control.c 252 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771577257735774577557765777577857795780578157825783578457855786578757885789579057915792579357945795579657975798579958005801580258035804580558065807580858095810581158125813581458155816581758185819582058215822582358245825582658275828582958305831583258335834583558365837583858395840584158425843584458455846584758485849585058515852585358545855585658575858585958605861586258635864586558665867586858695870587158725873587458755876587758785879588058815882588358845885588658875888588958905891589258935894589558965897589858995900590159025903590459055906590759085909591059115912591359145915591659175918591959205921592259235924592559265927592859295930593159325933593459355936593759385939594059415942594359445945594659475948594959505951595259535954595559565957595859595960596159625963596459655966596759685969597059715972597359745975597659775978597959805981598259835984598559865987598859895990599159925993599459955996599759985999600060016002600360046005600660076008600960106011601260136014601560166017601860196020602160226023602460256026602760286029603060316032603360346035603660376038603960406041604260436044604560466047604860496050605160526053605460556056605760586059606060616062606360646065606660676068606960706071607260736074607560766077607860796080608160826083608460856086608760886089609060916092609360946095609660976098609961006101610261036104610561066107610861096110611161126113611461156116611761186119612061216122612361246125612661276128612961306131613261336134613561366137613861396140614161426143614461456146614761486149615061516152615361546155615661576158615961606161616261636164616561666167616861696170617161726173617461756176617761786179618061816182618361846185618661876188618961906191619261936194619561966197619861996200620162026203620462056206620762086209621062116212621362146215621662176218621962206221622262236224622562266227622862296230623162326233623462356236623762386239624062416242624362446245624662476248624962506251625262536254625562566257625862596260626162626263626462656266626762686269627062716272627362746275627662776278627962806281628262836284628562866287628862896290629162926293629462956296629762986299630063016302630363046305630663076308630963106311631263136314631563166317631863196320632163226323632463256326632763286329633063316332633363346335633663376338633963406341634263436344634563466347634863496350635163526353635463556356635763586359636063616362636363646365636663676368636963706371637263736374637563766377637863796380638163826383638463856386638763886389639063916392639363946395639663976398639964006401640264036404640564066407640864096410641164126413641464156416641764186419642064216422642364246425642664276428642964306431643264336434643564366437643864396440644164426443644464456446644764486449645064516452645364546455645664576458645964606461646264636464646564666467646864696470647164726473647464756476647764786479648064816482648364846485648664876488648964906491649264936494649564966497649864996500650165026503650465056506650765086509651065116512651365146515651665176518651965206521652265236524652565266527652865296530653165326533653465356536653765386539654065416542654365446545654665476548654965506551655265536554655565566557655865596560656165626563656465656566656765686569657065716572657365746575657665776578657965806581658265836584658565866587658865896590659165926593659465956596659765986599660066016602660366046605660666076608660966106611661266136614661566166617661866196620662166226623662466256626662766286629663066316632663366346635663666376638663966406641664266436644664566466647664866496650665166526653665466556656665766586659666066616662666366646665666666676668666966706671667266736674667566766677667866796680668166826683668466856686668766886689669066916692669366946695669666976698669967006701670267036704670567066707670867096710671167126713671467156716671767186719672067216722672367246725672667276728672967306731673267336734673567366737673867396740674167426743674467456746674767486749675067516752675367546755675667576758675967606761676267636764676567666767676867696770677167726773677467756776677767786779678067816782678367846785678667876788678967906791679267936794679567966797679867996800680168026803680468056806680768086809681068116812681368146815681668176818681968206821682268236824682568266827682868296830683168326833683468356836683768386839684068416842684368446845684668476848684968506851685268536854685568566857685868596860686168626863686468656866686768686869687068716872687368746875687668776878687968806881688268836884688568866887688868896890689168926893689468956896689768986899690069016902690369046905690669076908690969106911691269136914691569166917691869196920692169226923692469256926692769286929693069316932693369346935693669376938693969406941694269436944694569466947694869496950695169526953695469556956695769586959696069616962696369646965696669676968696969706971697269736974697569766977697869796980698169826983698469856986698769886989699069916992699369946995699669976998699970007001700270037004700570067007700870097010701170127013701470157016701770187019702070217022702370247025702670277028702970307031703270337034703570367037703870397040704170427043704470457046704770487049705070517052705370547055705670577058705970607061706270637064706570667067706870697070707170727073707470757076707770787079708070817082708370847085708670877088708970907091709270937094709570967097709870997100710171027103710471057106710771087109711071117112711371147115711671177118711971207121712271237124712571267127712871297130713171327133713471357136713771387139714071417142714371447145714671477148714971507151715271537154715571567157715871597160716171627163716471657166716771687169717071717172717371747175717671777178717971807181718271837184718571867187718871897190719171927193719471957196719771987199720072017202720372047205720672077208720972107211721272137214721572167217721872197220722172227223722472257226722772287229723072317232723372347235723672377238723972407241724272437244724572467247724872497250725172527253725472557256725772587259726072617262726372647265726672677268726972707271727272737274727572767277727872797280728172827283728472857286728772887289729072917292729372947295729672977298729973007301730273037304730573067307730873097310731173127313731473157316731773187319732073217322732373247325732673277328732973307331733273337334733573367337733873397340734173427343734473457346734773487349735073517352735373547355735673577358735973607361736273637364736573667367736873697370737173727373737473757376737773787379738073817382738373847385738673877388738973907391739273937394739573967397739873997400740174027403740474057406740774087409741074117412741374147415741674177418741974207421742274237424742574267427742874297430743174327433743474357436743774387439744074417442744374447445744674477448744974507451745274537454745574567457745874597460746174627463746474657466746774687469747074717472747374747475747674777478747974807481748274837484748574867487748874897490749174927493749474957496749774987499750075017502750375047505750675077508750975107511751275137514751575167517751875197520752175227523752475257526752775287529753075317532753375347535753675377538753975407541754275437544754575467547754875497550755175527553755475557556755775587559756075617562756375647565756675677568756975707571757275737574757575767577
  1. /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  2. * Copyright (c) 2007-2019, The Tor Project, Inc. */
  3. /* See LICENSE for licensing information */
  4. /**
  5. * \file control.c
  6. * \brief Implementation for Tor's control-socket interface.
  7. *
  8. * A "controller" is an external program that monitors and controls a Tor
  9. * instance via a text-based protocol. It connects to Tor via a connection
  10. * to a local socket.
  11. *
  12. * The protocol is line-driven. The controller sends commands terminated by a
  13. * CRLF. Tor sends lines that are either <em>replies</em> to what the
  14. * controller has said, or <em>events</em> that Tor sends to the controller
  15. * asynchronously based on occurrences in the Tor network model.
  16. *
  17. * See the control-spec.txt file in the torspec.git repository for full
  18. * details on protocol.
  19. *
  20. * This module generally has two kinds of entry points: those based on having
  21. * received a command on a controller socket, which are handled in
  22. * connection_control_process_inbuf(), and dispatched to individual functions
  23. * with names like control_handle_COMMANDNAME(); and those based on events
  24. * that occur elsewhere in Tor, which are handled by functions with names like
  25. * control_event_EVENTTYPE().
  26. *
  27. * Controller events are not sent immediately; rather, they are inserted into
  28. * the queued_control_events array, and flushed later from
  29. * flush_queued_events_cb(). Doing this simplifies our callgraph greatly,
  30. * by limiting the number of places in Tor that can call back into the network
  31. * stack.
  32. **/
  33. #define CONTROL_PRIVATE
  34. #define OCIRC_EVENT_PRIVATE
  35. #include "core/or/or.h"
  36. #include "app/config/config.h"
  37. #include "app/config/confparse.h"
  38. #include "app/main/main.h"
  39. #include "core/mainloop/connection.h"
  40. #include "core/mainloop/mainloop.h"
  41. #include "core/or/channel.h"
  42. #include "core/or/channeltls.h"
  43. #include "core/or/circuitbuild.h"
  44. #include "core/or/circuitlist.h"
  45. #include "core/or/circuitstats.h"
  46. #include "core/or/circuituse.h"
  47. #include "core/or/command.h"
  48. #include "core/or/connection_edge.h"
  49. #include "core/or/connection_or.h"
  50. #include "core/or/ocirc_event.h"
  51. #include "core/or/policies.h"
  52. #include "core/or/reasons.h"
  53. #include "core/or/versions.h"
  54. #include "core/proto/proto_control0.h"
  55. #include "core/proto/proto_http.h"
  56. #include "feature/client/addressmap.h"
  57. #include "feature/client/bridges.h"
  58. #include "feature/client/dnsserv.h"
  59. #include "feature/client/entrynodes.h"
  60. #include "feature/control/control.h"
  61. #include "feature/control/fmt_serverstatus.h"
  62. #include "feature/control/getinfo_geoip.h"
  63. #include "feature/dircache/dirserv.h"
  64. #include "feature/dirclient/dirclient.h"
  65. #include "feature/dirclient/dlstatus.h"
  66. #include "feature/dircommon/directory.h"
  67. #include "feature/hibernate/hibernate.h"
  68. #include "feature/hs/hs_cache.h"
  69. #include "feature/hs/hs_common.h"
  70. #include "feature/hs/hs_control.h"
  71. #include "feature/hs_common/shared_random_client.h"
  72. #include "feature/nodelist/authcert.h"
  73. #include "feature/nodelist/dirlist.h"
  74. #include "feature/nodelist/microdesc.h"
  75. #include "feature/nodelist/networkstatus.h"
  76. #include "feature/nodelist/nodelist.h"
  77. #include "feature/nodelist/routerinfo.h"
  78. #include "feature/nodelist/routerlist.h"
  79. #include "feature/relay/router.h"
  80. #include "feature/relay/routermode.h"
  81. #include "feature/relay/selftest.h"
  82. #include "feature/rend/rendclient.h"
  83. #include "feature/rend/rendcommon.h"
  84. #include "feature/rend/rendparse.h"
  85. #include "feature/rend/rendservice.h"
  86. #include "feature/stats/geoip_stats.h"
  87. #include "feature/stats/predict_ports.h"
  88. #include "lib/buf/buffers.h"
  89. #include "lib/crypt_ops/crypto_rand.h"
  90. #include "lib/crypt_ops/crypto_util.h"
  91. #include "lib/encoding/confline.h"
  92. #include "lib/evloop/compat_libevent.h"
  93. #include "lib/version/torversion.h"
  94. #include "feature/dircache/cached_dir_st.h"
  95. #include "feature/control/control_connection_st.h"
  96. #include "core/or/cpath_build_state_st.h"
  97. #include "core/or/entry_connection_st.h"
  98. #include "feature/nodelist/extrainfo_st.h"
  99. #include "feature/nodelist/networkstatus_st.h"
  100. #include "feature/nodelist/node_st.h"
  101. #include "core/or/or_connection_st.h"
  102. #include "core/or/or_circuit_st.h"
  103. #include "core/or/origin_circuit_st.h"
  104. #include "feature/nodelist/microdesc_st.h"
  105. #include "feature/rend/rend_authorized_client_st.h"
  106. #include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
  107. #include "feature/rend/rend_service_descriptor_st.h"
  108. #include "feature/nodelist/routerinfo_st.h"
  109. #include "feature/nodelist/routerlist_st.h"
  110. #include "core/or/socks_request_st.h"
  111. #ifdef HAVE_UNISTD_H
  112. #include <unistd.h>
  113. #endif
  114. #ifdef HAVE_SYS_STAT_H
  115. #include <sys/stat.h>
  116. #endif
  117. #ifndef _WIN32
  118. #include <pwd.h>
  119. #include <sys/resource.h>
  120. #endif
  121. #include "lib/crypt_ops/crypto_s2k.h"
  122. #include "lib/evloop/procmon.h"
  123. #include "lib/evloop/compat_libevent.h"
  124. /** Yield true iff <b>s</b> is the state of a control_connection_t that has
  125. * finished authentication and is accepting commands. */
  126. #define STATE_IS_OPEN(s) ((s) == CONTROL_CONN_STATE_OPEN)
  127. /** Bitfield: The bit 1&lt;&lt;e is set if <b>any</b> open control
  128. * connection is interested in events of type <b>e</b>. We use this
  129. * so that we can decide to skip generating event messages that nobody
  130. * has interest in without having to walk over the global connection
  131. * list to find out.
  132. **/
  133. typedef uint64_t event_mask_t;
  134. /** An event mask of all the events that any controller is interested in
  135. * receiving. */
  136. static event_mask_t global_event_mask = 0;
  137. /** True iff we have disabled log messages from being sent to the controller */
  138. static int disable_log_messages = 0;
  139. /** Macro: true if any control connection is interested in events of type
  140. * <b>e</b>. */
  141. #define EVENT_IS_INTERESTING(e) \
  142. (!! (global_event_mask & EVENT_MASK_(e)))
  143. /** Macro: true if any event from the bitfield 'e' is interesting. */
  144. #define ANY_EVENT_IS_INTERESTING(e) \
  145. (!! (global_event_mask & (e)))
  146. /** If we're using cookie-type authentication, how long should our cookies be?
  147. */
  148. #define AUTHENTICATION_COOKIE_LEN 32
  149. /** If true, we've set authentication_cookie to a secret code and
  150. * stored it to disk. */
  151. static int authentication_cookie_is_set = 0;
  152. /** If authentication_cookie_is_set, a secret cookie that we've stored to disk
  153. * and which we're using to authenticate controllers. (If the controller can
  154. * read it off disk, it has permission to connect.) */
  155. static uint8_t *authentication_cookie = NULL;
  156. #define SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT \
  157. "Tor safe cookie authentication server-to-controller hash"
  158. #define SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT \
  159. "Tor safe cookie authentication controller-to-server hash"
  160. #define SAFECOOKIE_SERVER_NONCE_LEN DIGEST256_LEN
  161. /** The list of onion services that have been added via ADD_ONION that do not
  162. * belong to any particular control connection.
  163. */
  164. static smartlist_t *detached_onion_services = NULL;
  165. static void connection_printf_to_buf(control_connection_t *conn,
  166. const char *format, ...)
  167. CHECK_PRINTF(2,3);
  168. static void send_control_event_impl(uint16_t event,
  169. const char *format, va_list ap)
  170. CHECK_PRINTF(2,0);
  171. static int control_event_status(int type, int severity, const char *format,
  172. va_list args)
  173. CHECK_PRINTF(3,0);
  174. static void send_control_done(control_connection_t *conn);
  175. static void send_control_event(uint16_t event,
  176. const char *format, ...)
  177. CHECK_PRINTF(2,3);
  178. static int handle_control_setconf(control_connection_t *conn, uint32_t len,
  179. char *body);
  180. static int handle_control_resetconf(control_connection_t *conn, uint32_t len,
  181. char *body);
  182. static int handle_control_getconf(control_connection_t *conn, uint32_t len,
  183. const char *body);
  184. static int handle_control_loadconf(control_connection_t *conn, uint32_t len,
  185. const char *body);
  186. static int handle_control_setevents(control_connection_t *conn, uint32_t len,
  187. const char *body);
  188. static int handle_control_authenticate(control_connection_t *conn,
  189. uint32_t len,
  190. const char *body);
  191. static int handle_control_signal(control_connection_t *conn, uint32_t len,
  192. const char *body);
  193. static int handle_control_mapaddress(control_connection_t *conn, uint32_t len,
  194. const char *body);
  195. static char *list_getinfo_options(void);
  196. static int handle_control_getinfo(control_connection_t *conn, uint32_t len,
  197. const char *body);
  198. static int handle_control_extendcircuit(control_connection_t *conn,
  199. uint32_t len,
  200. const char *body);
  201. static int handle_control_setcircuitpurpose(control_connection_t *conn,
  202. uint32_t len, const char *body);
  203. static int handle_control_attachstream(control_connection_t *conn,
  204. uint32_t len,
  205. const char *body);
  206. static int handle_control_postdescriptor(control_connection_t *conn,
  207. uint32_t len,
  208. const char *body);
  209. static int handle_control_redirectstream(control_connection_t *conn,
  210. uint32_t len,
  211. const char *body);
  212. static int handle_control_closestream(control_connection_t *conn, uint32_t len,
  213. const char *body);
  214. static int handle_control_closecircuit(control_connection_t *conn,
  215. uint32_t len,
  216. const char *body);
  217. static int handle_control_resolve(control_connection_t *conn, uint32_t len,
  218. const char *body);
  219. static int handle_control_usefeature(control_connection_t *conn,
  220. uint32_t len,
  221. const char *body);
  222. static int handle_control_hsfetch(control_connection_t *conn, uint32_t len,
  223. const char *body);
  224. static int handle_control_hspost(control_connection_t *conn, uint32_t len,
  225. const char *body);
  226. static int handle_control_add_onion(control_connection_t *conn, uint32_t len,
  227. const char *body);
  228. static int handle_control_del_onion(control_connection_t *conn, uint32_t len,
  229. const char *body);
  230. static int write_stream_target_to_buf(entry_connection_t *conn, char *buf,
  231. size_t len);
  232. static void orconn_target_get_name(char *buf, size_t len,
  233. or_connection_t *conn);
  234. static int get_cached_network_liveness(void);
  235. static void set_cached_network_liveness(int liveness);
  236. static void flush_queued_events_cb(mainloop_event_t *event, void *arg);
  237. static char * download_status_to_string(const download_status_t *dl);
  238. static void control_get_bytes_rw_last_sec(uint64_t *r, uint64_t *w);
  239. /** Convert a connection_t* to an control_connection_t*; assert if the cast is
  240. * invalid. */
  241. control_connection_t *
  242. TO_CONTROL_CONN(connection_t *c)
  243. {
  244. tor_assert(c->magic == CONTROL_CONNECTION_MAGIC);
  245. return DOWNCAST(control_connection_t, c);
  246. }
  247. /** Given a control event code for a message event, return the corresponding
  248. * log severity. */
  249. static inline int
  250. event_to_log_severity(int event)
  251. {
  252. switch (event) {
  253. case EVENT_DEBUG_MSG: return LOG_DEBUG;
  254. case EVENT_INFO_MSG: return LOG_INFO;
  255. case EVENT_NOTICE_MSG: return LOG_NOTICE;
  256. case EVENT_WARN_MSG: return LOG_WARN;
  257. case EVENT_ERR_MSG: return LOG_ERR;
  258. default: return -1;
  259. }
  260. }
  261. /** Given a log severity, return the corresponding control event code. */
  262. static inline int
  263. log_severity_to_event(int severity)
  264. {
  265. switch (severity) {
  266. case LOG_DEBUG: return EVENT_DEBUG_MSG;
  267. case LOG_INFO: return EVENT_INFO_MSG;
  268. case LOG_NOTICE: return EVENT_NOTICE_MSG;
  269. case LOG_WARN: return EVENT_WARN_MSG;
  270. case LOG_ERR: return EVENT_ERR_MSG;
  271. default: return -1;
  272. }
  273. }
  274. /** Helper: clear bandwidth counters of all origin circuits. */
  275. static void
  276. clear_circ_bw_fields(void)
  277. {
  278. origin_circuit_t *ocirc;
  279. SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
  280. if (!CIRCUIT_IS_ORIGIN(circ))
  281. continue;
  282. ocirc = TO_ORIGIN_CIRCUIT(circ);
  283. ocirc->n_written_circ_bw = ocirc->n_read_circ_bw = 0;
  284. ocirc->n_overhead_written_circ_bw = ocirc->n_overhead_read_circ_bw = 0;
  285. ocirc->n_delivered_written_circ_bw = ocirc->n_delivered_read_circ_bw = 0;
  286. }
  287. SMARTLIST_FOREACH_END(circ);
  288. }
  289. /** Set <b>global_event_mask*</b> to the bitwise OR of each live control
  290. * connection's event_mask field. */
  291. void
  292. control_update_global_event_mask(void)
  293. {
  294. smartlist_t *conns = get_connection_array();
  295. event_mask_t old_mask, new_mask;
  296. old_mask = global_event_mask;
  297. int any_old_per_sec_events = control_any_per_second_event_enabled();
  298. global_event_mask = 0;
  299. SMARTLIST_FOREACH(conns, connection_t *, _conn,
  300. {
  301. if (_conn->type == CONN_TYPE_CONTROL &&
  302. STATE_IS_OPEN(_conn->state)) {
  303. control_connection_t *conn = TO_CONTROL_CONN(_conn);
  304. global_event_mask |= conn->event_mask;
  305. }
  306. });
  307. new_mask = global_event_mask;
  308. /* Handle the aftermath. Set up the log callback to tell us only what
  309. * we want to hear...*/
  310. control_adjust_event_log_severity();
  311. /* Macro: true if ev was false before and is true now. */
  312. #define NEWLY_ENABLED(ev) \
  313. (! (old_mask & (ev)) && (new_mask & (ev)))
  314. /* ...then, if we've started logging stream or circ bw, clear the
  315. * appropriate fields. */
  316. if (NEWLY_ENABLED(EVENT_STREAM_BANDWIDTH_USED)) {
  317. SMARTLIST_FOREACH(conns, connection_t *, conn,
  318. {
  319. if (conn->type == CONN_TYPE_AP) {
  320. edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
  321. edge_conn->n_written = edge_conn->n_read = 0;
  322. }
  323. });
  324. }
  325. if (NEWLY_ENABLED(EVENT_CIRC_BANDWIDTH_USED)) {
  326. clear_circ_bw_fields();
  327. }
  328. if (NEWLY_ENABLED(EVENT_BANDWIDTH_USED)) {
  329. uint64_t r, w;
  330. control_get_bytes_rw_last_sec(&r, &w);
  331. }
  332. if (any_old_per_sec_events != control_any_per_second_event_enabled()) {
  333. rescan_periodic_events(get_options());
  334. }
  335. #undef NEWLY_ENABLED
  336. }
  337. /** Adjust the log severities that result in control_event_logmsg being called
  338. * to match the severity of log messages that any controllers are interested
  339. * in. */
  340. void
  341. control_adjust_event_log_severity(void)
  342. {
  343. int i;
  344. int min_log_event=EVENT_ERR_MSG, max_log_event=EVENT_DEBUG_MSG;
  345. for (i = EVENT_DEBUG_MSG; i <= EVENT_ERR_MSG; ++i) {
  346. if (EVENT_IS_INTERESTING(i)) {
  347. min_log_event = i;
  348. break;
  349. }
  350. }
  351. for (i = EVENT_ERR_MSG; i >= EVENT_DEBUG_MSG; --i) {
  352. if (EVENT_IS_INTERESTING(i)) {
  353. max_log_event = i;
  354. break;
  355. }
  356. }
  357. if (EVENT_IS_INTERESTING(EVENT_STATUS_GENERAL)) {
  358. if (min_log_event > EVENT_NOTICE_MSG)
  359. min_log_event = EVENT_NOTICE_MSG;
  360. if (max_log_event < EVENT_ERR_MSG)
  361. max_log_event = EVENT_ERR_MSG;
  362. }
  363. if (min_log_event <= max_log_event)
  364. change_callback_log_severity(event_to_log_severity(min_log_event),
  365. event_to_log_severity(max_log_event),
  366. control_event_logmsg);
  367. else
  368. change_callback_log_severity(LOG_ERR, LOG_ERR,
  369. control_event_logmsg);
  370. }
  371. /** Return true iff the event with code <b>c</b> is being sent to any current
  372. * control connection. This is useful if the amount of work needed to prepare
  373. * to call the appropriate control_event_...() function is high.
  374. */
  375. int
  376. control_event_is_interesting(int event)
  377. {
  378. return EVENT_IS_INTERESTING(event);
  379. }
  380. /** Return true if any event that needs to fire once a second is enabled. */
  381. int
  382. control_any_per_second_event_enabled(void)
  383. {
  384. return ANY_EVENT_IS_INTERESTING(
  385. EVENT_MASK_(EVENT_BANDWIDTH_USED) |
  386. EVENT_MASK_(EVENT_CELL_STATS) |
  387. EVENT_MASK_(EVENT_CIRC_BANDWIDTH_USED) |
  388. EVENT_MASK_(EVENT_CONN_BW) |
  389. EVENT_MASK_(EVENT_STREAM_BANDWIDTH_USED)
  390. );
  391. }
  392. /* The value of 'get_bytes_read()' the previous time that
  393. * control_get_bytes_rw_last_sec() as called. */
  394. static uint64_t stats_prev_n_read = 0;
  395. /* The value of 'get_bytes_written()' the previous time that
  396. * control_get_bytes_rw_last_sec() as called. */
  397. static uint64_t stats_prev_n_written = 0;
  398. /**
  399. * Set <b>n_read</b> and <b>n_written</b> to the total number of bytes read
  400. * and written by Tor since the last call to this function.
  401. *
  402. * Call this only from the main thread.
  403. */
  404. static void
  405. control_get_bytes_rw_last_sec(uint64_t *n_read,
  406. uint64_t *n_written)
  407. {
  408. const uint64_t stats_n_bytes_read = get_bytes_read();
  409. const uint64_t stats_n_bytes_written = get_bytes_written();
  410. *n_read = stats_n_bytes_read - stats_prev_n_read;
  411. *n_written = stats_n_bytes_written - stats_prev_n_written;
  412. stats_prev_n_read = stats_n_bytes_read;
  413. stats_prev_n_written = stats_n_bytes_written;
  414. }
  415. /**
  416. * Run all the controller events (if any) that are scheduled to trigger once
  417. * per second.
  418. */
  419. void
  420. control_per_second_events(void)
  421. {
  422. if (!control_any_per_second_event_enabled())
  423. return;
  424. uint64_t bytes_read, bytes_written;
  425. control_get_bytes_rw_last_sec(&bytes_read, &bytes_written);
  426. control_event_bandwidth_used((uint32_t)bytes_read,(uint32_t)bytes_written);
  427. control_event_stream_bandwidth_used();
  428. control_event_conn_bandwidth_used();
  429. control_event_circ_bandwidth_used();
  430. control_event_circuit_cell_stats();
  431. }
  432. /** Append a NUL-terminated string <b>s</b> to the end of
  433. * <b>conn</b>-\>outbuf.
  434. */
  435. static inline void
  436. connection_write_str_to_buf(const char *s, control_connection_t *conn)
  437. {
  438. size_t len = strlen(s);
  439. connection_buf_add(s, len, TO_CONN(conn));
  440. }
  441. /** Given a <b>len</b>-character string in <b>data</b>, made of lines
  442. * terminated by CRLF, allocate a new string in *<b>out</b>, and copy the
  443. * contents of <b>data</b> into *<b>out</b>, adding a period before any period
  444. * that appears at the start of a line, and adding a period-CRLF line at
  445. * the end. Replace all LF characters sequences with CRLF. Return the number
  446. * of bytes in *<b>out</b>.
  447. */
  448. STATIC size_t
  449. write_escaped_data(const char *data, size_t len, char **out)
  450. {
  451. tor_assert(len < SIZE_MAX - 9);
  452. size_t sz_out = len+8+1;
  453. char *outp;
  454. const char *start = data, *end;
  455. size_t i;
  456. int start_of_line;
  457. for (i=0; i < len; ++i) {
  458. if (data[i] == '\n') {
  459. sz_out += 2; /* Maybe add a CR; maybe add a dot. */
  460. if (sz_out >= SIZE_T_CEILING) {
  461. log_warn(LD_BUG, "Input to write_escaped_data was too long");
  462. *out = tor_strdup(".\r\n");
  463. return 3;
  464. }
  465. }
  466. }
  467. *out = outp = tor_malloc(sz_out);
  468. end = data+len;
  469. start_of_line = 1;
  470. while (data < end) {
  471. if (*data == '\n') {
  472. if (data > start && data[-1] != '\r')
  473. *outp++ = '\r';
  474. start_of_line = 1;
  475. } else if (*data == '.') {
  476. if (start_of_line) {
  477. start_of_line = 0;
  478. *outp++ = '.';
  479. }
  480. } else {
  481. start_of_line = 0;
  482. }
  483. *outp++ = *data++;
  484. }
  485. if (outp < *out+2 || fast_memcmp(outp-2, "\r\n", 2)) {
  486. *outp++ = '\r';
  487. *outp++ = '\n';
  488. }
  489. *outp++ = '.';
  490. *outp++ = '\r';
  491. *outp++ = '\n';
  492. *outp = '\0'; /* NUL-terminate just in case. */
  493. tor_assert(outp >= *out);
  494. tor_assert((size_t)(outp - *out) <= sz_out);
  495. return outp - *out;
  496. }
  497. /** Given a <b>len</b>-character string in <b>data</b>, made of lines
  498. * terminated by CRLF, allocate a new string in *<b>out</b>, and copy
  499. * the contents of <b>data</b> into *<b>out</b>, removing any period
  500. * that appears at the start of a line, and replacing all CRLF sequences
  501. * with LF. Return the number of
  502. * bytes in *<b>out</b>. */
  503. STATIC size_t
  504. read_escaped_data(const char *data, size_t len, char **out)
  505. {
  506. char *outp;
  507. const char *next;
  508. const char *end;
  509. *out = outp = tor_malloc(len+1);
  510. end = data+len;
  511. while (data < end) {
  512. /* we're at the start of a line. */
  513. if (*data == '.')
  514. ++data;
  515. next = memchr(data, '\n', end-data);
  516. if (next) {
  517. size_t n_to_copy = next-data;
  518. /* Don't copy a CR that precedes this LF. */
  519. if (n_to_copy && *(next-1) == '\r')
  520. --n_to_copy;
  521. memcpy(outp, data, n_to_copy);
  522. outp += n_to_copy;
  523. data = next+1; /* This will point at the start of the next line,
  524. * or the end of the string, or a period. */
  525. } else {
  526. memcpy(outp, data, end-data);
  527. outp += (end-data);
  528. *outp = '\0';
  529. return outp - *out;
  530. }
  531. *outp++ = '\n';
  532. }
  533. *outp = '\0';
  534. return outp - *out;
  535. }
  536. /** If the first <b>in_len_max</b> characters in <b>start</b> contain a
  537. * double-quoted string with escaped characters, return the length of that
  538. * string (as encoded, including quotes). Otherwise return -1. */
  539. static inline int
  540. get_escaped_string_length(const char *start, size_t in_len_max,
  541. int *chars_out)
  542. {
  543. const char *cp, *end;
  544. int chars = 0;
  545. if (*start != '\"')
  546. return -1;
  547. cp = start+1;
  548. end = start+in_len_max;
  549. /* Calculate length. */
  550. while (1) {
  551. if (cp >= end) {
  552. return -1; /* Too long. */
  553. } else if (*cp == '\\') {
  554. if (++cp == end)
  555. return -1; /* Can't escape EOS. */
  556. ++cp;
  557. ++chars;
  558. } else if (*cp == '\"') {
  559. break;
  560. } else {
  561. ++cp;
  562. ++chars;
  563. }
  564. }
  565. if (chars_out)
  566. *chars_out = chars;
  567. return (int)(cp - start+1);
  568. }
  569. /** As decode_escaped_string, but does not decode the string: copies the
  570. * entire thing, including quotation marks. */
  571. static const char *
  572. extract_escaped_string(const char *start, size_t in_len_max,
  573. char **out, size_t *out_len)
  574. {
  575. int length = get_escaped_string_length(start, in_len_max, NULL);
  576. if (length<0)
  577. return NULL;
  578. *out_len = length;
  579. *out = tor_strndup(start, *out_len);
  580. return start+length;
  581. }
  582. /** Given a pointer to a string starting at <b>start</b> containing
  583. * <b>in_len_max</b> characters, decode a string beginning with one double
  584. * quote, containing any number of non-quote characters or characters escaped
  585. * with a backslash, and ending with a final double quote. Place the resulting
  586. * string (unquoted, unescaped) into a newly allocated string in *<b>out</b>;
  587. * store its length in <b>out_len</b>. On success, return a pointer to the
  588. * character immediately following the escaped string. On failure, return
  589. * NULL. */
  590. static const char *
  591. decode_escaped_string(const char *start, size_t in_len_max,
  592. char **out, size_t *out_len)
  593. {
  594. const char *cp, *end;
  595. char *outp;
  596. int len, n_chars = 0;
  597. len = get_escaped_string_length(start, in_len_max, &n_chars);
  598. if (len<0)
  599. return NULL;
  600. end = start+len-1; /* Index of last quote. */
  601. tor_assert(*end == '\"');
  602. outp = *out = tor_malloc(len+1);
  603. *out_len = n_chars;
  604. cp = start+1;
  605. while (cp < end) {
  606. if (*cp == '\\')
  607. ++cp;
  608. *outp++ = *cp++;
  609. }
  610. *outp = '\0';
  611. tor_assert((outp - *out) == (int)*out_len);
  612. return end+1;
  613. }
  614. /** Create and add a new controller connection on <b>sock</b>. If
  615. * <b>CC_LOCAL_FD_IS_OWNER</b> is set in <b>flags</b>, this Tor process should
  616. * exit when the connection closes. If <b>CC_LOCAL_FD_IS_AUTHENTICATED</b>
  617. * is set, then the connection does not need to authenticate.
  618. */
  619. int
  620. control_connection_add_local_fd(tor_socket_t sock, unsigned flags)
  621. {
  622. if (BUG(! SOCKET_OK(sock)))
  623. return -1;
  624. const int is_owner = !!(flags & CC_LOCAL_FD_IS_OWNER);
  625. const int is_authenticated = !!(flags & CC_LOCAL_FD_IS_AUTHENTICATED);
  626. control_connection_t *control_conn = control_connection_new(AF_UNSPEC);
  627. connection_t *conn = TO_CONN(control_conn);
  628. conn->s = sock;
  629. tor_addr_make_unspec(&conn->addr);
  630. conn->port = 1;
  631. conn->address = tor_strdup("<local socket>");
  632. /* We take ownership of this socket so that later, when we close it,
  633. * we don't freak out. */
  634. tor_take_socket_ownership(sock);
  635. if (set_socket_nonblocking(sock) < 0 ||
  636. connection_add(conn) < 0) {
  637. connection_free(conn);
  638. return -1;
  639. }
  640. control_conn->is_owning_control_connection = is_owner;
  641. if (connection_init_accepted_conn(conn, NULL) < 0) {
  642. connection_mark_for_close(conn);
  643. return -1;
  644. }
  645. if (is_authenticated) {
  646. conn->state = CONTROL_CONN_STATE_OPEN;
  647. }
  648. return 0;
  649. }
  650. /** Acts like sprintf, but writes its formatted string to the end of
  651. * <b>conn</b>-\>outbuf. */
  652. static void
  653. connection_printf_to_buf(control_connection_t *conn, const char *format, ...)
  654. {
  655. va_list ap;
  656. char *buf = NULL;
  657. int len;
  658. va_start(ap,format);
  659. len = tor_vasprintf(&buf, format, ap);
  660. va_end(ap);
  661. if (len < 0) {
  662. log_err(LD_BUG, "Unable to format string for controller.");
  663. tor_assert(0);
  664. }
  665. connection_buf_add(buf, (size_t)len, TO_CONN(conn));
  666. tor_free(buf);
  667. }
  668. /** Write all of the open control ports to ControlPortWriteToFile */
  669. void
  670. control_ports_write_to_file(void)
  671. {
  672. smartlist_t *lines;
  673. char *joined = NULL;
  674. const or_options_t *options = get_options();
  675. if (!options->ControlPortWriteToFile)
  676. return;
  677. lines = smartlist_new();
  678. SMARTLIST_FOREACH_BEGIN(get_connection_array(), const connection_t *, conn) {
  679. if (conn->type != CONN_TYPE_CONTROL_LISTENER || conn->marked_for_close)
  680. continue;
  681. #ifdef AF_UNIX
  682. if (conn->socket_family == AF_UNIX) {
  683. smartlist_add_asprintf(lines, "UNIX_PORT=%s\n", conn->address);
  684. continue;
  685. }
  686. #endif /* defined(AF_UNIX) */
  687. smartlist_add_asprintf(lines, "PORT=%s:%d\n", conn->address, conn->port);
  688. } SMARTLIST_FOREACH_END(conn);
  689. joined = smartlist_join_strings(lines, "", 0, NULL);
  690. if (write_str_to_file(options->ControlPortWriteToFile, joined, 0) < 0) {
  691. log_warn(LD_CONTROL, "Writing %s failed: %s",
  692. options->ControlPortWriteToFile, strerror(errno));
  693. }
  694. #ifndef _WIN32
  695. if (options->ControlPortFileGroupReadable) {
  696. if (chmod(options->ControlPortWriteToFile, 0640)) {
  697. log_warn(LD_FS,"Unable to make %s group-readable.",
  698. options->ControlPortWriteToFile);
  699. }
  700. }
  701. #endif /* !defined(_WIN32) */
  702. tor_free(joined);
  703. SMARTLIST_FOREACH(lines, char *, cp, tor_free(cp));
  704. smartlist_free(lines);
  705. }
  706. /** Send a "DONE" message down the control connection <b>conn</b>. */
  707. static void
  708. send_control_done(control_connection_t *conn)
  709. {
  710. connection_write_str_to_buf("250 OK\r\n", conn);
  711. }
  712. /** Represents an event that's queued to be sent to one or more
  713. * controllers. */
  714. typedef struct queued_event_s {
  715. uint16_t event;
  716. char *msg;
  717. } queued_event_t;
  718. /** Pointer to int. If this is greater than 0, we don't allow new events to be
  719. * queued. */
  720. static tor_threadlocal_t block_event_queue_flag;
  721. /** Holds a smartlist of queued_event_t objects that may need to be sent
  722. * to one or more controllers */
  723. static smartlist_t *queued_control_events = NULL;
  724. /** True if the flush_queued_events_event is pending. */
  725. static int flush_queued_event_pending = 0;
  726. /** Lock to protect the above fields. */
  727. static tor_mutex_t *queued_control_events_lock = NULL;
  728. /** An event that should fire in order to flush the contents of
  729. * queued_control_events. */
  730. static mainloop_event_t *flush_queued_events_event = NULL;
  731. void
  732. control_initialize_event_queue(void)
  733. {
  734. if (queued_control_events == NULL) {
  735. queued_control_events = smartlist_new();
  736. }
  737. if (flush_queued_events_event == NULL) {
  738. struct event_base *b = tor_libevent_get_base();
  739. if (b) {
  740. flush_queued_events_event =
  741. mainloop_event_new(flush_queued_events_cb, NULL);
  742. tor_assert(flush_queued_events_event);
  743. }
  744. }
  745. if (queued_control_events_lock == NULL) {
  746. queued_control_events_lock = tor_mutex_new();
  747. tor_threadlocal_init(&block_event_queue_flag);
  748. }
  749. }
  750. static int *
  751. get_block_event_queue(void)
  752. {
  753. int *val = tor_threadlocal_get(&block_event_queue_flag);
  754. if (PREDICT_UNLIKELY(val == NULL)) {
  755. val = tor_malloc_zero(sizeof(int));
  756. tor_threadlocal_set(&block_event_queue_flag, val);
  757. }
  758. return val;
  759. }
  760. /** Helper: inserts an event on the list of events queued to be sent to
  761. * one or more controllers, and schedules the events to be flushed if needed.
  762. *
  763. * This function takes ownership of <b>msg</b>, and may free it.
  764. *
  765. * We queue these events rather than send them immediately in order to break
  766. * the dependency in our callgraph from code that generates events for the
  767. * controller, and the network layer at large. Otherwise, nearly every
  768. * interesting part of Tor would potentially call every other interesting part
  769. * of Tor.
  770. */
  771. MOCK_IMPL(STATIC void,
  772. queue_control_event_string,(uint16_t event, char *msg))
  773. {
  774. /* This is redundant with checks done elsewhere, but it's a last-ditch
  775. * attempt to avoid queueing something we shouldn't have to queue. */
  776. if (PREDICT_UNLIKELY( ! EVENT_IS_INTERESTING(event) )) {
  777. tor_free(msg);
  778. return;
  779. }
  780. int *block_event_queue = get_block_event_queue();
  781. if (*block_event_queue) {
  782. tor_free(msg);
  783. return;
  784. }
  785. queued_event_t *ev = tor_malloc(sizeof(*ev));
  786. ev->event = event;
  787. ev->msg = msg;
  788. /* No queueing an event while queueing an event */
  789. ++*block_event_queue;
  790. tor_mutex_acquire(queued_control_events_lock);
  791. tor_assert(queued_control_events);
  792. smartlist_add(queued_control_events, ev);
  793. int activate_event = 0;
  794. if (! flush_queued_event_pending && in_main_thread()) {
  795. activate_event = 1;
  796. flush_queued_event_pending = 1;
  797. }
  798. tor_mutex_release(queued_control_events_lock);
  799. --*block_event_queue;
  800. /* We just put an event on the queue; mark the queue to be
  801. * flushed. We only do this from the main thread for now; otherwise,
  802. * we'd need to incur locking overhead in Libevent or use a socket.
  803. */
  804. if (activate_event) {
  805. tor_assert(flush_queued_events_event);
  806. mainloop_event_activate(flush_queued_events_event);
  807. }
  808. }
  809. #define queued_event_free(ev) \
  810. FREE_AND_NULL(queued_event_t, queued_event_free_, (ev))
  811. /** Release all storage held by <b>ev</b>. */
  812. static void
  813. queued_event_free_(queued_event_t *ev)
  814. {
  815. if (ev == NULL)
  816. return;
  817. tor_free(ev->msg);
  818. tor_free(ev);
  819. }
  820. /** Send every queued event to every controller that's interested in it,
  821. * and remove the events from the queue. If <b>force</b> is true,
  822. * then make all controllers send their data out immediately, since we
  823. * may be about to shut down. */
  824. static void
  825. queued_events_flush_all(int force)
  826. {
  827. /* Make sure that we get all the pending log events, if there are any. */
  828. flush_pending_log_callbacks();
  829. if (PREDICT_UNLIKELY(queued_control_events == NULL)) {
  830. return;
  831. }
  832. smartlist_t *all_conns = get_connection_array();
  833. smartlist_t *controllers = smartlist_new();
  834. smartlist_t *queued_events;
  835. int *block_event_queue = get_block_event_queue();
  836. ++*block_event_queue;
  837. tor_mutex_acquire(queued_control_events_lock);
  838. /* No queueing an event while flushing events. */
  839. flush_queued_event_pending = 0;
  840. queued_events = queued_control_events;
  841. queued_control_events = smartlist_new();
  842. tor_mutex_release(queued_control_events_lock);
  843. /* Gather all the controllers that will care... */
  844. SMARTLIST_FOREACH_BEGIN(all_conns, connection_t *, conn) {
  845. if (conn->type == CONN_TYPE_CONTROL &&
  846. !conn->marked_for_close &&
  847. conn->state == CONTROL_CONN_STATE_OPEN) {
  848. control_connection_t *control_conn = TO_CONTROL_CONN(conn);
  849. smartlist_add(controllers, control_conn);
  850. }
  851. } SMARTLIST_FOREACH_END(conn);
  852. SMARTLIST_FOREACH_BEGIN(queued_events, queued_event_t *, ev) {
  853. const event_mask_t bit = ((event_mask_t)1) << ev->event;
  854. const size_t msg_len = strlen(ev->msg);
  855. SMARTLIST_FOREACH_BEGIN(controllers, control_connection_t *,
  856. control_conn) {
  857. if (control_conn->event_mask & bit) {
  858. connection_buf_add(ev->msg, msg_len, TO_CONN(control_conn));
  859. }
  860. } SMARTLIST_FOREACH_END(control_conn);
  861. queued_event_free(ev);
  862. } SMARTLIST_FOREACH_END(ev);
  863. if (force) {
  864. SMARTLIST_FOREACH_BEGIN(controllers, control_connection_t *,
  865. control_conn) {
  866. connection_flush(TO_CONN(control_conn));
  867. } SMARTLIST_FOREACH_END(control_conn);
  868. }
  869. smartlist_free(queued_events);
  870. smartlist_free(controllers);
  871. --*block_event_queue;
  872. }
  873. /** Libevent callback: Flushes pending events to controllers that are
  874. * interested in them. */
  875. static void
  876. flush_queued_events_cb(mainloop_event_t *event, void *arg)
  877. {
  878. (void) event;
  879. (void) arg;
  880. queued_events_flush_all(0);
  881. }
  882. /** Send an event to all v1 controllers that are listening for code
  883. * <b>event</b>. The event's body is given by <b>msg</b>.
  884. *
  885. * The EXTENDED_FORMAT and NONEXTENDED_FORMAT flags behave similarly with
  886. * respect to the EXTENDED_EVENTS feature. */
  887. MOCK_IMPL(STATIC void,
  888. send_control_event_string,(uint16_t event,
  889. const char *msg))
  890. {
  891. tor_assert(event >= EVENT_MIN_ && event <= EVENT_MAX_);
  892. queue_control_event_string(event, tor_strdup(msg));
  893. }
  894. /** Helper for send_control_event and control_event_status:
  895. * Send an event to all v1 controllers that are listening for code
  896. * <b>event</b>. The event's body is created by the printf-style format in
  897. * <b>format</b>, and other arguments as provided. */
  898. static void
  899. send_control_event_impl(uint16_t event,
  900. const char *format, va_list ap)
  901. {
  902. char *buf = NULL;
  903. int len;
  904. len = tor_vasprintf(&buf, format, ap);
  905. if (len < 0) {
  906. log_warn(LD_BUG, "Unable to format event for controller.");
  907. return;
  908. }
  909. queue_control_event_string(event, buf);
  910. }
  911. /** Send an event to all v1 controllers that are listening for code
  912. * <b>event</b>. The event's body is created by the printf-style format in
  913. * <b>format</b>, and other arguments as provided. */
  914. static void
  915. send_control_event(uint16_t event,
  916. const char *format, ...)
  917. {
  918. va_list ap;
  919. va_start(ap, format);
  920. send_control_event_impl(event, format, ap);
  921. va_end(ap);
  922. }
  923. /** Given a text circuit <b>id</b>, return the corresponding circuit. */
  924. static origin_circuit_t *
  925. get_circ(const char *id)
  926. {
  927. uint32_t n_id;
  928. int ok;
  929. n_id = (uint32_t) tor_parse_ulong(id, 10, 0, UINT32_MAX, &ok, NULL);
  930. if (!ok)
  931. return NULL;
  932. return circuit_get_by_global_id(n_id);
  933. }
  934. /** Given a text stream <b>id</b>, return the corresponding AP connection. */
  935. static entry_connection_t *
  936. get_stream(const char *id)
  937. {
  938. uint64_t n_id;
  939. int ok;
  940. connection_t *conn;
  941. n_id = tor_parse_uint64(id, 10, 0, UINT64_MAX, &ok, NULL);
  942. if (!ok)
  943. return NULL;
  944. conn = connection_get_by_global_id(n_id);
  945. if (!conn || conn->type != CONN_TYPE_AP || conn->marked_for_close)
  946. return NULL;
  947. return TO_ENTRY_CONN(conn);
  948. }
  949. /** Helper for setconf and resetconf. Acts like setconf, except
  950. * it passes <b>use_defaults</b> on to options_trial_assign(). Modifies the
  951. * contents of body.
  952. */
  953. static int
  954. control_setconf_helper(control_connection_t *conn, uint32_t len, char *body,
  955. int use_defaults)
  956. {
  957. setopt_err_t opt_err;
  958. config_line_t *lines=NULL;
  959. char *start = body;
  960. char *errstring = NULL;
  961. const unsigned flags =
  962. CAL_CLEAR_FIRST | (use_defaults ? CAL_USE_DEFAULTS : 0);
  963. char *config;
  964. smartlist_t *entries = smartlist_new();
  965. /* We have a string, "body", of the format '(key(=val|="val")?)' entries
  966. * separated by space. break it into a list of configuration entries. */
  967. while (*body) {
  968. char *eq = body;
  969. char *key;
  970. char *entry;
  971. while (!TOR_ISSPACE(*eq) && *eq != '=')
  972. ++eq;
  973. key = tor_strndup(body, eq-body);
  974. body = eq+1;
  975. if (*eq == '=') {
  976. char *val=NULL;
  977. size_t val_len=0;
  978. if (*body != '\"') {
  979. char *val_start = body;
  980. while (!TOR_ISSPACE(*body))
  981. body++;
  982. val = tor_strndup(val_start, body-val_start);
  983. val_len = strlen(val);
  984. } else {
  985. body = (char*)extract_escaped_string(body, (len - (body-start)),
  986. &val, &val_len);
  987. if (!body) {
  988. connection_write_str_to_buf("551 Couldn't parse string\r\n", conn);
  989. SMARTLIST_FOREACH(entries, char *, cp, tor_free(cp));
  990. smartlist_free(entries);
  991. tor_free(key);
  992. return 0;
  993. }
  994. }
  995. tor_asprintf(&entry, "%s %s", key, val);
  996. tor_free(key);
  997. tor_free(val);
  998. } else {
  999. entry = key;
  1000. }
  1001. smartlist_add(entries, entry);
  1002. while (TOR_ISSPACE(*body))
  1003. ++body;
  1004. }
  1005. smartlist_add_strdup(entries, "");
  1006. config = smartlist_join_strings(entries, "\n", 0, NULL);
  1007. SMARTLIST_FOREACH(entries, char *, cp, tor_free(cp));
  1008. smartlist_free(entries);
  1009. if (config_get_lines(config, &lines, 0) < 0) {
  1010. log_warn(LD_CONTROL,"Controller gave us config lines we can't parse.");
  1011. connection_write_str_to_buf("551 Couldn't parse configuration\r\n",
  1012. conn);
  1013. tor_free(config);
  1014. return 0;
  1015. }
  1016. tor_free(config);
  1017. opt_err = options_trial_assign(lines, flags, &errstring);
  1018. {
  1019. const char *msg;
  1020. switch (opt_err) {
  1021. case SETOPT_ERR_MISC:
  1022. msg = "552 Unrecognized option";
  1023. break;
  1024. case SETOPT_ERR_PARSE:
  1025. msg = "513 Unacceptable option value";
  1026. break;
  1027. case SETOPT_ERR_TRANSITION:
  1028. msg = "553 Transition not allowed";
  1029. break;
  1030. case SETOPT_ERR_SETTING:
  1031. default:
  1032. msg = "553 Unable to set option";
  1033. break;
  1034. case SETOPT_OK:
  1035. config_free_lines(lines);
  1036. send_control_done(conn);
  1037. return 0;
  1038. }
  1039. log_warn(LD_CONTROL,
  1040. "Controller gave us config lines that didn't validate: %s",
  1041. errstring);
  1042. connection_printf_to_buf(conn, "%s: %s\r\n", msg, errstring);
  1043. config_free_lines(lines);
  1044. tor_free(errstring);
  1045. return 0;
  1046. }
  1047. }
  1048. /** Called when we receive a SETCONF message: parse the body and try
  1049. * to update our configuration. Reply with a DONE or ERROR message.
  1050. * Modifies the contents of body.*/
  1051. static int
  1052. handle_control_setconf(control_connection_t *conn, uint32_t len, char *body)
  1053. {
  1054. return control_setconf_helper(conn, len, body, 0);
  1055. }
  1056. /** Called when we receive a RESETCONF message: parse the body and try
  1057. * to update our configuration. Reply with a DONE or ERROR message.
  1058. * Modifies the contents of body. */
  1059. static int
  1060. handle_control_resetconf(control_connection_t *conn, uint32_t len, char *body)
  1061. {
  1062. return control_setconf_helper(conn, len, body, 1);
  1063. }
  1064. /** Called when we receive a GETCONF message. Parse the request, and
  1065. * reply with a CONFVALUE or an ERROR message */
  1066. static int
  1067. handle_control_getconf(control_connection_t *conn, uint32_t body_len,
  1068. const char *body)
  1069. {
  1070. smartlist_t *questions = smartlist_new();
  1071. smartlist_t *answers = smartlist_new();
  1072. smartlist_t *unrecognized = smartlist_new();
  1073. char *msg = NULL;
  1074. size_t msg_len;
  1075. const or_options_t *options = get_options();
  1076. int i, len;
  1077. (void) body_len; /* body is NUL-terminated; so we can ignore len. */
  1078. smartlist_split_string(questions, body, " ",
  1079. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  1080. SMARTLIST_FOREACH_BEGIN(questions, const char *, q) {
  1081. if (!option_is_recognized(q)) {
  1082. smartlist_add(unrecognized, (char*) q);
  1083. } else {
  1084. config_line_t *answer = option_get_assignment(options,q);
  1085. if (!answer) {
  1086. const char *name = option_get_canonical_name(q);
  1087. smartlist_add_asprintf(answers, "250-%s\r\n", name);
  1088. }
  1089. while (answer) {
  1090. config_line_t *next;
  1091. smartlist_add_asprintf(answers, "250-%s=%s\r\n",
  1092. answer->key, answer->value);
  1093. next = answer->next;
  1094. tor_free(answer->key);
  1095. tor_free(answer->value);
  1096. tor_free(answer);
  1097. answer = next;
  1098. }
  1099. }
  1100. } SMARTLIST_FOREACH_END(q);
  1101. if ((len = smartlist_len(unrecognized))) {
  1102. for (i=0; i < len-1; ++i)
  1103. connection_printf_to_buf(conn,
  1104. "552-Unrecognized configuration key \"%s\"\r\n",
  1105. (char*)smartlist_get(unrecognized, i));
  1106. connection_printf_to_buf(conn,
  1107. "552 Unrecognized configuration key \"%s\"\r\n",
  1108. (char*)smartlist_get(unrecognized, len-1));
  1109. } else if ((len = smartlist_len(answers))) {
  1110. char *tmp = smartlist_get(answers, len-1);
  1111. tor_assert(strlen(tmp)>4);
  1112. tmp[3] = ' ';
  1113. msg = smartlist_join_strings(answers, "", 0, &msg_len);
  1114. connection_buf_add(msg, msg_len, TO_CONN(conn));
  1115. } else {
  1116. connection_write_str_to_buf("250 OK\r\n", conn);
  1117. }
  1118. SMARTLIST_FOREACH(answers, char *, cp, tor_free(cp));
  1119. smartlist_free(answers);
  1120. SMARTLIST_FOREACH(questions, char *, cp, tor_free(cp));
  1121. smartlist_free(questions);
  1122. smartlist_free(unrecognized);
  1123. tor_free(msg);
  1124. return 0;
  1125. }
  1126. /** Called when we get a +LOADCONF message. */
  1127. static int
  1128. handle_control_loadconf(control_connection_t *conn, uint32_t len,
  1129. const char *body)
  1130. {
  1131. setopt_err_t retval;
  1132. char *errstring = NULL;
  1133. const char *msg = NULL;
  1134. (void) len;
  1135. retval = options_init_from_string(NULL, body, CMD_RUN_TOR, NULL, &errstring);
  1136. if (retval != SETOPT_OK)
  1137. log_warn(LD_CONTROL,
  1138. "Controller gave us config file that didn't validate: %s",
  1139. errstring);
  1140. switch (retval) {
  1141. case SETOPT_ERR_PARSE:
  1142. msg = "552 Invalid config file";
  1143. break;
  1144. case SETOPT_ERR_TRANSITION:
  1145. msg = "553 Transition not allowed";
  1146. break;
  1147. case SETOPT_ERR_SETTING:
  1148. msg = "553 Unable to set option";
  1149. break;
  1150. case SETOPT_ERR_MISC:
  1151. default:
  1152. msg = "550 Unable to load config";
  1153. break;
  1154. case SETOPT_OK:
  1155. break;
  1156. }
  1157. if (msg) {
  1158. if (errstring)
  1159. connection_printf_to_buf(conn, "%s: %s\r\n", msg, errstring);
  1160. else
  1161. connection_printf_to_buf(conn, "%s\r\n", msg);
  1162. } else {
  1163. send_control_done(conn);
  1164. }
  1165. tor_free(errstring);
  1166. return 0;
  1167. }
  1168. /** Helper structure: maps event values to their names. */
  1169. struct control_event_t {
  1170. uint16_t event_code;
  1171. const char *event_name;
  1172. };
  1173. /** Table mapping event values to their names. Used to implement SETEVENTS
  1174. * and GETINFO events/names, and to keep they in sync. */
  1175. static const struct control_event_t control_event_table[] = {
  1176. { EVENT_CIRCUIT_STATUS, "CIRC" },
  1177. { EVENT_CIRCUIT_STATUS_MINOR, "CIRC_MINOR" },
  1178. { EVENT_STREAM_STATUS, "STREAM" },
  1179. { EVENT_OR_CONN_STATUS, "ORCONN" },
  1180. { EVENT_BANDWIDTH_USED, "BW" },
  1181. { EVENT_DEBUG_MSG, "DEBUG" },
  1182. { EVENT_INFO_MSG, "INFO" },
  1183. { EVENT_NOTICE_MSG, "NOTICE" },
  1184. { EVENT_WARN_MSG, "WARN" },
  1185. { EVENT_ERR_MSG, "ERR" },
  1186. { EVENT_NEW_DESC, "NEWDESC" },
  1187. { EVENT_ADDRMAP, "ADDRMAP" },
  1188. { EVENT_DESCCHANGED, "DESCCHANGED" },
  1189. { EVENT_NS, "NS" },
  1190. { EVENT_STATUS_GENERAL, "STATUS_GENERAL" },
  1191. { EVENT_STATUS_CLIENT, "STATUS_CLIENT" },
  1192. { EVENT_STATUS_SERVER, "STATUS_SERVER" },
  1193. { EVENT_GUARD, "GUARD" },
  1194. { EVENT_STREAM_BANDWIDTH_USED, "STREAM_BW" },
  1195. { EVENT_CLIENTS_SEEN, "CLIENTS_SEEN" },
  1196. { EVENT_NEWCONSENSUS, "NEWCONSENSUS" },
  1197. { EVENT_BUILDTIMEOUT_SET, "BUILDTIMEOUT_SET" },
  1198. { EVENT_GOT_SIGNAL, "SIGNAL" },
  1199. { EVENT_CONF_CHANGED, "CONF_CHANGED"},
  1200. { EVENT_CONN_BW, "CONN_BW" },
  1201. { EVENT_CELL_STATS, "CELL_STATS" },
  1202. { EVENT_CIRC_BANDWIDTH_USED, "CIRC_BW" },
  1203. { EVENT_TRANSPORT_LAUNCHED, "TRANSPORT_LAUNCHED" },
  1204. { EVENT_HS_DESC, "HS_DESC" },
  1205. { EVENT_HS_DESC_CONTENT, "HS_DESC_CONTENT" },
  1206. { EVENT_NETWORK_LIVENESS, "NETWORK_LIVENESS" },
  1207. { 0, NULL },
  1208. };
  1209. /** Called when we get a SETEVENTS message: update conn->event_mask,
  1210. * and reply with DONE or ERROR. */
  1211. static int
  1212. handle_control_setevents(control_connection_t *conn, uint32_t len,
  1213. const char *body)
  1214. {
  1215. int event_code;
  1216. event_mask_t event_mask = 0;
  1217. smartlist_t *events = smartlist_new();
  1218. (void) len;
  1219. smartlist_split_string(events, body, " ",
  1220. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  1221. SMARTLIST_FOREACH_BEGIN(events, const char *, ev)
  1222. {
  1223. if (!strcasecmp(ev, "EXTENDED") ||
  1224. !strcasecmp(ev, "AUTHDIR_NEWDESCS")) {
  1225. log_warn(LD_CONTROL, "The \"%s\" SETEVENTS argument is no longer "
  1226. "supported.", ev);
  1227. continue;
  1228. } else {
  1229. int i;
  1230. event_code = -1;
  1231. for (i = 0; control_event_table[i].event_name != NULL; ++i) {
  1232. if (!strcasecmp(ev, control_event_table[i].event_name)) {
  1233. event_code = control_event_table[i].event_code;
  1234. break;
  1235. }
  1236. }
  1237. if (event_code == -1) {
  1238. connection_printf_to_buf(conn, "552 Unrecognized event \"%s\"\r\n",
  1239. ev);
  1240. SMARTLIST_FOREACH(events, char *, e, tor_free(e));
  1241. smartlist_free(events);
  1242. return 0;
  1243. }
  1244. }
  1245. event_mask |= (((event_mask_t)1) << event_code);
  1246. }
  1247. SMARTLIST_FOREACH_END(ev);
  1248. SMARTLIST_FOREACH(events, char *, e, tor_free(e));
  1249. smartlist_free(events);
  1250. conn->event_mask = event_mask;
  1251. control_update_global_event_mask();
  1252. send_control_done(conn);
  1253. return 0;
  1254. }
  1255. /** Decode the hashed, base64'd passwords stored in <b>passwords</b>.
  1256. * Return a smartlist of acceptable passwords (unterminated strings of
  1257. * length S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on
  1258. * failure.
  1259. */
  1260. smartlist_t *
  1261. decode_hashed_passwords(config_line_t *passwords)
  1262. {
  1263. char decoded[64];
  1264. config_line_t *cl;
  1265. smartlist_t *sl = smartlist_new();
  1266. tor_assert(passwords);
  1267. for (cl = passwords; cl; cl = cl->next) {
  1268. const char *hashed = cl->value;
  1269. if (!strcmpstart(hashed, "16:")) {
  1270. if (base16_decode(decoded, sizeof(decoded), hashed+3, strlen(hashed+3))
  1271. != S2K_RFC2440_SPECIFIER_LEN + DIGEST_LEN
  1272. || strlen(hashed+3) != (S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN)*2) {
  1273. goto err;
  1274. }
  1275. } else {
  1276. if (base64_decode(decoded, sizeof(decoded), hashed, strlen(hashed))
  1277. != S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) {
  1278. goto err;
  1279. }
  1280. }
  1281. smartlist_add(sl,
  1282. tor_memdup(decoded, S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN));
  1283. }
  1284. return sl;
  1285. err:
  1286. SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
  1287. smartlist_free(sl);
  1288. return NULL;
  1289. }
  1290. /** Called when we get an AUTHENTICATE message. Check whether the
  1291. * authentication is valid, and if so, update the connection's state to
  1292. * OPEN. Reply with DONE or ERROR.
  1293. */
  1294. static int
  1295. handle_control_authenticate(control_connection_t *conn, uint32_t len,
  1296. const char *body)
  1297. {
  1298. int used_quoted_string = 0;
  1299. const or_options_t *options = get_options();
  1300. const char *errstr = "Unknown error";
  1301. char *password;
  1302. size_t password_len;
  1303. const char *cp;
  1304. int i;
  1305. int bad_cookie=0, bad_password=0;
  1306. smartlist_t *sl = NULL;
  1307. if (!len) {
  1308. password = tor_strdup("");
  1309. password_len = 0;
  1310. } else if (TOR_ISXDIGIT(body[0])) {
  1311. cp = body;
  1312. while (TOR_ISXDIGIT(*cp))
  1313. ++cp;
  1314. i = (int)(cp - body);
  1315. tor_assert(i>0);
  1316. password_len = i/2;
  1317. password = tor_malloc(password_len + 1);
  1318. if (base16_decode(password, password_len+1, body, i)
  1319. != (int) password_len) {
  1320. connection_write_str_to_buf(
  1321. "551 Invalid hexadecimal encoding. Maybe you tried a plain text "
  1322. "password? If so, the standard requires that you put it in "
  1323. "double quotes.\r\n", conn);
  1324. connection_mark_for_close(TO_CONN(conn));
  1325. tor_free(password);
  1326. return 0;
  1327. }
  1328. } else {
  1329. if (!decode_escaped_string(body, len, &password, &password_len)) {
  1330. connection_write_str_to_buf("551 Invalid quoted string. You need "
  1331. "to put the password in double quotes.\r\n", conn);
  1332. connection_mark_for_close(TO_CONN(conn));
  1333. return 0;
  1334. }
  1335. used_quoted_string = 1;
  1336. }
  1337. if (conn->safecookie_client_hash != NULL) {
  1338. /* The controller has chosen safe cookie authentication; the only
  1339. * acceptable authentication value is the controller-to-server
  1340. * response. */
  1341. tor_assert(authentication_cookie_is_set);
  1342. if (password_len != DIGEST256_LEN) {
  1343. log_warn(LD_CONTROL,
  1344. "Got safe cookie authentication response with wrong length "
  1345. "(%d)", (int)password_len);
  1346. errstr = "Wrong length for safe cookie response.";
  1347. goto err;
  1348. }
  1349. if (tor_memneq(conn->safecookie_client_hash, password, DIGEST256_LEN)) {
  1350. log_warn(LD_CONTROL,
  1351. "Got incorrect safe cookie authentication response");
  1352. errstr = "Safe cookie response did not match expected value.";
  1353. goto err;
  1354. }
  1355. tor_free(conn->safecookie_client_hash);
  1356. goto ok;
  1357. }
  1358. if (!options->CookieAuthentication && !options->HashedControlPassword &&
  1359. !options->HashedControlSessionPassword) {
  1360. /* if Tor doesn't demand any stronger authentication, then
  1361. * the controller can get in with anything. */
  1362. goto ok;
  1363. }
  1364. if (options->CookieAuthentication) {
  1365. int also_password = options->HashedControlPassword != NULL ||
  1366. options->HashedControlSessionPassword != NULL;
  1367. if (password_len != AUTHENTICATION_COOKIE_LEN) {
  1368. if (!also_password) {
  1369. log_warn(LD_CONTROL, "Got authentication cookie with wrong length "
  1370. "(%d)", (int)password_len);
  1371. errstr = "Wrong length on authentication cookie.";
  1372. goto err;
  1373. }
  1374. bad_cookie = 1;
  1375. } else if (tor_memneq(authentication_cookie, password, password_len)) {
  1376. if (!also_password) {
  1377. log_warn(LD_CONTROL, "Got mismatched authentication cookie");
  1378. errstr = "Authentication cookie did not match expected value.";
  1379. goto err;
  1380. }
  1381. bad_cookie = 1;
  1382. } else {
  1383. goto ok;
  1384. }
  1385. }
  1386. if (options->HashedControlPassword ||
  1387. options->HashedControlSessionPassword) {
  1388. int bad = 0;
  1389. smartlist_t *sl_tmp;
  1390. char received[DIGEST_LEN];
  1391. int also_cookie = options->CookieAuthentication;
  1392. sl = smartlist_new();
  1393. if (options->HashedControlPassword) {
  1394. sl_tmp = decode_hashed_passwords(options->HashedControlPassword);
  1395. if (!sl_tmp)
  1396. bad = 1;
  1397. else {
  1398. smartlist_add_all(sl, sl_tmp);
  1399. smartlist_free(sl_tmp);
  1400. }
  1401. }
  1402. if (options->HashedControlSessionPassword) {
  1403. sl_tmp = decode_hashed_passwords(options->HashedControlSessionPassword);
  1404. if (!sl_tmp)
  1405. bad = 1;
  1406. else {
  1407. smartlist_add_all(sl, sl_tmp);
  1408. smartlist_free(sl_tmp);
  1409. }
  1410. }
  1411. if (bad) {
  1412. if (!also_cookie) {
  1413. log_warn(LD_BUG,
  1414. "Couldn't decode HashedControlPassword: invalid base16");
  1415. errstr="Couldn't decode HashedControlPassword value in configuration.";
  1416. goto err;
  1417. }
  1418. bad_password = 1;
  1419. SMARTLIST_FOREACH(sl, char *, str, tor_free(str));
  1420. smartlist_free(sl);
  1421. sl = NULL;
  1422. } else {
  1423. SMARTLIST_FOREACH(sl, char *, expected,
  1424. {
  1425. secret_to_key_rfc2440(received,DIGEST_LEN,
  1426. password,password_len,expected);
  1427. if (tor_memeq(expected + S2K_RFC2440_SPECIFIER_LEN,
  1428. received, DIGEST_LEN))
  1429. goto ok;
  1430. });
  1431. SMARTLIST_FOREACH(sl, char *, str, tor_free(str));
  1432. smartlist_free(sl);
  1433. sl = NULL;
  1434. if (used_quoted_string)
  1435. errstr = "Password did not match HashedControlPassword value from "
  1436. "configuration";
  1437. else
  1438. errstr = "Password did not match HashedControlPassword value from "
  1439. "configuration. Maybe you tried a plain text password? "
  1440. "If so, the standard requires that you put it in double quotes.";
  1441. bad_password = 1;
  1442. if (!also_cookie)
  1443. goto err;
  1444. }
  1445. }
  1446. /** We only get here if both kinds of authentication failed. */
  1447. tor_assert(bad_password && bad_cookie);
  1448. log_warn(LD_CONTROL, "Bad password or authentication cookie on controller.");
  1449. errstr = "Password did not match HashedControlPassword *or* authentication "
  1450. "cookie.";
  1451. err:
  1452. tor_free(password);
  1453. connection_printf_to_buf(conn, "515 Authentication failed: %s\r\n", errstr);
  1454. connection_mark_for_close(TO_CONN(conn));
  1455. if (sl) { /* clean up */
  1456. SMARTLIST_FOREACH(sl, char *, str, tor_free(str));
  1457. smartlist_free(sl);
  1458. }
  1459. return 0;
  1460. ok:
  1461. log_info(LD_CONTROL, "Authenticated control connection ("TOR_SOCKET_T_FORMAT
  1462. ")", conn->base_.s);
  1463. send_control_done(conn);
  1464. conn->base_.state = CONTROL_CONN_STATE_OPEN;
  1465. tor_free(password);
  1466. if (sl) { /* clean up */
  1467. SMARTLIST_FOREACH(sl, char *, str, tor_free(str));
  1468. smartlist_free(sl);
  1469. }
  1470. return 0;
  1471. }
  1472. /** Called when we get a SAVECONF command. Try to flush the current options to
  1473. * disk, and report success or failure. */
  1474. static int
  1475. handle_control_saveconf(control_connection_t *conn, uint32_t len,
  1476. const char *body)
  1477. {
  1478. (void) len;
  1479. int force = !strcmpstart(body, "FORCE");
  1480. const or_options_t *options = get_options();
  1481. if ((!force && options->IncludeUsed) || options_save_current() < 0) {
  1482. connection_write_str_to_buf(
  1483. "551 Unable to write configuration to disk.\r\n", conn);
  1484. } else {
  1485. send_control_done(conn);
  1486. }
  1487. return 0;
  1488. }
  1489. struct signal_t {
  1490. int sig;
  1491. const char *signal_name;
  1492. };
  1493. static const struct signal_t signal_table[] = {
  1494. { SIGHUP, "RELOAD" },
  1495. { SIGHUP, "HUP" },
  1496. { SIGINT, "SHUTDOWN" },
  1497. { SIGUSR1, "DUMP" },
  1498. { SIGUSR1, "USR1" },
  1499. { SIGUSR2, "DEBUG" },
  1500. { SIGUSR2, "USR2" },
  1501. { SIGTERM, "HALT" },
  1502. { SIGTERM, "TERM" },
  1503. { SIGTERM, "INT" },
  1504. { SIGNEWNYM, "NEWNYM" },
  1505. { SIGCLEARDNSCACHE, "CLEARDNSCACHE"},
  1506. { SIGHEARTBEAT, "HEARTBEAT"},
  1507. { SIGACTIVE, "ACTIVE" },
  1508. { SIGDORMANT, "DORMANT" },
  1509. { 0, NULL },
  1510. };
  1511. /** Called when we get a SIGNAL command. React to the provided signal, and
  1512. * report success or failure. (If the signal results in a shutdown, success
  1513. * may not be reported.) */
  1514. static int
  1515. handle_control_signal(control_connection_t *conn, uint32_t len,
  1516. const char *body)
  1517. {
  1518. int sig = -1;
  1519. int i;
  1520. int n = 0;
  1521. char *s;
  1522. (void) len;
  1523. while (body[n] && ! TOR_ISSPACE(body[n]))
  1524. ++n;
  1525. s = tor_strndup(body, n);
  1526. for (i = 0; signal_table[i].signal_name != NULL; ++i) {
  1527. if (!strcasecmp(s, signal_table[i].signal_name)) {
  1528. sig = signal_table[i].sig;
  1529. break;
  1530. }
  1531. }
  1532. if (sig < 0)
  1533. connection_printf_to_buf(conn, "552 Unrecognized signal code \"%s\"\r\n",
  1534. s);
  1535. tor_free(s);
  1536. if (sig < 0)
  1537. return 0;
  1538. send_control_done(conn);
  1539. /* Flush the "done" first if the signal might make us shut down. */
  1540. if (sig == SIGTERM || sig == SIGINT)
  1541. connection_flush(TO_CONN(conn));
  1542. activate_signal(sig);
  1543. return 0;
  1544. }
  1545. /** Called when we get a TAKEOWNERSHIP command. Mark this connection
  1546. * as an owning connection, so that we will exit if the connection
  1547. * closes. */
  1548. static int
  1549. handle_control_takeownership(control_connection_t *conn, uint32_t len,
  1550. const char *body)
  1551. {
  1552. (void)len;
  1553. (void)body;
  1554. conn->is_owning_control_connection = 1;
  1555. log_info(LD_CONTROL, "Control connection %d has taken ownership of this "
  1556. "Tor instance.",
  1557. (int)(conn->base_.s));
  1558. send_control_done(conn);
  1559. return 0;
  1560. }
  1561. /** Called when we get a DROPOWNERSHIP command. Mark this connection
  1562. * as a non-owning connection, so that we will not exit if the connection
  1563. * closes. */
  1564. static int
  1565. handle_control_dropownership(control_connection_t *conn, uint32_t len,
  1566. const char *body)
  1567. {
  1568. (void)len;
  1569. (void)body;
  1570. conn->is_owning_control_connection = 0;
  1571. log_info(LD_CONTROL, "Control connection %d has dropped ownership of this "
  1572. "Tor instance.",
  1573. (int)(conn->base_.s));
  1574. send_control_done(conn);
  1575. return 0;
  1576. }
  1577. /** Return true iff <b>addr</b> is unusable as a mapaddress target because of
  1578. * containing funny characters. */
  1579. static int
  1580. address_is_invalid_mapaddress_target(const char *addr)
  1581. {
  1582. if (!strcmpstart(addr, "*."))
  1583. return address_is_invalid_destination(addr+2, 1);
  1584. else
  1585. return address_is_invalid_destination(addr, 1);
  1586. }
  1587. /** Called when we get a MAPADDRESS command; try to bind all listed addresses,
  1588. * and report success or failure. */
  1589. static int
  1590. handle_control_mapaddress(control_connection_t *conn, uint32_t len,
  1591. const char *body)
  1592. {
  1593. smartlist_t *elts;
  1594. smartlist_t *lines;
  1595. smartlist_t *reply;
  1596. char *r;
  1597. size_t sz;
  1598. (void) len; /* body is NUL-terminated, so it's safe to ignore the length. */
  1599. lines = smartlist_new();
  1600. elts = smartlist_new();
  1601. reply = smartlist_new();
  1602. smartlist_split_string(lines, body, " ",
  1603. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  1604. SMARTLIST_FOREACH_BEGIN(lines, char *, line) {
  1605. tor_strlower(line);
  1606. smartlist_split_string(elts, line, "=", 0, 2);
  1607. if (smartlist_len(elts) == 2) {
  1608. const char *from = smartlist_get(elts,0);
  1609. const char *to = smartlist_get(elts,1);
  1610. if (address_is_invalid_mapaddress_target(to)) {
  1611. smartlist_add_asprintf(reply,
  1612. "512-syntax error: invalid address '%s'", to);
  1613. log_warn(LD_CONTROL,
  1614. "Skipping invalid argument '%s' in MapAddress msg", to);
  1615. } else if (!strcmp(from, ".") || !strcmp(from, "0.0.0.0") ||
  1616. !strcmp(from, "::")) {
  1617. const char type =
  1618. !strcmp(from,".") ? RESOLVED_TYPE_HOSTNAME :
  1619. (!strcmp(from, "0.0.0.0") ? RESOLVED_TYPE_IPV4 : RESOLVED_TYPE_IPV6);
  1620. const char *address = addressmap_register_virtual_address(
  1621. type, tor_strdup(to));
  1622. if (!address) {
  1623. smartlist_add_asprintf(reply,
  1624. "451-resource exhausted: skipping '%s'", line);
  1625. log_warn(LD_CONTROL,
  1626. "Unable to allocate address for '%s' in MapAddress msg",
  1627. safe_str_client(line));
  1628. } else {
  1629. smartlist_add_asprintf(reply, "250-%s=%s", address, to);
  1630. }
  1631. } else {
  1632. const char *msg;
  1633. if (addressmap_register_auto(from, to, 1,
  1634. ADDRMAPSRC_CONTROLLER, &msg) < 0) {
  1635. smartlist_add_asprintf(reply,
  1636. "512-syntax error: invalid address mapping "
  1637. " '%s': %s", line, msg);
  1638. log_warn(LD_CONTROL,
  1639. "Skipping invalid argument '%s' in MapAddress msg: %s",
  1640. line, msg);
  1641. } else {
  1642. smartlist_add_asprintf(reply, "250-%s", line);
  1643. }
  1644. }
  1645. } else {
  1646. smartlist_add_asprintf(reply, "512-syntax error: mapping '%s' is "
  1647. "not of expected form 'foo=bar'.", line);
  1648. log_info(LD_CONTROL, "Skipping MapAddress '%s': wrong "
  1649. "number of items.",
  1650. safe_str_client(line));
  1651. }
  1652. SMARTLIST_FOREACH(elts, char *, cp, tor_free(cp));
  1653. smartlist_clear(elts);
  1654. } SMARTLIST_FOREACH_END(line);
  1655. SMARTLIST_FOREACH(lines, char *, cp, tor_free(cp));
  1656. smartlist_free(lines);
  1657. smartlist_free(elts);
  1658. if (smartlist_len(reply)) {
  1659. ((char*)smartlist_get(reply,smartlist_len(reply)-1))[3] = ' ';
  1660. r = smartlist_join_strings(reply, "\r\n", 1, &sz);
  1661. connection_buf_add(r, sz, TO_CONN(conn));
  1662. tor_free(r);
  1663. } else {
  1664. const char *response =
  1665. "512 syntax error: not enough arguments to mapaddress.\r\n";
  1666. connection_buf_add(response, strlen(response), TO_CONN(conn));
  1667. }
  1668. SMARTLIST_FOREACH(reply, char *, cp, tor_free(cp));
  1669. smartlist_free(reply);
  1670. return 0;
  1671. }
  1672. /** Implementation helper for GETINFO: knows the answers for various
  1673. * trivial-to-implement questions. */
  1674. static int
  1675. getinfo_helper_misc(control_connection_t *conn, const char *question,
  1676. char **answer, const char **errmsg)
  1677. {
  1678. (void) conn;
  1679. if (!strcmp(question, "version")) {
  1680. *answer = tor_strdup(get_version());
  1681. } else if (!strcmp(question, "bw-event-cache")) {
  1682. *answer = get_bw_samples();
  1683. } else if (!strcmp(question, "config-file")) {
  1684. const char *a = get_torrc_fname(0);
  1685. if (a)
  1686. *answer = tor_strdup(a);
  1687. } else if (!strcmp(question, "config-defaults-file")) {
  1688. const char *a = get_torrc_fname(1);
  1689. if (a)
  1690. *answer = tor_strdup(a);
  1691. } else if (!strcmp(question, "config-text")) {
  1692. *answer = options_dump(get_options(), OPTIONS_DUMP_MINIMAL);
  1693. } else if (!strcmp(question, "config-can-saveconf")) {
  1694. *answer = tor_strdup(get_options()->IncludeUsed ? "0" : "1");
  1695. } else if (!strcmp(question, "info/names")) {
  1696. *answer = list_getinfo_options();
  1697. } else if (!strcmp(question, "dormant")) {
  1698. int dormant = rep_hist_circbuilding_dormant(time(NULL));
  1699. *answer = tor_strdup(dormant ? "1" : "0");
  1700. } else if (!strcmp(question, "events/names")) {
  1701. int i;
  1702. smartlist_t *event_names = smartlist_new();
  1703. for (i = 0; control_event_table[i].event_name != NULL; ++i) {
  1704. smartlist_add(event_names, (char *)control_event_table[i].event_name);
  1705. }
  1706. *answer = smartlist_join_strings(event_names, " ", 0, NULL);
  1707. smartlist_free(event_names);
  1708. } else if (!strcmp(question, "signal/names")) {
  1709. smartlist_t *signal_names = smartlist_new();
  1710. int j;
  1711. for (j = 0; signal_table[j].signal_name != NULL; ++j) {
  1712. smartlist_add(signal_names, (char*)signal_table[j].signal_name);
  1713. }
  1714. *answer = smartlist_join_strings(signal_names, " ", 0, NULL);
  1715. smartlist_free(signal_names);
  1716. } else if (!strcmp(question, "features/names")) {
  1717. *answer = tor_strdup("VERBOSE_NAMES EXTENDED_EVENTS");
  1718. } else if (!strcmp(question, "address")) {
  1719. uint32_t addr;
  1720. if (router_pick_published_address(get_options(), &addr, 0) < 0) {
  1721. *errmsg = "Address unknown";
  1722. return -1;
  1723. }
  1724. *answer = tor_dup_ip(addr);
  1725. } else if (!strcmp(question, "traffic/read")) {
  1726. tor_asprintf(answer, "%"PRIu64, (get_bytes_read()));
  1727. } else if (!strcmp(question, "traffic/written")) {
  1728. tor_asprintf(answer, "%"PRIu64, (get_bytes_written()));
  1729. } else if (!strcmp(question, "uptime")) {
  1730. long uptime_secs = get_uptime();
  1731. tor_asprintf(answer, "%ld", uptime_secs);
  1732. } else if (!strcmp(question, "process/pid")) {
  1733. int myPid = -1;
  1734. #ifdef _WIN32
  1735. myPid = _getpid();
  1736. #else
  1737. myPid = getpid();
  1738. #endif
  1739. tor_asprintf(answer, "%d", myPid);
  1740. } else if (!strcmp(question, "process/uid")) {
  1741. #ifdef _WIN32
  1742. *answer = tor_strdup("-1");
  1743. #else
  1744. int myUid = geteuid();
  1745. tor_asprintf(answer, "%d", myUid);
  1746. #endif /* defined(_WIN32) */
  1747. } else if (!strcmp(question, "process/user")) {
  1748. #ifdef _WIN32
  1749. *answer = tor_strdup("");
  1750. #else
  1751. int myUid = geteuid();
  1752. const struct passwd *myPwEntry = tor_getpwuid(myUid);
  1753. if (myPwEntry) {
  1754. *answer = tor_strdup(myPwEntry->pw_name);
  1755. } else {
  1756. *answer = tor_strdup("");
  1757. }
  1758. #endif /* defined(_WIN32) */
  1759. } else if (!strcmp(question, "process/descriptor-limit")) {
  1760. int max_fds = get_max_sockets();
  1761. tor_asprintf(answer, "%d", max_fds);
  1762. } else if (!strcmp(question, "limits/max-mem-in-queues")) {
  1763. tor_asprintf(answer, "%"PRIu64,
  1764. (get_options()->MaxMemInQueues));
  1765. } else if (!strcmp(question, "fingerprint")) {
  1766. crypto_pk_t *server_key;
  1767. if (!server_mode(get_options())) {
  1768. *errmsg = "Not running in server mode";
  1769. return -1;
  1770. }
  1771. server_key = get_server_identity_key();
  1772. *answer = tor_malloc(HEX_DIGEST_LEN+1);
  1773. crypto_pk_get_fingerprint(server_key, *answer, 0);
  1774. }
  1775. return 0;
  1776. }
  1777. /** Awful hack: return a newly allocated string based on a routerinfo and
  1778. * (possibly) an extrainfo, sticking the read-history and write-history from
  1779. * <b>ei</b> into the resulting string. The thing you get back won't
  1780. * necessarily have a valid signature.
  1781. *
  1782. * New code should never use this; it's for backward compatibility.
  1783. *
  1784. * NOTE: <b>ri_body</b> is as returned by signed_descriptor_get_body: it might
  1785. * not be NUL-terminated. */
  1786. static char *
  1787. munge_extrainfo_into_routerinfo(const char *ri_body,
  1788. const signed_descriptor_t *ri,
  1789. const signed_descriptor_t *ei)
  1790. {
  1791. char *out = NULL, *outp;
  1792. int i;
  1793. const char *router_sig;
  1794. const char *ei_body = signed_descriptor_get_body(ei);
  1795. size_t ri_len = ri->signed_descriptor_len;
  1796. size_t ei_len = ei->signed_descriptor_len;
  1797. if (!ei_body)
  1798. goto bail;
  1799. outp = out = tor_malloc(ri_len+ei_len+1);
  1800. if (!(router_sig = tor_memstr(ri_body, ri_len, "\nrouter-signature")))
  1801. goto bail;
  1802. ++router_sig;
  1803. memcpy(out, ri_body, router_sig-ri_body);
  1804. outp += router_sig-ri_body;
  1805. for (i=0; i < 2; ++i) {
  1806. const char *kwd = i ? "\nwrite-history " : "\nread-history ";
  1807. const char *cp, *eol;
  1808. if (!(cp = tor_memstr(ei_body, ei_len, kwd)))
  1809. continue;
  1810. ++cp;
  1811. if (!(eol = memchr(cp, '\n', ei_len - (cp-ei_body))))
  1812. continue;
  1813. memcpy(outp, cp, eol-cp+1);
  1814. outp += eol-cp+1;
  1815. }
  1816. memcpy(outp, router_sig, ri_len - (router_sig-ri_body));
  1817. *outp++ = '\0';
  1818. tor_assert(outp-out < (int)(ri_len+ei_len+1));
  1819. return out;
  1820. bail:
  1821. tor_free(out);
  1822. return tor_strndup(ri_body, ri->signed_descriptor_len);
  1823. }
  1824. /** Implementation helper for GETINFO: answers requests for information about
  1825. * which ports are bound. */
  1826. static int
  1827. getinfo_helper_listeners(control_connection_t *control_conn,
  1828. const char *question,
  1829. char **answer, const char **errmsg)
  1830. {
  1831. int type;
  1832. smartlist_t *res;
  1833. (void)control_conn;
  1834. (void)errmsg;
  1835. if (!strcmp(question, "net/listeners/or"))
  1836. type = CONN_TYPE_OR_LISTENER;
  1837. else if (!strcmp(question, "net/listeners/extor"))
  1838. type = CONN_TYPE_EXT_OR_LISTENER;
  1839. else if (!strcmp(question, "net/listeners/dir"))
  1840. type = CONN_TYPE_DIR_LISTENER;
  1841. else if (!strcmp(question, "net/listeners/socks"))
  1842. type = CONN_TYPE_AP_LISTENER;
  1843. else if (!strcmp(question, "net/listeners/trans"))
  1844. type = CONN_TYPE_AP_TRANS_LISTENER;
  1845. else if (!strcmp(question, "net/listeners/natd"))
  1846. type = CONN_TYPE_AP_NATD_LISTENER;
  1847. else if (!strcmp(question, "net/listeners/httptunnel"))
  1848. type = CONN_TYPE_AP_HTTP_CONNECT_LISTENER;
  1849. else if (!strcmp(question, "net/listeners/dns"))
  1850. type = CONN_TYPE_AP_DNS_LISTENER;
  1851. else if (!strcmp(question, "net/listeners/control"))
  1852. type = CONN_TYPE_CONTROL_LISTENER;
  1853. else
  1854. return 0; /* unknown key */
  1855. res = smartlist_new();
  1856. SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
  1857. struct sockaddr_storage ss;
  1858. socklen_t ss_len = sizeof(ss);
  1859. if (conn->type != type || conn->marked_for_close || !SOCKET_OK(conn->s))
  1860. continue;
  1861. if (getsockname(conn->s, (struct sockaddr *)&ss, &ss_len) < 0) {
  1862. smartlist_add_asprintf(res, "%s:%d", conn->address, (int)conn->port);
  1863. } else {
  1864. char *tmp = tor_sockaddr_to_str((struct sockaddr *)&ss);
  1865. smartlist_add(res, esc_for_log(tmp));
  1866. tor_free(tmp);
  1867. }
  1868. } SMARTLIST_FOREACH_END(conn);
  1869. *answer = smartlist_join_strings(res, " ", 0, NULL);
  1870. SMARTLIST_FOREACH(res, char *, cp, tor_free(cp));
  1871. smartlist_free(res);
  1872. return 0;
  1873. }
  1874. /** Implementation helper for GETINFO: answers requests for information about
  1875. * the current time in both local and UTC forms. */
  1876. STATIC int
  1877. getinfo_helper_current_time(control_connection_t *control_conn,
  1878. const char *question,
  1879. char **answer, const char **errmsg)
  1880. {
  1881. (void)control_conn;
  1882. (void)errmsg;
  1883. struct timeval now;
  1884. tor_gettimeofday(&now);
  1885. char timebuf[ISO_TIME_LEN+1];
  1886. if (!strcmp(question, "current-time/local"))
  1887. format_local_iso_time_nospace(timebuf, (time_t)now.tv_sec);
  1888. else if (!strcmp(question, "current-time/utc"))
  1889. format_iso_time_nospace(timebuf, (time_t)now.tv_sec);
  1890. else
  1891. return 0;
  1892. *answer = tor_strdup(timebuf);
  1893. return 0;
  1894. }
  1895. /** Implementation helper for GETINFO: knows the answers for questions about
  1896. * directory information. */
  1897. STATIC int
  1898. getinfo_helper_dir(control_connection_t *control_conn,
  1899. const char *question, char **answer,
  1900. const char **errmsg)
  1901. {
  1902. (void) control_conn;
  1903. if (!strcmpstart(question, "desc/id/")) {
  1904. const routerinfo_t *ri = NULL;
  1905. const node_t *node = node_get_by_hex_id(question+strlen("desc/id/"), 0);
  1906. if (node)
  1907. ri = node->ri;
  1908. if (ri) {
  1909. const char *body = signed_descriptor_get_body(&ri->cache_info);
  1910. if (body)
  1911. *answer = tor_strndup(body, ri->cache_info.signed_descriptor_len);
  1912. } else if (! we_fetch_router_descriptors(get_options())) {
  1913. /* Descriptors won't be available, provide proper error */
  1914. *errmsg = "We fetch microdescriptors, not router "
  1915. "descriptors. You'll need to use md/id/* "
  1916. "instead of desc/id/*.";
  1917. return 0;
  1918. }
  1919. } else if (!strcmpstart(question, "desc/name/")) {
  1920. const routerinfo_t *ri = NULL;
  1921. /* XXX Setting 'warn_if_unnamed' here is a bit silly -- the
  1922. * warning goes to the user, not to the controller. */
  1923. const node_t *node =
  1924. node_get_by_nickname(question+strlen("desc/name/"), 0);
  1925. if (node)
  1926. ri = node->ri;
  1927. if (ri) {
  1928. const char *body = signed_descriptor_get_body(&ri->cache_info);
  1929. if (body)
  1930. *answer = tor_strndup(body, ri->cache_info.signed_descriptor_len);
  1931. } else if (! we_fetch_router_descriptors(get_options())) {
  1932. /* Descriptors won't be available, provide proper error */
  1933. *errmsg = "We fetch microdescriptors, not router "
  1934. "descriptors. You'll need to use md/name/* "
  1935. "instead of desc/name/*.";
  1936. return 0;
  1937. }
  1938. } else if (!strcmp(question, "desc/download-enabled")) {
  1939. int r = we_fetch_router_descriptors(get_options());
  1940. tor_asprintf(answer, "%d", !!r);
  1941. } else if (!strcmp(question, "desc/all-recent")) {
  1942. routerlist_t *routerlist = router_get_routerlist();
  1943. smartlist_t *sl = smartlist_new();
  1944. if (routerlist && routerlist->routers) {
  1945. SMARTLIST_FOREACH(routerlist->routers, const routerinfo_t *, ri,
  1946. {
  1947. const char *body = signed_descriptor_get_body(&ri->cache_info);
  1948. if (body)
  1949. smartlist_add(sl,
  1950. tor_strndup(body, ri->cache_info.signed_descriptor_len));
  1951. });
  1952. }
  1953. *answer = smartlist_join_strings(sl, "", 0, NULL);
  1954. SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
  1955. smartlist_free(sl);
  1956. } else if (!strcmp(question, "desc/all-recent-extrainfo-hack")) {
  1957. /* XXXX Remove this once Torstat asks for extrainfos. */
  1958. routerlist_t *routerlist = router_get_routerlist();
  1959. smartlist_t *sl = smartlist_new();
  1960. if (routerlist && routerlist->routers) {
  1961. SMARTLIST_FOREACH_BEGIN(routerlist->routers, const routerinfo_t *, ri) {
  1962. const char *body = signed_descriptor_get_body(&ri->cache_info);
  1963. signed_descriptor_t *ei = extrainfo_get_by_descriptor_digest(
  1964. ri->cache_info.extra_info_digest);
  1965. if (ei && body) {
  1966. smartlist_add(sl, munge_extrainfo_into_routerinfo(body,
  1967. &ri->cache_info, ei));
  1968. } else if (body) {
  1969. smartlist_add(sl,
  1970. tor_strndup(body, ri->cache_info.signed_descriptor_len));
  1971. }
  1972. } SMARTLIST_FOREACH_END(ri);
  1973. }
  1974. *answer = smartlist_join_strings(sl, "", 0, NULL);
  1975. SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
  1976. smartlist_free(sl);
  1977. } else if (!strcmpstart(question, "hs/client/desc/id/")) {
  1978. hostname_type_t addr_type;
  1979. question += strlen("hs/client/desc/id/");
  1980. if (rend_valid_v2_service_id(question)) {
  1981. addr_type = ONION_V2_HOSTNAME;
  1982. } else if (hs_address_is_valid(question)) {
  1983. addr_type = ONION_V3_HOSTNAME;
  1984. } else {
  1985. *errmsg = "Invalid address";
  1986. return -1;
  1987. }
  1988. if (addr_type == ONION_V2_HOSTNAME) {
  1989. rend_cache_entry_t *e = NULL;
  1990. if (!rend_cache_lookup_entry(question, -1, &e)) {
  1991. /* Descriptor found in cache */
  1992. *answer = tor_strdup(e->desc);
  1993. } else {
  1994. *errmsg = "Not found in cache";
  1995. return -1;
  1996. }
  1997. } else {
  1998. ed25519_public_key_t service_pk;
  1999. const char *desc;
  2000. /* The check before this if/else makes sure of this. */
  2001. tor_assert(addr_type == ONION_V3_HOSTNAME);
  2002. if (hs_parse_address(question, &service_pk, NULL, NULL) < 0) {
  2003. *errmsg = "Invalid v3 address";
  2004. return -1;
  2005. }
  2006. desc = hs_cache_lookup_encoded_as_client(&service_pk);
  2007. if (desc) {
  2008. *answer = tor_strdup(desc);
  2009. } else {
  2010. *errmsg = "Not found in cache";
  2011. return -1;
  2012. }
  2013. }
  2014. } else if (!strcmpstart(question, "hs/service/desc/id/")) {
  2015. hostname_type_t addr_type;
  2016. question += strlen("hs/service/desc/id/");
  2017. if (rend_valid_v2_service_id(question)) {
  2018. addr_type = ONION_V2_HOSTNAME;
  2019. } else if (hs_address_is_valid(question)) {
  2020. addr_type = ONION_V3_HOSTNAME;
  2021. } else {
  2022. *errmsg = "Invalid address";
  2023. return -1;
  2024. }
  2025. rend_cache_entry_t *e = NULL;
  2026. if (addr_type == ONION_V2_HOSTNAME) {
  2027. if (!rend_cache_lookup_v2_desc_as_service(question, &e)) {
  2028. /* Descriptor found in cache */
  2029. *answer = tor_strdup(e->desc);
  2030. } else {
  2031. *errmsg = "Not found in cache";
  2032. return -1;
  2033. }
  2034. } else {
  2035. ed25519_public_key_t service_pk;
  2036. char *desc;
  2037. /* The check before this if/else makes sure of this. */
  2038. tor_assert(addr_type == ONION_V3_HOSTNAME);
  2039. if (hs_parse_address(question, &service_pk, NULL, NULL) < 0) {
  2040. *errmsg = "Invalid v3 address";
  2041. return -1;
  2042. }
  2043. desc = hs_service_lookup_current_desc(&service_pk);
  2044. if (desc) {
  2045. /* Newly allocated string, we have ownership. */
  2046. *answer = desc;
  2047. } else {
  2048. *errmsg = "Not found in cache";
  2049. return -1;
  2050. }
  2051. }
  2052. } else if (!strcmp(question, "md/all")) {
  2053. const smartlist_t *nodes = nodelist_get_list();
  2054. tor_assert(nodes);
  2055. if (smartlist_len(nodes) == 0) {
  2056. *answer = tor_strdup("");
  2057. return 0;
  2058. }
  2059. smartlist_t *microdescs = smartlist_new();
  2060. SMARTLIST_FOREACH_BEGIN(nodes, node_t *, n) {
  2061. if (n->md && n->md->body) {
  2062. char *copy = tor_strndup(n->md->body, n->md->bodylen);
  2063. smartlist_add(microdescs, copy);
  2064. }
  2065. } SMARTLIST_FOREACH_END(n);
  2066. *answer = smartlist_join_strings(microdescs, "", 0, NULL);
  2067. SMARTLIST_FOREACH(microdescs, char *, md, tor_free(md));
  2068. smartlist_free(microdescs);
  2069. } else if (!strcmpstart(question, "md/id/")) {
  2070. const node_t *node = node_get_by_hex_id(question+strlen("md/id/"), 0);
  2071. const microdesc_t *md = NULL;
  2072. if (node) md = node->md;
  2073. if (md && md->body) {
  2074. *answer = tor_strndup(md->body, md->bodylen);
  2075. }
  2076. } else if (!strcmpstart(question, "md/name/")) {
  2077. /* XXX Setting 'warn_if_unnamed' here is a bit silly -- the
  2078. * warning goes to the user, not to the controller. */
  2079. const node_t *node = node_get_by_nickname(question+strlen("md/name/"), 0);
  2080. /* XXXX duplicated code */
  2081. const microdesc_t *md = NULL;
  2082. if (node) md = node->md;
  2083. if (md && md->body) {
  2084. *answer = tor_strndup(md->body, md->bodylen);
  2085. }
  2086. } else if (!strcmp(question, "md/download-enabled")) {
  2087. int r = we_fetch_microdescriptors(get_options());
  2088. tor_asprintf(answer, "%d", !!r);
  2089. } else if (!strcmpstart(question, "desc-annotations/id/")) {
  2090. const routerinfo_t *ri = NULL;
  2091. const node_t *node =
  2092. node_get_by_hex_id(question+strlen("desc-annotations/id/"), 0);
  2093. if (node)
  2094. ri = node->ri;
  2095. if (ri) {
  2096. const char *annotations =
  2097. signed_descriptor_get_annotations(&ri->cache_info);
  2098. if (annotations)
  2099. *answer = tor_strndup(annotations,
  2100. ri->cache_info.annotations_len);
  2101. }
  2102. } else if (!strcmpstart(question, "dir/server/")) {
  2103. size_t answer_len = 0;
  2104. char *url = NULL;
  2105. smartlist_t *descs = smartlist_new();
  2106. const char *msg;
  2107. int res;
  2108. char *cp;
  2109. tor_asprintf(&url, "/tor/%s", question+4);
  2110. res = dirserv_get_routerdescs(descs, url, &msg);
  2111. if (res) {
  2112. log_warn(LD_CONTROL, "getinfo '%s': %s", question, msg);
  2113. smartlist_free(descs);
  2114. tor_free(url);
  2115. *errmsg = msg;
  2116. return -1;
  2117. }
  2118. SMARTLIST_FOREACH(descs, signed_descriptor_t *, sd,
  2119. answer_len += sd->signed_descriptor_len);
  2120. cp = *answer = tor_malloc(answer_len+1);
  2121. SMARTLIST_FOREACH(descs, signed_descriptor_t *, sd,
  2122. {
  2123. memcpy(cp, signed_descriptor_get_body(sd),
  2124. sd->signed_descriptor_len);
  2125. cp += sd->signed_descriptor_len;
  2126. });
  2127. *cp = '\0';
  2128. tor_free(url);
  2129. smartlist_free(descs);
  2130. } else if (!strcmpstart(question, "dir/status/")) {
  2131. *answer = tor_strdup("");
  2132. } else if (!strcmp(question, "dir/status-vote/current/consensus")) { /* v3 */
  2133. if (we_want_to_fetch_flavor(get_options(), FLAV_NS)) {
  2134. const cached_dir_t *consensus = dirserv_get_consensus("ns");
  2135. if (consensus)
  2136. *answer = tor_strdup(consensus->dir);
  2137. }
  2138. if (!*answer) { /* try loading it from disk */
  2139. tor_mmap_t *mapped = networkstatus_map_cached_consensus("ns");
  2140. if (mapped) {
  2141. *answer = tor_memdup_nulterm(mapped->data, mapped->size);
  2142. tor_munmap_file(mapped);
  2143. }
  2144. if (!*answer) { /* generate an error */
  2145. *errmsg = "Could not open cached consensus. "
  2146. "Make sure FetchUselessDescriptors is set to 1.";
  2147. return -1;
  2148. }
  2149. }
  2150. } else if (!strcmp(question, "network-status")) { /* v1 */
  2151. static int network_status_warned = 0;
  2152. if (!network_status_warned) {
  2153. log_warn(LD_CONTROL, "GETINFO network-status is deprecated; it will "
  2154. "go away in a future version of Tor.");
  2155. network_status_warned = 1;
  2156. }
  2157. routerlist_t *routerlist = router_get_routerlist();
  2158. if (!routerlist || !routerlist->routers ||
  2159. list_server_status_v1(routerlist->routers, answer, 1) < 0) {
  2160. return -1;
  2161. }
  2162. } else if (!strcmpstart(question, "extra-info/digest/")) {
  2163. question += strlen("extra-info/digest/");
  2164. if (strlen(question) == HEX_DIGEST_LEN) {
  2165. char d[DIGEST_LEN];
  2166. signed_descriptor_t *sd = NULL;
  2167. if (base16_decode(d, sizeof(d), question, strlen(question))
  2168. == sizeof(d)) {
  2169. /* XXXX this test should move into extrainfo_get_by_descriptor_digest,
  2170. * but I don't want to risk affecting other parts of the code,
  2171. * especially since the rules for using our own extrainfo (including
  2172. * when it might be freed) are different from those for using one
  2173. * we have downloaded. */
  2174. if (router_extrainfo_digest_is_me(d))
  2175. sd = &(router_get_my_extrainfo()->cache_info);
  2176. else
  2177. sd = extrainfo_get_by_descriptor_digest(d);
  2178. }
  2179. if (sd) {
  2180. const char *body = signed_descriptor_get_body(sd);
  2181. if (body)
  2182. *answer = tor_strndup(body, sd->signed_descriptor_len);
  2183. }
  2184. }
  2185. }
  2186. return 0;
  2187. }
  2188. /** Given a smartlist of 20-byte digests, return a newly allocated string
  2189. * containing each of those digests in order, formatted in HEX, and terminated
  2190. * with a newline. */
  2191. static char *
  2192. digest_list_to_string(const smartlist_t *sl)
  2193. {
  2194. int len;
  2195. char *result, *s;
  2196. /* Allow for newlines, and a \0 at the end */
  2197. len = smartlist_len(sl) * (HEX_DIGEST_LEN + 1) + 1;
  2198. result = tor_malloc_zero(len);
  2199. s = result;
  2200. SMARTLIST_FOREACH_BEGIN(sl, const char *, digest) {
  2201. base16_encode(s, HEX_DIGEST_LEN + 1, digest, DIGEST_LEN);
  2202. s[HEX_DIGEST_LEN] = '\n';
  2203. s += HEX_DIGEST_LEN + 1;
  2204. } SMARTLIST_FOREACH_END(digest);
  2205. *s = '\0';
  2206. return result;
  2207. }
  2208. /** Turn a download_status_t into a human-readable description in a newly
  2209. * allocated string. The format is specified in control-spec.txt, under
  2210. * the documentation for "GETINFO download/..." . */
  2211. static char *
  2212. download_status_to_string(const download_status_t *dl)
  2213. {
  2214. char *rv = NULL;
  2215. char tbuf[ISO_TIME_LEN+1];
  2216. const char *schedule_str, *want_authority_str;
  2217. const char *increment_on_str, *backoff_str;
  2218. if (dl) {
  2219. /* Get some substrings of the eventual output ready */
  2220. format_iso_time(tbuf, download_status_get_next_attempt_at(dl));
  2221. switch (dl->schedule) {
  2222. case DL_SCHED_GENERIC:
  2223. schedule_str = "DL_SCHED_GENERIC";
  2224. break;
  2225. case DL_SCHED_CONSENSUS:
  2226. schedule_str = "DL_SCHED_CONSENSUS";
  2227. break;
  2228. case DL_SCHED_BRIDGE:
  2229. schedule_str = "DL_SCHED_BRIDGE";
  2230. break;
  2231. default:
  2232. schedule_str = "unknown";
  2233. break;
  2234. }
  2235. switch (dl->want_authority) {
  2236. case DL_WANT_ANY_DIRSERVER:
  2237. want_authority_str = "DL_WANT_ANY_DIRSERVER";
  2238. break;
  2239. case DL_WANT_AUTHORITY:
  2240. want_authority_str = "DL_WANT_AUTHORITY";
  2241. break;
  2242. default:
  2243. want_authority_str = "unknown";
  2244. break;
  2245. }
  2246. switch (dl->increment_on) {
  2247. case DL_SCHED_INCREMENT_FAILURE:
  2248. increment_on_str = "DL_SCHED_INCREMENT_FAILURE";
  2249. break;
  2250. case DL_SCHED_INCREMENT_ATTEMPT:
  2251. increment_on_str = "DL_SCHED_INCREMENT_ATTEMPT";
  2252. break;
  2253. default:
  2254. increment_on_str = "unknown";
  2255. break;
  2256. }
  2257. backoff_str = "DL_SCHED_RANDOM_EXPONENTIAL";
  2258. /* Now assemble them */
  2259. tor_asprintf(&rv,
  2260. "next-attempt-at %s\n"
  2261. "n-download-failures %u\n"
  2262. "n-download-attempts %u\n"
  2263. "schedule %s\n"
  2264. "want-authority %s\n"
  2265. "increment-on %s\n"
  2266. "backoff %s\n"
  2267. "last-backoff-position %u\n"
  2268. "last-delay-used %d\n",
  2269. tbuf,
  2270. dl->n_download_failures,
  2271. dl->n_download_attempts,
  2272. schedule_str,
  2273. want_authority_str,
  2274. increment_on_str,
  2275. backoff_str,
  2276. dl->last_backoff_position,
  2277. dl->last_delay_used);
  2278. }
  2279. return rv;
  2280. }
  2281. /** Handle the consensus download cases for getinfo_helper_downloads() */
  2282. STATIC void
  2283. getinfo_helper_downloads_networkstatus(const char *flavor,
  2284. download_status_t **dl_to_emit,
  2285. const char **errmsg)
  2286. {
  2287. /*
  2288. * We get the one for the current bootstrapped status by default, or
  2289. * take an extra /bootstrap or /running suffix
  2290. */
  2291. if (strcmp(flavor, "ns") == 0) {
  2292. *dl_to_emit = networkstatus_get_dl_status_by_flavor(FLAV_NS);
  2293. } else if (strcmp(flavor, "ns/bootstrap") == 0) {
  2294. *dl_to_emit = networkstatus_get_dl_status_by_flavor_bootstrap(FLAV_NS);
  2295. } else if (strcmp(flavor, "ns/running") == 0 ) {
  2296. *dl_to_emit = networkstatus_get_dl_status_by_flavor_running(FLAV_NS);
  2297. } else if (strcmp(flavor, "microdesc") == 0) {
  2298. *dl_to_emit = networkstatus_get_dl_status_by_flavor(FLAV_MICRODESC);
  2299. } else if (strcmp(flavor, "microdesc/bootstrap") == 0) {
  2300. *dl_to_emit =
  2301. networkstatus_get_dl_status_by_flavor_bootstrap(FLAV_MICRODESC);
  2302. } else if (strcmp(flavor, "microdesc/running") == 0) {
  2303. *dl_to_emit =
  2304. networkstatus_get_dl_status_by_flavor_running(FLAV_MICRODESC);
  2305. } else {
  2306. *errmsg = "Unknown flavor";
  2307. }
  2308. }
  2309. /** Handle the cert download cases for getinfo_helper_downloads() */
  2310. STATIC void
  2311. getinfo_helper_downloads_cert(const char *fp_sk_req,
  2312. download_status_t **dl_to_emit,
  2313. smartlist_t **digest_list,
  2314. const char **errmsg)
  2315. {
  2316. const char *sk_req;
  2317. char id_digest[DIGEST_LEN];
  2318. char sk_digest[DIGEST_LEN];
  2319. /*
  2320. * We have to handle four cases; fp_sk_req is the request with
  2321. * a prefix of "downloads/cert/" snipped off.
  2322. *
  2323. * Case 1: fp_sk_req = "fps"
  2324. * - We should emit a digest_list with a list of all the identity
  2325. * fingerprints that can be queried for certificate download status;
  2326. * get it by calling list_authority_ids_with_downloads().
  2327. *
  2328. * Case 2: fp_sk_req = "fp/<fp>" for some fingerprint fp
  2329. * - We want the default certificate for this identity fingerprint's
  2330. * download status; this is the download we get from URLs starting
  2331. * in /fp/ on the directory server. We can get it with
  2332. * id_only_download_status_for_authority_id().
  2333. *
  2334. * Case 3: fp_sk_req = "fp/<fp>/sks" for some fingerprint fp
  2335. * - We want a list of all signing key digests for this identity
  2336. * fingerprint which can be queried for certificate download status.
  2337. * Get it with list_sk_digests_for_authority_id().
  2338. *
  2339. * Case 4: fp_sk_req = "fp/<fp>/<sk>" for some fingerprint fp and
  2340. * signing key digest sk
  2341. * - We want the download status for the certificate for this specific
  2342. * signing key and fingerprint. These correspond to the ones we get
  2343. * from URLs starting in /fp-sk/ on the directory server. Get it with
  2344. * list_sk_digests_for_authority_id().
  2345. */
  2346. if (strcmp(fp_sk_req, "fps") == 0) {
  2347. *digest_list = list_authority_ids_with_downloads();
  2348. if (!(*digest_list)) {
  2349. *errmsg = "Failed to get list of authority identity digests (!)";
  2350. }
  2351. } else if (!strcmpstart(fp_sk_req, "fp/")) {
  2352. fp_sk_req += strlen("fp/");
  2353. /* Okay, look for another / to tell the fp from fp-sk cases */
  2354. sk_req = strchr(fp_sk_req, '/');
  2355. if (sk_req) {
  2356. /* okay, split it here and try to parse <fp> */
  2357. if (base16_decode(id_digest, DIGEST_LEN,
  2358. fp_sk_req, sk_req - fp_sk_req) == DIGEST_LEN) {
  2359. /* Skip past the '/' */
  2360. ++sk_req;
  2361. if (strcmp(sk_req, "sks") == 0) {
  2362. /* We're asking for the list of signing key fingerprints */
  2363. *digest_list = list_sk_digests_for_authority_id(id_digest);
  2364. if (!(*digest_list)) {
  2365. *errmsg = "Failed to get list of signing key digests for this "
  2366. "authority identity digest";
  2367. }
  2368. } else {
  2369. /* We've got a signing key digest */
  2370. if (base16_decode(sk_digest, DIGEST_LEN,
  2371. sk_req, strlen(sk_req)) == DIGEST_LEN) {
  2372. *dl_to_emit =
  2373. download_status_for_authority_id_and_sk(id_digest, sk_digest);
  2374. if (!(*dl_to_emit)) {
  2375. *errmsg = "Failed to get download status for this identity/"
  2376. "signing key digest pair";
  2377. }
  2378. } else {
  2379. *errmsg = "That didn't look like a signing key digest";
  2380. }
  2381. }
  2382. } else {
  2383. *errmsg = "That didn't look like an identity digest";
  2384. }
  2385. } else {
  2386. /* We're either in downloads/certs/fp/<fp>, or we can't parse <fp> */
  2387. if (strlen(fp_sk_req) == HEX_DIGEST_LEN) {
  2388. if (base16_decode(id_digest, DIGEST_LEN,
  2389. fp_sk_req, strlen(fp_sk_req)) == DIGEST_LEN) {
  2390. *dl_to_emit = id_only_download_status_for_authority_id(id_digest);
  2391. if (!(*dl_to_emit)) {
  2392. *errmsg = "Failed to get download status for this authority "
  2393. "identity digest";
  2394. }
  2395. } else {
  2396. *errmsg = "That didn't look like a digest";
  2397. }
  2398. } else {
  2399. *errmsg = "That didn't look like a digest";
  2400. }
  2401. }
  2402. } else {
  2403. *errmsg = "Unknown certificate download status query";
  2404. }
  2405. }
  2406. /** Handle the routerdesc download cases for getinfo_helper_downloads() */
  2407. STATIC void
  2408. getinfo_helper_downloads_desc(const char *desc_req,
  2409. download_status_t **dl_to_emit,
  2410. smartlist_t **digest_list,
  2411. const char **errmsg)
  2412. {
  2413. char desc_digest[DIGEST_LEN];
  2414. /*
  2415. * Two cases to handle here:
  2416. *
  2417. * Case 1: desc_req = "descs"
  2418. * - Emit a list of all router descriptor digests, which we get by
  2419. * calling router_get_descriptor_digests(); this can return NULL
  2420. * if we have no current ns-flavor consensus.
  2421. *
  2422. * Case 2: desc_req = <fp>
  2423. * - Check on the specified fingerprint and emit its download_status_t
  2424. * using router_get_dl_status_by_descriptor_digest().
  2425. */
  2426. if (strcmp(desc_req, "descs") == 0) {
  2427. *digest_list = router_get_descriptor_digests();
  2428. if (!(*digest_list)) {
  2429. *errmsg = "We don't seem to have a networkstatus-flavored consensus";
  2430. }
  2431. /*
  2432. * Microdescs don't use the download_status_t mechanism, so we don't
  2433. * answer queries about their downloads here; see microdesc.c.
  2434. */
  2435. } else if (strlen(desc_req) == HEX_DIGEST_LEN) {
  2436. if (base16_decode(desc_digest, DIGEST_LEN,
  2437. desc_req, strlen(desc_req)) == DIGEST_LEN) {
  2438. /* Okay we got a digest-shaped thing; try asking for it */
  2439. *dl_to_emit = router_get_dl_status_by_descriptor_digest(desc_digest);
  2440. if (!(*dl_to_emit)) {
  2441. *errmsg = "No such descriptor digest found";
  2442. }
  2443. } else {
  2444. *errmsg = "That didn't look like a digest";
  2445. }
  2446. } else {
  2447. *errmsg = "Unknown router descriptor download status query";
  2448. }
  2449. }
  2450. /** Handle the bridge download cases for getinfo_helper_downloads() */
  2451. STATIC void
  2452. getinfo_helper_downloads_bridge(const char *bridge_req,
  2453. download_status_t **dl_to_emit,
  2454. smartlist_t **digest_list,
  2455. const char **errmsg)
  2456. {
  2457. char bridge_digest[DIGEST_LEN];
  2458. /*
  2459. * Two cases to handle here:
  2460. *
  2461. * Case 1: bridge_req = "bridges"
  2462. * - Emit a list of all bridge identity digests, which we get by
  2463. * calling list_bridge_identities(); this can return NULL if we are
  2464. * not using bridges.
  2465. *
  2466. * Case 2: bridge_req = <fp>
  2467. * - Check on the specified fingerprint and emit its download_status_t
  2468. * using get_bridge_dl_status_by_id().
  2469. */
  2470. if (strcmp(bridge_req, "bridges") == 0) {
  2471. *digest_list = list_bridge_identities();
  2472. if (!(*digest_list)) {
  2473. *errmsg = "We don't seem to be using bridges";
  2474. }
  2475. } else if (strlen(bridge_req) == HEX_DIGEST_LEN) {
  2476. if (base16_decode(bridge_digest, DIGEST_LEN,
  2477. bridge_req, strlen(bridge_req)) == DIGEST_LEN) {
  2478. /* Okay we got a digest-shaped thing; try asking for it */
  2479. *dl_to_emit = get_bridge_dl_status_by_id(bridge_digest);
  2480. if (!(*dl_to_emit)) {
  2481. *errmsg = "No such bridge identity digest found";
  2482. }
  2483. } else {
  2484. *errmsg = "That didn't look like a digest";
  2485. }
  2486. } else {
  2487. *errmsg = "Unknown bridge descriptor download status query";
  2488. }
  2489. }
  2490. /** Implementation helper for GETINFO: knows the answers for questions about
  2491. * download status information. */
  2492. STATIC int
  2493. getinfo_helper_downloads(control_connection_t *control_conn,
  2494. const char *question, char **answer,
  2495. const char **errmsg)
  2496. {
  2497. download_status_t *dl_to_emit = NULL;
  2498. smartlist_t *digest_list = NULL;
  2499. /* Assert args are sane */
  2500. tor_assert(control_conn != NULL);
  2501. tor_assert(question != NULL);
  2502. tor_assert(answer != NULL);
  2503. tor_assert(errmsg != NULL);
  2504. /* We check for this later to see if we should supply a default */
  2505. *errmsg = NULL;
  2506. /* Are we after networkstatus downloads? */
  2507. if (!strcmpstart(question, "downloads/networkstatus/")) {
  2508. getinfo_helper_downloads_networkstatus(
  2509. question + strlen("downloads/networkstatus/"),
  2510. &dl_to_emit, errmsg);
  2511. /* Certificates? */
  2512. } else if (!strcmpstart(question, "downloads/cert/")) {
  2513. getinfo_helper_downloads_cert(
  2514. question + strlen("downloads/cert/"),
  2515. &dl_to_emit, &digest_list, errmsg);
  2516. /* Router descriptors? */
  2517. } else if (!strcmpstart(question, "downloads/desc/")) {
  2518. getinfo_helper_downloads_desc(
  2519. question + strlen("downloads/desc/"),
  2520. &dl_to_emit, &digest_list, errmsg);
  2521. /* Bridge descriptors? */
  2522. } else if (!strcmpstart(question, "downloads/bridge/")) {
  2523. getinfo_helper_downloads_bridge(
  2524. question + strlen("downloads/bridge/"),
  2525. &dl_to_emit, &digest_list, errmsg);
  2526. } else {
  2527. *errmsg = "Unknown download status query";
  2528. }
  2529. if (dl_to_emit) {
  2530. *answer = download_status_to_string(dl_to_emit);
  2531. return 0;
  2532. } else if (digest_list) {
  2533. *answer = digest_list_to_string(digest_list);
  2534. SMARTLIST_FOREACH(digest_list, void *, s, tor_free(s));
  2535. smartlist_free(digest_list);
  2536. return 0;
  2537. } else {
  2538. if (!(*errmsg)) {
  2539. *errmsg = "Unknown error";
  2540. }
  2541. return -1;
  2542. }
  2543. }
  2544. /** Allocate and return a description of <b>circ</b>'s current status,
  2545. * including its path (if any). */
  2546. static char *
  2547. circuit_describe_status_for_controller(origin_circuit_t *circ)
  2548. {
  2549. char *rv;
  2550. smartlist_t *descparts = smartlist_new();
  2551. {
  2552. char *vpath = circuit_list_path_for_controller(circ);
  2553. if (*vpath) {
  2554. smartlist_add(descparts, vpath);
  2555. } else {
  2556. tor_free(vpath); /* empty path; don't put an extra space in the result */
  2557. }
  2558. }
  2559. {
  2560. cpath_build_state_t *build_state = circ->build_state;
  2561. smartlist_t *flaglist = smartlist_new();
  2562. char *flaglist_joined;
  2563. if (build_state->onehop_tunnel)
  2564. smartlist_add(flaglist, (void *)"ONEHOP_TUNNEL");
  2565. if (build_state->is_internal)
  2566. smartlist_add(flaglist, (void *)"IS_INTERNAL");
  2567. if (build_state->need_capacity)
  2568. smartlist_add(flaglist, (void *)"NEED_CAPACITY");
  2569. if (build_state->need_uptime)
  2570. smartlist_add(flaglist, (void *)"NEED_UPTIME");
  2571. /* Only emit a BUILD_FLAGS argument if it will have a non-empty value. */
  2572. if (smartlist_len(flaglist)) {
  2573. flaglist_joined = smartlist_join_strings(flaglist, ",", 0, NULL);
  2574. smartlist_add_asprintf(descparts, "BUILD_FLAGS=%s", flaglist_joined);
  2575. tor_free(flaglist_joined);
  2576. }
  2577. smartlist_free(flaglist);
  2578. }
  2579. smartlist_add_asprintf(descparts, "PURPOSE=%s",
  2580. circuit_purpose_to_controller_string(circ->base_.purpose));
  2581. {
  2582. const char *hs_state =
  2583. circuit_purpose_to_controller_hs_state_string(circ->base_.purpose);
  2584. if (hs_state != NULL) {
  2585. smartlist_add_asprintf(descparts, "HS_STATE=%s", hs_state);
  2586. }
  2587. }
  2588. if (circ->rend_data != NULL || circ->hs_ident != NULL) {
  2589. char addr[HS_SERVICE_ADDR_LEN_BASE32 + 1];
  2590. const char *onion_address;
  2591. if (circ->rend_data) {
  2592. onion_address = rend_data_get_address(circ->rend_data);
  2593. } else {
  2594. hs_build_address(&circ->hs_ident->identity_pk, HS_VERSION_THREE, addr);
  2595. onion_address = addr;
  2596. }
  2597. smartlist_add_asprintf(descparts, "REND_QUERY=%s", onion_address);
  2598. }
  2599. {
  2600. char tbuf[ISO_TIME_USEC_LEN+1];
  2601. format_iso_time_nospace_usec(tbuf, &circ->base_.timestamp_created);
  2602. smartlist_add_asprintf(descparts, "TIME_CREATED=%s", tbuf);
  2603. }
  2604. // Show username and/or password if available.
  2605. if (circ->socks_username_len > 0) {
  2606. char* socks_username_escaped = esc_for_log_len(circ->socks_username,
  2607. (size_t) circ->socks_username_len);
  2608. smartlist_add_asprintf(descparts, "SOCKS_USERNAME=%s",
  2609. socks_username_escaped);
  2610. tor_free(socks_username_escaped);
  2611. }
  2612. if (circ->socks_password_len > 0) {
  2613. char* socks_password_escaped = esc_for_log_len(circ->socks_password,
  2614. (size_t) circ->socks_password_len);
  2615. smartlist_add_asprintf(descparts, "SOCKS_PASSWORD=%s",
  2616. socks_password_escaped);
  2617. tor_free(socks_password_escaped);
  2618. }
  2619. rv = smartlist_join_strings(descparts, " ", 0, NULL);
  2620. SMARTLIST_FOREACH(descparts, char *, cp, tor_free(cp));
  2621. smartlist_free(descparts);
  2622. return rv;
  2623. }
  2624. /** Implementation helper for GETINFO: knows how to generate summaries of the
  2625. * current states of things we send events about. */
  2626. static int
  2627. getinfo_helper_events(control_connection_t *control_conn,
  2628. const char *question, char **answer,
  2629. const char **errmsg)
  2630. {
  2631. const or_options_t *options = get_options();
  2632. (void) control_conn;
  2633. if (!strcmp(question, "circuit-status")) {
  2634. smartlist_t *status = smartlist_new();
  2635. SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ_) {
  2636. origin_circuit_t *circ;
  2637. char *circdesc;
  2638. const char *state;
  2639. if (! CIRCUIT_IS_ORIGIN(circ_) || circ_->marked_for_close)
  2640. continue;
  2641. circ = TO_ORIGIN_CIRCUIT(circ_);
  2642. if (circ->base_.state == CIRCUIT_STATE_OPEN)
  2643. state = "BUILT";
  2644. else if (circ->base_.state == CIRCUIT_STATE_GUARD_WAIT)
  2645. state = "GUARD_WAIT";
  2646. else if (circ->cpath)
  2647. state = "EXTENDED";
  2648. else
  2649. state = "LAUNCHED";
  2650. circdesc = circuit_describe_status_for_controller(circ);
  2651. smartlist_add_asprintf(status, "%lu %s%s%s",
  2652. (unsigned long)circ->global_identifier,
  2653. state, *circdesc ? " " : "", circdesc);
  2654. tor_free(circdesc);
  2655. }
  2656. SMARTLIST_FOREACH_END(circ_);
  2657. *answer = smartlist_join_strings(status, "\r\n", 0, NULL);
  2658. SMARTLIST_FOREACH(status, char *, cp, tor_free(cp));
  2659. smartlist_free(status);
  2660. } else if (!strcmp(question, "stream-status")) {
  2661. smartlist_t *conns = get_connection_array();
  2662. smartlist_t *status = smartlist_new();
  2663. char buf[256];
  2664. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
  2665. const char *state;
  2666. entry_connection_t *conn;
  2667. circuit_t *circ;
  2668. origin_circuit_t *origin_circ = NULL;
  2669. if (base_conn->type != CONN_TYPE_AP ||
  2670. base_conn->marked_for_close ||
  2671. base_conn->state == AP_CONN_STATE_SOCKS_WAIT ||
  2672. base_conn->state == AP_CONN_STATE_NATD_WAIT)
  2673. continue;
  2674. conn = TO_ENTRY_CONN(base_conn);
  2675. switch (base_conn->state)
  2676. {
  2677. case AP_CONN_STATE_CONTROLLER_WAIT:
  2678. case AP_CONN_STATE_CIRCUIT_WAIT:
  2679. if (conn->socks_request &&
  2680. SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command))
  2681. state = "NEWRESOLVE";
  2682. else
  2683. state = "NEW";
  2684. break;
  2685. case AP_CONN_STATE_RENDDESC_WAIT:
  2686. case AP_CONN_STATE_CONNECT_WAIT:
  2687. state = "SENTCONNECT"; break;
  2688. case AP_CONN_STATE_RESOLVE_WAIT:
  2689. state = "SENTRESOLVE"; break;
  2690. case AP_CONN_STATE_OPEN:
  2691. state = "SUCCEEDED"; break;
  2692. default:
  2693. log_warn(LD_BUG, "Asked for stream in unknown state %d",
  2694. base_conn->state);
  2695. continue;
  2696. }
  2697. circ = circuit_get_by_edge_conn(ENTRY_TO_EDGE_CONN(conn));
  2698. if (circ && CIRCUIT_IS_ORIGIN(circ))
  2699. origin_circ = TO_ORIGIN_CIRCUIT(circ);
  2700. write_stream_target_to_buf(conn, buf, sizeof(buf));
  2701. smartlist_add_asprintf(status, "%lu %s %lu %s",
  2702. (unsigned long) base_conn->global_identifier,state,
  2703. origin_circ?
  2704. (unsigned long)origin_circ->global_identifier : 0ul,
  2705. buf);
  2706. } SMARTLIST_FOREACH_END(base_conn);
  2707. *answer = smartlist_join_strings(status, "\r\n", 0, NULL);
  2708. SMARTLIST_FOREACH(status, char *, cp, tor_free(cp));
  2709. smartlist_free(status);
  2710. } else if (!strcmp(question, "orconn-status")) {
  2711. smartlist_t *conns = get_connection_array();
  2712. smartlist_t *status = smartlist_new();
  2713. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
  2714. const char *state;
  2715. char name[128];
  2716. or_connection_t *conn;
  2717. if (base_conn->type != CONN_TYPE_OR || base_conn->marked_for_close)
  2718. continue;
  2719. conn = TO_OR_CONN(base_conn);
  2720. if (conn->base_.state == OR_CONN_STATE_OPEN)
  2721. state = "CONNECTED";
  2722. else if (conn->nickname)
  2723. state = "LAUNCHED";
  2724. else
  2725. state = "NEW";
  2726. orconn_target_get_name(name, sizeof(name), conn);
  2727. smartlist_add_asprintf(status, "%s %s", name, state);
  2728. } SMARTLIST_FOREACH_END(base_conn);
  2729. *answer = smartlist_join_strings(status, "\r\n", 0, NULL);
  2730. SMARTLIST_FOREACH(status, char *, cp, tor_free(cp));
  2731. smartlist_free(status);
  2732. } else if (!strcmpstart(question, "address-mappings/")) {
  2733. time_t min_e, max_e;
  2734. smartlist_t *mappings;
  2735. question += strlen("address-mappings/");
  2736. if (!strcmp(question, "all")) {
  2737. min_e = 0; max_e = TIME_MAX;
  2738. } else if (!strcmp(question, "cache")) {
  2739. min_e = 2; max_e = TIME_MAX;
  2740. } else if (!strcmp(question, "config")) {
  2741. min_e = 0; max_e = 0;
  2742. } else if (!strcmp(question, "control")) {
  2743. min_e = 1; max_e = 1;
  2744. } else {
  2745. return 0;
  2746. }
  2747. mappings = smartlist_new();
  2748. addressmap_get_mappings(mappings, min_e, max_e, 1);
  2749. *answer = smartlist_join_strings(mappings, "\r\n", 0, NULL);
  2750. SMARTLIST_FOREACH(mappings, char *, cp, tor_free(cp));
  2751. smartlist_free(mappings);
  2752. } else if (!strcmpstart(question, "status/")) {
  2753. /* Note that status/ is not a catch-all for events; there's only supposed
  2754. * to be a status GETINFO if there's a corresponding STATUS event. */
  2755. if (!strcmp(question, "status/circuit-established")) {
  2756. *answer = tor_strdup(have_completed_a_circuit() ? "1" : "0");
  2757. } else if (!strcmp(question, "status/enough-dir-info")) {
  2758. *answer = tor_strdup(router_have_minimum_dir_info() ? "1" : "0");
  2759. } else if (!strcmp(question, "status/good-server-descriptor") ||
  2760. !strcmp(question, "status/accepted-server-descriptor")) {
  2761. /* They're equivalent for now, until we can figure out how to make
  2762. * good-server-descriptor be what we want. See comment in
  2763. * control-spec.txt. */
  2764. *answer = tor_strdup(directories_have_accepted_server_descriptor()
  2765. ? "1" : "0");
  2766. } else if (!strcmp(question, "status/reachability-succeeded/or")) {
  2767. *answer = tor_strdup(check_whether_orport_reachable(options) ?
  2768. "1" : "0");
  2769. } else if (!strcmp(question, "status/reachability-succeeded/dir")) {
  2770. *answer = tor_strdup(check_whether_dirport_reachable(options) ?
  2771. "1" : "0");
  2772. } else if (!strcmp(question, "status/reachability-succeeded")) {
  2773. tor_asprintf(answer, "OR=%d DIR=%d",
  2774. check_whether_orport_reachable(options) ? 1 : 0,
  2775. check_whether_dirport_reachable(options) ? 1 : 0);
  2776. } else if (!strcmp(question, "status/bootstrap-phase")) {
  2777. *answer = control_event_boot_last_msg();
  2778. } else if (!strcmpstart(question, "status/version/")) {
  2779. int is_server = server_mode(options);
  2780. networkstatus_t *c = networkstatus_get_latest_consensus();
  2781. version_status_t status;
  2782. const char *recommended;
  2783. if (c) {
  2784. recommended = is_server ? c->server_versions : c->client_versions;
  2785. status = tor_version_is_obsolete(VERSION, recommended);
  2786. } else {
  2787. recommended = "?";
  2788. status = VS_UNKNOWN;
  2789. }
  2790. if (!strcmp(question, "status/version/recommended")) {
  2791. *answer = tor_strdup(recommended);
  2792. return 0;
  2793. }
  2794. if (!strcmp(question, "status/version/current")) {
  2795. switch (status)
  2796. {
  2797. case VS_RECOMMENDED: *answer = tor_strdup("recommended"); break;
  2798. case VS_OLD: *answer = tor_strdup("obsolete"); break;
  2799. case VS_NEW: *answer = tor_strdup("new"); break;
  2800. case VS_NEW_IN_SERIES: *answer = tor_strdup("new in series"); break;
  2801. case VS_UNRECOMMENDED: *answer = tor_strdup("unrecommended"); break;
  2802. case VS_EMPTY: *answer = tor_strdup("none recommended"); break;
  2803. case VS_UNKNOWN: *answer = tor_strdup("unknown"); break;
  2804. default: tor_fragile_assert();
  2805. }
  2806. }
  2807. } else if (!strcmp(question, "status/clients-seen")) {
  2808. char *bridge_stats = geoip_get_bridge_stats_controller(time(NULL));
  2809. if (!bridge_stats) {
  2810. *errmsg = "No bridge-client stats available";
  2811. return -1;
  2812. }
  2813. *answer = bridge_stats;
  2814. } else if (!strcmp(question, "status/fresh-relay-descs")) {
  2815. if (!server_mode(options)) {
  2816. *errmsg = "Only relays have descriptors";
  2817. return -1;
  2818. }
  2819. routerinfo_t *r;
  2820. extrainfo_t *e;
  2821. if (router_build_fresh_descriptor(&r, &e) < 0) {
  2822. *errmsg = "Error generating descriptor";
  2823. return -1;
  2824. }
  2825. size_t size = r->cache_info.signed_descriptor_len + 1;
  2826. if (e) {
  2827. size += e->cache_info.signed_descriptor_len + 1;
  2828. }
  2829. tor_assert(r->cache_info.signed_descriptor_len);
  2830. char *descs = tor_malloc(size);
  2831. char *cp = descs;
  2832. memcpy(cp, signed_descriptor_get_body(&r->cache_info),
  2833. r->cache_info.signed_descriptor_len);
  2834. cp += r->cache_info.signed_descriptor_len - 1;
  2835. if (e) {
  2836. if (cp[0] == '\0') {
  2837. cp[0] = '\n';
  2838. } else if (cp[0] != '\n') {
  2839. cp[1] = '\n';
  2840. cp++;
  2841. }
  2842. memcpy(cp, signed_descriptor_get_body(&e->cache_info),
  2843. e->cache_info.signed_descriptor_len);
  2844. cp += e->cache_info.signed_descriptor_len - 1;
  2845. }
  2846. if (cp[0] == '\n') {
  2847. cp[0] = '\0';
  2848. } else if (cp[0] != '\0') {
  2849. cp[1] = '\0';
  2850. }
  2851. *answer = descs;
  2852. routerinfo_free(r);
  2853. extrainfo_free(e);
  2854. } else {
  2855. return 0;
  2856. }
  2857. }
  2858. return 0;
  2859. }
  2860. /** Implementation helper for GETINFO: knows how to enumerate hidden services
  2861. * created via the control port. */
  2862. STATIC int
  2863. getinfo_helper_onions(control_connection_t *control_conn,
  2864. const char *question, char **answer,
  2865. const char **errmsg)
  2866. {
  2867. smartlist_t *onion_list = NULL;
  2868. (void) errmsg; /* no errors from this method */
  2869. if (control_conn && !strcmp(question, "onions/current")) {
  2870. onion_list = control_conn->ephemeral_onion_services;
  2871. } else if (!strcmp(question, "onions/detached")) {
  2872. onion_list = detached_onion_services;
  2873. } else {
  2874. return 0;
  2875. }
  2876. if (!onion_list || smartlist_len(onion_list) == 0) {
  2877. if (answer) {
  2878. *answer = tor_strdup("");
  2879. }
  2880. } else {
  2881. if (answer) {
  2882. *answer = smartlist_join_strings(onion_list, "\r\n", 0, NULL);
  2883. }
  2884. }
  2885. return 0;
  2886. }
  2887. /** Implementation helper for GETINFO: answers queries about network
  2888. * liveness. */
  2889. static int
  2890. getinfo_helper_liveness(control_connection_t *control_conn,
  2891. const char *question, char **answer,
  2892. const char **errmsg)
  2893. {
  2894. (void)control_conn;
  2895. (void)errmsg;
  2896. if (strcmp(question, "network-liveness") == 0) {
  2897. if (get_cached_network_liveness()) {
  2898. *answer = tor_strdup("up");
  2899. } else {
  2900. *answer = tor_strdup("down");
  2901. }
  2902. }
  2903. return 0;
  2904. }
  2905. /** Implementation helper for GETINFO: answers queries about shared random
  2906. * value. */
  2907. static int
  2908. getinfo_helper_sr(control_connection_t *control_conn,
  2909. const char *question, char **answer,
  2910. const char **errmsg)
  2911. {
  2912. (void) control_conn;
  2913. (void) errmsg;
  2914. if (!strcmp(question, "sr/current")) {
  2915. *answer = sr_get_current_for_control();
  2916. } else if (!strcmp(question, "sr/previous")) {
  2917. *answer = sr_get_previous_for_control();
  2918. }
  2919. /* Else statement here is unrecognized key so do nothing. */
  2920. return 0;
  2921. }
  2922. /** Callback function for GETINFO: on a given control connection, try to
  2923. * answer the question <b>q</b> and store the newly-allocated answer in
  2924. * *<b>a</b>. If an internal error occurs, return -1 and optionally set
  2925. * *<b>error_out</b> to point to an error message to be delivered to the
  2926. * controller. On success, _or if the key is not recognized_, return 0. Do not
  2927. * set <b>a</b> if the key is not recognized but you may set <b>error_out</b>
  2928. * to improve the error message.
  2929. */
  2930. typedef int (*getinfo_helper_t)(control_connection_t *,
  2931. const char *q, char **a,
  2932. const char **error_out);
  2933. /** A single item for the GETINFO question-to-answer-function table. */
  2934. typedef struct getinfo_item_t {
  2935. const char *varname; /**< The value (or prefix) of the question. */
  2936. getinfo_helper_t fn; /**< The function that knows the answer: NULL if
  2937. * this entry is documentation-only. */
  2938. const char *desc; /**< Description of the variable. */
  2939. int is_prefix; /** Must varname match exactly, or must it be a prefix? */
  2940. } getinfo_item_t;
  2941. #define ITEM(name, fn, desc) { name, getinfo_helper_##fn, desc, 0 }
  2942. #define PREFIX(name, fn, desc) { name, getinfo_helper_##fn, desc, 1 }
  2943. #define DOC(name, desc) { name, NULL, desc, 0 }
  2944. /** Table mapping questions accepted by GETINFO to the functions that know how
  2945. * to answer them. */
  2946. static const getinfo_item_t getinfo_items[] = {
  2947. ITEM("version", misc, "The current version of Tor."),
  2948. ITEM("bw-event-cache", misc, "Cached BW events for a short interval."),
  2949. ITEM("config-file", misc, "Current location of the \"torrc\" file."),
  2950. ITEM("config-defaults-file", misc, "Current location of the defaults file."),
  2951. ITEM("config-text", misc,
  2952. "Return the string that would be written by a saveconf command."),
  2953. ITEM("config-can-saveconf", misc,
  2954. "Is it possible to save the configuration to the \"torrc\" file?"),
  2955. ITEM("accounting/bytes", accounting,
  2956. "Number of bytes read/written so far in the accounting interval."),
  2957. ITEM("accounting/bytes-left", accounting,
  2958. "Number of bytes left to write/read so far in the accounting interval."),
  2959. ITEM("accounting/enabled", accounting, "Is accounting currently enabled?"),
  2960. ITEM("accounting/hibernating", accounting, "Are we hibernating or awake?"),
  2961. ITEM("accounting/interval-start", accounting,
  2962. "Time when the accounting period starts."),
  2963. ITEM("accounting/interval-end", accounting,
  2964. "Time when the accounting period ends."),
  2965. ITEM("accounting/interval-wake", accounting,
  2966. "Time to wake up in this accounting period."),
  2967. ITEM("helper-nodes", entry_guards, NULL), /* deprecated */
  2968. ITEM("entry-guards", entry_guards,
  2969. "Which nodes are we using as entry guards?"),
  2970. ITEM("fingerprint", misc, NULL),
  2971. PREFIX("config/", config, "Current configuration values."),
  2972. DOC("config/names",
  2973. "List of configuration options, types, and documentation."),
  2974. DOC("config/defaults",
  2975. "List of default values for configuration options. "
  2976. "See also config/names"),
  2977. PREFIX("current-time/", current_time, "Current time."),
  2978. DOC("current-time/local", "Current time on the local system."),
  2979. DOC("current-time/utc", "Current UTC time."),
  2980. PREFIX("downloads/networkstatus/", downloads,
  2981. "Download statuses for networkstatus objects"),
  2982. DOC("downloads/networkstatus/ns",
  2983. "Download status for current-mode networkstatus download"),
  2984. DOC("downloads/networkstatus/ns/bootstrap",
  2985. "Download status for bootstrap-time networkstatus download"),
  2986. DOC("downloads/networkstatus/ns/running",
  2987. "Download status for run-time networkstatus download"),
  2988. DOC("downloads/networkstatus/microdesc",
  2989. "Download status for current-mode microdesc download"),
  2990. DOC("downloads/networkstatus/microdesc/bootstrap",
  2991. "Download status for bootstrap-time microdesc download"),
  2992. DOC("downloads/networkstatus/microdesc/running",
  2993. "Download status for run-time microdesc download"),
  2994. PREFIX("downloads/cert/", downloads,
  2995. "Download statuses for certificates, by id fingerprint and "
  2996. "signing key"),
  2997. DOC("downloads/cert/fps",
  2998. "List of authority fingerprints for which any download statuses "
  2999. "exist"),
  3000. DOC("downloads/cert/fp/<fp>",
  3001. "Download status for <fp> with the default signing key; corresponds "
  3002. "to /fp/ URLs on directory server."),
  3003. DOC("downloads/cert/fp/<fp>/sks",
  3004. "List of signing keys for which specific download statuses are "
  3005. "available for this id fingerprint"),
  3006. DOC("downloads/cert/fp/<fp>/<sk>",
  3007. "Download status for <fp> with signing key <sk>; corresponds "
  3008. "to /fp-sk/ URLs on directory server."),
  3009. PREFIX("downloads/desc/", downloads,
  3010. "Download statuses for router descriptors, by descriptor digest"),
  3011. DOC("downloads/desc/descs",
  3012. "Return a list of known router descriptor digests"),
  3013. DOC("downloads/desc/<desc>",
  3014. "Return a download status for a given descriptor digest"),
  3015. PREFIX("downloads/bridge/", downloads,
  3016. "Download statuses for bridge descriptors, by bridge identity "
  3017. "digest"),
  3018. DOC("downloads/bridge/bridges",
  3019. "Return a list of configured bridge identity digests with download "
  3020. "statuses"),
  3021. DOC("downloads/bridge/<desc>",
  3022. "Return a download status for a given bridge identity digest"),
  3023. ITEM("info/names", misc,
  3024. "List of GETINFO options, types, and documentation."),
  3025. ITEM("events/names", misc,
  3026. "Events that the controller can ask for with SETEVENTS."),
  3027. ITEM("signal/names", misc, "Signal names recognized by the SIGNAL command"),
  3028. ITEM("features/names", misc, "What arguments can USEFEATURE take?"),
  3029. PREFIX("desc/id/", dir, "Router descriptors by ID."),
  3030. PREFIX("desc/name/", dir, "Router descriptors by nickname."),
  3031. ITEM("desc/all-recent", dir,
  3032. "All non-expired, non-superseded router descriptors."),
  3033. ITEM("desc/download-enabled", dir,
  3034. "Do we try to download router descriptors?"),
  3035. ITEM("desc/all-recent-extrainfo-hack", dir, NULL), /* Hack. */
  3036. ITEM("md/all", dir, "All known microdescriptors."),
  3037. PREFIX("md/id/", dir, "Microdescriptors by ID"),
  3038. PREFIX("md/name/", dir, "Microdescriptors by name"),
  3039. ITEM("md/download-enabled", dir,
  3040. "Do we try to download microdescriptors?"),
  3041. PREFIX("extra-info/digest/", dir, "Extra-info documents by digest."),
  3042. PREFIX("hs/client/desc/id", dir,
  3043. "Hidden Service descriptor in client's cache by onion."),
  3044. PREFIX("hs/service/desc/id/", dir,
  3045. "Hidden Service descriptor in services's cache by onion."),
  3046. PREFIX("net/listeners/", listeners, "Bound addresses by type"),
  3047. ITEM("ns/all", networkstatus,
  3048. "Brief summary of router status (v2 directory format)"),
  3049. PREFIX("ns/id/", networkstatus,
  3050. "Brief summary of router status by ID (v2 directory format)."),
  3051. PREFIX("ns/name/", networkstatus,
  3052. "Brief summary of router status by nickname (v2 directory format)."),
  3053. PREFIX("ns/purpose/", networkstatus,
  3054. "Brief summary of router status by purpose (v2 directory format)."),
  3055. PREFIX("consensus/", networkstatus,
  3056. "Information about and from the ns consensus."),
  3057. ITEM("network-status", dir,
  3058. "Brief summary of router status (v1 directory format)"),
  3059. ITEM("network-liveness", liveness,
  3060. "Current opinion on whether the network is live"),
  3061. ITEM("circuit-status", events, "List of current circuits originating here."),
  3062. ITEM("stream-status", events,"List of current streams."),
  3063. ITEM("orconn-status", events, "A list of current OR connections."),
  3064. ITEM("dormant", misc,
  3065. "Is Tor dormant (not building circuits because it's idle)?"),
  3066. PREFIX("address-mappings/", events, NULL),
  3067. DOC("address-mappings/all", "Current address mappings."),
  3068. DOC("address-mappings/cache", "Current cached DNS replies."),
  3069. DOC("address-mappings/config",
  3070. "Current address mappings from configuration."),
  3071. DOC("address-mappings/control", "Current address mappings from controller."),
  3072. PREFIX("status/", events, NULL),
  3073. DOC("status/circuit-established",
  3074. "Whether we think client functionality is working."),
  3075. DOC("status/enough-dir-info",
  3076. "Whether we have enough up-to-date directory information to build "
  3077. "circuits."),
  3078. DOC("status/bootstrap-phase",
  3079. "The last bootstrap phase status event that Tor sent."),
  3080. DOC("status/clients-seen",
  3081. "Breakdown of client countries seen by a bridge."),
  3082. DOC("status/fresh-relay-descs",
  3083. "A fresh relay/ei descriptor pair for Tor's current state. Not stored."),
  3084. DOC("status/version/recommended", "List of currently recommended versions."),
  3085. DOC("status/version/current", "Status of the current version."),
  3086. ITEM("address", misc, "IP address of this Tor host, if we can guess it."),
  3087. ITEM("traffic/read", misc,"Bytes read since the process was started."),
  3088. ITEM("traffic/written", misc,
  3089. "Bytes written since the process was started."),
  3090. ITEM("uptime", misc, "Uptime of the Tor daemon in seconds."),
  3091. ITEM("process/pid", misc, "Process id belonging to the main tor process."),
  3092. ITEM("process/uid", misc, "User id running the tor process."),
  3093. ITEM("process/user", misc,
  3094. "Username under which the tor process is running."),
  3095. ITEM("process/descriptor-limit", misc, "File descriptor limit."),
  3096. ITEM("limits/max-mem-in-queues", misc, "Actual limit on memory in queues"),
  3097. PREFIX("desc-annotations/id/", dir, "Router annotations by hexdigest."),
  3098. PREFIX("dir/server/", dir,"Router descriptors as retrieved from a DirPort."),
  3099. PREFIX("dir/status/", dir,
  3100. "v2 networkstatus docs as retrieved from a DirPort."),
  3101. ITEM("dir/status-vote/current/consensus", dir,
  3102. "v3 Networkstatus consensus as retrieved from a DirPort."),
  3103. ITEM("exit-policy/default", policies,
  3104. "The default value appended to the configured exit policy."),
  3105. ITEM("exit-policy/reject-private/default", policies,
  3106. "The default rules appended to the configured exit policy by"
  3107. " ExitPolicyRejectPrivate."),
  3108. ITEM("exit-policy/reject-private/relay", policies,
  3109. "The relay-specific rules appended to the configured exit policy by"
  3110. " ExitPolicyRejectPrivate and/or ExitPolicyRejectLocalInterfaces."),
  3111. ITEM("exit-policy/full", policies, "The entire exit policy of onion router"),
  3112. ITEM("exit-policy/ipv4", policies, "IPv4 parts of exit policy"),
  3113. ITEM("exit-policy/ipv6", policies, "IPv6 parts of exit policy"),
  3114. PREFIX("ip-to-country/", geoip, "Perform a GEOIP lookup"),
  3115. ITEM("onions/current", onions,
  3116. "Onion services owned by the current control connection."),
  3117. ITEM("onions/detached", onions,
  3118. "Onion services detached from the control connection."),
  3119. ITEM("sr/current", sr, "Get current shared random value."),
  3120. ITEM("sr/previous", sr, "Get previous shared random value."),
  3121. { NULL, NULL, NULL, 0 }
  3122. };
  3123. /** Allocate and return a list of recognized GETINFO options. */
  3124. static char *
  3125. list_getinfo_options(void)
  3126. {
  3127. int i;
  3128. smartlist_t *lines = smartlist_new();
  3129. char *ans;
  3130. for (i = 0; getinfo_items[i].varname; ++i) {
  3131. if (!getinfo_items[i].desc)
  3132. continue;
  3133. smartlist_add_asprintf(lines, "%s%s -- %s\n",
  3134. getinfo_items[i].varname,
  3135. getinfo_items[i].is_prefix ? "*" : "",
  3136. getinfo_items[i].desc);
  3137. }
  3138. smartlist_sort_strings(lines);
  3139. ans = smartlist_join_strings(lines, "", 0, NULL);
  3140. SMARTLIST_FOREACH(lines, char *, cp, tor_free(cp));
  3141. smartlist_free(lines);
  3142. return ans;
  3143. }
  3144. /** Lookup the 'getinfo' entry <b>question</b>, and return
  3145. * the answer in <b>*answer</b> (or NULL if key not recognized).
  3146. * Return 0 if success or unrecognized, or -1 if recognized but
  3147. * internal error. */
  3148. static int
  3149. handle_getinfo_helper(control_connection_t *control_conn,
  3150. const char *question, char **answer,
  3151. const char **err_out)
  3152. {
  3153. int i;
  3154. *answer = NULL; /* unrecognized key by default */
  3155. for (i = 0; getinfo_items[i].varname; ++i) {
  3156. int match;
  3157. if (getinfo_items[i].is_prefix)
  3158. match = !strcmpstart(question, getinfo_items[i].varname);
  3159. else
  3160. match = !strcmp(question, getinfo_items[i].varname);
  3161. if (match) {
  3162. tor_assert(getinfo_items[i].fn);
  3163. return getinfo_items[i].fn(control_conn, question, answer, err_out);
  3164. }
  3165. }
  3166. return 0; /* unrecognized */
  3167. }
  3168. /** Called when we receive a GETINFO command. Try to fetch all requested
  3169. * information, and reply with information or error message. */
  3170. static int
  3171. handle_control_getinfo(control_connection_t *conn, uint32_t len,
  3172. const char *body)
  3173. {
  3174. smartlist_t *questions = smartlist_new();
  3175. smartlist_t *answers = smartlist_new();
  3176. smartlist_t *unrecognized = smartlist_new();
  3177. char *ans = NULL;
  3178. int i;
  3179. (void) len; /* body is NUL-terminated, so it's safe to ignore the length. */
  3180. smartlist_split_string(questions, body, " ",
  3181. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  3182. SMARTLIST_FOREACH_BEGIN(questions, const char *, q) {
  3183. const char *errmsg = NULL;
  3184. if (handle_getinfo_helper(conn, q, &ans, &errmsg) < 0) {
  3185. if (!errmsg)
  3186. errmsg = "Internal error";
  3187. connection_printf_to_buf(conn, "551 %s\r\n", errmsg);
  3188. goto done;
  3189. }
  3190. if (!ans) {
  3191. if (errmsg) /* use provided error message */
  3192. smartlist_add_strdup(unrecognized, errmsg);
  3193. else /* use default error message */
  3194. smartlist_add_asprintf(unrecognized, "Unrecognized key \"%s\"", q);
  3195. } else {
  3196. smartlist_add_strdup(answers, q);
  3197. smartlist_add(answers, ans);
  3198. }
  3199. } SMARTLIST_FOREACH_END(q);
  3200. if (smartlist_len(unrecognized)) {
  3201. /* control-spec section 2.3, mid-reply '-' or end of reply ' ' */
  3202. for (i=0; i < smartlist_len(unrecognized)-1; ++i)
  3203. connection_printf_to_buf(conn,
  3204. "552-%s\r\n",
  3205. (char *)smartlist_get(unrecognized, i));
  3206. connection_printf_to_buf(conn,
  3207. "552 %s\r\n",
  3208. (char *)smartlist_get(unrecognized, i));
  3209. goto done;
  3210. }
  3211. for (i = 0; i < smartlist_len(answers); i += 2) {
  3212. char *k = smartlist_get(answers, i);
  3213. char *v = smartlist_get(answers, i+1);
  3214. if (!strchr(v, '\n') && !strchr(v, '\r')) {
  3215. connection_printf_to_buf(conn, "250-%s=", k);
  3216. connection_write_str_to_buf(v, conn);
  3217. connection_write_str_to_buf("\r\n", conn);
  3218. } else {
  3219. char *esc = NULL;
  3220. size_t esc_len;
  3221. esc_len = write_escaped_data(v, strlen(v), &esc);
  3222. connection_printf_to_buf(conn, "250+%s=\r\n", k);
  3223. connection_buf_add(esc, esc_len, TO_CONN(conn));
  3224. tor_free(esc);
  3225. }
  3226. }
  3227. connection_write_str_to_buf("250 OK\r\n", conn);
  3228. done:
  3229. SMARTLIST_FOREACH(answers, char *, cp, tor_free(cp));
  3230. smartlist_free(answers);
  3231. SMARTLIST_FOREACH(questions, char *, cp, tor_free(cp));
  3232. smartlist_free(questions);
  3233. SMARTLIST_FOREACH(unrecognized, char *, cp, tor_free(cp));
  3234. smartlist_free(unrecognized);
  3235. return 0;
  3236. }
  3237. /** Given a string, convert it to a circuit purpose. */
  3238. static uint8_t
  3239. circuit_purpose_from_string(const char *string)
  3240. {
  3241. if (!strcasecmpstart(string, "purpose="))
  3242. string += strlen("purpose=");
  3243. if (!strcasecmp(string, "general"))
  3244. return CIRCUIT_PURPOSE_C_GENERAL;
  3245. else if (!strcasecmp(string, "controller"))
  3246. return CIRCUIT_PURPOSE_CONTROLLER;
  3247. else
  3248. return CIRCUIT_PURPOSE_UNKNOWN;
  3249. }
  3250. /** Return a newly allocated smartlist containing the arguments to the command
  3251. * waiting in <b>body</b>. If there are fewer than <b>min_args</b> arguments,
  3252. * or if <b>max_args</b> is nonnegative and there are more than
  3253. * <b>max_args</b> arguments, send a 512 error to the controller, using
  3254. * <b>command</b> as the command name in the error message. */
  3255. static smartlist_t *
  3256. getargs_helper(const char *command, control_connection_t *conn,
  3257. const char *body, int min_args, int max_args)
  3258. {
  3259. smartlist_t *args = smartlist_new();
  3260. smartlist_split_string(args, body, " ",
  3261. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  3262. if (smartlist_len(args) < min_args) {
  3263. connection_printf_to_buf(conn, "512 Missing argument to %s\r\n",command);
  3264. goto err;
  3265. } else if (max_args >= 0 && smartlist_len(args) > max_args) {
  3266. connection_printf_to_buf(conn, "512 Too many arguments to %s\r\n",command);
  3267. goto err;
  3268. }
  3269. return args;
  3270. err:
  3271. SMARTLIST_FOREACH(args, char *, s, tor_free(s));
  3272. smartlist_free(args);
  3273. return NULL;
  3274. }
  3275. /** Helper. Return the first element of <b>sl</b> at index <b>start_at</b> or
  3276. * higher that starts with <b>prefix</b>, case-insensitive. Return NULL if no
  3277. * such element exists. */
  3278. static const char *
  3279. find_element_starting_with(smartlist_t *sl, int start_at, const char *prefix)
  3280. {
  3281. int i;
  3282. for (i = start_at; i < smartlist_len(sl); ++i) {
  3283. const char *elt = smartlist_get(sl, i);
  3284. if (!strcasecmpstart(elt, prefix))
  3285. return elt;
  3286. }
  3287. return NULL;
  3288. }
  3289. /** Helper. Return true iff s is an argument that we should treat as a
  3290. * key-value pair. */
  3291. static int
  3292. is_keyval_pair(const char *s)
  3293. {
  3294. /* An argument is a key-value pair if it has an =, and it isn't of the form
  3295. * $fingeprint=name */
  3296. return strchr(s, '=') && s[0] != '$';
  3297. }
  3298. /** Called when we get an EXTENDCIRCUIT message. Try to extend the listed
  3299. * circuit, and report success or failure. */
  3300. static int
  3301. handle_control_extendcircuit(control_connection_t *conn, uint32_t len,
  3302. const char *body)
  3303. {
  3304. smartlist_t *router_nicknames=NULL, *nodes=NULL;
  3305. origin_circuit_t *circ = NULL;
  3306. int zero_circ;
  3307. uint8_t intended_purpose = CIRCUIT_PURPOSE_C_GENERAL;
  3308. smartlist_t *args;
  3309. (void) len;
  3310. router_nicknames = smartlist_new();
  3311. args = getargs_helper("EXTENDCIRCUIT", conn, body, 1, -1);
  3312. if (!args)
  3313. goto done;
  3314. zero_circ = !strcmp("0", (char*)smartlist_get(args,0));
  3315. if (zero_circ) {
  3316. const char *purp = find_element_starting_with(args, 1, "PURPOSE=");
  3317. if (purp) {
  3318. intended_purpose = circuit_purpose_from_string(purp);
  3319. if (intended_purpose == CIRCUIT_PURPOSE_UNKNOWN) {
  3320. connection_printf_to_buf(conn, "552 Unknown purpose \"%s\"\r\n", purp);
  3321. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3322. smartlist_free(args);
  3323. goto done;
  3324. }
  3325. }
  3326. if ((smartlist_len(args) == 1) ||
  3327. (smartlist_len(args) >= 2 && is_keyval_pair(smartlist_get(args, 1)))) {
  3328. // "EXTENDCIRCUIT 0" || EXTENDCIRCUIT 0 foo=bar"
  3329. circ = circuit_launch(intended_purpose, CIRCLAUNCH_NEED_CAPACITY);
  3330. if (!circ) {
  3331. connection_write_str_to_buf("551 Couldn't start circuit\r\n", conn);
  3332. } else {
  3333. connection_printf_to_buf(conn, "250 EXTENDED %lu\r\n",
  3334. (unsigned long)circ->global_identifier);
  3335. }
  3336. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3337. smartlist_free(args);
  3338. goto done;
  3339. }
  3340. // "EXTENDCIRCUIT 0 router1,router2" ||
  3341. // "EXTENDCIRCUIT 0 router1,router2 PURPOSE=foo"
  3342. }
  3343. if (!zero_circ && !(circ = get_circ(smartlist_get(args,0)))) {
  3344. connection_printf_to_buf(conn, "552 Unknown circuit \"%s\"\r\n",
  3345. (char*)smartlist_get(args, 0));
  3346. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3347. smartlist_free(args);
  3348. goto done;
  3349. }
  3350. if (smartlist_len(args) < 2) {
  3351. connection_printf_to_buf(conn,
  3352. "512 syntax error: not enough arguments.\r\n");
  3353. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3354. smartlist_free(args);
  3355. goto done;
  3356. }
  3357. smartlist_split_string(router_nicknames, smartlist_get(args,1), ",", 0, 0);
  3358. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3359. smartlist_free(args);
  3360. nodes = smartlist_new();
  3361. int first_node = zero_circ;
  3362. SMARTLIST_FOREACH_BEGIN(router_nicknames, const char *, n) {
  3363. const node_t *node = node_get_by_nickname(n, 0);
  3364. if (!node) {
  3365. connection_printf_to_buf(conn, "552 No such router \"%s\"\r\n", n);
  3366. goto done;
  3367. }
  3368. if (!node_has_preferred_descriptor(node, first_node)) {
  3369. connection_printf_to_buf(conn, "552 No descriptor for \"%s\"\r\n", n);
  3370. goto done;
  3371. }
  3372. smartlist_add(nodes, (void*)node);
  3373. first_node = 0;
  3374. } SMARTLIST_FOREACH_END(n);
  3375. if (!smartlist_len(nodes)) {
  3376. connection_write_str_to_buf("512 No router names provided\r\n", conn);
  3377. goto done;
  3378. }
  3379. if (zero_circ) {
  3380. /* start a new circuit */
  3381. circ = origin_circuit_init(intended_purpose, 0);
  3382. }
  3383. /* now circ refers to something that is ready to be extended */
  3384. first_node = zero_circ;
  3385. SMARTLIST_FOREACH(nodes, const node_t *, node,
  3386. {
  3387. extend_info_t *info = extend_info_from_node(node, first_node);
  3388. if (!info) {
  3389. tor_assert_nonfatal(first_node);
  3390. log_warn(LD_CONTROL,
  3391. "controller tried to connect to a node that lacks a suitable "
  3392. "descriptor, or which doesn't have any "
  3393. "addresses that are allowed by the firewall configuration; "
  3394. "circuit marked for closing.");
  3395. circuit_mark_for_close(TO_CIRCUIT(circ), -END_CIRC_REASON_CONNECTFAILED);
  3396. connection_write_str_to_buf("551 Couldn't start circuit\r\n", conn);
  3397. goto done;
  3398. }
  3399. circuit_append_new_exit(circ, info);
  3400. if (circ->build_state->desired_path_len > 1) {
  3401. circ->build_state->onehop_tunnel = 0;
  3402. }
  3403. extend_info_free(info);
  3404. first_node = 0;
  3405. });
  3406. /* now that we've populated the cpath, start extending */
  3407. if (zero_circ) {
  3408. int err_reason = 0;
  3409. if ((err_reason = circuit_handle_first_hop(circ)) < 0) {
  3410. circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason);
  3411. connection_write_str_to_buf("551 Couldn't start circuit\r\n", conn);
  3412. goto done;
  3413. }
  3414. } else {
  3415. if (circ->base_.state == CIRCUIT_STATE_OPEN ||
  3416. circ->base_.state == CIRCUIT_STATE_GUARD_WAIT) {
  3417. int err_reason = 0;
  3418. circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_BUILDING);
  3419. if ((err_reason = circuit_send_next_onion_skin(circ)) < 0) {
  3420. log_info(LD_CONTROL,
  3421. "send_next_onion_skin failed; circuit marked for closing.");
  3422. circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason);
  3423. connection_write_str_to_buf("551 Couldn't send onion skin\r\n", conn);
  3424. goto done;
  3425. }
  3426. }
  3427. }
  3428. connection_printf_to_buf(conn, "250 EXTENDED %lu\r\n",
  3429. (unsigned long)circ->global_identifier);
  3430. if (zero_circ) /* send a 'launched' event, for completeness */
  3431. circuit_event_status(circ, CIRC_EVENT_LAUNCHED, 0);
  3432. done:
  3433. SMARTLIST_FOREACH(router_nicknames, char *, n, tor_free(n));
  3434. smartlist_free(router_nicknames);
  3435. smartlist_free(nodes);
  3436. return 0;
  3437. }
  3438. /** Called when we get a SETCIRCUITPURPOSE message. If we can find the
  3439. * circuit and it's a valid purpose, change it. */
  3440. static int
  3441. handle_control_setcircuitpurpose(control_connection_t *conn,
  3442. uint32_t len, const char *body)
  3443. {
  3444. origin_circuit_t *circ = NULL;
  3445. uint8_t new_purpose;
  3446. smartlist_t *args;
  3447. (void) len; /* body is NUL-terminated, so it's safe to ignore the length. */
  3448. args = getargs_helper("SETCIRCUITPURPOSE", conn, body, 2, -1);
  3449. if (!args)
  3450. goto done;
  3451. if (!(circ = get_circ(smartlist_get(args,0)))) {
  3452. connection_printf_to_buf(conn, "552 Unknown circuit \"%s\"\r\n",
  3453. (char*)smartlist_get(args, 0));
  3454. goto done;
  3455. }
  3456. {
  3457. const char *purp = find_element_starting_with(args,1,"PURPOSE=");
  3458. if (!purp) {
  3459. connection_write_str_to_buf("552 No purpose given\r\n", conn);
  3460. goto done;
  3461. }
  3462. new_purpose = circuit_purpose_from_string(purp);
  3463. if (new_purpose == CIRCUIT_PURPOSE_UNKNOWN) {
  3464. connection_printf_to_buf(conn, "552 Unknown purpose \"%s\"\r\n", purp);
  3465. goto done;
  3466. }
  3467. }
  3468. circuit_change_purpose(TO_CIRCUIT(circ), new_purpose);
  3469. connection_write_str_to_buf("250 OK\r\n", conn);
  3470. done:
  3471. if (args) {
  3472. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3473. smartlist_free(args);
  3474. }
  3475. return 0;
  3476. }
  3477. /** Called when we get an ATTACHSTREAM message. Try to attach the requested
  3478. * stream, and report success or failure. */
  3479. static int
  3480. handle_control_attachstream(control_connection_t *conn, uint32_t len,
  3481. const char *body)
  3482. {
  3483. entry_connection_t *ap_conn = NULL;
  3484. origin_circuit_t *circ = NULL;
  3485. int zero_circ;
  3486. smartlist_t *args;
  3487. crypt_path_t *cpath=NULL;
  3488. int hop=0, hop_line_ok=1;
  3489. (void) len;
  3490. args = getargs_helper("ATTACHSTREAM", conn, body, 2, -1);
  3491. if (!args)
  3492. return 0;
  3493. zero_circ = !strcmp("0", (char*)smartlist_get(args,1));
  3494. if (!(ap_conn = get_stream(smartlist_get(args, 0)))) {
  3495. connection_printf_to_buf(conn, "552 Unknown stream \"%s\"\r\n",
  3496. (char*)smartlist_get(args, 0));
  3497. } else if (!zero_circ && !(circ = get_circ(smartlist_get(args, 1)))) {
  3498. connection_printf_to_buf(conn, "552 Unknown circuit \"%s\"\r\n",
  3499. (char*)smartlist_get(args, 1));
  3500. } else if (circ) {
  3501. const char *hopstring = find_element_starting_with(args,2,"HOP=");
  3502. if (hopstring) {
  3503. hopstring += strlen("HOP=");
  3504. hop = (int) tor_parse_ulong(hopstring, 10, 0, INT_MAX,
  3505. &hop_line_ok, NULL);
  3506. if (!hop_line_ok) { /* broken hop line */
  3507. connection_printf_to_buf(conn, "552 Bad value hop=%s\r\n", hopstring);
  3508. }
  3509. }
  3510. }
  3511. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3512. smartlist_free(args);
  3513. if (!ap_conn || (!zero_circ && !circ) || !hop_line_ok)
  3514. return 0;
  3515. if (ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONTROLLER_WAIT &&
  3516. ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONNECT_WAIT &&
  3517. ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_RESOLVE_WAIT) {
  3518. connection_write_str_to_buf(
  3519. "555 Connection is not managed by controller.\r\n",
  3520. conn);
  3521. return 0;
  3522. }
  3523. /* Do we need to detach it first? */
  3524. if (ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONTROLLER_WAIT) {
  3525. edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(ap_conn);
  3526. circuit_t *tmpcirc = circuit_get_by_edge_conn(edge_conn);
  3527. connection_edge_end(edge_conn, END_STREAM_REASON_TIMEOUT);
  3528. /* Un-mark it as ending, since we're going to reuse it. */
  3529. edge_conn->edge_has_sent_end = 0;
  3530. edge_conn->end_reason = 0;
  3531. if (tmpcirc)
  3532. circuit_detach_stream(tmpcirc, edge_conn);
  3533. CONNECTION_AP_EXPECT_NONPENDING(ap_conn);
  3534. TO_CONN(edge_conn)->state = AP_CONN_STATE_CONTROLLER_WAIT;
  3535. }
  3536. if (circ && (circ->base_.state != CIRCUIT_STATE_OPEN)) {
  3537. connection_write_str_to_buf(
  3538. "551 Can't attach stream to non-open origin circuit\r\n",
  3539. conn);
  3540. return 0;
  3541. }
  3542. /* Is this a single hop circuit? */
  3543. if (circ && (circuit_get_cpath_len(circ)<2 || hop==1)) {
  3544. connection_write_str_to_buf(
  3545. "551 Can't attach stream to this one-hop circuit.\r\n", conn);
  3546. return 0;
  3547. }
  3548. if (circ && hop>0) {
  3549. /* find this hop in the circuit, and set cpath */
  3550. cpath = circuit_get_cpath_hop(circ, hop);
  3551. if (!cpath) {
  3552. connection_printf_to_buf(conn,
  3553. "551 Circuit doesn't have %d hops.\r\n", hop);
  3554. return 0;
  3555. }
  3556. }
  3557. if (connection_ap_handshake_rewrite_and_attach(ap_conn, circ, cpath) < 0) {
  3558. connection_write_str_to_buf("551 Unable to attach stream\r\n", conn);
  3559. return 0;
  3560. }
  3561. send_control_done(conn);
  3562. return 0;
  3563. }
  3564. /** Called when we get a POSTDESCRIPTOR message. Try to learn the provided
  3565. * descriptor, and report success or failure. */
  3566. static int
  3567. handle_control_postdescriptor(control_connection_t *conn, uint32_t len,
  3568. const char *body)
  3569. {
  3570. char *desc;
  3571. const char *msg=NULL;
  3572. uint8_t purpose = ROUTER_PURPOSE_GENERAL;
  3573. int cache = 0; /* eventually, we may switch this to 1 */
  3574. const char *cp = memchr(body, '\n', len);
  3575. if (cp == NULL) {
  3576. connection_printf_to_buf(conn, "251 Empty body\r\n");
  3577. return 0;
  3578. }
  3579. ++cp;
  3580. char *cmdline = tor_memdup_nulterm(body, cp-body);
  3581. smartlist_t *args = smartlist_new();
  3582. smartlist_split_string(args, cmdline, " ",
  3583. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  3584. SMARTLIST_FOREACH_BEGIN(args, char *, option) {
  3585. if (!strcasecmpstart(option, "purpose=")) {
  3586. option += strlen("purpose=");
  3587. purpose = router_purpose_from_string(option);
  3588. if (purpose == ROUTER_PURPOSE_UNKNOWN) {
  3589. connection_printf_to_buf(conn, "552 Unknown purpose \"%s\"\r\n",
  3590. option);
  3591. goto done;
  3592. }
  3593. } else if (!strcasecmpstart(option, "cache=")) {
  3594. option += strlen("cache=");
  3595. if (!strcasecmp(option, "no"))
  3596. cache = 0;
  3597. else if (!strcasecmp(option, "yes"))
  3598. cache = 1;
  3599. else {
  3600. connection_printf_to_buf(conn, "552 Unknown cache request \"%s\"\r\n",
  3601. option);
  3602. goto done;
  3603. }
  3604. } else { /* unrecognized argument? */
  3605. connection_printf_to_buf(conn,
  3606. "512 Unexpected argument \"%s\" to postdescriptor\r\n", option);
  3607. goto done;
  3608. }
  3609. } SMARTLIST_FOREACH_END(option);
  3610. read_escaped_data(cp, len-(cp-body), &desc);
  3611. switch (router_load_single_router(desc, purpose, cache, &msg)) {
  3612. case -1:
  3613. if (!msg) msg = "Could not parse descriptor";
  3614. connection_printf_to_buf(conn, "554 %s\r\n", msg);
  3615. break;
  3616. case 0:
  3617. if (!msg) msg = "Descriptor not added";
  3618. connection_printf_to_buf(conn, "251 %s\r\n",msg);
  3619. break;
  3620. case 1:
  3621. send_control_done(conn);
  3622. break;
  3623. }
  3624. tor_free(desc);
  3625. done:
  3626. SMARTLIST_FOREACH(args, char *, arg, tor_free(arg));
  3627. smartlist_free(args);
  3628. tor_free(cmdline);
  3629. return 0;
  3630. }
  3631. /** Called when we receive a REDIRECTSTERAM command. Try to change the target
  3632. * address of the named AP stream, and report success or failure. */
  3633. static int
  3634. handle_control_redirectstream(control_connection_t *conn, uint32_t len,
  3635. const char *body)
  3636. {
  3637. entry_connection_t *ap_conn = NULL;
  3638. char *new_addr = NULL;
  3639. uint16_t new_port = 0;
  3640. smartlist_t *args;
  3641. (void) len;
  3642. args = getargs_helper("REDIRECTSTREAM", conn, body, 2, -1);
  3643. if (!args)
  3644. return 0;
  3645. if (!(ap_conn = get_stream(smartlist_get(args, 0)))
  3646. || !ap_conn->socks_request) {
  3647. connection_printf_to_buf(conn, "552 Unknown stream \"%s\"\r\n",
  3648. (char*)smartlist_get(args, 0));
  3649. } else {
  3650. int ok = 1;
  3651. if (smartlist_len(args) > 2) { /* they included a port too */
  3652. new_port = (uint16_t) tor_parse_ulong(smartlist_get(args, 2),
  3653. 10, 1, 65535, &ok, NULL);
  3654. }
  3655. if (!ok) {
  3656. connection_printf_to_buf(conn, "512 Cannot parse port \"%s\"\r\n",
  3657. (char*)smartlist_get(args, 2));
  3658. } else {
  3659. new_addr = tor_strdup(smartlist_get(args, 1));
  3660. }
  3661. }
  3662. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3663. smartlist_free(args);
  3664. if (!new_addr)
  3665. return 0;
  3666. strlcpy(ap_conn->socks_request->address, new_addr,
  3667. sizeof(ap_conn->socks_request->address));
  3668. if (new_port)
  3669. ap_conn->socks_request->port = new_port;
  3670. tor_free(new_addr);
  3671. send_control_done(conn);
  3672. return 0;
  3673. }
  3674. /** Called when we get a CLOSESTREAM command; try to close the named stream
  3675. * and report success or failure. */
  3676. static int
  3677. handle_control_closestream(control_connection_t *conn, uint32_t len,
  3678. const char *body)
  3679. {
  3680. entry_connection_t *ap_conn=NULL;
  3681. uint8_t reason=0;
  3682. smartlist_t *args;
  3683. int ok;
  3684. (void) len;
  3685. args = getargs_helper("CLOSESTREAM", conn, body, 2, -1);
  3686. if (!args)
  3687. return 0;
  3688. else if (!(ap_conn = get_stream(smartlist_get(args, 0))))
  3689. connection_printf_to_buf(conn, "552 Unknown stream \"%s\"\r\n",
  3690. (char*)smartlist_get(args, 0));
  3691. else {
  3692. reason = (uint8_t) tor_parse_ulong(smartlist_get(args,1), 10, 0, 255,
  3693. &ok, NULL);
  3694. if (!ok) {
  3695. connection_printf_to_buf(conn, "552 Unrecognized reason \"%s\"\r\n",
  3696. (char*)smartlist_get(args, 1));
  3697. ap_conn = NULL;
  3698. }
  3699. }
  3700. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3701. smartlist_free(args);
  3702. if (!ap_conn)
  3703. return 0;
  3704. connection_mark_unattached_ap(ap_conn, reason);
  3705. send_control_done(conn);
  3706. return 0;
  3707. }
  3708. /** Called when we get a CLOSECIRCUIT command; try to close the named circuit
  3709. * and report success or failure. */
  3710. static int
  3711. handle_control_closecircuit(control_connection_t *conn, uint32_t len,
  3712. const char *body)
  3713. {
  3714. origin_circuit_t *circ = NULL;
  3715. int safe = 0;
  3716. smartlist_t *args;
  3717. (void) len;
  3718. args = getargs_helper("CLOSECIRCUIT", conn, body, 1, -1);
  3719. if (!args)
  3720. return 0;
  3721. if (!(circ=get_circ(smartlist_get(args, 0))))
  3722. connection_printf_to_buf(conn, "552 Unknown circuit \"%s\"\r\n",
  3723. (char*)smartlist_get(args, 0));
  3724. else {
  3725. int i;
  3726. for (i=1; i < smartlist_len(args); ++i) {
  3727. if (!strcasecmp(smartlist_get(args, i), "IfUnused"))
  3728. safe = 1;
  3729. else
  3730. log_info(LD_CONTROL, "Skipping unknown option %s",
  3731. (char*)smartlist_get(args,i));
  3732. }
  3733. }
  3734. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3735. smartlist_free(args);
  3736. if (!circ)
  3737. return 0;
  3738. if (!safe || !circ->p_streams) {
  3739. circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_REQUESTED);
  3740. }
  3741. send_control_done(conn);
  3742. return 0;
  3743. }
  3744. /** Called when we get a RESOLVE command: start trying to resolve
  3745. * the listed addresses. */
  3746. static int
  3747. handle_control_resolve(control_connection_t *conn, uint32_t len,
  3748. const char *body)
  3749. {
  3750. smartlist_t *args, *failed;
  3751. int is_reverse = 0;
  3752. (void) len; /* body is nul-terminated; it's safe to ignore the length */
  3753. if (!(conn->event_mask & (((event_mask_t)1)<<EVENT_ADDRMAP))) {
  3754. log_warn(LD_CONTROL, "Controller asked us to resolve an address, but "
  3755. "isn't listening for ADDRMAP events. It probably won't see "
  3756. "the answer.");
  3757. }
  3758. args = smartlist_new();
  3759. smartlist_split_string(args, body, " ",
  3760. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  3761. {
  3762. const char *modearg = find_element_starting_with(args, 0, "mode=");
  3763. if (modearg && !strcasecmp(modearg, "mode=reverse"))
  3764. is_reverse = 1;
  3765. }
  3766. failed = smartlist_new();
  3767. SMARTLIST_FOREACH(args, const char *, arg, {
  3768. if (!is_keyval_pair(arg)) {
  3769. if (dnsserv_launch_request(arg, is_reverse, conn)<0)
  3770. smartlist_add(failed, (char*)arg);
  3771. }
  3772. });
  3773. send_control_done(conn);
  3774. SMARTLIST_FOREACH(failed, const char *, arg, {
  3775. control_event_address_mapped(arg, arg, time(NULL),
  3776. "internal", 0);
  3777. });
  3778. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3779. smartlist_free(args);
  3780. smartlist_free(failed);
  3781. return 0;
  3782. }
  3783. /** Called when we get a PROTOCOLINFO command: send back a reply. */
  3784. static int
  3785. handle_control_protocolinfo(control_connection_t *conn, uint32_t len,
  3786. const char *body)
  3787. {
  3788. const char *bad_arg = NULL;
  3789. smartlist_t *args;
  3790. (void)len;
  3791. conn->have_sent_protocolinfo = 1;
  3792. args = smartlist_new();
  3793. smartlist_split_string(args, body, " ",
  3794. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  3795. SMARTLIST_FOREACH(args, const char *, arg, {
  3796. int ok;
  3797. tor_parse_long(arg, 10, 0, LONG_MAX, &ok, NULL);
  3798. if (!ok) {
  3799. bad_arg = arg;
  3800. break;
  3801. }
  3802. });
  3803. if (bad_arg) {
  3804. connection_printf_to_buf(conn, "513 No such version %s\r\n",
  3805. escaped(bad_arg));
  3806. /* Don't tolerate bad arguments when not authenticated. */
  3807. if (!STATE_IS_OPEN(TO_CONN(conn)->state))
  3808. connection_mark_for_close(TO_CONN(conn));
  3809. goto done;
  3810. } else {
  3811. const or_options_t *options = get_options();
  3812. int cookies = options->CookieAuthentication;
  3813. char *cfile = get_controller_cookie_file_name();
  3814. char *abs_cfile;
  3815. char *esc_cfile;
  3816. char *methods;
  3817. abs_cfile = make_path_absolute(cfile);
  3818. esc_cfile = esc_for_log(abs_cfile);
  3819. {
  3820. int passwd = (options->HashedControlPassword != NULL ||
  3821. options->HashedControlSessionPassword != NULL);
  3822. smartlist_t *mlist = smartlist_new();
  3823. if (cookies) {
  3824. smartlist_add(mlist, (char*)"COOKIE");
  3825. smartlist_add(mlist, (char*)"SAFECOOKIE");
  3826. }
  3827. if (passwd)
  3828. smartlist_add(mlist, (char*)"HASHEDPASSWORD");
  3829. if (!cookies && !passwd)
  3830. smartlist_add(mlist, (char*)"NULL");
  3831. methods = smartlist_join_strings(mlist, ",", 0, NULL);
  3832. smartlist_free(mlist);
  3833. }
  3834. connection_printf_to_buf(conn,
  3835. "250-PROTOCOLINFO 1\r\n"
  3836. "250-AUTH METHODS=%s%s%s\r\n"
  3837. "250-VERSION Tor=%s\r\n"
  3838. "250 OK\r\n",
  3839. methods,
  3840. cookies?" COOKIEFILE=":"",
  3841. cookies?esc_cfile:"",
  3842. escaped(VERSION));
  3843. tor_free(methods);
  3844. tor_free(cfile);
  3845. tor_free(abs_cfile);
  3846. tor_free(esc_cfile);
  3847. }
  3848. done:
  3849. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3850. smartlist_free(args);
  3851. return 0;
  3852. }
  3853. /** Called when we get an AUTHCHALLENGE command. */
  3854. static int
  3855. handle_control_authchallenge(control_connection_t *conn, uint32_t len,
  3856. const char *body)
  3857. {
  3858. const char *cp = body;
  3859. char *client_nonce;
  3860. size_t client_nonce_len;
  3861. char server_hash[DIGEST256_LEN];
  3862. char server_hash_encoded[HEX_DIGEST256_LEN+1];
  3863. char server_nonce[SAFECOOKIE_SERVER_NONCE_LEN];
  3864. char server_nonce_encoded[(2*SAFECOOKIE_SERVER_NONCE_LEN) + 1];
  3865. cp += strspn(cp, " \t\n\r");
  3866. if (!strcasecmpstart(cp, "SAFECOOKIE")) {
  3867. cp += strlen("SAFECOOKIE");
  3868. } else {
  3869. connection_write_str_to_buf("513 AUTHCHALLENGE only supports SAFECOOKIE "
  3870. "authentication\r\n", conn);
  3871. connection_mark_for_close(TO_CONN(conn));
  3872. return -1;
  3873. }
  3874. if (!authentication_cookie_is_set) {
  3875. connection_write_str_to_buf("515 Cookie authentication is disabled\r\n",
  3876. conn);
  3877. connection_mark_for_close(TO_CONN(conn));
  3878. return -1;
  3879. }
  3880. cp += strspn(cp, " \t\n\r");
  3881. if (*cp == '"') {
  3882. const char *newcp =
  3883. decode_escaped_string(cp, len - (cp - body),
  3884. &client_nonce, &client_nonce_len);
  3885. if (newcp == NULL) {
  3886. connection_write_str_to_buf("513 Invalid quoted client nonce\r\n",
  3887. conn);
  3888. connection_mark_for_close(TO_CONN(conn));
  3889. return -1;
  3890. }
  3891. cp = newcp;
  3892. } else {
  3893. size_t client_nonce_encoded_len = strspn(cp, "0123456789ABCDEFabcdef");
  3894. client_nonce_len = client_nonce_encoded_len / 2;
  3895. client_nonce = tor_malloc_zero(client_nonce_len);
  3896. if (base16_decode(client_nonce, client_nonce_len,
  3897. cp, client_nonce_encoded_len)
  3898. != (int) client_nonce_len) {
  3899. connection_write_str_to_buf("513 Invalid base16 client nonce\r\n",
  3900. conn);
  3901. connection_mark_for_close(TO_CONN(conn));
  3902. tor_free(client_nonce);
  3903. return -1;
  3904. }
  3905. cp += client_nonce_encoded_len;
  3906. }
  3907. cp += strspn(cp, " \t\n\r");
  3908. if (*cp != '\0' ||
  3909. cp != body + len) {
  3910. connection_write_str_to_buf("513 Junk at end of AUTHCHALLENGE command\r\n",
  3911. conn);
  3912. connection_mark_for_close(TO_CONN(conn));
  3913. tor_free(client_nonce);
  3914. return -1;
  3915. }
  3916. crypto_rand(server_nonce, SAFECOOKIE_SERVER_NONCE_LEN);
  3917. /* Now compute and send the server-to-controller response, and the
  3918. * server's nonce. */
  3919. tor_assert(authentication_cookie != NULL);
  3920. {
  3921. size_t tmp_len = (AUTHENTICATION_COOKIE_LEN +
  3922. client_nonce_len +
  3923. SAFECOOKIE_SERVER_NONCE_LEN);
  3924. char *tmp = tor_malloc_zero(tmp_len);
  3925. char *client_hash = tor_malloc_zero(DIGEST256_LEN);
  3926. memcpy(tmp, authentication_cookie, AUTHENTICATION_COOKIE_LEN);
  3927. memcpy(tmp + AUTHENTICATION_COOKIE_LEN, client_nonce, client_nonce_len);
  3928. memcpy(tmp + AUTHENTICATION_COOKIE_LEN + client_nonce_len,
  3929. server_nonce, SAFECOOKIE_SERVER_NONCE_LEN);
  3930. crypto_hmac_sha256(server_hash,
  3931. SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT,
  3932. strlen(SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT),
  3933. tmp,
  3934. tmp_len);
  3935. crypto_hmac_sha256(client_hash,
  3936. SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT,
  3937. strlen(SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT),
  3938. tmp,
  3939. tmp_len);
  3940. conn->safecookie_client_hash = client_hash;
  3941. tor_free(tmp);
  3942. }
  3943. base16_encode(server_hash_encoded, sizeof(server_hash_encoded),
  3944. server_hash, sizeof(server_hash));
  3945. base16_encode(server_nonce_encoded, sizeof(server_nonce_encoded),
  3946. server_nonce, sizeof(server_nonce));
  3947. connection_printf_to_buf(conn,
  3948. "250 AUTHCHALLENGE SERVERHASH=%s "
  3949. "SERVERNONCE=%s\r\n",
  3950. server_hash_encoded,
  3951. server_nonce_encoded);
  3952. tor_free(client_nonce);
  3953. return 0;
  3954. }
  3955. /** Called when we get a USEFEATURE command: parse the feature list, and
  3956. * set up the control_connection's options properly. */
  3957. static int
  3958. handle_control_usefeature(control_connection_t *conn,
  3959. uint32_t len,
  3960. const char *body)
  3961. {
  3962. smartlist_t *args;
  3963. int bad = 0;
  3964. (void) len; /* body is nul-terminated; it's safe to ignore the length */
  3965. args = smartlist_new();
  3966. smartlist_split_string(args, body, " ",
  3967. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  3968. SMARTLIST_FOREACH_BEGIN(args, const char *, arg) {
  3969. if (!strcasecmp(arg, "VERBOSE_NAMES"))
  3970. ;
  3971. else if (!strcasecmp(arg, "EXTENDED_EVENTS"))
  3972. ;
  3973. else {
  3974. connection_printf_to_buf(conn, "552 Unrecognized feature \"%s\"\r\n",
  3975. arg);
  3976. bad = 1;
  3977. break;
  3978. }
  3979. } SMARTLIST_FOREACH_END(arg);
  3980. if (!bad) {
  3981. send_control_done(conn);
  3982. }
  3983. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  3984. smartlist_free(args);
  3985. return 0;
  3986. }
  3987. /** Implementation for the DROPGUARDS command. */
  3988. static int
  3989. handle_control_dropguards(control_connection_t *conn,
  3990. uint32_t len,
  3991. const char *body)
  3992. {
  3993. smartlist_t *args;
  3994. (void) len; /* body is nul-terminated; it's safe to ignore the length */
  3995. args = smartlist_new();
  3996. smartlist_split_string(args, body, " ",
  3997. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  3998. static int have_warned = 0;
  3999. if (! have_warned) {
  4000. log_warn(LD_CONTROL, "DROPGUARDS is dangerous; make sure you understand "
  4001. "the risks before using it. It may be removed in a future "
  4002. "version of Tor.");
  4003. have_warned = 1;
  4004. }
  4005. if (smartlist_len(args)) {
  4006. connection_printf_to_buf(conn, "512 Too many arguments to DROPGUARDS\r\n");
  4007. } else {
  4008. remove_all_entry_guards();
  4009. send_control_done(conn);
  4010. }
  4011. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  4012. smartlist_free(args);
  4013. return 0;
  4014. }
  4015. /** Implementation for the HSFETCH command. */
  4016. static int
  4017. handle_control_hsfetch(control_connection_t *conn, uint32_t len,
  4018. const char *body)
  4019. {
  4020. int i;
  4021. char digest[DIGEST_LEN], *hsaddress = NULL, *arg1 = NULL, *desc_id = NULL;
  4022. smartlist_t *args = NULL, *hsdirs = NULL;
  4023. (void) len; /* body is nul-terminated; it's safe to ignore the length */
  4024. static const char *hsfetch_command = "HSFETCH";
  4025. static const char *v2_str = "v2-";
  4026. const size_t v2_str_len = strlen(v2_str);
  4027. rend_data_t *rend_query = NULL;
  4028. /* Make sure we have at least one argument, the HSAddress. */
  4029. args = getargs_helper(hsfetch_command, conn, body, 1, -1);
  4030. if (!args) {
  4031. goto exit;
  4032. }
  4033. /* Extract the first argument (either HSAddress or DescID). */
  4034. arg1 = smartlist_get(args, 0);
  4035. /* Test if it's an HS address without the .onion part. */
  4036. if (rend_valid_v2_service_id(arg1)) {
  4037. hsaddress = arg1;
  4038. } else if (strcmpstart(arg1, v2_str) == 0 &&
  4039. rend_valid_descriptor_id(arg1 + v2_str_len) &&
  4040. base32_decode(digest, sizeof(digest), arg1 + v2_str_len,
  4041. REND_DESC_ID_V2_LEN_BASE32) == 0) {
  4042. /* We have a well formed version 2 descriptor ID. Keep the decoded value
  4043. * of the id. */
  4044. desc_id = digest;
  4045. } else {
  4046. connection_printf_to_buf(conn, "513 Invalid argument \"%s\"\r\n",
  4047. arg1);
  4048. goto done;
  4049. }
  4050. static const char *opt_server = "SERVER=";
  4051. /* Skip first argument because it's the HSAddress or DescID. */
  4052. for (i = 1; i < smartlist_len(args); ++i) {
  4053. const char *arg = smartlist_get(args, i);
  4054. const node_t *node;
  4055. if (!strcasecmpstart(arg, opt_server)) {
  4056. const char *server;
  4057. server = arg + strlen(opt_server);
  4058. node = node_get_by_hex_id(server, 0);
  4059. if (!node) {
  4060. connection_printf_to_buf(conn, "552 Server \"%s\" not found\r\n",
  4061. server);
  4062. goto done;
  4063. }
  4064. if (!hsdirs) {
  4065. /* Stores routerstatus_t object for each specified server. */
  4066. hsdirs = smartlist_new();
  4067. }
  4068. /* Valid server, add it to our local list. */
  4069. smartlist_add(hsdirs, node->rs);
  4070. } else {
  4071. connection_printf_to_buf(conn, "513 Unexpected argument \"%s\"\r\n",
  4072. arg);
  4073. goto done;
  4074. }
  4075. }
  4076. rend_query = rend_data_client_create(hsaddress, desc_id, NULL,
  4077. REND_NO_AUTH);
  4078. if (rend_query == NULL) {
  4079. connection_printf_to_buf(conn, "551 Error creating the HS query\r\n");
  4080. goto done;
  4081. }
  4082. /* Using a descriptor ID, we force the user to provide at least one
  4083. * hsdir server using the SERVER= option. */
  4084. if (desc_id && (!hsdirs || !smartlist_len(hsdirs))) {
  4085. connection_printf_to_buf(conn, "512 %s option is required\r\n",
  4086. opt_server);
  4087. goto done;
  4088. }
  4089. /* We are about to trigger HSDir fetch so send the OK now because after
  4090. * that 650 event(s) are possible so better to have the 250 OK before them
  4091. * to avoid out of order replies. */
  4092. send_control_done(conn);
  4093. /* Trigger the fetch using the built rend query and possibly a list of HS
  4094. * directory to use. This function ignores the client cache thus this will
  4095. * always send a fetch command. */
  4096. rend_client_fetch_v2_desc(rend_query, hsdirs);
  4097. done:
  4098. SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
  4099. smartlist_free(args);
  4100. /* Contains data pointer that we don't own thus no cleanup. */
  4101. smartlist_free(hsdirs);
  4102. rend_data_free(rend_query);
  4103. exit:
  4104. return 0;
  4105. }
  4106. /** Implementation for the HSPOST command. */
  4107. static int
  4108. handle_control_hspost(control_connection_t *conn,
  4109. uint32_t len,
  4110. const char *body)
  4111. {
  4112. static const char *opt_server = "SERVER=";
  4113. static const char *opt_hsaddress = "HSADDRESS=";
  4114. smartlist_t *hs_dirs = NULL;
  4115. const char *encoded_desc = body;
  4116. size_t encoded_desc_len = len;
  4117. const char *onion_address = NULL;
  4118. char *cp = memchr(body, '\n', len);
  4119. if (cp == NULL) {
  4120. connection_printf_to_buf(conn, "251 Empty body\r\n");
  4121. return 0;
  4122. }
  4123. char *argline = tor_strndup(body, cp-body);
  4124. smartlist_t *args = smartlist_new();
  4125. /* If any SERVER= or HSADDRESS= options were specified, try to parse
  4126. * the options line. */
  4127. if (!strcasecmpstart(argline, opt_server) ||
  4128. !strcasecmpstart(argline, opt_hsaddress)) {
  4129. /* encoded_desc begins after a newline character */
  4130. cp = cp + 1;
  4131. encoded_desc = cp;
  4132. encoded_desc_len = len-(cp-body);
  4133. smartlist_split_string(args, argline, " ",
  4134. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  4135. SMARTLIST_FOREACH_BEGIN(args, const char *, arg) {
  4136. if (!strcasecmpstart(arg, opt_server)) {
  4137. const char *server = arg + strlen(opt_server);
  4138. const node_t *node = node_get_by_hex_id(server, 0);
  4139. if (!node || !node->rs) {
  4140. connection_printf_to_buf(conn, "552 Server \"%s\" not found\r\n",
  4141. server);
  4142. goto done;
  4143. }
  4144. /* Valid server, add it to our local list. */
  4145. if (!hs_dirs)
  4146. hs_dirs = smartlist_new();
  4147. smartlist_add(hs_dirs, node->rs);
  4148. } else if (!strcasecmpstart(arg, opt_hsaddress)) {
  4149. const char *address = arg + strlen(opt_hsaddress);
  4150. if (!hs_address_is_valid(address)) {
  4151. connection_printf_to_buf(conn, "512 Malformed onion address\r\n");
  4152. goto done;
  4153. }
  4154. onion_address = address;
  4155. } else {
  4156. connection_printf_to_buf(conn, "512 Unexpected argument \"%s\"\r\n",
  4157. arg);
  4158. goto done;
  4159. }
  4160. } SMARTLIST_FOREACH_END(arg);
  4161. }
  4162. /* Handle the v3 case. */
  4163. if (onion_address) {
  4164. char *desc_str = NULL;
  4165. read_escaped_data(encoded_desc, encoded_desc_len, &desc_str);
  4166. if (hs_control_hspost_command(desc_str, onion_address, hs_dirs) < 0) {
  4167. connection_printf_to_buf(conn, "554 Invalid descriptor\r\n");
  4168. } else {
  4169. send_control_done(conn);
  4170. }
  4171. tor_free(desc_str);
  4172. goto done;
  4173. }
  4174. /* From this point on, it is only v2. */
  4175. /* Read the dot encoded descriptor, and parse it. */
  4176. rend_encoded_v2_service_descriptor_t *desc =
  4177. tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t));
  4178. read_escaped_data(encoded_desc, encoded_desc_len, &desc->desc_str);
  4179. rend_service_descriptor_t *parsed = NULL;
  4180. char *intro_content = NULL;
  4181. size_t intro_size;
  4182. size_t encoded_size;
  4183. const char *next_desc;
  4184. if (!rend_parse_v2_service_descriptor(&parsed, desc->desc_id, &intro_content,
  4185. &intro_size, &encoded_size,
  4186. &next_desc, desc->desc_str, 1)) {
  4187. /* Post the descriptor. */
  4188. char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
  4189. if (!rend_get_service_id(parsed->pk, serviceid)) {
  4190. smartlist_t *descs = smartlist_new();
  4191. smartlist_add(descs, desc);
  4192. /* We are about to trigger HS descriptor upload so send the OK now
  4193. * because after that 650 event(s) are possible so better to have the
  4194. * 250 OK before them to avoid out of order replies. */
  4195. send_control_done(conn);
  4196. /* Trigger the descriptor upload */
  4197. directory_post_to_hs_dir(parsed, descs, hs_dirs, serviceid, 0);
  4198. smartlist_free(descs);
  4199. }
  4200. rend_service_descriptor_free(parsed);
  4201. } else {
  4202. connection_printf_to_buf(conn, "554 Invalid descriptor\r\n");
  4203. }
  4204. tor_free(intro_content);
  4205. rend_encoded_v2_service_descriptor_free(desc);
  4206. done:
  4207. tor_free(argline);
  4208. smartlist_free(hs_dirs); /* Contents belong to the rend service code. */
  4209. SMARTLIST_FOREACH(args, char *, arg, tor_free(arg));
  4210. smartlist_free(args);
  4211. return 0;
  4212. }
  4213. /* Helper function for ADD_ONION that adds an ephemeral service depending on
  4214. * the given hs_version.
  4215. *
  4216. * The secret key in pk depends on the hs_version. The ownership of the key
  4217. * used in pk is given to the HS subsystem so the caller must stop accessing
  4218. * it after.
  4219. *
  4220. * The port_cfgs is a list of service port. Ownership transferred to service.
  4221. * The max_streams refers to the MaxStreams= key.
  4222. * The max_streams_close_circuit refers to the MaxStreamsCloseCircuit key.
  4223. * The auth_type is the authentication type of the clients in auth_clients.
  4224. * The ownership of that list is transferred to the service.
  4225. *
  4226. * On success (RSAE_OKAY), the address_out points to a newly allocated string
  4227. * containing the onion address without the .onion part. On error, address_out
  4228. * is untouched. */
  4229. static hs_service_add_ephemeral_status_t
  4230. add_onion_helper_add_service(int hs_version,
  4231. add_onion_secret_key_t *pk,
  4232. smartlist_t *port_cfgs, int max_streams,
  4233. int max_streams_close_circuit, int auth_type,
  4234. smartlist_t *auth_clients, char **address_out)
  4235. {
  4236. hs_service_add_ephemeral_status_t ret;
  4237. tor_assert(pk);
  4238. tor_assert(port_cfgs);
  4239. tor_assert(address_out);
  4240. switch (hs_version) {
  4241. case HS_VERSION_TWO:
  4242. ret = rend_service_add_ephemeral(pk->v2, port_cfgs, max_streams,
  4243. max_streams_close_circuit, auth_type,
  4244. auth_clients, address_out);
  4245. break;
  4246. case HS_VERSION_THREE:
  4247. ret = hs_service_add_ephemeral(pk->v3, port_cfgs, max_streams,
  4248. max_streams_close_circuit, address_out);
  4249. break;
  4250. default:
  4251. tor_assert_unreached();
  4252. }
  4253. return ret;
  4254. }
  4255. /** Called when we get a ADD_ONION command; parse the body, and set up
  4256. * the new ephemeral Onion Service. */
  4257. static int
  4258. handle_control_add_onion(control_connection_t *conn,
  4259. uint32_t len,
  4260. const char *body)
  4261. {
  4262. smartlist_t *args;
  4263. int arg_len;
  4264. (void) len; /* body is nul-terminated; it's safe to ignore the length */
  4265. args = getargs_helper("ADD_ONION", conn, body, 2, -1);
  4266. if (!args)
  4267. return 0;
  4268. arg_len = smartlist_len(args);
  4269. /* Parse all of the arguments that do not involve handling cryptographic
  4270. * material first, since there's no reason to touch that at all if any of
  4271. * the other arguments are malformed.
  4272. */
  4273. smartlist_t *port_cfgs = smartlist_new();
  4274. smartlist_t *auth_clients = NULL;
  4275. smartlist_t *auth_created_clients = NULL;
  4276. int discard_pk = 0;
  4277. int detach = 0;
  4278. int max_streams = 0;
  4279. int max_streams_close_circuit = 0;
  4280. rend_auth_type_t auth_type = REND_NO_AUTH;
  4281. /* Default to adding an anonymous hidden service if no flag is given */
  4282. int non_anonymous = 0;
  4283. for (int i = 1; i < arg_len; i++) {
  4284. static const char *port_prefix = "Port=";
  4285. static const char *flags_prefix = "Flags=";
  4286. static const char *max_s_prefix = "MaxStreams=";
  4287. static const char *auth_prefix = "ClientAuth=";
  4288. const char *arg = smartlist_get(args, (int)i);
  4289. if (!strcasecmpstart(arg, port_prefix)) {
  4290. /* "Port=VIRTPORT[,TARGET]". */
  4291. const char *port_str = arg + strlen(port_prefix);
  4292. rend_service_port_config_t *cfg =
  4293. rend_service_parse_port_config(port_str, ",", NULL);
  4294. if (!cfg) {
  4295. connection_printf_to_buf(conn, "512 Invalid VIRTPORT/TARGET\r\n");
  4296. goto out;
  4297. }
  4298. smartlist_add(port_cfgs, cfg);
  4299. } else if (!strcasecmpstart(arg, max_s_prefix)) {
  4300. /* "MaxStreams=[0..65535]". */
  4301. const char *max_s_str = arg + strlen(max_s_prefix);
  4302. int ok = 0;
  4303. max_streams = (int)tor_parse_long(max_s_str, 10, 0, 65535, &ok, NULL);
  4304. if (!ok) {
  4305. connection_printf_to_buf(conn, "512 Invalid MaxStreams\r\n");
  4306. goto out;
  4307. }
  4308. } else if (!strcasecmpstart(arg, flags_prefix)) {
  4309. /* "Flags=Flag[,Flag]", where Flag can be:
  4310. * * 'DiscardPK' - If tor generates the keypair, do not include it in
  4311. * the response.
  4312. * * 'Detach' - Do not tie this onion service to any particular control
  4313. * connection.
  4314. * * 'MaxStreamsCloseCircuit' - Close the circuit if MaxStreams is
  4315. * exceeded.
  4316. * * 'BasicAuth' - Client authorization using the 'basic' method.
  4317. * * 'NonAnonymous' - Add a non-anonymous Single Onion Service. If this
  4318. * flag is present, tor must be in non-anonymous
  4319. * hidden service mode. If this flag is absent,
  4320. * tor must be in anonymous hidden service mode.
  4321. */
  4322. static const char *discard_flag = "DiscardPK";
  4323. static const char *detach_flag = "Detach";
  4324. static const char *max_s_close_flag = "MaxStreamsCloseCircuit";
  4325. static const char *basicauth_flag = "BasicAuth";
  4326. static const char *non_anonymous_flag = "NonAnonymous";
  4327. smartlist_t *flags = smartlist_new();
  4328. int bad = 0;
  4329. smartlist_split_string(flags, arg + strlen(flags_prefix), ",",
  4330. SPLIT_IGNORE_BLANK, 0);
  4331. if (smartlist_len(flags) < 1) {
  4332. connection_printf_to_buf(conn, "512 Invalid 'Flags' argument\r\n");
  4333. bad = 1;
  4334. }
  4335. SMARTLIST_FOREACH_BEGIN(flags, const char *, flag)
  4336. {
  4337. if (!strcasecmp(flag, discard_flag)) {
  4338. discard_pk = 1;
  4339. } else if (!strcasecmp(flag, detach_flag)) {
  4340. detach = 1;
  4341. } else if (!strcasecmp(flag, max_s_close_flag)) {
  4342. max_streams_close_circuit = 1;
  4343. } else if (!strcasecmp(flag, basicauth_flag)) {
  4344. auth_type = REND_BASIC_AUTH;
  4345. } else if (!strcasecmp(flag, non_anonymous_flag)) {
  4346. non_anonymous = 1;
  4347. } else {
  4348. connection_printf_to_buf(conn,
  4349. "512 Invalid 'Flags' argument: %s\r\n",
  4350. escaped(flag));
  4351. bad = 1;
  4352. break;
  4353. }
  4354. } SMARTLIST_FOREACH_END(flag);
  4355. SMARTLIST_FOREACH(flags, char *, cp, tor_free(cp));
  4356. smartlist_free(flags);
  4357. if (bad)
  4358. goto out;
  4359. } else if (!strcasecmpstart(arg, auth_prefix)) {
  4360. char *err_msg = NULL;
  4361. int created = 0;
  4362. rend_authorized_client_t *client =
  4363. add_onion_helper_clientauth(arg + strlen(auth_prefix),
  4364. &created, &err_msg);
  4365. if (!client) {
  4366. if (err_msg) {
  4367. connection_write_str_to_buf(err_msg, conn);
  4368. tor_free(err_msg);
  4369. }
  4370. goto out;
  4371. }
  4372. if (auth_clients != NULL) {
  4373. int bad = 0;
  4374. SMARTLIST_FOREACH_BEGIN(auth_clients, rend_authorized_client_t *, ac) {
  4375. if (strcmp(ac->client_name, client->client_name) == 0) {
  4376. bad = 1;
  4377. break;
  4378. }
  4379. } SMARTLIST_FOREACH_END(ac);
  4380. if (bad) {
  4381. connection_printf_to_buf(conn,
  4382. "512 Duplicate name in ClientAuth\r\n");
  4383. rend_authorized_client_free(client);
  4384. goto out;
  4385. }
  4386. } else {
  4387. auth_clients = smartlist_new();
  4388. auth_created_clients = smartlist_new();
  4389. }
  4390. smartlist_add(auth_clients, client);
  4391. if (created) {
  4392. smartlist_add(auth_created_clients, client);
  4393. }
  4394. } else {
  4395. connection_printf_to_buf(conn, "513 Invalid argument\r\n");
  4396. goto out;
  4397. }
  4398. }
  4399. if (smartlist_len(port_cfgs) == 0) {
  4400. connection_printf_to_buf(conn, "512 Missing 'Port' argument\r\n");
  4401. goto out;
  4402. } else if (auth_type == REND_NO_AUTH && auth_clients != NULL) {
  4403. connection_printf_to_buf(conn, "512 No auth type specified\r\n");
  4404. goto out;
  4405. } else if (auth_type != REND_NO_AUTH && auth_clients == NULL) {
  4406. connection_printf_to_buf(conn, "512 No auth clients specified\r\n");
  4407. goto out;
  4408. } else if ((auth_type == REND_BASIC_AUTH &&
  4409. smartlist_len(auth_clients) > 512) ||
  4410. (auth_type == REND_STEALTH_AUTH &&
  4411. smartlist_len(auth_clients) > 16)) {
  4412. connection_printf_to_buf(conn, "512 Too many auth clients\r\n");
  4413. goto out;
  4414. } else if (non_anonymous != rend_service_non_anonymous_mode_enabled(
  4415. get_options())) {
  4416. /* If we failed, and the non-anonymous flag is set, Tor must be in
  4417. * anonymous hidden service mode.
  4418. * The error message changes based on the current Tor config:
  4419. * 512 Tor is in anonymous hidden service mode
  4420. * 512 Tor is in non-anonymous hidden service mode
  4421. * (I've deliberately written them out in full here to aid searchability.)
  4422. */
  4423. connection_printf_to_buf(conn, "512 Tor is in %sanonymous hidden service "
  4424. "mode\r\n",
  4425. non_anonymous ? "" : "non-");
  4426. goto out;
  4427. }
  4428. /* Parse the "keytype:keyblob" argument. */
  4429. int hs_version = 0;
  4430. add_onion_secret_key_t pk = { NULL };
  4431. const char *key_new_alg = NULL;
  4432. char *key_new_blob = NULL;
  4433. char *err_msg = NULL;
  4434. if (add_onion_helper_keyarg(smartlist_get(args, 0), discard_pk,
  4435. &key_new_alg, &key_new_blob, &pk, &hs_version,
  4436. &err_msg) < 0) {
  4437. if (err_msg) {
  4438. connection_write_str_to_buf(err_msg, conn);
  4439. tor_free(err_msg);
  4440. }
  4441. goto out;
  4442. }
  4443. tor_assert(!err_msg);
  4444. /* Hidden service version 3 don't have client authentication support so if
  4445. * ClientAuth was given, send back an error. */
  4446. if (hs_version == HS_VERSION_THREE && auth_clients) {
  4447. connection_printf_to_buf(conn, "513 ClientAuth not supported\r\n");
  4448. goto out;
  4449. }
  4450. /* Create the HS, using private key pk, client authentication auth_type,
  4451. * the list of auth_clients, and port config port_cfg.
  4452. * rend_service_add_ephemeral() will take ownership of pk and port_cfg,
  4453. * regardless of success/failure.
  4454. */
  4455. char *service_id = NULL;
  4456. int ret = add_onion_helper_add_service(hs_version, &pk, port_cfgs,
  4457. max_streams,
  4458. max_streams_close_circuit, auth_type,
  4459. auth_clients, &service_id);
  4460. port_cfgs = NULL; /* port_cfgs is now owned by the rendservice code. */
  4461. auth_clients = NULL; /* so is auth_clients */
  4462. switch (ret) {
  4463. case RSAE_OKAY:
  4464. {
  4465. if (detach) {
  4466. if (!detached_onion_services)
  4467. detached_onion_services = smartlist_new();
  4468. smartlist_add(detached_onion_services, service_id);
  4469. } else {
  4470. if (!conn->ephemeral_onion_services)
  4471. conn->ephemeral_onion_services = smartlist_new();
  4472. smartlist_add(conn->ephemeral_onion_services, service_id);
  4473. }
  4474. tor_assert(service_id);
  4475. connection_printf_to_buf(conn, "250-ServiceID=%s\r\n", service_id);
  4476. if (key_new_alg) {
  4477. tor_assert(key_new_blob);
  4478. connection_printf_to_buf(conn, "250-PrivateKey=%s:%s\r\n",
  4479. key_new_alg, key_new_blob);
  4480. }
  4481. if (auth_created_clients) {
  4482. SMARTLIST_FOREACH(auth_created_clients, rend_authorized_client_t *, ac, {
  4483. char *encoded = rend_auth_encode_cookie(ac->descriptor_cookie,
  4484. auth_type);
  4485. tor_assert(encoded);
  4486. connection_printf_to_buf(conn, "250-ClientAuth=%s:%s\r\n",
  4487. ac->client_name, encoded);
  4488. memwipe(encoded, 0, strlen(encoded));
  4489. tor_free(encoded);
  4490. });
  4491. }
  4492. connection_printf_to_buf(conn, "250 OK\r\n");
  4493. break;
  4494. }
  4495. case RSAE_BADPRIVKEY:
  4496. connection_printf_to_buf(conn, "551 Failed to generate onion address\r\n");
  4497. break;
  4498. case RSAE_ADDREXISTS:
  4499. connection_printf_to_buf(conn, "550 Onion address collision\r\n");
  4500. break;
  4501. case RSAE_BADVIRTPORT:
  4502. connection_printf_to_buf(conn, "512 Invalid VIRTPORT/TARGET\r\n");
  4503. break;
  4504. case RSAE_BADAUTH:
  4505. connection_printf_to_buf(conn, "512 Invalid client authorization\r\n");
  4506. break;
  4507. case RSAE_INTERNAL: /* FALLSTHROUGH */
  4508. default:
  4509. connection_printf_to_buf(conn, "551 Failed to add Onion Service\r\n");
  4510. }
  4511. if (key_new_blob) {
  4512. memwipe(key_new_blob, 0, strlen(key_new_blob));
  4513. tor_free(key_new_blob);
  4514. }
  4515. out:
  4516. if (port_cfgs) {
  4517. SMARTLIST_FOREACH(port_cfgs, rend_service_port_config_t*, p,
  4518. rend_service_port_config_free(p));
  4519. smartlist_free(port_cfgs);
  4520. }
  4521. if (auth_clients) {
  4522. SMARTLIST_FOREACH(auth_clients, rend_authorized_client_t *, ac,
  4523. rend_authorized_client_free(ac));
  4524. smartlist_free(auth_clients);
  4525. }
  4526. if (auth_created_clients) {
  4527. // Do not free entries; they are the same as auth_clients
  4528. smartlist_free(auth_created_clients);
  4529. }
  4530. SMARTLIST_FOREACH(args, char *, cp, {
  4531. memwipe(cp, 0, strlen(cp));
  4532. tor_free(cp);
  4533. });
  4534. smartlist_free(args);
  4535. return 0;
  4536. }
  4537. /** Helper function to handle parsing the KeyType:KeyBlob argument to the
  4538. * ADD_ONION command. Return a new crypto_pk_t and if a new key was generated
  4539. * and the private key not discarded, the algorithm and serialized private key,
  4540. * or NULL and an optional control protocol error message on failure. The
  4541. * caller is responsible for freeing the returned key_new_blob and err_msg.
  4542. *
  4543. * Note: The error messages returned are deliberately vague to avoid echoing
  4544. * key material.
  4545. */
  4546. STATIC int
  4547. add_onion_helper_keyarg(const char *arg, int discard_pk,
  4548. const char **key_new_alg_out, char **key_new_blob_out,
  4549. add_onion_secret_key_t *decoded_key, int *hs_version,
  4550. char **err_msg_out)
  4551. {
  4552. smartlist_t *key_args = smartlist_new();
  4553. crypto_pk_t *pk = NULL;
  4554. const char *key_new_alg = NULL;
  4555. char *key_new_blob = NULL;
  4556. char *err_msg = NULL;
  4557. int ret = -1;
  4558. smartlist_split_string(key_args, arg, ":", SPLIT_IGNORE_BLANK, 0);
  4559. if (smartlist_len(key_args) != 2) {
  4560. err_msg = tor_strdup("512 Invalid key type/blob\r\n");
  4561. goto err;
  4562. }
  4563. /* The format is "KeyType:KeyBlob". */
  4564. static const char *key_type_new = "NEW";
  4565. static const char *key_type_best = "BEST";
  4566. static const char *key_type_rsa1024 = "RSA1024";
  4567. static const char *key_type_ed25519_v3 = "ED25519-V3";
  4568. const char *key_type = smartlist_get(key_args, 0);
  4569. const char *key_blob = smartlist_get(key_args, 1);
  4570. if (!strcasecmp(key_type_rsa1024, key_type)) {
  4571. /* "RSA:<Base64 Blob>" - Loading a pre-existing RSA1024 key. */
  4572. pk = crypto_pk_base64_decode_private(key_blob, strlen(key_blob));
  4573. if (!pk) {
  4574. err_msg = tor_strdup("512 Failed to decode RSA key\r\n");
  4575. goto err;
  4576. }
  4577. if (crypto_pk_num_bits(pk) != PK_BYTES*8) {
  4578. crypto_pk_free(pk);
  4579. err_msg = tor_strdup("512 Invalid RSA key size\r\n");
  4580. goto err;
  4581. }
  4582. decoded_key->v2 = pk;
  4583. *hs_version = HS_VERSION_TWO;
  4584. } else if (!strcasecmp(key_type_ed25519_v3, key_type)) {
  4585. /* "ED25519-V3:<Base64 Blob>" - Loading a pre-existing ed25519 key. */
  4586. ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk));
  4587. if (base64_decode((char *) sk->seckey, sizeof(sk->seckey), key_blob,
  4588. strlen(key_blob)) != sizeof(sk->seckey)) {
  4589. tor_free(sk);
  4590. err_msg = tor_strdup("512 Failed to decode ED25519-V3 key\r\n");
  4591. goto err;
  4592. }
  4593. decoded_key->v3 = sk;
  4594. *hs_version = HS_VERSION_THREE;
  4595. } else if (!strcasecmp(key_type_new, key_type)) {
  4596. /* "NEW:<Algorithm>" - Generating a new key, blob as algorithm. */
  4597. if (!strcasecmp(key_type_rsa1024, key_blob) ||
  4598. !strcasecmp(key_type_best, key_blob)) {
  4599. /* "RSA1024", RSA 1024 bit, also currently "BEST" by default. */
  4600. pk = crypto_pk_new();
  4601. if (crypto_pk_generate_key(pk)) {
  4602. tor_asprintf(&err_msg, "551 Failed to generate %s key\r\n",
  4603. key_type_rsa1024);
  4604. goto err;
  4605. }
  4606. if (!discard_pk) {
  4607. if (crypto_pk_base64_encode_private(pk, &key_new_blob)) {
  4608. crypto_pk_free(pk);
  4609. tor_asprintf(&err_msg, "551 Failed to encode %s key\r\n",
  4610. key_type_rsa1024);
  4611. goto err;
  4612. }
  4613. key_new_alg = key_type_rsa1024;
  4614. }
  4615. decoded_key->v2 = pk;
  4616. *hs_version = HS_VERSION_TWO;
  4617. } else if (!strcasecmp(key_type_ed25519_v3, key_blob)) {
  4618. ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk));
  4619. if (ed25519_secret_key_generate(sk, 1) < 0) {
  4620. tor_free(sk);
  4621. tor_asprintf(&err_msg, "551 Failed to generate %s key\r\n",
  4622. key_type_ed25519_v3);
  4623. goto err;
  4624. }
  4625. if (!discard_pk) {
  4626. ssize_t len = base64_encode_size(sizeof(sk->seckey), 0) + 1;
  4627. key_new_blob = tor_malloc_zero(len);
  4628. if (base64_encode(key_new_blob, len, (const char *) sk->seckey,
  4629. sizeof(sk->seckey), 0) != (len - 1)) {
  4630. tor_free(sk);
  4631. tor_free(key_new_blob);
  4632. tor_asprintf(&err_msg, "551 Failed to encode %s key\r\n",
  4633. key_type_ed25519_v3);
  4634. goto err;
  4635. }
  4636. key_new_alg = key_type_ed25519_v3;
  4637. }
  4638. decoded_key->v3 = sk;
  4639. *hs_version = HS_VERSION_THREE;
  4640. } else {
  4641. err_msg = tor_strdup("513 Invalid key type\r\n");
  4642. goto err;
  4643. }
  4644. } else {
  4645. err_msg = tor_strdup("513 Invalid key type\r\n");
  4646. goto err;
  4647. }
  4648. /* Succeeded in loading or generating a private key. */
  4649. ret = 0;
  4650. err:
  4651. SMARTLIST_FOREACH(key_args, char *, cp, {
  4652. memwipe(cp, 0, strlen(cp));
  4653. tor_free(cp);
  4654. });
  4655. smartlist_free(key_args);
  4656. if (err_msg_out) {
  4657. *err_msg_out = err_msg;
  4658. } else {
  4659. tor_free(err_msg);
  4660. }
  4661. *key_new_alg_out = key_new_alg;
  4662. *key_new_blob_out = key_new_blob;
  4663. return ret;
  4664. }
  4665. /** Helper function to handle parsing a ClientAuth argument to the
  4666. * ADD_ONION command. Return a new rend_authorized_client_t, or NULL
  4667. * and an optional control protocol error message on failure. The
  4668. * caller is responsible for freeing the returned auth_client and err_msg.
  4669. *
  4670. * If 'created' is specified, it will be set to 1 when a new cookie has
  4671. * been generated.
  4672. */
  4673. STATIC rend_authorized_client_t *
  4674. add_onion_helper_clientauth(const char *arg, int *created, char **err_msg)
  4675. {
  4676. int ok = 0;
  4677. tor_assert(arg);
  4678. tor_assert(created);
  4679. tor_assert(err_msg);
  4680. *err_msg = NULL;
  4681. smartlist_t *auth_args = smartlist_new();
  4682. rend_authorized_client_t *client =
  4683. tor_malloc_zero(sizeof(rend_authorized_client_t));
  4684. smartlist_split_string(auth_args, arg, ":", 0, 0);
  4685. if (smartlist_len(auth_args) < 1 || smartlist_len(auth_args) > 2) {
  4686. *err_msg = tor_strdup("512 Invalid ClientAuth syntax\r\n");
  4687. goto err;
  4688. }
  4689. client->client_name = tor_strdup(smartlist_get(auth_args, 0));
  4690. if (smartlist_len(auth_args) == 2) {
  4691. char *decode_err_msg = NULL;
  4692. if (rend_auth_decode_cookie(smartlist_get(auth_args, 1),
  4693. client->descriptor_cookie,
  4694. NULL, &decode_err_msg) < 0) {
  4695. tor_assert(decode_err_msg);
  4696. tor_asprintf(err_msg, "512 %s\r\n", decode_err_msg);
  4697. tor_free(decode_err_msg);
  4698. goto err;
  4699. }
  4700. *created = 0;
  4701. } else {
  4702. crypto_rand((char *) client->descriptor_cookie, REND_DESC_COOKIE_LEN);
  4703. *created = 1;
  4704. }
  4705. if (!rend_valid_client_name(client->client_name)) {
  4706. *err_msg = tor_strdup("512 Invalid name in ClientAuth\r\n");
  4707. goto err;
  4708. }
  4709. ok = 1;
  4710. err:
  4711. SMARTLIST_FOREACH(auth_args, char *, item, tor_free(item));
  4712. smartlist_free(auth_args);
  4713. if (!ok) {
  4714. rend_authorized_client_free(client);
  4715. client = NULL;
  4716. }
  4717. return client;
  4718. }
  4719. /** Called when we get a DEL_ONION command; parse the body, and remove
  4720. * the existing ephemeral Onion Service. */
  4721. static int
  4722. handle_control_del_onion(control_connection_t *conn,
  4723. uint32_t len,
  4724. const char *body)
  4725. {
  4726. int hs_version = 0;
  4727. smartlist_t *args;
  4728. (void) len; /* body is nul-terminated; it's safe to ignore the length */
  4729. args = getargs_helper("DEL_ONION", conn, body, 1, 1);
  4730. if (!args)
  4731. return 0;
  4732. const char *service_id = smartlist_get(args, 0);
  4733. if (rend_valid_v2_service_id(service_id)) {
  4734. hs_version = HS_VERSION_TWO;
  4735. } else if (hs_address_is_valid(service_id)) {
  4736. hs_version = HS_VERSION_THREE;
  4737. } else {
  4738. connection_printf_to_buf(conn, "512 Malformed Onion Service id\r\n");
  4739. goto out;
  4740. }
  4741. /* Determine if the onion service belongs to this particular control
  4742. * connection, or if it is in the global list of detached services. If it
  4743. * is in neither, either the service ID is invalid in some way, or it
  4744. * explicitly belongs to a different control connection, and an error
  4745. * should be returned.
  4746. */
  4747. smartlist_t *services[2] = {
  4748. conn->ephemeral_onion_services,
  4749. detached_onion_services
  4750. };
  4751. smartlist_t *onion_services = NULL;
  4752. int idx = -1;
  4753. for (size_t i = 0; i < ARRAY_LENGTH(services); i++) {
  4754. idx = smartlist_string_pos(services[i], service_id);
  4755. if (idx != -1) {
  4756. onion_services = services[i];
  4757. break;
  4758. }
  4759. }
  4760. if (onion_services == NULL) {
  4761. connection_printf_to_buf(conn, "552 Unknown Onion Service id\r\n");
  4762. } else {
  4763. int ret = -1;
  4764. switch (hs_version) {
  4765. case HS_VERSION_TWO:
  4766. ret = rend_service_del_ephemeral(service_id);
  4767. break;
  4768. case HS_VERSION_THREE:
  4769. ret = hs_service_del_ephemeral(service_id);
  4770. break;
  4771. default:
  4772. /* The ret value will be -1 thus hitting the warning below. This should
  4773. * never happen because of the check at the start of the function. */
  4774. break;
  4775. }
  4776. if (ret < 0) {
  4777. /* This should *NEVER* fail, since the service is on either the
  4778. * per-control connection list, or the global one.
  4779. */
  4780. log_warn(LD_BUG, "Failed to remove Onion Service %s.",
  4781. escaped(service_id));
  4782. tor_fragile_assert();
  4783. }
  4784. /* Remove/scrub the service_id from the appropriate list. */
  4785. char *cp = smartlist_get(onion_services, idx);
  4786. smartlist_del(onion_services, idx);
  4787. memwipe(cp, 0, strlen(cp));
  4788. tor_free(cp);
  4789. send_control_done(conn);
  4790. }
  4791. out:
  4792. SMARTLIST_FOREACH(args, char *, cp, {
  4793. memwipe(cp, 0, strlen(cp));
  4794. tor_free(cp);
  4795. });
  4796. smartlist_free(args);
  4797. return 0;
  4798. }
  4799. /** Called when <b>conn</b> has no more bytes left on its outbuf. */
  4800. int
  4801. connection_control_finished_flushing(control_connection_t *conn)
  4802. {
  4803. tor_assert(conn);
  4804. return 0;
  4805. }
  4806. /** Called when <b>conn</b> has gotten its socket closed. */
  4807. int
  4808. connection_control_reached_eof(control_connection_t *conn)
  4809. {
  4810. tor_assert(conn);
  4811. log_info(LD_CONTROL,"Control connection reached EOF. Closing.");
  4812. connection_mark_for_close(TO_CONN(conn));
  4813. return 0;
  4814. }
  4815. /** Shut down this Tor instance in the same way that SIGINT would, but
  4816. * with a log message appropriate for the loss of an owning controller. */
  4817. static void
  4818. lost_owning_controller(const char *owner_type, const char *loss_manner)
  4819. {
  4820. log_notice(LD_CONTROL, "Owning controller %s has %s -- exiting now.",
  4821. owner_type, loss_manner);
  4822. activate_signal(SIGTERM);
  4823. }
  4824. /** Called when <b>conn</b> is being freed. */
  4825. void
  4826. connection_control_closed(control_connection_t *conn)
  4827. {
  4828. tor_assert(conn);
  4829. conn->event_mask = 0;
  4830. control_update_global_event_mask();
  4831. /* Close all ephemeral Onion Services if any.
  4832. * The list and it's contents are scrubbed/freed in connection_free_.
  4833. */
  4834. if (conn->ephemeral_onion_services) {
  4835. SMARTLIST_FOREACH_BEGIN(conn->ephemeral_onion_services, char *, cp) {
  4836. if (rend_valid_v2_service_id(cp)) {
  4837. rend_service_del_ephemeral(cp);
  4838. } else if (hs_address_is_valid(cp)) {
  4839. hs_service_del_ephemeral(cp);
  4840. } else {
  4841. /* An invalid .onion in our list should NEVER happen */
  4842. tor_fragile_assert();
  4843. }
  4844. } SMARTLIST_FOREACH_END(cp);
  4845. }
  4846. if (conn->is_owning_control_connection) {
  4847. lost_owning_controller("connection", "closed");
  4848. }
  4849. }
  4850. /** Return true iff <b>cmd</b> is allowable (or at least forgivable) at this
  4851. * stage of the protocol. */
  4852. static int
  4853. is_valid_initial_command(control_connection_t *conn, const char *cmd)
  4854. {
  4855. if (conn->base_.state == CONTROL_CONN_STATE_OPEN)
  4856. return 1;
  4857. if (!strcasecmp(cmd, "PROTOCOLINFO"))
  4858. return (!conn->have_sent_protocolinfo &&
  4859. conn->safecookie_client_hash == NULL);
  4860. if (!strcasecmp(cmd, "AUTHCHALLENGE"))
  4861. return (conn->safecookie_client_hash == NULL);
  4862. if (!strcasecmp(cmd, "AUTHENTICATE") ||
  4863. !strcasecmp(cmd, "QUIT"))
  4864. return 1;
  4865. return 0;
  4866. }
  4867. /** Do not accept any control command of more than 1MB in length. Anything
  4868. * that needs to be anywhere near this long probably means that one of our
  4869. * interfaces is broken. */
  4870. #define MAX_COMMAND_LINE_LENGTH (1024*1024)
  4871. /** Wrapper around peek_buf_has_control0 command: presents the same
  4872. * interface as that underlying functions, but takes a connection_t intead of
  4873. * a buf_t.
  4874. */
  4875. static int
  4876. peek_connection_has_control0_command(connection_t *conn)
  4877. {
  4878. return peek_buf_has_control0_command(conn->inbuf);
  4879. }
  4880. static int
  4881. peek_connection_has_http_command(connection_t *conn)
  4882. {
  4883. return peek_buf_has_http_command(conn->inbuf);
  4884. }
  4885. static const char CONTROLPORT_IS_NOT_AN_HTTP_PROXY_MSG[] =
  4886. "HTTP/1.0 501 Tor ControlPort is not an HTTP proxy"
  4887. "\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n"
  4888. "<html>\n"
  4889. "<head>\n"
  4890. "<title>Tor's ControlPort is not an HTTP proxy</title>\n"
  4891. "</head>\n"
  4892. "<body>\n"
  4893. "<h1>Tor's ControlPort is not an HTTP proxy</h1>\n"
  4894. "<p>\n"
  4895. "It appears you have configured your web browser to use Tor's control port"
  4896. " as an HTTP proxy.\n"
  4897. "This is not correct: Tor's default SOCKS proxy port is 9050.\n"
  4898. "Please configure your client accordingly.\n"
  4899. "</p>\n"
  4900. "<p>\n"
  4901. "See <a href=\"https://www.torproject.org/documentation.html\">"
  4902. "https://www.torproject.org/documentation.html</a> for more "
  4903. "information.\n"
  4904. "<!-- Plus this comment, to make the body response more than 512 bytes, so "
  4905. " IE will be willing to display it. Comment comment comment comment "
  4906. " comment comment comment comment comment comment comment comment.-->\n"
  4907. "</p>\n"
  4908. "</body>\n"
  4909. "</html>\n";
  4910. /** Called when data has arrived on a v1 control connection: Try to fetch
  4911. * commands from conn->inbuf, and execute them.
  4912. */
  4913. int
  4914. connection_control_process_inbuf(control_connection_t *conn)
  4915. {
  4916. size_t data_len;
  4917. uint32_t cmd_data_len;
  4918. int cmd_len;
  4919. char *args;
  4920. tor_assert(conn);
  4921. tor_assert(conn->base_.state == CONTROL_CONN_STATE_OPEN ||
  4922. conn->base_.state == CONTROL_CONN_STATE_NEEDAUTH);
  4923. if (!conn->incoming_cmd) {
  4924. conn->incoming_cmd = tor_malloc(1024);
  4925. conn->incoming_cmd_len = 1024;
  4926. conn->incoming_cmd_cur_len = 0;
  4927. }
  4928. if (conn->base_.state == CONTROL_CONN_STATE_NEEDAUTH &&
  4929. peek_connection_has_control0_command(TO_CONN(conn))) {
  4930. /* Detect v0 commands and send a "no more v0" message. */
  4931. size_t body_len;
  4932. char buf[128];
  4933. set_uint16(buf+2, htons(0x0000)); /* type == error */
  4934. set_uint16(buf+4, htons(0x0001)); /* code == internal error */
  4935. strlcpy(buf+6, "The v0 control protocol is not supported by Tor 0.1.2.17 "
  4936. "and later; upgrade your controller.",
  4937. sizeof(buf)-6);
  4938. body_len = 2+strlen(buf+6)+2; /* code, msg, nul. */
  4939. set_uint16(buf+0, htons(body_len));
  4940. connection_buf_add(buf, 4+body_len, TO_CONN(conn));
  4941. connection_mark_and_flush(TO_CONN(conn));
  4942. return 0;
  4943. }
  4944. /* If the user has the HTTP proxy port and the control port confused. */
  4945. if (conn->base_.state == CONTROL_CONN_STATE_NEEDAUTH &&
  4946. peek_connection_has_http_command(TO_CONN(conn))) {
  4947. connection_write_str_to_buf(CONTROLPORT_IS_NOT_AN_HTTP_PROXY_MSG, conn);
  4948. log_notice(LD_CONTROL, "Received HTTP request on ControlPort");
  4949. connection_mark_and_flush(TO_CONN(conn));
  4950. return 0;
  4951. }
  4952. again:
  4953. while (1) {
  4954. size_t last_idx;
  4955. int r;
  4956. /* First, fetch a line. */
  4957. do {
  4958. data_len = conn->incoming_cmd_len - conn->incoming_cmd_cur_len;
  4959. r = connection_buf_get_line(TO_CONN(conn),
  4960. conn->incoming_cmd+conn->incoming_cmd_cur_len,
  4961. &data_len);
  4962. if (r == 0)
  4963. /* Line not all here yet. Wait. */
  4964. return 0;
  4965. else if (r == -1) {
  4966. if (data_len + conn->incoming_cmd_cur_len > MAX_COMMAND_LINE_LENGTH) {
  4967. connection_write_str_to_buf("500 Line too long.\r\n", conn);
  4968. connection_stop_reading(TO_CONN(conn));
  4969. connection_mark_and_flush(TO_CONN(conn));
  4970. }
  4971. while (conn->incoming_cmd_len < data_len+conn->incoming_cmd_cur_len)
  4972. conn->incoming_cmd_len *= 2;
  4973. conn->incoming_cmd = tor_realloc(conn->incoming_cmd,
  4974. conn->incoming_cmd_len);
  4975. }
  4976. } while (r != 1);
  4977. tor_assert(data_len);
  4978. last_idx = conn->incoming_cmd_cur_len;
  4979. conn->incoming_cmd_cur_len += (int)data_len;
  4980. /* We have appended a line to incoming_cmd. Is the command done? */
  4981. if (last_idx == 0 && *conn->incoming_cmd != '+')
  4982. /* One line command, didn't start with '+'. */
  4983. break;
  4984. /* XXXX this code duplication is kind of dumb. */
  4985. if (last_idx+3 == conn->incoming_cmd_cur_len &&
  4986. tor_memeq(conn->incoming_cmd + last_idx, ".\r\n", 3)) {
  4987. /* Just appended ".\r\n"; we're done. Remove it. */
  4988. conn->incoming_cmd[last_idx] = '\0';
  4989. conn->incoming_cmd_cur_len -= 3;
  4990. break;
  4991. } else if (last_idx+2 == conn->incoming_cmd_cur_len &&
  4992. tor_memeq(conn->incoming_cmd + last_idx, ".\n", 2)) {
  4993. /* Just appended ".\n"; we're done. Remove it. */
  4994. conn->incoming_cmd[last_idx] = '\0';
  4995. conn->incoming_cmd_cur_len -= 2;
  4996. break;
  4997. }
  4998. /* Otherwise, read another line. */
  4999. }
  5000. data_len = conn->incoming_cmd_cur_len;
  5001. /* Okay, we now have a command sitting on conn->incoming_cmd. See if we
  5002. * recognize it.
  5003. */
  5004. cmd_len = 0;
  5005. while ((size_t)cmd_len < data_len
  5006. && !TOR_ISSPACE(conn->incoming_cmd[cmd_len]))
  5007. ++cmd_len;
  5008. conn->incoming_cmd[cmd_len]='\0';
  5009. args = conn->incoming_cmd+cmd_len+1;
  5010. tor_assert(data_len>(size_t)cmd_len);
  5011. data_len -= (cmd_len+1); /* skip the command and NUL we added after it */
  5012. while (TOR_ISSPACE(*args)) {
  5013. ++args;
  5014. --data_len;
  5015. }
  5016. /* If the connection is already closing, ignore further commands */
  5017. if (TO_CONN(conn)->marked_for_close) {
  5018. return 0;
  5019. }
  5020. /* Otherwise, Quit is always valid. */
  5021. if (!strcasecmp(conn->incoming_cmd, "QUIT")) {
  5022. connection_write_str_to_buf("250 closing connection\r\n", conn);
  5023. connection_mark_and_flush(TO_CONN(conn));
  5024. return 0;
  5025. }
  5026. if (conn->base_.state == CONTROL_CONN_STATE_NEEDAUTH &&
  5027. !is_valid_initial_command(conn, conn->incoming_cmd)) {
  5028. connection_write_str_to_buf("514 Authentication required.\r\n", conn);
  5029. connection_mark_for_close(TO_CONN(conn));
  5030. return 0;
  5031. }
  5032. if (data_len >= UINT32_MAX) {
  5033. connection_write_str_to_buf("500 A 4GB command? Nice try.\r\n", conn);
  5034. connection_mark_for_close(TO_CONN(conn));
  5035. return 0;
  5036. }
  5037. /* XXXX Why is this not implemented as a table like the GETINFO
  5038. * items are? Even handling the plus signs at the beginnings of
  5039. * commands wouldn't be very hard with proper macros. */
  5040. cmd_data_len = (uint32_t)data_len;
  5041. if (!strcasecmp(conn->incoming_cmd, "SETCONF")) {
  5042. if (handle_control_setconf(conn, cmd_data_len, args))
  5043. return -1;
  5044. } else if (!strcasecmp(conn->incoming_cmd, "RESETCONF")) {
  5045. if (handle_control_resetconf(conn, cmd_data_len, args))
  5046. return -1;
  5047. } else if (!strcasecmp(conn->incoming_cmd, "GETCONF")) {
  5048. if (handle_control_getconf(conn, cmd_data_len, args))
  5049. return -1;
  5050. } else if (!strcasecmp(conn->incoming_cmd, "+LOADCONF")) {
  5051. if (handle_control_loadconf(conn, cmd_data_len, args))
  5052. return -1;
  5053. } else if (!strcasecmp(conn->incoming_cmd, "SETEVENTS")) {
  5054. if (handle_control_setevents(conn, cmd_data_len, args))
  5055. return -1;
  5056. } else if (!strcasecmp(conn->incoming_cmd, "AUTHENTICATE")) {
  5057. if (handle_control_authenticate(conn, cmd_data_len, args))
  5058. return -1;
  5059. } else if (!strcasecmp(conn->incoming_cmd, "SAVECONF")) {
  5060. if (handle_control_saveconf(conn, cmd_data_len, args))
  5061. return -1;
  5062. } else if (!strcasecmp(conn->incoming_cmd, "SIGNAL")) {
  5063. if (handle_control_signal(conn, cmd_data_len, args))
  5064. return -1;
  5065. } else if (!strcasecmp(conn->incoming_cmd, "TAKEOWNERSHIP")) {
  5066. if (handle_control_takeownership(conn, cmd_data_len, args))
  5067. return -1;
  5068. } else if (!strcasecmp(conn->incoming_cmd, "DROPOWNERSHIP")) {
  5069. if (handle_control_dropownership(conn, cmd_data_len, args))
  5070. return -1;
  5071. } else if (!strcasecmp(conn->incoming_cmd, "MAPADDRESS")) {
  5072. if (handle_control_mapaddress(conn, cmd_data_len, args))
  5073. return -1;
  5074. } else if (!strcasecmp(conn->incoming_cmd, "GETINFO")) {
  5075. if (handle_control_getinfo(conn, cmd_data_len, args))
  5076. return -1;
  5077. } else if (!strcasecmp(conn->incoming_cmd, "EXTENDCIRCUIT")) {
  5078. if (handle_control_extendcircuit(conn, cmd_data_len, args))
  5079. return -1;
  5080. } else if (!strcasecmp(conn->incoming_cmd, "SETCIRCUITPURPOSE")) {
  5081. if (handle_control_setcircuitpurpose(conn, cmd_data_len, args))
  5082. return -1;
  5083. } else if (!strcasecmp(conn->incoming_cmd, "SETROUTERPURPOSE")) {
  5084. connection_write_str_to_buf("511 SETROUTERPURPOSE is obsolete.\r\n", conn);
  5085. } else if (!strcasecmp(conn->incoming_cmd, "ATTACHSTREAM")) {
  5086. if (handle_control_attachstream(conn, cmd_data_len, args))
  5087. return -1;
  5088. } else if (!strcasecmp(conn->incoming_cmd, "+POSTDESCRIPTOR")) {
  5089. if (handle_control_postdescriptor(conn, cmd_data_len, args))
  5090. return -1;
  5091. } else if (!strcasecmp(conn->incoming_cmd, "REDIRECTSTREAM")) {
  5092. if (handle_control_redirectstream(conn, cmd_data_len, args))
  5093. return -1;
  5094. } else if (!strcasecmp(conn->incoming_cmd, "CLOSESTREAM")) {
  5095. if (handle_control_closestream(conn, cmd_data_len, args))
  5096. return -1;
  5097. } else if (!strcasecmp(conn->incoming_cmd, "CLOSECIRCUIT")) {
  5098. if (handle_control_closecircuit(conn, cmd_data_len, args))
  5099. return -1;
  5100. } else if (!strcasecmp(conn->incoming_cmd, "USEFEATURE")) {
  5101. if (handle_control_usefeature(conn, cmd_data_len, args))
  5102. return -1;
  5103. } else if (!strcasecmp(conn->incoming_cmd, "RESOLVE")) {
  5104. if (handle_control_resolve(conn, cmd_data_len, args))
  5105. return -1;
  5106. } else if (!strcasecmp(conn->incoming_cmd, "PROTOCOLINFO")) {
  5107. if (handle_control_protocolinfo(conn, cmd_data_len, args))
  5108. return -1;
  5109. } else if (!strcasecmp(conn->incoming_cmd, "AUTHCHALLENGE")) {
  5110. if (handle_control_authchallenge(conn, cmd_data_len, args))
  5111. return -1;
  5112. } else if (!strcasecmp(conn->incoming_cmd, "DROPGUARDS")) {
  5113. if (handle_control_dropguards(conn, cmd_data_len, args))
  5114. return -1;
  5115. } else if (!strcasecmp(conn->incoming_cmd, "HSFETCH")) {
  5116. if (handle_control_hsfetch(conn, cmd_data_len, args))
  5117. return -1;
  5118. } else if (!strcasecmp(conn->incoming_cmd, "+HSPOST")) {
  5119. if (handle_control_hspost(conn, cmd_data_len, args))
  5120. return -1;
  5121. } else if (!strcasecmp(conn->incoming_cmd, "ADD_ONION")) {
  5122. int ret = handle_control_add_onion(conn, cmd_data_len, args);
  5123. memwipe(args, 0, cmd_data_len); /* Scrub the private key. */
  5124. if (ret)
  5125. return -1;
  5126. } else if (!strcasecmp(conn->incoming_cmd, "DEL_ONION")) {
  5127. int ret = handle_control_del_onion(conn, cmd_data_len, args);
  5128. memwipe(args, 0, cmd_data_len); /* Scrub the service id/pk. */
  5129. if (ret)
  5130. return -1;
  5131. } else {
  5132. connection_printf_to_buf(conn, "510 Unrecognized command \"%s\"\r\n",
  5133. conn->incoming_cmd);
  5134. }
  5135. conn->incoming_cmd_cur_len = 0;
  5136. goto again;
  5137. }
  5138. /** Something major has happened to circuit <b>circ</b>: tell any
  5139. * interested control connections. */
  5140. int
  5141. control_event_circuit_status(origin_circuit_t *circ, circuit_status_event_t tp,
  5142. int reason_code)
  5143. {
  5144. const char *status;
  5145. char reasons[64] = "";
  5146. if (!EVENT_IS_INTERESTING(EVENT_CIRCUIT_STATUS))
  5147. return 0;
  5148. tor_assert(circ);
  5149. switch (tp)
  5150. {
  5151. case CIRC_EVENT_LAUNCHED: status = "LAUNCHED"; break;
  5152. case CIRC_EVENT_BUILT: status = "BUILT"; break;
  5153. case CIRC_EVENT_EXTENDED: status = "EXTENDED"; break;
  5154. case CIRC_EVENT_FAILED: status = "FAILED"; break;
  5155. case CIRC_EVENT_CLOSED: status = "CLOSED"; break;
  5156. default:
  5157. log_warn(LD_BUG, "Unrecognized status code %d", (int)tp);
  5158. tor_fragile_assert();
  5159. return 0;
  5160. }
  5161. if (tp == CIRC_EVENT_FAILED || tp == CIRC_EVENT_CLOSED) {
  5162. const char *reason_str = circuit_end_reason_to_control_string(reason_code);
  5163. char unk_reason_buf[16];
  5164. if (!reason_str) {
  5165. tor_snprintf(unk_reason_buf, 16, "UNKNOWN_%d", reason_code);
  5166. reason_str = unk_reason_buf;
  5167. }
  5168. if (reason_code > 0 && reason_code & END_CIRC_REASON_FLAG_REMOTE) {
  5169. tor_snprintf(reasons, sizeof(reasons),
  5170. " REASON=DESTROYED REMOTE_REASON=%s", reason_str);
  5171. } else {
  5172. tor_snprintf(reasons, sizeof(reasons),
  5173. " REASON=%s", reason_str);
  5174. }
  5175. }
  5176. {
  5177. char *circdesc = circuit_describe_status_for_controller(circ);
  5178. const char *sp = strlen(circdesc) ? " " : "";
  5179. send_control_event(EVENT_CIRCUIT_STATUS,
  5180. "650 CIRC %lu %s%s%s%s\r\n",
  5181. (unsigned long)circ->global_identifier,
  5182. status, sp,
  5183. circdesc,
  5184. reasons);
  5185. tor_free(circdesc);
  5186. }
  5187. return 0;
  5188. }
  5189. /** Something minor has happened to circuit <b>circ</b>: tell any
  5190. * interested control connections. */
  5191. static int
  5192. control_event_circuit_status_minor(origin_circuit_t *circ,
  5193. circuit_status_minor_event_t e,
  5194. int purpose, const struct timeval *tv)
  5195. {
  5196. const char *event_desc;
  5197. char event_tail[160] = "";
  5198. if (!EVENT_IS_INTERESTING(EVENT_CIRCUIT_STATUS_MINOR))
  5199. return 0;
  5200. tor_assert(circ);
  5201. switch (e)
  5202. {
  5203. case CIRC_MINOR_EVENT_PURPOSE_CHANGED:
  5204. event_desc = "PURPOSE_CHANGED";
  5205. {
  5206. /* event_tail can currently be up to 68 chars long */
  5207. const char *hs_state_str =
  5208. circuit_purpose_to_controller_hs_state_string(purpose);
  5209. tor_snprintf(event_tail, sizeof(event_tail),
  5210. " OLD_PURPOSE=%s%s%s",
  5211. circuit_purpose_to_controller_string(purpose),
  5212. (hs_state_str != NULL) ? " OLD_HS_STATE=" : "",
  5213. (hs_state_str != NULL) ? hs_state_str : "");
  5214. }
  5215. break;
  5216. case CIRC_MINOR_EVENT_CANNIBALIZED:
  5217. event_desc = "CANNIBALIZED";
  5218. {
  5219. /* event_tail can currently be up to 130 chars long */
  5220. const char *hs_state_str =
  5221. circuit_purpose_to_controller_hs_state_string(purpose);
  5222. const struct timeval *old_timestamp_began = tv;
  5223. char tbuf[ISO_TIME_USEC_LEN+1];
  5224. format_iso_time_nospace_usec(tbuf, old_timestamp_began);
  5225. tor_snprintf(event_tail, sizeof(event_tail),
  5226. " OLD_PURPOSE=%s%s%s OLD_TIME_CREATED=%s",
  5227. circuit_purpose_to_controller_string(purpose),
  5228. (hs_state_str != NULL) ? " OLD_HS_STATE=" : "",
  5229. (hs_state_str != NULL) ? hs_state_str : "",
  5230. tbuf);
  5231. }
  5232. break;
  5233. default:
  5234. log_warn(LD_BUG, "Unrecognized status code %d", (int)e);
  5235. tor_fragile_assert();
  5236. return 0;
  5237. }
  5238. {
  5239. char *circdesc = circuit_describe_status_for_controller(circ);
  5240. const char *sp = strlen(circdesc) ? " " : "";
  5241. send_control_event(EVENT_CIRCUIT_STATUS_MINOR,
  5242. "650 CIRC_MINOR %lu %s%s%s%s\r\n",
  5243. (unsigned long)circ->global_identifier,
  5244. event_desc, sp,
  5245. circdesc,
  5246. event_tail);
  5247. tor_free(circdesc);
  5248. }
  5249. return 0;
  5250. }
  5251. /**
  5252. * <b>circ</b> has changed its purpose from <b>old_purpose</b>: tell any
  5253. * interested controllers.
  5254. */
  5255. int
  5256. control_event_circuit_purpose_changed(origin_circuit_t *circ,
  5257. int old_purpose)
  5258. {
  5259. return control_event_circuit_status_minor(circ,
  5260. CIRC_MINOR_EVENT_PURPOSE_CHANGED,
  5261. old_purpose,
  5262. NULL);
  5263. }
  5264. /**
  5265. * <b>circ</b> has changed its purpose from <b>old_purpose</b>, and its
  5266. * created-time from <b>old_tv_created</b>: tell any interested controllers.
  5267. */
  5268. int
  5269. control_event_circuit_cannibalized(origin_circuit_t *circ,
  5270. int old_purpose,
  5271. const struct timeval *old_tv_created)
  5272. {
  5273. return control_event_circuit_status_minor(circ,
  5274. CIRC_MINOR_EVENT_CANNIBALIZED,
  5275. old_purpose,
  5276. old_tv_created);
  5277. }
  5278. /** Given an AP connection <b>conn</b> and a <b>len</b>-character buffer
  5279. * <b>buf</b>, determine the address:port combination requested on
  5280. * <b>conn</b>, and write it to <b>buf</b>. Return 0 on success, -1 on
  5281. * failure. */
  5282. static int
  5283. write_stream_target_to_buf(entry_connection_t *conn, char *buf, size_t len)
  5284. {
  5285. char buf2[256];
  5286. if (conn->chosen_exit_name)
  5287. if (tor_snprintf(buf2, sizeof(buf2), ".%s.exit", conn->chosen_exit_name)<0)
  5288. return -1;
  5289. if (!conn->socks_request)
  5290. return -1;
  5291. if (tor_snprintf(buf, len, "%s%s%s:%d",
  5292. conn->socks_request->address,
  5293. conn->chosen_exit_name ? buf2 : "",
  5294. !conn->chosen_exit_name && connection_edge_is_rendezvous_stream(
  5295. ENTRY_TO_EDGE_CONN(conn)) ? ".onion" : "",
  5296. conn->socks_request->port)<0)
  5297. return -1;
  5298. return 0;
  5299. }
  5300. /** Something has happened to the stream associated with AP connection
  5301. * <b>conn</b>: tell any interested control connections. */
  5302. int
  5303. control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp,
  5304. int reason_code)
  5305. {
  5306. char reason_buf[64];
  5307. char addrport_buf[64];
  5308. const char *status;
  5309. circuit_t *circ;
  5310. origin_circuit_t *origin_circ = NULL;
  5311. char buf[256];
  5312. const char *purpose = "";
  5313. tor_assert(conn->socks_request);
  5314. if (!EVENT_IS_INTERESTING(EVENT_STREAM_STATUS))
  5315. return 0;
  5316. if (tp == STREAM_EVENT_CLOSED &&
  5317. (reason_code & END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED))
  5318. return 0;
  5319. write_stream_target_to_buf(conn, buf, sizeof(buf));
  5320. reason_buf[0] = '\0';
  5321. switch (tp)
  5322. {
  5323. case STREAM_EVENT_SENT_CONNECT: status = "SENTCONNECT"; break;
  5324. case STREAM_EVENT_SENT_RESOLVE: status = "SENTRESOLVE"; break;
  5325. case STREAM_EVENT_SUCCEEDED: status = "SUCCEEDED"; break;
  5326. case STREAM_EVENT_FAILED: status = "FAILED"; break;
  5327. case STREAM_EVENT_CLOSED: status = "CLOSED"; break;
  5328. case STREAM_EVENT_NEW: status = "NEW"; break;
  5329. case STREAM_EVENT_NEW_RESOLVE: status = "NEWRESOLVE"; break;
  5330. case STREAM_EVENT_FAILED_RETRIABLE: status = "DETACHED"; break;
  5331. case STREAM_EVENT_REMAP: status = "REMAP"; break;
  5332. default:
  5333. log_warn(LD_BUG, "Unrecognized status code %d", (int)tp);
  5334. return 0;
  5335. }
  5336. if (reason_code && (tp == STREAM_EVENT_FAILED ||
  5337. tp == STREAM_EVENT_CLOSED ||
  5338. tp == STREAM_EVENT_FAILED_RETRIABLE)) {
  5339. const char *reason_str = stream_end_reason_to_control_string(reason_code);
  5340. char *r = NULL;
  5341. if (!reason_str) {
  5342. tor_asprintf(&r, " UNKNOWN_%d", reason_code);
  5343. reason_str = r;
  5344. }
  5345. if (reason_code & END_STREAM_REASON_FLAG_REMOTE)
  5346. tor_snprintf(reason_buf, sizeof(reason_buf),
  5347. " REASON=END REMOTE_REASON=%s", reason_str);
  5348. else
  5349. tor_snprintf(reason_buf, sizeof(reason_buf),
  5350. " REASON=%s", reason_str);
  5351. tor_free(r);
  5352. } else if (reason_code && tp == STREAM_EVENT_REMAP) {
  5353. switch (reason_code) {
  5354. case REMAP_STREAM_SOURCE_CACHE:
  5355. strlcpy(reason_buf, " SOURCE=CACHE", sizeof(reason_buf));
  5356. break;
  5357. case REMAP_STREAM_SOURCE_EXIT:
  5358. strlcpy(reason_buf, " SOURCE=EXIT", sizeof(reason_buf));
  5359. break;
  5360. default:
  5361. tor_snprintf(reason_buf, sizeof(reason_buf), " REASON=UNKNOWN_%d",
  5362. reason_code);
  5363. /* XXX do we want SOURCE=UNKNOWN_%d above instead? -RD */
  5364. break;
  5365. }
  5366. }
  5367. if (tp == STREAM_EVENT_NEW || tp == STREAM_EVENT_NEW_RESOLVE) {
  5368. /*
  5369. * When the control conn is an AF_UNIX socket and we have no address,
  5370. * it gets set to "(Tor_internal)"; see dnsserv_launch_request() in
  5371. * dnsserv.c.
  5372. */
  5373. if (strcmp(ENTRY_TO_CONN(conn)->address, "(Tor_internal)") != 0) {
  5374. tor_snprintf(addrport_buf,sizeof(addrport_buf), " SOURCE_ADDR=%s:%d",
  5375. ENTRY_TO_CONN(conn)->address, ENTRY_TO_CONN(conn)->port);
  5376. } else {
  5377. /*
  5378. * else leave it blank so control on AF_UNIX doesn't need to make
  5379. * something up.
  5380. */
  5381. addrport_buf[0] = '\0';
  5382. }
  5383. } else {
  5384. addrport_buf[0] = '\0';
  5385. }
  5386. if (tp == STREAM_EVENT_NEW_RESOLVE) {
  5387. purpose = " PURPOSE=DNS_REQUEST";
  5388. } else if (tp == STREAM_EVENT_NEW) {
  5389. if (conn->use_begindir) {
  5390. connection_t *linked = ENTRY_TO_CONN(conn)->linked_conn;
  5391. int linked_dir_purpose = -1;
  5392. if (linked && linked->type == CONN_TYPE_DIR)
  5393. linked_dir_purpose = linked->purpose;
  5394. if (DIR_PURPOSE_IS_UPLOAD(linked_dir_purpose))
  5395. purpose = " PURPOSE=DIR_UPLOAD";
  5396. else
  5397. purpose = " PURPOSE=DIR_FETCH";
  5398. } else
  5399. purpose = " PURPOSE=USER";
  5400. }
  5401. circ = circuit_get_by_edge_conn(ENTRY_TO_EDGE_CONN(conn));
  5402. if (circ && CIRCUIT_IS_ORIGIN(circ))
  5403. origin_circ = TO_ORIGIN_CIRCUIT(circ);
  5404. send_control_event(EVENT_STREAM_STATUS,
  5405. "650 STREAM %"PRIu64" %s %lu %s%s%s%s\r\n",
  5406. (ENTRY_TO_CONN(conn)->global_identifier),
  5407. status,
  5408. origin_circ?
  5409. (unsigned long)origin_circ->global_identifier : 0ul,
  5410. buf, reason_buf, addrport_buf, purpose);
  5411. /* XXX need to specify its intended exit, etc? */
  5412. return 0;
  5413. }
  5414. /** Figure out the best name for the target router of an OR connection
  5415. * <b>conn</b>, and write it into the <b>len</b>-character buffer
  5416. * <b>name</b>. */
  5417. static void
  5418. orconn_target_get_name(char *name, size_t len, or_connection_t *conn)
  5419. {
  5420. const node_t *node = node_get_by_id(conn->identity_digest);
  5421. if (node) {
  5422. tor_assert(len > MAX_VERBOSE_NICKNAME_LEN);
  5423. node_get_verbose_nickname(node, name);
  5424. } else if (! tor_digest_is_zero(conn->identity_digest)) {
  5425. name[0] = '$';
  5426. base16_encode(name+1, len-1, conn->identity_digest,
  5427. DIGEST_LEN);
  5428. } else {
  5429. tor_snprintf(name, len, "%s:%d",
  5430. conn->base_.address, conn->base_.port);
  5431. }
  5432. }
  5433. /** Called when the status of an OR connection <b>conn</b> changes: tell any
  5434. * interested control connections. <b>tp</b> is the new status for the
  5435. * connection. If <b>conn</b> has just closed or failed, then <b>reason</b>
  5436. * may be the reason why.
  5437. */
  5438. int
  5439. control_event_or_conn_status(or_connection_t *conn, or_conn_status_event_t tp,
  5440. int reason)
  5441. {
  5442. int ncircs = 0;
  5443. const char *status;
  5444. char name[128];
  5445. char ncircs_buf[32] = {0}; /* > 8 + log10(2^32)=10 + 2 */
  5446. if (!EVENT_IS_INTERESTING(EVENT_OR_CONN_STATUS))
  5447. return 0;
  5448. switch (tp)
  5449. {
  5450. case OR_CONN_EVENT_LAUNCHED: status = "LAUNCHED"; break;
  5451. case OR_CONN_EVENT_CONNECTED: status = "CONNECTED"; break;
  5452. case OR_CONN_EVENT_FAILED: status = "FAILED"; break;
  5453. case OR_CONN_EVENT_CLOSED: status = "CLOSED"; break;
  5454. case OR_CONN_EVENT_NEW: status = "NEW"; break;
  5455. default:
  5456. log_warn(LD_BUG, "Unrecognized status code %d", (int)tp);
  5457. return 0;
  5458. }
  5459. if (conn->chan) {
  5460. ncircs = circuit_count_pending_on_channel(TLS_CHAN_TO_BASE(conn->chan));
  5461. } else {
  5462. ncircs = 0;
  5463. }
  5464. ncircs += connection_or_get_num_circuits(conn);
  5465. if (ncircs && (tp == OR_CONN_EVENT_FAILED || tp == OR_CONN_EVENT_CLOSED)) {
  5466. tor_snprintf(ncircs_buf, sizeof(ncircs_buf), " NCIRCS=%d", ncircs);
  5467. }
  5468. orconn_target_get_name(name, sizeof(name), conn);
  5469. send_control_event(EVENT_OR_CONN_STATUS,
  5470. "650 ORCONN %s %s%s%s%s ID=%"PRIu64"\r\n",
  5471. name, status,
  5472. reason ? " REASON=" : "",
  5473. orconn_end_reason_to_control_string(reason),
  5474. ncircs_buf,
  5475. (conn->base_.global_identifier));
  5476. return 0;
  5477. }
  5478. /**
  5479. * Print out STREAM_BW event for a single conn
  5480. */
  5481. int
  5482. control_event_stream_bandwidth(edge_connection_t *edge_conn)
  5483. {
  5484. struct timeval now;
  5485. char tbuf[ISO_TIME_USEC_LEN+1];
  5486. if (EVENT_IS_INTERESTING(EVENT_STREAM_BANDWIDTH_USED)) {
  5487. if (!edge_conn->n_read && !edge_conn->n_written)
  5488. return 0;
  5489. tor_gettimeofday(&now);
  5490. format_iso_time_nospace_usec(tbuf, &now);
  5491. send_control_event(EVENT_STREAM_BANDWIDTH_USED,
  5492. "650 STREAM_BW %"PRIu64" %lu %lu %s\r\n",
  5493. (edge_conn->base_.global_identifier),
  5494. (unsigned long)edge_conn->n_read,
  5495. (unsigned long)edge_conn->n_written,
  5496. tbuf);
  5497. edge_conn->n_written = edge_conn->n_read = 0;
  5498. }
  5499. return 0;
  5500. }
  5501. /** A second or more has elapsed: tell any interested control
  5502. * connections how much bandwidth streams have used. */
  5503. int
  5504. control_event_stream_bandwidth_used(void)
  5505. {
  5506. if (EVENT_IS_INTERESTING(EVENT_STREAM_BANDWIDTH_USED)) {
  5507. smartlist_t *conns = get_connection_array();
  5508. edge_connection_t *edge_conn;
  5509. struct timeval now;
  5510. char tbuf[ISO_TIME_USEC_LEN+1];
  5511. SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn)
  5512. {
  5513. if (conn->type != CONN_TYPE_AP)
  5514. continue;
  5515. edge_conn = TO_EDGE_CONN(conn);
  5516. if (!edge_conn->n_read && !edge_conn->n_written)
  5517. continue;
  5518. tor_gettimeofday(&now);
  5519. format_iso_time_nospace_usec(tbuf, &now);
  5520. send_control_event(EVENT_STREAM_BANDWIDTH_USED,
  5521. "650 STREAM_BW %"PRIu64" %lu %lu %s\r\n",
  5522. (edge_conn->base_.global_identifier),
  5523. (unsigned long)edge_conn->n_read,
  5524. (unsigned long)edge_conn->n_written,
  5525. tbuf);
  5526. edge_conn->n_written = edge_conn->n_read = 0;
  5527. }
  5528. SMARTLIST_FOREACH_END(conn);
  5529. }
  5530. return 0;
  5531. }
  5532. /** A second or more has elapsed: tell any interested control connections
  5533. * how much bandwidth origin circuits have used. */
  5534. int
  5535. control_event_circ_bandwidth_used(void)
  5536. {
  5537. if (!EVENT_IS_INTERESTING(EVENT_CIRC_BANDWIDTH_USED))
  5538. return 0;
  5539. SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
  5540. if (!CIRCUIT_IS_ORIGIN(circ))
  5541. continue;
  5542. control_event_circ_bandwidth_used_for_circ(TO_ORIGIN_CIRCUIT(circ));
  5543. }
  5544. SMARTLIST_FOREACH_END(circ);
  5545. return 0;
  5546. }
  5547. /**
  5548. * Emit a CIRC_BW event line for a specific circuit.
  5549. *
  5550. * This function sets the values it emits to 0, and does not emit
  5551. * an event if there is no new data to report since the last call.
  5552. *
  5553. * Therefore, it may be called at any frequency.
  5554. */
  5555. int
  5556. control_event_circ_bandwidth_used_for_circ(origin_circuit_t *ocirc)
  5557. {
  5558. struct timeval now;
  5559. char tbuf[ISO_TIME_USEC_LEN+1];
  5560. tor_assert(ocirc);
  5561. if (!EVENT_IS_INTERESTING(EVENT_CIRC_BANDWIDTH_USED))
  5562. return 0;
  5563. /* n_read_circ_bw and n_written_circ_bw are always updated
  5564. * when there is any new cell on a circuit, and set to 0 after
  5565. * the event, below.
  5566. *
  5567. * Therefore, checking them is sufficient to determine if there
  5568. * is new data to report. */
  5569. if (!ocirc->n_read_circ_bw && !ocirc->n_written_circ_bw)
  5570. return 0;
  5571. tor_gettimeofday(&now);
  5572. format_iso_time_nospace_usec(tbuf, &now);
  5573. send_control_event(EVENT_CIRC_BANDWIDTH_USED,
  5574. "650 CIRC_BW ID=%d READ=%lu WRITTEN=%lu TIME=%s "
  5575. "DELIVERED_READ=%lu OVERHEAD_READ=%lu "
  5576. "DELIVERED_WRITTEN=%lu OVERHEAD_WRITTEN=%lu\r\n",
  5577. ocirc->global_identifier,
  5578. (unsigned long)ocirc->n_read_circ_bw,
  5579. (unsigned long)ocirc->n_written_circ_bw,
  5580. tbuf,
  5581. (unsigned long)ocirc->n_delivered_read_circ_bw,
  5582. (unsigned long)ocirc->n_overhead_read_circ_bw,
  5583. (unsigned long)ocirc->n_delivered_written_circ_bw,
  5584. (unsigned long)ocirc->n_overhead_written_circ_bw);
  5585. ocirc->n_written_circ_bw = ocirc->n_read_circ_bw = 0;
  5586. ocirc->n_overhead_written_circ_bw = ocirc->n_overhead_read_circ_bw = 0;
  5587. ocirc->n_delivered_written_circ_bw = ocirc->n_delivered_read_circ_bw = 0;
  5588. return 0;
  5589. }
  5590. /** Print out CONN_BW event for a single OR/DIR/EXIT <b>conn</b> and reset
  5591. * bandwidth counters. */
  5592. int
  5593. control_event_conn_bandwidth(connection_t *conn)
  5594. {
  5595. const char *conn_type_str;
  5596. if (!get_options()->TestingEnableConnBwEvent ||
  5597. !EVENT_IS_INTERESTING(EVENT_CONN_BW))
  5598. return 0;
  5599. if (!conn->n_read_conn_bw && !conn->n_written_conn_bw)
  5600. return 0;
  5601. switch (conn->type) {
  5602. case CONN_TYPE_OR:
  5603. conn_type_str = "OR";
  5604. break;
  5605. case CONN_TYPE_DIR:
  5606. conn_type_str = "DIR";
  5607. break;
  5608. case CONN_TYPE_EXIT:
  5609. conn_type_str = "EXIT";
  5610. break;
  5611. default:
  5612. return 0;
  5613. }
  5614. send_control_event(EVENT_CONN_BW,
  5615. "650 CONN_BW ID=%"PRIu64" TYPE=%s "
  5616. "READ=%lu WRITTEN=%lu\r\n",
  5617. (conn->global_identifier),
  5618. conn_type_str,
  5619. (unsigned long)conn->n_read_conn_bw,
  5620. (unsigned long)conn->n_written_conn_bw);
  5621. conn->n_written_conn_bw = conn->n_read_conn_bw = 0;
  5622. return 0;
  5623. }
  5624. /** A second or more has elapsed: tell any interested control
  5625. * connections how much bandwidth connections have used. */
  5626. int
  5627. control_event_conn_bandwidth_used(void)
  5628. {
  5629. if (get_options()->TestingEnableConnBwEvent &&
  5630. EVENT_IS_INTERESTING(EVENT_CONN_BW)) {
  5631. SMARTLIST_FOREACH(get_connection_array(), connection_t *, conn,
  5632. control_event_conn_bandwidth(conn));
  5633. }
  5634. return 0;
  5635. }
  5636. /** Helper: iterate over cell statistics of <b>circ</b> and sum up added
  5637. * cells, removed cells, and waiting times by cell command and direction.
  5638. * Store results in <b>cell_stats</b>. Free cell statistics of the
  5639. * circuit afterwards. */
  5640. void
  5641. sum_up_cell_stats_by_command(circuit_t *circ, cell_stats_t *cell_stats)
  5642. {
  5643. memset(cell_stats, 0, sizeof(cell_stats_t));
  5644. SMARTLIST_FOREACH_BEGIN(circ->testing_cell_stats,
  5645. const testing_cell_stats_entry_t *, ent) {
  5646. tor_assert(ent->command <= CELL_COMMAND_MAX_);
  5647. if (!ent->removed && !ent->exitward) {
  5648. cell_stats->added_cells_appward[ent->command] += 1;
  5649. } else if (!ent->removed && ent->exitward) {
  5650. cell_stats->added_cells_exitward[ent->command] += 1;
  5651. } else if (!ent->exitward) {
  5652. cell_stats->removed_cells_appward[ent->command] += 1;
  5653. cell_stats->total_time_appward[ent->command] += ent->waiting_time * 10;
  5654. } else {
  5655. cell_stats->removed_cells_exitward[ent->command] += 1;
  5656. cell_stats->total_time_exitward[ent->command] += ent->waiting_time * 10;
  5657. }
  5658. } SMARTLIST_FOREACH_END(ent);
  5659. circuit_clear_testing_cell_stats(circ);
  5660. }
  5661. /** Helper: append a cell statistics string to <code>event_parts</code>,
  5662. * prefixed with <code>key</code>=. Statistics consist of comma-separated
  5663. * key:value pairs with lower-case command strings as keys and cell
  5664. * numbers or total waiting times as values. A key:value pair is included
  5665. * if the entry in <code>include_if_non_zero</code> is not zero, but with
  5666. * the (possibly zero) entry from <code>number_to_include</code>. Both
  5667. * arrays are expected to have a length of CELL_COMMAND_MAX_ + 1. If no
  5668. * entry in <code>include_if_non_zero</code> is positive, no string will
  5669. * be added to <code>event_parts</code>. */
  5670. void
  5671. append_cell_stats_by_command(smartlist_t *event_parts, const char *key,
  5672. const uint64_t *include_if_non_zero,
  5673. const uint64_t *number_to_include)
  5674. {
  5675. smartlist_t *key_value_strings = smartlist_new();
  5676. int i;
  5677. for (i = 0; i <= CELL_COMMAND_MAX_; i++) {
  5678. if (include_if_non_zero[i] > 0) {
  5679. smartlist_add_asprintf(key_value_strings, "%s:%"PRIu64,
  5680. cell_command_to_string(i),
  5681. (number_to_include[i]));
  5682. }
  5683. }
  5684. if (smartlist_len(key_value_strings) > 0) {
  5685. char *joined = smartlist_join_strings(key_value_strings, ",", 0, NULL);
  5686. smartlist_add_asprintf(event_parts, "%s=%s", key, joined);
  5687. SMARTLIST_FOREACH(key_value_strings, char *, cp, tor_free(cp));
  5688. tor_free(joined);
  5689. }
  5690. smartlist_free(key_value_strings);
  5691. }
  5692. /** Helper: format <b>cell_stats</b> for <b>circ</b> for inclusion in a
  5693. * CELL_STATS event and write result string to <b>event_string</b>. */
  5694. void
  5695. format_cell_stats(char **event_string, circuit_t *circ,
  5696. cell_stats_t *cell_stats)
  5697. {
  5698. smartlist_t *event_parts = smartlist_new();
  5699. if (CIRCUIT_IS_ORIGIN(circ)) {
  5700. origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
  5701. smartlist_add_asprintf(event_parts, "ID=%lu",
  5702. (unsigned long)ocirc->global_identifier);
  5703. } else if (TO_OR_CIRCUIT(circ)->p_chan) {
  5704. or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
  5705. smartlist_add_asprintf(event_parts, "InboundQueue=%lu",
  5706. (unsigned long)or_circ->p_circ_id);
  5707. smartlist_add_asprintf(event_parts, "InboundConn=%"PRIu64,
  5708. (or_circ->p_chan->global_identifier));
  5709. append_cell_stats_by_command(event_parts, "InboundAdded",
  5710. cell_stats->added_cells_appward,
  5711. cell_stats->added_cells_appward);
  5712. append_cell_stats_by_command(event_parts, "InboundRemoved",
  5713. cell_stats->removed_cells_appward,
  5714. cell_stats->removed_cells_appward);
  5715. append_cell_stats_by_command(event_parts, "InboundTime",
  5716. cell_stats->removed_cells_appward,
  5717. cell_stats->total_time_appward);
  5718. }
  5719. if (circ->n_chan) {
  5720. smartlist_add_asprintf(event_parts, "OutboundQueue=%lu",
  5721. (unsigned long)circ->n_circ_id);
  5722. smartlist_add_asprintf(event_parts, "OutboundConn=%"PRIu64,
  5723. (circ->n_chan->global_identifier));
  5724. append_cell_stats_by_command(event_parts, "OutboundAdded",
  5725. cell_stats->added_cells_exitward,
  5726. cell_stats->added_cells_exitward);
  5727. append_cell_stats_by_command(event_parts, "OutboundRemoved",
  5728. cell_stats->removed_cells_exitward,
  5729. cell_stats->removed_cells_exitward);
  5730. append_cell_stats_by_command(event_parts, "OutboundTime",
  5731. cell_stats->removed_cells_exitward,
  5732. cell_stats->total_time_exitward);
  5733. }
  5734. *event_string = smartlist_join_strings(event_parts, " ", 0, NULL);
  5735. SMARTLIST_FOREACH(event_parts, char *, cp, tor_free(cp));
  5736. smartlist_free(event_parts);
  5737. }
  5738. /** A second or more has elapsed: tell any interested control connection
  5739. * how many cells have been processed for a given circuit. */
  5740. int
  5741. control_event_circuit_cell_stats(void)
  5742. {
  5743. cell_stats_t *cell_stats;
  5744. char *event_string;
  5745. if (!get_options()->TestingEnableCellStatsEvent ||
  5746. !EVENT_IS_INTERESTING(EVENT_CELL_STATS))
  5747. return 0;
  5748. cell_stats = tor_malloc(sizeof(cell_stats_t));
  5749. SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
  5750. if (!circ->testing_cell_stats)
  5751. continue;
  5752. sum_up_cell_stats_by_command(circ, cell_stats);
  5753. format_cell_stats(&event_string, circ, cell_stats);
  5754. send_control_event(EVENT_CELL_STATS,
  5755. "650 CELL_STATS %s\r\n", event_string);
  5756. tor_free(event_string);
  5757. }
  5758. SMARTLIST_FOREACH_END(circ);
  5759. tor_free(cell_stats);
  5760. return 0;
  5761. }
  5762. /* about 5 minutes worth. */
  5763. #define N_BW_EVENTS_TO_CACHE 300
  5764. /* Index into cached_bw_events to next write. */
  5765. static int next_measurement_idx = 0;
  5766. /* number of entries set in n_measurements */
  5767. static int n_measurements = 0;
  5768. static struct cached_bw_event_s {
  5769. uint32_t n_read;
  5770. uint32_t n_written;
  5771. } cached_bw_events[N_BW_EVENTS_TO_CACHE];
  5772. /** A second or more has elapsed: tell any interested control
  5773. * connections how much bandwidth we used. */
  5774. int
  5775. control_event_bandwidth_used(uint32_t n_read, uint32_t n_written)
  5776. {
  5777. cached_bw_events[next_measurement_idx].n_read = n_read;
  5778. cached_bw_events[next_measurement_idx].n_written = n_written;
  5779. if (++next_measurement_idx == N_BW_EVENTS_TO_CACHE)
  5780. next_measurement_idx = 0;
  5781. if (n_measurements < N_BW_EVENTS_TO_CACHE)
  5782. ++n_measurements;
  5783. if (EVENT_IS_INTERESTING(EVENT_BANDWIDTH_USED)) {
  5784. send_control_event(EVENT_BANDWIDTH_USED,
  5785. "650 BW %lu %lu\r\n",
  5786. (unsigned long)n_read,
  5787. (unsigned long)n_written);
  5788. }
  5789. return 0;
  5790. }
  5791. STATIC char *
  5792. get_bw_samples(void)
  5793. {
  5794. int i;
  5795. int idx = (next_measurement_idx + N_BW_EVENTS_TO_CACHE - n_measurements)
  5796. % N_BW_EVENTS_TO_CACHE;
  5797. tor_assert(0 <= idx && idx < N_BW_EVENTS_TO_CACHE);
  5798. smartlist_t *elements = smartlist_new();
  5799. for (i = 0; i < n_measurements; ++i) {
  5800. tor_assert(0 <= idx && idx < N_BW_EVENTS_TO_CACHE);
  5801. const struct cached_bw_event_s *bwe = &cached_bw_events[idx];
  5802. smartlist_add_asprintf(elements, "%u,%u",
  5803. (unsigned)bwe->n_read,
  5804. (unsigned)bwe->n_written);
  5805. idx = (idx + 1) % N_BW_EVENTS_TO_CACHE;
  5806. }
  5807. char *result = smartlist_join_strings(elements, " ", 0, NULL);
  5808. SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
  5809. smartlist_free(elements);
  5810. return result;
  5811. }
  5812. /** Called when we are sending a log message to the controllers: suspend
  5813. * sending further log messages to the controllers until we're done. Used by
  5814. * CONN_LOG_PROTECT. */
  5815. void
  5816. disable_control_logging(void)
  5817. {
  5818. ++disable_log_messages;
  5819. }
  5820. /** We're done sending a log message to the controllers: re-enable controller
  5821. * logging. Used by CONN_LOG_PROTECT. */
  5822. void
  5823. enable_control_logging(void)
  5824. {
  5825. if (--disable_log_messages < 0)
  5826. tor_assert(0);
  5827. }
  5828. /** We got a log message: tell any interested control connections. */
  5829. void
  5830. control_event_logmsg(int severity, uint32_t domain, const char *msg)
  5831. {
  5832. int event;
  5833. /* Don't even think of trying to add stuff to a buffer from a cpuworker
  5834. * thread. (See #25987 for plan to fix.) */
  5835. if (! in_main_thread())
  5836. return;
  5837. if (disable_log_messages)
  5838. return;
  5839. if (domain == LD_BUG && EVENT_IS_INTERESTING(EVENT_STATUS_GENERAL) &&
  5840. severity <= LOG_NOTICE) {
  5841. char *esc = esc_for_log(msg);
  5842. ++disable_log_messages;
  5843. control_event_general_status(severity, "BUG REASON=%s", esc);
  5844. --disable_log_messages;
  5845. tor_free(esc);
  5846. }
  5847. event = log_severity_to_event(severity);
  5848. if (event >= 0 && EVENT_IS_INTERESTING(event)) {
  5849. char *b = NULL;
  5850. const char *s;
  5851. if (strchr(msg, '\n')) {
  5852. char *cp;
  5853. b = tor_strdup(msg);
  5854. for (cp = b; *cp; ++cp)
  5855. if (*cp == '\r' || *cp == '\n')
  5856. *cp = ' ';
  5857. }
  5858. switch (severity) {
  5859. case LOG_DEBUG: s = "DEBUG"; break;
  5860. case LOG_INFO: s = "INFO"; break;
  5861. case LOG_NOTICE: s = "NOTICE"; break;
  5862. case LOG_WARN: s = "WARN"; break;
  5863. case LOG_ERR: s = "ERR"; break;
  5864. default: s = "UnknownLogSeverity"; break;
  5865. }
  5866. ++disable_log_messages;
  5867. send_control_event(event, "650 %s %s\r\n", s, b?b:msg);
  5868. if (severity == LOG_ERR) {
  5869. /* Force a flush, since we may be about to die horribly */
  5870. queued_events_flush_all(1);
  5871. }
  5872. --disable_log_messages;
  5873. tor_free(b);
  5874. }
  5875. }
  5876. /**
  5877. * Logging callback: called when there is a queued pending log callback.
  5878. */
  5879. void
  5880. control_event_logmsg_pending(void)
  5881. {
  5882. if (! in_main_thread()) {
  5883. /* We can't handle this case yet, since we're using a
  5884. * mainloop_event_t to invoke queued_events_flush_all. We ought to
  5885. * use a different mechanism instead: see #25987.
  5886. **/
  5887. return;
  5888. }
  5889. tor_assert(flush_queued_events_event);
  5890. mainloop_event_activate(flush_queued_events_event);
  5891. }
  5892. /** Called whenever we receive new router descriptors: tell any
  5893. * interested control connections. <b>routers</b> is a list of
  5894. * routerinfo_t's.
  5895. */
  5896. int
  5897. control_event_descriptors_changed(smartlist_t *routers)
  5898. {
  5899. char *msg;
  5900. if (!EVENT_IS_INTERESTING(EVENT_NEW_DESC))
  5901. return 0;
  5902. {
  5903. smartlist_t *names = smartlist_new();
  5904. char *ids;
  5905. SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
  5906. char *b = tor_malloc(MAX_VERBOSE_NICKNAME_LEN+1);
  5907. router_get_verbose_nickname(b, ri);
  5908. smartlist_add(names, b);
  5909. });
  5910. ids = smartlist_join_strings(names, " ", 0, NULL);
  5911. tor_asprintf(&msg, "650 NEWDESC %s\r\n", ids);
  5912. send_control_event_string(EVENT_NEW_DESC, msg);
  5913. tor_free(ids);
  5914. tor_free(msg);
  5915. SMARTLIST_FOREACH(names, char *, cp, tor_free(cp));
  5916. smartlist_free(names);
  5917. }
  5918. return 0;
  5919. }
  5920. /** Called when an address mapping on <b>from</b> from changes to <b>to</b>.
  5921. * <b>expires</b> values less than 3 are special; see connection_edge.c. If
  5922. * <b>error</b> is non-NULL, it is an error code describing the failure
  5923. * mode of the mapping.
  5924. */
  5925. int
  5926. control_event_address_mapped(const char *from, const char *to, time_t expires,
  5927. const char *error, const int cached)
  5928. {
  5929. if (!EVENT_IS_INTERESTING(EVENT_ADDRMAP))
  5930. return 0;
  5931. if (expires < 3 || expires == TIME_MAX)
  5932. send_control_event(EVENT_ADDRMAP,
  5933. "650 ADDRMAP %s %s NEVER %s%s"
  5934. "CACHED=\"%s\"\r\n",
  5935. from, to, error?error:"", error?" ":"",
  5936. cached?"YES":"NO");
  5937. else {
  5938. char buf[ISO_TIME_LEN+1];
  5939. char buf2[ISO_TIME_LEN+1];
  5940. format_local_iso_time(buf,expires);
  5941. format_iso_time(buf2,expires);
  5942. send_control_event(EVENT_ADDRMAP,
  5943. "650 ADDRMAP %s %s \"%s\""
  5944. " %s%sEXPIRES=\"%s\" CACHED=\"%s\"\r\n",
  5945. from, to, buf,
  5946. error?error:"", error?" ":"",
  5947. buf2, cached?"YES":"NO");
  5948. }
  5949. return 0;
  5950. }
  5951. /** Cached liveness for network liveness events and GETINFO
  5952. */
  5953. static int network_is_live = 0;
  5954. static int
  5955. get_cached_network_liveness(void)
  5956. {
  5957. return network_is_live;
  5958. }
  5959. static void
  5960. set_cached_network_liveness(int liveness)
  5961. {
  5962. network_is_live = liveness;
  5963. }
  5964. /** The network liveness has changed; this is called from circuitstats.c
  5965. * whenever we receive a cell, or when timeout expires and we assume the
  5966. * network is down. */
  5967. int
  5968. control_event_network_liveness_update(int liveness)
  5969. {
  5970. if (liveness > 0) {
  5971. if (get_cached_network_liveness() <= 0) {
  5972. /* Update cached liveness */
  5973. set_cached_network_liveness(1);
  5974. log_debug(LD_CONTROL, "Sending NETWORK_LIVENESS UP");
  5975. send_control_event_string(EVENT_NETWORK_LIVENESS,
  5976. "650 NETWORK_LIVENESS UP\r\n");
  5977. }
  5978. /* else was already live, no-op */
  5979. } else {
  5980. if (get_cached_network_liveness() > 0) {
  5981. /* Update cached liveness */
  5982. set_cached_network_liveness(0);
  5983. log_debug(LD_CONTROL, "Sending NETWORK_LIVENESS DOWN");
  5984. send_control_event_string(EVENT_NETWORK_LIVENESS,
  5985. "650 NETWORK_LIVENESS DOWN\r\n");
  5986. }
  5987. /* else was already dead, no-op */
  5988. }
  5989. return 0;
  5990. }
  5991. /** Helper function for NS-style events. Constructs and sends an event
  5992. * of type <b>event</b> with string <b>event_string</b> out of the set of
  5993. * networkstatuses <b>statuses</b>. Currently it is used for NS events
  5994. * and NEWCONSENSUS events. */
  5995. static int
  5996. control_event_networkstatus_changed_helper(smartlist_t *statuses,
  5997. uint16_t event,
  5998. const char *event_string)
  5999. {
  6000. smartlist_t *strs;
  6001. char *s, *esc = NULL;
  6002. if (!EVENT_IS_INTERESTING(event) || !smartlist_len(statuses))
  6003. return 0;
  6004. strs = smartlist_new();
  6005. smartlist_add_strdup(strs, "650+");
  6006. smartlist_add_strdup(strs, event_string);
  6007. smartlist_add_strdup(strs, "\r\n");
  6008. SMARTLIST_FOREACH(statuses, const routerstatus_t *, rs,
  6009. {
  6010. s = networkstatus_getinfo_helper_single(rs);
  6011. if (!s) continue;
  6012. smartlist_add(strs, s);
  6013. });
  6014. s = smartlist_join_strings(strs, "", 0, NULL);
  6015. write_escaped_data(s, strlen(s), &esc);
  6016. SMARTLIST_FOREACH(strs, char *, cp, tor_free(cp));
  6017. smartlist_free(strs);
  6018. tor_free(s);
  6019. send_control_event_string(event, esc);
  6020. send_control_event_string(event,
  6021. "650 OK\r\n");
  6022. tor_free(esc);
  6023. return 0;
  6024. }
  6025. /** Called when the routerstatus_ts <b>statuses</b> have changed: sends
  6026. * an NS event to any controller that cares. */
  6027. int
  6028. control_event_networkstatus_changed(smartlist_t *statuses)
  6029. {
  6030. return control_event_networkstatus_changed_helper(statuses, EVENT_NS, "NS");
  6031. }
  6032. /** Called when we get a new consensus networkstatus. Sends a NEWCONSENSUS
  6033. * event consisting of an NS-style line for each relay in the consensus. */
  6034. int
  6035. control_event_newconsensus(const networkstatus_t *consensus)
  6036. {
  6037. if (!control_event_is_interesting(EVENT_NEWCONSENSUS))
  6038. return 0;
  6039. return control_event_networkstatus_changed_helper(
  6040. consensus->routerstatus_list, EVENT_NEWCONSENSUS, "NEWCONSENSUS");
  6041. }
  6042. /** Called when we compute a new circuitbuildtimeout */
  6043. int
  6044. control_event_buildtimeout_set(buildtimeout_set_event_t type,
  6045. const char *args)
  6046. {
  6047. const char *type_string = NULL;
  6048. if (!control_event_is_interesting(EVENT_BUILDTIMEOUT_SET))
  6049. return 0;
  6050. switch (type) {
  6051. case BUILDTIMEOUT_SET_EVENT_COMPUTED:
  6052. type_string = "COMPUTED";
  6053. break;
  6054. case BUILDTIMEOUT_SET_EVENT_RESET:
  6055. type_string = "RESET";
  6056. break;
  6057. case BUILDTIMEOUT_SET_EVENT_SUSPENDED:
  6058. type_string = "SUSPENDED";
  6059. break;
  6060. case BUILDTIMEOUT_SET_EVENT_DISCARD:
  6061. type_string = "DISCARD";
  6062. break;
  6063. case BUILDTIMEOUT_SET_EVENT_RESUME:
  6064. type_string = "RESUME";
  6065. break;
  6066. default:
  6067. type_string = "UNKNOWN";
  6068. break;
  6069. }
  6070. send_control_event(EVENT_BUILDTIMEOUT_SET,
  6071. "650 BUILDTIMEOUT_SET %s %s\r\n",
  6072. type_string, args);
  6073. return 0;
  6074. }
  6075. /** Called when a signal has been processed from signal_callback */
  6076. int
  6077. control_event_signal(uintptr_t signal_num)
  6078. {
  6079. const char *signal_string = NULL;
  6080. if (!control_event_is_interesting(EVENT_GOT_SIGNAL))
  6081. return 0;
  6082. switch (signal_num) {
  6083. case SIGHUP:
  6084. signal_string = "RELOAD";
  6085. break;
  6086. case SIGUSR1:
  6087. signal_string = "DUMP";
  6088. break;
  6089. case SIGUSR2:
  6090. signal_string = "DEBUG";
  6091. break;
  6092. case SIGNEWNYM:
  6093. signal_string = "NEWNYM";
  6094. break;
  6095. case SIGCLEARDNSCACHE:
  6096. signal_string = "CLEARDNSCACHE";
  6097. break;
  6098. case SIGHEARTBEAT:
  6099. signal_string = "HEARTBEAT";
  6100. break;
  6101. default:
  6102. log_warn(LD_BUG, "Unrecognized signal %lu in control_event_signal",
  6103. (unsigned long)signal_num);
  6104. return -1;
  6105. }
  6106. send_control_event(EVENT_GOT_SIGNAL, "650 SIGNAL %s\r\n",
  6107. signal_string);
  6108. return 0;
  6109. }
  6110. /** Called when a single local_routerstatus_t has changed: Sends an NS event
  6111. * to any controller that cares. */
  6112. int
  6113. control_event_networkstatus_changed_single(const routerstatus_t *rs)
  6114. {
  6115. smartlist_t *statuses;
  6116. int r;
  6117. if (!EVENT_IS_INTERESTING(EVENT_NS))
  6118. return 0;
  6119. statuses = smartlist_new();
  6120. smartlist_add(statuses, (void*)rs);
  6121. r = control_event_networkstatus_changed(statuses);
  6122. smartlist_free(statuses);
  6123. return r;
  6124. }
  6125. /** Our own router descriptor has changed; tell any controllers that care.
  6126. */
  6127. int
  6128. control_event_my_descriptor_changed(void)
  6129. {
  6130. send_control_event(EVENT_DESCCHANGED, "650 DESCCHANGED\r\n");
  6131. return 0;
  6132. }
  6133. /** Helper: sends a status event where <b>type</b> is one of
  6134. * EVENT_STATUS_{GENERAL,CLIENT,SERVER}, where <b>severity</b> is one of
  6135. * LOG_{NOTICE,WARN,ERR}, and where <b>format</b> is a printf-style format
  6136. * string corresponding to <b>args</b>. */
  6137. static int
  6138. control_event_status(int type, int severity, const char *format, va_list args)
  6139. {
  6140. char *user_buf = NULL;
  6141. char format_buf[160];
  6142. const char *status, *sev;
  6143. switch (type) {
  6144. case EVENT_STATUS_GENERAL:
  6145. status = "STATUS_GENERAL";
  6146. break;
  6147. case EVENT_STATUS_CLIENT:
  6148. status = "STATUS_CLIENT";
  6149. break;
  6150. case EVENT_STATUS_SERVER:
  6151. status = "STATUS_SERVER";
  6152. break;
  6153. default:
  6154. log_warn(LD_BUG, "Unrecognized status type %d", type);
  6155. return -1;
  6156. }
  6157. switch (severity) {
  6158. case LOG_NOTICE:
  6159. sev = "NOTICE";
  6160. break;
  6161. case LOG_WARN:
  6162. sev = "WARN";
  6163. break;
  6164. case LOG_ERR:
  6165. sev = "ERR";
  6166. break;
  6167. default:
  6168. log_warn(LD_BUG, "Unrecognized status severity %d", severity);
  6169. return -1;
  6170. }
  6171. if (tor_snprintf(format_buf, sizeof(format_buf), "650 %s %s",
  6172. status, sev)<0) {
  6173. log_warn(LD_BUG, "Format string too long.");
  6174. return -1;
  6175. }
  6176. tor_vasprintf(&user_buf, format, args);
  6177. send_control_event(type, "%s %s\r\n", format_buf, user_buf);
  6178. tor_free(user_buf);
  6179. return 0;
  6180. }
  6181. #define CONTROL_EVENT_STATUS_BODY(event, sev) \
  6182. int r; \
  6183. do { \
  6184. va_list ap; \
  6185. if (!EVENT_IS_INTERESTING(event)) \
  6186. return 0; \
  6187. \
  6188. va_start(ap, format); \
  6189. r = control_event_status((event), (sev), format, ap); \
  6190. va_end(ap); \
  6191. } while (0)
  6192. /** Format and send an EVENT_STATUS_GENERAL event whose main text is obtained
  6193. * by formatting the arguments using the printf-style <b>format</b>. */
  6194. int
  6195. control_event_general_status(int severity, const char *format, ...)
  6196. {
  6197. CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_GENERAL, severity);
  6198. return r;
  6199. }
  6200. /** Format and send an EVENT_STATUS_GENERAL LOG_ERR event, and flush it to the
  6201. * controller(s) immediately. */
  6202. int
  6203. control_event_general_error(const char *format, ...)
  6204. {
  6205. CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_GENERAL, LOG_ERR);
  6206. /* Force a flush, since we may be about to die horribly */
  6207. queued_events_flush_all(1);
  6208. return r;
  6209. }
  6210. /** Format and send an EVENT_STATUS_CLIENT event whose main text is obtained
  6211. * by formatting the arguments using the printf-style <b>format</b>. */
  6212. int
  6213. control_event_client_status(int severity, const char *format, ...)
  6214. {
  6215. CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_CLIENT, severity);
  6216. return r;
  6217. }
  6218. /** Format and send an EVENT_STATUS_CLIENT LOG_ERR event, and flush it to the
  6219. * controller(s) immediately. */
  6220. int
  6221. control_event_client_error(const char *format, ...)
  6222. {
  6223. CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_CLIENT, LOG_ERR);
  6224. /* Force a flush, since we may be about to die horribly */
  6225. queued_events_flush_all(1);
  6226. return r;
  6227. }
  6228. /** Format and send an EVENT_STATUS_SERVER event whose main text is obtained
  6229. * by formatting the arguments using the printf-style <b>format</b>. */
  6230. int
  6231. control_event_server_status(int severity, const char *format, ...)
  6232. {
  6233. CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_SERVER, severity);
  6234. return r;
  6235. }
  6236. /** Format and send an EVENT_STATUS_SERVER LOG_ERR event, and flush it to the
  6237. * controller(s) immediately. */
  6238. int
  6239. control_event_server_error(const char *format, ...)
  6240. {
  6241. CONTROL_EVENT_STATUS_BODY(EVENT_STATUS_SERVER, LOG_ERR);
  6242. /* Force a flush, since we may be about to die horribly */
  6243. queued_events_flush_all(1);
  6244. return r;
  6245. }
  6246. /** Called when the status of an entry guard with the given <b>nickname</b>
  6247. * and identity <b>digest</b> has changed to <b>status</b>: tells any
  6248. * controllers that care. */
  6249. int
  6250. control_event_guard(const char *nickname, const char *digest,
  6251. const char *status)
  6252. {
  6253. char hbuf[HEX_DIGEST_LEN+1];
  6254. base16_encode(hbuf, sizeof(hbuf), digest, DIGEST_LEN);
  6255. if (!EVENT_IS_INTERESTING(EVENT_GUARD))
  6256. return 0;
  6257. {
  6258. char buf[MAX_VERBOSE_NICKNAME_LEN+1];
  6259. const node_t *node = node_get_by_id(digest);
  6260. if (node) {
  6261. node_get_verbose_nickname(node, buf);
  6262. } else {
  6263. tor_snprintf(buf, sizeof(buf), "$%s~%s", hbuf, nickname);
  6264. }
  6265. send_control_event(EVENT_GUARD,
  6266. "650 GUARD ENTRY %s %s\r\n", buf, status);
  6267. }
  6268. return 0;
  6269. }
  6270. /** Called when a configuration option changes. This is generally triggered
  6271. * by SETCONF requests and RELOAD/SIGHUP signals. The <b>elements</b> is
  6272. * a smartlist_t containing (key, value, ...) pairs in sequence.
  6273. * <b>value</b> can be NULL. */
  6274. int
  6275. control_event_conf_changed(const smartlist_t *elements)
  6276. {
  6277. int i;
  6278. char *result;
  6279. smartlist_t *lines;
  6280. if (!EVENT_IS_INTERESTING(EVENT_CONF_CHANGED) ||
  6281. smartlist_len(elements) == 0) {
  6282. return 0;
  6283. }
  6284. lines = smartlist_new();
  6285. for (i = 0; i < smartlist_len(elements); i += 2) {
  6286. char *k = smartlist_get(elements, i);
  6287. char *v = smartlist_get(elements, i+1);
  6288. if (v == NULL) {
  6289. smartlist_add_asprintf(lines, "650-%s", k);
  6290. } else {
  6291. smartlist_add_asprintf(lines, "650-%s=%s", k, v);
  6292. }
  6293. }
  6294. result = smartlist_join_strings(lines, "\r\n", 0, NULL);
  6295. send_control_event(EVENT_CONF_CHANGED,
  6296. "650-CONF_CHANGED\r\n%s\r\n650 OK\r\n", result);
  6297. tor_free(result);
  6298. SMARTLIST_FOREACH(lines, char *, cp, tor_free(cp));
  6299. smartlist_free(lines);
  6300. return 0;
  6301. }
  6302. /** Helper: Return a newly allocated string containing a path to the
  6303. * file where we store our authentication cookie. */
  6304. char *
  6305. get_controller_cookie_file_name(void)
  6306. {
  6307. const or_options_t *options = get_options();
  6308. if (options->CookieAuthFile && strlen(options->CookieAuthFile)) {
  6309. return tor_strdup(options->CookieAuthFile);
  6310. } else {
  6311. return get_datadir_fname("control_auth_cookie");
  6312. }
  6313. }
  6314. /* Initialize the cookie-based authentication system of the
  6315. * ControlPort. If <b>enabled</b> is 0, then disable the cookie
  6316. * authentication system. */
  6317. int
  6318. init_control_cookie_authentication(int enabled)
  6319. {
  6320. char *fname = NULL;
  6321. int retval;
  6322. if (!enabled) {
  6323. authentication_cookie_is_set = 0;
  6324. return 0;
  6325. }
  6326. fname = get_controller_cookie_file_name();
  6327. retval = init_cookie_authentication(fname, "", /* no header */
  6328. AUTHENTICATION_COOKIE_LEN,
  6329. get_options()->CookieAuthFileGroupReadable,
  6330. &authentication_cookie,
  6331. &authentication_cookie_is_set);
  6332. tor_free(fname);
  6333. return retval;
  6334. }
  6335. /** A copy of the process specifier of Tor's owning controller, or
  6336. * NULL if this Tor instance is not currently owned by a process. */
  6337. static char *owning_controller_process_spec = NULL;
  6338. /** A process-termination monitor for Tor's owning controller, or NULL
  6339. * if this Tor instance is not currently owned by a process. */
  6340. static tor_process_monitor_t *owning_controller_process_monitor = NULL;
  6341. /** Process-termination monitor callback for Tor's owning controller
  6342. * process. */
  6343. static void
  6344. owning_controller_procmon_cb(void *unused)
  6345. {
  6346. (void)unused;
  6347. lost_owning_controller("process", "vanished");
  6348. }
  6349. /** Set <b>process_spec</b> as Tor's owning controller process.
  6350. * Exit on failure. */
  6351. void
  6352. monitor_owning_controller_process(const char *process_spec)
  6353. {
  6354. const char *msg;
  6355. tor_assert((owning_controller_process_spec == NULL) ==
  6356. (owning_controller_process_monitor == NULL));
  6357. if (owning_controller_process_spec != NULL) {
  6358. if ((process_spec != NULL) && !strcmp(process_spec,
  6359. owning_controller_process_spec)) {
  6360. /* Same process -- return now, instead of disposing of and
  6361. * recreating the process-termination monitor. */
  6362. return;
  6363. }
  6364. /* We are currently owned by a process, and we should no longer be
  6365. * owned by it. Free the process-termination monitor. */
  6366. tor_process_monitor_free(owning_controller_process_monitor);
  6367. owning_controller_process_monitor = NULL;
  6368. tor_free(owning_controller_process_spec);
  6369. owning_controller_process_spec = NULL;
  6370. }
  6371. tor_assert((owning_controller_process_spec == NULL) &&
  6372. (owning_controller_process_monitor == NULL));
  6373. if (process_spec == NULL)
  6374. return;
  6375. owning_controller_process_spec = tor_strdup(process_spec);
  6376. owning_controller_process_monitor =
  6377. tor_process_monitor_new(tor_libevent_get_base(),
  6378. owning_controller_process_spec,
  6379. LD_CONTROL,
  6380. owning_controller_procmon_cb, NULL,
  6381. &msg);
  6382. if (owning_controller_process_monitor == NULL) {
  6383. log_err(LD_BUG, "Couldn't create process-termination monitor for "
  6384. "owning controller: %s. Exiting.",
  6385. msg);
  6386. owning_controller_process_spec = NULL;
  6387. tor_shutdown_event_loop_and_exit(1);
  6388. }
  6389. }
  6390. /** We just generated a new summary of which countries we've seen clients
  6391. * from recently. Send a copy to the controller in case it wants to
  6392. * display it for the user. */
  6393. void
  6394. control_event_clients_seen(const char *controller_str)
  6395. {
  6396. send_control_event(EVENT_CLIENTS_SEEN,
  6397. "650 CLIENTS_SEEN %s\r\n", controller_str);
  6398. }
  6399. /** A new pluggable transport called <b>transport_name</b> was
  6400. * launched on <b>addr</b>:<b>port</b>. <b>mode</b> is either
  6401. * "server" or "client" depending on the mode of the pluggable
  6402. * transport.
  6403. * "650" SP "TRANSPORT_LAUNCHED" SP Mode SP Name SP Address SP Port
  6404. */
  6405. void
  6406. control_event_transport_launched(const char *mode, const char *transport_name,
  6407. tor_addr_t *addr, uint16_t port)
  6408. {
  6409. send_control_event(EVENT_TRANSPORT_LAUNCHED,
  6410. "650 TRANSPORT_LAUNCHED %s %s %s %u\r\n",
  6411. mode, transport_name, fmt_addr(addr), port);
  6412. }
  6413. /** A pluggable transport called <b>pt_name</b> has emitted a log message
  6414. * found in <b>message</b> at <b>severity</b> log level. */
  6415. void
  6416. control_event_pt_log(const char *log)
  6417. {
  6418. send_control_event(EVENT_PT_LOG,
  6419. "650 PT_LOG %s\r\n",
  6420. log);
  6421. }
  6422. /** A pluggable transport has emitted a STATUS message found in
  6423. * <b>status</b>. */
  6424. void
  6425. control_event_pt_status(const char *status)
  6426. {
  6427. send_control_event(EVENT_PT_STATUS,
  6428. "650 PT_STATUS %s\r\n",
  6429. status);
  6430. }
  6431. /** Convert rendezvous auth type to string for HS_DESC control events
  6432. */
  6433. const char *
  6434. rend_auth_type_to_string(rend_auth_type_t auth_type)
  6435. {
  6436. const char *str;
  6437. switch (auth_type) {
  6438. case REND_NO_AUTH:
  6439. str = "NO_AUTH";
  6440. break;
  6441. case REND_BASIC_AUTH:
  6442. str = "BASIC_AUTH";
  6443. break;
  6444. case REND_STEALTH_AUTH:
  6445. str = "STEALTH_AUTH";
  6446. break;
  6447. default:
  6448. str = "UNKNOWN";
  6449. }
  6450. return str;
  6451. }
  6452. /** Return a longname the node whose identity is <b>id_digest</b>. If
  6453. * node_get_by_id() returns NULL, base 16 encoding of <b>id_digest</b> is
  6454. * returned instead.
  6455. *
  6456. * This function is not thread-safe. Each call to this function invalidates
  6457. * previous values returned by this function.
  6458. */
  6459. MOCK_IMPL(const char *,
  6460. node_describe_longname_by_id,(const char *id_digest))
  6461. {
  6462. static char longname[MAX_VERBOSE_NICKNAME_LEN+1];
  6463. node_get_verbose_nickname_by_id(id_digest, longname);
  6464. return longname;
  6465. }
  6466. /** Return either the onion address if the given pointer is a non empty
  6467. * string else the unknown string. */
  6468. static const char *
  6469. rend_hsaddress_str_or_unknown(const char *onion_address)
  6470. {
  6471. static const char *str_unknown = "UNKNOWN";
  6472. const char *str_ret = str_unknown;
  6473. /* No valid pointer, unknown it is. */
  6474. if (!onion_address) {
  6475. goto end;
  6476. }
  6477. /* Empty onion address thus we don't know, unknown it is. */
  6478. if (onion_address[0] == '\0') {
  6479. goto end;
  6480. }
  6481. /* All checks are good so return the given onion address. */
  6482. str_ret = onion_address;
  6483. end:
  6484. return str_ret;
  6485. }
  6486. /** send HS_DESC requested event.
  6487. *
  6488. * <b>rend_query</b> is used to fetch requested onion address and auth type.
  6489. * <b>hs_dir</b> is the description of contacting hs directory.
  6490. * <b>desc_id_base32</b> is the ID of requested hs descriptor.
  6491. * <b>hsdir_index</b> is the HSDir fetch index value for v3, an hex string.
  6492. */
  6493. void
  6494. control_event_hs_descriptor_requested(const char *onion_address,
  6495. rend_auth_type_t auth_type,
  6496. const char *id_digest,
  6497. const char *desc_id,
  6498. const char *hsdir_index)
  6499. {
  6500. char *hsdir_index_field = NULL;
  6501. if (BUG(!id_digest || !desc_id)) {
  6502. return;
  6503. }
  6504. if (hsdir_index) {
  6505. tor_asprintf(&hsdir_index_field, " HSDIR_INDEX=%s", hsdir_index);
  6506. }
  6507. send_control_event(EVENT_HS_DESC,
  6508. "650 HS_DESC REQUESTED %s %s %s %s%s\r\n",
  6509. rend_hsaddress_str_or_unknown(onion_address),
  6510. rend_auth_type_to_string(auth_type),
  6511. node_describe_longname_by_id(id_digest),
  6512. desc_id,
  6513. hsdir_index_field ? hsdir_index_field : "");
  6514. tor_free(hsdir_index_field);
  6515. }
  6516. /** For an HS descriptor query <b>rend_data</b>, using the
  6517. * <b>onion_address</b> and HSDir fingerprint <b>hsdir_fp</b>, find out
  6518. * which descriptor ID in the query is the right one.
  6519. *
  6520. * Return a pointer of the binary descriptor ID found in the query's object
  6521. * or NULL if not found. */
  6522. static const char *
  6523. get_desc_id_from_query(const rend_data_t *rend_data, const char *hsdir_fp)
  6524. {
  6525. int replica;
  6526. const char *desc_id = NULL;
  6527. const rend_data_v2_t *rend_data_v2 = TO_REND_DATA_V2(rend_data);
  6528. /* Possible if the fetch was done using a descriptor ID. This means that
  6529. * the HSFETCH command was used. */
  6530. if (!tor_digest_is_zero(rend_data_v2->desc_id_fetch)) {
  6531. desc_id = rend_data_v2->desc_id_fetch;
  6532. goto end;
  6533. }
  6534. /* Without a directory fingerprint at this stage, we can't do much. */
  6535. if (hsdir_fp == NULL) {
  6536. goto end;
  6537. }
  6538. /* OK, we have an onion address so now let's find which descriptor ID
  6539. * is the one associated with the HSDir fingerprint. */
  6540. for (replica = 0; replica < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
  6541. replica++) {
  6542. const char *digest = rend_data_get_desc_id(rend_data, replica, NULL);
  6543. SMARTLIST_FOREACH_BEGIN(rend_data->hsdirs_fp, char *, fingerprint) {
  6544. if (tor_memcmp(fingerprint, hsdir_fp, DIGEST_LEN) == 0) {
  6545. /* Found it! This descriptor ID is the right one. */
  6546. desc_id = digest;
  6547. goto end;
  6548. }
  6549. } SMARTLIST_FOREACH_END(fingerprint);
  6550. }
  6551. end:
  6552. return desc_id;
  6553. }
  6554. /** send HS_DESC CREATED event when a local service generates a descriptor.
  6555. *
  6556. * <b>onion_address</b> is service address.
  6557. * <b>desc_id</b> is the descriptor ID.
  6558. * <b>replica</b> is the the descriptor replica number. If it is negative, it
  6559. * is ignored.
  6560. */
  6561. void
  6562. control_event_hs_descriptor_created(const char *onion_address,
  6563. const char *desc_id,
  6564. int replica)
  6565. {
  6566. char *replica_field = NULL;
  6567. if (BUG(!onion_address || !desc_id)) {
  6568. return;
  6569. }
  6570. if (replica >= 0) {
  6571. tor_asprintf(&replica_field, " REPLICA=%d", replica);
  6572. }
  6573. send_control_event(EVENT_HS_DESC,
  6574. "650 HS_DESC CREATED %s UNKNOWN UNKNOWN %s%s\r\n",
  6575. onion_address, desc_id,
  6576. replica_field ? replica_field : "");
  6577. tor_free(replica_field);
  6578. }
  6579. /** send HS_DESC upload event.
  6580. *
  6581. * <b>onion_address</b> is service address.
  6582. * <b>hs_dir</b> is the description of contacting hs directory.
  6583. * <b>desc_id</b> is the ID of requested hs descriptor.
  6584. */
  6585. void
  6586. control_event_hs_descriptor_upload(const char *onion_address,
  6587. const char *id_digest,
  6588. const char *desc_id,
  6589. const char *hsdir_index)
  6590. {
  6591. char *hsdir_index_field = NULL;
  6592. if (BUG(!onion_address || !id_digest || !desc_id)) {
  6593. return;
  6594. }
  6595. if (hsdir_index) {
  6596. tor_asprintf(&hsdir_index_field, " HSDIR_INDEX=%s", hsdir_index);
  6597. }
  6598. send_control_event(EVENT_HS_DESC,
  6599. "650 HS_DESC UPLOAD %s UNKNOWN %s %s%s\r\n",
  6600. onion_address,
  6601. node_describe_longname_by_id(id_digest),
  6602. desc_id,
  6603. hsdir_index_field ? hsdir_index_field : "");
  6604. tor_free(hsdir_index_field);
  6605. }
  6606. /** send HS_DESC event after got response from hs directory.
  6607. *
  6608. * NOTE: this is an internal function used by following functions:
  6609. * control_event_hsv2_descriptor_received
  6610. * control_event_hsv2_descriptor_failed
  6611. * control_event_hsv3_descriptor_failed
  6612. *
  6613. * So do not call this function directly.
  6614. */
  6615. static void
  6616. event_hs_descriptor_receive_end(const char *action,
  6617. const char *onion_address,
  6618. const char *desc_id,
  6619. rend_auth_type_t auth_type,
  6620. const char *hsdir_id_digest,
  6621. const char *reason)
  6622. {
  6623. char *reason_field = NULL;
  6624. if (BUG(!action || !onion_address)) {
  6625. return;
  6626. }
  6627. if (reason) {
  6628. tor_asprintf(&reason_field, " REASON=%s", reason);
  6629. }
  6630. send_control_event(EVENT_HS_DESC,
  6631. "650 HS_DESC %s %s %s %s%s%s\r\n",
  6632. action,
  6633. rend_hsaddress_str_or_unknown(onion_address),
  6634. rend_auth_type_to_string(auth_type),
  6635. hsdir_id_digest ?
  6636. node_describe_longname_by_id(hsdir_id_digest) :
  6637. "UNKNOWN",
  6638. desc_id ? desc_id : "",
  6639. reason_field ? reason_field : "");
  6640. tor_free(reason_field);
  6641. }
  6642. /** send HS_DESC event after got response from hs directory.
  6643. *
  6644. * NOTE: this is an internal function used by following functions:
  6645. * control_event_hs_descriptor_uploaded
  6646. * control_event_hs_descriptor_upload_failed
  6647. *
  6648. * So do not call this function directly.
  6649. */
  6650. void
  6651. control_event_hs_descriptor_upload_end(const char *action,
  6652. const char *onion_address,
  6653. const char *id_digest,
  6654. const char *reason)
  6655. {
  6656. char *reason_field = NULL;
  6657. if (BUG(!action || !id_digest)) {
  6658. return;
  6659. }
  6660. if (reason) {
  6661. tor_asprintf(&reason_field, " REASON=%s", reason);
  6662. }
  6663. send_control_event(EVENT_HS_DESC,
  6664. "650 HS_DESC %s %s UNKNOWN %s%s\r\n",
  6665. action,
  6666. rend_hsaddress_str_or_unknown(onion_address),
  6667. node_describe_longname_by_id(id_digest),
  6668. reason_field ? reason_field : "");
  6669. tor_free(reason_field);
  6670. }
  6671. /** send HS_DESC RECEIVED event
  6672. *
  6673. * called when we successfully received a hidden service descriptor.
  6674. */
  6675. void
  6676. control_event_hsv2_descriptor_received(const char *onion_address,
  6677. const rend_data_t *rend_data,
  6678. const char *hsdir_id_digest)
  6679. {
  6680. char *desc_id_field = NULL;
  6681. const char *desc_id;
  6682. if (BUG(!rend_data || !hsdir_id_digest || !onion_address)) {
  6683. return;
  6684. }
  6685. desc_id = get_desc_id_from_query(rend_data, hsdir_id_digest);
  6686. if (desc_id != NULL) {
  6687. char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  6688. /* Set the descriptor ID digest to base32 so we can send it. */
  6689. base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id,
  6690. DIGEST_LEN);
  6691. /* Extra whitespace is needed before the value. */
  6692. tor_asprintf(&desc_id_field, " %s", desc_id_base32);
  6693. }
  6694. event_hs_descriptor_receive_end("RECEIVED", onion_address, desc_id_field,
  6695. TO_REND_DATA_V2(rend_data)->auth_type,
  6696. hsdir_id_digest, NULL);
  6697. tor_free(desc_id_field);
  6698. }
  6699. /* Send HS_DESC RECEIVED event
  6700. *
  6701. * Called when we successfully received a hidden service descriptor. */
  6702. void
  6703. control_event_hsv3_descriptor_received(const char *onion_address,
  6704. const char *desc_id,
  6705. const char *hsdir_id_digest)
  6706. {
  6707. char *desc_id_field = NULL;
  6708. if (BUG(!onion_address || !desc_id || !hsdir_id_digest)) {
  6709. return;
  6710. }
  6711. /* Because DescriptorID is an optional positional value, we need to add a
  6712. * whitespace before in order to not be next to the HsDir value. */
  6713. tor_asprintf(&desc_id_field, " %s", desc_id);
  6714. event_hs_descriptor_receive_end("RECEIVED", onion_address, desc_id_field,
  6715. REND_NO_AUTH, hsdir_id_digest, NULL);
  6716. tor_free(desc_id_field);
  6717. }
  6718. /** send HS_DESC UPLOADED event
  6719. *
  6720. * called when we successfully uploaded a hidden service descriptor.
  6721. */
  6722. void
  6723. control_event_hs_descriptor_uploaded(const char *id_digest,
  6724. const char *onion_address)
  6725. {
  6726. if (BUG(!id_digest)) {
  6727. return;
  6728. }
  6729. control_event_hs_descriptor_upload_end("UPLOADED", onion_address,
  6730. id_digest, NULL);
  6731. }
  6732. /** Send HS_DESC event to inform controller that query <b>rend_data</b>
  6733. * failed to retrieve hidden service descriptor from directory identified by
  6734. * <b>id_digest</b>. If NULL, "UNKNOWN" is used. If <b>reason</b> is not NULL,
  6735. * add it to REASON= field.
  6736. */
  6737. void
  6738. control_event_hsv2_descriptor_failed(const rend_data_t *rend_data,
  6739. const char *hsdir_id_digest,
  6740. const char *reason)
  6741. {
  6742. char *desc_id_field = NULL;
  6743. const char *desc_id;
  6744. if (BUG(!rend_data)) {
  6745. return;
  6746. }
  6747. desc_id = get_desc_id_from_query(rend_data, hsdir_id_digest);
  6748. if (desc_id != NULL) {
  6749. char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
  6750. /* Set the descriptor ID digest to base32 so we can send it. */
  6751. base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id,
  6752. DIGEST_LEN);
  6753. /* Extra whitespace is needed before the value. */
  6754. tor_asprintf(&desc_id_field, " %s", desc_id_base32);
  6755. }
  6756. event_hs_descriptor_receive_end("FAILED", rend_data_get_address(rend_data),
  6757. desc_id_field,
  6758. TO_REND_DATA_V2(rend_data)->auth_type,
  6759. hsdir_id_digest, reason);
  6760. tor_free(desc_id_field);
  6761. }
  6762. /** Send HS_DESC event to inform controller that the query to
  6763. * <b>onion_address</b> failed to retrieve hidden service descriptor
  6764. * <b>desc_id</b> from directory identified by <b>hsdir_id_digest</b>. If
  6765. * NULL, "UNKNOWN" is used. If <b>reason</b> is not NULL, add it to REASON=
  6766. * field. */
  6767. void
  6768. control_event_hsv3_descriptor_failed(const char *onion_address,
  6769. const char *desc_id,
  6770. const char *hsdir_id_digest,
  6771. const char *reason)
  6772. {
  6773. char *desc_id_field = NULL;
  6774. if (BUG(!onion_address || !desc_id || !reason)) {
  6775. return;
  6776. }
  6777. /* Because DescriptorID is an optional positional value, we need to add a
  6778. * whitespace before in order to not be next to the HsDir value. */
  6779. tor_asprintf(&desc_id_field, " %s", desc_id);
  6780. event_hs_descriptor_receive_end("FAILED", onion_address, desc_id_field,
  6781. REND_NO_AUTH, hsdir_id_digest, reason);
  6782. tor_free(desc_id_field);
  6783. }
  6784. /** Send HS_DESC_CONTENT event after completion of a successful fetch
  6785. * from hs directory. If <b>hsdir_id_digest</b> is NULL, it is replaced
  6786. * by "UNKNOWN". If <b>content</b> is NULL, it is replaced by an empty
  6787. * string. The <b>onion_address</b> or <b>desc_id</b> set to NULL will
  6788. * not trigger the control event. */
  6789. void
  6790. control_event_hs_descriptor_content(const char *onion_address,
  6791. const char *desc_id,
  6792. const char *hsdir_id_digest,
  6793. const char *content)
  6794. {
  6795. static const char *event_name = "HS_DESC_CONTENT";
  6796. char *esc_content = NULL;
  6797. if (!onion_address || !desc_id) {
  6798. log_warn(LD_BUG, "Called with onion_address==%p, desc_id==%p, ",
  6799. onion_address, desc_id);
  6800. return;
  6801. }
  6802. if (content == NULL) {
  6803. /* Point it to empty content so it can still be escaped. */
  6804. content = "";
  6805. }
  6806. write_escaped_data(content, strlen(content), &esc_content);
  6807. send_control_event(EVENT_HS_DESC_CONTENT,
  6808. "650+%s %s %s %s\r\n%s650 OK\r\n",
  6809. event_name,
  6810. rend_hsaddress_str_or_unknown(onion_address),
  6811. desc_id,
  6812. hsdir_id_digest ?
  6813. node_describe_longname_by_id(hsdir_id_digest) :
  6814. "UNKNOWN",
  6815. esc_content);
  6816. tor_free(esc_content);
  6817. }
  6818. /** Send HS_DESC event to inform controller upload of hidden service
  6819. * descriptor identified by <b>id_digest</b> failed. If <b>reason</b>
  6820. * is not NULL, add it to REASON= field.
  6821. */
  6822. void
  6823. control_event_hs_descriptor_upload_failed(const char *id_digest,
  6824. const char *onion_address,
  6825. const char *reason)
  6826. {
  6827. if (BUG(!id_digest)) {
  6828. return;
  6829. }
  6830. control_event_hs_descriptor_upload_end("FAILED", onion_address,
  6831. id_digest, reason);
  6832. }
  6833. /** Free any leftover allocated memory of the control.c subsystem. */
  6834. void
  6835. control_free_all(void)
  6836. {
  6837. smartlist_t *queued_events = NULL;
  6838. stats_prev_n_read = stats_prev_n_written = 0;
  6839. if (authentication_cookie) /* Free the auth cookie */
  6840. tor_free(authentication_cookie);
  6841. if (detached_onion_services) { /* Free the detached onion services */
  6842. SMARTLIST_FOREACH(detached_onion_services, char *, cp, tor_free(cp));
  6843. smartlist_free(detached_onion_services);
  6844. }
  6845. if (queued_control_events_lock) {
  6846. tor_mutex_acquire(queued_control_events_lock);
  6847. flush_queued_event_pending = 0;
  6848. queued_events = queued_control_events;
  6849. queued_control_events = NULL;
  6850. tor_mutex_release(queued_control_events_lock);
  6851. }
  6852. if (queued_events) {
  6853. SMARTLIST_FOREACH(queued_events, queued_event_t *, ev,
  6854. queued_event_free(ev));
  6855. smartlist_free(queued_events);
  6856. }
  6857. if (flush_queued_events_event) {
  6858. mainloop_event_free(flush_queued_events_event);
  6859. flush_queued_events_event = NULL;
  6860. }
  6861. control_event_bootstrap_reset();
  6862. authentication_cookie_is_set = 0;
  6863. global_event_mask = 0;
  6864. disable_log_messages = 0;
  6865. }
  6866. #ifdef TOR_UNIT_TESTS
  6867. /* For testing: change the value of global_event_mask */
  6868. void
  6869. control_testing_set_global_event_mask(uint64_t mask)
  6870. {
  6871. global_event_mask = mask;
  6872. }
  6873. #endif /* defined(TOR_UNIT_TESTS) */