[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r16340: Load/generate key material for either of the two client auth (tor/branches/121-hs-authorization/src/or)
Author: kloesing
Date: 2008-08-01 19:20:17 -0400 (Fri, 01 Aug 2008)
New Revision: 16340
Modified:
tor/branches/121-hs-authorization/src/or/rendservice.c
tor/branches/121-hs-authorization/src/or/routerparse.c
Log:
Load/generate key material for either of the two client authorization protocols.
Modified: tor/branches/121-hs-authorization/src/or/rendservice.c
===================================================================
--- tor/branches/121-hs-authorization/src/or/rendservice.c 2008-08-01 23:15:17 UTC (rev 16339)
+++ tor/branches/121-hs-authorization/src/or/rendservice.c 2008-08-01 23:20:17 UTC (rev 16340)
@@ -161,7 +161,6 @@
if (!service->intro_exclude_nodes)
service->intro_exclude_nodes = tor_strdup("");
service->intro_nodes = smartlist_create();
- service->auth_type = 0;
/* If the service is configured to publish unversioned (v0) and versioned
* descriptors (v2 or higher), split it up into two separate services. */
@@ -508,7 +507,7 @@
int i;
rend_service_t *s;
char fname[512];
- char buf[128];
+ char buf[1500];
for (i=0; i < smartlist_len(rend_service_list); ++i) {
s = smartlist_get(rend_service_list,i);
@@ -561,7 +560,7 @@
strmap_t *parsed_clients = strmap_new();
char cfname[512];
- /* Load client keys and descriptor cookies, if available */
+ /* Load client keys and descriptor cookies, if available. */
if (strlcpy(cfname,s->directory,sizeof(cfname)) >= sizeof(cfname) ||
strlcat(cfname,PATH_SEPARATOR"client_keys",sizeof(cfname))
>= sizeof(cfname)) {
@@ -575,44 +574,49 @@
log_info(LD_CONFIG, "Parsed %d previously stored client entries.",
strmap_size(parsed_clients));
- /* Prepare hostname file. */
- if (write_str_to_file(fname,
- "# This hidden service is configured to be accessed only by "
- "authorized\n# clients. In order to allow your clients to "
- "access your service, provide\n# them with the onion addresses "
- "and client keys below (excluding the #\n# character and your "
- "chosen client name.)\n\n",0)<0) {
- log_warn(LD_CONFIG, "Could not write initial comment to hostname "
- "file.");
+ /* Prepare client_keys and hostname files. */
+ if (write_str_to_file(cfname, "", 0) < 0) {
+ log_warn(LD_CONFIG, "Could not clear client_keys file.");
return -1;
}
+ if (s->auth_type == 2 && write_str_to_file(fname, "", 0) < 0) {
+ log_warn(LD_CONFIG, "Could not clear hostname file.");
+ return -1;
+ }
/* Either use loaded keys for configured clients or generate new
* ones if a client is new. */
SMARTLIST_FOREACH(s->clients, rend_authorized_client_t *, client, {
char desc_cook_out[3*REND_DESC_COOKIE_LEN_BASE64+1];
char service_id[16+1];
- rend_authorized_client_t *parsed;
- if ((parsed = strmap_get(parsed_clients, client->client_name))) {
- /* Copy keys from parsed entry. */
- client->client_key = crypto_pk_dup_key(parsed->client_key);
+ rend_authorized_client_t *parsed =
+ strmap_get(parsed_clients, client->client_name);
+ int written;
+ size_t len;
+ /* Copy descriptor cookie from parsed entry or create new one. */
+ if (parsed) {
memcpy(client->descriptor_cookie, parsed->descriptor_cookie,
REND_DESC_COOKIE_LEN);
- if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
- client->descriptor_cookie, REND_DESC_COOKIE_LEN) < 0) {
- log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
- strmap_free(parsed_clients, rend_authorized_client_free);
- return -1;
- }
+ } else {
+ crypto_rand(client->descriptor_cookie, REND_DESC_COOKIE_LEN);
desc_cook_out[strlen(desc_cook_out)-3] = '\0'; /* Remove == signs
and newline. */
- } else {
- crypto_pk_env_t *prkey = NULL;
- char *out;
- size_t len;
- char *entry;
- size_t entry_len;
+ }
+ if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
+ client->descriptor_cookie,
+ REND_DESC_COOKIE_LEN) < 0) {
+ log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
+ strmap_free(parsed_clients, rend_authorized_client_free);
+ return -1;
+ }
+ desc_cook_out[strlen(desc_cook_out)-3] = '\0'; /* Remove == signs
+ and newline. */
+ /* Copy client key from parsed entry or create new one if required. */
+ if (parsed && parsed->client_key) {
+ client->client_key = crypto_pk_dup_key(parsed->client_key);
+ } else if (s->auth_type == 2) {
/* Create private key for client. */
+ crypto_pk_env_t *prkey = NULL;
if (!(prkey = crypto_new_pk_env())) {
log_warn(LD_BUG,"Error constructing client key");
strmap_free(parsed_clients, rend_authorized_client_free);
@@ -629,50 +633,45 @@
strmap_free(parsed_clients, rend_authorized_client_free);
return -1;
}
- /* Create descriptor cookie for client. */
- crypto_rand(client->descriptor_cookie, REND_DESC_COOKIE_LEN);
client->client_key = prkey;
- /* Encode and append keys to client_keys file. */
- crypto_pk_write_private_key_to_string(prkey, &out, &len);
- if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
- client->descriptor_cookie, REND_DESC_COOKIE_LEN) < 0) {
- log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
- strmap_free(parsed_clients, rend_authorized_client_free);
- return -1;
- }
+ }
+ /* Add entry to client_keys file. */
+ written = tor_snprintf(buf, sizeof(buf),
+ "client-name %s\ndescriptor-cookie %s\n",
+ client->client_name, desc_cook_out);
+ if (written < 0) {
+ log_warn(LD_BUG, "Could not write client entry.");
+ strmap_free(parsed_clients, rend_authorized_client_free);
+ return -1;
+ }
+ if (client->client_key) {
+ char *client_key_out;
+ crypto_pk_write_private_key_to_string(client->client_key,
+ &client_key_out, &len);
if (rend_get_service_id(client->client_key, service_id)<0) {
log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
strmap_free(parsed_clients, rend_authorized_client_free);
return -1;
}
- desc_cook_out[strlen(desc_cook_out)-3] = '\0'; /* Remove == signs
- and newline. */
- entry_len = 100 + strlen(client->client_name) + len;
- entry = tor_malloc_zero(entry_len+1000);
- if (tor_snprintf(entry, entry_len+1000,
- "client-name %s\n"
- "service-address %s.onion\n"
- "descriptor-cookie %s\n"
- "client-key\n%s",
- client->client_name,
- service_id,
- desc_cook_out,
- out) < 0) {
+ written = tor_snprintf(buf + written, sizeof(buf) - written,
+ "service-address %s.onion\n"
+ "client-key\n%s",
+ service_id, client_key_out);
+ if (written < 0) {
log_warn(LD_BUG, "Could not write client entry.");
strmap_free(parsed_clients, rend_authorized_client_free);
return -1;
}
- append_bytes_to_file(cfname, entry, strlen(entry), 0);
- tor_free(entry);
}
+ append_bytes_to_file(cfname, buf, strlen(buf), 0);
/* Add line to hostname file. */
- if (rend_get_service_id(client->client_key, service_id)<0) {
- log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
- strmap_free(parsed_clients, rend_authorized_client_free);
- return -1;
+ if (s->auth_type == 2) {
+ tor_snprintf(buf, sizeof(buf),"%s.onion %s # client: %s\n",
+ service_id, desc_cook_out, client->client_name);
+ } else {
+ tor_snprintf(buf, sizeof(buf),"%s # client: %s\n",
+ desc_cook_out, client->client_name);
}
- tor_snprintf(buf, sizeof(buf),"%s.onion %s # client: %s\n", service_id,
- desc_cook_out, client->client_name);
append_bytes_to_file(fname, buf, strlen(buf), 0);
});
}
Modified: tor/branches/121-hs-authorization/src/or/routerparse.c
===================================================================
--- tor/branches/121-hs-authorization/src/or/routerparse.c 2008-08-01 23:15:17 UTC (rev 16339)
+++ tor/branches/121-hs-authorization/src/or/routerparse.c 2008-08-01 23:20:17 UTC (rev 16340)
@@ -101,6 +101,7 @@
C_CLIENT_NAME,
C_DESCRIPTOR_COOKIE,
+ C_SERVICE_ADDRESS,
C_CLIENT_KEY,
_UNRECOGNIZED,
@@ -358,7 +359,8 @@
static token_rule_t client_keys_token_table[] = {
T1_START("client-name", C_CLIENT_NAME, CONCAT_ARGS, NO_OBJ),
T1("descriptor-cookie", C_DESCRIPTOR_COOKIE, EQ(1), NO_OBJ),
- T1("client-key", C_CLIENT_KEY, NO_ARGS, NEED_KEY_1024),
+ T01("service-address", C_SERVICE_ADDRESS, EQ(1), NO_OBJ),
+ T01("client-key", C_CLIENT_KEY, NO_ARGS, NEED_KEY_1024),
END_OF_TABLE
};
@@ -3711,7 +3713,7 @@
/* Advance to next entry, if available. */
current_entry = eos;
/* Check minimum allowed length of token list. */
- if (smartlist_len(tokens) < 3) {
+ if (smartlist_len(tokens) < 2) {
log_warn(LD_REND, "Impossibly short client key entry.");
goto err;
}
@@ -3740,8 +3742,10 @@
strmap_set(parsed_clients, parsed_entry->client_name, parsed_entry);
/* Parse client key. */
tok = find_first_by_keyword(tokens, C_CLIENT_KEY);
- parsed_entry->client_key = tok->key;
- tok->key = NULL; /* Prevent free */
+ if (tok) {
+ parsed_entry->client_key = tok->key;
+ tok->key = NULL; /* Prevent free */
+ }
/* Parse descriptor cookie. */
tok = find_first_by_keyword(tokens, C_DESCRIPTOR_COOKIE);