summaryrefslogtreecommitdiff
path: root/src/or/control.c
diff options
context:
space:
mode:
authorteor <teor2345@gmail.com>2016-09-07 15:24:47 +1000
committerNick Mathewson <nickm@torproject.org>2016-09-13 10:13:57 -0400
commita00fee2f5467bf0fbc425d49787a822283e8451e (patch)
treeaadba5a19f229ac505d542278db8c0e63d8eb757 /src/or/control.c
parenta4f46ff8ba43b1e635bc5a8543b9354e6de02e14 (diff)
downloadtor-a00fee2f5467bf0fbc425d49787a822283e8451e.tar.gz
tor-a00fee2f5467bf0fbc425d49787a822283e8451e.zip
Ephemeral Single Onion Services must have the NonAnonymous ADD_ONION flag
Tor checks that the flag matches the configured onion service anonymity. Tor refuses to create unflagged onion service using ADD_ONION, if they would be non-anonymous. The error is: 512 Tor is in non-anonymous onion mode Similarly, if the NonAnonymous flag is present, and Tor has the default anonymous onion config: 512 Tor is in anonymous onion mode
Diffstat (limited to 'src/or/control.c')
-rw-r--r--src/or/control.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/src/or/control.c b/src/or/control.c
index 1337af4201..8f3909b27d 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -4249,6 +4249,8 @@ handle_control_add_onion(control_connection_t *conn,
int max_streams = 0;
int max_streams_close_circuit = 0;
rend_auth_type_t auth_type = REND_NO_AUTH;
+ /* Default to anonymous if no flag is given */
+ int non_anonymous = 0;
for (size_t i = 1; i < arg_len; i++) {
static const char *port_prefix = "Port=";
static const char *flags_prefix = "Flags=";
@@ -4285,11 +4287,17 @@ handle_control_add_onion(control_connection_t *conn,
* * 'MaxStreamsCloseCircuit' - Close the circuit if MaxStreams is
* exceeded.
* * 'BasicAuth' - Client authorization using the 'basic' method.
+ * * 'NonAnonymous' - Add a non-anonymous Single Onion Service. If this
+ * flag is present, OnionServiceSingleHopMode and
+ * OnionServiceNonAnonymousMode must both be 1. If
+ * this flag is absent, both these options must be
+ * 0.
*/
static const char *discard_flag = "DiscardPK";
static const char *detach_flag = "Detach";
static const char *max_s_close_flag = "MaxStreamsCloseCircuit";
static const char *basicauth_flag = "BasicAuth";
+ static const char *non_anonymous_flag = "NonAnonymous";
smartlist_t *flags = smartlist_new();
int bad = 0;
@@ -4310,6 +4318,8 @@ handle_control_add_onion(control_connection_t *conn,
max_streams_close_circuit = 1;
} else if (!strcasecmp(flag, basicauth_flag)) {
auth_type = REND_BASIC_AUTH;
+ } else if (!strcasecmp(flag, non_anonymous_flag)) {
+ non_anonymous = 1;
} else {
connection_printf_to_buf(conn,
"512 Invalid 'Flags' argument: %s\r\n",
@@ -4378,6 +4388,17 @@ handle_control_add_onion(control_connection_t *conn,
smartlist_len(auth_clients) > 16)) {
connection_printf_to_buf(conn, "512 Too many auth clients\r\n");
goto out;
+ } else if (non_anonymous != rend_service_allow_non_anonymous_connection(
+ get_options())) {
+ /* If we failed, and non-anonymous is set, Tor must be in anonymous mode.
+ * The error message changes based on the current Tor config:
+ * 512 Tor is in anonymous onion mode
+ * 512 Tor is in non-anonymous onion mode
+ * (I've deliberately written them out in full here to aid searchability.)
+ */
+ connection_printf_to_buf(conn, "512 Tor is in %sanonymous onion mode\r\n",
+ non_anonymous ? "" : "non-");
+ goto out;
}
/* Parse the "keytype:keyblob" argument. */