[tor-commits] [tor/master] hs-v3: Improve v3 client authorization logging
nickm at torproject.org
nickm at torproject.org
Fri Sep 7 19:06:18 UTC 2018
commit 8e57986e7d826141727fc3d538b33882dc4aca91
Author: David Goulet <dgoulet at torproject.org>
Date: Thu Aug 30 09:16:48 2018 -0400
hs-v3: Improve v3 client authorization logging
Part of #20700.
Signed-off-by: David Goulet <dgoulet at torproject.org>
---
src/feature/hs/hs_client.c | 14 ++++++++------
src/feature/hs/hs_service.c | 18 ++++++++++++------
2 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 23ab10e21..af657c7c9 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1571,7 +1571,9 @@ hs_config_client_authorization(const or_options_t *options,
filename);
if (!auth_key_filename_is_valid(filename)) {
- log_warn(LD_REND, "The filename is invalid.");
+ log_notice(LD_REND, "Client authorization unrecognized filename %s. "
+ "File must end in .auth_private. Ignoring.",
+ filename);
continue;
}
@@ -1583,7 +1585,7 @@ hs_config_client_authorization(const or_options_t *options,
/* If we cannot read the file, continue with the next file. */
if (!client_key_str) {
- log_warn(LD_REND, "The file cannot be read.");
+ log_warn(LD_REND, "The file %s cannot be read.", filename);
continue;
}
@@ -1597,15 +1599,16 @@ hs_config_client_authorization(const or_options_t *options,
if (hs_parse_address(auth->onion_address, &identity_pk,
NULL, NULL) < 0) {
client_service_authorization_free(auth);
- log_warn(LD_REND, "The onion address is invalid.");
+ log_warn(LD_REND, "The onion address \"%s\" is invalid in "
+ "file %s", filename, auth->onion_address);
continue;
}
if (digest256map_get(auths, identity_pk.pubkey)) {
client_service_authorization_free(auth);
-
log_warn(LD_REND, "Duplicate authorization for the same hidden "
- "service.");
+ "service address %s.",
+ safe_str_client(auth->onion_address));
goto end;
}
@@ -1613,7 +1616,6 @@ hs_config_client_authorization(const or_options_t *options,
log_info(LD_REND, "Loaded a client authorization key file %s.",
filename);
}
-
} SMARTLIST_FOREACH_END(filename);
/* Success. */
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index 8d5d69302..09329340c 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -1141,7 +1141,7 @@ parse_authorized_client(const char *client_key_str)
SPLIT_SKIP_SPACE, 0);
/* Wrong number of fields. */
if (smartlist_len(fields) != 3) {
- log_warn(LD_REND, "The file is in a wrong format.");
+ log_warn(LD_REND, "Unknown format of client authorization file.");
goto err;
}
@@ -1151,13 +1151,15 @@ parse_authorized_client(const char *client_key_str)
/* Currently, the only supported auth type is "descriptor". */
if (strcmp(auth_type, "descriptor")) {
- log_warn(LD_REND, "The auth type '%s' is not supported.", auth_type);
+ log_warn(LD_REND, "Client authorization auth type '%s' not supported.",
+ auth_type);
goto err;
}
/* Currently, the only supported key type is "x25519". */
if (strcmp(key_type, "x25519")) {
- log_warn(LD_REND, "The key type '%s' is not supported.", key_type);
+ log_warn(LD_REND, "Client authorization key type '%s' not supported.",
+ key_type);
goto err;
}
@@ -1175,7 +1177,8 @@ parse_authorized_client(const char *client_key_str)
if (base32_decode((char *) client->client_pk.public_key,
sizeof(client->client_pk.public_key),
pubkey_b32, strlen(pubkey_b32)) < 0) {
- log_warn(LD_REND, "The public key cannot be decoded.");
+ log_warn(LD_REND, "Client authorization public key cannot be decoded: %s",
+ pubkey_b32);
goto err;
}
@@ -1245,7 +1248,8 @@ load_client_keys(hs_service_t *service)
filename);
if (!client_filename_is_valid(filename)) {
- log_warn(LD_REND, "The filename is invalid.");
+ log_warn(LD_REND, "Client authorization unrecognized filename %s. "
+ "File must end in .auth. Ignoring.", filename);
continue;
}
@@ -1258,7 +1262,9 @@ load_client_keys(hs_service_t *service)
/* If we cannot read the file, continue with the next file. */
if (!client_key_str) {
- log_warn(LD_REND, "The file cannot be read.");
+ log_warn(LD_REND, "Client authorization file %s can't be read. "
+ "Corrupted or verify permission? Ignoring.",
+ client_key_file_path);
continue;
}
More information about the tor-commits
mailing list