aboutsummaryrefslogtreecommitdiff
path: root/src/app
diff options
context:
space:
mode:
authorSuphanat Chunhapanya <haxx.pop@gmail.com>2018-08-19 08:22:13 +0700
committerDavid Goulet <dgoulet@torproject.org>2018-09-07 13:59:22 -0400
commit8e81fcd51ae9b9b373f0254381728a8f4d93236d (patch)
tree5f6e225c2d52815027c635c54623e6bd60364cbc /src/app
parentfd6bec923c16004ce106d634187f12b57f220b91 (diff)
downloadtor-8e81fcd51ae9b9b373f0254381728a8f4d93236d.tar.gz
tor-8e81fcd51ae9b9b373f0254381728a8f4d93236d.zip
hs-v3: Load client authorization secret key from file
The new ClientOnionAuthDir option is introduced which is where tor looks to find the HS v3 client authorization files containing the client private key material. Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/app')
-rw-r--r--src/app/config/config.c7
-rw-r--r--src/app/config/or_options_st.h2
2 files changed, 7 insertions, 2 deletions
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 339f8e2475..ce9ae8d7ce 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -450,6 +450,7 @@ static config_var_t option_vars_[] = {
VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
V(HidServAuth, LINELIST, NULL),
+ V(ClientOnionAuthDir, FILENAME, NULL),
OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
V(HiddenServiceSingleHopMode, BOOL, "0"),
@@ -1917,7 +1918,7 @@ options_act(const or_options_t *old_options)
// LCOV_EXCL_STOP
}
- if (running_tor && rend_parse_service_authorization(options, 0) < 0) {
+ if (running_tor && hs_config_client_auth_all(options, 0) < 0) {
// LCOV_EXCL_START
log_warn(LD_BUG, "Previously validated client authorization for "
"hidden services could not be added!");
@@ -3188,6 +3189,8 @@ warn_about_relative_paths(or_options_t *options)
n += warn_if_option_path_is_relative("AccelDir",options->AccelDir);
n += warn_if_option_path_is_relative("DataDirectory",options->DataDirectory);
n += warn_if_option_path_is_relative("PidFile",options->PidFile);
+ n += warn_if_option_path_is_relative("ClientOnionAuthDir",
+ options->ClientOnionAuthDir);
for (config_line_t *hs_line = options->RendConfigLines; hs_line;
hs_line = hs_line->next) {
@@ -4339,7 +4342,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
REJECT("Failed to configure rendezvous options. See logs for details.");
/* Parse client-side authorization for hidden services. */
- if (rend_parse_service_authorization(options, 1) < 0)
+ if (hs_config_client_auth_all(options, 1) < 0)
REJECT("Failed to configure client authorization for hidden services. "
"See logs for details.");
diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h
index 8ef01f80e7..f6d7966387 100644
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@@ -380,6 +380,8 @@ struct or_options_t {
struct config_line_t *HidServAuth; /**< List of configuration lines for
* client-side authorizations for hidden
* services */
+ char *ClientOnionAuthDir; /**< Directory to keep client
+ * onion service authorization secret keys */
char *ContactInfo; /**< Contact info to be published in the directory. */
int HeartbeatPeriod; /**< Log heartbeat messages after this many seconds