Ticket #11010: 0001-add-ClientConnectPolicy-config-option-11010.patch

File 0001-add-ClientConnectPolicy-config-option-11010.patch, 8.0 KB (added by cypherpunks, 5 years ago)
  • new file changes/ticket11010

    From 363546396d50135b9a625967afb9b7207f3cff85 Mon Sep 17 00:00:00 2001
    From: Leif Ryge <leif@synthesize.us>
    Date: Thu, 6 Mar 2014 00:19:51 +0000
    Subject: [PATCH] add ClientConnectPolicy config option (#11010)
    
    ---
     changes/ticket11010      |  3 +++
     doc/tor.1.txt            | 15 +++++++++++++++
     src/or/config.c          |  1 +
     src/or/connection_edge.c | 25 +++++++++++++++++++++++++
     src/or/or.h              |  2 ++
     src/or/policies.c        | 20 ++++++++++++++++++++
     src/or/policies.h        |  2 ++
     7 files changed, 68 insertions(+)
     create mode 100644 changes/ticket11010
    
    diff --git a/changes/ticket11010 b/changes/ticket11010
    new file mode 100644
    index 0000000..8550ba9
    - +  
     1  o Minor features:
     2    - Add new configuration option ClientConnectPolicy to limit which
     3      destinations clients are allowed to make connections to.
  • doc/tor.1.txt

    diff --git a/doc/tor.1.txt b/doc/tor.1.txt
    index 89608f7..5e1ef0f 100644
    a b The following options are useful only for clients (that is, if 
    12821282[[RejectPlaintextPorts]] **RejectPlaintextPorts** __port__,__port__,__...__::
    12831283    Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor
    12841284    will instead refuse to make the connection. (Default: None)
     1285 +
     1286    This option is deprecated; you can get the same functionality using
     1287    ClientConnectPolicy.
    12851288
    12861289[[AllowSingleHopCircuits]] **AllowSingleHopCircuits** **0**|**1**::
    12871290    When this option is set, the attached Tor controller can use relays
    The following options are useful only for clients (that is, if 
    14111414    this optoin is "auto", we take a recommendation from the latest consensus
    14121415    document. (Default: auto)
    14131416
     1417[[ClientConnectPolicy]] **ClientConnectPolicy** __policy__,__policy__,__...__::
     1418    Set a policy for which destinations clients are allowed to make connections
     1419    to. The policies have the same form as exit policies below, which does not
     1420    have support for support hostnames. Connections using hostnames will only
     1421    be matched by policies with "*" as their IP address (because they're
     1422    applied before the connection has been made, before the IP address is
     1423    known).
     1424 +
     1425    For example, "accept \*:443,reject \*:\*" would only allow clients to make
     1426    connections to any destination on port 443 and reject all other
     1427    connections.
     1428
    14141429
    14151430SERVER OPTIONS
    14161431--------------
  • src/or/config.c

    diff --git a/src/or/config.c b/src/or/config.c
    index 4c292d8..4586b31 100644
    a b static config_var_t option_vars_[] = { 
    393393  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
    394394  V(SocksListenAddress,          LINELIST, NULL),
    395395  V(SocksPolicy,                 LINELIST, NULL),
     396  V(ClientConnectPolicy,         LINELIST, NULL),
    396397  VPORT(SocksPort,                   LINELIST, NULL),
    397398  V(SocksTimeout,                INTERVAL, "2 minutes"),
    398399  V(SSLKeyLifetime,              INTERVAL, "0"),
  • src/or/connection_edge.c

    diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
    index 630c3b9..a12eeab 100644
    a b consider_plaintext_ports(entry_connection_t *conn, uint16_t port) 
    874874  return 0;
    875875}
    876876
     877/** Check if <b>conn</b> complies with the ClientConnectPolicy */
     878static int
     879consider_client_connect_policy(entry_connection_t *conn, char *address,
     880                               uint16_t port)
     881{
     882  tor_addr_t addr;
     883  tor_addr_parse(&addr, address);
     884
     885  if (!client_connect_policy_permits_destination(&addr, port)) {
     886
     887    log_warn(LD_APP, "Connection to %s:%d rejected by ClientConnectPolicy.",
     888             safe_str_client(address), port);
     889    connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
     890    return -1;
     891  }
     892
     893  return 0;
     894}
     895
    877896/** How many times do we try connecting with an exit configured via
    878897 * TrackHostExits before concluding that it won't work any more and trying a
    879898 * different one? */
    connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, 
    12731292        if (consider_plaintext_ports(conn, socks->port) < 0)
    12741293          return -1;
    12751294
     1295      /* reject if it would violate the ClientConnectPolicy */
     1296      if (!conn->use_begindir && !conn->chosen_exit_name && !circ)
     1297        if (consider_client_connect_policy(conn, socks->address,
     1298            socks->port) < 0)
     1299          return -1;
     1300
    12761301      if (!conn->use_begindir) {
    12771302        /* help predict this next time */
    12781303        rep_hist_note_used_port(now, socks->port);
  • src/or/or.h

    diff --git a/src/or/or.h b/src/or/or.h
    index 546adaa..691f07c 100644
    a b typedef struct { 
    34143414  invalid_router_usage_t AllowInvalid_;
    34153415  config_line_t *ExitPolicy; /**< Lists of exit policy components. */
    34163416  int ExitPolicyRejectPrivate; /**< Should we not exit to local addresses? */
     3417  config_line_t *ClientConnectPolicy; /**< Lists of client connect policy
     3418                                       * components */
    34173419  config_line_t *SocksPolicy; /**< Lists of socks policy components */
    34183420  config_line_t *DirPolicy; /**< Lists of dir policy components */
    34193421  /** Addresses to bind for listening for SOCKS connections. */
  • src/or/policies.c

    diff --git a/src/or/policies.c b/src/or/policies.c
    index 6289d70..8d5c5f6 100644
    a b  
    1717#include "geoip.h"
    1818#include "ht.h"
    1919
     20/** Policy that clients' stream destination addresses must match. */
     21static smartlist_t *client_connect_policy = NULL;
    2022/** Policy that addresses for incoming SOCKS connections must match. */
    2123static smartlist_t *socks_policy = NULL;
    2224/** Policy that addresses for incoming directory connections must match. */
    socks_policy_permits_address(const tor_addr_t *addr) 
    359361  return addr_policy_permits_tor_addr(addr, 1, socks_policy);
    360362}
    361363
     364/** Return 1 if <b>addr</b> is a permitted destination to build streams to,
     365 * based on <b>client_connect_policy</b>. Else return 0.
     366 */
     367int
     368client_connect_policy_permits_destination(const tor_addr_t *addr,
     369                                          uint16_t port)
     370{
     371  return addr_policy_permits_tor_addr(addr, port, client_connect_policy);
     372}
     373
    362374/** Return true iff the address <b>addr</b> is in a country listed in the
    363375 * case-insensitive list of country codes <b>cc_list</b>. */
    364376static int
    validate_addr_policies(const or_options_t *options, char **msg) 
    470482  if (parse_addr_policy(options->ReachableDirAddresses, &addr_policy,
    471483                        ADDR_POLICY_ACCEPT))
    472484    REJECT("Error in ReachableDirAddresses entry.");
     485  if (parse_addr_policy(options->ClientConnectPolicy, &addr_policy,
     486                        -1))
     487    REJECT("Error in ClientConnectPolicy entry.");
    473488
    474489 err:
    475490  addr_policy_list_free(addr_policy);
    policies_parse_from_options(const or_options_t *options) 
    534549    ret = -1;
    535550  if (parse_reachable_addresses() < 0)
    536551    ret = -1;
     552  if (parse_addr_policy(options->ClientConnectPolicy, &client_connect_policy,
     553                        -1) < 0)
     554    ret = -1;
    537555  return ret;
    538556}
    539557
    policies_free_all(void) 
    17311749  socks_policy = NULL;
    17321750  addr_policy_list_free(dir_policy);
    17331751  dir_policy = NULL;
     1752  addr_policy_list_free(client_connect_policy);
     1753  client_connect_policy = NULL;
    17341754  addr_policy_list_free(authdir_reject_policy);
    17351755  authdir_reject_policy = NULL;
    17361756  addr_policy_list_free(authdir_invalid_policy);
  • src/or/policies.h

    diff --git a/src/or/policies.h b/src/or/policies.h
    index 91ac427..82b1c30 100644
    a b int fascist_firewall_allows_address_dir(const tor_addr_t *addr, uint16_t port); 
    2626int dir_policy_permits_address(const tor_addr_t *addr);
    2727int socks_policy_permits_address(const tor_addr_t *addr);
    2828int authdir_policy_permits_address(uint32_t addr, uint16_t port);
     29int client_connect_policy_permits_destination(const tor_addr_t *addr,
     30                                              uint16_t port);
    2931int authdir_policy_valid_address(uint32_t addr, uint16_t port);
    3032int authdir_policy_baddir_address(uint32_t addr, uint16_t port);
    3133int authdir_policy_badexit_address(uint32_t addr, uint16_t port);