unsafe-browser 5.06 KB
Newer Older
1
#!/bin/sh
2

3
set -e
4
set -u
5

6 7 8 9
. gettext.sh
TEXTDOMAIN="tails"
export TEXTDOMAIN

10 11
# Import tor_is_working()
. /usr/local/lib/tails-shell-library/tor.sh
12

13
# Import the TBB_EXT variable, and guess_best_tor_browser_locale().
14 15
. /usr/local/lib/tails-shell-library/tor-browser.sh

Tails developers's avatar
Tails developers committed
16
# Import localized_tails_doc_page().
17 18
. /usr/local/lib/tails-shell-library/localization.sh

Tails developers's avatar
Tails developers committed
19 20 21 22
# Import try_cleanup_browser_chroot(), setup_browser_chroot(),
# configure_chroot_dns_servers(), configure_chroot_browser(),
# configure_chroot_browser(), set_chroot_browser_locale()
# set_chroot_browser_name(), set_chroot_browser_permissions()
23
# and run_browser_in_chroot().
24 25
. /usr/local/lib/tails-shell-library/chroot-browser.sh

26
error () {
27 28
    local cli_text="${CMD}: `gettext \"error:\"` ${@}"
    local dialog_text="<b><big>`gettext \"Error\"`</big></b>
29

30
${@}"
31
    echo "${cli_text}" >&2
32
    sudo -u "${SUDO_USER}" zenity --error --title "" --text "${dialog_text}"
33 34 35
    exit 1
}

36 37
verify_start () {
    # Make sure the user really wants to start the browser
38
    local dialog_msg="<b><big>`gettext \"Do you really want to launch the Unsafe Browser?\"`</big></b>
39

40
`gettext \"Network activity within the Unsafe Browser is <b>not anonymous</b>.\\nOnly use the Unsafe Browser if necessary, for example\\nif you have to login or register to activate your Internet connection.\"`"
41 42 43 44
    local launch="`gettext \"_Launch\"`"
    local exit="`gettext \"_Exit\"`"
    # Since zenity can't set the default button to cancel, we switch the
    # labels and interpret the return value as its negation.
45
    if sudo -u "${SUDO_USER}" zenity --question --title "" --ok-label "${exit}" \
46
       --cancel-label "${launch}" --text "${dialog_msg}"; then
47 48 49
        exit 0
    fi
}
50

51 52 53
show_start_notification () {
    local title="`gettext \"Starting the Unsafe Browser...\"`"
    local body="`gettext \"This may take a while, so please be patient.\"`"
54
    tails-notify-user "${title}" "${body}" 10000
55 56 57 58 59
}

show_shutdown_notification () {
    local title="`gettext \"Shutting down the Unsafe Browser...\"`"
    local body="`gettext \"This may take a while, and you may not restart the Unsafe Browser until it is properly shut down.\"`"
60
    tails-notify-user "${title}" "${body}" 10000
61 62
}

63 64 65 66 67
maybe_restart_tor () {
    # Restart Tor if it's not working (a captive portal may have prevented
    # Tor from bootstrapping, and a restart is the fastest way to get
    # wheels turning)
    if ! tor_is_working; then
68
        echo "* Restarting Tor"
69
        restart-tor
70
        if ! systemctl --quiet is-active tor@default.service; then
71 72
            error "`gettext \"Failed to restart Tor.\"`"
        fi
73 74
    fi
}
75

76 77
# Main script:

78
CMD="$(basename "${0}")"
79 80 81 82 83 84
LOCK="/var/lock/${CMD}"
CONF_DIR="/var/lib/unsafe-browser"
COW="${CONF_DIR}/cow"
CHROOT="${CONF_DIR}/chroot"
BROWSER_NAME="unsafe-browser"
BROWSER_USER="clearnet"
Tails developers's avatar
Tails developers committed
85
HUMAN_READABLE_NAME="`gettext \"Unsafe Browser\"`"
86
NM_ENV_FILE="/var/lib/NetworkManager/env"
87
WARNING_PAGE='/usr/share/doc/tails/website/misc/unsafe_browser_warning'
88
HOME_PAGE="$(localized_tails_doc_page "${WARNING_PAGE}")"
89

90
# Prevent multiple instances of the script.
91
exec 9>"${LOCK}"
92 93 94 95
if ! flock -x -n 9; then
    error "`gettext \"Another Unsafe Browser is currently running, or being cleaned up. Please retry in a while.\"`"
fi

96
# Get the DNS servers that was obtained from NetworkManager, if any...
97
if [ -r "${NM_ENV_FILE}" ]; then
98 99 100 101
    # We also check that the file we are gonna *source* doesn't
    # contain any unexpected data, like (potentially malicious) shell
    # script. Note that while the regex used for deciding IP addresses
    # is far from perfect, it serves our purpose here.
102
    IP4_REGEX='[0-9]{1,3}(\.[0-9]{1,3}){3}'
103
    NAMESERVERS_REGEX="^IP4_NAMESERVERS=\"(${IP4_REGEX}( ${IP4_REGEX})*)?\"$"
104
    if grep --extended-regexp -qv "${NAMESERVERS_REGEX}" "${NM_ENV_FILE}"; then
105 106
        error "`gettext \"NetworkManager passed us garbage data when trying to deduce the clearnet DNS server.\"`"
    fi
Tails developers's avatar
Tails developers committed
107
    # Import the IP4_NAMESERVERS variable.
108
    eval "$(grep --extended-regexp "${NAMESERVERS_REGEX}" "${NM_ENV_FILE}")"
109 110 111 112 113
fi
# ... otherwise fail.
# FIXME: Or would it make sense to fallback to Google's DNS or OpenDNS?
# Some stupid captive portals may allow DNS to any host, but chances are
# that only the portal's DNS would forward to the login page.
114
if [ -z "${IP4_NAMESERVERS:-}" ]; then
Tails developers's avatar
Tails developers committed
115
    error "`gettext \"No DNS server was obtained through DHCP or manually configured in NetworkManager.\"`"
116 117
fi

118
verify_start
119
show_start_notification
120

121
echo "* Setting up chroot"
122
setup_chroot_for_browser "${CHROOT}" "${COW}" "${BROWSER_USER}" || \
123
    error "`gettext \"Failed to setup chroot.\"`"
124

125
echo "* Configuring chroot"
126 127 128 129
configure_chroot_browser "${CHROOT}" "${BROWSER_USER}" "${BROWSER_NAME}" \
    "${HUMAN_READABLE_NAME}" "${HOME_PAGE}" "${IP4_NAMESERVERS}" \
    "${TBB_EXT}"/langpack-*.xpi || \
        error "`gettext \"Failed to configure browser.\"`"
130

131
echo "* Starting Unsafe Browser"
132
run_browser_in_chroot "${CHROOT}" "${BROWSER_NAME}" "${BROWSER_USER}" \
133 134
    "${SUDO_USER}" || \
    error "`gettext \"Failed to run browser.\"`"
135 136

echo "* Exiting the Unsafe Browser"
137
show_shutdown_notification
138
maybe_restart_tor
139 140

exit 0