#!/bin/bash # Tor Client app for YunoHost # Copyright (C) 2015 Julien Vaubourg # Contribute at https://github.com/labriqueinternet/torclient_ynh # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # Functions ## State functions has_torclient_app() { [ -e /tmp/.ynh-torclient-started ] } has_hotspot_app() { [ -e /tmp/.ynh-hotspot-started ] } is_nat_set() { iptables -nvt nat -L PREROUTING | grep REDIRECT | grep -q "${ynh_wifi_device}" } is_tor_running() { systemctl is-active tor &> /dev/null } is_running() { has_hotspot_app && is_tor_running && is_nat_set } set_nat() { iptables -t nat -A PREROUTING -i "${ynh_wifi_device}" -p udp --dport 53 -j REDIRECT --to-ports 9053 iptables -t nat -A PREROUTING -i "${ynh_wifi_device}" -p tcp ! --dport 53 --syn -j REDIRECT --to-ports 9040 } set_forwarding() { sysctl -w net.ipv6.conf.all.forwarding=1 > /dev/null sysctl -w net.ipv4.conf.all.forwarding=1 > /dev/null } unset_nat() { internet_device=${1} iptables -t nat -D PREROUTING -i "${ynh_wifi_device}" -p udp --dport 53 -j REDIRECT --to-ports 9053 iptables -t nat -D PREROUTING -i "${ynh_wifi_device}" -p tcp ! --dport 53 --syn -j REDIRECT --to-ports 9040 } stop_tor() { systemctl stop tor } start_tor() { cp /etc/tor/torrc{.tpl,} sed "s||${ynh_wifi_prefix}|g" -i /etc/tor/torrc systemctl start tor } ## Tools ynh_setting_get() { app=${1} setting=${2} grep "^${setting}:" "/etc/yunohost/apps/${app}/settings.yml" | sed s/^[^:]\\+:\\s*[\"\']\\?// | sed s/\\s*[\"\']\$// } ynh_setting_set() { app=${1} setting=${2} value=${3} yunohost app setting "${app}" "${setting}" -v "${value}" } do_start() { if is_running; then echo "Already started" elif [ "${ynh_service_enabled}" -eq 0 ]; then echo "Disabled service" elif ! has_hotspot_app; then echo "[ERR] Hotspot is not running" else echo "[torclient] Starting..." touch /tmp/.ynh-torclient-started # Run tor if ! is_tor_running; then echo "Run Tor" start_tor fi # Set ipv4 NAT if ! is_nat_set; then echo "Set NAT settings" set_nat fi fi } do_stop() { echo "[torclient] Stopping..." rm -f /tmp/.ynh-torclient-started if is_nat_set; then echo "Unset NAT" unset_nat fi if is_tor_running; then echo "Stop Tor" stop_tor fi } do_status() { exitcode=0 if [ "${ynh_service_enabled}" -eq 0 ]; then echo "[ERR] Tor Client Service disabled" exitcode=1 fi if ! has_hotspot_app; then echo "[ERR] Hotspot is not running" exitcode=1 fi if is_tor_running; then echo "[OK] Tor is running" else echo "[ERR] Tor is not running" exitcode=1 fi if is_nat_set; then echo "[OK] IPv4 nat rules set" else echo "[ERR] No IPv4 nat rules set" exitcode=1 fi exit ${exitcode} } if [ "$1" != restart ]; then # Restart php5-fpm at the first start (it needs to be restarted after the slapd start) if [ ! -e /tmp/.ynh-torclient-boot ]; then touch /tmp/.ynh-torclient-boot systemctl restart php5-fpm fi ynh_wifi_device_id=$(ynh_setting_get torclient wifi_device_id) if [[ ! "${1}" =~ stop ]]; then exitcode=0 if [ "${ynh_wifi_device_id}" -eq -1 ]; then echo "[WARN] You need to select an associated wifi hotspot (you can do it through the web admin)" exitcode=1 fi [ "${exitcode}" -ne 0 ] && exit ${exitcode} fi # Variables echo -n "Retrieving Yunohost settings... " ynh_service_enabled=$(ynh_setting_get torclient service_enabled) if [ "${ynh_wifi_device_id}" -eq 0 ]; then ynh_wifi_device=$(ynh_setting_get hotspot wifi_device) else ynh_wifi_device="hotspot${ynh_wifi_device_id}" fi echo OK IFS='|' read -a ynh_wifi_ssid <<< "$(ynh_setting_get hotspot wifi_ssid)" IFS='|' read -a ynh_wifi_prefix <<< "$(ynh_setting_get hotspot ip4_nat_prefix)" ynh_wifi_prefix=${ynh_wifi_prefix[$ynh_wifi_device_id]} ynh_wifi_ssid=${ynh_wifi_ssid[$ynh_wifi_device_id]} fi case "$1" in start) do_start ;; stop) do_stop ;; restart) do_stop do_start ;; status) do_status ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 1 ;; esac exit 0