diff --git a/Dockerfile b/Dockerfile index f692e3a..1bc8144 100644 --- a/Dockerfile +++ b/Dockerfile @@ -74,7 +74,7 @@ RUN mkdir ${TOR_DIR} # ORPort, DirPort, ObfsproxyPort # TODO make these match the env variables # TODO is this necessary anymore? -EXPOSE 9001 9030 54444 +EXPOSE 9001 9030 9051 ENTRYPOINT ["docker-entrypoint"] diff --git a/docker-compose.yml b/docker-compose.yml index 2d27e3c..62d56c2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -72,6 +72,7 @@ services: ports: # Setups a listener on host machine - "9050:9050" + - "9051:9051" volumes: - ./tor:/tor environment: diff --git a/scripts/docker-entrypoint b/scripts/docker-entrypoint index 7aba6b2..2cddabb 100755 --- a/scripts/docker-entrypoint +++ b/scripts/docker-entrypoint @@ -12,9 +12,6 @@ chown -Rv debian-tor:debian-tor ${TOR_DIR} if [ ! -e /tor-config-done ]; then touch /tor-config-done # only run this once - # Set appropriate network information - - # Add a Nickname, if none has been set in torrc if ! grep -q '^Nickname ' /etc/tor/torrc; then if [ ${TOR_NICKNAME} == "Tor4" ]; then @@ -36,25 +33,27 @@ if [ ! -e /tor-config-done ]; then fi fi + # Host specific modifications to the torrc file echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc + TOR_IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') + echo "Address ${TOR_IP}" >> /etc/tor/torrc + echo -e "ControlPort 0.0.0.0:9051" >> /etc/tor/torrc + if [ -z "${TOR_CONTROL_PWD}" ]; then + TOR_CONTROL_PWD="16:AF6137F19DD86B89606B9007F1A2F82F8BEFB19D263DC878B7E1F5E260" + fi + echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc + + # Changes to the torrc file based on the desired role case ${ROLE} in DA) echo "Setting role to DA" cat /etc/tor/torrc.da >> /etc/tor/torrc - #if [ -n "${TOR_ORPORT}" ]; then - # TOR_ORPORT=${TOR_ORPORT} - #else - # TOR_ORPORT=7000 - #fi echo -e "OrPort ${TOR_ORPORT}" >> /etc/tor/torrc echo -e "Dirport ${TOR_DIRPORT}" >> /etc/tor/torrc - #echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc KEYPATH=${TOR_DIR}/${TOR_NICKNAME}/keys mkdir -p ${KEYPATH} - TOR_IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') - echo "Address ${TOR_IP}" >> /etc/tor/torrc chown -Rv debian-tor:debian-tor ${TOR_DIR} echo "password" | tor-gencert --create-identity-key -m 12 -a ${TOR_IP}:${TOR_DIRPORT} \ -i ${KEYPATH}/authority_identity_key \ @@ -68,35 +67,28 @@ if [ ! -e /tor-config-done ]; then echo "Saving DA fingerprint to shared path" da_fingerprint >> ${TOR_DIR}/torrc.da echo "Waiting for other DA's to come up..." - sleep $FUDGE cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc ;; RELAY) echo "Setting role to RELAY" echo -e "OrPort ${TOR_ORPORT}" >> /etc/tor/torrc echo -e "Dirport ${TOR_DIRPORT}" >> /etc/tor/torrc - #echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc - echo -e "ExitPolicy accept 172.18.0.0/16:*" >> /etc/tor/torrc + echo -e "ExitPolicy accept private:*" >> /etc/tor/torrc echo "Waiting for other DA's to come up..." - sleep $FUDGE cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc ;; EXIT) echo "Setting role to EXIT" echo -e "OrPort ${TOR_ORPORT}" >> /etc/tor/torrc echo -e "Dirport ${TOR_DIRPORT}" >> /etc/tor/torrc - #echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc echo "Waiting for other DA's to come up..." - sleep $FUDGE cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc ;; CLIENT) echo "Setting role to CLIENT" echo -e "SOCKSPort 0.0.0.0:9050" >> /etc/tor/torrc - #chown -Rv debian-tor:debian-tor ${TOR_DIR} - sleep $FUDGE cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc ;; *) @@ -105,6 +97,9 @@ if [ ! -e /tor-config-done ]; then ;; esac + # Buffer to let the directory authority list be built + sleep $FUDGE + fi echo -e "\n========================================================" diff --git a/util/control_port.py b/util/control_port.py new file mode 100644 index 0000000..8d5b921 --- /dev/null +++ b/util/control_port.py @@ -0,0 +1,42 @@ +# Connects to the control port to test that the private network is working +import getpass +import sys + +import stem +import stem.connection + +from stem.control import Controller + +if __name__ == '__main__': + try: + controller = Controller.from_port() + except stem.SocketError as exc: + print("Unable to connect to tor on port 9051: %s" % exc) + sys.exit(1) + + try: + controller.authenticate() + except stem.connection.MissingPassword: + pw = getpass.getpass("Controller password: ") + + try: + controller.authenticate(password = pw) + except stem.connection.PasswordAuthFailed: + print("Unable to authenticate, password is incorrect") + sys.exit(1) + except stem.connection.AuthenticationFailure as exc: + print("Unable to authenticate: %s" % exc) + sys.exit(1) + + print("List of DAs found:") + for desc in controller.get_network_statuses(): + print("found relay %s (%s)" % (desc.nickname, desc.address)) + + print("List of Relays Found:") + for desc in controller.get_microdescriptors(): + print("found relay %s (%s)" % (desc.identifier, desc.or_addresses)) + + + + print("Tor is running version %s" % controller.get_version()) + controller.close() diff --git a/util/get_consensus.py b/util/get_consensus.py new file mode 100644 index 0000000..9b5b962 --- /dev/null +++ b/util/get_consensus.py @@ -0,0 +1,7 @@ +from stem.control import Controller + +with Controller.from_port(port = 9051) as controller: + controller.authenticate("balls") + + for desc in controller.get_network_statuses(): + print("found relay %s (%s)" % (desc.nickname, desc.fingerprint)) diff --git a/util/read_consensus.py b/util/read_consensus.py new file mode 100644 index 0000000..5d3399d --- /dev/null +++ b/util/read_consensus.py @@ -0,0 +1,9 @@ +from stem.descriptor import parse_file +import sys + +try: + path = sys.argv[1] + for desc in parse_file(path): + print('found relay %s (%s)' % (desc.nickname, desc.fingerprint)) +except IOError: + print("File not found. make sure you supply it with a cached consensus file location: %s" % path)