Tor: allow multiple countries to be selected for Exit relays

This extends the functionality of the Tor CGI in order to be able to
select multiple countries for possible Exit relays, which is - in terms
of anonymity - less worse than limiting all Tor circuits to a single
country.

For example, a user might want to avoid Exit relays in more than one
country, and permit Tor to use Exit relays elesewhere, and vice versa.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
index 983bb30c9ad0ffc66eabb1b40136b5bbdf29c936..78b7333d924ca988e7d0cabd7042b1922ec8b17e 100644 (file)
--- a/html/cgi-bin/tor.cgi
+++ b/html/cgi-bin/tor.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2013-2019  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -316,10 +316,17 @@ END
                        </tr>
                        <tr>
                                <td width='50%' colspan='2'>
-                                       <select name='TOR_EXIT_COUNTRY'>
+                                       <select name='TOR_EXIT_COUNTRY' multiple='multiple'>
                                                <option value=''>- $Lang::tr{'tor exit country any'} -</option>
 END
                my @country_codes = &Location::Functions::get_locations("no_special_locations");
+
+               # Convert Exit/Guard country strings into lists to make comparison easier
+               my @exit_countries;
+               if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
+                       @exit_countries = split(/\|/, $settings{'TOR_EXIT_COUNTRY'});
+               }
+
                foreach my $country_code (@country_codes) {
                        # Convert country code into upper case format.
                        $country_code = uc($country_code);
@@ -329,8 +336,8 @@ END
 
                        print "<option value='$country_code'";
 
-                       if ($settings{'TOR_EXIT_COUNTRY'} eq $country_code) {
-                               print " selected";
+                       if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
+                               print " selected" if grep /$country_code/, @exit_countries;
                        }
 
                        print ">$country_name ($country_code)</option>\n";
@@ -675,8 +682,17 @@ sub BuildConfiguration() {
 
                if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
                        $strict_nodes = 1;
+                       my $countrylist;
+
+                       for my $singlecountry (split(/\|/, $settings{'TOR_EXIT_COUNTRY'})) {
+                               if ($countrylist eq '') {
+                                       $countrylist = "{" . lc $singlecountry . "}";
+                               } else {
+                                       $countrylist = $countrylist . "," . "{" . lc $singlecountry . "}";
+                               }
+                       }
 
-                       print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n";
+                       print FILE "ExitNodes $countrylist\n";
                }
 
                if ($settings{'TOR_USE_EXIT_NODES'} ne '') {