Commit 9395a0c7 authored by George Kadianakis's avatar George Kadianakis Committed by David Goulet
Browse files

hsv3: Remove support for client auth nicknames.

Because the function that parses client auth credentials saved on
disk (parse_auth_file_content()) is not future compatible, there is no way to
add support for storing the nickname on the disk. Hence, nicknames cannot
persist after Tor restart making them pretty much useless.

In the future we can introduce nicknames by adding a new file format for client
auth credentials, but this was not deemed worth doing at this stage.
parent c7c9899b
......@@ -73,7 +73,6 @@ const control_cmd_syntax_t onion_client_auth_add_syntax = {
* register the new client-side client auth credentials:
* "ONION_CLIENT_AUTH_ADD" SP HSAddress
* SP KeyType ":" PrivateKeyBlob
* [SP "ClientName=" Nickname]
* [SP "Type=" TYPE] CRLF
*/
int
......@@ -112,14 +111,7 @@ handle_control_onion_client_auth_add(control_connection_t *conn,
/* Now let's parse the remaining arguments (variable size) */
for (const config_line_t *line = args->kwargs; line; line = line->next) {
if (!strcasecmp(line->key, "ClientName")) {
if (strlen(line->value) > HS_CLIENT_AUTH_MAX_NICKNAME_LENGTH) {
control_write_endreply(conn, 512, "Too big 'ClientName' argument");
goto err;
}
creds->nickname = tor_strdup(line->value);
} else if (!strcasecmpstart(line->key, "Flags")) {
if (!strcasecmpstart(line->key, "Flags")) {
smartlist_split_string(flags, line->value, ",", SPLIT_IGNORE_BLANK, 0);
if (smartlist_len(flags) < 1) {
control_write_endreply(conn, 512, "Invalid 'Flags' argument");
......@@ -249,10 +241,6 @@ encode_client_auth_cred_for_control_port(
smartlist_add_asprintf(control_line, "CLIENT x25519:%s", x25519_b64);
if (cred->nickname) { /* nickname is optional */
smartlist_add_asprintf(control_line, " ClientName=%s", cred->nickname);
}
if (cred->flags) { /* flags are also optional */
if (cred->flags & CLIENT_AUTH_FLAG_IS_PERMANENT) {
smartlist_add_asprintf(control_line, " Flags=Permanent");
......
......@@ -1832,10 +1832,6 @@ client_service_authorization_free_(hs_client_service_authorization_t *auth)
return;
}
if (auth->nickname) {
tor_free(auth->nickname);
}
memwipe(auth, 0, sizeof(*auth));
tor_free(auth);
}
......
......@@ -60,9 +60,6 @@ typedef enum {
/** Flag to set when a client auth is permanent (saved on disk). */
#define CLIENT_AUTH_FLAG_IS_PERMANENT (1<<0)
/** Max length of a client auth nickname */
#define HS_CLIENT_AUTH_MAX_NICKNAME_LENGTH 255
/** Client-side configuration of client authorization */
typedef struct hs_client_service_authorization_t {
/** An curve25519 secret key used to compute decryption keys that
......@@ -72,9 +69,6 @@ typedef struct hs_client_service_authorization_t {
/** An onion address that is used to connect to the onion service. */
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1];
/* An optional nickname for this client */
char *nickname;
/* Optional flags for this client. */
int flags;
} hs_client_service_authorization_t;
......
......@@ -245,8 +245,7 @@ test_hs_control_good_onion_client_auth_add(void *arg)
/* Register first service */
args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd "
"x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= "
"ClientName=bob");
"x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= ");
retval = handle_control_command(&conn, (uint32_t) strlen(args), args);
tt_int_op(retval, OP_EQ, 0);
......@@ -277,13 +276,11 @@ test_hs_control_good_onion_client_auth_add(void *arg)
hs_client_service_authorization_t *client_2fv =
digest256map_get(client_auths, service_identity_pk_2fv.pubkey);
tt_assert(client_2fv);
tt_str_op(client_2fv->nickname, OP_EQ, "bob");
tt_int_op(client_2fv->flags, OP_EQ, 0);
hs_client_service_authorization_t *client_jt4 =
digest256map_get(client_auths, service_identity_pk_jt4.pubkey);
tt_assert(client_jt4);
tt_assert(!client_jt4->nickname);
tt_int_op(client_jt4->flags, OP_EQ, 0);
/* Now let's VIEW the auth credentials */
......@@ -296,8 +293,7 @@ test_hs_control_good_onion_client_auth_add(void *arg)
#define VIEW_CORRECT_REPLY_NO_ADDR "250-ONION_CLIENT_AUTH_VIEW\r\n" \
"250-CLIENT x25519:eIIdIGoSZwI2Q/lSzpf92akGki5I+PZIDz37MA5BhlA=\r\n"\
"250-CLIENT x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= " \
"ClientName=bob\r\n" \
"250-CLIENT x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ=\r\n" \
"250 OK\r\n"
retval = handle_control_command(&conn, (uint32_t) strlen(args), args);
......@@ -516,7 +512,7 @@ test_hs_control_store_permanent_creds(void *arg)
/* Try registering first service with no ClientOnionAuthDir set */
args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd "
"x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= "
"ClientName=bob Flags=Permanent");
"Flags=Permanent");
retval = handle_control_command(&conn, (uint32_t) strlen(args), args);
tt_int_op(retval, OP_EQ, 0);
......@@ -546,7 +542,7 @@ test_hs_control_store_permanent_creds(void *arg)
/* Try the control port command again. This time it should work! */
args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd "
"x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= "
"ClientName=bob Flags=Permanent");
"Flags=Permanent");
retval = handle_control_command(&conn, (uint32_t) strlen(args), args);
tt_int_op(retval, OP_EQ, 0);
......@@ -571,7 +567,7 @@ test_hs_control_store_permanent_creds(void *arg)
/* Overwrite the credentials and check that they got overwrited. */
args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd "
"x25519:UDRvZLvcJo0QRLvDfkpgbtsqbkhIUQZyeo2FNBrgS18= "
"ClientName=fab Flags=Permanent");
"Flags=Permanent");
retval = handle_control_command(&conn, (uint32_t) strlen(args), args);
tt_int_op(retval, OP_EQ, 0);
......@@ -600,7 +596,6 @@ test_hs_control_store_permanent_creds(void *arg)
hs_client_service_authorization_t *client_2fv =
digest256map_get(client_auths, service_identity_pk_2fv.pubkey);
tt_assert(client_2fv);
tt_assert(!client_2fv->nickname);
tt_int_op(client_2fv->flags, OP_EQ, CLIENT_AUTH_FLAG_IS_PERMANENT);
tt_str_op(hex_str((char*)client_2fv->enc_seckey.secret_key, 32), OP_EQ,
"50346F64BBDC268D1044BBC37E4A606EDB2A6E48485106727A8D85341AE04B5F");
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment