merge 1442_snowflake branch and fix conflicts

2025-12-15 08:19:08 -05:00 · 2021-10-19 09:49:46 +11:00 · 2021-10-19 09:49:46 +11:00 · 5f93864eb6
commit 5f93864eb6
parent 8a19d8088e 494bdc0c14
24 changed files with 1842 additions and 1140 deletions
--- a/cli/onionshare_cli/common.py
+++ b/cli/onionshare_cli/common.py
@ -310,35 +310,67 @@ class Common:

    def get_tor_paths(self):
        if self.platform == "Linux":
-            tor_path = shutil.which("tor")
-            if not tor_path:
-                raise CannotFindTor()
-            obfs4proxy_file_path = shutil.which("obfs4proxy")
-            meek_client_file_path = shutil.which("meek-client")
-            prefix = os.path.dirname(os.path.dirname(tor_path))
-            tor_geo_ip_file_path = os.path.join(prefix, "share/tor/geoip")
-            tor_geo_ipv6_file_path = os.path.join(prefix, "share/tor/geoip6")
+            # Look in resources first
+            base_path = self.get_resource_path("tor")
+            if os.path.exists(base_path):
+                self.log(
+                    "Common", "get_tor_paths", f"using tor binaries in {base_path}"
+                )
+                tor_path = os.path.join(base_path, "tor")
+                tor_geo_ip_file_path = os.path.join(base_path, "geoip")
+                tor_geo_ipv6_file_path = os.path.join(base_path, "geoip6")
+                obfs4proxy_file_path = os.path.join(base_path, "obfs4proxy")
+                snowflake_file_path = os.path.join(base_path, "snowflake-client")
+                meek_client_file_path = os.path.join(base_path, "meek-client")
+            else:
+                # Fallback to looking in the path
+                self.log(
+                    "Common", "get_tor_paths", f"using tor binaries in system path"
+                )
+                tor_path = shutil.which("tor")
+                if not tor_path:
+                    raise CannotFindTor()
+                obfs4proxy_file_path = shutil.which("obfs4proxy")
+                snowflake_file_path = shutil.which("snowflake-client")
+                meek_client_file_path = shutil.which("meek-client")
+                prefix = os.path.dirname(os.path.dirname(tor_path))
+                tor_geo_ip_file_path = os.path.join(prefix, "share/tor/geoip")
+                tor_geo_ipv6_file_path = os.path.join(prefix, "share/tor/geoip6")
        elif self.platform == "Windows":
            base_path = self.get_resource_path("tor")
            tor_path = os.path.join(base_path, "Tor", "tor.exe")
            obfs4proxy_file_path = os.path.join(base_path, "Tor", "obfs4proxy.exe")
+            snowflake_file_path = os.path.join(base_path, "Tor", "snowflake-client.exe")
            meek_client_file_path = os.path.join(base_path, "Tor", "meek-client.exe")
            tor_geo_ip_file_path = os.path.join(base_path, "Data", "Tor", "geoip")
            tor_geo_ipv6_file_path = os.path.join(base_path, "Data", "Tor", "geoip6")
        elif self.platform == "Darwin":
-            tor_path = shutil.which("tor")
-            if not tor_path:
-                raise CannotFindTor()
-            obfs4proxy_file_path = shutil.which("obfs4proxy")
-            meek_client_file_path = shutil.which("meek-client")
-            prefix = os.path.dirname(os.path.dirname(tor_path))
-            tor_geo_ip_file_path = os.path.join(prefix, "share/tor/geoip")
-            tor_geo_ipv6_file_path = os.path.join(prefix, "share/tor/geoip6")
+            # Look in resources first
+            base_path = self.get_resource_path("tor")
+            if os.path.exists(base_path):
+                tor_path = os.path.join(base_path, "tor")
+                tor_geo_ip_file_path = os.path.join(base_path, "geoip")
+                tor_geo_ipv6_file_path = os.path.join(base_path, "geoip6")
+                obfs4proxy_file_path = os.path.join(base_path, "obfs4proxy")
+                meek_client_file_path = os.path.join(base_path, "meek-client")
+                snowflake_file_path = os.path.join(base_path, "snowflake-client")
+            else:
+                # Fallback to looking in the path
+                tor_path = shutil.which("tor")
+                if not tor_path:
+                    raise CannotFindTor()
+                obfs4proxy_file_path = shutil.which("obfs4proxy")
+                snowflake_file_path = shutil.which("snowflake-client")
+                meek_client_file_path = shutil.which("meek-client")
+                prefix = os.path.dirname(os.path.dirname(tor_path))
+                tor_geo_ip_file_path = os.path.join(prefix, "share/tor/geoip")
+                tor_geo_ipv6_file_path = os.path.join(prefix, "share/tor/geoip6")
        elif self.platform == "BSD":
            tor_path = "/usr/local/bin/tor"
            tor_geo_ip_file_path = "/usr/local/share/tor/geoip"
            tor_geo_ipv6_file_path = "/usr/local/share/tor/geoip6"
            obfs4proxy_file_path = "/usr/local/bin/obfs4proxy"
+            snowflake_file_path = "/usr/local/bin/snowflake-client"
            meek_client_file_path = "/usr/local/bin/meek-client"

        return (
@ -346,6 +378,7 @@ class Common:
            tor_geo_ip_file_path,
            tor_geo_ipv6_file_path,
            obfs4proxy_file_path,
+            snowflake_file_path,
            meek_client_file_path,
        )

--- a/cli/onionshare_cli/onion.py
+++ b/cli/onionshare_cli/onion.py
@ -153,6 +153,7 @@ class Onion(object):
            self.tor_geo_ip_file_path,
            self.tor_geo_ipv6_file_path,
            self.obfs4proxy_file_path,
+            self.snowflake_file_path,
            self.meek_client_file_path,
        ) = get_tor_paths()

@ -179,10 +180,10 @@ class Onion(object):
        key_bytes = bytes(key)
        key_b32 = base64.b32encode(key_bytes)
        # strip trailing ====
-        assert key_b32[-4:] == b'===='
+        assert key_b32[-4:] == b"===="
        key_b32 = key_b32[:-4]
        # change from b'ASDF' to ASDF
-        s = key_b32.decode('utf-8')
+        s = key_b32.decode("utf-8")
        return s

    def connect(
@ -303,43 +304,49 @@ class Onion(object):
            torrc_template = torrc_template.replace(
                "{{socks_port}}", str(self.tor_socks_port)
            )
+            torrc_template = torrc_template.replace(
+                "{{obfs4proxy_path}}", str(self.obfs4proxy_file_path)
+            )
+            torrc_template = torrc_template.replace(
+                "{{snowflake_path}}", str(self.snowflake_file_path)
+            )

            with open(self.tor_torrc, "w") as f:
                f.write(torrc_template)

                # Bridge support
                if self.settings.get("tor_bridges_use_obfs4"):
-                    f.write(
-                        f"ClientTransportPlugin obfs4 exec {self.obfs4proxy_file_path}\n"
-                    )
                    with open(
                        self.common.get_resource_path("torrc_template-obfs4")
                    ) as o:
                        for line in o:
                            f.write(line)
                elif self.settings.get("tor_bridges_use_meek_lite_azure"):
-                    f.write(
-                        f"ClientTransportPlugin meek_lite exec {self.obfs4proxy_file_path}\n"
-                    )
                    with open(
                        self.common.get_resource_path("torrc_template-meek_lite_azure")
                    ) as o:
                        for line in o:
                            f.write(line)
+                elif self.settings.get("tor_bridges_use_snowflake"):
+                    with open(
+                        self.common.get_resource_path("torrc_template-snowflake")
+                    ) as o:
+                        for line in o:
+                            f.write(line)

-                if self.settings.get("tor_bridges_use_custom_bridges"):
-                    if "obfs4" in self.settings.get("tor_bridges_use_custom_bridges"):
-                        f.write(
-                            f"ClientTransportPlugin obfs4 exec {self.obfs4proxy_file_path}\n"
-                        )
-                    elif "meek_lite" in self.settings.get(
-                        "tor_bridges_use_custom_bridges"
+                elif self.settings.get("tor_bridges_use_moat"):
+                    for line in self.settings.get("tor_bridges_use_moat_bridges").split(
+                        "\n"
                    ):
-                        f.write(
-                            f"ClientTransportPlugin meek_lite exec {self.obfs4proxy_file_path}\n"
-                        )
-                    f.write(self.settings.get("tor_bridges_use_custom_bridges"))
-                    f.write("\nUseBridges 1")
+                        f.write(f"Bridge {line}\n")
+                    f.write("\nUseBridges 1\n")
+
+                elif self.settings.get("tor_bridges_use_custom_bridges"):
+                    for line in self.settings.get(
+                        "tor_bridges_use_custom_bridges"
+                    ).split("\n"):
+                        f.write(f"Bridge {line}\n")
+                    f.write("\nUseBridges 1\n")

            # Execute a tor subprocess
            start_ts = time.time()
@ -358,6 +365,7 @@ class Onion(object):
                    [self.tor_path, "-f", self.tor_torrc],
                    stdout=subprocess.PIPE,
                    stderr=subprocess.PIPE,
+                    env={"LD_LIBRARY_PATH": os.path.dirname(self.tor_path)},
                )

            # Wait for the tor controller to start
@ -651,16 +659,24 @@ class Onion(object):
                )
                raise TorTooOldStealth()
            else:
-                if key_type == "NEW" or not mode_settings.get("onion", "client_auth_priv_key"):
+                if key_type == "NEW" or not mode_settings.get(
+                    "onion", "client_auth_priv_key"
+                ):
                    # Generate a new key pair for Client Auth on new onions, or if
                    # it's a persistent onion but for some reason we don't them
                    client_auth_priv_key_raw = nacl.public.PrivateKey.generate()
                    client_auth_priv_key = self.key_str(client_auth_priv_key_raw)
-                    client_auth_pub_key = self.key_str(client_auth_priv_key_raw.public_key)
+                    client_auth_pub_key = self.key_str(
+                        client_auth_priv_key_raw.public_key
+                    )
                else:
                    # These should have been saved in settings from the previous run of a persistent onion
-                    client_auth_priv_key = mode_settings.get("onion", "client_auth_priv_key")
-                    client_auth_pub_key = mode_settings.get("onion", "client_auth_pub_key")
+                    client_auth_priv_key = mode_settings.get(
+                        "onion", "client_auth_priv_key"
+                    )
+                    client_auth_pub_key = mode_settings.get(
+                        "onion", "client_auth_pub_key"
+                    )

        try:
            if not self.supports_stealth:
--- a/cli/onionshare_cli/resources/torrc_template
+++ b/cli/onionshare_cli/resources/torrc_template
@ -6,3 +6,7 @@ AvoidDiskWrites 1
 Log notice stdout
 GeoIPFile {{geo_ip_file}}
 GeoIPv6File {{geo_ipv6_file}}
+
+# Bridge configurations
+ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec {{obfs4proxy_path}}
+ClientTransportPlugin snowflake exec {{snowflake_path}} -url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net -ice stun:stun.l.google.com:19302,stun:stun.voip.blackberry.com:3478,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478
--- a/cli/onionshare_cli/resources/torrc_template-meek_lite_amazon
+++ b/cli/onionshare_cli/resources/torrc_template-meek_lite_amazon
@ -1,2 +0,0 @@
-Bridge meek_lite 0.0.2.0:2 B9E7141C594AF25699E0079C1F0146F409495296 url=https://d2cly7j4zqgua7.cloudfront.net/ front=a0.awsstatic.com
-UseBridges 1
--- a/cli/onionshare_cli/resources/torrc_template-meek_lite_azure
+++ b/cli/onionshare_cli/resources/torrc_template-meek_lite_azure
@ -1,2 +1,3 @@
+# Enable built-in meek-azure bridge
 Bridge meek_lite 0.0.2.0:3 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com
-UseBridges 1
+UseBridges 1
--- a/cli/onionshare_cli/resources/torrc_template-obfs4
+++ b/cli/onionshare_cli/resources/torrc_template-obfs4
@ -1,3 +1,4 @@
+# Enable built-in obfs4-bridge
 Bridge obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1
 Bridge obfs4 38.229.1.78:80 C8CBDB2464FC9804A69531437BCF2BE31FDD2EE4 cert=Hmyfd2ev46gGY7NoVxA9ngrPF2zCZtzskRTzoWXbxNkzeVnGFPWmrTtILRyqCTjHR+s9dg iat-mode=1
 Bridge obfs4 38.229.33.83:80 0BAC39417268B96B9F514E7F63FA6FBA1A788955 cert=VwEFpk9F/UN9JED7XpG1XOjm/O8ZCXK80oPecgWnNDZDv5pdkhq1OpbAH0wNqOT6H6BmRQ iat-mode=1
--- a/cli/onionshare_cli/resources/torrc_template-snowflake
+++ b/cli/onionshare_cli/resources/torrc_template-snowflake
@ -0,0 +1,3 @@
+# Enable built-in snowflake bridge
+Bridge snowflake 192.0.2.3:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72
+UseBridges 1
--- a/cli/onionshare_cli/settings.py
+++ b/cli/onionshare_cli/settings.py
@ -108,6 +108,9 @@ class Settings(object):
            "no_bridges": True,
            "tor_bridges_use_obfs4": False,
            "tor_bridges_use_meek_lite_azure": False,
+            "tor_bridges_use_snowflake": False,
+            "tor_bridges_use_moat": False,
+            "tor_bridges_use_moat_bridges": "",
            "tor_bridges_use_custom_bridges": "",
            "persistent_tabs": [],
            "locale": None,  # this gets defined in fill_in_defaults()