2015-09-07 22:34:54 -07:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
"""
|
|
|
|
|
OnionShare | https://onionshare.org/
|
|
|
|
|
|
2017-01-06 18:58:15 -08:00
|
|
|
Copyright (C) 2017 Micah Lee <micah@micahflee.com>
|
2015-09-07 22:34:54 -07:00
|
|
|
|
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
from stem.control import Controller
|
2017-04-17 20:49:06 -07:00
|
|
|
from stem import ProtocolError, SocketClosed
|
2017-01-07 17:31:26 -08:00
|
|
|
from stem.connection import MissingPassword, UnreadableCookieFile, AuthenticationFailure
|
2017-04-17 19:13:53 -07:00
|
|
|
import os, sys, tempfile, shutil, urllib, platform, subprocess, time, shlex
|
2015-09-07 22:34:54 -07:00
|
|
|
|
2016-02-12 14:34:19 -08:00
|
|
|
from . import socks
|
2017-05-16 11:05:48 -07:00
|
|
|
from . import common, strings
|
2016-12-28 19:52:21 -08:00
|
|
|
from .settings import Settings
|
2015-09-07 22:34:54 -07:00
|
|
|
|
2016-12-29 12:57:58 -08:00
|
|
|
class TorErrorAutomatic(Exception):
|
|
|
|
|
"""
|
|
|
|
|
OnionShare is failing to connect and authenticate to the Tor controller,
|
|
|
|
|
using automatic settings that should work with Tor Browser.
|
|
|
|
|
"""
|
|
|
|
|
pass
|
|
|
|
|
|
2016-12-29 09:58:13 -08:00
|
|
|
class TorErrorInvalidSetting(Exception):
|
|
|
|
|
"""
|
|
|
|
|
This exception is raised if the settings just don't make sense.
|
|
|
|
|
"""
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
class TorErrorSocketPort(Exception):
|
|
|
|
|
"""
|
|
|
|
|
OnionShare can't connect to the Tor controller using the supplied address and port.
|
|
|
|
|
"""
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
class TorErrorSocketFile(Exception):
|
|
|
|
|
"""
|
|
|
|
|
OnionShare can't connect to the Tor controller using the supplied socket file.
|
|
|
|
|
"""
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
class TorErrorMissingPassword(Exception):
|
|
|
|
|
"""
|
|
|
|
|
OnionShare connected to the Tor controller, but it requires a password.
|
|
|
|
|
"""
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
class TorErrorUnreadableCookieFile(Exception):
|
|
|
|
|
"""
|
|
|
|
|
OnionShare connected to the Tor controller, but your user does not have permission
|
|
|
|
|
to access the cookie file.
|
|
|
|
|
"""
|
|
|
|
|
pass
|
|
|
|
|
|
2017-01-07 17:31:26 -08:00
|
|
|
class TorErrorAuthError(Exception):
|
|
|
|
|
"""
|
|
|
|
|
OnionShare connected to the address and port, but can't authenticate. It's possible
|
|
|
|
|
that a Tor controller isn't listening on this port.
|
|
|
|
|
"""
|
|
|
|
|
pass
|
|
|
|
|
|
2017-02-22 16:45:52 -08:00
|
|
|
class TorErrorProtocolError(Exception):
|
|
|
|
|
"""
|
|
|
|
|
This exception is raised if onionshare connects to the Tor controller, but it
|
|
|
|
|
isn't acting like a Tor controller (such as in Whonix).
|
|
|
|
|
"""
|
|
|
|
|
pass
|
|
|
|
|
|
2016-12-22 16:56:39 -08:00
|
|
|
class TorTooOld(Exception):
|
|
|
|
|
"""
|
|
|
|
|
This exception is raised if onionshare needs to use a feature of Tor or stem
|
|
|
|
|
(like stealth ephemeral onion services) but the version you have installed
|
|
|
|
|
is too old.
|
|
|
|
|
"""
|
|
|
|
|
pass
|
|
|
|
|
|
2017-04-08 18:10:17 -07:00
|
|
|
class BundledTorNotSupported(Exception):
|
|
|
|
|
"""
|
|
|
|
|
This exception is raised if onionshare is set to use the bundled Tor binary,
|
|
|
|
|
but it's not supported on that platform, or in dev mode.
|
|
|
|
|
"""
|
|
|
|
|
|
2017-04-14 10:00:56 -07:00
|
|
|
class BundledTorTimeout(Exception):
|
|
|
|
|
"""
|
|
|
|
|
This exception is raised if onionshare is set to use the bundled Tor binary,
|
|
|
|
|
but Tor doesn't finish connecting promptly.
|
|
|
|
|
"""
|
|
|
|
|
|
2017-04-17 20:49:06 -07:00
|
|
|
class BundledTorCanceled(Exception):
|
|
|
|
|
"""
|
|
|
|
|
This exception is raised if onionshare is set to use the bundled Tor binary,
|
|
|
|
|
and the user cancels connecting to Tor
|
|
|
|
|
"""
|
|
|
|
|
|
2017-05-17 12:00:42 -07:00
|
|
|
class BundledTorBroken(Exception):
|
|
|
|
|
"""
|
|
|
|
|
This exception is raised if onionshare is set to use the bundled Tor binary,
|
|
|
|
|
but the process seems to fail to run.
|
|
|
|
|
"""
|
|
|
|
|
|
2016-09-05 11:16:54 -07:00
|
|
|
class Onion(object):
|
2015-11-15 19:01:20 -08:00
|
|
|
"""
|
2016-09-05 11:16:54 -07:00
|
|
|
Onion is an abstraction layer for connecting to the Tor control port and
|
2017-02-22 14:10:06 -08:00
|
|
|
creating onion services. OnionShare supports creating onion services by
|
|
|
|
|
connecting to the Tor controller and using ADD_ONION, DEL_ONION.
|
2017-04-13 22:56:47 -07:00
|
|
|
|
|
|
|
|
stealth: Should the onion service be stealth?
|
|
|
|
|
|
|
|
|
|
settings: A Settings object. If it's not passed in, load from disk.
|
|
|
|
|
|
|
|
|
|
bundled_connection_func: If the tor connection type is bundled, optionally
|
|
|
|
|
call this function and pass in a status string while connecting to tor. This
|
|
|
|
|
is necessary for status updates to reach the GUI.
|
2015-11-15 19:01:20 -08:00
|
|
|
"""
|
2017-05-16 11:12:55 -07:00
|
|
|
def __init__(self):
|
2017-05-16 11:23:18 -07:00
|
|
|
common.log('Onion', '__init__')
|
|
|
|
|
|
2017-04-17 19:13:53 -07:00
|
|
|
self.stealth = False
|
2017-02-22 14:10:06 -08:00
|
|
|
self.service_id = None
|
2015-09-07 22:34:54 -07:00
|
|
|
|
2018-02-06 16:39:04 -05:00
|
|
|
self.system = common.get_platform()
|
2016-12-28 19:52:21 -08:00
|
|
|
|
2017-04-13 22:22:34 -07:00
|
|
|
# Is bundled tor supported?
|
2017-04-17 19:13:53 -07:00
|
|
|
if (self.system == 'Windows' or self.system == 'Darwin') and getattr(sys, 'onionshare_dev_mode', False):
|
|
|
|
|
self.bundle_tor_supported = False
|
2017-04-13 22:22:34 -07:00
|
|
|
else:
|
2017-04-17 19:13:53 -07:00
|
|
|
self.bundle_tor_supported = True
|
2017-04-13 22:22:34 -07:00
|
|
|
|
|
|
|
|
# Set the path of the tor binary, for bundled tor
|
2018-01-15 12:49:29 +11:00
|
|
|
(self.tor_path, self.tor_geo_ip_file_path, self.tor_geo_ipv6_file_path, self.obfs4proxy_file_path) = common.get_tor_paths()
|
2017-04-13 22:22:34 -07:00
|
|
|
|
|
|
|
|
# The tor process
|
2017-04-15 11:43:19 -07:00
|
|
|
self.tor_proc = None
|
2017-04-13 22:22:34 -07:00
|
|
|
|
2017-05-16 13:09:27 -07:00
|
|
|
# Start out not connected to Tor
|
|
|
|
|
self.connected_to_tor = False
|
|
|
|
|
|
2017-06-01 17:35:27 +10:00
|
|
|
def connect(self, settings=False, config=False, tor_status_update_func=None):
|
2017-05-16 11:23:18 -07:00
|
|
|
common.log('Onion', 'connect')
|
|
|
|
|
|
2017-04-17 19:13:53 -07:00
|
|
|
# Either use settings that are passed in, or load them from disk
|
|
|
|
|
if settings:
|
|
|
|
|
self.settings = settings
|
|
|
|
|
else:
|
2017-06-01 17:35:27 +10:00
|
|
|
self.settings = Settings(config)
|
2017-04-17 19:13:53 -07:00
|
|
|
self.settings.load()
|
|
|
|
|
|
|
|
|
|
# The Tor controller
|
2016-12-29 09:58:13 -08:00
|
|
|
self.c = None
|
2016-12-22 13:39:32 -08:00
|
|
|
|
2017-04-08 18:10:17 -07:00
|
|
|
if self.settings.get('connection_type') == 'bundled':
|
2017-04-17 19:13:53 -07:00
|
|
|
if not self.bundle_tor_supported:
|
2017-04-08 18:10:17 -07:00
|
|
|
raise BundledTorNotSupported(strings._('settings_error_bundled_tor_not_supported'))
|
|
|
|
|
|
2017-04-13 22:22:34 -07:00
|
|
|
# Create a torrc for this session
|
|
|
|
|
self.tor_data_directory = tempfile.TemporaryDirectory()
|
2017-04-14 18:33:44 -07:00
|
|
|
|
2017-04-17 19:13:53 -07:00
|
|
|
if self.system == 'Windows':
|
2017-04-14 18:33:44 -07:00
|
|
|
# Windows needs to use network ports, doesn't support unix sockets
|
2017-05-16 11:05:48 -07:00
|
|
|
torrc_template = open(common.get_resource_path('torrc_template-windows')).read()
|
2017-12-07 08:49:10 +11:00
|
|
|
try:
|
|
|
|
|
self.tor_control_port = common.get_available_port(1000, 65535)
|
|
|
|
|
except:
|
|
|
|
|
raise OSError(strings._('no_available_port'))
|
2017-04-14 18:33:44 -07:00
|
|
|
self.tor_control_socket = None
|
|
|
|
|
self.tor_cookie_auth_file = os.path.join(self.tor_data_directory.name, 'cookie')
|
2017-12-07 08:49:10 +11:00
|
|
|
try:
|
|
|
|
|
self.tor_socks_port = common.get_available_port(1000, 65535)
|
|
|
|
|
except:
|
|
|
|
|
raise OSError(strings._('no_available_port'))
|
2017-04-14 18:33:44 -07:00
|
|
|
self.tor_torrc = os.path.join(self.tor_data_directory.name, 'torrc')
|
|
|
|
|
else:
|
2018-02-06 16:39:04 -05:00
|
|
|
# Linux, Mac and BSD can use unix sockets
|
2017-05-23 21:22:14 +10:00
|
|
|
with open(common.get_resource_path('torrc_template')) as f:
|
2017-05-23 15:16:27 -07:00
|
|
|
torrc_template = f.read()
|
2017-04-14 18:33:44 -07:00
|
|
|
self.tor_control_port = None
|
|
|
|
|
self.tor_control_socket = os.path.join(self.tor_data_directory.name, 'control_socket')
|
|
|
|
|
self.tor_cookie_auth_file = os.path.join(self.tor_data_directory.name, 'cookie')
|
2017-12-07 08:49:10 +11:00
|
|
|
try:
|
|
|
|
|
self.tor_socks_port = common.get_available_port(1000, 65535)
|
|
|
|
|
except:
|
|
|
|
|
raise OSError(strings._('no_available_port'))
|
2017-04-14 18:33:44 -07:00
|
|
|
self.tor_torrc = os.path.join(self.tor_data_directory.name, 'torrc')
|
|
|
|
|
|
2017-04-13 22:22:34 -07:00
|
|
|
torrc_template = torrc_template.replace('{{data_directory}}', self.tor_data_directory.name)
|
2017-04-14 18:33:44 -07:00
|
|
|
torrc_template = torrc_template.replace('{{control_port}}', str(self.tor_control_port))
|
|
|
|
|
torrc_template = torrc_template.replace('{{control_socket}}', str(self.tor_control_socket))
|
2017-04-13 22:22:34 -07:00
|
|
|
torrc_template = torrc_template.replace('{{cookie_auth_file}}', self.tor_cookie_auth_file)
|
|
|
|
|
torrc_template = torrc_template.replace('{{geo_ip_file}}', self.tor_geo_ip_file_path)
|
|
|
|
|
torrc_template = torrc_template.replace('{{geo_ipv6_file}}', self.tor_geo_ipv6_file_path)
|
2017-04-14 18:33:44 -07:00
|
|
|
torrc_template = torrc_template.replace('{{socks_port}}', str(self.tor_socks_port))
|
2017-05-23 21:22:14 +10:00
|
|
|
with open(self.tor_torrc, 'w') as f:
|
2017-05-23 15:16:27 -07:00
|
|
|
f.write(torrc_template)
|
2017-04-13 22:22:34 -07:00
|
|
|
|
2017-12-11 14:53:13 +11:00
|
|
|
# Bridge support
|
|
|
|
|
if self.settings.get('tor_bridges_use_obfs4'):
|
2018-01-15 12:49:29 +11:00
|
|
|
f.write('ClientTransportPlugin obfs4 exec {}\n'.format(self.obfs4proxy_file_path))
|
2017-12-11 14:53:13 +11:00
|
|
|
with open(common.get_resource_path('torrc_template-obfs4')) as o:
|
|
|
|
|
for line in o:
|
|
|
|
|
f.write(line)
|
2018-02-15 23:19:53 +00:00
|
|
|
elif self.settings.get('tor_bridges_use_meek_lite_amazon'):
|
|
|
|
|
f.write('ClientTransportPlugin meek_lite exec {}\n'.format(self.obfs4proxy_file_path))
|
|
|
|
|
with open(common.get_resource_path('torrc_template-meek_lite_amazon')) as o:
|
|
|
|
|
for line in o:
|
|
|
|
|
f.write(line)
|
|
|
|
|
elif self.settings.get('tor_bridges_use_meek_lite_azure'):
|
|
|
|
|
f.write('ClientTransportPlugin meek_lite exec {}\n'.format(self.obfs4proxy_file_path))
|
|
|
|
|
with open(common.get_resource_path('torrc_template-meek_lite_azure')) as o:
|
|
|
|
|
for line in o:
|
|
|
|
|
f.write(line)
|
|
|
|
|
|
2017-12-11 14:53:13 +11:00
|
|
|
if self.settings.get('tor_bridges_use_custom_bridges'):
|
2018-01-19 15:31:11 +11:00
|
|
|
if 'obfs4' in self.settings.get('tor_bridges_use_custom_bridges'):
|
|
|
|
|
f.write('ClientTransportPlugin obfs4 exec {}\n'.format(self.obfs4proxy_file_path))
|
2018-02-15 23:19:53 +00:00
|
|
|
elif 'meek_lite' in self.settings.get('tor_bridges_use_custom_bridges'):
|
|
|
|
|
f.write('ClientTransportPlugin meek_lite exec {}\n'.format(self.obfs4proxy_file_path))
|
2017-12-11 14:53:13 +11:00
|
|
|
f.write(self.settings.get('tor_bridges_use_custom_bridges'))
|
2017-12-11 16:20:42 +11:00
|
|
|
f.write('\nUseBridges 1')
|
2017-12-11 14:53:13 +11:00
|
|
|
|
2017-04-15 11:34:03 -07:00
|
|
|
# Execute a tor subprocess
|
2017-04-14 10:00:56 -07:00
|
|
|
start_ts = time.time()
|
2017-04-17 19:13:53 -07:00
|
|
|
if self.system == 'Windows':
|
2017-04-15 11:34:03 -07:00
|
|
|
# In Windows, hide console window when opening tor.exe subprocess
|
|
|
|
|
startupinfo = subprocess.STARTUPINFO()
|
|
|
|
|
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
|
|
|
|
|
self.tor_proc = subprocess.Popen([self.tor_path, '-f', self.tor_torrc], stdout=subprocess.PIPE, stderr=subprocess.PIPE, startupinfo=startupinfo)
|
|
|
|
|
else:
|
|
|
|
|
self.tor_proc = subprocess.Popen([self.tor_path, '-f', self.tor_torrc], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
|
|
|
|
|
|
|
|
# Wait for the tor controller to start
|
2017-05-18 17:34:36 -07:00
|
|
|
time.sleep(2)
|
2017-04-13 22:22:34 -07:00
|
|
|
|
|
|
|
|
# Connect to the controller
|
2017-05-17 12:00:42 -07:00
|
|
|
try:
|
|
|
|
|
if self.system == 'Windows':
|
|
|
|
|
self.c = Controller.from_port(port=self.tor_control_port)
|
|
|
|
|
self.c.authenticate()
|
|
|
|
|
else:
|
|
|
|
|
self.c = Controller.from_socket_file(path=self.tor_control_socket)
|
|
|
|
|
self.c.authenticate()
|
|
|
|
|
except Exception as e:
|
|
|
|
|
raise BundledTorBroken(strings._('settings_error_bundled_tor_broken', True).format(e.args[0]))
|
2017-04-13 22:22:34 -07:00
|
|
|
|
|
|
|
|
while True:
|
2017-04-17 20:49:06 -07:00
|
|
|
try:
|
|
|
|
|
res = self.c.get_info("status/bootstrap-phase")
|
|
|
|
|
except SocketClosed:
|
|
|
|
|
raise BundledTorCanceled()
|
|
|
|
|
|
2017-04-13 22:22:34 -07:00
|
|
|
res_parts = shlex.split(res)
|
|
|
|
|
progress = res_parts[2].split('=')[1]
|
|
|
|
|
summary = res_parts[4].split('=')[1]
|
|
|
|
|
|
|
|
|
|
# "\033[K" clears the rest of the line
|
|
|
|
|
print("{}: {}% - {}{}".format(strings._('connecting_to_tor'), progress, summary, "\033[K"), end="\r")
|
2017-04-13 22:56:47 -07:00
|
|
|
|
2017-04-17 20:26:35 -07:00
|
|
|
if callable(tor_status_update_func):
|
2017-05-14 18:30:45 -07:00
|
|
|
if not tor_status_update_func(progress, summary):
|
|
|
|
|
# If the dialog was canceled, stop connecting to Tor
|
2017-05-16 11:44:34 -07:00
|
|
|
common.log('Onion', 'connect', 'tor_status_update_func returned false, canceling connecting to Tor')
|
2017-05-14 18:30:45 -07:00
|
|
|
print()
|
|
|
|
|
return False
|
2017-04-13 22:56:47 -07:00
|
|
|
|
2017-04-13 22:22:34 -07:00
|
|
|
if summary == 'Done':
|
|
|
|
|
print("")
|
|
|
|
|
break
|
2017-05-16 11:47:18 -07:00
|
|
|
time.sleep(0.2)
|
2017-04-13 22:22:34 -07:00
|
|
|
|
2017-12-14 17:31:15 +11:00
|
|
|
# If using bridges, it might take a bit longer to connect to Tor
|
2018-02-15 23:19:53 +00:00
|
|
|
if self.settings.get('tor_bridges_use_custom_bridges') or \
|
|
|
|
|
self.settings.get('tor_bridges_use_obfs4') or \
|
|
|
|
|
self.settings.get('tor_bridges_use_meek_lite_amazon') or \
|
|
|
|
|
self.settings.get('tor_bridges_use_meek_lite_azure'):
|
2018-01-14 18:53:46 +11:00
|
|
|
connect_timeout = 150
|
2017-12-14 17:31:15 +11:00
|
|
|
else:
|
2018-01-14 18:53:46 +11:00
|
|
|
# Timeout after 120 seconds
|
|
|
|
|
connect_timeout = 120
|
2017-12-14 17:31:15 +11:00
|
|
|
if time.time() - start_ts > connect_timeout:
|
2017-04-14 10:00:56 -07:00
|
|
|
print("")
|
|
|
|
|
self.tor_proc.terminate()
|
|
|
|
|
raise BundledTorTimeout(strings._('settings_error_bundled_tor_timeout'))
|
|
|
|
|
|
2017-04-13 22:22:34 -07:00
|
|
|
elif self.settings.get('connection_type') == 'automatic':
|
2016-12-29 09:58:13 -08:00
|
|
|
# Automatically try to guess the right way to connect to Tor Browser
|
|
|
|
|
|
2016-12-29 13:36:29 -08:00
|
|
|
# Try connecting to control port
|
|
|
|
|
found_tor = False
|
2016-12-29 12:57:58 -08:00
|
|
|
|
2016-12-29 13:36:29 -08:00
|
|
|
# If the TOR_CONTROL_PORT environment variable is set, use that
|
|
|
|
|
env_port = os.environ.get('TOR_CONTROL_PORT')
|
|
|
|
|
if env_port:
|
|
|
|
|
try:
|
|
|
|
|
self.c = Controller.from_port(port=int(env_port))
|
|
|
|
|
found_tor = True
|
|
|
|
|
except:
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
# Otherwise, try default ports for Tor Browser, Tor Messenger, and system tor
|
|
|
|
|
try:
|
|
|
|
|
ports = [9151, 9153, 9051]
|
|
|
|
|
for port in ports:
|
|
|
|
|
self.c = Controller.from_port(port=port)
|
|
|
|
|
found_tor = True
|
|
|
|
|
except:
|
|
|
|
|
pass
|
|
|
|
|
|
2017-01-06 11:46:41 -08:00
|
|
|
# If this still didn't work, try guessing the default socket file path
|
|
|
|
|
socket_file_path = ''
|
|
|
|
|
if not found_tor:
|
2017-01-06 11:54:42 -08:00
|
|
|
try:
|
2017-04-17 19:13:53 -07:00
|
|
|
if self.system == 'Darwin':
|
2017-01-06 11:54:42 -08:00
|
|
|
socket_file_path = os.path.expanduser('~/Library/Application Support/TorBrowser-Data/Tor/control.socket')
|
2017-01-06 11:46:41 -08:00
|
|
|
|
2017-01-06 11:54:42 -08:00
|
|
|
self.c = Controller.from_socket_file(path=socket_file_path)
|
|
|
|
|
found_tor = True
|
|
|
|
|
except:
|
|
|
|
|
pass
|
2017-01-06 11:46:41 -08:00
|
|
|
|
2016-12-29 13:36:29 -08:00
|
|
|
# If connecting to default control ports failed, so let's try
|
|
|
|
|
# guessing the socket file name next
|
|
|
|
|
if not found_tor:
|
|
|
|
|
try:
|
2018-02-06 16:39:04 -05:00
|
|
|
if self.system == 'Linux' or self.system == 'BSD':
|
2016-12-29 13:36:29 -08:00
|
|
|
socket_file_path = '/run/user/{}/Tor/control.socket'.format(os.geteuid())
|
2017-04-17 19:13:53 -07:00
|
|
|
elif self.system == 'Darwin':
|
2016-12-29 13:36:29 -08:00
|
|
|
socket_file_path = '/run/user/{}/Tor/control.socket'.format(os.geteuid())
|
2017-04-17 19:13:53 -07:00
|
|
|
elif self.system == 'Windows':
|
2016-12-29 13:36:29 -08:00
|
|
|
# Windows doesn't support unix sockets
|
2016-12-29 12:57:58 -08:00
|
|
|
raise TorErrorAutomatic(strings._('settings_error_automatic'))
|
|
|
|
|
|
2016-12-29 13:36:29 -08:00
|
|
|
self.c = Controller.from_socket_file(path=socket_file_path)
|
|
|
|
|
|
|
|
|
|
except:
|
|
|
|
|
raise TorErrorAutomatic(strings._('settings_error_automatic'))
|
2016-12-29 12:57:58 -08:00
|
|
|
|
|
|
|
|
# Try authenticating
|
|
|
|
|
try:
|
|
|
|
|
self.c.authenticate()
|
|
|
|
|
except:
|
|
|
|
|
raise TorErrorAutomatic(strings._('settings_error_automatic'))
|
2016-12-22 13:39:32 -08:00
|
|
|
|
2016-12-29 09:58:13 -08:00
|
|
|
else:
|
|
|
|
|
# Use specific settings to connect to tor
|
|
|
|
|
|
|
|
|
|
# Try connecting
|
2015-09-07 22:34:54 -07:00
|
|
|
try:
|
2016-12-29 09:58:13 -08:00
|
|
|
if self.settings.get('connection_type') == 'control_port':
|
|
|
|
|
self.c = Controller.from_port(address=self.settings.get('control_port_address'), port=self.settings.get('control_port_port'))
|
|
|
|
|
elif self.settings.get('connection_type') == 'socket_file':
|
|
|
|
|
self.c = Controller.from_socket_file(path=self.settings.get('socket_file_path'))
|
|
|
|
|
else:
|
|
|
|
|
raise TorErrorInvalidSetting(strings._("settings_error_unknown"))
|
|
|
|
|
|
2017-01-07 17:31:26 -08:00
|
|
|
except:
|
2016-12-29 09:58:13 -08:00
|
|
|
if self.settings.get('connection_type') == 'control_port':
|
|
|
|
|
raise TorErrorSocketPort(strings._("settings_error_socket_port").format(self.settings.get('control_port_address'), self.settings.get('control_port_port')))
|
|
|
|
|
else:
|
|
|
|
|
raise TorErrorSocketFile(strings._("settings_error_socket_file").format(self.settings.get('socket_file_path')))
|
|
|
|
|
|
2017-01-07 17:31:26 -08:00
|
|
|
|
2016-12-29 09:58:13 -08:00
|
|
|
# Try authenticating
|
|
|
|
|
try:
|
|
|
|
|
if self.settings.get('auth_type') == 'no_auth':
|
|
|
|
|
self.c.authenticate()
|
|
|
|
|
elif self.settings.get('auth_type') == 'password':
|
|
|
|
|
self.c.authenticate(self.settings.get('auth_password'))
|
|
|
|
|
else:
|
|
|
|
|
raise TorErrorInvalidSetting(strings._("settings_error_unknown"))
|
|
|
|
|
|
2016-12-22 13:39:32 -08:00
|
|
|
except MissingPassword:
|
2016-12-29 09:58:13 -08:00
|
|
|
raise TorErrorMissingPassword(strings._('settings_error_missing_password'))
|
2016-12-22 13:39:32 -08:00
|
|
|
except UnreadableCookieFile:
|
2016-12-29 09:58:13 -08:00
|
|
|
raise TorErrorUnreadableCookieFile(strings._('settings_error_unreadable_cookie_file'))
|
2017-01-07 17:31:26 -08:00
|
|
|
except AuthenticationFailure:
|
|
|
|
|
raise TorErrorAuthError(strings._('settings_error_auth').format(self.settings.get('control_port_address'), self.settings.get('control_port_port')))
|
2016-12-29 09:58:13 -08:00
|
|
|
|
2017-05-16 13:09:27 -07:00
|
|
|
# If we made it this far, we should be connected to Tor
|
|
|
|
|
self.connected_to_tor = True
|
|
|
|
|
|
2017-02-22 14:10:06 -08:00
|
|
|
# Get the tor version
|
2016-12-29 10:03:29 -08:00
|
|
|
self.tor_version = self.c.get_version().version_str
|
2015-09-07 22:34:54 -07:00
|
|
|
|
2017-02-22 14:10:06 -08:00
|
|
|
# Do the versions of stem and tor that I'm using support ephemeral onion services?
|
2015-09-07 22:34:54 -07:00
|
|
|
list_ephemeral_hidden_services = getattr(self.c, "list_ephemeral_hidden_services", None)
|
2016-12-29 10:03:29 -08:00
|
|
|
self.supports_ephemeral = callable(list_ephemeral_hidden_services) and self.tor_version >= '0.2.7.1'
|
2015-09-07 22:34:54 -07:00
|
|
|
|
2017-02-22 14:10:06 -08:00
|
|
|
# Do the versions of stem and tor that I'm using support stealth onion services?
|
2016-12-22 16:56:39 -08:00
|
|
|
try:
|
|
|
|
|
res = self.c.create_ephemeral_hidden_service({1:1}, basic_auth={'onionshare':None}, await_publication=False)
|
2017-12-09 06:49:34 +11:00
|
|
|
tmp_service_id = res.service_id
|
2016-12-22 16:56:39 -08:00
|
|
|
self.c.remove_ephemeral_hidden_service(tmp_service_id)
|
|
|
|
|
self.supports_stealth = True
|
2016-12-22 17:07:01 -08:00
|
|
|
except:
|
2016-12-22 16:56:39 -08:00
|
|
|
# ephemeral stealth onion services are not supported
|
|
|
|
|
self.supports_stealth = False
|
|
|
|
|
|
2017-12-21 12:15:17 +11:00
|
|
|
|
2017-12-21 09:22:53 +11:00
|
|
|
def is_authenticated(self):
|
|
|
|
|
"""
|
|
|
|
|
Returns True if the Tor connection is still working, or False otherwise.
|
|
|
|
|
"""
|
2017-12-21 14:08:13 +11:00
|
|
|
if self.c is not None:
|
2017-12-21 12:15:17 +11:00
|
|
|
return self.c.is_authenticated()
|
|
|
|
|
else:
|
|
|
|
|
return False
|
|
|
|
|
|
2017-12-21 09:22:53 +11:00
|
|
|
|
2017-04-17 19:12:02 -07:00
|
|
|
def start_onion_service(self, port):
|
2015-11-15 19:01:20 -08:00
|
|
|
"""
|
2016-09-04 17:23:06 -07:00
|
|
|
Start a onion service on port 80, pointing to the given port, and
|
2015-11-15 19:01:20 -08:00
|
|
|
return the onion hostname.
|
|
|
|
|
"""
|
2017-05-16 11:23:18 -07:00
|
|
|
common.log('Onion', 'start_onion_service')
|
|
|
|
|
|
2016-12-22 16:56:39 -08:00
|
|
|
self.auth_string = None
|
2017-02-22 14:10:06 -08:00
|
|
|
if not self.supports_ephemeral:
|
|
|
|
|
raise TorTooOld(strings._('error_ephemeral_not_supported'))
|
2016-12-22 16:56:39 -08:00
|
|
|
if self.stealth and not self.supports_stealth:
|
|
|
|
|
raise TorTooOld(strings._('error_stealth_not_supported'))
|
|
|
|
|
|
|
|
|
|
print(strings._("config_onion_service").format(int(port)))
|
2017-02-22 14:10:06 -08:00
|
|
|
print(strings._('using_ephemeral'))
|
2015-09-07 22:34:54 -07:00
|
|
|
|
2017-02-22 14:10:06 -08:00
|
|
|
if self.stealth:
|
2017-12-09 06:49:34 +11:00
|
|
|
if self.settings.get('hidservauth_string'):
|
|
|
|
|
hidservauth_string = self.settings.get('hidservauth_string').split()[2]
|
|
|
|
|
basic_auth = {'onionshare':hidservauth_string}
|
|
|
|
|
else:
|
|
|
|
|
basic_auth = {'onionshare':None}
|
2015-09-07 22:34:54 -07:00
|
|
|
else:
|
2017-02-22 14:10:06 -08:00
|
|
|
basic_auth = None
|
2015-12-07 23:47:13 -08:00
|
|
|
|
2017-12-07 12:45:29 +11:00
|
|
|
if self.settings.get('private_key'):
|
|
|
|
|
key_type = "RSA1024"
|
|
|
|
|
key_content = self.settings.get('private_key')
|
2017-12-09 06:49:34 +11:00
|
|
|
common.log('Onion', 'Starting a hidden service with a saved private key')
|
2017-12-07 12:45:29 +11:00
|
|
|
else:
|
|
|
|
|
key_type = "NEW"
|
|
|
|
|
key_content = "RSA1024"
|
2017-12-09 06:49:34 +11:00
|
|
|
common.log('Onion', 'Starting a hidden service with a new private key')
|
|
|
|
|
|
2017-02-22 16:45:52 -08:00
|
|
|
try:
|
2017-12-09 06:49:34 +11:00
|
|
|
if basic_auth != None:
|
2017-12-07 12:45:29 +11:00
|
|
|
res = self.c.create_ephemeral_hidden_service({ 80: port }, await_publication=True, basic_auth=basic_auth, key_type = key_type, key_content=key_content)
|
2017-12-09 06:49:34 +11:00
|
|
|
else:
|
2017-02-22 16:45:52 -08:00
|
|
|
# if the stem interface is older than 1.5.0, basic_auth isn't a valid keyword arg
|
2017-12-07 12:45:29 +11:00
|
|
|
res = self.c.create_ephemeral_hidden_service({ 80: port }, await_publication=True, key_type = key_type, key_content=key_content)
|
2017-02-22 16:45:52 -08:00
|
|
|
|
|
|
|
|
except ProtocolError:
|
|
|
|
|
raise TorErrorProtocolError(strings._('error_tor_protocol_error'))
|
2015-09-08 17:42:08 -07:00
|
|
|
|
2018-01-13 19:18:33 -08:00
|
|
|
self.service_id = res.service_id
|
2017-02-22 14:10:06 -08:00
|
|
|
onion_host = self.service_id + '.onion'
|
2015-09-08 17:42:08 -07:00
|
|
|
|
2017-12-09 06:49:34 +11:00
|
|
|
# A new private key was generated and is in the Control port response.
|
2018-01-13 20:58:24 +11:00
|
|
|
if self.settings.get('save_private_key'):
|
|
|
|
|
if not self.settings.get('private_key'):
|
|
|
|
|
self.settings.set('private_key', res.private_key)
|
2015-09-08 17:42:08 -07:00
|
|
|
|
2017-02-22 14:10:06 -08:00
|
|
|
if self.stealth:
|
2017-12-09 06:49:34 +11:00
|
|
|
# Similar to the PrivateKey, the Control port only returns the ClientAuth
|
|
|
|
|
# in the response if it was responsible for creating the basic_auth password
|
|
|
|
|
# in the first place.
|
|
|
|
|
# If we sent the basic_auth (due to a saved hidservauth_string in the settings),
|
|
|
|
|
# there is no response here, so use the saved value from settings.
|
2018-01-13 20:58:24 +11:00
|
|
|
if self.settings.get('save_private_key'):
|
|
|
|
|
if self.settings.get('hidservauth_string'):
|
|
|
|
|
self.auth_string = self.settings.get('hidservauth_string')
|
|
|
|
|
else:
|
|
|
|
|
auth_cookie = list(res.client_auth.values())[0]
|
|
|
|
|
self.auth_string = 'HidServAuth {} {}'.format(onion_host, auth_cookie)
|
|
|
|
|
self.settings.set('hidservauth_string', self.auth_string)
|
2017-12-09 06:49:34 +11:00
|
|
|
else:
|
|
|
|
|
auth_cookie = list(res.client_auth.values())[0]
|
|
|
|
|
self.auth_string = 'HidServAuth {} {}'.format(onion_host, auth_cookie)
|
2017-02-22 14:10:06 -08:00
|
|
|
|
2018-01-02 14:31:50 +11:00
|
|
|
if onion_host is not None:
|
2018-02-25 17:44:27 +11:00
|
|
|
self.settings.save()
|
2018-01-02 14:31:50 +11:00
|
|
|
return onion_host
|
|
|
|
|
else:
|
|
|
|
|
raise TorErrorProtocolError(strings._('error_tor_protocol_error'))
|
2015-09-08 17:42:08 -07:00
|
|
|
|
2017-12-07 16:10:52 +11:00
|
|
|
def cleanup(self, stop_tor=True):
|
2015-11-15 19:01:20 -08:00
|
|
|
"""
|
2017-04-13 22:22:34 -07:00
|
|
|
Stop onion services that were created earlier. If there's a tor subprocess running, kill it.
|
2015-11-15 19:01:20 -08:00
|
|
|
"""
|
2017-05-16 11:23:18 -07:00
|
|
|
common.log('Onion', 'cleanup')
|
|
|
|
|
|
2018-02-25 17:44:27 +11:00
|
|
|
# Cleanup the ephemeral onion services, if we have any
|
|
|
|
|
try:
|
|
|
|
|
onions = self.c.list_ephemeral_hidden_services()
|
|
|
|
|
for onion in onions:
|
|
|
|
|
try:
|
|
|
|
|
common.log('Onion', 'cleanup', 'trying to remove onion {}'.format(onion))
|
|
|
|
|
self.c.remove_ephemeral_hidden_service(onion)
|
|
|
|
|
except:
|
|
|
|
|
common.log('Onion', 'cleanup', 'could not remove onion {}.. moving on anyway'.format(onion))
|
|
|
|
|
pass
|
|
|
|
|
except:
|
|
|
|
|
pass
|
|
|
|
|
self.service_id = None
|
2017-04-13 22:22:34 -07:00
|
|
|
|
2017-12-07 16:10:52 +11:00
|
|
|
if stop_tor:
|
|
|
|
|
# Stop tor process
|
|
|
|
|
if self.tor_proc:
|
|
|
|
|
self.tor_proc.terminate()
|
|
|
|
|
time.sleep(0.2)
|
|
|
|
|
if not self.tor_proc.poll():
|
|
|
|
|
try:
|
|
|
|
|
self.tor_proc.kill()
|
|
|
|
|
except:
|
|
|
|
|
pass
|
|
|
|
|
self.tor_proc = None
|
2017-04-14 18:33:44 -07:00
|
|
|
|
2017-12-07 16:10:52 +11:00
|
|
|
# Reset other Onion settings
|
|
|
|
|
self.connected_to_tor = False
|
|
|
|
|
self.stealth = False
|
2017-05-16 16:50:33 -07:00
|
|
|
|
2017-12-07 16:10:52 +11:00
|
|
|
try:
|
|
|
|
|
# Delete the temporary tor data directory
|
|
|
|
|
self.tor_data_directory.cleanup()
|
|
|
|
|
except AttributeError:
|
|
|
|
|
# Skip if cleanup was somehow run before connect
|
|
|
|
|
pass
|
2018-01-17 18:53:45 -08:00
|
|
|
except PermissionError:
|
|
|
|
|
# Skip if the directory is still open (#550)
|
|
|
|
|
# TODO: find a better solution
|
|
|
|
|
pass
|
2017-07-13 18:14:49 -06:00
|
|
|
|
2017-04-15 16:33:41 -07:00
|
|
|
def get_tor_socks_port(self):
|
|
|
|
|
"""
|
|
|
|
|
Returns a (address, port) tuple for the Tor SOCKS port
|
|
|
|
|
"""
|
2017-05-16 11:23:18 -07:00
|
|
|
common.log('Onion', 'get_tor_socks_port')
|
2017-05-16 11:44:34 -07:00
|
|
|
|
2017-04-15 16:33:41 -07:00
|
|
|
if self.settings.get('connection_type') == 'bundled':
|
|
|
|
|
return ('127.0.0.1', self.tor_socks_port)
|
|
|
|
|
elif self.settings.get('connection_type') == 'automatic':
|
|
|
|
|
return ('127.0.0.1', 9150)
|
|
|
|
|
else:
|
|
|
|
|
return (self.settings.get('socks_address'), self.settings.get('socks_port'))
|
