directory.c 159 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316
  1. /* Copyright (c) 2001-2004, Roger Dingledine.
  2. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  3. * Copyright (c) 2007-2016, The Tor Project, Inc. */
  4. /* See LICENSE for licensing information */
  5. #include "or.h"
  6. #include "backtrace.h"
  7. #include "buffers.h"
  8. #include "circuitbuild.h"
  9. #include "config.h"
  10. #include "connection.h"
  11. #include "connection_edge.h"
  12. #include "control.h"
  13. #include "directory.h"
  14. #include "dirserv.h"
  15. #include "dirvote.h"
  16. #include "entrynodes.h"
  17. #include "geoip.h"
  18. #include "main.h"
  19. #include "microdesc.h"
  20. #include "networkstatus.h"
  21. #include "nodelist.h"
  22. #include "policies.h"
  23. #include "relay.h"
  24. #include "rendclient.h"
  25. #include "rendcommon.h"
  26. #include "rendservice.h"
  27. #include "rephist.h"
  28. #include "router.h"
  29. #include "routerlist.h"
  30. #include "routerparse.h"
  31. #include "routerset.h"
  32. #include "shared_random.h"
  33. #if defined(EXPORTMALLINFO) && defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO)
  34. #ifndef OPENBSD
  35. #include <malloc.h>
  36. #endif
  37. #endif
  38. /**
  39. * \file directory.c
  40. * \brief Code to send and fetch directories and router
  41. * descriptors via HTTP. Directories use dirserv.c to generate the
  42. * results; clients use routers.c to parse them.
  43. **/
  44. /* In-points to directory.c:
  45. *
  46. * - directory_post_to_dirservers(), called from
  47. * router_upload_dir_desc_to_dirservers() in router.c
  48. * upload_service_descriptor() in rendservice.c
  49. * - directory_get_from_dirserver(), called from
  50. * rend_client_refetch_renddesc() in rendclient.c
  51. * run_scheduled_events() in main.c
  52. * do_hup() in main.c
  53. * - connection_dir_process_inbuf(), called from
  54. * connection_process_inbuf() in connection.c
  55. * - connection_dir_finished_flushing(), called from
  56. * connection_finished_flushing() in connection.c
  57. * - connection_dir_finished_connecting(), called from
  58. * connection_finished_connecting() in connection.c
  59. */
  60. static void directory_send_command(dir_connection_t *conn,
  61. int purpose, int direct, const char *resource,
  62. const char *payload, size_t payload_len,
  63. time_t if_modified_since);
  64. static int directory_handle_command(dir_connection_t *conn);
  65. static int body_is_plausible(const char *body, size_t body_len, int purpose);
  66. static char *http_get_header(const char *headers, const char *which);
  67. static void http_set_address_origin(const char *headers, connection_t *conn);
  68. static void connection_dir_download_routerdesc_failed(dir_connection_t *conn);
  69. static void connection_dir_bridge_routerdesc_failed(dir_connection_t *conn);
  70. static void connection_dir_download_cert_failed(
  71. dir_connection_t *conn, int status_code);
  72. static void connection_dir_retry_bridges(smartlist_t *descs);
  73. static void dir_routerdesc_download_failed(smartlist_t *failed,
  74. int status_code,
  75. int router_purpose,
  76. int was_extrainfo,
  77. int was_descriptor_digests);
  78. static void dir_microdesc_download_failed(smartlist_t *failed,
  79. int status_code);
  80. static int client_likes_consensus(networkstatus_t *v, const char *want_url);
  81. static void directory_initiate_command_rend(
  82. const tor_addr_port_t *or_addr_port,
  83. const tor_addr_port_t *dir_addr_port,
  84. const char *digest,
  85. uint8_t dir_purpose,
  86. uint8_t router_purpose,
  87. dir_indirection_t indirection,
  88. const char *resource,
  89. const char *payload,
  90. size_t payload_len,
  91. time_t if_modified_since,
  92. const rend_data_t *rend_query);
  93. static void connection_dir_close_consensus_fetches(
  94. dir_connection_t *except_this_one, const char *resource);
  95. /********* START VARIABLES **********/
  96. /** How far in the future do we allow a directory server to tell us it is
  97. * before deciding that one of us has the wrong time? */
  98. #define ALLOW_DIRECTORY_TIME_SKEW (30*60)
  99. #define X_ADDRESS_HEADER "X-Your-Address-Is: "
  100. /** HTTP cache control: how long do we tell proxies they can cache each
  101. * kind of document we serve? */
  102. #define FULL_DIR_CACHE_LIFETIME (60*60)
  103. #define RUNNINGROUTERS_CACHE_LIFETIME (20*60)
  104. #define DIRPORTFRONTPAGE_CACHE_LIFETIME (20*60)
  105. #define NETWORKSTATUS_CACHE_LIFETIME (5*60)
  106. #define ROUTERDESC_CACHE_LIFETIME (30*60)
  107. #define ROUTERDESC_BY_DIGEST_CACHE_LIFETIME (48*60*60)
  108. #define ROBOTS_CACHE_LIFETIME (24*60*60)
  109. #define MICRODESC_CACHE_LIFETIME (48*60*60)
  110. /********* END VARIABLES ************/
  111. /** Return true iff the directory purpose <b>dir_purpose</b> (and if it's
  112. * fetching descriptors, it's fetching them for <b>router_purpose</b>)
  113. * must use an anonymous connection to a directory. */
  114. int
  115. purpose_needs_anonymity(uint8_t dir_purpose, uint8_t router_purpose)
  116. {
  117. if (get_options()->AllDirActionsPrivate)
  118. return 1;
  119. if (router_purpose == ROUTER_PURPOSE_BRIDGE)
  120. return 1; /* if no circuits yet, this might break bootstrapping, but it's
  121. * needed to be safe. */
  122. if (dir_purpose == DIR_PURPOSE_UPLOAD_DIR ||
  123. dir_purpose == DIR_PURPOSE_UPLOAD_VOTE ||
  124. dir_purpose == DIR_PURPOSE_UPLOAD_SIGNATURES ||
  125. dir_purpose == DIR_PURPOSE_FETCH_STATUS_VOTE ||
  126. dir_purpose == DIR_PURPOSE_FETCH_DETACHED_SIGNATURES ||
  127. dir_purpose == DIR_PURPOSE_FETCH_CONSENSUS ||
  128. dir_purpose == DIR_PURPOSE_FETCH_CERTIFICATE ||
  129. dir_purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
  130. dir_purpose == DIR_PURPOSE_FETCH_EXTRAINFO ||
  131. dir_purpose == DIR_PURPOSE_FETCH_MICRODESC)
  132. return 0;
  133. return 1;
  134. }
  135. /** Return a newly allocated string describing <b>auth</b>. Only describes
  136. * authority features. */
  137. STATIC char *
  138. authdir_type_to_string(dirinfo_type_t auth)
  139. {
  140. char *result;
  141. smartlist_t *lst = smartlist_new();
  142. if (auth & V3_DIRINFO)
  143. smartlist_add(lst, (void*)"V3");
  144. if (auth & BRIDGE_DIRINFO)
  145. smartlist_add(lst, (void*)"Bridge");
  146. if (smartlist_len(lst)) {
  147. result = smartlist_join_strings(lst, ", ", 0, NULL);
  148. } else {
  149. result = tor_strdup("[Not an authority]");
  150. }
  151. smartlist_free(lst);
  152. return result;
  153. }
  154. /** Return a string describing a given directory connection purpose. */
  155. STATIC const char *
  156. dir_conn_purpose_to_string(int purpose)
  157. {
  158. switch (purpose)
  159. {
  160. case DIR_PURPOSE_UPLOAD_DIR:
  161. return "server descriptor upload";
  162. case DIR_PURPOSE_UPLOAD_VOTE:
  163. return "server vote upload";
  164. case DIR_PURPOSE_UPLOAD_SIGNATURES:
  165. return "consensus signature upload";
  166. case DIR_PURPOSE_FETCH_SERVERDESC:
  167. return "server descriptor fetch";
  168. case DIR_PURPOSE_FETCH_EXTRAINFO:
  169. return "extra-info fetch";
  170. case DIR_PURPOSE_FETCH_CONSENSUS:
  171. return "consensus network-status fetch";
  172. case DIR_PURPOSE_FETCH_CERTIFICATE:
  173. return "authority cert fetch";
  174. case DIR_PURPOSE_FETCH_STATUS_VOTE:
  175. return "status vote fetch";
  176. case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
  177. return "consensus signature fetch";
  178. case DIR_PURPOSE_FETCH_RENDDESC_V2:
  179. return "hidden-service v2 descriptor fetch";
  180. case DIR_PURPOSE_UPLOAD_RENDDESC_V2:
  181. return "hidden-service v2 descriptor upload";
  182. case DIR_PURPOSE_FETCH_MICRODESC:
  183. return "microdescriptor fetch";
  184. }
  185. log_warn(LD_BUG, "Called with unknown purpose %d", purpose);
  186. return "(unknown)";
  187. }
  188. /** Return the requisite directory information types. */
  189. STATIC dirinfo_type_t
  190. dir_fetch_type(int dir_purpose, int router_purpose, const char *resource)
  191. {
  192. dirinfo_type_t type;
  193. switch (dir_purpose) {
  194. case DIR_PURPOSE_FETCH_EXTRAINFO:
  195. type = EXTRAINFO_DIRINFO;
  196. if (router_purpose == ROUTER_PURPOSE_BRIDGE)
  197. type |= BRIDGE_DIRINFO;
  198. else
  199. type |= V3_DIRINFO;
  200. break;
  201. case DIR_PURPOSE_FETCH_SERVERDESC:
  202. if (router_purpose == ROUTER_PURPOSE_BRIDGE)
  203. type = BRIDGE_DIRINFO;
  204. else
  205. type = V3_DIRINFO;
  206. break;
  207. case DIR_PURPOSE_FETCH_STATUS_VOTE:
  208. case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
  209. case DIR_PURPOSE_FETCH_CERTIFICATE:
  210. type = V3_DIRINFO;
  211. break;
  212. case DIR_PURPOSE_FETCH_CONSENSUS:
  213. type = V3_DIRINFO;
  214. if (resource && !strcmp(resource, "microdesc"))
  215. type |= MICRODESC_DIRINFO;
  216. break;
  217. case DIR_PURPOSE_FETCH_MICRODESC:
  218. type = MICRODESC_DIRINFO;
  219. break;
  220. default:
  221. log_warn(LD_BUG, "Unexpected purpose %d", (int)dir_purpose);
  222. type = NO_DIRINFO;
  223. break;
  224. }
  225. return type;
  226. }
  227. /** Return true iff <b>identity_digest</b> is the digest of a router which
  228. * says that it caches extrainfos. (If <b>is_authority</b> we always
  229. * believe that to be true.) */
  230. int
  231. router_supports_extrainfo(const char *identity_digest, int is_authority)
  232. {
  233. const node_t *node = node_get_by_id(identity_digest);
  234. if (node && node->ri) {
  235. if (node->ri->caches_extra_info)
  236. return 1;
  237. }
  238. if (is_authority) {
  239. return 1;
  240. }
  241. return 0;
  242. }
  243. /** Return true iff any trusted directory authority has accepted our
  244. * server descriptor.
  245. *
  246. * We consider any authority sufficient because waiting for all of
  247. * them means it never happens while any authority is down; we don't
  248. * go for something more complex in the middle (like \>1/3 or \>1/2 or
  249. * \>=1/2) because that doesn't seem necessary yet.
  250. */
  251. int
  252. directories_have_accepted_server_descriptor(void)
  253. {
  254. const smartlist_t *servers = router_get_trusted_dir_servers();
  255. const or_options_t *options = get_options();
  256. SMARTLIST_FOREACH(servers, dir_server_t *, d, {
  257. if ((d->type & options->PublishServerDescriptor_) &&
  258. d->has_accepted_serverdesc) {
  259. return 1;
  260. }
  261. });
  262. return 0;
  263. }
  264. /** Start a connection to every suitable directory authority, using
  265. * connection purpose <b>dir_purpose</b> and uploading <b>payload</b>
  266. * (of length <b>payload_len</b>). The dir_purpose should be one of
  267. * 'DIR_PURPOSE_UPLOAD_{DIR|VOTE|SIGNATURES}'.
  268. *
  269. * <b>router_purpose</b> describes the type of descriptor we're
  270. * publishing, if we're publishing a descriptor -- e.g. general or bridge.
  271. *
  272. * <b>type</b> specifies what sort of dir authorities (V3,
  273. * BRIDGE, etc) we should upload to.
  274. *
  275. * If <b>extrainfo_len</b> is nonzero, the first <b>payload_len</b> bytes of
  276. * <b>payload</b> hold a router descriptor, and the next <b>extrainfo_len</b>
  277. * bytes of <b>payload</b> hold an extra-info document. Upload the descriptor
  278. * to all authorities, and the extra-info document to all authorities that
  279. * support it.
  280. */
  281. void
  282. directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
  283. dirinfo_type_t type,
  284. const char *payload,
  285. size_t payload_len, size_t extrainfo_len)
  286. {
  287. const or_options_t *options = get_options();
  288. dir_indirection_t indirection;
  289. const smartlist_t *dirservers = router_get_trusted_dir_servers();
  290. int found = 0;
  291. const int exclude_self = (dir_purpose == DIR_PURPOSE_UPLOAD_VOTE ||
  292. dir_purpose == DIR_PURPOSE_UPLOAD_SIGNATURES);
  293. tor_assert(dirservers);
  294. /* This tries dirservers which we believe to be down, but ultimately, that's
  295. * harmless, and we may as well err on the side of getting things uploaded.
  296. */
  297. SMARTLIST_FOREACH_BEGIN(dirservers, dir_server_t *, ds) {
  298. routerstatus_t *rs = &(ds->fake_status);
  299. size_t upload_len = payload_len;
  300. if ((type & ds->type) == 0)
  301. continue;
  302. if (exclude_self && router_digest_is_me(ds->digest)) {
  303. /* we don't upload to ourselves, but at least there's now at least
  304. * one authority of this type that has what we wanted to upload. */
  305. found = 1;
  306. continue;
  307. }
  308. if (options->StrictNodes &&
  309. routerset_contains_routerstatus(options->ExcludeNodes, rs, -1)) {
  310. log_warn(LD_DIR, "Wanted to contact authority '%s' for %s, but "
  311. "it's in our ExcludedNodes list and StrictNodes is set. "
  312. "Skipping.",
  313. ds->nickname,
  314. dir_conn_purpose_to_string(dir_purpose));
  315. continue;
  316. }
  317. found = 1; /* at least one authority of this type was listed */
  318. if (dir_purpose == DIR_PURPOSE_UPLOAD_DIR)
  319. ds->has_accepted_serverdesc = 0;
  320. if (extrainfo_len && router_supports_extrainfo(ds->digest, 1)) {
  321. upload_len += extrainfo_len;
  322. log_info(LD_DIR, "Uploading an extrainfo too (length %d)",
  323. (int) extrainfo_len);
  324. }
  325. if (purpose_needs_anonymity(dir_purpose, router_purpose)) {
  326. indirection = DIRIND_ANONYMOUS;
  327. } else if (!fascist_firewall_allows_dir_server(ds,
  328. FIREWALL_DIR_CONNECTION,
  329. 0)) {
  330. if (fascist_firewall_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0))
  331. indirection = DIRIND_ONEHOP;
  332. else
  333. indirection = DIRIND_ANONYMOUS;
  334. } else {
  335. indirection = DIRIND_DIRECT_CONN;
  336. }
  337. directory_initiate_command_routerstatus(rs, dir_purpose,
  338. router_purpose,
  339. indirection,
  340. NULL, payload, upload_len, 0);
  341. } SMARTLIST_FOREACH_END(ds);
  342. if (!found) {
  343. char *s = authdir_type_to_string(type);
  344. log_warn(LD_DIR, "Publishing server descriptor to directory authorities "
  345. "of type '%s', but no authorities of that type listed!", s);
  346. tor_free(s);
  347. }
  348. }
  349. /** Return true iff, according to the values in <b>options</b>, we should be
  350. * using directory guards for direct downloads of directory information. */
  351. STATIC int
  352. should_use_directory_guards(const or_options_t *options)
  353. {
  354. /* Public (non-bridge) servers never use directory guards. */
  355. if (public_server_mode(options))
  356. return 0;
  357. /* If guards are disabled, or directory guards are disabled, we can't
  358. * use directory guards.
  359. */
  360. if (!options->UseEntryGuards || !options->UseEntryGuardsAsDirGuards)
  361. return 0;
  362. /* If we're configured to fetch directory info aggressively or of a
  363. * nonstandard type, don't use directory guards. */
  364. if (options->DownloadExtraInfo || options->FetchDirInfoEarly ||
  365. options->FetchDirInfoExtraEarly || options->FetchUselessDescriptors)
  366. return 0;
  367. return 1;
  368. }
  369. /** Pick an unconstrained directory server from among our guards, the latest
  370. * networkstatus, or the fallback dirservers, for use in downloading
  371. * information of type <b>type</b>, and return its routerstatus. */
  372. static const routerstatus_t *
  373. directory_pick_generic_dirserver(dirinfo_type_t type, int pds_flags,
  374. uint8_t dir_purpose)
  375. {
  376. const routerstatus_t *rs = NULL;
  377. const or_options_t *options = get_options();
  378. if (options->UseBridges)
  379. log_warn(LD_BUG, "Called when we have UseBridges set.");
  380. if (should_use_directory_guards(options)) {
  381. const node_t *node = choose_random_dirguard(type);
  382. if (node)
  383. rs = node->rs;
  384. } else {
  385. /* anybody with a non-zero dirport will do */
  386. rs = router_pick_directory_server(type, pds_flags);
  387. }
  388. if (!rs) {
  389. log_info(LD_DIR, "No router found for %s; falling back to "
  390. "dirserver list.", dir_conn_purpose_to_string(dir_purpose));
  391. rs = router_pick_fallback_dirserver(type, pds_flags);
  392. }
  393. return rs;
  394. }
  395. /** Start a connection to a random running directory server, using
  396. * connection purpose <b>dir_purpose</b>, intending to fetch descriptors
  397. * of purpose <b>router_purpose</b>, and requesting <b>resource</b>.
  398. * Use <b>pds_flags</b> as arguments to router_pick_directory_server()
  399. * or router_pick_trusteddirserver().
  400. */
  401. MOCK_IMPL(void, directory_get_from_dirserver, (
  402. uint8_t dir_purpose,
  403. uint8_t router_purpose,
  404. const char *resource,
  405. int pds_flags,
  406. download_want_authority_t want_authority))
  407. {
  408. const routerstatus_t *rs = NULL;
  409. const or_options_t *options = get_options();
  410. int prefer_authority = (directory_fetches_from_authorities(options)
  411. || want_authority == DL_WANT_AUTHORITY);
  412. int require_authority = 0;
  413. int get_via_tor = purpose_needs_anonymity(dir_purpose, router_purpose);
  414. dirinfo_type_t type = dir_fetch_type(dir_purpose, router_purpose, resource);
  415. time_t if_modified_since = 0;
  416. if (type == NO_DIRINFO)
  417. return;
  418. if (dir_purpose == DIR_PURPOSE_FETCH_CONSENSUS) {
  419. int flav = FLAV_NS;
  420. networkstatus_t *v;
  421. if (resource)
  422. flav = networkstatus_parse_flavor_name(resource);
  423. /* DEFAULT_IF_MODIFIED_SINCE_DELAY is 1/20 of the default consensus
  424. * period of 1 hour.
  425. */
  426. #define DEFAULT_IF_MODIFIED_SINCE_DELAY (180)
  427. if (flav != -1) {
  428. /* IF we have a parsed consensus of this type, we can do an
  429. * if-modified-time based on it. */
  430. v = networkstatus_get_latest_consensus_by_flavor(flav);
  431. if (v) {
  432. /* In networks with particularly short V3AuthVotingIntervals,
  433. * ask for the consensus if it's been modified since half the
  434. * V3AuthVotingInterval of the most recent consensus. */
  435. time_t ims_delay = DEFAULT_IF_MODIFIED_SINCE_DELAY;
  436. if (v->fresh_until > v->valid_after
  437. && ims_delay > (v->fresh_until - v->valid_after)/2) {
  438. ims_delay = (v->fresh_until - v->valid_after)/2;
  439. }
  440. if_modified_since = v->valid_after + ims_delay;
  441. }
  442. } else {
  443. /* Otherwise it might be a consensus we don't parse, but which we
  444. * do cache. Look at the cached copy, perhaps. */
  445. cached_dir_t *cd = dirserv_get_consensus(resource);
  446. /* We have no method of determining the voting interval from an
  447. * unparsed consensus, so we use the default. */
  448. if (cd)
  449. if_modified_since = cd->published + DEFAULT_IF_MODIFIED_SINCE_DELAY;
  450. }
  451. }
  452. if (!options->FetchServerDescriptors)
  453. return;
  454. if (!get_via_tor) {
  455. if (options->UseBridges && !(type & BRIDGE_DIRINFO)) {
  456. /* We want to ask a running bridge for which we have a descriptor.
  457. *
  458. * When we ask choose_random_entry() for a bridge, we specify what
  459. * sort of dir fetch we'll be doing, so it won't return a bridge
  460. * that can't answer our question.
  461. */
  462. const node_t *node = choose_random_dirguard(type);
  463. if (node && node->ri) {
  464. /* every bridge has a routerinfo. */
  465. routerinfo_t *ri = node->ri;
  466. /* clients always make OR connections to bridges */
  467. tor_addr_port_t or_ap;
  468. /* we are willing to use a non-preferred address if we need to */
  469. fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0,
  470. &or_ap);
  471. directory_initiate_command(&or_ap.addr, or_ap.port,
  472. NULL, 0, /*no dirport*/
  473. ri->cache_info.identity_digest,
  474. dir_purpose,
  475. router_purpose,
  476. DIRIND_ONEHOP,
  477. resource, NULL, 0, if_modified_since);
  478. } else
  479. log_notice(LD_DIR, "Ignoring directory request, since no bridge "
  480. "nodes are available yet.");
  481. return;
  482. } else {
  483. if (prefer_authority || (type & BRIDGE_DIRINFO)) {
  484. /* only ask authdirservers, and don't ask myself */
  485. rs = router_pick_trusteddirserver(type, pds_flags);
  486. if (rs == NULL && (pds_flags & (PDS_NO_EXISTING_SERVERDESC_FETCH|
  487. PDS_NO_EXISTING_MICRODESC_FETCH))) {
  488. /* We don't want to fetch from any authorities that we're currently
  489. * fetching server descriptors from, and we got no match. Did we
  490. * get no match because all the authorities have connections
  491. * fetching server descriptors (in which case we should just
  492. * return,) or because all the authorities are down or on fire or
  493. * unreachable or something (in which case we should go on with
  494. * our fallback code)? */
  495. pds_flags &= ~(PDS_NO_EXISTING_SERVERDESC_FETCH|
  496. PDS_NO_EXISTING_MICRODESC_FETCH);
  497. rs = router_pick_trusteddirserver(type, pds_flags);
  498. if (rs) {
  499. log_debug(LD_DIR, "Deferring serverdesc fetch: all authorities "
  500. "are in use.");
  501. return;
  502. }
  503. }
  504. if (rs == NULL && require_authority) {
  505. log_info(LD_DIR, "No authorities were available for %s: will try "
  506. "later.", dir_conn_purpose_to_string(dir_purpose));
  507. return;
  508. }
  509. }
  510. if (!rs && !(type & BRIDGE_DIRINFO)) {
  511. /* */
  512. rs = directory_pick_generic_dirserver(type, pds_flags,
  513. dir_purpose);
  514. if (!rs)
  515. get_via_tor = 1; /* last resort: try routing it via Tor */
  516. }
  517. }
  518. }
  519. if (get_via_tor) {
  520. /* Never use fascistfirewall; we're going via Tor. */
  521. pds_flags |= PDS_IGNORE_FASCISTFIREWALL;
  522. rs = router_pick_directory_server(type, pds_flags);
  523. }
  524. /* If we have any hope of building an indirect conn, we know some router
  525. * descriptors. If (rs==NULL), we can't build circuits anyway, so
  526. * there's no point in falling back to the authorities in this case. */
  527. if (rs) {
  528. const dir_indirection_t indirection =
  529. get_via_tor ? DIRIND_ANONYMOUS : DIRIND_ONEHOP;
  530. directory_initiate_command_routerstatus(rs, dir_purpose,
  531. router_purpose,
  532. indirection,
  533. resource, NULL, 0,
  534. if_modified_since);
  535. } else {
  536. log_notice(LD_DIR,
  537. "While fetching directory info, "
  538. "no running dirservers known. Will try again later. "
  539. "(purpose %d)", dir_purpose);
  540. if (!purpose_needs_anonymity(dir_purpose, router_purpose)) {
  541. /* remember we tried them all and failed. */
  542. directory_all_unreachable(time(NULL));
  543. }
  544. }
  545. }
  546. /** As directory_get_from_dirserver, but initiates a request to <i>every</i>
  547. * directory authority other than ourself. Only for use by authorities when
  548. * searching for missing information while voting. */
  549. void
  550. directory_get_from_all_authorities(uint8_t dir_purpose,
  551. uint8_t router_purpose,
  552. const char *resource)
  553. {
  554. tor_assert(dir_purpose == DIR_PURPOSE_FETCH_STATUS_VOTE ||
  555. dir_purpose == DIR_PURPOSE_FETCH_DETACHED_SIGNATURES);
  556. SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
  557. dir_server_t *, ds) {
  558. routerstatus_t *rs;
  559. if (router_digest_is_me(ds->digest))
  560. continue;
  561. if (!(ds->type & V3_DIRINFO))
  562. continue;
  563. rs = &ds->fake_status;
  564. directory_initiate_command_routerstatus(rs, dir_purpose, router_purpose,
  565. DIRIND_ONEHOP, resource, NULL,
  566. 0, 0);
  567. } SMARTLIST_FOREACH_END(ds);
  568. }
  569. /** Return true iff <b>ind</b> requires a multihop circuit. */
  570. static int
  571. dirind_is_anon(dir_indirection_t ind)
  572. {
  573. return ind == DIRIND_ANON_DIRPORT || ind == DIRIND_ANONYMOUS;
  574. }
  575. /* Choose reachable OR and Dir addresses and ports from status, copying them
  576. * into use_or_ap and use_dir_ap. If indirection is anonymous, then we're
  577. * connecting via another relay, so choose the primary IPv4 address and ports.
  578. *
  579. * status should have at least one reachable address, if we can't choose a
  580. * reachable address, warn and return -1. Otherwise, return 0.
  581. */
  582. static int
  583. directory_choose_address_routerstatus(const routerstatus_t *status,
  584. dir_indirection_t indirection,
  585. tor_addr_port_t *use_or_ap,
  586. tor_addr_port_t *use_dir_ap)
  587. {
  588. tor_assert(status != NULL);
  589. tor_assert(use_or_ap != NULL);
  590. tor_assert(use_dir_ap != NULL);
  591. const or_options_t *options = get_options();
  592. int have_or = 0, have_dir = 0;
  593. /* We expect status to have at least one reachable address if we're
  594. * connecting to it directly.
  595. *
  596. * Therefore, we can simply use the other address if the one we want isn't
  597. * allowed by the firewall.
  598. *
  599. * (When Tor uploads and downloads a hidden service descriptor, it uses
  600. * DIRIND_ANONYMOUS, except for Tor2Web, which uses DIRIND_ONEHOP.
  601. * So this code will only modify the address for Tor2Web's HS descriptor
  602. * fetches. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS, to avoid
  603. * HSDirs denying service by rejecting descriptors.)
  604. */
  605. /* Initialise the OR / Dir addresses */
  606. tor_addr_make_null(&use_or_ap->addr, AF_UNSPEC);
  607. use_or_ap->port = 0;
  608. tor_addr_make_null(&use_dir_ap->addr, AF_UNSPEC);
  609. use_dir_ap->port = 0;
  610. /* ORPort connections */
  611. if (indirection == DIRIND_ANONYMOUS) {
  612. if (status->addr) {
  613. /* Since we're going to build a 3-hop circuit and ask the 2nd relay
  614. * to extend to this address, always use the primary (IPv4) OR address */
  615. tor_addr_from_ipv4h(&use_or_ap->addr, status->addr);
  616. use_or_ap->port = status->or_port;
  617. have_or = 1;
  618. }
  619. } else if (indirection == DIRIND_ONEHOP) {
  620. /* We use an IPv6 address if we have one and we prefer it.
  621. * Use the preferred address and port if they are reachable, otherwise,
  622. * use the alternate address and port (if any).
  623. */
  624. have_or = fascist_firewall_choose_address_rs(status,
  625. FIREWALL_OR_CONNECTION, 0,
  626. use_or_ap);
  627. }
  628. /* DirPort connections
  629. * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */
  630. if (indirection == DIRIND_DIRECT_CONN ||
  631. indirection == DIRIND_ANON_DIRPORT ||
  632. (indirection == DIRIND_ONEHOP
  633. && !directory_must_use_begindir(options))) {
  634. have_dir = fascist_firewall_choose_address_rs(status,
  635. FIREWALL_DIR_CONNECTION, 0,
  636. use_dir_ap);
  637. }
  638. /* We rejected all addresses in the relay's status. This means we can't
  639. * connect to it. */
  640. if (!have_or && !have_dir) {
  641. static int logged_backtrace = 0;
  642. log_info(LD_BUG, "Rejected all OR and Dir addresses from %s when "
  643. "launching an outgoing directory connection to: IPv4 %s OR %d "
  644. "Dir %d IPv6 %s OR %d Dir %d", routerstatus_describe(status),
  645. fmt_addr32(status->addr), status->or_port,
  646. status->dir_port, fmt_addr(&status->ipv6_addr),
  647. status->ipv6_orport, status->dir_port);
  648. if (!logged_backtrace) {
  649. log_backtrace(LOG_INFO, LD_BUG, "Addresses came from");
  650. logged_backtrace = 1;
  651. }
  652. return -1;
  653. }
  654. return 0;
  655. }
  656. /** Same as directory_initiate_command_routerstatus(), but accepts
  657. * rendezvous data to fetch a hidden service descriptor. */
  658. void
  659. directory_initiate_command_routerstatus_rend(const routerstatus_t *status,
  660. uint8_t dir_purpose,
  661. uint8_t router_purpose,
  662. dir_indirection_t indirection,
  663. const char *resource,
  664. const char *payload,
  665. size_t payload_len,
  666. time_t if_modified_since,
  667. const rend_data_t *rend_query)
  668. {
  669. const or_options_t *options = get_options();
  670. const node_t *node;
  671. tor_addr_port_t use_or_ap, use_dir_ap;
  672. const int anonymized_connection = dirind_is_anon(indirection);
  673. tor_assert(status != NULL);
  674. node = node_get_by_id(status->identity_digest);
  675. /* XXX The below check is wrong: !node means it's not in the consensus,
  676. * but we haven't checked if we have a descriptor for it -- and also,
  677. * we only care about the descriptor if it's a begindir-style anonymized
  678. * connection. */
  679. if (!node && anonymized_connection) {
  680. log_info(LD_DIR, "Not sending anonymized request to directory '%s'; we "
  681. "don't have its router descriptor.",
  682. routerstatus_describe(status));
  683. return;
  684. }
  685. if (options->ExcludeNodes && options->StrictNodes &&
  686. routerset_contains_routerstatus(options->ExcludeNodes, status, -1)) {
  687. log_warn(LD_DIR, "Wanted to contact directory mirror %s for %s, but "
  688. "it's in our ExcludedNodes list and StrictNodes is set. "
  689. "Skipping. This choice might make your Tor not work.",
  690. routerstatus_describe(status),
  691. dir_conn_purpose_to_string(dir_purpose));
  692. return;
  693. }
  694. /* At this point, if we are a client making a direct connection to a
  695. * directory server, we have selected a server that has at least one address
  696. * allowed by ClientUseIPv4/6 and Reachable{"",OR,Dir}Addresses. This
  697. * selection uses the preference in ClientPreferIPv6{OR,Dir}Port, if
  698. * possible. (If UseBridges is set, clients always use IPv6, and prefer it
  699. * by default.)
  700. *
  701. * Now choose an address that we can use to connect to the directory server.
  702. */
  703. if (directory_choose_address_routerstatus(status, indirection, &use_or_ap,
  704. &use_dir_ap) < 0) {
  705. return;
  706. }
  707. /* We don't retry the alternate OR/Dir address for the same directory if
  708. * the address we choose fails (#6772).
  709. * Instead, we'll retry another directory on failure. */
  710. directory_initiate_command_rend(&use_or_ap, &use_dir_ap,
  711. status->identity_digest,
  712. dir_purpose, router_purpose,
  713. indirection, resource,
  714. payload, payload_len, if_modified_since,
  715. rend_query);
  716. }
  717. /** Launch a new connection to the directory server <b>status</b> to
  718. * upload or download a server or rendezvous
  719. * descriptor. <b>dir_purpose</b> determines what
  720. * kind of directory connection we're launching, and must be one of
  721. * DIR_PURPOSE_{FETCH|UPLOAD}_{DIR|RENDDESC_V2}. <b>router_purpose</b>
  722. * specifies the descriptor purposes we have in mind (currently only
  723. * used for FETCH_DIR).
  724. *
  725. * When uploading, <b>payload</b> and <b>payload_len</b> determine the content
  726. * of the HTTP post. Otherwise, <b>payload</b> should be NULL.
  727. *
  728. * When fetching a rendezvous descriptor, <b>resource</b> is the service ID we
  729. * want to fetch.
  730. */
  731. MOCK_IMPL(void, directory_initiate_command_routerstatus,
  732. (const routerstatus_t *status,
  733. uint8_t dir_purpose,
  734. uint8_t router_purpose,
  735. dir_indirection_t indirection,
  736. const char *resource,
  737. const char *payload,
  738. size_t payload_len,
  739. time_t if_modified_since))
  740. {
  741. directory_initiate_command_routerstatus_rend(status, dir_purpose,
  742. router_purpose,
  743. indirection, resource,
  744. payload, payload_len,
  745. if_modified_since, NULL);
  746. }
  747. /** Return true iff <b>conn</b> is the client side of a directory connection
  748. * we launched to ourself in order to determine the reachability of our
  749. * dir_port. */
  750. static int
  751. directory_conn_is_self_reachability_test(dir_connection_t *conn)
  752. {
  753. if (conn->requested_resource &&
  754. !strcmpstart(conn->requested_resource,"authority")) {
  755. const routerinfo_t *me = router_get_my_routerinfo();
  756. if (me &&
  757. router_digest_is_me(conn->identity_digest) &&
  758. tor_addr_eq_ipv4h(&conn->base_.addr, me->addr) && /*XXXX prop 118*/
  759. me->dir_port == conn->base_.port)
  760. return 1;
  761. }
  762. return 0;
  763. }
  764. /** Called when we are unable to complete the client's request to a directory
  765. * server due to a network error: Mark the router as down and try again if
  766. * possible.
  767. */
  768. static void
  769. connection_dir_request_failed(dir_connection_t *conn)
  770. {
  771. if (directory_conn_is_self_reachability_test(conn)) {
  772. return; /* this was a test fetch. don't retry. */
  773. }
  774. if (!entry_list_is_constrained(get_options()))
  775. router_set_status(conn->identity_digest, 0); /* don't try this one again */
  776. if (conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
  777. conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO) {
  778. log_info(LD_DIR, "Giving up on serverdesc/extrainfo fetch from "
  779. "directory server at '%s'; retrying",
  780. conn->base_.address);
  781. if (conn->router_purpose == ROUTER_PURPOSE_BRIDGE)
  782. connection_dir_bridge_routerdesc_failed(conn);
  783. connection_dir_download_routerdesc_failed(conn);
  784. } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_CONSENSUS) {
  785. if (conn->requested_resource)
  786. networkstatus_consensus_download_failed(0, conn->requested_resource);
  787. } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_CERTIFICATE) {
  788. log_info(LD_DIR, "Giving up on certificate fetch from directory server "
  789. "at '%s'; retrying",
  790. conn->base_.address);
  791. connection_dir_download_cert_failed(conn, 0);
  792. } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_DETACHED_SIGNATURES) {
  793. log_info(LD_DIR, "Giving up downloading detached signatures from '%s'",
  794. conn->base_.address);
  795. } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_STATUS_VOTE) {
  796. log_info(LD_DIR, "Giving up downloading votes from '%s'",
  797. conn->base_.address);
  798. } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC) {
  799. log_info(LD_DIR, "Giving up on downloading microdescriptors from "
  800. "directory server at '%s'; will retry", conn->base_.address);
  801. connection_dir_download_routerdesc_failed(conn);
  802. }
  803. }
  804. /** Helper: Attempt to fetch directly the descriptors of each bridge
  805. * listed in <b>failed</b>.
  806. */
  807. static void
  808. connection_dir_retry_bridges(smartlist_t *descs)
  809. {
  810. char digest[DIGEST_LEN];
  811. SMARTLIST_FOREACH(descs, const char *, cp,
  812. {
  813. if (base16_decode(digest, DIGEST_LEN, cp, strlen(cp)) != DIGEST_LEN) {
  814. log_warn(LD_BUG, "Malformed fingerprint in list: %s",
  815. escaped(cp));
  816. continue;
  817. }
  818. retry_bridge_descriptor_fetch_directly(digest);
  819. });
  820. }
  821. /** Called when an attempt to download one or more router descriptors
  822. * or extra-info documents on connection <b>conn</b> failed.
  823. */
  824. static void
  825. connection_dir_download_routerdesc_failed(dir_connection_t *conn)
  826. {
  827. /* No need to increment the failure count for routerdescs, since
  828. * it's not their fault. */
  829. /* No need to relaunch descriptor downloads here: we already do it
  830. * every 10 or 60 seconds (FOO_DESCRIPTOR_RETRY_INTERVAL) in main.c. */
  831. tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
  832. conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO ||
  833. conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC);
  834. (void) conn;
  835. }
  836. /** Called when an attempt to download a bridge's routerdesc from
  837. * one of the authorities failed due to a network error. If
  838. * possible attempt to download descriptors from the bridge directly.
  839. */
  840. static void
  841. connection_dir_bridge_routerdesc_failed(dir_connection_t *conn)
  842. {
  843. smartlist_t *which = NULL;
  844. /* Requests for bridge descriptors are in the form 'fp/', so ignore
  845. anything else. */
  846. if (!conn->requested_resource || strcmpstart(conn->requested_resource,"fp/"))
  847. return;
  848. which = smartlist_new();
  849. dir_split_resource_into_fingerprints(conn->requested_resource
  850. + strlen("fp/"),
  851. which, NULL, 0);
  852. tor_assert(conn->base_.purpose != DIR_PURPOSE_FETCH_EXTRAINFO);
  853. if (smartlist_len(which)) {
  854. connection_dir_retry_bridges(which);
  855. SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
  856. }
  857. smartlist_free(which);
  858. }
  859. /** Called when an attempt to fetch a certificate fails. */
  860. static void
  861. connection_dir_download_cert_failed(dir_connection_t *conn, int status)
  862. {
  863. const char *fp_pfx = "fp/";
  864. const char *fpsk_pfx = "fp-sk/";
  865. smartlist_t *failed;
  866. tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_CERTIFICATE);
  867. if (!conn->requested_resource)
  868. return;
  869. failed = smartlist_new();
  870. /*
  871. * We have two cases download by fingerprint (resource starts
  872. * with "fp/") or download by fingerprint/signing key pair
  873. * (resource starts with "fp-sk/").
  874. */
  875. if (!strcmpstart(conn->requested_resource, fp_pfx)) {
  876. /* Download by fingerprint case */
  877. dir_split_resource_into_fingerprints(conn->requested_resource +
  878. strlen(fp_pfx),
  879. failed, NULL, DSR_HEX);
  880. SMARTLIST_FOREACH_BEGIN(failed, char *, cp) {
  881. /* Null signing key digest indicates download by fp only */
  882. authority_cert_dl_failed(cp, NULL, status);
  883. tor_free(cp);
  884. } SMARTLIST_FOREACH_END(cp);
  885. } else if (!strcmpstart(conn->requested_resource, fpsk_pfx)) {
  886. /* Download by (fp,sk) pairs */
  887. dir_split_resource_into_fingerprint_pairs(conn->requested_resource +
  888. strlen(fpsk_pfx), failed);
  889. SMARTLIST_FOREACH_BEGIN(failed, fp_pair_t *, cp) {
  890. authority_cert_dl_failed(cp->first, cp->second, status);
  891. tor_free(cp);
  892. } SMARTLIST_FOREACH_END(cp);
  893. } else {
  894. log_warn(LD_DIR,
  895. "Don't know what to do with failure for cert fetch %s",
  896. conn->requested_resource);
  897. }
  898. smartlist_free(failed);
  899. update_certificate_downloads(time(NULL));
  900. }
  901. /* Should this tor instance only use begindir for all its directory requests?
  902. */
  903. int
  904. directory_must_use_begindir(const or_options_t *options)
  905. {
  906. /* Clients, onion services, and bridges must use begindir,
  907. * relays and authorities do not have to */
  908. return !public_server_mode(options);
  909. }
  910. /** Evaluate the situation and decide if we should use an encrypted
  911. * "begindir-style" connection for this directory request.
  912. * 1) If or_port is 0, or it's a direct conn and or_port is firewalled
  913. * or we're a dir mirror, no.
  914. * 2) If we prefer to avoid begindir conns, and we're not fetching or
  915. * publishing a bridge relay descriptor, no.
  916. * 3) Else yes.
  917. * If returning 0, return in *reason why we can't use begindir.
  918. * reason must not be NULL.
  919. */
  920. static int
  921. directory_command_should_use_begindir(const or_options_t *options,
  922. const tor_addr_t *addr,
  923. int or_port, uint8_t router_purpose,
  924. dir_indirection_t indirection,
  925. const char **reason)
  926. {
  927. (void) router_purpose;
  928. tor_assert(reason);
  929. *reason = NULL;
  930. /* Reasons why we can't possibly use begindir */
  931. if (!or_port) {
  932. *reason = "directory with unknown ORPort";
  933. return 0; /* We don't know an ORPort -- no chance. */
  934. }
  935. if (indirection == DIRIND_DIRECT_CONN ||
  936. indirection == DIRIND_ANON_DIRPORT) {
  937. *reason = "DirPort connection";
  938. return 0;
  939. }
  940. if (indirection == DIRIND_ONEHOP) {
  941. /* We're firewalled and want a direct OR connection */
  942. if (!fascist_firewall_allows_address_addr(addr, or_port,
  943. FIREWALL_OR_CONNECTION, 0, 0)) {
  944. *reason = "ORPort not reachable";
  945. return 0;
  946. }
  947. }
  948. /* Reasons why we want to avoid using begindir */
  949. if (indirection == DIRIND_ONEHOP) {
  950. if (!directory_must_use_begindir(options)) {
  951. *reason = "in relay mode";
  952. return 0;
  953. }
  954. }
  955. /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS
  956. */
  957. *reason = "(using begindir)";
  958. return 1;
  959. }
  960. /** Helper for directory_initiate_command_rend: send the
  961. * command to a server whose OR address/port is <b>or_addr</b>/<b>or_port</b>,
  962. * whose directory address/port is <b>dir_addr</b>/<b>dir_port</b>, whose
  963. * identity key digest is <b>digest</b>, with purposes <b>dir_purpose</b> and
  964. * <b>router_purpose</b>, making an (in)direct connection as specified in
  965. * <b>indirection</b>, with command <b>resource</b>, <b>payload</b> of
  966. * <b>payload_len</b>, and asking for a result only <b>if_modified_since</b>.
  967. */
  968. void
  969. directory_initiate_command(const tor_addr_t *or_addr, uint16_t or_port,
  970. const tor_addr_t *dir_addr, uint16_t dir_port,
  971. const char *digest,
  972. uint8_t dir_purpose, uint8_t router_purpose,
  973. dir_indirection_t indirection, const char *resource,
  974. const char *payload, size_t payload_len,
  975. time_t if_modified_since)
  976. {
  977. tor_addr_port_t or_ap, dir_ap;
  978. /* Use the null tor_addr and 0 port if the address or port isn't valid. */
  979. if (tor_addr_port_is_valid(or_addr, or_port, 0)) {
  980. tor_addr_copy(&or_ap.addr, or_addr);
  981. or_ap.port = or_port;
  982. } else {
  983. /* the family doesn't matter here, so make it IPv4 */
  984. tor_addr_make_null(&or_ap.addr, AF_INET);
  985. or_ap.port = or_port = 0;
  986. }
  987. if (tor_addr_port_is_valid(dir_addr, dir_port, 0)) {
  988. tor_addr_copy(&dir_ap.addr, dir_addr);
  989. dir_ap.port = dir_port;
  990. } else {
  991. /* the family doesn't matter here, so make it IPv4 */
  992. tor_addr_make_null(&dir_ap.addr, AF_INET);
  993. dir_ap.port = dir_port = 0;
  994. }
  995. directory_initiate_command_rend(&or_ap, &dir_ap,
  996. digest, dir_purpose,
  997. router_purpose, indirection,
  998. resource, payload, payload_len,
  999. if_modified_since, NULL);
  1000. }
  1001. /** Return non-zero iff a directory connection with purpose
  1002. * <b>dir_purpose</b> reveals sensitive information about a Tor
  1003. * instance's client activities. (Such connections must be performed
  1004. * through normal three-hop Tor circuits.) */
  1005. int
  1006. is_sensitive_dir_purpose(uint8_t dir_purpose)
  1007. {
  1008. return ((dir_purpose == DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2) ||
  1009. (dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2) ||
  1010. (dir_purpose == DIR_PURPOSE_FETCH_RENDDESC_V2));
  1011. }
  1012. /** Same as directory_initiate_command(), but accepts rendezvous data to
  1013. * fetch a hidden service descriptor, and takes its address & port arguments
  1014. * as tor_addr_port_t. */
  1015. static void
  1016. directory_initiate_command_rend(const tor_addr_port_t *or_addr_port,
  1017. const tor_addr_port_t *dir_addr_port,
  1018. const char *digest,
  1019. uint8_t dir_purpose, uint8_t router_purpose,
  1020. dir_indirection_t indirection,
  1021. const char *resource,
  1022. const char *payload, size_t payload_len,
  1023. time_t if_modified_since,
  1024. const rend_data_t *rend_query)
  1025. {
  1026. tor_assert(or_addr_port);
  1027. tor_assert(dir_addr_port);
  1028. tor_assert(or_addr_port->port || dir_addr_port->port);
  1029. tor_assert(digest);
  1030. dir_connection_t *conn;
  1031. const or_options_t *options = get_options();
  1032. int socket_error = 0;
  1033. const char *begindir_reason = NULL;
  1034. /* Should the connection be to a relay's OR port (and inside that we will
  1035. * send our directory request)? */
  1036. const int use_begindir = directory_command_should_use_begindir(options,
  1037. &or_addr_port->addr, or_addr_port->port,
  1038. router_purpose, indirection,
  1039. &begindir_reason);
  1040. /* Will the connection go via a three-hop Tor circuit? Note that this
  1041. * is separate from whether it will use_begindir. */
  1042. const int anonymized_connection = dirind_is_anon(indirection);
  1043. /* What is the address we want to make the directory request to? If
  1044. * we're making a begindir request this is the ORPort of the relay
  1045. * we're contacting; if not a begindir request, this is its DirPort.
  1046. * Note that if anonymized_connection is true, we won't be initiating
  1047. * a connection directly to this address. */
  1048. tor_addr_t addr;
  1049. tor_addr_copy(&addr, &(use_begindir ? or_addr_port : dir_addr_port)->addr);
  1050. uint16_t port = (use_begindir ? or_addr_port : dir_addr_port)->port;
  1051. log_debug(LD_DIR, "anonymized %d, use_begindir %d.",
  1052. anonymized_connection, use_begindir);
  1053. log_debug(LD_DIR, "Initiating %s", dir_conn_purpose_to_string(dir_purpose));
  1054. if (is_sensitive_dir_purpose(dir_purpose)) {
  1055. tor_assert(anonymized_connection ||
  1056. rend_non_anonymous_mode_enabled(options));
  1057. }
  1058. /* use encrypted begindir connections for everything except relays
  1059. * this provides better protection for directory fetches */
  1060. if (!use_begindir && directory_must_use_begindir(options)) {
  1061. log_warn(LD_BUG, "Client could not use begindir connection: %s",
  1062. begindir_reason ? begindir_reason : "(NULL)");
  1063. return;
  1064. }
  1065. /* ensure that we don't make direct connections when a SOCKS server is
  1066. * configured. */
  1067. if (!anonymized_connection && !use_begindir && !options->HTTPProxy &&
  1068. (options->Socks4Proxy || options->Socks5Proxy)) {
  1069. log_warn(LD_DIR, "Cannot connect to a directory server through a "
  1070. "SOCKS proxy!");
  1071. return;
  1072. }
  1073. /* Make sure that the destination addr and port we picked is viable. */
  1074. if (!port || tor_addr_is_null(&addr)) {
  1075. static int logged_backtrace = 0;
  1076. log_warn(LD_DIR,
  1077. "Cannot make an outgoing %sconnection without %sPort.",
  1078. use_begindir ? "begindir " : "",
  1079. use_begindir ? "an OR" : "a Dir");
  1080. if (!logged_backtrace) {
  1081. log_backtrace(LOG_INFO, LD_BUG, "Address came from");
  1082. logged_backtrace = 1;
  1083. }
  1084. return;
  1085. }
  1086. conn = dir_connection_new(tor_addr_family(&addr));
  1087. /* set up conn so it's got all the data we need to remember */
  1088. tor_addr_copy(&conn->base_.addr, &addr);
  1089. conn->base_.port = port;
  1090. conn->base_.address = tor_addr_to_str_dup(&addr);
  1091. memcpy(conn->identity_digest, digest, DIGEST_LEN);
  1092. conn->base_.purpose = dir_purpose;
  1093. conn->router_purpose = router_purpose;
  1094. /* give it an initial state */
  1095. conn->base_.state = DIR_CONN_STATE_CONNECTING;
  1096. /* decide whether we can learn our IP address from this conn */
  1097. /* XXXX This is a bad name for this field now. */
  1098. conn->dirconn_direct = !anonymized_connection;
  1099. /* copy rendezvous data, if any */
  1100. if (rend_query)
  1101. conn->rend_data = rend_data_dup(rend_query);
  1102. if (!anonymized_connection && !use_begindir) {
  1103. /* then we want to connect to dirport directly */
  1104. if (options->HTTPProxy) {
  1105. tor_addr_copy(&addr, &options->HTTPProxyAddr);
  1106. port = options->HTTPProxyPort;
  1107. }
  1108. switch (connection_connect(TO_CONN(conn), conn->base_.address, &addr,
  1109. port, &socket_error)) {
  1110. case -1:
  1111. connection_mark_for_close(TO_CONN(conn));
  1112. return;
  1113. case 1:
  1114. /* start flushing conn */
  1115. conn->base_.state = DIR_CONN_STATE_CLIENT_SENDING;
  1116. /* fall through */
  1117. case 0:
  1118. /* queue the command on the outbuf */
  1119. directory_send_command(conn, dir_purpose, 1, resource,
  1120. payload, payload_len,
  1121. if_modified_since);
  1122. connection_watch_events(TO_CONN(conn), READ_EVENT | WRITE_EVENT);
  1123. /* writable indicates finish, readable indicates broken link,
  1124. error indicates broken link in windowsland. */
  1125. }
  1126. } else {
  1127. /* We will use a Tor circuit (maybe 1-hop, maybe 3-hop, maybe with
  1128. * begindir, maybe not with begindir) */
  1129. entry_connection_t *linked_conn;
  1130. /* Anonymized tunneled connections can never share a circuit.
  1131. * One-hop directory connections can share circuits with each other
  1132. * but nothing else. */
  1133. int iso_flags = anonymized_connection ? ISO_STREAM : ISO_SESSIONGRP;
  1134. /* If it's an anonymized connection, remember the fact that we
  1135. * wanted it for later: maybe we'll want it again soon. */
  1136. if (anonymized_connection && use_begindir)
  1137. rep_hist_note_used_internal(time(NULL), 0, 1);
  1138. else if (anonymized_connection && !use_begindir)
  1139. rep_hist_note_used_port(time(NULL), conn->base_.port);
  1140. /* make an AP connection
  1141. * populate it and add it at the right state
  1142. * hook up both sides
  1143. */
  1144. linked_conn =
  1145. connection_ap_make_link(TO_CONN(conn),
  1146. conn->base_.address, conn->base_.port,
  1147. digest,
  1148. SESSION_GROUP_DIRCONN, iso_flags,
  1149. use_begindir, !anonymized_connection);
  1150. if (!linked_conn) {
  1151. log_warn(LD_NET,"Making tunnel to dirserver failed.");
  1152. connection_mark_for_close(TO_CONN(conn));
  1153. return;
  1154. }
  1155. if (connection_add(TO_CONN(conn)) < 0) {
  1156. log_warn(LD_NET,"Unable to add connection for link to dirserver.");
  1157. connection_mark_for_close(TO_CONN(conn));
  1158. return;
  1159. }
  1160. conn->base_.state = DIR_CONN_STATE_CLIENT_SENDING;
  1161. /* queue the command on the outbuf */
  1162. directory_send_command(conn, dir_purpose, 0, resource,
  1163. payload, payload_len,
  1164. if_modified_since);
  1165. connection_watch_events(TO_CONN(conn), READ_EVENT|WRITE_EVENT);
  1166. connection_start_reading(ENTRY_TO_CONN(linked_conn));
  1167. }
  1168. }
  1169. /** Return true iff anything we say on <b>conn</b> is being encrypted before
  1170. * we send it to the client/server. */
  1171. int
  1172. connection_dir_is_encrypted(dir_connection_t *conn)
  1173. {
  1174. /* Right now it's sufficient to see if conn is or has been linked, since
  1175. * the only thing it could be linked to is an edge connection on a
  1176. * circuit, and the only way it could have been unlinked is at the edge
  1177. * connection getting closed.
  1178. */
  1179. return TO_CONN(conn)->linked;
  1180. }
  1181. /** Helper for sorting
  1182. *
  1183. * sort strings alphabetically
  1184. */
  1185. static int
  1186. compare_strs_(const void **a, const void **b)
  1187. {
  1188. const char *s1 = *a, *s2 = *b;
  1189. return strcmp(s1, s2);
  1190. }
  1191. #define CONDITIONAL_CONSENSUS_FPR_LEN 3
  1192. #if (CONDITIONAL_CONSENSUS_FPR_LEN > DIGEST_LEN)
  1193. #error "conditional consensus fingerprint length is larger than digest length"
  1194. #endif
  1195. /** Return the URL we should use for a consensus download.
  1196. *
  1197. * Use the "conditional consensus downloading" feature described in
  1198. * dir-spec.txt, i.e.
  1199. * GET .../consensus/<b>fpr</b>+<b>fpr</b>+<b>fpr</b>
  1200. *
  1201. * If 'resource' is provided, it is the name of a consensus flavor to request.
  1202. */
  1203. static char *
  1204. directory_get_consensus_url(const char *resource)
  1205. {
  1206. char *url = NULL;
  1207. const char *hyphen, *flavor;
  1208. if (resource==NULL || strcmp(resource, "ns")==0) {
  1209. flavor = ""; /* Request ns consensuses as "", so older servers will work*/
  1210. hyphen = "";
  1211. } else {
  1212. flavor = resource;
  1213. hyphen = "-";
  1214. }
  1215. {
  1216. char *authority_id_list;
  1217. smartlist_t *authority_digests = smartlist_new();
  1218. SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
  1219. dir_server_t *, ds) {
  1220. char *hex;
  1221. if (!(ds->type & V3_DIRINFO))
  1222. continue;
  1223. hex = tor_malloc(2*CONDITIONAL_CONSENSUS_FPR_LEN+1);
  1224. base16_encode(hex, 2*CONDITIONAL_CONSENSUS_FPR_LEN+1,
  1225. ds->v3_identity_digest, CONDITIONAL_CONSENSUS_FPR_LEN);
  1226. smartlist_add(authority_digests, hex);
  1227. } SMARTLIST_FOREACH_END(ds);
  1228. smartlist_sort(authority_digests, compare_strs_);
  1229. authority_id_list = smartlist_join_strings(authority_digests,
  1230. "+", 0, NULL);
  1231. tor_asprintf(&url, "/tor/status-vote/current/consensus%s%s/%s.z",
  1232. hyphen, flavor, authority_id_list);
  1233. SMARTLIST_FOREACH(authority_digests, char *, cp, tor_free(cp));
  1234. smartlist_free(authority_digests);
  1235. tor_free(authority_id_list);
  1236. }
  1237. return url;
  1238. }
  1239. /**
  1240. * Copies the ipv6 from source to destination, subject to buffer size limit
  1241. * size. If decorate is true, makes sure the copied address is decorated.
  1242. */
  1243. static void
  1244. copy_ipv6_address(char* destination, const char* source, size_t len,
  1245. int decorate) {
  1246. tor_assert(destination);
  1247. tor_assert(source);
  1248. if (decorate && source[0] != '[') {
  1249. tor_snprintf(destination, len, "[%s]", source);
  1250. } else {
  1251. strlcpy(destination, source, len);
  1252. }
  1253. }
  1254. /** Queue an appropriate HTTP command on conn-\>outbuf. The other args
  1255. * are as in directory_initiate_command().
  1256. */
  1257. static void
  1258. directory_send_command(dir_connection_t *conn,
  1259. int purpose, int direct, const char *resource,
  1260. const char *payload, size_t payload_len,
  1261. time_t if_modified_since)
  1262. {
  1263. char proxystring[256];
  1264. char hoststring[128];
  1265. /* NEEDS to be the same size hoststring.
  1266. Will be decorated with brackets around it if it is ipv6. */
  1267. char decorated_address[128];
  1268. smartlist_t *headers = smartlist_new();
  1269. char *url;
  1270. char request[8192];
  1271. const char *httpcommand = NULL;
  1272. tor_assert(conn);
  1273. tor_assert(conn->base_.type == CONN_TYPE_DIR);
  1274. tor_free(conn->requested_resource);
  1275. if (resource)
  1276. conn->requested_resource = tor_strdup(resource);
  1277. /* decorate the ip address if it is ipv6 */
  1278. if (strchr(conn->base_.address, ':')) {
  1279. copy_ipv6_address(decorated_address, conn->base_.address,
  1280. sizeof(decorated_address), 1);
  1281. } else {
  1282. strlcpy(decorated_address, conn->base_.address, sizeof(decorated_address));
  1283. }
  1284. /* come up with a string for which Host: we want */
  1285. if (conn->base_.port == 80) {
  1286. strlcpy(hoststring, decorated_address, sizeof(hoststring));
  1287. } else {
  1288. tor_snprintf(hoststring, sizeof(hoststring), "%s:%d",
  1289. decorated_address, conn->base_.port);
  1290. }
  1291. /* Format if-modified-since */
  1292. if (if_modified_since) {
  1293. char b[RFC1123_TIME_LEN+1];
  1294. format_rfc1123_time(b, if_modified_since);
  1295. smartlist_add_asprintf(headers, "If-Modified-Since: %s\r\n", b);
  1296. }
  1297. /* come up with some proxy lines, if we're using one. */
  1298. if (direct && get_options()->HTTPProxy) {
  1299. char *base64_authenticator=NULL;
  1300. const char *authenticator = get_options()->HTTPProxyAuthenticator;
  1301. tor_snprintf(proxystring, sizeof(proxystring),"http://%s", hoststring);
  1302. if (authenticator) {
  1303. base64_authenticator = alloc_http_authenticator(authenticator);
  1304. if (!base64_authenticator)
  1305. log_warn(LD_BUG, "Encoding http authenticator failed");
  1306. }
  1307. if (base64_authenticator) {
  1308. smartlist_add_asprintf(headers,
  1309. "Proxy-Authorization: Basic %s\r\n",
  1310. base64_authenticator);
  1311. tor_free(base64_authenticator);
  1312. }
  1313. } else {
  1314. proxystring[0] = 0;
  1315. }
  1316. switch (purpose) {
  1317. case DIR_PURPOSE_FETCH_CONSENSUS:
  1318. /* resource is optional. If present, it's a flavor name */
  1319. tor_assert(!payload);
  1320. httpcommand = "GET";
  1321. url = directory_get_consensus_url(resource);
  1322. log_info(LD_DIR, "Downloading consensus from %s using %s",
  1323. hoststring, url);
  1324. break;
  1325. case DIR_PURPOSE_FETCH_CERTIFICATE:
  1326. tor_assert(resource);
  1327. tor_assert(!payload);
  1328. httpcommand = "GET";
  1329. tor_asprintf(&url, "/tor/keys/%s", resource);
  1330. break;
  1331. case DIR_PURPOSE_FETCH_STATUS_VOTE:
  1332. tor_assert(resource);
  1333. tor_assert(!payload);
  1334. httpcommand = "GET";
  1335. tor_asprintf(&url, "/tor/status-vote/next/%s.z", resource);
  1336. break;
  1337. case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
  1338. tor_assert(!resource);
  1339. tor_assert(!payload);
  1340. httpcommand = "GET";
  1341. url = tor_strdup("/tor/status-vote/next/consensus-signatures.z");
  1342. break;
  1343. case DIR_PURPOSE_FETCH_SERVERDESC:
  1344. tor_assert(resource);
  1345. httpcommand = "GET";
  1346. tor_asprintf(&url, "/tor/server/%s", resource);
  1347. break;
  1348. case DIR_PURPOSE_FETCH_EXTRAINFO:
  1349. tor_assert(resource);
  1350. httpcommand = "GET";
  1351. tor_asprintf(&url, "/tor/extra/%s", resource);
  1352. break;
  1353. case DIR_PURPOSE_FETCH_MICRODESC:
  1354. tor_assert(resource);
  1355. httpcommand = "GET";
  1356. tor_asprintf(&url, "/tor/micro/%s", resource);
  1357. break;
  1358. case DIR_PURPOSE_UPLOAD_DIR: {
  1359. const char *why = router_get_descriptor_gen_reason();
  1360. tor_assert(!resource);
  1361. tor_assert(payload);
  1362. httpcommand = "POST";
  1363. url = tor_strdup("/tor/");
  1364. if (why) {
  1365. smartlist_add_asprintf(headers, "X-Desc-Gen-Reason: %s\r\n", why);
  1366. }
  1367. break;
  1368. }
  1369. case DIR_PURPOSE_UPLOAD_VOTE:
  1370. tor_assert(!resource);
  1371. tor_assert(payload);
  1372. httpcommand = "POST";
  1373. url = tor_strdup("/tor/post/vote");
  1374. break;
  1375. case DIR_PURPOSE_UPLOAD_SIGNATURES:
  1376. tor_assert(!resource);
  1377. tor_assert(payload);
  1378. httpcommand = "POST";
  1379. url = tor_strdup("/tor/post/consensus-signature");
  1380. break;
  1381. case DIR_PURPOSE_FETCH_RENDDESC_V2:
  1382. tor_assert(resource);
  1383. tor_assert(strlen(resource) <= REND_DESC_ID_V2_LEN_BASE32);
  1384. tor_assert(!payload);
  1385. httpcommand = "GET";
  1386. tor_asprintf(&url, "/tor/rendezvous2/%s", resource);
  1387. break;
  1388. case DIR_PURPOSE_UPLOAD_RENDDESC_V2:
  1389. tor_assert(!resource);
  1390. tor_assert(payload);
  1391. httpcommand = "POST";
  1392. url = tor_strdup("/tor/rendezvous2/publish");
  1393. break;
  1394. default:
  1395. tor_assert(0);
  1396. return;
  1397. }
  1398. /* warn in the non-tunneled case */
  1399. if (direct && (strlen(proxystring) + strlen(url) >= 4096)) {
  1400. log_warn(LD_BUG,
  1401. "Squid does not like URLs longer than 4095 bytes, and this "
  1402. "one is %d bytes long: %s%s",
  1403. (int)(strlen(proxystring) + strlen(url)), proxystring, url);
  1404. }
  1405. tor_snprintf(request, sizeof(request), "%s %s", httpcommand, proxystring);
  1406. connection_write_to_buf(request, strlen(request), TO_CONN(conn));
  1407. connection_write_to_buf(url, strlen(url), TO_CONN(conn));
  1408. tor_free(url);
  1409. if (!strcmp(httpcommand, "POST") || payload) {
  1410. smartlist_add_asprintf(headers, "Content-Length: %lu\r\n",
  1411. payload ? (unsigned long)payload_len : 0);
  1412. }
  1413. {
  1414. char *header = smartlist_join_strings(headers, "", 0, NULL);
  1415. tor_snprintf(request, sizeof(request), " HTTP/1.0\r\nHost: %s\r\n%s\r\n",
  1416. hoststring, header);
  1417. tor_free(header);
  1418. }
  1419. connection_write_to_buf(request, strlen(request), TO_CONN(conn));
  1420. if (payload) {
  1421. /* then send the payload afterwards too */
  1422. connection_write_to_buf(payload, payload_len, TO_CONN(conn));
  1423. }
  1424. SMARTLIST_FOREACH(headers, char *, h, tor_free(h));
  1425. smartlist_free(headers);
  1426. }
  1427. /** Parse an HTTP request string <b>headers</b> of the form
  1428. * \verbatim
  1429. * "\%s [http[s]://]\%s HTTP/1..."
  1430. * \endverbatim
  1431. * If it's well-formed, strdup the second \%s into *<b>url</b>, and
  1432. * nul-terminate it. If the url doesn't start with "/tor/", rewrite it
  1433. * so it does. Return 0.
  1434. * Otherwise, return -1.
  1435. */
  1436. STATIC int
  1437. parse_http_url(const char *headers, char **url)
  1438. {
  1439. char *s, *start, *tmp;
  1440. s = (char *)eat_whitespace_no_nl(headers);
  1441. if (!*s) return -1;
  1442. s = (char *)find_whitespace(s); /* get past GET/POST */
  1443. if (!*s) return -1;
  1444. s = (char *)eat_whitespace_no_nl(s);
  1445. if (!*s) return -1;
  1446. start = s; /* this is it, assuming it's valid */
  1447. s = (char *)find_whitespace(start);
  1448. if (!*s) return -1;
  1449. /* tolerate the http[s] proxy style of putting the hostname in the url */
  1450. if (s-start >= 4 && !strcmpstart(start,"http")) {
  1451. tmp = start + 4;
  1452. if (*tmp == 's')
  1453. tmp++;
  1454. if (s-tmp >= 3 && !strcmpstart(tmp,"://")) {
  1455. tmp = strchr(tmp+3, '/');
  1456. if (tmp && tmp < s) {
  1457. log_debug(LD_DIR,"Skipping over 'http[s]://hostname/' string");
  1458. start = tmp;
  1459. }
  1460. }
  1461. }
  1462. /* Check if the header is well formed (next sequence
  1463. * should be HTTP/1.X\r\n). Assumes we're supporting 1.0? */
  1464. {
  1465. unsigned minor_ver;
  1466. char ch;
  1467. char *e = (char *)eat_whitespace_no_nl(s);
  1468. if (2 != tor_sscanf(e, "HTTP/1.%u%c", &minor_ver, &ch)) {
  1469. return -1;
  1470. }
  1471. if (ch != '\r')
  1472. return -1;
  1473. }
  1474. if (s-start < 5 || strcmpstart(start,"/tor/")) { /* need to rewrite it */
  1475. *url = tor_malloc(s - start + 5);
  1476. strlcpy(*url,"/tor", s-start+5);
  1477. strlcat((*url)+4, start, s-start+1);
  1478. } else {
  1479. *url = tor_strndup(start, s-start);
  1480. }
  1481. return 0;
  1482. }
  1483. /** Return a copy of the first HTTP header in <b>headers</b> whose key is
  1484. * <b>which</b>. The key should be given with a terminating colon and space;
  1485. * this function copies everything after, up to but not including the
  1486. * following \\r\\n. */
  1487. static char *
  1488. http_get_header(const char *headers, const char *which)
  1489. {
  1490. const char *cp = headers;
  1491. while (cp) {
  1492. if (!strcasecmpstart(cp, which)) {
  1493. char *eos;
  1494. cp += strlen(which);
  1495. if ((eos = strchr(cp,'\r')))
  1496. return tor_strndup(cp, eos-cp);
  1497. else
  1498. return tor_strdup(cp);
  1499. }
  1500. cp = strchr(cp, '\n');
  1501. if (cp)
  1502. ++cp;
  1503. }
  1504. return NULL;
  1505. }
  1506. /** If <b>headers</b> indicates that a proxy was involved, then rewrite
  1507. * <b>conn</b>-\>address to describe our best guess of the address that
  1508. * originated this HTTP request. */
  1509. static void
  1510. http_set_address_origin(const char *headers, connection_t *conn)
  1511. {
  1512. char *fwd;
  1513. fwd = http_get_header(headers, "Forwarded-For: ");
  1514. if (!fwd)
  1515. fwd = http_get_header(headers, "X-Forwarded-For: ");
  1516. if (fwd) {
  1517. tor_addr_t toraddr;
  1518. if (tor_addr_parse(&toraddr,fwd) == -1 ||
  1519. tor_addr_is_internal(&toraddr,0)) {
  1520. log_debug(LD_DIR, "Ignoring local/internal IP %s", escaped(fwd));
  1521. tor_free(fwd);
  1522. return;
  1523. }
  1524. tor_free(conn->address);
  1525. conn->address = tor_strdup(fwd);
  1526. tor_free(fwd);
  1527. }
  1528. }
  1529. /** Parse an HTTP response string <b>headers</b> of the form
  1530. * \verbatim
  1531. * "HTTP/1.\%d \%d\%s\r\n...".
  1532. * \endverbatim
  1533. *
  1534. * If it's well-formed, assign the status code to *<b>code</b> and
  1535. * return 0. Otherwise, return -1.
  1536. *
  1537. * On success: If <b>date</b> is provided, set *date to the Date
  1538. * header in the http headers, or 0 if no such header is found. If
  1539. * <b>compression</b> is provided, set *<b>compression</b> to the
  1540. * compression method given in the Content-Encoding header, or 0 if no
  1541. * such header is found, or -1 if the value of the header is not
  1542. * recognized. If <b>reason</b> is provided, strdup the reason string
  1543. * into it.
  1544. */
  1545. int
  1546. parse_http_response(const char *headers, int *code, time_t *date,
  1547. compress_method_t *compression, char **reason)
  1548. {
  1549. unsigned n1, n2;
  1550. char datestr[RFC1123_TIME_LEN+1];
  1551. smartlist_t *parsed_headers;
  1552. tor_assert(headers);
  1553. tor_assert(code);
  1554. while (TOR_ISSPACE(*headers)) headers++; /* tolerate leading whitespace */
  1555. if (tor_sscanf(headers, "HTTP/1.%u %u", &n1, &n2) < 2 ||
  1556. (n1 != 0 && n1 != 1) ||
  1557. (n2 < 100 || n2 >= 600)) {
  1558. log_warn(LD_HTTP,"Failed to parse header %s",escaped(headers));
  1559. return -1;
  1560. }
  1561. *code = n2;
  1562. parsed_headers = smartlist_new();
  1563. smartlist_split_string(parsed_headers, headers, "\n",
  1564. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
  1565. if (reason) {
  1566. smartlist_t *status_line_elements = smartlist_new();
  1567. tor_assert(smartlist_len(parsed_headers));
  1568. smartlist_split_string(status_line_elements,
  1569. smartlist_get(parsed_headers, 0),
  1570. " ", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
  1571. tor_assert(smartlist_len(status_line_elements) <= 3);
  1572. if (smartlist_len(status_line_elements) == 3) {
  1573. *reason = smartlist_get(status_line_elements, 2);
  1574. smartlist_set(status_line_elements, 2, NULL); /* Prevent free */
  1575. }
  1576. SMARTLIST_FOREACH(status_line_elements, char *, cp, tor_free(cp));
  1577. smartlist_free(status_line_elements);
  1578. }
  1579. if (date) {
  1580. *date = 0;
  1581. SMARTLIST_FOREACH(parsed_headers, const char *, s,
  1582. if (!strcmpstart(s, "Date: ")) {
  1583. strlcpy(datestr, s+6, sizeof(datestr));
  1584. /* This will do nothing on failure, so we don't need to check
  1585. the result. We shouldn't warn, since there are many other valid
  1586. date formats besides the one we use. */
  1587. parse_rfc1123_time(datestr, date);
  1588. break;
  1589. });
  1590. }
  1591. if (compression) {
  1592. const char *enc = NULL;
  1593. SMARTLIST_FOREACH(parsed_headers, const char *, s,
  1594. if (!strcmpstart(s, "Content-Encoding: ")) {
  1595. enc = s+18; break;
  1596. });
  1597. if (!enc || !strcmp(enc, "identity")) {
  1598. *compression = NO_METHOD;
  1599. } else if (!strcmp(enc, "deflate") || !strcmp(enc, "x-deflate")) {
  1600. *compression = ZLIB_METHOD;
  1601. } else if (!strcmp(enc, "gzip") || !strcmp(enc, "x-gzip")) {
  1602. *compression = GZIP_METHOD;
  1603. } else {
  1604. log_info(LD_HTTP, "Unrecognized content encoding: %s. Trying to deal.",
  1605. escaped(enc));
  1606. *compression = UNKNOWN_METHOD;
  1607. }
  1608. }
  1609. SMARTLIST_FOREACH(parsed_headers, char *, s, tor_free(s));
  1610. smartlist_free(parsed_headers);
  1611. return 0;
  1612. }
  1613. /** Return true iff <b>body</b> doesn't start with a plausible router or
  1614. * network-status or microdescriptor opening. This is a sign of possible
  1615. * compression. */
  1616. static int
  1617. body_is_plausible(const char *body, size_t len, int purpose)
  1618. {
  1619. int i;
  1620. if (len == 0)
  1621. return 1; /* empty bodies don't need decompression */
  1622. if (len < 32)
  1623. return 0;
  1624. if (purpose == DIR_PURPOSE_FETCH_MICRODESC) {
  1625. return (!strcmpstart(body,"onion-key"));
  1626. }
  1627. if (1) {
  1628. if (!strcmpstart(body,"router") ||
  1629. !strcmpstart(body,"network-status"))
  1630. return 1;
  1631. for (i=0;i<32;++i) {
  1632. if (!TOR_ISPRINT(body[i]) && !TOR_ISSPACE(body[i]))
  1633. return 0;
  1634. }
  1635. }
  1636. return 1;
  1637. }
  1638. /** Called when we've just fetched a bunch of router descriptors in
  1639. * <b>body</b>. The list <b>which</b>, if present, holds digests for
  1640. * descriptors we requested: descriptor digests if <b>descriptor_digests</b>
  1641. * is true, or identity digests otherwise. Parse the descriptors, validate
  1642. * them, and annotate them as having purpose <b>purpose</b> and as having been
  1643. * downloaded from <b>source</b>.
  1644. *
  1645. * Return the number of routers actually added. */
  1646. static int
  1647. load_downloaded_routers(const char *body, smartlist_t *which,
  1648. int descriptor_digests,
  1649. int router_purpose,
  1650. const char *source)
  1651. {
  1652. char buf[256];
  1653. char time_buf[ISO_TIME_LEN+1];
  1654. int added = 0;
  1655. int general = router_purpose == ROUTER_PURPOSE_GENERAL;
  1656. format_iso_time(time_buf, time(NULL));
  1657. tor_assert(source);
  1658. if (tor_snprintf(buf, sizeof(buf),
  1659. "@downloaded-at %s\n"
  1660. "@source %s\n"
  1661. "%s%s%s", time_buf, escaped(source),
  1662. !general ? "@purpose " : "",
  1663. !general ? router_purpose_to_string(router_purpose) : "",
  1664. !general ? "\n" : "")<0)
  1665. return added;
  1666. added = router_load_routers_from_string(body, NULL, SAVED_NOWHERE, which,
  1667. descriptor_digests, buf);
  1668. if (added && general)
  1669. control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
  1670. count_loading_descriptors_progress());
  1671. return added;
  1672. }
  1673. /** We are a client, and we've finished reading the server's
  1674. * response. Parse it and act appropriately.
  1675. *
  1676. * If we're still happy with using this directory server in the future, return
  1677. * 0. Otherwise return -1; and the caller should consider trying the request
  1678. * again.
  1679. *
  1680. * The caller will take care of marking the connection for close.
  1681. */
  1682. static int
  1683. connection_dir_client_reached_eof(dir_connection_t *conn)
  1684. {
  1685. char *body;
  1686. char *headers;
  1687. char *reason = NULL;
  1688. size_t body_len = 0;
  1689. int status_code;
  1690. time_t date_header = 0;
  1691. long apparent_skew;
  1692. compress_method_t compression;
  1693. int plausible;
  1694. int skewed = 0;
  1695. int allow_partial = (conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
  1696. conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO ||
  1697. conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC);
  1698. time_t now = time(NULL);
  1699. int src_code;
  1700. switch (connection_fetch_from_buf_http(TO_CONN(conn),
  1701. &headers, MAX_HEADERS_SIZE,
  1702. &body, &body_len, MAX_DIR_DL_SIZE,
  1703. allow_partial)) {
  1704. case -1: /* overflow */
  1705. log_warn(LD_PROTOCOL,
  1706. "'fetch' response too large (server '%s:%d'). Closing.",
  1707. conn->base_.address, conn->base_.port);
  1708. return -1;
  1709. case 0:
  1710. log_info(LD_HTTP,
  1711. "'fetch' response not all here, but we're at eof. Closing.");
  1712. return -1;
  1713. /* case 1, fall through */
  1714. }
  1715. if (parse_http_response(headers, &status_code, &date_header,
  1716. &compression, &reason) < 0) {
  1717. log_warn(LD_HTTP,"Unparseable headers (server '%s:%d'). Closing.",
  1718. conn->base_.address, conn->base_.port);
  1719. tor_free(body); tor_free(headers);
  1720. return -1;
  1721. }
  1722. if (!reason) reason = tor_strdup("[no reason given]");
  1723. log_debug(LD_DIR,
  1724. "Received response from directory server '%s:%d': %d %s "
  1725. "(purpose: %d)",
  1726. conn->base_.address, conn->base_.port, status_code,
  1727. escaped(reason),
  1728. conn->base_.purpose);
  1729. /* now check if it's got any hints for us about our IP address. */
  1730. if (conn->dirconn_direct) {
  1731. char *guess = http_get_header(headers, X_ADDRESS_HEADER);
  1732. if (guess) {
  1733. router_new_address_suggestion(guess, conn);
  1734. tor_free(guess);
  1735. }
  1736. }
  1737. if (date_header > 0) {
  1738. /* The date header was written very soon after we sent our request,
  1739. * so compute the skew as the difference between sending the request
  1740. * and the date header. (We used to check now-date_header, but that's
  1741. * inaccurate if we spend a lot of time downloading.)
  1742. */
  1743. apparent_skew = conn->base_.timestamp_lastwritten - date_header;
  1744. if (labs(apparent_skew)>ALLOW_DIRECTORY_TIME_SKEW) {
  1745. int trusted = router_digest_is_trusted_dir(conn->identity_digest);
  1746. clock_skew_warning(TO_CONN(conn), apparent_skew, trusted, LD_HTTP,
  1747. "directory", "DIRSERV");
  1748. skewed = 1; /* don't check the recommended-versions line */
  1749. } else {
  1750. log_debug(LD_HTTP, "Time on received directory is within tolerance; "
  1751. "we are %ld seconds skewed. (That's okay.)", apparent_skew);
  1752. }
  1753. }
  1754. (void) skewed; /* skewed isn't used yet. */
  1755. if (status_code == 503) {
  1756. routerstatus_t *rs;
  1757. dir_server_t *ds;
  1758. const char *id_digest = conn->identity_digest;
  1759. log_info(LD_DIR,"Received http status code %d (%s) from server "
  1760. "'%s:%d'. I'll try again soon.",
  1761. status_code, escaped(reason), conn->base_.address,
  1762. conn->base_.port);
  1763. if ((rs = router_get_mutable_consensus_status_by_id(id_digest)))
  1764. rs->last_dir_503_at = now;
  1765. if ((ds = router_get_fallback_dirserver_by_digest(id_digest)))
  1766. ds->fake_status.last_dir_503_at = now;
  1767. tor_free(body); tor_free(headers); tor_free(reason);
  1768. return -1;
  1769. }
  1770. plausible = body_is_plausible(body, body_len, conn->base_.purpose);
  1771. if (compression != NO_METHOD || !plausible) {
  1772. char *new_body = NULL;
  1773. size_t new_len = 0;
  1774. compress_method_t guessed = detect_compression_method(body, body_len);
  1775. if (compression == UNKNOWN_METHOD || guessed != compression) {
  1776. /* Tell the user if we don't believe what we're told about compression.*/
  1777. const char *description1, *description2;
  1778. if (compression == ZLIB_METHOD)
  1779. description1 = "as deflated";
  1780. else if (compression == GZIP_METHOD)
  1781. description1 = "as gzipped";
  1782. else if (compression == NO_METHOD)
  1783. description1 = "as uncompressed";
  1784. else
  1785. description1 = "with an unknown Content-Encoding";
  1786. if (guessed == ZLIB_METHOD)
  1787. description2 = "deflated";
  1788. else if (guessed == GZIP_METHOD)
  1789. description2 = "gzipped";
  1790. else if (!plausible)
  1791. description2 = "confusing binary junk";
  1792. else
  1793. description2 = "uncompressed";
  1794. log_info(LD_HTTP, "HTTP body from server '%s:%d' was labeled %s, "
  1795. "but it seems to be %s.%s",
  1796. conn->base_.address, conn->base_.port, description1,
  1797. description2,
  1798. (compression>0 && guessed>0)?" Trying both.":"");
  1799. }
  1800. /* Try declared compression first if we can. */
  1801. if (compression == GZIP_METHOD || compression == ZLIB_METHOD)
  1802. tor_gzip_uncompress(&new_body, &new_len, body, body_len, compression,
  1803. !allow_partial, LOG_PROTOCOL_WARN);
  1804. /* Okay, if that didn't work, and we think that it was compressed
  1805. * differently, try that. */
  1806. if (!new_body &&
  1807. (guessed == GZIP_METHOD || guessed == ZLIB_METHOD) &&
  1808. compression != guessed)
  1809. tor_gzip_uncompress(&new_body, &new_len, body, body_len, guessed,
  1810. !allow_partial, LOG_PROTOCOL_WARN);
  1811. /* If we're pretty sure that we have a compressed directory, and
  1812. * we didn't manage to uncompress it, then warn and bail. */
  1813. if (!plausible && !new_body) {
  1814. log_fn(LOG_PROTOCOL_WARN, LD_HTTP,
  1815. "Unable to decompress HTTP body (server '%s:%d').",
  1816. conn->base_.address, conn->base_.port);
  1817. tor_free(body); tor_free(headers); tor_free(reason);
  1818. return -1;
  1819. }
  1820. if (new_body) {
  1821. tor_free(body);
  1822. body = new_body;
  1823. body_len = new_len;
  1824. }
  1825. }
  1826. if (conn->base_.purpose == DIR_PURPOSE_FETCH_CONSENSUS) {
  1827. int r;
  1828. const char *flavname = conn->requested_resource;
  1829. if (status_code != 200) {
  1830. int severity = (status_code == 304) ? LOG_INFO : LOG_WARN;
  1831. tor_log(severity, LD_DIR,
  1832. "Received http status code %d (%s) from server "
  1833. "'%s:%d' while fetching consensus directory.",
  1834. status_code, escaped(reason), conn->base_.address,
  1835. conn->base_.port);
  1836. tor_free(body); tor_free(headers); tor_free(reason);
  1837. networkstatus_consensus_download_failed(status_code, flavname);
  1838. return -1;
  1839. }
  1840. log_info(LD_DIR,"Received consensus directory (size %d) from server "
  1841. "'%s:%d'", (int)body_len, conn->base_.address, conn->base_.port);
  1842. if ((r=networkstatus_set_current_consensus(body, flavname, 0,
  1843. conn->identity_digest))<0) {
  1844. log_fn(r<-1?LOG_WARN:LOG_INFO, LD_DIR,
  1845. "Unable to load %s consensus directory downloaded from "
  1846. "server '%s:%d'. I'll try again soon.",
  1847. flavname, conn->base_.address, conn->base_.port);
  1848. tor_free(body); tor_free(headers); tor_free(reason);
  1849. networkstatus_consensus_download_failed(0, flavname);
  1850. return -1;
  1851. }
  1852. /* If we launched other fetches for this consensus, cancel them. */
  1853. connection_dir_close_consensus_fetches(conn, flavname);
  1854. /* launches router downloads as needed */
  1855. routers_update_all_from_networkstatus(now, 3);
  1856. update_microdescs_from_networkstatus(now);
  1857. update_microdesc_downloads(now);
  1858. directory_info_has_arrived(now, 0, 0);
  1859. if (authdir_mode_v3(get_options())) {
  1860. sr_act_post_consensus(
  1861. networkstatus_get_latest_consensus_by_flavor(FLAV_NS));
  1862. }
  1863. log_info(LD_DIR, "Successfully loaded consensus.");
  1864. }
  1865. if (conn->base_.purpose == DIR_PURPOSE_FETCH_CERTIFICATE) {
  1866. if (status_code != 200) {
  1867. log_warn(LD_DIR,
  1868. "Received http status code %d (%s) from server "
  1869. "'%s:%d' while fetching \"/tor/keys/%s\".",
  1870. status_code, escaped(reason), conn->base_.address,
  1871. conn->base_.port, conn->requested_resource);
  1872. connection_dir_download_cert_failed(conn, status_code);
  1873. tor_free(body); tor_free(headers); tor_free(reason);
  1874. return -1;
  1875. }
  1876. log_info(LD_DIR,"Received authority certificates (size %d) from server "
  1877. "'%s:%d'", (int)body_len, conn->base_.address, conn->base_.port);
  1878. /*
  1879. * Tell trusted_dirs_load_certs_from_string() whether it was by fp
  1880. * or fp-sk pair.
  1881. */
  1882. src_code = -1;
  1883. if (!strcmpstart(conn->requested_resource, "fp/")) {
  1884. src_code = TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST;
  1885. } else if (!strcmpstart(conn->requested_resource, "fp-sk/")) {
  1886. src_code = TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST;
  1887. }
  1888. if (src_code != -1) {
  1889. if (trusted_dirs_load_certs_from_string(body, src_code, 1,
  1890. conn->identity_digest)<0) {
  1891. log_warn(LD_DIR, "Unable to parse fetched certificates");
  1892. /* if we fetched more than one and only some failed, the successful
  1893. * ones got flushed to disk so it's safe to call this on them */
  1894. connection_dir_download_cert_failed(conn, status_code);
  1895. } else {
  1896. directory_info_has_arrived(now, 0, 0);
  1897. log_info(LD_DIR, "Successfully loaded certificates from fetch.");
  1898. }
  1899. } else {
  1900. log_warn(LD_DIR,
  1901. "Couldn't figure out what to do with fetched certificates for "
  1902. "unknown resource %s",
  1903. conn->requested_resource);
  1904. connection_dir_download_cert_failed(conn, status_code);
  1905. }
  1906. }
  1907. if (conn->base_.purpose == DIR_PURPOSE_FETCH_STATUS_VOTE) {
  1908. const char *msg;
  1909. int st;
  1910. log_info(LD_DIR,"Got votes (size %d) from server %s:%d",
  1911. (int)body_len, conn->base_.address, conn->base_.port);
  1912. if (status_code != 200) {
  1913. log_warn(LD_DIR,
  1914. "Received http status code %d (%s) from server "
  1915. "'%s:%d' while fetching \"/tor/status-vote/next/%s.z\".",
  1916. status_code, escaped(reason), conn->base_.address,
  1917. conn->base_.port, conn->requested_resource);
  1918. tor_free(body); tor_free(headers); tor_free(reason);
  1919. return -1;
  1920. }
  1921. dirvote_add_vote(body, &msg, &st);
  1922. if (st > 299) {
  1923. log_warn(LD_DIR, "Error adding retrieved vote: %s", msg);
  1924. } else {
  1925. log_info(LD_DIR, "Added vote(s) successfully [msg: %s]", msg);
  1926. }
  1927. }
  1928. if (conn->base_.purpose == DIR_PURPOSE_FETCH_DETACHED_SIGNATURES) {
  1929. const char *msg = NULL;
  1930. log_info(LD_DIR,"Got detached signatures (size %d) from server %s:%d",
  1931. (int)body_len, conn->base_.address, conn->base_.port);
  1932. if (status_code != 200) {
  1933. log_warn(LD_DIR,
  1934. "Received http status code %d (%s) from server '%s:%d' while fetching "
  1935. "\"/tor/status-vote/next/consensus-signatures.z\".",
  1936. status_code, escaped(reason), conn->base_.address,
  1937. conn->base_.port);
  1938. tor_free(body); tor_free(headers); tor_free(reason);
  1939. return -1;
  1940. }
  1941. if (dirvote_add_signatures(body, conn->base_.address, &msg)<0) {
  1942. log_warn(LD_DIR, "Problem adding detached signatures from %s:%d: %s",
  1943. conn->base_.address, conn->base_.port, msg?msg:"???");
  1944. }
  1945. }
  1946. if (conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
  1947. conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO) {
  1948. int was_ei = conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO;
  1949. smartlist_t *which = NULL;
  1950. int n_asked_for = 0;
  1951. int descriptor_digests = conn->requested_resource &&
  1952. !strcmpstart(conn->requested_resource,"d/");
  1953. log_info(LD_DIR,"Received %s (size %d) from server '%s:%d'",
  1954. was_ei ? "extra server info" : "server info",
  1955. (int)body_len, conn->base_.address, conn->base_.port);
  1956. if (conn->requested_resource &&
  1957. (!strcmpstart(conn->requested_resource,"d/") ||
  1958. !strcmpstart(conn->requested_resource,"fp/"))) {
  1959. which = smartlist_new();
  1960. dir_split_resource_into_fingerprints(conn->requested_resource +
  1961. (descriptor_digests ? 2 : 3),
  1962. which, NULL, 0);
  1963. n_asked_for = smartlist_len(which);
  1964. }
  1965. if (status_code != 200) {
  1966. int dir_okay = status_code == 404 ||
  1967. (status_code == 400 && !strcmp(reason, "Servers unavailable."));
  1968. /* 404 means that it didn't have them; no big deal.
  1969. * Older (pre-0.1.1.8) servers said 400 Servers unavailable instead. */
  1970. log_fn(dir_okay ? LOG_INFO : LOG_WARN, LD_DIR,
  1971. "Received http status code %d (%s) from server '%s:%d' "
  1972. "while fetching \"/tor/server/%s\". I'll try again soon.",
  1973. status_code, escaped(reason), conn->base_.address,
  1974. conn->base_.port, conn->requested_resource);
  1975. if (!which) {
  1976. connection_dir_download_routerdesc_failed(conn);
  1977. } else {
  1978. dir_routerdesc_download_failed(which, status_code,
  1979. conn->router_purpose,
  1980. was_ei, descriptor_digests);
  1981. SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
  1982. smartlist_free(which);
  1983. }
  1984. tor_free(body); tor_free(headers); tor_free(reason);
  1985. return dir_okay ? 0 : -1;
  1986. }
  1987. /* Learn the routers, assuming we requested by fingerprint or "all"
  1988. * or "authority".
  1989. *
  1990. * We use "authority" to fetch our own descriptor for
  1991. * testing, and to fetch bridge descriptors for bootstrapping. Ignore
  1992. * the output of "authority" requests unless we are using bridges,
  1993. * since otherwise they'll be the response from reachability tests,
  1994. * and we don't really want to add that to our routerlist. */
  1995. if (which || (conn->requested_resource &&
  1996. (!strcmpstart(conn->requested_resource, "all") ||
  1997. (!strcmpstart(conn->requested_resource, "authority") &&
  1998. get_options()->UseBridges)))) {
  1999. /* as we learn from them, we remove them from 'which' */
  2000. if (was_ei) {
  2001. router_load_extrainfo_from_string(body, NULL, SAVED_NOWHERE, which,
  2002. descriptor_digests);
  2003. } else {
  2004. //router_load_routers_from_string(body, NULL, SAVED_NOWHERE, which,
  2005. // descriptor_digests, conn->router_purpose);
  2006. if (load_downloaded_routers(body, which, descriptor_digests,
  2007. conn->router_purpose,
  2008. conn->base_.address))
  2009. directory_info_has_arrived(now, 0, 0);
  2010. }
  2011. }
  2012. if (which) { /* mark remaining ones as failed */
  2013. log_info(LD_DIR, "Received %d/%d %s requested from %s:%d",
  2014. n_asked_for-smartlist_len(which), n_asked_for,
  2015. was_ei ? "extra-info documents" : "router descriptors",
  2016. conn->base_.address, (int)conn->base_.port);
  2017. if (smartlist_len(which)) {
  2018. dir_routerdesc_download_failed(which, status_code,
  2019. conn->router_purpose,
  2020. was_ei, descriptor_digests);
  2021. }
  2022. SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
  2023. smartlist_free(which);
  2024. }
  2025. if (directory_conn_is_self_reachability_test(conn))
  2026. router_dirport_found_reachable();
  2027. }
  2028. if (conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC) {
  2029. smartlist_t *which = NULL;
  2030. log_info(LD_DIR,"Received answer to microdescriptor request (status %d, "
  2031. "size %d) from server '%s:%d'",
  2032. status_code, (int)body_len, conn->base_.address,
  2033. conn->base_.port);
  2034. tor_assert(conn->requested_resource &&
  2035. !strcmpstart(conn->requested_resource, "d/"));
  2036. which = smartlist_new();
  2037. dir_split_resource_into_fingerprints(conn->requested_resource+2,
  2038. which, NULL,
  2039. DSR_DIGEST256|DSR_BASE64);
  2040. if (status_code != 200) {
  2041. log_info(LD_DIR, "Received status code %d (%s) from server "
  2042. "'%s:%d' while fetching \"/tor/micro/%s\". I'll try again "
  2043. "soon.",
  2044. status_code, escaped(reason), conn->base_.address,
  2045. (int)conn->base_.port, conn->requested_resource);
  2046. dir_microdesc_download_failed(which, status_code);
  2047. SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
  2048. smartlist_free(which);
  2049. tor_free(body); tor_free(headers); tor_free(reason);
  2050. return 0;
  2051. } else {
  2052. smartlist_t *mds;
  2053. mds = microdescs_add_to_cache(get_microdesc_cache(),
  2054. body, body+body_len, SAVED_NOWHERE, 0,
  2055. now, which);
  2056. if (smartlist_len(which)) {
  2057. /* Mark remaining ones as failed. */
  2058. dir_microdesc_download_failed(which, status_code);
  2059. }
  2060. if (mds && smartlist_len(mds)) {
  2061. control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
  2062. count_loading_descriptors_progress());
  2063. directory_info_has_arrived(now, 0, 1);
  2064. }
  2065. SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
  2066. smartlist_free(which);
  2067. smartlist_free(mds);
  2068. }
  2069. }
  2070. if (conn->base_.purpose == DIR_PURPOSE_UPLOAD_DIR) {
  2071. switch (status_code) {
  2072. case 200: {
  2073. dir_server_t *ds =
  2074. router_get_trusteddirserver_by_digest(conn->identity_digest);
  2075. char *rejected_hdr = http_get_header(headers,
  2076. "X-Descriptor-Not-New: ");
  2077. if (rejected_hdr) {
  2078. if (!strcmp(rejected_hdr, "Yes")) {
  2079. log_info(LD_GENERAL,
  2080. "Authority '%s' declined our descriptor (not new)",
  2081. ds->nickname);
  2082. /* XXXX use this information; be sure to upload next one
  2083. * sooner. -NM */
  2084. /* XXXX++ On further thought, the task above implies that we're
  2085. * basing our regenerate-descriptor time on when we uploaded the
  2086. * last descriptor, not on the published time of the last
  2087. * descriptor. If those are different, that's a bad thing to
  2088. * do. -NM */
  2089. }
  2090. tor_free(rejected_hdr);
  2091. }
  2092. log_info(LD_GENERAL,"eof (status 200) after uploading server "
  2093. "descriptor: finished.");
  2094. control_event_server_status(
  2095. LOG_NOTICE, "ACCEPTED_SERVER_DESCRIPTOR DIRAUTH=%s:%d",
  2096. conn->base_.address, conn->base_.port);
  2097. ds->has_accepted_serverdesc = 1;
  2098. if (directories_have_accepted_server_descriptor())
  2099. control_event_server_status(LOG_NOTICE, "GOOD_SERVER_DESCRIPTOR");
  2100. }
  2101. break;
  2102. case 400:
  2103. log_warn(LD_GENERAL,"http status 400 (%s) response from "
  2104. "dirserver '%s:%d'. Please correct.",
  2105. escaped(reason), conn->base_.address, conn->base_.port);
  2106. control_event_server_status(LOG_WARN,
  2107. "BAD_SERVER_DESCRIPTOR DIRAUTH=%s:%d REASON=\"%s\"",
  2108. conn->base_.address, conn->base_.port, escaped(reason));
  2109. break;
  2110. default:
  2111. log_warn(LD_GENERAL,
  2112. "http status %d (%s) reason unexpected while uploading "
  2113. "descriptor to server '%s:%d').",
  2114. status_code, escaped(reason), conn->base_.address,
  2115. conn->base_.port);
  2116. break;
  2117. }
  2118. /* return 0 in all cases, since we don't want to mark any
  2119. * dirservers down just because they don't like us. */
  2120. }
  2121. if (conn->base_.purpose == DIR_PURPOSE_UPLOAD_VOTE) {
  2122. switch (status_code) {
  2123. case 200: {
  2124. log_notice(LD_DIR,"Uploaded a vote to dirserver %s:%d",
  2125. conn->base_.address, conn->base_.port);
  2126. }
  2127. break;
  2128. case 400:
  2129. log_warn(LD_DIR,"http status 400 (%s) response after uploading "
  2130. "vote to dirserver '%s:%d'. Please correct.",
  2131. escaped(reason), conn->base_.address, conn->base_.port);
  2132. break;
  2133. default:
  2134. log_warn(LD_GENERAL,
  2135. "http status %d (%s) reason unexpected while uploading "
  2136. "vote to server '%s:%d').",
  2137. status_code, escaped(reason), conn->base_.address,
  2138. conn->base_.port);
  2139. break;
  2140. }
  2141. /* return 0 in all cases, since we don't want to mark any
  2142. * dirservers down just because they don't like us. */
  2143. }
  2144. if (conn->base_.purpose == DIR_PURPOSE_UPLOAD_SIGNATURES) {
  2145. switch (status_code) {
  2146. case 200: {
  2147. log_notice(LD_DIR,"Uploaded signature(s) to dirserver %s:%d",
  2148. conn->base_.address, conn->base_.port);
  2149. }
  2150. break;
  2151. case 400:
  2152. log_warn(LD_DIR,"http status 400 (%s) response after uploading "
  2153. "signatures to dirserver '%s:%d'. Please correct.",
  2154. escaped(reason), conn->base_.address, conn->base_.port);
  2155. break;
  2156. default:
  2157. log_warn(LD_GENERAL,
  2158. "http status %d (%s) reason unexpected while uploading "
  2159. "signatures to server '%s:%d').",
  2160. status_code, escaped(reason), conn->base_.address,
  2161. conn->base_.port);
  2162. break;
  2163. }
  2164. /* return 0 in all cases, since we don't want to mark any
  2165. * dirservers down just because they don't like us. */
  2166. }
  2167. if (conn->base_.purpose == DIR_PURPOSE_FETCH_RENDDESC_V2) {
  2168. #define SEND_HS_DESC_FAILED_EVENT(reason) ( \
  2169. control_event_hs_descriptor_failed(conn->rend_data, \
  2170. conn->identity_digest, \
  2171. reason) )
  2172. #define SEND_HS_DESC_FAILED_CONTENT() ( \
  2173. control_event_hs_descriptor_content(conn->rend_data->onion_address, \
  2174. conn->requested_resource, \
  2175. conn->identity_digest, \
  2176. NULL) )
  2177. tor_assert(conn->rend_data);
  2178. log_info(LD_REND,"Received rendezvous descriptor (size %d, status %d "
  2179. "(%s))",
  2180. (int)body_len, status_code, escaped(reason));
  2181. switch (status_code) {
  2182. case 200:
  2183. {
  2184. rend_cache_entry_t *entry = NULL;
  2185. if (rend_cache_store_v2_desc_as_client(body,
  2186. conn->requested_resource, conn->rend_data, &entry) < 0) {
  2187. log_warn(LD_REND,"Fetching v2 rendezvous descriptor failed. "
  2188. "Retrying at another directory.");
  2189. /* We'll retry when connection_about_to_close_connection()
  2190. * cleans this dir conn up. */
  2191. SEND_HS_DESC_FAILED_EVENT("BAD_DESC");
  2192. SEND_HS_DESC_FAILED_CONTENT();
  2193. } else {
  2194. char service_id[REND_SERVICE_ID_LEN_BASE32 + 1];
  2195. /* Should never be NULL here if we found the descriptor. */
  2196. tor_assert(entry);
  2197. rend_get_service_id(entry->parsed->pk, service_id);
  2198. /* success. notify pending connections about this. */
  2199. log_info(LD_REND, "Successfully fetched v2 rendezvous "
  2200. "descriptor.");
  2201. control_event_hs_descriptor_received(service_id,
  2202. conn->rend_data,
  2203. conn->identity_digest);
  2204. control_event_hs_descriptor_content(service_id,
  2205. conn->requested_resource,
  2206. conn->identity_digest,
  2207. body);
  2208. conn->base_.purpose = DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2;
  2209. rend_client_desc_trynow(service_id);
  2210. memwipe(service_id, 0, sizeof(service_id));
  2211. }
  2212. break;
  2213. }
  2214. case 404:
  2215. /* Not there. We'll retry when
  2216. * connection_about_to_close_connection() cleans this conn up. */
  2217. log_info(LD_REND,"Fetching v2 rendezvous descriptor failed: "
  2218. "Retrying at another directory.");
  2219. SEND_HS_DESC_FAILED_EVENT("NOT_FOUND");
  2220. SEND_HS_DESC_FAILED_CONTENT();
  2221. break;
  2222. case 400:
  2223. log_warn(LD_REND, "Fetching v2 rendezvous descriptor failed: "
  2224. "http status 400 (%s). Dirserver didn't like our "
  2225. "v2 rendezvous query? Retrying at another directory.",
  2226. escaped(reason));
  2227. SEND_HS_DESC_FAILED_EVENT("QUERY_REJECTED");
  2228. SEND_HS_DESC_FAILED_CONTENT();
  2229. break;
  2230. default:
  2231. log_warn(LD_REND, "Fetching v2 rendezvous descriptor failed: "
  2232. "http status %d (%s) response unexpected while "
  2233. "fetching v2 hidden service descriptor (server '%s:%d'). "
  2234. "Retrying at another directory.",
  2235. status_code, escaped(reason), conn->base_.address,
  2236. conn->base_.port);
  2237. SEND_HS_DESC_FAILED_EVENT("UNEXPECTED");
  2238. SEND_HS_DESC_FAILED_CONTENT();
  2239. break;
  2240. }
  2241. }
  2242. if (conn->base_.purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2) {
  2243. #define SEND_HS_DESC_UPLOAD_FAILED_EVENT(reason) ( \
  2244. control_event_hs_descriptor_upload_failed( \
  2245. conn->identity_digest, \
  2246. conn->rend_data->onion_address, \
  2247. reason) )
  2248. log_info(LD_REND,"Uploaded rendezvous descriptor (status %d "
  2249. "(%s))",
  2250. status_code, escaped(reason));
  2251. /* Without the rend data, we'll have a problem identifying what has been
  2252. * uploaded for which service. */
  2253. tor_assert(conn->rend_data);
  2254. switch (status_code) {
  2255. case 200:
  2256. log_info(LD_REND,
  2257. "Uploading rendezvous descriptor: finished with status "
  2258. "200 (%s)", escaped(reason));
  2259. control_event_hs_descriptor_uploaded(conn->identity_digest,
  2260. conn->rend_data->onion_address);
  2261. rend_service_desc_has_uploaded(conn->rend_data);
  2262. break;
  2263. case 400:
  2264. log_warn(LD_REND,"http status 400 (%s) response from dirserver "
  2265. "'%s:%d'. Malformed rendezvous descriptor?",
  2266. escaped(reason), conn->base_.address, conn->base_.port);
  2267. SEND_HS_DESC_UPLOAD_FAILED_EVENT("UPLOAD_REJECTED");
  2268. break;
  2269. default:
  2270. log_warn(LD_REND,"http status %d (%s) response unexpected (server "
  2271. "'%s:%d').",
  2272. status_code, escaped(reason), conn->base_.address,
  2273. conn->base_.port);
  2274. SEND_HS_DESC_UPLOAD_FAILED_EVENT("UNEXPECTED");
  2275. break;
  2276. }
  2277. }
  2278. tor_free(body); tor_free(headers); tor_free(reason);
  2279. return 0;
  2280. }
  2281. /** Called when a directory connection reaches EOF. */
  2282. int
  2283. connection_dir_reached_eof(dir_connection_t *conn)
  2284. {
  2285. int retval;
  2286. if (conn->base_.state != DIR_CONN_STATE_CLIENT_READING) {
  2287. log_info(LD_HTTP,"conn reached eof, not reading. [state=%d] Closing.",
  2288. conn->base_.state);
  2289. connection_close_immediate(TO_CONN(conn)); /* error: give up on flushing */
  2290. connection_mark_for_close(TO_CONN(conn));
  2291. return -1;
  2292. }
  2293. retval = connection_dir_client_reached_eof(conn);
  2294. if (retval == 0) /* success */
  2295. conn->base_.state = DIR_CONN_STATE_CLIENT_FINISHED;
  2296. connection_mark_for_close(TO_CONN(conn));
  2297. return retval;
  2298. }
  2299. /** If any directory object is arriving, and it's over 10MB large, we're
  2300. * getting DoS'd. (As of 0.1.2.x, raw directories are about 1MB, and we never
  2301. * ask for more than 96 router descriptors at a time.)
  2302. */
  2303. #define MAX_DIRECTORY_OBJECT_SIZE (10*(1<<20))
  2304. #define MAX_VOTE_DL_SIZE (MAX_DIRECTORY_OBJECT_SIZE * 5)
  2305. /** Read handler for directory connections. (That's connections <em>to</em>
  2306. * directory servers and connections <em>at</em> directory servers.)
  2307. */
  2308. int
  2309. connection_dir_process_inbuf(dir_connection_t *conn)
  2310. {
  2311. size_t max_size;
  2312. tor_assert(conn);
  2313. tor_assert(conn->base_.type == CONN_TYPE_DIR);
  2314. /* Directory clients write, then read data until they receive EOF;
  2315. * directory servers read data until they get an HTTP command, then
  2316. * write their response (when it's finished flushing, they mark for
  2317. * close).
  2318. */
  2319. /* If we're on the dirserver side, look for a command. */
  2320. if (conn->base_.state == DIR_CONN_STATE_SERVER_COMMAND_WAIT) {
  2321. if (directory_handle_command(conn) < 0) {
  2322. connection_mark_for_close(TO_CONN(conn));
  2323. return -1;
  2324. }
  2325. return 0;
  2326. }
  2327. max_size =
  2328. (TO_CONN(conn)->purpose == DIR_PURPOSE_FETCH_STATUS_VOTE) ?
  2329. MAX_VOTE_DL_SIZE : MAX_DIRECTORY_OBJECT_SIZE;
  2330. if (connection_get_inbuf_len(TO_CONN(conn)) > max_size) {
  2331. log_warn(LD_HTTP,
  2332. "Too much data received from directory connection (%s): "
  2333. "denial of service attempt, or you need to upgrade?",
  2334. conn->base_.address);
  2335. connection_mark_for_close(TO_CONN(conn));
  2336. return -1;
  2337. }
  2338. if (!conn->base_.inbuf_reached_eof)
  2339. log_debug(LD_HTTP,"Got data, not eof. Leaving on inbuf.");
  2340. return 0;
  2341. }
  2342. /** Called when we're about to finally unlink and free a directory connection:
  2343. * perform necessary accounting and cleanup */
  2344. void
  2345. connection_dir_about_to_close(dir_connection_t *dir_conn)
  2346. {
  2347. connection_t *conn = TO_CONN(dir_conn);
  2348. if (conn->state < DIR_CONN_STATE_CLIENT_FINISHED) {
  2349. /* It's a directory connection and connecting or fetching
  2350. * failed: forget about this router, and maybe try again. */
  2351. connection_dir_request_failed(dir_conn);
  2352. }
  2353. /* If we were trying to fetch a v2 rend desc and did not succeed,
  2354. * retry as needed. (If a fetch is successful, the connection state
  2355. * is changed to DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 to mark that
  2356. * refetching is unnecessary.) */
  2357. if (conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2 &&
  2358. dir_conn->rend_data &&
  2359. strlen(dir_conn->rend_data->onion_address) == REND_SERVICE_ID_LEN_BASE32)
  2360. rend_client_refetch_v2_renddesc(dir_conn->rend_data);
  2361. }
  2362. /** Create an http response for the client <b>conn</b> out of
  2363. * <b>status</b> and <b>reason_phrase</b>. Write it to <b>conn</b>.
  2364. */
  2365. static void
  2366. write_http_status_line(dir_connection_t *conn, int status,
  2367. const char *reason_phrase)
  2368. {
  2369. char buf[256];
  2370. if (tor_snprintf(buf, sizeof(buf), "HTTP/1.0 %d %s\r\n\r\n",
  2371. status, reason_phrase ? reason_phrase : "OK") < 0) {
  2372. log_warn(LD_BUG,"status line too long.");
  2373. return;
  2374. }
  2375. log_debug(LD_DIRSERV,"Wrote status 'HTTP/1.0 %d %s'", status, reason_phrase);
  2376. connection_write_to_buf(buf, strlen(buf), TO_CONN(conn));
  2377. }
  2378. /** Write the header for an HTTP/1.0 response onto <b>conn</b>-\>outbuf,
  2379. * with <b>type</b> as the Content-Type.
  2380. *
  2381. * If <b>length</b> is nonnegative, it is the Content-Length.
  2382. * If <b>encoding</b> is provided, it is the Content-Encoding.
  2383. * If <b>cache_lifetime</b> is greater than 0, the content may be cached for
  2384. * up to cache_lifetime seconds. Otherwise, the content may not be cached. */
  2385. static void
  2386. write_http_response_header_impl(dir_connection_t *conn, ssize_t length,
  2387. const char *type, const char *encoding,
  2388. const char *extra_headers,
  2389. long cache_lifetime)
  2390. {
  2391. char date[RFC1123_TIME_LEN+1];
  2392. char tmp[1024];
  2393. char *cp;
  2394. time_t now = time(NULL);
  2395. tor_assert(conn);
  2396. format_rfc1123_time(date, now);
  2397. cp = tmp;
  2398. tor_snprintf(cp, sizeof(tmp),
  2399. "HTTP/1.0 200 OK\r\nDate: %s\r\n",
  2400. date);
  2401. cp += strlen(tmp);
  2402. if (type) {
  2403. tor_snprintf(cp, sizeof(tmp)-(cp-tmp), "Content-Type: %s\r\n", type);
  2404. cp += strlen(cp);
  2405. }
  2406. if (!is_local_addr(&conn->base_.addr)) {
  2407. /* Don't report the source address for a nearby/private connection.
  2408. * Otherwise we tend to mis-report in cases where incoming ports are
  2409. * being forwarded to a Tor server running behind the firewall. */
  2410. tor_snprintf(cp, sizeof(tmp)-(cp-tmp),
  2411. X_ADDRESS_HEADER "%s\r\n", conn->base_.address);
  2412. cp += strlen(cp);
  2413. }
  2414. if (encoding) {
  2415. tor_snprintf(cp, sizeof(tmp)-(cp-tmp),
  2416. "Content-Encoding: %s\r\n", encoding);
  2417. cp += strlen(cp);
  2418. }
  2419. if (length >= 0) {
  2420. tor_snprintf(cp, sizeof(tmp)-(cp-tmp),
  2421. "Content-Length: %ld\r\n", (long)length);
  2422. cp += strlen(cp);
  2423. }
  2424. if (cache_lifetime > 0) {
  2425. char expbuf[RFC1123_TIME_LEN+1];
  2426. format_rfc1123_time(expbuf, (time_t)(now + cache_lifetime));
  2427. /* We could say 'Cache-control: max-age=%d' here if we start doing
  2428. * http/1.1 */
  2429. tor_snprintf(cp, sizeof(tmp)-(cp-tmp),
  2430. "Expires: %s\r\n", expbuf);
  2431. cp += strlen(cp);
  2432. } else if (cache_lifetime == 0) {
  2433. /* We could say 'Cache-control: no-cache' here if we start doing
  2434. * http/1.1 */
  2435. strlcpy(cp, "Pragma: no-cache\r\n", sizeof(tmp)-(cp-tmp));
  2436. cp += strlen(cp);
  2437. }
  2438. if (extra_headers) {
  2439. strlcpy(cp, extra_headers, sizeof(tmp)-(cp-tmp));
  2440. cp += strlen(cp);
  2441. }
  2442. if (sizeof(tmp)-(cp-tmp) > 3)
  2443. memcpy(cp, "\r\n", 3);
  2444. else
  2445. tor_assert(0);
  2446. connection_write_to_buf(tmp, strlen(tmp), TO_CONN(conn));
  2447. }
  2448. /** As write_http_response_header_impl, but sets encoding and content-typed
  2449. * based on whether the response will be <b>compressed</b> or not. */
  2450. static void
  2451. write_http_response_header(dir_connection_t *conn, ssize_t length,
  2452. int compressed, long cache_lifetime)
  2453. {
  2454. write_http_response_header_impl(conn, length,
  2455. compressed?"application/octet-stream":"text/plain",
  2456. compressed?"deflate":"identity",
  2457. NULL,
  2458. cache_lifetime);
  2459. }
  2460. /** Decide whether a client would accept the consensus we have.
  2461. *
  2462. * Clients can say they only want a consensus if it's signed by more
  2463. * than half the authorities in a list. They pass this list in
  2464. * the url as "...consensus/<b>fpr</b>+<b>fpr</b>+<b>fpr</b>".
  2465. *
  2466. * <b>fpr</b> may be an abbreviated fingerprint, i.e. only a left substring
  2467. * of the full authority identity digest. (Only strings of even length,
  2468. * i.e. encodings of full bytes, are handled correctly. In the case
  2469. * of an odd number of hex digits the last one is silently ignored.)
  2470. *
  2471. * Returns 1 if more than half of the requested authorities signed the
  2472. * consensus, 0 otherwise.
  2473. */
  2474. int
  2475. client_likes_consensus(networkstatus_t *v, const char *want_url)
  2476. {
  2477. smartlist_t *want_authorities = smartlist_new();
  2478. int need_at_least;
  2479. int have = 0;
  2480. dir_split_resource_into_fingerprints(want_url, want_authorities, NULL, 0);
  2481. need_at_least = smartlist_len(want_authorities)/2+1;
  2482. SMARTLIST_FOREACH_BEGIN(want_authorities, const char *, d) {
  2483. char want_digest[DIGEST_LEN];
  2484. size_t want_len = strlen(d)/2;
  2485. if (want_len > DIGEST_LEN)
  2486. want_len = DIGEST_LEN;
  2487. if (base16_decode(want_digest, DIGEST_LEN, d, want_len*2)
  2488. != (int) want_len) {
  2489. log_fn(LOG_PROTOCOL_WARN, LD_DIR,
  2490. "Failed to decode requested authority digest %s.", escaped(d));
  2491. continue;
  2492. };
  2493. SMARTLIST_FOREACH_BEGIN(v->voters, networkstatus_voter_info_t *, vi) {
  2494. if (smartlist_len(vi->sigs) &&
  2495. tor_memeq(vi->identity_digest, want_digest, want_len)) {
  2496. have++;
  2497. break;
  2498. };
  2499. } SMARTLIST_FOREACH_END(vi);
  2500. /* early exit, if we already have enough */
  2501. if (have >= need_at_least)
  2502. break;
  2503. } SMARTLIST_FOREACH_END(d);
  2504. SMARTLIST_FOREACH(want_authorities, char *, d, tor_free(d));
  2505. smartlist_free(want_authorities);
  2506. return (have >= need_at_least);
  2507. }
  2508. /** Return the compression level we should use for sending a compressed
  2509. * response of size <b>n_bytes</b>. */
  2510. STATIC zlib_compression_level_t
  2511. choose_compression_level(ssize_t n_bytes)
  2512. {
  2513. if (! have_been_under_memory_pressure()) {
  2514. return HIGH_COMPRESSION; /* we have plenty of RAM. */
  2515. } else if (n_bytes < 0) {
  2516. return HIGH_COMPRESSION; /* unknown; might be big. */
  2517. } else if (n_bytes < 1024) {
  2518. return LOW_COMPRESSION;
  2519. } else if (n_bytes < 2048) {
  2520. return MEDIUM_COMPRESSION;
  2521. } else {
  2522. return HIGH_COMPRESSION;
  2523. }
  2524. }
  2525. /** Information passed to handle a GET request. */
  2526. typedef struct get_handler_args_t {
  2527. /** True if the client asked for compressed data. */
  2528. int compressed;
  2529. /** If nonzero, the time included an if-modified-since header with this
  2530. * value. */
  2531. time_t if_modified_since;
  2532. /** String containing the requested URL or resource. */
  2533. const char *url;
  2534. /** String containing the HTTP headers */
  2535. const char *headers;
  2536. } get_handler_args_t;
  2537. /** Entry for handling an HTTP GET request.
  2538. *
  2539. * This entry matches a request if "string" is equal to the requested
  2540. * resource, or if "is_prefix" is true and "string" is a prefix of the
  2541. * requested resource.
  2542. *
  2543. * The 'handler' function is called to handle the request. It receives
  2544. * an arguments structure, and must return 0 on success or -1 if we should
  2545. * close the connection.
  2546. **/
  2547. typedef struct url_table_ent_s {
  2548. const char *string;
  2549. int is_prefix;
  2550. int (*handler)(dir_connection_t *conn, const get_handler_args_t *args);
  2551. } url_table_ent_t;
  2552. static int handle_get_frontpage(dir_connection_t *conn,
  2553. const get_handler_args_t *args);
  2554. static int handle_get_current_consensus(dir_connection_t *conn,
  2555. const get_handler_args_t *args);
  2556. static int handle_get_status_vote(dir_connection_t *conn,
  2557. const get_handler_args_t *args);
  2558. static int handle_get_microdesc(dir_connection_t *conn,
  2559. const get_handler_args_t *args);
  2560. static int handle_get_descriptor(dir_connection_t *conn,
  2561. const get_handler_args_t *args);
  2562. static int handle_get_keys(dir_connection_t *conn,
  2563. const get_handler_args_t *args);
  2564. static int handle_get_rendezvous2(dir_connection_t *conn,
  2565. const get_handler_args_t *args);
  2566. static int handle_get_robots(dir_connection_t *conn,
  2567. const get_handler_args_t *args);
  2568. static int handle_get_networkstatus_bridges(dir_connection_t *conn,
  2569. const get_handler_args_t *args);
  2570. /** Table for handling GET requests. */
  2571. static const url_table_ent_t url_table[] = {
  2572. { "/tor/", 0, handle_get_frontpage },
  2573. { "/tor/status-vote/current/consensus", 1, handle_get_current_consensus },
  2574. { "/tor/status-vote/current/", 1, handle_get_status_vote },
  2575. { "/tor/status-vote/next/", 1, handle_get_status_vote },
  2576. { "/tor/micro/d/", 1, handle_get_microdesc },
  2577. { "/tor/server/", 1, handle_get_descriptor },
  2578. { "/tor/extra/", 1, handle_get_descriptor },
  2579. { "/tor/keys/", 1, handle_get_keys },
  2580. { "/tor/rendezvous2/", 1, handle_get_rendezvous2 },
  2581. { "/tor/robots.txt", 0, handle_get_robots },
  2582. { "/tor/networkstatus-bridges", 0, handle_get_networkstatus_bridges },
  2583. { NULL, 0, NULL },
  2584. };
  2585. /** Helper function: called when a dirserver gets a complete HTTP GET
  2586. * request. Look for a request for a directory or for a rendezvous
  2587. * service descriptor. On finding one, write a response into
  2588. * conn-\>outbuf. If the request is unrecognized, send a 404.
  2589. * Return 0 if we handled this successfully, or -1 if we need to close
  2590. * the connection. */
  2591. STATIC int
  2592. directory_handle_command_get(dir_connection_t *conn, const char *headers,
  2593. const char *req_body, size_t req_body_len)
  2594. {
  2595. char *url, *url_mem, *header;
  2596. time_t if_modified_since = 0;
  2597. int compressed;
  2598. size_t url_len;
  2599. /* We ignore the body of a GET request. */
  2600. (void)req_body;
  2601. (void)req_body_len;
  2602. log_debug(LD_DIRSERV,"Received GET command.");
  2603. conn->base_.state = DIR_CONN_STATE_SERVER_WRITING;
  2604. if (parse_http_url(headers, &url) < 0) {
  2605. write_http_status_line(conn, 400, "Bad request");
  2606. return 0;
  2607. }
  2608. if ((header = http_get_header(headers, "If-Modified-Since: "))) {
  2609. struct tm tm;
  2610. if (parse_http_time(header, &tm) == 0) {
  2611. if (tor_timegm(&tm, &if_modified_since)<0) {
  2612. if_modified_since = 0;
  2613. } else {
  2614. log_debug(LD_DIRSERV, "If-Modified-Since is '%s'.", escaped(header));
  2615. }
  2616. }
  2617. /* The correct behavior on a malformed If-Modified-Since header is to
  2618. * act as if no If-Modified-Since header had been given. */
  2619. tor_free(header);
  2620. }
  2621. log_debug(LD_DIRSERV,"rewritten url as '%s'.", escaped(url));
  2622. url_mem = url;
  2623. url_len = strlen(url);
  2624. compressed = url_len > 2 && !strcmp(url+url_len-2, ".z");
  2625. if (compressed) {
  2626. url[url_len-2] = '\0';
  2627. url_len -= 2;
  2628. }
  2629. get_handler_args_t args;
  2630. args.url = url;
  2631. args.headers = headers;
  2632. args.if_modified_since = if_modified_since;
  2633. args.compressed = compressed;
  2634. int i, result = -1;
  2635. for (i = 0; url_table[i].string; ++i) {
  2636. int match;
  2637. if (url_table[i].is_prefix) {
  2638. match = !strcmpstart(url, url_table[i].string);
  2639. } else {
  2640. match = !strcmp(url, url_table[i].string);
  2641. }
  2642. if (match) {
  2643. result = url_table[i].handler(conn, &args);
  2644. goto done;
  2645. }
  2646. }
  2647. /* we didn't recognize the url */
  2648. write_http_status_line(conn, 404, "Not found");
  2649. result = 0;
  2650. done:
  2651. tor_free(url_mem);
  2652. return result;
  2653. }
  2654. /** Helper function for GET / or GET /tor/
  2655. */
  2656. static int
  2657. handle_get_frontpage(dir_connection_t *conn, const get_handler_args_t *args)
  2658. {
  2659. (void) args; /* unused */
  2660. const char *frontpage = get_dirportfrontpage();
  2661. if (frontpage) {
  2662. size_t dlen;
  2663. dlen = strlen(frontpage);
  2664. /* Let's return a disclaimer page (users shouldn't use V1 anymore,
  2665. and caches don't fetch '/', so this is safe). */
  2666. /* [We don't check for write_bucket_low here, since we want to serve
  2667. * this page no matter what.] */
  2668. write_http_response_header_impl(conn, dlen, "text/html", "identity",
  2669. NULL, DIRPORTFRONTPAGE_CACHE_LIFETIME);
  2670. connection_write_to_buf(frontpage, dlen, TO_CONN(conn));
  2671. } else {
  2672. write_http_status_line(conn, 404, "Not found");
  2673. }
  2674. return 0;
  2675. }
  2676. /** Helper function for GET /tor/status-vote/current/consensus
  2677. */
  2678. static int
  2679. handle_get_current_consensus(dir_connection_t *conn,
  2680. const get_handler_args_t *args)
  2681. {
  2682. const char *url = args->url;
  2683. const int compressed = args->compressed;
  2684. const time_t if_modified_since = args->if_modified_since;
  2685. {
  2686. /* v3 network status fetch. */
  2687. smartlist_t *dir_fps = smartlist_new();
  2688. long lifetime = NETWORKSTATUS_CACHE_LIFETIME;
  2689. if (1) {
  2690. networkstatus_t *v;
  2691. time_t now = time(NULL);
  2692. const char *want_fps = NULL;
  2693. char *flavor = NULL;
  2694. int flav = FLAV_NS;
  2695. #define CONSENSUS_URL_PREFIX "/tor/status-vote/current/consensus/"
  2696. #define CONSENSUS_FLAVORED_PREFIX "/tor/status-vote/current/consensus-"
  2697. /* figure out the flavor if any, and who we wanted to sign the thing */
  2698. if (!strcmpstart(url, CONSENSUS_FLAVORED_PREFIX)) {
  2699. const char *f, *cp;
  2700. f = url + strlen(CONSENSUS_FLAVORED_PREFIX);
  2701. cp = strchr(f, '/');
  2702. if (cp) {
  2703. want_fps = cp+1;
  2704. flavor = tor_strndup(f, cp-f);
  2705. } else {
  2706. flavor = tor_strdup(f);
  2707. }
  2708. flav = networkstatus_parse_flavor_name(flavor);
  2709. if (flav < 0)
  2710. flav = FLAV_NS;
  2711. } else {
  2712. if (!strcmpstart(url, CONSENSUS_URL_PREFIX))
  2713. want_fps = url+strlen(CONSENSUS_URL_PREFIX);
  2714. }
  2715. v = networkstatus_get_latest_consensus_by_flavor(flav);
  2716. if (v && want_fps &&
  2717. !client_likes_consensus(v, want_fps)) {
  2718. write_http_status_line(conn, 404, "Consensus not signed by sufficient "
  2719. "number of requested authorities");
  2720. smartlist_free(dir_fps);
  2721. geoip_note_ns_response(GEOIP_REJECT_NOT_ENOUGH_SIGS);
  2722. tor_free(flavor);
  2723. goto done;
  2724. }
  2725. {
  2726. char *fp = tor_malloc_zero(DIGEST_LEN);
  2727. if (flavor)
  2728. strlcpy(fp, flavor, DIGEST_LEN);
  2729. tor_free(flavor);
  2730. smartlist_add(dir_fps, fp);
  2731. }
  2732. lifetime = (v && v->fresh_until > now) ? v->fresh_until - now : 0;
  2733. }
  2734. if (!smartlist_len(dir_fps)) { /* we failed to create/cache cp */
  2735. write_http_status_line(conn, 503, "Network status object unavailable");
  2736. smartlist_free(dir_fps);
  2737. geoip_note_ns_response(GEOIP_REJECT_UNAVAILABLE);
  2738. goto done;
  2739. }
  2740. if (!dirserv_remove_old_statuses(dir_fps, if_modified_since)) {
  2741. write_http_status_line(conn, 404, "Not found");
  2742. SMARTLIST_FOREACH(dir_fps, char *, cp, tor_free(cp));
  2743. smartlist_free(dir_fps);
  2744. geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND);
  2745. goto done;
  2746. } else if (!smartlist_len(dir_fps)) {
  2747. write_http_status_line(conn, 304, "Not modified");
  2748. SMARTLIST_FOREACH(dir_fps, char *, cp, tor_free(cp));
  2749. smartlist_free(dir_fps);
  2750. geoip_note_ns_response(GEOIP_REJECT_NOT_MODIFIED);
  2751. goto done;
  2752. }
  2753. size_t dlen = dirserv_estimate_data_size(dir_fps, 0, compressed);
  2754. if (global_write_bucket_low(TO_CONN(conn), dlen, 2)) {
  2755. log_debug(LD_DIRSERV,
  2756. "Client asked for network status lists, but we've been "
  2757. "writing too many bytes lately. Sending 503 Dir busy.");
  2758. write_http_status_line(conn, 503, "Directory busy, try again later");
  2759. SMARTLIST_FOREACH(dir_fps, char *, fp, tor_free(fp));
  2760. smartlist_free(dir_fps);
  2761. geoip_note_ns_response(GEOIP_REJECT_BUSY);
  2762. goto done;
  2763. }
  2764. if (1) {
  2765. tor_addr_t addr;
  2766. if (tor_addr_parse(&addr, (TO_CONN(conn))->address) >= 0) {
  2767. geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS,
  2768. &addr, NULL,
  2769. time(NULL));
  2770. geoip_note_ns_response(GEOIP_SUCCESS);
  2771. /* Note that a request for a network status has started, so that we
  2772. * can measure the download time later on. */
  2773. if (conn->dirreq_id)
  2774. geoip_start_dirreq(conn->dirreq_id, dlen, DIRREQ_TUNNELED);
  2775. else
  2776. geoip_start_dirreq(TO_CONN(conn)->global_identifier, dlen,
  2777. DIRREQ_DIRECT);
  2778. }
  2779. }
  2780. write_http_response_header(conn, -1, compressed,
  2781. smartlist_len(dir_fps) == 1 ? lifetime : 0);
  2782. conn->fingerprint_stack = dir_fps;
  2783. if (! compressed)
  2784. conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD, HIGH_COMPRESSION);
  2785. /* Prime the connection with some data. */
  2786. conn->dir_spool_src = DIR_SPOOL_NETWORKSTATUS;
  2787. connection_dirserv_flushed_some(conn);
  2788. goto done;
  2789. }
  2790. done:
  2791. return 0;
  2792. }
  2793. /** Helper function for GET /tor/status-vote/{current,next}/...
  2794. */
  2795. static int
  2796. handle_get_status_vote(dir_connection_t *conn, const get_handler_args_t *args)
  2797. {
  2798. const char *url = args->url;
  2799. const int compressed = args->compressed;
  2800. {
  2801. int current;
  2802. ssize_t body_len = 0;
  2803. ssize_t estimated_len = 0;
  2804. smartlist_t *items = smartlist_new();
  2805. smartlist_t *dir_items = smartlist_new();
  2806. int lifetime = 60; /* XXXX?? should actually use vote intervals. */
  2807. url += strlen("/tor/status-vote/");
  2808. current = !strcmpstart(url, "current/");
  2809. url = strchr(url, '/');
  2810. tor_assert(url);
  2811. ++url;
  2812. if (!strcmp(url, "consensus")) {
  2813. const char *item;
  2814. tor_assert(!current); /* we handle current consensus specially above,
  2815. * since it wants to be spooled. */
  2816. if ((item = dirvote_get_pending_consensus(FLAV_NS)))
  2817. smartlist_add(items, (char*)item);
  2818. } else if (!current && !strcmp(url, "consensus-signatures")) {
  2819. /* XXXX the spec says that we should implement
  2820. * current/consensus-signatures too. It doesn't seem to be needed,
  2821. * though. */
  2822. const char *item;
  2823. if ((item=dirvote_get_pending_detached_signatures()))
  2824. smartlist_add(items, (char*)item);
  2825. } else if (!strcmp(url, "authority")) {
  2826. const cached_dir_t *d;
  2827. int flags = DGV_BY_ID |
  2828. (current ? DGV_INCLUDE_PREVIOUS : DGV_INCLUDE_PENDING);
  2829. if ((d=dirvote_get_vote(NULL, flags)))
  2830. smartlist_add(dir_items, (cached_dir_t*)d);
  2831. } else {
  2832. const cached_dir_t *d;
  2833. smartlist_t *fps = smartlist_new();
  2834. int flags;
  2835. if (!strcmpstart(url, "d/")) {
  2836. url += 2;
  2837. flags = DGV_INCLUDE_PENDING | DGV_INCLUDE_PREVIOUS;
  2838. } else {
  2839. flags = DGV_BY_ID |
  2840. (current ? DGV_INCLUDE_PREVIOUS : DGV_INCLUDE_PENDING);
  2841. }
  2842. dir_split_resource_into_fingerprints(url, fps, NULL,
  2843. DSR_HEX|DSR_SORT_UNIQ);
  2844. SMARTLIST_FOREACH(fps, char *, fp, {
  2845. if ((d = dirvote_get_vote(fp, flags)))
  2846. smartlist_add(dir_items, (cached_dir_t*)d);
  2847. tor_free(fp);
  2848. });
  2849. smartlist_free(fps);
  2850. }
  2851. if (!smartlist_len(dir_items) && !smartlist_len(items)) {
  2852. write_http_status_line(conn, 404, "Not found");
  2853. goto vote_done;
  2854. }
  2855. SMARTLIST_FOREACH(dir_items, cached_dir_t *, d,
  2856. body_len += compressed ? d->dir_z_len : d->dir_len);
  2857. estimated_len += body_len;
  2858. SMARTLIST_FOREACH(items, const char *, item, {
  2859. size_t ln = strlen(item);
  2860. if (compressed) {
  2861. estimated_len += ln/2;
  2862. } else {
  2863. body_len += ln; estimated_len += ln;
  2864. }
  2865. });
  2866. if (global_write_bucket_low(TO_CONN(conn), estimated_len, 2)) {
  2867. write_http_status_line(conn, 503, "Directory busy, try again later");
  2868. goto vote_done;
  2869. }
  2870. write_http_response_header(conn, body_len ? body_len : -1, compressed,
  2871. lifetime);
  2872. if (smartlist_len(items)) {
  2873. if (compressed) {
  2874. conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD,
  2875. choose_compression_level(estimated_len));
  2876. SMARTLIST_FOREACH(items, const char *, c,
  2877. connection_write_to_buf_zlib(c, strlen(c), conn, 0));
  2878. connection_write_to_buf_zlib("", 0, conn, 1);
  2879. } else {
  2880. SMARTLIST_FOREACH(items, const char *, c,
  2881. connection_write_to_buf(c, strlen(c), TO_CONN(conn)));
  2882. }
  2883. } else {
  2884. SMARTLIST_FOREACH(dir_items, cached_dir_t *, d,
  2885. connection_write_to_buf(compressed ? d->dir_z : d->dir,
  2886. compressed ? d->dir_z_len : d->dir_len,
  2887. TO_CONN(conn)));
  2888. }
  2889. vote_done:
  2890. smartlist_free(items);
  2891. smartlist_free(dir_items);
  2892. goto done;
  2893. }
  2894. done:
  2895. return 0;
  2896. }
  2897. /** Helper function for GET /tor/micro/d/...
  2898. */
  2899. static int
  2900. handle_get_microdesc(dir_connection_t *conn, const get_handler_args_t *args)
  2901. {
  2902. const char *url = args->url;
  2903. const int compressed = args->compressed;
  2904. {
  2905. smartlist_t *fps = smartlist_new();
  2906. dir_split_resource_into_fingerprints(url+strlen("/tor/micro/d/"),
  2907. fps, NULL,
  2908. DSR_DIGEST256|DSR_BASE64|DSR_SORT_UNIQ);
  2909. if (!dirserv_have_any_microdesc(fps)) {
  2910. write_http_status_line(conn, 404, "Not found");
  2911. SMARTLIST_FOREACH(fps, char *, fp, tor_free(fp));
  2912. smartlist_free(fps);
  2913. goto done;
  2914. }
  2915. size_t dlen = dirserv_estimate_microdesc_size(fps, compressed);
  2916. if (global_write_bucket_low(TO_CONN(conn), dlen, 2)) {
  2917. log_info(LD_DIRSERV,
  2918. "Client asked for server descriptors, but we've been "
  2919. "writing too many bytes lately. Sending 503 Dir busy.");
  2920. write_http_status_line(conn, 503, "Directory busy, try again later");
  2921. SMARTLIST_FOREACH(fps, char *, fp, tor_free(fp));
  2922. smartlist_free(fps);
  2923. goto done;
  2924. }
  2925. write_http_response_header(conn, -1, compressed, MICRODESC_CACHE_LIFETIME);
  2926. conn->dir_spool_src = DIR_SPOOL_MICRODESC;
  2927. conn->fingerprint_stack = fps;
  2928. if (compressed)
  2929. conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD,
  2930. choose_compression_level(dlen));
  2931. connection_dirserv_flushed_some(conn);
  2932. goto done;
  2933. }
  2934. done:
  2935. return 0;
  2936. }
  2937. /** Helper function for GET /tor/{server,extra}/...
  2938. */
  2939. static int
  2940. handle_get_descriptor(dir_connection_t *conn, const get_handler_args_t *args)
  2941. {
  2942. const char *url = args->url;
  2943. const int compressed = args->compressed;
  2944. const or_options_t *options = get_options();
  2945. if (!strcmpstart(url,"/tor/server/") ||
  2946. (!options->BridgeAuthoritativeDir &&
  2947. !options->BridgeRelay && !strcmpstart(url,"/tor/extra/"))) {
  2948. size_t dlen;
  2949. int res;
  2950. const char *msg;
  2951. int cache_lifetime = 0;
  2952. int is_extra = !strcmpstart(url,"/tor/extra/");
  2953. url += is_extra ? strlen("/tor/extra/") : strlen("/tor/server/");
  2954. conn->fingerprint_stack = smartlist_new();
  2955. res = dirserv_get_routerdesc_fingerprints(conn->fingerprint_stack, url,
  2956. &msg,
  2957. !connection_dir_is_encrypted(conn),
  2958. is_extra);
  2959. if (!strcmpstart(url, "fp/")) {
  2960. if (smartlist_len(conn->fingerprint_stack) == 1)
  2961. cache_lifetime = ROUTERDESC_CACHE_LIFETIME;
  2962. } else if (!strcmpstart(url, "authority")) {
  2963. cache_lifetime = ROUTERDESC_CACHE_LIFETIME;
  2964. } else if (!strcmpstart(url, "all")) {
  2965. cache_lifetime = FULL_DIR_CACHE_LIFETIME;
  2966. } else if (!strcmpstart(url, "d/")) {
  2967. if (smartlist_len(conn->fingerprint_stack) == 1)
  2968. cache_lifetime = ROUTERDESC_BY_DIGEST_CACHE_LIFETIME;
  2969. }
  2970. if (!strcmpstart(url, "d/"))
  2971. conn->dir_spool_src =
  2972. is_extra ? DIR_SPOOL_EXTRA_BY_DIGEST : DIR_SPOOL_SERVER_BY_DIGEST;
  2973. else
  2974. conn->dir_spool_src =
  2975. is_extra ? DIR_SPOOL_EXTRA_BY_FP : DIR_SPOOL_SERVER_BY_FP;
  2976. if (!dirserv_have_any_serverdesc(conn->fingerprint_stack,
  2977. conn->dir_spool_src)) {
  2978. res = -1;
  2979. msg = "Not found";
  2980. }
  2981. if (res < 0)
  2982. write_http_status_line(conn, 404, msg);
  2983. else {
  2984. dlen = dirserv_estimate_data_size(conn->fingerprint_stack,
  2985. 1, compressed);
  2986. if (global_write_bucket_low(TO_CONN(conn), dlen, 2)) {
  2987. log_info(LD_DIRSERV,
  2988. "Client asked for server descriptors, but we've been "
  2989. "writing too many bytes lately. Sending 503 Dir busy.");
  2990. write_http_status_line(conn, 503, "Directory busy, try again later");
  2991. conn->dir_spool_src = DIR_SPOOL_NONE;
  2992. goto done;
  2993. }
  2994. write_http_response_header(conn, -1, compressed, cache_lifetime);
  2995. if (compressed)
  2996. conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD,
  2997. choose_compression_level(dlen));
  2998. /* Prime the connection with some data. */
  2999. connection_dirserv_flushed_some(conn);
  3000. }
  3001. goto done;
  3002. }
  3003. done:
  3004. return 0;
  3005. }
  3006. /** Helper function for GET /tor/keys/...
  3007. */
  3008. static int
  3009. handle_get_keys(dir_connection_t *conn, const get_handler_args_t *args)
  3010. {
  3011. const char *url = args->url;
  3012. const int compressed = args->compressed;
  3013. const time_t if_modified_since = args->if_modified_since;
  3014. {
  3015. smartlist_t *certs = smartlist_new();
  3016. ssize_t len = -1;
  3017. if (!strcmp(url, "/tor/keys/all")) {
  3018. authority_cert_get_all(certs);
  3019. } else if (!strcmp(url, "/tor/keys/authority")) {
  3020. authority_cert_t *cert = get_my_v3_authority_cert();
  3021. if (cert)
  3022. smartlist_add(certs, cert);
  3023. } else if (!strcmpstart(url, "/tor/keys/fp/")) {
  3024. smartlist_t *fps = smartlist_new();
  3025. dir_split_resource_into_fingerprints(url+strlen("/tor/keys/fp/"),
  3026. fps, NULL,
  3027. DSR_HEX|DSR_SORT_UNIQ);
  3028. SMARTLIST_FOREACH(fps, char *, d, {
  3029. authority_cert_t *c = authority_cert_get_newest_by_id(d);
  3030. if (c) smartlist_add(certs, c);
  3031. tor_free(d);
  3032. });
  3033. smartlist_free(fps);
  3034. } else if (!strcmpstart(url, "/tor/keys/sk/")) {
  3035. smartlist_t *fps = smartlist_new();
  3036. dir_split_resource_into_fingerprints(url+strlen("/tor/keys/sk/"),
  3037. fps, NULL,
  3038. DSR_HEX|DSR_SORT_UNIQ);
  3039. SMARTLIST_FOREACH(fps, char *, d, {
  3040. authority_cert_t *c = authority_cert_get_by_sk_digest(d);
  3041. if (c) smartlist_add(certs, c);
  3042. tor_free(d);
  3043. });
  3044. smartlist_free(fps);
  3045. } else if (!strcmpstart(url, "/tor/keys/fp-sk/")) {
  3046. smartlist_t *fp_sks = smartlist_new();
  3047. dir_split_resource_into_fingerprint_pairs(url+strlen("/tor/keys/fp-sk/"),
  3048. fp_sks);
  3049. SMARTLIST_FOREACH(fp_sks, fp_pair_t *, pair, {
  3050. authority_cert_t *c = authority_cert_get_by_digests(pair->first,
  3051. pair->second);
  3052. if (c) smartlist_add(certs, c);
  3053. tor_free(pair);
  3054. });
  3055. smartlist_free(fp_sks);
  3056. } else {
  3057. write_http_status_line(conn, 400, "Bad request");
  3058. goto keys_done;
  3059. }
  3060. if (!smartlist_len(certs)) {
  3061. write_http_status_line(conn, 404, "Not found");
  3062. goto keys_done;
  3063. }
  3064. SMARTLIST_FOREACH(certs, authority_cert_t *, c,
  3065. if (c->cache_info.published_on < if_modified_since)
  3066. SMARTLIST_DEL_CURRENT(certs, c));
  3067. if (!smartlist_len(certs)) {
  3068. write_http_status_line(conn, 304, "Not modified");
  3069. goto keys_done;
  3070. }
  3071. len = 0;
  3072. SMARTLIST_FOREACH(certs, authority_cert_t *, c,
  3073. len += c->cache_info.signed_descriptor_len);
  3074. if (global_write_bucket_low(TO_CONN(conn), compressed?len/2:len, 2)) {
  3075. write_http_status_line(conn, 503, "Directory busy, try again later");
  3076. goto keys_done;
  3077. }
  3078. write_http_response_header(conn, compressed?-1:len, compressed, 60*60);
  3079. if (compressed) {
  3080. conn->zlib_state = tor_zlib_new(1, ZLIB_METHOD,
  3081. choose_compression_level(len));
  3082. SMARTLIST_FOREACH(certs, authority_cert_t *, c,
  3083. connection_write_to_buf_zlib(c->cache_info.signed_descriptor_body,
  3084. c->cache_info.signed_descriptor_len,
  3085. conn, 0));
  3086. connection_write_to_buf_zlib("", 0, conn, 1);
  3087. } else {
  3088. SMARTLIST_FOREACH(certs, authority_cert_t *, c,
  3089. connection_write_to_buf(c->cache_info.signed_descriptor_body,
  3090. c->cache_info.signed_descriptor_len,
  3091. TO_CONN(conn)));
  3092. }
  3093. keys_done:
  3094. smartlist_free(certs);
  3095. goto done;
  3096. }
  3097. done:
  3098. return 0;
  3099. }
  3100. /** Helper function for GET /tor/rendezvous2/
  3101. */
  3102. static int
  3103. handle_get_rendezvous2(dir_connection_t *conn, const get_handler_args_t *args)
  3104. {
  3105. const char *url = args->url;
  3106. if (connection_dir_is_encrypted(conn)) {
  3107. /* Handle v2 rendezvous descriptor fetch request. */
  3108. const char *descp;
  3109. const char *query = url + strlen("/tor/rendezvous2/");
  3110. if (rend_valid_descriptor_id(query)) {
  3111. log_info(LD_REND, "Got a v2 rendezvous descriptor request for ID '%s'",
  3112. safe_str(escaped(query)));
  3113. switch (rend_cache_lookup_v2_desc_as_dir(query, &descp)) {
  3114. case 1: /* valid */
  3115. write_http_response_header(conn, strlen(descp), 0, 0);
  3116. connection_write_to_buf(descp, strlen(descp), TO_CONN(conn));
  3117. break;
  3118. case 0: /* well-formed but not present */
  3119. write_http_status_line(conn, 404, "Not found");
  3120. break;
  3121. case -1: /* not well-formed */
  3122. write_http_status_line(conn, 400, "Bad request");
  3123. break;
  3124. }
  3125. } else { /* not well-formed */
  3126. write_http_status_line(conn, 400, "Bad request");
  3127. }
  3128. goto done;
  3129. } else {
  3130. /* Not encrypted! */
  3131. write_http_status_line(conn, 404, "Not found");
  3132. }
  3133. done:
  3134. return 0;
  3135. }
  3136. /** Helper function for GET /tor/networkstatus-bridges
  3137. */
  3138. static int
  3139. handle_get_networkstatus_bridges(dir_connection_t *conn,
  3140. const get_handler_args_t *args)
  3141. {
  3142. const char *headers = args->headers;
  3143. const or_options_t *options = get_options();
  3144. if (options->BridgeAuthoritativeDir &&
  3145. options->BridgePassword_AuthDigest_ &&
  3146. connection_dir_is_encrypted(conn)) {
  3147. char *status;
  3148. char digest[DIGEST256_LEN];
  3149. char *header = http_get_header(headers, "Authorization: Basic ");
  3150. if (header)
  3151. crypto_digest256(digest, header, strlen(header), DIGEST_SHA256);
  3152. /* now make sure the password is there and right */
  3153. if (!header ||
  3154. tor_memneq(digest,
  3155. options->BridgePassword_AuthDigest_, DIGEST256_LEN)) {
  3156. write_http_status_line(conn, 404, "Not found");
  3157. tor_free(header);
  3158. goto done;
  3159. }
  3160. tor_free(header);
  3161. /* all happy now. send an answer. */
  3162. status = networkstatus_getinfo_by_purpose("bridge", time(NULL));
  3163. size_t dlen = strlen(status);
  3164. write_http_response_header(conn, dlen, 0, 0);
  3165. connection_write_to_buf(status, dlen, TO_CONN(conn));
  3166. tor_free(status);
  3167. goto done;
  3168. }
  3169. done:
  3170. return 0;
  3171. }
  3172. /** Helper function for GET robots.txt or /tor/robots.txt */
  3173. static int
  3174. handle_get_robots(dir_connection_t *conn, const get_handler_args_t *args)
  3175. {
  3176. (void)args;
  3177. {
  3178. const char robots[] = "User-agent: *\r\nDisallow: /\r\n";
  3179. size_t len = strlen(robots);
  3180. write_http_response_header(conn, len, 0, ROBOTS_CACHE_LIFETIME);
  3181. connection_write_to_buf(robots, len, TO_CONN(conn));
  3182. }
  3183. return 0;
  3184. }
  3185. /** Helper function: called when a dirserver gets a complete HTTP POST
  3186. * request. Look for an uploaded server descriptor or rendezvous
  3187. * service descriptor. On finding one, process it and write a
  3188. * response into conn-\>outbuf. If the request is unrecognized, send a
  3189. * 400. Always return 0. */
  3190. static int
  3191. directory_handle_command_post(dir_connection_t *conn, const char *headers,
  3192. const char *body, size_t body_len)
  3193. {
  3194. char *url = NULL;
  3195. const or_options_t *options = get_options();
  3196. log_debug(LD_DIRSERV,"Received POST command.");
  3197. conn->base_.state = DIR_CONN_STATE_SERVER_WRITING;
  3198. if (!public_server_mode(options)) {
  3199. log_info(LD_DIR, "Rejected dir post request from %s "
  3200. "since we're not a public relay.", conn->base_.address);
  3201. write_http_status_line(conn, 503, "Not acting as a public relay");
  3202. goto done;
  3203. }
  3204. if (parse_http_url(headers, &url) < 0) {
  3205. write_http_status_line(conn, 400, "Bad request");
  3206. return 0;
  3207. }
  3208. log_debug(LD_DIRSERV,"rewritten url as '%s'.", escaped(url));
  3209. /* Handle v2 rendezvous service publish request. */
  3210. if (connection_dir_is_encrypted(conn) &&
  3211. !strcmpstart(url,"/tor/rendezvous2/publish")) {
  3212. if (rend_cache_store_v2_desc_as_dir(body) < 0) {
  3213. log_warn(LD_REND, "Rejected v2 rend descriptor (length %d) from %s.",
  3214. (int)body_len, conn->base_.address);
  3215. write_http_status_line(conn, 400,
  3216. "Invalid v2 service descriptor rejected");
  3217. } else {
  3218. write_http_status_line(conn, 200, "Service descriptor (v2) stored");
  3219. log_info(LD_REND, "Handled v2 rendezvous descriptor post: accepted");
  3220. }
  3221. goto done;
  3222. }
  3223. if (!authdir_mode(options)) {
  3224. /* we just provide cached directories; we don't want to
  3225. * receive anything. */
  3226. write_http_status_line(conn, 400, "Nonauthoritative directory does not "
  3227. "accept posted server descriptors");
  3228. goto done;
  3229. }
  3230. if (authdir_mode_handles_descs(options, -1) &&
  3231. !strcmp(url,"/tor/")) { /* server descriptor post */
  3232. const char *msg = "[None]";
  3233. uint8_t purpose = authdir_mode_bridge(options) ?
  3234. ROUTER_PURPOSE_BRIDGE : ROUTER_PURPOSE_GENERAL;
  3235. was_router_added_t r = dirserv_add_multiple_descriptors(body, purpose,
  3236. conn->base_.address, &msg);
  3237. tor_assert(msg);
  3238. if (r == ROUTER_ADDED_NOTIFY_GENERATOR) {
  3239. /* Accepted with a message. */
  3240. log_info(LD_DIRSERV,
  3241. "Problematic router descriptor or extra-info from %s "
  3242. "(\"%s\").",
  3243. conn->base_.address, msg);
  3244. write_http_status_line(conn, 400, msg);
  3245. } else if (r == ROUTER_ADDED_SUCCESSFULLY) {
  3246. write_http_status_line(conn, 200, msg);
  3247. } else if (WRA_WAS_OUTDATED(r)) {
  3248. write_http_response_header_impl(conn, -1, NULL, NULL,
  3249. "X-Descriptor-Not-New: Yes\r\n", -1);
  3250. } else {
  3251. log_info(LD_DIRSERV,
  3252. "Rejected router descriptor or extra-info from %s "
  3253. "(\"%s\").",
  3254. conn->base_.address, msg);
  3255. write_http_status_line(conn, 400, msg);
  3256. }
  3257. goto done;
  3258. }
  3259. if (authdir_mode_v3(options) &&
  3260. !strcmp(url,"/tor/post/vote")) { /* v3 networkstatus vote */
  3261. const char *msg = "OK";
  3262. int status;
  3263. if (dirvote_add_vote(body, &msg, &status)) {
  3264. write_http_status_line(conn, status, "Vote stored");
  3265. } else {
  3266. tor_assert(msg);
  3267. log_warn(LD_DIRSERV, "Rejected vote from %s (\"%s\").",
  3268. conn->base_.address, msg);
  3269. write_http_status_line(conn, status, msg);
  3270. }
  3271. goto done;
  3272. }
  3273. if (authdir_mode_v3(options) &&
  3274. !strcmp(url,"/tor/post/consensus-signature")) { /* sigs on consensus. */
  3275. const char *msg = NULL;
  3276. if (dirvote_add_signatures(body, conn->base_.address, &msg)>=0) {
  3277. write_http_status_line(conn, 200, msg?msg:"Signatures stored");
  3278. } else {
  3279. log_warn(LD_DIR, "Unable to store signatures posted by %s: %s",
  3280. conn->base_.address, msg?msg:"???");
  3281. write_http_status_line(conn, 400, msg?msg:"Unable to store signatures");
  3282. }
  3283. goto done;
  3284. }
  3285. /* we didn't recognize the url */
  3286. write_http_status_line(conn, 404, "Not found");
  3287. done:
  3288. tor_free(url);
  3289. return 0;
  3290. }
  3291. /** Called when a dirserver receives data on a directory connection;
  3292. * looks for an HTTP request. If the request is complete, remove it
  3293. * from the inbuf, try to process it; otherwise, leave it on the
  3294. * buffer. Return a 0 on success, or -1 on error.
  3295. */
  3296. static int
  3297. directory_handle_command(dir_connection_t *conn)
  3298. {
  3299. char *headers=NULL, *body=NULL;
  3300. size_t body_len=0;
  3301. int r;
  3302. tor_assert(conn);
  3303. tor_assert(conn->base_.type == CONN_TYPE_DIR);
  3304. switch (connection_fetch_from_buf_http(TO_CONN(conn),
  3305. &headers, MAX_HEADERS_SIZE,
  3306. &body, &body_len, MAX_DIR_UL_SIZE, 0)) {
  3307. case -1: /* overflow */
  3308. log_warn(LD_DIRSERV,
  3309. "Request too large from address '%s' to DirPort. Closing.",
  3310. safe_str(conn->base_.address));
  3311. return -1;
  3312. case 0:
  3313. log_debug(LD_DIRSERV,"command not all here yet.");
  3314. return 0;
  3315. /* case 1, fall through */
  3316. }
  3317. http_set_address_origin(headers, TO_CONN(conn));
  3318. // we should escape headers here as well,
  3319. // but we can't call escaped() twice, as it uses the same buffer
  3320. //log_debug(LD_DIRSERV,"headers %s, body %s.", headers, escaped(body));
  3321. if (!strncasecmp(headers,"GET",3))
  3322. r = directory_handle_command_get(conn, headers, body, body_len);
  3323. else if (!strncasecmp(headers,"POST",4))
  3324. r = directory_handle_command_post(conn, headers, body, body_len);
  3325. else {
  3326. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  3327. "Got headers %s with unknown command. Closing.",
  3328. escaped(headers));
  3329. r = -1;
  3330. }
  3331. tor_free(headers); tor_free(body);
  3332. return r;
  3333. }
  3334. /** Write handler for directory connections; called when all data has
  3335. * been flushed. Close the connection or wait for a response as
  3336. * appropriate.
  3337. */
  3338. int
  3339. connection_dir_finished_flushing(dir_connection_t *conn)
  3340. {
  3341. tor_assert(conn);
  3342. tor_assert(conn->base_.type == CONN_TYPE_DIR);
  3343. /* Note that we have finished writing the directory response. For direct
  3344. * connections this means we're done; for tunneled connections it's only
  3345. * an intermediate step. */
  3346. if (conn->dirreq_id)
  3347. geoip_change_dirreq_state(conn->dirreq_id, DIRREQ_TUNNELED,
  3348. DIRREQ_FLUSHING_DIR_CONN_FINISHED);
  3349. else
  3350. geoip_change_dirreq_state(TO_CONN(conn)->global_identifier,
  3351. DIRREQ_DIRECT,
  3352. DIRREQ_FLUSHING_DIR_CONN_FINISHED);
  3353. switch (conn->base_.state) {
  3354. case DIR_CONN_STATE_CONNECTING:
  3355. case DIR_CONN_STATE_CLIENT_SENDING:
  3356. log_debug(LD_DIR,"client finished sending command.");
  3357. conn->base_.state = DIR_CONN_STATE_CLIENT_READING;
  3358. return 0;
  3359. case DIR_CONN_STATE_SERVER_WRITING:
  3360. if (conn->dir_spool_src != DIR_SPOOL_NONE) {
  3361. log_warn(LD_BUG, "Emptied a dirserv buffer, but it's still spooling!");
  3362. connection_mark_for_close(TO_CONN(conn));
  3363. } else {
  3364. log_debug(LD_DIRSERV, "Finished writing server response. Closing.");
  3365. connection_mark_for_close(TO_CONN(conn));
  3366. }
  3367. return 0;
  3368. default:
  3369. log_warn(LD_BUG,"called in unexpected state %d.",
  3370. conn->base_.state);
  3371. tor_fragile_assert();
  3372. return -1;
  3373. }
  3374. return 0;
  3375. }
  3376. /* We just got a new consensus! If there are other in-progress requests
  3377. * for this consensus flavor (for example because we launched several in
  3378. * parallel), cancel them.
  3379. *
  3380. * We do this check here (not just in
  3381. * connection_ap_handshake_attach_circuit()) to handle the edge case where
  3382. * a consensus fetch begins and ends before some other one tries to attach to
  3383. * a circuit, in which case the other one won't know that we're all happy now.
  3384. *
  3385. * Don't mark the conn that just gave us the consensus -- otherwise we
  3386. * would end up double-marking it when it cleans itself up.
  3387. */
  3388. static void
  3389. connection_dir_close_consensus_fetches(dir_connection_t *except_this_one,
  3390. const char *resource)
  3391. {
  3392. smartlist_t *conns_to_close =
  3393. connection_dir_list_by_purpose_and_resource(DIR_PURPOSE_FETCH_CONSENSUS,
  3394. resource);
  3395. SMARTLIST_FOREACH_BEGIN(conns_to_close, dir_connection_t *, d) {
  3396. if (d == except_this_one)
  3397. continue;
  3398. log_info(LD_DIR, "Closing consensus fetch (to %s) since one "
  3399. "has just arrived.", TO_CONN(d)->address);
  3400. connection_mark_for_close(TO_CONN(d));
  3401. } SMARTLIST_FOREACH_END(d);
  3402. smartlist_free(conns_to_close);
  3403. }
  3404. /** Connected handler for directory connections: begin sending data to the
  3405. * server, and return 0.
  3406. * Only used when connections don't immediately connect. */
  3407. int
  3408. connection_dir_finished_connecting(dir_connection_t *conn)
  3409. {
  3410. tor_assert(conn);
  3411. tor_assert(conn->base_.type == CONN_TYPE_DIR);
  3412. tor_assert(conn->base_.state == DIR_CONN_STATE_CONNECTING);
  3413. log_debug(LD_HTTP,"Dir connection to router %s:%u established.",
  3414. conn->base_.address,conn->base_.port);
  3415. /* start flushing conn */
  3416. conn->base_.state = DIR_CONN_STATE_CLIENT_SENDING;
  3417. return 0;
  3418. }
  3419. /** Decide which download schedule we want to use based on descriptor type
  3420. * in <b>dls</b> and <b>options</b>.
  3421. * Then return a list of int pointers defining download delays in seconds.
  3422. * Helper function for download_status_increment_failure(),
  3423. * download_status_reset(), and download_status_increment_attempt(). */
  3424. STATIC const smartlist_t *
  3425. find_dl_schedule(download_status_t *dls, const or_options_t *options)
  3426. {
  3427. const int dir_server = dir_server_mode(options);
  3428. const int multi_d = networkstatus_consensus_can_use_multiple_directories(
  3429. options);
  3430. const int we_are_bootstrapping = networkstatus_consensus_is_bootstrapping(
  3431. time(NULL));
  3432. const int use_fallbacks = networkstatus_consensus_can_use_extra_fallbacks(
  3433. options);
  3434. switch (dls->schedule) {
  3435. case DL_SCHED_GENERIC:
  3436. if (dir_server) {
  3437. return options->TestingServerDownloadSchedule;
  3438. } else {
  3439. return options->TestingClientDownloadSchedule;
  3440. }
  3441. case DL_SCHED_CONSENSUS:
  3442. if (!multi_d) {
  3443. return options->TestingServerConsensusDownloadSchedule;
  3444. } else {
  3445. if (we_are_bootstrapping) {
  3446. if (!use_fallbacks) {
  3447. /* A bootstrapping client without extra fallback directories */
  3448. return
  3449. options->ClientBootstrapConsensusAuthorityOnlyDownloadSchedule;
  3450. } else if (dls->want_authority) {
  3451. /* A bootstrapping client with extra fallback directories, but
  3452. * connecting to an authority */
  3453. return
  3454. options->ClientBootstrapConsensusAuthorityDownloadSchedule;
  3455. } else {
  3456. /* A bootstrapping client connecting to extra fallback directories
  3457. */
  3458. return
  3459. options->ClientBootstrapConsensusFallbackDownloadSchedule;
  3460. }
  3461. } else {
  3462. return options->TestingClientConsensusDownloadSchedule;
  3463. }
  3464. }
  3465. case DL_SCHED_BRIDGE:
  3466. return options->TestingBridgeDownloadSchedule;
  3467. default:
  3468. tor_assert(0);
  3469. }
  3470. /* Impossible, but gcc will fail with -Werror without a `return`. */
  3471. return NULL;
  3472. }
  3473. /** Decide which minimum and maximum delay step we want to use based on
  3474. * descriptor type in <b>dls</b> and <b>options</b>.
  3475. * Helper function for download_status_schedule_get_delay(). */
  3476. STATIC void
  3477. find_dl_min_and_max_delay(download_status_t *dls, const or_options_t *options,
  3478. int *min, int *max)
  3479. {
  3480. tor_assert(dls);
  3481. tor_assert(options);
  3482. tor_assert(min);
  3483. tor_assert(max);
  3484. /*
  3485. * For now, just use the existing schedule config stuff and pick the
  3486. * first/last entries off to get min/max delay for backoff purposes
  3487. */
  3488. const smartlist_t *schedule = find_dl_schedule(dls, options);
  3489. tor_assert(schedule != NULL && smartlist_len(schedule) >= 2);
  3490. *min = *((int *)(smartlist_get(schedule, 0)));
  3491. if (dls->backoff == DL_SCHED_DETERMINISTIC)
  3492. *max = *((int *)((smartlist_get(schedule, smartlist_len(schedule) - 1))));
  3493. else
  3494. *max = INT_MAX;
  3495. }
  3496. /** Advance one delay step. The algorithm is to use the previous delay to
  3497. * compute an increment, we construct a value uniformly at random between
  3498. * delay and MAX(delay*2,delay+1). We then clamp that value to be no larger
  3499. * than max_delay, and return it.
  3500. *
  3501. * Requires that delay is less than INT_MAX, and delay is in [0,max_delay].
  3502. */
  3503. STATIC int
  3504. next_random_exponential_delay(int delay, int max_delay)
  3505. {
  3506. /* Check preconditions */
  3507. if (BUG(max_delay < 0))
  3508. max_delay = 0;
  3509. if (BUG(delay > max_delay))
  3510. delay = max_delay;
  3511. if (delay == INT_MAX)
  3512. return INT_MAX; /* prevent overflow */
  3513. if (BUG(delay < 0))
  3514. delay = 0;
  3515. /* How much are we willing to add to the delay? */
  3516. int max_increment;
  3517. int multiplier = 3; /* no more than quadruple the previous delay */
  3518. if (get_options()->TestingTorNetwork) {
  3519. /* Decrease the multiplier in testing networks. This reduces the variance,
  3520. * so that bootstrap is more reliable. */
  3521. multiplier = 2; /* no more than triple the previous delay */
  3522. }
  3523. if (delay && delay < (INT_MAX-1) / multiplier) {
  3524. max_increment = delay * multiplier;
  3525. } else if (delay) {
  3526. max_increment = INT_MAX-1;
  3527. } else {
  3528. max_increment = 1;
  3529. }
  3530. if (BUG(max_increment < 1))
  3531. max_increment = 1;
  3532. /* the + 1 here is so that we always wait longer than last time. */
  3533. int increment = crypto_rand_int(max_increment)+1;
  3534. if (increment < max_delay - delay)
  3535. return delay + increment;
  3536. else
  3537. return max_delay;
  3538. }
  3539. /** Find the current delay for dls based on schedule or min_delay/
  3540. * max_delay if we're using exponential backoff. If dls->backoff is
  3541. * DL_SCHED_RANDOM_EXPONENTIAL, we must have 0 <= min_delay <= max_delay <=
  3542. * INT_MAX, but schedule may be set to NULL; otherwise schedule is required.
  3543. * This function sets dls->next_attempt_at based on now, and returns the delay.
  3544. * Helper for download_status_increment_failure and
  3545. * download_status_increment_attempt. */
  3546. STATIC int
  3547. download_status_schedule_get_delay(download_status_t *dls,
  3548. const smartlist_t *schedule,
  3549. int min_delay, int max_delay,
  3550. time_t now)
  3551. {
  3552. tor_assert(dls);
  3553. /* We don't need a schedule if we're using random exponential backoff */
  3554. tor_assert(dls->backoff == DL_SCHED_RANDOM_EXPONENTIAL ||
  3555. schedule != NULL);
  3556. /* If we're using random exponential backoff, we do need min/max delay */
  3557. tor_assert(dls->backoff != DL_SCHED_RANDOM_EXPONENTIAL ||
  3558. (min_delay >= 0 && max_delay >= min_delay));
  3559. int delay = INT_MAX;
  3560. uint8_t dls_schedule_position = (dls->increment_on
  3561. == DL_SCHED_INCREMENT_ATTEMPT
  3562. ? dls->n_download_attempts
  3563. : dls->n_download_failures);
  3564. if (dls->backoff == DL_SCHED_DETERMINISTIC) {
  3565. if (dls_schedule_position < smartlist_len(schedule))
  3566. delay = *(int *)smartlist_get(schedule, dls_schedule_position);
  3567. else if (dls_schedule_position == IMPOSSIBLE_TO_DOWNLOAD)
  3568. delay = INT_MAX;
  3569. else
  3570. delay = *(int *)smartlist_get(schedule, smartlist_len(schedule) - 1);
  3571. } else if (dls->backoff == DL_SCHED_RANDOM_EXPONENTIAL) {
  3572. /* Check if we missed a reset somehow */
  3573. if (dls->last_backoff_position > dls_schedule_position) {
  3574. dls->last_backoff_position = 0;
  3575. dls->last_delay_used = 0;
  3576. }
  3577. if (dls_schedule_position > 0) {
  3578. delay = dls->last_delay_used;
  3579. while (dls->last_backoff_position < dls_schedule_position) {
  3580. /* Do one increment step */
  3581. delay = next_random_exponential_delay(delay, max_delay);
  3582. /* Update our position */
  3583. ++(dls->last_backoff_position);
  3584. }
  3585. } else {
  3586. /* If we're just starting out, use the minimum delay */
  3587. delay = min_delay;
  3588. }
  3589. /* Clamp it within min/max if we have them */
  3590. if (min_delay >= 0 && delay < min_delay) delay = min_delay;
  3591. if (max_delay != INT_MAX && delay > max_delay) delay = max_delay;
  3592. /* Store it for next time */
  3593. dls->last_backoff_position = dls_schedule_position;
  3594. dls->last_delay_used = delay;
  3595. }
  3596. /* A negative delay makes no sense. Knowing that delay is
  3597. * non-negative allows us to safely do the wrapping check below. */
  3598. tor_assert(delay >= 0);
  3599. /* Avoid now+delay overflowing TIME_MAX, by comparing with a subtraction
  3600. * that won't overflow (since delay is non-negative). */
  3601. if (delay < INT_MAX && now <= TIME_MAX - delay) {
  3602. dls->next_attempt_at = now+delay;
  3603. } else {
  3604. dls->next_attempt_at = TIME_MAX;
  3605. }
  3606. return delay;
  3607. }
  3608. /* Log a debug message about item, which increments on increment_action, has
  3609. * incremented dls_n_download_increments times. The message varies based on
  3610. * was_schedule_incremented (if not, not_incremented_response is logged), and
  3611. * the values of increment, dls_next_attempt_at, and now.
  3612. * Helper for download_status_increment_failure and
  3613. * download_status_increment_attempt. */
  3614. static void
  3615. download_status_log_helper(const char *item, int was_schedule_incremented,
  3616. const char *increment_action,
  3617. const char *not_incremented_response,
  3618. uint8_t dls_n_download_increments, int increment,
  3619. time_t dls_next_attempt_at, time_t now)
  3620. {
  3621. if (item) {
  3622. if (!was_schedule_incremented)
  3623. log_debug(LD_DIR, "%s %s %d time(s); I'll try again %s.",
  3624. item, increment_action, (int)dls_n_download_increments,
  3625. not_incremented_response);
  3626. else if (increment == 0)
  3627. log_debug(LD_DIR, "%s %s %d time(s); I'll try again immediately.",
  3628. item, increment_action, (int)dls_n_download_increments);
  3629. else if (dls_next_attempt_at < TIME_MAX)
  3630. log_debug(LD_DIR, "%s %s %d time(s); I'll try again in %d seconds.",
  3631. item, increment_action, (int)dls_n_download_increments,
  3632. (int)(dls_next_attempt_at-now));
  3633. else
  3634. log_debug(LD_DIR, "%s %s %d time(s); Giving up for a while.",
  3635. item, increment_action, (int)dls_n_download_increments);
  3636. }
  3637. }
  3638. /** Determine when a failed download attempt should be retried.
  3639. * Called when an attempt to download <b>dls</b> has failed with HTTP status
  3640. * <b>status_code</b>. Increment the failure count (if the code indicates a
  3641. * real failure, or if we're a server) and set <b>dls</b>-\>next_attempt_at to
  3642. * an appropriate time in the future and return it.
  3643. * If <b>dls->increment_on</b> is DL_SCHED_INCREMENT_ATTEMPT, increment the
  3644. * failure count, and return a time in the far future for the next attempt (to
  3645. * avoid an immediate retry). */
  3646. time_t
  3647. download_status_increment_failure(download_status_t *dls, int status_code,
  3648. const char *item, int server, time_t now)
  3649. {
  3650. (void) status_code; // XXXX no longer used.
  3651. (void) server; // XXXX no longer used.
  3652. int increment = -1;
  3653. int min_delay = 0, max_delay = INT_MAX;
  3654. tor_assert(dls);
  3655. /* count the failure */
  3656. if (dls->n_download_failures < IMPOSSIBLE_TO_DOWNLOAD-1) {
  3657. ++dls->n_download_failures;
  3658. }
  3659. if (dls->increment_on == DL_SCHED_INCREMENT_FAILURE) {
  3660. /* We don't find out that a failure-based schedule has attempted a
  3661. * connection until that connection fails.
  3662. * We'll never find out about successful connections, but this doesn't
  3663. * matter, because schedules are reset after a successful download.
  3664. */
  3665. if (dls->n_download_attempts < IMPOSSIBLE_TO_DOWNLOAD-1)
  3666. ++dls->n_download_attempts;
  3667. /* only return a failure retry time if this schedule increments on failures
  3668. */
  3669. const smartlist_t *schedule = find_dl_schedule(dls, get_options());
  3670. find_dl_min_and_max_delay(dls, get_options(), &min_delay, &max_delay);
  3671. increment = download_status_schedule_get_delay(dls, schedule,
  3672. min_delay, max_delay, now);
  3673. }
  3674. download_status_log_helper(item, !dls->increment_on, "failed",
  3675. "concurrently", dls->n_download_failures,
  3676. increment, dls->next_attempt_at, now);
  3677. if (dls->increment_on == DL_SCHED_INCREMENT_ATTEMPT) {
  3678. /* stop this schedule retrying on failure, it will launch concurrent
  3679. * connections instead */
  3680. return TIME_MAX;
  3681. } else {
  3682. return dls->next_attempt_at;
  3683. }
  3684. }
  3685. /** Determine when the next download attempt should be made when using an
  3686. * attempt-based (potentially concurrent) download schedule.
  3687. * Called when an attempt to download <b>dls</b> is being initiated.
  3688. * Increment the attempt count and set <b>dls</b>-\>next_attempt_at to an
  3689. * appropriate time in the future and return it.
  3690. * If <b>dls->increment_on</b> is DL_SCHED_INCREMENT_FAILURE, don't increment
  3691. * the attempts, and return a time in the far future (to avoid launching a
  3692. * concurrent attempt). */
  3693. time_t
  3694. download_status_increment_attempt(download_status_t *dls, const char *item,
  3695. time_t now)
  3696. {
  3697. int delay = -1;
  3698. int min_delay = 0, max_delay = INT_MAX;
  3699. tor_assert(dls);
  3700. if (dls->increment_on == DL_SCHED_INCREMENT_FAILURE) {
  3701. /* this schedule should retry on failure, and not launch any concurrent
  3702. attempts */
  3703. log_warn(LD_BUG, "Tried to launch an attempt-based connection on a "
  3704. "failure-based schedule.");
  3705. return TIME_MAX;
  3706. }
  3707. if (dls->n_download_attempts < IMPOSSIBLE_TO_DOWNLOAD-1)
  3708. ++dls->n_download_attempts;
  3709. const smartlist_t *schedule = find_dl_schedule(dls, get_options());
  3710. find_dl_min_and_max_delay(dls, get_options(), &min_delay, &max_delay);
  3711. delay = download_status_schedule_get_delay(dls, schedule,
  3712. min_delay, max_delay, now);
  3713. download_status_log_helper(item, dls->increment_on, "attempted",
  3714. "on failure", dls->n_download_attempts,
  3715. delay, dls->next_attempt_at, now);
  3716. return dls->next_attempt_at;
  3717. }
  3718. /** Reset <b>dls</b> so that it will be considered downloadable
  3719. * immediately, and/or to show that we don't need it anymore.
  3720. *
  3721. * Must be called to initialise a download schedule, otherwise the zeroth item
  3722. * in the schedule will never be used.
  3723. *
  3724. * (We find the zeroth element of the download schedule, and set
  3725. * next_attempt_at to be the appropriate offset from 'now'. In most
  3726. * cases this means setting it to 'now', so the item will be immediately
  3727. * downloadable; in the case of bridge descriptors, the zeroth element
  3728. * is an hour from now.) */
  3729. void
  3730. download_status_reset(download_status_t *dls)
  3731. {
  3732. if (dls->n_download_failures == IMPOSSIBLE_TO_DOWNLOAD
  3733. || dls->n_download_attempts == IMPOSSIBLE_TO_DOWNLOAD)
  3734. return; /* Don't reset this. */
  3735. const smartlist_t *schedule = find_dl_schedule(dls, get_options());
  3736. dls->n_download_failures = 0;
  3737. dls->n_download_attempts = 0;
  3738. dls->next_attempt_at = time(NULL) + *(int *)smartlist_get(schedule, 0);
  3739. dls->last_backoff_position = 0;
  3740. dls->last_delay_used = 0;
  3741. /* Don't reset dls->want_authority or dls->increment_on */
  3742. }
  3743. /** Return the number of failures on <b>dls</b> since the last success (if
  3744. * any). */
  3745. int
  3746. download_status_get_n_failures(const download_status_t *dls)
  3747. {
  3748. return dls->n_download_failures;
  3749. }
  3750. /** Return the number of attempts to download <b>dls</b> since the last success
  3751. * (if any). This can differ from download_status_get_n_failures() due to
  3752. * outstanding concurrent attempts. */
  3753. int
  3754. download_status_get_n_attempts(const download_status_t *dls)
  3755. {
  3756. return dls->n_download_attempts;
  3757. }
  3758. /** Return the next time to attempt to download <b>dls</b>. */
  3759. time_t
  3760. download_status_get_next_attempt_at(const download_status_t *dls)
  3761. {
  3762. return dls->next_attempt_at;
  3763. }
  3764. /** Called when one or more routerdesc (or extrainfo, if <b>was_extrainfo</b>)
  3765. * fetches have failed (with uppercase fingerprints listed in <b>failed</b>,
  3766. * either as descriptor digests or as identity digests based on
  3767. * <b>was_descriptor_digests</b>).
  3768. */
  3769. static void
  3770. dir_routerdesc_download_failed(smartlist_t *failed, int status_code,
  3771. int router_purpose,
  3772. int was_extrainfo, int was_descriptor_digests)
  3773. {
  3774. char digest[DIGEST_LEN];
  3775. time_t now = time(NULL);
  3776. int server = directory_fetches_from_authorities(get_options());
  3777. if (!was_descriptor_digests) {
  3778. if (router_purpose == ROUTER_PURPOSE_BRIDGE) {
  3779. tor_assert(!was_extrainfo);
  3780. connection_dir_retry_bridges(failed);
  3781. }
  3782. return; /* FFFF should implement for other-than-router-purpose someday */
  3783. }
  3784. SMARTLIST_FOREACH_BEGIN(failed, const char *, cp) {
  3785. download_status_t *dls = NULL;
  3786. if (base16_decode(digest, DIGEST_LEN, cp, strlen(cp)) != DIGEST_LEN) {
  3787. log_warn(LD_BUG, "Malformed fingerprint in list: %s", escaped(cp));
  3788. continue;
  3789. }
  3790. if (was_extrainfo) {
  3791. signed_descriptor_t *sd =
  3792. router_get_by_extrainfo_digest(digest);
  3793. if (sd)
  3794. dls = &sd->ei_dl_status;
  3795. } else {
  3796. dls = router_get_dl_status_by_descriptor_digest(digest);
  3797. }
  3798. if (!dls || dls->n_download_failures >=
  3799. get_options()->TestingDescriptorMaxDownloadTries)
  3800. continue;
  3801. download_status_increment_failure(dls, status_code, cp, server, now);
  3802. } SMARTLIST_FOREACH_END(cp);
  3803. /* No need to relaunch descriptor downloads here: we already do it
  3804. * every 10 or 60 seconds (FOO_DESCRIPTOR_RETRY_INTERVAL) in main.c. */
  3805. }
  3806. /** Called when a connection to download microdescriptors has failed in whole
  3807. * or in part. <b>failed</b> is a list of every microdesc digest we didn't
  3808. * get. <b>status_code</b> is the http status code we received. Reschedule the
  3809. * microdesc downloads as appropriate. */
  3810. static void
  3811. dir_microdesc_download_failed(smartlist_t *failed,
  3812. int status_code)
  3813. {
  3814. networkstatus_t *consensus
  3815. = networkstatus_get_latest_consensus_by_flavor(FLAV_MICRODESC);
  3816. routerstatus_t *rs;
  3817. download_status_t *dls;
  3818. time_t now = time(NULL);
  3819. int server = directory_fetches_from_authorities(get_options());
  3820. if (! consensus)
  3821. return;
  3822. SMARTLIST_FOREACH_BEGIN(failed, const char *, d) {
  3823. rs = router_get_mutable_consensus_status_by_descriptor_digest(consensus,d);
  3824. if (!rs)
  3825. continue;
  3826. dls = &rs->dl_status;
  3827. if (dls->n_download_failures >=
  3828. get_options()->TestingMicrodescMaxDownloadTries)
  3829. continue;
  3830. {
  3831. char buf[BASE64_DIGEST256_LEN+1];
  3832. digest256_to_base64(buf, d);
  3833. download_status_increment_failure(dls, status_code, buf,
  3834. server, now);
  3835. }
  3836. } SMARTLIST_FOREACH_END(d);
  3837. }
  3838. /** Helper. Compare two fp_pair_t objects, and return negative, 0, or
  3839. * positive as appropriate. */
  3840. static int
  3841. compare_pairs_(const void **a, const void **b)
  3842. {
  3843. const fp_pair_t *fp1 = *a, *fp2 = *b;
  3844. int r;
  3845. if ((r = fast_memcmp(fp1->first, fp2->first, DIGEST_LEN)))
  3846. return r;
  3847. else
  3848. return fast_memcmp(fp1->second, fp2->second, DIGEST_LEN);
  3849. }
  3850. /** Divide a string <b>res</b> of the form FP1-FP2+FP3-FP4...[.z], where each
  3851. * FP is a hex-encoded fingerprint, into a sequence of distinct sorted
  3852. * fp_pair_t. Skip malformed pairs. On success, return 0 and add those
  3853. * fp_pair_t into <b>pairs_out</b>. On failure, return -1. */
  3854. int
  3855. dir_split_resource_into_fingerprint_pairs(const char *res,
  3856. smartlist_t *pairs_out)
  3857. {
  3858. smartlist_t *pairs_tmp = smartlist_new();
  3859. smartlist_t *pairs_result = smartlist_new();
  3860. smartlist_split_string(pairs_tmp, res, "+", 0, 0);
  3861. if (smartlist_len(pairs_tmp)) {
  3862. char *last = smartlist_get(pairs_tmp,smartlist_len(pairs_tmp)-1);
  3863. size_t last_len = strlen(last);
  3864. if (last_len > 2 && !strcmp(last+last_len-2, ".z")) {
  3865. last[last_len-2] = '\0';
  3866. }
  3867. }
  3868. SMARTLIST_FOREACH_BEGIN(pairs_tmp, char *, cp) {
  3869. if (strlen(cp) != HEX_DIGEST_LEN*2+1) {
  3870. log_info(LD_DIR,
  3871. "Skipping digest pair %s with non-standard length.", escaped(cp));
  3872. } else if (cp[HEX_DIGEST_LEN] != '-') {
  3873. log_info(LD_DIR,
  3874. "Skipping digest pair %s with missing dash.", escaped(cp));
  3875. } else {
  3876. fp_pair_t pair;
  3877. if (base16_decode(pair.first, DIGEST_LEN,
  3878. cp, HEX_DIGEST_LEN) != DIGEST_LEN ||
  3879. base16_decode(pair.second,DIGEST_LEN,
  3880. cp+HEX_DIGEST_LEN+1, HEX_DIGEST_LEN) != DIGEST_LEN) {
  3881. log_info(LD_DIR, "Skipping non-decodable digest pair %s", escaped(cp));
  3882. } else {
  3883. smartlist_add(pairs_result, tor_memdup(&pair, sizeof(pair)));
  3884. }
  3885. }
  3886. tor_free(cp);
  3887. } SMARTLIST_FOREACH_END(cp);
  3888. smartlist_free(pairs_tmp);
  3889. /* Uniq-and-sort */
  3890. smartlist_sort(pairs_result, compare_pairs_);
  3891. smartlist_uniq(pairs_result, compare_pairs_, tor_free_);
  3892. smartlist_add_all(pairs_out, pairs_result);
  3893. smartlist_free(pairs_result);
  3894. return 0;
  3895. }
  3896. /** Given a directory <b>resource</b> request, containing zero
  3897. * or more strings separated by plus signs, followed optionally by ".z", store
  3898. * the strings, in order, into <b>fp_out</b>. If <b>compressed_out</b> is
  3899. * non-NULL, set it to 1 if the resource ends in ".z", else set it to 0.
  3900. *
  3901. * If (flags & DSR_HEX), then delete all elements that aren't hex digests, and
  3902. * decode the rest. If (flags & DSR_BASE64), then use "-" rather than "+" as
  3903. * a separator, delete all the elements that aren't base64-encoded digests,
  3904. * and decode the rest. If (flags & DSR_DIGEST256), these digests should be
  3905. * 256 bits long; else they should be 160.
  3906. *
  3907. * If (flags & DSR_SORT_UNIQ), then sort the list and remove all duplicates.
  3908. */
  3909. int
  3910. dir_split_resource_into_fingerprints(const char *resource,
  3911. smartlist_t *fp_out, int *compressed_out,
  3912. int flags)
  3913. {
  3914. const int decode_hex = flags & DSR_HEX;
  3915. const int decode_base64 = flags & DSR_BASE64;
  3916. const int digests_are_256 = flags & DSR_DIGEST256;
  3917. const int sort_uniq = flags & DSR_SORT_UNIQ;
  3918. const int digest_len = digests_are_256 ? DIGEST256_LEN : DIGEST_LEN;
  3919. const int hex_digest_len = digests_are_256 ?
  3920. HEX_DIGEST256_LEN : HEX_DIGEST_LEN;
  3921. const int base64_digest_len = digests_are_256 ?
  3922. BASE64_DIGEST256_LEN : BASE64_DIGEST_LEN;
  3923. smartlist_t *fp_tmp = smartlist_new();
  3924. tor_assert(!(decode_hex && decode_base64));
  3925. tor_assert(fp_out);
  3926. smartlist_split_string(fp_tmp, resource, decode_base64?"-":"+", 0, 0);
  3927. if (compressed_out)
  3928. *compressed_out = 0;
  3929. if (smartlist_len(fp_tmp)) {
  3930. char *last = smartlist_get(fp_tmp,smartlist_len(fp_tmp)-1);
  3931. size_t last_len = strlen(last);
  3932. if (last_len > 2 && !strcmp(last+last_len-2, ".z")) {
  3933. last[last_len-2] = '\0';
  3934. if (compressed_out)
  3935. *compressed_out = 1;
  3936. }
  3937. }
  3938. if (decode_hex || decode_base64) {
  3939. const size_t encoded_len = decode_hex ? hex_digest_len : base64_digest_len;
  3940. int i;
  3941. char *cp, *d = NULL;
  3942. for (i = 0; i < smartlist_len(fp_tmp); ++i) {
  3943. cp = smartlist_get(fp_tmp, i);
  3944. if (strlen(cp) != encoded_len) {
  3945. log_info(LD_DIR,
  3946. "Skipping digest %s with non-standard length.", escaped(cp));
  3947. smartlist_del_keeporder(fp_tmp, i--);
  3948. goto again;
  3949. }
  3950. d = tor_malloc_zero(digest_len);
  3951. if (decode_hex ?
  3952. (base16_decode(d, digest_len, cp, hex_digest_len) != digest_len) :
  3953. (base64_decode(d, digest_len, cp, base64_digest_len)
  3954. != digest_len)) {
  3955. log_info(LD_DIR, "Skipping non-decodable digest %s", escaped(cp));
  3956. smartlist_del_keeporder(fp_tmp, i--);
  3957. goto again;
  3958. }
  3959. smartlist_set(fp_tmp, i, d);
  3960. d = NULL;
  3961. again:
  3962. tor_free(cp);
  3963. tor_free(d);
  3964. }
  3965. }
  3966. if (sort_uniq) {
  3967. if (decode_hex || decode_base64) {
  3968. if (digests_are_256) {
  3969. smartlist_sort_digests256(fp_tmp);
  3970. smartlist_uniq_digests256(fp_tmp);
  3971. } else {
  3972. smartlist_sort_digests(fp_tmp);
  3973. smartlist_uniq_digests(fp_tmp);
  3974. }
  3975. } else {
  3976. smartlist_sort_strings(fp_tmp);
  3977. smartlist_uniq_strings(fp_tmp);
  3978. }
  3979. }
  3980. smartlist_add_all(fp_out, fp_tmp);
  3981. smartlist_free(fp_tmp);
  3982. return 0;
  3983. }