in Tails, launch separate root process to do root stuff (#96)

This commit is contained in:
Micah Lee 2014-08-20 21:11:49 +00:00
parent bbbf005dac
commit bda5bc3450
2 changed files with 56 additions and 43 deletions

View File

@ -190,16 +190,6 @@ def page_not_found(e):
def is_root():
return os.geteuid() == 0
def tails_open_port(port):
if get_platform() == 'Tails':
print translated("punching_a_hole")
subprocess.call(['/sbin/iptables', '-I', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT'])
def tails_close_port(port):
if get_platform() == 'Tails':
print translated("closing_hole")
subprocess.call(['/sbin/iptables', '-D', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT'])
def load_strings(default="en"):
global strings
try:
@ -277,12 +267,42 @@ def start_hidden_service(port):
return onion_host
def tails_root():
# if running in Tails and as root, do only the things that require root
if get_platform() == 'Tails' and is_root():
parser = argparse.ArgumentParser()
parser.add_argument('port', nargs=1, help='Tails only: port for opening firewall, starting hidden service')
args = parser.parse_args()
try:
port = int(args.port[0])
except ValueError:
sys.stderr.write('Invalid value, port must be an integer\n')
sys.exit(-1)
# open hole in firewall
subprocess.call(['/sbin/iptables', '-I', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT'])
# start hidden service
onion_host = start_hidden_service(port)
sys.stdout.write(onion_host)
sys.stdout.flush()
# close hole in firewall on shutdown
import signal
def handler(signum = None, frame = None):
subprocess.call(['/sbin/iptables', '-D', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT'])
sys.exit()
for sig in [signal.SIGTERM, signal.SIGINT, signal.SIGHUP, signal.SIGQUIT]:
signal.signal(sig, handler)
# stay open until killed
while True:
time.sleep(1)
def main():
load_strings()
# check for root in Tails
if get_platform() == 'Tails' and not is_root():
sys.exit(translated("tails_requires_root"))
tails_root()
# parse arguments
parser = argparse.ArgumentParser()
@ -309,6 +329,21 @@ def main():
port = choose_port()
local_host = "127.0.0.1:{0}".format(port)
if get_platform() == 'Tails':
# if this is tails, start the root process
#root_p = subprocess.Popen(['/usr/bin/gksudo', '-D', 'OnionShare', '--', '/usr/bin/onionshare', str(port)], stderr=subprocess.PIPE, stdout=subprocess.PIPE)
root_p = subprocess.Popen(['/usr/bin/sudo', '--', '/usr/bin/onionshare', str(port)], stderr=subprocess.PIPE, stdout=subprocess.PIPE)
stdout = root_p.stdout.read(22) # .onion URLs are 22 chars long
if stdout:
onion_host = stdout
else:
if root_p.poll() == -1:
sys.exit(root_p.stderr.read())
else:
sys.exit('Unknown error with Tails root process')
else:
# if not tails, start hidden service normally
if not local_only:
# try starting hidden service
print translated("connecting_ctrlport").format(port)
@ -321,7 +356,6 @@ def main():
print translated("calculating_sha1")
filehash, filesize = file_crunching(filename)
set_file_info(filename, filehash, filesize)
tails_open_port(port)
print '\n' + translated("give_this_url")
if local_only:
print 'http://{0}/{1}'.format(local_host, slug)
@ -334,8 +368,5 @@ def main():
app.run(port=port)
print '\n'
# shutdown
tails_close_port(port)
if __name__ == '__main__':
main()

View File

@ -1,6 +1,4 @@
{ "en": {
"punching_a_hole": "Punching a hole in the firewall.",
"closing_hole": "Closing hole in firewall.",
"calculating_sha1": "Calculating SHA1 checksum.",
"connecting_ctrlport": "Connecting to Tor control port to set up hidden service on port {0}.",
"cant_connect_ctrlport": "Cannot connect to Tor control port on port {0}. Is Tor running?",
@ -20,8 +18,6 @@
"choose_file": "Choose a file to share",
"copy_url": "Copy URL"
}, "no": {
"punching_a_hole": "Åpner port i brannmuren.",
"closing_hole": "Lukker port i brannmuren.",
"calculating_sha1": "Kalkulerer SHA1 sjekksum.",
"connecting_ctrlport": "Kobler til Tors kontroll-port for å sette opp en gjemt tjeneste på port {0}.",
"cant_connect_ctrlport": "Klarte ikke å koble til Tors kontroll-porter {0}. Sjekk at Tor kjører.",
@ -40,8 +36,6 @@
"close_countdown": "Lukker om {0} sekunder",
"choose_file": "Velg en fil å dele"
}, "es": {
"punching_a_hole": "Abriendo un agujero en el cortafuegos.",
"closing_hole": "Cerrando el agujero en el cortafuegos.",
"calculating_sha1": "Calculando suma de verificación SHA1.",
"connecting_ctrlport": "Conectando a puerto control de Tor para configurar servicio oculto en puerto {0}.",
"cant_connect_ctrlport": "No se pudo conectar a puerto control de Tor en puertos {0}. ¿Está funcionando Tor?",
@ -60,8 +54,6 @@
"close_countdown": "Cierre en {0} segundos...",
"choose_file": "Elija un archivo para compartir"
}, "fr": {
"punching_a_hole": "Poinçonnage d'un trou dans le pare-feu.",
"closing_hole": "Trou de clôture dans le pare-feu.",
"calculating_sha1": "Calculer un hachage SHA-1.",
"connecting_ctrlport": "Connexion à réseau Tor utilisant les port {0}.",
"cant_connect_ctrlport": "Réseau Tor indisponible sur le port {0}. Vous utilisez Tor?",
@ -71,8 +63,6 @@
"filesize": "Taille de fichier",
"sha1_checksum": "SHA1 hachage"
}, "it": {
"punching_a_hole": "Apertura della porta nel firewall.",
"closing_hole": "Chiusura della porta nel firewall.",
"calculating_sha1": "Calcolo della firma SHA1.",
"connecting_ctrlport": "Connessione alla porta di controllo di Tor per inizializzare il servizio nascosto sulla porta {0}.",
"cant_connect_ctrlport": "Impossibile connettere alla porta di controllo di Tor tramite le porte {0}. Tor è stato avviato?",
@ -91,8 +81,6 @@
"close_countdown": "Chiusura in {0} secondi...",
"choose_file": "Scegli un file da condividere"
}, "nl": {
"punching_a_hole": "Een doorgang aan het maken in de firewall.",
"closing_hole": "Doorgang in de firewall sluiten.",
"calculating_sha1": "SHA1 controlecijfer berekenen.",
"connecting_ctrlport": "Verbinden met de Tor controle port om een verborgen service op te zetten op poort {0}.",
"cant_connect_ctrlport": "Kan niet verbinden met de Tor controle poort op poorten {0}. Draait Tor?",
@ -112,8 +100,6 @@
"choose_file": "Kies betsand om te delen",
"copy_url": "Kopieer URL"
}, "pt": {
"punching_a_hole": "Abrindo um buraco no firewall.",
"closing_hole": "Fechando buraco no firewall.",
"calculating_sha1": "Calculando checksum SHA1.",
"connecting_ctrlport": "Conectando-se à porta de controle Tor para configurar serviço escondido na porta {0}.",
"cant_connect_ctrlport": "Não pode conectar à porta de controle Tor na porta {0}. O Tor está rodando?",
@ -132,8 +118,6 @@
"close_countdown": "Fechando em {0} segundos...",
"choose_file": "Escolhe um arquivo para compartilhar"
}, "ru": {
"punching_a_hole": "Открытие порта в межсетевом экране.",
"closing_hole": "Закрытие порта в межсетевом экране.",
"calculating_sha1": "Вычисляется SHA1 хешсумма.",
"connecting_ctrlport": "Соединяемся с контрольным портом Tor для создания скрытого сервиса на порту {0}.",
"cant_connect_ctrlport": "Невозможно соединиться с контрольным портом Tor на порту {0}. Tor запущен?",
@ -153,8 +137,6 @@
"choose_file": "Выберите файл",
"copy_url": "Скопировать ссылку"
}, "de": {
"punching_a_hole": "Schlage ein Loch in die Firewall.",
"closing_hole": "Schließe Loch in der Firewall.",
"calculating_sha1": "Kalkuliere SHA1 Checksumme.",
"connecting_ctrlport": "Verbinde zum Tor-Kontrollport um den versteckten Dienst auf Port {0} laufen zu lassen.",
"cant_connect_ctrlport": "Konnte keine Verbindung zum Tor-Kontrollport auf Port {0} aufbauen. Läuft Tor?",