commit 9395a0c765302f5f3fd15e8d9dd2e87404cea5ee Author: George Kadianakis desnacked@riseup.net Date: Mon Nov 25 17:22:52 2019 +0200
hsv3: Remove support for client auth nicknames.
Because the function that parses client auth credentials saved on disk (parse_auth_file_content()) is not future compatible, there is no way to add support for storing the nickname on the disk. Hence, nicknames cannot persist after Tor restart making them pretty much useless.
In the future we can introduce nicknames by adding a new file format for client auth credentials, but this was not deemed worth doing at this stage. --- src/feature/control/control_hs.c | 14 +------------- src/feature/hs/hs_client.c | 4 ---- src/feature/hs/hs_client.h | 6 ------ src/test/test_hs_control.c | 15 +++++---------- 4 files changed, 6 insertions(+), 33 deletions(-)
diff --git a/src/feature/control/control_hs.c b/src/feature/control/control_hs.c index 97938211d..94940a739 100644 --- a/src/feature/control/control_hs.c +++ b/src/feature/control/control_hs.c @@ -73,7 +73,6 @@ const control_cmd_syntax_t onion_client_auth_add_syntax = { * register the new client-side client auth credentials: * "ONION_CLIENT_AUTH_ADD" SP HSAddress * SP KeyType ":" PrivateKeyBlob - * [SP "ClientName=" Nickname] * [SP "Type=" TYPE] CRLF */ int @@ -112,14 +111,7 @@ handle_control_onion_client_auth_add(control_connection_t *conn,
/* Now let's parse the remaining arguments (variable size) */ for (const config_line_t *line = args->kwargs; line; line = line->next) { - if (!strcasecmp(line->key, "ClientName")) { - if (strlen(line->value) > HS_CLIENT_AUTH_MAX_NICKNAME_LENGTH) { - control_write_endreply(conn, 512, "Too big 'ClientName' argument"); - goto err; - } - creds->nickname = tor_strdup(line->value); - - } else if (!strcasecmpstart(line->key, "Flags")) { + if (!strcasecmpstart(line->key, "Flags")) { smartlist_split_string(flags, line->value, ",", SPLIT_IGNORE_BLANK, 0); if (smartlist_len(flags) < 1) { control_write_endreply(conn, 512, "Invalid 'Flags' argument"); @@ -249,10 +241,6 @@ encode_client_auth_cred_for_control_port(
smartlist_add_asprintf(control_line, "CLIENT x25519:%s", x25519_b64);
- if (cred->nickname) { /* nickname is optional */ - smartlist_add_asprintf(control_line, " ClientName=%s", cred->nickname); - } - if (cred->flags) { /* flags are also optional */ if (cred->flags & CLIENT_AUTH_FLAG_IS_PERMANENT) { smartlist_add_asprintf(control_line, " Flags=Permanent"); diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 3c681dd85..c4bfdd2d9 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -1832,10 +1832,6 @@ client_service_authorization_free_(hs_client_service_authorization_t *auth) return; }
- if (auth->nickname) { - tor_free(auth->nickname); - } - memwipe(auth, 0, sizeof(*auth)); tor_free(auth); } diff --git a/src/feature/hs/hs_client.h b/src/feature/hs/hs_client.h index 75a911107..e4869a961 100644 --- a/src/feature/hs/hs_client.h +++ b/src/feature/hs/hs_client.h @@ -60,9 +60,6 @@ typedef enum { /** Flag to set when a client auth is permanent (saved on disk). */ #define CLIENT_AUTH_FLAG_IS_PERMANENT (1<<0)
-/** Max length of a client auth nickname */ -#define HS_CLIENT_AUTH_MAX_NICKNAME_LENGTH 255 - /** Client-side configuration of client authorization */ typedef struct hs_client_service_authorization_t { /** An curve25519 secret key used to compute decryption keys that @@ -72,9 +69,6 @@ typedef struct hs_client_service_authorization_t { /** An onion address that is used to connect to the onion service. */ char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1];
- /* An optional nickname for this client */ - char *nickname; - /* Optional flags for this client. */ int flags; } hs_client_service_authorization_t; diff --git a/src/test/test_hs_control.c b/src/test/test_hs_control.c index 0de2bca04..572b7f3ab 100644 --- a/src/test/test_hs_control.c +++ b/src/test/test_hs_control.c @@ -245,8 +245,7 @@ test_hs_control_good_onion_client_auth_add(void *arg)
/* Register first service */ args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd " - "x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= " - "ClientName=bob"); + "x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= ");
retval = handle_control_command(&conn, (uint32_t) strlen(args), args); tt_int_op(retval, OP_EQ, 0); @@ -277,13 +276,11 @@ test_hs_control_good_onion_client_auth_add(void *arg) hs_client_service_authorization_t *client_2fv = digest256map_get(client_auths, service_identity_pk_2fv.pubkey); tt_assert(client_2fv); - tt_str_op(client_2fv->nickname, OP_EQ, "bob"); tt_int_op(client_2fv->flags, OP_EQ, 0);
hs_client_service_authorization_t *client_jt4 = digest256map_get(client_auths, service_identity_pk_jt4.pubkey); tt_assert(client_jt4); - tt_assert(!client_jt4->nickname); tt_int_op(client_jt4->flags, OP_EQ, 0);
/* Now let's VIEW the auth credentials */ @@ -296,8 +293,7 @@ test_hs_control_good_onion_client_auth_add(void *arg)
#define VIEW_CORRECT_REPLY_NO_ADDR "250-ONION_CLIENT_AUTH_VIEW\r\n" \ "250-CLIENT x25519:eIIdIGoSZwI2Q/lSzpf92akGki5I+PZIDz37MA5BhlA=\r\n"\ - "250-CLIENT x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= " \ - "ClientName=bob\r\n" \ + "250-CLIENT x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ=\r\n" \ "250 OK\r\n"
retval = handle_control_command(&conn, (uint32_t) strlen(args), args); @@ -516,7 +512,7 @@ test_hs_control_store_permanent_creds(void *arg) /* Try registering first service with no ClientOnionAuthDir set */ args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd " "x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= " - "ClientName=bob Flags=Permanent"); + "Flags=Permanent");
retval = handle_control_command(&conn, (uint32_t) strlen(args), args); tt_int_op(retval, OP_EQ, 0); @@ -546,7 +542,7 @@ test_hs_control_store_permanent_creds(void *arg) /* Try the control port command again. This time it should work! */ args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd " "x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= " - "ClientName=bob Flags=Permanent"); + "Flags=Permanent"); retval = handle_control_command(&conn, (uint32_t) strlen(args), args); tt_int_op(retval, OP_EQ, 0);
@@ -571,7 +567,7 @@ test_hs_control_store_permanent_creds(void *arg) /* Overwrite the credentials and check that they got overwrited. */ args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd " "x25519:UDRvZLvcJo0QRLvDfkpgbtsqbkhIUQZyeo2FNBrgS18= " - "ClientName=fab Flags=Permanent"); + "Flags=Permanent"); retval = handle_control_command(&conn, (uint32_t) strlen(args), args); tt_int_op(retval, OP_EQ, 0);
@@ -600,7 +596,6 @@ test_hs_control_store_permanent_creds(void *arg) hs_client_service_authorization_t *client_2fv = digest256map_get(client_auths, service_identity_pk_2fv.pubkey); tt_assert(client_2fv); - tt_assert(!client_2fv->nickname); tt_int_op(client_2fv->flags, OP_EQ, CLIENT_AUTH_FLAG_IS_PERMANENT); tt_str_op(hex_str((char*)client_2fv->enc_seckey.secret_key, 32), OP_EQ, "50346F64BBDC268D1044BBC37E4A606EDB2A6E48485106727A8D85341AE04B5F");
tor-commits@lists.torproject.org