diff options
| author | John Brooks <john.brooks@dereferenced.net> | 2015-04-13 21:09:09 -0600 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-05-09 14:28:08 -0400 |
| commit | d15354c73b08342f9c1d22917c80194380c75e2c (patch) | |
| tree | 024ffe2b6ba07399a3867ef6b66eae42cb8e6813 /src/or/rendservice.c | |
| parent | d5a23ce115bf89046cc0e9deb64b288113c8dd92 (diff) | |
| download | tor-d15354c73b08342f9c1d22917c80194380c75e2c.tar.gz tor-d15354c73b08342f9c1d22917c80194380c75e2c.zip | |
Add client auth to rend_service_add_ephemeral
Diffstat (limited to 'src/or/rendservice.c')
| -rw-r--r-- | src/or/rendservice.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c index e6bceeda56..5b9320922b 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -828,14 +828,17 @@ rend_config_services(const or_options_t *options, int validate_only) return 0; } -/** Add the ephemeral service <b>pk</b>/<b>ports</b> if possible, with +/** Add the ephemeral service <b>pk</b>/<b>ports</b> if possible, using + * client authorization <b>auth_type</b> and an optional list of + * rend_authorized_client_t in <b>auth_clients</b>, with * <b>max_streams_per_circuit</b> streams allowed per rendezvous circuit, * and circuit closure on max streams being exceeded set by * <b>max_streams_close_circuit</b>. * - * Regardless of sucess/failure, callers should not touch pk/ports after - * calling this routine, and may assume that correct cleanup has been done - * on failure. + * Ownership of pk, ports, and auth_clients is passed to this routine. + * Regardless of success/failure, callers should not touch these values + * after calling this routine, and may assume that correct cleanup has + * been done on failure. * * Return an appropriate rend_service_add_ephemeral_status_t. */ @@ -844,6 +847,8 @@ rend_service_add_ephemeral(crypto_pk_t *pk, smartlist_t *ports, int max_streams_per_circuit, int max_streams_close_circuit, + rend_auth_type_t auth_type, + smartlist_t *auth_clients, char **service_id_out) { *service_id_out = NULL; @@ -853,7 +858,8 @@ rend_service_add_ephemeral(crypto_pk_t *pk, rend_service_t *s = tor_malloc_zero(sizeof(rend_service_t)); s->directory = NULL; /* This indicates the service is ephemeral. */ s->private_key = pk; - s->auth_type = REND_NO_AUTH; + s->auth_type = auth_type; + s->clients = auth_clients; s->ports = ports; s->intro_period_started = time(NULL); s->n_intro_points_wanted = NUM_INTRO_POINTS_DEFAULT; @@ -869,6 +875,12 @@ rend_service_add_ephemeral(crypto_pk_t *pk, rend_service_free(s); return RSAE_BADVIRTPORT; } + if (s->auth_type != REND_NO_AUTH && + (!s->clients || smartlist_len(s->clients) == 0)) { + log_warn(LD_CONFIG, "At least one authorized client must be specified."); + rend_service_free(s); + return RSAE_BADAUTH; + } /* Enforcing pk/id uniqueness should be done by rend_service_load_keys(), but * it's not, see #14828. |