[tor-dev] HSFETCH fails on basic auth services

Razvan Dragomirescu razvan.dragomirescu at veri.fi
Wed Jun 29 20:42:18 UTC 2016


BTW, I have also tried the GETINFO command from the controller to fetch the
hidden service descriptor directly from the host that has published it, but
that doesn't work either.  Fetching from the client side (after a
connection) works fine:

AUTHENTICATE
250 OK
GETINFO hs/client/desc/id/js2usypscw6y6c5e
250+hs/client/desc/id/js2usypscw6y6c5e=
rendezvous-service-descriptor 7codget3fmkzj4z3oqia37iknu5iespk
version 2
permanent-key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAMPwmou0Pjcmanw3GW7cpXgX3wiKmeND8A7kShodBfqGDIHkkHRpHuwe
NTCtjAsnVzLqtFNCYpwg6HlyDRn557LHCO/GGvVQNvsPSl8v2N+XnuQ6NJ3Jy+AF
bM1vqrFL6p02QRobtHBlbOkD4fWjC7lP6hYOKHQzt7lwDirtPZMdAgMBAAE=
-----END RSA PUBLIC KEY-----
secret-id-part d7xhm4st3puvu2zz7yjtluwmzt7iafnb
publication-time 2016-06-29 19:00:00
protocol-versions 2,3
introduction-points
-----BEGIN MESSAGE-----
AQEI7yt3VSr/3LfUtCiXgcm9D3DGCC7Y1fOmB8mLk3ohO8e0OIHKBxtLM01WGq1N
5OHPcpTXD0Vjovc3lplKuoI6aLXVIrSd6lhTLIuybU5mi1GsE+PJXpHdmmDw9vCe
5dH1x6lkX6V0iUgKfqLAbpNvESxi+IQgG7p6VKEOrmMiH/TvCAH3MDdPFv6jjI17
2dju7V69/Mb6wk+KJtZYDLj/jckdzfpntEywg5VO+HR72OGtJ7CjZI49amgG3YF9
SM4ZXCz2XxL9vKXGhwQGZYchFuNbKMOonkw9BZ5Br2moMBl0awOBNoYbwNvCAhf4
iF2xOHKqTj5lV1u4AVwE8GvOPx8lR+qmFsMJQppjgwPbrVayvbMw9TdK+s+kGUiS
3B6tB7c+AMYIbjJ9kL7+sCQWSz00aXuMDJjyxz6NHVYc/x+VdKuMsWiUWj5O6GrA
2kLEEE4N2QvXRPO3w+diLqdT4StYUIpGGUrrWEl+C3yAN7Vb7rllNznaxZdPQJ4T
6Q3e/b8qAOqECqb5RNacY7u31vC3Q5SJtoPZozvpTxN4YWv0OmMhCy5JZ6goAMer
xnwQcDqtRmgmRSoZCxfyaJQ0R7cnnPDN2pEsPNzr///4K69SS9xIchxWwGIxx4Y4
L3td/vrTr24ve78bSirXrjR9tc2w4Ksy3ZMINKR1OWggo2YnJkM3jtkq26njRkgB
7QyuIrBjv3ETWCL0F+7tu6afI895G6jtbS9SpySR3aSeZWFqmDLPbF43PVfbduIr
dST/9mUOXyTW2jmtSm7M+Z8VlbqJw9O7b2PlbDl2lmKNiGUaqq11J3BKXgWQNKk4
qdsccxt0ohPienfVeMQTlLY00+ZL9gWDruJIpIfjq+KeFIvIlqOUSJWip8D/rYWN
xZdkWqnr9Bs+MC+SlM3sbepEhn4hFIx3Jfc3BeatIvfkZB2vj4/sHOfoCNz4KFBV
d+DsDWY6r2/A607ER2uT9oRSaljLhwPAIGS21ROidKKrK2YCCXoUUrKYHsMOLuht
50rUr/Ar0XvKdf7rOX+LmVEjpP05U1AIo8aVYSziMYYlr8qwRizrFbtq6t5M7FuR
ORL74WvtLjHn/tAdm7A5jVwvWPF3vswBy8eFCNMTV3XEwJHmLBk6znsg2RuxdZ2G
TASr2GrBx4J8MxtMN90R3n5RanV2YnAd1RYihK9BzBT5vFHO7wcQ3dOowrolZ83A
Q0MQGoHT2lvvciKHahjn9HsWvuLVo25tnejvAIVGlD/ayfx8pOXztk9l+RN3N0pS
ZkS63XHE9nQleOFrwYebZkeCQOOaVH+//c+agO+4JV82KBmP1/irmNyiIvuWAXxY
/+SFxro7FJU4yROLkGkKJkVg9bdM3QQ+kQfM+Nci/dmrzmzyt41ClPsk1d2WOySw
/Pd71YaNP76BstkpiUCpFtr8PQV+3UkGe5HWmrs0ZabGyzLKEwDjChs7z+zFp6Od
aNNB3bB+Jrrqu8ZBJpwVjXxsaLb2dMB7Wi7b2E/zWZHr2E2Akh0I0lo3XIU86Eeu
tKeM2xTn1yGNc5InPYln1dcfZ67l41zdN3X1P1DilEfT55hg2uIg0f2UbMXd5Db0
I68Zu3n1PWAaNEHE6m3k1PrLSIVs9bfIucuQacQQtkArT9t+lfkv/2CHGCrdHEfU
0R2tzNw+DnO/nZRIRmwxIUqbpvBKnmyfvbekB6JXvSZBWRboV4YHPZSDtZ7C8JpM
YO9mCBbjhboGcujDFBUf+X0ansOIhOrjAPCvE15h0EKJkS8733AvhxwwkUwhL+Pz
/RUCRe+rD5MCEvQhg9+oXhrnZwjzsvsrZGITuv5su34KumPJ3bqvp1lVxr16owwq
KjLREhBBSIvl96fahGnV1ol6Lik5rUI3NhdmPMW3D0bydidYH3u6ZdOEplfoAUlo
DvT7u+0Apl+Rd2jKutCagHjcLjTzOtk6OpWxgfaR3x/Ds+eUt6kS+FAzSrDPx8A7
t84Ga24xKwZowIdJZqjroRnzpZRkV4Y29m47+OpzBS2LYDZR1mPRaywPcX956miV
mY1D9ci4L8l4jQiK/zeY4A/mUJEIlGNaRiUY1UVgiCQeO5fISBjrk0TVKqZaIbZC
G/K5EJsX11XSbJz5+PzWCyZv/JjbHBTzbf2ocafCdz+aDJ5ekWMNfK3dR4PcS9n5
mFX7KLDjpSfkAPMW6LuCXFf732/tsqcxvf87QX2aWchwqTvUgXq2EZD19GPL4sr+
+tEkKNJuQ7wG5zDMlX030jSQ4WKhC5639LHYcg/TDv+CH6GfRZuQSYZgrCevWbLr
GTWRhsXKKqfcysfw7WNa09AKK/3q+ohON0gcFHtLOjGsiLMs6D0UYc0o5U2KOi22
HOlhpVpTuQ85oNixNKhOkJkAleRKY49Jm/JPWbHf0Qhyb55SeIO0l7pfsO41xw5d
aNvQRLDINUj5BRKFGS70vP+D7Aek294pOpJhXDx11AIaWzmUyCge0Y1QdCu7ywnZ
dhKqpMSmCPbuZ5EmcFNovYmtfPzR3q2CKPbYISPsDwqXInEm2IKSN+qHFwxgfWv9
9Q9lyxv3Op/t9aDHmqZwVB3nTMJyDb5lZFkALkyQdHAudHcU8dq53PbwTzRqkW0H
n9not+bht53bZpo9yjJZ5qXmMsT7CNFAL76iKgTRFEopFtPl7clQhTIbhgigvqL9
e9HhGOpXd3fVC3iD6yuvIxRVHJX6YCQ2OLqkvnaKTOCyVz+hVDy45SpkoAh7UjVn
GPnSUKdS0wUBwvqik1GO2etpC+DjZqLqlHQaDiXn/L+1HxNga/HShK+bnkBID5bj
FTMrn1AVyUU29WZlZWRRIFAlQ7FD/JcXALTi0KvFzjlGeuiLOXZo//BNeYdBblFn
GW3wK0BX4AdDHvLcImPRCVUBrz+LOn7687ZQbTUAZ7tq2LQ=
-----END MESSAGE-----
signature
-----BEGIN SIGNATURE-----
VWIK/LZRvSeFNpEkgadnNGZb7G/mOsATZ7GN8COif92ytQADTiWr32FBRN5t/UJ/
wVyQXBqxJ9/LeRjEuJcGCKrrRR2DG932ZjK2SUAkgWnodIlBmpPF5r/btKEUVy3b
hbCdWF5ZNCcjLEJ4T25k74TdIUwo8BXvG94EQPl35/g=
-----END SIGNATURE-----
.
250 OK


Fetching from the server side though ....


*GETINFO hs/service/desc/id/js2usypscw6y6c5e*
*552 Unrecognized key "hs/service/desc/id/js2usypscw6y6c5e"*

Any ideas? I'm running Tor 0.2.7.6 btw. This also appears to happen with
non-authenticated services, but the hs/service/desc/id/<ADDR> was supposed
to have been merged back in 0.2.7.1 (??).

Razvan



On Wed, Jun 29, 2016 at 11:14 PM, Razvan Dragomirescu <
razvan.dragomirescu at veri.fi> wrote:

> Hello everyone,
>
> I seem to have found an issue (bug?) with the controller HSFETCH command -
> I can't seem to be able to fetch hidden service descriptors for services
> that use basic authentication. Tor appears to want to decrypt the
> introduction points for some reason and also fails to look at the
> HidServAuth directive. Connections (via SOCKS proxy for instance) to said
> service work fine, so Tor is configured correctly, but HSFETCH fails and
> Tor outputs this in the logs:
>
> *Jun 29 20:08:53.000 [warn] Failed to parse introduction points. Either
> the service has published a corrupt descriptor or you have provided invalid
> authorization data.*
>
> *Jun 29 20:08:53.000 [warn] Fetching v2 rendezvous descriptor failed.
> Retrying at another directory.*
>
> Is this a known issue? Is there another way to fetch the descriptor of a
> hidden service? I really don't want it to be published since I'm rewriting
> it anyway, but I need to fetch it somehow. I can use
> "PublishHidServDescriptors 0" to stop it from publishing the service at all
> but I have no idea how to fetch it from the local cache. Any controller
> commands for that?
>
> To summarize - HSFETCH appears to fail for hidden services with basic auth
> and I couldn't find a way to obtain the hidden service descriptor from the
> hidden service machine itself before publishing. Any advice would be
> appreciated.
>
> Thank you,
> Razvan
>
> --
> Razvan Dragomirescu
> Chief Technology Officer
> Cayenne Graphics SRL
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160629/8febe5a9/attachment.html>


More information about the tor-dev mailing list