[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r16340: Load/generate key material for either of the two client auth (tor/branches/121-hs-authorization/src/or)



Author: kloesing
Date: 2008-08-01 19:20:17 -0400 (Fri, 01 Aug 2008)
New Revision: 16340

Modified:
   tor/branches/121-hs-authorization/src/or/rendservice.c
   tor/branches/121-hs-authorization/src/or/routerparse.c
Log:
Load/generate key material for either of the two client authorization protocols.

Modified: tor/branches/121-hs-authorization/src/or/rendservice.c
===================================================================
--- tor/branches/121-hs-authorization/src/or/rendservice.c	2008-08-01 23:15:17 UTC (rev 16339)
+++ tor/branches/121-hs-authorization/src/or/rendservice.c	2008-08-01 23:20:17 UTC (rev 16340)
@@ -161,7 +161,6 @@
   if (!service->intro_exclude_nodes)
     service->intro_exclude_nodes = tor_strdup("");
   service->intro_nodes = smartlist_create();
-  service->auth_type = 0;
 
   /* If the service is configured to publish unversioned (v0) and versioned
    * descriptors (v2 or higher), split it up into two separate services. */
@@ -508,7 +507,7 @@
   int i;
   rend_service_t *s;
   char fname[512];
-  char buf[128];
+  char buf[1500];
 
   for (i=0; i < smartlist_len(rend_service_list); ++i) {
     s = smartlist_get(rend_service_list,i);
@@ -561,7 +560,7 @@
       strmap_t *parsed_clients = strmap_new();
       char cfname[512];
 
-      /* Load client keys and descriptor cookies, if available */
+      /* Load client keys and descriptor cookies, if available. */
       if (strlcpy(cfname,s->directory,sizeof(cfname)) >= sizeof(cfname) ||
           strlcat(cfname,PATH_SEPARATOR"client_keys",sizeof(cfname))
                                                       >= sizeof(cfname)) {
@@ -575,44 +574,49 @@
       log_info(LD_CONFIG, "Parsed %d previously stored client entries.",
           strmap_size(parsed_clients));
 
-      /* Prepare hostname file. */
-      if (write_str_to_file(fname,
-          "# This hidden service is configured to be accessed only by "
-          "authorized\n# clients. In order to allow your clients to "
-          "access your service, provide\n# them with the onion addresses "
-          "and client keys below (excluding the #\n# character and your "
-          "chosen client name.)\n\n",0)<0) {
-        log_warn(LD_CONFIG, "Could not write initial comment to hostname "
-                            "file.");
+      /* Prepare client_keys and hostname files. */
+      if (write_str_to_file(cfname, "", 0) < 0) {
+        log_warn(LD_CONFIG, "Could not clear client_keys file.");
         return -1;
       }
+      if (s->auth_type == 2 && write_str_to_file(fname, "", 0) < 0) {
+        log_warn(LD_CONFIG, "Could not clear hostname file.");
+        return -1;
+      }
 
       /* Either use loaded keys for configured clients or generate new
        * ones if a client is new. */
       SMARTLIST_FOREACH(s->clients, rend_authorized_client_t *, client, {
         char desc_cook_out[3*REND_DESC_COOKIE_LEN_BASE64+1];
         char service_id[16+1];
-        rend_authorized_client_t *parsed;
-        if ((parsed = strmap_get(parsed_clients, client->client_name))) {
-          /* Copy keys from parsed entry. */
-          client->client_key = crypto_pk_dup_key(parsed->client_key);
+        rend_authorized_client_t *parsed =
+            strmap_get(parsed_clients, client->client_name);
+        int written;
+        size_t len;
+        /* Copy descriptor cookie from parsed entry or create new one. */
+        if (parsed) {
           memcpy(client->descriptor_cookie, parsed->descriptor_cookie,
                  REND_DESC_COOKIE_LEN);
-          if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
-                        client->descriptor_cookie, REND_DESC_COOKIE_LEN) < 0) {
-            log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
-            strmap_free(parsed_clients, rend_authorized_client_free);
-            return -1;
-          }
+        } else {
+          crypto_rand(client->descriptor_cookie, REND_DESC_COOKIE_LEN);
           desc_cook_out[strlen(desc_cook_out)-3] = '\0'; /* Remove == signs
                                                             and newline. */
-        } else {
-          crypto_pk_env_t *prkey = NULL;
-          char *out;
-          size_t len;
-          char *entry;
-          size_t entry_len;
+        }
+        if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
+                          client->descriptor_cookie,
+                          REND_DESC_COOKIE_LEN) < 0) {
+          log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
+          strmap_free(parsed_clients, rend_authorized_client_free);
+          return -1;
+        }
+        desc_cook_out[strlen(desc_cook_out)-3] = '\0'; /* Remove == signs
+                                                          and newline. */
+        /* Copy client key from parsed entry or create new one if required. */
+        if (parsed && parsed->client_key) {
+          client->client_key = crypto_pk_dup_key(parsed->client_key);
+        } else if (s->auth_type == 2) {
           /* Create private key for client. */
+          crypto_pk_env_t *prkey = NULL;
           if (!(prkey = crypto_new_pk_env())) {
             log_warn(LD_BUG,"Error constructing client key");
             strmap_free(parsed_clients, rend_authorized_client_free);
@@ -629,50 +633,45 @@
             strmap_free(parsed_clients, rend_authorized_client_free);
             return -1;
           }
-          /* Create descriptor cookie for client. */
-          crypto_rand(client->descriptor_cookie, REND_DESC_COOKIE_LEN);
           client->client_key = prkey;
-          /* Encode and append keys to client_keys file. */
-          crypto_pk_write_private_key_to_string(prkey, &out, &len);
-          if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
-                    client->descriptor_cookie, REND_DESC_COOKIE_LEN) < 0) {
-            log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
-            strmap_free(parsed_clients, rend_authorized_client_free);
-            return -1;
-          }
+        }
+        /* Add entry to client_keys file. */
+        written = tor_snprintf(buf, sizeof(buf),
+                               "client-name %s\ndescriptor-cookie %s\n",
+                               client->client_name, desc_cook_out);
+        if (written < 0) {
+          log_warn(LD_BUG, "Could not write client entry.");
+          strmap_free(parsed_clients, rend_authorized_client_free);
+          return -1;
+        }
+        if (client->client_key) {
+          char *client_key_out;
+          crypto_pk_write_private_key_to_string(client->client_key,
+                                                &client_key_out, &len);
           if (rend_get_service_id(client->client_key, service_id)<0) {
             log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
             strmap_free(parsed_clients, rend_authorized_client_free);
             return -1;
           }
-          desc_cook_out[strlen(desc_cook_out)-3] = '\0'; /* Remove == signs
-                                                            and newline. */
-          entry_len = 100 + strlen(client->client_name) + len;
-          entry = tor_malloc_zero(entry_len+1000);
-          if (tor_snprintf(entry, entry_len+1000,
-                                   "client-name %s\n"
-                                   "service-address %s.onion\n"
-                                   "descriptor-cookie %s\n"
-                                   "client-key\n%s",
-                                 client->client_name,
-                                 service_id,
-                                 desc_cook_out,
-                                 out) < 0) {
+          written = tor_snprintf(buf + written, sizeof(buf) - written,
+                                 "service-address %s.onion\n"
+                                 "client-key\n%s",
+                                 service_id, client_key_out);
+          if (written < 0) {
             log_warn(LD_BUG, "Could not write client entry.");
             strmap_free(parsed_clients, rend_authorized_client_free);
             return -1;
           }
-          append_bytes_to_file(cfname, entry, strlen(entry), 0);
-          tor_free(entry);
         }
+        append_bytes_to_file(cfname, buf, strlen(buf), 0);
         /* Add line to hostname file. */
-        if (rend_get_service_id(client->client_key, service_id)<0) {
-          log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
-          strmap_free(parsed_clients, rend_authorized_client_free);
-          return -1;
+        if (s->auth_type == 2) {
+          tor_snprintf(buf, sizeof(buf),"%s.onion %s # client: %s\n",
+                       service_id, desc_cook_out, client->client_name);
+        } else {
+          tor_snprintf(buf, sizeof(buf),"%s # client: %s\n",
+            desc_cook_out, client->client_name);
         }
-        tor_snprintf(buf, sizeof(buf),"%s.onion %s # client: %s\n", service_id,
-                     desc_cook_out, client->client_name);
         append_bytes_to_file(fname, buf, strlen(buf), 0);
       });
     }

Modified: tor/branches/121-hs-authorization/src/or/routerparse.c
===================================================================
--- tor/branches/121-hs-authorization/src/or/routerparse.c	2008-08-01 23:15:17 UTC (rev 16339)
+++ tor/branches/121-hs-authorization/src/or/routerparse.c	2008-08-01 23:20:17 UTC (rev 16340)
@@ -101,6 +101,7 @@
 
   C_CLIENT_NAME,
   C_DESCRIPTOR_COOKIE,
+  C_SERVICE_ADDRESS,
   C_CLIENT_KEY,
 
   _UNRECOGNIZED,
@@ -358,7 +359,8 @@
 static token_rule_t client_keys_token_table[] = {
   T1_START("client-name", C_CLIENT_NAME, CONCAT_ARGS, NO_OBJ),
   T1("descriptor-cookie", C_DESCRIPTOR_COOKIE, EQ(1), NO_OBJ),
-  T1("client-key", C_CLIENT_KEY, NO_ARGS, NEED_KEY_1024),
+  T01("service-address", C_SERVICE_ADDRESS, EQ(1), NO_OBJ),
+  T01("client-key", C_CLIENT_KEY, NO_ARGS, NEED_KEY_1024),
   END_OF_TABLE
 };
 
@@ -3711,7 +3713,7 @@
     /* Advance to next entry, if available. */
     current_entry = eos;
     /* Check minimum allowed length of token list. */
-    if (smartlist_len(tokens) < 3) {
+    if (smartlist_len(tokens) < 2) {
       log_warn(LD_REND, "Impossibly short client key entry.");
       goto err;
     }
@@ -3740,8 +3742,10 @@
     strmap_set(parsed_clients, parsed_entry->client_name, parsed_entry);
     /* Parse client key. */
     tok = find_first_by_keyword(tokens, C_CLIENT_KEY);
-    parsed_entry->client_key = tok->key;
-    tok->key = NULL; /* Prevent free */
+    if (tok) {
+      parsed_entry->client_key = tok->key;
+      tok->key = NULL; /* Prevent free */
+    }
 
     /* Parse descriptor cookie. */
     tok = find_first_by_keyword(tokens, C_DESCRIPTOR_COOKIE);