GitLab

at 2023-07-27T21:07:52+02:00

fixup! Add TorStrings module for localization

Move the `getLocale` function here from TorButton util.js and stop
importing it.

fixup! Bug 40933: Add tor-launcher functionality

Fix a couple of problems in TorLauncherUtil and TorParsers.

Also, moved the function to parse bridges in TorParsers.

fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection

Use the bridge line parser from TorParsers.

fixup! Bug 40933: Add tor-launcher functionality

Use actual private members for TorProcess.

fixup! Bug 40933: Add tor-launcher functionality

Group arg pushes in one line (keys and values together).

fixup! Bug 40933: Add tor-launcher functionality

TorProcess: use real private properties instead of _, and removed the
dependency on TorProtocolService (temporarily moved it to
TorMonitorService, but eventually we should unify TorProtocolService
and TorMonitorService, to then split them again in a smarter way).

fixup! Bug 10760: Integrate TorButton to TorBrowser core

Move the SOCKS preference updater to TorProtocolService.
We will need to refactor all this kind of stuff, but at least let's get
it in a single place.

Also, since this was the last bit of the startup service, remove the
file, the component and what else was needed to add them.

fixup! Bug 40933: Add tor-launcher functionality

Hashing the control port password is needed only on the process, so move
this function to TorProcess.

fixup! Bug 10760: Integrate TorButton to TorBrowser core

The hashpassword parameter has been removed.

 const { TorSettings, TorSettingsTopics, TorSettingsData, TorBridgeSource } =

   ChromeUtils.import("resource:///modules/TorSettings.jsm");

-const { TorProtocolService } = ChromeUtils.import(

-  "resource://gre/modules/TorProtocolService.jsm"

+const { TorParsers } = ChromeUtils.importESModule(

+  "resource://gre/modules/TorParsers.sys.mjs"

+);

+const { TorProtocolService } = ChromeUtils.importESModule(

+  "resource://gre/modules/TorProtocolService.sys.mjs"

 );

 const { TorMonitorService, TorMonitorTopics } = ChromeUtils.import(

   "resource://gre/modules/TorMonitorService.jsm"

         });

         const idString = TorStrings.settings.bridgeId;

         const id = card.querySelector(selectors.bridges.cardId);

-        const details = parseBridgeLine(bridgeString);

+        const details = TorParsers.parseBridgeLine(bridgeString);

         if (details && details.id !== undefined) {

           card.setAttribute("data-bridge-id", details.id);

         }

     hash & 0x000000ff,

   ];

 }
-

-function parseBridgeLine(line) {

-  const re =

-    /^\s*(\S+\s+)?([0-9a-fA-F\.\[\]\:]+:\d{1,5})(\s+[0-9a-fA-F]{40})?(\s+.+)?/;

-  const matches = line.match(re);

-  if (!matches) {

-    return null;

-  }

-  let bridge = { addr: matches[2] };

-  if (matches[1] !== undefined) {

-    bridge.transport = matches[1].trim();

-  }

-  if (matches[3] !== undefined) {

-    bridge.id = matches[3].trim().toUpperCase();

-  }

-  if (matches[4] !== undefined) {

-    bridge.args = matches[4].trim();

-  }

-  return bridge;

-}
 @RESPATH@/components/tor-launcher.manifest

 @RESPATH@/chrome/torbutton.manifest

 @RESPATH@/chrome/torbutton/*

-@RESPATH@/components/torbutton.manifest

 @RESPATH@/chrome/toolkit@JAREXT@

 @RESPATH@/chrome/toolkit.manifest

 #ifdef MOZ_GTK

 const { AppConstants } = ChromeUtils.import(

   "resource://gre/modules/AppConstants.jsm"

 );

-const { getLocale } = ChromeUtils.import(

-  "resource://torbutton/modules/utils.js"

-);

+

+function getLocale() {

+  const locale = Services.locale.appLocaleAsBCP47;

+  return locale === "ja-JP-macos" ? "ja" : locale;

+}

 /*

   Tor Property String Bundle

  * Tor Launcher Util JS Module

  *************************************************************************/

+const lazy = {};

+

+ChromeUtils.defineESModuleGetters(lazy, {

+  FileUtils: "resource://gre/modules/FileUtils.sys.jsm",

+});

+

 const kPropBundleURI = "chrome://torbutton/locale/torlauncher.properties";

 const kPropNamePrefix = "torlauncher.";

 const kIPCDirPrefName = "extensions.torlauncher.tmp_ipc_dir";

   // and return a file object. The control and SOCKS IPC objects will be

   // created by tor.

   normalize() {

-    if (!this.file.exists() && !this.isIPC) {

+    if (this.file.exists()) {

+      try {

+        this.file.normalize();

+      } catch (e) {

+        console.warn("Normalization of the path failed", e);

+      }

+    } else if (!this.isIPC) {

       throw new Error(`${this.fileType} file not found: ${this.file.path}`);

     }

-    try {

-      this.file.normalize();

-    } catch (e) {

-      console.warn("Normalization of the path failed", e);

-    }

     // Ensure that the IPC path length is short enough for use by the

     // operating system. If not, create and use a unique directory under

     return result ? result : "";

   },

+  /**

+   * Determine what kind of SOCKS port has been requested for this session or

+   * the browser has been configured for.

+   * On Windows (where Unix domain sockets are not supported), TCP is always

+   * used.

+   *

+   * The following environment variables are supported and take precedence over

+   * preferences:

+   *    TOR_TRANSPROXY (do not use a proxy)

+   *    TOR_SOCKS_IPC_PATH (file system path; ignored on Windows)

+   *    TOR_SOCKS_HOST

+   *    TOR_SOCKS_PORT

+   *

+   * The following preferences are consulted:

+   *    network.proxy.socks

+   *    network.proxy.socks_port

+   *    extensions.torlauncher.socks_port_use_ipc (Boolean)

+   *    extensions.torlauncher.socks_ipc_path (file system path)

+   * If extensions.torlauncher.socks_ipc_path is empty, a default path is used.

+   *

+   * When using TCP, if a value is not defined via an env variable it is

+   * taken from the corresponding browser preference if possible. The

+   * exceptions are:

+   *   If network.proxy.socks contains a file: URL, a default value of

+   *     "127.0.0.1" is used instead.

+   *   If the network.proxy.socks_port value is not valid (outside the

+   *     (0; 65535] range), a default value of 9150 is used instead.

+   *

+   * The SOCKS configuration will not influence the launch of a tor daemon and

+   * the configuration of the control port in any way.

+   * When a SOCKS configuration is required without TOR_SKIP_LAUNCH, the browser

+   * will try to configure the tor instance to use the required configuration.

+   * This also applies to TOR_TRANSPROXY (at least for now): tor will be

+   * launched with its defaults.

+   *

+   * TODO: add a preference to ignore the current configuration, and let tor

+   * listen on any free port. Then, the browser will prompt the daemon the port

+   * to use through the control port (even though this is quite dangerous at the

+   * moment, because with network disabled tor will disable also the SOCKS

+   * listeners, so it means that we will have to check it every time we change

+   * the network status).

+   */

+  getPreferredSocksConfiguration() {

+    if (Services.env.exists("TOR_TRANSPROXY")) {

+      Services.prefs.setBoolPref("network.proxy.socks_remote_dns", false);

+      Services.prefs.setIntPref("network.proxy.type", 0);

+      Services.prefs.setIntPref("network.proxy.socks_port", 0);

+      Services.prefs.setCharPref("network.proxy.socks", "");

+      return { transproxy: true };

+    }

+

+    let useIPC;

+    const socksPortInfo = {

+      transproxy: false,

+    };

+

+    if (!this.isWindows && Services.env.exists("TOR_SOCKS_IPC_PATH")) {

+      useIPC = true;

+      const ipcPath = Services.env.get("TOR_SOCKS_IPC_PATH");

+      if (ipcPath) {

+        socksPortInfo.ipcFile = new lazy.FileUtils.File(ipcPath);

+      }

+    } else {

+      // Check for TCP host and port environment variables.

+      if (Services.env.exists("TOR_SOCKS_HOST")) {

+        socksPortInfo.host = Services.env.get("TOR_SOCKS_HOST");

+        useIPC = false;

+      }

+      if (Services.env.exists("TOR_SOCKS_PORT")) {

+        const port = parseInt(Services.env.get("TOR_SOCKS_PORT"), 10);

+        if (Number.isInteger(port) && port > 0 && port <= 65535) {

+          socksPortInfo.port = port;

+          useIPC = false;

+        }

+      }

+    }

+

+    if (useIPC === undefined) {

+      socksPortInfo.useIPC =

+        !this.isWindows &&

+        Services.prefs.getBoolPref(

+          "extensions.torlauncher.socks_port_use_ipc",

+          false

+        );

+    }

+

+    // Fill in missing SOCKS info from prefs.

+    if (socksPortInfo.useIPC) {

+      if (!socksPortInfo.ipcFile) {

+        socksPortInfo.ipcFile = TorLauncherUtil.getTorFile("socks_ipc", false);

+      }

+    } else {

+      if (!socksPortInfo.host) {

+        let socksAddr = Services.prefs.getCharPref(

+          "network.proxy.socks",

+          "127.0.0.1"

+        );

+        let socksAddrHasHost = socksAddr && !socksAddr.startsWith("file:");

+        socksPortInfo.host = socksAddrHasHost ? socksAddr : "127.0.0.1";

+      }

+

+      if (!socksPortInfo.port) {

+        let socksPort = Services.prefs.getIntPref(

+          "network.proxy.socks_port",

+          0

+        );

+        // This pref is set as 0 by default in Firefox, use 9150 if we get 0.

+        socksPortInfo.port =

+          socksPort > 0 && socksPort <= 65535 ? socksPort : 9150;

+      }

+    }

+

+    return socksPortInfo;

+  },

+

+  setProxyConfiguration(socksPortInfo) {

+    if (socksPortInfo.transproxy) {

+      return;

+    }

+

+    if (socksPortInfo.useIPC) {

+      const fph = Services.io

+        .getProtocolHandler("file")

+        .QueryInterface(Ci.nsIFileProtocolHandler);

+      const fileURI = fph.newFileURI(socksPortInfo.ipcFile);

+      Services.prefs.setCharPref("network.proxy.socks", fileURI.spec);

+      Services.prefs.setIntPref("network.proxy.socks_port", 0);

+    } else {

+      if (socksPortInfo.host) {

+        Services.prefs.setCharPref("network.proxy.socks", socksPortInfo.host);

+      }

+      if (socksPortInfo.port) {

+        Services.prefs.setIntPref(

+          "network.proxy.socks_port",

+          socksPortInfo.port

+        );

+      }

+    }

+

+    if (socksPortInfo.ipcFile || socksPortInfo.host || socksPortInfo.port) {

+      Services.prefs.setBoolPref("network.proxy.socks_remote_dns", true);

+      Services.prefs.setIntPref("network.proxy.type", 1);

+    }

+

+    // Force prefs to be synced to disk

+    Services.prefs.savePrefFile(null);

+  },

+

   get shouldStartAndOwnTor() {

     const kPrefStartTor = "extensions.torlauncher.start_tor";

     try {

 const lazy = {};

+ChromeUtils.defineESModuleGetters(lazy, {

+  TorProtocolService: "resource://gre/modules/TorProtocolService.sys.mjs",

+});

+

 ChromeUtils.defineModuleGetter(

   lazy,

   "controller",

     // TorProcess should be instanced once, then always reused and restarted

     // only through the prompt it exposes when the controlled process dies.

     if (!this._torProcess) {

-      this._torProcess = new TorProcess();

+      this._torProcess = new TorProcess(

+        lazy.TorProtocolService.torControlPortInfo,

+        lazy.TorProtocolService.torSOCKSPortInfo

+      );

       this._torProcess.onExit = () => {

         this._shutDownEventMonitor();

         Services.obs.notifyObservers(null, TorTopics.ProcessExited);

       await this._torProcess.start();

       if (this._torProcess.isRunning) {

         logger.info("tor started");

+        this._torProcessStartTime = Date.now();

       }

     } catch (e) {

       // TorProcess already logs the error.

     rv += aStr.substring(lastAdded, aStr.length - 1);

     return rv;

   },

+

+  parseBridgeLine(line) {

+    const re =

+      /\s*(?:(?<transport>\S+)\s+)?(?<addr>[0-9a-fA-F\.\[\]\:]+:\d{1,5})(?:\s+(?<id>[0-9a-fA-F]{40}))?(?:\s+(?<args>.+))?/;

+    const match = re.exec(line);

+    if (!match) {

+      throw new Error("Invalid bridge line.");

+    }

+    const bridge = match.groups;

+    if (!bridge.transport) {

+      bridge.transport = "vanilla";

+    }

+    return bridge;

+  },

 });
+/* This Source Code Form is subject to the terms of the Mozilla Public

+ * License, v. 2.0. If a copy of the MPL was not distributed with this

+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

+

 import { setTimeout } from "resource://gre/modules/Timer.sys.mjs";

 import { ConsoleAPI } from "resource://gre/modules/Console.sys.mjs";

 import { Subprocess } from "resource://gre/modules/Subprocess.sys.mjs";

 const lazy = {};

-ChromeUtils.defineModuleGetter(

-  lazy,

-  "TorProtocolService",

-  "resource://gre/modules/TorProtocolService.jsm"

-);

-const { TorLauncherUtil } = ChromeUtils.import(

-  "resource://gre/modules/TorLauncherUtil.jsm"

-);

-

-const { TorParsers } = ChromeUtils.import(

-  "resource://gre/modules/TorParsers.jsm"

-);

+ChromeUtils.defineESModuleGetters(lazy, {

+  TorLauncherUtil: "resource://gre/modules/TorLauncherUtil.sys.mjs",

+  TorParsers: "resource://gre/modules/TorParsers.sys.mjs",

+});

 const TorProcessStatus = Object.freeze({

   Unknown: 0,

 });

 export class TorProcess {

-  _exeFile = null;

-  _dataDir = null;

-  _args = [];

-  _subprocess = null;

-  _status = TorProcessStatus.Unknown;

-  _torProcessStartTime = null; // JS Date.now()

-  _didConnectToTorControlPort = false; // Have we ever made a connection?

+  #controlSettings;

+  #socksSettings;

+  #exeFile = null;

+  #dataDir = null;

+  #args = [];

+  #subprocess = null;

+  #status = TorProcessStatus.Unknown;

+  // Have we ever made a connection on the control port?

+  #didConnectToTorControlPort = false;

+

+  onExit = exitCode => {};

+  onRestart = () => {};

+

+  constructor(controlSettings, socksSettings) {

+    if (

+      controlSettings &&

+      !controlSettings.password &&

+      !controlSettings.cookieFilePath

+    ) {

+      throw new Error("Unauthenticated control port is not supported");

+    }

-  onExit = null;

-  onRestart = null;

+    const checkPort = port =>

+      port === undefined ||

+      (Number.isInteger(controlSettings.port) &&

+        controlSettings.port > 0 &&

+        controlSettings.port < 65535);

+    if (!checkPort(controlSettings?.port)) {

+      throw new Error("Invalid control port");

+    }

+    if (!checkPort(socksSettings.port)) {

+      throw new Error("Invalid port specified for the SOCKS port");

+    }

+

+    this.#controlSettings = { ...controlSettings };

+    const ipcFileToString = file =>

+      "unix:" + lazy.TorParsers.escapeString(file.path);

+    if (controlSettings.ipcFile) {

+      this.#controlSettings.ipcFile = ipcFileToString(controlSettings.ipcFile);

+    }

+    this.#socksSettings = { ...socksSettings };

+    if (socksSettings.ipcFile) {

+      this.#socksSettings.ipcFile = ipcFileToString(socksSettings.ipcFile);

+    }

+  }

   get status() {

-    return this._status;

+    return this.#status;

   }

   get isRunning() {

     return (

-      this._status === TorProcessStatus.Starting ||

-      this._status === TorProcessStatus.Running

+      this.#status === TorProcessStatus.Starting ||

+      this.#status === TorProcessStatus.Running

     );

   }

   async start() {

-    if (this._subprocess) {

+    if (this.#subprocess) {

       return;

     }

-    this._status = TorProcessStatus.Unknown;

+    this.#status = TorProcessStatus.Unknown;

     try {

-      this._makeArgs();

-      this._addControlPortArg();

-      this._addSocksPortArg();

+      this.#makeArgs();

+      this.#addControlPortArgs();

+      this.#addSocksPortArg();

       const pid = Services.appinfo.processID;

       if (pid !== 0) {

-        this._args.push("__OwningControllerProcess");

-        this._args.push("" + pid);

+        this.#args.push("__OwningControllerProcess", pid.toString());

       }

-      if (TorLauncherUtil.shouldShowNetworkSettings) {

-        this._args.push("DisableNetwork");

-        this._args.push("1");

+      if (lazy.TorLauncherUtil.shouldShowNetworkSettings) {

+        this.#args.push("DisableNetwork", "1");

       }

-      this._status = TorProcessStatus.Starting;

-      this._didConnectToTorControlPort = false;

+      this.#status = TorProcessStatus.Starting;

+      this.#didConnectToTorControlPort = false;

       // useful for simulating slow tor daemon launch

       const kPrefTorDaemonLaunchDelay = "extensions.torlauncher.launch_delay";

         await new Promise(resolve => setTimeout(() => resolve(), launchDelay));

       }

-      logger.debug(`Starting ${this._exeFile.path}`, this._args);

+      logger.debug(`Starting ${this.#exeFile.path}`, this.#args);

       const options = {

-        command: this._exeFile.path,

-        arguments: this._args,

+        command: this.#exeFile.path,

+        arguments: this.#args,

         stderr: "stdout",

-        workdir: TorLauncherUtil.getTorFile("pt-startup-dir", false).path,

+        workdir: lazy.TorLauncherUtil.getTorFile("pt-startup-dir", false).path,

       };

-      this._subprocess = await Subprocess.call(options);

-      this._dumpStdout();

-      this._watchProcess();

-      this._status = TorProcessStatus.Running;

-      this._torProcessStartTime = Date.now();

+      this.#subprocess = await Subprocess.call(options);

+      this.#status = TorProcessStatus.Running;

     } catch (e) {

-      this._status = TorProcessStatus.Exited;

-      this._subprocess = null;

+      this.#status = TorProcessStatus.Exited;

+      this.#subprocess = null;

       logger.error("startTor error:", e);

       throw e;

     }

+

+    // Do not await the following functions, as they will return only when the

+    // process exits.

+    this.#dumpStdout();

+    this.#watchProcess();

   }

   // Forget about a process.

   //

-  // Instead of killing the tor process, we  rely on the TAKEOWNERSHIP feature

+  // Instead of killing the tor process, we rely on the TAKEOWNERSHIP feature

   // to shut down tor when we close the control port connection.

   //

   // Previously, we sent a SIGNAL HALT command to the tor control port,

   // Still, before closing the owning connection, this class should forget about

   // the process, so that future notifications will be ignored.

   forget() {

-    this._subprocess = null;

-    this._status = TorProcessStatus.Exited;

+    this.#subprocess = null;

+    this.#status = TorProcessStatus.Exited;

   }

   // The owner of the process can use this function to tell us that they

   // successfully connected to the control port. This information will be used

   // only to decide which text to show in the confirmation dialog if tor exits.

   connectionWorked() {

-    this._didConnectToTorControlPort = true;

+    this.#didConnectToTorControlPort = true;

   }

-  async _dumpStdout() {

+  async #dumpStdout() {

     let string;

     while (

-      this._subprocess &&

-      (string = await this._subprocess.stdout.readString())

+      this.#subprocess &&

+      (string = await this.#subprocess.stdout.readString())

     ) {

       dump(string);

     }

   }

-  async _watchProcess() {

-    const watched = this._subprocess;

+  async #watchProcess() {

+    const watched = this.#subprocess;

     if (!watched) {

       return;

     }

+    let processExitCode;

     try {

       const { exitCode } = await watched.wait();

+      processExitCode = exitCode;

-      if (watched !== this._subprocess) {

+      if (watched !== this.#subprocess) {

         logger.debug(`A Tor process exited with code ${exitCode}.`);

       } else if (exitCode) {

         logger.warn(`The watched Tor process exited with code ${exitCode}.`);

       logger.error("Failed to watch the tor process", e);

     }

-    if (watched === this._subprocess) {

-      this._processExitedUnexpectedly();

+    if (watched === this.#subprocess) {

+      this.#processExitedUnexpectedly(processExitCode);

     }

   }

-  _processExitedUnexpectedly() {

-    this._subprocess = null;

-    this._status = TorProcessStatus.Exited;

+  #processExitedUnexpectedly(exitCode) {

+    this.#subprocess = null;

+    this.#status = TorProcessStatus.Exited;

     // TODO: Move this logic somewhere else?

     let s;

-    if (!this._didConnectToTorControlPort) {

+    if (!this.#didConnectToTorControlPort) {

       // tor might be misconfigured, becauser we could never connect to it

       const key = "tor_exited_during_startup";

-      s = TorLauncherUtil.getLocalizedString(key);

+      s = lazy.TorLauncherUtil.getLocalizedString(key);

     } else {

       // tor exited suddenly, so configuration should be okay

       s =

-        TorLauncherUtil.getLocalizedString("tor_exited") +

+        lazy.TorLauncherUtil.getLocalizedString("tor_exited") +

         "\n\n" +

-        TorLauncherUtil.getLocalizedString("tor_exited2");

+        lazy.TorLauncherUtil.getLocalizedString("tor_exited2");

     }

     logger.info(s);

-    const defaultBtnLabel = TorLauncherUtil.getLocalizedString("restart_tor");

+    const defaultBtnLabel =

+      lazy.TorLauncherUtil.getLocalizedString("restart_tor");

     let cancelBtnLabel = "OK";

     try {

       const kSysBundleURI = "chrome://global/locale/commonDialogs.properties";

       logger.warn("Could not localize the cancel button", e);

     }

-    const restart = TorLauncherUtil.showConfirm(

+    const restart = lazy.TorLauncherUtil.showConfirm(

       null,

       s,

       defaultBtnLabel,

       cancelBtnLabel

     );

     if (restart) {

-      this.start().then(() => {

-        if (this.onRestart) {

-          this.onRestart();

-        }

-      });

-    } else if (this.onExit) {

-      this.onExit();

+      this.start().then(this.onRestart);

+    } else {

+      this.onExit(exitCode);

     }

   }

-  _makeArgs() {

-    // Ideally, we would cd to the Firefox application directory before

-    // starting tor (but we don't know how to do that). Instead, we

-    // rely on the TBB launcher to start Firefox from the right place.

-

+  #makeArgs() {

+    this.#exeFile = lazy.TorLauncherUtil.getTorFile("tor", false);

+    const torrcFile = lazy.TorLauncherUtil.getTorFile("torrc", true);

     // Get the Tor data directory first so it is created before we try to

     // construct paths to files that will be inside it.

-    this._exeFile = TorLauncherUtil.getTorFile("tor", false);

-    const torrcFile = TorLauncherUtil.getTorFile("torrc", true);

-    this._dataDir = TorLauncherUtil.getTorFile("tordatadir", true);

-    const onionAuthDir = TorLauncherUtil.getTorFile("toronionauthdir", true);

-    const hashedPassword = lazy.TorProtocolService.torGetPassword(true);

+    this.#dataDir = lazy.TorLauncherUtil.getTorFile("tordatadir", true);

+    const onionAuthDir = lazy.TorLauncherUtil.getTorFile(

+      "toronionauthdir",

+      true

+    );

     let detailsKey;

-    if (!this._exeFile) {

+    if (!this.#exeFile) {

       detailsKey = "tor_missing";

     } else if (!torrcFile) {

       detailsKey = "torrc_missing";

-    } else if (!this._dataDir) {

+    } else if (!this.#dataDir) {

       detailsKey = "datadir_missing";

     } else if (!onionAuthDir) {

       detailsKey = "onionauthdir_missing";

-    } else if (!hashedPassword) {

-      detailsKey = "password_hash_missing";

     }

     if (detailsKey) {

-      const details = TorLauncherUtil.getLocalizedString(detailsKey);

+      const details = lazy.TorLauncherUtil.getLocalizedString(detailsKey);

       const key = "unable_to_start_tor";

-      const err = TorLauncherUtil.getFormattedLocalizedString(

+      const err = lazy.TorLauncherUtil.getFormattedLocalizedString(

         key,

         [details],

         1

       throw new Error(err);

     }

-    const torrcDefaultsFile = TorLauncherUtil.getTorFile(

+    const torrcDefaultsFile = lazy.TorLauncherUtil.getTorFile(

       "torrc-defaults",

       false

     );

     const geoip6File = torrcDefaultsFile.clone();

     geoip6File.leafName = "geoip6";

-    this._args = [];

+    this.#args = [];

     if (torrcDefaultsFile) {

-      this._args.push("--defaults-torrc");

-      this._args.push(torrcDefaultsFile.path);

+      this.#args.push("--defaults-torrc", torrcDefaultsFile.path);

     }

-    this._args.push("-f");

-    this._args.push(torrcFile.path);

-    this._args.push("DataDirectory");

-    this._args.push(this._dataDir.path);

-    this._args.push("ClientOnionAuthDir");

-    this._args.push(onionAuthDir.path);

-    this._args.push("GeoIPFile");

-    this._args.push(geoipFile.path);

-    this._args.push("GeoIPv6File");

-    this._args.push(geoip6File.path);

-    this._args.push("HashedControlPassword");

-    this._args.push(hashedPassword);

+    this.#args.push("-f", torrcFile.path);

+    this.#args.push("DataDirectory", this.#dataDir.path);

+    this.#args.push("ClientOnionAuthDir", onionAuthDir.path);

+    this.#args.push("GeoIPFile", geoipFile.path);

+    this.#args.push("GeoIPv6File", geoip6File.path);

   }

-  _addControlPortArg() {

-    // Include a ControlPort argument to support switching between

-    // a TCP port and an IPC port (e.g., a Unix domain socket). We

-    // include a "+__" prefix so that (1) this control port is added

-    // to any control ports that the user has defined in their torrc

-    // file and (2) it is never written to torrc.

+  /**

+   * Add all the arguments related to the control port.

+   * We use the + prefix so that the the port is added to any other port already

+   * defined in the torrc, and the __ prefix so that it is never written to

+   * torrc.

+   */

+  #addControlPortArgs() {

+    if (!this.#controlSettings) {

+      return;

+    }

+

     let controlPortArg;

-    const controlIPCFile = lazy.TorProtocolService.torGetControlIPCFile();

-    const controlPort = lazy.TorProtocolService.torGetControlPort();

-    if (controlIPCFile) {

-      controlPortArg = this._ipcPortArg(controlIPCFile);

-    } else if (controlPort) {

-      controlPortArg = "" + controlPort;

+    if (this.#controlSettings.ipcFile) {

+      controlPortArg = this.#controlSettings.ipcFile;

+    } else if (this.#controlSettings.port) {

+      controlPortArg = this.#controlSettings.host

+        ? `${this.#controlSettings.host}:${this.#controlSettings.port}`

+        : this.#controlSettings.port.toString();

     }

     if (controlPortArg) {

-      this._args.push("+__ControlPort");

-      this._args.push(controlPortArg);

+      this.#args.push("+__ControlPort", controlPortArg);

+    }

+

+    if (this.#controlSettings.password) {

+      this.#args.push(

+        "HashedControlPassword",

+        this.#hashPassword(this.#controlSettings.password)

+      );

+    }

+    if (this.#controlSettings.cookieFilePath) {

+      this.#args.push("CookieAuthentication", "1");

+      this.#args.push("CookieAuthFile", this.#controlSettings.cookieFilePath);

     }

   }

-  _addSocksPortArg() {

-    // Include a SocksPort argument to support switching between

-    // a TCP port and an IPC port (e.g., a Unix domain socket). We

-    // include a "+__" prefix so that (1) this SOCKS port is added

-    // to any SOCKS ports that the user has defined in their torrc

-    // file and (2) it is never written to torrc.

-    const socksPortInfo = lazy.TorProtocolService.torGetSOCKSPortInfo();

-    if (socksPortInfo) {

-      let socksPortArg;

-      if (socksPortInfo.ipcFile) {

-        socksPortArg = this._ipcPortArg(socksPortInfo.ipcFile);

-      } else if (socksPortInfo.host && socksPortInfo.port != 0) {

-        socksPortArg = socksPortInfo.host + ":" + socksPortInfo.port;

-      }

-      if (socksPortArg) {

-        let socksPortFlags = Services.prefs.getCharPref(

-          "extensions.torlauncher.socks_port_flags",

-          "IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth"

-        );

-        if (socksPortFlags) {

-          socksPortArg += " " + socksPortFlags;

-        }

-        this._args.push("+__SocksPort");

-        this._args.push(socksPortArg);

+  /**

+   * Add the argument related to the control port.

+   * We use the + prefix so that the the port is added to any other port already

+   * defined in the torrc, and the __ prefix so that it is never written to

+   * torrc.

+   */

+  #addSocksPortArg() {

+    let socksPortArg;

+    if (this.#socksSettings.ipcFile) {

+      socksPortArg = this.#socksSettings.ipcFile;

+    } else if (this.#socksSettings.port != 0) {

+      socksPortArg = this.#socksSettings.host

+        ? `${this.#socksSettings.host}:${this.#socksSettings.port}`

+        : this.#socksSettings.port.toString();

+    }

+    if (socksPortArg) {

+      const socksPortFlags = Services.prefs.getCharPref(

+        "extensions.torlauncher.socks_port_flags",

+        "IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth"

+      );

+      if (socksPortFlags) {

+        socksPortArg += " " + socksPortFlags;

       }

+      this.#args.push("+__SocksPort", socksPortArg);

+    }

+  }

+

+  // Based on Vidalia's TorSettings::hashPassword().

+  #hashPassword(aHexPassword) {

+    if (!aHexPassword) {

+      return null;

     }

+

+    // Generate a random, 8 byte salt value.

+    const salt = Array.from(crypto.getRandomValues(new Uint8Array(8)));

+

+    // Convert hex-encoded password to an array of bytes.

+    const password = [];

+    for (let i = 0; i < aHexPassword.length; i += 2) {

+      password.push(parseInt(aHexPassword.substring(i, i + 2), 16));

+    }

+

+    // Run through the S2K algorithm and convert to a string.

+    const toHex = v => v.toString(16).padStart(2, "0");

+    const arrayToHex = aArray => aArray.map(toHex).join("");

+    const kCodedCount = 96;

+    const hashVal = this.#cryptoSecretToKey(password, salt, kCodedCount);

+    return "16:" + arrayToHex(salt) + toHex(kCodedCount) + arrayToHex(hashVal);

   }

-  // Return a ControlPort or SocksPort argument for aIPCFile (an nsIFile).

-  // The result is unix:/path or unix:"/path with spaces" with appropriate

-  // C-style escaping within the path portion.

-  _ipcPortArg(aIPCFile) {

-    return "unix:" + TorParsers.escapeString(aIPCFile.path);

+  // #cryptoSecretToKey() is similar to Vidalia's crypto_secret_to_key().

+  // It generates and returns a hash of aPassword by following the iterated

+  // and salted S2K algorithm (see RFC 2440 section 3.6.1.3).

+  // See also https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/control-spec.txt#L3824.

+  // Returns an array of bytes.

+  #cryptoSecretToKey(aPassword, aSalt, aCodedCount) {

+    const inputArray = aSalt.concat(aPassword);

+

+    // Subtle crypto only has the final digest, and does not allow incremental

+    // updates.

+    const hasher = Cc["@mozilla.org/security/hash;1"].createInstance(

+      Ci.nsICryptoHash

+    );

+    hasher.init(hasher.SHA1);

+    const kEXPBIAS = 6;

+    let count = (16 + (aCodedCount & 15)) << ((aCodedCount >> 4) + kEXPBIAS);

+    while (count > 0) {

+      if (count > inputArray.length) {

+        hasher.update(inputArray, inputArray.length);

+        count -= inputArray.length;

+      } else {

+        const finalArray = inputArray.slice(0, count);

+        hasher.update(finalArray, finalArray.length);

+        count = 0;

+      }

+    }

+    return hasher

+      .finish(false)

+      .split("")

+      .map(b => b.charCodeAt(0));

   }

 }
   // are also used in torbutton.

   // Returns Tor password string or null if an error occurs.

-  torGetPassword(aPleaseHash) {

-    const pw = this._controlPassword;

-    return aPleaseHash ? this._hashPassword(pw) : pw;

+  torGetPassword() {

+    return this._controlPassword;

   },

   torGetControlIPCFile() {

     return this._SOCKSPortInfo;

   },

+  get torControlPortInfo() {

+    const info = {

+      password: this._controlPassword,

+    };

+    if (this._controlIPCFile) {

+      info.ipcFile = this._controlIPCFile?.clone();

+    }

+    if (this._controlPort) {

+      info.host = this._controlHost;

+      info.port = this._controlPort;

+    }

+    return info;

+  },

+

+  get torSOCKSPortInfo() {

+    return this._SOCKSPortInfo;

+  },

+

   // Public, but called only internally

   // Executes a command on the control port.

         this._controlPassword = this._generateRandomPassword();

       }

-      // Determine what kind of SOCKS port Tor and the browser will use.

-      // On Windows (where Unix domain sockets are not supported), TCP is

-      // always used.

-      //

-      // The following environment variables are supported and take

-      // precedence over preferences:

-      //    TOR_SOCKS_IPC_PATH  (file system path; ignored on Windows)

-      //    TOR_SOCKS_HOST

-      //    TOR_SOCKS_PORT

-      //

-      // The following preferences are consulted:

-      //    network.proxy.socks

-      //    network.proxy.socks_port

-      //    extensions.torlauncher.socks_port_use_ipc (Boolean)

-      //    extensions.torlauncher.socks_ipc_path (file system path)

-      // If extensions.torlauncher.socks_ipc_path is empty, a default

-      // path is used (<tor-data-directory>/socks.socket).

-      //

-      // When using TCP, if a value is not defined via an env variable it is

-      // taken from the corresponding browser preference if possible. The

-      // exceptions are:

-      //   If network.proxy.socks contains a file: URL, a default value of

-      //     "127.0.0.1" is used instead.

-      //   If the network.proxy.socks_port value is 0, a default value of

-      //     9150 is used instead.

-      //

-      // Supported scenarios:

-      // 1. By default, an IPC object at a default path is used.

-      // 2. If extensions.torlauncher.socks_port_use_ipc is set to false,

-      //    a TCP socket at 127.0.0.1:9150 is used, unless different values

-      //    are set in network.proxy.socks and network.proxy.socks_port.

-      // 3. If the TOR_SOCKS_IPC_PATH env var is set, an IPC object at that

-      //    path is used (e.g., a Unix domain socket).

-      // 4. If the TOR_SOCKS_HOST and/or TOR_SOCKS_PORT env vars are set, TCP

-      //    is used. Values not set via env vars will be taken from the

-      //    network.proxy.socks and network.proxy.socks_port prefs as described

-      //    above.

-      // 5. If extensions.torlauncher.socks_port_use_ipc is true and

-      //    extensions.torlauncher.socks_ipc_path is set, an IPC object at

-      //    the specified path is used.

-      // 6. Tor Launcher is disabled. Torbutton will respect the env vars if

-      //    present; if not, the values in network.proxy.socks and

-      //    network.proxy.socks_port are used without modification.

-

-      let useIPC;

-      this._SOCKSPortInfo = { ipcFile: undefined, host: undefined, port: 0 };

-      if (!isWindows && Services.env.exists("TOR_SOCKS_IPC_PATH")) {

-        let ipcPath = Services.env.get("TOR_SOCKS_IPC_PATH");

-        this._SOCKSPortInfo.ipcFile = new lazy.FileUtils.File(ipcPath);

-        useIPC = true;

-      } else {

-        // Check for TCP host and port environment variables.

-        if (Services.env.exists("TOR_SOCKS_HOST")) {

-          this._SOCKSPortInfo.host = Services.env.get("TOR_SOCKS_HOST");

-          useIPC = false;

-        }

-        if (Services.env.exists("TOR_SOCKS_PORT")) {

-          this._SOCKSPortInfo.port = parseInt(

-            Services.env.get("TOR_SOCKS_PORT"),

-            10

-          );

-          useIPC = false;

-        }

-      }

-

-      if (useIPC === undefined) {

-        useIPC =

-          !isWindows &&

-          Services.prefs.getBoolPref(

-            "extensions.torlauncher.socks_port_use_ipc",

-            false

-          );

-      }

-

-      // Fill in missing SOCKS info from prefs.

-      if (useIPC) {

-        if (!this._SOCKSPortInfo.ipcFile) {

-          this._SOCKSPortInfo.ipcFile = TorLauncherUtil.getTorFile(

-            "socks_ipc",

-            false

-          );

-        }

-      } else {

-        if (!this._SOCKSPortInfo.host) {

-          let socksAddr = Services.prefs.getCharPref(

-            "network.proxy.socks",

-            "127.0.0.1"

-          );

-          let socksAddrHasHost = socksAddr && !socksAddr.startsWith("file:");

-          this._SOCKSPortInfo.host = socksAddrHasHost ? socksAddr : "127.0.0.1";

-        }

-

-        if (!this._SOCKSPortInfo.port) {

-          let socksPort = Services.prefs.getIntPref(

-            "network.proxy.socks_port",

-            0

-          );

-          // This pref is set as 0 by default in Firefox, use 9150 if we get 0.

-          this._SOCKSPortInfo.port = socksPort != 0 ? socksPort : 9150;

-        }

-      }

-

-      logger.info("SOCKS port type: " + (useIPC ? "IPC" : "TCP"));

-      if (useIPC) {

-        logger.info(`ipcFile: ${this._SOCKSPortInfo.ipcFile.path}`);

-      } else {

-        logger.info(`SOCKS host: ${this._SOCKSPortInfo.host}`);

-        logger.info(`SOCKS port: ${this._SOCKSPortInfo.port}`);

-      }

+      this._SOCKSPortInfo = TorLauncherUtil.getPreferredSocksConfiguration();

+      TorLauncherUtil.setProxyConfiguration(this._SOCKSPortInfo);

       // Set the global control port info parameters.

       // These values may be overwritten by torbutton when it initializes, but

     return pwd;

   },

-  // Based on Vidalia's TorSettings::hashPassword().

-  _hashPassword(aHexPassword) {

-    if (!aHexPassword) {

-      return null;

-    }

-

-    // Generate a random, 8 byte salt value.

-    const salt = Array.from(crypto.getRandomValues(new Uint8Array(8)));

-

-    // Convert hex-encoded password to an array of bytes.

-    const password = [];

-    for (let i = 0; i < aHexPassword.length; i += 2) {

-      password.push(parseInt(aHexPassword.substring(i, i + 2), 16));

-    }

-

-    // Run through the S2K algorithm and convert to a string.

-    const kCodedCount = 96;

-    const hashVal = this._cryptoSecretToKey(password, salt, kCodedCount);

-    if (!hashVal) {

-      logger.error("_cryptoSecretToKey() failed");

-      return null;

-    }

-

-    const arrayToHex = aArray =>

-      aArray.map(item => this._toHex(item, 2)).join("");

-    let rv = "16:";

-    rv += arrayToHex(salt);

-    rv += this._toHex(kCodedCount, 2);

-    rv += arrayToHex(hashVal);

-    return rv;

-  },

-

   // Returns -1 upon failure.

   _cryptoRandInt(aMax) {

     // Based on tor's crypto_rand_int().

     return val % aMax;

   },

-  // _cryptoSecretToKey() is similar to Vidalia's crypto_secret_to_key().

-  // It generates and returns a hash of aPassword by following the iterated

-  // and salted S2K algorithm (see RFC 2440 section 3.6.1.3).

-  // Returns an array of bytes.

-  _cryptoSecretToKey(aPassword, aSalt, aCodedCount) {

-    if (!aPassword || !aSalt) {

-      return null;

-    }

-

-    const inputArray = aSalt.concat(aPassword);

-

-    // Subtle crypto only has the final digest, and does not allow incremental

-    // updates. Also, it is async, so we should hash and keep the hash in a

-    // variable if we wanted to switch to getters.

-    // So, keeping this implementation should be okay for now.

-    const hasher = Cc["@mozilla.org/security/hash;1"].createInstance(

-      Ci.nsICryptoHash

-    );

-    hasher.init(hasher.SHA1);

-    const kEXPBIAS = 6;

-    let count = (16 + (aCodedCount & 15)) << ((aCodedCount >> 4) + kEXPBIAS);

-    while (count > 0) {

-      if (count > inputArray.length) {

-        hasher.update(inputArray, inputArray.length);

-        count -= inputArray.length;

-      } else {

-        const finalArray = inputArray.slice(0, count);

-        hasher.update(finalArray, finalArray.length);

-        count = 0;

-      }

-    }

-    return hasher

-      .finish(false)

-      .split("")

-      .map(b => b.charCodeAt(0));

-  },

-

   _toHex(aValue, aMinLen) {

     return aValue.toString(16).padStart(aMinLen, "0");

   },

     } else {

       try {

         // Try to get password from Tor Launcher.

-        m_tb_control_pass = TorProtocolService.torGetPassword(false);

+        m_tb_control_pass = TorProtocolService.torGetPassword();

       } catch (e) {}

     }

 Classes = [

-    {

-        "cid": "{06322def-6fde-4c06-aef6-47ae8e799629}",

-        "contract_ids": [

-            "@torproject.org/startup-observer;1"

-        ],

-        "jsm": "resource://torbutton/modules/TorbuttonStartupObserver.jsm",

-        "constructor": "StartupObserver",

-    },

     {

         "cid": "{f36d72c9-9718-4134-b550-e109638331d7}",

         "contract_ids": [

-// Bug 1506 P1-3: This code is mostly hackish remnants of session store

-// support. There are a couple of observer events that *might* be worth

-// listening to. Search for 1506 in the code.

-

-/*************************************************************************

- * Startup observer (JavaScript XPCOM component)

- *

- * Cases tested (each during Tor and Non-Tor, FF4 and FF3.6)

- *    1. Crash

- *    2. Upgrade

- *    3. Fresh install

- *

- *************************************************************************/

-

-var EXPORTED_SYMBOLS = ["StartupObserver"];

-

-const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");

-const { XPCOMUtils } = ChromeUtils.import(

-  "resource://gre/modules/XPCOMUtils.jsm"

-);

-

-const { TorProtocolService } = ChromeUtils.import(

-  "resource://gre/modules/TorProtocolService.jsm"

-);

-

-const lazy = {};

-

-XPCOMUtils.defineLazyModuleGetters(lazy, {

-  FileUtils: "resource://gre/modules/FileUtils.jsm",

-});

-

-function StartupObserver() {

-  this.logger = Cc["@torproject.org/torbutton-logger;1"].getService(

-    Ci.nsISupports

-  ).wrappedJSObject;

-  this._prefs = Services.prefs;

-  this.logger.log(3, "Startup Observer created");

-

-  try {

-    // XXX: We're in a race with HTTPS-Everywhere to update our proxy settings

-    // before the initial SSL-Observatory test... If we lose the race, Firefox

-    // caches the old proxy settings for check.tp.o somehwere, and it never loads :(

-    this.setProxySettings();

-  } catch (e) {

-    this.logger.log(

-      4,

-      "Early proxy change failed. Will try again at profile load. Error: " + e

-    );

-  }

-}

-

-StartupObserver.prototype = {

-  // Bug 6803: We need to get the env vars early due to

-  // some weird proxy caching code that showed up in FF15.

-  // Otherwise, homepage domain loads fail forever.

-  setProxySettings() {

-    // Bug 1506: Still want to get these env vars

-    if (Services.env.exists("TOR_TRANSPROXY")) {

-      this.logger.log(3, "Resetting Tor settings to transproxy");

-      this._prefs.setBoolPref("network.proxy.socks_remote_dns", false);

-      this._prefs.setIntPref("network.proxy.type", 0);

-      this._prefs.setIntPref("network.proxy.socks_port", 0);

-      this._prefs.setCharPref("network.proxy.socks", "");

-    } else {

-      // Try to retrieve SOCKS proxy settings from Tor Launcher.

-      let socksPortInfo;

-      try {

-        socksPortInfo = TorProtocolService.torGetSOCKSPortInfo();

-      } catch (e) {

-        this.logger.log(3, "tor launcher failed " + e);

-      }

-

-      // If Tor Launcher is not available, check environment variables.

-      if (!socksPortInfo) {

-        socksPortInfo = { ipcFile: undefined, host: undefined, port: 0 };

-

-        let isWindows = Services.appinfo.OS === "WINNT";

-        if (!isWindows && Services.env.exists("TOR_SOCKS_IPC_PATH")) {

-          socksPortInfo.ipcFile = new lazy.FileUtils.File(

-            Services.env.get("TOR_SOCKS_IPC_PATH")

-          );

-        } else {

-          if (Services.env.exists("TOR_SOCKS_HOST")) {

-            socksPortInfo.host = Services.env.get("TOR_SOCKS_HOST");

-          }

-          if (Services.env.exists("TOR_SOCKS_PORT")) {

-            socksPortInfo.port = parseInt(Services.env.get("TOR_SOCKS_PORT"));

-          }

-        }

-      }

-

-      // Adjust network.proxy prefs.

-      if (socksPortInfo.ipcFile) {

-        let fph = Services.io

-          .getProtocolHandler("file")

-          .QueryInterface(Ci.nsIFileProtocolHandler);

-        let fileURI = fph.newFileURI(socksPortInfo.ipcFile);

-        this.logger.log(3, "Reset socks to " + fileURI.spec);

-        this._prefs.setCharPref("network.proxy.socks", fileURI.spec);

-        this._prefs.setIntPref("network.proxy.socks_port", 0);

-      } else {

-        if (socksPortInfo.host) {

-          this._prefs.setCharPref("network.proxy.socks", socksPortInfo.host);

-          this.logger.log(3, "Reset socks host to " + socksPortInfo.host);

-        }

-        if (socksPortInfo.port) {

-          this._prefs.setIntPref(

-            "network.proxy.socks_port",

-            socksPortInfo.port

-          );

-          this.logger.log(3, "Reset socks port to " + socksPortInfo.port);

-        }

-      }

-

-      if (socksPortInfo.ipcFile || socksPortInfo.host || socksPortInfo.port) {

-        this._prefs.setBoolPref("network.proxy.socks_remote_dns", true);

-        this._prefs.setIntPref("network.proxy.type", 1);

-      }

-    }

-

-    // Force prefs to be synced to disk

-    Services.prefs.savePrefFile(null);

-

-    this.logger.log(3, "Synced network settings to environment.");

-  },

-

-  observe(subject, topic, data) {

-    if (topic == "profile-after-change") {

-      this.setProxySettings();

-    }

-

-    // In all cases, force prefs to be synced to disk

-    Services.prefs.savePrefFile(null);

-  },

-

-  // Hack to get us registered early to observe recovery

-  _xpcom_categories: [{ category: "profile-after-change" }],

-};
 XPCOM_MANIFESTS += [

     "components.conf",

 ]
-

-EXTRA_COMPONENTS += [

-    "torbutton.manifest",

-]
-category profile-after-change StartupObserver @torproject.org/startup-observer;1

Pier Angelo Vendrame pushed to branch tor-browser-115.1.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

13 changed files:

Changes: