onionshare/cli/onionshare_cli/onion.py

856 lines
32 KiB
Python
Raw Normal View History

# -*- coding: utf-8 -*-
"""
OnionShare | https://onionshare.org/
Copyright (C) 2014-2020 Micah Lee, et al. <micah@micahflee.com>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
from stem.control import Controller
from stem import ProtocolError, SocketClosed
from stem.connection import MissingPassword, UnreadableCookieFile, AuthenticationFailure
from Crypto.PublicKey import RSA
2018-08-21 06:31:02 -03:00
import base64, os, sys, tempfile, shutil, urllib, platform, subprocess, time, shlex
2018-08-21 06:31:02 -03:00
from distutils.version import LooseVersion as Version
from . import common
from .settings import Settings
# TODO: Figure out how to localize this for the GUI
2019-10-13 01:01:25 -03:00
class TorErrorAutomatic(Exception):
"""
OnionShare is failing to connect and authenticate to the Tor controller,
using automatic settings that should work with Tor Browser.
"""
2019-10-13 01:01:25 -03:00
pass
2019-10-13 01:01:25 -03:00
class TorErrorInvalidSetting(Exception):
"""
This exception is raised if the settings just don't make sense.
"""
2019-10-13 01:01:25 -03:00
pass
2019-10-13 01:01:25 -03:00
class TorErrorSocketPort(Exception):
"""
OnionShare can't connect to the Tor controller using the supplied address and port.
"""
2019-10-13 01:01:25 -03:00
pass
2019-10-13 01:01:25 -03:00
class TorErrorSocketFile(Exception):
"""
OnionShare can't connect to the Tor controller using the supplied socket file.
"""
2019-10-13 01:01:25 -03:00
pass
2019-10-13 01:01:25 -03:00
class TorErrorMissingPassword(Exception):
"""
OnionShare connected to the Tor controller, but it requires a password.
"""
2019-10-13 01:01:25 -03:00
pass
2019-10-13 01:01:25 -03:00
class TorErrorUnreadableCookieFile(Exception):
"""
OnionShare connected to the Tor controller, but your user does not have permission
to access the cookie file.
"""
2019-10-13 01:01:25 -03:00
pass
2019-10-13 01:01:25 -03:00
class TorErrorAuthError(Exception):
"""
OnionShare connected to the address and port, but can't authenticate. It's possible
that a Tor controller isn't listening on this port.
"""
2019-10-13 01:01:25 -03:00
pass
2019-10-13 01:01:25 -03:00
class TorErrorProtocolError(Exception):
"""
This exception is raised if onionshare connects to the Tor controller, but it
isn't acting like a Tor controller (such as in Whonix).
"""
2019-10-13 01:01:25 -03:00
pass
2019-10-13 01:01:25 -03:00
class TorTooOld(Exception):
"""
This exception is raised if onionshare needs to use a feature of Tor or stem
(like stealth ephemeral onion services) but the version you have installed
is too old.
"""
2019-10-13 01:01:25 -03:00
pass
2019-10-13 01:01:25 -03:00
class BundledTorNotSupported(Exception):
"""
This exception is raised if onionshare is set to use the bundled Tor binary,
but it's not supported on that platform, or in dev mode.
"""
2019-10-13 01:01:25 -03:00
class BundledTorTimeout(Exception):
"""
This exception is raised if onionshare is set to use the bundled Tor binary,
but Tor doesn't finish connecting promptly.
"""
2019-10-13 01:01:25 -03:00
class BundledTorCanceled(Exception):
"""
This exception is raised if onionshare is set to use the bundled Tor binary,
and the user cancels connecting to Tor
"""
2019-10-13 01:01:25 -03:00
class BundledTorBroken(Exception):
"""
This exception is raised if onionshare is set to use the bundled Tor binary,
but the process seems to fail to run.
"""
2019-10-13 01:01:25 -03:00
2016-09-05 15:16:54 -03:00
class Onion(object):
"""
2016-09-05 15:16:54 -03:00
Onion is an abstraction layer for connecting to the Tor control port and
creating onion services. OnionShare supports creating onion services by
connecting to the Tor controller and using ADD_ONION, DEL_ONION.
stealth: Should the onion service be stealth?
settings: A Settings object. If it's not passed in, load from disk.
bundled_connection_func: If the tor connection type is bundled, optionally
call this function and pass in a status string while connecting to tor. This
is necessary for status updates to reach the GUI.
"""
2019-10-13 01:01:25 -03:00
def __init__(self, common, use_tmp_dir=False, get_tor_paths=None):
self.common = common
2019-10-13 01:01:25 -03:00
self.common.log("Onion", "__init__")
self.use_tmp_dir = use_tmp_dir
# Is bundled tor supported?
2019-10-13 01:01:25 -03:00
if (
self.common.platform == "Windows" or self.common.platform == "Darwin"
) and getattr(sys, "onionshare_dev_mode", False):
self.bundle_tor_supported = False
else:
self.bundle_tor_supported = True
# Set the path of the tor binary, for bundled tor
if not get_tor_paths:
get_tor_paths = self.common.get_tor_paths
2019-10-13 01:01:25 -03:00
(
self.tor_path,
self.tor_geo_ip_file_path,
self.tor_geo_ipv6_file_path,
self.obfs4proxy_file_path,
) = get_tor_paths()
# The tor process
self.tor_proc = None
# The Tor controller
self.c = None
# Start out not connected to Tor
self.connected_to_tor = False
# Assigned later if we are using stealth mode
self.auth_string = None
# Keep track of onions where it's important to gracefully close to prevent truncated downloads
self.graceful_close_onions = []
2019-10-13 01:01:25 -03:00
def connect(
self,
custom_settings=None,
config=None,
2019-10-13 01:01:25 -03:00
tor_status_update_func=None,
connect_timeout=120,
2019-11-02 18:56:40 -03:00
local_only=False,
2019-10-13 01:01:25 -03:00
):
2019-11-02 18:56:40 -03:00
if local_only:
self.common.log(
"Onion", "connect", "--local-only, so skip trying to connect"
)
return
2019-10-13 01:01:25 -03:00
self.common.log("Onion", "connect")
# Either use settings that are passed in, or use them from common
if custom_settings:
self.settings = custom_settings
2019-04-20 00:43:04 -04:00
elif config:
self.common.load_settings(config)
self.settings = self.common.settings
else:
2019-04-19 20:31:34 -04:00
self.common.load_settings()
self.settings = self.common.settings
# The Tor controller
self.c = None
2019-10-13 01:01:25 -03:00
if self.settings.get("connection_type") == "bundled":
if not self.bundle_tor_supported:
2019-10-13 01:01:25 -03:00
raise BundledTorNotSupported(
# strings._("settings_error_bundled_tor_not_supported")
"Using the Tor version that comes with OnionShare does not work in developer mode on Windows or macOS."
2019-10-13 01:01:25 -03:00
)
# Create a torrc for this session
if self.use_tmp_dir:
self.tor_data_directory = tempfile.TemporaryDirectory(
dir=self.common.build_tmp_dir()
)
self.tor_data_directory_name = self.tor_data_directory.name
else:
self.tor_data_directory_name = self.common.build_tor_dir()
2019-10-13 01:01:25 -03:00
self.common.log(
"Onion",
"connect",
f"tor_data_directory_name={self.tor_data_directory_name}",
2019-10-13 01:01:25 -03:00
)
# Create the torrc
2019-10-13 01:01:25 -03:00
with open(self.common.get_resource_path("torrc_template")) as f:
torrc_template = f.read()
2019-10-13 01:01:25 -03:00
self.tor_cookie_auth_file = os.path.join(
self.tor_data_directory_name, "cookie"
2019-10-13 01:01:25 -03:00
)
try:
self.tor_socks_port = self.common.get_available_port(1000, 65535)
except:
raise OSError("OnionShare port not available")
self.tor_torrc = os.path.join(self.tor_data_directory_name, "torrc")
2019-10-13 01:01:25 -03:00
if self.common.platform == "Windows" or self.common.platform == "Darwin":
# Windows doesn't support unix sockets, so it must use a network port.
# macOS can't use unix sockets either because socket filenames are limited to
# 100 chars, and the macOS sandbox forces us to put the socket file in a place
# with a really long path.
2019-10-13 01:01:25 -03:00
torrc_template += "ControlPort {{control_port}}\n"
try:
self.tor_control_port = self.common.get_available_port(1000, 65535)
except:
raise OSError("OnionShare port not available")
self.tor_control_socket = None
else:
# Linux and BSD can use unix sockets
2019-10-13 01:01:25 -03:00
torrc_template += "ControlSocket {{control_socket}}\n"
self.tor_control_port = None
2019-10-13 01:01:25 -03:00
self.tor_control_socket = os.path.join(
self.tor_data_directory_name, "control_socket"
2019-10-13 01:01:25 -03:00
)
torrc_template = torrc_template.replace(
"{{data_directory}}", self.tor_data_directory_name
2019-10-13 01:01:25 -03:00
)
torrc_template = torrc_template.replace(
"{{control_port}}", str(self.tor_control_port)
)
torrc_template = torrc_template.replace(
"{{control_socket}}", str(self.tor_control_socket)
)
torrc_template = torrc_template.replace(
"{{cookie_auth_file}}", self.tor_cookie_auth_file
)
torrc_template = torrc_template.replace(
"{{geo_ip_file}}", self.tor_geo_ip_file_path
)
torrc_template = torrc_template.replace(
"{{geo_ipv6_file}}", self.tor_geo_ipv6_file_path
)
torrc_template = torrc_template.replace(
"{{socks_port}}", str(self.tor_socks_port)
)
with open(self.tor_torrc, "w") as f:
2017-05-23 18:16:27 -04:00
f.write(torrc_template)
# Bridge support
2019-10-13 01:01:25 -03:00
if self.settings.get("tor_bridges_use_obfs4"):
f.write(
f"ClientTransportPlugin obfs4 exec {self.obfs4proxy_file_path}\n"
2019-10-13 01:01:25 -03:00
)
with open(
self.common.get_resource_path("torrc_template-obfs4")
) as o:
for line in o:
f.write(line)
2019-10-13 01:01:25 -03:00
elif self.settings.get("tor_bridges_use_meek_lite_azure"):
f.write(
f"ClientTransportPlugin meek_lite exec {self.obfs4proxy_file_path}\n"
2019-10-13 01:01:25 -03:00
)
with open(
self.common.get_resource_path("torrc_template-meek_lite_azure")
) as o:
for line in o:
f.write(line)
2019-10-13 01:01:25 -03:00
if self.settings.get("tor_bridges_use_custom_bridges"):
if "obfs4" in self.settings.get("tor_bridges_use_custom_bridges"):
f.write(
f"ClientTransportPlugin obfs4 exec {self.obfs4proxy_file_path}\n"
2019-10-13 01:01:25 -03:00
)
elif "meek_lite" in self.settings.get(
"tor_bridges_use_custom_bridges"
):
f.write(
f"ClientTransportPlugin meek_lite exec {self.obfs4proxy_file_path}\n"
2019-10-13 01:01:25 -03:00
)
f.write(self.settings.get("tor_bridges_use_custom_bridges"))
f.write("\nUseBridges 1")
# Make sure the tor path is accurate
if not os.path.exists(self.tor_path):
raise BundledTorNotSupported(f"Cannot find tor binary: {self.tor_path}")
# Execute a tor subprocess
start_ts = time.time()
2019-10-13 01:01:25 -03:00
if self.common.platform == "Windows":
# In Windows, hide console window when opening tor.exe subprocess
startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
2019-10-13 01:01:25 -03:00
self.tor_proc = subprocess.Popen(
[self.tor_path, "-f", self.tor_torrc],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
startupinfo=startupinfo,
)
else:
2019-10-13 01:01:25 -03:00
self.tor_proc = subprocess.Popen(
[self.tor_path, "-f", self.tor_torrc],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
# Wait for the tor controller to start
time.sleep(2)
# Connect to the controller
try:
2019-10-13 01:01:25 -03:00
if (
self.common.platform == "Windows"
or self.common.platform == "Darwin"
):
self.c = Controller.from_port(port=self.tor_control_port)
self.c.authenticate()
else:
self.c = Controller.from_socket_file(path=self.tor_control_socket)
self.c.authenticate()
except Exception as e:
2019-10-13 01:01:25 -03:00
raise BundledTorBroken(
# strings._("settings_error_bundled_tor_broken").format(e.args[0])
"OnionShare could not connect to Tor:\n{}".format(e.args[0])
2019-10-13 01:01:25 -03:00
)
while True:
try:
res = self.c.get_info("status/bootstrap-phase")
except SocketClosed:
raise BundledTorCanceled()
res_parts = shlex.split(res)
2019-10-13 01:01:25 -03:00
progress = res_parts[2].split("=")[1]
summary = res_parts[4].split("=")[1]
# "\033[K" clears the rest of the line
print(
f"\rConnecting to the Tor network: {progress}% - {summary}\033[K",
end="",
)
if callable(tor_status_update_func):
if not tor_status_update_func(progress, summary):
# If the dialog was canceled, stop connecting to Tor
2019-10-13 01:01:25 -03:00
self.common.log(
"Onion",
"connect",
"tor_status_update_func returned false, canceling connecting to Tor",
)
print()
return False
2019-10-13 01:01:25 -03:00
if summary == "Done":
print("")
break
time.sleep(0.2)
# If using bridges, it might take a bit longer to connect to Tor
2019-10-13 01:01:25 -03:00
if (
self.settings.get("tor_bridges_use_custom_bridges")
or self.settings.get("tor_bridges_use_obfs4")
or self.settings.get("tor_bridges_use_meek_lite_azure")
):
# Only override timeout if a custom timeout has not been passed in
if connect_timeout == 120:
connect_timeout = 150
if time.time() - start_ts > connect_timeout:
print("")
try:
self.tor_proc.terminate()
2019-10-13 01:01:25 -03:00
raise BundledTorTimeout(
# strings._("settings_error_bundled_tor_timeout")
"Taking too long to connect to Tor. Maybe you aren't connected to the Internet, or have an inaccurate system clock?"
2019-10-13 01:01:25 -03:00
)
except FileNotFoundError:
pass
2019-10-13 01:01:25 -03:00
elif self.settings.get("connection_type") == "automatic":
# Automatically try to guess the right way to connect to Tor Browser
# Try connecting to control port
found_tor = False
# If the TOR_CONTROL_PORT environment variable is set, use that
2019-10-13 01:01:25 -03:00
env_port = os.environ.get("TOR_CONTROL_PORT")
if env_port:
try:
self.c = Controller.from_port(port=int(env_port))
found_tor = True
except:
pass
else:
# Otherwise, try default ports for Tor Browser, Tor Messenger, and system tor
try:
ports = [9151, 9153, 9051]
for port in ports:
self.c = Controller.from_port(port=port)
found_tor = True
except:
pass
# If this still didn't work, try guessing the default socket file path
2019-10-13 01:01:25 -03:00
socket_file_path = ""
if not found_tor:
try:
2019-10-13 01:01:25 -03:00
if self.common.platform == "Darwin":
socket_file_path = os.path.expanduser(
"~/Library/Application Support/TorBrowser-Data/Tor/control.socket"
)
self.c = Controller.from_socket_file(path=socket_file_path)
found_tor = True
except:
pass
# If connecting to default control ports failed, so let's try
# guessing the socket file name next
if not found_tor:
try:
2019-10-13 01:01:25 -03:00
if self.common.platform == "Linux" or self.common.platform == "BSD":
socket_file_path = (
f"/run/user/{os.geteuid()}/Tor/control.socket"
2019-10-13 01:01:25 -03:00
)
elif self.common.platform == "Darwin":
socket_file_path = (
f"/run/user/{os.geteuid()}/Tor/control.socket"
2019-10-13 01:01:25 -03:00
)
elif self.common.platform == "Windows":
# Windows doesn't support unix sockets
raise TorErrorAutomatic(
# strings._("settings_error_automatic")
"Could not connect to the Tor controller. Is Tor Browser (available from torproject.org) running in the background?"
)
self.c = Controller.from_socket_file(path=socket_file_path)
except:
raise TorErrorAutomatic(
# strings._("settings_error_automatic")
"Could not connect to the Tor controller. Is Tor Browser (available from torproject.org) running in the background?"
)
# Try authenticating
try:
self.c.authenticate()
except:
raise TorErrorAutomatic(
# strings._("settings_error_automatic")
"Could not connect to the Tor controller. Is Tor Browser (available from torproject.org) running in the background?"
)
else:
# Use specific settings to connect to tor
# Try connecting
try:
2019-10-13 01:01:25 -03:00
if self.settings.get("connection_type") == "control_port":
self.c = Controller.from_port(
address=self.settings.get("control_port_address"),
port=self.settings.get("control_port_port"),
)
elif self.settings.get("connection_type") == "socket_file":
self.c = Controller.from_socket_file(
path=self.settings.get("socket_file_path")
)
else:
raise TorErrorInvalidSetting(
# strings._("settings_error_unknown")
"Can't connect to Tor controller because your settings don't make sense."
)
except:
2019-10-13 01:01:25 -03:00
if self.settings.get("connection_type") == "control_port":
raise TorErrorSocketPort(
# strings._("settings_error_socket_port")
"Can't connect to the Tor controller at {}:{}.".format(
2019-10-13 01:01:25 -03:00
self.settings.get("control_port_address"),
self.settings.get("control_port_port"),
)
)
else:
2019-10-13 01:01:25 -03:00
raise TorErrorSocketFile(
# strings._("settings_error_socket_file")
"Can't connect to the Tor controller using socket file {}.".format(
2019-10-13 01:01:25 -03:00
self.settings.get("socket_file_path")
)
)
# Try authenticating
try:
2019-10-13 01:01:25 -03:00
if self.settings.get("auth_type") == "no_auth":
self.c.authenticate()
2019-10-13 01:01:25 -03:00
elif self.settings.get("auth_type") == "password":
self.c.authenticate(self.settings.get("auth_password"))
else:
raise TorErrorInvalidSetting(
# strings._("settings_error_unknown")
"Can't connect to Tor controller because your settings don't make sense."
)
except MissingPassword:
2019-10-13 01:01:25 -03:00
raise TorErrorMissingPassword(
# strings._("settings_error_missing_password")
"Connected to Tor controller, but it requires a password to authenticate."
2019-10-13 01:01:25 -03:00
)
except UnreadableCookieFile:
2019-10-13 01:01:25 -03:00
raise TorErrorUnreadableCookieFile(
# strings._("settings_error_unreadable_cookie_file")
"Connected to the Tor controller, but password may be wrong, or your user is not permitted to read the cookie file."
2019-10-13 01:01:25 -03:00
)
except AuthenticationFailure:
2019-10-13 01:01:25 -03:00
raise TorErrorAuthError(
# strings._("settings_error_auth")
"Connected to {}:{}, but can't authenticate. Maybe this isn't a Tor controller?".format(
2019-10-13 01:01:25 -03:00
self.settings.get("control_port_address"),
self.settings.get("control_port_port"),
)
)
# If we made it this far, we should be connected to Tor
self.connected_to_tor = True
# Get the tor version
self.tor_version = self.c.get_version().version_str
2019-10-20 21:59:12 -03:00
self.common.log("Onion", "connect", f"Connected to tor {self.tor_version}")
# Do the versions of stem and tor that I'm using support ephemeral onion services?
2019-10-13 01:01:25 -03:00
list_ephemeral_hidden_services = getattr(
self.c, "list_ephemeral_hidden_services", None
)
self.supports_ephemeral = (
callable(list_ephemeral_hidden_services) and self.tor_version >= "0.2.7.1"
)
# Do the versions of stem and tor that I'm using support stealth onion services?
try:
2019-10-13 01:01:25 -03:00
res = self.c.create_ephemeral_hidden_service(
{1: 1},
basic_auth={"onionshare": None},
await_publication=False,
key_type="NEW",
key_content="RSA1024",
2019-10-13 01:01:25 -03:00
)
tmp_service_id = res.service_id
self.c.remove_ephemeral_hidden_service(tmp_service_id)
self.supports_stealth = True
except:
# ephemeral stealth onion services are not supported
self.supports_stealth = False
# Does this version of Tor support next-gen ('v3') onions?
# Note, this is the version of Tor where this bug was fixed:
# https://trac.torproject.org/projects/tor/ticket/28619
2019-10-13 01:01:25 -03:00
self.supports_v3_onions = self.tor_version >= Version("0.3.5.7")
def is_authenticated(self):
"""
Returns True if the Tor connection is still working, or False otherwise.
"""
if self.c is not None:
return self.c.is_authenticated()
else:
return False
def start_onion_service(self, mode, mode_settings, port, await_publication):
"""
Start a onion service on port 80, pointing to the given port, and
return the onion hostname.
"""
self.common.log("Onion", "start_onion_service", f"port={port}")
if not self.supports_ephemeral:
raise TorTooOld(
# strings._("error_ephemeral_not_supported")
"Your version of Tor is too old, ephemeral onion services are not supported"
)
if mode_settings.get("general", "client_auth") and not self.supports_stealth:
raise TorTooOld(
# strings._("error_stealth_not_supported")
"Your version of Tor is too old, stealth onion services are not supported"
)
2019-11-29 02:38:34 -03:00
auth_cookie = None
if mode_settings.get("general", "client_auth"):
if mode_settings.get("onion", "hidservauth_string"):
auth_cookie = mode_settings.get("onion", "hidservauth_string").split()[
2
]
2019-11-29 02:38:34 -03:00
if auth_cookie:
basic_auth = {"onionshare": auth_cookie}
else:
# If we had neither a scheduled auth cookie or a persistent hidservauth string,
# set the cookie to 'None', which means Tor will create one for us
2019-11-29 02:38:34 -03:00
basic_auth = {"onionshare": None}
else:
2019-11-29 02:38:34 -03:00
# Not using client auth at all
basic_auth = None
if mode_settings.get("onion", "private_key"):
key_content = mode_settings.get("onion", "private_key")
if self.is_v2_key(key_content):
key_type = "RSA1024"
else:
# Assume it was a v3 key. Stem will throw an error if it's something illegible
key_type = "ED25519-V3"
else:
key_type = "NEW"
2018-08-21 06:31:02 -03:00
# Work out if we can support v3 onion services, which are preferred
if self.supports_v3_onions and not mode_settings.get("general", "legacy"):
key_content = "ED25519-V3"
2018-08-21 06:31:02 -03:00
else:
# fall back to v2 onion services
key_content = "RSA1024"
2018-08-21 06:31:02 -03:00
# v3 onions don't yet support basic auth. Our ticket:
# https://github.com/micahflee/onionshare/issues/697
2019-10-13 01:01:25 -03:00
if (
key_type == "NEW"
and key_content == "ED25519-V3"
and not mode_settings.get("general", "legacy")
2019-10-13 01:01:25 -03:00
):
2018-08-21 06:31:02 -03:00
basic_auth = None
debug_message = f"key_type={key_type}"
if key_type == "NEW":
debug_message += f", key_content={key_content}"
self.common.log("Onion", "start_onion_service", debug_message)
try:
res = self.c.create_ephemeral_hidden_service(
{80: port},
await_publication=await_publication,
basic_auth=basic_auth,
key_type=key_type,
key_content=key_content,
)
except ProtocolError as e:
2019-10-13 01:01:25 -03:00
raise TorErrorProtocolError(
# strings._("error_tor_protocol_error")
"Tor error: {}".format(e.args[0])
2019-10-13 01:01:25 -03:00
)
onion_host = res.service_id + ".onion"
# Gracefully close share mode rendezvous circuits
if mode == "share":
self.graceful_close_onions.append(res.service_id)
# Save the service_id
mode_settings.set("general", "service_id", res.service_id)
# Save the private key and hidservauth string
if not mode_settings.get("onion", "private_key"):
mode_settings.set("onion", "private_key", res.private_key)
if mode_settings.get("general", "client_auth") and not mode_settings.get(
"onion", "hidservauth_string"
):
auth_cookie = list(res.client_auth.values())[0]
self.auth_string = f"HidServAuth {onion_host} {auth_cookie}"
mode_settings.set("onion", "hidservauth_string", self.auth_string)
return onion_host
def stop_onion_service(self, mode_settings):
"""
Stop a specific onion service
"""
onion_host = mode_settings.get("general", "service_id")
if onion_host:
self.common.log("Onion", "stop_onion_service", f"onion host: {onion_host}")
try:
self.c.remove_ephemeral_hidden_service(
mode_settings.get("general", "service_id")
)
except:
self.common.log(
"Onion", "stop_onion_service", f"failed to remove {onion_host}"
)
2019-11-29 02:38:34 -03:00
def cleanup(self, stop_tor=True):
"""
Stop onion services that were created earlier. If there's a tor subprocess running, kill it.
"""
2019-10-13 01:01:25 -03:00
self.common.log("Onion", "cleanup")
2018-02-25 03:44:27 -03:00
# Cleanup the ephemeral onion services, if we have any
try:
onions = self.c.list_ephemeral_hidden_services()
for service_id in onions:
onion_host = f"{service_id}.onion"
2018-02-25 03:44:27 -03:00
try:
2019-10-13 01:01:25 -03:00
self.common.log(
"Onion", "cleanup", f"trying to remove onion {onion_host}"
2019-10-13 01:01:25 -03:00
)
self.c.remove_ephemeral_hidden_service(service_id)
2018-02-25 03:44:27 -03:00
except:
2019-10-13 01:01:25 -03:00
self.common.log(
"Onion", "cleanup", f"failed to remove onion {onion_host}"
2019-10-13 01:01:25 -03:00
)
2018-02-25 03:44:27 -03:00
pass
except:
pass
2019-11-29 02:38:34 -03:00
if stop_tor:
# Stop tor process
if self.tor_proc:
# Wait for Tor rendezvous circuits to close
# Catch exceptions to prevent crash on Ctrl-C
try:
rendevouz_circuit_ids = []
for c in self.c.get_circuits():
if (
c.purpose == "HS_SERVICE_REND"
and c.rend_query in self.graceful_close_onions
):
rendevouz_circuit_ids.append(c.id)
symbols = [c for c in "\\|/-"]
symbols_i = 0
while True:
num_rend_circuits = 0
for c in self.c.get_circuits():
if c.id in rendevouz_circuit_ids:
num_rend_circuits += 1
if num_rend_circuits == 0:
print("\rTor rendezvous circuits have closed" + " " * 20)
break
if num_rend_circuits == 1:
circuits = "circuit"
else:
circuits = "circuits"
print(
f"\rWaiting for {num_rend_circuits} Tor rendezvous {circuits} to close {symbols[symbols_i]} ",
end="",
)
symbols_i = (symbols_i + 1) % len(symbols)
time.sleep(1)
except:
pass
2019-11-29 02:38:34 -03:00
self.tor_proc.terminate()
time.sleep(0.2)
if self.tor_proc.poll() is None:
self.common.log(
"Onion",
"cleanup",
"Tried to terminate tor process but it's still running",
)
2019-11-29 02:38:34 -03:00
try:
self.tor_proc.kill()
time.sleep(0.2)
if self.tor_proc.poll() is None:
self.common.log(
"Onion",
"cleanup",
"Tried to kill tor process but it's still running",
)
2019-11-29 02:38:34 -03:00
except:
self.common.log(
"Onion", "cleanup", "Exception while killing tor process"
)
2019-11-29 02:38:34 -03:00
self.tor_proc = None
2019-11-29 02:38:34 -03:00
# Reset other Onion settings
self.connected_to_tor = False
2019-11-29 02:38:34 -03:00
try:
# Delete the temporary tor data directory
if self.use_tmp_dir:
self.tor_data_directory.cleanup()
except:
pass
def get_tor_socks_port(self):
"""
Returns a (address, port) tuple for the Tor SOCKS port
"""
2019-10-13 01:01:25 -03:00
self.common.log("Onion", "get_tor_socks_port")
2019-10-13 01:01:25 -03:00
if self.settings.get("connection_type") == "bundled":
return ("127.0.0.1", self.tor_socks_port)
elif self.settings.get("connection_type") == "automatic":
return ("127.0.0.1", 9150)
else:
2019-10-13 01:01:25 -03:00
return (self.settings.get("socks_address"), self.settings.get("socks_port"))
def is_v2_key(self, key):
"""
Helper function for determining if a key is RSA1024 (v2) or not.
"""
try:
# Import the key
key = RSA.importKey(base64.b64decode(key))
# Is this a v2 Onion key? (1024 bits) If so, we should keep using it.
if key.n.bit_length() == 1024:
return True
else:
return False
except:
return False