[tor-commits] [tor/master] Ephemeral Single Onion Services must have the NonAnonymous ADD_ONION flag
nickm at torproject.org
nickm at torproject.org
Tue Sep 13 14:42:00 UTC 2016
commit a00fee2f5467bf0fbc425d49787a822283e8451e
Author: teor <teor2345 at gmail.com>
Date: Wed Sep 7 15:24:47 2016 +1000
Ephemeral Single Onion Services must have the NonAnonymous ADD_ONION flag
Tor checks that the flag matches the configured onion service anonymity.
Tor refuses to create unflagged onion service using ADD_ONION, if they
would be non-anonymous. The error is:
512 Tor is in non-anonymous onion mode
Similarly, if the NonAnonymous flag is present, and Tor has the default
anonymous onion config:
512 Tor is in anonymous onion mode
---
src/or/control.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/or/control.c b/src/or/control.c
index 1337af4..8f3909b 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -4249,6 +4249,8 @@ handle_control_add_onion(control_connection_t *conn,
int max_streams = 0;
int max_streams_close_circuit = 0;
rend_auth_type_t auth_type = REND_NO_AUTH;
+ /* Default to anonymous if no flag is given */
+ int non_anonymous = 0;
for (size_t i = 1; i < arg_len; i++) {
static const char *port_prefix = "Port=";
static const char *flags_prefix = "Flags=";
@@ -4285,11 +4287,17 @@ handle_control_add_onion(control_connection_t *conn,
* * 'MaxStreamsCloseCircuit' - Close the circuit if MaxStreams is
* exceeded.
* * 'BasicAuth' - Client authorization using the 'basic' method.
+ * * 'NonAnonymous' - Add a non-anonymous Single Onion Service. If this
+ * flag is present, OnionServiceSingleHopMode and
+ * OnionServiceNonAnonymousMode must both be 1. If
+ * this flag is absent, both these options must be
+ * 0.
*/
static const char *discard_flag = "DiscardPK";
static const char *detach_flag = "Detach";
static const char *max_s_close_flag = "MaxStreamsCloseCircuit";
static const char *basicauth_flag = "BasicAuth";
+ static const char *non_anonymous_flag = "NonAnonymous";
smartlist_t *flags = smartlist_new();
int bad = 0;
@@ -4310,6 +4318,8 @@ handle_control_add_onion(control_connection_t *conn,
max_streams_close_circuit = 1;
} else if (!strcasecmp(flag, basicauth_flag)) {
auth_type = REND_BASIC_AUTH;
+ } else if (!strcasecmp(flag, non_anonymous_flag)) {
+ non_anonymous = 1;
} else {
connection_printf_to_buf(conn,
"512 Invalid 'Flags' argument: %s\r\n",
@@ -4378,6 +4388,17 @@ handle_control_add_onion(control_connection_t *conn,
smartlist_len(auth_clients) > 16)) {
connection_printf_to_buf(conn, "512 Too many auth clients\r\n");
goto out;
+ } else if (non_anonymous != rend_service_allow_non_anonymous_connection(
+ get_options())) {
+ /* If we failed, and non-anonymous is set, Tor must be in anonymous mode.
+ * The error message changes based on the current Tor config:
+ * 512 Tor is in anonymous onion mode
+ * 512 Tor is in non-anonymous onion mode
+ * (I've deliberately written them out in full here to aid searchability.)
+ */
+ connection_printf_to_buf(conn, "512 Tor is in %sanonymous onion mode\r\n",
+ non_anonymous ? "" : "non-");
+ goto out;
}
/* Parse the "keytype:keyblob" argument. */
More information about the tor-commits
mailing list