[or-cvs] r16419: Permit hidden services with client authorization but no clie (tor/branches/121-hs-authorization/src/or)

kloesing at seul.org kloesing at seul.org
Tue Aug 5 14:02:20 UTC 2008 

Author: kloesing
Date: 2008-08-05 10:02:20 -0400 (Tue, 05 Aug 2008)
New Revision: 16419

Modified:
   tor/branches/121-hs-authorization/src/or/rendcommon.c
   tor/branches/121-hs-authorization/src/or/rendservice.c
Log:
Permit hidden services with client authorization but no clients; prevents users from making the service available to everyone after removing the last client.

Modified: tor/branches/121-hs-authorization/src/or/rendcommon.c
===================================================================
--- tor/branches/121-hs-authorization/src/or/rendcommon.c	2008-08-05 10:44:19 UTC (rev 16418)
+++ tor/branches/121-hs-authorization/src/or/rendcommon.c	2008-08-05 14:02:20 UTC (rev 16419)
@@ -314,6 +314,7 @@
     crypto_digest_get_digest(digest, client_part, 4);
     crypto_free_digest_env(digest);
     /* Put both together. */
+    log_debug(LD_REND, "Adding client part '%s'", hex_str(client_part, 20));
     smartlist_add(encrypted_session_keys, client_part);
   });
   /* Add some fake client IDs and encrypted session keys. */

Modified: tor/branches/121-hs-authorization/src/or/rendservice.c
===================================================================
--- tor/branches/121-hs-authorization/src/or/rendservice.c	2008-08-05 10:44:19 UTC (rev 16418)
+++ tor/branches/121-hs-authorization/src/or/rendservice.c	2008-08-05 14:02:20 UTC (rev 16419)
@@ -197,6 +197,13 @@
     return;
   }
 
+  if (service->auth_type && smartlist_len(service->clients) == 0) {
+    log_warn(LD_CONFIG, "Hidden service with client authorization but no "
+                         "clients; ignoring.");
+    rend_service_free(service);
+    return;
+  }
+
   if (!smartlist_len(service->ports)) {
     log_warn(LD_CONFIG, "Hidden service with no ports configured; ignoring.");
     rend_service_free(service);
@@ -351,8 +358,7 @@
        * rend_authorized_client_t for each client to the service's list
        * of authorized clients. */
       smartlist_t *type_names_split, *clients;
-      char *auth_type, *client_names;
-      if (service->clients) {
+      if (service->auth_type) {
         log_warn(LD_CONFIG, "Got multiple HiddenServiceAuthorizeClient "
                  "lines for a single service.");
         rend_service_free(service);
@@ -361,34 +367,48 @@
       service->clients = smartlist_create();
       type_names_split = smartlist_create();
       smartlist_split_string(type_names_split, line->value, " ", 0, 0);
-      if (smartlist_len(type_names_split) != 2) {
-        log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient must be formatted "
-                 "as 'HiddenServiceAuthorizeClient auth-type client-name,"
-                 "client-name,...'.");
-        SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
+      if (smartlist_len(type_names_split) < 1) {
+        log_warn(LD_BUG, "HiddenServiceAuthorizeClient has no value. This "
+                         "should have been prevented when parsing the "
+                         "configuration.");
         smartlist_free(type_names_split);
         rend_service_free(service);
         return -1;
       }
-      auth_type = smartlist_get(type_names_split, 0);
-      client_names = smartlist_get(type_names_split, 1);
-      smartlist_free(type_names_split);
-      if (strlen(auth_type) != 1 || strspn(auth_type, "12") != 1) {
+      service->auth_type = (int) tor_parse_long(
+                 smartlist_get(type_names_split, 0), 10, 1, 2, NULL, NULL);
+      if (!service->auth_type) {
         log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains "
                  "unrecognized auth-type '%s'. Only 1 or 2 are recognized.",
-                 auth_type);
-        tor_free(auth_type);
-        tor_free(client_names);
+                 (char *) smartlist_get(type_names_split, 0));
+        SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
+        smartlist_free(type_names_split);
         rend_service_free(service);
         return -1;
       }
-      service->auth_type = (int)tor_parse_long(auth_type, 10, 0, INT_MAX,
-                                               NULL, NULL);
-      tor_free(auth_type);
+      if (smartlist_len(type_names_split) < 2) {
+        log_info(LD_CONFIG, "HiddenServiceAuthorizeClient contains "
+                            "authorization type %d, but no client names; "
+                            "hidden service won't be advertised.",
+                 service->auth_type);
+        SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
+        smartlist_free(type_names_split);
+        continue;
+      }
+      if (smartlist_len(type_names_split) > 2) {
+        log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient must be formatted "
+                 "as 'HiddenServiceAuthorizeClient auth-type client-name,"
+                 "client-name,...'.");
+        SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
+        smartlist_free(type_names_split);
+        rend_service_free(service);
+        return -1;
+      }
       clients = smartlist_create();
-      smartlist_split_string(clients, client_names, ",",
-                                   SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
-      tor_free(client_names);
+      smartlist_split_string(clients, smartlist_get(type_names_split, 1),
+                             ",", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+      SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
+      smartlist_free(type_names_split);
       if ((service->auth_type == 1 && smartlist_len(clients) > 512) ||
           (service->auth_type == 2 && smartlist_len(clients) > 16)) {
         log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains %d "
@@ -406,6 +426,7 @@
       SMARTLIST_FOREACH(clients, char *, client_name, {
         rend_authorized_client_t *client;
         size_t len = strlen(client_name);
+        int found_duplicate = 0;
         if (len < 1 || len > 19 ||
             strspn(client_name, REND_LEGAL_CLIENTNAME_CHARACTERS) != len) {
           log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains an "
@@ -418,18 +439,16 @@
           return -1;
         }
         /* Check if client name is duplicate. */
-        if (service->clients) {
-          int found_duplicate = 0;
-          SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, c, {
-            if (!strcmp(c->client_name, client_name)) {
-              log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains a "
-                       "duplicate client name: '%s'. Ignoring.", client_name);
-              found_duplicate = 1;
-              break;
-            }
-          });
-          if (found_duplicate) continue;
-        }
+        SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, c, {
+          if (!strcmp(c->client_name, client_name)) {
+            log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains a "
+                     "duplicate client name: '%s'; ignoring.", client_name);
+            found_duplicate = 1;
+            break;
+          }
+        });
+        if (found_duplicate)
+          continue;
         client = tor_malloc_zero(sizeof(rend_authorized_client_t));
         client->client_name = strdup(client_name);
         smartlist_add(service->clients, client);
@@ -575,7 +594,7 @@
     }
 
     /* If client authorization is configured, load or generate keys. */
-    if (s->clients) {
+    if (s->auth_type) {
       char *client_keys_str;
       strmap_t *parsed_clients = strmap_new();
       char cfname[512];

More information about the tor-commits mailing list