[tor-commits] [bridgedb/master] Add HTTPS_ROTATION_PERIOD and EMAIL_ROTATION_PERIOD config options.
isis at torproject.org
isis at torproject.org
Fri May 1 07:10:58 UTC 2015
commit ceac2ff7b2c966cfea495850d6905d93e675ec03
Author: Isis Lovecruft <isis at torproject.org>
Date: Tue Mar 31 02:19:27 2015 +0000
Add HTTPS_ROTATION_PERIOD and EMAIL_ROTATION_PERIOD config options.
This implements configuration of the hashring rotation periods for
BridgeDB's distributors via the configuration file.
The behaviour for hashring rotation for the EmailBasedDistributor is
such that, when `bridgedb.email.autoresponder.createResponseBody()`
calls `EmailBasedDistributor.getBridgesForEmail(EMAIL_ADDRESS, EPOCH)`
with the `EPOCH` set to the start of the current EMAIL_ROTATION_PERIOD,
the client's position in the hashring is determined by the HMAC of the
string `"<EPOCH>EMAIL_ADDRESS"`. Therefore, the EMAIL_ROTATION_PERIOD
directly effects where the client is placed in the hashring, resulting
in different bridges for the user, depending on whether the period has
elapsed. With the default setting of `"1 day"`, and taking into account
also that the EmailBasedDistributor only responds to a particular user
once per three hours, this results in the client being able to ask for
(and receive) vanilla bridges (starting from hashring position A) at
9:00, obfs3 bridges (also from position A) at 12:00, obfs4 bridges (from
position A again) at 15:00, and so on, and finally different vanilla
bridges (from hashring position B) the next morning at 9:00.
For the IPBasedDistributor, the behaviour for hashring rotation is that
the client's hashring position is determined by the HMAC of the string
`"<EPOCH>AREA"` where `EPOCH` is again the start of the current
HTTPS_ROTATION_PERIOD, and the `AREA` is the `/16` subnet which the
client's IP address resides within. If the client is using Tor or some
other open proxy, then the client's hashring position is determined by
`"known-proxy<EPOCH>GROUP"` where `EPOCH` is the same as before, and
`GROUP` is a number (currently 1 through 4, inclusive) deterministically
derived from the IP address of the Tor Exit relay or open proxy that the
client is using. Using `GROUP` causes there to only be 4 sets of
bridges available to any and all Tor/proxy users at a given time. Hence
additionally using `EPOCH` rotates the set of 4 bridges available. The
default setting is `"3 hours"`, causing all Tor/proxy users to have 4
different sets of bridges every three hours, while non-Tor users have a
new set of bridges (probably) unique to their IP address available every
three hours.
These defaults for HTTPS_ROTATION_PERIOD and EMAIL_ROTATION_PERIOD will
likely need to be changed and fiddled with to make the behaviour an
optimum balance between user-friendly and resilient to enumeration.
* FIXES #1839: https://bugs.torproject.org/1839.
This implement Roger's suggestion to add the rotation periods as
configuration file options.
---
bridgedb.conf | 32 ++++++++++++++++++++++++++++++++
lib/bridgedb/HTTPServer.py | 15 ++++++++++-----
lib/bridgedb/Main.py | 8 ++------
lib/bridgedb/configure.py | 4 ++++
lib/bridgedb/email/server.py | 12 +++++++++---
lib/bridgedb/test/email_helpers.py | 3 +++
lib/bridgedb/test/test_email_server.py | 2 +-
7 files changed, 61 insertions(+), 15 deletions(-)
diff --git a/bridgedb.conf b/bridgedb.conf
index c91cc73..2a1c367 100644
--- a/bridgedb.conf
+++ b/bridgedb.conf
@@ -20,6 +20,11 @@
#
# CHANGELOG:
# ~~~~~~~~~~
+# Changed in version 0.3.2 - 2015-03-30
+# * CHANGE to using BridgeDB release versions for bridgedb.conf file versions.
+# * ADD support for specifying bridge rotation periods via the
+# EMAIL_ROTATION_PERIOD and HTTPS_ROTATION_PERIOD settings.
+#
# Changed in version 0.0.15 - 2015-03-26
# * ADD new SUPPORTED_TRANSPORTS and DEFAULT_TRANSPORT settings.
#
@@ -295,6 +300,20 @@ HTTPS_INCLUDE_FINGERPRINTS = True
# the *last* entry from its X-Forwarded-For header as the client's IP.
HTTPS_USE_IP_FROM_FORWARDED_HEADER = False
+# (string or None) The period at which the available bridges rotates to a
+# separate set of bridges. This setting can be used in the form
+#
+# "COUNT PERIOD" where
+# COUNT is an integer
+# PERIOD is one of "second", "minute", "hour", "day",
+# "week", or "month" (or any plural form).
+#
+# For example, setting HTTPS_ROTATION_PERIOD = "3 days" will result in the set
+# of bridges which are available through the web interface (either HTTP or
+# HTTPS) getting rotated once every three days. Setting this to None disables
+# rotation entirely.
+HTTPS_ROTATION_PERIOD = "3 hours"
+
# (string or None) The IP address to listen on for unencrypted HTTP
# connections. Set to ``None`` to disable unencrypted connections to the web
# interface.
@@ -342,6 +361,19 @@ GIMP_CAPTCHA_RSA_KEYFILE = 'captcha_rsa_key'
# True if we are enabling distribution via Email; false otherwise.
EMAIL_DIST = True
+# (string or None) The period at which the available bridges rotates to a
+# separate set of bridges. This setting can be used in the form
+#
+# "COUNT PERIOD" where
+# COUNT is an integer
+# PERIOD is one of "second", "minute", "hour", "day",
+# "week", or "month" (or any plural form).
+#
+# For example, setting EMAIL_ROTATION_PERIOD = "3 days" will result in the set
+# of bridges which are available through the email interface getting rotated
+# once every three days. Setting this to None disables rotation entirely.
+EMAIL_ROTATION_PERIOD = "1 day"
+
# What email addresses do we use for outgoing email?
# EMAIL_FROM_ADDR goes in the 'From:' header on outgoing emails:
diff --git a/lib/bridgedb/HTTPServer.py b/lib/bridgedb/HTTPServer.py
index ae86957..2e0398c 100644
--- a/lib/bridgedb/HTTPServer.py
+++ b/lib/bridgedb/HTTPServer.py
@@ -54,6 +54,8 @@ from bridgedb.parse import headers
from bridgedb.parse.addr import isIPAddress
from bridgedb.qrcodes import generateQR
from bridgedb.safelog import logSafely
+from bridgedb.schedule import Unscheduled
+from bridgedb.schedule import ScheduledInterval
TEMPLATE_DIR = os.path.join(os.path.dirname(__file__), 'templates')
@@ -819,7 +821,7 @@ class WebRoot(resource.Resource):
return rendered
-def addWebServer(cfg, dist, sched):
+def addWebServer(cfg, dist):
"""Set up a web server for HTTP(S)-based bridge distribution.
:type cfg: :class:`bridgedb.persistent.Conf`
@@ -835,6 +837,7 @@ def addWebServer(cfg, dist, sched):
HTTPS_PORT
HTTPS_BIND_IP
HTTPS_USE_IP_FROM_FORWARDED_HEADER
+ HTTPS_ROTATION_PERIOD
RECAPTCHA_ENABLED
RECAPTCHA_PUB_KEY
RECAPTCHA_SEC_KEY
@@ -845,10 +848,6 @@ def addWebServer(cfg, dist, sched):
GIMP_CAPTCHA_RSA_KEYFILE
:type dist: :class:`bridgedb.Dist.IPBasedDistributor`
:param dist: A bridge distributor.
- :type sched: :class:`bridgedb.schedule.ScheduledInterval`
- :param sched: The scheduled interval at which bridge selection, which
- are ultimately displayed on the :class:`WebResourceBridges` page, will
- be shifted.
:raises SystemExit: if the servers cannot be started.
:rtype: :api:`twisted.web.server.Site`
:returns: A webserver.
@@ -887,6 +886,12 @@ def addWebServer(cfg, dist, sched):
hmacKey=hmacKey,
captchaDir=cfg.GIMP_CAPTCHA_DIR)
+ if cfg.HTTPS_ROTATION_PERIOD:
+ count, period = cfg.HTTPS_ROTATION_PERIOD.split()
+ sched = ScheduledInterval(count, period)
+ else:
+ sched = Unscheduled()
+
bridges = WebResourceBridges(dist, sched, numBridges,
fwdHeaders, includeFingerprints=fprInclude)
if captcha:
diff --git a/lib/bridgedb/Main.py b/lib/bridgedb/Main.py
index 31a9c66..3b018f9 100644
--- a/lib/bridgedb/Main.py
+++ b/lib/bridgedb/Main.py
@@ -512,13 +512,9 @@ def run(options, reactor=reactor):
# Configure all servers:
if config.HTTPS_DIST and config.HTTPS_SHARE:
- #webSchedule = schedule.ScheduledInterval("day", 2)
- webSchedule = schedule.Unscheduled()
- HTTPServer.addWebServer(config, ipDistributor, webSchedule)
+ HTTPServer.addWebServer(config, ipDistributor)
if config.EMAIL_DIST and config.EMAIL_SHARE:
- #emailSchedule = schedule.ScheduledInterval("day", 1)
- emailSchedule = schedule.Unscheduled()
- addSMTPServer(config, emailDistributor, emailSchedule)
+ addSMTPServer(config, emailDistributor)
tasks = {}
diff --git a/lib/bridgedb/configure.py b/lib/bridgedb/configure.py
index 54dcdff..8a24d35 100644
--- a/lib/bridgedb/configure.py
+++ b/lib/bridgedb/configure.py
@@ -115,6 +115,10 @@ def loadConfig(configFile=None, configCls=None):
else:
setattr(config, attr, os.path.abspath(os.path.expanduser(setting)))
+ for attr in ["HTTPS_ROTATION_PERIOD", "EMAIL_ROTATION_PERIOD"]:
+ setting = getattr(config, attr, None) # Default to None
+ setattr(config, attr, setting)
+
for attr in ["FORCE_PORTS", "FORCE_FLAGS", "NO_DISTRIBUTION_COUNTRIES"]:
setting = getattr(config, attr, []) # Default to empty lists
setattr(config, attr, setting)
diff --git a/lib/bridgedb/email/server.py b/lib/bridgedb/email/server.py
index cde4637..8034d35 100644
--- a/lib/bridgedb/email/server.py
+++ b/lib/bridgedb/email/server.py
@@ -68,6 +68,8 @@ from bridgedb.email import request
from bridgedb.parse import addr
from bridgedb.parse.addr import UnsupportedDomain
from bridgedb.parse.addr import canonicalizeEmailDomain
+from bridgedb.schedule import ScheduledInterval
+from bridgedb.schedule import Unscheduled
class MailServerContext(object):
@@ -458,7 +460,7 @@ class SMTPIncomingServerFactory(smtp.SMTPFactory):
return p
-def addServer(config, distributor, schedule):
+def addServer(config, distributor):
"""Set up a SMTP server which listens on the configured ``EMAIL_PORT`` for
incoming connections, and responds as necessary to requests for bridges.
@@ -467,9 +469,13 @@ def addServer(config, distributor, schedule):
:type distributor: :class:`bridgedb.Dist.EmailBasedDistributor`
:param dist: A distributor which will handle database interactions, and
will decide which bridges to give to who and when.
- :type schedule: :class:`bridgedb.schedule.ScheduledInterval`
- :param schedule: The schedule. XXX: Is this even used?
"""
+ if config.EMAIL_ROTATION_PERIOD:
+ count, period = config.EMAIL_ROTATION_PERIOD.split()
+ schedule = ScheduledInterval(count, period)
+ else:
+ schedule = Unscheduled()
+
context = MailServerContext(config, distributor, schedule)
factory = SMTPIncomingServerFactory()
factory.setContext(context)
diff --git a/lib/bridgedb/test/email_helpers.py b/lib/bridgedb/test/email_helpers.py
index 5e4262d..c80e2ea 100644
--- a/lib/bridgedb/test/email_helpers.py
+++ b/lib/bridgedb/test/email_helpers.py
@@ -24,6 +24,7 @@ from bridgedb.test.test_HTTPServer import DummyBridge
EMAIL_DIST = True
+EMAIL_ROTATION_PERIOD = "1 day"
EMAIL_INCLUDE_FINGERPRINTS = True
EMAIL_GPG_SIGNING_ENABLED = True
EMAIL_GPG_HOMEDIR = '.gnupg'
@@ -54,6 +55,7 @@ EMAIL_PORT = 5225
TEST_CONFIG_FILE = io.StringIO(unicode("""\
EMAIL_DIST = %s
+EMAIL_ROTATION_PERIOD = %s
EMAIL_INCLUDE_FINGERPRINTS = %s
EMAIL_GPG_SIGNING_ENABLED = %s
EMAIL_GPG_HOMEDIR = %s
@@ -75,6 +77,7 @@ EMAIL_FROM_ADDR = %s
EMAIL_BIND_IP = %s
EMAIL_PORT = %s
""" % (repr(EMAIL_DIST),
+ repr(EMAIL_ROTATION_PERIOD),
repr(EMAIL_INCLUDE_FINGERPRINTS),
repr(EMAIL_GPG_SIGNING_ENABLED),
repr(EMAIL_GPG_HOMEDIR),
diff --git a/lib/bridgedb/test/test_email_server.py b/lib/bridgedb/test/test_email_server.py
index f79f603..e8c9112 100644
--- a/lib/bridgedb/test/test_email_server.py
+++ b/lib/bridgedb/test/test_email_server.py
@@ -524,7 +524,7 @@ class EmailServerServiceTests(SMTPTestCaseMixin, unittest.TestCase):
def test_addServer(self):
"""Call :func:`bridgedb.email.server.addServer` to test startup."""
- factory = server.addServer(self.config, self.dist, self.sched)
+ factory = server.addServer(self.config, self.dist)
factory.timeout = None
factory.protocol.timeout = None # Or else the reactor gets dirty
More information about the tor-commits
mailing list