[tor-commits] [tor/master] Use socks username/password information in stream isolation

nickm at torproject.org nickm at torproject.org
Wed Jul 20 00:44:03 UTC 2011


commit 12dfb4f5d8cfb0f244b4a1ae3cc3af237a3034e7
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Jul 19 02:36:59 2011 -0400

    Use socks username/password information in stream isolation
---
 doc/tor.1.txt            |    1 -
 src/or/circuitlist.c     |    2 ++
 src/or/connection.c      |    2 +-
 src/or/connection_edge.c |   23 +++++++++++++----------
 src/or/or.h              |    7 ++++---
 5 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 8241eeb..821098b 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -700,7 +700,6 @@ The following options are useful only for clients (that is, if
         Don't share a circuits with streams for which different
         SOCKS authentication was provided. (On by default;
         you can disable it with **NoIsolateSOCKSAuth**.)
-        [NOT YET IMPLEMENTED.]
     **IsolateClientProtocol**;;
         Don't share circuits with streams using a different protocol.
         (SOCKS 4, SOCKS 5, TransPort connections, NATDPort connections,
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 6f17697..28a7181 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -566,6 +566,8 @@ circuit_free(circuit_t *circ)
     rend_data_free(ocirc->rend_data);
 
     tor_free(ocirc->dest_address);
+    tor_free(ocirc->socks_username);
+    tor_free(ocirc->socks_password);
   } else {
     or_circuit_t *ocirc = TO_OR_CIRCUIT(circ);
     /* Remember cell statistics for this circuit before deallocating. */
diff --git a/src/or/connection.c b/src/or/connection.c
index 0fae11e..59a7b80 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1809,7 +1809,7 @@ retry_listener_ports(smartlist_t *old_conns,
   SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
     struct sockaddr *listensockaddr;
     socklen_t listensocklen = 0;
-    char *address;
+    char *address=NULL;
     connection_t *conn;
 
     if (port->is_unix_addr) {
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 42f74b7..63779f2 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -3305,12 +3305,10 @@ connection_edge_streams_are_compatible(const edge_connection_t *a,
   if ((iso & ISO_DESTADDR) &&
       strcasecmp(a->original_dest_address, b->original_dest_address))
     return 0;
-  /* XXXX023 Waititing for ticket #1666 */
-  /*
   if ((iso & ISO_SOCKSAUTH) &&
-      strcasecmp(a->socks_request->auth, b->socks_request->auth))
+      (strcmp_opt(a->socks_request->username, b->socks_request->username) ||
+       strcmp_opt(a->socks_request->password, b->socks_request->password)))
     return 0;
-  */
   if ((iso & ISO_CLIENTPROTO) &&
       (TO_CONN(a)->type != TO_CONN(b)->type ||
        a->socks_request->socks_version != b->socks_request->socks_version))
@@ -3369,12 +3367,10 @@ connection_edge_compatible_with_circuit(const edge_connection_t *conn,
   if ((iso & ISO_DESTADDR) &&
       strcasecmp(conn->original_dest_address, circ->dest_address))
     return 0;
-  /* XXXX023 Waititing for ticket #1666 */
-  /*
   if ((iso & ISO_SOCKSAUTH) &&
-      strcasecmp(a->socks_request->auth, b->socks_request->auth))
+      (strcmp_opt(conn->socks_request->username, circ->socks_username) ||
+       strcmp_opt(conn->socks_request->password, circ->socks_password)))
     return 0;
-  */
   if ((iso & ISO_CLIENTPROTO) &&
       (TO_CONN(conn)->type != circ->client_proto_type ||
        conn->socks_request->socks_version != circ->client_proto_socksver))
@@ -3420,7 +3416,10 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
     tor_addr_copy(&circ->client_addr, &TO_CONN(conn)->addr);
     circ->session_group = conn->session_group;
     circ->nym_epoch = conn->nym_epoch;
-    /* XXXX023 auth too, once #1666 is in. */
+    circ->socks_username = conn->socks_request->username ?
+      tor_strdup(conn->socks_request->username) : NULL;
+    circ->socks_password = conn->socks_request->password ?
+      tor_strdup(conn->socks_request->password) : NULL;
 
     circ->isolation_values_set = 1;
     return 0;
@@ -3430,7 +3429,9 @@ connection_edge_update_circuit_isolation(const edge_connection_t *conn,
       mixed |= ISO_DESTPORT;
     if (strcasecmp(conn->original_dest_address, circ->dest_address))
       mixed |= ISO_DESTADDR;
-    /* XXXX023 auth too, once #1666 is in. */
+    if (strcmp_opt(conn->socks_request->username, circ->socks_username) ||
+        strcmp_opt(conn->socks_request->password, circ->socks_password))
+      mixed |= ISO_SOCKSAUTH;
     if ((TO_CONN(conn)->type != circ->client_proto_type ||
          conn->socks_request->socks_version != circ->client_proto_socksver))
       mixed |= ISO_CLIENTPROTO;
@@ -3486,5 +3487,7 @@ circuit_clear_isolation(origin_circuit_t *circ)
   tor_free(circ->dest_address);
   circ->session_group = -1;
   circ->nym_epoch = 0;
+  tor_free(circ->socks_username);
+  tor_free(circ->socks_password);
 }
 
diff --git a/src/or/or.h b/src/or/or.h
index 835f279..47cee35 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1218,8 +1218,8 @@ typedef struct edge_connection_t {
   char *original_dest_address;
   /* Other fields to isolate on already exist.  The ClientAddr is addr.  The
      ClientProtocol is a combination of type and socks_request->
-     socks_version.  SocksAuth will be added to socks_request by ticket
-     #1666. DestAddr is in socks_request->address. */
+     socks_version.  SocksAuth is socks_request->username/password.
+     DestAddr is in socks_request->address. */
 
   /** Number of times we've reassigned this application connection to
    * a new circuit. We keep track because the timeout is longer if we've
@@ -2501,7 +2501,8 @@ typedef struct origin_circuit_t {
   char *dest_address;
   int session_group;
   unsigned nym_epoch;
-  /* XXXX023 do auth once #1666 is merged */
+  char *socks_username;
+  char *socks_password;
   /**@}*/
 
 } origin_circuit_t;





More information about the tor-commits mailing list