Loading changes/bug28966 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor features (onion services v3): - Assist users who try to setup v2 client authorization in v3 onion services by pointing them to the right documentation. Closes ticket 28966. doc/tor.1.txt +32 −21 Original line number Diff line number Diff line Loading @@ -1142,7 +1142,7 @@ The following options are useful only for clients (that is, if information) to port 80. [[HidServAuth]] **HidServAuth** __onion-address__ __auth-cookie__ [__service-name__]:: Client authorization for a hidden service. Valid onion addresses contain 16 Client authorization for a v2 hidden service. Valid onion addresses contain 16 characters in a-z2-7 plus ".onion", and valid auth cookies contain 22 characters in A-Za-z0-9+/. The service name is only used for internal purposes, e.g., for Tor controllers. This option may be used multiple times Loading Loading @@ -2961,7 +2961,7 @@ The next section describes the per service options that can only be set service. Currently, versions 2 and 3 are supported. (Default: 3) [[HiddenServiceAuthorizeClient]] **HiddenServiceAuthorizeClient** __auth-type__ __client-name__,__client-name__,__...__:: If configured, the hidden service is accessible for authorized clients If configured, the v2 hidden service is accessible for authorized clients only. The auth-type can either be \'basic' for a general-purpose authorization protocol or \'stealth' for a less scalable protocol that also hides service activity from unauthorized clients. Only clients that are Loading Loading @@ -3105,6 +3105,8 @@ Client Authorization (Version 3 only) Service side: To configure client authorization on the service side, the "<HiddenServiceDir>/authorized_clients/" directory needs to exist. Each file in that directory should be suffixed with ".auth" (i.e. "alice.auth"; the Loading @@ -3128,8 +3130,17 @@ Revoking a client can be done by removing their ".auth" file, however the revocation will be in effect only after the tor process gets restarted even if a SIGHUP takes place. See the Appendix G in the rend-spec-v3.txt file of https://spec.torproject.org/[torspec] for more information. Client side: To access a v3 onion service with client authorization as a client, make sure you have ClientOnionAuthDir set in your torrc. Then, in the <ClientOnionAuthDir> directory, create an .auth_private file for the onion service corresponding to this key (i.e. 'bob_onion.auth_private'). The contents of the <ClientOnionAuthDir>/<user>.auth_private file should look like: <56-char-onion-addr-without-.onion-part>:descriptor:x25519:<x25519 private key in base32> For more information, please see https://2019.www.torproject.org/docs/tor-onion-service.html.en#ClientAuthorization . TESTING NETWORK OPTIONS ----------------------- Loading src/feature/hs/hs_config.c +10 −0 Original line number Diff line number Diff line Loading @@ -253,6 +253,16 @@ config_has_invalid_options(const config_line_t *line_, "version %" PRIu32 " of service in %s", opt, service->config.version, service->config.directory_path); if (!strcasecmp(line->key, "HiddenServiceAuthorizeClient")) { /* Special case this v2 option so that we can offer alternatives. * If more such special cases appear, it would be good to * generalize the exception mechanism here. */ log_warn(LD_CONFIG, "For v3 onion service client authorization, " "please read the 'CLIENT AUTHORIZATION' section in the " "manual."); } ret = 1; /* Continue the loop so we can find all possible options. */ continue; Loading Loading
changes/bug28966 0 → 100644 +4 −0 Original line number Diff line number Diff line o Minor features (onion services v3): - Assist users who try to setup v2 client authorization in v3 onion services by pointing them to the right documentation. Closes ticket 28966.
doc/tor.1.txt +32 −21 Original line number Diff line number Diff line Loading @@ -1142,7 +1142,7 @@ The following options are useful only for clients (that is, if information) to port 80. [[HidServAuth]] **HidServAuth** __onion-address__ __auth-cookie__ [__service-name__]:: Client authorization for a hidden service. Valid onion addresses contain 16 Client authorization for a v2 hidden service. Valid onion addresses contain 16 characters in a-z2-7 plus ".onion", and valid auth cookies contain 22 characters in A-Za-z0-9+/. The service name is only used for internal purposes, e.g., for Tor controllers. This option may be used multiple times Loading Loading @@ -2961,7 +2961,7 @@ The next section describes the per service options that can only be set service. Currently, versions 2 and 3 are supported. (Default: 3) [[HiddenServiceAuthorizeClient]] **HiddenServiceAuthorizeClient** __auth-type__ __client-name__,__client-name__,__...__:: If configured, the hidden service is accessible for authorized clients If configured, the v2 hidden service is accessible for authorized clients only. The auth-type can either be \'basic' for a general-purpose authorization protocol or \'stealth' for a less scalable protocol that also hides service activity from unauthorized clients. Only clients that are Loading Loading @@ -3105,6 +3105,8 @@ Client Authorization (Version 3 only) Service side: To configure client authorization on the service side, the "<HiddenServiceDir>/authorized_clients/" directory needs to exist. Each file in that directory should be suffixed with ".auth" (i.e. "alice.auth"; the Loading @@ -3128,8 +3130,17 @@ Revoking a client can be done by removing their ".auth" file, however the revocation will be in effect only after the tor process gets restarted even if a SIGHUP takes place. See the Appendix G in the rend-spec-v3.txt file of https://spec.torproject.org/[torspec] for more information. Client side: To access a v3 onion service with client authorization as a client, make sure you have ClientOnionAuthDir set in your torrc. Then, in the <ClientOnionAuthDir> directory, create an .auth_private file for the onion service corresponding to this key (i.e. 'bob_onion.auth_private'). The contents of the <ClientOnionAuthDir>/<user>.auth_private file should look like: <56-char-onion-addr-without-.onion-part>:descriptor:x25519:<x25519 private key in base32> For more information, please see https://2019.www.torproject.org/docs/tor-onion-service.html.en#ClientAuthorization . TESTING NETWORK OPTIONS ----------------------- Loading
src/feature/hs/hs_config.c +10 −0 Original line number Diff line number Diff line Loading @@ -253,6 +253,16 @@ config_has_invalid_options(const config_line_t *line_, "version %" PRIu32 " of service in %s", opt, service->config.version, service->config.directory_path); if (!strcasecmp(line->key, "HiddenServiceAuthorizeClient")) { /* Special case this v2 option so that we can offer alternatives. * If more such special cases appear, it would be good to * generalize the exception mechanism here. */ log_warn(LD_CONFIG, "For v3 onion service client authorization, " "please read the 'CLIENT AUTHORIZATION' section in the " "manual."); } ret = 1; /* Continue the loop so we can find all possible options. */ continue; Loading
