[or-cvs] r12006: Add ability to serve hidden content. (in incognito/trunk: . arch/x86 root_overlay/etc/init.d root_overlay/usr/share/incognito)

double at seul.org double at seul.org
Wed Oct 17 21:26:29 UTC 2007 

Author: double
Date: 2007-10-17 17:26:29 -0400 (Wed, 17 Oct 2007)
New Revision: 12006

Added:
   incognito/trunk/root_overlay/etc/init.d/hidden-service
Modified:
   incognito/trunk/ChangeLog
   incognito/trunk/arch/x86/livecd-stage2-tiny.spec
   incognito/trunk/arch/x86/livecd-stage2.spec
   incognito/trunk/root_overlay/usr/share/incognito/readme.html
Log:
Add ability to serve hidden content.


Modified: incognito/trunk/ChangeLog
===================================================================
--- incognito/trunk/ChangeLog	2007-10-17 21:26:22 UTC (rev 12005)
+++ incognito/trunk/ChangeLog	2007-10-17 21:26:29 UTC (rev 12006)
@@ -1,3 +1,6 @@
+	- Tor 0.1.2.18
+	- Add ability to serve hidden content over a hidden service with
+	content stored in the home directory on a USB drive.
 	- Replace squid/privoxy with polipo
 	- Added "Extras" Konqueror toolbar for quick Java/JavaScript/Cookies
 	control.

Modified: incognito/trunk/arch/x86/livecd-stage2-tiny.spec
===================================================================
--- incognito/trunk/arch/x86/livecd-stage2-tiny.spec	2007-10-17 21:26:22 UTC (rev 12005)
+++ incognito/trunk/arch/x86/livecd-stage2-tiny.spec	2007-10-17 21:26:29 UTC (rev 12006)
@@ -32,6 +32,7 @@
 	acpid|boot
 	gpm|boot
 	external-config-setup|boot
+	hidden-service|default
 
 # See livecd-stage2.spec for why unionfs is buggy
 #livecd/bootargs: unionfs

Modified: incognito/trunk/arch/x86/livecd-stage2.spec
===================================================================
--- incognito/trunk/arch/x86/livecd-stage2.spec	2007-10-17 21:26:22 UTC (rev 12005)
+++ incognito/trunk/arch/x86/livecd-stage2.spec	2007-10-17 21:26:29 UTC (rev 12006)
@@ -38,6 +38,7 @@
 	acpid|boot
 	gpm|boot
 	NetworkManager|default
+	hidden-service|default
 
 # unionfs (genkernel 2.4.7) causes problems such as:
 #   1. creating /etc/sysconfig/keyboard in /etc/init.d/external-config-setup

Added: incognito/trunk/root_overlay/etc/init.d/hidden-service
===================================================================
--- incognito/trunk/root_overlay/etc/init.d/hidden-service	                        (rev 0)
+++ incognito/trunk/root_overlay/etc/init.d/hidden-service	2007-10-17 21:26:29 UTC (rev 12006)
@@ -0,0 +1,93 @@
+#!/sbin/runscript
+
+# Sets up hidden services from content in /home/hidden.
+# The directory structure is:
+# /home/hidden/[name]/conf/		- the configuration
+# /home/hidden/[name]/conf/port		- the hidden service port to use, defaults to "80"
+# /home/hidden/[name]/conf/torrc	- options to append to /etc/tor/torrc such as HiddenServiceNodes
+# /home/hidden/[name]/www/		- the HTML content
+
+depend() {
+	need localmount net
+	before tor
+}
+
+start() {
+	[[ -d "/home/hidden" ]] || return 0
+	declare -i REAL_PORT VIRTUAL_PORT
+	REAL_PORT=8080
+	VIRTUAL_PORT=80
+	for DIR in $(find "/home/hidden" -mindepth 1 -maxdepth 1 -type d); do
+		if [[ -d "${DIR}/conf" ]] && [[ -d "${DIR}/www" ]]; then
+			[[ -s "${DIR}/conf/port" ]] && VIRTUAL_PORT="$(<${DIR}/conf/port)"
+
+			# Tor config
+			chown -R tor "${DIR}/conf"
+			cat >> /etc/tor/torrc <<EOF
+
+HiddenServiceDir ${DIR}/conf
+HiddenServicePort ${VIRTUAL_PORT} 127.0.0.1:${REAL_PORT}
+EOF
+			[[ -s "${DIR}/conf/torrc" ]] && cat "${DIR}/conf/torrc" >> /etc/tor/torrc
+
+			# Web server (lighttpd) config
+			LIGHTTPD_CONF="/etc/lighttpd/hidden${VIRTUAL_PORT}.conf"
+			mkdir -p "/var/lib/lighttpd/${VIRTUAL_PORT}" 2>/dev/null
+			chown --reference=/var/lib/lighttpd "/var/lib/lighttpd/${VIRTUAL_PORT}"
+			cat > "${LIGHTTPD_CONF}" <<EOF
+
+var.basedir  = "${DIR}"
+var.statedir = "/var/lib/lighttpd/${VIRTUAL_PORT}"
+
+server.modules = ( "mod_access" )
+
+include "mime-types.conf"
+
+server.username      = "lighttpd"
+server.groupname     = "lighttpd"
+server.document-root = var.basedir + "/www"
+server.pid-file      = "/var/run/lighttpd${VIRTUAL_PORT}.pid"
+server.errorlog-use-syslog = "enable"
+server.indexfiles    = ("index.php", "index.html", "index.htm", "default.htm")
+server.follow-symlink = "enable"
+server.event-handler = "linux-sysepoll"
+server.port          = ${REAL_PORT}
+server.bind          = "127.0.0.1"
+
+static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
+
+dir-listing.activate      = "enable"
+dir-listing.hide-dotfiles = "enable"
+dir-listing.exclude = ("^\.", "~$")
+
+url.access-deny = ("~", ".inc")
+
+EOF
+
+		fi
+
+		ebegin "Starting web server for virtual ${VIRTUAL_PORT}"
+		start-stop-daemon --start --quiet --exec /usr/sbin/lighttpd \
+		     --pidfile "/var/run/lighttpd${VIRTUAL_PORT}.pid" -- -f "${LIGHTTPD_CONF}"
+		eend $?
+
+		REAL_PORT=$(( ${REAL_PORT} + 1 ))
+		VIRTUAL_PORT=$(( ${VIRTUAL_PORT} + 1 ))
+	done
+
+	return 0
+
+}
+
+stop() {
+	for F in $(find /var/run -name "lighttpd*pid"); do
+		ebegin "Stopping web server at ${F}"
+		start-stop-daemon --stop --quiet --pidfile "${F}"
+		eend $?
+	done
+
+	return 0
+}
+
+
+# vim:ts=4


Property changes on: incognito/trunk/root_overlay/etc/init.d/hidden-service
___________________________________________________________________
Name: svn:executable
   + *

Modified: incognito/trunk/root_overlay/usr/share/incognito/readme.html
===================================================================
--- incognito/trunk/root_overlay/usr/share/incognito/readme.html	2007-10-17 21:26:22 UTC (rev 12005)
+++ incognito/trunk/root_overlay/usr/share/incognito/readme.html	2007-10-17 21:26:29 UTC (rev 12006)
@@ -160,6 +160,9 @@
 <dt><a href="<!-- #homepage(net-analyzer/macchanger) -->">macchanger</a> <!-- #version(net-analyzer/macchanger) --></dt>
 <dd><!-- #description(net-analyzer/macchanger) --></dd>
 
+<dt><a href="<!-- #homepage(www-servers/lighttpd) -->">lighthttpd</a> <!-- #version(www-servers/lighttpd) --> for hidden services</dt>
+<dd><!-- #description(www-servers/lighttpd) --></dd>
+
 </dl>
 
 <p>
@@ -472,6 +475,36 @@
 <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/create-homevol">/usr/sbin/create-homevol</a></li>
 </ul>
 
+<h2>Hidden Services</h2>
+
+<p>
+Hidden HTML content may be served if running from an USB drive. Content is limited to static HTML pages. The content is stored in the home directory and so takes advantage of TrueCrypt encryption. The directory structure follows.
+</p>
+
+<dl>
+<dt>/home/hidden/[name]</dt>
+<dd>Base directory for hidden content where [name] can be anything (sane) that you'd like.</dd>
+<dt>/home/hidden/[name]/conf</dt>
+<dd>Configuration directory mostly used for Tor hidden service information. It will include the hostname and private key, keep it safe, i.e. don't copy it over to your buddy's USB drive.</dd>
+<dt>/home/hidden/[name]/conf/port</dt>
+<dd>Optional port for the hidden service. This is what you'd give out to others. If you will have multiple services it is best to specify the port. The default is 80, increasing from there for each additional service.</dd>
+<dt>/home/hidden/[name]/conf/torrc</dt>
+<dd>Optional config to append to /etc/tor/torrc after the hidden service description. An example would be a HiddenServiceNodes directive, etc.</dd>
+<dt>/home/hidden/[name]/www</dt>
+<dd>The HTML content. Use index.html for your default page.</dd>
+</dl>
+
+<p>
+The <a href="<!-- #homepage(www-servers/lighttpd) -->">lighttpd</a> server is used to serve the content. Configuration of the server is done at boot time in the <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/hidden-service">/etc/init.d/hidden-service</a> init script.
+</p>
+<p>
+The host name to use for the hidden service can be found in the /home/hidden/[name]/conf/hostname file for that service. This file is created by Tor when configuring the hidden service. The host name will be the same across sessions and machines as it and the private key are stored in the /home/hidden/[name]/conf directory.
+</p>
+
+<ul>
+<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/hidden-service">/etc/init.d/hidden-service</a></li>
+</ul>
+
 <a name="maintenance">
 <h1>Maintenance</h1>
 <blockquote>(How to keep the implementation current for anonymity, security and usefulness.)</blockquote>

More information about the tor-commits mailing list