[tor-bugs] #15588 [Core Tor/Tor]: Allow client authorization on control port ADD_ONION services

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 19 23:14:19 UTC 2016


#15588: Allow client authorization on control port ADD_ONION services
------------------------------------------------+--------------------------
 Reporter:  special                             |          Owner:  special
     Type:  enhancement                         |         Status:
 Priority:  High                                |  merge_ready
Component:  Core Tor/Tor                        |      Milestone:  Tor:
 Severity:  Normal                              |  0.2.9.x-final
 Keywords:  tor-hs, control, TorCoreTeam201604  |        Version:
Parent ID:  #8993                               |     Resolution:
 Reviewer:  dgoulet                             |  Actual Points:
                                                |         Points:  small
                                                |        Sponsor:
------------------------------------------------+--------------------------

Comment (by nickm):

 I'm reviewing the diff rather than the patch series, since the history
 looks long.

 (Special, do you know about --autosquash? That's how most folks use the
 fixup! convention. This FIXUP thing you've been doing is less automatable.
 No need to change this branch, but it might help for next time.)

 * NM.1 -- the output case of handle_control_add_onion is now possibly
 inconsistent? It looks like it can output some 250- lines followed by a
 551 line.  That's not allowed, I think.
 * NM.2 -- If it's not possible for add_onion_helper_clientauth to be
 called with missing created or err_msg_out parameters, should we maybe
 assert that they are present?
 * NM.3 -- I'm a little worried that for some functions, err_msg_out
 includes the status code, and for others it doesn't.  That doesn't seem to
 be documented.
 * NM.4 -- I was about to complain about how awful the
 rend_auth_decode_cookie code is, but apparently it isn't new code, so I
 won't complain.  (sigh)
 * NM.5 -- rend_auth_encode_cookie should really be using uint8_t, not
 char, especially since you're looking at the numberic value of the bytes.
 Probably same with rend_auth_decode_cookie().

 Otherwise looks plausible.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15588#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list