743 lines
20 KiB
Bash
Executable File
743 lines
20 KiB
Bash
Executable File
#!/bin/bash
|
|
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
|
|
|
PREFIX=/usr/local
|
|
ROLE=proxy
|
|
prog=$( basename $0 .bash )
|
|
export PATH=$PATH:$PREFIX/sbin:$PREFIX/bin
|
|
. $PREFIX/bin/usr_local_tput.bash
|
|
|
|
PL=$PREFIX/bin/proxy_libvirt_lib.bash
|
|
|
|
# . $PREFIX/sbin/proxy_whonix_lib.bash || { echo ERROR: loading $PREFIX/sbin/proxy_whonix_lib.bash ; exit 2; }
|
|
. $PREFIX/bin/proxy_ping_lib.bash || \
|
|
{ echo ERROR: loading $PREFIX/bin/proxy_ping_lib.bash ; exit 2; }
|
|
base=proxy_whonix_lib
|
|
|
|
starbucks_torrc () {
|
|
ip=`ifconfig $wlan7 | grep -v '127.0.0.1\|grep' | grep inet.*broadcast| sed -e 's/.*inet //' -e 's/ .*//'`
|
|
[ $? -eq 0 ] || { echo ERROR: starbucks_torrc ifconfig $wlan7 ; return 7 ; }
|
|
[ -z "$ip" ] && return 0
|
|
for file in /etc/tor/torrc /etc/tor/torrc-default ; do
|
|
grep -q "^SocksPolicy accept " /etc/tor/torrc || continue
|
|
grep -q "^SocksPolicy accept $ip$" /etc/tor/torrc && continue
|
|
sed -e "s@^SocksPolicy accept [^/]*\$@SocksPolicy accept $ip@" \
|
|
-i $file
|
|
done
|
|
return
|
|
}
|
|
|
|
starbucks_set () {
|
|
|
|
if [ -f /etc/init.d/network-manager ] ; then
|
|
NetworkManager=network-manager
|
|
elif [ -f /etc/init.d/NetworkManager ] ; then
|
|
NetworkManager=NetworkManager
|
|
elif [ -f /lib/systemd/system/NetworkManager ] ; then
|
|
NetworkManager=NetworkManager
|
|
else
|
|
NetworkManager=network-manager
|
|
fi
|
|
mgr=$NetworkManager
|
|
mgr=wicd
|
|
|
|
[ -x /mnt/linuxBack52/usr/bin/macchanger ] && \
|
|
macchanger=/mnt/linuxBack52/usr/bin/macchanger || \
|
|
macchanger=macchanger
|
|
|
|
# may be empty wlan7
|
|
# ifconfig wlan7 2>/dev/null && wlan7=wlan7 || wlan7=wlp3s0
|
|
if [ -z "$wlan7" ] ; then
|
|
echo ERROR: null wlan7 ;exit 1
|
|
fi
|
|
INFO starbucks_set wlan7=$wlan7 mgr=$mgr macchanger=$macchanger
|
|
|
|
if [ -z "$wlan7" ] ; then
|
|
rmmod iwlmvm iwlwifi 2>/dev/null >/dev/null &
|
|
rmmod ath9k_htc ath9k_common ath9k_hw ath 2>/dev/null >/dev/null &
|
|
|
|
elif [ $wlan7 = wlan4 ] ; then
|
|
rmmod iwlmvm iwlwifi 2>/dev/null >/dev/null &
|
|
elif [ $wlan7 = wlan6 -o $wlan7 = wlan7 ] ; then
|
|
rmmod ath9k_htc ath9k_common ath9k_hw ath 2>/dev/null >/dev/null &
|
|
fi
|
|
sleep 5
|
|
|
|
return 0
|
|
}
|
|
|
|
starbucks_ip () {
|
|
local wlan7
|
|
[ $# -eq 0 -o -z "$1" ] && return 1
|
|
wlan7=$1
|
|
base_wlan_modules_unload $wlan7 || return 1$?
|
|
base_wlan_modules_load $wlan7 || return 2$?
|
|
|
|
cd /etc
|
|
grep -l 'wlan[0-9]' * */* 2>/dev/null|grep -v ~$|xargs sed -e "s/wlan[0-9]/$wlan7/g" -i
|
|
|
|
local_rc_service dbus start;local_rc_service wicd start
|
|
return 0
|
|
}
|
|
|
|
starbucks_start_services () {
|
|
[ -z "$MODE" ] && echo ERROR: $0 unknown MODE && return 2
|
|
$PREFIX/sbin/proxy_whonix_host.bash start || return 3$?
|
|
# $PREFIX/sbin/proxy_whonix_host.bash proxy_whonix_host_start $MODE || return 5$?
|
|
[ "$MODE" != tor ] || starbucks_torrc || return 5$?
|
|
return 0
|
|
}
|
|
|
|
starbucks_stop () {
|
|
[ "$#" -eq 0 ] && set -- stop
|
|
starbucks_restart stop
|
|
}
|
|
|
|
# old tor only
|
|
starbucks_restart () {
|
|
[ "$#" -eq 0 ] && set -- start
|
|
if [ -x /bin/systemctl ] ; then
|
|
# [ -e /etc/tor/torrc ] && /bin/systemctl $1 tor >/dev/null
|
|
[ -e /etc/pdnsd.conf ] && /bin/systemctl $1 pdnsd >/dev/null
|
|
[ -e /etc/polipo.conf ] && /bin/systemctl $1 polipo >/dev/null
|
|
/bin/systemctl $1 $mgr
|
|
else
|
|
# [ -e /etc/tor/torrc ] && /etc/init.d/tor $1
|
|
[ -e /etc/pdnsd.conf ] && /etc/init.d/pdnsd $1
|
|
[ -e /etc/polipo.conf ] && /etc/init.d/polipo $1
|
|
/etc/init.d/$mgr $1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
starbucks_pdnsd () {
|
|
if [ "$pdnsd" = "dnscrypt" ] && \
|
|
! ps ax | grep -v grep | grep -q /dnscrypt-proxy ; then
|
|
cp /dev/null /var/local/var/log/dnscrypt-proxy.log
|
|
$HARDEN_VAR_LOCAL/bin/dnscrypt-proxy --config $HARDEN_VAR_LOCAL/etc/dnscrypt-proxy.toml &
|
|
sleep $DELAY
|
|
[ ! -s /var/local/var/log/dnscrypt-proxy.log ] || \
|
|
! grep -q 'No servers configured' $HARDEN_VAR_LOCAL/var/log/dnscrypt-proxy.log || return 11
|
|
ps ax | grep -v grep | grep -q /dnscrypt-proxy || return 12
|
|
elif [ "$pdnsd" = "pdnsd" ] && ! ps ax | grep -v grep | grep -q /pdnsd ; then
|
|
if [ -x /bin/systemctl ] ; then
|
|
[ -e /etc/pdnsd.conf ] && /bin/systemctl stop pdnsd >/dev/null
|
|
else
|
|
[ -e /etc/pdnsd.conf ] && /etc/init.d/pdnsd stop
|
|
fi
|
|
fi
|
|
}
|
|
|
|
starbucks_torrc () {
|
|
ip=`ifconfig $wlan7 | grep -v '127.0.0.1\|grep' | grep inet.*broadcast| sed -e 's/.*inet //' -e 's/ .*//'`
|
|
[ $? -eq 0 ] || { echo ERROR: starbucks_torrc ifconfig $wlan7 ; return 7 ; }
|
|
[ -z "$ip" ] || \
|
|
grep -q "SocksPolicy accept $ip@" /etc/tor/torrc || \
|
|
sed -e "s@^SocksPolicy accept [^/]*\$@SocksPolicy accept $ip@" \
|
|
-i /etc/tor/torrc
|
|
}
|
|
|
|
|
|
## proxy_guest_firewall_config -- /etc/firewall.conf.ws.new
|
|
proxy_guest_firewall_config () {
|
|
. $PREFIX/sbin/proxy_whonix_guest_workstation-firewall.bash || return 2$?
|
|
source_config_folder
|
|
iptables_cmd="echo iptables"
|
|
ip6tables_cmd="echo # ip6tables"
|
|
main > /etc/firewall.conf.ws.new
|
|
|
|
return $?
|
|
}
|
|
|
|
## proxy_whonix_guest_config
|
|
proxy_whonix_guest_config () {
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_guest_start
|
|
proxy_whonix_guest_start () {
|
|
$PL proxy_libvirt_start_guest
|
|
return $?
|
|
}
|
|
|
|
## proxy_whonix_test_guest
|
|
proxy_whonix_test_guest () {
|
|
$PL proxy_libvirt_test_guest
|
|
return $?
|
|
}
|
|
|
|
## proxy_whonix_gateway_config
|
|
proxy_whonix_gateway_config () {
|
|
proxy_whonix_dnsmasq_config gateway 10.0.2.15
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_dnsmasq_config
|
|
proxy_whonix_dnsmasq_config () {
|
|
local dire
|
|
|
|
[ "$#" -eq 0 ] || dire=$1
|
|
[ -z "$dire" ] && MODE="$( proxy_ping_mode )" && dire=$MODE
|
|
[ -n "$MODE" ] || MODE=host
|
|
|
|
proxy_dest_port_wlan_config
|
|
[ -z "$PORT" -o -z "$DEST" ] && return 1
|
|
|
|
# 9040 - no wgetrc polipo
|
|
# need dnsmasq to 127
|
|
file=/etc/dnsmasq.conf
|
|
if [ ! -f $file.$dire ] ; then
|
|
cp -p $file $file.$dire
|
|
cat >> $file.conf <<EOF
|
|
log-facility=/var/log/dnsmasq.log
|
|
no-resolv
|
|
listen-address=127.0.0.1
|
|
server=${DEST}#$PORT
|
|
port=53
|
|
# wlan4
|
|
interface=$PROXY_WLAN
|
|
bind-interfaces
|
|
no-dhcp-interface=$PROXY_WLAN
|
|
EOF
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_polipo_config
|
|
proxy_whonix_polipo_config () {
|
|
local dire
|
|
local file
|
|
[ "$#" -eq 0 ] && { echo ERROR: proxy_whonix_polipo_config no dire ; return 1; }
|
|
dire=$1
|
|
|
|
file=/etc/polipo/config
|
|
if [ $dire = whonix ]; then
|
|
if [ ! -f $file.$dire ] ; then
|
|
cp -p $file $file.$dire
|
|
cat >> $file.conf <<EOF
|
|
proxyAddress=127.0.0.1
|
|
proxyPort=3128
|
|
proxyName=127.0.0.1
|
|
socksParentProxy=10.0.2.15:9050
|
|
socksProxyType=socks5
|
|
#?ssocksUserName=foo
|
|
EOF
|
|
fi
|
|
elif [ $dire = nat ]; then
|
|
# get external
|
|
external=`grep external$ /etc/hosts|sed -e 's/ .*//'`
|
|
#? . /usr/local/bin/proxy_export.bash
|
|
if [ ! -f $file.$dire ] ; then
|
|
cp -p $file $file.$dire
|
|
cat >> $file.conf <<EOF
|
|
proxyAddress=$external
|
|
proxyPort=3128
|
|
proxyName=$external
|
|
socksParentProxy=$external:9050
|
|
socksProxyType=socks5
|
|
#?ssocksUserName=foo
|
|
EOF
|
|
fi
|
|
else
|
|
if [ ! -f $file.$dire ] ; then
|
|
cp -p $file $file.$dire
|
|
cat >> $file.conf <<EOF
|
|
proxyAddress=127.0.0.1
|
|
proxyPort=3128
|
|
proxyName=127.0.0.1
|
|
socksParentProxy=${DEST}:$PORT
|
|
socksProxyType=socks5
|
|
EOF
|
|
fi
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_privoxy_config
|
|
proxy_whonix_privoxy_config () {
|
|
local dire
|
|
local file
|
|
dire=$1 ; shift
|
|
|
|
file=/etc/privoxy/config
|
|
if [ $dire = whonix ]; then
|
|
if [ ! -f $file.$dire ] ; then
|
|
cp -p $file $file.$dire
|
|
cat >> $file.conf <<EOF
|
|
listen-address 127.0.0.1:3128
|
|
forward-socks5t / 10.0.2.15:9050 .
|
|
EOF
|
|
fi
|
|
elif [ $dire = nat ]; then
|
|
# get external
|
|
external=`grep external$ /etc/hosts|sed -e 's/ .*//'`
|
|
#? . /usr/local/bin/proxy_export.bash
|
|
if [ ! -f $file.$dire ] ; then
|
|
cp /dev/null $file.$dire
|
|
fi
|
|
else
|
|
if [ ! -f $file.$dire ] ; then
|
|
cp -p $file $file.$dire
|
|
cat >> $file.conf <<EOF
|
|
listen-address 127.0.0.1:3128
|
|
forward-socks5t / 127.0.0.1:9050 .
|
|
EOF
|
|
fi
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_dnsmasq_config
|
|
proxy_whonix_dnsmasq_config () {
|
|
local dire
|
|
|
|
[ "$#" -eq 0 ] && set -- tor
|
|
dire=$1 ; shift
|
|
proxy_dest_port_wlan_config $*
|
|
[ -z "$PORT" -o -z "$DEST" ] && return 1
|
|
|
|
# 9040 - no wgetrc
|
|
# need dnsmasq to 127
|
|
file=/etc/dnsmasq.conf
|
|
if [ ! -f $file.$dire ] ; then
|
|
cp -p $file $file.$dire
|
|
cat >> $file.$dire <<EOF
|
|
log-facility=/var/log/dnsmasq.log
|
|
no-resolv
|
|
listen-address=127.0.0.1
|
|
server=${DEST}#$PORT
|
|
port=53
|
|
# wlan4
|
|
interface=$PROXY_WLAN
|
|
bind-interfaces
|
|
no-dhcp-interface=$PROXY_WLAN
|
|
EOF
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_tor_config
|
|
proxy_whonix_tor_config () {
|
|
proxy_host_tor_config tor 127.0.0.1
|
|
return $?
|
|
}
|
|
|
|
## proxy_host_tor_config
|
|
proxy_host_tor_config () {
|
|
local dir
|
|
local file
|
|
dire=tor
|
|
DEST=127.0.0.1
|
|
PORT=9050
|
|
|
|
#? [ -z "$DEST" ] && proxy_dest_port_wlan_config || return 1$?
|
|
|
|
[ -z "$PORT" -o -z "$DEST" ] && return 2
|
|
proxy_whonix_polipo_config $dire || return 3$?
|
|
proxy_whonix_dnsmasq_config $dire || return 4$?
|
|
|
|
if proxy_ping_online ; then
|
|
proxy_ping_test_resolv $dire || { echo ERROR: proxy_host_tor_config 5$?; return 5 ; }
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
## proxy_host_from_config
|
|
proxy_host_whonix_config () {
|
|
local dire=whonix
|
|
local file
|
|
|
|
proxy_dest_port_wlan_config || return 1$?
|
|
DEST=10.0.2.15
|
|
PORT=9053
|
|
[ -z "$PORT" -o -z "$DEST" ] && return 2
|
|
proxy_whonix_polipo_config $dire
|
|
proxy_ping_test_resolv $dire || return 4$?
|
|
proxy_whonix_dnsmasq_config $dire || return 5$?
|
|
|
|
return 0
|
|
}
|
|
|
|
## proxy_host_gateway
|
|
proxy_whonix_gateway () {
|
|
local dire=gateway
|
|
debug proxy_whonix_gateway $dire
|
|
|
|
PROXY_WLAN=$( proxy_get_if ) || return 1$?
|
|
s proxy_whonix_config $dire || return 2$?
|
|
|
|
# works?
|
|
proxy_ping_set_resolv gateway
|
|
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_from_config
|
|
proxy_whonix_config () {
|
|
local dire=$1
|
|
[ -z "$DEST" ] && proxy_dest_port_wlan_config
|
|
|
|
if [ ! -f /etc/tor/torsocks.conf.$dire ] ; then
|
|
cp -p /etc/tor/torsocks.conf /etc/tor/torsocks.conf.$dire
|
|
# TorAddress 127.0.0.1
|
|
# TorPort 9050
|
|
fi
|
|
sed -e "s@^#* *TorAddress.*@TorAddress $DEST@" -i /etc/tor/torsocks.conf
|
|
sed -e "s@^#* *TorPort.*@TorPort 9050@" -i /etc/tor/torsocks.conf
|
|
|
|
# proxy_whonix_start_wget
|
|
|
|
proxy_host_${dire}_config
|
|
|
|
return $?
|
|
}
|
|
|
|
## proxy_ws_whonix_config
|
|
proxy_ws_whonix_config () {
|
|
local dir=ws
|
|
|
|
DEST=10.152.152.10
|
|
PROXY_WLAN=eth0
|
|
proxy_host_whonix_config $dire $DEST 9053 $PROXY_WLAN
|
|
|
|
return $?
|
|
}
|
|
|
|
## proxy_whonix_libvirt_status
|
|
proxy_whonix_libvirt_status () {
|
|
proxy_rc_service libvirtd status >/dev/null || \
|
|
proxy_rc_service libvirtd start || \
|
|
echo WARN: libvirtd crashed - see /var/log/libvirt/libvirtd.log # 2>&1|tee $WLOG
|
|
$PL proxy_libvirt_status
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_libvirt_start
|
|
proxy_whonix_libvirt_start () {
|
|
local domain
|
|
[ "$#" -ge 1 ] && domain=$1
|
|
|
|
if [ ! -e /run/libvirt/libvirt-sock ] || ! proxy_rc_service libvirtd status >/dev/null ; then
|
|
cp /dev/null /var/log/libvirt/libvirtd.log
|
|
/etc/init.d/libvirtd status
|
|
retval=$?
|
|
[ $retval -eq 32 ] && WARN libvirtd crashed - zapping && /etc/init.d/libvirtd zap
|
|
[ $retval -eq 0 ] || /etc/init.d/libvirtd start || return 5$? # error: Failed to start livirtd
|
|
proxy_rc_service libvirtd start || return 3
|
|
sleep $DELAY
|
|
fi
|
|
$PL proxy_libvirt_no_autostart
|
|
$PL proxy_libvirt_start
|
|
$PL proxy_libvirt_status
|
|
proxy_virsh net-list | grep -q Whonix-Internal || virsh net-start Whonix-Internal || return 3
|
|
proxy_virsh net-list | grep -q Whonix-External || virsh net-start Whonix-External || return 4
|
|
|
|
[ -z "$domain" ] && domain="$( proxy_testforge_get_gateway_dom )"
|
|
[ -z "$domain" ] && echo WARN: null proxy_testforge_get_gateway_dom && \
|
|
domain=Whonix-Gateway && \
|
|
INFO set proxy_testforge_get_gateway_dom $domain
|
|
$PL proxy_libvirt_list | grep -v grep | grep "$domain" || \
|
|
virsh start $domain || {
|
|
ret=$?
|
|
echo ERROR: proxy_whonix_libvirt_start failed virsh start $domain ret=$ret
|
|
return 5$ret
|
|
}
|
|
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_test
|
|
proxy_whonix_test () {
|
|
local dire
|
|
DBUG proxy_whonix_test $dire
|
|
[ "$#" -eq 0 ] && dire=$MODE || dire=$1
|
|
|
|
[ $dire = ws -o $dire = workstation ] && dire=vda
|
|
|
|
if [ $dire = client ] ; then
|
|
:
|
|
# dunno - look at netstat? -nle4
|
|
|
|
elif [ $dire = nat ] ; then
|
|
$PL proxy_libvirt_test_guest
|
|
|
|
elif [ $dire = vda -o $dire = gateway ] ; then
|
|
proxy_whonix_test_guest
|
|
|
|
elif [ $dire = tor ] ; then
|
|
$PL proxy_libvirt_test_host
|
|
|
|
elif [ $dire = whonix ] ; then
|
|
$PL proxy_libvirt_no_autostart
|
|
$PL proxy_libvirt_clean_virbr1_rules
|
|
|
|
proxy_whonix_get_gateway_dom
|
|
[ -z "$GATEW_DOM" ] && echo WARN: $prog DOM proxy_whonix_get_gateway_dom assuming Whonix-Gateway && DOM=Whonix-Gateway || DOM=$GATEW_DOM
|
|
|
|
proxy_virsh list | grep -q $DOM || { echo ERROR: $prog $DOM not running ; return 2 ; }
|
|
|
|
$PREFIX/bin/proxy_ping_test.bash from_tor || return 6$?
|
|
fi
|
|
|
|
#? gateway
|
|
if [ $dire = whonix -o $dire = vda -o $dire = tor ] ; then
|
|
proxy_rc_service polipo status >/dev/null >/dev/null || \
|
|
{ echo ERROR: $prog polipo not running ; return 4 ; }
|
|
$PREFIX/bin/proxy_ping_test.bash polipo || return 9$?
|
|
elif [ $dire = host -o $dire = tor ] ; then
|
|
proxy_rc_service privoxy status >/dev/null >/dev/null || \
|
|
{ echo ERROR: $prog privoxy not running ; return 4 ; }
|
|
$PREFIX/bin/proxy_ping_test.bash privoxy || return 9$?
|
|
fi
|
|
|
|
if [ $dire = vda -o $dire = ws -o $dire = workstation ] ; then
|
|
proxy_clobber_resolv_local 10.152.152.10
|
|
elif [ $dire = gateway -o $dire = whonix -o $dire = tor ] ; then
|
|
proxy_rc_service dnsmasq status 2>/dev/null >/dev/null || \
|
|
{ echo ERROR: $prog dnsmasq not running ; return 5 ; }
|
|
proxy_clobber_resolv_local 127.0.0.1
|
|
fi
|
|
$PREFIX/bin/proxy_ping_test.bash dns # || return 9$?
|
|
|
|
$PREFIX/bin/proxy_ping_test.bash $dire || return 6$?
|
|
|
|
return 0
|
|
}
|
|
|
|
# Weher was this
|
|
## rc_host_symlink_etc_fstab
|
|
rc_host_symlink_etc_fstab () {
|
|
grep -q root=/dev/vda /proc/cmdline
|
|
PROXY_IS_VDA=$?
|
|
if [ $PROXY_IS_VDA -eq 0 ] ; then
|
|
[ -h /etc/fstab ] && [ -f /etc/fstab.vda ] && \
|
|
rm -f /etc/fstab && ln -s /etc/fstab.vda /etc/fstab
|
|
return 1
|
|
# else
|
|
# [ -h /etc/fstab ] && [ -f /etc/fstab.4TA ] && \
|
|
# rm -f /etc/fstab && ln -s /etc/fstab.4TA /etc/fstab
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
## proxy_vda_config
|
|
proxy_vda_config () {
|
|
|
|
rc_host_symlink_etc_fstab
|
|
sed -e 's/^#x1/x1/' -i /etc/inittab #
|
|
|
|
if false ; then
|
|
sed -e 's/^#//' -i $PREFIX/etc/modules_load.d/vda*conf
|
|
if [ ! -h /etc/modules_load.d/vda_mods.conf ] ; then
|
|
ln -s $PREFIX/etc/modules_load.d/vda*conf /etc/modules_load.d/
|
|
fi
|
|
fi
|
|
if false ; then
|
|
[ -f /etc/firewall.conf.vda ] && \
|
|
cp -p /etc/firewall.conf.vda /etc/firewall.conf
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
##
|
|
old_proxy_vda_config () {
|
|
|
|
[ -f /etc/inittab ] && sed -e 's/^#x1/x1/' -i /etc/inittab
|
|
|
|
return 0
|
|
}
|
|
|
|
## proxy_vda_whonix_config
|
|
proxy_vda_whonix_config () {
|
|
local dir=vda
|
|
|
|
DEST=10.152.152.10
|
|
PROXY_WLAN=eth0
|
|
proxy_host_whonix_config $dire $DEST 9053 $PROXY_WLAN
|
|
|
|
return $?
|
|
}
|
|
|
|
## proxy_quest_config
|
|
proxy_quest_config () {
|
|
|
|
proxy_vda_config
|
|
|
|
sed -e 's/^#//' -i $PREFIX/etc/modules_load.d/vda*conf
|
|
if [ ! -h /etc/modules_load.d/vda_mods.conf ] ; then
|
|
cp -np $PREFIX/etc/modules_load.d/vda*conf /etc/modules-load.d/
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_dnsmasq_start
|
|
proxy_whonix_dnsmasq_start () {
|
|
local dire
|
|
local service=dnsmasq
|
|
|
|
[ "$#" -eq 0 ] || dire=$1
|
|
[ -z "$dire" ] && MODE="$( proxy_ping_mode )" && dire=$MODE
|
|
[ -n "$MODE" ] || MODE=host
|
|
|
|
DBUG proxy_whonix_dnsmasq_start $dire $PROXY_WLAN
|
|
|
|
proxy_whonix_config $dire || return 1$?
|
|
|
|
PROXY_WLAN=$( proxy_get_if )
|
|
[ -z "$PROXY_WLAN" ] && echo ERROR: $prog empty PROXY_WLAN && return 4
|
|
|
|
sed -e "s/wlan[0-9]/$PROXY_WLAN/" -i /etc/dnsmasq.conf.$dire
|
|
if diff /etc/dnsmasq.conf.$dire /etc/dnsmasq.conf >/dev/null ; then
|
|
proxy_rc_service dnsmasq status >/dev/null || \
|
|
proxy_ping_dnsmasq_start || return 8$?
|
|
else
|
|
proxy_rc_service dnsmasq status >/dev/null && \
|
|
proxy_ping_dnsmasq_stop
|
|
cp -p /etc/dnsmasq.conf.$dire /etc/dnsmasq.conf
|
|
proxy_ping_dnsmasq_start || return 8$?
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_privoxy_start
|
|
proxy_whonix_polipo_start () {
|
|
local dire
|
|
local service=polipo
|
|
|
|
[ $# -eq 1 ] && dire=$1
|
|
[ -z "$dire" ] && dire="$( proxy_ping_mode )"
|
|
DBUG proxy_whonix_start_$service $dire
|
|
|
|
proxy_whonix_config $dire || \
|
|
echo WARN: proxy_whonix_polipo_start proxy_whonix_config $dire $? # return 1$?
|
|
|
|
sed -e "s/wlan[0-9]/$PROXY_WLAN/" -e "s/eth[0-9]/$PROXY_WLAN/" -i /etc/polipo/config.$dire
|
|
|
|
if ! diff /etc/polipo/config.$dire /etc/polipo/config ; then
|
|
cp -p /etc/polipo/config.$dire /etc/polipo/config
|
|
proxy_rc_service $service restart || return 2$?
|
|
else
|
|
proxy_rc_service $service status >/dev/null || \
|
|
proxy_rc_service $service start||return 3$
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_host_prepare_blocks
|
|
proxy_whonix_host_prepare_blocks () {
|
|
if [ ! -s /etc/firewall.conf.block ] ; then
|
|
if [ -f $PREFIX/etc/firewall.conf.block ] ; then
|
|
echo "WARN: $prog copying $PREFIX/etc/firewall.conf.block"
|
|
cp -p $PREFIX/etc/firewall.conf.block /etc/firewall.conf.block
|
|
else
|
|
ERROR "$prog missing $PREFIX/etc/firewall.conf.block"
|
|
return 1
|
|
fi
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_host_add_block
|
|
proxy_whonix_host_add_block () {
|
|
local elt tab ip
|
|
|
|
# PROXY_WLAN=$( proxy_get_if )
|
|
# [ $? -ne 0 -o -z "$PROXY_WLAN" ] && echo ERROR: $prog null interface && return 1
|
|
if [ "$#" -eq 0 ] ; then
|
|
proxy_whonix_host_prepare_blocks \| return 1$?
|
|
set -- $( cat /etc/firewall.conf.block )
|
|
fi
|
|
# DBUG "$prog adding $*"
|
|
[ -f /etc/firewall.conf.newer ] || \
|
|
cp -p /etc/firewall.conf /etc/firewall.conf.newer
|
|
for elt in wlan virbr1 ; do
|
|
[ $elt = wlan ] && tab=INPUT || tab=LIBVIRT_FWI
|
|
grep -q "^# blocks $elt" /etc/firewall.conf.newer || {
|
|
echo ERROR: maker not found "^# blocks $elt" in /etc/firewall.conf.newer
|
|
return 2
|
|
}
|
|
sed -e "/^# blocks $elt/,\$d" /etc/firewall.conf.newer > /etc/firewall.conf.$$
|
|
echo "# blocks $elt" >> /etc/firewall.conf.$$
|
|
for ip in $* ; do
|
|
grep -q $ip /etc/firewall.conf.block || \
|
|
grep -q $ip /etc/firewall.conf.block.newer || \
|
|
echo $ip >> /etc/firewall.conf.block.newer
|
|
grep -q -e "A $tab -s $ip" /etc/firewall.conf.newer && continue
|
|
echo "-A $tab -s $ip -p tcp -j DROP" >> /etc/firewall.conf.$$
|
|
DBUG "$prog -A $tab -s $ip -m tcp -p tcp -j DROP"
|
|
done
|
|
sed -e "1,/^# blocks $elt/d" /etc/firewall.conf.newer >> /etc/firewall.conf.$$
|
|
mv /etc/firewall.conf.$$ /etc/firewall.conf.newer
|
|
done
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_host_online
|
|
proxy_whonix_host_online () {
|
|
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=$( proxy_get_if ) || return 1$?
|
|
[ -z "$PROXY_WLAN" ] && echo ERROR: empty PROXY_WLAN && return 2
|
|
if [ -x /etc/init.d/NetworkManager ] ; then
|
|
/etc/init.d/NetworkManager status || /etc/init.d/NetworkManager start || return 3
|
|
else
|
|
proxy_rc_service NetworkManager status >/dev/null \
|
|
|| proxy_rc_service NetworkManager start || return 3$?
|
|
fi
|
|
nm-online -t 0 -x || return 4$?
|
|
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_down - call when the network goes down
|
|
proxy_whonix_down () {
|
|
# $PREFIX/bin/proxy_ping_test.bash "$MODE" || return 1$?
|
|
proxy_ping_online && return 0 # dont do anything
|
|
# nothing to do?
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_up - call when the network comes up
|
|
proxy_whonix_up () {
|
|
# $PREFIX/bin/proxy_ping_test.bash "$MODE" || return 1$?
|
|
proxy_ping_online || return 0 # dont do anything
|
|
return 0
|
|
}
|
|
|
|
## proxy_whonix_start_wget
|
|
proxy_whonix_start_wget () {
|
|
return 0
|
|
if [ -f /etc/wgetrc ] ; then
|
|
sp=https://127.0.0.1:3128
|
|
grep -q ^https_proxy /etc/wgetrc && \
|
|
sed -e "s@https_proxy.*@https_proxy = $sp@" -i /etc/wgetrc
|
|
grep -q ^https_proxy /etc/wgetrc && \
|
|
echo "https_proxy = $sp" >> /etc/wgetrc
|
|
grep -q ^http_proxy /etc/wgetrc && \
|
|
sed -e "s@http_proxy.*@http_proxy = $sp@" -i /etc/wgetrc
|
|
grep -q ^http_proxy /etc/wgetrc || \
|
|
echo "http_proxy = $sp" >> /etc/wgetrc
|
|
fi
|
|
|
|
sp=http://127.0.0.1:3128
|
|
for elt_proxy in http https ; do
|
|
grep -q ^$elt_proxy /etc/wgetrc && \
|
|
sed -e "s@$elt_proxy.*@$elt_proxy = $sp@" -i /etc/wgetrc || \
|
|
echo "$elt_proxy = $sp" >> /etc/wgetrc
|
|
done
|
|
|
|
return 0
|
|
}
|
|
|
|
if [ -x /usr/bin/basename ] && [ $( /usr/bin/basename -- $0 .bash ) = $base ] ; then
|
|
[ "$#" -eq 0 ] && exit 0
|
|
[ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \
|
|
echo USAGE: $0 && grep '^[a-z].*()\|^## ' $0 | sed -e 's/().*//'|sort && \
|
|
exit 0
|
|
DBUG $base "$@"
|
|
eval "$@"
|
|
exit $?
|
|
fi
|