summaryrefslogtreecommitdiff
path: root/src/feature/hs
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2019-05-28 13:49:03 -0400
committerGeorge Kadianakis <desnacked@riseup.net>2019-11-18 19:06:43 +0200
commit542402cd60bc6b26f43c399b238602a1f3c18d85 (patch)
treef01022bb3efb2de38933c4ec3a5b6dd71c0b30bc /src/feature/hs
parentfb1d2120212bef100f2b5e90d27b8c251280cb0c (diff)
downloadtor-542402cd60bc6b26f43c399b238602a1f3c18d85.tar.gz
tor-542402cd60bc6b26f43c399b238602a1f3c18d85.zip
hs-v3: Set extended error when missing/bad client auth
Part of #30382 Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/feature/hs')
-rw-r--r--src/feature/hs/hs_client.c31
-rw-r--r--src/feature/hs/hs_client.h2
2 files changed, 33 insertions, 0 deletions
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 0e4df73b9f..0a10492e07 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1782,6 +1782,37 @@ hs_client_desc_not_found(const hs_ident_dir_conn_t *ident)
smartlist_free(entry_conns);
}
+/* This is called when a descriptor fetch was successful but the descriptor
+ * couldn't be decrypted due to missing or bad client authorization. */
+void
+hs_client_desc_missing_bad_client_auth(const hs_ident_dir_conn_t *ident,
+ hs_desc_decode_status_t status)
+{
+ smartlist_t *entry_conns;
+
+ tor_assert(ident);
+
+ entry_conns = find_entry_conns(&ident->identity_pk);
+
+ SMARTLIST_FOREACH_BEGIN(entry_conns, entry_connection_t *, entry_conn) {
+ socks5_reply_status_t code;
+ if (status == HS_DESC_DECODE_BAD_CLIENT_AUTH) {
+ code = SOCKS5_HS_BAD_CLIENT_AUTH;
+ } else if (status == HS_DESC_DECODE_NEED_CLIENT_AUTH) {
+ code = SOCKS5_HS_MISSING_CLIENT_AUTH;
+ } else {
+ /* We should not be called with another type of status. Recover by
+ * sending a generic error. */
+ tor_assert_nonfatal_unreached();
+ code = HS_DESC_DECODE_GENERIC_ERROR;
+ }
+ entry_conn->socks_request->socks_extended_error_code = code;
+ } SMARTLIST_FOREACH_END(entry_conn);
+
+ /* We don't have ownership of the objects in this list. */
+ smartlist_free(entry_conns);
+}
+
/** Return a newly allocated extend_info_t for a randomly chosen introduction
* point for the given edge connection identifier ident. Return NULL if we
* can't pick any usable introduction points. */
diff --git a/src/feature/hs/hs_client.h b/src/feature/hs/hs_client.h
index 6bd6e5748f..616d31a011 100644
--- a/src/feature/hs/hs_client.h
+++ b/src/feature/hs/hs_client.h
@@ -74,6 +74,8 @@ int hs_client_receive_rendezvous2(origin_circuit_t *circ,
void hs_client_desc_has_arrived(const hs_ident_dir_conn_t *ident);
void hs_client_desc_not_found(const hs_ident_dir_conn_t *ident);
+void hs_client_desc_missing_bad_client_auth(const hs_ident_dir_conn_t *ident,
+ hs_desc_decode_status_t status);
extend_info_t *hs_client_get_random_intro_from_edge(
const edge_connection_t *edge_conn);