Allow calls to dup() which was introduced in commit a22fbab986.
From a security perspective, I don't think this should impact the
security of the sandbox significantly. As far as I can tell, there
is nothing an adversary can do with a duplicated FD that can't be
done with the original.
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
EXPOSE_CLEAN_BACKTRACE BACKTRACE_PRIVATE \
TOR_CHANNEL_INTERNAL_ CHANNEL_OBJECT_PRIVATE \
CHANNEL_PRIVATE_ CHANNEL_FILE_PRIVATE \
EXPOSE_ROUTERDESC_TOKEN_TABLE ROUTERDESC_TOKEN_TABLE_PRIVATE \
SCHEDULER_PRIVATE_ SCHEDULER_PRIVATE
Some ".c" files define *_PRIVATE macros, but those macros are
not used in any header file. Delete them.
These changes were created using the "make autostyle" from
32522, and then split into commits.
We stopped looking at this option in 85cf6dcba3, back when we
implemented the minimal pieces of prop275. Since then, we've had
code to validate and adjust this option, and to give it a different
value in testing networks, but the option hasn't actually done
anything.
We can safely mark it as OBSOLETE, since doing so does not make any
old configuration get rejected.
Closes ticket 32807.
I've chosen the "AuthDirMaxServersPerAddr" option here for
simplicity, since it is used literally nowhere else besides the dirauth
module. Once we have all the infrastructure in place for this, we
can move more options into this structure.
Like "obsolete" variables, these variables produce a warning when
you try to set them, but the warning says that the relevant module
doesn't have support.
The confdecl macros now have a CONF_CONTEXT that you can define to
make all the modules in a given table disabled.
These modules are only built when the selected modules are disabled.
The provide stub implementations of the subsystem blocks. Later,
other stub implementations could move here.
Having real subsystem blocks here will let us handle disabled
configuration options better.
There is no /tmp or mkdtemp on Android, there is /data/local/tmp for
root and the shell user. So this fakes mkdtemp. Also, FYI, tor might
not like the default perms of /data/local/tmp, e.g. 0770.
https://trac.torproject.org/projects/tor/ticket/32172
With v3, the "pending_final_cpath" of a circuit is always NULL which means
that for v3, established client rendezvous circuit waiting for the intro point
to ACK, will always end up timing out quickly.
This can increase the delays to which you connect to a service since in order
to succeed, the rendezvous circuit needs to fully established
(CIRCUIT_PURPOSE_C_REND_JOINED) within the cutoff of the introduction circuit
as well which is these days around 2-3 seconds.
Fixes#32021
Signed-off-by: David Goulet <dgoulet@torproject.org>
Simplify handle_control_getinfo() by using the new reply lines
abstraction. Previously, this function explicitly checked for whether
it should generate a MidReplyLine, a DataReplyLine, or an
EndReplyLine. control_write_reply_lines() now abstracts this check.
Part of #30984.
In handle_control_getconf(), use the new control reply line
abstraction to simplify output generation. Previously, this function
explicitly checked for whether it should generate a MidReplyLine or an
EndReplyLine. control_write_reply_lines() now abstracts this check.
Part of #30984.
All of these files contain "*.h", except for:
* src/app/config/.may_include
* src/test/.may_include
which also contain "*.inc".
This change prevents includes of "*.c" files, and other
unusually named files.
Part of 32609.
- Remove key_dir which is useless.
- Kill an indentation layer.
We want to make it cleaner and slimmer so that we can reuse parts of it in the
REMOVE command for removing the right client auth file.
Because the function that parses client auth credentials saved on
disk (parse_auth_file_content()) is not future compatible, there is no way to
add support for storing the nickname on the disk. Hence, nicknames cannot
persist after Tor restart making them pretty much useless.
In the future we can introduce nicknames by adding a new file format for client
auth credentials, but this was not deemed worth doing at this stage.
- See hs_client_register_auth_credentials() for the entry point.
- Also set the permanent flag for credentials we read from the filesystem.
- Also add some missing documentation.
Since the removal of ip->circuit_established, this function does litterally
nothing so clean it up.
Part of #32020
Signed-off-by: David Goulet <dgoulet@torproject.org>
By centralizing the circuit cleanup type that is: on close, free and
repurpose, some actions on the circuit can not happen for a certain cleanup
type or for all types.
This passes a cleanup type so the HS subsystem (v2 and v3) can take actions
based on the type of cleanup.
For instance, there is slow code that we do not run on a circuit close but
rather only on free.
Part of #32020
Signed-off-by: David Goulet <dgoulet@torproject.org>
Report back to the v3 subsystem any introduction point client circuit failure
so they can be noted down in the failure cache.
Fixes#32020
Signed-off-by: David Goulet <dgoulet@torproject.org>
Old and messy code path. Structure it in a more pleasant and readable way. No
behavior change with this refactor.
Part of #32020
Signed-off-by: David Goulet <dgoulet@torproject.org>