Store Tor config and keys in $username/$dir
This commit is contained in:
Miraty
parent
6dbc63a36a
commit
9fa902f768
6 changed files with 37 additions and 26 deletions
|
|
@ -23,10 +23,10 @@ enabled = true
|
|||
ht_path = "/srv/ht"
|
||||
; Nginx configuration directory
|
||||
nginx_config_path = "/etc/nginx/ht"
|
||||
; Tor configuration file
|
||||
tor_config_path = "/etc/tor/torrc"
|
||||
; Tor configuration directory
|
||||
tor_config_path = "/srv/niver/tor-config"
|
||||
; Tor keys directory
|
||||
tor_keys_path = "/var/lib/tor/keys"
|
||||
tor_keys_path = "/srv/niver/tor-keys"
|
||||
tor_service = "tor"
|
||||
tor_user = "tor"
|
||||
|
||||
|
|
@ -36,6 +36,7 @@ certbot_path = "/usr/bin/certbot"
|
|||
chgrp_path = "/usr/bin/chgrp"
|
||||
cat_path = "/usr/bin/cat"
|
||||
rm_path = "/usr/bin/rm"
|
||||
mkdir_path = "/usr/bin/mkdir"
|
||||
|
||||
sftpgo_group = sftpgo
|
||||
|
||||
|
|
|
|||
|
|
@ -86,3 +86,13 @@ function redir() {
|
|||
header('Location: ' . CONF['common']['prefix'] . '/');
|
||||
}
|
||||
}
|
||||
|
||||
// PHP rmdir() only works on empty directories
|
||||
function removeDirectory($dir) {
|
||||
$dirObj = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
|
||||
$files = new RecursiveIteratorIterator($dirObj, RecursiveIteratorIterator::CHILD_FIRST);
|
||||
foreach ($files as $file)
|
||||
$file->isDir() && !$file->isLink() ? rmdir($file->getPathname()) : unlink($file->getPathname());
|
||||
if (rmdir($dir) !== true)
|
||||
serverError("Unable to remove directory.");
|
||||
}
|
||||
|
|
|
|||
12
fn/ht.php
12
fn/ht.php
|
|
@ -50,14 +50,8 @@ function htDeleteSite($dir, $domainType, $protocol) {
|
|||
|
||||
if ($domainType === 'onion') {
|
||||
// Delete Tor config
|
||||
$torConf = file_get_contents(CONF['ht']['tor_config_path']);
|
||||
if ($torConf === false)
|
||||
serverError("Failed to read current Tor configuration.");
|
||||
$torConf = str_replace('HiddenServiceDir ' . CONF['ht']['tor_keys_path'] . '/' . $dir . '/
|
||||
HiddenServicePort 80 [::1]:' . CONF['ht']['internal_onion_http_port'] . '
|
||||
', '', $torConf);
|
||||
if (file_put_contents(CONF['ht']['tor_config_path'], $torConf) === false)
|
||||
serverError("Failed to write new Tor configuration.");
|
||||
if (unlink(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $dir) !== true)
|
||||
serverError("Failed to delete Tor configuration.");
|
||||
|
||||
// Reload Tor
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code);
|
||||
|
|
@ -65,7 +59,7 @@ HiddenServicePort 80 [::1]:' . CONF['ht']['internal_onion_http_port'] . '
|
|||
serverError("Failed to reload Tor.");
|
||||
|
||||
// Delete Tor keys
|
||||
exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $dir, $output, $code);
|
||||
exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $dir, $output, $code);
|
||||
if ($code !== 0)
|
||||
serverError("Failed to delete Tor keys.");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,10 +36,19 @@ if (userExist($_POST['username']) !== false)
|
|||
umask(0002);
|
||||
if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
|
||||
serverError("Can't create user directory.");
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", $stdout, $code);
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", result_code: $code);
|
||||
if ($code !== 0)
|
||||
serverError("Can't change user directory group.");
|
||||
|
||||
// Setup Tor config directory
|
||||
if (mkdir(CONF['ht']['tor_config_path'] . "/" . $_POST['username'], 0755) !== true)
|
||||
serverError("Can't create Tor config directory.");
|
||||
|
||||
// Setup Tor keys directory
|
||||
exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['mkdir_path'] . " --mode=0700 " . CONF['ht']['tor_keys_path'] . "/" . $_POST['username'], result_code: $code);
|
||||
if ($code !== 0)
|
||||
serverError("Can't create Tor keys directory.");
|
||||
|
||||
$db = new PDO('sqlite:' . DB_PATH);
|
||||
|
||||
$stmt = $db->prepare("INSERT INTO users(username, password, registration_date) VALUES(:username, :password, :registration_date)");
|
||||
|
|
|
|||
|
|
@ -34,13 +34,13 @@ foreach (query('select', 'sites', [
|
|||
], 'site_dir') as $dir)
|
||||
htDeleteSite($dir, domainType: 'dns', protocol: 'http');
|
||||
|
||||
// PHP rmdir() only works on empty directories
|
||||
$dirObj = new RecursiveDirectoryIterator(CONF['ht']['ht_path'] . "/" . $_SESSION['username'], RecursiveDirectoryIterator::SKIP_DOTS);
|
||||
$files = new RecursiveIteratorIterator($dirObj, RecursiveIteratorIterator::CHILD_FIRST);
|
||||
foreach ($files as $path)
|
||||
$path->isDir() && !$path->isLink() ? rmdir($path->getPathname()) : unlink($path->getPathname());
|
||||
if (rmdir(CONF['ht']['ht_path'] . '/' . $_SESSION['username']) !== true)
|
||||
serverError("Unable to delete user's hypertext directory.");
|
||||
exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'], result_code: $code);
|
||||
if ($code !== 0)
|
||||
serverError("Can't remove Tor keys directory.");
|
||||
|
||||
removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username']);
|
||||
|
||||
removeDirectory(CONF['ht']['ht_path'] . '/' . $_SESSION['username']);
|
||||
|
||||
query('delete', 'users', ['username' => $_SESSION['username']]);
|
||||
|
||||
|
|
|
|||
|
|
@ -34,13 +34,10 @@ if ($dirsStatuses[$_POST['dir']] !== false)
|
|||
userError("Wrong value for <code>dir</code>.");
|
||||
|
||||
// Add Tor config
|
||||
$torConf = file_get_contents(CONF['ht']['tor_config_path']);
|
||||
if ($torConf === false)
|
||||
serverError("Failed to read current Tor configuration.");
|
||||
$torConf = $torConf . "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/
|
||||
$torConf = "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/
|
||||
HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . "
|
||||
";
|
||||
if (file_put_contents(CONF['ht']['tor_config_path'], $torConf) === false)
|
||||
if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'], $torConf) === false)
|
||||
serverError("Failed to write new Tor configuration.");
|
||||
|
||||
// Reload Tor
|
||||
|
|
@ -49,7 +46,7 @@ if ($code !== 0)
|
|||
serverError("Failed to reload Tor.");
|
||||
|
||||
// Get the address generated by Tor
|
||||
exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['cat_path'] . " " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/hostname", $output);
|
||||
exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['cat_path'] . ' ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . '/hostname', $output);
|
||||
$onion = $output[0];
|
||||
if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1)
|
||||
serverError("No onion address found.");
|
||||
|
|
|
|||
Loading…
Reference in a new issue