diff options
author | Micah Lee <micah@micahflee.com> | 2014-08-20 21:11:49 +0000 |
---|---|---|
committer | Micah Lee <micah@micahflee.com> | 2014-08-20 21:11:49 +0000 |
commit | bda5bc3450d0f001dc8aef514295b59e251c327b (patch) | |
tree | 22e86b91632f99967823fd754ab8b16f0ee0d030 | |
parent | bbbf005dacab375a3f853cc091d892cb980c6f9f (diff) | |
download | onionshare-bda5bc3450d0f001dc8aef514295b59e251c327b.tar.gz onionshare-bda5bc3450d0f001dc8aef514295b59e251c327b.zip |
in Tails, launch separate root process to do root stuff (#96)
-rw-r--r-- | onionshare/onionshare.py | 81 | ||||
-rw-r--r-- | onionshare/strings.json | 18 |
2 files changed, 56 insertions, 43 deletions
diff --git a/onionshare/onionshare.py b/onionshare/onionshare.py index 55fb0689..6ca1eebc 100644 --- a/onionshare/onionshare.py +++ b/onionshare/onionshare.py @@ -190,16 +190,6 @@ def page_not_found(e): def is_root(): return os.geteuid() == 0 -def tails_open_port(port): - if get_platform() == 'Tails': - print translated("punching_a_hole") - subprocess.call(['/sbin/iptables', '-I', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT']) - -def tails_close_port(port): - if get_platform() == 'Tails': - print translated("closing_hole") - subprocess.call(['/sbin/iptables', '-D', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT']) - def load_strings(default="en"): global strings try: @@ -277,12 +267,42 @@ def start_hidden_service(port): return onion_host +def tails_root(): + # if running in Tails and as root, do only the things that require root + if get_platform() == 'Tails' and is_root(): + parser = argparse.ArgumentParser() + parser.add_argument('port', nargs=1, help='Tails only: port for opening firewall, starting hidden service') + args = parser.parse_args() + + try: + port = int(args.port[0]) + except ValueError: + sys.stderr.write('Invalid value, port must be an integer\n') + sys.exit(-1) + + # open hole in firewall + subprocess.call(['/sbin/iptables', '-I', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT']) + + # start hidden service + onion_host = start_hidden_service(port) + sys.stdout.write(onion_host) + sys.stdout.flush() + + # close hole in firewall on shutdown + import signal + def handler(signum = None, frame = None): + subprocess.call(['/sbin/iptables', '-D', 'OUTPUT', '-o', 'lo', '-p', 'tcp', '--dport', str(port), '-j', 'ACCEPT']) + sys.exit() + for sig in [signal.SIGTERM, signal.SIGINT, signal.SIGHUP, signal.SIGQUIT]: + signal.signal(sig, handler) + + # stay open until killed + while True: + time.sleep(1) + def main(): load_strings() - - # check for root in Tails - if get_platform() == 'Tails' and not is_root(): - sys.exit(translated("tails_requires_root")) + tails_root() # parse arguments parser = argparse.ArgumentParser() @@ -309,19 +329,33 @@ def main(): port = choose_port() local_host = "127.0.0.1:{0}".format(port) - if not local_only: - # try starting hidden service - print translated("connecting_ctrlport").format(port) - try: - onion_host = start_hidden_service(port) - except NoTor as e: - sys.exit(e.args[0]) + if get_platform() == 'Tails': + # if this is tails, start the root process + #root_p = subprocess.Popen(['/usr/bin/gksudo', '-D', 'OnionShare', '--', '/usr/bin/onionshare', str(port)], stderr=subprocess.PIPE, stdout=subprocess.PIPE) + root_p = subprocess.Popen(['/usr/bin/sudo', '--', '/usr/bin/onionshare', str(port)], stderr=subprocess.PIPE, stdout=subprocess.PIPE) + stdout = root_p.stdout.read(22) # .onion URLs are 22 chars long + + if stdout: + onion_host = stdout + else: + if root_p.poll() == -1: + sys.exit(root_p.stderr.read()) + else: + sys.exit('Unknown error with Tails root process') + else: + # if not tails, start hidden service normally + if not local_only: + # try starting hidden service + print translated("connecting_ctrlport").format(port) + try: + onion_host = start_hidden_service(port) + except NoTor as e: + sys.exit(e.args[0]) # startup print translated("calculating_sha1") filehash, filesize = file_crunching(filename) set_file_info(filename, filehash, filesize) - tails_open_port(port) print '\n' + translated("give_this_url") if local_only: print 'http://{0}/{1}'.format(local_host, slug) @@ -334,8 +368,5 @@ def main(): app.run(port=port) print '\n' - # shutdown - tails_close_port(port) - if __name__ == '__main__': main() diff --git a/onionshare/strings.json b/onionshare/strings.json index 15be5dd5..fcf6a8c9 100644 --- a/onionshare/strings.json +++ b/onionshare/strings.json @@ -1,6 +1,4 @@ { "en": { - "punching_a_hole": "Punching a hole in the firewall.", - "closing_hole": "Closing hole in firewall.", "calculating_sha1": "Calculating SHA1 checksum.", "connecting_ctrlport": "Connecting to Tor control port to set up hidden service on port {0}.", "cant_connect_ctrlport": "Cannot connect to Tor control port on port {0}. Is Tor running?", @@ -20,8 +18,6 @@ "choose_file": "Choose a file to share", "copy_url": "Copy URL" }, "no": { - "punching_a_hole": "Åpner port i brannmuren.", - "closing_hole": "Lukker port i brannmuren.", "calculating_sha1": "Kalkulerer SHA1 sjekksum.", "connecting_ctrlport": "Kobler til Tors kontroll-port for å sette opp en gjemt tjeneste på port {0}.", "cant_connect_ctrlport": "Klarte ikke å koble til Tors kontroll-porter {0}. Sjekk at Tor kjører.", @@ -40,8 +36,6 @@ "close_countdown": "Lukker om {0} sekunder", "choose_file": "Velg en fil å dele" }, "es": { - "punching_a_hole": "Abriendo un agujero en el cortafuegos.", - "closing_hole": "Cerrando el agujero en el cortafuegos.", "calculating_sha1": "Calculando suma de verificación SHA1.", "connecting_ctrlport": "Conectando a puerto control de Tor para configurar servicio oculto en puerto {0}.", "cant_connect_ctrlport": "No se pudo conectar a puerto control de Tor en puertos {0}. ¿Está funcionando Tor?", @@ -60,8 +54,6 @@ "close_countdown": "Cierre en {0} segundos...", "choose_file": "Elija un archivo para compartir" }, "fr": { - "punching_a_hole": "Poinçonnage d'un trou dans le pare-feu.", - "closing_hole": "Trou de clôture dans le pare-feu.", "calculating_sha1": "Calculer un hachage SHA-1.", "connecting_ctrlport": "Connexion à réseau Tor utilisant les port {0}.", "cant_connect_ctrlport": "Réseau Tor indisponible sur le port {0}. Vous utilisez Tor?", @@ -71,8 +63,6 @@ "filesize": "Taille de fichier", "sha1_checksum": "SHA1 hachage" }, "it": { - "punching_a_hole": "Apertura della porta nel firewall.", - "closing_hole": "Chiusura della porta nel firewall.", "calculating_sha1": "Calcolo della firma SHA1.", "connecting_ctrlport": "Connessione alla porta di controllo di Tor per inizializzare il servizio nascosto sulla porta {0}.", "cant_connect_ctrlport": "Impossibile connettere alla porta di controllo di Tor tramite le porte {0}. Tor è stato avviato?", @@ -91,8 +81,6 @@ "close_countdown": "Chiusura in {0} secondi...", "choose_file": "Scegli un file da condividere" }, "nl": { - "punching_a_hole": "Een doorgang aan het maken in de firewall.", - "closing_hole": "Doorgang in de firewall sluiten.", "calculating_sha1": "SHA1 controlecijfer berekenen.", "connecting_ctrlport": "Verbinden met de Tor controle port om een verborgen service op te zetten op poort {0}.", "cant_connect_ctrlport": "Kan niet verbinden met de Tor controle poort op poorten {0}. Draait Tor?", @@ -112,8 +100,6 @@ "choose_file": "Kies betsand om te delen", "copy_url": "Kopieer URL" }, "pt": { - "punching_a_hole": "Abrindo um buraco no firewall.", - "closing_hole": "Fechando buraco no firewall.", "calculating_sha1": "Calculando checksum SHA1.", "connecting_ctrlport": "Conectando-se à porta de controle Tor para configurar serviço escondido na porta {0}.", "cant_connect_ctrlport": "Não pode conectar à porta de controle Tor na porta {0}. O Tor está rodando?", @@ -132,8 +118,6 @@ "close_countdown": "Fechando em {0} segundos...", "choose_file": "Escolhe um arquivo para compartilhar" }, "ru": { - "punching_a_hole": "Открытие порта в межсетевом экране.", - "closing_hole": "Закрытие порта в межсетевом экране.", "calculating_sha1": "Вычисляется SHA1 хешсумма.", "connecting_ctrlport": "Соединяемся с контрольным портом Tor для создания скрытого сервиса на порту {0}.", "cant_connect_ctrlport": "Невозможно соединиться с контрольным портом Tor на порту {0}. Tor запущен?", @@ -153,8 +137,6 @@ "choose_file": "Выберите файл", "copy_url": "Скопировать ссылку" }, "de": { - "punching_a_hole": "Schlage ein Loch in die Firewall.", - "closing_hole": "Schließe Loch in der Firewall.", "calculating_sha1": "Kalkuliere SHA1 Checksumme.", "connecting_ctrlport": "Verbinde zum Tor-Kontrollport um den versteckten Dienst auf Port {0} laufen zu lassen.", "cant_connect_ctrlport": "Konnte keine Verbindung zum Tor-Kontrollport auf Port {0} aufbauen. Läuft Tor?", |