[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r16419: Permit hidden services with client authorization but no clie (tor/branches/121-hs-authorization/src/or)
Author: kloesing
Date: 2008-08-05 10:02:20 -0400 (Tue, 05 Aug 2008)
New Revision: 16419
Modified:
tor/branches/121-hs-authorization/src/or/rendcommon.c
tor/branches/121-hs-authorization/src/or/rendservice.c
Log:
Permit hidden services with client authorization but no clients; prevents users from making the service available to everyone after removing the last client.
Modified: tor/branches/121-hs-authorization/src/or/rendcommon.c
===================================================================
--- tor/branches/121-hs-authorization/src/or/rendcommon.c 2008-08-05 10:44:19 UTC (rev 16418)
+++ tor/branches/121-hs-authorization/src/or/rendcommon.c 2008-08-05 14:02:20 UTC (rev 16419)
@@ -314,6 +314,7 @@
crypto_digest_get_digest(digest, client_part, 4);
crypto_free_digest_env(digest);
/* Put both together. */
+ log_debug(LD_REND, "Adding client part '%s'", hex_str(client_part, 20));
smartlist_add(encrypted_session_keys, client_part);
});
/* Add some fake client IDs and encrypted session keys. */
Modified: tor/branches/121-hs-authorization/src/or/rendservice.c
===================================================================
--- tor/branches/121-hs-authorization/src/or/rendservice.c 2008-08-05 10:44:19 UTC (rev 16418)
+++ tor/branches/121-hs-authorization/src/or/rendservice.c 2008-08-05 14:02:20 UTC (rev 16419)
@@ -197,6 +197,13 @@
return;
}
+ if (service->auth_type && smartlist_len(service->clients) == 0) {
+ log_warn(LD_CONFIG, "Hidden service with client authorization but no "
+ "clients; ignoring.");
+ rend_service_free(service);
+ return;
+ }
+
if (!smartlist_len(service->ports)) {
log_warn(LD_CONFIG, "Hidden service with no ports configured; ignoring.");
rend_service_free(service);
@@ -351,8 +358,7 @@
* rend_authorized_client_t for each client to the service's list
* of authorized clients. */
smartlist_t *type_names_split, *clients;
- char *auth_type, *client_names;
- if (service->clients) {
+ if (service->auth_type) {
log_warn(LD_CONFIG, "Got multiple HiddenServiceAuthorizeClient "
"lines for a single service.");
rend_service_free(service);
@@ -361,34 +367,48 @@
service->clients = smartlist_create();
type_names_split = smartlist_create();
smartlist_split_string(type_names_split, line->value, " ", 0, 0);
- if (smartlist_len(type_names_split) != 2) {
- log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient must be formatted "
- "as 'HiddenServiceAuthorizeClient auth-type client-name,"
- "client-name,...'.");
- SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
+ if (smartlist_len(type_names_split) < 1) {
+ log_warn(LD_BUG, "HiddenServiceAuthorizeClient has no value. This "
+ "should have been prevented when parsing the "
+ "configuration.");
smartlist_free(type_names_split);
rend_service_free(service);
return -1;
}
- auth_type = smartlist_get(type_names_split, 0);
- client_names = smartlist_get(type_names_split, 1);
- smartlist_free(type_names_split);
- if (strlen(auth_type) != 1 || strspn(auth_type, "12") != 1) {
+ service->auth_type = (int) tor_parse_long(
+ smartlist_get(type_names_split, 0), 10, 1, 2, NULL, NULL);
+ if (!service->auth_type) {
log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains "
"unrecognized auth-type '%s'. Only 1 or 2 are recognized.",
- auth_type);
- tor_free(auth_type);
- tor_free(client_names);
+ (char *) smartlist_get(type_names_split, 0));
+ SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
+ smartlist_free(type_names_split);
rend_service_free(service);
return -1;
}
- service->auth_type = (int)tor_parse_long(auth_type, 10, 0, INT_MAX,
- NULL, NULL);
- tor_free(auth_type);
+ if (smartlist_len(type_names_split) < 2) {
+ log_info(LD_CONFIG, "HiddenServiceAuthorizeClient contains "
+ "authorization type %d, but no client names; "
+ "hidden service won't be advertised.",
+ service->auth_type);
+ SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
+ smartlist_free(type_names_split);
+ continue;
+ }
+ if (smartlist_len(type_names_split) > 2) {
+ log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient must be formatted "
+ "as 'HiddenServiceAuthorizeClient auth-type client-name,"
+ "client-name,...'.");
+ SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
+ smartlist_free(type_names_split);
+ rend_service_free(service);
+ return -1;
+ }
clients = smartlist_create();
- smartlist_split_string(clients, client_names, ",",
- SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
- tor_free(client_names);
+ smartlist_split_string(clients, smartlist_get(type_names_split, 1),
+ ",", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+ SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
+ smartlist_free(type_names_split);
if ((service->auth_type == 1 && smartlist_len(clients) > 512) ||
(service->auth_type == 2 && smartlist_len(clients) > 16)) {
log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains %d "
@@ -406,6 +426,7 @@
SMARTLIST_FOREACH(clients, char *, client_name, {
rend_authorized_client_t *client;
size_t len = strlen(client_name);
+ int found_duplicate = 0;
if (len < 1 || len > 19 ||
strspn(client_name, REND_LEGAL_CLIENTNAME_CHARACTERS) != len) {
log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains an "
@@ -418,18 +439,16 @@
return -1;
}
/* Check if client name is duplicate. */
- if (service->clients) {
- int found_duplicate = 0;
- SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, c, {
- if (!strcmp(c->client_name, client_name)) {
- log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains a "
- "duplicate client name: '%s'. Ignoring.", client_name);
- found_duplicate = 1;
- break;
- }
- });
- if (found_duplicate) continue;
- }
+ SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, c, {
+ if (!strcmp(c->client_name, client_name)) {
+ log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains a "
+ "duplicate client name: '%s'; ignoring.", client_name);
+ found_duplicate = 1;
+ break;
+ }
+ });
+ if (found_duplicate)
+ continue;
client = tor_malloc_zero(sizeof(rend_authorized_client_t));
client->client_name = strdup(client_name);
smartlist_add(service->clients, client);
@@ -575,7 +594,7 @@
}
/* If client authorization is configured, load or generate keys. */
- if (s->clients) {
+ if (s->auth_type) {
char *client_keys_str;
strmap_t *parsed_clients = strmap_new();
char cfname[512];