commit 12dfb4f5d8cfb0f244b4a1ae3cc3af237a3034e7 Author: Nick Mathewson nickm@torproject.org Date: Tue Jul 19 02:36:59 2011 -0400
Use socks username/password information in stream isolation --- doc/tor.1.txt | 1 - src/or/circuitlist.c | 2 ++ src/or/connection.c | 2 +- src/or/connection_edge.c | 23 +++++++++++++---------- src/or/or.h | 7 ++++--- 5 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 8241eeb..821098b 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -700,7 +700,6 @@ The following options are useful only for clients (that is, if Don't share a circuits with streams for which different SOCKS authentication was provided. (On by default; you can disable it with **NoIsolateSOCKSAuth**.) - [NOT YET IMPLEMENTED.] **IsolateClientProtocol**;; Don't share circuits with streams using a different protocol. (SOCKS 4, SOCKS 5, TransPort connections, NATDPort connections, diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 6f17697..28a7181 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -566,6 +566,8 @@ circuit_free(circuit_t *circ) rend_data_free(ocirc->rend_data);
tor_free(ocirc->dest_address); + tor_free(ocirc->socks_username); + tor_free(ocirc->socks_password); } else { or_circuit_t *ocirc = TO_OR_CIRCUIT(circ); /* Remember cell statistics for this circuit before deallocating. */ diff --git a/src/or/connection.c b/src/or/connection.c index 0fae11e..59a7b80 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1809,7 +1809,7 @@ retry_listener_ports(smartlist_t *old_conns, SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) { struct sockaddr *listensockaddr; socklen_t listensocklen = 0; - char *address; + char *address=NULL; connection_t *conn;
if (port->is_unix_addr) { diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 42f74b7..63779f2 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3305,12 +3305,10 @@ connection_edge_streams_are_compatible(const edge_connection_t *a, if ((iso & ISO_DESTADDR) && strcasecmp(a->original_dest_address, b->original_dest_address)) return 0; - /* XXXX023 Waititing for ticket #1666 */ - /* if ((iso & ISO_SOCKSAUTH) && - strcasecmp(a->socks_request->auth, b->socks_request->auth)) + (strcmp_opt(a->socks_request->username, b->socks_request->username) || + strcmp_opt(a->socks_request->password, b->socks_request->password))) return 0; - */ if ((iso & ISO_CLIENTPROTO) && (TO_CONN(a)->type != TO_CONN(b)->type || a->socks_request->socks_version != b->socks_request->socks_version)) @@ -3369,12 +3367,10 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn, if ((iso & ISO_DESTADDR) && strcasecmp(conn->original_dest_address, circ->dest_address)) return 0; - /* XXXX023 Waititing for ticket #1666 */ - /* if ((iso & ISO_SOCKSAUTH) && - strcasecmp(a->socks_request->auth, b->socks_request->auth)) + (strcmp_opt(conn->socks_request->username, circ->socks_username) || + strcmp_opt(conn->socks_request->password, circ->socks_password))) return 0; - */ if ((iso & ISO_CLIENTPROTO) && (TO_CONN(conn)->type != circ->client_proto_type || conn->socks_request->socks_version != circ->client_proto_socksver)) @@ -3420,7 +3416,10 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr); circ->session_group = conn->session_group; circ->nym_epoch = conn->nym_epoch; - /* XXXX023 auth too, once #1666 is in. */ + circ->socks_username = conn->socks_request->username ? + tor_strdup(conn->socks_request->username) : NULL; + circ->socks_password = conn->socks_request->password ? + tor_strdup(conn->socks_request->password) : NULL;
circ->isolation_values_set = 1; return 0; @@ -3430,7 +3429,9 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn, mixed |= ISO_DESTPORT; if (strcasecmp(conn->original_dest_address, circ->dest_address)) mixed |= ISO_DESTADDR; - /* XXXX023 auth too, once #1666 is in. */ + if (strcmp_opt(conn->socks_request->username, circ->socks_username) || + strcmp_opt(conn->socks_request->password, circ->socks_password)) + mixed |= ISO_SOCKSAUTH; if ((TO_CONN(conn)->type != circ->client_proto_type || conn->socks_request->socks_version != circ->client_proto_socksver)) mixed |= ISO_CLIENTPROTO; @@ -3486,5 +3487,7 @@ circuit_clear_isolation(origin_circuit_t *circ) tor_free(circ->dest_address); circ->session_group = -1; circ->nym_epoch = 0; + tor_free(circ->socks_username); + tor_free(circ->socks_password); }
diff --git a/src/or/or.h b/src/or/or.h index 835f279..47cee35 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1218,8 +1218,8 @@ typedef struct edge_connection_t { char *original_dest_address; /* Other fields to isolate on already exist. The ClientAddr is addr. The ClientProtocol is a combination of type and socks_request-> - socks_version. SocksAuth will be added to socks_request by ticket - #1666. DestAddr is in socks_request->address. */ + socks_version. SocksAuth is socks_request->username/password. + DestAddr is in socks_request->address. */
/** Number of times we've reassigned this application connection to * a new circuit. We keep track because the timeout is longer if we've @@ -2501,7 +2501,8 @@ typedef struct origin_circuit_t { char *dest_address; int session_group; unsigned nym_epoch; - /* XXXX023 do auth once #1666 is merged */ + char *socks_username; + char *socks_password; /**@}*/
} origin_circuit_t;