Ticket #11010: 0001-add-ClientConnectPolicy-config-option-11010-take2.patch

File 0001-add-ClientConnectPolicy-config-option-11010-take2.patch, 8.1 KB (added by cypherpunks, 5 years ago)

second attempt

  • new file changes/ticket11010

    From 7f690fa90a6327157f3255e7fc560e9790911bfc Mon Sep 17 00:00:00 2001
    From: Leif Ryge <leif@synthesize.us>
    Date: Sat, 8 Mar 2014 18:22:59 +0000
    Subject: [PATCH] add ClientConnectPolicy config option (#11010)
    
    ---
     changes/ticket11010      |  3 +++
     doc/tor.1.txt            | 15 +++++++++++++++
     src/or/config.c          |  1 +
     src/or/connection_edge.c | 25 +++++++++++++++++++++++++
     src/or/or.h              |  2 ++
     src/or/policies.c        | 20 ++++++++++++++++++++
     src/or/policies.h        |  2 ++
     7 files changed, 68 insertions(+)
     create mode 100644 changes/ticket11010
    
    diff --git a/changes/ticket11010 b/changes/ticket11010
    new file mode 100644
    index 0000000..8550ba9
    - +  
     1  o Minor features:
     2    - Add new configuration option ClientConnectPolicy to limit which
     3      destinations clients are allowed to make connections to.
  • doc/tor.1.txt

    diff --git a/doc/tor.1.txt b/doc/tor.1.txt
    index c49692c..6cfc048 100644
    a b The following options are useful only for clients (that is, if 
    12831283[[RejectPlaintextPorts]] **RejectPlaintextPorts** __port__,__port__,__...__::
    12841284    Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor
    12851285    will instead refuse to make the connection. (Default: None)
     1286 +
     1287    This option is deprecated; you can get the same functionality using
     1288    ClientConnectPolicy.
    12861289
    12871290[[AllowSingleHopCircuits]] **AllowSingleHopCircuits** **0**|**1**::
    12881291    When this option is set, the attached Tor controller can use relays
    The following options are useful only for clients (that is, if 
    14121415    this optoin is "auto", we take a recommendation from the latest consensus
    14131416    document. (Default: auto)
    14141417
     1418[[ClientConnectPolicy]] **ClientConnectPolicy** __policy__,__policy__,__...__::
     1419    Set a policy for which destinations clients are allowed to make connections
     1420    to. The policies have the same form as exit policies below, which does not
     1421    have support for support hostnames. Connections using hostnames will only
     1422    be matched by policies with "*" as their IP address (because they're
     1423    applied before the connection has been made, before the IP address is
     1424    known).
     1425 +
     1426    For example, "accept \*:443,reject \*:\*" would allow clients to make
     1427    connections to any destination on port 443 and reject all other
     1428    connections.
     1429
    14151430
    14161431SERVER OPTIONS
    14171432--------------
  • src/or/config.c

    diff --git a/src/or/config.c b/src/or/config.c
    index c822a84..6ea525c 100644
    a b static config_var_t option_vars_[] = { 
    393393  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
    394394  V(SocksListenAddress,          LINELIST, NULL),
    395395  V(SocksPolicy,                 LINELIST, NULL),
     396  V(ClientConnectPolicy,         LINELIST, NULL),
    396397  VPORT(SocksPort,                   LINELIST, NULL),
    397398  V(SocksTimeout,                INTERVAL, "2 minutes"),
    398399  V(SSLKeyLifetime,              INTERVAL, "0"),
  • src/or/connection_edge.c

    diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
    index 630c3b9..c03002c 100644
    a b consider_plaintext_ports(entry_connection_t *conn, uint16_t port) 
    874874  return 0;
    875875}
    876876
     877/** Check if <b>conn</b> complies with the ClientConnectPolicy */
     878static int
     879consider_client_connect_policy(entry_connection_t *conn, char *address,
     880                               uint16_t port)
     881{
     882  tor_addr_t addr;
     883  if (tor_addr_parse(&addr, address) < 0)
     884    tor_addr_parse(&addr, "0.0.0.0");
     885
     886  if (!client_connect_policy_permits_destination(&addr, port)) {
     887
     888    log_warn(LD_APP, "Connection to %s:%d rejected by ClientConnectPolicy.",
     889             safe_str_client(address), port);
     890    connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
     891    return -1;
     892  }
     893  return 0;
     894}
     895
    877896/** How many times do we try connecting with an exit configured via
    878897 * TrackHostExits before concluding that it won't work any more and trying a
    879898 * different one? */
    connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, 
    12731292        if (consider_plaintext_ports(conn, socks->port) < 0)
    12741293          return -1;
    12751294
     1295      /* reject if it would violate the ClientConnectPolicy */
     1296      if (!conn->use_begindir && !conn->chosen_exit_name && !circ)
     1297        if (consider_client_connect_policy(conn, socks->address,
     1298            socks->port) < 0)
     1299          return -1;
     1300
    12761301      if (!conn->use_begindir) {
    12771302        /* help predict this next time */
    12781303        rep_hist_note_used_port(now, socks->port);
  • src/or/or.h

    diff --git a/src/or/or.h b/src/or/or.h
    index 546adaa..691f07c 100644
    a b typedef struct { 
    34143414  invalid_router_usage_t AllowInvalid_;
    34153415  config_line_t *ExitPolicy; /**< Lists of exit policy components. */
    34163416  int ExitPolicyRejectPrivate; /**< Should we not exit to local addresses? */
     3417  config_line_t *ClientConnectPolicy; /**< Lists of client connect policy
     3418                                       * components */
    34173419  config_line_t *SocksPolicy; /**< Lists of socks policy components */
    34183420  config_line_t *DirPolicy; /**< Lists of dir policy components */
    34193421  /** Addresses to bind for listening for SOCKS connections. */
  • src/or/policies.c

    diff --git a/src/or/policies.c b/src/or/policies.c
    index 42dc46b..69f982f 100644
    a b  
    1717#include "geoip.h"
    1818#include "ht.h"
    1919
     20/** Policy that clients' stream destination addresses must match. */
     21static smartlist_t *client_connect_policy = NULL;
    2022/** Policy that addresses for incoming SOCKS connections must match. */
    2123static smartlist_t *socks_policy = NULL;
    2224/** Policy that addresses for incoming directory connections must match. */
    socks_policy_permits_address(const tor_addr_t *addr) 
    359361  return addr_policy_permits_tor_addr(addr, 1, socks_policy);
    360362}
    361363
     364/** Return 1 if <b>addr</b> is a permitted destination to build streams to,
     365 * based on <b>client_connect_policy</b>. Else return 0.
     366 */
     367int
     368client_connect_policy_permits_destination(const tor_addr_t *addr,
     369                                          uint16_t port)
     370{
     371  return addr_policy_permits_tor_addr(addr, port, client_connect_policy);
     372}
     373
    362374/** Return true iff the address <b>addr</b> is in a country listed in the
    363375 * case-insensitive list of country codes <b>cc_list</b>. */
    364376static int
    validate_addr_policies(const or_options_t *options, char **msg) 
    470482  if (parse_addr_policy(options->ReachableDirAddresses, &addr_policy,
    471483                        ADDR_POLICY_ACCEPT))
    472484    REJECT("Error in ReachableDirAddresses entry.");
     485  if (parse_addr_policy(options->ClientConnectPolicy, &addr_policy,
     486                        -1))
     487    REJECT("Error in ClientConnectPolicy entry.");
    473488
    474489 err:
    475490  addr_policy_list_free(addr_policy);
    policies_parse_from_options(const or_options_t *options) 
    542557    ret = -1;
    543558  if (parse_reachable_addresses() < 0)
    544559    ret = -1;
     560  if (parse_addr_policy(options->ClientConnectPolicy, &client_connect_policy,
     561                        -1) < 0)
     562    ret = -1;
    545563  return ret;
    546564}
    547565
    policies_free_all(void) 
    17391757  socks_policy = NULL;
    17401758  addr_policy_list_free(dir_policy);
    17411759  dir_policy = NULL;
     1760  addr_policy_list_free(client_connect_policy);
     1761  client_connect_policy = NULL;
    17421762  addr_policy_list_free(authdir_reject_policy);
    17431763  authdir_reject_policy = NULL;
    17441764  addr_policy_list_free(authdir_invalid_policy);
  • src/or/policies.h

    diff --git a/src/or/policies.h b/src/or/policies.h
    index 91ac427..82b1c30 100644
    a b int fascist_firewall_allows_address_dir(const tor_addr_t *addr, uint16_t port); 
    2626int dir_policy_permits_address(const tor_addr_t *addr);
    2727int socks_policy_permits_address(const tor_addr_t *addr);
    2828int authdir_policy_permits_address(uint32_t addr, uint16_t port);
     29int client_connect_policy_permits_destination(const tor_addr_t *addr,
     30                                              uint16_t port);
    2931int authdir_policy_valid_address(uint32_t addr, uint16_t port);
    3032int authdir_policy_baddir_address(uint32_t addr, uint16_t port);
    3133int authdir_policy_badexit_address(uint32_t addr, uint16_t port);