hs-v3: Log client auth load activities service side

Signed-off-by: David Goulet <dgoulet@torproject.org>

hs-v3: Log client auth load activities service side
Signed-off-by: David Goulet <dgoulet@torproject.org>
7ace28c9 · haxxpop · David Goulet · 83c8419e · 7ace28c9
Commit 7ace28c9 authored Aug 19, 2018 by haxxpop Committed by David Goulet Sep 07, 2018
--- a/src/feature/hs/hs_service.c
+++ b/src/feature/hs/hs_service.c
@@ -1141,6 +1141,7 @@ parse_authorized_client(const char *client_key_str)
                         SPLIT_SKIP_SPACE, 0);
  /* Wrong number of fields. */
  if (smartlist_len(fields) != 3) {
+    log_warn(LD_REND, "The file is in a wrong format.");
    goto err;
  }

@@ -1148,9 +1149,15 @@ parse_authorized_client(const char *client_key_str)
  key_type = smartlist_get(fields, 1);
  pubkey_b32 = smartlist_get(fields, 2);

-  /* Currently, the only supported auth type is "descriptor" and the only
-   * supported key type is "x25519". */
-  if (strcmp(auth_type, "descriptor") || strcmp(key_type, "x25519")) {
+  /* Currently, the only supported auth type is "descriptor". */
+  if (strcmp(auth_type, "descriptor")) {
+    log_warn(LD_REND, "The auth type '%s' is not supported.", auth_type);
+    goto err;
+  }
+
+  /* Currently, the only supported key type is "x25519". */
+  if (strcmp(key_type, "x25519")) {
+    log_warn(LD_REND, "The key type '%s' is not supported.", key_type);
    goto err;
  }

@@ -1168,6 +1175,7 @@ parse_authorized_client(const char *client_key_str)
  if (base32_decode((char *) client->client_pk.public_key,
                    sizeof(client->client_pk.public_key),
                    pubkey_b32, strlen(pubkey_b32)) < 0) {
+    log_warn(LD_REND, "The public key cannot be decoded.");
    goto err;
  }

@@ -1233,27 +1241,36 @@ load_client_keys(hs_service_t *service)

  SMARTLIST_FOREACH_BEGIN(file_list, const char *, filename) {
    hs_service_authorized_client_t *client = NULL;
+    log_info(LD_REND, "Loading a client authorization key file %s...",
+             filename);

-    if (client_filename_is_valid(filename)) {
-      /* Create a full path for a file. */
-      client_key_file_path = hs_path_from_filename(client_keys_dir_path,
-                                                   filename);
-      client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
-      /* Free immediately after using it. */
-      tor_free(client_key_file_path);
+    if (!client_filename_is_valid(filename)) {
+      log_warn(LD_REND, "The filename is invalid.");
+      continue;
+    }

-      /* If we cannot read the file, continue with the next file. */
-      if (!client_key_str)  {
-        continue;
-      }
+    /* Create a full path for a file. */
+    client_key_file_path = hs_path_from_filename(client_keys_dir_path,
+                                                 filename);
+    client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
+    /* Free immediately after using it. */
+    tor_free(client_key_file_path);
+
+    /* If we cannot read the file, continue with the next file. */
+    if (!client_key_str)  {
+      log_warn(LD_REND, "The file cannot be read.");
+      continue;
+    }

-      client = parse_authorized_client(client_key_str);
-      /* Free immediately after using it. */
-      tor_free(client_key_str);
+    client = parse_authorized_client(client_key_str);
+    /* Wipe and free immediately after using it. */
+    memwipe(client_key_str, 0, strlen(client_key_str));
+    tor_free(client_key_str);

-      if (client) {
-        smartlist_add(config->clients, client);
-      }
+    if (client) {
+      smartlist_add(config->clients, client);
+      log_info(LD_REND, "Loaded a client authorization key file %s.",
+               filename);
    }

  } SMARTLIST_FOREACH_END(filename);