git-annex/RemoteDaemon/Transport/Tor.hs

{- git-remote-daemon, tor hidden service transport
 -
 - Copyright 2016 Joey Hess <id@joeyh.name>
 -
 - Licensed under the GNU GPL version 3 or higher.
 -}

module RemoteDaemon.Transport.Tor (server) where

import Common
import RemoteDaemon.Types
import RemoteDaemon.Common
import Utility.Tor
import Utility.FileMode
import Remote.Helper.Tor
import Remote.Helper.P2P
import Remote.Helper.P2P.IO
import Annex.UUID
import Types.UUID

import System.PosixCompat.User
import Network.Socket
import Control.Concurrent
import System.Log.Logger (debugM)

-- Run tor hidden service.
server :: TransportHandle -> IO ()
server th@(TransportHandle (LocalRepo r) _) = do
	u <- liftAnnex th getUUID
	uid <- getRealUserID
	let ident = fromUUID u
	let sock = socketFile uid ident
	nukeFile sock
	soc <- socket AF_UNIX Stream defaultProtocol
	bind soc (SockAddrUnix sock)
	-- Allow everyone to read and write to the socket; tor is probably
	-- running as a different user. Connections have to authenticate
	-- to do anything, so it's fine that other local users can connect.
	modifyFileMode sock $ addModes
		[groupReadMode, groupWriteMode, otherReadMode, otherWriteMode]
	listen soc 2
	debugM "remotedaemon" "tor hidden service running"
	forever $ do
		(conn, _) <- accept soc
		forkIO $ do
			debugM "remotedaemon" "handling a connection"
			h <- torHandle conn
			_ <- runNetProtoHandle h h r (serve u)
			hClose h
			debugM "remotedaemon" "done handling a connection"
remotedaemon: serve tor hidden service 2016-11-20 19:45:01 +00:00			`{- git-remote-daemon, tor hidden service transport`
			`-`
			`- Copyright 2016 Joey Hess <id@joeyh.name>`
			`-`
			`- Licensed under the GNU GPL version 3 or higher.`
			`-}`

			`module RemoteDaemon.Transport.Tor (server) where`

			`import Common`
			`import RemoteDaemon.Types`
			`import RemoteDaemon.Common`
			`import Utility.Tor`
			`import Utility.FileMode`
Added git-remote-tor-annex, which allows git pull and push to the tor hidden service. Almost working, but there's a bug in the relaying. Also, made tor hidden service setup pick a random port, to make it harder to port scan. This commit was sponsored by Boyd Stephen Smith Jr. on Patreon. 2016-11-21 21:27:38 +00:00			`import Remote.Helper.Tor`
remotedaemon: serve tor hidden service 2016-11-20 19:45:01 +00:00			`import Remote.Helper.P2P`
			`import Remote.Helper.P2P.IO`
			`import Annex.UUID`
			`import Types.UUID`

			`import System.PosixCompat.User`
			`import Network.Socket`
			`import Control.Concurrent`
			`import System.Log.Logger (debugM)`

			`-- Run tor hidden service.`
			`server :: TransportHandle -> IO ()`
			`server th@(TransportHandle (LocalRepo r) _) = do`
			`u <- liftAnnex th getUUID`
			`uid <- getRealUserID`
			`let ident = fromUUID u`
			`let sock = socketFile uid ident`
			`nukeFile sock`
			`soc <- socket AF_UNIX Stream defaultProtocol`
			`bind soc (SockAddrUnix sock)`
			`-- Allow everyone to read and write to the socket; tor is probably`
			`-- running as a different user. Connections have to authenticate`
			`-- to do anything, so it's fine that other local users can connect.`
			`modifyFileMode sock $ addModes`
			`[groupReadMode, groupWriteMode, otherReadMode, otherWriteMode]`
			`listen soc 2`
			`debugM "remotedaemon" "tor hidden service running"`
			`forever $ do`
			`(conn, _) <- accept soc`
			`forkIO $ do`
			`debugM "remotedaemon" "handling a connection"`
Added git-remote-tor-annex, which allows git pull and push to the tor hidden service. Almost working, but there's a bug in the relaying. Also, made tor hidden service setup pick a random port, to make it harder to port scan. This commit was sponsored by Boyd Stephen Smith Jr. on Patreon. 2016-11-21 21:27:38 +00:00			`h <- torHandle conn`
stop cleanly when there's a IO error accessing the Handle All other exceptions are let through, but IO errors accessing the handle are to be expected, so quietly ignore. 2016-11-22 01:22:58 +00:00			`_ <- runNetProtoHandle h h r (serve u)`
remotedaemon: serve tor hidden service 2016-11-20 19:45:01 +00:00			`hClose h`
detect EOF on socket and cleanly shutdown the service process 2016-11-22 01:45:56 +00:00			`debugM "remotedaemon" "done handling a connection"`