tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 9395a0c765302f5f3fd15e8d9dd2e87404cea5ee
parent c7c9899bc4d4d1b0ff6df31fe0526133b23cd8bd
Author: George Kadianakis <desnacked@riseup.net>
Date:   Mon, 25 Nov 2019 17:22:52 +0200

hsv3: Remove support for client auth nicknames.

Because the function that parses client auth credentials saved on
disk (parse_auth_file_content()) is not future compatible, there is no way to
add support for storing the nickname on the disk. Hence, nicknames cannot
persist after Tor restart making them pretty much useless.

In the future we can introduce nicknames by adding a new file format for client
auth credentials, but this was not deemed worth doing at this stage.

Diffstat:

Msrc/feature/control/control_hs.c | 14+-------------


Msrc/feature/hs/hs_client.c | 4----


Msrc/feature/hs/hs_client.h | 6------


Msrc/test/test_hs_control.c | 15+++++----------


4 files changed, 6 insertions(+), 33 deletions(-)

diff --git a/src/feature/control/control_hs.c b/src/feature/control/control_hs.c
@@ -73,7 +73,6 @@ const control_cmd_syntax_t onion_client_auth_add_syntax = {
  *  register the new client-side client auth credentials:
  *  "ONION_CLIENT_AUTH_ADD" SP HSAddress
  *                          SP KeyType ":" PrivateKeyBlob
- *                          [SP "ClientName=" Nickname]
  *                          [SP "Type=" TYPE] CRLF
  */
 int
@@ -112,14 +111,7 @@ handle_control_onion_client_auth_add(control_connection_t *conn,
 
   /* Now let's parse the remaining arguments (variable size) */
   for (const config_line_t *line = args->kwargs; line; line = line->next) {
-    if (!strcasecmp(line->key, "ClientName")) {
-      if (strlen(line->value) > HS_CLIENT_AUTH_MAX_NICKNAME_LENGTH) {
-        control_write_endreply(conn, 512, "Too big 'ClientName' argument");
-        goto err;
-      }
-      creds->nickname = tor_strdup(line->value);
-
-    } else if (!strcasecmpstart(line->key, "Flags")) {
+    if (!strcasecmpstart(line->key, "Flags")) {
       smartlist_split_string(flags, line->value, ",", SPLIT_IGNORE_BLANK, 0);
       if (smartlist_len(flags) < 1) {
         control_write_endreply(conn, 512, "Invalid 'Flags' argument");
@@ -249,10 +241,6 @@ encode_client_auth_cred_for_control_port(
 
   smartlist_add_asprintf(control_line, "CLIENT x25519:%s", x25519_b64);
 
-  if (cred->nickname) { /* nickname is optional */
-    smartlist_add_asprintf(control_line, " ClientName=%s", cred->nickname);
-  }
-
   if (cred->flags) { /* flags are also optional */
     if (cred->flags & CLIENT_AUTH_FLAG_IS_PERMANENT) {
       smartlist_add_asprintf(control_line, " Flags=Permanent");
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
@@ -1832,10 +1832,6 @@ client_service_authorization_free_(hs_client_service_authorization_t *auth)
     return;
   }
 
-  if (auth->nickname) {
-    tor_free(auth->nickname);
-  }
-
   memwipe(auth, 0, sizeof(*auth));
   tor_free(auth);
 }
diff --git a/src/feature/hs/hs_client.h b/src/feature/hs/hs_client.h
@@ -60,9 +60,6 @@ typedef enum {
 /** Flag to set when a client auth is permanent (saved on disk). */
 #define CLIENT_AUTH_FLAG_IS_PERMANENT (1<<0)
 
-/** Max length of a client auth nickname */
-#define HS_CLIENT_AUTH_MAX_NICKNAME_LENGTH 255
-
 /** Client-side configuration of client authorization */
 typedef struct hs_client_service_authorization_t {
   /** An curve25519 secret key used to compute decryption keys that
@@ -72,9 +69,6 @@ typedef struct hs_client_service_authorization_t {
   /** An onion address that is used to connect to the onion service. */
   char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1];
 
-  /* An optional nickname for this client */
-  char *nickname;
-
   /* Optional flags for this client. */
   int flags;
 } hs_client_service_authorization_t;
diff --git a/src/test/test_hs_control.c b/src/test/test_hs_control.c
@@ -245,8 +245,7 @@ test_hs_control_good_onion_client_auth_add(void *arg)
 
   /* Register first service */
   args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd "
-                    "x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= "
-                    "ClientName=bob");
+                    "x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= ");
 
   retval = handle_control_command(&conn, (uint32_t) strlen(args), args);
   tt_int_op(retval, OP_EQ, 0);
@@ -277,13 +276,11 @@ test_hs_control_good_onion_client_auth_add(void *arg)
   hs_client_service_authorization_t *client_2fv =
     digest256map_get(client_auths, service_identity_pk_2fv.pubkey);
   tt_assert(client_2fv);
-  tt_str_op(client_2fv->nickname, OP_EQ, "bob");
   tt_int_op(client_2fv->flags, OP_EQ, 0);
 
   hs_client_service_authorization_t *client_jt4 =
     digest256map_get(client_auths, service_identity_pk_jt4.pubkey);
   tt_assert(client_jt4);
-  tt_assert(!client_jt4->nickname);
   tt_int_op(client_jt4->flags, OP_EQ, 0);
 
   /* Now let's VIEW the auth credentials */
@@ -296,8 +293,7 @@ test_hs_control_good_onion_client_auth_add(void *arg)
 
 #define VIEW_CORRECT_REPLY_NO_ADDR "250-ONION_CLIENT_AUTH_VIEW\r\n"   \
   "250-CLIENT x25519:eIIdIGoSZwI2Q/lSzpf92akGki5I+PZIDz37MA5BhlA=\r\n"\
-  "250-CLIENT x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= "   \
-  "ClientName=bob\r\n"                                                \
+  "250-CLIENT x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ=\r\n"   \
   "250 OK\r\n"
 
   retval = handle_control_command(&conn, (uint32_t) strlen(args), args);
@@ -516,7 +512,7 @@ test_hs_control_store_permanent_creds(void *arg)
   /* Try registering first service with no ClientOnionAuthDir set */
   args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd "
                     "x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= "
-                    "ClientName=bob Flags=Permanent");
+                    "Flags=Permanent");
 
   retval = handle_control_command(&conn, (uint32_t) strlen(args), args);
   tt_int_op(retval, OP_EQ, 0);
@@ -546,7 +542,7 @@ test_hs_control_store_permanent_creds(void *arg)
   /* Try the control port command again. This time it should work! */
   args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd "
                     "x25519:iJ1tjKCrMAbiFT2bVrCjhbfMDnE1fpaRbIS5ZHKUvEQ= "
-                    "ClientName=bob Flags=Permanent");
+                    "Flags=Permanent");
   retval = handle_control_command(&conn, (uint32_t) strlen(args), args);
   tt_int_op(retval, OP_EQ, 0);
 
@@ -571,7 +567,7 @@ test_hs_control_store_permanent_creds(void *arg)
   /* Overwrite the credentials and check that they got overwrited. */
   args = tor_strdup("2fvhjskjet3n5syd6yfg5lhvwcs62bojmthr35ko5bllr3iqdb4ctdyd "
                     "x25519:UDRvZLvcJo0QRLvDfkpgbtsqbkhIUQZyeo2FNBrgS18= "
-                    "ClientName=fab Flags=Permanent");
+                    "Flags=Permanent");
   retval = handle_control_command(&conn, (uint32_t) strlen(args), args);
   tt_int_op(retval, OP_EQ, 0);
 
@@ -600,7 +596,6 @@ test_hs_control_store_permanent_creds(void *arg)
   hs_client_service_authorization_t *client_2fv =
     digest256map_get(client_auths, service_identity_pk_2fv.pubkey);
   tt_assert(client_2fv);
-  tt_assert(!client_2fv->nickname);
   tt_int_op(client_2fv->flags, OP_EQ, CLIENT_AUTH_FLAG_IS_PERMANENT);
   tt_str_op(hex_str((char*)client_2fv->enc_seckey.secret_key, 32), OP_EQ,
            "50346F64BBDC268D1044BBC37E4A606EDB2A6E48485106727A8D85341AE04B5F");