Ticket #15482: IsolateKeepAliveSOCKSAuth.patch

File IsolateKeepAliveSOCKSAuth.patch, 3.1 KB (added by rustybird, 4 years ago)
  • src/or/circuituse.c

    From f31b6666b645ac8b6e506381ad942959589070f2 Mon Sep 17 00:00:00 2001
    From: Rusty Bird <rustybird@openmailbox.org>
    Date: Tue, 16 Jun 2015 07:36:09 +0000
    Subject: [PATCH] Add IsolateKeepAliveSOCKSAuth isolation flag
    
    Keep SOCKS authentication isolated circuits alive as long as new streams
    get attached to them, if the IsolateKeepAliveSOCKSAuth is also set.
    
    Mostly for Tor Browser; fixes #15482. Based on bug15482.patch.
    ---
     src/or/circuituse.c |  9 +++++++--
     src/or/config.c     |  2 ++
     src/or/or.h         | 18 ++++++++++--------
     3 files changed, 19 insertions(+), 10 deletions(-)
    
    diff --git a/src/or/circuituse.c b/src/or/circuituse.c
    index 28c70ad..6d13f95 100644
    a b connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn, 
    22812281
    22822282  base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
    22832283
    2284   if (!circ->base_.timestamp_dirty)
    2285     circ->base_.timestamp_dirty = time(NULL);
     2284  if (!circ->base_.timestamp_dirty ||
     2285      ((conn->entry_cfg.isolation_flags & ISO_KEEPALIVESOCKSAUTH) &&
     2286       (conn->entry_cfg.isolation_flags & ISO_SOCKSAUTH) &&
     2287       (conn->socks_request->usernamelen ||
     2288        conn->socks_request->passwordlen))) {
     2289    circ->base_.timestamp_dirty = approx_time();
     2290  }
    22862291
    22872292  pathbias_count_use_attempt(circ);
    22882293
  • src/or/config.c

    diff --git a/src/or/config.c b/src/or/config.c
    index ef249a6..78f8275 100644
    a b parse_port_config(smartlist_t *out, 
    61706170          isoflag = ISO_CLIENTPROTO;
    61716171        } else if (!strcasecmp(elt, "IsolateClientAddr")) {
    61726172          isoflag = ISO_CLIENTADDR;
     6173        } else if (!strcasecmp(elt, "IsolateKeepAliveSOCKSAuth")) {
     6174          isoflag = ISO_KEEPALIVESOCKSAUTH;
    61736175        } else {
    61746176          log_warn(LD_CONFIG, "Unrecognized %sPort option '%s'",
    61756177                   portname, escaped(elt_orig));
  • src/or/or.h

    diff --git a/src/or/or.h b/src/or/or.h
    index ec5f277..ee6b1a2 100644
    a b typedef enum invalid_router_usage_t { 
    33253325    @{
    33263326*/
    33273327/** Isolate based on destination port */
    3328 #define ISO_DESTPORT    (1u<<0)
     3328#define ISO_DESTPORT           (1u<<0)
    33293329/** Isolate based on destination address */
    3330 #define ISO_DESTADDR    (1u<<1)
     3330#define ISO_DESTADDR           (1u<<1)
    33313331/** Isolate based on SOCKS authentication */
    3332 #define ISO_SOCKSAUTH   (1u<<2)
     3332#define ISO_SOCKSAUTH          (1u<<2)
    33333333/** Isolate based on client protocol choice */
    3334 #define ISO_CLIENTPROTO (1u<<3)
     3334#define ISO_CLIENTPROTO        (1u<<3)
    33353335/** Isolate based on client address */
    3336 #define ISO_CLIENTADDR  (1u<<4)
     3336#define ISO_CLIENTADDR         (1u<<4)
    33373337/** Isolate based on session group (always on). */
    3338 #define ISO_SESSIONGRP  (1u<<5)
     3338#define ISO_SESSIONGRP         (1u<<5)
    33393339/** Isolate based on newnym epoch (always on). */
    3340 #define ISO_NYM_EPOCH   (1u<<6)
     3340#define ISO_NYM_EPOCH          (1u<<6)
    33413341/** Isolate all streams (Internal only). */
    3342 #define ISO_STREAM      (1u<<7)
     3342#define ISO_STREAM             (1u<<7)
     3343/** Keep SOCKS authenticated circuit alive as long as streams get attached. */
     3344#define ISO_KEEPALIVESOCKSAUTH (1u<<8)
    33433345/**@}*/
    33443346
    33453347/** Default isolation level for ports. */