTor: function() { + console.log("TorConnect: legacyOrSystemTor()"); + this._changeState(TorConnectState.Disabled); + }, + + beginBootstrap: function() { + console.log("TorConnect: beginBootstrap()"); + this._changeState(TorConnectState.Bootstrapping); + }, + + beginConfigure: function() { + console.log("TorConnect: beginConfigure()"); + this._changeState(TorConnectState.Configuring); + }, + + autoConfigure: function() { + console.log("TorConnect: autoConfigure()"); + // TODO: implement + throw Error("TorConnect: not implemented"); + }, + + cancelAutoConfigure: function() { + console.log("TorConnect: cancelAutoConfigure()"); + // TODO: implement + throw Error("TorConnect: not implemented"); + }, + + cancelBootstrap: function() { + console.log("TorConnect: cancelBootstrap()"); + this._changeState(TorConnectState.Configuring); + }, + + bootstrapComplete: function() { + console.log("TorConnect: bootstrapComplete()"); + this._changeState(TorConnectState.Bootstrapped); + }, + + onError: function(message, details) { + console.log("TorConnect: onError()"); + this._changeState(TorConnectState.Error, message, details, false); + }, + + onFatalError: function() { + console.log("TorConnect: onFatalError()"); + // TODO: implement + throw Error("TorConnect: not implemented"); + }, + + /* + Further external commands and helper methods + */ + openTorPreferences: function() { + const win = BrowserWindowTracker.getTopWindow() + win.openTrustedLinkIn("about:preferences#tor", "tab"); + }, + + copyTorLogs: function() { + // Copy tor log messages to the system clipboard. + const chSvc = Cc["@mozilla.org/widget/clipboardhelper;1"].getService( + Ci.nsIClipboardHelper + ); + const countObj = { value: 0 }; + chSvc.copyString(TorProtocolService.getLog(countObj)); + const count = countObj.value; + return TorLauncherUtil.getFormattedLocalizedString( + "copiedNLogMessagesShort", + [count], + 1 + ); + }, + + // called from browser.js on browser startup, passed in either the user's homepage(s) + // or uris passed via command-line; we want to replace them with about:torconnect uris + // which redirect after bootstrapping + getURIsToLoad: function(uriVariant) { + // convert the object we get from browser.js + let uriStrings = ((v) => { + // an interop array + if (v instanceof Ci.nsIArray) { + // Transform the nsIArray of nsISupportsString's into a JS Array of + // JS strings. + return Array.from( + v.enumerate(Ci.nsISupportsString), + supportStr => supportStr.data + ); + // an interop string + } else if (v instanceof Ci.nsISupportsString) { + return [v.data]; + // a js string + } else if (typeof v === "string") { + return v.split("|"); + // a js array of js strings + } else if (Array.isArray(v) && + v.reduce((allStrings, entry) => {return allStrings && (typeof entry === "string");}, true)) { + return v; + } + // about:tor as safe fallback + console.log(`TorConnect: getURIsToLoad() received unknown variant '${JSON.stringify(v)}'`); + return ["about:tor"]; + })(uriVariant); + + // will attempt to convert user-supplied string to a uri, fallback to about:tor if cannot convert + // to valid uri object + let uriStringToUri = (uriString) => { + let uri = Services.uriFixup.createFixupURI(uriString, 0); + return uri ? uri : Services.io.newURI("about:tor"); + }; + let uris = uriStrings.map(uriStringToUri); + + // assume we have a valid uri and generate an about:torconnect redirect uri + let uriToRedirectUri = (uri) => { + return`about:torconnect?redirect=${encodeURIComponent(uri.spec)}`; + }; + let redirectUris = uris.map(uriToRedirectUri); + + console.log(`TorConnect: will load after bootstrap => [${uris.map((uri) => {return uri.spec;}).join(", ")}]`); + return redirectUris; + }, + }; + retval.init(); + return retval; +})(); /* TorConnect */ diff --git a/browser/modules/TorProcessService.jsm b/browser/modules/TorProcessService.jsm new file mode 100644 index 000000000000..201e331b2806 --- /dev/null +++ b/browser/modules/TorProcessService.jsm @@ -0,0 +1,12 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["TorProcessService"]; + +var TorProcessService = { + get isBootstrapDone() { + const svc = Cc["@torproject.org/torlauncher-process-service;1"].getService( + Ci.nsISupports + ).wrappedJSObject; + return svc.mIsBootstrapDone; + }, +}; diff --git a/browser/modules/TorProtocolService.jsm b/browser/modules/TorProtocolService.jsm index b4e6ed9a3253..e6c78b9a0eb1 100644 --- a/browser/modules/TorProtocolService.jsm +++ b/browser/modules/TorProtocolService.jsm @@ -1,21 +1,60 @@ +// Copyright (c) 2021, The Tor Project, Inc. + "use strict"; -var EXPORTED_SYMBOLS = ["TorProtocolService"]; +var EXPORTED_SYMBOLS = ["TorProtocolService", "TorProcessStatus"]; -const { TorLauncherUtil } = ChromeUtils.import( - "resource://torlauncher/modules/tl-util.jsm" +const { Services } = ChromeUtils.import( + "resource://gre/modules/Services.jsm" ); +// see tl-process.js +const TorProcessStatus = Object.freeze({ + Unknown: 0, + Starting: 1, + Running: 2, + Exited: 3, +}); + +/* Browser observer topis */ +const BrowserTopics = Object.freeze({ + ProfileAfterChange: "profile-after-change", +}); + var TorProtocolService = { - _tlps: Cc["@torproject.org/torlauncher-protocol-service;1"].getService( - Ci.nsISupports - ).wrappedJSObject, + _TorLauncherUtil: function() { + let { TorLauncherUtil } = ChromeUtils.import( + "resource://torlauncher/modules/tl-util.jsm" + ); + return TorLauncherUtil; + }(), + _TorLauncherProtocolService: null, + _TorProcessService: null, // maintain a map of tor settings set by Tor Browser so that we don't // repeatedly set the same key/values over and over // this map contains string keys to primitive or array values _settingsCache: new Map(), + init() { + Services.obs.addObserver(this, BrowserTopics.ProfileAfterChange); + }, + + observe(subject, topic, data) { + if (topic === BrowserTopics.ProfileAfterChange) { + // we have to delay init'ing this or else the crypto service inits too early without a profile + // which breaks the password manager + this._TorLauncherProtocolService = Cc["@torproject.org/torlauncher-protocol-service;1"].getService( + Ci.nsISupports + ).wrappedJSObject; + this._TorProcessService = Cc["@torproject.org/torlauncher-process-service;1"].getService( + Ci.nsISupports + ).wrappedJSObject, + + Services.obs.removeObserver(this, topic); + } + }, + _typeof(aValue) { switch (typeof aValue) { case "boolean": @@ -118,7 +157,7 @@ var TorProtocolService = { } let errorObject = {}; - if (!this._tlps.TorSetConfWithReply(settingsObject, errorObject)) { + if (!this._TorLauncherProtocolService.TorSetConfWithReply(settingsObject, errorObject)) { throw new Error(errorObject.details); } @@ -131,8 +170,8 @@ var TorProtocolService = { _readSetting(aSetting) { this._assertValidSettingKey(aSetting); - let reply = this._tlps.TorGetConf(aSetting); - if (this._tlps.TorCommandSucceeded(reply)) { + let reply = this._TorLauncherProtocolService.TorGetConf(aSetting); + if (this._TorLauncherProtocolService.TorCommandSucceeded(reply)) { return reply.lineArray; } throw new Error(reply.lineArray.join("\n")); @@ -196,17 +235,129 @@ var TorProtocolService = { // writes current tor settings to disk flushSettings() { - this._tlps.TorSendCommand("SAVECONF"); + this.sendCommand("SAVECONF"); }, - getLog() { - let countObj = { value: 0 }; - let torLog = this._tlps.TorGetLog(countObj); + getLog(countObj) { + countObj = countObj || { value: 0 }; + let torLog = this._TorLauncherProtocolService.TorGetLog(countObj); return torLog; }, // true if we launched and control tor, false if using system tor get ownsTorDaemon() { - return TorLauncherUtil.shouldStartAndOwnTor; + return this._TorLauncherUtil.shouldStartAndOwnTor; + }, + + // Assumes `ownsTorDaemon` is true + isNetworkDisabled() { + const reply = TorProtocolService._TorLauncherProtocolService.TorGetConfBool( + "DisableNetwork", + true + ); + if (TorProtocolService._TorLauncherProtocolService.TorCommandSucceeded(reply)) { + return reply.retVal; + } + return true; + }, + + enableNetwork() { + let settings = {}; + settings.DisableNetwork = false; + let errorObject = {}; + if (!this._TorLauncherProtocolService.TorSetConfWithReply(settings, errorObject)) { + throw new Error(errorObject.details); + } + }, + + sendCommand(cmd) { + return this._TorLauncherProtocolService.TorSendCommand(cmd); + }, + + retrieveBootstrapStatus() { + return this._TorLauncherProtocolService.TorRetrieveBootstrapStatus(); + }, + + _GetSaveSettingsErrorMessage(aDetails) { + try { + return this._TorLauncherUtil.getSaveSettingsErrorMessage(aDetails); + } catch (e) { + console.log("GetSaveSettingsErrorMessage error", e); + return "Unexpected Error"; + } + }, + + setConfWithReply(settings) { + let result = false; + const error = {}; + try { + result = this._TorLauncherProtocolService.TorSetConfWithReply(settings, error); + } catch (e) { + console.log("TorSetConfWithReply error", e); + error.details = this._GetSaveSettingsErrorMessage(e.message); + } + return { result, error }; + }, + + isBootstrapDone() { + return this._TorProcessService.mIsBootstrapDone; + }, + + clearBootstrapError() { + return this._TorProcessService.TorClearBootstrapError(); + }, + + torBootstrapErrorOccurred() { + return this._TorProcessService.TorBootstrapErrorOccurred; + }, + + // Resolves to null if ok, or an error otherwise + connect() { + const kTorConfKeyDisableNetwork = "DisableNetwork"; + const settings = {}; + settings[kTorConfKeyDisableNetwork] = false; + const { result, error } = this.setConfWithReply(settings); + if (!result) { + return error; + } + try { + this.sendCommand("SAVECONF"); + this.clearBootstrapError(); + this.retrieveBootstrapStatus(); + } catch (e) { + return error; + } + return null; + }, + + torLogHasWarnOrErr() { + return this._TorLauncherProtocolService.TorLogHasWarnOrErr; + }, + + torStopBootstrap() { + // Tell tor to disable use of the network; this should stop the bootstrap + // process. + const kErrorPrefix = "Setting DisableNetwork=1 failed: "; + try { + let settings = {}; + settings.DisableNetwork = true; + const { result, error } = this.setConfWithReply(settings); + if (!result) { + console.log( + `Error stopping bootstrap ${kErrorPrefix} ${error.details}` + ); + } + } catch (e) { + console.log(`Error stopping bootstrap ${kErrorPrefix} ${e}`); + } + this.retrieveBootstrapStatus(); + }, + + get torProcessStatus() { + if (this._TorProcessService) { + return this._TorProcessService.TorProcessStatus; + } + return TorProcessStatus.Unknown; }, }; +TorProtocolService.init(); \ No newline at end of file diff --git a/browser/modules/TorStrings.jsm b/browser/modules/TorStrings.jsm index 1e08b168e4af..c0691ff078ce 100644 --- a/browser/modules/TorStrings.jsm +++ b/browser/modules/TorStrings.jsm @@ -257,6 +257,9 @@ var TorStrings = { "Tor Browser routes your traffic over the Tor Network, run by thousands of volunteers around the world." ), learnMore: getString("torPreferences.learnMore", "Learn More"), + quickstartHeading: getString("torPreferences.quickstart", "Quickstart"), + quickstartDescription: getString("torPreferences.quickstartDescription", "Quickstart allows Tor Browser to connect automatically."), + quickstartCheckbox : getString("torPreferences.quickstartCheckbox", "Always connect automatically"), bridgesHeading: getString("torPreferences.bridges", "Bridges"), bridgesDescription: getString( "torPreferences.bridgesDescription", @@ -364,6 +367,83 @@ var TorStrings = { return retval; })() /* Tor Network Settings Strings */, + torConnect: (() => { + const tsbNetwork = new TorDTDStringBundle( + ["chrome://torlauncher/locale/network-settings.dtd"], + "" + ); + const tsbLauncher = new TorPropertyStringBundle( + "chrome://torlauncher/locale/torlauncher.properties", + "torlauncher." + ); + const tsbCommon = new TorPropertyStringBundle( + "chrome://global/locale/commonDialogs.properties", + "" + ); + + const getStringNet = tsbNetwork.getString.bind(tsbNetwork); + const getStringLauncher = tsbLauncher.getString.bind(tsbLauncher); + const getStringCommon = tsbCommon.getString.bind(tsbCommon); + + return { + torConnect: getStringNet( + "torsettings.wizard.title.default", + "Connect to Tor" + ), + + torConnecting: getStringNet( + "torsettings.wizard.title.connecting", + "Establishing a Connection" + ), + + torNotConnectedConcise: getStringNet( + "torConnect.notConnectedConcise", + "Not Connected" + ), + + torConnectingConcise: getStringNet( + "torConnect.connectingConcise", + "Connecting…" + ), + + torBootstrapFailed: getStringLauncher( + "tor_bootstrap_failed", + "Tor failed to establish a Tor network connection." + ), + + torConfigure: getStringNet( + "torsettings.wizard.title.configure", + "Tor Network Settings" + ), + + copyLog: getStringNet( + "torConnect.copyLog", + "Copy Tor Logs" + ), + + torConnectButton: getStringNet("torSettings.connect", "Connect"), + + cancel: getStringCommon("Cancel", "Cancel"), + + torConnected: getStringLauncher( + "torlauncher.bootstrapStatus.done", + "Connected to the Tor network" + ), + + torConnectedConcise: getStringLauncher( + "torConnect.connectedConcise", + "Connected" + ), + + tryAgain: getStringNet("torConnect.tryAgain", "Try connecting again"), + offline: getStringNet("torConnect.offline", "Offline"), + + // tor connect strings for message box in about:preferences#tor + connectMessage: getStringNet("torConnect.connectMessage", "Changes to Tor Settings will not take effect until you connect to the Tor Network"), + tryAgainMessage: getStringNet("torConnect.tryAgainMessage", "Tor Browser has failed to establish a connection to the Tor Network"), + }; + })(), + /* Tor Onion Services Strings, e.g., for the authentication prompt. */ diff --git a/browser/modules/moz.build b/browser/modules/moz.build index 5fb78d1c07a8..7f091e0e7711 100644 --- a/browser/modules/moz.build +++ b/browser/modules/moz.build @@ -155,6 +155,8 @@ EXTRA_JS_MODULES += [ 'TabUnloader.jsm', 'ThemeVariableMap.jsm', 'TopSiteAttribution.jsm', + 'TorConnect.jsm', + 'TorProcessService.jsm', 'TorProtocolService.jsm', 'TorStrings.jsm', 'TransientPrefs.jsm', diff --git a/browser/themes/shared/identity-block/identity-block.inc.css b/browser/themes/shared/identity-block/identity-block.inc.css index 011fb9f3081c..9a70125495d7 100644 --- a/browser/themes/shared/identity-block/identity-block.inc.css +++ b/browser/themes/shared/identity-block/identity-block.inc.css @@ -61,19 +61,9 @@ -moz-outline-radius: var(--toolbarbutton-border-radius); } -%ifdef MOZ_OFFICIAL_BRANDING #identity-box[pageproxystate="valid"].chromeUI > #identity-icon-label { - color: #420C5D; -} - -toolbar[brighttext] #identity-box[pageproxystate="valid"].chromeUI > #identity-icon-label { - color: #CC80FF; -} -%endif - -#identity-box[pageproxystate="valid"].chromeUI > #identity-icon-label, -.urlbar-label { - opacity: .6; + color: var(--tor-branding-color); + opacity: 1; } #identity-icon-label { @@ -132,6 +122,8 @@ toolbar[brighttext] #identity-box[pageproxystate="valid"].chromeUI > #identity-i #identity-box[pageproxystate="valid"].chromeUI > #identity-icon { list-style-image: url(chrome://branding/content/identity-icons-brand.svg); + fill: var(--tor-branding-color); + fill-opacity: 1; } #urlbar:not(.searchButton) > #urlbar-input-container > #identity-box[pageproxystate="invalid"] > #identity-icon { diff --git a/browser/themes/shared/jar.inc.mn b/browser/themes/shared/jar.inc.mn index e4a3c8d2d41c..d38e1001282b 100644 --- a/browser/themes/shared/jar.inc.mn +++ b/browser/themes/shared/jar.inc.mn @@ -8,6 +8,7 @@ # to the location of the actual manifest. skin/classic/browser/aboutNetError.css (../shared/aboutNetError.css) + skin/classic/browser/onionPattern.css (../shared/onionPattern.css) skin/classic/browser/blockedSite.css (../shared/blockedSite.css) skin/classic/browser/error-pages.css (../shared/error-pages.css) skin/classic/browser/aboutRestartRequired.css (../shared/aboutRestartRequired.css) diff --git a/browser/themes/shared/onionPattern.css b/browser/themes/shared/onionPattern.css new file mode 100644 index 000000000000..c605a4b4f59e --- /dev/null +++ b/browser/themes/shared/onionPattern.css @@ -0,0 +1,124 @@ +/* Onion pattern */ + +:root { + --sqrt3: 1.73205080757; +} + +.onion-pattern-container { + opacity: var(--onion-opacity, 1); + flex: auto; /* grow to consume remaining space on the page */ + display: flex; + margin: 0 auto; + width: 100%; + height: calc((2 + var(--sqrt3)) * var(--onion-radius, 50px)); /* room for 2 rows of circles */ + max-height: calc((2 + var(--sqrt3)) * var(--onion-radius, 50px)); + direction: ltr; +} + +.onion-pattern-crop { + display: flex; + justify-content: center; + overflow-x: hidden; + pointer-events: none; /* for some reason, elements with overflow-x: hidden set become focusable */ + + margin: 0 auto; +} + +/* Centers horizontally within the root container*/ +.onion-pattern-column { + width: calc(40 * var(--onion-radius, 50px)); /* room for 20 circles in a row */ + height: calc((2 + var(--sqrt3)) * var(--onion-radius, 50px)); /* room for 2 rows of circles */ + flex-shrink: 0; + overflow-x: hidden; /* clip extra circles on the sides */ + pointer-events: none; /* for some reason, elements with overflow-x: hidden set become focusable */ +} + +.onion-pattern-row { + width: calc(40 * var(--onion-radius, 50px)); /* room for 20 circles in a row */ + display: flex; + flex-direction: row; + position: relative; +} + +.onion-pattern-offset-row { + left: calc(-1 * var(--onion-radius, 50px)); + margin-top: calc((var(--sqrt3) - 2.0) * var(--onion-radius, 50px)); +} + +/* With borders, circles are 100x100 pixels*/ +.circle { + position: relative; + min-width: calc(2 * var(--onion-radius, 50px)); + min-height: calc(2 * var(--onion-radius, 50px)); + border-radius: 50%; + box-sizing: border-box; +} + +.inner { + position: absolute; + box-sizing: border-box; + border-radius: 50%; +} + +.inner:nth-child(1){ + width: 100%; + height: 100%; +} + +.inner:nth-child(2){ + transform: translate(20%, 20%); + width: calc(100% * 5/7); + height: calc(100% * 5/7); +} + +.inner:nth-child(3){ + transform: translate(calc(100% * 2/3), calc(100% * 2/3)); + width: calc(100% * 3/7); + height: calc(100% * 3/7); +} + +.inner:nth-child(4){ + transform: translate(300%, 300%); + width: calc(100% * 1/7); + height: calc(100% * 1/7); +} + +.solid { + background-color: var(--onion-color, #000); +} + +.border { + border: 4px solid var(--onion-color, #000); +} + +.dashed { + border: 4px dashed var(--onion-color, #000); +} + +.dotted { + border: 4px dotted var(--onion-color, #000); +} + +.bold { + border: 8px solid var(--onion-color, #000); +} + +.top-half { + width: calc(2 * var(--onion-radius, 50px)); + height: var(--onion-radius, 50px); + border-radius: var(--onion-radius, 50px) var(--onion-radius, 50px) 0 0; + box-sizing: border-box; +} + +.bottom-half { + width: calc(2 * var(--onion-radius, 50px)); + height: var(--onion-radius, 50px); + border-radius: 0 0 var(--onion-radius, 50px) var(--onion-radius, 50px); + box-sizing: border-box; +} + +.scaler { + position: absolute; + left:0; + bottom:0; +} \ No newline at end of file diff --git a/browser/themes/shared/onionPattern.inc.xhtml b/browser/themes/shared/onionPattern.inc.xhtml new file mode 100644 index 000000000000..6bbde93684a2 --- /dev/null +++ b/browser/themes/shared/onionPattern.inc.xhtml @@ -0,0 +1,210 @@ + + +<div class="onion-pattern-container"> +  + <div class="onion-pattern-crop" tabindex="-1"> + <div class="onion-pattern-column" tabindex="-1"> + <div class="onion-pattern-row"> + <div class="circle solid"></div> + + <div class="circle dashed"></div> + + <div class="circle"> + <div class="inner border"></div> + <div class="inner border"></div> + <div class="inner border"></div> + <div class="inner border"></div> + </div> + + <div class="circle"> + <div class="bottom-half solid"></div> + <div class="bottom-half dotted"></div> + </div> + + <div class="circle border"></div> + + <div class="circle"> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + </div> + + <div class="circle solid"></div> + + <div class="circle"> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + </div> + + <div class="circle bold"></div> + + <div class="circle"> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + </div> + + <div class="circle"> + <div class="inner border"></div> + <div class="inner border"></div> + <div class="inner border"></div> + <div class="inner border"></div> + </div> + + <div class="circle bold"></div> + + <div class="circle"> + <div class="bottom-half solid"></div> + <div class="bottom-half solid"></div> + </div> + + <div class="circle"> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + </div> + + <div class="circle dotted"></div> + + <div class="circle"> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + </div> + + <div class="circle solid"></div> + + <div class="circle"> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + </div> + + <div class="circle bold"></div> + + <div class="circle dashed"></div> + </div> + + <div class="onion-pattern-row onion-pattern-offset-row"> + <div class="circle"> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + </div> + + <div class="circle"> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + </div> + + <div class="circle bold"></div> + + <div class="circle solid"></div> + + <div class="circle"> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + </div> + + <div class="circle"> + <div class="top-half solid"></div> + <div class="top-half solid"></div> + </div> + + <div class="circle border"></div> + + <div class="circle dotted"></div> + + <div class="circle"> + <div class="top-half border"></div> + <div class="top-half dashed"></div> + </div> + + <div class="circle"> + <div class="inner border"></div> + <div class="inner border"></div> + <div class="inner border"></div> + <div class="inner border"></div> + </div> + + <div class="circle"> + <div class="top-half dotted"></div> + <div class="top-half solid"></div> + </div> + + <div class="circle"> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + <div class="inner dashed"></div> + </div> + + <div class="circle dotted"></div> + + <div class="circle bold"></div> + + <div class="circle solid"></div> + + <div class="circle"> + <div class="top-half solid"></div> + <div class="top-half dotted"></div> + </div> + + <div class="circle"> + <div class="inner border"></div> + <div class="inner border"></div> + <div class="inner border"></div> + <div class="inner border"></div> + </div> + + <div class="circle"> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + <div class="inner dotted"></div> + </div> + + <div class="circle"> + <div class="inner border"></div> + <div class="inner border"></div> + <div class="inner border"></div> + <div class="inner border"></div> + </div> + + <div class="circle dotted"></div> + + <div class="circle"> + <div class="top-half solid"></div> + <div class="top-half solid"></div> + </div> + + <div class="circle dotted"></div> + </div> + </div> + </div> +</div> \ No newline at end of file diff --git a/browser/themes/shared/urlbar-searchbar.inc.css b/browser/themes/shared/urlbar-searchbar.inc.css index d3cc6bf7f024..297dbcdf444d 100644 --- a/browser/themes/shared/urlbar-searchbar.inc.css +++ b/browser/themes/shared/urlbar-searchbar.inc.css @@ -826,3 +826,5 @@ } %include ../../components/onionservices/content/onionlocation-urlbar.css +%include ../../components/torconnect/content/torconnect-urlbar.css + diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp index afc872569519..e74851a6672c 100644 --- a/dom/base/Document.cpp +++ b/dom/base/Document.cpp @@ -16387,9 +16387,56 @@ void Document::RemoveToplevelLoadingDocument(Document* aDoc) { StylePrefersColorScheme Document::PrefersColorScheme( IgnoreRFP aIgnoreRFP) const { + + // tor-browser#27476 + // should this document ignore resist finger-printing settings with regards to + // setting the color scheme + // currently only enabled for about:torconnect but we could expand to other non- + // SystemPrincipal pages if we wish + const auto documentUsesPreferredColorScheme = [](auto const* constDocument) -> bool { + if (auto* document = const_cast<Document*>(constDocument); document != nullptr) { + auto uri = document->GetDocBaseURI(); + + // try and extract out our prepath and filepath portions of the uri to C-strings + nsAutoCString prePathStr, filePathStr; + if(NS_FAILED(uri->GetPrePath(prePathStr)) || + NS_FAILED(uri->GetFilePath(filePathStr))) { + return false; + } + + // stick them in string view for easy comparisons + std::string_view prePath(prePathStr.get(), prePathStr.Length()), + filePath(filePathStr.get(), filePathStr.Length()); + + // these about URIs will have the user's preferred color scheme exposed to them + // we can place other URIs here in the future if we wish + // see nsIURI.idl for URI part definitions + constexpr struct { + std::string_view prePath; + std::string_view filePath; + } allowedURIs[] = { + { "about:", "torconnect" }, + }; + + // check each uri in the allow list against this document's uri + // verify the prepath and the file path match + for(auto const& uri : allowedURIs) { + if (prePath == uri.prePath && + filePath == uri.filePath) { + // positive match means we can apply dark-mode to the page + return true; + } + } + } + + // do not allow if no match or other error + return false; + }; + if (aIgnoreRFP == IgnoreRFP::No && - nsContentUtils::ShouldResistFingerprinting(this)) { - return StylePrefersColorScheme::Light; + nsContentUtils::ShouldResistFingerprinting(this) && + !documentUsesPreferredColorScheme(this)) { + return StylePrefersColorScheme::Light; } if (nsPresContext* pc = GetPresContext()) { diff --git a/dom/base/nsGlobalWindowOuter.cpp b/dom/base/nsGlobalWindowOuter.cpp index abe1e56d9714..759060f131ff 100644 --- a/dom/base/nsGlobalWindowOuter.cpp +++ b/dom/base/nsGlobalWindowOuter.cpp @@ -6082,6 +6082,8 @@ void nsGlobalWindowOuter::CloseOuter(bool aTrustedCaller) { NS_ENSURE_SUCCESS_VOID(rv); if (!StringBeginsWith(url, NS_LITERAL_STRING("about:neterror")) && + // we want about:torconnect pages to be able to close themselves after bootstrap + !StringBeginsWith(url, NS_LITERAL_STRING("about:torconnect")) && !HadOriginalOpener() && !aTrustedCaller) { bool allowClose = mAllowScriptsToClose || diff --git a/toolkit/components/processsingleton/MainProcessSingleton.jsm b/toolkit/components/processsingleton/MainProcessSingleton.jsm index db1e2dc8f568..ea9288dccbb3 100644 --- a/toolkit/components/processsingleton/MainProcessSingleton.jsm +++ b/toolkit/components/processsingleton/MainProcessSingleton.jsm @@ -24,6 +24,11 @@ MainProcessSingleton.prototype = { null ); + ChromeUtils.import( + "resource:///modules/TorConnect.jsm", + null + ); + // Load this script early so that console.* is initialized // before other frame scripts. Services.mm.loadFrameScript( diff --git a/toolkit/modules/AsyncPrefs.jsm b/toolkit/modules/AsyncPrefs.jsm index aca86556cd5e..b81ff5e22b9b 100644 --- a/toolkit/modules/AsyncPrefs.jsm +++ b/toolkit/modules/AsyncPrefs.jsm @@ -18,6 +18,8 @@ const kAllowedPrefs = new Set([ "testing.allowed-prefs.some-char-pref", "testing.allowed-prefs.some-int-pref", + "extensions.torlauncher.quickstart", + "narrate.rate", "narrate.voice", diff --git a/toolkit/modules/RemotePageAccessManager.jsm b/toolkit/modules/RemotePageAccessManager.jsm index eceaa7c857de..54230e1175ec 100644 --- a/toolkit/modules/RemotePageAccessManager.jsm +++ b/toolkit/modules/RemotePageAccessManager.jsm @@ -96,6 +96,7 @@ let RemotePageAccessManager = { RPMPrefIsLocked: ["security.tls.version.min"], RPMAddToHistogram: ["*"], RPMGetTorStrings: ["*"], + RPMSendQuery: ["ShouldShowTorConnect"], }, "about:newinstall": { RPMGetUpdateChannel: ["*"], @@ -179,6 +180,21 @@ let RemotePageAccessManager = { RPMAddMessageListener: ["*"], RPMRemoveMessageListener: ["*"], }, + "about:torconnect": { + RPMAddMessageListener: [ + "torconnect:state-change", + ], + RPMSendAsyncMessage: [ + "torconnect:open-tor-preferences", + "torconnect:begin-bootstrap", + "torconnect:cancel-bootstrap", + "torconnect:set-quickstart", + ], + RPMSendQuery: [ + "torconnect:get-init-args", + "torconnect:copy-tor-logs", + ], + }, }, /** diff --git a/toolkit/mozapps/update/UpdateService.jsm b/toolkit/mozapps/update/UpdateService.jsm index 1fb397373151..79881cba42d6 100644 --- a/toolkit/mozapps/update/UpdateService.jsm +++ b/toolkit/mozapps/update/UpdateService.jsm @@ -12,6 +12,17 @@ const { AppConstants } = ChromeUtils.import( const { AUSTLMY } = ChromeUtils.import( "resource://gre/modules/UpdateTelemetry.jsm" ); + +const { TorProtocolService } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); + +function _shouldRegisterBootstrapObserver(errorCode) { + return errorCode == PROXY_SERVER_CONNECTION_REFUSED && + !TorProtocolService.isBootstrapDone() && + TorProtocolService.ownsTorDaemon; +}; + const { Bits, BitsRequest, @@ -201,6 +212,7 @@ const INVALID_UPDATER_STATUS_CODE = 99; // Custom update error codes const BACKGROUNDCHECK_MULTIPLE_FAILURES = 110; const NETWORK_ERROR_OFFLINE = 111; +const PROXY_SERVER_CONNECTION_REFUSED = 2152398920; // Error codes should be < 1000. Errors above 1000 represent http status codes const HTTP_ERROR_OFFSET = 1000; @@ -2220,6 +2232,9 @@ UpdateService.prototype = { case "network:offline-status-changed": this._offlineStatusChanged(data); break; + case "torconnect:bootstrap-complete": + this._bootstrapComplete(); + break; case "nsPref:changed": if (data == PREF_APP_UPDATE_LOG || data == PREF_APP_UPDATE_LOG_FILE) { gLogEnabled; // Assigning this before it is lazy-loaded is an error. @@ -2640,6 +2655,35 @@ UpdateService.prototype = { this._attemptResume(); }, + _registerBootstrapObserver: function AUS__registerBootstrapObserver() { + if (this._registeredBootstrapObserver) { + LOG( + "UpdateService:_registerBootstrapObserver - observer already registered" + ); + return; + } + + LOG( + "UpdateService:_registerBootstrapObserver - waiting for tor bootstrap to " + + "be complete, then forcing another check" + ); + + Services.obs.addObserver(this, "torconnect:bootstrap-complete"); + this._registeredBootstrapObserver = true; + }, + + _bootstrapComplete: function AUS__bootstrapComplete() { + Services.obs.removeObserver(this, "torconnect:bootstrap-complete"); + this._registeredBootstrapObserver = false; + + LOG( + "UpdateService:_bootstrapComplete - bootstrapping complete, forcing " + + "another background check" + ); + + this._attemptResume(); + }, + onCheckComplete: function AUS_onCheckComplete(request, updates) { this._selectAndInstallUpdate(updates); }, @@ -2659,6 +2703,11 @@ UpdateService.prototype = { AUSTLMY.pingCheckCode(this._pingSuffix, AUSTLMY.CHK_OFFLINE); } return; + } else if (_shouldRegisterBootstrapObserver(update.errorCode)) { + // Register boostrap observer to try again, but only when we own the + // tor process. + this._registerBootstrapObserver(); + return; } // Send the error code to telemetry @@ -5189,6 +5238,7 @@ Downloader.prototype = { var state = this._patch.state; var shouldShowPrompt = false; var shouldRegisterOnlineObserver = false; + var shouldRegisterBootstrapObserver = false; var shouldRetrySoon = false; var deleteActiveUpdate = false; var retryTimeout = Services.prefs.getIntPref( @@ -5266,7 +5316,18 @@ Downloader.prototype = { ); shouldRegisterOnlineObserver = true; deleteActiveUpdate = false; - + } else if(_shouldRegisterBootstrapObserver(status)) { + // Register a bootstrap observer to try again. + // The bootstrap observer will continue the incremental download by + // calling downloadUpdate on the active update which continues + // downloading the file from where it was. + LOG("Downloader:onStopRequest - not bootstrapped, register bootstrap observer: true"); + AUSTLMY.pingDownloadCode( + this.isCompleteUpdate, + AUSTLMY.DWNLD_RETRY_OFFLINE + ); + shouldRegisterBootstrapObserver = true; + deleteActiveUpdate = false; // Each of NS_ERROR_NET_TIMEOUT, ERROR_CONNECTION_REFUSED, // NS_ERROR_NET_RESET and NS_ERROR_DOCUMENT_NOT_CACHED can be returned // when disconnecting the internet while a download of a MAR is in @@ -5384,7 +5445,7 @@ Downloader.prototype = { // Only notify listeners about the stopped state if we // aren't handling an internal retry. - if (!shouldRetrySoon && !shouldRegisterOnlineObserver) { + if (!shouldRetrySoon && !shouldRegisterOnlineObserver && !shouldRegisterBootstrapObserver) { // Make shallow copy in case listeners remove themselves when called. var listeners = this._listeners.concat(); var listenerCount = listeners.length; @@ -5532,6 +5593,9 @@ Downloader.prototype = { if (shouldRegisterOnlineObserver) { LOG("Downloader:onStopRequest - Registering online observer"); this.updateService._registerOnlineObserver(); + } else if (shouldRegisterBootstrapObserver) { + LOG("Downloader:onStopRequest - Registering bootstrap observer"); + this.updateService._registerBootstrapObserver(); } else if (shouldRetrySoon) { LOG("Downloader:onStopRequest - Retrying soon"); this.updateService._consecutiveSocketErrors++; diff --git a/toolkit/themes/shared/in-content/info-pages.inc.css b/toolkit/themes/shared/in-content/info-pages.inc.css index 6943a3340e35..5b3c911a5aab 100644 --- a/toolkit/themes/shared/in-content/info-pages.inc.css +++ b/toolkit/themes/shared/in-content/info-pages.inc.css @@ -41,10 +41,11 @@ body.wide-container { background-image: url("chrome://global/skin/icons/info.svg"); background-position: left 0; background-repeat: no-repeat; - background-size: 1.6em; - margin-inline-start: -2.3em; - padding-inline-start: 2.3em; - font-size: 2.2em; + background-size: 3.0em; + margin-inline-start: -4.5em; + padding-inline-start: 4.5em; + margin-bottom: -2.0em; + font-size: 1.5em; -moz-context-properties: fill; fill: currentColor; } @@ -56,7 +57,10 @@ body.wide-container { .title-text { font-size: inherit; - padding-bottom: 0.4em; + padding-bottom: 2.0em !important; + line-height: 1.0em; + font-weight: bold; + vertical-align: top; } @media (max-width: 970px) { @@ -68,6 +72,7 @@ body.wide-container { .title-text { padding-top: 0; + vertical-align: middle !important; } } diff --git a/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js b/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js index 2ff107b553b2..f8fa83574df7 100644 --- a/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js +++ b/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js @@ -70,6 +70,10 @@ function getGlobalScriptIncludes(scriptPath) { let match = line.match(globalScriptsRegExp); if (match) { let sourceFile = match[1] + .replace( + "chrome://browser/content/torconnect/", + "browser/components/torconnect/content/" + ) .replace( "chrome://browser/content/search/", "browser/components/search/content/"

1 0

[tor-browser/tor-browser-78.14.0esr-11.0-1] Bug 40475: Include clearing CORS preflight cache
by sysrqb＠torproject.org 07 Sep '21

07 Sep '21

commit 2bc5a29d7fc8d83a62e402e4874d0c1f16c213d6 Author: Matthew Finkel <sysrqb(a)torproject.org> Date: Sun Jun 6 20:32:23 2021 +0000 Bug 40475: Include clearing CORS preflight cache --- netwerk/protocol/http/nsCORSListenerProxy.cpp | 7 +++++++ netwerk/protocol/http/nsCORSListenerProxy.h | 1 + netwerk/protocol/http/nsHttpHandler.cpp | 2 ++ 3 files changed, 10 insertions(+) diff --git a/netwerk/protocol/http/nsCORSListenerProxy.cpp b/netwerk/protocol/http/nsCORSListenerProxy.cpp index 76870e6cea3f..6d2e160c2a9b 100644 --- a/netwerk/protocol/http/nsCORSListenerProxy.cpp +++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp @@ -346,6 +346,13 @@ void nsCORSListenerProxy::Shutdown() { sPreflightCache = nullptr; } +/* static */ +void nsCORSListenerProxy::Clear() { + if (sPreflightCache) { + sPreflightCache->Clear(); + } +} + nsCORSListenerProxy::nsCORSListenerProxy(nsIStreamListener* aOuter, nsIPrincipal* aRequestingPrincipal, bool aWithCredentials) diff --git a/netwerk/protocol/http/nsCORSListenerProxy.h b/netwerk/protocol/http/nsCORSListenerProxy.h index 8c0df2e0ff28..3f76be33f209 100644 --- a/netwerk/protocol/http/nsCORSListenerProxy.h +++ b/netwerk/protocol/http/nsCORSListenerProxy.h @@ -54,6 +54,7 @@ class nsCORSListenerProxy final : public nsIStreamListener, NS_DECL_NSITHREADRETARGETABLESTREAMLISTENER static void Shutdown(); + static void Clear(); [[nodiscard]] nsresult Init(nsIChannel* aChannel, DataURIHandling aAllowDataURI); diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp index d5e2c61dbec9..c6cb95ca7fcc 100644 --- a/netwerk/protocol/http/nsHttpHandler.cpp +++ b/netwerk/protocol/http/nsHttpHandler.cpp @@ -10,6 +10,7 @@ #include "prsystem.h" #include "AltServiceChild.h" +#include "nsCORSListenerProxy.h" #include "nsError.h" #include "nsHttp.h" #include "nsHttpHandler.h" @@ -2290,6 +2291,7 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, mAltSvcCache->ClearAltServiceMappings(); } } + nsCORSListenerProxy::Clear(); } else if (!strcmp(topic, NS_NETWORK_LINK_TOPIC)) { nsAutoCString converted = NS_ConvertUTF16toUTF8(data); if (!strcmp(converted.get(), NS_NETWORK_LINK_DATA_CHANGED)) {

1 0

[tor-browser/tor-browser-78.14.0esr-11.0-1] Bug 40432: Prevent probing installed applications
by sysrqb＠torproject.org 07 Sep '21

07 Sep '21

commit 656a5f1ec7e9a0303696b1b5b8654684a730912d Author: Matthew Finkel <sysrqb(a)torproject.org> Date: Mon May 17 18:09:09 2021 +0000 Bug 40432: Prevent probing installed applications --- .../exthandler/nsExternalHelperAppService.cpp | 30 ++++++++++++++++++---- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp index 0dcc1d3ed6ab..7ff9c5b626a3 100644 --- a/uriloader/exthandler/nsExternalHelperAppService.cpp +++ b/uriloader/exthandler/nsExternalHelperAppService.cpp @@ -1002,8 +1002,33 @@ nsresult nsExternalHelperAppService::GetFileTokenForPath( ////////////////////////////////////////////////////////////////////////////////////////////////////// // begin external protocol service default implementation... ////////////////////////////////////////////////////////////////////////////////////////////////////// + +static const char kExternalProtocolPrefPrefix[] = + "network.protocol-handler.external."; +static const char kExternalProtocolDefaultPref[] = + "network.protocol-handler.external-default"; + NS_IMETHODIMP nsExternalHelperAppService::ExternalProtocolHandlerExists( const char* aProtocolScheme, bool* aHandlerExists) { + + // Replicate the same check performed in LoadURI. + // Deny load if the prefs say to do so + nsAutoCString externalPref(kExternalProtocolPrefPrefix); + externalPref += aProtocolScheme; + bool allowLoad = false; + *aHandlerExists = false; + if (NS_FAILED(Preferences::GetBool(externalPref.get(), &allowLoad))) { + // no scheme-specific value, check the default + if (NS_FAILED( + Preferences::GetBool(kExternalProtocolDefaultPref, &allowLoad))) { + return NS_OK; // missing default pref + } + } + + if (!allowLoad) { + return NS_OK; // explicitly denied + } + nsCOMPtr<nsIHandlerInfo> handlerInfo; nsresult rv = GetProtocolHandlerInfo(nsDependentCString(aProtocolScheme), getter_AddRefs(handlerInfo)); @@ -1046,11 +1071,6 @@ NS_IMETHODIMP nsExternalHelperAppService::IsExposedProtocol( return NS_OK; } -static const char kExternalProtocolPrefPrefix[] = - "network.protocol-handler.external."; -static const char kExternalProtocolDefaultPref[] = - "network.protocol-handler.external-default"; - NS_IMETHODIMP nsExternalHelperAppService::LoadURI(nsIURI* aURI, nsIPrincipal* aTriggeringPrincipal,

1 0

[tor-browser/tor-browser-78.14.0esr-11.0-1] Adding issue template for bugs.
by sysrqb＠torproject.org 07 Sep '21

07 Sep '21

commit f84cf753228959a7dbc3a0a6c22c37acbc122be9 Author: Gaba <gaba(a)torproject.org> Date: Mon Jun 28 11:44:16 2021 -0700 Adding issue template for bugs. --- .gitlab/issue_templates/UXBug.md | 29 +++++++++++++++++++++++++++++ .gitlab/issue_templates/bug.md | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/.gitlab/issue_templates/UXBug.md b/.gitlab/issue_templates/UXBug.md new file mode 100644 index 000000000000..8e7cb2a5e163 --- /dev/null +++ b/.gitlab/issue_templates/UXBug.md @@ -0,0 +1,29 @@ + + +### Summary +**Summarize the bug encountered concisely.** + + +### Steps to reproduce: +**How one can reproduce the issue - this is very important.** + +1. Step 1 +2. Step 2 +3. ... + +### What is the current bug behavior? +**What actually happens.** + + +### What is the expected behavior? +**What you want to see instead** + + + +## Relevant logs and/or screenshots +**Do you have screenshots? Attach them to this ticket please.** + +/label ~tor-ux ~needs-investigation ~bug +/assign @nah diff --git a/.gitlab/issue_templates/bug.md b/.gitlab/issue_templates/bug.md new file mode 100644 index 000000000000..6ce85a4864be --- /dev/null +++ b/.gitlab/issue_templates/bug.md @@ -0,0 +1,32 @@ + + +### Summary +**Summarize the bug encountered concisely.** + + +### Steps to reproduce: +**How one can reproduce the issue - this is very important.** + +1. Step 1 +2. Step 2 +3. ... + +### What is the current bug behavior? +**What actually happens.** + + +### What is the expected behavior? +**What you want to see instead** + + + +### Environment +**Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc.** +**Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc.** + +### Relevant logs and/or screenshots + + +/label ~bug

1 0

[tor-browser/tor-browser-78.14.0esr-11.0-1] Bug 40416: Add v2 Onion deprecation warnings
by sysrqb＠torproject.org 07 Sep '21

07 Sep '21

commit 77f5afa671fd2197164671b33fb60b2735435147 Author: Richard Pospesel <richard(a)torproject.org> Date: Fri May 21 22:18:23 2021 +0200 Bug 40416: Add v2 Onion deprecation warnings - adds new v2 deprecated warning page (js and styling) that piggy-backs off of the existing added onion service errors - updates identity-icon to onionWarning.svg when visiting a v2 onion site adds warning tooltip; this warning supersedes all other identity states (including mixed-content error) - we determine whether to show the warning page in nsDocShell::DoURILoad() - a new synchonous IPC method is added to ContentChild/ContentParent to determine if the session has loaded the warning page already; worst case scenario, each child process will need to wait on this method to return only once when visiting a v2 onion; nothing is permanently cached with regards to this change - an exception for the new sync method is added to sync-messages.ini (generally, in practice adding new blocking methods is probably bad, but the minimial overhead and frequency this method is called is worth the simpler code) --- browser/base/content/aboutNetError.xhtml | 3 ++ browser/base/content/browser-siteIdentity.js | 12 +++++ browser/base/jar.mn | 2 +- .../content/netError/onionNetError.js | 6 +++ .../content/netError/v2Deprecated.css | 25 +++++++++ .../onionservices/content/netError/v2Deprecated.js | 50 ++++++++++++++++++ browser/components/onionservices/jar.mn | 8 ++- browser/modules/TorStrings.jsm | 8 +++ .../shared/identity-block/identity-block.inc.css | 3 +- browser/themes/shared/onionPattern.inc.xhtml | 4 +- docshell/base/nsDocShell.cpp | 61 ++++++++++++++++++++++ dom/ipc/ContentParent.cpp | 11 ++++ dom/ipc/ContentParent.h | 2 + dom/ipc/PContent.ipdl | 3 ++ ipc/ipdl/sync-messages.ini | 3 ++ js/xpconnect/src/xpc.msg | 1 + xpcom/base/ErrorList.py | 2 + 17 files changed, 200 insertions(+), 4 deletions(-) diff --git a/browser/base/content/aboutNetError.xhtml b/browser/base/content/aboutNetError.xhtml index 957b6f15a0be..4572eb2024f1 100644 --- a/browser/base/content/aboutNetError.xhtml +++ b/browser/base/content/aboutNetError.xhtml @@ -207,7 +207,10 @@ </div> </div> </div> + +#include ../../themes/shared/onionPattern.inc.xhtml </body> + <script src="chrome://browser/content/onionservices/netError/v2Deprecated.js"/> <script src="chrome://browser/content/onionservices/netError/onionNetError.js"/> <script src="chrome://browser/content/aboutNetError.js"/> </html> diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js index 2a3431172886..27fee74cba5b 100644 --- a/browser/base/content/browser-siteIdentity.js +++ b/browser/base/content/browser-siteIdentity.js @@ -135,6 +135,15 @@ var gIdentityHandler = { return this._uriHasHost ? this._uri.host.toLowerCase().endsWith(".onion") : false; }, + get _uriIsDeprecatedOnionHost() { + const hostIsV2Onion = function(host) { + // matches on v2 onion domains with any number of subdomains + const pattern = /^(.*\.)*[a-z2-7]{16}\.onion/i; + return pattern.test(host); + }; + + return this._uriHasHost ? hostIsV2Onion(this._uri.host) : false; + }, // smart getters get _identityPopup() { delete this._identityPopup; @@ -685,6 +694,9 @@ var gIdentityHandler = { "identity.extension.label", [extensionName] ); + } else if (this._uriIsDeprecatedOnionHost) { + this._identityBox.className = "onionServiceDeprecated"; + tooltip = TorStrings.onionServices.v2Deprecated.tooltip; } else if (this._uriHasHost && this._isSecureConnection && this._secInfo) { // This is a secure connection. // _isSecureConnection implicitly includes onion services, which may not have an SSL certificate diff --git a/browser/base/jar.mn b/browser/base/jar.mn index df65349796b5..21b07ad9511b 100644 --- a/browser/base/jar.mn +++ b/browser/base/jar.mn @@ -22,7 +22,7 @@ browser.jar: content/browser/logos/send.svg (content/logos/send.svg) content/browser/logos/tracking-protection.svg (content/logos/tracking-protection.svg) content/browser/logos/tracking-protection-dark-theme.svg (content/logos/tracking-protection-dark-theme.svg) - content/browser/aboutNetError.xhtml (content/aboutNetError.xhtml) +* content/browser/aboutNetError.xhtml (content/aboutNetError.xhtml) content/browser/aboutNetError.js (content/aboutNetError.js) content/browser/aboutRobots-icon.png (content/aboutRobots-icon.png) content/browser/aboutFrameCrashed.html (content/aboutFrameCrashed.html) diff --git a/browser/components/onionservices/content/netError/onionNetError.js b/browser/components/onionservices/content/netError/onionNetError.js index 8fabb3f38eb7..254e50bab4a3 100644 --- a/browser/components/onionservices/content/netError/onionNetError.js +++ b/browser/components/onionservices/content/netError/onionNetError.js @@ -38,6 +38,12 @@ var OnionServicesAboutNetError = { const errPrefix = "onionServices."; const errName = err.substring(errPrefix.length); + // tor-browser#40416 - remove this page and updated onionNetErrors with new error once v2 no longer works at all + if (errName === "v2Deprecated") { + V2DeprecatedAboutNetError.initPage(aDoc); + return; + } + this._strings = RPMGetTorStrings(); const stringsObj = this._strings[errName]; diff --git a/browser/components/onionservices/content/netError/v2Deprecated.css b/browser/components/onionservices/content/netError/v2Deprecated.css new file mode 100644 index 000000000000..890468d09761 --- /dev/null +++ b/browser/components/onionservices/content/netError/v2Deprecated.css @@ -0,0 +1,25 @@ +%include ../../../../themes/shared/onionPattern.css + +:root { + --onion-opacity: 1; + --onion-color: var(--card-outline-color); + --onion-radius: 50px; +} + +body { + border: 1.5em solid #FED916; + justify-content: space-between; +} + +div.title { + background-image: url("chrome://browser/skin/onion-warning.svg"); +} + +div#errorPageContainer { + padding-top: 20vh; + width: 66%; +} + +div#learnMoreContainer { + display: block; +} \ No newline at end of file diff --git a/browser/components/onionservices/content/netError/v2Deprecated.js b/browser/components/onionservices/content/netError/v2Deprecated.js new file mode 100644 index 000000000000..195bc187791c --- /dev/null +++ b/browser/components/onionservices/content/netError/v2Deprecated.js @@ -0,0 +1,50 @@ +// Copyright (c) 2021, The Tor Project, Inc. + +"use strict"; + +/* eslint-env mozilla/frame-script */ + +var V2DeprecatedAboutNetError = { + + _selector: { + header: ".title-text", + longDesc: "#errorLongDesc", + learnMoreLink: "#learnMoreLink", + contentContainer: "#errorLongContent", + tryAgainButton: "div#netErrorButtonContainer button.try-again", + }, + + initPage(aDoc) { + this._insertStylesheet(aDoc); + this._populateStrings(aDoc); + }, + + _populateStrings(aDoc) { + // populate strings + const TorStrings = RPMGetTorStrings(); + + aDoc.title = TorStrings.v2Deprecated.pageTitle; + + let headerElem = aDoc.querySelector(this._selector.header); + headerElem.textContent = TorStrings.v2Deprecated.header; + + let longDescriptionElem = aDoc.querySelector(this._selector.longDesc); + longDescriptionElem.textContent = TorStrings.v2Deprecated.longDescription; + + let learnMoreElem = aDoc.querySelector(this._selector.learnMoreLink); + learnMoreElem.setAttribute("href", TorStrings.v2Deprecated.learnMoreURL); + + let tryAgainElem = aDoc.querySelector(this._selector.tryAgainButton); + tryAgainElem.textContent = TorStrings.v2Deprecated.tryAgain; + }, + + _insertStylesheet(aDoc) { + const url = + "chrome://browser/content/onionservices/netError/v2Deprecated.css"; + let linkElem = aDoc.createElement("link"); + linkElem.rel = "stylesheet"; + linkElem.href = url; + linkElem.type = "text/css"; + aDoc.head.appendChild(linkElem); + }, +}; diff --git a/browser/components/onionservices/jar.mn b/browser/components/onionservices/jar.mn index f45b16dc5d29..73258bd9c501 100644 --- a/browser/components/onionservices/jar.mn +++ b/browser/components/onionservices/jar.mn @@ -3,7 +3,13 @@ browser.jar: content/browser/onionservices/authPreferences.js (content/authPreferences.js) content/browser/onionservices/authPrompt.js (content/authPrompt.js) content/browser/onionservices/authUtil.jsm (content/authUtil.jsm) - content/browser/onionservices/netError/ (content/netError/*) + content/browser/onionservices/netError/browser.svg (content/netError/browser.svg) + content/browser/onionservices/netError/network.svg (content/netError/network.svg) + content/browser/onionservices/netError/onionNetError.css (content/netError/onionNetError.css) + content/browser/onionservices/netError/onionNetError.js (content/netError/onionNetError.js) + content/browser/onionservices/netError/onionsite.svg (content/netError/onionsite.svg) +* content/browser/onionservices/netError/v2Deprecated.css (content/netError/v2Deprecated.css) + content/browser/onionservices/netError/v2Deprecated.js (content/netError/v2Deprecated.js) content/browser/onionservices/onionservices.css (content/onionservices.css) content/browser/onionservices/savedKeysDialog.js (content/savedKeysDialog.js) content/browser/onionservices/savedKeysDialog.xhtml (content/savedKeysDialog.xhtml) diff --git a/browser/modules/TorStrings.jsm b/browser/modules/TorStrings.jsm index c0691ff078ce..d8b9e9d9a399 100644 --- a/browser/modules/TorStrings.jsm +++ b/browser/modules/TorStrings.jsm @@ -507,6 +507,14 @@ var TorStrings = { header: getString("introTimedOut.header", "Onionsite Circuit Creation Timed Out"), longDescription: getString("introTimedOut.longDescription", kLongDescFallback), }, + v2Deprecated: { // Deprecation page for v2 Onions + pageTitle: getString("v2Deprecated.pageTitle", "V2 Onion Site Deprecation Warning"), + header: getString("v2Deprecated.header", "Version 2 Onion Sites will be deprecated soon"), + longDescription: getString("v2Deprecated.longDescription", "Tor is ending its support for version 2 onion services beginning in July 2021, and this onion site will no longer be reachable at this address. If you are the site administrator, upgrade to a version 3 onion service soon."), + learnMoreURL: `https://support.torproject.org/${getLocale()}/onionservices/#v2-deprecation`, + tryAgain: getString("v2Deprecated.tryAgain", "Got it"), + tooltip: getString("v2Deprecated.tooltip", "This onion site will not be reachable soon"), + }, authPrompt: { description: getString("authPrompt.description2", "%S is requesting that you authenticate."), diff --git a/browser/themes/shared/identity-block/identity-block.inc.css b/browser/themes/shared/identity-block/identity-block.inc.css index 9a70125495d7..ce8a2b44e60a 100644 --- a/browser/themes/shared/identity-block/identity-block.inc.css +++ b/browser/themes/shared/identity-block/identity-block.inc.css @@ -173,7 +173,8 @@ #identity-box[pageproxystate="valid"].onionMixedDisplayContent > #identity-icon, #identity-box[pageproxystate="valid"].onionMixedDisplayContentLoadedActiveBlocked > #identity-icon, -#identity-box[pageproxystate="valid"].onionCertUserOverridden > #identity-icon { +#identity-box[pageproxystate="valid"].onionCertUserOverridden > #identity-icon, +#identity-box[pageproxystate="valid"].onionServiceDeprecated > #identity-icon { list-style-image: url(chrome://browser/skin/onion-warning.svg); visibility: visible; } diff --git a/browser/themes/shared/onionPattern.inc.xhtml b/browser/themes/shared/onionPattern.inc.xhtml index 6bbde93684a2..0b6b8b072f9a 100644 --- a/browser/themes/shared/onionPattern.inc.xhtml +++ b/browser/themes/shared/onionPattern.inc.xhtml @@ -9,9 +9,11 @@ - most browser windows, typically the two rows of onions will fill the - bottom of the page. On really wide pages, the onions are centered at - the bottom of the page. + - The root onion-pattern-container div is hidden by default, and can be + - enabled by including onionPattern.css --> -<div class="onion-pattern-container"> +<div class="onion-pattern-container" style="display: none">  diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index bf9639c82612..0f315f2f87b4 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -7,6 +7,7 @@ #include "nsDocShell.h" #include <algorithm> +#include <regex> #ifdef XP_WIN # include <process.h> @@ -3645,6 +3646,9 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI, case NS_ERROR_TOR_ONION_SVC_INTRO_TIMEDOUT: error = "onionServices.introTimedOut"; break; + case NS_ERROR_TOR_ONION_SVC_V2_DEPRECATED: + error = "onionServices.v2Deprecated"; + break; default: break; } @@ -9596,6 +9600,63 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState, return NS_OK; } + // tor-browser#40416 + // we only ever want to show the warning page once per session + const auto shouldShouldShowV2DeprecationPage = []() -> bool { + bool retval = false; + if (XRE_IsContentProcess()) { + auto* cc = ContentChild::GetSingleton(); + cc->SendShouldShowV2DeprecationPage(&retval); + } + return retval; + }; + + const auto uriIsV2Onion = [](nsIURI* uri) -> bool { + if (uri) { + nsAutoCString hostString; + uri->GetHost(hostString); + + const std::string_view host(hostString.BeginReading(), hostString.Length()); + + // matches v2 onions with any number of subdomains + const static std::regex v2OnionPattern{ + "^(.*\\.)*[a-z2-7]{16}\\.onion", + std::regex::icase | std::regex::optimize + }; + + // see if the uri refers to v2 onion host + return std::regex_match( + host.begin(), + host.end(), + v2OnionPattern); + } + return false; + }; + + // only dip in here if this process thinks onion warning page has not been shown + static bool v2DeprecationPageShown = false; + if (!v2DeprecationPageShown) { + // now only advance if the URI we are dealing with + // is a v2 onion address + auto uri = aLoadState->URI(); + if (uriIsV2Onion(uri)) { + // Ok, so we are dealing with a v2 onion, now make + // sure the v2 deprecation page has not been shown in + // in another content process + // + // This is a synchrynous call, so we are blocking until + // we hear back from from the parent process. Each child + // process will need to perform this wait at most once, + // since we are locally caching in v2DeprecationPageShown. + v2DeprecationPageShown = true; + if (shouldShouldShowV2DeprecationPage()) { + DisplayLoadError(NS_ERROR_TOR_ONION_SVC_V2_DEPRECATED, uri, nullptr, nullptr); + return NS_ERROR_LOAD_SHOWED_ERRORPAGE; + } + } + } + + nsCOMPtr<nsIURILoader> uriLoader = components::URILoader::Service(); if (NS_WARN_IF(!uriLoader)) { return NS_ERROR_UNEXPECTED; diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp index 4269016ec5d5..9c1c1fddf9e9 100644 --- a/dom/ipc/ContentParent.cpp +++ b/dom/ipc/ContentParent.cpp @@ -6515,6 +6515,17 @@ NS_IMETHODIMP ContentParent::GetActor(const nsACString& aName, return NS_OK; } +mozilla::ipc::IPCResult ContentParent::RecvShouldShowV2DeprecationPage(bool* showPage) { + static bool v2DeprecationPageShown = false; + if (v2DeprecationPageShown) { + *showPage = false; + } else { + *showPage = true; + v2DeprecationPageShown = true; + } + return IPC_OK(); +} + } // namespace dom } // namespace mozilla diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h index 4f10832d8e23..83f9caa1dc6c 100644 --- a/dom/ipc/ContentParent.h +++ b/dom/ipc/ContentParent.h @@ -1280,6 +1280,8 @@ class ContentParent final const MaybeDiscarded<BrowsingContext>& aContext, int32_t aOffset, HistoryGoResolver&& aResolveRequestedIndex); + mozilla::ipc::IPCResult RecvShouldShowV2DeprecationPage(bool* showPage); + // Notify the ContentChild to enable the input event prioritization when // initializing. void MaybeEnableRemoteInputEventQueue(); diff --git a/dom/ipc/PContent.ipdl b/dom/ipc/PContent.ipdl index c4dd750e47a4..09d053c69738 100644 --- a/dom/ipc/PContent.ipdl +++ b/dom/ipc/PContent.ipdl @@ -1678,6 +1678,9 @@ child: // WindowContext is managed using the PWindowGlobal actor's lifecycle. async CreateWindowContext(WindowContextInitializer aInit); async DiscardWindowContext(uint64_t aContextId) returns (bool unused); + +parent: + sync ShouldShowV2DeprecationPage() returns (bool showPage); }; } diff --git a/ipc/ipdl/sync-messages.ini b/ipc/ipdl/sync-messages.ini index 88ad49d169e8..df2acb04c750 100644 --- a/ipc/ipdl/sync-messages.ini +++ b/ipc/ipdl/sync-messages.ini @@ -1040,6 +1040,9 @@ description = Initialization of WebGL contexts is synchronous by spec. description = Synchronous RPC to allow WebGL to run graphics commands in compositor process and return results to be used in JS return values. [PSocketProcess::GetTLSClientCert] description = Synchronously get client certificate and key from parent process. Once bug 696976 has been fixed, this can be removed. +[PContent::ShouldShowV2DeprecationPage] +description = Synchronously determine whether a client process has already displayed the v2 onion deprecation warning page + ############################################################# # AVOID ADDING NEW MESSAGES TO THIS FILE # diff --git a/js/xpconnect/src/xpc.msg b/js/xpconnect/src/xpc.msg index 31e5e75ba35c..7c8cc9ef181c 100644 --- a/js/xpconnect/src/xpc.msg +++ b/js/xpconnect/src/xpc.msg @@ -262,6 +262,7 @@ XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_MISSING_CLIENT_AUTH, "Tor onion service missi XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_BAD_CLIENT_AUTH , "Tor onion service wrong client authorization") XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_BAD_ADDRESS , "Tor onion service bad address") XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_INTRO_TIMEDOUT , "Tor onion service introduction timed out") +XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_V2_DEPRECATED , "Tor v2 onion services are deprecated") /* Profile manager error codes */ XPC_MSG_DEF(NS_ERROR_DATABASE_CHANGED , "Flushing the profiles to disk would have overwritten changes made elsewhere.") diff --git a/xpcom/base/ErrorList.py b/xpcom/base/ErrorList.py index 5f35cf7771f9..6bcd65f9bca9 100755 --- a/xpcom/base/ErrorList.py +++ b/xpcom/base/ErrorList.py @@ -1200,6 +1200,8 @@ with modules["TOR"]: errors["NS_ERROR_TOR_ONION_SVC_BAD_ADDRESS"] = FAILURE(7) # Tor onion service introduction timed out. errors["NS_ERROR_TOR_ONION_SVC_INTRO_TIMEDOUT"] = FAILURE(8) + # Tor v2 onion services are deprecated + errors["NS_ERROR_TOR_ONION_SVC_V2_DEPRECATED"] = FAILURE(9) # ======================================================================= # 51: NS_ERROR_MODULE_GENERAL

1 0

[tor-browser/tor-browser-78.14.0esr-11.0-1] Bug 1719146 - Use size_t in breakpad's Linux exception handler. r=gsvelto
by sysrqb＠torproject.org 07 Sep '21

07 Sep '21

commit 3758b15b418a3df147cf804f6dfb14276c6cd073 Author: Emilio Cobos Álvarez <emilio(a)crisal.io> Date: Mon Jul 5 11:59:34 2021 +0000 Bug 1719146 - Use size_t in breakpad's Linux exception handler. r=gsvelto Differential Revision: https://phabricator.services.mozilla.com/D119083 --- .../crashreporter/breakpad-client/linux/handler/exception_handler.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolkit/crashreporter/breakpad-client/linux/handler/exception_handler.cc b/toolkit/crashreporter/breakpad-client/linux/handler/exception_handler.cc index c8509c2d5363..1365935ba51c 100644 --- a/toolkit/crashreporter/breakpad-client/linux/handler/exception_handler.cc +++ b/toolkit/crashreporter/breakpad-client/linux/handler/exception_handler.cc @@ -145,7 +145,7 @@ void InstallAlternateStackLocked() { // SIGSTKSZ may be too small to prevent the signal handlers from overrunning // the alternative stack. Ensure that the size of the alternative stack is // large enough. - static const unsigned kSigStackSize = std::max(16384, SIGSTKSZ); + static const size_t kSigStackSize = std::max(size_t(16384), size_t(SIGSTKSZ)); // Only set an alternative stack if there isn't already one, or if the current // one is too small.

1 0

[tor-browser/tor-browser-78.14.0esr-11.0-1] Bug 40597: Implement TorSettings module
by sysrqb＠torproject.org 07 Sep '21

07 Sep '21

commit 5d33d5dedf98526e1b948964c06b7ac061492ed7 Author: Richard Pospesel <richard(a)torproject.org> Date: Fri Aug 6 16:39:03 2021 +0200 Bug 40597: Implement TorSettings module - migrated in-page settings read/write implementation from about:preferences#tor to the TorSettings module - TorSettings initially loads settings from the tor daemon, and saves them to firefox prefs - TorSettings notifies observers when a setting has changed; currently only QuickStart notification is implemented for parity with previous preference notify logic in about:torconnect and about:preferences#tor - about:preferences#tor, and about:torconnect now read and write settings thorugh the TorSettings module - all tor settings live in the torbrowser.settings.* preference branch - removed unused pref modify permission for about:torconnect content page from AsyncPrefs.jsm --- browser/components/torconnect/TorConnectParent.jsm | 25 +- .../torpreferences/content/parseFunctions.jsm | 89 --- .../torpreferences/content/torBridgeSettings.jsm | 325 --------- .../torpreferences/content/torFirewallSettings.jsm | 72 -- .../components/torpreferences/content/torPane.js | 324 ++++---- .../torpreferences/content/torProxySettings.jsm | 245 ------- browser/components/torpreferences/jar.mn | 12 +- browser/modules/TorConnect.jsm | 47 +- browser/modules/TorSettings.jsm | 811 +++++++++++++++++++++ browser/modules/moz.build | 1 + .../processsingleton/MainProcessSingleton.jsm | 5 + toolkit/modules/AsyncPrefs.jsm | 2 - 12 files changed, 1005 insertions(+), 953 deletions(-) diff --git a/browser/components/torconnect/TorConnectParent.jsm b/browser/components/torconnect/TorConnectParent.jsm index 792f2af10ea6..b735d75c1a72 100644 --- a/browser/components/torconnect/TorConnectParent.jsm +++ b/browser/components/torconnect/TorConnectParent.jsm @@ -7,10 +7,9 @@ const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); const { TorConnect, TorConnectTopics, TorConnectState } = ChromeUtils.import( "resource:///modules/TorConnect.jsm" ); - -const TorLauncherPrefs = Object.freeze({ - quickstart: "extensions.torlauncher.quickstart", -}); +const { TorSettings, TorSettingsTopics, TorSettingsData } = ChromeUtils.import( + "resource:///modules/TorSettings.jsm" +); /* This object is basically a marshalling interface between the TorConnect module @@ -32,7 +31,7 @@ class TorConnectParent extends JSWindowActorParent { BootstrapProgress: TorConnect.bootstrapProgress, BootstrapStatus: TorConnect.bootstrapStatus, ShowCopyLog: TorConnect.logHasWarningOrError, - QuickStartEnabled: Services.prefs.getBoolPref(TorLauncherPrefs.quickstart, false), + QuickStartEnabled: TorSettings.quickstart.enabled, }; // JSWindowActiveParent derived objects cannot observe directly, so create a member @@ -84,9 +83,12 @@ class TorConnectParent extends JSWindowActorParent { // TODO: handle break; } - case "nsPref:changed": { - if (aData === TorLauncherPrefs.quickstart) { - self.state.QuickStartEnabled = Services.prefs.getBoolPref(TorLauncherPrefs.quickstart); + case TorSettingsTopics.SettingChanged:{ + if (aData === TorSettingsData.QuickStartEnabled) { + self.state.QuickStartEnabled = obj.value; + } else { + // this isn't a setting torconnect cares about + return; } break; } @@ -104,7 +106,7 @@ class TorConnectParent extends JSWindowActorParent { const topic = TorConnectTopics[key]; Services.obs.addObserver(this.torConnectObserver, topic); } - Services.prefs.addObserver(TorLauncherPrefs.quickstart, this.torConnectObserver); + Services.obs.addObserver(this.torConnectObserver, TorSettingsTopics.SettingChanged); } willDestroy() { @@ -113,13 +115,14 @@ class TorConnectParent extends JSWindowActorParent { const topic = TorConnectTopics[key]; Services.obs.removeObserver(this.torConnectObserver, topic); } - Services.prefs.removeObserver(TorLauncherPrefs.quickstart, this.torConnectObserver); + Services.obs.removeObserver(this.torConnectObserver, TorSettingsTopics.SettingChanged); } receiveMessage(message) { switch (message.name) { case "torconnect:set-quickstart": - Services.prefs.setBoolPref(TorLauncherPrefs.quickstart, message.data); + TorSettings.quickstart.enabled = message.data; + TorSettings.saveToPrefs().applySettings(); break; case "torconnect:open-tor-preferences": TorConnect.openTorPreferences(); diff --git a/browser/components/torpreferences/content/parseFunctions.jsm b/browser/components/torpreferences/content/parseFunctions.jsm deleted file mode 100644 index 954759de63a5..000000000000 --- a/browser/components/torpreferences/content/parseFunctions.jsm +++ /dev/null @@ -1,89 +0,0 @@ -"use strict"; - -var EXPORTED_SYMBOLS = [ - "parsePort", - "parseAddrPort", - "parseUsernamePassword", - "parseAddrPortList", - "parseBridgeStrings", - "parsePortList", -]; - -// expects a string representation of an integer from 1 to 65535 -let parsePort = function(aPort) { - // ensure port string is a valid positive integer - const validIntRegex = /^[0-9]+$/; - if (!validIntRegex.test(aPort)) { - throw new Error(`Invalid PORT string : '${aPort}'`); - } - - // ensure port value is on valid range - let port = Number.parseInt(aPort); - if (port < 1 || port > 65535) { - throw new Error( - `Invalid PORT value, needs to be on range [1,65535] : '${port}'` - ); - } - - return port; -}; -// expects a string in the format: "ADDRESS:PORT" -let parseAddrPort = function(aAddrColonPort) { - let tokens = aAddrColonPort.split(":"); - if (tokens.length != 2) { - throw new Error(`Invalid ADDRESS:PORT string : '${aAddrColonPort}'`); - } - let address = tokens[0]; - let port = parsePort(tokens[1]); - return [address, port]; -}; - -// expects a string in the format: "USERNAME:PASSWORD" -// split on the first colon and any subsequent go into password -let parseUsernamePassword = function(aUsernameColonPassword) { - let colonIndex = aUsernameColonPassword.indexOf(":"); - if (colonIndex < 0) { - // we don't log the contents of the potentially password containing string - throw new Error("Invalid USERNAME:PASSWORD string"); - } - - let username = aUsernameColonPassword.substring(0, colonIndex); - let password = aUsernameColonPassword.substring(colonIndex + 1); - - return [username, password]; -}; - -// expects a string in the format: ADDRESS:PORT,ADDRESS:PORT,... -// returns array of ports (as ints) -let parseAddrPortList = function(aAddrPortList) { - let addrPorts = aAddrPortList.split(","); - // parse ADDRESS:PORT string and only keep the port (second element in returned array) - let retval = addrPorts.map(addrPort => parseAddrPort(addrPort)[1]); - return retval; -}; - -// expects a '/n' or '/r/n' delimited bridge string, which we split and trim -// each bridge string can also optionally have 'bridge' at the beginning ie: -// bridge $(type) $(address):$(port) $(certificate) -// we strip out the 'bridge' prefix here -let parseBridgeStrings = function(aBridgeStrings) { - - // replace carriage returns ('\r') with new lines ('\n') - aBridgeStrings = aBridgeStrings.replace(/\r/g, "\n"); - // then replace contiguous new lines ('\n') with a single one - aBridgeStrings = aBridgeStrings.replace(/[\n]+/g, "\n"); - - // split on the newline and for each bridge string: trim, remove starting 'bridge' string - // finally discard entries that are empty strings; empty strings could occur if we receive - // a new line containing only whitespace - let splitStrings = aBridgeStrings.split("\n"); - return splitStrings.map(val => val.trim().replace(/^bridge\s+/i, "")) - .filter(bridgeString => bridgeString != ""); -}; - -// expecting a ',' delimited list of ints with possible white space between -// returns an array of ints -let parsePortList = function(aPortListString) { - let splitStrings = aPortListString.split(","); - return splitStrings.map(val => parsePort(val.trim())); -}; diff --git a/browser/components/torpreferences/content/torBridgeSettings.jsm b/browser/components/torpreferences/content/torBridgeSettings.jsm deleted file mode 100644 index ceb61d3ec972..000000000000 --- a/browser/components/torpreferences/content/torBridgeSettings.jsm +++ /dev/null @@ -1,325 +0,0 @@ -"use strict"; - -var EXPORTED_SYMBOLS = [ - "TorBridgeSource", - "TorBridgeSettings", - "makeTorBridgeSettingsNone", - "makeTorBridgeSettingsBuiltin", - "makeTorBridgeSettingsBridgeDB", - "makeTorBridgeSettingsUserProvided", -]; - -const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); -const { TorProtocolService } = ChromeUtils.import( - "resource:///modules/TorProtocolService.jsm" -); -const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); - -const TorBridgeSource = { - NONE: "NONE", - BUILTIN: "BUILTIN", - BRIDGEDB: "BRIDGEDB", - USERPROVIDED: "USERPROVIDED", -}; - -class TorBridgeSettings { - constructor() { - this._bridgeSource = TorBridgeSource.NONE; - this._selectedDefaultBridgeType = null; - this._bridgeStrings = []; - } - - get selectedDefaultBridgeType() { - if (this._bridgeSource == TorBridgeSource.BUILTIN) { - return this._selectedDefaultBridgeType; - } - return undefined; - } - - get bridgeSource() { - return this._bridgeSource; - } - - // for display - get bridgeStrings() { - return this._bridgeStrings.join("\n"); - } - - // raw - get bridgeStringsArray() { - return this._bridgeStrings; - } - - static get defaultBridgeTypes() { - if (TorBridgeSettings._defaultBridgeTypes) { - return TorBridgeSettings._defaultBridgeTypes; - } - - let bridgeListBranch = Services.prefs.getBranch( - TorStrings.preferenceBranches.defaultBridge - ); - let bridgePrefs = bridgeListBranch.getChildList("", {}); - - // an unordered set for shoving bridge types into - let bridgeTypes = new Set(); - // look for keys ending in ".N" and treat string before that as the bridge type - const pattern = /\.[0-9]+$/; - for (const key of bridgePrefs) { - const offset = key.search(pattern); - if (offset != -1) { - const bt = key.substring(0, offset); - bridgeTypes.add(bt); - } - } - - // recommended bridge type goes first in the list - let recommendedBridgeType = Services.prefs.getCharPref( - TorStrings.preferenceKeys.recommendedBridgeType, - null - ); - - let retval = []; - if (recommendedBridgeType && bridgeTypes.has(recommendedBridgeType)) { - retval.push(recommendedBridgeType); - } - - for (const bridgeType of bridgeTypes.values()) { - if (bridgeType != recommendedBridgeType) { - retval.push(bridgeType); - } - } - - // cache off - TorBridgeSettings._defaultBridgeTypes = retval; - return retval; - } - - _readDefaultBridges(aBridgeType) { - let bridgeBranch = Services.prefs.getBranch( - TorStrings.preferenceBranches.defaultBridge - ); - let bridgeBranchPrefs = bridgeBranch.getChildList("", {}); - - let retval = []; - - // regex matches against strings ending in ".N" where N is a positive integer - let pattern = /\.[0-9]+$/; - for (const key of bridgeBranchPrefs) { - // verify the location of the match is the correct offset required for aBridgeType - // to fit, and that the string begins with aBridgeType - if ( - key.search(pattern) == aBridgeType.length && - key.startsWith(aBridgeType) - ) { - let bridgeStr = bridgeBranch.getCharPref(key); - retval.push(bridgeStr); - } - } - - // fisher-yates shuffle - // shuffle so that Tor Browser users don't all try the built-in bridges in the same order - for (let i = retval.length - 1; i > 0; --i) { - // number n such that 0.0 <= n < 1.0 - const n = Math.random(); - // integer j such that 0 <= j <= i - const j = Math.floor(n * (i + 1)); - - // swap values at indices i and j - const tmp = retval[i]; - retval[i] = retval[j]; - retval[j] = tmp; - } - - return retval; - } - - _readBridgeDBBridges() { - let bridgeBranch = Services.prefs.getBranch( - `${TorStrings.preferenceBranches.bridgeDBBridges}` - ); - let bridgeBranchPrefs = bridgeBranch.getChildList("", {}); - // the child prefs do not come in any particular order so sort the keys - // so the values can be compared to what we get out off torrc - bridgeBranchPrefs.sort(); - - // just assume all of the prefs under the parent point to valid bridge string - let retval = bridgeBranchPrefs.map(key => - bridgeBranch.getCharPref(key).trim() - ); - - return retval; - } - - _readTorrcBridges() { - let bridgeList = TorProtocolService.readStringArraySetting( - TorStrings.configKeys.bridgeList - ); - - let retval = []; - for (const line of bridgeList) { - let trimmedLine = line.trim(); - if (trimmedLine) { - retval.push(trimmedLine); - } - } - - return retval; - } - - // analagous to initBridgeSettings() - readSettings() { - // restore to defaults - this._bridgeSource = TorBridgeSource.NONE; - this._selectedDefaultBridgeType = null; - this._bridgeStrings = []; - - // So the way tor-launcher determines the origin of the configured bridges is a bit - // weird and depends on inferring our scenario based on some firefox prefs and the - // relationship between the saved list of bridges in about:config vs the list saved in torrc - - // first off, if "extensions.torlauncher.default_bridge_type" is set to one of our - // builtin default types (obfs4, meek-azure, snowflake, etc) then we provide the - // bridges in "extensions.torlauncher.default_bridge.*" (filtered by our default_bridge_type) - - // next, we compare the list of bridges saved in torrc to the bridges stored in the - // "extensions.torlauncher.bridgedb_bridge."" branch. If they match *exactly* then we assume - // the bridges were retrieved from BridgeDB and use those. If the torrc list is empty then we know - // we have no bridge settings - - // finally, if none of the previous conditions are not met, it is assumed the bridges stored in - // torrc are user-provided - - // what we should(?) do once we excise tor-launcher entirely is explicitly store an int/enum in - // about:config that tells us which scenario we are in so we don't have to guess - - let defaultBridgeType = Services.prefs.getCharPref( - TorStrings.preferenceKeys.defaultBridgeType, - null - ); - - // check if source is BUILTIN - if (defaultBridgeType) { - this._bridgeStrings = this._readDefaultBridges(defaultBridgeType); - this._bridgeSource = TorBridgeSource.BUILTIN; - this._selectedDefaultBridgeType = defaultBridgeType; - return; - } - - let torrcBridges = this._readTorrcBridges(); - - // no stored bridges means no bridge is in use - if (torrcBridges.length == 0) { - this._bridgeStrings = []; - this._bridgeSource = TorBridgeSource.NONE; - return; - } - - let bridgedbBridges = this._readBridgeDBBridges(); - - // if these two lists are equal then we got our bridges from bridgedb - // ie: same element in identical order - let arraysEqual = (left, right) => { - if (left.length != right.length) { - return false; - } - const length = left.length; - for (let i = 0; i < length; ++i) { - if (left[i] != right[i]) { - return false; - } - } - return true; - }; - - // agreement between prefs and torrc means bridgedb bridges - if (arraysEqual(torrcBridges, bridgedbBridges)) { - this._bridgeStrings = torrcBridges; - this._bridgeSource = TorBridgeSource.BRIDGEDB; - return; - } - - // otherwise they must be user provided - this._bridgeStrings = torrcBridges; - this._bridgeSource = TorBridgeSource.USERPROVIDED; - } - - writeSettings() { - let settingsObject = new Map(); - - // init tor bridge settings to null - settingsObject.set(TorStrings.configKeys.useBridges, null); - settingsObject.set(TorStrings.configKeys.bridgeList, null); - - // clear bridge related firefox prefs - Services.prefs.setCharPref(TorStrings.preferenceKeys.defaultBridgeType, ""); - let bridgeBranch = Services.prefs.getBranch( - `${TorStrings.preferenceBranches.bridgeDBBridges}` - ); - let bridgeBranchPrefs = bridgeBranch.getChildList("", {}); - for (const pref of bridgeBranchPrefs) { - Services.prefs.clearUserPref( - `${TorStrings.preferenceBranches.bridgeDBBridges}${pref}` - ); - } - - switch (this._bridgeSource) { - case TorBridgeSource.BUILTIN: - // set builtin bridge type to use in prefs - Services.prefs.setCharPref( - TorStrings.preferenceKeys.defaultBridgeType, - this._selectedDefaultBridgeType - ); - break; - case TorBridgeSource.BRIDGEDB: - // save bridges off to prefs - for (let i = 0; i < this.bridgeStringsArray.length; ++i) { - Services.prefs.setCharPref( - `${TorStrings.preferenceBranches.bridgeDBBridges}${i}`, - this.bridgeStringsArray[i] - ); - } - break; - } - - // write over our bridge list if bridges are enabled - if (this._bridgeSource != TorBridgeSource.NONE) { - settingsObject.set(TorStrings.configKeys.useBridges, true); - settingsObject.set( - TorStrings.configKeys.bridgeList, - this.bridgeStringsArray - ); - } - TorProtocolService.writeSettings(settingsObject); - } -} - -function makeTorBridgeSettingsNone() { - return new TorBridgeSettings(); -} - -function makeTorBridgeSettingsBuiltin(aBridgeType) { - let retval = new TorBridgeSettings(); - retval._bridgeSource = TorBridgeSource.BUILTIN; - retval._selectedDefaultBridgeType = aBridgeType; - retval._bridgeStrings = retval._readDefaultBridges(aBridgeType); - - return retval; -} - -function makeTorBridgeSettingsBridgeDB(aBridges) { - let retval = new TorBridgeSettings(); - retval._bridgeSource = TorBridgeSource.BRIDGEDB; - retval._selectedDefaultBridgeType = null; - retval._bridgeStrings = aBridges; - - return retval; -} - -function makeTorBridgeSettingsUserProvided(aBridges) { - let retval = new TorBridgeSettings(); - retval._bridgeSource = TorBridgeSource.USERPROVIDED; - retval._selectedDefaultBridgeType = null; - retval._bridgeStrings = aBridges; - - return retval; -} diff --git a/browser/components/torpreferences/content/torFirewallSettings.jsm b/browser/components/torpreferences/content/torFirewallSettings.jsm deleted file mode 100644 index e77f18ef2fae..000000000000 --- a/browser/components/torpreferences/content/torFirewallSettings.jsm +++ /dev/null @@ -1,72 +0,0 @@ -"use strict"; - -var EXPORTED_SYMBOLS = [ - "TorFirewallSettings", - "makeTorFirewallSettingsNone", - "makeTorFirewallSettingsCustom", -]; - -const { TorProtocolService } = ChromeUtils.import( - "resource:///modules/TorProtocolService.jsm" -); -const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); -const { parseAddrPortList } = ChromeUtils.import( - "chrome://browser/content/torpreferences/parseFunctions.jsm" -); - -class TorFirewallSettings { - constructor() { - this._allowedPorts = []; - } - - get portsConfigurationString() { - let portStrings = this._allowedPorts.map(port => `*:${port}`); - return portStrings.join(","); - } - - get commaSeparatedListString() { - return this._allowedPorts.join(","); - } - - get hasPorts() { - return this._allowedPorts.length > 0; - } - - readSettings() { - let addressPortList = TorProtocolService.readStringSetting( - TorStrings.configKeys.reachableAddresses - ); - - let allowedPorts = []; - if (addressPortList) { - allowedPorts = parseAddrPortList(addressPortList); - } - this._allowedPorts = allowedPorts; - } - - writeSettings() { - let settingsObject = new Map(); - - // init to null so Tor daemon resets if no ports - settingsObject.set(TorStrings.configKeys.reachableAddresses, null); - - if (this._allowedPorts.length > 0) { - settingsObject.set( - TorStrings.configKeys.reachableAddresses, - this.portsConfigurationString - ); - } - - TorProtocolService.writeSettings(settingsObject); - } -} - -function makeTorFirewallSettingsNone() { - return new TorFirewallSettings(); -} - -function makeTorFirewallSettingsCustom(aPortsList) { - let retval = new TorFirewallSettings(); - retval._allowedPorts = aPortsList; - return retval; -} diff --git a/browser/components/torpreferences/content/torPane.js b/browser/components/torpreferences/content/torPane.js index 59ecdec6d1d9..6dbc6b3c0e91 100644 --- a/browser/components/torpreferences/content/torPane.js +++ b/browser/components/torpreferences/content/torPane.js @@ -2,6 +2,10 @@ /* global Services */ +const { TorSettings, TorSettingsTopics, TorSettingsData, TorBridgeSource, TorBuiltinBridgeTypes, TorProxyType } = ChromeUtils.import( + "resource:///modules/TorSettings.jsm" +); + const { TorProtocolService } = ChromeUtils.import( "resource:///modules/TorProtocolService.jsm" ); @@ -10,35 +14,6 @@ const { TorConnect } = ChromeUtils.import( "resource:///modules/TorConnect.jsm" ); -const { - TorBridgeSource, - TorBridgeSettings, - makeTorBridgeSettingsNone, - makeTorBridgeSettingsBuiltin, - makeTorBridgeSettingsBridgeDB, - makeTorBridgeSettingsUserProvided, -} = ChromeUtils.import( - "chrome://browser/content/torpreferences/torBridgeSettings.jsm" -); - -const { - TorProxyType, - TorProxySettings, - makeTorProxySettingsNone, - makeTorProxySettingsSocks4, - makeTorProxySettingsSocks5, - makeTorProxySettingsHTTPS, -} = ChromeUtils.import( - "chrome://browser/content/torpreferences/torProxySettings.jsm" -); -const { - TorFirewallSettings, - makeTorFirewallSettingsNone, - makeTorFirewallSettingsCustom, -} = ChromeUtils.import( - "chrome://browser/content/torpreferences/torFirewallSettings.jsm" -); - const { TorLogDialog } = ChromeUtils.import( "chrome://browser/content/torpreferences/torLogDialog.jsm" ); @@ -53,14 +28,6 @@ ChromeUtils.defineModuleGetter( "resource:///modules/TorStrings.jsm" ); -const { parsePort, parseBridgeStrings, parsePortList } = ChromeUtils.import( - "chrome://browser/content/torpreferences/parseFunctions.jsm" -); - -const TorLauncherPrefs = { - quickstart: "extensions.torlauncher.quickstart", -} - /* Tor Pane @@ -253,10 +220,11 @@ const gTorPane = (function() { ); this._enableQuickstartCheckbox.addEventListener("command", e => { const checked = this._enableQuickstartCheckbox.checked; - Services.prefs.setBoolPref(TorLauncherPrefs.quickstart, checked); + TorSettings.quickstart.enabled = checked; + TorSettings.saveToPrefs().applySettings(); }); - this._enableQuickstartCheckbox.checked = Services.prefs.getBoolPref(TorLauncherPrefs.quickstart); - Services.prefs.addObserver(TorLauncherPrefs.quickstart, this); + this._enableQuickstartCheckbox.checked = TorSettings.quickstart.enabled; + Services.obs.addObserver(this, TorSettingsTopics.SettingChanged); // Bridge setup prefpane.querySelector(selectors.bridges.header).innerText = @@ -283,7 +251,7 @@ const gTorPane = (function() { this._bridgeSelectionRadiogroup = prefpane.querySelector( selectors.bridges.bridgeSelectionRadiogroup ); - this._bridgeSelectionRadiogroup.value = TorBridgeSource.BUILTIN; + this._bridgeSelectionRadiogroup.value = TorBridgeSource.BuiltIn; this._bridgeSelectionRadiogroup.addEventListener("command", e => { const value = this._bridgeSelectionRadiogroup.value; gTorPane.onSelectBridgeOption(value).onUpdateBridgeSettings(); @@ -297,7 +265,7 @@ const gTorPane = (function() { "label", TorStrings.settings.selectBridge ); - this._builtinBridgeOption.setAttribute("value", TorBridgeSource.BUILTIN); + this._builtinBridgeOption.setAttribute("value", TorBridgeSource.BuiltIn); this._builtinBridgeMenulist = prefpane.querySelector( selectors.bridges.builtinBridgeList ); @@ -313,7 +281,7 @@ const gTorPane = (function() { "label", TorStrings.settings.requestBridgeFromTorProject ); - this._requestBridgeOption.setAttribute("value", TorBridgeSource.BRIDGEDB); + this._requestBridgeOption.setAttribute("value", TorBridgeSource.BridgeDB); this._requestBridgeButton = prefpane.querySelector( selectors.bridges.requestBridgeButton ); @@ -338,7 +306,7 @@ const gTorPane = (function() { ); this._provideBridgeOption.setAttribute( "value", - TorBridgeSource.USERPROVIDED + TorBridgeSource.UserProvided ); prefpane.querySelector( selectors.bridges.provideBridgeDescription @@ -387,11 +355,11 @@ const gTorPane = (function() { let mockProxies = [ { - value: TorProxyType.SOCKS4, + value: TorProxyType.Socks4, label: TorStrings.settings.proxyTypeSOCKS4, }, { - value: TorProxyType.SOCKS5, + value: TorProxyType.Socks5, label: TorStrings.settings.proxyTypeSOCKS5, }, { value: TorProxyType.HTTPS, label: TorStrings.settings.proxyTypeHTTP }, @@ -542,12 +510,8 @@ const gTorPane = (function() { true ); - // load bridge settings - let torBridgeSettings = new TorBridgeSettings(); - torBridgeSettings.readSettings(); - - // populate the bridge list - for (let currentBridge of TorBridgeSettings.defaultBridgeTypes) { + // init bridge UI + for (let currentBridge of TorBuiltinBridgeTypes) { let menuEntry = document.createXULElement("menuitem"); menuEntry.setAttribute("value", currentBridge); menuEntry.setAttribute("label", currentBridge); @@ -556,57 +520,56 @@ const gTorPane = (function() { .appendChild(menuEntry); } - this.onSelectBridgeOption(torBridgeSettings.bridgeSource); - this.onToggleBridge( - torBridgeSettings.bridgeSource != TorBridgeSource.NONE - ); - switch (torBridgeSettings.bridgeSource) { - case TorBridgeSource.NONE: - break; - case TorBridgeSource.BUILTIN: - this._builtinBridgeMenulist.value = - torBridgeSettings.selectedDefaultBridgeType; - break; - case TorBridgeSource.BRIDGEDB: - this._requestBridgeTextarea.value = torBridgeSettings.bridgeStrings; - break; - case TorBridgeSource.USERPROVIDED: - this._provideBridgeTextarea.value = torBridgeSettings.bridgeStrings; - break; + if (TorSettings.bridges.enabled) { + this.onSelectBridgeOption(TorSettings.bridges.source); + this.onToggleBridge( + TorSettings.bridges.source != TorBridgeSource.Invalid + ); + switch (TorSettings.bridges.source) { + case TorBridgeSource.Invalid: + break; + case TorBridgeSource.BuiltIn: + this._builtinBridgeMenulist.value = TorSettings.bridges.builtin_type; + break; + case TorBridgeSource.BridgeDB: + this._requestBridgeTextarea.value = TorSettings.bridges.bridge_strings.join("\n"); + break; + case TorBridgeSource.UserProvided: + this._provideBridgeTextarea.value = TorSettings.bridges.bridge_strings.join("\n"); + break; + } } - this._bridgeSettings = torBridgeSettings; - - // load proxy settings - let torProxySettings = new TorProxySettings(); - torProxySettings.readSettings(); - - if (torProxySettings.type != TorProxyType.NONE) { + // init proxy UI + if (TorSettings.proxy.enabled) { this.onToggleProxy(true); - this.onSelectProxyType(torProxySettings.type); - this._proxyAddressTextbox.value = torProxySettings.address; - this._proxyPortTextbox.value = torProxySettings.port; - this._proxyUsernameTextbox.value = torProxySettings.username; - this._proxyPasswordTextbox.value = torProxySettings.password; + this.onSelectProxyType(TorSettings.proxy.type); + this._proxyAddressTextbox.value = TorSettings.proxy.address; + this._proxyPortTextbox.value = TorSettings.proxy.port; + this._proxyUsernameTextbox.value = TorSettings.proxy.username; + this._proxyPasswordTextbox.value = TorSettings.proxy.password; } - this._proxySettings = torProxySettings; - - // load firewall settings - let torFirewallSettings = new TorFirewallSettings(); - torFirewallSettings.readSettings(); - - if (torFirewallSettings.hasPorts) { + // init firewall + if (TorSettings.firewall.enabled) { this.onToggleFirewall(true); - this._allowedPortsTextbox.value = - torFirewallSettings.commaSeparatedListString; + this._allowedPortsTextbox.value = TorSettings.firewall.allowed_ports.join(", "); } - - this._firewallSettings = torFirewallSettings; }, init() { this._populateXUL(); + + let onUnload = () => { + window.removeEventListener("unload", onUnload); + gTorPane.uninit(); + }; + window.addEventListener("unload", onUnload); + }, + + uninit() { + // unregister our observer topics + Services.obs.removeObserver(TorSettingsTopics.SettingChanged, this); }, // whether the page should be present in about:preferences @@ -620,10 +583,14 @@ const gTorPane = (function() { // callback for when the quickstart pref changes observe(subject, topic, data) { - if (topic != "nsPref:changed") return; - if (data === TorLauncherPrefs.quickstart) { - this._enableQuickstartCheckbox.checked = - Services.prefs.getBoolPref(TorLauncherPrefs.quickstart); + if (topic === TorSettingsTopics.SettingChanged) { + let obj = subject?.wrappedJSObject; + switch(data) { + case TorSettingsData.QuickStartEnabled: { + this._enableQuickstartCheckbox.checked = obj.value; + break; + } + } } }, @@ -650,13 +617,17 @@ const gTorPane = (function() { if (enabled) { this.onSelectBridgeOption(this._bridgeSelectionRadiogroup.value); } else { - this.onSelectBridgeOption(TorBridgeSource.NONE); + this.onSelectBridgeOption(TorBridgeSource.Invalid); } return this; }, // callback when a bridge option is selected onSelectBridgeOption(source) { + if (typeof source === "string") { + source = parseInt(source); + } + // disable all of the bridge elements under radio buttons this._setElementsDisabled( [ @@ -668,23 +639,23 @@ const gTorPane = (function() { true ); - if (source != TorBridgeSource.NONE) { + if (source != TorBridgeSource.Invalid) { this._bridgeSelectionRadiogroup.value = source; } switch (source) { - case TorBridgeSource.BUILTIN: { + case TorBridgeSource.BuiltIn: { this._setElementsDisabled([this._builtinBridgeMenulist], false); break; } - case TorBridgeSource.BRIDGEDB: { + case TorBridgeSource.BridgeDB: { this._setElementsDisabled( [this._requestBridgeButton, this._requestBridgeTextarea], false ); break; } - case TorBridgeSource.USERPROVIDED: { + case TorBridgeSource.UserProvided: { this._setElementsDisabled([this._provideBridgeTextarea], false); break; } @@ -697,14 +668,17 @@ const gTorPane = (function() { let requestBridgeDialog = new RequestBridgeDialog(); requestBridgeDialog.openDialog( gSubDialog, - this._proxySettings.proxyURI, + TorSettings.proxy.uri, aBridges => { if (aBridges.length > 0) { - let bridgeSettings = makeTorBridgeSettingsBridgeDB(aBridges); - bridgeSettings.writeSettings(); - this._bridgeSettings = bridgeSettings; - - this._requestBridgeTextarea.value = bridgeSettings.bridgeStrings; + let bridgeStrings = aBridges.join("\n"); + TorSettings.bridges.enabled = true; + TorSettings.bridges.source = TorBridgeSource.BridgeDB; + TorSettings.bridges.bridge_strings = bridgeStrings; + TorSettings.saveToPrefs(); + TorSettings.applySettings(); + + this._requestBridgeTextarea.value = bridgeStrings; } } ); @@ -713,53 +687,56 @@ const gTorPane = (function() { // pushes bridge settings from UI to tor onUpdateBridgeSettings() { - let bridgeSettings = null; - let source = this._useBridgeCheckbox.checked - ? this._bridgeSelectionRadiogroup.value - : TorBridgeSource.NONE; + ? parseInt(this._bridgeSelectionRadiogroup.value) + : TorBridgeSource.Invalid; + switch (source) { - case TorBridgeSource.NONE: { - bridgeSettings = makeTorBridgeSettingsNone(); - break; + case TorBridgeSource.Invalid: { + TorSettings.bridges.enabled = false; } - case TorBridgeSource.BUILTIN: { + break; + case TorBridgeSource.BuiltIn: { // if there is a built-in bridge already selected, use that let bridgeType = this._builtinBridgeMenulist.value; + console.log(`bridge type: ${bridgeType}`); if (bridgeType) { - bridgeSettings = makeTorBridgeSettingsBuiltin(bridgeType); + TorSettings.bridges.enabled = true; + TorSettings.bridges.source = TorBridgeSource.BuiltIn; + TorSettings.bridges.builtin_type = bridgeType; } else { - bridgeSettings = makeTorBridgeSettingsNone(); + TorSettings.bridges.enabled = false; } break; } - case TorBridgeSource.BRIDGEDB: { + case TorBridgeSource.BridgeDB: { // if there are bridgedb bridges saved in the text area, use them let bridgeStrings = this._requestBridgeTextarea.value; if (bridgeStrings) { - let bridgeStringList = parseBridgeStrings(bridgeStrings); - bridgeSettings = makeTorBridgeSettingsBridgeDB(bridgeStringList); + TorSettings.bridges.enabled = true; + TorSettings.bridges.source = TorBridgeSource.BridgeDB; + TorSettings.bridges.bridge_strings = bridgeStrings; } else { - bridgeSettings = makeTorBridgeSettingsNone(); + TorSettings.bridges.enabled = false; } break; } - case TorBridgeSource.USERPROVIDED: { + case TorBridgeSource.UserProvided: { // if bridges already exist in the text area, use them let bridgeStrings = this._provideBridgeTextarea.value; if (bridgeStrings) { - let bridgeStringList = parseBridgeStrings(bridgeStrings); - bridgeSettings = makeTorBridgeSettingsUserProvided( - bridgeStringList - ); + TorSettings.bridges.enabled = true; + TorSettings.bridges.source = TorBridgeSource.UserProvided; + TorSettings.bridges.bridge_strings = bridgeStrings; } else { - bridgeSettings = makeTorBridgeSettingsNone(); + TorSettings.bridges.enabled = false; } break; } } - bridgeSettings.writeSettings(); - this._bridgeSettings = bridgeSettings; + TorSettings.saveToPrefs(); + TorSettings.applySettings(); + return this; }, @@ -789,12 +766,13 @@ const gTorPane = (function() { // callback when proxy type is changed onSelectProxyType(value) { - if (value == "") { - value = TorProxyType.NONE; + if (typeof value === "string") { + value = parseInt(value); } + this._proxyTypeMenulist.value = value; switch (value) { - case TorProxyType.NONE: { + case TorProxyType.Invalid: { this._setElementsDisabled( [ this._proxyAddressLabel, @@ -815,7 +793,7 @@ const gTorPane = (function() { this._proxyPasswordTextbox.value = ""; break; } - case TorProxyType.SOCKS4: { + case TorProxyType.Socks4: { this._setElementsDisabled( [ this._proxyAddressLabel, @@ -839,7 +817,7 @@ const gTorPane = (function() { this._proxyPasswordTextbox.value = ""; break; } - case TorProxyType.SOCKS5: + case TorProxyType.Socks5: case TorProxyType.HTTPS: { this._setElementsDisabled( [ @@ -862,46 +840,45 @@ const gTorPane = (function() { // pushes proxy settings from UI to tor onUpdateProxySettings() { - const proxyType = this._useProxyCheckbox.checked - ? this._proxyTypeMenulist.value - : TorProxyType.NONE; - const addressString = this._proxyAddressTextbox.value; - const portString = this._proxyPortTextbox.value; - const usernameString = this._proxyUsernameTextbox.value; - const passwordString = this._proxyPasswordTextbox.value; - - let proxySettings = null; - - switch (proxyType) { - case TorProxyType.NONE: - proxySettings = makeTorProxySettingsNone(); + const type = this._useProxyCheckbox.checked + ? parseInt(this._proxyTypeMenulist.value) + : TorProxyType.Invalid; + const address = this._proxyAddressTextbox.value; + const port = this._proxyPortTextbox.value; + const username = this._proxyUsernameTextbox.value; + const password = this._proxyPasswordTextbox.value; + + switch (type) { + case TorProxyType.Invalid: + TorSettings.proxy.enabled = false; break; - case TorProxyType.SOCKS4: - proxySettings = makeTorProxySettingsSocks4( - addressString, - parsePort(portString) - ); + case TorProxyType.Socks4: + TorSettings.proxy.enabled = true; + TorSettings.proxy.type = type; + TorSettings.proxy.address = address; + TorSettings.proxy.port = port; + break; - case TorProxyType.SOCKS5: - proxySettings = makeTorProxySettingsSocks5( - addressString, - parsePort(portString), - usernameString, - passwordString - ); + case TorProxyType.Socks5: + TorSettings.proxy.enabled = true; + TorSettings.proxy.type = type; + TorSettings.proxy.address = address; + TorSettings.proxy.port = port; + TorSettings.proxy.username = username; + TorSettings.proxy.password = password; break; case TorProxyType.HTTPS: - proxySettings = makeTorProxySettingsHTTPS( - addressString, - parsePort(portString), - usernameString, - passwordString - ); + TorSettings.proxy.enabled = true; + TorSettings.proxy.type = type; + TorSettings.proxy.address = address; + TorSettings.proxy.port = port; + TorSettings.proxy.username = username; + TorSettings.proxy.password = password; break; } + TorSettings.saveToPrefs(); + TorSettings.applySettings(); - proxySettings.writeSettings(); - this._proxySettings = proxySettings; return this; }, @@ -920,21 +897,20 @@ const gTorPane = (function() { // pushes firewall settings from UI to tor onUpdateFirewallSettings() { + let portListString = this._useFirewallCheckbox.checked ? this._allowedPortsTextbox.value : ""; - let firewallSettings = null; if (portListString) { - firewallSettings = makeTorFirewallSettingsCustom( - parsePortList(portListString) - ); + TorSettings.firewall.enabled = true; + TorSettings.firewall.allowed_ports = portListString; } else { - firewallSettings = makeTorFirewallSettingsNone(); + TorSettings.firewall.enabled = false; } + TorSettings.saveToPrefs(); + TorSettings.applySettings(); - firewallSettings.writeSettings(); - this._firewallSettings = firewallSettings; return this; }, diff --git a/browser/components/torpreferences/content/torProxySettings.jsm b/browser/components/torpreferences/content/torProxySettings.jsm deleted file mode 100644 index 98bb5e8d5cbf..000000000000 --- a/browser/components/torpreferences/content/torProxySettings.jsm +++ /dev/null @@ -1,245 +0,0 @@ -"use strict"; - -var EXPORTED_SYMBOLS = [ - "TorProxyType", - "TorProxySettings", - "makeTorProxySettingsNone", - "makeTorProxySettingsSocks4", - "makeTorProxySettingsSocks5", - "makeTorProxySettingsHTTPS", -]; - -const { TorProtocolService } = ChromeUtils.import( - "resource:///modules/TorProtocolService.jsm" -); -const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); -const { parseAddrPort, parseUsernamePassword } = ChromeUtils.import( - "chrome://browser/content/torpreferences/parseFunctions.jsm" -); - -const TorProxyType = { - NONE: "NONE", - SOCKS4: "SOCKS4", - SOCKS5: "SOCKS5", - HTTPS: "HTTPS", -}; - -class TorProxySettings { - constructor() { - this._proxyType = TorProxyType.NONE; - this._proxyAddress = undefined; - this._proxyPort = undefined; - this._proxyUsername = undefined; - this._proxyPassword = undefined; - } - - get type() { - return this._proxyType; - } - get address() { - return this._proxyAddress; - } - get port() { - return this._proxyPort; - } - get username() { - return this._proxyUsername; - } - get password() { - return this._proxyPassword; - } - get proxyURI() { - switch (this._proxyType) { - case TorProxyType.SOCKS4: - return `socks4a://${this._proxyAddress}:${this._proxyPort}`; - case TorProxyType.SOCKS5: - if (this._proxyUsername) { - return `socks5://${this._proxyUsername}:${this._proxyPassword}@${ - this._proxyAddress - }:${this._proxyPort}`; - } - return `socks5://${this._proxyAddress}:${this._proxyPort}`; - case TorProxyType.HTTPS: - if (this._proxyUsername) { - return `http://${this._proxyUsername}:${this._proxyPassword}@${ - this._proxyAddress - }:${this._proxyPort}`; - } - return `http://${this._proxyAddress}:${this._proxyPort}`; - } - return undefined; - } - - // attempts to read proxy settings from Tor daemon - readSettings() { - // SOCKS4 - { - let addressPort = TorProtocolService.readStringSetting( - TorStrings.configKeys.socks4Proxy - ); - if (addressPort) { - // address+port - let [proxyAddress, proxyPort] = parseAddrPort(addressPort); - - this._proxyType = TorProxyType.SOCKS4; - this._proxyAddress = proxyAddress; - this._proxyPort = proxyPort; - this._proxyUsername = ""; - this._proxyPassword = ""; - - return; - } - } - - // SOCKS5 - { - let addressPort = TorProtocolService.readStringSetting( - TorStrings.configKeys.socks5Proxy - ); - - if (addressPort) { - // address+port - let [proxyAddress, proxyPort] = parseAddrPort(addressPort); - // username - let proxyUsername = TorProtocolService.readStringSetting( - TorStrings.configKeys.socks5ProxyUsername - ); - // password - let proxyPassword = TorProtocolService.readStringSetting( - TorStrings.configKeys.socks5ProxyPassword - ); - - this._proxyType = TorProxyType.SOCKS5; - this._proxyAddress = proxyAddress; - this._proxyPort = proxyPort; - this._proxyUsername = proxyUsername; - this._proxyPassword = proxyPassword; - - return; - } - } - - // HTTP - { - let addressPort = TorProtocolService.readStringSetting( - TorStrings.configKeys.httpsProxy - ); - - if (addressPort) { - // address+port - let [proxyAddress, proxyPort] = parseAddrPort(addressPort); - - // username:password - let proxyAuthenticator = TorProtocolService.readStringSetting( - TorStrings.configKeys.httpsProxyAuthenticator - ); - - let [proxyUsername, proxyPassword] = ["", ""]; - if (proxyAuthenticator) { - [proxyUsername, proxyPassword] = parseUsernamePassword( - proxyAuthenticator - ); - } - - this._proxyType = TorProxyType.HTTPS; - this._proxyAddress = proxyAddress; - this._proxyPort = proxyPort; - this._proxyUsername = proxyUsername; - this._proxyPassword = proxyPassword; - } - } - // no proxy settings - } /* TorProxySettings::ReadFromTor() */ - - // attempts to write proxy settings to Tor daemon - // throws on error - writeSettings() { - let settingsObject = new Map(); - - // init proxy related settings to null so Tor daemon resets them - settingsObject.set(TorStrings.configKeys.socks4Proxy, null); - settingsObject.set(TorStrings.configKeys.socks5Proxy, null); - settingsObject.set(TorStrings.configKeys.socks5ProxyUsername, null); - settingsObject.set(TorStrings.configKeys.socks5ProxyPassword, null); - settingsObject.set(TorStrings.configKeys.httpsProxy, null); - settingsObject.set(TorStrings.configKeys.httpsProxyAuthenticator, null); - - switch (this._proxyType) { - case TorProxyType.SOCKS4: - settingsObject.set( - TorStrings.configKeys.socks4Proxy, - `${this._proxyAddress}:${this._proxyPort}` - ); - break; - case TorProxyType.SOCKS5: - settingsObject.set( - TorStrings.configKeys.socks5Proxy, - `${this._proxyAddress}:${this._proxyPort}` - ); - settingsObject.set( - TorStrings.configKeys.socks5ProxyUsername, - this._proxyUsername - ); - settingsObject.set( - TorStrings.configKeys.socks5ProxyPassword, - this._proxyPassword - ); - break; - case TorProxyType.HTTPS: - settingsObject.set( - TorStrings.configKeys.httpsProxy, - `${this._proxyAddress}:${this._proxyPort}` - ); - settingsObject.set( - TorStrings.configKeys.httpsProxyAuthenticator, - `${this._proxyUsername}:${this._proxyPassword}` - ); - break; - } - - TorProtocolService.writeSettings(settingsObject); - } /* TorProxySettings::WriteToTor() */ -} - -// factory methods for our various supported proxies -function makeTorProxySettingsNone() { - return new TorProxySettings(); -} - -function makeTorProxySettingsSocks4(aProxyAddress, aProxyPort) { - let retval = new TorProxySettings(); - retval._proxyType = TorProxyType.SOCKS4; - retval._proxyAddress = aProxyAddress; - retval._proxyPort = aProxyPort; - return retval; -} - -function makeTorProxySettingsSocks5( - aProxyAddress, - aProxyPort, - aProxyUsername, - aProxyPassword -) { - let retval = new TorProxySettings(); - retval._proxyType = TorProxyType.SOCKS5; - retval._proxyAddress = aProxyAddress; - retval._proxyPort = aProxyPort; - retval._proxyUsername = aProxyUsername; - retval._proxyPassword = aProxyPassword; - return retval; -} - -function makeTorProxySettingsHTTPS( - aProxyAddress, - aProxyPort, - aProxyUsername, - aProxyPassword -) { - let retval = new TorProxySettings(); - retval._proxyType = TorProxyType.HTTPS; - retval._proxyAddress = aProxyAddress; - retval._proxyPort = aProxyPort; - retval._proxyUsername = aProxyUsername; - retval._proxyPassword = aProxyPassword; - return retval; -} diff --git a/browser/components/torpreferences/jar.mn b/browser/components/torpreferences/jar.mn index 857bc9ee3eac..552c92b2feff 100644 --- a/browser/components/torpreferences/jar.mn +++ b/browser/components/torpreferences/jar.mn @@ -1,14 +1,10 @@ browser.jar: - content/browser/torpreferences/parseFunctions.jsm (content/parseFunctions.jsm) - content/browser/torpreferences/requestBridgeDialog.xhtml (content/requestBridgeDialog.xhtml) + content/browser/torpreferences/requestBridgeDialog.xhtml (content/requestBridgeDialog.xhtml) content/browser/torpreferences/requestBridgeDialog.jsm (content/requestBridgeDialog.jsm) - content/browser/torpreferences/torBridgeSettings.jsm (content/torBridgeSettings.jsm) - content/browser/torpreferences/torCategory.inc.xhtml (content/torCategory.inc.xhtml) - content/browser/torpreferences/torFirewallSettings.jsm (content/torFirewallSettings.jsm) + content/browser/torpreferences/torCategory.inc.xhtml (content/torCategory.inc.xhtml) content/browser/torpreferences/torLogDialog.jsm (content/torLogDialog.jsm) - content/browser/torpreferences/torLogDialog.xhtml (content/torLogDialog.xhtml) + content/browser/torpreferences/torLogDialog.xhtml (content/torLogDialog.xhtml) content/browser/torpreferences/torPane.js (content/torPane.js) - content/browser/torpreferences/torPane.xhtml (content/torPane.xhtml) + content/browser/torpreferences/torPane.xhtml (content/torPane.xhtml) content/browser/torpreferences/torPreferences.css (content/torPreferences.css) content/browser/torpreferences/torPreferencesIcon.svg (content/torPreferencesIcon.svg) - content/browser/torpreferences/torProxySettings.jsm (content/torProxySettings.jsm) diff --git a/browser/modules/TorConnect.jsm b/browser/modules/TorConnect.jsm index bd5c998a6063..2f947374797a 100644 --- a/browser/modules/TorConnect.jsm +++ b/browser/modules/TorConnect.jsm @@ -18,6 +18,10 @@ const { TorLauncherUtil } = ChromeUtils.import( "resource://torlauncher/modules/tl-util.jsm" ); +const { TorSettings, TorSettingsTopics } = ChromeUtils.import( + "resource:///modules/TorSettings.jsm" +); + /* Browser observer topis */ const BrowserTopics = Object.freeze({ ProfileAfterChange: "profile-after-change", @@ -25,7 +29,6 @@ const BrowserTopics = Object.freeze({ /* tor-launcher observer topics */ const TorTopics = Object.freeze({ - ProcessIsReady: "TorProcessIsReady", BootstrapStatus: "TorBootstrapStatus", BootstrapError: "TorBootstrapError", ProcessExited: "TorProcessExited", @@ -34,7 +37,6 @@ const TorTopics = Object.freeze({ /* Relevant prefs used by tor-launcher */ const TorLauncherPrefs = Object.freeze({ - quickstart: "extensions.torlauncher.quickstart", prompt_at_startup: "extensions.torlauncher.prompt_at_startup", }); @@ -250,38 +252,29 @@ const TorConnect = (() => { // Disabled this.legacyOrSystemTor(); } else { - // register the Tor topics we always care about - for (const topicKey in TorTopics) { - const topic = TorTopics[topicKey]; + let observeTopic = (topic) => { Services.obs.addObserver(this, topic); console.log(`TorConnect: observing topic '${topic}'`); - } + }; - if (TorProtocolService.torProcessStatus == TorProcessStatus.Running) { - if (this.shouldQuickStart) { - // Quickstart - this.beginBootstrap(); - } else { - // Configuring - this.beginConfigure(); - } + // register the Tor topics we always care about + for (const topicKey in TorTopics) { + const topic = TorTopics[topicKey]; + observeTopic(topic); } + observeTopic(TorSettingsTopics.Ready); } - Services.obs.removeObserver(this, topic); break; } - /* Transition out of Initial if Tor daemon wasn't running yet in BrowserTopics.ProfileAfterChange */ - case TorTopics.ProcessIsReady: { - if (this.state === TorConnectState.Initial) - { - if (this.shouldQuickStart) { - // Quickstart - this.beginBootstrap(); - } else { - // Configuring - this.beginConfigure(); - } + /* We need to wait until TorSettings have been loaded and applied before we can Quickstart */ + case TorSettingsTopics.Ready: { + if (this.shouldQuickStart) { + // Quickstart + this.beginBootstrap(); + } else { + // Configuring + this.beginConfigure(); } break; } @@ -342,7 +335,7 @@ const TorConnect = (() => { get shouldQuickStart() { // quickstart must be enabled - return Services.prefs.getBoolPref(TorLauncherPrefs.quickstart, false) && + return TorSettings.quickstart.enabled && // and the previous bootstrap attempt must have succeeded !Services.prefs.getBoolPref(TorLauncherPrefs.prompt_at_startup, true); }, diff --git a/browser/modules/TorSettings.jsm b/browser/modules/TorSettings.jsm new file mode 100644 index 000000000000..d55a5fb5759c --- /dev/null +++ b/browser/modules/TorSettings.jsm @@ -0,0 +1,811 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["TorSettings", "TorSettingsTopics", "TorSettingsData", "TorBridgeSource", "TorBuiltinBridgeTypes", "TorProxyType"]; + +const { Services } = ChromeUtils.import( + "resource://gre/modules/Services.jsm" +); + +const { TorProtocolService, TorProcessStatus } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); + +/* Browser observer topics */ +const BrowserTopics = Object.freeze({ + ProfileAfterChange: "profile-after-change", +}); + +/* tor-launcher observer topics */ +const TorTopics = Object.freeze({ + ProcessIsReady: "TorProcessIsReady", +}); + +/* TorSettings observer topics */ +const TorSettingsTopics = Object.freeze({ + Ready: "torsettings:ready", + SettingChanged: "torsettings:setting-changed", +}); + +/* TorSettings observer data (for SettingChanged topic) */ +const TorSettingsData = Object.freeze({ + QuickStartEnabled : "torsettings:quickstart_enabled", +}); + +/* Prefs used to store settings in TorBrowser prefs */ +const TorSettingsPrefs = Object.freeze({ + /* bool: are we pulling tor settings from the preferences */ + enabled: 'torbrowser.settings.enabled', + quickstart : { + /* bool: does tor connect automatically on launch */ + enabled: 'torbrowser.settings.quickstart.enabled', + }, + bridges : { + /* bool: does tor use bridges */ + enabled : 'torbrowser.settings.bridges.enabled', + /* int: -1=invalid|0=builtin|1=bridge_db|2=user_provided */ + source : 'torbrowser.settings.bridges.source', + /* string: obfs4|meek_azure|snowflake|etc */ + builtin_type : 'torbrowser.settings.bridges.builtin_type', + /* preference branch: each child branch should be a bridge string */ + bridge_strings : 'torbrowser.settings.bridges.bridge_strings', + }, + proxy : { + /* bool: does tor use a proxy */ + enabled : 'torbrowser.settings.proxy.enabled', + /* -1=invalid|0=socks4,1=socks5,2=https */ + type: 'torbrowser.settings.proxy.type', + /* string: proxy server address */ + address: 'torbrowser.settings.proxy.address', + /* int: [1,65535], proxy port */ + port: 'torbrowser.settings.proxy.port', + /* string: username */ + username: 'torbrowser.settings.proxy.username', + /* string: password */ + password: 'torbrowser.settings.proxy.password', + }, + firewall : { + /* bool: does tor have a port allow list */ + enabled: 'torbrowser.settings.firewall.enabled', + /* string: comma-delimitted list of port numbers */ + allowed_ports: 'torbrowser.settings.firewall.allowed_ports', + }, +}); + +/* Legacy tor-launcher prefs and pref branches*/ +const TorLauncherPrefs = Object.freeze({ + quickstart: "extensions.torlauncher.quickstart", + default_bridge_type: "extensions.torlauncher.default_bridge_type", + default_bridge: "extensions.torlauncher.default_bridge.", + default_bridge_recommended_type: "extensions.torlauncher.default_bridge_recommended_type", + bridgedb_bridge: "extensions.torlauncher.bridgedb_bridge.", +}); + +/* Config Keys used to configure tor daemon */ +const TorConfigKeys = Object.freeze({ + useBridges: "UseBridges", + bridgeList: "Bridge", + socks4Proxy: "Socks4Proxy", + socks5Proxy: "Socks5Proxy", + socks5ProxyUsername: "Socks5ProxyUsername", + socks5ProxyPassword: "Socks5ProxyPassword", + httpsProxy: "HTTPSProxy", + httpsProxyAuthenticator: "HTTPSProxyAuthenticator", + reachableAddresses: "ReachableAddresses", + clientTransportPlugin: "ClientTransportPlugin", +}); + +const TorBridgeSource = Object.freeze({ + Invalid: -1, + BuiltIn: 0, + BridgeDB: 1, + UserProvided: 2, +}); + +const TorProxyType = Object.freeze({ + Invalid: -1, + Socks4: 0, + Socks5: 1, + HTTPS: 2, +}); + + +const TorBuiltinBridgeTypes = Object.freeze( + (() => { + let bridgeListBranch = Services.prefs.getBranch(TorLauncherPrefs.default_bridge); + let bridgePrefs = bridgeListBranch.getChildList(""); + + // an unordered set for shoving bridge types into + let bridgeTypes = new Set(); + // look for keys ending in ".N" and treat string before that as the bridge type + const pattern = /\.[0-9]+$/; + for (const key of bridgePrefs) { + const offset = key.search(pattern); + if (offset != -1) { + const bt = key.substring(0, offset); + bridgeTypes.add(bt); + } + } + + // recommended bridge type goes first in the list + let recommendedBridgeType = Services.prefs.getCharPref(TorLauncherPrefs.default_bridge_recommended_type, null); + + let retval = []; + if (recommendedBridgeType && bridgeTypes.has(recommendedBridgeType)) { + retval.push(recommendedBridgeType); + } + + for (const bridgeType of bridgeTypes.values()) { + if (bridgeType != recommendedBridgeType) { + retval.push(bridgeType); + } + } + return retval; + })() +); + +/* Parsing Methods */ + +// expects a string representation of an integer from 1 to 65535 +let parsePort = function(aPort) { + // ensure port string is a valid positive integer + const validIntRegex = /^[0-9]+$/; + if (!validIntRegex.test(aPort)) { + return 0; + } + + // ensure port value is on valid range + let port = Number.parseInt(aPort); + if (port < 1 || port > 65535) { + return 0; + } + + return port; +}; +// expects a string in the format: "ADDRESS:PORT" +let parseAddrPort = function(aAddrColonPort) { + let tokens = aAddrColonPort.split(":"); + if (tokens.length != 2) { + return ["", 0]; + } + let address = tokens[0]; + let port = parsePort(tokens[1]); + return [address, port]; +}; + +// expects a string in the format: "USERNAME:PASSWORD" +// split on the first colon and any subsequent go into password +let parseUsernamePassword = function(aUsernameColonPassword) { + let colonIndex = aUsernameColonPassword.indexOf(":"); + if (colonIndex < 0) { + return ["", ""]; + } + + let username = aUsernameColonPassword.substring(0, colonIndex); + let password = aUsernameColonPassword.substring(colonIndex + 1); + + return [username, password]; +}; + +// expects a string in the format: ADDRESS:PORT,ADDRESS:PORT,... +// returns array of ports (as ints) +let parseAddrPortList = function(aAddrPortList) { + let addrPorts = aAddrPortList.split(","); + // parse ADDRESS:PORT string and only keep the port (second element in returned array) + let retval = addrPorts.map(addrPort => parseAddrPort(addrPort)[1]); + return retval; +}; + +// expects a '/n' or '/r/n' delimited bridge string, which we split and trim +// each bridge string can also optionally have 'bridge' at the beginning ie: +// bridge $(type) $(address):$(port) $(certificate) +// we strip out the 'bridge' prefix here +let parseBridgeStrings = function(aBridgeStrings) { + + // replace carriage returns ('\r') with new lines ('\n') + aBridgeStrings = aBridgeStrings.replace(/\r/g, "\n"); + // then replace contiguous new lines ('\n') with a single one + aBridgeStrings = aBridgeStrings.replace(/[\n]+/g, "\n"); + + // split on the newline and for each bridge string: trim, remove starting 'bridge' string + // finally discard entries that are empty strings; empty strings could occur if we receive + // a new line containing only whitespace + let splitStrings = aBridgeStrings.split("\n"); + return splitStrings.map(val => val.trim().replace(/^bridge\s+/i, "")) + .filter(bridgeString => bridgeString != ""); +}; + +// expecting a ',' delimited list of ints with possible white space between +// returns an array of ints +let parsePortList = function(aPortListString) { + let splitStrings = aPortListString.split(","); + // parse and remove duplicates + let portSet = new Set(splitStrings.map(val => parsePort(val.trim()))); + // parsePort returns 0 for failed parses, so remove 0 from list + portSet.delete(0); + return Array.from(portSet); +}; + +let getBuiltinBridgeStrings = function(builtinType) { + let bridgeBranch = Services.prefs.getBranch(TorLauncherPrefs.default_bridge); + let bridgeBranchPrefs = bridgeBranch.getChildList(""); + let retval = []; + + // regex matches against strings ending in ".N" where N is a positive integer + let pattern = /\.[0-9]+$/; + for (const key of bridgeBranchPrefs) { + // verify the location of the match is the correct offset required for aBridgeType + // to fit, and that the string begins with aBridgeType + if (key.search(pattern) == builtinType.length && + key.startsWith(builtinType)) { + let bridgeStr = bridgeBranch.getCharPref(key); + retval.push(bridgeStr); + } + } + + // shuffle so that Tor Browser users don't all try the built-in bridges in the same order + arrayShuffle(retval); + + return retval; +}; + +/* Array methods */ + +let arrayShuffle = function(array) { + // fisher-yates shuffle + for (let i = array.length - 1; i > 0; --i) { + // number n such that 0.0 <= n < 1.0 + const n = Math.random(); + // integer j such that 0 <= j <= i + const j = Math.floor(n * (i + 1)); + + // swap values at indices i and j + const tmp = array[i]; + array[i] = array[j]; + array[j] = tmp; + } +} + +let arrayCopy = function(array) { + return [].concat(array); +} + +/* TorSettings module */ + +const TorSettings = (() => { + let self = { + _settings: null, + + // tor daemon related settings + defaultSettings: function() { + let settings = { + quickstart: { + enabled: false + }, + bridges : { + enabled: false, + source: TorBridgeSource.Invalid, + builtin_type: null, + bridge_strings: [], + }, + proxy: { + enabled: false, + type: TorProxyType.Invalid, + address: null, + port: 0, + username: null, + password: null, + }, + firewall: { + enabled: false, + allowed_ports: [], + }, + }; + return settings; + }, + + /* try and load our settings, and register observers */ + init: function() { + if (TorProtocolService.ownsTorDaemon) { + // if the settings branch exists, load settings from prefs + if (Services.prefs.getBoolPref(TorSettingsPrefs.enabled, false)) { + this.loadFromPrefs(); + Services.obs.notifyObservers(null, TorSettingsTopics.Ready); + } + Services.obs.addObserver(this, BrowserTopics.ProfileAfterChange); + Services.obs.addObserver(this, TorTopics.ProcessIsReady); + } + }, + + /* wait for relevant life-cycle events to load and/or apply saved settings */ + observe: function(subject, topic, data) { + console.log(`TorSettings: observed ${topic}`); + + // once the process is ready, we need to apply our settings + let handleProcessReady = () => { + Services.obs.removeObserver(this, TorTopics.ProcessIsReady); + if (this._settings == null) { + // load settings from tor if our load in init() failed and save them to prefs + this.loadLegacy(); + this.saveToPrefs(); + } else { + // push down settings to tor + this.applySettings(); + } + Services.obs.notifyObservers(null, TorSettingsTopics.Ready); + }; + + switch (topic) { + case BrowserTopics.ProfileAfterChange: { + if (TorProtocolService.torProcessStatus == TorProcessStatus.Running) { + handleProcessReady(); + } + } + break; + case TorTopics.ProcessIsReady: { + handleProcessReady(); + } + break; + } + }, + + // load our settings from old locations (misc prefs and from tor daemon) + // TODO: remove this after some time has elapsed to ensure users have migrated to pref settings + loadLegacy: function() { + console.log("TorSettings: loadLegacy()"); + + let settings = this.defaultSettings(); + + /* Quickstart */ + settings.quickstart.enabled = Services.prefs.getBoolPref(TorLauncherPrefs.quickstart, false); + + /* Bridges + + So the way tor-launcher determines the origin of the configured bridges is a bit + weird and depends on inferring our scenario based on some firefox prefs and the + relationship between the saved list of bridges in about:config vs the list saved in torrc + + first off, if "extensions.torlauncher.default_bridge_type" is set to one of our + builtin default types (obfs4, meek-azure, snowflake, etc) then we provide the + bridges in "extensions.torlauncher.default_bridge.*" (filtered by our default_bridge_type) + + next, we compare the list of bridges saved in torrc to the bridges stored in the + "extensions.torlauncher.bridgedb_bridge."" branch. If they match *exactly* then we assume + the bridges were retrieved from BridgeDB and use those. If the torrc list is empty then we know + we have no bridge settings + + finally, if none of the previous conditions are not met, it is assumed the bridges stored in + torrc are user-provided + */ + + let builtinType = Services.prefs.getCharPref(TorLauncherPrefs.default_bridge_type, null); + + // check if source is built-in + if (builtinType) { + let builtinBridgeStrings = getBuiltinBridgeStrings(builtinType); + if (builtinBridgeStrings.length > 0) { + settings.bridges.enabled = true; + settings.bridges.source = TorBridgeSource.BuiltIn; + settings.bridges.builtin_type = builtinType; + settings.bridges.bridge_strings = builtinBridgeStrings; + } + } else { + // get our currently configured bridges from tor + let torrcBridgeStrings = (() => { + let bridgeList = TorProtocolService.readStringArraySetting(TorConfigKeys.bridgeList); + let retval = []; + for (const line of bridgeList) { + let trimmedLine = line.trim(); + if (trimmedLine) { + retval.push(trimmedLine); + } + } + return retval; + })(); + + // torrc has bridges configured + if (torrcBridgeStrings.length > 0) { + // compare tor's bridges to our saved bridgedb bridges + let bridgedbBBridgeStrings = (() => { + let bridgeBranch = Services.prefs.getBranch(TorLauncherPrefs.bridgedb_bridge); + let bridgeBranchPrefs = bridgeBranch.getChildList(""); + // the child prefs do not come in any particular order so sort the keys + // so the values can be compared to what we get out off torrc + bridgeBranchPrefs.sort(); + + // just assume all of the prefs under the parent point to valid bridge string + let retval = bridgeBranchPrefs.map(key => + bridgeBranch.getCharPref(key).trim() + ); + return retval; + })(); + + let arraysEqual = (left, right) => { + if (left.length != right.length) { + return false; + } + const length = left.length; + for (let i = 0; i < length; ++i) { + if (left[i] != right[i]) { + return false; + } + } + return true; + }; + + if (arraysEqual(torrcBridgeStrings, bridgedbBBridgeStrings)) { + settings.bridges.enabled = true; + settings.bridges.source = TorBridgeSource.BridgeDB; + settings.bridges.builtin_type = null; + settings.bridges.bridge_strings = torrcBridgeStrings; + } else { + settings.bridges.enabled = true; + settings.bridges.source = TorBridgeSource.UserProvided; + settings.bridges.builtin_type = null; + settings.bridges.bridge_strings = torrcBridgeStrings; + } + } else { + // tor has no bridge strings saved, so bridges not in use + settings.bridges.enabled = false; + settings.bridges.source = TorBridgeSource.Invalid; + settings.bridges.builtin_type = null; + settings.bridges.bridge_strings = []; + } + } + + /* Proxy */ + + let proxyString = null; + if (proxyString = TorProtocolService.readStringSetting(TorConfigKeys.socks4Proxy)) { + let [address, port] = parseAddrPort(proxyString); + + settings.proxy.enabled = true; + settings.proxy.type = TorProxyType.Socks4; + settings.proxy.address = address; + settings.proxy.port = port; + settings.proxy.username = null; + settings.proxy.password = null; + } else if (proxyString = TorProtocolService.readStringSetting(TorConfigKeys.socks5Proxy)) { + let [address, port] = parseAddrPort(proxyString); + let username = TorProtocolService.readStringSetting(TorConfigKeys.socks5ProxyUsername); + let password = TorProtocolService.readStringSetting(TorConfigKeys.socks5ProxyPassword); + + settings.proxy.enabled = true; + settings.proxy.type = TorProxyType.Socks5; + settings.proxy.address = address; + settings.proxy.port = port; + settings.proxy.username = username; + settings.proxy.password = password; + } else if (proxyString = TorProtocolService.readStringSetting(TorConfigKeys.httpsProxy)) { + let [address, port] = parseAddrPort(proxyString); + let authenticator = TorProtocolService.readStringSetting(TorConfigKeys.httpsProxyAuthenticator); + let [username, password] = parseUsernamePassword(authenticator); + + settings.proxy.enabled = true; + settings.proxy.type = TorProxyType.HTTPS; + settings.proxy.address = address; + settings.proxy.port = port; + settings.proxy.username = username; + settings.proxy.password = password; + } else { + settings.proxy.enabled = false; + settings.proxy.type = TorProxyType.Invalid; + settings.proxy.address = null; + settings.proxy.port = 0; + settings.proxy.username = null; + settings.proxy.password = null; + } + + /* Firewall */ + let firewallString = TorProtocolService.readStringSetting(TorConfigKeys.reachableAddresses); + if (firewallString) { + let allowedPorts = parseAddrPortList(firewallString); + settings.firewall.enabled = allowedPorts.length > 0; + settings.firewall.allowed_ports = allowedPorts; + } else { + settings.firewall.enabled = false; + settings.firewall.allowed_ports = []; + } + + this._settings = settings; + + return this; + }, + + // load our settings from prefs + loadFromPrefs: function() { + console.log("TorSettings: loadFromPrefs()"); + + let settings = this.defaultSettings(); + + /* Quickstart */ + settings.quickstart.enabled = Services.prefs.getBoolPref(TorSettingsPrefs.quickstart.enabled); + /* Bridges */ + settings.bridges.enabled = Services.prefs.getBoolPref(TorSettingsPrefs.bridges.enabled); + if (settings.bridges.enabled) { + settings.bridges.source = Services.prefs.getIntPref(TorSettingsPrefs.bridges.source); + // builtin bridge (obfs4, meek, snowlfake, etc) + if (settings.bridges.source == TorBridgeSource.BuiltIn) { + let builtinType = Services.prefs.getStringPref(TorSettingsPrefs.bridges.builtin_type); + settings.bridges.builtin_type = builtinType; + // always dynamically load builtin bridges rather than loading the cached versions + // if the user upgrades and the builtin bridges have changed, we want to ensure the user + // can still bootstrap using the provided bridges + let bridgeStrings = getBuiltinBridgeStrings(builtinType); + if (bridgeStrings.length > 0) { + settings.bridges.bridge_strings = bridgeStrings; + } else { + // in this case the user is using a builtin bridge that is no longer supported, + // reset to settings to default values + settings.bridges.enabled = false; + settings.bridges.source = TorBridgeSource.Invalid; + settings.bridges.builtin_type = null; + } + } else { + settings.bridges.bridge_strings = []; + let bridgeBranchPrefs = Services.prefs.getBranch(TorSettingsPrefs.bridges.bridge_strings).getChildList(""); + bridgeBranchPrefs.forEach(pref => { + let bridgeString = Services.prefs.getStringPref(`${TorSettingsPrefs.bridges.bridge_strings}${pref}`); + settings.bridges.bridge_strings.push(bridgeString); + }); + } + } else { + settings.bridges.source = TorBridgeSource.Invalid; + settings.bridges.builtin_type = null; + settings.bridges.bridge_strings = []; + } + /* Proxy */ + settings.proxy.enabled = Services.prefs.getBoolPref(TorSettingsPrefs.proxy.enabled); + if (settings.proxy.enabled) { + settings.proxy.type = Services.prefs.getIntPref(TorSettingsPrefs.proxy.type); + settings.proxy.address = Services.prefs.getStringPref(TorSettingsPrefs.proxy.address); + settings.proxy.port = Services.prefs.getIntPref(TorSettingsPrefs.proxy.port); + settings.proxy.username = Services.prefs.getStringPref(TorSettingsPrefs.proxy.username); + settings.proxy.password = Services.prefs.getStringPref(TorSettingsPrefs.proxy.password); + } else { + settings.proxy.type = TorProxyType.Invalid; + settings.proxy.address = null; + settings.proxy.port = 0; + settings.proxy.username = null; + settings.proxy.password = null; + } + + /* Firewall */ + settings.firewall.enabled = Services.prefs.getBoolPref(TorSettingsPrefs.firewall.enabled); + if(settings.firewall.enabled) { + let portList = Services.prefs.getStringPref(TorSettingsPrefs.firewall.allowed_ports); + settings.firewall.allowed_ports = parsePortList(portList); + } else { + settings.firewall.allowed_ports = 0; + } + + this._settings = settings; + + return this; + }, + + // save our settings to prefs + saveToPrefs: function() { + console.log("TorSettings: saveToPrefs()"); + + let settings = this._settings; + + /* Quickstart */ + Services.prefs.setBoolPref(TorSettingsPrefs.quickstart.enabled, settings.quickstart.enabled); + /* Bridges */ + Services.prefs.setBoolPref(TorSettingsPrefs.bridges.enabled, settings.bridges.enabled); + if (settings.bridges.enabled) { + Services.prefs.setIntPref(TorSettingsPrefs.bridges.source, settings.bridges.source); + if (settings.bridges.source === TorBridgeSource.BuiltIn) { + Services.prefs.setStringPref(TorSettingsPrefs.bridges.builtin_type, settings.bridges.builtin_type); + } else { + Services.prefs.clearUserPref(TorSettingsPrefs.bridges.builtin_type); + } + // erase existing bridge strings + let bridgeBranchPrefs = Services.prefs.getBranch(TorSettingsPrefs.bridges.bridge_strings).getChildList(""); + bridgeBranchPrefs.forEach(pref => { + Services.prefs.clearUserPref(`${TorSettingsPrefs.bridges.bridge_strings}${pref}`); + }); + // write new ones + settings.bridges.bridge_strings.forEach((string, index) => { + Services.prefs.setStringPref(`${TorSettingsPrefs.bridges.bridge_strings}.${index}`, string); + }); + } else { + Services.prefs.clearUserPref(TorSettingsPrefs.bridges.source); + Services.prefs.clearUserPref(TorSettingsPrefs.bridges.builtin_type); + let bridgeBranchPrefs = Services.prefs.getBranch(TorSettingsPrefs.bridges.bridge_strings).getChildList(""); + bridgeBranchPrefs.forEach(pref => { + Services.prefs.clearUserPref(`${TorSettingsPrefs.bridges.bridge_strings}${pref}`); + }); + } + /* Proxy */ + Services.prefs.setBoolPref(TorSettingsPrefs.proxy.enabled, settings.proxy.enabled); + if (settings.proxy.enabled) { + Services.prefs.setIntPref(TorSettingsPrefs.proxy.type, settings.proxy.type); + Services.prefs.setStringPref(TorSettingsPrefs.proxy.address, settings.proxy.address); + Services.prefs.setIntPref(TorSettingsPrefs.proxy.port, settings.proxy.port); + Services.prefs.setStringPref(TorSettingsPrefs.proxy.username, settings.proxy.username); + Services.prefs.setStringPref(TorSettingsPrefs.proxy.password, settings.proxy.password); + } else { + Services.prefs.clearUserPref(TorSettingsPrefs.proxy.type); + Services.prefs.clearUserPref(TorSettingsPrefs.proxy.address); + Services.prefs.clearUserPref(TorSettingsPrefs.proxy.port); + Services.prefs.clearUserPref(TorSettingsPrefs.proxy.username); + Services.prefs.clearUserPref(TorSettingsPrefs.proxy.password); + } + /* Firewall */ + Services.prefs.setBoolPref(TorSettingsPrefs.firewall.enabled, settings.firewall.enabled); + if (settings.firewall.enabled) { + Services.prefs.setStringPref(TorSettingsPrefs.firewall.allowed_ports, settings.firewall.allowed_ports.join(",")); + } else { + Services.prefs.clearUserPref(TorSettingsPrefs.firewall.allowed_ports); + } + + // all tor settings now stored in prefs :) + Services.prefs.setBoolPref(TorSettingsPrefs.enabled, true); + + return this; + }, + + // push our settings down to the tor daemon + applySettings: function() { + console.log("TorSettings: applySettings()"); + let settings = this._settings; + let settingsMap = new Map(); + + /* Bridges */ + settingsMap.set(TorConfigKeys.useBridges, settings.bridges.enabled); + if (settings.bridges.enabled) { + settingsMap.set(TorConfigKeys.bridgeList, settings.bridges.bridge_strings); + } else { + // shuffle bridge list + settingsMap.set(TorConfigKeys.bridgeList, null); + } + + /* Proxy */ + settingsMap.set(TorConfigKeys.socks4Proxy, null); + settingsMap.set(TorConfigKeys.socks5Proxy, null); + settingsMap.set(TorConfigKeys.socks5ProxyUsername, null); + settingsMap.set(TorConfigKeys.socks5ProxyPassword, null); + settingsMap.set(TorConfigKeys.httpsProxy, null); + settingsMap.set(TorConfigKeys.httpsProxyAuthenticator, null); + if (settings.proxy.enabled) { + let address = settings.proxy.address; + let port = settings.proxy.port; + let username = settings.proxy.username; + let password = settings.proxy.password; + + switch (settings.proxy.type) { + case TorProxyType.Socks4: + settingsMap.set(TorConfigKeys.socks4Proxy, `${address}:${port}`); + break; + case TorProxyType.Socks5: + settingsMap.set(TorConfigKeys.socks5Proxy, `${address}:${port}`); + settingsMap.set(TorConfigKeys.socks5ProxyUsername, username); + settingsMap.set(TorConfigKeys.socks5ProxyPassword, password); + break; + case TorProxyType.HTTPS: + settingsMap.set(TorConfigKeys.httpsProxy, `${address}:${port}`); + settingsMap.set(TorConfigKeys.httpsProxyAuthenticator, `${username}:${password}`); + break; + } + } + + /* Firewall */ + if (settings.firewall.enabled) { + let reachableAddresses = settings.firewall.allowed_ports.map(port => `*:${port}`).join(","); + settingsMap.set(TorConfigKeys.reachableAddresses, reachableAddresses); + } else { + settingsMap.set(TorConfigKeys.reachableAddresses, null); + } + + /* Push to Tor */ + TorProtocolService.writeSettings(settingsMap); + + return this; + }, + + /* Getters and Setters */ + + + // Quickstart + get quickstart() { + return { + get enabled() { return self._settings.quickstart.enabled; }, + set enabled(val) { + if (val != self._settings.quickstart.enabled) + { + self._settings.quickstart.enabled = val; + Services.obs.notifyObservers({value: val}, TorSettingsTopics.SettingChanged, TorSettingsData.QuickStartEnabled); + } + }, + }; + }, + + // Bridges + get bridges() { + return { + get enabled() { return self._settings.bridges.enabled; }, + set enabled(val) { + self._settings.bridges.enabled = val; + // reset bridge settings + self._settings.bridges.source = TorBridgeSource.Invalid; + self._settings.bridges.builtin_type = null; + self._settings.bridges.bridge_strings = []; + }, + get source() { return self._settings.bridges.source; }, + set source(val) { self._settings.bridges.source = val; }, + get builtin_type() { return self._settings.bridges.builtin_type; }, + set builtin_type(val) { + let bridgeStrings = getBuiltinBridgeStrings(val); + if (bridgeStrings.length > 0) { + self._settings.bridges.builtin_type = val; + self._settings.bridges.bridge_strings = bridgeStrings; + } + }, + get bridge_strings() { return arrayCopy(self._settings.bridges.bridge_strings); }, + set bridge_strings(val) { + self._settings.bridges.bridge_strings = parseBridgeStrings(val); + }, + }; + }, + + // Proxy + get proxy() { + return { + get enabled() { return self._settings.proxy.enabled; }, + set enabled(val) { + self._settings.proxy.enabled = val; + // reset proxy settings + self._settings.proxy.type = TorProxyType.Invalid; + self._settings.proxy.address = null; + self._settings.proxy.port = 0; + self._settings.proxy.username = null; + self._settings.proxy.password = null; + }, + get type() { return self._settings.proxy.type; }, + set type(val) { self._settings.proxy.type = val; }, + get address() { return self._settings.proxy.address; }, + set address(val) { self._settings.proxy.address = val; }, + get port() { return arrayCopy(self._settings.proxy.port); }, + set port(val) { self._settings.proxy.port = parsePort(val); }, + get username() { return self._settings.proxy.username; }, + set username(val) { self._settings.proxy.username = val; }, + get password() { return self._settings.proxy.password; }, + set password(val) { self._settings.proxy.password = val; }, + get uri() { + switch (this.type) { + case TorProxyType.Socks4: + return `socks4a://${this.address}:${this.port}`; + case TorProxyType.Socks5: + if (this.username) { + return `socks5://${this.username}:${this.password}@${this.address}:${this.port}`; + } + return `socks5://${this.address}:${this.port}`; + case TorProxyType.HTTPS: + if (this._proxyUsername) { + return `http://${this.username}:${this.password}@${this.address}:${this.port}`; + } + return `http://${this.address}:${this.port}`; + } + return null; + }, + }; + }, + + // Firewall + get firewall() { + return { + get enabled() { return self._settings.firewall.enabled; }, + set enabled(val) { + self._settings.firewall.enabled = val; + // reset firewall settings + self._settings.firewall.allowed_ports = []; + }, + get allowed_ports() { return self._settings.firewall.allowed_ports; }, + set allowed_ports(val) { self._settings.firewall.allowed_ports = parsePortList(val); }, + }; + }, + }; + self.init(); + return self; +})(); diff --git a/browser/modules/moz.build b/browser/modules/moz.build index 7f091e0e7711..3b74753c7614 100644 --- a/browser/modules/moz.build +++ b/browser/modules/moz.build @@ -158,6 +158,7 @@ EXTRA_JS_MODULES += [ 'TorConnect.jsm', 'TorProcessService.jsm', 'TorProtocolService.jsm', + 'TorSettings.jsm', 'TorStrings.jsm', 'TransientPrefs.jsm', 'webrtcUI.jsm', diff --git a/toolkit/components/processsingleton/MainProcessSingleton.jsm b/toolkit/components/processsingleton/MainProcessSingleton.jsm index ea9288dccbb3..702ba3fbec98 100644 --- a/toolkit/components/processsingleton/MainProcessSingleton.jsm +++ b/toolkit/components/processsingleton/MainProcessSingleton.jsm @@ -24,6 +24,11 @@ MainProcessSingleton.prototype = { null ); + ChromeUtils.import( + "resource:///modules/TorSettings.jsm", + null + ); + ChromeUtils.import( "resource:///modules/TorConnect.jsm", null diff --git a/toolkit/modules/AsyncPrefs.jsm b/toolkit/modules/AsyncPrefs.jsm index b81ff5e22b9b..aca86556cd5e 100644 --- a/toolkit/modules/AsyncPrefs.jsm +++ b/toolkit/modules/AsyncPrefs.jsm @@ -18,8 +18,6 @@ const kAllowedPrefs = new Set([ "testing.allowed-prefs.some-char-pref", "testing.allowed-prefs.some-int-pref", - "extensions.torlauncher.quickstart", - "narrate.rate", "narrate.voice",

1 0

[tor-browser/tor-browser-78.14.0esr-11.0-1] Bug 1715254 - Deny clone3 to force glibc fallback r=gcp
by sysrqb＠torproject.org 07 Sep '21

07 Sep '21

commit f90b3e7e872bdcc8aebfd5df2fd1ba754987e416 Author: Alexandre Lissy <lissyx+mozillians(a)lissyx.dyndns.org> Date: Wed Jun 9 13:45:28 2021 +0000 Bug 1715254 - Deny clone3 to force glibc fallback r=gcp Differential Revision: https://phabricator.services.mozilla.com/D117297 --- security/sandbox/linux/SandboxFilter.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp index b60902e841e4..4ee50a23d461 100644 --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -633,6 +633,9 @@ class SandboxPolicyCommon : public SandboxPolicyBase { case __NR_clone: return ClonePolicy(InvalidSyscall()); + case __NR_clone3: + return Error(ENOSYS); + // More thread creation. #ifdef __NR_set_robust_list case __NR_set_robust_list: @@ -1311,6 +1314,9 @@ class ContentSandboxPolicy : public SandboxPolicyCommon { case __NR_clone: return ClonePolicy(Error(EPERM)); + case __NR_clone3: + return Error(ENOSYS); + # ifdef __NR_fadvise64 case __NR_fadvise64: return Allow();

1 0