Ensure controller RESOLVE commands respect __LeaveStreamsUnattached

https://trac.torproject.org/projects/tor/ticket/1525

"The codepath taken by the control port "RESOLVE" command to create a
synthetic SOCKS resolve request isn't the same as the path taken by
a real SOCKS request from 'tor-resolve'.
This prevents controllers who set LeaveStreamsUnattached=1 from
being able to attach RESOLVE streams to circuits of their choosing."

Create a new function connection_ap_rewrite_and_attach_if_allowed()
and call that when Tor needs to attach a stream to a circuit but
needs to know if the controller permits it.

No tests added.

1 files changed, 3 insertions, 0 deletions

diff --git a/src/or/connection_edge.h b/src/or/connection_edge.h
index c3d6098c5a..85444503b8 100644
--- a/src/or/connection_edge.h
+++ b/src/or/connection_edge.h
@@ -79,6 +79,9 @@ void client_dns_set_addressmap(const char *address, uint32_t val,
 const char *addressmap_register_virtual_address(int type, char *new_address);
 void addressmap_get_mappings(smartlist_t *sl, time_t min_expires,
                              time_t max_expires, int want_expiry);
+int connection_ap_rewrite_and_attach_if_allowed(edge_connection_t *conn,
+                                                origin_circuit_t *circ,
+                                                crypt_path_t *cpath);
 int connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
                                                origin_circuit_t *circ,
                                                crypt_path_t *cpath);