From 8b274753f9ad33f181ca914e60fa5a92d3c4913d Mon Sep 17 00:00:00 2001
From: Fabian Franz <fabianfrz@users.noreply.github.com>
Date: Mon, 25 Sep 2017 08:19:50 +0200
Subject: [PATCH] Tor: fix permission issue (#286)

* setup: set permissions for the log file and create it when missing

* create dirs for hidden services

* Update make_hidden_service_dirs.php

* Tor: add pid dir to setup.sh

* add copyright header to PHP files
---
 .../service/scripts/tor/get_hostnames         | 29 ++++++++++++
 .../scripts/tor/make_hidden_service_dirs.php  | 47 +++++++++++++++++++
 .../src/opnsense/service/scripts/tor/setup.sh |  9 ++++
 .../service/scripts/tor/tor_helper.php        | 29 ++++++++++++
 4 files changed, 114 insertions(+)
 create mode 100755 security/tor/src/opnsense/service/scripts/tor/make_hidden_service_dirs.php

diff --git a/security/tor/src/opnsense/service/scripts/tor/get_hostnames b/security/tor/src/opnsense/service/scripts/tor/get_hostnames
index a108dc51a..683bd8b7d 100755
--- a/security/tor/src/opnsense/service/scripts/tor/get_hostnames
+++ b/security/tor/src/opnsense/service/scripts/tor/get_hostnames
@@ -1,6 +1,35 @@
 #!/usr/local/bin/php
 <?php
 
+/*
+
+    Copyright (C) 2017 Fabian Franz
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+
+
+*/
+
 require_once("config.inc");
 require_once('tor_helper.php');
 use \OPNsense\Tor\HiddenService;
diff --git a/security/tor/src/opnsense/service/scripts/tor/make_hidden_service_dirs.php b/security/tor/src/opnsense/service/scripts/tor/make_hidden_service_dirs.php
new file mode 100755
index 000000000..58a0b6b6d
--- /dev/null
+++ b/security/tor/src/opnsense/service/scripts/tor/make_hidden_service_dirs.php
@@ -0,0 +1,47 @@
+#!/usr/local/bin/php
+<?php
+
+/*
+
+    Copyright (C) 2017 Fabian Franz
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+
+
+*/
+
+require_once("config.inc");
+require_once('tor_helper.php');
+use \OPNsense\Tor\HiddenService;
+
+$services = new HiddenService();
+foreach ($services->service->__items as $service) {
+    $directory_name = ((string)$service->name);
+    $hostdir = TOR_DATA_DIR . '/' . $directory_name;
+    if (!file_exists($hostdir)) {
+        mkdir($hostdir);
+        chown($hostdir, '_tor');
+        chgrp($hostdir, '_tor');
+        chmod($hostdir, 0700);
+    }
+}
diff --git a/security/tor/src/opnsense/service/scripts/tor/setup.sh b/security/tor/src/opnsense/service/scripts/tor/setup.sh
index 1af7a235b..5c71d2b37 100755
--- a/security/tor/src/opnsense/service/scripts/tor/setup.sh
+++ b/security/tor/src/opnsense/service/scripts/tor/setup.sh
@@ -6,5 +6,14 @@ mkdir -p /var/run/tor
 chown _tor:_tor /var/db/tor
 chmod 700 /var/db/tor
 
+touch /var/log/tor.log
+chmod 700 /var/log/tor.log
+chown _tor:_tor /var/log/tor.log
+
+chown _tor:_tor /var/run/tor
+
+# create hidden service dirs:
+/usr/local/opnsense/service/scripts/tor/make_hidden_service_dirs.php
+
 # required to access the pf device for nat
 /usr/sbin/pw groupmod proxy -m _tor
diff --git a/security/tor/src/opnsense/service/scripts/tor/tor_helper.php b/security/tor/src/opnsense/service/scripts/tor/tor_helper.php
index f05179572..0be18b2bc 100644
--- a/security/tor/src/opnsense/service/scripts/tor/tor_helper.php
+++ b/security/tor/src/opnsense/service/scripts/tor/tor_helper.php
@@ -1,3 +1,32 @@
 <?php
 
+/*
+
+    Copyright (C) 2017 Fabian Franz
+    All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+
+
+*/
+
 define('TOR_DATA_DIR', '/var/db/tor');