commit 8e57986e7d826141727fc3d538b33882dc4aca91 Author: David Goulet dgoulet@torproject.org Date: Thu Aug 30 09:16:48 2018 -0400
hs-v3: Improve v3 client authorization logging
Part of #20700.
Signed-off-by: David Goulet dgoulet@torproject.org --- src/feature/hs/hs_client.c | 14 ++++++++------ src/feature/hs/hs_service.c | 18 ++++++++++++------ 2 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 23ab10e21..af657c7c9 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -1571,7 +1571,9 @@ hs_config_client_authorization(const or_options_t *options, filename);
if (!auth_key_filename_is_valid(filename)) { - log_warn(LD_REND, "The filename is invalid."); + log_notice(LD_REND, "Client authorization unrecognized filename %s. " + "File must end in .auth_private. Ignoring.", + filename); continue; }
@@ -1583,7 +1585,7 @@ hs_config_client_authorization(const or_options_t *options,
/* If we cannot read the file, continue with the next file. */ if (!client_key_str) { - log_warn(LD_REND, "The file cannot be read."); + log_warn(LD_REND, "The file %s cannot be read.", filename); continue; }
@@ -1597,15 +1599,16 @@ hs_config_client_authorization(const or_options_t *options, if (hs_parse_address(auth->onion_address, &identity_pk, NULL, NULL) < 0) { client_service_authorization_free(auth); - log_warn(LD_REND, "The onion address is invalid."); + log_warn(LD_REND, "The onion address "%s" is invalid in " + "file %s", filename, auth->onion_address); continue; }
if (digest256map_get(auths, identity_pk.pubkey)) { client_service_authorization_free(auth); - log_warn(LD_REND, "Duplicate authorization for the same hidden " - "service."); + "service address %s.", + safe_str_client(auth->onion_address)); goto end; }
@@ -1613,7 +1616,6 @@ hs_config_client_authorization(const or_options_t *options, log_info(LD_REND, "Loaded a client authorization key file %s.", filename); } - } SMARTLIST_FOREACH_END(filename);
/* Success. */ diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 8d5d69302..09329340c 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -1141,7 +1141,7 @@ parse_authorized_client(const char *client_key_str) SPLIT_SKIP_SPACE, 0); /* Wrong number of fields. */ if (smartlist_len(fields) != 3) { - log_warn(LD_REND, "The file is in a wrong format."); + log_warn(LD_REND, "Unknown format of client authorization file."); goto err; }
@@ -1151,13 +1151,15 @@ parse_authorized_client(const char *client_key_str)
/* Currently, the only supported auth type is "descriptor". */ if (strcmp(auth_type, "descriptor")) { - log_warn(LD_REND, "The auth type '%s' is not supported.", auth_type); + log_warn(LD_REND, "Client authorization auth type '%s' not supported.", + auth_type); goto err; }
/* Currently, the only supported key type is "x25519". */ if (strcmp(key_type, "x25519")) { - log_warn(LD_REND, "The key type '%s' is not supported.", key_type); + log_warn(LD_REND, "Client authorization key type '%s' not supported.", + key_type); goto err; }
@@ -1175,7 +1177,8 @@ parse_authorized_client(const char *client_key_str) if (base32_decode((char *) client->client_pk.public_key, sizeof(client->client_pk.public_key), pubkey_b32, strlen(pubkey_b32)) < 0) { - log_warn(LD_REND, "The public key cannot be decoded."); + log_warn(LD_REND, "Client authorization public key cannot be decoded: %s", + pubkey_b32); goto err; }
@@ -1245,7 +1248,8 @@ load_client_keys(hs_service_t *service) filename);
if (!client_filename_is_valid(filename)) { - log_warn(LD_REND, "The filename is invalid."); + log_warn(LD_REND, "Client authorization unrecognized filename %s. " + "File must end in .auth. Ignoring.", filename); continue; }
@@ -1258,7 +1262,9 @@ load_client_keys(hs_service_t *service)
/* If we cannot read the file, continue with the next file. */ if (!client_key_str) { - log_warn(LD_REND, "The file cannot be read."); + log_warn(LD_REND, "Client authorization file %s can't be read. " + "Corrupted or verify permission? Ignoring.", + client_key_file_path); continue; }