Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T15:37:11Zhttps://gitlab.torproject.org/legacy/trac/-/issues/20006HSFETCH fails for hidden services which use client authentication2020-06-13T15:37:11ZsegfaultHSFETCH fails for hidden services which use client authenticationWhen using HSFETCH with a hidden service which uses client authentication, it does not return the descriptor.
Example:
```
echo "AUTHENTICATE
HSFETCH prkszpeygn2a3kxo | nc -U /var/run/tor/control
```
Output:
```
650 OK
650 HS_DESC RE...When using HSFETCH with a hidden service which uses client authentication, it does not return the descriptor.
Example:
```
echo "AUTHENTICATE
HSFETCH prkszpeygn2a3kxo | nc -U /var/run/tor/control
```
Output:
```
650 OK
650 HS_DESC REQUESTED prkszpeygn2a3kxo NO_AUTH $4D596DB0B8214621D60183B6CBF73DF67B0A97CD~CrashM jvdlgb7c3xkihcww5fypqnbkuv5dfima
650 HS_DESC FAILED prkszpeygn2a3kxo NO_AUTH $4D596DB0B8214621D60183B6CBF73DF67B0A97CD~CrashM rhdhss3jibwpmennesop3sops3mr42du REASON=BAD_DESC
650+HS_DESC_CONTENT prkszpeygn2a3kxo jvdlgb7c3xkihcww5fypqnbkuv5dfima $4D596DB0B8214621D60183B6CBF73DF67B0A97CD~CrashM
```
log:
```
Aug 27 13:29:45.000 [warn] Failed to parse introduction points. Either the service has published a corrupt descriptor or you have provided invalid authorization data.
Aug 27 13:29:45.000 [warn] Fetching v2 rendezvous descriptor failed. Retrying at another directory.
```
I took a quick look at the code and it seems like HSFETCH simply assumes no authentication is used:
{{{
rend_query = rend_data_client_create(hsaddress, desc_id, NULL,
REND_NO_AUTH);
}}}
https://gitweb.torproject.org/tor.git/tree/src/or/control.c#n4095Tor: unspecifiedrl1987rl1987https://gitlab.torproject.org/legacy/trac/-/issues/20007Sandbox causing crash when setting HidServAuth when there is a hidden service...2020-06-13T15:00:49ZsegfaultSandbox causing crash when setting HidServAuth when there is a hidden service runningWhen the sandbox is enabled and there is a hidden service configured, setting HidServAuth via SETCONF results in a permission error.
Steps to reproduce:
Start Tor with a hidden service:
```
/usr/bin/tor --defaults-torrc /usr/share/t...When the sandbox is enabled and there is a hidden service configured, setting HidServAuth via SETCONF results in a permission error.
Steps to reproduce:
Start Tor with a hidden service:
```
/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1 --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80
```
Try setting HidServAuth via the control port:
```
echo "AUTHENTICATE
SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" | nc -U /var/run/tor/control
```
Output:
```
250 OK
513 Unacceptable option value: Failed to configure rendezvous options. See logs for details.
```
Log:
```
Aug 27 15:31:55.000 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied
Aug 27 15:31:55.000 [warn] Controller gave us config lines that didn't validate: Failed to configure rendezvous options. See logs for details.
```
If we start Tor without a hidden service or without the sandbox, it works without errors:
Without hidden service:
```
/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 1
```
or without sandbox:
```
/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --RunAsDaemon 0 --Log debug --CookieAuthentication 0 --Sandbox 0 --HiddenServiceDir /var/lib/tor/hidden_service/ --HiddenServicePort 80
```
Set HidServAuth via the control port:
```
echo "AUTHENTICATE
SETCONF HidServAuth=\"prkszpeygn2a3kxo.onion iGwsXkMwZEHuq/0YCD6IGQ\"" | nc -U /var/run/tor/control
```
Output:
```
250 OK
250 OK
```Tor: unspecified