You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
247 lines
9.5 KiB
247 lines
9.5 KiB
7 years ago
|
From 97a2d923dff32397c9df5adb95ecb84bcd95d83d Mon Sep 17 00:00:00 2001
|
||
|
From: Brian Dolbec <dolsen@gentoo.org>
|
||
|
Date: Tue, 19 Sep 2017 17:44:08 -0700
|
||
|
Subject: [PATCH] Revert "Add built-in Tor services and connection support"
|
||
|
|
||
|
This reverts commit f75db17642845f46bebd2f6f1d6a092974b9b390.
|
||
|
---
|
||
|
crossbar/common/checkconfig.py | 60 +--------------
|
||
|
crossbar/twisted/endpoint.py | 83 +--------------------
|
||
|
.../router/transport/Transport-Endpoints.md | 85 +---------------------
|
||
|
requirements-dev.txt | 1 -
|
||
|
requirements-min.txt | 1 -
|
||
|
5 files changed, 4 insertions(+), 226 deletions(-)
|
||
|
|
||
|
diff --git a/crossbar/common/checkconfig.py b/crossbar/common/checkconfig.py
|
||
|
index a8e84d45..1f5d9c91 100644
|
||
|
--- a/crossbar/common/checkconfig.py
|
||
|
+++ b/crossbar/common/checkconfig.py
|
||
|
@@ -867,31 +867,6 @@ def check_listening_endpoint_twisted(endpoint):
|
||
|
# should/can we ask Twisted to parse it easily?
|
||
|
|
||
|
|
||
|
-def check_listening_endpoint_onion(endpoint):
|
||
|
- """
|
||
|
- :param endpoint: The onion endpoint
|
||
|
- :type endpoint: dict
|
||
|
- """
|
||
|
- for k in endpoint:
|
||
|
- if k not in ['type', 'port', 'private_key_file', 'tor_control_endpoint']:
|
||
|
- raise InvalidConfigException(
|
||
|
- "encountered unknown attribute '{}' in onion endpoint".format(k)
|
||
|
- )
|
||
|
-
|
||
|
- check_dict_args(
|
||
|
- {
|
||
|
- u"type": (True, [six.text_type]),
|
||
|
- u"port": (True, [int, long]),
|
||
|
- u"private_key_file": (True, [six.text_type]),
|
||
|
- u"tor_control_endpoint": (True, [Mapping])
|
||
|
- },
|
||
|
- endpoint,
|
||
|
- "onion endpoint config",
|
||
|
- )
|
||
|
-
|
||
|
- check_connecting_endpoint(endpoint[u"tor_control_endpoint"])
|
||
|
-
|
||
|
-
|
||
|
def check_connecting_endpoint_tcp(endpoint):
|
||
|
"""
|
||
|
Check a TCP connecting endpoint configuration.
|
||
|
@@ -978,33 +953,6 @@ def check_connecting_endpoint_twisted(endpoint):
|
||
|
check_endpoint_timeout(endpoint['timeout'])
|
||
|
|
||
|
|
||
|
-def check_connecting_endpoint_tor(endpoint):
|
||
|
- """
|
||
|
- :param endpoint: The Tor connecting endpoint to check.
|
||
|
- :type endpoint: dict
|
||
|
- """
|
||
|
- for k in endpoint:
|
||
|
- if k not in ['type', 'host', 'port', 'tor_socks_port', 'tls']:
|
||
|
- raise InvalidConfigException(
|
||
|
- "encountered unknown attribute '{}' in connecting endpoint".format(k)
|
||
|
- )
|
||
|
-
|
||
|
- if 'host' not in endpoint:
|
||
|
- raise InvalidConfigException("missing mandatory attribute 'host' in connecting endpoint item\n\n{}".format(pformat(endpoint)))
|
||
|
-
|
||
|
- if 'port' not in endpoint:
|
||
|
- raise InvalidConfigException("missing mandatory attribute 'port' in connecting endpoint item\n\n{}".format(pformat(endpoint)))
|
||
|
-
|
||
|
- if 'tor_socks_port' not in endpoint:
|
||
|
- raise InvalidConfigException("missing mandatory attribute 'tor_socks_port' in connecting endpoint item\n\n{}".format(pformat(endpoint)))
|
||
|
-
|
||
|
- check_endpoint_port(endpoint['port'])
|
||
|
- check_endpoint_port(endpoint['tor_socks_port'])
|
||
|
-
|
||
|
- if 'tls' in endpoint:
|
||
|
- check_connecting_endpoint_tls(endpoint['tls'])
|
||
|
-
|
||
|
-
|
||
|
def check_listening_endpoint(endpoint):
|
||
|
"""
|
||
|
Check a listening endpoint configuration.
|
||
|
@@ -1022,7 +970,7 @@ def check_listening_endpoint(endpoint):
|
||
|
raise InvalidConfigException("missing mandatory attribute 'type' in endpoint item\n\n{}".format(pformat(endpoint)))
|
||
|
|
||
|
etype = endpoint['type']
|
||
|
- if etype not in ['tcp', 'unix', 'twisted', 'onion']:
|
||
|
+ if etype not in ['tcp', 'unix', 'twisted']:
|
||
|
raise InvalidConfigException("invalid attribute value '{}' for attribute 'type' in endpoint item\n\n{}".format(etype, pformat(endpoint)))
|
||
|
|
||
|
if etype == 'tcp':
|
||
|
@@ -1031,8 +979,6 @@ def check_listening_endpoint(endpoint):
|
||
|
check_listening_endpoint_unix(endpoint)
|
||
|
elif etype == 'twisted':
|
||
|
check_listening_endpoint_twisted(endpoint)
|
||
|
- elif etype == 'onion':
|
||
|
- check_listening_endpoint_onion(endpoint)
|
||
|
else:
|
||
|
raise InvalidConfigException('logic error')
|
||
|
|
||
|
@@ -1054,7 +1000,7 @@ def check_connecting_endpoint(endpoint):
|
||
|
raise InvalidConfigException("missing mandatory attribute 'type' in endpoint item\n\n{}".format(pformat(endpoint)))
|
||
|
|
||
|
etype = endpoint['type']
|
||
|
- if etype not in ['tcp', 'unix', 'twisted', 'tor']:
|
||
|
+ if etype not in ['tcp', 'unix', 'twisted']:
|
||
|
raise InvalidConfigException("invalid attribute value '{}' for attribute 'type' in endpoint item\n\n{}".format(etype, pformat(endpoint)))
|
||
|
|
||
|
if etype == 'tcp':
|
||
|
@@ -1063,8 +1009,6 @@ def check_connecting_endpoint(endpoint):
|
||
|
check_connecting_endpoint_unix(endpoint)
|
||
|
elif etype == 'twisted':
|
||
|
check_connecting_endpoint_twisted(endpoint)
|
||
|
- elif etype == 'tor':
|
||
|
- check_connecting_endpoint_tor(endpoint)
|
||
|
else:
|
||
|
raise InvalidConfigException('logic error')
|
||
|
|
||
|
diff --git a/crossbar/twisted/endpoint.py b/crossbar/twisted/endpoint.py
|
||
|
index 483e5a39..251bfa5c 100644
|
||
|
--- a/crossbar/twisted/endpoint.py
|
||
|
+++ b/crossbar/twisted/endpoint.py
|
||
|
@@ -33,7 +33,7 @@ from __future__ import absolute_import, division
|
||
|
import six
|
||
|
import os
|
||
|
from os import environ
|
||
|
-from os.path import join, abspath, isabs, exists
|
||
|
+from os.path import join, abspath
|
||
|
|
||
|
from twisted.internet import defer
|
||
|
from twisted.internet._sslverify import OpenSSLCertificateAuthorities
|
||
|
@@ -48,11 +48,7 @@ from twisted.internet.endpoints import TCP4ServerEndpoint, \
|
||
|
UNIXClientEndpoint, \
|
||
|
serverFromString, \
|
||
|
clientFromString
|
||
|
-from twisted.internet.interfaces import IStreamServerEndpoint
|
||
|
from twisted.python.filepath import FilePath
|
||
|
-from zope.interface import implementer
|
||
|
-
|
||
|
-import txtorcon
|
||
|
|
||
|
from crossbar.twisted.sharedport import SharedPort, SharedTLSPort
|
||
|
|
||
|
@@ -318,12 +314,6 @@ def _create_tls_client_context(config, cbdir, log):
|
||
|
return ctx
|
||
|
|
||
|
|
||
|
-def _ensure_absolute(fname, cbdir):
|
||
|
- if isabs(fname):
|
||
|
- return fname
|
||
|
- return abspath(join(cbdir, fname))
|
||
|
-
|
||
|
-
|
||
|
def create_listening_endpoint_from_config(config, cbdir, reactor, log):
|
||
|
"""
|
||
|
Create a Twisted stream server endpoint from a Crossbar.io transport configuration.
|
||
|
@@ -431,59 +421,6 @@ def create_listening_endpoint_from_config(config, cbdir, reactor, log):
|
||
|
elif config['type'] == 'twisted':
|
||
|
endpoint = serverFromString(reactor, config['server_string'])
|
||
|
|
||
|
- # tor endpoint
|
||
|
- elif config['type'] == 'onion': # or "tor"? r "tor_onion"?
|
||
|
- port = config['port']
|
||
|
- private_key_fname = _ensure_absolute(config[u'private_key_file'], cbdir)
|
||
|
- tor_control_ep = create_connecting_endpoint_from_config(
|
||
|
- config[u'tor_control_endpoint'], cbdir, reactor, log
|
||
|
- )
|
||
|
-
|
||
|
- try:
|
||
|
- with open(private_key_fname, 'r') as f:
|
||
|
- private_key = f.read().strip()
|
||
|
- except (IOError, OSError):
|
||
|
- private_key = None
|
||
|
-
|
||
|
- @implementer(IStreamServerEndpoint)
|
||
|
- class _EphemeralOnion(object):
|
||
|
-
|
||
|
- @defer.inlineCallbacks
|
||
|
- def listen(self, proto_factory):
|
||
|
- # we don't care which local TCP port we listen on, but
|
||
|
- # we do need to know it
|
||
|
- local_ep = TCP4ServerEndpoint(reactor, 0, interface=u"127.0.0.1")
|
||
|
- target_port = yield local_ep.listen(proto_factory)
|
||
|
- tor = yield txtorcon.connect(
|
||
|
- reactor,
|
||
|
- tor_control_ep,
|
||
|
- )
|
||
|
-
|
||
|
- # create and add the service
|
||
|
- hs = txtorcon.EphemeralHiddenService(
|
||
|
- ports=["{} 127.0.0.1:{}".format(port, target_port.getHost().port)],
|
||
|
- key_blob_or_type=private_key if private_key else "NEW:BEST",
|
||
|
- )
|
||
|
- log.info("Uploading descriptors can take more than 30s")
|
||
|
- yield hs.add_to_tor(tor.protocol)
|
||
|
-
|
||
|
- # if it's new, store our private key
|
||
|
- # XXX better "if private_key is None"?
|
||
|
- if not exists(private_key_fname):
|
||
|
- with open(private_key_fname, 'w') as f:
|
||
|
- f.write(hs.private_key)
|
||
|
- log.info("Wrote private key to '{fname}'", fname=private_key_fname)
|
||
|
-
|
||
|
- addr = txtorcon.TorOnionAddress(hs.hostname, port)
|
||
|
- log.info(
|
||
|
- "Listening on Tor onion service {addr.onion_uri}:{addr.onion_port}"
|
||
|
- " with local port {local_port}",
|
||
|
- addr=addr,
|
||
|
- local_port=target_port.getHost().port,
|
||
|
- )
|
||
|
- defer.returnValue(addr)
|
||
|
- endpoint = _EphemeralOnion()
|
||
|
-
|
||
|
else:
|
||
|
raise Exception("invalid endpoint type '{}'".format(config['type']))
|
||
|
|
||
|
@@ -656,24 +593,6 @@ def create_connecting_endpoint_from_config(config, cbdir, reactor, log):
|
||
|
elif config['type'] == 'twisted':
|
||
|
endpoint = clientFromString(reactor, config['client_string'])
|
||
|
|
||
|
- elif config['type'] == 'tor':
|
||
|
- host = config['host']
|
||
|
- port = config['port']
|
||
|
- socks_port = config['tor_socks_port']
|
||
|
- tls = config.get('tls', False)
|
||
|
- if not tls and not host.endswith(u'.onion'):
|
||
|
- log.warn("Non-TLS connection traversing Tor network; end-to-end encryption advised")
|
||
|
-
|
||
|
- socks_endpoint = TCP4ClientEndpoint(
|
||
|
- reactor, "127.0.0.1", socks_port,
|
||
|
- )
|
||
|
- endpoint = txtorcon.TorClientEndpoint(
|
||
|
- host, port,
|
||
|
- socks_endpoint=socks_endpoint,
|
||
|
- reactor=reactor,
|
||
|
- use_tls=tls,
|
||
|
- )
|
||
|
-
|
||
|
else:
|
||
|
raise Exception("invalid endpoint type '{}'".format(config['type']))
|
||
|
|
||
|
--
|
||
|
2.14.1
|
||
|
|