[tor-commits] [tor/master] hs-v3: Improve v3 client authorization logging

nickm at torproject.org nickm at torproject.org
Fri Sep 7 19:06:18 UTC 2018 

commit 8e57986e7d826141727fc3d538b33882dc4aca91
Author: David Goulet <dgoulet at torproject.org>
Date:   Thu Aug 30 09:16:48 2018 -0400

    hs-v3: Improve v3 client authorization logging
    
    Part of #20700.
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 src/feature/hs/hs_client.c  | 14 ++++++++------
 src/feature/hs/hs_service.c | 18 ++++++++++++------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 23ab10e21..af657c7c9 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1571,7 +1571,9 @@ hs_config_client_authorization(const or_options_t *options,
              filename);
 
     if (!auth_key_filename_is_valid(filename)) {
-      log_warn(LD_REND, "The filename is invalid.");
+      log_notice(LD_REND, "Client authorization unrecognized filename %s. "
+                          "File must end in .auth_private. Ignoring.",
+                 filename);
       continue;
     }
 
@@ -1583,7 +1585,7 @@ hs_config_client_authorization(const or_options_t *options,
 
     /* If we cannot read the file, continue with the next file. */
     if (!client_key_str) {
-      log_warn(LD_REND, "The file cannot be read.");
+      log_warn(LD_REND, "The file %s cannot be read.", filename);
       continue;
     }
 
@@ -1597,15 +1599,16 @@ hs_config_client_authorization(const or_options_t *options,
       if (hs_parse_address(auth->onion_address, &identity_pk,
                            NULL, NULL) < 0) {
         client_service_authorization_free(auth);
-        log_warn(LD_REND, "The onion address is invalid.");
+        log_warn(LD_REND, "The onion address \"%s\" is invalid in "
+                          "file %s", filename, auth->onion_address);
         continue;
       }
 
       if (digest256map_get(auths, identity_pk.pubkey)) {
         client_service_authorization_free(auth);
-
         log_warn(LD_REND, "Duplicate authorization for the same hidden "
-                          "service.");
+                          "service address %s.",
+                 safe_str_client(auth->onion_address));
         goto end;
       }
 
@@ -1613,7 +1616,6 @@ hs_config_client_authorization(const or_options_t *options,
       log_info(LD_REND, "Loaded a client authorization key file %s.",
                filename);
     }
-
   } SMARTLIST_FOREACH_END(filename);
 
   /* Success. */
diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c
index 8d5d69302..09329340c 100644
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -1141,7 +1141,7 @@ parse_authorized_client(const char *client_key_str)
                          SPLIT_SKIP_SPACE, 0);
   /* Wrong number of fields. */
   if (smartlist_len(fields) != 3) {
-    log_warn(LD_REND, "The file is in a wrong format.");
+    log_warn(LD_REND, "Unknown format of client authorization file.");
     goto err;
   }
 
@@ -1151,13 +1151,15 @@ parse_authorized_client(const char *client_key_str)
 
   /* Currently, the only supported auth type is "descriptor". */
   if (strcmp(auth_type, "descriptor")) {
-    log_warn(LD_REND, "The auth type '%s' is not supported.", auth_type);
+    log_warn(LD_REND, "Client authorization auth type '%s' not supported.",
+             auth_type);
     goto err;
   }
 
   /* Currently, the only supported key type is "x25519". */
   if (strcmp(key_type, "x25519")) {
-    log_warn(LD_REND, "The key type '%s' is not supported.", key_type);
+    log_warn(LD_REND, "Client authorization key type '%s' not supported.",
+             key_type);
     goto err;
   }
 
@@ -1175,7 +1177,8 @@ parse_authorized_client(const char *client_key_str)
   if (base32_decode((char *) client->client_pk.public_key,
                     sizeof(client->client_pk.public_key),
                     pubkey_b32, strlen(pubkey_b32)) < 0) {
-    log_warn(LD_REND, "The public key cannot be decoded.");
+    log_warn(LD_REND, "Client authorization public key cannot be decoded: %s",
+             pubkey_b32);
     goto err;
   }
 
@@ -1245,7 +1248,8 @@ load_client_keys(hs_service_t *service)
              filename);
 
     if (!client_filename_is_valid(filename)) {
-      log_warn(LD_REND, "The filename is invalid.");
+      log_warn(LD_REND, "Client authorization unrecognized filename %s. "
+                        "File must end in .auth. Ignoring.", filename);
       continue;
     }
 
@@ -1258,7 +1262,9 @@ load_client_keys(hs_service_t *service)
 
     /* If we cannot read the file, continue with the next file. */
     if (!client_key_str)  {
-      log_warn(LD_REND, "The file cannot be read.");
+      log_warn(LD_REND, "Client authorization file %s can't be read. "
+                        "Corrupted or verify permission? Ignoring.",
+               client_key_file_path);
       continue;
     }

More information about the tor-commits mailing list