commit c67c7d74e84678a3767c718bc78f699138e1028f Author: Mike Perry <mikeperry-git@fscked.org> Date: Mon Aug 15 13:51:35 2011 -0700 Bug #523: Implement New Identity (for TBB only). At long last, the witch is dead. --- src/chrome/content/popup.xul | 15 ++- src/chrome/content/torbutton.js | 245 ++++++++++++++++++++++++++++- src/chrome/locale/en/torbutton.dtd | 2 + src/chrome/locale/en/torbutton.properties | 1 + src/components/cookie-jar-selector.js | 4 + src/defaults/preferences/preferences.js | 1 + 6 files changed, 258 insertions(+), 10 deletions(-) diff --git a/src/chrome/content/popup.xul b/src/chrome/content/popup.xul index 2297ccf..dd7a398 100644 --- a/src/chrome/content/popup.xul +++ b/src/chrome/content/popup.xul @@ -11,21 +11,26 @@ </stringbundleset> <menupopup id="torbutton-context-menu" onpopupshowing="torbutton_check_protections();" anchor="torbutton-button" position="after_start"> + <menuitem id="torbutton-new-identity" + label="&torbutton.context_menu.new_identity;" + accesskey="&torbutton.context_menu.new_identity_key;" + insertafter="context-stop" + oncommand="torbutton_new_identity()"/> <menuitem id="torbutton-toggle" label="&torbutton.context_menu.toggle;" accesskey="&torbutton.context_menu.toggle.key;" insertafter="context-stop" oncommand="torbutton_toggle(true)"/> - <menuitem id="torbutton-preferences" - label="&torbutton.context_menu.preferences;" - accesskey="&torbutton.context_menu.preferences.key;" - insertafter="context-stop" - oncommand="torbutton_open_prefs_dialog()"/> <menuitem id="torbutton-cookie-protector" label="&torbutton.context_menu.cookieProtections;" accesskey="&torbutton.context_menu.cookieProtections.key;" insertafter="context-stop" oncommand="torbutton_open_cookie_dialog()"/> + <menuitem id="torbutton-preferences" + label="&torbutton.context_menu.preferences;" + accesskey="&torbutton.context_menu.preferences.key;" + insertafter="context-stop" + oncommand="torbutton_open_prefs_dialog()"/> <menuitem id="torbutton-about" label="&torbutton.context_menu.about;" accesskey="&torbutton.context_menu.about.key;" diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index 8c905d1..80c8fa6 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -19,6 +19,10 @@ var m_tb_ff35 = false; var m_tb_ff36 = false; var m_tb_ff4 = false; +var m_tb_control_port = null; +var m_tb_control_host = null; +var m_tb_control_pass = null; + var torbutton_window_pref_observer = { register: function() @@ -382,10 +386,10 @@ function torbutton_toggle(force) { if (torbutton_check_status()) { // Close on toggle before actually changing proxy settings // as additional safety precaution - torbutton_close_on_toggle(false); + torbutton_close_on_toggle(false, false); torbutton_disable_tor(); } else { - torbutton_close_on_toggle(true); + torbutton_close_on_toggle(true, false); torbutton_enable_tor(false); } } @@ -482,6 +486,23 @@ function torbutton_init() { m_tb_ff36 = false; } + var environ = Components.classes["@mozilla.org/process/environment;1"] + .getService(Components.interfaces.nsIEnvironment); + + if (environ.exists("TOR_CONTROL_PASSWD")) { + m_tb_control_pass = environ.get("TOR_CONTROL_PASSWD"); + } + + if (environ.exists("TOR_CONTROL_PORT")) { + m_tb_control_port = environ.get("TOR_CONTROL_PORT"); + } + + if (environ.exists("TOR_CONTROL_HOST")) { + m_tb_control_host = environ.get("TOR_CONTROL_HOST"); + } else { + m_tb_control_host = "127.0.0.1"; + } + // initialize preferences before we start our prefs observer torbutton_init_prefs(); @@ -631,6 +652,9 @@ function torbutton_open_link_as_tor(tabFlag) { mainWindow.open(myURI.spec); } + + + // this function duplicates a lot of code in preferences.js for deciding our // recommended settings. figure out a way to eliminate the redundancy. // TODO: Move it to torbutton_util.js? @@ -1190,6 +1214,209 @@ function torbutton_set_uagent() { } } +function torbutton_socket_readline(input) { + var str = ""; + var bytes; + while((bytes = input.readBytes(1)) != "\n") { + str += bytes; + } + return str; +} + +// Executes a command on the control port. +// Return 0 in error, 1 for success. +function torbutton_send_ctrl_cmd(command) { + try { + var socketTransportService = Components.classes["@mozilla.org/network/socket-transport-service;1"] + .getService(Components.interfaces.nsISocketTransportService); + var socket = socketTransportService.createTransport(null, 0, m_tb_control_host, m_tb_control_port, null); + var input = socket.openInputStream(3, 0, 0); // 3 == OPEN_BLOCKING|OPEN_UNBUFFERED + var output = socket.openOutputStream(3, 0, 0); // 3 == OPEN_BLOCKING|OPEN_UNBUFFERED + + inputStream = Cc["@mozilla.org/binaryinputstream;1"].createInstance(Ci.nsIBinaryInputStream); + outputStream = Cc["@mozilla.org/binaryoutputstream;1"].createInstance(Ci.nsIBinaryOutputStream); + + inputStream.setInputStream(input); + outputStream.setOutputStream(output); + + var auth_cmd = "AUTHENTICATE "+m_tb_control_pass+"\r\n"; + outputStream.writeBytes(auth_cmd, auth_cmd.length); + + var bytes = torbutton_socket_readline(inputStream); + + if (bytes.indexOf("250") != 0) { + torbutton_safelog(4, "Unexpected auth response on control port "+m_tb_control_port+":", bytes); + return 0; + } + + outputStream.writeBytes(command, command.length); + bytes = torbutton_socket_readline(inputStream); + if(bytes.indexOf("250") != 0) { + torbutton_safelog(4, "Unexpected command response on control port "+m_tb_control_port+":", bytes); + return 0; + } + + socket.close(1); + return 1; + } catch(e) { + torbutton_log(4, "Exception on control port "+e); + return 0; + } +} + +/* The "New Identity" implementation does the following: + * 1. Tag all tabs as non-tor + * 2. Disables Javascript and plugins on all tabs + * 3. Clears state: + * a. OCSP + * b. Cache + * c. Site-specific zoom + * d. Cookies+DOM Storage+safe browsing key + * e. google wifi geolocation token + * f. http auth + * g. SSL Session IDs + * h. last open location url + * 4. Sends tor the NEWNYM signal to get a new circuit + * + * XXX: intermediate SSL certificates are not cleared. + */ +function torbutton_new_identity() { + var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"] + .getService(Components.interfaces.nsIWindowMediator); + var enumerator = wm.getEnumerator("navigator:browser"); + var closeWins = new Array(); + while(enumerator.hasMoreElements()) { + var win = enumerator.getNext(); + var browser = win.getBrowser(); + if(!browser) { + torbutton_log(5, "No browser for possible closed window"); + continue; + } + var tabs = browser.browsers.length; + + torbutton_log(3, "Length: "+browser.browsers.length); + + for(var i = 0; i < tabs; i++) { + torbutton_apply_tab_tag(browser.browsers[i], false); + } + } + + torbutton_toggle_jsplugins(true, true, true); + + m_tb_prefs.setBoolPref("browser.zoom.siteSpecific", + !m_tb_prefs.getBoolPref("browser.zoom.siteSpecific")); + m_tb_prefs.setBoolPref("browser.zoom.siteSpecific", + !m_tb_prefs.getBoolPref("browser.zoom.siteSpecific")); + + if(m_tb_ff35) { + try { + if(m_tb_prefs.prefHasUserValue("geo.wifi.access_token")) { + m_tb_prefs.clearUserPref("geo.wifi.access_token"); + } + } catch(e) { + torbutton_log(3, "Exception on wifi token clear: "+e); + } + } + + try { + if(m_tb_prefs.prefHasUserValue("general.open_location.last_url")) { + m_tb_prefs.clearUserPref("general.open_location.last_url"); + } + } catch(e) { + torbutton_log(3, "Exception on wifi token clear: "+e); + } + + torbutton_close_on_toggle(true, true); + + if(m_tb_prefs.getBoolPref('extensions.torbutton.clear_http_auth')) { + var auth = Components.classes["@mozilla.org/network/http-auth-manager;1"]. + getService(Components.interfaces.nsIHttpAuthManager); + auth.clearAll(); + } + + try { + var secMgr = Cc["@mozilla.org/security/crypto;1"]. + getService(Ci.nsIDOMCrypto); + secMgr.logout(); + torbutton_log(3, "nsIDOMCrypto logout succeeded"); + } catch(e) { + torbutton_log(4, "Failed to use nsIDOMCrypto to clear SSL Session ids. Falling back to old method. Error: "+e); + + // This clears the SSL Identifier Cache. + // See https://bugzilla.mozilla.org/show_bug.cgi?id=448747 and + // http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsNSSCompone... + m_tb_prefs.setBoolPref("security.enable_ssl2", + !m_tb_prefs.getBoolPref("security.enable_ssl2")); + m_tb_prefs.setBoolPref("security.enable_ssl2", + !m_tb_prefs.getBoolPref("security.enable_ssl2")); + } + + // This clears the OCSP cache. + // + // nsNSSComponent::Observe() watches security.OCSP.enabled, which calls + // setOCSPOptions(), which if set to 0, calls CERT_DisableOCSPChecking(), + // which calls CERT_ClearOCSPCache(). + // See: http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsNSSCompone... + var ocsp = m_tb_prefs.getIntPref("security.OCSP.enabled"); + m_tb_prefs.setIntPref("security.OCSP.enabled", 0); + m_tb_prefs.setIntPref("security.OCSP.enabled", ocsp); + + // This clears the STS cache and site permissions on Tor Browser + // XXX: Tie to some kind of disk-ok pref? + try { + m_tb_prefs.setBoolPref('permissions.memory_only', false); + m_tb_prefs.setBoolPref('permissions.memory_only', true); + } catch(e) { + // Actually, this catch does not appear to be needed. Leaving it in for + // safety though. + torbutton_log(3, "Can't clear STS/Permissions: Not Tor Browser: "+e); + } + + // This clears the undo tab history. + var tabs = m_tb_prefs.getIntPref("browser.sessionstore.max_tabs_undo"); + m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", 0); + m_tb_prefs.setIntPref("browser.sessionstore.max_tabs_undo", tabs); + + var cache = Components.classes["@mozilla.org/network/cache-service;1"]. + getService(Components.interfaces.nsICacheService); + try { + cache.evictEntries(0); + } catch(e) { + torbutton_log(5, "Exception on cache clearing: "+e); + } + + if (m_tb_prefs.getBoolPref('extensions.torbutton.cookie_protections')) { + var selector = Components.classes["@torproject.org/cookie-jar-selector;1"] + .getService(Components.interfaces.nsISupports) + .wrappedJSObject; + // This emits "cookie-changed", "cleared", which kills DOM storage + // and the safe browsing API key + selector.clearUnprotectedCookies("tor"); + } else { + torbutton_clear_cookies(); + } + + // Force prefs to be synced to disk + var prefService = Components.classes["@mozilla.org/preferences-service;1"] + .getService(Components.interfaces.nsIPrefService); + prefService.savePrefFile(null); + + // We only support TBB for newnym. + if (!m_tb_control_pass || !m_tb_control_port) { + var o_stringbundle = torbutton_get_stringbundle(); + var warning = o_stringbundle.GetStringFromName("torbutton.popup.no_newnym"); + torbutton_log(5, "Torbutton cannot safely newnym. It does not have access to the Tor Control Port."); + window.alert(warning); + } else { + if(torbutton_send_ctrl_cmd("SIGNAL NEWNYM\r\n") == 0) { + torbutton_log(5, "Torbutton was unable to request a new circuit from Tor"); + } + } + + torbutton_log(3, "New identity successful"); + +} + // NOTE: If you touch any additional prefs in here, be sure to update // the list in torbutton_util.js::torbutton_reset_browser_prefs() @@ -1565,7 +1792,7 @@ function torbutton_update_status(mode, force_update) { torbutton_set_timezone(mode, false); // This call also has to be here for 3rd party proxy changers. - torbutton_close_on_toggle(mode); + torbutton_close_on_toggle(mode, false); if(m_tb_prefs.getBoolPref('extensions.torbutton.clear_http_auth')) { var auth = Components.classes["@mozilla.org/network/http-auth-manager;1"]. @@ -1668,11 +1895,16 @@ function torbutton_update_status(mode, force_update) { torbutton_log(3, "Settings applied for mode: "+mode); } -function torbutton_close_on_toggle(mode) { +function torbutton_close_on_toggle(mode, newnym) { var close_tor = m_tb_prefs.getBoolPref("extensions.torbutton.close_tor"); var close_nontor = m_tb_prefs.getBoolPref("extensions.torbutton.close_nontor"); + var close_newnym = m_tb_prefs.getBoolPref("extensions.torbutton.close_newnym"); - if((!close_tor && !mode) || (mode && !close_nontor)) { + if (newnym) { + if (!close_newnym) { + torbutton_log(3, "Not closing tabs"); + } + } else if((mode && !close_nontor) || (!mode && !close_tor)) { torbutton_log(3, "Not closing tabs"); return; } @@ -1730,6 +1962,9 @@ function torbutton_check_protections() var locked_pref = m_tb_prefs.getBoolPref("extensions.torbutton.locked_mode") document.getElementById("torbutton-cookie-protector").disabled = !cookie_pref; document.getElementById("torbutton-toggle").collapsed = locked_pref; + + if (!m_tb_control_pass || !m_tb_control_port) + document.getElementById("torbutton-new-identity").disabled = true; } function torbutton_open_cookie_dialog() { diff --git a/src/chrome/locale/en/torbutton.dtd b/src/chrome/locale/en/torbutton.dtd index 0da56d5..551cd5b 100644 --- a/src/chrome/locale/en/torbutton.dtd +++ b/src/chrome/locale/en/torbutton.dtd @@ -27,6 +27,8 @@ <!ENTITY torbutton.pref_connection.more_info "More information"> <!ENTITY torbutton.pref_connection_more_info.title "Help"> <!ENTITY torbutton.pref_connection_more_info.text "Torbutton is currently enabled. If you would like to change your non-Tor proxy settings, please disable Torbutton and return here. If you would like to change your Tor settings, please use the Torbutton preference window."> +<!ENTITY torbutton.context_menu.new_identity "New Identity"> +<!ENTITY torbutton.context_menu.new_identity_key "I"> <!ENTITY torbutton.context_menu.toggle "Toggle Tor status"> <!ENTITY torbutton.context_menu.toggle.key "T"> <!ENTITY torbutton.context_menu.preferences "Preferences..."> diff --git a/src/chrome/locale/en/torbutton.properties b/src/chrome/locale/en/torbutton.properties index 2399f53..6ff74d7 100644 --- a/src/chrome/locale/en/torbutton.properties +++ b/src/chrome/locale/en/torbutton.properties @@ -35,3 +35,4 @@ torbutton.popup.captcha.always = Always perform this action from now on torbutton.popup.redirect = Redirect torbutton.popup.no_redirect = Don't Redirect torbutton.popup.prompted_language = To give you more privacy, Torbutton can request the English language version of web pages. This may cause web pages that you prefer to read in your native language to display in English instead.\n\nWould you like to request English language web pages for better privacy? +torbutton.popup.no_newnym = Torbutton cannot safely give you a new identity. It does not have access to the Tor Control Port.\n\nAre you running Tor Browser Bundle? diff --git a/src/components/cookie-jar-selector.js b/src/components/cookie-jar-selector.js index 4094a15..5c5011a 100644 --- a/src/components/cookie-jar-selector.js +++ b/src/components/cookie-jar-selector.js @@ -396,6 +396,10 @@ function CookieJarSelector() { } protcookie = false; } + // Emit cookie-changed event. This instructs other components to clear their identifiers + // (Specifically DOM storage and safe browsing, but possibly others) + var obsSvc = Components.classes["@mozilla.org/observer-service;1"].getService(nsIObserverService); + obsSvc.notifyObservers(this, "cookie-changed", "cleared"); } catch (e) { this.logger.log(3, "Error deleting unprotected cookies: " + e); } diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js index efca607..ecb74a0 100644 --- a/src/defaults/preferences/preferences.js +++ b/src/defaults/preferences/preferences.js @@ -147,6 +147,7 @@ pref("extensions.torbutton.block_ntforms",false); pref("extensions.torbutton.clear_http_auth",true); pref("extensions.torbutton.close_tor",false); pref("extensions.torbutton.close_nontor",false); +pref("extensions.torbutton.close_newnym",true); pref("extensions.torbutton.block_js_history",true); pref("extensions.torbutton.resize_on_toggle",true); pref("extensions.torbutton.resize_new_windows",true);