git-annex/Command/EnableTor.hs

{- git-annex command
 -
 - Copyright 2016 Joey Hess <id@joeyh.name>
 -
 - Licensed under the GNU GPL version 3 or higher.
 -}

{-# LANGUAGE CPP #-}

module Command.EnableTor where

import Command
import P2P.Address
import Utility.Tor
import Annex.UUID
import Config.Files

#ifndef mingw32_HOST_OS
import Utility.Su
import System.Posix.User
#endif

-- This runs as root, so avoid making any commits or initializing
-- git-annex, or doing other things that create root-owned files.
cmd :: Command
cmd = noCommit $ dontCheck repoExists $
	command "enable-tor" SectionSetup "enable tor hidden service"
		"uid" (withParams seek)

seek :: CmdParams -> CommandSeek
seek = withWords start

start :: [String] -> CommandStart
start os = do
	uuid <- getUUID
	when (uuid == NoUUID) $
		giveup "This can only be run in a git-annex repository."
#ifndef mingw32_HOST_OS
	curruserid <- liftIO getEffectiveUserID
	if curruserid == 0
		then case readish =<< headMaybe os of
			Nothing -> giveup "Need user-id parameter."
			Just userid -> go uuid userid
		else do
			liftIO $ putStrLn "Need root access to enable tor..."
			gitannex <- liftIO readProgramFile
			let ps = [Param (cmdname cmd), Param (show curruserid)]
			ifM (liftIO $ runAsRoot gitannex ps)
				( stop
				, giveup $ unwords $
					[ "Failed to run as root:" , gitannex ] ++ toCommand ps
				)
#else
	go uuid 0
#endif
  where
	go uuid userid = do
		(onionaddr, onionport) <- liftIO $
			addHiddenService "tor-annex" userid (fromUUID uuid)
		storeP2PAddress $ TorAnnex onionaddr onionport
		stop
git-annex enable-tor command Tor unfortunately does not come out of the box configured to let hidden services register themselves on the fly via the ControlPort. And, changing the config to enable the ControlPort and a particular type of auth for it may break something already using the ControlPort, or lessen the security of the system. So, this leaves only one option to us: Add a hidden service to the torrc. git-annex enable-tor does so, and picks an unused high port for tor to listen on for connections to the hidden service. It's up to the caller to somehow pick a local port to listen on that won't be used by something else. That may be difficult to do.. This commit was sponsored by Jochen Bartl on Patreon. 2016-11-14 17:26:34 +00:00			`{- git-annex command`
			`-`
			`- Copyright 2016 Joey Hess <id@joeyh.name>`
			`-`
			`- Licensed under the GNU GPL version 3 or higher.`
			`-}`

enable-tor: No longer needs to be run as root. When run by not root, su's to root automatically. This commit was sponsored by Brock Spratlen on Patreon. 2016-12-20 21:40:36 +00:00			`{-# LANGUAGE CPP #-}`

git-annex enable-tor command Tor unfortunately does not come out of the box configured to let hidden services register themselves on the fly via the ControlPort. And, changing the config to enable the ControlPort and a particular type of auth for it may break something already using the ControlPort, or lessen the security of the system. So, this leaves only one option to us: Add a hidden service to the torrc. git-annex enable-tor does so, and picks an unused high port for tor to listen on for connections to the hidden service. It's up to the caller to somehow pick a local port to listen on that won't be used by something else. That may be difficult to do.. This commit was sponsored by Jochen Bartl on Patreon. 2016-11-14 17:26:34 +00:00			`module Command.EnableTor where`

			`import Command`
finish git-annex enable-tor Make it stash the address away for git-annex p2p to use later, rather than outputting it. And, look up the UUID itself. 2016-11-29 21:30:27 +00:00			`import P2P.Address`
git-annex enable-tor command Tor unfortunately does not come out of the box configured to let hidden services register themselves on the fly via the ControlPort. And, changing the config to enable the ControlPort and a particular type of auth for it may break something already using the ControlPort, or lessen the security of the system. So, this leaves only one option to us: Add a hidden service to the torrc. git-annex enable-tor does so, and picks an unused high port for tor to listen on for connections to the hidden service. It's up to the caller to somehow pick a local port to listen on that won't be used by something else. That may be difficult to do.. This commit was sponsored by Jochen Bartl on Patreon. 2016-11-14 17:26:34 +00:00			`import Utility.Tor`
finish git-annex enable-tor Make it stash the address away for git-annex p2p to use later, rather than outputting it. And, look up the UUID itself. 2016-11-29 21:30:27 +00:00			`import Annex.UUID`
enable-tor: No longer needs to be run as root. When run by not root, su's to root automatically. This commit was sponsored by Brock Spratlen on Patreon. 2016-12-20 21:40:36 +00:00			`import Config.Files`

			`#ifndef mingw32_HOST_OS`
			`import Utility.Su`
			`import System.Posix.User`
			`#endif`
git-annex enable-tor command Tor unfortunately does not come out of the box configured to let hidden services register themselves on the fly via the ControlPort. And, changing the config to enable the ControlPort and a particular type of auth for it may break something already using the ControlPort, or lessen the security of the system. So, this leaves only one option to us: Add a hidden service to the torrc. git-annex enable-tor does so, and picks an unused high port for tor to listen on for connections to the hidden service. It's up to the caller to somehow pick a local port to listen on that won't be used by something else. That may be difficult to do.. This commit was sponsored by Jochen Bartl on Patreon. 2016-11-14 17:26:34 +00:00
use socket for tor hidden service This avoids needing to bind to the right port before something else does. The socket is in /var/run/user/$uid/ which ought to be writable by only that uid. At least it is on linux systems using systemd. For Windows, may need to revisit this and use ports or something. The first version of tor to support sockets for hidden services was 0.2.6.3. That is not in Debian stable, but is available in backports. This commit was sponsored by andrea rota. 2016-11-14 20:35:45 +00:00			`-- This runs as root, so avoid making any commits or initializing`
finish git-annex enable-tor Make it stash the address away for git-annex p2p to use later, rather than outputting it. And, look up the UUID itself. 2016-11-29 21:30:27 +00:00			`-- git-annex, or doing other things that create root-owned files.`
git-annex enable-tor command Tor unfortunately does not come out of the box configured to let hidden services register themselves on the fly via the ControlPort. And, changing the config to enable the ControlPort and a particular type of auth for it may break something already using the ControlPort, or lessen the security of the system. So, this leaves only one option to us: Add a hidden service to the torrc. git-annex enable-tor does so, and picks an unused high port for tor to listen on for connections to the hidden service. It's up to the caller to somehow pick a local port to listen on that won't be used by something else. That may be difficult to do.. This commit was sponsored by Jochen Bartl on Patreon. 2016-11-14 17:26:34 +00:00			`cmd :: Command`
			`cmd = noCommit $ dontCheck repoExists $`
finish git-annex enable-tor Make it stash the address away for git-annex p2p to use later, rather than outputting it. And, look up the UUID itself. 2016-11-29 21:30:27 +00:00			`command "enable-tor" SectionSetup "enable tor hidden service"`
			`"uid" (withParams seek)`
git-annex enable-tor command Tor unfortunately does not come out of the box configured to let hidden services register themselves on the fly via the ControlPort. And, changing the config to enable the ControlPort and a particular type of auth for it may break something already using the ControlPort, or lessen the security of the system. So, this leaves only one option to us: Add a hidden service to the torrc. git-annex enable-tor does so, and picks an unused high port for tor to listen on for connections to the hidden service. It's up to the caller to somehow pick a local port to listen on that won't be used by something else. That may be difficult to do.. This commit was sponsored by Jochen Bartl on Patreon. 2016-11-14 17:26:34 +00:00
			`seek :: CmdParams -> CommandSeek`
			`seek = withWords start`

finish git-annex enable-tor Make it stash the address away for git-annex p2p to use later, rather than outputting it. And, look up the UUID itself. 2016-11-29 21:30:27 +00:00			`start :: [String] -> CommandStart`
enable-tor: No longer needs to be run as root. When run by not root, su's to root automatically. This commit was sponsored by Brock Spratlen on Patreon. 2016-12-20 21:40:36 +00:00			`start os = do`
fail before suing when not in a git-annex repo 2016-12-20 21:46:14 +00:00			`uuid <- getUUID`
			`when (uuid == NoUUID) $`
			`giveup "This can only be run in a git-annex repository."`
enable-tor: No longer needs to be run as root. When run by not root, su's to root automatically. This commit was sponsored by Brock Spratlen on Patreon. 2016-12-20 21:40:36 +00:00			`#ifndef mingw32_HOST_OS`
			`curruserid <- liftIO getEffectiveUserID`
			`if curruserid == 0`
			`then case readish =<< headMaybe os of`
			`Nothing -> giveup "Need user-id parameter."`
fail before suing when not in a git-annex repo 2016-12-20 21:46:14 +00:00			`Just userid -> go uuid userid`
enable-tor: No longer needs to be run as root. When run by not root, su's to root automatically. This commit was sponsored by Brock Spratlen on Patreon. 2016-12-20 21:40:36 +00:00			`else do`
			`liftIO $ putStrLn "Need root access to enable tor..."`
			`gitannex <- liftIO readProgramFile`
			`let ps = [Param (cmdname cmd), Param (show curruserid)]`
			`ifM (liftIO $ runAsRoot gitannex ps)`
			`( stop`
			`, giveup $ unwords $`
			`[ "Failed to run as root:" , gitannex ] ++ toCommand ps`
			`)`
			`#else`
fail before suing when not in a git-annex repo 2016-12-20 21:46:14 +00:00			`go uuid 0`
enable-tor: No longer needs to be run as root. When run by not root, su's to root automatically. This commit was sponsored by Brock Spratlen on Patreon. 2016-12-20 21:40:36 +00:00			`#endif`
			`where`
fail before suing when not in a git-annex repo 2016-12-20 21:46:14 +00:00			`go uuid userid = do`
finish git-annex enable-tor Make it stash the address away for git-annex p2p to use later, rather than outputting it. And, look up the UUID itself. 2016-11-29 21:30:27 +00:00			`(onionaddr, onionport) <- liftIO $`
relocate tor socket out of /etc weasel explained that apparmor limits on what files tor can read do not apply to sockets (because they're not files). And apparently the problems I was seeing with hidden services not being accessible had to do with onion address propigation and not the location of the socket file. remotedaemon looks up the HiddenServicePort in torrc, so if it was previously configured with the socket in /etc, that will still work. This commit was sponsored by Denis Dzyubenko on Patreon. 2016-12-20 20:01:10 +00:00			`addHiddenService "tor-annex" userid (fromUUID uuid)`
finish git-annex enable-tor Make it stash the address away for git-annex p2p to use later, rather than outputting it. And, look up the UUID itself. 2016-11-29 21:30:27 +00:00			`storeP2PAddress $ TorAnnex onionaddr onionport`
git-annex enable-tor command Tor unfortunately does not come out of the box configured to let hidden services register themselves on the fly via the ControlPort. And, changing the config to enable the ControlPort and a particular type of auth for it may break something already using the ControlPort, or lessen the security of the system. So, this leaves only one option to us: Add a hidden service to the torrc. git-annex enable-tor does so, and picks an unused high port for tor to listen on for connections to the hidden service. It's up to the caller to somehow pick a local port to listen on that won't be used by something else. That may be difficult to do.. This commit was sponsored by Jochen Bartl on Patreon. 2016-11-14 17:26:34 +00:00			`stop`