labriqueinternet
/
torclient_ynh
miroir de https://github.com/labriqueinternet/torclient_ynh


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220
							#!/bin/bash

# Tor Client app for YunoHost
# Copyright (C) 2015 Julien Vaubourg <julien@vaubourg.com>
# Contribute at https://github.com/labriqueinternet/torclient_ynh
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Functions
## State functions

has_torclient_app() {
  [ -e /tmp/.ynh-torclient-started ]
}

has_hotspot_app() {
  [ -e /tmp/.ynh-hotspot-started ]
}

is_nat_set() {
  iptables -nvt nat -L PREROUTING | grep REDIRECT | grep -q "${ynh_wifi_device}"
}

is_tor_running() {
  systemctl is-active tor &> /dev/null
}

is_running() {
  has_hotspot_app && is_tor_running && is_nat_set
}

set_nat() {
  iptables -t nat -A PREROUTING -i "${ynh_wifi_device}" -p udp --dport 53 -j REDIRECT --to-ports 9053
  iptables -t nat -A PREROUTING -i "${ynh_wifi_device}" -p tcp ! --dport 53 --syn -j REDIRECT --to-ports 9040
}

set_forwarding() {
  sysctl -w net.ipv6.conf.all.forwarding=1 > /dev/null
  sysctl -w net.ipv4.conf.all.forwarding=1 > /dev/null
}

unset_nat() {
  internet_device=${1}

  iptables -t nat -D PREROUTING -i "${ynh_wifi_device}" -p udp --dport 53 -j REDIRECT --to-ports 9053
  iptables -t nat -D PREROUTING -i "${ynh_wifi_device}" -p tcp ! --dport 53 --syn -j REDIRECT --to-ports 9040
}

stop_tor() {
  systemctl stop tor
}

start_tor() {
  cp /etc/tor/torrc{.tpl,}

  sed "s|<TPL:TOR_NETWORK>|${ynh_wifi_prefix}|g" -i /etc/tor/torrc

  systemctl start tor
}

## Tools

ynh_setting_get() {
  app=${1}
  setting=${2}

  grep "^${setting}:" "/etc/yunohost/apps/${app}/settings.yml" | sed s/^[^:]\\+:\\s*[\"\']\\?// | sed s/\\s*[\"\']\$//
}

ynh_setting_set() {
  app=${1}
  setting=${2}
  value=${3}

  yunohost app setting "${app}" "${setting}" -v "${value}"
}

do_start() {
  if is_running; then
    echo "Already started"
  elif [ "${ynh_service_enabled}" -eq 0 ]; then
    echo "Disabled service"
  elif ! has_hotspot_app; then
    echo "[ERR] Hotspot is not running"
  else
    echo "[torclient] Starting..."
    touch /tmp/.ynh-torclient-started

    # Run tor
    if ! is_tor_running; then
      echo "Run Tor"
      start_tor
    fi

    # Set ipv4 NAT
    if ! is_nat_set; then
      echo "Set NAT settings"
      set_nat
    fi
  fi
}

do_stop() {
  echo "[torclient] Stopping..."
  rm -f /tmp/.ynh-torclient-started

  if is_nat_set; then
    echo "Unset NAT"
    unset_nat
  fi

  if is_tor_running; then
    echo "Stop Tor"
    stop_tor
  fi
}

do_status() {
  exitcode=0

  if [ "${ynh_service_enabled}" -eq 0 ]; then
    echo "[ERR] Tor Client Service disabled"
    exitcode=1
  fi

  if ! has_hotspot_app; then
    echo "[ERR] Hotspot is not running"
    exitcode=1
  fi

  if is_tor_running; then
    echo "[OK] Tor is running"
  else
    echo "[ERR] Tor is not running"
    exitcode=1
  fi

  if is_nat_set; then
    echo "[OK] IPv4 nat rules set"
  else
    echo "[ERR] No IPv4 nat rules set"
    exitcode=1
  fi

  exit ${exitcode}
}

if [ "$1" != restart ]; then

  # Restart php5-fpm at the first start (it needs to be restarted after the slapd start)
  if [ ! -e /tmp/.ynh-torclient-boot ]; then
    touch /tmp/.ynh-torclient-boot
    systemctl restart php5-fpm
  fi

  ynh_wifi_device_id=$(ynh_setting_get torclient wifi_device_id)

  if [[ ! "${1}" =~ stop ]]; then
    exitcode=0

    if [ "${ynh_wifi_device_id}" -eq -1 ]; then
      echo "[WARN] You need to select an associated wifi hotspot (you can do it through the web admin)"
      exitcode=1
    fi

    [ "${exitcode}" -ne 0 ] && exit ${exitcode}
  fi

  # Variables
  
  echo -n "Retrieving Yunohost settings... "
  
  ynh_service_enabled=$(ynh_setting_get torclient service_enabled)
  
  if [ "${ynh_wifi_device_id}" -eq 0 ]; then
    ynh_wifi_device=$(ynh_setting_get hotspot wifi_device)
  else
    ynh_wifi_device="hotspot${ynh_wifi_device_id}"
  fi

  echo OK
  
  IFS='|' read -a ynh_wifi_ssid <<< "$(ynh_setting_get hotspot wifi_ssid)"
  IFS='|' read -a ynh_wifi_prefix <<< "$(ynh_setting_get hotspot ip4_nat_prefix)"
  ynh_wifi_prefix=${ynh_wifi_prefix[$ynh_wifi_device_id]}
  ynh_wifi_ssid=${ynh_wifi_ssid[$ynh_wifi_device_id]}
fi

case "$1" in
  start)
    do_start
    ;;
  stop)
    do_stop
    ;;
  restart)
    do_stop
    do_start
    ;;
  status)
    do_status
    ;;
  *)
    echo "Usage: $0 {start|stop|restart|status}"
    exit 1
  ;;
esac

exit 0