From 6ab84f60e983c82b06f15e956f9ebb4f806d71ef Mon Sep 17 00:00:00 2001 From: AntiTree Date: Sat, 2 Jul 2016 15:36:58 -0400 Subject: [PATCH 1/4] Modifying container to expose the client's control port. Password is "balls" --- docker-compose.yml | 1 + scripts/docker-entrypoint | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2d27e3c..62d56c2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -72,6 +72,7 @@ services: ports: # Setups a listener on host machine - "9050:9050" + - "9051:9051" volumes: - ./tor:/tor environment: diff --git a/scripts/docker-entrypoint b/scripts/docker-entrypoint index 7aba6b2..cfc7de2 100755 --- a/scripts/docker-entrypoint +++ b/scripts/docker-entrypoint @@ -13,7 +13,6 @@ if [ ! -e /tor-config-done ]; then touch /tor-config-done # only run this once # Set appropriate network information - # Add a Nickname, if none has been set in torrc if ! grep -q '^Nickname ' /etc/tor/torrc; then @@ -95,6 +94,12 @@ if [ ! -e /tor-config-done ]; then CLIENT) echo "Setting role to CLIENT" echo -e "SOCKSPort 0.0.0.0:9050" >> /etc/tor/torrc + echo -e "ControlPort 0.0.0.0:9051" >> /etc/tor/torrc + if [ -z "${TOR_CONTROL_PWD}" ]; then + TOR_CONTROL_PWD="16:AF6137F19DD86B89606B9007F1A2F82F8BEFB19D263DC878B7E1F5E260" + fi + echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc + #chown -Rv debian-tor:debian-tor ${TOR_DIR} sleep $FUDGE cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc From ac294636cc6e5c9374d0366cb13e2848074e7511 Mon Sep 17 00:00:00 2001 From: AntiTree Date: Sat, 2 Jul 2016 15:40:02 -0400 Subject: [PATCH 2/4] Modifying to support control port on the host --- util/control_port.py | 31 +++++++++++++++++++++++++++++++ util/get_consensus.py | 7 +++++++ util/read_consensus.py | 9 +++++++++ 3 files changed, 47 insertions(+) create mode 100644 util/control_port.py create mode 100644 util/get_consensus.py create mode 100644 util/read_consensus.py diff --git a/util/control_port.py b/util/control_port.py new file mode 100644 index 0000000..3fb5858 --- /dev/null +++ b/util/control_port.py @@ -0,0 +1,31 @@ +# Connects to the control port to test that the private network is working +import sys +import getpass +import stem.connection +import stem.socket + +try: + control_socket = stem.socket.ControlPort(port = 9051) +except stem.SocketError as exc: + print 'Unable to connect to port 9051 (%s)' % exc + sys.exit(1) + +try: + stem.connection.authenticate(control_socket) +except stem.connection.IncorrectSocketType: + print 'Please check in your torrc that 9051 is the ControlPort.' + print 'Maybe you configured it to be the ORPort or SocksPort instead?' + sys.exit(1) +except stem.connection.MissingPassword: + controller_password = getpass.getpass('Controller password: ') + + try: + stem.connection.authenticate_password(control_socket, controller_password) + except stem.connection.PasswordAuthFailed: + print 'Unable to authenticate, password is incorrect' + sys.exit(1) +except stem.connection.AuthenticationFailure as exc: + print 'Unable to authenticate: %s' % exc + sys.exit(1) + +print("Successfully authenticated") diff --git a/util/get_consensus.py b/util/get_consensus.py new file mode 100644 index 0000000..9b5b962 --- /dev/null +++ b/util/get_consensus.py @@ -0,0 +1,7 @@ +from stem.control import Controller + +with Controller.from_port(port = 9051) as controller: + controller.authenticate("balls") + + for desc in controller.get_network_statuses(): + print("found relay %s (%s)" % (desc.nickname, desc.fingerprint)) diff --git a/util/read_consensus.py b/util/read_consensus.py new file mode 100644 index 0000000..5d3399d --- /dev/null +++ b/util/read_consensus.py @@ -0,0 +1,9 @@ +from stem.descriptor import parse_file +import sys + +try: + path = sys.argv[1] + for desc in parse_file(path): + print('found relay %s (%s)' % (desc.nickname, desc.fingerprint)) +except IOError: + print("File not found. make sure you supply it with a cached consensus file location: %s" % path) From 3af351a03de52887f84bf781c579a79d65dbb4fd Mon Sep 17 00:00:00 2001 From: AntiTree Date: Sat, 2 Jul 2016 19:30:48 -0400 Subject: [PATCH 3/4] Fixing but that happens when a private tor node can't do a reverse lookup of the IP adding support for exposing the control port and working with arm cleaning up the docker-entry script --- Dockerfile | 2 +- scripts/docker-entrypoint | 38 ++++++++++++++------------------------ 2 files changed, 15 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index f692e3a..1bc8144 100644 --- a/Dockerfile +++ b/Dockerfile @@ -74,7 +74,7 @@ RUN mkdir ${TOR_DIR} # ORPort, DirPort, ObfsproxyPort # TODO make these match the env variables # TODO is this necessary anymore? -EXPOSE 9001 9030 54444 +EXPOSE 9001 9030 9051 ENTRYPOINT ["docker-entrypoint"] diff --git a/scripts/docker-entrypoint b/scripts/docker-entrypoint index cfc7de2..2cddabb 100755 --- a/scripts/docker-entrypoint +++ b/scripts/docker-entrypoint @@ -12,8 +12,6 @@ chown -Rv debian-tor:debian-tor ${TOR_DIR} if [ ! -e /tor-config-done ]; then touch /tor-config-done # only run this once - # Set appropriate network information - # Add a Nickname, if none has been set in torrc if ! grep -q '^Nickname ' /etc/tor/torrc; then if [ ${TOR_NICKNAME} == "Tor4" ]; then @@ -35,25 +33,27 @@ if [ ! -e /tor-config-done ]; then fi fi + # Host specific modifications to the torrc file echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc + TOR_IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') + echo "Address ${TOR_IP}" >> /etc/tor/torrc + echo -e "ControlPort 0.0.0.0:9051" >> /etc/tor/torrc + if [ -z "${TOR_CONTROL_PWD}" ]; then + TOR_CONTROL_PWD="16:AF6137F19DD86B89606B9007F1A2F82F8BEFB19D263DC878B7E1F5E260" + fi + echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc + + # Changes to the torrc file based on the desired role case ${ROLE} in DA) echo "Setting role to DA" cat /etc/tor/torrc.da >> /etc/tor/torrc - #if [ -n "${TOR_ORPORT}" ]; then - # TOR_ORPORT=${TOR_ORPORT} - #else - # TOR_ORPORT=7000 - #fi echo -e "OrPort ${TOR_ORPORT}" >> /etc/tor/torrc echo -e "Dirport ${TOR_DIRPORT}" >> /etc/tor/torrc - #echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc KEYPATH=${TOR_DIR}/${TOR_NICKNAME}/keys mkdir -p ${KEYPATH} - TOR_IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') - echo "Address ${TOR_IP}" >> /etc/tor/torrc chown -Rv debian-tor:debian-tor ${TOR_DIR} echo "password" | tor-gencert --create-identity-key -m 12 -a ${TOR_IP}:${TOR_DIRPORT} \ -i ${KEYPATH}/authority_identity_key \ @@ -67,41 +67,28 @@ if [ ! -e /tor-config-done ]; then echo "Saving DA fingerprint to shared path" da_fingerprint >> ${TOR_DIR}/torrc.da echo "Waiting for other DA's to come up..." - sleep $FUDGE cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc ;; RELAY) echo "Setting role to RELAY" echo -e "OrPort ${TOR_ORPORT}" >> /etc/tor/torrc echo -e "Dirport ${TOR_DIRPORT}" >> /etc/tor/torrc - #echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc - echo -e "ExitPolicy accept 172.18.0.0/16:*" >> /etc/tor/torrc + echo -e "ExitPolicy accept private:*" >> /etc/tor/torrc echo "Waiting for other DA's to come up..." - sleep $FUDGE cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc ;; EXIT) echo "Setting role to EXIT" echo -e "OrPort ${TOR_ORPORT}" >> /etc/tor/torrc echo -e "Dirport ${TOR_DIRPORT}" >> /etc/tor/torrc - #echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc echo "Waiting for other DA's to come up..." - sleep $FUDGE cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc ;; CLIENT) echo "Setting role to CLIENT" echo -e "SOCKSPort 0.0.0.0:9050" >> /etc/tor/torrc - echo -e "ControlPort 0.0.0.0:9051" >> /etc/tor/torrc - if [ -z "${TOR_CONTROL_PWD}" ]; then - TOR_CONTROL_PWD="16:AF6137F19DD86B89606B9007F1A2F82F8BEFB19D263DC878B7E1F5E260" - fi - echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc - - #chown -Rv debian-tor:debian-tor ${TOR_DIR} - sleep $FUDGE cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc ;; *) @@ -110,6 +97,9 @@ if [ ! -e /tor-config-done ]; then ;; esac + # Buffer to let the directory authority list be built + sleep $FUDGE + fi echo -e "\n========================================================" From 136dd2f129ab2e0d2535a35f4670a2915ee04d12 Mon Sep 17 00:00:00 2001 From: AntiTree Date: Sat, 2 Jul 2016 19:33:18 -0400 Subject: [PATCH 4/4] testing data collection using stem --- util/control_port.py | 57 ++++++++++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 23 deletions(-) diff --git a/util/control_port.py b/util/control_port.py index 3fb5858..8d5b921 100644 --- a/util/control_port.py +++ b/util/control_port.py @@ -1,31 +1,42 @@ # Connects to the control port to test that the private network is working -import sys import getpass +import sys + +import stem import stem.connection -import stem.socket -try: - control_socket = stem.socket.ControlPort(port = 9051) -except stem.SocketError as exc: - print 'Unable to connect to port 9051 (%s)' % exc - sys.exit(1) +from stem.control import Controller -try: - stem.connection.authenticate(control_socket) -except stem.connection.IncorrectSocketType: - print 'Please check in your torrc that 9051 is the ControlPort.' - print 'Maybe you configured it to be the ORPort or SocksPort instead?' - sys.exit(1) -except stem.connection.MissingPassword: - controller_password = getpass.getpass('Controller password: ') +if __name__ == '__main__': + try: + controller = Controller.from_port() + except stem.SocketError as exc: + print("Unable to connect to tor on port 9051: %s" % exc) + sys.exit(1) try: - stem.connection.authenticate_password(control_socket, controller_password) - except stem.connection.PasswordAuthFailed: - print 'Unable to authenticate, password is incorrect' - sys.exit(1) -except stem.connection.AuthenticationFailure as exc: - print 'Unable to authenticate: %s' % exc - sys.exit(1) + controller.authenticate() + except stem.connection.MissingPassword: + pw = getpass.getpass("Controller password: ") -print("Successfully authenticated") + try: + controller.authenticate(password = pw) + except stem.connection.PasswordAuthFailed: + print("Unable to authenticate, password is incorrect") + sys.exit(1) + except stem.connection.AuthenticationFailure as exc: + print("Unable to authenticate: %s" % exc) + sys.exit(1) + + print("List of DAs found:") + for desc in controller.get_network_statuses(): + print("found relay %s (%s)" % (desc.nickname, desc.address)) + + print("List of Relays Found:") + for desc in controller.get_microdescriptors(): + print("found relay %s (%s)" % (desc.identifier, desc.or_addresses)) + + + + print("Tor is running version %s" % controller.get_version()) + controller.close()