diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion index c1996be0..484afb09 100755 --- a/src/freedombone-utils-onion +++ b/src/freedombone-utils-onion @@ -36,9 +36,9 @@ HIDDEN_SERVICE_PATH='/var/lib/tor/hidden_service_' function add_email_hostname { extra_email_hostname="$1" - email_hostnames=$(cat /etc/exim4/update-exim4.conf.conf | grep "dc_other_hostnames" | awk -F "'" '{print $2}') + email_hostnames=$(grep "dc_other_hostnames" /etc/exim4/update-exim4.conf.conf | awk -F "'" '{print $2}') if [[ "$email_hostnames" != *"$extra_email_hostname"* ]]; then - sed -i "s|dc_other_hostnames=.*|dc_other_hostnames='$emailhostnames;extra_email_hostname'|g" /etc/exim4/update-exim4.conf.conf + sed -i "s|dc_other_hostnames=.*|dc_other_hostnames='$email_hostnames;extra_email_hostname'|g" /etc/exim4/update-exim4.conf.conf update-exim4.conf dpkg-reconfigure --frontend noninteractive exim4-config systemctl restart saslauthd @@ -54,7 +54,7 @@ function wait_for_onion_service_base { onion_service_name="$1" sleep_ctr=0 - while [ ! -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; do + while [ ! -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; do sleep 1 sleep_ctr=$((sleep_ctr + 1)) if [ $sleep_ctr -gt 10 ]; then @@ -66,12 +66,12 @@ function wait_for_onion_service_base { function wait_for_onion_service { onion_service_name="$1" - wait_for_onion_service_base ${onion_service_name} + wait_for_onion_service_base "${onion_service_name}" - if [ ! -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; then + if [ ! -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; then # try a second time onion_update - wait_for_onion_service_base ${onion_service_name} + wait_for_onion_service_base "${onion_service_name}" fi sync } @@ -87,22 +87,22 @@ function remove_onion_service { sed -i "/hidden_service_${onion_service_name}/,+1 d" /etc/tor/torrc sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" /etc/tor/torrc sed -i "/127.0.0.1:${onion_service_port_to}/d" /etc/tor/torrc - if [ $3 ]; then + if [ "$3" ]; then sed -i "/127.0.0.1:${3}/d" /etc/tor/torrc - if [ $4 ]; then + if [ "$4" ]; then sed -i "/127.0.0.1:${4}/d" /etc/tor/torrc - if [ $5 ]; then + if [ "$5" ]; then sed -i "/127.0.0.1:${5}/d" /etc/tor/torrc fi fi fi - if [ -d ${HIDDEN_SERVICE_PATH}${onion_service_name} ]; then - shred -zu ${HIDDEN_SERVICE_PATH}${onion_service_name}/* - rm -rf ${HIDDEN_SERVICE_PATH}${onion_service_name} + if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}" ]; then + shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}/*" + rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}" fi - if [ -d ${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile ]; then - shred -zu ${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile/* - rm -rf ${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile + if [ -d "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile" ]; then + shred -zu "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile/*" + rm -rf "${HIDDEN_SERVICE_PATH}${onion_service_name}_mobile" fi remove_completion_param "${onion_service_name} onion domain" onion_update @@ -114,8 +114,8 @@ function add_onion_service { onion_service_port_to=$3 onion_stealth_name="$4" - if [ -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; then - echo $(cat ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname) + if [ -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; then + cat "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" USE_V2_ONION_ADDRESS= return fi @@ -143,20 +143,20 @@ function add_onion_service { onion_update function_check wait_for_onion_service - wait_for_onion_service ${onion_service_name} + wait_for_onion_service "${onion_service_name}" - if [ ! -f ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname ]; then - ls -lh ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname + if [ ! -f "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" ]; then + ls -lh "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname" echo $"${onion_service_name} onion site hostname not found" exit 763624 fi - onion_address=$(cat ${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname) + onion_address=$(cat "${HIDDEN_SERVICE_PATH}${onion_service_name}/hostname") # Record the domain in the completion file set_completion_param "${onion_service_name} onion domain" "${onion_address}" - echo $onion_address + echo "$onion_address" } function set_default_onion_domains { @@ -184,19 +184,19 @@ function create_avahi_onion_domains { fi if [ $GNUSOCIAL_DOMAIN_NAME ]; then function_check create_avahi_service - create_avahi_service gnusocial http tcp $GNUSOCIAL_ONION_PORT + create_avahi_service gnusocial http tcp "$GNUSOCIAL_ONION_PORT" fi if [ $HTMLY_DOMAIN_NAME ]; then function_check create_avahi_service - create_avahi_service blog http tcp $HTMLY_ONION_PORT + create_avahi_service blog http tcp "$HTMLY_ONION_PORT" fi if [ $GIT_DOMAIN_NAME ]; then function_check create_avahi_service - create_avahi_service git http tcp $GIT_ONION_PORT + create_avahi_service git http tcp "$GIT_ONION_PORT" fi if [ $DOKUWIKI_DOMAIN_NAME ]; then function_check create_avahi_service - create_avahi_service dokuwiki http tcp $DOKUWIKI_ONION_PORT + create_avahi_service dokuwiki http tcp "$DOKUWIKI_ONION_PORT" fi } @@ -204,16 +204,16 @@ function allow_ssh_to_onion_address { if [[ $SYSTEM_TYPE == "mesh"* ]]; then return fi - if [ ! -d /home/$MY_USERNAME/.ssh ]; then - mkdir /home/$MY_USERNAME/.ssh + if [ ! -d "/home/$MY_USERNAME/.ssh" ]; then + mkdir "/home/$MY_USERNAME/.ssh" fi if [ ! -d /etc/tor ]; then echo $'Tor not found when updating ssh' exit 528257 fi - if ! grep -q "onion" /home/$MY_USERNAME/.ssh/config; then - echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config - echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config + if ! grep -q "onion" "/home/$MY_USERNAME/.ssh/config"; then + echo 'Host *.onion' >> "/home/$MY_USERNAME/.ssh/config" + echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> "/home/$MY_USERNAME/.ssh/config" fi } @@ -225,14 +225,14 @@ function enable_ssh_via_onion { return fi apt-get -yq install tor connect-proxy - if ! grep -q 'Host *.onion' /home/$MY_USERNAME/.ssh/config; then - if [ ! -d /home/$MY_USERNAME/.ssh ]; then - mkdir /home/$MY_USERNAME/.ssh + if ! grep -q 'Host *.onion' "/home/$MY_USERNAME/.ssh/config"; then + if [ ! -d "/home/$MY_USERNAME/.ssh" ]; then + mkdir "/home/$MY_USERNAME/.ssh" fi - echo 'Host *.onion' >> /home/$MY_USERNAME/.ssh/config - echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> /home/$MY_USERNAME/.ssh/config - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh - chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh/config + echo 'Host *.onion' >> "/home/$MY_USERNAME/.ssh/config" + echo 'ProxyCommand connect -R remote -5 -S 127.0.0.1:9050 %h %p' >> "/home/$MY_USERNAME/.ssh/config" + chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.ssh" + chown "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.ssh/config" fi if ! grep -q 'Host *.onion' /root/.ssh/config; then if [ ! -d /root/.ssh ]; then @@ -259,7 +259,7 @@ function configure_ssh_onion { return fi - SSH_ONION_HOSTNAME=$(add_onion_service ssh ${SSH_PORT} ${SSH_PORT}) + SSH_ONION_HOSTNAME=$(add_onion_service ssh "${SSH_PORT}" "${SSH_PORT}") if [[ "$SSH_ONION_HOSTNAME" != *'.onion' ]]; then echo $'ssh onion site not generated' exit 624128 @@ -313,9 +313,9 @@ function resolve_dns_via_tor { # resolve DNS via tor if ! grep -q 'DNSPort 53' /etc/tor/torrc; then - echo 'DNSPort 53' >> /etc/tor/torrc - echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc - echo 'AutomapHostsSuffixes .exit,.onion' >> /etc/tor/torrc + { echo 'DNSPort 53'; + echo 'AutomapHostsOnResolve 1'; + echo 'AutomapHostsSuffixes .exit,.onion'; } >> /etc/tor/torrc onion_update fi @@ -361,8 +361,8 @@ function route_outgoing_traffic_through_tor { # Allow clearnet access for hosts in $_non_tor for _clearnet in $_non_tor; do - iptables -t nat -A OUTPUT -d $_clearnet -j RETURN - iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN + iptables -t nat -A OUTPUT -d "$_clearnet" -j RETURN + iptables -t nat -A PREROUTING -i $_int_if -d "$_clearnet" -j RETURN done # Redirect all other pre-routing and output to Tor @@ -375,7 +375,7 @@ function route_outgoing_traffic_through_tor { # Allow clearnet access for hosts in $_non_tor for _clearnet in $_non_tor 127.0.0.0/8; do - iptables -A OUTPUT -d $_clearnet -j ACCEPT + iptables -A OUTPUT -d "$_clearnet" -j ACCEPT done # Allow only Tor output @@ -438,9 +438,9 @@ function get_app_onion_address { if [ ${#mobilestr} -gt 0 ]; then app_name="mobile${app_name}" fi - if grep -q "${app_name} onion domain" $COMPLETION_FILE; then - if grep -q "${app_name} onion domain" $COMPLETION_FILE; then - echo $(cat ${COMPLETION_FILE} | grep "${app_name} onion domain" | head -n 1 | awk -F ':' '{print $2}') + if grep -q "${app_name} onion domain" "$COMPLETION_FILE"; then + if grep -q "${app_name} onion domain" "$COMPLETION_FILE"; then + grep "${app_name} onion domain" "${COMPLETION_FILE}" | head -n 1 | awk -F ':' '{print $2}' return fi fi @@ -521,7 +521,7 @@ function tor_remove_bridge { function tor_create_bridge_relay { read_config_param 'TOR_BRIDGE_PORT' read_config_param 'TOR_BRIDGE_NICKNAME' - if [ ! $TOR_BRIDGE_PORT ]; then + if [ ! "$TOR_BRIDGE_PORT" ]; then return fi if [ ${#TOR_BRIDGE_PORT} -eq 0 ]; then @@ -548,11 +548,11 @@ function tor_create_bridge_relay { read_config_param 'MY_EMAIL_ADDRESS' sed -i "s|#ContactInfo.*|ContactInfo $MY_EMAIL_ADDRESS|g" /etc/tor/torrc - if [ $TOR_BRIDGE_NICKNAME ]; then + if [ "$TOR_BRIDGE_NICKNAME" ]; then sed -i "s|#Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc sed -i "s|Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc fi - firewall_add tor_bridge $TOR_BRIDGE_PORT tcp + firewall_add tor_bridge "$TOR_BRIDGE_PORT" tcp systemctl restart tor } @@ -573,7 +573,7 @@ function tor_remove_bridge_relay { sed -i "s|Nickname |#Nickname |g" /etc/tor/torrc fi read_config_param 'TOR_BRIDGE_PORT' - firewall_remove $TOR_BRIDGE_PORT tcp + firewall_remove "$TOR_BRIDGE_PORT" tcp systemctl restart tor }