Commit 62b61e60 authored by amnesia's avatar amnesia
Browse files

Replaced ntpdate with HTP. Untested.

parent 3175b510
......@@ -50,6 +50,10 @@ Package: libcrypt-x509-perl
Pin: release a=lenny-backports
Pin-Priority: 999
Package: libdatetime-format-dateparse-perl
Pin: release a=testing
Pin-Priority: 999
Package: libetpan13
Pin: release a=lenny-backports
Pin-Priority: 999
......
#!/bin/sh
# Create the ntpdate user.
# Create the htp user.
#
# We run ntpdate as this user, so that we can whitelist its
# We run htpdate as this user, so that we can whitelist its
# non-Torified outgoing packets.
# Including common functions
. "${LH_BASE:-/usr/share/live-helper}"/scripts/build.sh
# Setting static variables
DESCRIPTION="$(Echo 'creating the ntpdate user')"
DESCRIPTION="$(Echo 'creating the htp user')"
HELP=""
USAGE="${PROGRAM}"
......@@ -17,6 +17,6 @@ USAGE="${PROGRAM}"
Read_conffiles config/all config/common config/chroot
Set_defaults
Echo_message "creating the ntpdate user"
Echo_message "creating the htp user"
adduser --system --quiet --group --no-create-home ntpdate || :
adduser --system --quiet --group --no-create-home htp || :
#!/bin/sh
# Remove Debian's ntpdate hook.
#
# Due to the weird environment we run in, we install our own custom
# hook (namely /etc/NetworkManager/dispatcher.d/50-ntp.sh) via
# config/chroot_local-includes.
# Including common functions
. "${LH_BASE:-/usr/share/live-helper}"/scripts/build.sh
# Setting static variables
DESCRIPTION="$(Echo 'removing Debian ntpdate hook')"
HELP=""
USAGE="${PROGRAM}"
# Reading configuration files
Read_conffiles config/all config/common config/chroot
Set_defaults
Echo_message "removing Debian ntpdate hook"
rm --force /etc/network/if-up.d/ntpdate
#!/bin/bash
# Rationale: Tor needs a somewhat accurate clock to work, and for that
# HTP is currently the only practically usable solution when one wants
# to authenticate the servers providing the time. We then need to get
# the IPs of a bunch of HTTPS servers.
# However, since all DNS lookups are normally made through the Tor
# network, which we are not connected to at this point, we use the
# local DNS servers obtained through DHCP if possible, or the OpenDNS
# ones, else.
# To limit fingerprinting possibilities, we do not want to send HTTP
# requests aimed at an IP-based virtualhost such as https://IP/, but
# rather to the usual hostname (e.g. https://www.eff.org/) as any
# "normal" user would do. Once we have got the HTTPS servers IPs, we
# write these to /etc/hosts so the system resolver knows about them.
# htpdate is then run, and we eventually remove the added entries from
# /etc/hosts.
# Note that all network operations (host, htpdate) are done with the
# htp user, who has an exception in the firewall configuration
# granting it direct access to the needed network ports.
# That's why we tell the htpdate script to drops priviledges and run
# as the htp user all operations but the actual setting of time, which
# has to be done as root.
# Run whenever an interface gets "up", not otherwise:
if [[ $2 != "up" ]]; then
exit 0
fi
declare -a HTP_POOL
HTP_POOL=(
'https://www.torproject.org/'
'https://www.eff.org/'
'https://mail.google.com/mail/'
'https://secure.wikimedia.org/'
)
BEGIN_MAGIC='### END HTP HOSTS'
END_MAGIC='### END HTP HOSTS'
if [[ -n "${DHCP4_DOMAIN_NAME_SERVERS}" ]]; then
NAME_SERVERS="${DHCP4_DOMAIN_NAME_SERVERS}"
else
NAME_SERVERS="208.67.222.222 208.67.220.220"
fi
cleanup_etc_hosts() {
echo "FIXME: cleanup /etc/hosts" >&2
true
}
echo "${BEGIN_MAGIC}" >> /etc/hosts
for HTP_HOST in ${HTP_POOL[*]} ; do
DNS_QUERY_CMD=`for NS in ${NAME_SERVERS}; do
echo -n "|| host ${HTP_HOST} ${NS} ";
done | \
tail --bytes=+4`
IP=$(sudo -u htp sh -c "${DNS_QUERY_CMD}" | \
grep "${HTP_HOST} has address" | \
head -n 1 | \
cut -d ' ' -f 4)
if [[ -z ${IP} ]]; then
echo "Failed to resolve ${HTP_HOST}" >&2
echo "${END_MAGIC}" >> /etc/hosts
cleanup_etc_hosts
exit 17
else
echo "${IP} ${HTP_HOST}" >> /etc/hosts
fi
done
echo "${END_MAGIC}" >> /etc/hosts
/usr/local/sbin/htpdate \
-a "`/usr/local/bin/getTorbuttonUserAgent`" \
-f \
-u htp \
${HTP_POOL[*]}
HTPDATE_RET=$?
cleanup_etc_hosts
exit ${HTPDATE_RET}
#!/bin/bash
# Rationale: Tor needs a somewhat accurate clock to work, and for that
# NTP is ideal. We then need to get the IPs of a bunch of NTP servers.
# However, since DNS lookups are made through the Tor network, we use
# the local DNS servers obtained through DHCP if possible, or the
# OpenDNS ones, else.
# Note that all network operations (host, ntpdate) are done with the ntpdate
# user, who has an exception in the firewall configuration granting it direct
# access to the network, which is necessary. The ntpdate user doesn't have the
# privilege to run adjtime()/settimeofday() so we only use ntpdate to query
# the time difference/offset and run date as root to set the time.
# Run whenever an interface gets "up", not otherwise:
if [[ $2 != "up" ]]; then
exit 0
fi
NTP_POOL="pool.ntp.org"
if [[ -n "${DHCP4_DOMAIN_NAME_SERVERS}" ]]; then
NAME_SERVERS="${DHCP4_DOMAIN_NAME_SERVERS}"
else
NAME_SERVERS="208.67.222.222 208.67.220.220"
fi
DNS_QUERY_CMD=`for NS in ${NAME_SERVERS}; do
echo -n "|| host ${NTP_POOL} ${NS} ";
done | \
tail --bytes=+4`
I=0
for X in $(sudo -u ntpdate sh -c "${DNS_QUERY_CMD}" | \
grep "${NTP_POOL} has address" | \
cut -d ' ' -f 4); do
NTP_ADDR[${I}]="${X}"
I=$[${I}+1]
done
if [[ ${I} -eq 0 ]]; then
echo "Failed to resolve pool.ntp.org" >&2
exit 1
fi
I=0
NTP_OFFSET=""
while [[ -n ${NTP_ADDR[${I}]} ]] && [[ -z ${NTP_OFFSET} ]]; do
NTP_ANSWER=$(sudo -u ntpdate ntpdate -s -u -q ${NTP_ADDR[${I}]})
# On success, grep the offset (including sign). Note that it gets
# truncated -- anything below whole seconds are beyond date's
# precision anyway.
if [[ $? -eq 0 ]]; then
NTP_OFFSET=$(echo ${NTP_ANSWER} | sed -e "s/^.*offset \(-\?[[:digit:]]\+\)\..*$/\1/")
fi
I=$[${I}+1]
done
if [[ -z ${NTP_OFFSET} ]]; then
echo "ntpdate failed" >&2
exit 1
fi
# Get a date compatible string of the correct time (by current time modified
# by the offset) and then use it to set the system time.
DATE_STRING=$(date --date "${NTP_OFFSET} seconds" +%m%d%H%M%Y.%S) && \
date ${DATE_STRING} &> /dev/null
exit $?
......@@ -16,12 +16,11 @@
# Tor is allowed to do anything it wants to.
[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT
# The ntpdate user is allowed to connect to services listening on the ntp port...
[0:0] -A OUTPUT -m owner --uid-owner ntpdate -p TCP --dport ntp -j ACCEPT
[0:0] -A OUTPUT -m owner --uid-owner ntpdate -p UDP --dport ntp -j ACCEPT
# The htp user is allowed to connect to services listening on the https port...
[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j ACCEPT
# ... and to services listening on the domain port.
[0:0] -A OUTPUT -m owner --uid-owner ntpdate -p TCP --dport domain -j ACCEPT
[0:0] -A OUTPUT -m owner --uid-owner ntpdate -p UDP --dport domain -j ACCEPT
[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j ACCEPT
[0:0] -A OUTPUT -m owner --uid-owner htp -p UDP --dport domain -j ACCEPT
# Everything else is dropped.
[0:0] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
......@@ -44,12 +43,11 @@ COMMIT
# Tor is allowed to do anything it wants to.
[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j RETURN
# The ntpdate user is allowed to connect to services listening on the ntp port...
[0:0] -A OUTPUT -m owner --uid-owner ntpdate -p TCP --dport ntp -j RETURN
[0:0] -A OUTPUT -m owner --uid-owner ntpdate -p UDP --dport ntp -j RETURN
# The htp user is allowed to connect to services listening on the https port...
[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j RETURN
# ... and to services listening on the domain port.
[0:0] -A OUTPUT -m owner --uid-owner ntpdate -p TCP --dport domain -j RETURN
[0:0] -A OUTPUT -m owner --uid-owner ntpdate -p UDP --dport domain -j RETURN
[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j RETURN
[0:0] -A OUTPUT -m owner --uid-owner htp -p UDP --dport domain -j RETURN
# .onion mapped addresses redirection to Tor.
[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
......
......@@ -40,6 +40,9 @@ libxml-atom-perl
expect
# needed by the upcoming virtualization environment warning
libimvirt-perl
# needed by htpdate
libdatetime-perl
libdatetime-format-dateparse-perl
### Software
audacity
......@@ -103,7 +106,6 @@ mutt
network-manager-gnome
ntfs-3g
ntfsprogs
ntpdate
openoffice.org-calc
openoffice.org-draw
openoffice.org-impress
......
......@@ -165,3 +165,8 @@ target hosts' IPs when wget (run by htpdate) will ask for them: at
boot time, we could do the very same manual hostname resolution we
already do, write the results to `/etc/hosts`, run htpdate, and
eventually remove(?) these entries from `/etc/hosts`.
[[!tag todo/documentation]]
Once this is implemented, the [[design
documentation|contribute/design/NTP]] should be updated.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment