dircache.c 60 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755
  1. /* Copyright (c) 2001-2004, Roger Dingledine.
  2. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  3. * Copyright (c) 2007-2019, The Tor Project, Inc. */
  4. /* See LICENSE for licensing information */
  5. #define DIRCACHE_PRIVATE
  6. #include "core/or/or.h"
  7. #include "app/config/config.h"
  8. #include "core/mainloop/connection.h"
  9. #include "core/or/relay.h"
  10. #include "feature/dirauth/dirvote.h"
  11. #include "feature/dirauth/authmode.h"
  12. #include "feature/dirauth/process_descs.h"
  13. #include "feature/dircache/conscache.h"
  14. #include "feature/dircache/consdiffmgr.h"
  15. #include "feature/dircache/dircache.h"
  16. #include "feature/dircache/dirserv.h"
  17. #include "feature/dircommon/directory.h"
  18. #include "feature/dircommon/fp_pair.h"
  19. #include "feature/hs/hs_cache.h"
  20. #include "feature/nodelist/authcert.h"
  21. #include "feature/nodelist/networkstatus.h"
  22. #include "feature/nodelist/routerlist.h"
  23. #include "feature/relay/routermode.h"
  24. #include "feature/rend/rendcache.h"
  25. #include "feature/stats/geoip_stats.h"
  26. #include "feature/stats/rephist.h"
  27. #include "lib/compress/compress.h"
  28. #include "feature/dircache/cached_dir_st.h"
  29. #include "feature/dircommon/dir_connection_st.h"
  30. #include "feature/nodelist/authority_cert_st.h"
  31. #include "feature/nodelist/networkstatus_st.h"
  32. #include "feature/nodelist/routerinfo_st.h"
  33. /** Maximum size, in bytes, for any directory object that we're accepting
  34. * as an upload. */
  35. #define MAX_DIR_UL_SIZE ((1<<24)-1) /* 16MB-1 */
  36. /** HTTP cache control: how long do we tell proxies they can cache each
  37. * kind of document we serve? */
  38. #define FULL_DIR_CACHE_LIFETIME (60*60)
  39. #define RUNNINGROUTERS_CACHE_LIFETIME (20*60)
  40. #define DIRPORTFRONTPAGE_CACHE_LIFETIME (20*60)
  41. #define NETWORKSTATUS_CACHE_LIFETIME (5*60)
  42. #define ROUTERDESC_CACHE_LIFETIME (30*60)
  43. #define ROUTERDESC_BY_DIGEST_CACHE_LIFETIME (48*60*60)
  44. #define ROBOTS_CACHE_LIFETIME (24*60*60)
  45. #define MICRODESC_CACHE_LIFETIME (48*60*60)
  46. /** Parse an HTTP request string <b>headers</b> of the form
  47. * \verbatim
  48. * "\%s [http[s]://]\%s HTTP/1..."
  49. * \endverbatim
  50. * If it's well-formed, strdup the second \%s into *<b>url</b>, and
  51. * nul-terminate it. If the url doesn't start with "/tor/", rewrite it
  52. * so it does. Return 0.
  53. * Otherwise, return -1.
  54. */
  55. STATIC int
  56. parse_http_url(const char *headers, char **url)
  57. {
  58. char *command = NULL;
  59. if (parse_http_command(headers, &command, url) < 0) {
  60. return -1;
  61. }
  62. if (strcmpstart(*url, "/tor/")) {
  63. char *new_url = NULL;
  64. tor_asprintf(&new_url, "/tor%s%s",
  65. *url[0] == '/' ? "" : "/",
  66. *url);
  67. tor_free(*url);
  68. *url = new_url;
  69. }
  70. tor_free(command);
  71. return 0;
  72. }
  73. /** Create an http response for the client <b>conn</b> out of
  74. * <b>status</b> and <b>reason_phrase</b>. Write it to <b>conn</b>.
  75. */
  76. static void
  77. write_short_http_response(dir_connection_t *conn, int status,
  78. const char *reason_phrase)
  79. {
  80. char *buf = NULL;
  81. char *datestring = NULL;
  82. IF_BUG_ONCE(!reason_phrase) { /* bullet-proofing */
  83. reason_phrase = "unspecified";
  84. }
  85. if (server_mode(get_options())) {
  86. /* include the Date: header, but only if we're a relay or bridge */
  87. char datebuf[RFC1123_TIME_LEN+1];
  88. format_rfc1123_time(datebuf, time(NULL));
  89. tor_asprintf(&datestring, "Date: %s\r\n", datebuf);
  90. }
  91. tor_asprintf(&buf, "HTTP/1.0 %d %s\r\n%s\r\n",
  92. status, reason_phrase, datestring?datestring:"");
  93. log_debug(LD_DIRSERV,"Wrote status 'HTTP/1.0 %d %s'", status, reason_phrase);
  94. connection_buf_add(buf, strlen(buf), TO_CONN(conn));
  95. tor_free(datestring);
  96. tor_free(buf);
  97. }
  98. /** Write the header for an HTTP/1.0 response onto <b>conn</b>-\>outbuf,
  99. * with <b>type</b> as the Content-Type.
  100. *
  101. * If <b>length</b> is nonnegative, it is the Content-Length.
  102. * If <b>encoding</b> is provided, it is the Content-Encoding.
  103. * If <b>cache_lifetime</b> is greater than 0, the content may be cached for
  104. * up to cache_lifetime seconds. Otherwise, the content may not be cached. */
  105. static void
  106. write_http_response_header_impl(dir_connection_t *conn, ssize_t length,
  107. const char *type, const char *encoding,
  108. const char *extra_headers,
  109. long cache_lifetime)
  110. {
  111. char date[RFC1123_TIME_LEN+1];
  112. time_t now = time(NULL);
  113. buf_t *buf = buf_new_with_capacity(1024);
  114. tor_assert(conn);
  115. format_rfc1123_time(date, now);
  116. buf_add_printf(buf, "HTTP/1.0 200 OK\r\nDate: %s\r\n", date);
  117. if (type) {
  118. buf_add_printf(buf, "Content-Type: %s\r\n", type);
  119. }
  120. if (!is_local_addr(&conn->base_.addr)) {
  121. /* Don't report the source address for a nearby/private connection.
  122. * Otherwise we tend to mis-report in cases where incoming ports are
  123. * being forwarded to a Tor server running behind the firewall. */
  124. buf_add_printf(buf, X_ADDRESS_HEADER "%s\r\n", conn->base_.address);
  125. }
  126. if (encoding) {
  127. buf_add_printf(buf, "Content-Encoding: %s\r\n", encoding);
  128. }
  129. if (length >= 0) {
  130. buf_add_printf(buf, "Content-Length: %ld\r\n", (long)length);
  131. }
  132. if (cache_lifetime > 0) {
  133. char expbuf[RFC1123_TIME_LEN+1];
  134. format_rfc1123_time(expbuf, (time_t)(now + cache_lifetime));
  135. /* We could say 'Cache-control: max-age=%d' here if we start doing
  136. * http/1.1 */
  137. buf_add_printf(buf, "Expires: %s\r\n", expbuf);
  138. } else if (cache_lifetime == 0) {
  139. /* We could say 'Cache-control: no-cache' here if we start doing
  140. * http/1.1 */
  141. buf_add_string(buf, "Pragma: no-cache\r\n");
  142. }
  143. if (extra_headers) {
  144. buf_add_string(buf, extra_headers);
  145. }
  146. buf_add_string(buf, "\r\n");
  147. connection_buf_add_buf(TO_CONN(conn), buf);
  148. buf_free(buf);
  149. }
  150. /** As write_http_response_header_impl, but translates method into
  151. * encoding */
  152. static void
  153. write_http_response_headers(dir_connection_t *conn, ssize_t length,
  154. compress_method_t method,
  155. const char *extra_headers, long cache_lifetime)
  156. {
  157. write_http_response_header_impl(conn, length,
  158. "text/plain",
  159. compression_method_get_name(method),
  160. extra_headers,
  161. cache_lifetime);
  162. }
  163. /** As write_http_response_headers, but assumes extra_headers is NULL */
  164. static void
  165. write_http_response_header(dir_connection_t *conn, ssize_t length,
  166. compress_method_t method,
  167. long cache_lifetime)
  168. {
  169. write_http_response_headers(conn, length, method, NULL, cache_lifetime);
  170. }
  171. /** Array of compression methods to use (if supported) for serving
  172. * precompressed data, ordered from best to worst. */
  173. static compress_method_t srv_meth_pref_precompressed[] = {
  174. LZMA_METHOD,
  175. ZSTD_METHOD,
  176. ZLIB_METHOD,
  177. GZIP_METHOD,
  178. NO_METHOD
  179. };
  180. /** Array of compression methods to use (if supported) for serving
  181. * streamed data, ordered from best to worst. */
  182. static compress_method_t srv_meth_pref_streaming_compression[] = {
  183. ZSTD_METHOD,
  184. ZLIB_METHOD,
  185. GZIP_METHOD,
  186. NO_METHOD
  187. };
  188. /** Parse the compression methods listed in an Accept-Encoding header <b>h</b>,
  189. * and convert them to a bitfield where compression method x is supported if
  190. * and only if 1 &lt;&lt; x is set in the bitfield. */
  191. STATIC unsigned
  192. parse_accept_encoding_header(const char *h)
  193. {
  194. unsigned result = (1u << NO_METHOD);
  195. smartlist_t *methods = smartlist_new();
  196. smartlist_split_string(methods, h, ",",
  197. SPLIT_SKIP_SPACE|SPLIT_STRIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  198. SMARTLIST_FOREACH_BEGIN(methods, const char *, m) {
  199. compress_method_t method = compression_method_get_by_name(m);
  200. if (method != UNKNOWN_METHOD) {
  201. tor_assert(((unsigned)method) < 8*sizeof(unsigned));
  202. result |= (1u << method);
  203. }
  204. } SMARTLIST_FOREACH_END(m);
  205. SMARTLIST_FOREACH_BEGIN(methods, char *, m) {
  206. tor_free(m);
  207. } SMARTLIST_FOREACH_END(m);
  208. smartlist_free(methods);
  209. return result;
  210. }
  211. /** Decide whether a client would accept the consensus we have.
  212. *
  213. * Clients can say they only want a consensus if it's signed by more
  214. * than half the authorities in a list. They pass this list in
  215. * the url as "...consensus/<b>fpr</b>+<b>fpr</b>+<b>fpr</b>".
  216. *
  217. * <b>fpr</b> may be an abbreviated fingerprint, i.e. only a left substring
  218. * of the full authority identity digest. (Only strings of even length,
  219. * i.e. encodings of full bytes, are handled correctly. In the case
  220. * of an odd number of hex digits the last one is silently ignored.)
  221. *
  222. * Returns 1 if more than half of the requested authorities signed the
  223. * consensus, 0 otherwise.
  224. */
  225. static int
  226. client_likes_consensus(const struct consensus_cache_entry_t *ent,
  227. const char *want_url)
  228. {
  229. smartlist_t *voters = smartlist_new();
  230. int need_at_least;
  231. int have = 0;
  232. if (consensus_cache_entry_get_voter_id_digests(ent, voters) != 0) {
  233. smartlist_free(voters);
  234. return 1; // We don't know the voters; assume the client won't mind. */
  235. }
  236. smartlist_t *want_authorities = smartlist_new();
  237. dir_split_resource_into_fingerprints(want_url, want_authorities, NULL, 0);
  238. need_at_least = smartlist_len(want_authorities)/2+1;
  239. SMARTLIST_FOREACH_BEGIN(want_authorities, const char *, want_digest) {
  240. SMARTLIST_FOREACH_BEGIN(voters, const char *, digest) {
  241. if (!strcasecmpstart(digest, want_digest)) {
  242. have++;
  243. break;
  244. };
  245. } SMARTLIST_FOREACH_END(digest);
  246. /* early exit, if we already have enough */
  247. if (have >= need_at_least)
  248. break;
  249. } SMARTLIST_FOREACH_END(want_digest);
  250. SMARTLIST_FOREACH(want_authorities, char *, d, tor_free(d));
  251. smartlist_free(want_authorities);
  252. SMARTLIST_FOREACH(voters, char *, cp, tor_free(cp));
  253. smartlist_free(voters);
  254. return (have >= need_at_least);
  255. }
  256. /** Return the compression level we should use for sending a compressed
  257. * response of size <b>n_bytes</b>. */
  258. STATIC compression_level_t
  259. choose_compression_level(ssize_t n_bytes)
  260. {
  261. if (! have_been_under_memory_pressure()) {
  262. return HIGH_COMPRESSION; /* we have plenty of RAM. */
  263. } else if (n_bytes < 0) {
  264. return HIGH_COMPRESSION; /* unknown; might be big. */
  265. } else if (n_bytes < 1024) {
  266. return LOW_COMPRESSION;
  267. } else if (n_bytes < 2048) {
  268. return MEDIUM_COMPRESSION;
  269. } else {
  270. return HIGH_COMPRESSION;
  271. }
  272. }
  273. /** Information passed to handle a GET request. */
  274. typedef struct get_handler_args_t {
  275. /** Bitmask of compression methods that the client said (or implied) it
  276. * supported. */
  277. unsigned compression_supported;
  278. /** If nonzero, the time included an if-modified-since header with this
  279. * value. */
  280. time_t if_modified_since;
  281. /** String containing the requested URL or resource. */
  282. const char *url;
  283. /** String containing the HTTP headers */
  284. const char *headers;
  285. } get_handler_args_t;
  286. /** Entry for handling an HTTP GET request.
  287. *
  288. * This entry matches a request if "string" is equal to the requested
  289. * resource, or if "is_prefix" is true and "string" is a prefix of the
  290. * requested resource.
  291. *
  292. * The 'handler' function is called to handle the request. It receives
  293. * an arguments structure, and must return 0 on success or -1 if we should
  294. * close the connection.
  295. **/
  296. typedef struct url_table_ent_s {
  297. const char *string;
  298. int is_prefix;
  299. int (*handler)(dir_connection_t *conn, const get_handler_args_t *args);
  300. } url_table_ent_t;
  301. static int handle_get_frontpage(dir_connection_t *conn,
  302. const get_handler_args_t *args);
  303. static int handle_get_current_consensus(dir_connection_t *conn,
  304. const get_handler_args_t *args);
  305. static int handle_get_status_vote(dir_connection_t *conn,
  306. const get_handler_args_t *args);
  307. static int handle_get_microdesc(dir_connection_t *conn,
  308. const get_handler_args_t *args);
  309. static int handle_get_descriptor(dir_connection_t *conn,
  310. const get_handler_args_t *args);
  311. static int handle_get_keys(dir_connection_t *conn,
  312. const get_handler_args_t *args);
  313. static int handle_get_hs_descriptor_v2(dir_connection_t *conn,
  314. const get_handler_args_t *args);
  315. static int handle_get_robots(dir_connection_t *conn,
  316. const get_handler_args_t *args);
  317. static int handle_get_networkstatus_bridges(dir_connection_t *conn,
  318. const get_handler_args_t *args);
  319. /** Table for handling GET requests. */
  320. static const url_table_ent_t url_table[] = {
  321. { "/tor/", 0, handle_get_frontpage },
  322. { "/tor/status-vote/current/consensus", 1, handle_get_current_consensus },
  323. { "/tor/status-vote/current/", 1, handle_get_status_vote },
  324. { "/tor/status-vote/next/", 1, handle_get_status_vote },
  325. { "/tor/micro/d/", 1, handle_get_microdesc },
  326. { "/tor/server/", 1, handle_get_descriptor },
  327. { "/tor/extra/", 1, handle_get_descriptor },
  328. { "/tor/keys/", 1, handle_get_keys },
  329. { "/tor/rendezvous2/", 1, handle_get_hs_descriptor_v2 },
  330. { "/tor/hs/3/", 1, handle_get_hs_descriptor_v3 },
  331. { "/tor/robots.txt", 0, handle_get_robots },
  332. { "/tor/networkstatus-bridges", 0, handle_get_networkstatus_bridges },
  333. { NULL, 0, NULL },
  334. };
  335. /** Helper function: called when a dirserver gets a complete HTTP GET
  336. * request. Look for a request for a directory or for a rendezvous
  337. * service descriptor. On finding one, write a response into
  338. * conn-\>outbuf. If the request is unrecognized, send a 404.
  339. * Return 0 if we handled this successfully, or -1 if we need to close
  340. * the connection. */
  341. MOCK_IMPL(STATIC int,
  342. directory_handle_command_get,(dir_connection_t *conn, const char *headers,
  343. const char *req_body, size_t req_body_len))
  344. {
  345. char *url, *url_mem, *header;
  346. time_t if_modified_since = 0;
  347. int zlib_compressed_in_url;
  348. unsigned compression_methods_supported;
  349. /* We ignore the body of a GET request. */
  350. (void)req_body;
  351. (void)req_body_len;
  352. log_debug(LD_DIRSERV,"Received GET command.");
  353. conn->base_.state = DIR_CONN_STATE_SERVER_WRITING;
  354. if (parse_http_url(headers, &url) < 0) {
  355. write_short_http_response(conn, 400, "Bad request");
  356. return 0;
  357. }
  358. if ((header = http_get_header(headers, "If-Modified-Since: "))) {
  359. struct tm tm;
  360. if (parse_http_time(header, &tm) == 0) {
  361. if (tor_timegm(&tm, &if_modified_since)<0) {
  362. if_modified_since = 0;
  363. } else {
  364. log_debug(LD_DIRSERV, "If-Modified-Since is '%s'.", escaped(header));
  365. }
  366. }
  367. /* The correct behavior on a malformed If-Modified-Since header is to
  368. * act as if no If-Modified-Since header had been given. */
  369. tor_free(header);
  370. }
  371. log_debug(LD_DIRSERV,"rewritten url as '%s'.", escaped(url));
  372. url_mem = url;
  373. {
  374. size_t url_len = strlen(url);
  375. zlib_compressed_in_url = url_len > 2 && !strcmp(url+url_len-2, ".z");
  376. if (zlib_compressed_in_url) {
  377. url[url_len-2] = '\0';
  378. }
  379. }
  380. if ((header = http_get_header(headers, "Accept-Encoding: "))) {
  381. compression_methods_supported = parse_accept_encoding_header(header);
  382. tor_free(header);
  383. } else {
  384. compression_methods_supported = (1u << NO_METHOD);
  385. }
  386. if (zlib_compressed_in_url) {
  387. compression_methods_supported |= (1u << ZLIB_METHOD);
  388. }
  389. /* Remove all methods that we don't both support. */
  390. compression_methods_supported &= tor_compress_get_supported_method_bitmask();
  391. get_handler_args_t args;
  392. args.url = url;
  393. args.headers = headers;
  394. args.if_modified_since = if_modified_since;
  395. args.compression_supported = compression_methods_supported;
  396. int i, result = -1;
  397. for (i = 0; url_table[i].string; ++i) {
  398. int match;
  399. if (url_table[i].is_prefix) {
  400. match = !strcmpstart(url, url_table[i].string);
  401. } else {
  402. match = !strcmp(url, url_table[i].string);
  403. }
  404. if (match) {
  405. result = url_table[i].handler(conn, &args);
  406. goto done;
  407. }
  408. }
  409. /* we didn't recognize the url */
  410. write_short_http_response(conn, 404, "Not found");
  411. result = 0;
  412. done:
  413. tor_free(url_mem);
  414. return result;
  415. }
  416. /** Helper function for GET / or GET /tor/
  417. */
  418. static int
  419. handle_get_frontpage(dir_connection_t *conn, const get_handler_args_t *args)
  420. {
  421. (void) args; /* unused */
  422. const char *frontpage = get_dirportfrontpage();
  423. if (frontpage) {
  424. size_t dlen;
  425. dlen = strlen(frontpage);
  426. /* Let's return a disclaimer page (users shouldn't use V1 anymore,
  427. and caches don't fetch '/', so this is safe). */
  428. /* [We don't check for write_bucket_low here, since we want to serve
  429. * this page no matter what.] */
  430. write_http_response_header_impl(conn, dlen, "text/html", "identity",
  431. NULL, DIRPORTFRONTPAGE_CACHE_LIFETIME);
  432. connection_buf_add(frontpage, dlen, TO_CONN(conn));
  433. } else {
  434. write_short_http_response(conn, 404, "Not found");
  435. }
  436. return 0;
  437. }
  438. /** Warn that the cached consensus <b>consensus</b> of type
  439. * <b>flavor</b> too new or too old, based on <b>is_too_new</b>,
  440. * and will not be served to clients. Rate-limit the warning to avoid logging
  441. * an entry on every request.
  442. */
  443. static void
  444. warn_consensus_is_not_reasonably_live(
  445. const struct consensus_cache_entry_t *consensus,
  446. const char *flavor, time_t now, bool is_too_new)
  447. {
  448. #define NOT_REASONABLY_LIVE_WARNING_INTERVAL (60*60)
  449. static ratelim_t warned[2] = { RATELIM_INIT(
  450. NOT_REASONABLY_LIVE_WARNING_INTERVAL),
  451. RATELIM_INIT(
  452. NOT_REASONABLY_LIVE_WARNING_INTERVAL) };
  453. char timestamp[ISO_TIME_LEN+1];
  454. /* valid_after if is_too_new, valid_until if !is_too_new */
  455. time_t valid_time = 0;
  456. char *dupes = NULL;
  457. if (is_too_new) {
  458. if (consensus_cache_entry_get_valid_after(consensus, &valid_time))
  459. return;
  460. dupes = rate_limit_log(&warned[1], now);
  461. } else {
  462. if (consensus_cache_entry_get_valid_until(consensus, &valid_time))
  463. return;
  464. dupes = rate_limit_log(&warned[0], now);
  465. }
  466. if (dupes) {
  467. format_local_iso_time(timestamp, valid_time);
  468. log_warn(LD_DIRSERV, "Our %s%sconsensus is too %s, so we will not "
  469. "serve it to clients. It was valid %s %s local time and we "
  470. "continued to serve it for up to 24 hours %s.%s",
  471. flavor ? flavor : "",
  472. flavor ? " " : "",
  473. is_too_new ? "new" : "old",
  474. is_too_new ? "after" : "until",
  475. timestamp,
  476. is_too_new ? "before it was valid" : "after it expired",
  477. dupes);
  478. tor_free(dupes);
  479. }
  480. }
  481. /**
  482. * Parse a single hex-encoded sha3-256 digest from <b>hex</b> into
  483. * <b>digest</b>. Return 0 on success. On failure, report that the hash came
  484. * from <b>location</b>, report that we are taking <b>action</b> with it, and
  485. * return -1.
  486. */
  487. static int
  488. parse_one_diff_hash(uint8_t *digest, const char *hex, const char *location,
  489. const char *action)
  490. {
  491. if (base16_decode((char*)digest, DIGEST256_LEN, hex, strlen(hex)) ==
  492. DIGEST256_LEN) {
  493. return 0;
  494. } else {
  495. log_fn(LOG_PROTOCOL_WARN, LD_DIR,
  496. "%s contained bogus digest %s; %s.",
  497. location, escaped(hex), action);
  498. return -1;
  499. }
  500. }
  501. /** If there is an X-Or-Diff-From-Consensus header included in <b>headers</b>,
  502. * set <b>digest_out<b> to a new smartlist containing every 256-bit
  503. * hex-encoded digest listed in that header and return 0. Otherwise return
  504. * -1. */
  505. static int
  506. parse_or_diff_from_header(smartlist_t **digests_out, const char *headers)
  507. {
  508. char *hdr = http_get_header(headers, X_OR_DIFF_FROM_CONSENSUS_HEADER);
  509. if (hdr == NULL) {
  510. return -1;
  511. }
  512. smartlist_t *hex_digests = smartlist_new();
  513. *digests_out = smartlist_new();
  514. smartlist_split_string(hex_digests, hdr, " ",
  515. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
  516. SMARTLIST_FOREACH_BEGIN(hex_digests, const char *, hex) {
  517. uint8_t digest[DIGEST256_LEN];
  518. if (!parse_one_diff_hash(digest, hex, "X-Or-Diff-From-Consensus header",
  519. "ignoring")) {
  520. smartlist_add(*digests_out, tor_memdup(digest, sizeof(digest)));
  521. }
  522. } SMARTLIST_FOREACH_END(hex);
  523. SMARTLIST_FOREACH(hex_digests, char *, cp, tor_free(cp));
  524. smartlist_free(hex_digests);
  525. tor_free(hdr);
  526. return 0;
  527. }
  528. /** Fallback compression method. The fallback compression method is used in
  529. * case a client requests a non-compressed document. We only store compressed
  530. * documents, so we use this compression method to fetch the document and let
  531. * the spooling system do the streaming decompression.
  532. */
  533. #define FALLBACK_COMPRESS_METHOD ZLIB_METHOD
  534. /**
  535. * Try to find the best consensus diff possible in order to serve a client
  536. * request for a diff from one of the consensuses in <b>digests</b> to the
  537. * current consensus of flavor <b>flav</b>. The client supports the
  538. * compression methods listed in the <b>compression_methods</b> bitfield:
  539. * place the method chosen (if any) into <b>compression_used_out</b>.
  540. */
  541. static struct consensus_cache_entry_t *
  542. find_best_diff(const smartlist_t *digests, int flav,
  543. unsigned compression_methods,
  544. compress_method_t *compression_used_out)
  545. {
  546. struct consensus_cache_entry_t *result = NULL;
  547. SMARTLIST_FOREACH_BEGIN(digests, const uint8_t *, diff_from) {
  548. unsigned u;
  549. for (u = 0; u < ARRAY_LENGTH(srv_meth_pref_precompressed); ++u) {
  550. compress_method_t method = srv_meth_pref_precompressed[u];
  551. if (0 == (compression_methods & (1u<<method)))
  552. continue; // client doesn't like this one, or we don't have it.
  553. if (consdiffmgr_find_diff_from(&result, flav, DIGEST_SHA3_256,
  554. diff_from, DIGEST256_LEN,
  555. method) == CONSDIFF_AVAILABLE) {
  556. tor_assert_nonfatal(result);
  557. *compression_used_out = method;
  558. return result;
  559. }
  560. }
  561. } SMARTLIST_FOREACH_END(diff_from);
  562. SMARTLIST_FOREACH_BEGIN(digests, const uint8_t *, diff_from) {
  563. if (consdiffmgr_find_diff_from(&result, flav, DIGEST_SHA3_256, diff_from,
  564. DIGEST256_LEN, FALLBACK_COMPRESS_METHOD) == CONSDIFF_AVAILABLE) {
  565. tor_assert_nonfatal(result);
  566. *compression_used_out = FALLBACK_COMPRESS_METHOD;
  567. return result;
  568. }
  569. } SMARTLIST_FOREACH_END(diff_from);
  570. return NULL;
  571. }
  572. /** Lookup the cached consensus document by the flavor found in <b>flav</b>.
  573. * The preferred set of compression methods should be listed in the
  574. * <b>compression_methods</b> bitfield. The compression method chosen (if any)
  575. * is stored in <b>compression_used_out</b>. */
  576. static struct consensus_cache_entry_t *
  577. find_best_consensus(int flav,
  578. unsigned compression_methods,
  579. compress_method_t *compression_used_out)
  580. {
  581. struct consensus_cache_entry_t *result = NULL;
  582. unsigned u;
  583. for (u = 0; u < ARRAY_LENGTH(srv_meth_pref_precompressed); ++u) {
  584. compress_method_t method = srv_meth_pref_precompressed[u];
  585. if (0 == (compression_methods & (1u<<method)))
  586. continue;
  587. if (consdiffmgr_find_consensus(&result, flav,
  588. method) == CONSDIFF_AVAILABLE) {
  589. tor_assert_nonfatal(result);
  590. *compression_used_out = method;
  591. return result;
  592. }
  593. }
  594. if (consdiffmgr_find_consensus(&result, flav,
  595. FALLBACK_COMPRESS_METHOD) == CONSDIFF_AVAILABLE) {
  596. tor_assert_nonfatal(result);
  597. *compression_used_out = FALLBACK_COMPRESS_METHOD;
  598. return result;
  599. }
  600. return NULL;
  601. }
  602. /** Try to find the best supported compression method possible from a given
  603. * <b>compression_methods</b>. Return NO_METHOD if no mutually supported
  604. * compression method could be found. */
  605. static compress_method_t
  606. find_best_compression_method(unsigned compression_methods, int stream)
  607. {
  608. unsigned u;
  609. compress_method_t *methods;
  610. size_t length;
  611. if (stream) {
  612. methods = srv_meth_pref_streaming_compression;
  613. length = ARRAY_LENGTH(srv_meth_pref_streaming_compression);
  614. } else {
  615. methods = srv_meth_pref_precompressed;
  616. length = ARRAY_LENGTH(srv_meth_pref_precompressed);
  617. }
  618. for (u = 0; u < length; ++u) {
  619. compress_method_t method = methods[u];
  620. if (compression_methods & (1u<<method))
  621. return method;
  622. }
  623. return NO_METHOD;
  624. }
  625. /** Check if any of the digests in <b>digests</b> matches the latest consensus
  626. * flavor (given in <b>flavor</b>) that we have available. */
  627. static int
  628. digest_list_contains_best_consensus(consensus_flavor_t flavor,
  629. const smartlist_t *digests)
  630. {
  631. const networkstatus_t *ns = NULL;
  632. if (digests == NULL)
  633. return 0;
  634. ns = networkstatus_get_latest_consensus_by_flavor(flavor);
  635. if (ns == NULL)
  636. return 0;
  637. SMARTLIST_FOREACH_BEGIN(digests, const uint8_t *, digest) {
  638. if (tor_memeq(ns->digest_sha3_as_signed, digest, DIGEST256_LEN))
  639. return 1;
  640. } SMARTLIST_FOREACH_END(digest);
  641. return 0;
  642. }
  643. /** Encodes the results of parsing a consensus request to figure out what
  644. * consensus, and possibly what diffs, the user asked for. */
  645. typedef struct {
  646. /** name of the flavor to retrieve. */
  647. char *flavor;
  648. /** flavor to retrive, as enum. */
  649. consensus_flavor_t flav;
  650. /** plus-separated list of authority fingerprints; see
  651. * client_likes_consensus(). Aliases the URL in the request passed to
  652. * parse_consensus_request(). */
  653. const char *want_fps;
  654. /** Optionally, a smartlist of sha3 digests-as-signed of the consensuses
  655. * to return a diff from. */
  656. smartlist_t *diff_from_digests;
  657. /** If true, never send a full consensus. If there is no diff, send
  658. * a 404 instead. */
  659. int diff_only;
  660. } parsed_consensus_request_t;
  661. /** Remove all data held in <b>req</b>. Do not free <b>req</b> itself, since
  662. * it is stack-allocated. */
  663. static void
  664. parsed_consensus_request_clear(parsed_consensus_request_t *req)
  665. {
  666. if (!req)
  667. return;
  668. tor_free(req->flavor);
  669. if (req->diff_from_digests) {
  670. SMARTLIST_FOREACH(req->diff_from_digests, uint8_t *, d, tor_free(d));
  671. smartlist_free(req->diff_from_digests);
  672. }
  673. memset(req, 0, sizeof(parsed_consensus_request_t));
  674. }
  675. /**
  676. * Parse the URL and relevant headers of <b>args</b> for a current-consensus
  677. * request to learn what flavor of consensus we want, what keys it must be
  678. * signed with, and what diffs we would accept (or demand) instead. Return 0
  679. * on success and -1 on failure.
  680. */
  681. static int
  682. parse_consensus_request(parsed_consensus_request_t *out,
  683. const get_handler_args_t *args)
  684. {
  685. const char *url = args->url;
  686. memset(out, 0, sizeof(parsed_consensus_request_t));
  687. out->flav = FLAV_NS;
  688. const char CONSENSUS_URL_PREFIX[] = "/tor/status-vote/current/consensus/";
  689. const char CONSENSUS_FLAVORED_PREFIX[] =
  690. "/tor/status-vote/current/consensus-";
  691. /* figure out the flavor if any, and who we wanted to sign the thing */
  692. const char *after_flavor = NULL;
  693. if (!strcmpstart(url, CONSENSUS_FLAVORED_PREFIX)) {
  694. const char *f, *cp;
  695. f = url + strlen(CONSENSUS_FLAVORED_PREFIX);
  696. cp = strchr(f, '/');
  697. if (cp) {
  698. after_flavor = cp+1;
  699. out->flavor = tor_strndup(f, cp-f);
  700. } else {
  701. out->flavor = tor_strdup(f);
  702. }
  703. int flav = networkstatus_parse_flavor_name(out->flavor);
  704. if (flav < 0)
  705. flav = FLAV_NS;
  706. out->flav = flav;
  707. } else {
  708. if (!strcmpstart(url, CONSENSUS_URL_PREFIX))
  709. after_flavor = url+strlen(CONSENSUS_URL_PREFIX);
  710. }
  711. /* see whether we've been asked explicitly for a diff from an older
  712. * consensus. (The user might also have said that a diff would be okay,
  713. * via X-Or-Diff-From-Consensus */
  714. const char DIFF_COMPONENT[] = "diff/";
  715. char *diff_hash_in_url = NULL;
  716. if (after_flavor && !strcmpstart(after_flavor, DIFF_COMPONENT)) {
  717. after_flavor += strlen(DIFF_COMPONENT);
  718. const char *cp = strchr(after_flavor, '/');
  719. if (cp) {
  720. diff_hash_in_url = tor_strndup(after_flavor, cp-after_flavor);
  721. out->want_fps = cp+1;
  722. } else {
  723. diff_hash_in_url = tor_strdup(after_flavor);
  724. out->want_fps = NULL;
  725. }
  726. } else {
  727. out->want_fps = after_flavor;
  728. }
  729. if (diff_hash_in_url) {
  730. uint8_t diff_from[DIGEST256_LEN];
  731. out->diff_from_digests = smartlist_new();
  732. out->diff_only = 1;
  733. int ok = !parse_one_diff_hash(diff_from, diff_hash_in_url, "URL",
  734. "rejecting");
  735. tor_free(diff_hash_in_url);
  736. if (ok) {
  737. smartlist_add(out->diff_from_digests,
  738. tor_memdup(diff_from, DIGEST256_LEN));
  739. } else {
  740. return -1;
  741. }
  742. } else {
  743. parse_or_diff_from_header(&out->diff_from_digests, args->headers);
  744. }
  745. return 0;
  746. }
  747. /** Helper function for GET /tor/status-vote/current/consensus
  748. */
  749. static int
  750. handle_get_current_consensus(dir_connection_t *conn,
  751. const get_handler_args_t *args)
  752. {
  753. const compress_method_t compress_method =
  754. find_best_compression_method(args->compression_supported, 0);
  755. const time_t if_modified_since = args->if_modified_since;
  756. int clear_spool = 0;
  757. /* v3 network status fetch. */
  758. long lifetime = NETWORKSTATUS_CACHE_LIFETIME;
  759. time_t now = time(NULL);
  760. parsed_consensus_request_t req;
  761. if (parse_consensus_request(&req, args) < 0) {
  762. write_short_http_response(conn, 404, "Couldn't parse request");
  763. goto done;
  764. }
  765. if (digest_list_contains_best_consensus(req.flav,
  766. req.diff_from_digests)) {
  767. write_short_http_response(conn, 304, "Not modified");
  768. geoip_note_ns_response(GEOIP_REJECT_NOT_MODIFIED);
  769. goto done;
  770. }
  771. struct consensus_cache_entry_t *cached_consensus = NULL;
  772. compress_method_t compression_used = NO_METHOD;
  773. if (req.diff_from_digests) {
  774. cached_consensus = find_best_diff(req.diff_from_digests, req.flav,
  775. args->compression_supported,
  776. &compression_used);
  777. }
  778. if (req.diff_only && !cached_consensus) {
  779. write_short_http_response(conn, 404, "No such diff available");
  780. geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND);
  781. goto done;
  782. }
  783. if (! cached_consensus) {
  784. cached_consensus = find_best_consensus(req.flav,
  785. args->compression_supported,
  786. &compression_used);
  787. }
  788. time_t valid_after, fresh_until, valid_until;
  789. int have_valid_after = 0, have_fresh_until = 0, have_valid_until = 0;
  790. if (cached_consensus) {
  791. have_valid_after =
  792. !consensus_cache_entry_get_valid_after(cached_consensus, &valid_after);
  793. have_fresh_until =
  794. !consensus_cache_entry_get_fresh_until(cached_consensus, &fresh_until);
  795. have_valid_until =
  796. !consensus_cache_entry_get_valid_until(cached_consensus, &valid_until);
  797. }
  798. if (cached_consensus && have_valid_after &&
  799. !networkstatus_valid_after_is_reasonably_live(valid_after, now)) {
  800. write_short_http_response(conn, 404, "Consensus is too new");
  801. warn_consensus_is_not_reasonably_live(cached_consensus, req.flavor, now,
  802. 1);
  803. geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND);
  804. goto done;
  805. } else if (
  806. cached_consensus && have_valid_until &&
  807. !networkstatus_valid_until_is_reasonably_live(valid_until, now)) {
  808. write_short_http_response(conn, 404, "Consensus is too old");
  809. warn_consensus_is_not_reasonably_live(cached_consensus, req.flavor, now,
  810. 0);
  811. geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND);
  812. goto done;
  813. }
  814. if (cached_consensus && req.want_fps &&
  815. !client_likes_consensus(cached_consensus, req.want_fps)) {
  816. write_short_http_response(conn, 404, "Consensus not signed by sufficient "
  817. "number of requested authorities");
  818. geoip_note_ns_response(GEOIP_REJECT_NOT_ENOUGH_SIGS);
  819. goto done;
  820. }
  821. conn->spool = smartlist_new();
  822. clear_spool = 1;
  823. {
  824. spooled_resource_t *spooled;
  825. if (cached_consensus) {
  826. spooled = spooled_resource_new_from_cache_entry(cached_consensus);
  827. smartlist_add(conn->spool, spooled);
  828. }
  829. }
  830. lifetime = (have_fresh_until && fresh_until > now) ? fresh_until - now : 0;
  831. size_t size_guess = 0;
  832. int n_expired = 0;
  833. dirserv_spool_remove_missing_and_guess_size(conn, if_modified_since,
  834. compress_method != NO_METHOD,
  835. &size_guess,
  836. &n_expired);
  837. if (!smartlist_len(conn->spool) && !n_expired) {
  838. write_short_http_response(conn, 404, "Not found");
  839. geoip_note_ns_response(GEOIP_REJECT_NOT_FOUND);
  840. goto done;
  841. } else if (!smartlist_len(conn->spool)) {
  842. write_short_http_response(conn, 304, "Not modified");
  843. geoip_note_ns_response(GEOIP_REJECT_NOT_MODIFIED);
  844. goto done;
  845. }
  846. if (global_write_bucket_low(TO_CONN(conn), size_guess, 2)) {
  847. log_debug(LD_DIRSERV,
  848. "Client asked for network status lists, but we've been "
  849. "writing too many bytes lately. Sending 503 Dir busy.");
  850. write_short_http_response(conn, 503, "Directory busy, try again later");
  851. geoip_note_ns_response(GEOIP_REJECT_BUSY);
  852. goto done;
  853. }
  854. tor_addr_t addr;
  855. if (tor_addr_parse(&addr, (TO_CONN(conn))->address) >= 0) {
  856. geoip_note_client_seen(GEOIP_CLIENT_NETWORKSTATUS,
  857. &addr, NULL,
  858. time(NULL));
  859. geoip_note_ns_response(GEOIP_SUCCESS);
  860. /* Note that a request for a network status has started, so that we
  861. * can measure the download time later on. */
  862. if (conn->dirreq_id)
  863. geoip_start_dirreq(conn->dirreq_id, size_guess, DIRREQ_TUNNELED);
  864. else
  865. geoip_start_dirreq(TO_CONN(conn)->global_identifier, size_guess,
  866. DIRREQ_DIRECT);
  867. }
  868. /* Use this header to tell caches that the response depends on the
  869. * X-Or-Diff-From-Consensus header (or lack thereof). */
  870. const char vary_header[] = "Vary: X-Or-Diff-From-Consensus\r\n";
  871. clear_spool = 0;
  872. // The compress_method might have been NO_METHOD, but we store the data
  873. // compressed. Decompress them using `compression_used`. See fallback code in
  874. // find_best_consensus() and find_best_diff().
  875. write_http_response_headers(conn, -1,
  876. compress_method == NO_METHOD ?
  877. NO_METHOD : compression_used,
  878. vary_header,
  879. smartlist_len(conn->spool) == 1 ? lifetime : 0);
  880. if (compress_method == NO_METHOD && smartlist_len(conn->spool))
  881. conn->compress_state = tor_compress_new(0, compression_used,
  882. HIGH_COMPRESSION);
  883. /* Prime the connection with some data. */
  884. const int initial_flush_result = connection_dirserv_flushed_some(conn);
  885. tor_assert_nonfatal(initial_flush_result == 0);
  886. goto done;
  887. done:
  888. parsed_consensus_request_clear(&req);
  889. if (clear_spool) {
  890. dir_conn_clear_spool(conn);
  891. }
  892. return 0;
  893. }
  894. /** Helper function for GET /tor/status-vote/{current,next}/...
  895. */
  896. static int
  897. handle_get_status_vote(dir_connection_t *conn, const get_handler_args_t *args)
  898. {
  899. const char *url = args->url;
  900. {
  901. ssize_t body_len = 0;
  902. ssize_t estimated_len = 0;
  903. int lifetime = 60; /* XXXX?? should actually use vote intervals. */
  904. /* This smartlist holds strings that we can compress on the fly. */
  905. smartlist_t *items = smartlist_new();
  906. /* This smartlist holds cached_dir_t objects that have a precompressed
  907. * deflated version. */
  908. smartlist_t *dir_items = smartlist_new();
  909. dirvote_dirreq_get_status_vote(url, items, dir_items);
  910. if (!smartlist_len(dir_items) && !smartlist_len(items)) {
  911. write_short_http_response(conn, 404, "Not found");
  912. goto vote_done;
  913. }
  914. /* We're sending items from at most one kind of source */
  915. tor_assert_nonfatal(smartlist_len(items) == 0 ||
  916. smartlist_len(dir_items) == 0);
  917. int streaming;
  918. unsigned mask;
  919. if (smartlist_len(items)) {
  920. /* We're taking strings and compressing them on the fly. */
  921. streaming = 1;
  922. mask = ~0u;
  923. } else {
  924. /* We're taking cached_dir_t objects. We only have them uncompressed
  925. * or deflated. */
  926. streaming = 0;
  927. mask = (1u<<NO_METHOD) | (1u<<ZLIB_METHOD);
  928. }
  929. const compress_method_t compress_method = find_best_compression_method(
  930. args->compression_supported&mask, streaming);
  931. SMARTLIST_FOREACH(dir_items, cached_dir_t *, d,
  932. body_len += compress_method != NO_METHOD ?
  933. d->dir_compressed_len : d->dir_len);
  934. estimated_len += body_len;
  935. SMARTLIST_FOREACH(items, const char *, item, {
  936. size_t ln = strlen(item);
  937. if (compress_method != NO_METHOD) {
  938. estimated_len += ln/2;
  939. } else {
  940. body_len += ln; estimated_len += ln;
  941. }
  942. });
  943. if (global_write_bucket_low(TO_CONN(conn), estimated_len, 2)) {
  944. write_short_http_response(conn, 503, "Directory busy, try again later");
  945. goto vote_done;
  946. }
  947. write_http_response_header(conn, body_len ? body_len : -1,
  948. compress_method,
  949. lifetime);
  950. if (smartlist_len(items)) {
  951. if (compress_method != NO_METHOD) {
  952. conn->compress_state = tor_compress_new(1, compress_method,
  953. choose_compression_level(estimated_len));
  954. }
  955. SMARTLIST_FOREACH(items, const char *, c,
  956. connection_dir_buf_add(c, strlen(c), conn,
  957. c_sl_idx == c_sl_len - 1));
  958. } else {
  959. SMARTLIST_FOREACH(dir_items, cached_dir_t *, d,
  960. connection_buf_add(compress_method != NO_METHOD ?
  961. d->dir_compressed : d->dir,
  962. compress_method != NO_METHOD ?
  963. d->dir_compressed_len : d->dir_len,
  964. TO_CONN(conn)));
  965. }
  966. vote_done:
  967. smartlist_free(items);
  968. smartlist_free(dir_items);
  969. goto done;
  970. }
  971. done:
  972. return 0;
  973. }
  974. /** Helper function for GET /tor/micro/d/...
  975. */
  976. static int
  977. handle_get_microdesc(dir_connection_t *conn, const get_handler_args_t *args)
  978. {
  979. const char *url = args->url;
  980. const compress_method_t compress_method =
  981. find_best_compression_method(args->compression_supported, 1);
  982. int clear_spool = 1;
  983. {
  984. conn->spool = smartlist_new();
  985. dir_split_resource_into_spoolable(url+strlen("/tor/micro/d/"),
  986. DIR_SPOOL_MICRODESC,
  987. conn->spool, NULL,
  988. DSR_DIGEST256|DSR_BASE64|DSR_SORT_UNIQ);
  989. size_t size_guess = 0;
  990. dirserv_spool_remove_missing_and_guess_size(conn, 0,
  991. compress_method != NO_METHOD,
  992. &size_guess, NULL);
  993. if (smartlist_len(conn->spool) == 0) {
  994. write_short_http_response(conn, 404, "Not found");
  995. goto done;
  996. }
  997. if (global_write_bucket_low(TO_CONN(conn), size_guess, 2)) {
  998. log_info(LD_DIRSERV,
  999. "Client asked for server descriptors, but we've been "
  1000. "writing too many bytes lately. Sending 503 Dir busy.");
  1001. write_short_http_response(conn, 503, "Directory busy, try again later");
  1002. goto done;
  1003. }
  1004. clear_spool = 0;
  1005. write_http_response_header(conn, -1,
  1006. compress_method,
  1007. MICRODESC_CACHE_LIFETIME);
  1008. if (compress_method != NO_METHOD)
  1009. conn->compress_state = tor_compress_new(1, compress_method,
  1010. choose_compression_level(size_guess));
  1011. const int initial_flush_result = connection_dirserv_flushed_some(conn);
  1012. tor_assert_nonfatal(initial_flush_result == 0);
  1013. goto done;
  1014. }
  1015. done:
  1016. if (clear_spool) {
  1017. dir_conn_clear_spool(conn);
  1018. }
  1019. return 0;
  1020. }
  1021. /** Helper function for GET /tor/{server,extra}/...
  1022. */
  1023. static int
  1024. handle_get_descriptor(dir_connection_t *conn, const get_handler_args_t *args)
  1025. {
  1026. const char *url = args->url;
  1027. const compress_method_t compress_method =
  1028. find_best_compression_method(args->compression_supported, 1);
  1029. const or_options_t *options = get_options();
  1030. int clear_spool = 1;
  1031. if (!strcmpstart(url,"/tor/server/") ||
  1032. (!options->BridgeAuthoritativeDir &&
  1033. !options->BridgeRelay && !strcmpstart(url,"/tor/extra/"))) {
  1034. int res;
  1035. const char *msg = NULL;
  1036. int cache_lifetime = 0;
  1037. int is_extra = !strcmpstart(url,"/tor/extra/");
  1038. url += is_extra ? strlen("/tor/extra/") : strlen("/tor/server/");
  1039. dir_spool_source_t source;
  1040. time_t publish_cutoff = 0;
  1041. if (!strcmpstart(url, "d/")) {
  1042. source =
  1043. is_extra ? DIR_SPOOL_EXTRA_BY_DIGEST : DIR_SPOOL_SERVER_BY_DIGEST;
  1044. } else {
  1045. source =
  1046. is_extra ? DIR_SPOOL_EXTRA_BY_FP : DIR_SPOOL_SERVER_BY_FP;
  1047. /* We only want to apply a publish cutoff when we're requesting
  1048. * resources by fingerprint. */
  1049. publish_cutoff = time(NULL) - ROUTER_MAX_AGE_TO_PUBLISH;
  1050. }
  1051. conn->spool = smartlist_new();
  1052. res = dirserv_get_routerdesc_spool(conn->spool, url,
  1053. source,
  1054. connection_dir_is_encrypted(conn),
  1055. &msg);
  1056. if (!strcmpstart(url, "all")) {
  1057. cache_lifetime = FULL_DIR_CACHE_LIFETIME;
  1058. } else if (smartlist_len(conn->spool) == 1) {
  1059. cache_lifetime = ROUTERDESC_BY_DIGEST_CACHE_LIFETIME;
  1060. }
  1061. size_t size_guess = 0;
  1062. int n_expired = 0;
  1063. dirserv_spool_remove_missing_and_guess_size(conn, publish_cutoff,
  1064. compress_method != NO_METHOD,
  1065. &size_guess, &n_expired);
  1066. /* If we are the bridge authority and the descriptor is a bridge
  1067. * descriptor, remember that we served this descriptor for desc stats. */
  1068. /* XXXX it's a bit of a kludge to have this here. */
  1069. if (get_options()->BridgeAuthoritativeDir &&
  1070. source == DIR_SPOOL_SERVER_BY_FP) {
  1071. SMARTLIST_FOREACH_BEGIN(conn->spool, spooled_resource_t *, spooled) {
  1072. const routerinfo_t *router =
  1073. router_get_by_id_digest((const char *)spooled->digest);
  1074. /* router can be NULL here when the bridge auth is asked for its own
  1075. * descriptor. */
  1076. if (router && router->purpose == ROUTER_PURPOSE_BRIDGE)
  1077. rep_hist_note_desc_served(router->cache_info.identity_digest);
  1078. } SMARTLIST_FOREACH_END(spooled);
  1079. }
  1080. if (res < 0 || size_guess == 0 || smartlist_len(conn->spool) == 0) {
  1081. if (msg == NULL)
  1082. msg = "Not found";
  1083. write_short_http_response(conn, 404, msg);
  1084. } else {
  1085. if (global_write_bucket_low(TO_CONN(conn), size_guess, 2)) {
  1086. log_info(LD_DIRSERV,
  1087. "Client asked for server descriptors, but we've been "
  1088. "writing too many bytes lately. Sending 503 Dir busy.");
  1089. write_short_http_response(conn, 503,
  1090. "Directory busy, try again later");
  1091. dir_conn_clear_spool(conn);
  1092. goto done;
  1093. }
  1094. write_http_response_header(conn, -1, compress_method, cache_lifetime);
  1095. if (compress_method != NO_METHOD)
  1096. conn->compress_state = tor_compress_new(1, compress_method,
  1097. choose_compression_level(size_guess));
  1098. clear_spool = 0;
  1099. /* Prime the connection with some data. */
  1100. int initial_flush_result = connection_dirserv_flushed_some(conn);
  1101. tor_assert_nonfatal(initial_flush_result == 0);
  1102. }
  1103. goto done;
  1104. }
  1105. done:
  1106. if (clear_spool)
  1107. dir_conn_clear_spool(conn);
  1108. return 0;
  1109. }
  1110. /** Helper function for GET /tor/keys/...
  1111. */
  1112. static int
  1113. handle_get_keys(dir_connection_t *conn, const get_handler_args_t *args)
  1114. {
  1115. const char *url = args->url;
  1116. const compress_method_t compress_method =
  1117. find_best_compression_method(args->compression_supported, 1);
  1118. const time_t if_modified_since = args->if_modified_since;
  1119. {
  1120. smartlist_t *certs = smartlist_new();
  1121. ssize_t len = -1;
  1122. if (!strcmp(url, "/tor/keys/all")) {
  1123. authority_cert_get_all(certs);
  1124. } else if (!strcmp(url, "/tor/keys/authority")) {
  1125. authority_cert_t *cert = get_my_v3_authority_cert();
  1126. if (cert)
  1127. smartlist_add(certs, cert);
  1128. } else if (!strcmpstart(url, "/tor/keys/fp/")) {
  1129. smartlist_t *fps = smartlist_new();
  1130. dir_split_resource_into_fingerprints(url+strlen("/tor/keys/fp/"),
  1131. fps, NULL,
  1132. DSR_HEX|DSR_SORT_UNIQ);
  1133. SMARTLIST_FOREACH(fps, char *, d, {
  1134. authority_cert_t *c = authority_cert_get_newest_by_id(d);
  1135. if (c) smartlist_add(certs, c);
  1136. tor_free(d);
  1137. });
  1138. smartlist_free(fps);
  1139. } else if (!strcmpstart(url, "/tor/keys/sk/")) {
  1140. smartlist_t *fps = smartlist_new();
  1141. dir_split_resource_into_fingerprints(url+strlen("/tor/keys/sk/"),
  1142. fps, NULL,
  1143. DSR_HEX|DSR_SORT_UNIQ);
  1144. SMARTLIST_FOREACH(fps, char *, d, {
  1145. authority_cert_t *c = authority_cert_get_by_sk_digest(d);
  1146. if (c) smartlist_add(certs, c);
  1147. tor_free(d);
  1148. });
  1149. smartlist_free(fps);
  1150. } else if (!strcmpstart(url, "/tor/keys/fp-sk/")) {
  1151. smartlist_t *fp_sks = smartlist_new();
  1152. dir_split_resource_into_fingerprint_pairs(url+strlen("/tor/keys/fp-sk/"),
  1153. fp_sks);
  1154. SMARTLIST_FOREACH(fp_sks, fp_pair_t *, pair, {
  1155. authority_cert_t *c = authority_cert_get_by_digests(pair->first,
  1156. pair->second);
  1157. if (c) smartlist_add(certs, c);
  1158. tor_free(pair);
  1159. });
  1160. smartlist_free(fp_sks);
  1161. } else {
  1162. write_short_http_response(conn, 400, "Bad request");
  1163. goto keys_done;
  1164. }
  1165. if (!smartlist_len(certs)) {
  1166. write_short_http_response(conn, 404, "Not found");
  1167. goto keys_done;
  1168. }
  1169. SMARTLIST_FOREACH(certs, authority_cert_t *, c,
  1170. if (c->cache_info.published_on < if_modified_since)
  1171. SMARTLIST_DEL_CURRENT(certs, c));
  1172. if (!smartlist_len(certs)) {
  1173. write_short_http_response(conn, 304, "Not modified");
  1174. goto keys_done;
  1175. }
  1176. len = 0;
  1177. SMARTLIST_FOREACH(certs, authority_cert_t *, c,
  1178. len += c->cache_info.signed_descriptor_len);
  1179. if (global_write_bucket_low(TO_CONN(conn),
  1180. compress_method != NO_METHOD ? len/2 : len,
  1181. 2)) {
  1182. write_short_http_response(conn, 503, "Directory busy, try again later");
  1183. goto keys_done;
  1184. }
  1185. write_http_response_header(conn,
  1186. compress_method != NO_METHOD ? -1 : len,
  1187. compress_method,
  1188. 60*60);
  1189. if (compress_method != NO_METHOD) {
  1190. conn->compress_state = tor_compress_new(1, compress_method,
  1191. choose_compression_level(len));
  1192. }
  1193. SMARTLIST_FOREACH(certs, authority_cert_t *, c,
  1194. connection_dir_buf_add(c->cache_info.signed_descriptor_body,
  1195. c->cache_info.signed_descriptor_len,
  1196. conn, c_sl_idx == c_sl_len - 1));
  1197. keys_done:
  1198. smartlist_free(certs);
  1199. goto done;
  1200. }
  1201. done:
  1202. return 0;
  1203. }
  1204. /** Helper function for GET /tor/rendezvous2/
  1205. */
  1206. static int
  1207. handle_get_hs_descriptor_v2(dir_connection_t *conn,
  1208. const get_handler_args_t *args)
  1209. {
  1210. const char *url = args->url;
  1211. if (connection_dir_is_encrypted(conn)) {
  1212. /* Handle v2 rendezvous descriptor fetch request. */
  1213. const char *descp;
  1214. const char *query = url + strlen("/tor/rendezvous2/");
  1215. if (rend_valid_descriptor_id(query)) {
  1216. log_info(LD_REND, "Got a v2 rendezvous descriptor request for ID '%s'",
  1217. safe_str(escaped(query)));
  1218. switch (rend_cache_lookup_v2_desc_as_dir(query, &descp)) {
  1219. case 1: /* valid */
  1220. write_http_response_header(conn, strlen(descp), NO_METHOD, 0);
  1221. connection_buf_add(descp, strlen(descp), TO_CONN(conn));
  1222. break;
  1223. case 0: /* well-formed but not present */
  1224. write_short_http_response(conn, 404, "Not found");
  1225. break;
  1226. case -1: /* not well-formed */
  1227. write_short_http_response(conn, 400, "Bad request");
  1228. break;
  1229. }
  1230. } else { /* not well-formed */
  1231. write_short_http_response(conn, 400, "Bad request");
  1232. }
  1233. goto done;
  1234. } else {
  1235. /* Not encrypted! */
  1236. write_short_http_response(conn, 404, "Not found");
  1237. }
  1238. done:
  1239. return 0;
  1240. }
  1241. /** Helper function for GET /tor/hs/3/<z>. Only for version 3.
  1242. */
  1243. STATIC int
  1244. handle_get_hs_descriptor_v3(dir_connection_t *conn,
  1245. const get_handler_args_t *args)
  1246. {
  1247. int retval;
  1248. const char *desc_str = NULL;
  1249. const char *pubkey_str = NULL;
  1250. const char *url = args->url;
  1251. /* Reject unencrypted dir connections */
  1252. if (!connection_dir_is_encrypted(conn)) {
  1253. write_short_http_response(conn, 404, "Not found");
  1254. goto done;
  1255. }
  1256. /* After the path prefix follows the base64 encoded blinded pubkey which we
  1257. * use to get the descriptor from the cache. Skip the prefix and get the
  1258. * pubkey. */
  1259. tor_assert(!strcmpstart(url, "/tor/hs/3/"));
  1260. pubkey_str = url + strlen("/tor/hs/3/");
  1261. retval = hs_cache_lookup_as_dir(HS_VERSION_THREE,
  1262. pubkey_str, &desc_str);
  1263. if (retval <= 0 || desc_str == NULL) {
  1264. write_short_http_response(conn, 404, "Not found");
  1265. goto done;
  1266. }
  1267. /* Found requested descriptor! Pass it to this nice client. */
  1268. write_http_response_header(conn, strlen(desc_str), NO_METHOD, 0);
  1269. connection_buf_add(desc_str, strlen(desc_str), TO_CONN(conn));
  1270. done:
  1271. return 0;
  1272. }
  1273. /** Helper function for GET /tor/networkstatus-bridges
  1274. */
  1275. static int
  1276. handle_get_networkstatus_bridges(dir_connection_t *conn,
  1277. const get_handler_args_t *args)
  1278. {
  1279. const char *headers = args->headers;
  1280. const or_options_t *options = get_options();
  1281. if (options->BridgeAuthoritativeDir &&
  1282. options->BridgePassword_AuthDigest_ &&
  1283. connection_dir_is_encrypted(conn)) {
  1284. char *status;
  1285. char digest[DIGEST256_LEN];
  1286. char *header = http_get_header(headers, "Authorization: Basic ");
  1287. if (header)
  1288. crypto_digest256(digest, header, strlen(header), DIGEST_SHA256);
  1289. /* now make sure the password is there and right */
  1290. if (!header ||
  1291. tor_memneq(digest,
  1292. options->BridgePassword_AuthDigest_, DIGEST256_LEN)) {
  1293. write_short_http_response(conn, 404, "Not found");
  1294. tor_free(header);
  1295. goto done;
  1296. }
  1297. tor_free(header);
  1298. /* all happy now. send an answer. */
  1299. status = networkstatus_getinfo_by_purpose("bridge", time(NULL));
  1300. size_t dlen = strlen(status);
  1301. write_http_response_header(conn, dlen, NO_METHOD, 0);
  1302. connection_buf_add(status, dlen, TO_CONN(conn));
  1303. tor_free(status);
  1304. goto done;
  1305. }
  1306. done:
  1307. return 0;
  1308. }
  1309. /** Helper function for GET robots.txt or /tor/robots.txt */
  1310. static int
  1311. handle_get_robots(dir_connection_t *conn, const get_handler_args_t *args)
  1312. {
  1313. (void)args;
  1314. {
  1315. const char robots[] = "User-agent: *\r\nDisallow: /\r\n";
  1316. size_t len = strlen(robots);
  1317. write_http_response_header(conn, len, NO_METHOD, ROBOTS_CACHE_LIFETIME);
  1318. connection_buf_add(robots, len, TO_CONN(conn));
  1319. }
  1320. return 0;
  1321. }
  1322. /* Given the <b>url</b> from a POST request, try to extract the version number
  1323. * using the provided <b>prefix</b>. The version should be after the prefix and
  1324. * ending with the separator "/". For instance:
  1325. * /tor/hs/3/publish
  1326. *
  1327. * On success, <b>end_pos</b> points to the position right after the version
  1328. * was found. On error, it is set to NULL.
  1329. *
  1330. * Return version on success else negative value. */
  1331. STATIC int
  1332. parse_hs_version_from_post(const char *url, const char *prefix,
  1333. const char **end_pos)
  1334. {
  1335. int ok;
  1336. unsigned long version;
  1337. const char *start;
  1338. char *end = NULL;
  1339. tor_assert(url);
  1340. tor_assert(prefix);
  1341. tor_assert(end_pos);
  1342. /* Check if the prefix does start the url. */
  1343. if (strcmpstart(url, prefix)) {
  1344. goto err;
  1345. }
  1346. /* Move pointer to the end of the prefix string. */
  1347. start = url + strlen(prefix);
  1348. /* Try this to be the HS version and if we are still at the separator, next
  1349. * will be move to the right value. */
  1350. version = tor_parse_long(start, 10, 0, INT_MAX, &ok, &end);
  1351. if (!ok) {
  1352. goto err;
  1353. }
  1354. *end_pos = end;
  1355. return (int) version;
  1356. err:
  1357. *end_pos = NULL;
  1358. return -1;
  1359. }
  1360. /* Handle the POST request for a hidden service descripror. The request is in
  1361. * <b>url</b>, the body of the request is in <b>body</b>. Return 200 on success
  1362. * else return 400 indicating a bad request. */
  1363. STATIC int
  1364. handle_post_hs_descriptor(const char *url, const char *body)
  1365. {
  1366. int version;
  1367. const char *end_pos;
  1368. tor_assert(url);
  1369. tor_assert(body);
  1370. version = parse_hs_version_from_post(url, "/tor/hs/", &end_pos);
  1371. if (version < 0) {
  1372. goto err;
  1373. }
  1374. /* We have a valid version number, now make sure it's a publish request. Use
  1375. * the end position just after the version and check for the command. */
  1376. if (strcmpstart(end_pos, "/publish")) {
  1377. goto err;
  1378. }
  1379. switch (version) {
  1380. case HS_VERSION_THREE:
  1381. if (hs_cache_store_as_dir(body) < 0) {
  1382. goto err;
  1383. }
  1384. log_info(LD_REND, "Publish request for HS descriptor handled "
  1385. "successfully.");
  1386. break;
  1387. default:
  1388. /* Unsupported version, return a bad request. */
  1389. goto err;
  1390. }
  1391. return 200;
  1392. err:
  1393. /* Bad request. */
  1394. return 400;
  1395. }
  1396. /** Helper function: called when a dirserver gets a complete HTTP POST
  1397. * request. Look for an uploaded server descriptor or rendezvous
  1398. * service descriptor. On finding one, process it and write a
  1399. * response into conn-\>outbuf. If the request is unrecognized, send a
  1400. * 400. Always return 0. */
  1401. MOCK_IMPL(STATIC int,
  1402. directory_handle_command_post,(dir_connection_t *conn, const char *headers,
  1403. const char *body, size_t body_len))
  1404. {
  1405. char *url = NULL;
  1406. const or_options_t *options = get_options();
  1407. log_debug(LD_DIRSERV,"Received POST command.");
  1408. conn->base_.state = DIR_CONN_STATE_SERVER_WRITING;
  1409. if (!public_server_mode(options)) {
  1410. log_info(LD_DIR, "Rejected dir post request from %s "
  1411. "since we're not a public relay.", conn->base_.address);
  1412. write_short_http_response(conn, 503, "Not acting as a public relay");
  1413. goto done;
  1414. }
  1415. if (parse_http_url(headers, &url) < 0) {
  1416. write_short_http_response(conn, 400, "Bad request");
  1417. return 0;
  1418. }
  1419. log_debug(LD_DIRSERV,"rewritten url as '%s'.", escaped(url));
  1420. /* Handle v2 rendezvous service publish request. */
  1421. if (connection_dir_is_encrypted(conn) &&
  1422. !strcmpstart(url,"/tor/rendezvous2/publish")) {
  1423. if (rend_cache_store_v2_desc_as_dir(body) < 0) {
  1424. log_warn(LD_REND, "Rejected v2 rend descriptor (body size %d) from %s.",
  1425. (int)body_len, conn->base_.address);
  1426. write_short_http_response(conn, 400,
  1427. "Invalid v2 service descriptor rejected");
  1428. } else {
  1429. write_short_http_response(conn, 200, "Service descriptor (v2) stored");
  1430. log_info(LD_REND, "Handled v2 rendezvous descriptor post: accepted");
  1431. }
  1432. goto done;
  1433. }
  1434. /* Handle HS descriptor publish request. */
  1435. /* XXX: This should be disabled with a consensus param until we want to
  1436. * the prop224 be deployed and thus use. */
  1437. if (connection_dir_is_encrypted(conn) && !strcmpstart(url, "/tor/hs/")) {
  1438. const char *msg = "HS descriptor stored successfully.";
  1439. /* We most probably have a publish request for an HS descriptor. */
  1440. int code = handle_post_hs_descriptor(url, body);
  1441. if (code != 200) {
  1442. msg = "Invalid HS descriptor. Rejected.";
  1443. }
  1444. write_short_http_response(conn, code, msg);
  1445. goto done;
  1446. }
  1447. if (!authdir_mode(options)) {
  1448. /* we just provide cached directories; we don't want to
  1449. * receive anything. */
  1450. write_short_http_response(conn, 400, "Nonauthoritative directory does not "
  1451. "accept posted server descriptors");
  1452. goto done;
  1453. }
  1454. if (authdir_mode(options) &&
  1455. !strcmp(url,"/tor/")) { /* server descriptor post */
  1456. const char *msg = "[None]";
  1457. uint8_t purpose = authdir_mode_bridge(options) ?
  1458. ROUTER_PURPOSE_BRIDGE : ROUTER_PURPOSE_GENERAL;
  1459. was_router_added_t r = dirserv_add_multiple_descriptors(body, body_len,
  1460. purpose, conn->base_.address, &msg);
  1461. tor_assert(msg);
  1462. if (r == ROUTER_ADDED_SUCCESSFULLY) {
  1463. write_short_http_response(conn, 200, msg);
  1464. } else if (WRA_WAS_OUTDATED(r)) {
  1465. write_http_response_header_impl(conn, -1, NULL, NULL,
  1466. "X-Descriptor-Not-New: Yes\r\n", -1);
  1467. } else {
  1468. log_info(LD_DIRSERV,
  1469. "Rejected router descriptor or extra-info from %s "
  1470. "(\"%s\").",
  1471. conn->base_.address, msg);
  1472. write_short_http_response(conn, 400, msg);
  1473. }
  1474. goto done;
  1475. }
  1476. if (authdir_mode_v3(options) &&
  1477. !strcmp(url,"/tor/post/vote")) { /* v3 networkstatus vote */
  1478. const char *msg = "OK";
  1479. int status;
  1480. if (dirvote_add_vote(body, &msg, &status)) {
  1481. write_short_http_response(conn, status, "Vote stored");
  1482. } else {
  1483. tor_assert(msg);
  1484. log_warn(LD_DIRSERV, "Rejected vote from %s (\"%s\").",
  1485. conn->base_.address, msg);
  1486. write_short_http_response(conn, status, msg);
  1487. }
  1488. goto done;
  1489. }
  1490. if (authdir_mode_v3(options) &&
  1491. !strcmp(url,"/tor/post/consensus-signature")) { /* sigs on consensus. */
  1492. const char *msg = NULL;
  1493. if (dirvote_add_signatures(body, conn->base_.address, &msg)>=0) {
  1494. write_short_http_response(conn, 200, msg?msg:"Signatures stored");
  1495. } else {
  1496. log_warn(LD_DIR, "Unable to store signatures posted by %s: %s",
  1497. conn->base_.address, msg?msg:"???");
  1498. write_short_http_response(conn, 400,
  1499. msg?msg:"Unable to store signatures");
  1500. }
  1501. goto done;
  1502. }
  1503. /* we didn't recognize the url */
  1504. write_short_http_response(conn, 404, "Not found");
  1505. done:
  1506. tor_free(url);
  1507. return 0;
  1508. }
  1509. /** If <b>headers</b> indicates that a proxy was involved, then rewrite
  1510. * <b>conn</b>-\>address to describe our best guess of the address that
  1511. * originated this HTTP request. */
  1512. static void
  1513. http_set_address_origin(const char *headers, connection_t *conn)
  1514. {
  1515. char *fwd;
  1516. fwd = http_get_header(headers, "Forwarded-For: ");
  1517. if (!fwd)
  1518. fwd = http_get_header(headers, "X-Forwarded-For: ");
  1519. if (fwd) {
  1520. tor_addr_t toraddr;
  1521. if (tor_addr_parse(&toraddr,fwd) == -1 ||
  1522. tor_addr_is_internal(&toraddr,0)) {
  1523. log_debug(LD_DIR, "Ignoring local/internal IP %s", escaped(fwd));
  1524. tor_free(fwd);
  1525. return;
  1526. }
  1527. tor_free(conn->address);
  1528. conn->address = tor_strdup(fwd);
  1529. tor_free(fwd);
  1530. }
  1531. }
  1532. /** Called when a dirserver receives data on a directory connection;
  1533. * looks for an HTTP request. If the request is complete, remove it
  1534. * from the inbuf, try to process it; otherwise, leave it on the
  1535. * buffer. Return a 0 on success, or -1 on error.
  1536. */
  1537. int
  1538. directory_handle_command(dir_connection_t *conn)
  1539. {
  1540. char *headers=NULL, *body=NULL;
  1541. size_t body_len=0;
  1542. int r;
  1543. tor_assert(conn);
  1544. tor_assert(conn->base_.type == CONN_TYPE_DIR);
  1545. switch (connection_fetch_from_buf_http(TO_CONN(conn),
  1546. &headers, MAX_HEADERS_SIZE,
  1547. &body, &body_len, MAX_DIR_UL_SIZE, 0)) {
  1548. case -1: /* overflow */
  1549. log_warn(LD_DIRSERV,
  1550. "Request too large from address '%s' to DirPort. Closing.",
  1551. safe_str(conn->base_.address));
  1552. return -1;
  1553. case 0:
  1554. log_debug(LD_DIRSERV,"command not all here yet.");
  1555. return 0;
  1556. /* case 1, fall through */
  1557. }
  1558. http_set_address_origin(headers, TO_CONN(conn));
  1559. // we should escape headers here as well,
  1560. // but we can't call escaped() twice, as it uses the same buffer
  1561. //log_debug(LD_DIRSERV,"headers %s, body %s.", headers, escaped(body));
  1562. if (!strncasecmp(headers,"GET",3))
  1563. r = directory_handle_command_get(conn, headers, body, body_len);
  1564. else if (!strncasecmp(headers,"POST",4))
  1565. r = directory_handle_command_post(conn, headers, body, body_len);
  1566. else {
  1567. log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  1568. "Got headers %s with unknown command. Closing.",
  1569. escaped(headers));
  1570. r = -1;
  1571. }
  1572. tor_free(headers); tor_free(body);
  1573. return r;
  1574. }