| blob | 57178cd506e7caa01e9ee65c7c9a5a177ba1e54c |
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2018, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 #define DIRSERV_PRIVATE
30 /**
31 * \file dirserv.c
32 * \brief Directory server core implementation. Manages directory
33 * contents and generates directory documents.
34 *
35 * This module implements most of directory cache functionality, and some of
36 * the directory authority functionality. The directory.c module delegates
37 * here in order to handle incoming requests from clients, via
38 * connection_dirserv_flushed_some() and its kin. In order to save RAM, this
39 * module is responsible for spooling directory objects (in whole or in part)
40 * onto buf_t instances, and then closing the dir_connection_t once the
41 * objects are totally flushed.
42 *
43 * The directory.c module also delegates here for handling descriptor uploads
44 * via dirserv_add_multiple_descriptors().
45 *
46 * Additionally, this module handles some aspects of voting, including:
47 * deciding how to vote on individual flags (based on decisions reached in
48 * rephist.c), of formatting routerstatus lines, and deciding what relays to
49 * include in an authority's vote. (TODO: Those functions could profitably be
50 * split off. They only live in this file because historically they were
51 * shared among the v1, v2, and v3 directory code.)
52 */
69 /********************************************************************/
71 /* A set of functions to answer questions about how we'd like to behave
72 * as a directory mirror/client. */
74 /** Return 1 if we fetch our directory material directly from the
75 * authorities, rather than from a mirror. */
76 int
78 {
99 }
101 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
102 * on the "mirror" schedule rather than the "client" schedule.
103 */
104 int
106 {
108 }
110 /** Return 1 if we should fetch new networkstatuses, descriptors, etc
111 * on a very passive schedule -- waiting long enough for ordinary clients
112 * to probably have the info we want. These would include bridge users,
113 * and maybe others in the future e.g. if a Tor client uses another Tor
114 * client as a directory guard.
115 */
116 int
118 {
120 }
122 /** Return true iff we want to serve certificates for authorities
123 * that we don't acknowledge as authorities ourself.
124 * Use we_want_to_fetch_unknown_auth_certs to check if we want to fetch
125 * and keep these certificates.
126 */
127 int
129 {
131 }
133 /** Return 1 if we want to fetch and serve descriptors, networkstatuses, etc
134 * Else return 0.
135 * Check options->DirPort_set and directory_permits_begindir_requests()
136 * to see if we are willing to serve these directory documents to others via
137 * the DirPort and begindir-over-ORPort, respectively.
138 *
139 * To check if we should fetch documents, use we_want_to_fetch_flavor and
140 * we_want_to_fetch_unknown_auth_certs instead of this function.
141 */
142 int
144 {
149 /* We need an up-to-date view of network info if we're going to try to
150 * block exit attempts from unknown relays. */
153 }
155 /** Return 1 if we want to allow remote clients to ask us directory
156 * requests via the "begin_dir" interface, which doesn't require
157 * having any separate port open. */
158 int
160 {
162 }
164 /** Return 1 if we have no need to fetch new descriptors. This generally
165 * happens when we're not a dir cache and we haven't built any circuits
166 * lately.
167 */
168 int
171 {
175 }
177 /********************************************************************/
179 /** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
180 * currently serving. */
183 /** Decrement the reference count on <b>d</b>, and free it if it no longer has
184 * any references. */
185 void
187 {
192 }
194 /** Allocate and return a new cached_dir_t containing the string <b>s</b>,
195 * published at <b>published</b>. */
196 cached_dir_t *
198 {
207 }
209 }
211 /** Remove all storage held in <b>d</b>, but do not free <b>d</b> itself. */
212 static void
214 {
218 }
220 /** Free all storage held by the cached_dir_t in <b>d</b>. */
221 static void
223 {
230 }
232 /** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
233 * we're serving with <b>networkstatus</b>, published at <b>published</b>. No
234 * validation is performed. */
235 void
241 {
250 DIGEST256_LEN);
252 new_networkstatus);
255 }
257 /** Return the latest downloaded consensus networkstatus in encoded, signed,
258 * optionally compressed format, suitable for sending to clients. */
259 cached_dir_t *
261 {
265 }
267 /** As dirserv_get_routerdescs(), but instead of getting signed_descriptor_t
268 * pointers, adds copies of digests to fps_out, and doesn't use the
269 * /tor/server/ prefix. For a /d/ request, adds descriptor digests; for other
270 * requests, adds identity digests.
271 */
272 int
275 dir_spool_source_t source,
278 {
287 DIGEST_LEN);
288 /* Treat "all" requests as if they were unencrypted */
298 DIGEST_LEN));
310 }
313 /* Remove anything that insists it not be sent unencrypted. */
322 }
324 }
329 }
331 }
333 /** Add a signed_descriptor_t to <b>descs_out</b> for each router matching
334 * <b>key</b>. The key should be either
335 * - "/tor/server/authority" for our own routerinfo;
336 * - "/tor/server/all" for all the routerinfos we have, concatenated;
337 * - "/tor/server/fp/FP" where FP is a plus-separated sequence of
338 * hex identity digests; or
339 * - "/tor/server/d/D" where D is a plus-separated sequence
340 * of server descriptor digests, in hex.
341 *
342 * Return 0 if we found some matching descriptors, or -1 if we do not
343 * have any descriptors, no matching descriptors, or if we did not
344 * recognize the key (URL).
345 * If -1 is returned *<b>msg</b> will be set to an appropriate error
346 * message.
347 *
348 * XXXX rename this function. It's only called from the controller.
349 * XXXX in fact, refactor this function, merging as much as possible.
350 */
351 int
354 {
371 {
375 });
386 /* calling router_get_my_routerinfo() to make sure it exists */
392 /* Don't actually serve a descriptor that everyone will think is
393 * expired. This is an (ugly) workaround to keep buggy 0.1.1.10
394 * Tors from downloading descriptors that they will throw away.
395 */
398 }
405 }
410 }
412 }
414 /* ==========
415 * Spooling code.
416 * ========== */
418 spooled_resource_t *
421 {
439 }
444 }
446 /**
447 * Create a new spooled_resource_t to spool the contents of <b>entry</b> to
448 * the user. Return the spooled object on success, or NULL on failure (which
449 * is probably caused by a failure to map the body of the item from disk).
450 *
451 * Adds a reference to entry's reference counter.
452 */
453 spooled_resource_t *
455 {
470 }
471 }
473 /** Release all storage held by <b>spooled</b>. */
474 void
476 {
482 }
486 }
489 }
491 /** When spooling data from a cached_dir_t object, we always add
492 * at least this much. */
493 #define DIRSERV_CACHED_DIR_CHUNK_SIZE 8192
495 /** Return an compression ratio for compressing objects from <b>source</b>.
496 */
497 static double
499 {
500 /* We should put in better estimates here, depending on the number of
501 objects and their type */
504 }
506 /** Return an estimated number of bytes needed for transmitting the
507 * resource in <b>spooled</b> on <b>conn</b>
508 *
509 * As a convenient side-effect, set *<b>published_out</b> to the resource's
510 * publication time.
511 */
512 static size_t
517 {
524 published_out);
530 }
538 }
541 }
546 published_out);
547 }
550 }
553 }
554 }
556 /** Return code for spooled_resource_flush_some */
560 SRFS_DONE
563 /** Flush some or all of the bytes from <b>spooled</b> onto <b>conn</b>.
564 * Return SRFS_ERR on error, SRFS_MORE if there are more bytes to flush from
565 * this spooled resource, or SRFS_DONE if we are done flushing this spooled
566 * resource.
567 */
568 static spooled_resource_flush_status_t
571 {
573 /* Spool_eagerly resources are sent all-at-once. */
580 /* Absent objects count as "done". */
582 }
587 }
593 /* The cached_dir_t hasn't been materialized yet. So let's look it up. */
597 /* Absent objects count as done. */
599 }
602 }
615 }
616 /* How many bytes left to flush? */
629 }
635 }
636 }
637 }
639 /** Helper: find the cached_dir_t for a spooled_resource_t, for
640 * sending it to <b>conn</b>. Set *<b>published_out</b>, if provided,
641 * to the published time of the cached_dir_t.
642 *
643 * DOES NOT increase the reference count on the result. Callers must do that
644 * themselves if they mean to hang on to it.
645 */
649 {
655 }
657 }
659 /** Helper: Look up the body for an eagerly-served spooled_resource. If
660 * <b>conn_is_encrypted</b> is false, don't look up any resource that
661 * shouldn't be sent over an unencrypted connection. On success, set
662 * <b>body_out</b>, <b>size_out</b>, and <b>published_out</b> to refer
663 * to the resource's body, size, and publication date, and return 0.
664 * On failure return -1. */
665 static int
671 {
680 }
684 }
688 }
692 }
699 }
705 }
709 /* LCOV_EXCL_START */
712 /* LCOV_EXCL_STOP */
713 }
715 /* If we get here, then we tried to set "sd" to a signed_descriptor_t. */
719 }
721 /* we did this check once before (so we could have an accurate size
722 * estimate and maybe send a 404 if somebody asked for only bridges on
723 * a connection), but we need to do it again in case a previously
724 * unknown bridge descriptor has shown up between then and now. */
726 }
732 }
734 /** Given a fingerprint <b>fp</b> which is either set if we're looking for a
735 * v2 status, or zeroes if we're looking for a v3 status, or a NUL-padded
736 * flavor name if we want a flavored v3 status, return a pointer to the
737 * appropriate cached dir object, or NULL if there isn't one available. */
740 {
745 /* this here interface is a nasty hack: we're shoving a flavor into
746 * a digest field. */
748 }
750 }
752 /** Try to guess the number of bytes that will be needed to send the
753 * spooled objects for <b>conn</b>'s outgoing spool. In the process,
754 * remove every element of the spool that refers to an absent object, or
755 * which was published earlier than <b>cutoff</b>. Set *<b>size_out</b>
756 * to the number of bytes, and *<b>n_expired_out</b> to the number of
757 * objects removed for being too old. */
758 void
764 {
775 }
791 }
796 }
799 }
801 /** Helper: used to sort a connection's spool. */
802 static int
804 {
808 }
810 /** Sort all the entries in <b>conn</b> by digest. */
811 void
813 {
817 }
819 /** Return the cache-info for identity fingerprint <b>fp</b>, or
820 * its extra-info document if <b>extrainfo</b> is true. Return
821 * NULL if not found or if the descriptor is older than
822 * <b>publish_cutoff</b>. */
825 {
829 else
837 else
839 }
840 }
842 }
844 /** When we're spooling data onto our outbuf, add more whenever we dip
845 * below this threshold. */
846 #define DIRSERV_BUFFER_MIN 16384
848 /**
849 * Called whenever we have flushed some directory data in state
850 * SERVER_WRITING, or whenever we want to fill the buffer with initial
851 * directory data (so that subsequent writes will occur, and trigger this
852 * function again.)
853 *
854 * Return 0 on success, and -1 on failure.
855 */
856 int
858 {
867 spooled_resource_flush_status_t status;
873 }
876 /* If we're here, we're done flushing this resource. */
879 }
882 /* We're still spooling something. */
884 }
886 /* If we get here, we're done. */
890 /* Flush the compression state: there could be more bytes pending in there,
891 * and we don't want to omit bytes. */
895 }
897 }
899 /** Remove every element from <b>conn</b>'s outgoing spool, and delete
900 * the spool. */
901 void
903 {
910 }
912 /** Release all storage used by the directory server. */
913 void
915 {
918 }