diff options
author | John Brooks <john.brooks@dereferenced.net> | 2015-04-13 21:09:09 -0600 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2016-05-09 14:28:08 -0400 |
commit | d15354c73b08342f9c1d22917c80194380c75e2c (patch) | |
tree | 024ffe2b6ba07399a3867ef6b66eae42cb8e6813 /src/or | |
parent | d5a23ce115bf89046cc0e9deb64b288113c8dd92 (diff) | |
download | tor-d15354c73b08342f9c1d22917c80194380c75e2c.tar.gz tor-d15354c73b08342f9c1d22917c80194380c75e2c.zip |
Add client auth to rend_service_add_ephemeral
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/control.c | 4 | ||||
-rw-r--r-- | src/or/rendservice.c | 22 | ||||
-rw-r--r-- | src/or/rendservice.h | 3 |
3 files changed, 23 insertions, 6 deletions
diff --git a/src/or/control.c b/src/or/control.c index 220e7e514f..a215eb8aaa 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -3845,13 +3845,15 @@ handle_control_add_onion(control_connection_t *conn, } tor_assert(!err_msg); - /* Create the HS, using private key pk, and port config port_cfg. + /* Create the HS, using private key pk, client authentication auth_type, + * the list of auth_clients, and port config port_cfg. * rend_service_add_ephemeral() will take ownership of pk and port_cfg, * regardless of success/failure. */ char *service_id = NULL; int ret = rend_service_add_ephemeral(pk, port_cfgs, max_streams, max_streams_close_circuit, + REND_NO_AUTH, NULL, &service_id); port_cfgs = NULL; /* port_cfgs is now owned by the rendservice code. */ switch (ret) { diff --git a/src/or/rendservice.c b/src/or/rendservice.c index e6bceeda56..5b9320922b 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -828,14 +828,17 @@ rend_config_services(const or_options_t *options, int validate_only) return 0; } -/** Add the ephemeral service <b>pk</b>/<b>ports</b> if possible, with +/** Add the ephemeral service <b>pk</b>/<b>ports</b> if possible, using + * client authorization <b>auth_type</b> and an optional list of + * rend_authorized_client_t in <b>auth_clients</b>, with * <b>max_streams_per_circuit</b> streams allowed per rendezvous circuit, * and circuit closure on max streams being exceeded set by * <b>max_streams_close_circuit</b>. * - * Regardless of sucess/failure, callers should not touch pk/ports after - * calling this routine, and may assume that correct cleanup has been done - * on failure. + * Ownership of pk, ports, and auth_clients is passed to this routine. + * Regardless of success/failure, callers should not touch these values + * after calling this routine, and may assume that correct cleanup has + * been done on failure. * * Return an appropriate rend_service_add_ephemeral_status_t. */ @@ -844,6 +847,8 @@ rend_service_add_ephemeral(crypto_pk_t *pk, smartlist_t *ports, int max_streams_per_circuit, int max_streams_close_circuit, + rend_auth_type_t auth_type, + smartlist_t *auth_clients, char **service_id_out) { *service_id_out = NULL; @@ -853,7 +858,8 @@ rend_service_add_ephemeral(crypto_pk_t *pk, rend_service_t *s = tor_malloc_zero(sizeof(rend_service_t)); s->directory = NULL; /* This indicates the service is ephemeral. */ s->private_key = pk; - s->auth_type = REND_NO_AUTH; + s->auth_type = auth_type; + s->clients = auth_clients; s->ports = ports; s->intro_period_started = time(NULL); s->n_intro_points_wanted = NUM_INTRO_POINTS_DEFAULT; @@ -869,6 +875,12 @@ rend_service_add_ephemeral(crypto_pk_t *pk, rend_service_free(s); return RSAE_BADVIRTPORT; } + if (s->auth_type != REND_NO_AUTH && + (!s->clients || smartlist_len(s->clients) == 0)) { + log_warn(LD_CONFIG, "At least one authorized client must be specified."); + rend_service_free(s); + return RSAE_BADAUTH; + } /* Enforcing pk/id uniqueness should be done by rend_service_load_keys(), but * it's not, see #14828. diff --git a/src/or/rendservice.h b/src/or/rendservice.h index 2bb0c6aa88..493baa8f98 100644 --- a/src/or/rendservice.h +++ b/src/or/rendservice.h @@ -110,6 +110,7 @@ void rend_authorized_client_free(rend_authorized_client_t *client); /** Return value from rend_service_add_ephemeral. */ typedef enum { + RSAE_BADAUTH = -5, /**< Invalid auth_type/auth_clients */ RSAE_BADVIRTPORT = -4, /**< Invalid VIRTPORT/TARGET(s) */ RSAE_ADDREXISTS = -3, /**< Onion address collision */ RSAE_BADPRIVKEY = -2, /**< Invalid public key */ @@ -120,6 +121,8 @@ rend_service_add_ephemeral_status_t rend_service_add_ephemeral(crypto_pk_t *pk, smartlist_t *ports, int max_streams_per_circuit, int max_streams_close_circuit, + rend_auth_type_t auth_type, + smartlist_t *auth_clients, char **service_id_out); int rend_service_del_ephemeral(const char *service_id); |