Reinstate add_onion_helper_add_service() test, validate auth clients before adding them

src/feature/control/control_cmd.c

@@ -1649,7 +1649,7 @@ handle_control_hspost(control_connection_t *conn,
  * On success (RSAE_OKAY), the address_out points to a newly allocated string
  * containing the onion address without the .onion part. On error, address_out
  * is untouched. */
-static hs_service_add_ephemeral_status_t
+STATIC hs_service_add_ephemeral_status_t
 add_onion_helper_add_service(int hs_version,
                              add_onion_secret_key_t *pk,
                              smartlist_t *port_cfgs, int max_streams,

src/feature/control/control_cmd.h

@@ -75,6 +75,7 @@ typedef struct control_cmd_syntax_t {
 } control_cmd_syntax_t;
 
 #ifdef CONTROL_CMD_PRIVATE
+#include "feature/hs/hs_service.h"
 #include "lib/crypt_ops/crypto_ed25519.h"
 
 /* ADD_ONION secret key to create an ephemeral service. The command supports
@@ -94,6 +95,14 @@ STATIC int add_onion_helper_keyarg(const char *arg, int discard_pk,
                                    int *hs_version,
                                    control_connection_t *conn);
 
+STATIC hs_service_add_ephemeral_status_t add_onion_helper_add_service(
+                             int hs_version,
+                             add_onion_secret_key_t *pk,
+                             smartlist_t *port_cfgs, int max_streams,
+                             int max_streams_close_circuit, int auth_type,
+                             smartlist_t *auth_clients,
+                             smartlist_t *auth_clients_v3, char **address_out);
+
 STATIC rend_authorized_client_t *add_onion_helper_clientauth(const char *arg,
                                    int *created, control_connection_t *conn);
 

src/feature/hs/hs_service.c

@@ -3755,7 +3755,13 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports,
   }
 
   if (auth_clients_v3) {
-    service->config.clients = auth_clients_v3;
+    service->config.clients = smartlist_new();
+    SMARTLIST_FOREACH(auth_clients_v3, hs_service_authorized_client_t *, c, {
+      if (c != NULL) {
+        smartlist_add(service->config.clients, c);
+      }
+    });
+    smartlist_free(auth_clients_v3);
   }
 
   /* Build the onion address for logging purposes but also the control port

src/test/test_hs_control.c

@@ -739,9 +739,9 @@ test_hs_control_add_onion_with_bad_pubkey(void *arg)
   tor_free(conn.current_cmd);
 }
 
-/** Test that add_onion_helper_add_service can add the service. */
+/** Test that we can add the service via the control port. */
 static void
-test_hs_add_onion_helper_add_service(void *arg)
+test_hs_control_add_auth_onion_service(void *arg)
 {
   control_connection_t conn;
   char *args = NULL, *cp1 = NULL;
@@ -785,6 +785,76 @@ test_hs_add_onion_helper_add_service(void *arg)
   hs_client_free_all();
 }
 
+/** Test that add_onion_helper_add_service can add the service. */
+static void
+test_hs_control_add_onion_helper_add_service(void *arg)
+{
+  int hs_version_good, hs_version_bad;
+  add_onion_secret_key_t sk_good, sk_bad;
+  ed25519_public_key_t pk_good, pk_bad;
+  char *key_new_blob_good = NULL, *key_new_blob_bad = NULL;
+  const char *key_new_alg_good = NULL, *key_new_alg_bad = NULL;
+  hs_service_authorized_client_t *client_good, *client_bad;
+  smartlist_t *list_v2, *list_good, *list_bad;
+  hs_service_ht *global_map;
+  rend_service_port_config_t *portcfg;
+  smartlist_t *portcfgs;
+  char *address_out_good, *address_out_bad;
+
+  (void) arg;
+
+  hs_init();
+  global_map = get_hs_service_map();
+
+  portcfg = rend_service_parse_port_config("8080", ",", NULL);
+  portcfgs = smartlist_new();
+  smartlist_add(portcfgs, portcfg);
+
+  memset(&sk_good, 0, sizeof(sk_good));
+  memset(&sk_bad, 0, sizeof(sk_bad));
+
+  add_onion_helper_keyarg("NEW:ED25519-V3", 0, &key_new_alg_good,
+                         &key_new_blob_good, &sk_good, &hs_version_good, NULL);
+  add_onion_helper_keyarg("NEW:ED25519-V3", 0, &key_new_alg_bad,
+                         &key_new_blob_bad, &sk_bad, &hs_version_bad, NULL);
+
+  ed25519_public_key_generate(&pk_good, sk_good.v3);
+  ed25519_public_key_generate(&pk_bad, sk_bad.v3);
+
+  client_good = parse_authorized_client_key(
+            "N2NU7BSRL6YODZCYPN4CREB54TYLKGIE2KYOQWLFYC23ZJVCE5DQ", LOG_INFO);
+  client_bad = parse_authorized_client_key("dummy", LOG_INFO);
+
+  list_v2 = smartlist_new();
+  list_good = smartlist_new();
+  smartlist_add(list_good, client_good);
+  list_bad = smartlist_new();
+  smartlist_add(list_bad, client_bad);
+
+  add_onion_helper_add_service(HS_VERSION_THREE, &sk_good, portcfgs, 1, 1,
+                          REND_V3_AUTH, list_v2, list_good, &address_out_good);
+  add_onion_helper_add_service(HS_VERSION_THREE, &sk_bad, portcfgs, 1, 1,
+                          REND_V3_AUTH, list_v2, list_bad, &address_out_bad);
+
+  hs_service_t *srv_good = find_service(global_map, &pk_good);
+  hs_service_t *srv_bad = find_service(global_map, &pk_bad);
+
+  tt_int_op(smartlist_len(srv_good->config.clients), OP_EQ, 1);
+  tt_int_op(smartlist_len(srv_bad->config.clients), OP_EQ, 0);
+
+ done:
+  tor_free(key_new_blob_good);
+  tor_free(key_new_blob_bad);
+  tor_free(address_out_good);
+  tor_free(address_out_bad);
+
+  service_authorized_client_free(client_good);
+
+  smartlist_free(list_v2);
+  smartlist_free(list_good);
+  smartlist_free(list_bad);
+}
+
 struct testcase_t hs_control_tests[] = {
   { "hs_desc_event", test_hs_desc_event, TT_FORK,
     NULL, NULL },
@@ -798,8 +868,10 @@ struct testcase_t hs_control_tests[] = {
     test_hs_control_store_permanent_creds, TT_FORK, NULL, NULL },
   { "hs_control_add_onion_with_bad_pubkey",
     test_hs_control_add_onion_with_bad_pubkey, TT_FORK, NULL, NULL },
-  { "hs_add_onion_helper_add_service",
+  { "hs_control_add_auth_onion_service",
-    test_hs_add_onion_helper_add_service, TT_FORK, NULL, NULL},
+    test_hs_control_add_auth_onion_service, TT_FORK, NULL, NULL},
+  { "hs_control_add_onion_helper_add_service",
+    test_hs_control_add_onion_helper_add_service, TT_FORK, NULL, NULL},
 
   END_OF_TESTCASES
 };