From 9fa902f768167ce693cc4bbf15f6e15ab28bf5a3 Mon Sep 17 00:00:00 2001 From: Miraty Date: Wed, 22 Jun 2022 00:37:06 +0200 Subject: [PATCH] Store Tor config and keys in $username/$dir --- config.ini | 7 ++++--- fn/common.php | 10 ++++++++++ fn/ht.php | 12 +++--------- public/auth/register.php | 11 ++++++++++- public/auth/unregister.php | 14 +++++++------- public/ht/add-http-onion.php | 9 +++------ 6 files changed, 37 insertions(+), 26 deletions(-) diff --git a/config.ini b/config.ini index a12cd08..39f33ae 100644 --- a/config.ini +++ b/config.ini @@ -23,10 +23,10 @@ enabled = true ht_path = "/srv/ht" ; Nginx configuration directory nginx_config_path = "/etc/nginx/ht" -; Tor configuration file -tor_config_path = "/etc/tor/torrc" +; Tor configuration directory +tor_config_path = "/srv/niver/tor-config" ; Tor keys directory -tor_keys_path = "/var/lib/tor/keys" +tor_keys_path = "/srv/niver/tor-keys" tor_service = "tor" tor_user = "tor" @@ -36,6 +36,7 @@ certbot_path = "/usr/bin/certbot" chgrp_path = "/usr/bin/chgrp" cat_path = "/usr/bin/cat" rm_path = "/usr/bin/rm" +mkdir_path = "/usr/bin/mkdir" sftpgo_group = sftpgo diff --git a/fn/common.php b/fn/common.php index 4a4700e..3e56a0f 100644 --- a/fn/common.php +++ b/fn/common.php @@ -86,3 +86,13 @@ function redir() { header('Location: ' . CONF['common']['prefix'] . '/'); } } + +// PHP rmdir() only works on empty directories +function removeDirectory($dir) { + $dirObj = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS); + $files = new RecursiveIteratorIterator($dirObj, RecursiveIteratorIterator::CHILD_FIRST); + foreach ($files as $file) + $file->isDir() && !$file->isLink() ? rmdir($file->getPathname()) : unlink($file->getPathname()); + if (rmdir($dir) !== true) + serverError("Unable to remove directory."); +} diff --git a/fn/ht.php b/fn/ht.php index 0959cd7..c65c20d 100644 --- a/fn/ht.php +++ b/fn/ht.php @@ -50,14 +50,8 @@ function htDeleteSite($dir, $domainType, $protocol) { if ($domainType === 'onion') { // Delete Tor config - $torConf = file_get_contents(CONF['ht']['tor_config_path']); - if ($torConf === false) - serverError("Failed to read current Tor configuration."); - $torConf = str_replace('HiddenServiceDir ' . CONF['ht']['tor_keys_path'] . '/' . $dir . '/ -HiddenServicePort 80 [::1]:' . CONF['ht']['internal_onion_http_port'] . ' -', '', $torConf); - if (file_put_contents(CONF['ht']['tor_config_path'], $torConf) === false) - serverError("Failed to write new Tor configuration."); + if (unlink(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $dir) !== true) + serverError("Failed to delete Tor configuration."); // Reload Tor exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code); @@ -65,7 +59,7 @@ HiddenServicePort 80 [::1]:' . CONF['ht']['internal_onion_http_port'] . ' serverError("Failed to reload Tor."); // Delete Tor keys - exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $dir, $output, $code); + exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $dir, $output, $code); if ($code !== 0) serverError("Failed to delete Tor keys."); } diff --git a/public/auth/register.php b/public/auth/register.php index 14f1180..c6466d1 100644 --- a/public/auth/register.php +++ b/public/auth/register.php @@ -36,10 +36,19 @@ if (userExist($_POST['username']) !== false) umask(0002); if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true) serverError("Can't create user directory."); -exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", $stdout, $code); +exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", result_code: $code); if ($code !== 0) serverError("Can't change user directory group."); +// Setup Tor config directory +if (mkdir(CONF['ht']['tor_config_path'] . "/" . $_POST['username'], 0755) !== true) + serverError("Can't create Tor config directory."); + +// Setup Tor keys directory +exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['mkdir_path'] . " --mode=0700 " . CONF['ht']['tor_keys_path'] . "/" . $_POST['username'], result_code: $code); +if ($code !== 0) + serverError("Can't create Tor keys directory."); + $db = new PDO('sqlite:' . DB_PATH); $stmt = $db->prepare("INSERT INTO users(username, password, registration_date) VALUES(:username, :password, :registration_date)"); diff --git a/public/auth/unregister.php b/public/auth/unregister.php index 2fa7d70..3115941 100644 --- a/public/auth/unregister.php +++ b/public/auth/unregister.php @@ -34,13 +34,13 @@ foreach (query('select', 'sites', [ ], 'site_dir') as $dir) htDeleteSite($dir, domainType: 'dns', protocol: 'http'); -// PHP rmdir() only works on empty directories -$dirObj = new RecursiveDirectoryIterator(CONF['ht']['ht_path'] . "/" . $_SESSION['username'], RecursiveDirectoryIterator::SKIP_DOTS); -$files = new RecursiveIteratorIterator($dirObj, RecursiveIteratorIterator::CHILD_FIRST); -foreach ($files as $path) - $path->isDir() && !$path->isLink() ? rmdir($path->getPathname()) : unlink($path->getPathname()); -if (rmdir(CONF['ht']['ht_path'] . '/' . $_SESSION['username']) !== true) - serverError("Unable to delete user's hypertext directory."); +exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'], result_code: $code); +if ($code !== 0) + serverError("Can't remove Tor keys directory."); + +removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username']); + +removeDirectory(CONF['ht']['ht_path'] . '/' . $_SESSION['username']); query('delete', 'users', ['username' => $_SESSION['username']]); diff --git a/public/ht/add-http-onion.php b/public/ht/add-http-onion.php index fddb54e..f03b99c 100644 --- a/public/ht/add-http-onion.php +++ b/public/ht/add-http-onion.php @@ -34,13 +34,10 @@ if ($dirsStatuses[$_POST['dir']] !== false) userError("Wrong value for dir."); // Add Tor config -$torConf = file_get_contents(CONF['ht']['tor_config_path']); -if ($torConf === false) - serverError("Failed to read current Tor configuration."); -$torConf = $torConf . "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/ +$torConf = "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/ HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . " "; -if (file_put_contents(CONF['ht']['tor_config_path'], $torConf) === false) +if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'], $torConf) === false) serverError("Failed to write new Tor configuration."); // Reload Tor @@ -49,7 +46,7 @@ if ($code !== 0) serverError("Failed to reload Tor."); // Get the address generated by Tor -exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['cat_path'] . " " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/hostname", $output); +exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['cat_path'] . ' ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . '/hostname', $output); $onion = $output[0]; if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1) serverError("No onion address found.");