From e36c962b7db483aa1e030966e45c4ac6e5424e57 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Wed, 21 Dec 2016 15:26:49 +0000
Subject: [PATCH] Functions for tor bridges
---
src/freedombone-sec | 94 ++++++++++++++++++++++++++++---------
src/freedombone-utils-onion | 61 ++++++++++++++++++++++++
2 files changed, 134 insertions(+), 21 deletions(-)
diff --git a/src/freedombone-sec b/src/freedombone-sec
index f57036cb1..cf65c0a12 100755
--- a/src/freedombone-sec
+++ b/src/freedombone-sec
@@ -751,6 +751,53 @@ function store_passwords {
esac
}
+function show_tor_bridges {
+ echo -n ''
+}
+
+function add_tor_bridge {
+ echo -n ''
+}
+
+function remove_tor_bridge {
+ echo -n ''
+}
+
+function menu_security_settings {
+ data=$(tempfile 2>/dev/null)
+ trap "rm -f $data" 0 1 2 5 15
+ dialog --backtitle $"Freedombone Control Panel" \
+ --title $"Tor Bridges" \
+ --radiolist $"Choose an operation:" 12 50 4 \
+ 1 $"Show bridges" off \
+ 2 $"Add a bridge" off \
+ 3 $"Remove a bridge" off \
+ 4 $"Go Back/Exit" on 2> $data
+ sel=$?
+ case $sel in
+ 1) exit 1;;
+ 255) exit 1;;
+ esac
+
+ case $(cat $data) in
+ 1)
+ show_tor_bridges
+ exit 0
+ ;;
+ 2)
+ add_tor_bridge
+ exit 0
+ ;;
+ 3)
+ remove_tor_bridge
+ exit 0
+ ;;
+ 4)
+ exit 0
+ ;;
+ esac
+}
+
function menu_security_settings {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
@@ -759,17 +806,18 @@ function menu_security_settings {
--radiolist $"Choose an operation:" 20 76 20 \
1 $"Run STIG tests" off \
2 $"Show ssh host public key" off \
- 3 $"Password storage" off \
- 4 $"Export passwords" off \
- 5 $"Regenerate ssh host keys" off \
- 6 $"Regenerate Diffie-Hellman keys" off \
- 7 $"Update cipersuite" off \
- 8 $"Create a new Let's Encrypt certificate" off \
- 9 $"Renew Let's Encrypt certificate" off \
- 10 $"Enable GPG based authentication (monkeysphere)" off \
- 11 $"Register a website with monkeysphere" off \
- 12 $"Allow ssh login with passwords" off \
- 13 $"Go Back/Exit" on 2> $data
+ 3 $"Tor bridges" off \
+ 4 $"Password storage" off \
+ 5 $"Export passwords" off \
+ 6 $"Regenerate ssh host keys" off \
+ 7 $"Regenerate Diffie-Hellman keys" off \
+ 8 $"Update cipersuite" off \
+ 9 $"Create a new Let's Encrypt certificate" off \
+ 10 $"Renew Let's Encrypt certificate" off \
+ 11 $"Enable GPG based authentication (monkeysphere)" off \
+ 12 $"Register a website with monkeysphere" off \
+ 13 $"Allow ssh login with passwords" off \
+ 14 $"Go Back/Exit" on 2> $data
sel=$?
case $sel in
1) exit 1;;
@@ -804,41 +852,45 @@ function menu_security_settings {
exit 0
;;
3)
- store_passwords
+ menu_tor_bridges
exit 0
;;
4)
- export_passwords
+ store_passwords
exit 0
;;
5)
- regenerate_ssh_host_keys
+ export_passwords
+ exit 0
;;
6)
- regenerate_dh_keys
+ regenerate_ssh_host_keys
;;
7)
+ regenerate_dh_keys
+ ;;
+ 8)
interactive_setup
update_ciphersuite
;;
- 8)
+ 9)
create_letsencrypt
;;
- 9)
+ 10)
renew_letsencrypt
;;
- 10)
+ 11)
enable_monkeysphere
;;
- 11)
+ 12)
register_website
;;
- 12)
+ 13)
allow_ssh_passwords
change_ssh_settings
exit 0
;;
- 13)
+ 14)
exit 0
;;
esac
diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 7ab001464..5b4af545e 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -402,4 +402,65 @@ function get_app_onion_address {
echo ""
}
+function tor_add_bridge {
+ bridge_ip_address="$1"
+ bridge_port="$2"
+ bridge_key="$3"
+ bridge_type='obfs4'
+
+ if [[ "$bridge_ip_address" != *"."* ]]; then
+ return
+ fi
+ if [ ${#bridge_port} -eq 0 ]; then
+ return
+ fi
+ if [ ${#bridge_key} -eq 0 ]; then
+ return
+ fi
+
+ apt-get install obfs4proxy
+
+ if grep "ClientTransportPlugin" /etc/tor/torrc; then
+ sed -i 's|#ClientTransportPlugin|ClientTransportPlugin|g' /etc/tor/torrc
+ sed -i 's|# ClientTransportPlugin|ClientTransportPlugin|g' /etc/tor/torrc
+ sed -i 's|ClientTransportPlugin.*|ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed|g' /etc/tor/torrc
+ else
+ echo 'ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed' >> /etc/tor/torrc
+ fi
+ if grep "UseBridges" /etc/tor/torrc; then
+ sed -i 's|#UseBridges|UseBridges|g' /etc/tor/torrc
+ sed -i 's|# UseBridges|UseBridges|g' /etc/tor/torrc
+ sed -i 's|UseBridges.*|UseBridges 1|g' /etc/tor/torrc
+ else
+ echo 'UseBridges 1' >> /etc/tor/torrc
+ fi
+
+ bridge_str="bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}"
+ if ! grep "${bridge_str}" /etc/tor/torrc; then
+ sed -i "/UseBridges/a ${bridge_str}" >> /etc/tor/torrc
+ fi
+
+ systemctl restart tor
+}
+
+function tor_remove_bridge {
+ bridge_ip_address="$1"
+ bridge_type='obfs4'
+
+ bridge_str="bridge $bridge_type ${bridge_ip_address}"
+ if grep "${bridge_str}" /etc/tor/torrc; then
+ sed -i "/${bridge_str}/d" /etc/tor/torrc
+ fi
+ if ! grep "bridge " /etc/tor/torrc; then
+ if ! grep "#UseBridges" /etc/tor/torrc; then
+ sed -i 's|UseBridges|#UseBridges|g' /etc/tor/torrc
+ fi
+ if ! grep "#ClientTransportPlugin" /etc/tor/torrc; then
+ sed -i 's|ClientTransportPlugin|#ClientTransportPlugin|g' /etc/tor/torrc
+ fi
+ fi
+
+ systemctl restart tor
+}
+
# NOTE: deliberately no exit 0
--
GitLab