nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-21 05:26:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'maint-0.3.5'

Browse Source
This commit is contained in:
David Goulet 2018-10-30 10:55:10 -04:00
commit cdb065d6b2
4 changed files with 45 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
changes/bug28127 Normal file
View File

@ -0,0 +1,7 @@
o Minor bugfixes (onion services):
- Unless we have explicitly set HiddenServiceVersion, detect the onion
service version and then look for invalid options. Previously, we
did the reverse, but that broke existing configs which were pointed
to a v2 hidden service and had options like HiddenServiceAuthorizeClient
set Fixes bug 28127; bugfix on 0.3.5.1-alpha. Patch by Neel Chauhan.

30
src/feature/hs/hs_config.c
View File

@ -419,7 +419,7 @@ config_generic_service(const config_line_t *line_,
dup_opt_seen = line->key; dup_opt_seen = line->key;
goto err; goto err;
} }
have_version = 1; have_version = service->config.hs_version_explicitly_set = 1;
continue; continue;
} }
/* Virtual port. */ /* Virtual port. */
@ -534,18 +534,15 @@ config_service(const config_line_t *line, const or_options_t *options,
/* We have a new hidden service. */ /* We have a new hidden service. */
service = hs_service_new(options); service = hs_service_new(options);
/* We'll configure that service as a generic one and then pass it to a /* We'll configure that service as a generic one and then pass it to a
* specific function according to the configured version number. */ * specific function according to the configured version number. */
if (config_generic_service(line, options, service) < 0) { if (config_generic_service(line, options, service) < 0) {
goto err; goto err;
} }
tor_assert(service->config.version <= HS_VERSION_MAX); tor_assert(service->config.version <= HS_VERSION_MAX);
/* Before we configure the service on a per-version basis, we'll make
* sure that this set of options for a service are valid that is for
* instance an option only for v2 is not used for v3. */
if (config_has_invalid_options(line->next, service)) {
goto err;
}
/* Check permission on service directory that was just parsed. And this must /* Check permission on service directory that was just parsed. And this must
* be done regardless of the service version. Do not ask for the directory * be done regardless of the service version. Do not ask for the directory
* to be created, this is done when the keys are loaded because we could be * to be created, this is done when the keys are loaded because we could be
@ -556,11 +553,19 @@ config_service(const config_line_t *line, const or_options_t *options,
0) < 0) { 0) < 0) {
goto err; goto err;
} }
/* We'll try to learn the service version here by loading the key(s) if /* We'll try to learn the service version here by loading the key(s) if
* present. Depending on the key format, we can figure out the service * present and we did not set HiddenServiceVersion. Depending on the key
* version. If we can't find a key, the configuration version will be used * format, we can figure out the service version. */
* which has been set previously. */ if (!service->config.hs_version_explicitly_set) {
service->config.version = config_learn_service_version(service); service->config.version = config_learn_service_version(service);
}
/* We make sure that this set of options for a service are valid that is for
* instance an option only for v2 is not used for v3. */
if (config_has_invalid_options(line->next, service)) {
goto err;
}
/* Different functions are in charge of specific options for a version. We /* Different functions are in charge of specific options for a version. We
* start just after the service directory line so once we hit another * start just after the service directory line so once we hit another
@ -580,13 +585,16 @@ config_service(const config_line_t *line, const or_options_t *options,
if (ret < 0) { if (ret < 0) {
goto err; goto err;
} }
/* We'll check if this service can be kept depending on the others /* We'll check if this service can be kept depending on the others
* configured previously. */ * configured previously. */
if (service_is_duplicate_in_list(service_list, service)) { if (service_is_duplicate_in_list(service_list, service)) {
goto err; goto err;
} }
/* Passes, add it to the given list. */ /* Passes, add it to the given list. */
smartlist_add(service_list, service); smartlist_add(service_list, service);
return 0; return 0;
err: err:

3
src/feature/hs/hs_service.h
View File

@ -178,6 +178,9 @@ typedef struct hs_service_config_t {
* option. */ * option. */
uint32_t version; uint32_t version;
/* Have we explicitly set HiddenServiceVersion? */
unsigned int hs_version_explicitly_set : 1;
/* List of rend_service_port_config_t */ /* List of rend_service_port_config_t */
smartlist_t *ports; smartlist_t *ports;

16
src/test/test_hs_config.c
View File

@ -366,6 +366,22 @@ test_invalid_service_v3(void *arg)
teardown_capture_of_logs(); teardown_capture_of_logs();
} }
/* v2-specific HiddenServiceAuthorizeClient set. */
{
const char *conf =
"HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
"HiddenServiceVersion 3\n"
"HiddenServiceAuthorizeClient stealth client1\n";
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, validate_only);
tt_int_op(ret, OP_EQ, -1);
expect_log_msg_containing("Hidden service option "
"HiddenServiceAuthorizeClient is incompatible "
"with version 3 of service in "
"/tmp/tor-test-hs-RANDOM/hs1");
teardown_capture_of_logs();
}
done: done:
; ;
} }