mirror of
https://github.com/onionshare/onionshare.git
synced 2024-12-27 00:09:50 -05:00
in Tails, launch separate root process to do root stuff (#96)
This commit is contained in:
parent
bbbf005dac
commit
bda5bc3450
@ -190,16 +190,6 @@ def page_not_found(e):
|
||||
def is_root():
|
||||
return os.geteuid() == 0
|
||||
|
||||
def tails_open_port(port):
|
||||
if get_platform() == 'Tails':
|
||||
print translated("punching_a_hole")
|
||||
subprocess.call(['/sbin/iptables', '-I', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT'])
|
||||
|
||||
def tails_close_port(port):
|
||||
if get_platform() == 'Tails':
|
||||
print translated("closing_hole")
|
||||
subprocess.call(['/sbin/iptables', '-D', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT'])
|
||||
|
||||
def load_strings(default="en"):
|
||||
global strings
|
||||
try:
|
||||
@ -277,12 +267,42 @@ def start_hidden_service(port):
|
||||
|
||||
return onion_host
|
||||
|
||||
def tails_root():
|
||||
# if running in Tails and as root, do only the things that require root
|
||||
if get_platform() == 'Tails' and is_root():
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('port', nargs=1, help='Tails only: port for opening firewall, starting hidden service')
|
||||
args = parser.parse_args()
|
||||
|
||||
try:
|
||||
port = int(args.port[0])
|
||||
except ValueError:
|
||||
sys.stderr.write('Invalid value, port must be an integer\n')
|
||||
sys.exit(-1)
|
||||
|
||||
# open hole in firewall
|
||||
subprocess.call(['/sbin/iptables', '-I', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT'])
|
||||
|
||||
# start hidden service
|
||||
onion_host = start_hidden_service(port)
|
||||
sys.stdout.write(onion_host)
|
||||
sys.stdout.flush()
|
||||
|
||||
# close hole in firewall on shutdown
|
||||
import signal
|
||||
def handler(signum = None, frame = None):
|
||||
subprocess.call(['/sbin/iptables', '-D', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT'])
|
||||
sys.exit()
|
||||
for sig in [signal.SIGTERM, signal.SIGINT, signal.SIGHUP, signal.SIGQUIT]:
|
||||
signal.signal(sig, handler)
|
||||
|
||||
# stay open until killed
|
||||
while True:
|
||||
time.sleep(1)
|
||||
|
||||
def main():
|
||||
load_strings()
|
||||
|
||||
# check for root in Tails
|
||||
if get_platform() == 'Tails' and not is_root():
|
||||
sys.exit(translated("tails_requires_root"))
|
||||
tails_root()
|
||||
|
||||
# parse arguments
|
||||
parser = argparse.ArgumentParser()
|
||||
@ -309,19 +329,33 @@ def main():
|
||||
port = choose_port()
|
||||
local_host = "127.0.0.1:{0}".format(port)
|
||||
|
||||
if not local_only:
|
||||
# try starting hidden service
|
||||
print translated("connecting_ctrlport").format(port)
|
||||
try:
|
||||
onion_host = start_hidden_service(port)
|
||||
except NoTor as e:
|
||||
sys.exit(e.args[0])
|
||||
if get_platform() == 'Tails':
|
||||
# if this is tails, start the root process
|
||||
#root_p = subprocess.Popen(['/usr/bin/gksudo', '-D', 'OnionShare', '--', '/usr/bin/onionshare', str(port)], stderr=subprocess.PIPE, stdout=subprocess.PIPE)
|
||||
root_p = subprocess.Popen(['/usr/bin/sudo', '--', '/usr/bin/onionshare', str(port)], stderr=subprocess.PIPE, stdout=subprocess.PIPE)
|
||||
stdout = root_p.stdout.read(22) # .onion URLs are 22 chars long
|
||||
|
||||
if stdout:
|
||||
onion_host = stdout
|
||||
else:
|
||||
if root_p.poll() == -1:
|
||||
sys.exit(root_p.stderr.read())
|
||||
else:
|
||||
sys.exit('Unknown error with Tails root process')
|
||||
else:
|
||||
# if not tails, start hidden service normally
|
||||
if not local_only:
|
||||
# try starting hidden service
|
||||
print translated("connecting_ctrlport").format(port)
|
||||
try:
|
||||
onion_host = start_hidden_service(port)
|
||||
except NoTor as e:
|
||||
sys.exit(e.args[0])
|
||||
|
||||
# startup
|
||||
print translated("calculating_sha1")
|
||||
filehash, filesize = file_crunching(filename)
|
||||
set_file_info(filename, filehash, filesize)
|
||||
tails_open_port(port)
|
||||
print '\n' + translated("give_this_url")
|
||||
if local_only:
|
||||
print 'http://{0}/{1}'.format(local_host, slug)
|
||||
@ -334,8 +368,5 @@ def main():
|
||||
app.run(port=port)
|
||||
print '\n'
|
||||
|
||||
# shutdown
|
||||
tails_close_port(port)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
@ -1,6 +1,4 @@
|
||||
{ "en": {
|
||||
"punching_a_hole": "Punching a hole in the firewall.",
|
||||
"closing_hole": "Closing hole in firewall.",
|
||||
"calculating_sha1": "Calculating SHA1 checksum.",
|
||||
"connecting_ctrlport": "Connecting to Tor control port to set up hidden service on port {0}.",
|
||||
"cant_connect_ctrlport": "Cannot connect to Tor control port on port {0}. Is Tor running?",
|
||||
@ -20,8 +18,6 @@
|
||||
"choose_file": "Choose a file to share",
|
||||
"copy_url": "Copy URL"
|
||||
}, "no": {
|
||||
"punching_a_hole": "Åpner port i brannmuren.",
|
||||
"closing_hole": "Lukker port i brannmuren.",
|
||||
"calculating_sha1": "Kalkulerer SHA1 sjekksum.",
|
||||
"connecting_ctrlport": "Kobler til Tors kontroll-port for å sette opp en gjemt tjeneste på port {0}.",
|
||||
"cant_connect_ctrlport": "Klarte ikke å koble til Tors kontroll-porter {0}. Sjekk at Tor kjører.",
|
||||
@ -40,8 +36,6 @@
|
||||
"close_countdown": "Lukker om {0} sekunder",
|
||||
"choose_file": "Velg en fil å dele"
|
||||
}, "es": {
|
||||
"punching_a_hole": "Abriendo un agujero en el cortafuegos.",
|
||||
"closing_hole": "Cerrando el agujero en el cortafuegos.",
|
||||
"calculating_sha1": "Calculando suma de verificación SHA1.",
|
||||
"connecting_ctrlport": "Conectando a puerto control de Tor para configurar servicio oculto en puerto {0}.",
|
||||
"cant_connect_ctrlport": "No se pudo conectar a puerto control de Tor en puertos {0}. ¿Está funcionando Tor?",
|
||||
@ -60,8 +54,6 @@
|
||||
"close_countdown": "Cierre en {0} segundos...",
|
||||
"choose_file": "Elija un archivo para compartir"
|
||||
}, "fr": {
|
||||
"punching_a_hole": "Poinçonnage d'un trou dans le pare-feu.",
|
||||
"closing_hole": "Trou de clôture dans le pare-feu.",
|
||||
"calculating_sha1": "Calculer un hachage SHA-1.",
|
||||
"connecting_ctrlport": "Connexion à réseau Tor utilisant les port {0}.",
|
||||
"cant_connect_ctrlport": "Réseau Tor indisponible sur le port {0}. Vous utilisez Tor?",
|
||||
@ -71,8 +63,6 @@
|
||||
"filesize": "Taille de fichier",
|
||||
"sha1_checksum": "SHA1 hachage"
|
||||
}, "it": {
|
||||
"punching_a_hole": "Apertura della porta nel firewall.",
|
||||
"closing_hole": "Chiusura della porta nel firewall.",
|
||||
"calculating_sha1": "Calcolo della firma SHA1.",
|
||||
"connecting_ctrlport": "Connessione alla porta di controllo di Tor per inizializzare il servizio nascosto sulla porta {0}.",
|
||||
"cant_connect_ctrlport": "Impossibile connettere alla porta di controllo di Tor tramite le porte {0}. Tor è stato avviato?",
|
||||
@ -91,8 +81,6 @@
|
||||
"close_countdown": "Chiusura in {0} secondi...",
|
||||
"choose_file": "Scegli un file da condividere"
|
||||
}, "nl": {
|
||||
"punching_a_hole": "Een doorgang aan het maken in de firewall.",
|
||||
"closing_hole": "Doorgang in de firewall sluiten.",
|
||||
"calculating_sha1": "SHA1 controlecijfer berekenen.",
|
||||
"connecting_ctrlport": "Verbinden met de Tor controle port om een verborgen service op te zetten op poort {0}.",
|
||||
"cant_connect_ctrlport": "Kan niet verbinden met de Tor controle poort op poorten {0}. Draait Tor?",
|
||||
@ -112,8 +100,6 @@
|
||||
"choose_file": "Kies betsand om te delen",
|
||||
"copy_url": "Kopieer URL"
|
||||
}, "pt": {
|
||||
"punching_a_hole": "Abrindo um buraco no firewall.",
|
||||
"closing_hole": "Fechando buraco no firewall.",
|
||||
"calculating_sha1": "Calculando checksum SHA1.",
|
||||
"connecting_ctrlport": "Conectando-se à porta de controle Tor para configurar serviço escondido na porta {0}.",
|
||||
"cant_connect_ctrlport": "Não pode conectar à porta de controle Tor na porta {0}. O Tor está rodando?",
|
||||
@ -132,8 +118,6 @@
|
||||
"close_countdown": "Fechando em {0} segundos...",
|
||||
"choose_file": "Escolhe um arquivo para compartilhar"
|
||||
}, "ru": {
|
||||
"punching_a_hole": "Открытие порта в межсетевом экране.",
|
||||
"closing_hole": "Закрытие порта в межсетевом экране.",
|
||||
"calculating_sha1": "Вычисляется SHA1 хешсумма.",
|
||||
"connecting_ctrlport": "Соединяемся с контрольным портом Tor для создания скрытого сервиса на порту {0}.",
|
||||
"cant_connect_ctrlport": "Невозможно соединиться с контрольным портом Tor на порту {0}. Tor запущен?",
|
||||
@ -153,8 +137,6 @@
|
||||
"choose_file": "Выберите файл",
|
||||
"copy_url": "Скопировать ссылку"
|
||||
}, "de": {
|
||||
"punching_a_hole": "Schlage ein Loch in die Firewall.",
|
||||
"closing_hole": "Schließe Loch in der Firewall.",
|
||||
"calculating_sha1": "Kalkuliere SHA1 Checksumme.",
|
||||
"connecting_ctrlport": "Verbinde zum Tor-Kontrollport um den versteckten Dienst auf Port {0} laufen zu lassen.",
|
||||
"cant_connect_ctrlport": "Konnte keine Verbindung zum Tor-Kontrollport auf Port {0} aufbauen. Läuft Tor?",
|
||||
|
Loading…
Reference in New Issue
Block a user