summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2011-07-19 02:36:59 -0400
committerNick Mathewson <nickm@torproject.org>2011-07-19 02:44:12 -0400
commit12dfb4f5d8cfb0f244b4a1ae3cc3af237a3034e7 (patch)
treec018f20c7eddeb50db9c7ec7fb106d2fd666ba0f
parent94f85f216ae4b6196d2a3438bfaf328375ebaad6 (diff)
downloadtor-12dfb4f5d8cfb0f244b4a1ae3cc3af237a3034e7.tar.gz
tor-12dfb4f5d8cfb0f244b4a1ae3cc3af237a3034e7.zip
Use socks username/password information in stream isolation
-rw-r--r--doc/tor.1.txt1
-rw-r--r--src/or/circuitlist.c2
-rw-r--r--src/or/connection.c2
-rw-r--r--src/or/connection_edge.c23
-rw-r--r--src/or/or.h7
5 files changed, 20 insertions, 15 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 8241eeb3c3..821098b56e 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -700,7 +700,6 @@ The following options are useful only for clients (that is, if
Don't share a circuits with streams for which different
SOCKS authentication was provided. (On by default;
you can disable it with **NoIsolateSOCKSAuth**.)
- [NOT YET IMPLEMENTED.]
**IsolateClientProtocol**;;
Don't share circuits with streams using a different protocol.
(SOCKS 4, SOCKS 5, TransPort connections, NATDPort connections,
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 6f17697b21..28a7181f26 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -566,6 +566,8 @@ circuit_free(circuit_t *circ)
rend_data_free(ocirc->rend_data);
tor_free(ocirc->dest_address);
+ tor_free(ocirc->socks_username);
+ tor_free(ocirc->socks_password);
} else {
or_circuit_t *ocirc = TO_OR_CIRCUIT(circ);
/* Remember cell statistics for this circuit before deallocating. */
diff --git a/src/or/connection.c b/src/or/connection.c
index 0fae11e1d4..59a7b80deb 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1809,7 +1809,7 @@ retry_listener_ports(smartlist_t *old_conns,
SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
struct sockaddr *listensockaddr;
socklen_t listensocklen = 0;
- char *address;
+ char *address=NULL;
connection_t *conn;
if (port->is_unix_addr) {
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 42f74b7ecc..63779f25cd 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -3305,12 +3305,10 @@ connection_edge_streams_are_compatible(const edge_connection_t *a,
if ((iso & ISO_DESTADDR) &&
strcasecmp(a->original_dest_address, b->original_dest_address))
return 0;
- /* XXXX023 Waititing for ticket #1666 */
- /*
if ((iso & ISO_SOCKSAUTH) &&
- strcasecmp(a->socks_request->auth, b->socks_request->auth))
+ (strcmp_opt(a->socks_request->username, b->socks_request->username) ||
+ strcmp_opt(a->socks_request->password, b->socks_request->password)))
return 0;
- */
if ((iso & ISO_CLIENTPROTO) &&
(TO_CONN(a)->type != TO_CONN(b)->type ||
a->socks_request->socks_version != b->socks_request->socks_version))
@@ -3369,12 +3367,10 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn,
if ((iso & ISO_DESTADDR) &&
strcasecmp(conn->original_dest_address, circ->dest_address))
return 0;
- /* XXXX023 Waititing for ticket #1666 */
- /*
if ((iso & ISO_SOCKSAUTH) &&
- strcasecmp(a->socks_request->auth, b->socks_request->auth))
+ (strcmp_opt(conn->socks_request->username, circ->socks_username) ||
+ strcmp_opt(conn->socks_request->password, circ->socks_password)))
return 0;
- */
if ((iso & ISO_CLIENTPROTO) &&
(TO_CONN(conn)->type != circ->client_proto_type ||
conn->socks_request->socks_version != circ->client_proto_socksver))
@@ -3420,7 +3416,10 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr);
circ->session_group = conn->session_group;
circ->nym_epoch = conn->nym_epoch;
- /* XXXX023 auth too, once #1666 is in. */
+ circ->socks_username = conn->socks_request->username ?
+ tor_strdup(conn->socks_request->username) : NULL;
+ circ->socks_password = conn->socks_request->password ?
+ tor_strdup(conn->socks_request->password) : NULL;
circ->isolation_values_set = 1;
return 0;
@@ -3430,7 +3429,9 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
mixed |= ISO_DESTPORT;
if (strcasecmp(conn->original_dest_address, circ->dest_address))
mixed |= ISO_DESTADDR;
- /* XXXX023 auth too, once #1666 is in. */
+ if (strcmp_opt(conn->socks_request->username, circ->socks_username) ||
+ strcmp_opt(conn->socks_request->password, circ->socks_password))
+ mixed |= ISO_SOCKSAUTH;
if ((TO_CONN(conn)->type != circ->client_proto_type ||
conn->socks_request->socks_version != circ->client_proto_socksver))
mixed |= ISO_CLIENTPROTO;
@@ -3486,5 +3487,7 @@ circuit_clear_isolation(origin_circuit_t *circ)
tor_free(circ->dest_address);
circ->session_group = -1;
circ->nym_epoch = 0;
+ tor_free(circ->socks_username);
+ tor_free(circ->socks_password);
}
diff --git a/src/or/or.h b/src/or/or.h
index 835f279d42..47cee35e5b 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1218,8 +1218,8 @@ typedef struct edge_connection_t {
char *original_dest_address;
/* Other fields to isolate on already exist. The ClientAddr is addr. The
ClientProtocol is a combination of type and socks_request->
- socks_version. SocksAuth will be added to socks_request by ticket
- #1666. DestAddr is in socks_request->address. */
+ socks_version. SocksAuth is socks_request->username/password.
+ DestAddr is in socks_request->address. */
/** Number of times we've reassigned this application connection to
* a new circuit. We keep track because the timeout is longer if we've
@@ -2501,7 +2501,8 @@ typedef struct origin_circuit_t {
char *dest_address;
int session_group;
unsigned nym_epoch;
- /* XXXX023 do auth once #1666 is merged */
+ char *socks_username;
+ char *socks_password;
/**@}*/
} origin_circuit_t;