[tor-commits] [torbutton/master] Bug 16917: Allow users to more easily set a non-tor SSH proxy.
gk at torproject.org
gk at torproject.org
Fri Mar 4 10:24:21 UTC 2016
commit 06800f1c9c0a3c2adf850f9ad70e7ee8c3e645d0
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Thu Feb 18 14:22:47 2016 -0800
Bug 16917: Allow users to more easily set a non-tor SSH proxy.
Creates a hidden torbutton pref, which if set, allows Tor Browser to work with
non-Tor proxies (by disabling our use of SOCKS u+p auth).
Enabling this pref also enables NoScript ABE (to prevent proxied connections
from hitting localhost/RFC1918) and executes New Identity.
---
src/chrome/content/torbutton.js | 40 ++++++++++++++++++++++++++++++++-
src/chrome/content/torbutton_util.js | 4 ++++
src/components/domain-isolator.js | 21 +++++++++++++++++
src/defaults/preferences/preferences.js | 1 +
4 files changed, 65 insertions(+), 1 deletion(-)
diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
index bf45fea..ce49a57 100644
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@ -233,6 +233,9 @@ var torbutton_unique_pref_observer =
case "extensions.torbutton.block_disk":
torbutton_update_disk_prefs();
break;
+ case "extensions.torbutton.use_nontor_proxy":
+ torbutton_use_nontor_proxy();
+ break;
case "extensions.torbutton.resist_fingerprinting":
case "extensions.torbutton.spoof_english":
torbutton_update_fingerprinting_prefs();
@@ -2004,11 +2007,41 @@ function torbutton_clear_image_caches()
}
}
+/* Called when we switch the use_nontor_proxy pref in either direction.
+ *
+ * Enables/disables domain isolation and NoScript ABE, and then does
+ * new identity
+ */
+function torbutton_use_nontor_proxy()
+{
+ let nontor_mode = m_tb_prefs.getBoolPref("extensions.torbutton.use_nontor_proxy");
+ let domainIsolator = Cc["@torproject.org/domain-isolator;1"]
+ .getService(Ci.nsISupports).wrappedJSObject;
+
+ if (m_tb_prefs.getBoolPref("extensions.torbutton.use_nontor_proxy")) {
+ // We need to enable ABE because non-tor proxies won't reject localhost
+ // and RFC1918, and we should block them. (The default ABE policy does this).
+ m_tb_prefs.setBoolPref("noscript.ABE.enabled", true);
+
+ // Disable domain isolation
+ domainIsolator.disableIsolation();
+ } else {
+ m_tb_prefs.setBoolPref("noscript.ABE.enabled", false);
+
+ domainIsolator.enableIsolation();
+ }
+
+ // Always reset our identity if the proxy has changed from tor
+ // to non-tor.
+ torbutton_do_new_identity();
+}
+
function torbutton_do_tor_check()
{
let checkSvc = Cc["@torproject.org/torbutton-torCheckService;1"]
.getService(Ci.nsISupports).wrappedJSObject;
if (checkSvc.kCheckNotInitiated != checkSvc.statusOfTorCheck ||
+ m_tb_prefs.getBoolPref("extensions.torbutton.use_nontor_proxy") ||
!m_tb_prefs.getBoolPref("extensions.torbutton.test_enabled"))
return; // Only do the check once.
@@ -3161,7 +3194,12 @@ function torbutton_close_window(event) {
var enumerator = wm.getEnumerator("navigator:browser");
while(enumerator.hasMoreElements()) {
var win = enumerator.getNext();
- if(win != window) {
+ // For some reason, when New Identity is called from a pref
+ // observer (ex: torbutton_use_nontor_proxy) on an ASAN build,
+ // we sometimes don't have this symbol set in the new window yet.
+ // However, the new window will run this init later in that case,
+ // as it does in the OSX case.
+ if(win != window && "torbutton_do_main_window_startup" in win) {
torbutton_log(3, "Found another window");
win.torbutton_do_main_window_startup();
m_tb_is_main_window = false;
diff --git a/src/chrome/content/torbutton_util.js b/src/chrome/content/torbutton_util.js
index 1ec6dcc..68276d0 100644
--- a/src/chrome/content/torbutton_util.js
+++ b/src/chrome/content/torbutton_util.js
@@ -148,6 +148,10 @@ function torbutton_check_status() {
return false;
}
+ if (torprefs.getBoolPref("use_nontor_proxy")) {
+ return true;
+ }
+
if (torbutton_check_socks_remote_dns())
remote_dns = liveprefs.getBoolPref("socks_remote_dns");
else
diff --git a/src/components/domain-isolator.js b/src/components/domain-isolator.js
index 93c7f65..caf45cf 100644
--- a/src/components/domain-isolator.js
+++ b/src/components/domain-isolator.js
@@ -53,6 +53,10 @@ let tor = tor || {};
// A mutable map that records what nonce we are using for each domain.
tor.noncesForDomains = {};
+// __tor.isolationEabled__.
+// A bool that controls if we use SOCKS auth for isolation or not.
+tor.isolationEnabled = true;
+
// __tor.unknownDirtySince__.
// Specifies when the current catch-all circuit was first used
tor.unknownDirtySince = Date.now();
@@ -96,6 +100,9 @@ tor.newCircuitForDomain = function(domain) {
// combination.
tor.isolateCircuitsByDomain = function () {
mozilla.registerProxyChannelFilter(function (aChannel, aProxy) {
+ if (!tor.isolationEnabled)
+ return aProxy;
+
try {
let channel = aChannel.QueryInterface(Ci.nsIChannel),
firstPartyURI = mozilla.thirdPartyUtil.getFirstPartyURIFromChannel(channel, true)
@@ -145,6 +152,12 @@ DomainIsolator.prototype = {
observe: function (subject, topic, data) {
if (topic === "profile-after-change") {
logger.eclog(3, "domain isolator: set up isolating circuits by domain");
+
+ let prefs = Cc["@mozilla.org/preferences-service;1"]
+ .getService(Ci.nsIPrefBranch);
+ if (prefs.getBoolPref("extensions.torbutton.use_nontor_proxy")) {
+ tor.isolationEnabled = false;
+ }
tor.isolateCircuitsByDomain();
}
},
@@ -152,6 +165,14 @@ DomainIsolator.prototype = {
tor.newCircuitForDomain(domain);
},
+ enableIsolation: function() {
+ tor.isolationEnabled = true;
+ },
+
+ disableIsolation: function() {
+ tor.isolationEnabled = false;
+ },
+
wrappedJSObject: null
};
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index 46bfc0e..548f4ed 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -33,6 +33,7 @@ pref("extensions.torbutton.test_failed",false);
pref("extensions.torbutton.no_proxies_on","");
pref("extensions.torbutton.versioncheck_url","https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions");
pref("extensions.torbutton.versioncheck_enabled",true);
+pref("extensions.torbutton.use_nontor_proxy",false);
// XXX: wtf prefs? These seem not actually connected, but govern
// if user wants own tor proxy settings
More information about the tor-commits
mailing list