Make tor take advantage of dante

David Coppa Wed, 15 Sep 2010 04:50:54 -0700

Hi, 

Since we don't have tsocks in our tree (and iirc it's linux-only stuff), 
I've written the following patch to make the 'torify' command work 
out-of-the-box with 'socksify' (security/dante).


I find it useful. Comments? OKs?

Cheers, 
David


$ cat files/tor-socks.conf
route {
        from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 9050
        proxyprotocol: socks_v4
}


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/tor/Makefile,v
retrieving revision 1.45
diff -u -p -r1.45 Makefile
--- Makefile    20 Jun 2010 07:57:07 -0000      1.45
+++ Makefile    15 Sep 2010 11:28:53 -0000
@@ -3,6 +3,7 @@
 COMMENT=       anonymity service using onion routing
 
 DISTNAME=      tor-0.2.1.26
+REVISION=      0
 CATEGORIES=    net
 HOMEPAGE=      http://www.torproject.org/
 
@@ -24,5 +25,8 @@ DB_DIR=               /var/tor
 SUBST_VARS=    DB_DIR
 
 FAKE_FLAGS=    sysconfdir=${PREFIX}/share/examples
+
+post-extract:
+       @cp ${FILESDIR}/tor-socks.conf ${WRKSRC}/contrib/
 
 .include <bsd.port.mk>
Index: patches/patch-contrib_Makefile_in
===================================================================
RCS file: patches/patch-contrib_Makefile_in
diff -N patches/patch-contrib_Makefile_in
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-contrib_Makefile_in   15 Sep 2010 11:28:53 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+--- contrib/Makefile.in.orig   Wed Sep 15 12:05:05 2010
++++ contrib/Makefile.in        Wed Sep 15 12:05:17 2010
+@@ -186,8 +186,8 @@ top_srcdir = @top_srcdir@
+ SUBDIRS = osx suse
+ DIST_SUBDIRS = osx suse
+ confdir = $(sysconfdir)/tor
+-EXTRA_DIST = exitlist tor-tsocks.conf torify.1 tor.nsi.in tor.sh torctl 
rc.subr cross.sh tor-mingw.nsi.in package_nsis-mingw.sh tor.ico tor-ctrl.sh 
linux-tor-prio.sh tor-exit-notice.html
+-conf_DATA = tor-tsocks.conf
++EXTRA_DIST = exitlist tor-socks.conf torify.1 tor.nsi.in tor.sh torctl 
rc.subr cross.sh tor-mingw.nsi.in package_nsis-mingw.sh tor.ico tor-ctrl.sh 
linux-tor-prio.sh tor-exit-notice.html
++conf_DATA = tor-socks.conf
+ bin_SCRIPTS = torify
+ man_MANS = torify.1
+ all: all-recursive
Index: patches/patch-contrib_torify_1
===================================================================
RCS file: patches/patch-contrib_torify_1
diff -N patches/patch-contrib_torify_1
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-contrib_torify_1      15 Sep 2010 11:28:53 -0000
@@ -0,0 +1,38 @@
+$OpenBSD$
+--- contrib/torify.1.orig      Wed Sep 15 12:58:26 2010
++++ contrib/torify.1   Wed Sep 15 12:59:53 2010
+@@ -2,22 +2,22 @@
+ .\" manual page by Peter Palfrader
+ .SH NAME
+ .LP
+-torify \- wrapper for tsocks and tor
++torify \- wrapper for socksify and tor
+ 
+ .SH SYNOPSIS
+ \fBtorify\fP\ \fIapplication\fP\ [\fIapplication's\ arguments\fP]
+ 
+ .SH DESCRIPTION
+-\fBtorify\fR is a simple wrapper that calls tsocks with a tor specific
++\fBtorify\fR is a simple wrapper that calls socksify with a tor specific
+ configuration file.
+ 
+-tsocks itself is a wrapper between the tsocks library and the application
++socksify itself is a wrapper between the Dante library and the application
+ that you would like to run socksified.
+ 
+-Please note that since tsocks uses LD_PRELOAD, torify cannot be applied
++Please note that since socksify uses LD_PRELOAD, torify cannot be applied
+ to suid binaries.
+ 
+-You should also be aware that the way tsocks currently works only TCP
++You should also be aware that the way socksify currently works only TCP
+ connections are socksified.  Be aware that this will in most circumstances
+ not include hostname lookups which would still be routed through your
+ normal system resolver to your usual resolving nameservers.  The
+@@ -28,5 +28,4 @@ have further information on this subject.
+ .SH SEE ALSO
+ .BR tor (1),
+ .BR tor-resolve (1),
+-.BR tsocks (1),
+-.BR tsocks.conf (5).
++.BR socks.conf (5).
Index: patches/patch-contrib_torify_in
===================================================================
RCS file: patches/patch-contrib_torify_in
diff -N patches/patch-contrib_torify_in
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-contrib_torify_in     15 Sep 2010 11:28:53 -0000
@@ -0,0 +1,55 @@
+$OpenBSD$
+--- contrib/torify.in.orig     Wed Sep 15 12:21:24 2010
++++ contrib/torify.in  Wed Sep 15 12:25:48 2010
+@@ -1,19 +1,19 @@
+ #! /bin/sh
+ 
+-# Wrapper script for use of the tsocks(8) transparent socksification library
+-# See the tsocks(1) and torify(1) manpages.
++# Wrapper script for use of Dante transparent socksification library
++# See the socks.conf(5) and torify(1) manpages.
+ 
+ # Copyright (c) 2004, 2006 Peter Palfrader
+ # Modified by Jacob Appelbaum <ja...@appelbaum.net> April 16th 2006
+ # May be distributed under the same terms as Tor itself
+ 
+ 
+-# Define and ensure we have tsocks
++# Define and ensure we have socksify
+ # XXX: what if we don't have which?
+-TSOCKS="`which tsocks`"
+-if [ ! -x "$TSOCKS" ]
++SOCKSIFY="`which socksify`"
++if [ ! -x "$SOCKSIFY" ]
+ then
+-        echo "$0: Can't find tsocks in PATH. Perhaps you haven't installed 
it?" >&2
++        echo "$0: Can't find socksify in PATH. Perhaps you haven't installed 
it?" >&2
+         exit 1
+ fi
+ 
+@@ -29,17 +29,17 @@ then
+         exit 0
+ fi
+ 
+-# Define our tsocks config file
+-TSOCKS_CONF_FILE="@CONFDIR@/tor-tsocks.conf"
+-export TSOCKS_CONF_FILE
++# Define our socksify config file
++SOCKS_CONF="@CONFDIR@/tor-socks.conf"
++export SOCKS_CONF
+ 
+-# Check that we've got a tsocks config file
+-if [ -r "$TSOCKS_CONF_FILE" ]
++# Check that we've got a socksify config file
++if [ -r "$SOCKS_CONF" ]
+ then
+-      exec tsocks "$@"
+-      echo "$0: Failed to exec tsocks $@" >&2
++      exec socksify "$@"
++      echo "$0: Failed to exec socksify $@" >&2
+       exit 1
+ else
+-      echo "$0: Missing tsocks configuration file \"$TSOCKS_CONF_FILE\"." >&2
++      echo "$0: Missing socksify configuration file \"$SOCKS_CONF\"." >&2
+       exit 1
+ fi
Index: pkg/MESSAGE
===================================================================
RCS file: pkg/MESSAGE
diff -N pkg/MESSAGE
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ pkg/MESSAGE 15 Sep 2010 11:28:53 -0000
@@ -0,0 +1 @@
+To use the 'torify' command, install the 'security/dante' port.
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/tor/pkg/PLIST,v
retrieving revision 1.5
diff -u -p -r1.5 PLIST
--- pkg/PLIST   19 Sep 2008 21:51:00 -0000      1.5
+++ pkg/PLIST   15 Sep 2010 11:28:53 -0000
@@ -4,15 +4,15 @@
 @bin bin/tor
 @bin bin/tor-gencert
 @bin bin/tor-resolve
-...@comment bin/torify
+bin/torify
 @man man/man1/tor-gencert.1
 @man man/man1/tor-resolve.1
 @man man/man1/tor.1
-...@comment @man man/man1/torify.1
+...@man man/man1/torify.1
 share/examples/tor/
 @sample ${SYSCONFDIR}/tor/
-share/examples/tor/tor-tsocks.conf
-...@sample ${SYSCONFDIR}/tor/tor-tsocks.conf
+share/examples/tor/tor-socks.conf
+...@sample ${SYSCONFDIR}/tor/tor-socks.conf
 share/examples/tor/torrc.sample
 @sample ${SYSCONFDIR}/tor/torrc
 @mode 0700

Make tor take advantage of dante

Reply via email to