diff options
| author | David Goulet <dgoulet@torproject.org> | 2020-02-04 09:25:55 -0500 |
|---|---|---|
| committer | George Kadianakis <desnacked@riseup.net> | 2020-02-06 12:54:54 +0200 |
| commit | 9278a24729c92b9f5c670b3e1608e2cdbd8bd9a1 (patch) | |
| tree | f91a28a47f591f21eed12563cd5288cd5e75fb11 /src/feature | |
| parent | 2c4d7d8c65b3783fa9213cc632d398d0d1b6ef5c (diff) | |
| download | tor-9278a24729c92b9f5c670b3e1608e2cdbd8bd9a1.tar.gz tor-9278a24729c92b9f5c670b3e1608e2cdbd8bd9a1.zip | |
hs-v3: Remove descriptor when we remove client authorization
When the ONION_CLIENT_AUTH_REMOVE command is given to tor, now also remove the
descriptor associated with the client authorization credentials.
Fixes #33148
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/feature')
| -rw-r--r-- | src/feature/hs/hs_cache.c | 36 | ||||
| -rw-r--r-- | src/feature/hs/hs_cache.h | 1 | ||||
| -rw-r--r-- | src/feature/hs/hs_client.c | 3 |
3 files changed, 40 insertions, 0 deletions
diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c index a7b41b835f..9cf408ca3e 100644 --- a/src/feature/hs/hs_cache.c +++ b/src/feature/hs/hs_cache.c @@ -847,6 +847,42 @@ hs_cache_store_as_client(const char *desc_str, return ret; } +/** Remove and free a client cache descriptor entry for the given onion + * service ed25519 public key. If the descriptor is decoded, the intro + * circuits are closed if any. + * + * This does nothing if no descriptor exists for the given key. */ +void +hs_cache_remove_as_client(const ed25519_public_key_t *key) +{ + hs_cache_client_descriptor_t *cached_desc = NULL; + + tor_assert(key); + + cached_desc = lookup_v3_desc_as_client(key->pubkey); + if (!cached_desc) { + return; + } + /* If we have a decrypted/decoded descriptor, attempt to close its + * introduction circuit(s). We shouldn't have circuit(s) without a + * descriptor else it will lead to a failure. */ + if (cached_desc->desc) { + hs_client_close_intro_circuits_from_desc(cached_desc->desc); + } + /* Remove and free. */ + remove_v3_desc_as_client(cached_desc); + cache_client_desc_free(cached_desc); + + /* Logging. */ + { + char key_b64[BASE64_DIGEST256_LEN + 1]; + digest256_to_base64(key_b64, (const char *) key); + log_info(LD_REND, "Onion service v3 descriptor '%s' removed " + "from client cache", + safe_str_client(key_b64)); + } +} + /** Clean all client caches using the current time now. */ void hs_cache_clean_as_client(time_t now) diff --git a/src/feature/hs/hs_cache.h b/src/feature/hs/hs_cache.h index ebe1621e88..bb3c77f224 100644 --- a/src/feature/hs/hs_cache.h +++ b/src/feature/hs/hs_cache.h @@ -85,6 +85,7 @@ const char * hs_cache_lookup_encoded_as_client(const struct ed25519_public_key_t *key); hs_desc_decode_status_t hs_cache_store_as_client(const char *desc_str, const struct ed25519_public_key_t *identity_pk); +void hs_cache_remove_as_client(const struct ed25519_public_key_t *key); void hs_cache_clean_as_client(time_t now); void hs_cache_purge_as_client(void); diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 611cc54302..4599bde5bb 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -1735,6 +1735,9 @@ hs_client_remove_auth_credentials(const char *hsaddress) find_and_remove_client_auth_creds_file(cred); } + /* Remove associated descriptor if any. */ + hs_cache_remove_as_client(&service_identity_pk); + client_service_authorization_free(cred); return REMOVAL_SUCCESS; } |