Split InproxyPersonalCompartmentIDs client and proxy config

- Allows dual-mode client/proxy to configure distinct personal pairing in each
  component

- Additional bug fixes
  - Fix broker ProxyAnnounce tactics shipping
  - Fix client personal compartment mode LimitTunnelProtocols adjustment

ConsoleClient/main.go

@@ -262,7 +262,7 @@ func main() {
 			psiphon.NoticeInfo("write profiles")
 			profileSampleDurationSeconds := 5
 			common.WriteRuntimeProfiles(
-				psiphon.NoticeCommonLogger(),
+				psiphon.NoticeCommonLogger(false),
 				config.DataRootDirectory,
 				"",
 				profileSampleDurationSeconds,

psiphon/common/tactics/tactics.go

@@ -1701,7 +1701,10 @@ func applyTacticsPayload(
 		// original tag -- but no tactics payload. In this case, simply fail
 		// the apply operation.
 
-		if payload.Tactics == nil {
+		// A nil payload.Tactics, of type json.RawMessage, can be serialized
+		// as the JSON "null".
+		if payload.Tactics == nil ||
+			bytes.Equal(payload.Tactics, []byte("null")) {
 			return errors.TraceNew("missing tactics")
 		}
 

psiphon/config.go

@@ -643,16 +643,21 @@ type Config struct {
 	// transfer rate limit for each proxied client. When 0, there is no limit.
 	InproxyLimitDownstreamBytesPerSecond int
 
-	// InproxyPersonalCompartmentIDs specifies the personal compartment IDs
-	// used by an in-proxy client or proxy. Personal compartment IDs are
+	// InproxyProxyPersonalCompartmentIDs specifies the personal compartment
+	// IDs used by an in-proxy proxy. Personal compartment IDs are
 	// distributed from proxy operators to client users out-of-band and
-	// provide a mechanism to allow only certain clients to use a proxy, or
-	// to ensure a client only uses a certain proxy.
+	// provide a mechanism to allow only certain clients to use a proxy.
+	InproxyProxyPersonalCompartmentIDs []string
+
+	// InproxyClientPersonalCompartmentIDs specifies the personal compartment
+	// IDs used by an in-proxy client. Personal compartment IDs are
+	// distributed from proxy operators to client users out-of-band and
+	// provide a mechanism to ensure a client only uses a certain proxy.
 	//
-	// When InproxyPersonalCompartmentIDs is set, the client will use only
-	// in-proxy protocols, ensuring that all connections go through the proxy
-	// or proxiues with the same personal compartment IDs.
-	InproxyPersonalCompartmentIDs []string
+	// When InproxyClientPersonalCompartmentIDs is set, the client will use
+	// only in-proxy protocols, ensuring that all connections go through the
+	// proxy or proxies with the same personal compartment IDs.
+	InproxyClientPersonalCompartmentIDs []string
 
 	//
 	// The following parameters are deprecated.
@@ -1341,6 +1346,21 @@ func (config *Config) Commit(migrateFromLegacyFields bool) error {
 		}
 	}
 
+	if config.ObfuscatedSSHAlgorithms != nil &&
+		len(config.ObfuscatedSSHAlgorithms) != 4 {
+		// TODO: validate each algorithm?
+		return errors.TraceNew("invalid ObfuscatedSSHAlgorithms")
+	}
+
+	if !config.DisableTunnels && config.InproxyEnableProxy &&
+		common.ContainsAny(
+			config.InproxyProxyPersonalCompartmentIDs,
+			config.InproxyClientPersonalCompartmentIDs) {
+
+		// Don't allow an in-proxy client and proxy run in the same app to match.
+		return errors.TraceNew("invalid overlapping personal compartment IDs")
+	}
+
 	// This constraint is expected by logic in Controller.runTunnels().
 
 	if config.PacketTunnelTunFileDescriptor > 0 && config.TunnelPoolSize != 1 {
@@ -1374,12 +1394,6 @@ func (config *Config) Commit(migrateFromLegacyFields bool) error {
 		return errors.Trace(err)
 	}
 
-	if config.ObfuscatedSSHAlgorithms != nil &&
-		len(config.ObfuscatedSSHAlgorithms) != 4 {
-		// TODO: validate each algorithm?
-		return errors.TraceNew("invalid ObfuscatedSSHAlgorithms")
-	}
-
 	// parametersParameters.Set will validate the config fields applied to
 	// parametersParameters.
 

psiphon/controller.go

@@ -1746,7 +1746,7 @@ func (controller *Controller) launchEstablishing() {
 	// corresponding personal compartment ID, so non-in-proxy tunnel
 	// protocols are disabled.
 
-	if len(controller.config.InproxyPersonalCompartmentIDs) > 0 {
+	if len(controller.config.InproxyClientPersonalCompartmentIDs) > 0 {
 
 		if len(controller.protocolSelectionConstraints.initialLimitTunnelProtocols) > 0 {
 			controller.protocolSelectionConstraints.initialLimitTunnelProtocols =
@@ -1758,7 +1758,13 @@ func (controller *Controller) launchEstablishing() {
 			controller.protocolSelectionConstraints.limitTunnelProtocols =
 				controller.protocolSelectionConstraints.
 					limitTunnelProtocols.OnlyInproxyTunnelProtocols()
-		} else {
+		}
+
+		// This covers two cases: if there was no limitTunnelProtocols to
+		// start, then limit to any in-proxy tunnel protocol; or, if there
+		// was a limit but OnlyInproxyTunnelProtocols evaluates to an empty
+		// list, also set the limit to any in-proxy tunnel protocol.
+		if len(controller.protocolSelectionConstraints.limitTunnelProtocols) == 0 {
 			controller.protocolSelectionConstraints.limitTunnelProtocols =
 				protocol.InproxyTunnelProtocols
 		}
@@ -2295,7 +2301,7 @@ loop:
 			// tuning/limiting in-proxy usage independent of
 			// LimitTunnelProtocol targeting.
 
-			onlyInproxy := len(controller.config.InproxyPersonalCompartmentIDs) > 0
+			onlyInproxy := len(controller.config.InproxyClientPersonalCompartmentIDs) > 0
 			includeInproxy := onlyInproxy || prng.FlipWeightedCoin(inproxySelectionProbability)
 
 			return controller.protocolSelectionConstraints.selectProtocol(
@@ -2769,7 +2775,7 @@ func (controller *Controller) inproxyHandleTacticsPayload(
 	tacticsRecord, err := tactics.HandleTacticsPayload(
 		GetTacticsStorer(controller.config), networkID, payload)
 	if err != nil {
-		NoticeError("HandleTacticsPayloadfailed: %v", errors.Trace(err))
+		NoticeError("HandleTacticsPayload failed: %v", errors.Trace(err))
 		return false
 	}
 

psiphon/inproxy.go

@@ -414,7 +414,11 @@ func prepareCompartmentIDs(
 
 	maxCompartmentIDListLength := p.Int(parameters.InproxyMaxCompartmentIDListLength)
 
-	personalCompartmentIDs, err := inproxy.IDsFromStrings(config.InproxyPersonalCompartmentIDs)
+	configPersonalCompartmentIDs := config.InproxyProxyPersonalCompartmentIDs
+	if !isProxy {
+		configPersonalCompartmentIDs = config.InproxyClientPersonalCompartmentIDs
+	}
+	personalCompartmentIDs, err := inproxy.IDsFromStrings(configPersonalCompartmentIDs)
 	if err != nil {
 		return nil, nil, errors.Trace(err)
 	}

psiphon/server/api.go

@@ -995,7 +995,9 @@ func getTacticsAPIParameterLogFieldFormatter() common.APIParameterLogFieldFormat
 	}
 }
 
-var inproxyBrokerRequestParams = append([]requestParamSpec(nil), baseSessionParams...)
+var inproxyBrokerRequestParams = append(
+	append([]requestParamSpec(nil), tacticsParams...),
+	baseSessionParams...)
 
 func getInproxyBrokerAPIParameterValidator(config *Config) common.APIParameterValidator {
 	return func(params common.APIParameters) error {

psiphon/server/meek.go

@@ -1843,15 +1843,19 @@ func (server *MeekServer) inproxyBrokerGetTactics(
 		return nil, "", errors.Trace(err)
 	}
 
+	var marshaledTacticsPayload []byte
 	newTacticsTag := ""
-	if tacticsPayload.Tactics != nil {
-		newTacticsTag = tacticsPayload.Tag
-	}
 
-	var marshaledTacticsPayload []byte
-	marshaledTacticsPayload, err = json.Marshal(tacticsPayload)
-	if err != nil {
-		return nil, "", errors.Trace(err)
+	if tacticsPayload != nil {
+
+		marshaledTacticsPayload, err = json.Marshal(tacticsPayload)
+		if err != nil {
+			return nil, "", errors.Trace(err)
+		}
+
+		if len(tacticsPayload.Tactics) > 0 {
+			newTacticsTag = tacticsPayload.Tag
+		}
 	}
 
 	return marshaledTacticsPayload, newTacticsTag, nil