Functions for tor bridges

src/freedombone-sec

@@ -751,6 +751,53 @@ function store_passwords {
     esac
 }
 
+function show_tor_bridges {
+    echo -n ''
+}
+
+function add_tor_bridge {
+    echo -n ''
+}
+
+function remove_tor_bridge {
+    echo -n ''
+}
+
+function menu_security_settings {
+    data=$(tempfile 2>/dev/null)
+    trap "rm -f $data" 0 1 2 5 15
+    dialog --backtitle $"Freedombone Control Panel" \
+           --title $"Tor Bridges" \
+           --radiolist $"Choose an operation:" 12 50 4 \
+           1 $"Show bridges" off \
+           2 $"Add a bridge" off \
+           3 $"Remove a bridge" off \
+           4 $"Go Back/Exit" on 2> $data
+    sel=$?
+    case $sel in
+        1) exit 1;;
+        255) exit 1;;
+    esac
+
+    case $(cat $data) in
+        1)
+            show_tor_bridges
+            exit 0
+            ;;
+        2)
+            add_tor_bridge
+            exit 0
+            ;;
+        3)
+            remove_tor_bridge
+            exit 0
+            ;;
+        4)
+            exit 0
+            ;;
+    esac
+}
+
 function menu_security_settings {
     data=$(tempfile 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
@@ -759,17 +806,18 @@ function menu_security_settings {
            --radiolist $"Choose an operation:" 20 76 20 \
            1 $"Run STIG tests" off \
            2 $"Show ssh host public key" off \
-           3 $"Password storage" off \
-           4 $"Export passwords" off \
-           5 $"Regenerate ssh host keys" off \
-           6 $"Regenerate Diffie-Hellman keys" off \
-           7 $"Update cipersuite" off \
-           8 $"Create a new Let's Encrypt certificate" off \
-           9 $"Renew Let's Encrypt certificate" off \
-           10 $"Enable GPG based authentication (monkeysphere)" off \
-           11 $"Register a website with monkeysphere" off \
-           12 $"Allow ssh login with passwords" off \
-           13 $"Go Back/Exit" on 2> $data
+           3 $"Tor bridges" off \
+           4 $"Password storage" off \
+           5 $"Export passwords" off \
+           6 $"Regenerate ssh host keys" off \
+           7 $"Regenerate Diffie-Hellman keys" off \
+           8 $"Update cipersuite" off \
+           9 $"Create a new Let's Encrypt certificate" off \
+           10 $"Renew Let's Encrypt certificate" off \
+           11 $"Enable GPG based authentication (monkeysphere)" off \
+           12 $"Register a website with monkeysphere" off \
+           13 $"Allow ssh login with passwords" off \
+           14 $"Go Back/Exit" on 2> $data
     sel=$?
     case $sel in
         1) exit 1;;
@@ -804,41 +852,45 @@ function menu_security_settings {
             exit 0
             ;;
         3)
-            store_passwords
+            menu_tor_bridges
             exit 0
             ;;
         4)
-            export_passwords
+            store_passwords
             exit 0
             ;;
         5)
-            regenerate_ssh_host_keys
+            export_passwords
+            exit 0
             ;;
         6)
-            regenerate_dh_keys
+            regenerate_ssh_host_keys
             ;;
         7)
+            regenerate_dh_keys
+            ;;
+        8)
             interactive_setup
             update_ciphersuite
             ;;
-        8)
+        9)
             create_letsencrypt
             ;;
-        9)
+        10)
             renew_letsencrypt
             ;;
-        10)
+        11)
             enable_monkeysphere
             ;;
-        11)
+        12)
             register_website
             ;;
-        12)
+        13)
             allow_ssh_passwords
             change_ssh_settings
             exit 0
             ;;
-        13)
+        14)
             exit 0
             ;;
     esac

src/freedombone-utils-onion

@@ -402,4 +402,65 @@ function get_app_onion_address {
     echo ""
 }
 
+function tor_add_bridge {
+    bridge_ip_address="$1"
+    bridge_port="$2"
+    bridge_key="$3"
+    bridge_type='obfs4'
+
+    if [[ "$bridge_ip_address" != *"."* ]]; then
+        return
+    fi
+    if [ ${#bridge_port} -eq 0 ]; then
+        return
+    fi
+    if [ ${#bridge_key} -eq 0 ]; then
+        return
+    fi
+
+    apt-get install obfs4proxy
+
+    if grep "ClientTransportPlugin" /etc/tor/torrc; then
+        sed -i 's|#ClientTransportPlugin|ClientTransportPlugin|g' /etc/tor/torrc
+        sed -i 's|# ClientTransportPlugin|ClientTransportPlugin|g' /etc/tor/torrc
+        sed -i 's|ClientTransportPlugin.*|ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed|g' /etc/tor/torrc
+    else
+        echo 'ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed' >> /etc/tor/torrc
+    fi
+    if grep "UseBridges" /etc/tor/torrc; then
+        sed -i 's|#UseBridges|UseBridges|g' /etc/tor/torrc
+        sed -i 's|# UseBridges|UseBridges|g' /etc/tor/torrc
+        sed -i 's|UseBridges.*|UseBridges 1|g' /etc/tor/torrc
+    else
+        echo 'UseBridges 1' >> /etc/tor/torrc
+    fi
+
+    bridge_str="bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}"
+    if ! grep "${bridge_str}" /etc/tor/torrc; then
+        sed -i "/UseBridges/a ${bridge_str}" >> /etc/tor/torrc
+    fi
+
+    systemctl restart tor
+}
+
+function tor_remove_bridge {
+    bridge_ip_address="$1"
+    bridge_type='obfs4'
+
+    bridge_str="bridge $bridge_type ${bridge_ip_address}"
+    if grep "${bridge_str}" /etc/tor/torrc; then
+        sed -i "/${bridge_str}/d" /etc/tor/torrc
+    fi
+    if ! grep "bridge " /etc/tor/torrc; then
+        if ! grep "#UseBridges" /etc/tor/torrc; then
+            sed -i 's|UseBridges|#UseBridges|g' /etc/tor/torrc
+        fi
+        if ! grep "#ClientTransportPlugin" /etc/tor/torrc; then
+            sed -i 's|ClientTransportPlugin|#ClientTransportPlugin|g' /etc/tor/torrc
+        fi
+    fi
+
+    systemctl restart tor
+}
+
 # NOTE: deliberately no exit 0