fix control-port-filter-python config to rewrite HS_DESC replies by Tor for onionshare support

Information

ID: 574
PHID: PHID-TASK-hgswcrol7ub2gojda5th
Author: Patrick
Status at Migration Time: resolved
Priority at Migration Time: Normal

Description

/etc/tor-controlport-filter.d/whonix.yml

---
- match-exe-paths:
    - '*'
  match-users:
    - '*'
  match-hosts:
    - '*'
  commands:
    SIGNAL:
      - 'NEWNYM'
    GETINFO:
      - 'circuit-established'
      - 'status/circuit-established'
      - pattern: 'net/listeners/socks'
        response:
        - pattern:     '250-net/listeners/socks=".*"'
          replacement: '250-net/listeners/socks="127.0.0.1:9150"'
      - 'version'
      - 'onions/current'
    ADD_ONION:
      - pattern:     'NEW:BEST Port=80,(176[0-5][0-9])'
        replacement: 'NEW:BEST Port=80,{client-address}:{} Flags=DiscardPK'
    DEL_ONION:
      - '.+'
  confs:
    __owningcontrollerprocess:
  events:
    SIGNAL:
      suppress: true
    CONF_CHANGED:
      suppress: true
    HS_DESC:
      - pattern:     '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
        replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
      - pattern:     '650 HS_DESC UPLOAD (\S+) (\S+) .*'
        replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
      - pattern:     '650 HS_DESC UPLOADED (\S+) (\S+) .+'
        replacement: '650 HS_DESC UPLOADED {} {} redacted'
      - pattern:     '.*'
        replacement: ''

./tor-controlport-filter --listen-address 0.0.0.0 --debug
Tor control port filter started, listening on 0.0.0.0:9051
10.137.11.80:51904 (filter: whonix) connected: loaded filter: whonix
Final rules:
commands:
  ADD_ONION:
  - {pattern: 'NEW:BEST Port=80,(176[0-5][0-9])', replacement: 'NEW:BEST
Port=80,{client-address}:{}
      Flags=DiscardPK'}
  DEL_ONION:
  - {pattern: .+}
  GETCONF:
  - {pattern: (__owningcontrollerprocess)}
  GETINFO:
  - {pattern: circuit-established}
  - {pattern: status/circuit-established}
  - pattern: net/listeners/socks
    response:
    - {pattern: 250-net/listeners/socks=".*", replacement:
'250-net/listeners/socks="127.0.0.1:9150"'}
  - {pattern: version}
  - {pattern: onions/current}
  SIGNAL:
  - {pattern: NEWNYM}
events:
  CONF_CHANGED: {suppress: true}
  HS_DESC:
  - {pattern: 650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+),
replacement: '650 HS_DESC
      CREATED {} {} {} redacted {}'}
  - {pattern: 650 HS_DESC UPLOAD (\S+) (\S+) .*, replacement: '650
HS_DESC UPLOAD
      {} {} redacted redacted'}
  - {pattern: 650 HS_DESC UPLOADED (\S+) (\S+) .+, replacement: '650
HS_DESC UPLOADED
      {} {} redacted'}
  - {pattern: .*, replacement: ''}
  SIGNAL: {suppress: true}
restrict-stream-events: false

10.137.11.80:51904 (filter: whonix): -> PROTOCOLINFO 1
10.137.11.80:51904 (filter: whonix): <- 250-PROTOCOLINFO 1
10.137.11.80:51904 (filter: whonix): <- 250-AUTH METHODS=NULL
10.137.11.80:51904 (filter: whonix): <- 250-VERSION Tor="0.2.8.9
(git-cabd4ef300c6b3d6)"
10.137.11.80:51904 (filter: whonix): <- 250 OK
10.137.11.80:51904 (filter: whonix): -> AUTHENTICATE
10.137.11.80:51904 (filter: whonix): <- 250 OK
10.137.11.80:51904 (filter: whonix): -> SETEVENTS SIGNAL CONF_CHANGED
10.137.11.80:51904 (filter: whonix): suppressed subscription to event
'SIGNAL'
10.137.11.80:51904 (filter: whonix): suppressed subscription to event
'CONF_CHANGED'
10.137.11.80:51904 (filter: whonix): <- 250 OK
10.137.11.80:51904 (filter: whonix): -> GETCONF __owningcontrollerprocess
10.137.11.80:51904 (filter: whonix): <- 250 __OwningControllerProcess
10.137.11.80:51904 (filter: whonix): -> GETINFO version
10.137.11.80:51904 (filter: whonix): <- (multi-line)
    250-version=0.2.8.9 (git-cabd4ef300c6b3d6)
    250 OK
10.137.11.80:51904 (filter: whonix): -> SETEVENTS HS_DESC SIGNAL
CONF_CHANGED
10.137.11.80:51904 (filter: whonix) disconnected: client quit
----------------------------------------
Exception happened during processing of request from ('10.137.11.80', 51904)
Traceback (most recent call last):
  File "/usr/lib/python3.4/socketserver.py", line 613, in
process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python3.4/socketserver.py", line 344, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python3.4/socketserver.py", line 669, in __init__
    self.handle()
  File "./tor-controlport-filter", line 574, in handle
    restrict_stream_events
  File "./tor-controlport-filter", line 456, in handle_controlport_session
    update_event_subscriptions(events)
  File "./tor-controlport-filter", line 393, in update_event_subscriptions
    if not rule.get('suppress', False) or \
AttributeError: 'list' object has no attribute 'get'
----------------------------------------

related code:

    def rewrite_line(replacers, line):
        builtin_replacers = {
            'client-address': client_address[0],
            'client-port':    str(client_address[1]),
            'server-address': server_address[0],
            'server-port':    str(server_address[1]),
        }
        terminator = ''
        if line[-2:] == "\r\n":
            terminator = "\r\n"
            line = line[:-2]
        for r in replacers:
            match = re.match(r['pattern'] + "$", line)
            if match:
                return r['replacement'].format(
                    *match.groups(), **builtin_replacers
                ) + terminator
        raise NoRewriteMatch()

Bug reported here and waiting for reply from anonym:
https://mailman.boum.org/pipermail/tails-dev/2016-November/011053.html

Comments

Patrick

2016-12-16 16:03:51 UTC

Patrick

2016-12-13 23:36:38 UTC