commit 7ace28c952562386ebe795394a038cdcf8c1dd57 Author: Suphanat Chunhapanya haxx.pop@gmail.com Date: Sun Aug 19 19:37:38 2018 +0700
hs-v3: Log client auth load activities service side
Signed-off-by: David Goulet dgoulet@torproject.org --- src/feature/hs/hs_service.c | 57 +++++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 20 deletions(-)
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 87c28f620..8d5d69302 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -1141,6 +1141,7 @@ parse_authorized_client(const char *client_key_str) SPLIT_SKIP_SPACE, 0); /* Wrong number of fields. */ if (smartlist_len(fields) != 3) { + log_warn(LD_REND, "The file is in a wrong format."); goto err; }
@@ -1148,9 +1149,15 @@ parse_authorized_client(const char *client_key_str) key_type = smartlist_get(fields, 1); pubkey_b32 = smartlist_get(fields, 2);
- /* Currently, the only supported auth type is "descriptor" and the only - * supported key type is "x25519". */ - if (strcmp(auth_type, "descriptor") || strcmp(key_type, "x25519")) { + /* Currently, the only supported auth type is "descriptor". */ + if (strcmp(auth_type, "descriptor")) { + log_warn(LD_REND, "The auth type '%s' is not supported.", auth_type); + goto err; + } + + /* Currently, the only supported key type is "x25519". */ + if (strcmp(key_type, "x25519")) { + log_warn(LD_REND, "The key type '%s' is not supported.", key_type); goto err; }
@@ -1168,6 +1175,7 @@ parse_authorized_client(const char *client_key_str) if (base32_decode((char *) client->client_pk.public_key, sizeof(client->client_pk.public_key), pubkey_b32, strlen(pubkey_b32)) < 0) { + log_warn(LD_REND, "The public key cannot be decoded."); goto err; }
@@ -1233,27 +1241,36 @@ load_client_keys(hs_service_t *service)
SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) { hs_service_authorized_client_t *client = NULL; + log_info(LD_REND, "Loading a client authorization key file %s...", + filename);
- if (client_filename_is_valid(filename)) { - /* Create a full path for a file. */ - client_key_file_path = hs_path_from_filename(client_keys_dir_path, - filename); - client_key_str = read_file_to_str(client_key_file_path, 0, NULL); - /* Free immediately after using it. */ - tor_free(client_key_file_path); + if (!client_filename_is_valid(filename)) { + log_warn(LD_REND, "The filename is invalid."); + continue; + }
- /* If we cannot read the file, continue with the next file. */ - if (!client_key_str) { - continue; - } + /* Create a full path for a file. */ + client_key_file_path = hs_path_from_filename(client_keys_dir_path, + filename); + client_key_str = read_file_to_str(client_key_file_path, 0, NULL); + /* Free immediately after using it. */ + tor_free(client_key_file_path); + + /* If we cannot read the file, continue with the next file. */ + if (!client_key_str) { + log_warn(LD_REND, "The file cannot be read."); + continue; + }
- client = parse_authorized_client(client_key_str); - /* Free immediately after using it. */ - tor_free(client_key_str); + client = parse_authorized_client(client_key_str); + /* Wipe and free immediately after using it. */ + memwipe(client_key_str, 0, strlen(client_key_str)); + tor_free(client_key_str);
- if (client) { - smartlist_add(config->clients, client); - } + if (client) { + smartlist_add(config->clients, client); + log_info(LD_REND, "Loaded a client authorization key file %s.", + filename); }
} SMARTLIST_FOREACH_END(filename);