[tor-commits] [tor-launcher/master] Bug 11405: Remove firewall prompt from wizard.

brade at torproject.org brade at torproject.org
Tue Aug 26 14:28:21 UTC 2014


commit 11467241203a65e71de97d91a24b15ffa5b976da
Author: Kathy Brade <brade at pearlcrescent.com>
Date:   Tue Aug 26 10:25:11 2014 -0400

    Bug 11405: Remove firewall prompt from wizard.
    
    If the user sets a proxy but doesn't set a bridge, set ReachableAddresses
    to include only ports 80 and 443.
---
 src/chrome/content/network-settings-wizard.xul |   36 +--------
 src/chrome/content/network-settings.js         |  101 ++++++++++++++++--------
 src/chrome/locale/en/network-settings.dtd      |    7 +-
 3 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/src/chrome/content/network-settings-wizard.xul b/src/chrome/content/network-settings-wizard.xul
index 6682fdd..04251f9 100644
--- a/src/chrome/content/network-settings-wizard.xul
+++ b/src/chrome/content/network-settings-wizard.xul
@@ -54,7 +54,7 @@
     </vbox>
   </wizardpage>
 
-  <wizardpage label=" " pageid="proxy" next="firewall" onextra2="onCopyLog();"
+  <wizardpage label=" " pageid="proxy" next="bridges" onextra2="onCopyLog();"
               onpageshow="showWizardNavButtons(true);"
               onpageadvanced="return onWizardProxyNext(this);">
     <vbox class="tbb-logo-box" align="start">
@@ -74,7 +74,7 @@
     </hbox>
   </wizardpage>
 
-  <wizardpage pageid="proxyYES" next="firewall" onextra2="onCopyLog();"
+  <wizardpage pageid="proxyYES" next="bridges" onextra2="onCopyLog();"
               onpageadvanced="return (getAndValidateProxySettings() != null)">
     <vbox class="tbb-logo-box" align="start">
       <image class="tbb-logo" />
@@ -84,38 +84,6 @@
     <groupbox id="proxySpecificSettings" />
   </wizardpage>
 
-  <wizardpage pageid="firewall" next="bridges" onextra2="onCopyLog();"
-              onpageshow="showOrHideButton('next', true, true)"
-              onpageadvanced="return onWizardFirewallNext(this);">
-    <vbox class="tbb-logo-box" align="start">
-      <image class="tbb-logo" />
-    </vbox>
-    <separator />
-    <hbox>
-      <vbox flex="1">
-        <label class="question">&torSettings.firewallQuestion;</label>
-        <radiogroup id="firewallRadioGroup">
-          <radio id="firewallRadioYes" label="&torSettings.yes;" />
-          <radio id="firewallRadioNo" label="&torSettings.no;" selected="true" />
-        </radiogroup>
-        <description class="questionHelp">&torSettings.firewallHelp;
-        </description>
-      </vbox>
-    </hbox>
-  </wizardpage>
-
-  <wizardpage pageid="firewallYES" next="bridges" onextra2="onCopyLog();"
-              onpageadvanced="return (getAndValidateFirewallSettings() != null)">
-    <vbox class="tbb-logo-box" align="start">
-      <image class="tbb-logo" />
-    </vbox>
-    <separator />
-    <vbox>
-      <label class="instructions">&torSettings.enterFirewall;</label>
-      <groupbox id="firewallSpecificSettings" />
-    </vbox>
-  </wizardpage>
-
   <wizardpage pageid="bridges" onextra2="onCopyLog();"
               onpageshow="onWizardUseBridgesRadioChange(this)">
     <vbox class="tbb-logo-box" align="start">
diff --git a/src/chrome/content/network-settings.js b/src/chrome/content/network-settings.js
index 518d16d..908e711 100644
--- a/src/chrome/content/network-settings.js
+++ b/src/chrome/content/network-settings.js
@@ -29,7 +29,6 @@ const kTorBootstrapErrorTopic = "TorBootstrapError";
 const kTorLogHasWarnOrErrTopic = "TorLogHasWarnOrErr";
 
 const kWizardProxyRadioGroup = "proxyRadioGroup";
-const kWizardFirewallRadioGroup = "firewallRadioGroup";
 const kWizardUseBridgesRadioGroup = "useBridgesRadioGroup";
 
 const kUseProxyCheckbox = "useProxy";
@@ -251,19 +250,7 @@ function onWizardProxyNext(aWizPage)
   if (aWizPage)
   {
     var hasProxy = getElemValue("proxyRadioYes", false);
-    aWizPage.next = (hasProxy) ? "proxyYES" : "firewall";
-  }
-
-  return true;
-}
-
-
-function onWizardFirewallNext(aWizPage)
-{
-  if (aWizPage)
-  {
-    var hasFirewall = getElemValue("firewallRadioYes", false);
-    aWizPage.next = (hasFirewall) ? "firewallYES" : "bridges";
+    aWizPage.next = (hasProxy) ? "proxyYES" : "bridges";
   }
 
   return true;
@@ -877,6 +864,9 @@ function initProxySettings()
 // Returns true if successful.
 function initFirewallSettings()
 {
+  if (getWizard())
+    return true;  // The wizard does not directly expose firewall settings.
+
   var allowedPorts;
   var reply = gProtocolSvc.TorGetConfStr(kTorConfKeyReachableAddresses, null);
   if (!gProtocolSvc.TorCommandSucceeded(reply))
@@ -899,7 +889,6 @@ function initFirewallSettings()
   }
 
   var haveFirewall = (allowedPorts != undefined);
-  setYesNoRadioValue(kWizardFirewallRadioGroup, haveFirewall);
   setElemValue(kUseFirewallPortsCheckbox, haveFirewall);
   if (allowedPorts)
     setElemValue(kFirewallAllowedPorts, allowedPorts);
@@ -991,7 +980,7 @@ function useSettings()
 {
   var settings = {};
   settings[kTorConfKeyDisableNetwork] = false;
-  this.setConfAndReportErrors(settings, null);
+  setConfAndReportErrors(settings, null);
 
   gProtocolSvc.TorSendCommand("SAVECONF");
   gTorProcessService.TorClearBootstrapError();
@@ -1026,7 +1015,7 @@ function applyProxySettings()
   if (!settings)
     return false;
 
-  return this.setConfAndReportErrors(settings, "proxyYES");
+  return setConfAndReportErrors(settings, "proxyYES");
 }
 
 
@@ -1044,9 +1033,7 @@ function getAndValidateProxySettings()
   settings[kTorConfKeyHTTPSProxyAuthenticator] = null;
 
   var proxyType, proxyAddrPort, proxyUsername, proxyPassword;
-  var useProxy = (getWizard()) ? getYesNoRadioValue(kWizardProxyRadioGroup)
-                               : getElemValue(kUseProxyCheckbox, false);
-  if (useProxy)
+  if (isProxyConfigured())
   {
     proxyAddrPort = createColonStr(getElemValue(kProxyAddr, null),
                                    getElemValue(kProxyPort, null));
@@ -1089,7 +1076,14 @@ function getAndValidateProxySettings()
   }
 
   return settings;
-} // applyProxySettings
+} // getAndValidateProxySettings
+
+
+function isProxyConfigured()
+{
+  return (getWizard()) ? getYesNoRadioValue(kWizardProxyRadioGroup)
+                       : getElemValue(kUseProxyCheckbox, false);
+}
 
 
 function reportValidationError(aStrKey)
@@ -1101,15 +1095,17 @@ function reportValidationError(aStrKey)
 // Returns true if settings were successfully applied.
 function applyFirewallSettings()
 {
-  var settings = getAndValidateFirewallSettings();
+  var settings = (getWizard()) ? getAutoFirewallSettings()
+                               : getAndValidateFirewallSettings();
   if (!settings)
     return false;
 
-  return this.setConfAndReportErrors(settings, "firewallYES");
+  return setConfAndReportErrors(settings, null);
 }
 
 
 // Return a settings object if successful and null if not.
+// Not used for the wizard.
 function getAndValidateFirewallSettings()
 {
   // TODO: validate user-entered data.  See Vidalia's NetworkPage::save()
@@ -1117,14 +1113,47 @@ function getAndValidateFirewallSettings()
   var settings = {};
   settings[kTorConfKeyReachableAddresses] = null;
 
-  var useFirewallPorts = (getWizard())
-                            ? getYesNoRadioValue(kWizardFirewallRadioGroup)
-                            : getElemValue(kUseFirewallPortsCheckbox, false);
-  var allowedPorts = getElemValue(kFirewallAllowedPorts, null);
-  if (useFirewallPorts && allowedPorts)
+  var allowedPorts = null;
+  if (getElemValue(kUseFirewallPortsCheckbox, false))
+    allowedPorts = getElemValue(kFirewallAllowedPorts, null);
+
+  return constructFirewallSettings(allowedPorts);
+}
+
+
+// Return a settings object if successful and null if not.
+// Only used for the wizard.
+function getAutoFirewallSettings()
+{
+  // In the wizard, we automatically set firewall ports (ReachableAddresses) to
+  // 80 and 443 if and only if the user has configured a proxy but no bridges.
+  // Rationale (from ticket #11405):
+  //   - Many proxies restrict which ports they will proxy for, so we want to
+  //     use a small set of ports in that case.
+  //
+  //   - In most other situations, tor will quickly find a bridge or guard on
+  //     port 443, so there is no need to limit which port may be used.
+  //
+  //   - People whose set of reachable ports are really esoteric will need to
+  //     be very patient or they will need to edit torrc manually... but that
+  //     is OK since we expect that situation to be very rare.
+  var allowedPorts = null;
+  if (isProxyConfigured() && !isBridgeConfigured())
+    allowedPorts = "80,443";
+
+  return constructFirewallSettings(allowedPorts);
+}
+
+
+function constructFirewallSettings(aAllowedPorts)
+{
+  var settings = {};
+  settings[kTorConfKeyReachableAddresses] = null;
+
+  if (aAllowedPorts)
   {
     var portsConfStr;
-    var portsArray = allowedPorts.split(',');
+    var portsArray = aAllowedPorts.split(',');
     for (var i = 0; i < portsArray.length; ++i)
     {
       var s = portsArray[i].trim();
@@ -1188,7 +1217,7 @@ function applyBridgeSettings()
   if (!settings)
     return false;
 
-  return this.setConfAndReportErrors(settings, "bridgeSettings");
+  return setConfAndReportErrors(settings, "bridgeSettings");
 }
 
 
@@ -1199,9 +1228,7 @@ function getAndValidateBridgeSettings()
   settings[kTorConfKeyUseBridges] = null;
   settings[kTorConfKeyBridgeList] = null;
 
-  var useBridges = (getWizard()) ? getElemValue("bridgesRadioYes", false)
-                                 : getElemValue(kUseBridgesCheckbox, false);
-
+  var useBridges = isBridgeConfigured();
   var defaultBridgeType;
   var bridgeList;
   if (useBridges)
@@ -1246,6 +1273,13 @@ function getAndValidateBridgeSettings()
 }
 
 
+function isBridgeConfigured()
+{
+  return (getWizard()) ? getElemValue("bridgesRadioYes", false)
+                       : getElemValue(kUseBridgesCheckbox, false);
+}
+
+
 // Returns an array or null.
 function parseAndValidateBridges(aStr)
 {
@@ -1271,6 +1305,7 @@ function parseAndValidateBridges(aStr)
 
 
 // Returns true if successful.
+// aShowOnErrorPanelID is only used when displaying the wizard.
 function setConfAndReportErrors(aSettingsObj, aShowOnErrorPanelID)
 {
   var errObj = {};
diff --git a/src/chrome/locale/en/network-settings.dtd b/src/chrome/locale/en/network-settings.dtd
index aa54f3e..3661088 100644
--- a/src/chrome/locale/en/network-settings.dtd
+++ b/src/chrome/locale/en/network-settings.dtd
@@ -8,8 +8,8 @@
 <!ENTITY torSettings.no "No">
 
 <!ENTITY torSettings.firstQuestion "Which of the following best describes your situation?">
-<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored, filtered, or proxied.">
-<!ENTITY torSettings.configurePrompt2 "I need to configure bridge, firewall, or proxy settings.">
+<!ENTITY torSettings.configurePrompt1 "This computer's Internet connection is censored or proxied.">
+<!ENTITY torSettings.configurePrompt2 "I need to configure bridge or proxy settings.">
 <!ENTITY torSettings.configure "Configure">
 <!ENTITY torSettings.connectPrompt2 "I would like to connect directly to the Tor network.">
 <!ENTITY torSettings.connectPrompt3 "This will work in most situations.">
@@ -19,9 +19,6 @@
 <!-- see https://www.torproject.org/docs/proxychain.html.en -->
 <!ENTITY torSettings.proxyHelp "If you are not sure how to answer this question, look at the Internet settings in another browser to see whether it is configured to use a proxy.">
 <!ENTITY torSettings.enterProxy "Enter the proxy settings.">
-<!ENTITY torSettings.firewallQuestion "Does this computer's Internet connection go through a firewall that only allows connections to certain ports?">
-<!ENTITY torSettings.firewallHelp "If you are not sure how to answer this question, choose No. If you encounter problems connecting to the Tor network, change this setting.">
-<!ENTITY torSettings.enterFirewall "Enter a comma-separated list of ports that are allowed by the firewall.">
 <!ENTITY torSettings.bridgeQuestion "Does your Internet Service Provider (ISP) block or otherwise censor connections to the Tor Network?">
 <!ENTITY torSettings.bridgeHelp "If you are not sure how to answer this question, choose No.  If you choose Yes, you will be asked to configure Tor Bridges, which are unlisted relays that make it more difficult to block connections to the Tor Network.">
 <!ENTITY torSettings.bridgeSettingsPrompt "You may use the provided set of bridges or you may obtain and enter a custom set of bridges.">



More information about the tor-commits mailing list