tor-interface: use TcpOrUnixStream and SocketAddrOrUnixSocketAddr, allow using Legacy Tor over unix-domain sockets

Requires: sfackler/rust-socks#22

Author: nabijaczleweli

source/gosling/Cargo.lock

@@ -584,8 +584,8 @@ pub unsafe extern "C" fn gosling_tor_provider_config_new_system_legacy_client_co
         let tor_control_passwd = std::str::from_utf8(tor_control_passwd)?.to_string();
 
         let tor_config = LegacyTorClientConfig::SystemTor {
-            tor_socks_addr,
-            tor_control_addr,
+            tor_socks_addr: tor_socks_addr.into(),
+            tor_control_addr: tor_control_addr.into(),
             tor_control_auth: Some(TorAuth::Password(tor_control_passwd)),
         };
 

source/gosling/crates/cgosling/src/tor_provider.rs

@@ -23,7 +23,9 @@ regex = "1.9"
 sha1 = "0.10"
 sha3 = "0.10"
 signature = "1.5"
-socks = "0.3"
+# socks = "0.3"
+# socks = { path = "../../../../../rust-socks" }
+socks = { git = "https://github.com/nabijaczleweli/rust-socks" }
 static_assertions = "1.1"
 thiserror = "1.0"
 tokio = { version = "1", features = ["macros"], optional = true }

source/gosling/crates/tor-interface/Cargo.toml

@@ -125,7 +125,7 @@ impl ArtiTorClient {
 }
 
 impl TorProvider for ArtiTorClient {
-    type Stream = TcpOnionStream;
+    type Stream = TcpOrUnixOnionStream;
     type Listener = TcpOnionListener;
 
     fn update(&mut self) -> Result<Vec<TorEvent>, tor_provider::Error> {
@@ -226,8 +226,8 @@ impl TorProvider for ArtiTorClient {
         let stream = self.rpc_conn.open_stream(None, (host.as_str(), port), isolation)
             .map_err(Error::ArtiOpenStreamFailed)?;
 
-        Ok(TcpOnionStream {
-            stream,
+        Ok(TcpOrUnixOnionStream {
+            stream: stream.into(),
             local_addr: None,
             peer_addr: Some(target),
         })

source/gosling/crates/tor-interface/src/arti_tor_client.rs

@@ -10,7 +10,7 @@ use std::sync::{atomic, Arc};
 use std::time::Duration;
 
 // extern crates
-use socks::Socks5Stream;
+use socks::{SocketAddrOrUnixSocketAddr, Socks5Stream};
 
 // internal crates
 use crate::censorship_circumvention::*;
@@ -166,8 +166,8 @@ pub enum LegacyTorClientConfig {
         bridge_lines: Option<Vec<BridgeLine>>,
     },
     SystemTor {
-        tor_socks_addr: SocketAddr,
-        tor_control_addr: SocketAddr,
+        tor_socks_addr: SocketAddrOrUnixSocketAddr,
+        tor_control_addr: SocketAddrOrUnixSocketAddr,
         tor_control_auth: Option<TorAuth>,
     },
 }
@@ -193,7 +193,7 @@ pub struct LegacyTorClient {
     version: LegacyTorVersion,
     controller: LegacyTorController,
     bootstrapped: bool,
-    socks_listener: Option<SocketAddr>,
+    socks_listener: Option<SocketAddrOrUnixSocketAddr>,
     // list of open onion services and their is_active flag
     onion_services: Vec<(V3OnionServiceId, Arc<atomic::AtomicBool>)>,
     // our list of circuit tokens for the tor daemon
@@ -232,9 +232,8 @@ impl LegacyTorClient {
                 tor_control_auth,
             } => {
                 // open a control stream
-                let control_stream =
-                    LegacyControlStream::new(&tor_control_addr, Duration::from_millis(16))
-                        .map_err(Error::LegacyControlStreamCreationFailed)?;
+                let control_stream = LegacyControlStream::new(tor_control_addr, Duration::from_millis(16))
+                    .map_err(Error::LegacyControlStreamCreationFailed)?;
 
                 // create a controler
                 let controller = LegacyTorController::new(control_stream)
@@ -244,7 +243,7 @@ impl LegacyTorClient {
                     None,
                     controller,
                     tor_control_auth.take(),
-                    Some(tor_socks_addr.clone()),
+                    Some(tor_socks_addr.clone().into()),
                 )
             }
         };
@@ -469,7 +468,7 @@ impl LegacyTorClient {
 }
 
 impl TorProvider for LegacyTorClient {
-    type Stream = TcpOnionStream;
+    type Stream = TcpOrUnixOnionStream;
     type Listener = TcpOnionListener;
 
     fn update(&mut self) -> Result<Vec<TorEvent>, tor_provider::Error> {
@@ -603,10 +602,10 @@ impl TorProvider for LegacyTorClient {
             if listeners.is_empty() {
                 return Err(Error::NoSocksListenersFound())?;
             }
-            self.socks_listener = Some(listeners.swap_remove(0));
+            self.socks_listener = Some(listeners.swap_remove(0).into());
         }
 
-        let socks_listener = match self.socks_listener {
+        let socks_listener = match self.socks_listener.as_ref() {
             Some(socks_listener) => socks_listener,
             None => unreachable!(),
         };
@@ -625,10 +624,10 @@ impl TorProvider for LegacyTorClient {
 
         // readwrite stream
         let stream = match &circuit {
-            None => Socks5Stream::connect(socks_listener, socks_target),
+            None => Socks5Stream::connect_either(socks_listener, socks_target),
             Some(circuit) => {
                 if let Some(circuit) = self.circuit_tokens.get(circuit) {
-                    Socks5Stream::connect_with_password(
+                    Socks5Stream::connect_either_with_password(
                         socks_listener,
                         socks_target,
                         &circuit.username,
@@ -641,7 +640,7 @@ impl TorProvider for LegacyTorClient {
         }
         .map_err(Error::Socks5ConnectionFailed)?;
 
-        Ok(TcpOnionStream {
+        Ok(TcpOrUnixOnionStream {
             stream: stream.into_inner(),
             local_addr: None,
             peer_addr: Some(target),

source/gosling/crates/tor-interface/src/legacy_tor_client.rs

@@ -1,14 +1,14 @@
 // standard
 use std::collections::VecDeque;
 use std::default::Default;
-use std::io::{ErrorKind, IoSlice, Read, Write};
-use std::net::{SocketAddr, TcpStream};
+use std::io::{ErrorKind, Read, Write, IoSlice};
 use std::option::Option;
 use std::string::ToString;
 use std::time::Duration;
 
 // extern crates
 use regex::Regex;
+use socks::{SocketAddrOrUnixSocketAddr, TcpOrUnixStream};
 
 #[derive(thiserror::Error, Debug)]
 pub enum Error {
@@ -41,7 +41,7 @@ pub enum Error {
 }
 
 pub(crate) struct LegacyControlStream {
-    stream: TcpStream,
+    stream: TcpOrUnixStream,
     closed_by_remote: bool,
     pending_data: Vec<u8>,
     pending_lines: VecDeque<String>,
@@ -60,12 +60,12 @@ pub(crate) struct Reply {
 }
 
 impl LegacyControlStream {
-    pub fn new(addr: &SocketAddr, read_timeout: Duration) -> Result<LegacyControlStream, Error> {
+    pub fn new<T: Into<SocketAddrOrUnixSocketAddr>>(addr: T, read_timeout: Duration) -> Result<LegacyControlStream, Error> {
         if read_timeout.is_zero() {
             return Err(Error::ReadTimeoutZero());
         }
 
-        let stream = TcpStream::connect(addr).map_err(Error::CreationFailed)?;
+        let stream = TcpOrUnixStream::connect(addr).map_err(Error::CreationFailed)?;
         stream
             .set_read_timeout(Some(read_timeout))
             .map_err(Error::ConfigurationFailed)?;

source/gosling/crates/tor-interface/src/legacy_tor_control_stream.rs

@@ -943,10 +943,22 @@ impl LegacyTorController {
 #[test]
 #[serial]
 fn test_tor_controller() -> anyhow::Result<()> {
+    test_tor_controller_impl(false)
+}
+#[test]
+#[serial]
+#[cfg(unix)]
+fn test_tor_controller_unix() -> anyhow::Result<()> {
+    test_tor_controller_impl(true)
+}
+#[cfg(test)]
+fn test_tor_controller_impl(unix: bool) -> anyhow::Result<()> {
+    use std::borrow::Cow;
+
     let tor_path = which::which(format!("tor{}", std::env::consts::EXE_SUFFIX))?;
     let mut data_path = std::env::temp_dir();
     data_path.push("test_tor_controller");
-    let tor_process = LegacyTorProcess::new(&tor_path, &data_path)?;
+    let tor_process = LegacyTorProcess::new_unix(&tor_path, &data_path, unix)?;
 
     // create a scope to ensure tor_controller is dropped
     {
@@ -956,11 +968,11 @@ fn test_tor_controller() -> anyhow::Result<()> {
         // create a tor controller and send authentication command
         let mut tor_controller = LegacyTorController::new(control_stream)?;
         tor_controller.authenticate_cmd(tor_process.get_password())?;
-        assert!(
+        assert_eq!(
             tor_controller
                 .authenticate_cmd("invalid password")?
-                .status_code
-                == 515u32
+                .status_code,
+            515u32
         );
 
         // tor controller should have shutdown the connection after failed authentication
@@ -991,7 +1003,7 @@ fn test_tor_controller() -> anyhow::Result<()> {
                 "DisableNetwork" => "1",
                 _ => panic!("unexpected returned key: {}", key),
             };
-            assert!(value == expected);
+            assert_eq!(value, expected);
         }
 
         let vals = tor_controller.getinfo(&["version", "config-file", "config-text"])?;
@@ -1002,14 +1014,15 @@ fn test_tor_controller() -> anyhow::Result<()> {
         for (key, value) in vals.iter() {
             match key.as_str() {
                 "version" => assert!(Regex::new(r"\d+\.\d+\.\d+\.\d+")?.is_match(&value)),
-                "config-file" => assert!(Path::new(&value) == expected_torrc_path),
-                "config-text" => assert!(
-                    value.to_string()
-                        == format!(
-                            "\nControlPort auto\nControlPortWriteToFile {}\nDataDirectory {}",
-                            expected_control_port_path.display(),
-                            data_path.display()
-                        )
+                "config-file" => assert_eq!(Path::new(&value), expected_torrc_path),
+                "config-text" => assert_eq!(
+                    value.to_string(),
+                    format!(
+                        "\nControlPort {}\nControlPortWriteToFile {}\nDataDirectory {}",
+                        if unix { Cow::Owned(format!("unix:{}", expected_control_port_path.with_file_name("control.sock").display())) } else { Cow::Borrowed("auto") },
+                        expected_control_port_path.display(),
+                        data_path.display()
+                    )
                 ),
                 _ => panic!("unexpected returned key: {}", key),
             }

source/gosling/crates/tor-interface/src/legacy_tor_controller.rs

@@ -1,4 +1,5 @@
 // standard
+use std::borrow::Cow;
 use std::default::Default;
 use std::fs;
 use std::fs::File;
@@ -12,11 +13,14 @@ use std::str::FromStr;
 use std::string::ToString;
 use std::sync::{Arc, Mutex};
 use std::time::{Duration, Instant};
+#[cfg(unix)]
+use std::os::unix::net::SocketAddr as UnixSocketAddr;
 
 // extern crates
 use data_encoding::HEXUPPER;
 use rand::RngCore;
 use sha1::{Digest, Sha1};
+use socks::SocketAddrOrUnixSocketAddr;
 
 // internal crates
 use crate::tor_crypto::generate_password;
@@ -69,7 +73,7 @@ pub enum Error {
     StdoutReadThreadSpawnFailed(#[source] std::io::Error),
 }
 
-fn read_control_port_file(control_port_file: &Path) -> Result<SocketAddr, Error> {
+fn read_control_port_file(control_port_file: &Path) -> Result<SocketAddrOrUnixSocketAddr, Error> {
     // open file
     let mut file = File::open(control_port_file).map_err(Error::ControlPortFileReadFailed)?;
 
@@ -90,7 +94,14 @@ fn read_control_port_file(control_port_file: &Path) -> Result<SocketAddr, Error>
     if contents.starts_with("PORT=") {
         let addr_string = &contents.trim_end()["PORT=".len()..];
         if let Ok(addr) = SocketAddr::from_str(addr_string) {
-            return Ok(addr);
+            return Ok(addr.into());
+        }
+    }
+    #[cfg(unix)]
+    if contents.starts_with("UNIX_PORT=") {
+        let addr_string = &contents.trim_end()["UNIX_PORT=".len()..];
+        if let Ok(addr) = UnixSocketAddr::from_pathname(addr_string) {
+            return Ok(addr.into());
         }
     }
     Err(Error::ControlPortFileContentsInvalid(format!(
@@ -101,7 +112,7 @@ fn read_control_port_file(control_port_file: &Path) -> Result<SocketAddr, Error>
 
 // Encapsulates the tor daemon process
 pub(crate) struct LegacyTorProcess {
-    control_addr: SocketAddr,
+    control_addr: SocketAddrOrUnixSocketAddr,
     process: Child,
     password: String,
     // stdout data
@@ -162,7 +173,7 @@ impl LegacyTorProcess {
         Self::hash_tor_password_with_salt(&salt, password)
     }
 
-    pub fn get_control_addr(&self) -> &SocketAddr {
+    pub fn get_control_addr(&self) -> &SocketAddrOrUnixSocketAddr {
         &self.control_addr
     }
 
@@ -171,6 +182,11 @@ impl LegacyTorProcess {
     }
 
     pub fn new(tor_bin_path: &Path, data_directory: &Path) -> Result<LegacyTorProcess, Error> {
+        Self::new_unix(tor_bin_path, data_directory, false)
+    }
+
+    /// Unix mode is test/debug only
+    pub(crate) fn new_unix(tor_bin_path: &Path, data_directory: &Path, unix: bool) -> Result<LegacyTorProcess, Error> {
         if tor_bin_path.is_relative() {
             return Err(Error::TorBinPathNotAbsolute(format!(
                 "{}",
@@ -249,10 +265,10 @@ impl LegacyTorProcess {
             // daemon will assign us a port, and we will
             // read it from the control port file
             .arg("ControlPort")
-            .arg("auto")
+            .arg(&*if unix { Cow::Owned(format!("unix:{}", data_directory.join("control.sock").display())) } else { Cow::Borrowed("auto") })
             // control port file destination
             .arg("ControlPortWriteToFile")
-            .arg(control_port_file.clone())
+            .arg(&control_port_file)
             // use password authentication to prevent other apps
             // from modifying our daemon's settings
             .arg("HashedControlPassword")

source/gosling/crates/tor-interface/src/legacy_tor_process.rs

@@ -83,8 +83,8 @@ impl MockTorNetwork {
                     }
 
                     if let Ok(stream) = TcpStream::connect(socket_addr) {
-                        Ok(TcpOnionStream {
-                            stream,
+                        Ok(TcpOrUnixOnionStream {
+                            stream: stream.into(),
                             local_addr: None,
                             peer_addr: Some(TargetAddr::OnionService(onion_addr)),
                         })
@@ -168,7 +168,7 @@ impl Default for MockTorClient {
 }
 
 impl TorProvider for MockTorClient {
-    type Stream = TcpOnionStream;
+    type Stream = TcpOrUnixOnionStream;
     type Listener = TcpOnionListener;
 
     fn update(&mut self) -> Result<Vec<TorEvent>, tor_provider::Error> {
@@ -256,8 +256,8 @@ impl TorProvider for MockTorClient {
                         .local_addr()
                         .expect("loopback local_addr failed"),
                 ) {
-                    return Ok(TcpOnionStream {
-                        stream,
+                    return Ok(TcpOrUnixOnionStream {
+                        stream: stream.into(),
                         local_addr: None,
                         peer_addr: Some(target_address),
                     });