Compare commits
3 Commits
Author | SHA1 | Date |
---|---|---|
Sarah Jamie Lewis | 6b644063ef | |
Sarah Jamie Lewis | 0ae6323b5f | |
Sarah Jamie Lewis | 6d57584e14 |
|
@ -4,6 +4,4 @@ tor/tor/
|
|||
vendor/
|
||||
*.cover.out
|
||||
tmp/
|
||||
testing/tor/*
|
||||
tor/data-dir*
|
||||
testing/data-dir*
|
||||
testing/tor/*
|
|
@ -7,12 +7,6 @@ A library providing an ACN (Anonymous Communication Network
|
|||
|
||||
* Tor v3 Onion Services
|
||||
|
||||
## Environment Variables
|
||||
|
||||
- `TOR_LD_LIBRARY_PATH` - override the library path given to the Tor process as different from the one given to the parent process.
|
||||
- `CWTCH_RESTRICT_PORTS` - forces connectivity to bind to a subset of ports `15000-15378`
|
||||
- `CWTCH_BIND_EXTERNAL_WHONIX` - forces connectivity to bind to external interfaces (only supported/recommended on certain Whonix-based setups. Please open an issue if you think this should be expanded.)
|
||||
|
||||
## Requirements for ACN Support
|
||||
|
||||
* Reference an EndPoint via a string / hostname
|
||||
|
@ -56,4 +50,4 @@ service:
|
|||
acn.Restart()
|
||||
and
|
||||
|
||||
acn.Close()
|
||||
acn.Close()
|
48
error_acn.go
48
error_acn.go
|
@ -1,43 +1,38 @@
|
|||
package connectivity
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
)
|
||||
|
||||
const acnError = "error initializing anonymous communication network"
|
||||
|
||||
// ErrorACN - a status-callback safe errored ACN. Use this when ACN construction goes wrong
|
||||
// and you need a safe substitute that can later be replaced with a working ACN without impacting calling clients.
|
||||
type ErrorACN struct {
|
||||
acnError error
|
||||
statusCallbackCache func(int, string)
|
||||
versionCallbackCache func(string)
|
||||
}
|
||||
|
||||
func NewErrorACN(err error) ErrorACN {
|
||||
return ErrorACN{
|
||||
acnError: err,
|
||||
statusCallbackCache: func(int, string) {},
|
||||
versionCallbackCache: func(string) {},
|
||||
}
|
||||
}
|
||||
|
||||
func (e *ErrorACN) GetStatusCallback() func(int, string) {
|
||||
func (e ErrorACN) GetStatusCallback() func(int, string) {
|
||||
return e.statusCallbackCache
|
||||
}
|
||||
|
||||
func (e *ErrorACN) GetVersionCallback() func(string) {
|
||||
func (e ErrorACN) GetVersionCallback() func(string) {
|
||||
return e.versionCallbackCache
|
||||
}
|
||||
|
||||
func (e *ErrorACN) GetInfo(addr string) (map[string]string, error) {
|
||||
return nil, e.acnError
|
||||
return nil, errors.New(acnError)
|
||||
}
|
||||
|
||||
func (e *ErrorACN) GetBootstrapStatus() (int, string) {
|
||||
return -1, e.acnError.Error()
|
||||
func (e ErrorACN) GetBootstrapStatus() (int, string) {
|
||||
return -1, acnError
|
||||
}
|
||||
|
||||
func (e *ErrorACN) WaitTillBootstrapped() error {
|
||||
return e.acnError
|
||||
func (e ErrorACN) WaitTillBootstrapped() error {
|
||||
return errors.New(acnError)
|
||||
}
|
||||
|
||||
func (e *ErrorACN) SetStatusCallback(callback func(int, string)) {
|
||||
|
@ -48,25 +43,24 @@ func (e *ErrorACN) SetVersionCallback(callback func(string)) {
|
|||
e.versionCallbackCache = callback
|
||||
}
|
||||
|
||||
func (e *ErrorACN) Restart() {
|
||||
func (e ErrorACN) Restart() {
|
||||
}
|
||||
|
||||
func (e *ErrorACN) Open(hostname string) (net.Conn, string, error) {
|
||||
return nil, "", e.acnError
|
||||
func (e ErrorACN) Open(hostname string) (net.Conn, string, error) {
|
||||
return nil, "", fmt.Errorf(acnError)
|
||||
}
|
||||
|
||||
func (e *ErrorACN) Listen(identity PrivateKey, port int) (ListenService, error) {
|
||||
return nil, e.acnError
|
||||
func (e ErrorACN) Listen(identity PrivateKey, port int) (ListenService, error) {
|
||||
return nil, fmt.Errorf(acnError)
|
||||
}
|
||||
|
||||
func (e *ErrorACN) GetPID() (int, error) {
|
||||
return -1, e.acnError
|
||||
func (e ErrorACN) GetPID() (int, error) {
|
||||
return -1, fmt.Errorf(acnError)
|
||||
}
|
||||
|
||||
func (e *ErrorACN) GetVersion() string {
|
||||
return e.acnError.Error()
|
||||
func (e ErrorACN) GetVersion() string {
|
||||
return acnError
|
||||
}
|
||||
|
||||
func (e *ErrorACN) Close() {
|
||||
// nothing to do...
|
||||
func (e ErrorACN) Close() {
|
||||
}
|
||||
|
|
|
@ -170,9 +170,8 @@ var progRe = regexp.MustCompile("PROGRESS=([0-9]*)")
|
|||
var sumRe = regexp.MustCompile("SUMMARY=\"(.*)\"$")
|
||||
|
||||
// GetBootstrapStatus returns an int 0-100 on the percent the bootstrapping of the underlying network is at and an optional string message
|
||||
//
|
||||
// returns -1 on network disconnected
|
||||
// returns -2 on error
|
||||
// returns -1 on network disconnected
|
||||
// returns -2 on error
|
||||
func (tp *torProvider) GetBootstrapStatus() (int, string) {
|
||||
tp.lock.Lock()
|
||||
defer tp.lock.Unlock()
|
||||
|
@ -268,28 +267,7 @@ func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (conne
|
|||
localport += 1024
|
||||
}
|
||||
|
||||
var localListener net.Listener
|
||||
var err error
|
||||
|
||||
if cwtchRestrictPorts := os.Getenv("CWTCH_RESTRICT_PORTS"); strings.ToLower(cwtchRestrictPorts) == "true" {
|
||||
// for whonix like systems we tightly restrict possible listen...
|
||||
// pick a random port between 15000 and 15378
|
||||
// cwtch = 63 *77 *74* 63* 68 = 1537844616
|
||||
log.Infof("using restricted ports, CWTCH_RESTRICT_PORTS=true");
|
||||
localport = 15000 + (localport % 378)
|
||||
}
|
||||
|
||||
if bindExternal := os.Getenv("CWTCH_BIND_EXTERNAL_WHONIX"); strings.ToLower(bindExternal) == "true" {
|
||||
if _, ferr := os.Stat("/usr/share/anon-ws-base-files/workstation"); !os.IsNotExist(ferr) {
|
||||
log.Infof("WARNING: binding to external interfaces. This is potentially unsafe outside of a containerized environment.");
|
||||
localListener, err = net.Listen("tcp", "0.0.0.0:"+strconv.Itoa(localport))
|
||||
} else {
|
||||
log.Errorf("CWTCH_BIND_EXTERNAL_WHONIX flag set, but /usr/share/anon-ws-base-files/workstation does not exist. Defaulting to binding to local ports");
|
||||
localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
|
||||
}
|
||||
} else {
|
||||
localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
|
||||
}
|
||||
localListener, err := net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -311,8 +289,6 @@ func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (conne
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// We need to set os.ID here, otherwise os.Close() may not shut down the onion service properly...
|
||||
os.ID = onion
|
||||
os.CloseLocalListenerOnClose = true
|
||||
|
||||
ols := &onionListenService{os: os, tp: tp}
|
||||
|
@ -470,14 +446,6 @@ func newHideCmd(exePath string) process.Creator {
|
|||
cmd.Stdout = loggerDebug
|
||||
cmd.Stderr = loggerError
|
||||
cmd.SysProcAttr = sysProcAttr
|
||||
|
||||
// override tor ld_library_path if requested
|
||||
torLdLibPath, exists := os.LookupEnv("TOR_LD_LIBRARY_PATH")
|
||||
if exists {
|
||||
ldLibPath := fmt.Sprintf("LD_LIBRARY_PATH=%v", torLdLibPath)
|
||||
cmd.Env = append([]string{ldLibPath}, os.Environ()...)
|
||||
}
|
||||
|
||||
return cmd, nil
|
||||
})
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue