.gitignore

@@ -1,4 +1,4 @@
 /meek-client/meek-client
-/meek-client-torbrowser/meek-client-torbrowser
+/meek-client-wrapper/meek-client-wrapper
 /meek-server/meek-server
 /terminateprocess-buffer/terminateprocess-buffer

README

@@ -51,7 +51,7 @@ Browser extensions for TLS camouflage.
 meek-client:
 The client transport plugin, run by a censored client.
 
-meek-client-torbrowser:
+meek-client-wrapper:
 An auxiliary program for within Tor Browser that runs a second copy of
 Firefox with the browser extension and then configures meek-client to
 use it as a helper.

meek-client-torbrowser/Makefile → meek-client-wrapper/Makefile

@@ -4,13 +4,13 @@ BINDIR = $(PREFIX)/bin
 
 GOBUILDFLAGS =
 
-all: meek-client-torbrowser
+all: meek-client-wrapper
 
-meek-client-torbrowser: *.go
+meek-client-wrapper: *.go
 	go build $(GOBUILDFLAGS)
 
 clean:
-	rm -f meek-client-torbrowser
+	rm -f meek-client-wrapper
 
 fmt:
 	go fmt

meek-client-wrapper/custom-helper.go

@@ -0,0 +1,55 @@
+// +build windows
+
+package main
+
+import (
+	"errors"
+	"bufio"
+	"log"
+	"os"
+	"strings"
+)
+
+const browserHelperToCmdLineHelp = "path to descriptor file for browser helper executable"
+
+// Convert the helper filename into a command line string slice
+func browserHelperToCmdLine(browserHelperPath string) (command []string, err error) {
+	var file *os.File
+	file, err = os.Open(browserHelperPath)
+	if err != nil {
+		return
+	}
+	defer file.Close()
+	scanner := bufio.NewScanner(file)
+	settingEnv := true
+	for scanner.Scan() {
+		line := scanner.Text()
+		if line == "" || strings.HasPrefix(line, "#") {
+			continue
+		} else if settingEnv && strings.Contains(line, "=") {
+			envpair := strings.SplitN(line, "=", 2)
+			if envpair[1] == "" {
+				log.Printf("unset envvar %s", envpair[0])
+				err = os.Unsetenv(envpair[0])
+			} else {
+				log.Printf("set envvar %s=%s", envpair[0], envpair[1])
+				err = os.Setenv(envpair[0], envpair[1])
+			}
+			if err != nil {
+				return
+			}
+		} else {
+			settingEnv = false
+			command = append(command, line)
+		}
+	}
+	err = scanner.Err()
+	if err != nil {
+		return
+	}
+	if (len(command) == 0) {
+		err = errors.New("no commands in meek-browser-helper file: " + browserHelperPath)
+		return
+	}
+	return
+}

meek-client-wrapper/meek-browser-helper

@@ -0,0 +1,29 @@
+#!/bin/sh
+# Example of a meek-browser-helper program.
+# This script creates a new profile, enables the meek-http-helper extension,
+# and launches a new browser instance of it.
+
+# sometimes HOME is not set
+HOME="${HOME:-$(getent passwd "$(id -un)" | cut -d: -f6)}"
+PROFILE="__meek-browser-helper"
+PROFILEDIR="$HOME/.mozilla/firefox/__automated__.$PROFILE"
+EXTID="meek-http-helper@bamsoftware.com"
+EXTPATH="/usr/share/xul-ext/meek-http-helper"
+
+set -e
+
+FIREFOX=firefox
+if [ -z "$DISPLAY" ]; then
+	echo >&2 "DISPLAY not set, using Xvfb(1) for headless operation"
+	FIREFOX="xvfb-run -a firefox"
+fi
+
+$FIREFOX -CreateProfile "$PROFILE $PROFILEDIR" # nop if already exists
+mkdir -p "$PROFILEDIR/extensions"
+test -e "$PROFILEDIR/extensions/$EXTID" || ln -sf "$EXTPATH" "$PROFILEDIR/extensions/$EXTID"
+test -f "$PROFILEDIR/extensions.ini" || cat >"$PROFILEDIR/extensions.ini" <<EOF
+[ExtensionDirs]
+Extension0=$PROFILEDIR/extensions/$EXTID
+EOF
+
+exec $FIREFOX -no-remote -P "$PROFILE"

meek-client-torbrowser/meek-client-torbrowser.go → meek-client-wrapper/meek-client-wrapper.go

@@ -1,19 +1,34 @@
-// meek-client-torbrowser is an auxiliary program that helps with connecting
+// meek-client-wrapper is an auxiliary program that helps with connecting
 // meek-client to meek-http-helper running in Tor Browser.
 //
 // Sample usage in torrc (exact paths depend on platform):
-// 	ClientTransportPlugin meek exec ./meek-client-torbrowser --log meek-client-torbrowser.log -- ./meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com --log meek-client.log
+// 	ClientTransportPlugin meek exec ./meek-client-wrapper --log meek-client-wrapper.log --helper ./tbb-windows.bat -- ./meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com --log meek-client.log
 // Everything up to "--" is options for this program. Everything following it is
-// a meek-client command line. The command line for running firefox is implicit
-// and hardcoded in this program.
+// a meek-client command line.
 //
-// This program, meek-client-torbrowser, starts a copy of firefox under the
-// meek-http-helper profile, which must have configured the meek-http-helper
-// extension. This program reads the stdout of firefox, looking for a special
+// This program, meek-client-wrapper, starts a browser-helper program specified
+// by the --helper option. On non-Windows platforms, this is executed with no
+// arguments; use a shell script if you need something more complex. On Windows,
+// this file instead *describes* what to execute. An example of its format:
+//
+// -- begin example file --
+// # comments and empty lines are ignored
+// OPTIONAL_SET_ENV1=value1
+// OPTIONAL_UNSET_ENV=
+// program_executable
+// optional_arg1
+// optional_arg2
+// -- end example file --
+//
+// In any case, the browser-helper program should launch a browser process that
+// has been configured to use the meek-http-helper extension, ideally in a
+// separate browser profile not used for any other purpose.
+//
+// This program then reads the stdout of the helper, looking for a special
 // line with the listening port number of the extension, one that looks like
 // "meek-http-helper: listen <address>". The meek-client command is then
-// executed as given, except that a --helper option is added that points to the
-// port number read from firefox.
+// executed as given, except that a --helper option is added to it, that points
+// to the port number read from the browser-helper.
 //
 // This program proxies stdin and stdout to and from meek-client, so it is
 // actually meek-client that drives the pluggable transport negotiation with
@@ -30,7 +45,6 @@ import (
 	"os"
 	"os/exec"
 	"os/signal"
-	"path/filepath"
 	"regexp"
 	"syscall"
 )
@@ -39,7 +53,7 @@ import (
 var helperAddrPattern = regexp.MustCompile(`^meek-http-helper: listen (127\.0\.0\.1:\d+)$`)
 
 func usage() {
-	fmt.Fprintf(os.Stderr, "Usage: %s [meek-client-torbrowser args] -- meek-client [meek-client args]\n", os.Args[0])
+	fmt.Fprintf(os.Stderr, "Usage: %s [meek-client-wrapper args] -- meek-client [meek-client args]\n", os.Args[0])
 	flag.PrintDefaults()
 }
 
@@ -63,26 +77,25 @@ func logSignal(p *os.Process, sig os.Signal) error {
 	return err
 }
 
-// Run firefox and return its exec.Cmd and stdout pipe.
-func runFirefox() (cmd *exec.Cmd, stdout io.Reader, err error) {
-	var profilePath string
-	// Mac OS X needs an absolute profile path.
-	profilePath, err = filepath.Abs(firefoxProfilePath)
+// Run browser helper and return its exec.Cmd and stdout pipe.
+func runBrowserHelper(browserHelperPath string) (cmd *exec.Cmd, stdout io.Reader, err error) {
+	var command []string
+	command, err = browserHelperToCmdLine(browserHelperPath)
 	if err != nil {
 		return
 	}
-	cmd = exec.Command(firefoxPath, "-no-remote", "-profile", profilePath)
+	cmd = exec.Command(command[0], command[1:]...)
 	cmd.Stderr = os.Stderr
 	stdout, err = cmd.StdoutPipe()
 	if err != nil {
 		return
 	}
-	log.Printf("running firefox command %q", cmd.Args)
+	log.Printf("running browser-helper command %q", cmd.Args)
 	err = cmd.Start()
 	if err != nil {
 		return
 	}
-	log.Printf("firefox started with pid %d", cmd.Process.Pid)
+	log.Printf("browser-helper started with pid %d", cmd.Process.Pid)
 	return cmd, stdout, nil
 }
 
@@ -131,9 +144,11 @@ func runMeekClient(helperAddr string, meekClientCommandLine []string) (cmd *exec
 
 func main() {
 	var logFilename string
+	var browserHelperPath string
 
 	flag.Usage = usage
 	flag.StringVar(&logFilename, "log", "", "name of log file")
+	flag.StringVar(&browserHelperPath, "helper", "", browserHelperToCmdLineHelp)
 	flag.Parse()
 
 	if logFilename != "" {
@@ -145,41 +160,20 @@ func main() {
 		log.SetOutput(f)
 	}
 
+	if browserHelperPath == "" {
+		log.Fatal("either specify a --helper, or run meek-client directly.")
+	}
+
 	sigChan := make(chan os.Signal, 1)
 	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
 
-	// Unset environment variables that Firefox sets after a restart (as
-	// caused by, for example, an update or the installation of an add-on).
-	// XRE_PROFILE_PATH, in particular, overrides the -profile option that
-	// runFirefox sets, causing Firefox to run with profile.default instead
-	// of profile.meek-http-helper, which conflicts with the profile.default
-	// that is already running. See
-	// https://trac.torproject.org/projects/tor/ticket/13247, particularly
-	// #comment:17 and #comment:18. The environment variable names come from
-	// https://hg.mozilla.org/mozilla-central/file/cfde3603b020/toolkit/xre/nsAppRunner.cpp#l3941
-	var firefoxRestartEnvVars = []string{
-		"XRE_PROFILE_PATH",
-		"XRE_PROFILE_LOCAL_PATH",
-		"XRE_PROFILE_NAME",
-		"XRE_START_OFFLINE",
-		"NO_EM_RESTART",
-		"XUL_APP_FILE",
-		"XRE_BINARY_PATH",
-	}
-	for _, varname := range firefoxRestartEnvVars {
-		err := os.Unsetenv(varname)
-		if err != nil {
-			log.Fatal(err)
-		}
-	}
-
-	// Start firefox.
-	firefoxCmd, stdout, err := runFirefox()
+	// Start browser-helper.
+	browserHelperCmd, stdout, err := runBrowserHelper(browserHelperPath)
 	if err != nil {
 		log.Print(err)
 		return
 	}
-	defer logKill(firefoxCmd.Process)
+	defer logKill(browserHelperCmd.Process)
 
 	// Find out the helper's listening address.
 	helperAddr, err := grepHelperAddr(stdout)

meek-client-wrapper/simple-helper.go

@@ -0,0 +1,11 @@
+// +build !windows
+
+package main
+
+const browserHelperToCmdLineHelp = "path to browser helper executable"
+
+// Convert the helper filename into a command line string slice
+func browserHelperToCmdLine(browserHelperPath string) (command []string, err error) {
+	command = []string{browserHelperPath}
+	return
+}