Add dns-proxy-tor, resolves DNS requests through Tor.

dns-proxy-tor is a DNS server that stops
DNS leaks with applications that don't support
or aren't configured to use socks4a or Tor's DNS
resolution.

WWW: http://http://p56soo2ibjkx23xo.onion/

PR:		ports/99033
Submitted by:	Fabian Keil <fk at fabiankeil.de>

security/Makefile

@@ -93,6 +93,7 @@
     SUBDIR += distcache
     SUBDIR += distcache-devel
     SUBDIR += dmitry
+    SUBDIR += dns-proxy-tor
     SUBDIR += donkey
     SUBDIR += doorman
     SUBDIR += doscan

security/dns-proxy-tor/Makefile

@@ -0,0 +1,45 @@
+# ports collection makefile for: 		dns-proxy-tor
+# Date created: 				2006-06-11
+# Whom:						Fabian Keil <fk@fabiankeil.de>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	dns-proxy-tor
+PORTVERSION=	0.0.9
+CATEGORIES=	security dns
+MASTER_SITES=	http://p56soo2ibjkx23xo.onion/ \
+		http://www.fabiankeil.de/sourcecode/freebsd/
+DISTNAME=	trans-proxy-tor-${PORTVERSION}
+
+MAINTAINER=	fk@fabiankeil.de
+COMMENT=	Resolves DNS requests through Tor
+
+RUN_DEPENDS=	${LOCALBASE}/bin/tor:${PORTSDIR}/security/tor-devel
+USE_PERL5_RUN=	yes
+USE_RC_SUBR=	${PORTNAME}
+
+DOCSDIR=	${PREFIX}/share/doc/${PORTNAME}
+SUB_FILES=	pkg-message
+
+do-build:
+pre-install:
+	PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+do-install:
+	${INSTALL} ${WRKSRC}/${PORTNAME} ${PREFIX}/bin/
+
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+.for file in LICENSE README changelog filter-examples
+	${INSTALL_MAN} ${WRKSRC}/${file} ${DOCSDIR}
+.endfor
+	${CHOWN} -R _dns-proxy-tor:_dns-proxy-tor ${DOCSDIR}
+
+.endif
+
+post-install:
+	${MKDIR} ${PREFIX}/var/run/${PORTNAME}
+	${CHOWN} _dns-proxy-tor:_dns-proxy-tor ${PREFIX}/var/run/${PORTNAME}
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>

security/dns-proxy-tor/distinfo

@@ -0,0 +1,3 @@
+MD5 (trans-proxy-tor-0.0.9.tar.gz) = b023f2a01dbcaa4334c05a0b9903044a
+SHA256 (trans-proxy-tor-0.0.9.tar.gz) = 02bc0b1b897c57f488edeccd5bb68fd81f04ef5e8f3323af1471d74452e75697
+SIZE (trans-proxy-tor-0.0.9.tar.gz) = 25553

security/dns-proxy-tor/files/dns-proxy-tor.in

@@ -0,0 +1,70 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: dns-proxy-tor
+# REQUIRE: tor
+# BEFORE: LOGIN
+#
+# This rc script understands the following options which are read from /etc/rc.conf:
+#
+# dns_proxy_tor_enable		  (bool): Set to "NO" by default.
+#					  Set it to "YES" to enable dns-proxy-tor.
+# dns_proxy_tor_user		   (str): dns-proxy-tor Daemon user. Default is _dns-proxy-tor.
+# dns_proxy_tor_group		   (str): dns-proxy-tor Daemon group. Default is _dns-proxy-tor.
+# dns_proxy_tor_start_privileged  (bool): Set to "NO" by default. If set to "YES", dns-proxy-tor
+#					  will be started as root and drop privileges itself.
+# 					  You need to set this option if you want dns-proxy-tor
+#					  to bind to a reserved port. Do not set dns_proxy_user
+#					  to "root".
+# dns_proxy_tor_bind_port	   (str): Set to 5353 by default.
+# dns_proxy_tor_socks_resolve 	  (bool): Set to "NO" by default.
+#					  Set it to "YES" to let dns-proxy-tor return real
+#					  IP adresses instead of virtual ones that only work
+#					  through Tor.
+# dns_proxy_tor_logfile            (str): Default is "/var/log/dns-proxy-tor.log". Created if necessary.
+# dns_proxy_tor_loglevel           (str): Default is "info". For other values read perldoc dns-proxy-tor.
+#					
+# dns_proxy_tor_ctrl_addr_and_port( str): Tor's IP and control port. Default is "127.0.0.1:9051".
+# dns_proxy_tor_socks_addr_and_port(str): Tor's IP and socks port.   Default is "127.0.0.1:9050".
+
+. %%RC_SUBR%%
+
+name="dns_proxy_tor"
+rcvar=${name}_enable
+command_interpreter="/usr/bin/perl"
+load_rc_config ${name}
+
+: ${dns_proxy_tor_enable="NO"}
+: ${dns_proxy_tor_user="_dns-proxy-tor"}
+: ${dns_proxy_tor_group="_dns-proxy-tor"}
+: ${dns_proxy_tor_bind_addr="127.0.0.1"}
+: ${dns_proxy_tor_bind_port="5353"}
+: ${dns_proxy_tor_start_privileged="NO"}
+: ${dns_proxy_tor_logfile="/var/log/dns-proxy-tor.log"}
+: ${dns_proxy_tor_loglevel="info"}
+: ${dns_proxy_tor_socks_resolve="NO"}
+: ${dns_proxy_tor_ctrl_addr_and_port="127.0.0.1:9051"}
+: ${dns_proxy_tor_socks_addr_and_port="127.0.0.1:9050"}
+: ${pidfile="%%PREFIX%%/var/run/dns-proxy-tor/dns-proxy-tor.pid"}
+
+start_precmd="if [ ! -e ${dns_proxy_tor_logfile} ]; then\
+ echo Creating ${dns_proxy_tor_logfile};\
+ touch ${dns_proxy_tor_logfile};\
+ chown ${dns_proxy_tor_user}:${dns_proxy_tor_group} ${dns_proxy_tor_logfile};\
+fi"
+
+command="%%PREFIX%%/bin/dns-proxy-tor"
+command_args="-b ${dns_proxy_tor_bind_addr}:${dns_proxy_tor_bind_port} -p ${pidfile}\
+ -v ${dns_proxy_tor_loglevel} -l ${dns_proxy_tor_logfile} -t ${dns_proxy_tor_ctrl_addr_and_port}"
+
+if [ x$dns_proxy_tor_socks_resolve != xNO ]; then
+		  command_args="${command_args} -s ${dns_proxy_tor_socks_addr_and_port}"    
+fi
+
+if [ x$dns_proxy_tor_start_privileged != xNO ]; then
+		  command_args="${command_args} -u ${dns_proxy_tor_user}:${dns_proxy_tor_user}"
+		  dns_proxy_tor_user="root"
+fi
+
+run_rc_command "$1"

security/dns-proxy-tor/files/pkg-message.in

@@ -0,0 +1,48 @@
+
+Before running dns-proxy-tor you have to add:
+
+  ControlPort 9051
+
+in Tor's configuration file (usually: %%PREFIX%%/etc/tor/torrc).
+
+By default dns-proxy-tor binds to port 5353,
+you can use PF to make sure DNS requests get there:
+
+   # Example taken from %%DOCSDIR%%/filter-examples
+   # redirect dns traffic from both into the dns proxy
+   rdr pass on { lo1 $int_if } inet proto udp to port domain \
+     -> 127.0.0.1 port $dns_proxy
+   # reroute loopback dns queries
+   pass out quick on lo0 route-to lo1 inet proto udp to port domain keep state
+   # skip all other loopback traffic
+   pass quick on lo0 keep state
+   # reroute locally generated dns trying to leave on the external interface
+   pass out on $ext_if route-to lo1 inet proto udp to port domain keep state
+
+Add:
+
+   cloned_interfaces="lo1"
+   ifconfig_lo1="127.0.0.2 up"
+
+to /etc/rc.conf to create and configure lo1 on boot, add
+
+   dns_proxy_tor_enable="YES"
+
+to start dns-proxy-tor on boot as well. If you want dns-proxy-tor
+to bind to the standard port 53, additionally use:
+
+   dns_proxy_tor_start_privileged="YES"
+   dns_proxy_tor_bind_port="53"
+
+Have a look at %%PREFIX%%/etc/rc.d/dns-proxy-tor
+to see the other optional variables you can use.
+
+dns-proxy-tor's README, LICENSE and changelog were copied to
+%%DOCSDIR%%, note that they also contain
+information about trans-proxy-tor which has its own port.
+
+Run:
+
+   perldoc dns-proxy-tor
+
+to see how to use dns-proxy-tor without the rc file.

security/dns-proxy-tor/pkg-deinstall

@@ -0,0 +1,62 @@
+#! /bin/sh
+#
+# Taken from net/cvsup-mirror
+
+PATH=/bin:/usr/sbin
+
+DNS_PROXY_TOR_USER=_dns-proxy-tor
+DNS_PROXY_TOR_GROUP=_dns-proxy-tor
+
+ask() {
+    local question default answer
+
+    question=$1
+    default=$2
+    if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then
+	read -p "${question} [${default}]? " answer
+    fi
+    if [ x${answer} = x ]; then
+	answer=${default}
+    fi
+    echo ${answer}
+}
+
+yesno() {
+    local dflt question answer
+
+    question=$1
+    dflt=$2
+    while :; do
+	answer=$(ask "${question}" "${dflt}")
+	case "${answer}" in
+	[Yy]*)		return 0;;
+	[Nn]*)		return 1;;
+	esac
+	echo "Please answer yes or no."
+    done
+}
+
+delete_account() {
+    local u g home
+
+    u=$1
+    g=$2
+    if yesno "Do you want me to remove group \"${g}\"" y; then
+	pw groupdel -n ${g}
+	echo "Done."
+    fi
+    if yesno "Do you want me to remove user \"${u}\"" y; then
+	eval home=~${u}
+	pw userdel -n ${u}
+	echo "Done."
+	if [ -d "${home}" ]; then
+	    echo "Please remember to remove the home directory \"${home}\""
+	fi
+    fi
+}
+
+if [ x$2 != xDEINSTALL ]; then
+    exit
+fi
+
+delete_account ${DNS_PROXY_TOR_USER} ${DNS_PROXY_TOR_GROUP}

security/dns-proxy-tor/pkg-descr

@@ -0,0 +1,9 @@
+dns-proxy-tor is a DNS server that stops
+DNS leaks with applications that don't support
+or aren't configured to use socks4a or Tor's DNS
+resolution.
+
+WWW: http://http://p56soo2ibjkx23xo.onion/
+(Hidden service, only accessible through Tor)
+Author: tup <tup at mailvault.com>
+License: None (dns-proxy-tor is in the public domain)

security/dns-proxy-tor/pkg-install

@@ -0,0 +1,36 @@
+#!/bin/sh
+# Taken from security/tor
+
+if [ x"$2" = xPRE-INSTALL ]; then
+    USER="_dns-proxy-tor"
+    UID="257"
+    GROUP="_dns-proxy-tor"
+    GID="257"
+
+	if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then
+		echo "You already have a group \"${GROUP}\", so I will use it."
+	else
+		if /usr/sbin/pw groupadd ${GROUP} -g ${GID}; then
+		    echo "Added group \"${GROUP}\"."
+	    else
+		    echo "Adding group \"${GROUP}\" failed..."
+			echo "Please create it, and try again."
+	    	exit 1
+		fi
+	fi
+
+	if /usr/sbin/pw user show "${USER}" 2>/dev/null; then
+		echo "You already have a user \"${USER}\", so I will use it."
+	else
+		if /usr/sbin/pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \
+           -d /nonexistent \
+           -s /sbin/nologin \
+           -c "dns-proxy-tor user"; then
+	        echo "Added user \"${USER}\"."
+	    else
+	        echo "Adding user \"${USER}\" failed..."
+	        echo "Please create it, and try again."
+	        exit 1
+	    fi
+	fi
+fi

security/dns-proxy-tor/pkg-plist

@@ -0,0 +1,9 @@
+bin/dns-proxy-tor
+%%PORTDOCS%%%%DOCSDIR%%/LICENSE
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/changelog
+%%PORTDOCS%%%%DOCSDIR%%/filter-examples
+@dirrmtry %%PORTDOCS%%%%DOCSDIR%%
+@exec mkdir -p %D/var/run/dns-proxy-tor
+@exec chown _dns-proxy-tor:_dns-proxy-tor %D/var/run/dns-proxy-tor
+@dirrmtry var/run/dns-proxy-tor