Compare commits
11 Commits
Author | SHA1 | Date |
---|---|---|
Sarah Jamie Lewis | 1524e78a4a | |
Sarah Jamie Lewis | cd87779e87 | |
Sarah Jamie Lewis | d8dd82d065 | |
Sarah Jamie Lewis | 932f99fac8 | |
Sarah Jamie Lewis | bbacb5539d | |
Sarah Jamie Lewis | 2c9ec9d894 | |
Sarah Jamie Lewis | c9ea1e4464 | |
Sarah Jamie Lewis | 61ced82cb4 | |
Sarah Jamie Lewis | 91c41e2005 | |
Sarah Jamie Lewis | caca121441 | |
Sarah Jamie Lewis | 9beff8a10a |
|
@ -10,6 +10,8 @@ A library providing an ACN (Anonymous Communication Network
|
|||
## Environment Variables
|
||||
|
||||
- `TOR_LD_LIBRARY_PATH` - override the library path given to the Tor process as different from the one given to the parent process.
|
||||
- `CWTCH_RESTRICT_PORTS` - forces connectivity to bind to a subset of ports `15000-15378`
|
||||
- `CWTCH_BIND_EXTERNAL_WHONIX` - forces connectivity to bind to external interfaces (only supported/recommended on certain Whonix-based setups. Please open an issue if you think this should be expanded.)
|
||||
|
||||
## Requirements for ACN Support
|
||||
|
||||
|
@ -54,4 +56,4 @@ service:
|
|||
acn.Restart()
|
||||
and
|
||||
|
||||
acn.Close()
|
||||
acn.Close()
|
||||
|
|
28
error_acn.go
28
error_acn.go
|
@ -1,20 +1,25 @@
|
|||
package connectivity
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
)
|
||||
|
||||
const acnError = "error initializing anonymous communication network"
|
||||
|
||||
// ErrorACN - a status-callback safe errored ACN. Use this when ACN construction goes wrong
|
||||
// and you need a safe substitute that can later be replaced with a working ACN without impacting calling clients.
|
||||
type ErrorACN struct {
|
||||
acnError error
|
||||
statusCallbackCache func(int, string)
|
||||
versionCallbackCache func(string)
|
||||
}
|
||||
|
||||
func NewErrorACN(err error) ErrorACN {
|
||||
return ErrorACN{
|
||||
acnError: err,
|
||||
statusCallbackCache: func(int, string) {},
|
||||
versionCallbackCache: func(string) {},
|
||||
}
|
||||
}
|
||||
|
||||
func (e *ErrorACN) GetStatusCallback() func(int, string) {
|
||||
return e.statusCallbackCache
|
||||
}
|
||||
|
@ -24,15 +29,15 @@ func (e *ErrorACN) GetVersionCallback() func(string) {
|
|||
}
|
||||
|
||||
func (e *ErrorACN) GetInfo(addr string) (map[string]string, error) {
|
||||
return nil, errors.New(acnError)
|
||||
return nil, e.acnError
|
||||
}
|
||||
|
||||
func (e *ErrorACN) GetBootstrapStatus() (int, string) {
|
||||
return -1, acnError
|
||||
return -1, e.acnError.Error()
|
||||
}
|
||||
|
||||
func (e *ErrorACN) WaitTillBootstrapped() error {
|
||||
return errors.New(acnError)
|
||||
return e.acnError
|
||||
}
|
||||
|
||||
func (e *ErrorACN) SetStatusCallback(callback func(int, string)) {
|
||||
|
@ -47,20 +52,21 @@ func (e *ErrorACN) Restart() {
|
|||
}
|
||||
|
||||
func (e *ErrorACN) Open(hostname string) (net.Conn, string, error) {
|
||||
return nil, "", fmt.Errorf(acnError)
|
||||
return nil, "", e.acnError
|
||||
}
|
||||
|
||||
func (e *ErrorACN) Listen(identity PrivateKey, port int) (ListenService, error) {
|
||||
return nil, fmt.Errorf(acnError)
|
||||
return nil, e.acnError
|
||||
}
|
||||
|
||||
func (e *ErrorACN) GetPID() (int, error) {
|
||||
return -1, fmt.Errorf(acnError)
|
||||
return -1, e.acnError
|
||||
}
|
||||
|
||||
func (e *ErrorACN) GetVersion() string {
|
||||
return acnError
|
||||
return e.acnError.Error()
|
||||
}
|
||||
|
||||
func (e *ErrorACN) Close() {
|
||||
// nothing to do...
|
||||
}
|
||||
|
|
|
@ -170,8 +170,9 @@ var progRe = regexp.MustCompile("PROGRESS=([0-9]*)")
|
|||
var sumRe = regexp.MustCompile("SUMMARY=\"(.*)\"$")
|
||||
|
||||
// GetBootstrapStatus returns an int 0-100 on the percent the bootstrapping of the underlying network is at and an optional string message
|
||||
// returns -1 on network disconnected
|
||||
// returns -2 on error
|
||||
//
|
||||
// returns -1 on network disconnected
|
||||
// returns -2 on error
|
||||
func (tp *torProvider) GetBootstrapStatus() (int, string) {
|
||||
tp.lock.Lock()
|
||||
defer tp.lock.Unlock()
|
||||
|
@ -267,7 +268,28 @@ func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (conne
|
|||
localport += 1024
|
||||
}
|
||||
|
||||
localListener, err := net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
|
||||
var localListener net.Listener
|
||||
var err error
|
||||
|
||||
if cwtchRestrictPorts := os.Getenv("CWTCH_RESTRICT_PORTS"); strings.ToLower(cwtchRestrictPorts) == "true" {
|
||||
// for whonix like systems we tightly restrict possible listen...
|
||||
// pick a random port between 15000 and 15378
|
||||
// cwtch = 63 *77 *74* 63* 68 = 1537844616
|
||||
log.Infof("using restricted ports, CWTCH_RESTRICT_PORTS=true");
|
||||
localport = 15000 + (localport % 378)
|
||||
}
|
||||
|
||||
if bindExternal := os.Getenv("CWTCH_BIND_EXTERNAL_WHONIX"); strings.ToLower(bindExternal) == "true" {
|
||||
if _, ferr := os.Stat("/usr/share/anon-ws-base-files/workstation"); !os.IsNotExist(ferr) {
|
||||
log.Infof("WARNING: binding to external interfaces. This is potentially unsafe outside of a containerized environment.");
|
||||
localListener, err = net.Listen("tcp", "0.0.0.0:"+strconv.Itoa(localport))
|
||||
} else {
|
||||
log.Errorf("CWTCH_BIND_EXTERNAL_WHONIX flag set, but /usr/share/anon-ws-base-files/workstation does not exist. Defaulting to binding to local ports");
|
||||
localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
|
||||
}
|
||||
} else {
|
||||
localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -289,6 +311,8 @@ func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (conne
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// We need to set os.ID here, otherwise os.Close() may not shut down the onion service properly...
|
||||
os.ID = onion
|
||||
os.CloseLocalListenerOnClose = true
|
||||
|
||||
ols := &onionListenService{os: os, tp: tp}
|
||||
|
@ -442,19 +466,18 @@ func newHideCmd(exePath string) process.Creator {
|
|||
loggerDebug := &logWriter{log.LevelDebug}
|
||||
loggerError := &logWriter{log.LevelError}
|
||||
|
||||
|
||||
cmd := exec.CommandContext(ctx, exePath, args...)
|
||||
cmd.Stdout = loggerDebug
|
||||
cmd.Stderr = loggerError
|
||||
cmd.SysProcAttr = sysProcAttr
|
||||
|
||||
|
||||
// override tor ld_library_path if requested
|
||||
torLdLibPath,exists := os.LookupEnv("TOR_LD_LIBRARY_PATH")
|
||||
torLdLibPath, exists := os.LookupEnv("TOR_LD_LIBRARY_PATH")
|
||||
if exists {
|
||||
ldLibPath := fmt.Sprintf("LD_LIBRARY_PATH=%v", torLdLibPath)
|
||||
cmd.Env = append([]string{ldLibPath},os.Environ()...)
|
||||
cmd.Env = append([]string{ldLibPath}, os.Environ()...)
|
||||
}
|
||||
|
||||
|
||||
return cmd, nil
|
||||
})
|
||||
}
|
||||
|
@ -665,4 +688,4 @@ func dialControlPort(port int) (*control.Conn, error) {
|
|||
return nil, err
|
||||
}
|
||||
return control.NewConn(textConn), nil
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue