tbb-commits January 2024

tbb-commits@lists.torproject.org

1 participants
128 discussions

[Git][tpo/applications/tor-browser] Pushed new tag FIREFOX_115_7_0esr_BUILD1
by Pier Angelo Vendrame (＠pierov) 16 Jan '24

16 Jan '24

Pier Angelo Vendrame pushed new tag FIREFOX_115_7_0esr_BUILD1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/FIREFOX_1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.6.0esr-13.5-1] 3 commits: fixup! Base Browser's .mozconfigs.
by Pier Angelo Vendrame (＠pierov) 15 Jan '24

15 Jan '24

Pier Angelo Vendrame pushed to branch base-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 87e50941 by Pier Angelo Vendrame at 2024-01-15T18:30:54+01:00 fixup! Base Browser's .mozconfigs. Bug 42337: Enable GeckoDriver for all desktop platforms - - - - - 2aaaaab1 by Pier Angelo Vendrame at 2024-01-15T18:30:58+01:00 fixup! Base Browser's .mozconfigs. Bug 42146: Use LLD on Linux. This should allow us to restore debug symbols on Linux i686. - - - - - b6fdd885 by Tom Ritter at 2024-01-15T18:39:37+01:00 Bug 1873526: Refactor the restriction override list from a big if statement to a list r=KrisWright Differential Revision: https://phabricator.services.mozilla.com/D198081 - - - - - 5 changed files: - browser/config/mozconfigs/base-browser - modules/libpref/Preferences.cpp - mozconfig-linux-i686 - mozconfig-linux-x86_64 - mozconfig-linux-x86_64-dev Changes: ===================================== browser/config/mozconfigs/base-browser ===================================== @@ -50,4 +50,7 @@ if test -z "$WASI_SYSROOT"; then ac_add_options --without-wasm-sandboxed-libraries fi +# tor-browser#42337 +ac_add_options --enable-geckodriver + ac_add_options --with-relative-data-dir=BaseBrowser/Data/Browser ===================================== modules/libpref/Preferences.cpp ===================================== @@ -6024,7 +6024,8 @@ struct PrefListEntry { // StaticPrefList.yml), a string pref, and it is NOT exempted in // sDynamicPrefOverrideList // -// This behavior is codified in ShouldSanitizePreference() below +// This behavior is codified in ShouldSanitizePreference() below. +// Exclusions of preferences can be defined in sOverrideRestrictionsList[]. static const PrefListEntry sRestrictFromWebContentProcesses[] = { // Remove prefs with user data PREF_LIST_ENTRY("datareporting.policy."), @@ -6073,6 +6074,15 @@ static const PrefListEntry sRestrictFromWebContentProcesses[] = { PREF_LIST_ENTRY("toolkit.telemetry.previousBuildID"), }; +// Allowlist for prefs and branches blocklisted in +// sRestrictFromWebContentProcesses[], including prefs from +// StaticPrefList.yaml and *.js, to let them pass. +static const PrefListEntry sOverrideRestrictionsList[]{ + PREF_LIST_ENTRY("services.settings.clock_skew_seconds"), + PREF_LIST_ENTRY("services.settings.last_update_seconds"), + PREF_LIST_ENTRY("services.settings.server"), +}; + // These prefs are dynamically-named (i.e. not specified in prefs.js or // StaticPrefList) and would normally by blocklisted but we allow them through // anyway, so this override list acts as an allowlist @@ -6168,10 +6178,12 @@ static bool ShouldSanitizePreference(const Pref* const aPref) { // pref through. for (const auto& entry : sRestrictFromWebContentProcesses) { if (strncmp(entry.mPrefBranch, prefName, entry.mLen) == 0) { - const auto* p = prefName; // This avoids clang-format doing ugly things. - return !(strncmp("services.settings.clock_skew_seconds", p, 36) == 0 || - strncmp("services.settings.last_update_seconds", p, 37) == 0 || - strncmp("services.settings.server", p, 24) == 0); + for (const auto& pasEnt : sOverrideRestrictionsList) { + if (strncmp(pasEnt.mPrefBranch, prefName, pasEnt.mLen) == 0) { + return false; + } + } + return true; } } ===================================== mozconfig-linux-i686 ===================================== @@ -2,8 +2,11 @@ ac_add_options --target=i686-linux-gnu -ac_add_options --enable-default-toolkit=cairo-gtk3 +# Moz switched to lld for all Linux targets in Bug 1839739. +# Also, gold used not to work with debug symbols (tor-browser#42146). +ac_add_options --enable-linker=lld + +ac_add_options --disable-strip +ac_add_options --disable-install-strip -# Bug 31448: ld.gold fails if we don't disable debug-symbols. -# Also, we keep strip enabled. -ac_add_options --disable-debug-symbols +ac_add_options --enable-default-toolkit=cairo-gtk3 ===================================== mozconfig-linux-x86_64 ===================================== @@ -1,9 +1,9 @@ . $topsrcdir/browser/config/mozconfigs/base-browser -ac_add_options --enable-default-toolkit=cairo-gtk3 +# Moz switched to lld for all Linux targets in Bug 1839739. +ac_add_options --enable-linker=lld ac_add_options --disable-strip ac_add_options --disable-install-strip -# We want to bundle an own geckodriver, so we can use it for QA and other work -ac_add_options --enable-geckodriver +ac_add_options --enable-default-toolkit=cairo-gtk3 ===================================== mozconfig-linux-x86_64-dev ===================================== @@ -4,6 +4,9 @@ # It is only intended to be used when doing incremental Linux builds # during development. +# Moz switched to lld for all Linux targets in Bug 1839739. +ac_add_options --enable-linker=lld + export MOZILLA_OFFICIAL= ac_add_options --enable-default-toolkit=cairo-gtk3 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ae39cc… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ae39cc… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] 3 commits: dropme! Bug 40458: Implement .tor.onion aliases
by Pier Angelo Vendrame (＠pierov) 15 Jan '24

15 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 05d20cc1 by Pier Angelo Vendrame at 2024-01-15T09:46:08+01:00 dropme! Bug 40458: Implement .tor.onion aliases Bug 42354: Upstreamed the ShouldSanitizePreference refactor Drop this commit on the rebase. - - - - - d548b69e by Tom Ritter at 2024-01-15T09:54:34+01:00 Bug 1873526: Refactor the restriction override list from a big if statement to a list r=KrisWright Differential Revision: https://phabricator.services.mozilla.com/D198081 - - - - - 5cbefa67 by guest475646844 at 2024-01-15T09:57:16+01:00 fixup! Bug 40458: Implement .tor.onion aliases - - - - - 1 changed file: - modules/libpref/Preferences.cpp Changes: ===================================== modules/libpref/Preferences.cpp ===================================== @@ -6024,7 +6024,8 @@ struct PrefListEntry { // StaticPrefList.yml), a string pref, and it is NOT exempted in // sDynamicPrefOverrideList // -// This behavior is codified in ShouldSanitizePreference() below +// This behavior is codified in ShouldSanitizePreference() below. +// Exclusions of preferences can be defined in sOverrideRestrictionsList[]. static const PrefListEntry sRestrictFromWebContentProcesses[] = { // Remove prefs with user data PREF_LIST_ENTRY("datareporting.policy."), @@ -6073,6 +6074,18 @@ static const PrefListEntry sRestrictFromWebContentProcesses[] = { PREF_LIST_ENTRY("toolkit.telemetry.previousBuildID"), }; +// Allowlist for prefs and branches blocklisted in +// sRestrictFromWebContentProcesses[], including prefs from +// StaticPrefList.yaml and *.js, to let them pass. +static const PrefListEntry sOverrideRestrictionsList[]{ + PREF_LIST_ENTRY("services.settings.clock_skew_seconds"), + PREF_LIST_ENTRY("services.settings.last_update_seconds"), + PREF_LIST_ENTRY("services.settings.server"), + // tor-browser#41165, tor-browser!765: leave this static pref in + // gSharedMap to prevent a crash in gpu process in debug builds. + PREF_LIST_ENTRY("browser.urlbar.onionRewrites.enabled"), +}; + // These prefs are dynamically-named (i.e. not specified in prefs.js or // StaticPrefList) and would normally by blocklisted but we allow them through // anyway, so this override list acts as an allowlist @@ -6168,13 +6181,12 @@ static bool ShouldSanitizePreference(const Pref* const aPref) { // pref through. for (const auto& entry : sRestrictFromWebContentProcesses) { if (strncmp(entry.mPrefBranch, prefName, entry.mLen) == 0) { - const auto* p = prefName; // This avoids clang-format doing ugly things. - return !(strncmp("services.settings.clock_skew_seconds", p, 36) == 0 || - strncmp("services.settings.last_update_seconds", p, 37) == 0 || - strncmp("services.settings.server", p, 24) == 0 || - // Prevent a crash in debug builds. Please refer to - // StaticPrefList.yaml, tor-browser#41165 and tor-browser!765 for details. - strncmp("browser.urlbar.onionRewrites.enabled", p, 36) == 0); + for (const auto& pasEnt : sOverrideRestrictionsList) { + if (strncmp(pasEnt.mPrefBranch, prefName, pasEnt.mLen) == 0) { + return false; + } + } + return true; } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0c55a3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0c55a3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Add script to tag new release (#13)
by boklm (＠boklm) 15 Jan '24

15 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 899ea231 by Nicolas Vigier at 2024-01-12T11:13:05+01:00 Add script to tag new release (#13) - - - - - 1 changed file: - + git-tag_release.sh Changes: ===================================== git-tag_release.sh ===================================== @@ -0,0 +1,6 @@ +#!/bin/sh +# Make a signed git tag for the current commit, for a new release +set -e +VERSION=$(cat share/torbrowser-launcher/version) +git tag -s --message="torbrowser-launcher version $VERSION" v$VERSION +echo "Created git tag v$VERSION" View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher] Pushed new tag v0.3.7
by boklm (＠boklm) 12 Jan '24

12 Jan '24

boklm pushed new tag v0.3.7 at The Tor Project / Applications / torbrowser-launcher -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/tree/v… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Version bump to 0.3.7 and update changelog
by boklm (＠boklm) 12 Jan '24

12 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: e4bb9790 by Nicolas Vigier at 2024-01-11T20:00:16+01:00 Version bump to 0.3.7 and update changelog - - - - - 3 changed files: - CHANGELOG.md - share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml - share/torbrowser-launcher/version Changes: ===================================== CHANGELOG.md ===================================== @@ -1,5 +1,19 @@ # Tor Browser Launcher Changelog +## 0.3.7 + +* Use Tor Browser 13.0 new filenames +* Adapt AppArmor profile for Tor Browser 13.0 +* Set the TORBROWSER_LAUNCHER environment variable to make it easier + for Tor Browser to see that it is being run by torbrowser-launcher +* Use a proper rDNS ID in AppStream metainfo +* Update to latest version of the Tor Browser OpenPGP signing key +* Remove some unused code to fix a warning +* Add dbus-glib to the rpm package dependencies +* Maintenance of torbrowser-launcher has been handed to Tor Project, + and the git repository moved to + https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ + ## 0.3.6 * Tor Browser 12.0 no longer uses locales, so the download URL and local path have changed ===================================== share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml ===================================== @@ -31,6 +31,7 @@ <update_contact>boklm(a)torproject.org</update_contact> <content_rating type="oars-1.1"/> <releases> + <release version="0.3.7" date="2024-01-12"/> <release version="0.3.6" date="2022-12-13"/> </releases> </component> ===================================== share/torbrowser-launcher/version ===================================== @@ -1 +1 @@ -0.3.6 +0.3.7 View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Remove gnupg_import_ok_pattern from torbrowser_launcher/common.py (#12)
by boklm (＠boklm) 11 Jan '24

11 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 10a13e3f by Nicolas Vigier at 2024-01-11T13:33:31+01:00 Remove gnupg_import_ok_pattern from torbrowser_launcher/common.py (#12) According to https://github.com/torproject/torbrowser-launcher/pull/716 the definition of `gnupg_import_ok_pattern` in `torbrowser_launcher/common.py` is causing some warnings. But it looks like it is not being used since 83fa1d38c44f16a76dd98407e321b9cc9b5b5743, so we can remove it. Thanks to meator for reporting the issue. - - - - - 1 changed file: - torbrowser_launcher/common.py Changes: ===================================== torbrowser_launcher/common.py ===================================== @@ -41,15 +41,6 @@ SHARE = os.getenv("TBL_SHARE", sys.prefix + "/share") + "/torbrowser-launcher" gettext.install("torbrowser-launcher") -# We're looking for output which: -# -# 1. The first portion must be `[GNUPG:] IMPORT_OK` -# 2. The second must be an integer between [0, 15], inclusive -# 3. The third must be an uppercased hex-encoded 160-bit fingerprint -gnupg_import_ok_pattern = re.compile( - b"(\[GNUPG\:\]) (IMPORT_OK) ([0-9]|[1]?[0-5]) ([A-F0-9]{40})" -) - class Common(object): def __init__(self, tbl_version): View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.0-1] 10 commits: fixup! Bug 1823316 - Use 'Snackbar' themed Dialog to notify on making app full-screen
by ma1 (＠ma1) 11 Jan '24

11 Jan '24

ma1 pushed to branch firefox-android-115.2.1-13.0-1 at The Tor Project / Applications / firefox-android Commits: 753c937e by hackademix at 2024-01-11T16:53:03+01:00 fixup! Bug 1823316 - Use 'Snackbar' themed Dialog to notify on making app full-screen Fix tor-browser#42355 backporting regression. - - - - - 0cd27910 by t-p-white at 2024-01-11T16:53:04+01:00 Bug 1864549 - Fix for IllegalStateException in full screen notification dialog - - - - - a7cafd1b by Alexandru2909 at 2024-01-11T16:53:04+01:00 Bug 1810776 - Move DismissedTabBackground into its own file - - - - - e40a62ad by DreVla at 2024-01-11T16:53:05+01:00 Bug 1828493 - Apply purple overlay on list item when in multi-select When having the list layout for tabs tray and entering multi-select mode, the selected list items should have a purple non opaque overlay on the thumbnail, as it was before in the XML implementation. - - - - - b4e5ab52 by Alexandru2909 at 2024-01-11T16:53:05+01:00 Bug 1810776 - Add SwipeToDismiss to composed tabs tray - - - - - 20a18e5b by Noah Bond at 2024-01-11T16:53:05+01:00 Bug 1815579 - Improve performance of image loading in tab items - - - - - a07ec0d9 by Noah Bond at 2024-01-11T16:53:06+01:00 Bug 1840896 - Remove `rememberSaveable` since bitmaps are not serializable - - - - - a860d4a3 by Noah Bond at 2024-01-11T16:53:06+01:00 Bug 1844967 - Improve performance of tab thumbnail loading in Compose - - - - - 0481dabe by Matthew Tighe at 2024-01-11T16:53:07+01:00 Bug 1721904 - update thumbnail caching on app open - - - - - 3400c111 by hackademix at 2024-01-11T16:53:07+01:00 Bug 42191: Temporary StrictMode relaxation to clear the thumbnail cache. - - - - - 30 changed files: - android-components/components/browser/state/src/main/java/mozilla/components/browser/state/action/BrowserAction.kt - android-components/components/browser/state/src/main/java/mozilla/components/browser/state/reducer/ContentStateReducer.kt - android-components/components/browser/tabstray/src/main/java/mozilla/components/browser/tabstray/TabViewHolder.kt - android-components/components/browser/tabstray/src/test/java/mozilla/components/browser/tabstray/DefaultTabViewHolderTest.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/ThumbnailsMiddleware.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/storage/ThumbnailStorage.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/utils/ThumbnailDiskCache.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/ThumbnailsMiddlewareTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/loader/ThumbnailLoaderTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/storage/ThumbnailStorageTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/utils/ThumbnailDiskCacheTest.kt - android-components/components/concept/base/src/main/java/mozilla/components/concept/base/images/ImageRequest.kt - android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/dialog/FullScreenNotificationDialog.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/BaseBrowserFragment.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/TabPreview.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/ToolbarGestureHandler.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/SwipeToDismiss.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/TabThumbnail.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/ThumbnailCard.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/ThumbnailImage.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/list/ListItem.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/DismissedTabBackground.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/TabGridItem.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/TabListItem.kt - fenix/app/src/main/java/org/mozilla/fenix/home/collections/CollectionItem.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recentsyncedtabs/view/RecentSyncedTab.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recentsyncedtabs/view/RecentSyncedTabViewHolder.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recenttabs/view/RecentTabViewHolder.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recenttabs/view/RecentTabs.kt - fenix/app/src/main/java/org/mozilla/fenix/tabstray/TabsTray.kt The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/da… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/da… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] fixup! Bug 40597: Implement TorSettings module
by Pier Angelo Vendrame (＠pierov) 11 Jan '24

11 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 0c55a36a by Pier Angelo Vendrame at 2024-01-09T18:39:07+01:00 fixup! Bug 40597: Implement TorSettings module Bug 42348: Do not use TorSettings.defaultSettings as a starting point for the settings object we receive from Moat. Also, removed the TODO about proxy and firewall, since Moat is not going to send them for now, but throw when we do not receive bridge settings. - - - - - 1 changed file: - toolkit/modules/Moat.sys.mjs Changes: ===================================== toolkit/modules/Moat.sys.mjs ===================================== @@ -2,10 +2,7 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -import { - TorSettings, - TorBridgeSource, -} from "resource://gre/modules/TorSettings.sys.mjs"; +import { TorBridgeSource } from "resource://gre/modules/TorSettings.sys.mjs"; const lazy = {}; @@ -204,68 +201,52 @@ export class MoatRPC { // Convert received settings object to format used by TorSettings module // In the event of error, just return null #fixupSettings(settings) { - try { - let retval = TorSettings.defaultSettings(); - if ("bridges" in settings) { - retval.bridges.enabled = true; - switch (settings.bridges.source) { - case "builtin": - retval.bridges.source = TorBridgeSource.BuiltIn; - retval.bridges.builtin_type = settings.bridges.type; - // Tor Browser will periodically update the built-in bridge strings list using the - // circumvention_builtin() function, so we can ignore the bridge strings we have received here; - // BridgeDB only returns a subset of the available built-in bridges through the circumvention_settings() - // function which is fine for our 3rd parties, but we're better off ignoring them in Tor Browser, otherwise - // we get in a weird situation of needing to update our built-in bridges in a piece-meal fashion which - // seems over-complicated/error-prone - break; - case "bridgedb": - retval.bridges.source = TorBridgeSource.BridgeDB; - if (settings.bridges.bridge_strings) { - retval.bridges.bridge_strings = settings.bridges.bridge_strings; - retval.bridges.disabled_strings = []; - } else { - throw new Error( - "MoatRPC::_fixupSettings(): Received no bridge-strings for BridgeDB bridge source" - ); - } - break; - default: - throw new Error( - `MoatRPC::_fixupSettings(): Unexpected bridge source '${settings.bridges.source}'` - ); + if (!("bridges" in settings)) { + throw new Error("Expected to find `bridges` in the settings object."); + } + const retval = { + bridges: { + enabled: true, + }, + }; + switch (settings.bridges.source) { + case "builtin": + retval.bridges.source = TorBridgeSource.BuiltIn; + retval.bridges.builtin_type = settings.bridges.type; + // TorSettings will ignore strings for built-in bridges, and use the + // ones it already knows, instead. + break; + case "bridgedb": + retval.bridges.source = TorBridgeSource.BridgeDB; + if (settings.bridges.bridge_strings) { + retval.bridges.bridge_strings = settings.bridges.bridge_strings; + } else { + throw new Error( + "Received no bridge-strings for BridgeDB bridge source" + ); } - } - if ("proxy" in settings) { - // TODO: populate proxy settings - } - if ("firewall" in settings) { - // TODO: populate firewall settings - } - return retval; - } catch (ex) { - console.log(ex.message); - return null; + break; + default: + throw new Error( + `Unexpected bridge source '${settings.bridges.source}'` + ); } + return retval; } // Converts a list of settings objects received from BridgeDB to a list of settings objects // understood by the TorSettings module // In the event of error, returns and empty list #fixupSettingsList(settingsList) { - try { - let retval = []; - for (let settings of settingsList) { - settings = this.#fixupSettings(settings); - if (settings != null) { - retval.push(settings); - } + const retval = []; + for (const settings of settingsList) { + try { + retval.push(this.#fixupSettings(settings)); + } catch (ex) { + console.log(ex); } - return retval; - } catch (ex) { - console.log(ex.message); - return []; } + return retval; } // Request tor settings for the user optionally based on their location (derived View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0c55a36… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0c55a36… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] fixup! Bug 40597: Implement TorSettings module
by Pier Angelo Vendrame (＠pierov) 11 Jan '24

11 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: da0f3108 by Pier Angelo Vendrame at 2024-01-09T18:38:42+01:00 fixup! Bug 40597: Implement TorSettings module Bug 42358: Extract the domain fronting request functionality form MoatRPC. - - - - - 3 changed files: - + toolkit/modules/DomainFrontedRequests.sys.mjs - toolkit/modules/Moat.sys.mjs - toolkit/modules/moz.build Changes: ===================================== toolkit/modules/DomainFrontedRequests.sys.mjs ===================================== @@ -0,0 +1,525 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineESModuleGetters(lazy, { + EventDispatcher: "resource://gre/modules/Messaging.sys.mjs", + Subprocess: "resource://gre/modules/Subprocess.sys.mjs", + TorLauncherUtil: "resource://gre/modules/TorLauncherUtil.sys.mjs", + TorProviderBuilder: "resource://gre/modules/TorProviderBuilder.sys.mjs", + TorSettings: "resource://gre/modules/TorSettings.sys.mjs", +}); + +/** + * The meek pluggable transport takes the reflector URL and front domain as + * proxy credentials, which can be prepared with this function. + * + * @param {string} proxyType The proxy type (socks for socks5 or socks4) + * @param {string} reflector The URL of the service hosted by the CDN + * @param {string} front The domain to use as a front + * @returns {string[]} An array containing [username, password] + */ +function makeMeekCredentials(proxyType, reflector, front) { + // Construct the per-connection arguments. + let meekClientEscapedArgs = ""; + + // Escape aValue per section 3.5 of the PT specification: + // First the "<Key>=<Value>" formatted arguments MUST be escaped, + // such that all backslash, equal sign, and semicolon characters + // are escaped with a backslash. + const escapeArgValue = aValue => + aValue + ? aValue + .replaceAll("\\", "\\\\") + .replaceAll("=", "\\=") + .replaceAll(";", "\\;") + : ""; + + if (reflector) { + meekClientEscapedArgs += "url="; + meekClientEscapedArgs += escapeArgValue(reflector); + } + + if (front) { + if (meekClientEscapedArgs.length) { + meekClientEscapedArgs += ";"; + } + meekClientEscapedArgs += "front="; + meekClientEscapedArgs += escapeArgValue(front); + } + + // socks5 + if (proxyType === "socks") { + if (meekClientEscapedArgs.length <= 255) { + return [meekClientEscapedArgs, "\x00"]; + } + return [ + meekClientEscapedArgs.substring(0, 255), + meekClientEscapedArgs.substring(255), + ]; + } else if (proxyType === "socks4") { + return [meekClientEscapedArgs, undefined]; + } + throw new Error(`Unsupported proxy type ${proxyType}.`); +} + +/** + * Subprocess-based implementation to launch and control a PT process. + */ +class MeekTransport { + // These members are used by consumers to setup the proxy to do requests over + // meek. They are passed to newProxyInfoWithAuth. + proxyType = null; + proxyAddress = null; + proxyPort = 0; + proxyUsername = null; + proxyPassword = null; + + #inited = false; + #meekClientProcess = null; + + // launches the meekprocess + async init(reflector, front) { + // ensure we haven't already init'd + if (this.#inited) { + throw new Error("MeekTransport: Already initialized"); + } + + try { + // figure out which pluggable transport to use + const supportedTransports = ["meek", "meek_lite"]; + const provider = await lazy.TorProviderBuilder.build(); + const proxy = (await provider.getPluggableTransports()).find( + pt => + pt.type === "exec" && + supportedTransports.some(t => pt.transports.includes(t)) + ); + if (!proxy) { + throw new Error("No supported transport found."); + } + + const meekTransport = proxy.transports.find(t => + supportedTransports.includes(t) + ); + // Convert meek client path to absolute path if necessary + const meekWorkDir = lazy.TorLauncherUtil.getTorFile( + "pt-startup-dir", + false + ); + if (lazy.TorLauncherUtil.isPathRelative(proxy.pathToBinary)) { + const meekPath = meekWorkDir.clone(); + meekPath.appendRelativePath(proxy.pathToBinary); + proxy.pathToBinary = meekPath.path; + } + + // Setup env and start meek process + const ptStateDir = lazy.TorLauncherUtil.getTorFile("tordatadir", false); + ptStateDir.append("pt_state"); // Match what tor uses. + + const envAdditions = { + TOR_PT_MANAGED_TRANSPORT_VER: "1", + TOR_PT_STATE_LOCATION: ptStateDir.path, + TOR_PT_EXIT_ON_STDIN_CLOSE: "1", + TOR_PT_CLIENT_TRANSPORTS: meekTransport, + }; + if (lazy.TorSettings.proxy.enabled) { + envAdditions.TOR_PT_PROXY = lazy.TorSettings.proxy.uri; + } + + const opts = { + command: proxy.pathToBinary, + arguments: proxy.options.split(/s+/), + workdir: meekWorkDir.path, + environmentAppend: true, + environment: envAdditions, + stderr: "pipe", + }; + + // Launch meek client + this.#meekClientProcess = await lazy.Subprocess.call(opts); + + // Callback chain for reading stderr + const stderrLogger = async () => { + while (this.#meekClientProcess) { + const errString = await this.#meekClientProcess.stderr.readString(); + if (errString) { + console.log(`MeekTransport: stderr => ${errString}`); + } + } + }; + stderrLogger(); + + // Read pt's stdout until terminal (CMETHODS DONE) is reached + // returns array of lines for parsing + const getInitLines = async (stdout = "") => { + stdout += await this.#meekClientProcess.stdout.readString(); + + // look for the final message + const CMETHODS_DONE = "CMETHODS DONE"; + let endIndex = stdout.lastIndexOf(CMETHODS_DONE); + if (endIndex !== -1) { + endIndex += CMETHODS_DONE.length; + return stdout.substring(0, endIndex).split("\n"); + } + return getInitLines(stdout); + }; + + // read our lines from pt's stdout + const meekInitLines = await getInitLines(); + // tokenize our pt lines + const meekInitTokens = meekInitLines.map(line => { + const tokens = line.split(" "); + return { + keyword: tokens[0], + args: tokens.slice(1), + }; + }); + + // parse our pt tokens + for (const { keyword, args } of meekInitTokens) { + const argsJoined = args.join(" "); + let keywordError = false; + switch (keyword) { + case "VERSION": { + if (args.length !== 1 || args[0] !== "1") { + keywordError = true; + } + break; + } + case "PROXY": { + if (args.length !== 1 || args[0] !== "DONE") { + keywordError = true; + } + break; + } + case "CMETHOD": { + if (args.length !== 3) { + keywordError = true; + break; + } + const transport = args[0]; + const proxyType = args[1]; + const addrPortString = args[2]; + const addrPort = addrPortString.split(":"); + + if (transport !== meekTransport) { + throw new Error( + `MeekTransport: Expected ${meekTransport} but found ${transport}` + ); + } + if (!["socks4", "socks4a", "socks5"].includes(proxyType)) { + throw new Error( + `MeekTransport: Invalid proxy type => ${proxyType}` + ); + } + if (addrPort.length !== 2) { + throw new Error( + `MeekTransport: Invalid proxy address => ${addrPortString}` + ); + } + const addr = addrPort[0]; + const port = parseInt(addrPort[1]); + if (port < 1 || port > 65535) { + throw new Error(`MeekTransport: Invalid proxy port => ${port}`); + } + + // convert proxy type to strings used by protocol-proxy-servce + this.proxyType = proxyType === "socks5" ? "socks" : "socks4"; + this.proxyAddress = addr; + this.proxyPort = port; + + break; + } + // terminal + case "CMETHODS": { + if (args.length !== 1 || args[0] !== "DONE") { + keywordError = true; + } + break; + } + // errors (all fall through): + case "VERSION-ERROR": + case "ENV-ERROR": + case "PROXY-ERROR": + case "CMETHOD-ERROR": + throw new Error(`MeekTransport: ${keyword} => '${argsJoined}'`); + } + if (keywordError) { + throw new Error( + `MeekTransport: Invalid ${keyword} keyword args => '${argsJoined}'` + ); + } + } + + // register callback to cleanup on process exit + this.#meekClientProcess.wait().then(exitObj => { + this.#meekClientProcess = null; + this.uninit(); + }); + [this.proxyUsername, this.proxyPassword] = makeMeekCredentials( + this.proxyType, + reflector, + front + ); + this.#inited = true; + } catch (ex) { + if (this.#meekClientProcess) { + this.#meekClientProcess.kill(); + this.#meekClientProcess = null; + } + throw ex; + } + } + + async uninit() { + this.#inited = false; + + await this.#meekClientProcess?.kill(); + this.#meekClientProcess = null; + this.proxyType = null; + this.proxyAddress = null; + this.proxyPort = 0; + this.proxyUsername = null; + this.proxyPassword = null; + } +} + +/** + * Android implementation of the Meek process. + * + * GeckoView does not provide the subprocess module, so we have to use the + * EventDispatcher, and have a Java handler start and stop the proxy process. + */ +class MeekTransportAndroid { + // These members are used by consumers to setup the proxy to do requests over + // meek. They are passed to newProxyInfoWithAuth. + proxyType = null; + proxyAddress = null; + proxyPort = 0; + proxyUsername = null; + proxyPassword = null; + + /** + * An id for process this instance is linked to. + * + * Since we do not restrict the transport to be a singleton, we need a handle to + * identify the process we want to stop when the transport owner is done. + * We use a counter incremented on the Java side for now. + * + * This number must be a positive integer (i.e., 0 is an invalid handler). + * + * @type {number} + */ + #id = 0; + + async init(reflector, front) { + // ensure we haven't already init'd + if (this.#id) { + throw new Error("MeekTransport: Already initialized"); + } + const details = await lazy.EventDispatcher.instance.sendRequestForResult({ + type: "GeckoView:Tor:StartMeek", + }); + this.#id = details.id; + this.proxyType = "socks"; + this.proxyAddress = details.address; + this.proxyPort = details.port; + [this.proxyUsername, this.proxyPassword] = makeMeekCredentials( + this.proxyType, + reflector, + front + ); + } + + async uninit() { + lazy.EventDispatcher.instance.sendRequest({ + type: "GeckoView:Tor:StopMeek", + id: this.#id, + }); + this.#id = 0; + this.proxyType = null; + this.proxyAddress = null; + this.proxyPort = 0; + this.proxyUsername = null; + this.proxyPassword = null; + } +} + +/** + * Callback object to promisify the XPCOM request. + */ +class ResponseListener { + #response = ""; + #responsePromise; + #resolve; + #reject; + constructor() { + this.#response = ""; + // we need this promise here because await nsIHttpChannel::asyncOpen does + // not return only once the request is complete, it seems to return + // after it begins, so we have to get the result from this listener object. + // This promise is only resolved once onStopRequest is called + this.#responsePromise = new Promise((resolve, reject) => { + this.#resolve = resolve; + this.#reject = reject; + }); + } + + // callers wait on this for final response + response() { + return this.#responsePromise; + } + + // noop + onStartRequest(request) {} + + // resolve or reject our Promise + onStopRequest(request, status) { + try { + if (!Components.isSuccessCode(status)) { + const errorMessage = + lazy.TorLauncherUtil.getLocalizedStringForError(status); + this.#reject(new Error(errorMessage)); + } + if (request.responseStatus !== 200) { + this.#reject(new Error(request.responseStatusText)); + } + } catch (err) { + this.#reject(err); + } + this.#resolve(this.#response); + } + + // read response data + onDataAvailable(request, stream, offset, length) { + const scriptableStream = Cc[ + "@mozilla.org/scriptableinputstream;1" + ].createInstance(Ci.nsIScriptableInputStream); + scriptableStream.init(stream); + this.#response += scriptableStream.read(length); + } +} + +// constructs the json objects and sends the request over moat +export class DomainFrontRequestBuilder { + #inited = false; + #meekTransport = null; + + get inited() { + return this.#inited; + } + + async init(reflector, front) { + if (this.#inited) { + throw new Error("MoatRPC: Already initialized"); + } + + const meekTransport = + Services.appinfo.OS === "Android" + ? new MeekTransportAndroid() + : new MeekTransport(); + await meekTransport.init(reflector, front); + this.#meekTransport = meekTransport; + this.#inited = true; + } + + async uninit() { + await this.#meekTransport?.uninit(); + this.#meekTransport = null; + this.#inited = false; + } + + buildHttpHandler(uriString) { + if (!this.#inited) { + throw new Error("MoatRPC: Not initialized"); + } + + const { proxyType, proxyAddress, proxyPort, proxyUsername, proxyPassword } = + this.#meekTransport; + + const proxyPS = Cc[ + "@mozilla.org/network/protocol-proxy-service;1" + ].getService(Ci.nsIProtocolProxyService); + const flags = Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST; + const noTimeout = 0xffffffff; // UINT32_MAX + const proxyInfo = proxyPS.newProxyInfoWithAuth( + proxyType, + proxyAddress, + proxyPort, + proxyUsername, + proxyPassword, + undefined, + undefined, + flags, + noTimeout, + undefined + ); + + const uri = Services.io.newURI(uriString); + // There does not seem to be a way to directly create an nsILoadInfo from + // JavaScript, so we create a throw away non-proxied channel to get one. + const secFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL; + const loadInfo = Services.io.newChannelFromURI( + uri, + undefined, + Services.scriptSecurityManager.getSystemPrincipal(), + undefined, + secFlags, + Ci.nsIContentPolicy.TYPE_OTHER + ).loadInfo; + + const httpHandler = Services.io + .getProtocolHandler("http") + .QueryInterface(Ci.nsIHttpProtocolHandler); + const ch = httpHandler + .newProxiedChannel(uri, proxyInfo, 0, undefined, loadInfo) + .QueryInterface(Ci.nsIHttpChannel); + + // remove all headers except for 'Host" + const headers = []; + ch.visitRequestHeaders({ + visitHeader: (key, val) => { + if (key !== "Host") { + headers.push(key); + } + }, + }); + headers.forEach(key => ch.setRequestHeader(key, "", false)); + + return ch; + } + + /** + * Make a POST request with a JSON body. + * + * @param {string} url The URL to load + * @param {object} args The arguments to send to the procedure. It will be + * serialized to JSON by this function and then set as POST body + * @returns {Promise<object>} A promise with the parsed response + */ + async buildPostRequest(url, args) { + const ch = this.buildHttpHandler(url); + + const argsJson = JSON.stringify(args); + const inStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance( + Ci.nsIStringInputStream + ); + inStream.setData(argsJson, argsJson.length); + const upChannel = ch.QueryInterface(Ci.nsIUploadChannel); + const contentType = "application/vnd.api+json"; + upChannel.setUploadStream(inStream, contentType, argsJson.length); + ch.requestMethod = "POST"; + + // Make request + const listener = new ResponseListener(); + await ch.asyncOpen(listener, ch); + + // wait for response + const responseJSON = await listener.response(); + + // parse that JSON + return JSON.parse(responseJSON); + } +} ===================================== toolkit/modules/Moat.sys.mjs ===================================== @@ -10,10 +10,8 @@ import { const lazy = {}; ChromeUtils.defineESModuleGetters(lazy, { - EventDispatcher: "resource://gre/modules/Messaging.sys.mjs", - Subprocess: "resource://gre/modules/Subprocess.sys.mjs", - TorLauncherUtil: "resource://gre/modules/TorLauncherUtil.sys.mjs", - TorProviderBuilder: "resource://gre/modules/TorProviderBuilder.sys.mjs", + DomainFrontRequestBuilder: + "resource://gre/modules/DomainFrontedRequests.sys.mjs", }); const TorLauncherPrefs = Object.freeze({ @@ -22,372 +20,9 @@ const TorLauncherPrefs = Object.freeze({ moat_service: "extensions.torlauncher.moat_service", }); -function makeMeekCredentials(proxyType) { - // Construct the per-connection arguments. - let meekClientEscapedArgs = ""; - const meekReflector = Services.prefs.getStringPref( - TorLauncherPrefs.bridgedb_reflector - ); - - // Escape aValue per section 3.5 of the PT specification: - // First the "<Key>=<Value>" formatted arguments MUST be escaped, - // such that all backslash, equal sign, and semicolon characters - // are escaped with a backslash. - const escapeArgValue = aValue => - aValue - ? aValue - .replaceAll("\\", "\\\\") - .replaceAll("=", "\\=") - .replaceAll(";", "\\;") - : ""; - - if (meekReflector) { - meekClientEscapedArgs += "url="; - meekClientEscapedArgs += escapeArgValue(meekReflector); - } - const meekFront = Services.prefs.getStringPref( - TorLauncherPrefs.bridgedb_front - ); - if (meekFront) { - if (meekClientEscapedArgs.length) { - meekClientEscapedArgs += ";"; - } - meekClientEscapedArgs += "front="; - meekClientEscapedArgs += escapeArgValue(meekFront); - } - - // socks5 - if (proxyType === "socks") { - if (meekClientEscapedArgs.length <= 255) { - return [meekClientEscapedArgs, "\x00"]; - } else { - return [ - meekClientEscapedArgs.substring(0, 255), - meekClientEscapedArgs.substring(255), - ]; - } - // socks4 - } else { - return [meekClientEscapedArgs, undefined]; - } -} - -// -// Launches and controls the PT process lifetime -// -class MeekTransport { - // These members are used by consumers to setup the proxy to do requests over - // meek. They are passed to newProxyInfoWithAuth. - proxyType = null; - proxyAddress = null; - proxyPort = 0; - proxyUsername = null; - proxyPassword = null; - - #inited = false; - #meekClientProcess = null; - - // launches the meekprocess - async init() { - // ensure we haven't already init'd - if (this.#inited) { - throw new Error("MeekTransport: Already initialized"); - } - - try { - // figure out which pluggable transport to use - const supportedTransports = ["meek", "meek_lite"]; - const provider = await lazy.TorProviderBuilder.build(); - const proxy = (await provider.getPluggableTransports()).find( - pt => - pt.type === "exec" && - supportedTransports.some(t => pt.transports.includes(t)) - ); - if (!proxy) { - throw new Error("No supported transport found."); - } - - const meekTransport = proxy.transports.find(t => - supportedTransports.includes(t) - ); - // Convert meek client path to absolute path if necessary - const meekWorkDir = lazy.TorLauncherUtil.getTorFile( - "pt-startup-dir", - false - ); - if (lazy.TorLauncherUtil.isPathRelative(proxy.pathToBinary)) { - const meekPath = meekWorkDir.clone(); - meekPath.appendRelativePath(proxy.pathToBinary); - proxy.pathToBinary = meekPath.path; - } - - // Setup env and start meek process - const ptStateDir = lazy.TorLauncherUtil.getTorFile("tordatadir", false); - ptStateDir.append("pt_state"); // Match what tor uses. - - const envAdditions = { - TOR_PT_MANAGED_TRANSPORT_VER: "1", - TOR_PT_STATE_LOCATION: ptStateDir.path, - TOR_PT_EXIT_ON_STDIN_CLOSE: "1", - TOR_PT_CLIENT_TRANSPORTS: meekTransport, - }; - if (TorSettings.proxy.enabled) { - envAdditions.TOR_PT_PROXY = TorSettings.proxy.uri; - } - - const opts = { - command: proxy.pathToBinary, - arguments: proxy.options.split(/s+/), - workdir: meekWorkDir.path, - environmentAppend: true, - environment: envAdditions, - stderr: "pipe", - }; - - // Launch meek client - this.#meekClientProcess = await lazy.Subprocess.call(opts); - - // Callback chain for reading stderr - const stderrLogger = async () => { - while (this.#meekClientProcess) { - const errString = await this.#meekClientProcess.stderr.readString(); - if (errString) { - console.log(`MeekTransport: stderr => ${errString}`); - } - } - }; - stderrLogger(); - - // Read pt's stdout until terminal (CMETHODS DONE) is reached - // returns array of lines for parsing - const getInitLines = async (stdout = "") => { - stdout += await this.#meekClientProcess.stdout.readString(); - - // look for the final message - const CMETHODS_DONE = "CMETHODS DONE"; - let endIndex = stdout.lastIndexOf(CMETHODS_DONE); - if (endIndex != -1) { - endIndex += CMETHODS_DONE.length; - return stdout.substring(0, endIndex).split("\n"); - } - return getInitLines(stdout); - }; - - // read our lines from pt's stdout - const meekInitLines = await getInitLines(); - // tokenize our pt lines - const meekInitTokens = meekInitLines.map(line => { - const tokens = line.split(" "); - return { - keyword: tokens[0], - args: tokens.slice(1), - }; - }); - - // parse our pt tokens - for (const { keyword, args } of meekInitTokens) { - const argsJoined = args.join(" "); - let keywordError = false; - switch (keyword) { - case "VERSION": { - if (args.length != 1 || args[0] !== "1") { - keywordError = true; - } - break; - } - case "PROXY": { - if (args.length != 1 || args[0] !== "DONE") { - keywordError = true; - } - break; - } - case "CMETHOD": { - if (args.length != 3) { - keywordError = true; - break; - } - const transport = args[0]; - const proxyType = args[1]; - const addrPortString = args[2]; - const addrPort = addrPortString.split(":"); - - if (transport !== meekTransport) { - throw new Error( - `MeekTransport: Expected ${meekTransport} but found ${transport}` - ); - } - if (!["socks4", "socks4a", "socks5"].includes(proxyType)) { - throw new Error( - `MeekTransport: Invalid proxy type => ${proxyType}` - ); - } - if (addrPort.length != 2) { - throw new Error( - `MeekTransport: Invalid proxy address => ${addrPortString}` - ); - } - const addr = addrPort[0]; - const port = parseInt(addrPort[1]); - if (port < 1 || port > 65535) { - throw new Error(`MeekTransport: Invalid proxy port => ${port}`); - } - - // convert proxy type to strings used by protocol-proxy-servce - this.proxyType = proxyType === "socks5" ? "socks" : "socks4"; - this.proxyAddress = addr; - this.proxyPort = port; - - break; - } - // terminal - case "CMETHODS": { - if (args.length != 1 || args[0] !== "DONE") { - keywordError = true; - } - break; - } - // errors (all fall through): - case "VERSION-ERROR": - case "ENV-ERROR": - case "PROXY-ERROR": - case "CMETHOD-ERROR": - throw new Error(`MeekTransport: ${keyword} => '${argsJoined}'`); - } - if (keywordError) { - throw new Error( - `MeekTransport: Invalid ${keyword} keyword args => '${argsJoined}'` - ); - } - } - - // register callback to cleanup on process exit - this.#meekClientProcess.wait().then(exitObj => { - this.#meekClientProcess = null; - this.uninit(); - }); - [this.proxyUsername, this.proxyPassword] = makeMeekCredentials( - this.proxyType - ); - this.#inited = true; - } catch (ex) { - if (this.#meekClientProcess) { - this.#meekClientProcess.kill(); - this.#meekClientProcess = null; - } - throw ex; - } - } - - async uninit() { - this.#inited = false; - - await this.#meekClientProcess?.kill(); - this.#meekClientProcess = null; - this.proxyType = null; - this.proxyAddress = null; - this.proxyPort = 0; - this.proxyUsername = null; - this.proxyPassword = null; - } -} - -class MeekTransportAndroid { - // These members are used by consumers to setup the proxy to do requests over - // meek. They are passed to newProxyInfoWithAuth. - proxyType = null; - proxyAddress = null; - proxyPort = 0; - proxyUsername = null; - proxyPassword = null; - - #id = 0; - - async init() { - // ensure we haven't already init'd - if (this.#id) { - throw new Error("MeekTransport: Already initialized"); - } - const details = await lazy.EventDispatcher.instance.sendRequestForResult({ - type: "GeckoView:Tor:StartMeek", - }); - this.#id = details.id; - this.proxyType = "socks"; - this.proxyAddress = details.address; - this.proxyPort = details.port; - [this.proxyUsername, this.proxyPassword] = makeMeekCredentials( - this.proxyType - ); - } - - async uninit() { - lazy.EventDispatcher.instance.sendRequest({ - type: "GeckoView:Tor:StopMeek", - id: this.#id, - }); - this.#id = 0; - this.proxyType = null; - this.proxyAddress = null; - this.proxyPort = 0; - this.proxyUsername = null; - this.proxyPassword = null; - } -} - -// -// Callback object with a cached promise for the returned Moat data -// -class MoatResponseListener { - #response = ""; - #responsePromise; - #resolve; - #reject; - constructor() { - this.#response = ""; - // we need this promise here because await nsIHttpChannel::asyncOpen does - // not return only once the request is complete, it seems to return - // after it begins, so we have to get the result from this listener object. - // This promise is only resolved once onStopRequest is called - this.#responsePromise = new Promise((resolve, reject) => { - this.#resolve = resolve; - this.#reject = reject; - }); - } - - // callers wait on this for final response - response() { - return this.#responsePromise; - } - - // noop - onStartRequest(request) {} - - // resolve or reject our Promise - onStopRequest(request, status) { - try { - if (!Components.isSuccessCode(status)) { - const errorMessage = - lazy.TorLauncherUtil.getLocalizedStringForError(status); - this.#reject(new Error(errorMessage)); - } - if (request.responseStatus != 200) { - this.#reject(new Error(request.responseStatusText)); - } - } catch (err) { - this.#reject(err); - } - this.#resolve(this.#response); - } - - // read response data - onDataAvailable(request, stream, offset, length) { - const scriptableStream = Cc[ - "@mozilla.org/scriptableinputstream;1" - ].createInstance(Ci.nsIScriptableInputStream); - scriptableStream.init(stream); - this.#response += scriptableStream.read(length); - } -} - +/** + * A special response listener that collects the received headers. + */ class InternetTestResponseListener { #promise; #resolve; @@ -436,129 +71,45 @@ class InternetTestResponseListener { } } -// constructs the json objects and sends the request over moat +/** + * Constructs JSON objects and sends requests over Moat. + * The documentation about the JSON schemas to use are available at + * https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moa…. + */ export class MoatRPC { - #inited = false; - #meekTransport = null; - - get inited() { - return this.#inited; - } + #requestBuilder = null; async init() { - if (this.#inited) { - throw new Error("MoatRPC: Already initialized"); + if (this.#requestBuilder !== null) { + return; } - const meekTransport = - Services.appinfo.OS === "Android" - ? new MeekTransportAndroid() - : new MeekTransport(); - await meekTransport.init(); - this.#meekTransport = meekTransport; - this.#inited = true; + const reflector = Services.prefs.getStringPref( + TorLauncherPrefs.bridgedb_reflector + ); + const front = Services.prefs.getStringPref(TorLauncherPrefs.bridgedb_front); + const builder = new lazy.DomainFrontRequestBuilder(); + await builder.init(reflector, front); + this.#requestBuilder = builder; } async uninit() { - await this.#meekTransport?.uninit(); - this.#meekTransport = null; - this.#inited = false; - } - - #makeHttpHandler(uriString) { - if (!this.#inited) { - throw new Error("MoatRPC: Not initialized"); - } - - const { proxyType, proxyAddress, proxyPort, proxyUsername, proxyPassword } = - this.#meekTransport; - - const proxyPS = Cc[ - "@mozilla.org/network/protocol-proxy-service;1" - ].getService(Ci.nsIProtocolProxyService); - const flags = Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST; - const noTimeout = 0xffffffff; // UINT32_MAX - const proxyInfo = proxyPS.newProxyInfoWithAuth( - proxyType, - proxyAddress, - proxyPort, - proxyUsername, - proxyPassword, - undefined, - undefined, - flags, - noTimeout, - undefined - ); - - const uri = Services.io.newURI(uriString); - // There does not seem to be a way to directly create an nsILoadInfo from - // JavaScript, so we create a throw away non-proxied channel to get one. - const secFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL; - const loadInfo = Services.io.newChannelFromURI( - uri, - undefined, - Services.scriptSecurityManager.getSystemPrincipal(), - undefined, - secFlags, - Ci.nsIContentPolicy.TYPE_OTHER - ).loadInfo; - - const httpHandler = Services.io - .getProtocolHandler("http") - .QueryInterface(Ci.nsIHttpProtocolHandler); - const ch = httpHandler - .newProxiedChannel(uri, proxyInfo, 0, undefined, loadInfo) - .QueryInterface(Ci.nsIHttpChannel); - - // remove all headers except for 'Host" - const headers = []; - ch.visitRequestHeaders({ - visitHeader: (key, val) => { - if (key !== "Host") { - headers.push(key); - } - }, - }); - headers.forEach(key => ch.setRequestHeader(key, "", false)); - - return ch; + await this.#requestBuilder?.uninit(); + this.#requestBuilder = null; } async #makeRequest(procedure, args) { const procedureURIString = `${Services.prefs.getStringPref( TorLauncherPrefs.moat_service )}/${procedure}`; - const ch = this.#makeHttpHandler(procedureURIString); - - // Arrange for the POST data to be sent. - const argsJson = JSON.stringify(args); - - const inStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance( - Ci.nsIStringInputStream - ); - inStream.setData(argsJson, argsJson.length); - const upChannel = ch.QueryInterface(Ci.nsIUploadChannel); - const contentType = "application/vnd.api+json"; - upChannel.setUploadStream(inStream, contentType, argsJson.length); - ch.requestMethod = "POST"; - - // Make request - const listener = new MoatResponseListener(); - await ch.asyncOpen(listener, ch); - - // wait for response - const responseJSON = await listener.response(); - - // parse that JSON - return JSON.parse(responseJSON); + return this.#requestBuilder.buildPostRequest(procedureURIString, args); } async testInternetConnection() { const uri = `${Services.prefs.getStringPref( TorLauncherPrefs.moat_service )}/circumvention/countries`; - const ch = this.#makeHttpHandler(uri); + const ch = this.#requestBuilder.buildHttpHandler(uri); ch.requestMethod = "HEAD"; const listener = new InternetTestResponseListener(); @@ -566,10 +117,6 @@ export class MoatRPC { return listener.status; } - // - // Moat APIs - // - // Receive a CAPTCHA challenge, takes the following parameters: // - transports: array of transport strings available to us eg: ["obfs4", "meek"] // ===================================== toolkit/modules/moz.build ===================================== @@ -166,6 +166,7 @@ EXTRA_JS_MODULES += [ "DateTimePickerPanel.sys.mjs", "DeferredTask.sys.mjs", "Deprecated.sys.mjs", + "DomainFrontedRequests.sys.mjs", "DragDropFilter.sys.mjs", "E10SUtils.sys.mjs", "EventEmitter.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/da0f310… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/da0f310… You're receiving this email because of your account on gitlab.torproject.org.

1 0

← Newer
1
...
7
8
9
10
11
12
13
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

tbb-commits January 2024