search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
prop289: Move SENDME cell processing in a separate function
[tor.git] / src / feature / rend / rendclient.c
blobf84d221b1a8cc913093b256e7443645e9341f3e3
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2 * Copyright (c) 2007-2019, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4
5 /**
6 * \file rendclient.c
7 * \brief Client code to access location-hidden services.
8 **/
9
10 #include "core/or/or.h"
11 #include "app/config/config.h"
12 #include "core/mainloop/connection.h"
13 #include "core/mainloop/mainloop.h"
14 #include "core/or/circuitbuild.h"
15 #include "core/or/circuitlist.h"
16 #include "core/or/circuituse.h"
17 #include "core/or/connection_edge.h"
18 #include "core/or/relay.h"
19 #include "feature/client/circpathbias.h"
20 #include "feature/control/control_events.h"
21 #include "feature/dirclient/dirclient.h"
22 #include "feature/dircommon/directory.h"
23 #include "feature/hs/hs_circuit.h"
24 #include "feature/hs/hs_client.h"
25 #include "feature/hs/hs_common.h"
26 #include "feature/nodelist/describe.h"
27 #include "feature/nodelist/networkstatus.h"
28 #include "feature/nodelist/nodelist.h"
29 #include "feature/nodelist/routerlist.h"
30 #include "feature/nodelist/routerset.h"
31 #include "feature/rend/rendclient.h"
32 #include "feature/rend/rendcommon.h"
33 #include "feature/stats/rephist.h"
34 #include "lib/crypt_ops/crypto_dh.h"
35 #include "lib/crypt_ops/crypto_rand.h"
36 #include "lib/crypt_ops/crypto_util.h"
37 #include "lib/encoding/confline.h"
38
39 #include "core/or/cpath_build_state_st.h"
40 #include "core/or/crypt_path_st.h"
41 #include "feature/dircommon/dir_connection_st.h"
42 #include "core/or/entry_connection_st.h"
43 #include "core/or/extend_info_st.h"
44 #include "core/or/origin_circuit_st.h"
45 #include "feature/rend/rend_intro_point_st.h"
46 #include "feature/rend/rend_service_descriptor_st.h"
47 #include "feature/nodelist/routerstatus_st.h"
48
49 static extend_info_t *rend_client_get_random_intro_impl(
50 const rend_cache_entry_t *rend_query,
51 const int strict, const int warnings);
52
53 /** Purge all potentially remotely-detectable state held in the hidden
54 * service client code. Called on SIGNAL NEWNYM. */
55 void
56 rend_client_purge_state(void)
57 {
58 rend_cache_purge();
59 rend_cache_failure_purge();
60 rend_client_cancel_descriptor_fetches();
61 hs_purge_last_hid_serv_requests();
62 }
63
64 /** Called when we've established a circuit to an introduction point:
65 * send the introduction request. */
66 void
67 rend_client_introcirc_has_opened(origin_circuit_t *circ)
68 {
69 tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
70 tor_assert(circ->cpath);
71
72 log_info(LD_REND,"introcirc is open");
73 connection_ap_attach_pending(1);
74 }
75
76 /** Send the establish-rendezvous cell along a rendezvous circuit. if
77 * it fails, mark the circ for close and return -1. else return 0.
78 */
79 static int
80 rend_client_send_establish_rendezvous(origin_circuit_t *circ)
81 {
82 tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
83 tor_assert(circ->rend_data);
84 log_info(LD_REND, "Sending an ESTABLISH_RENDEZVOUS cell");
85
86 crypto_rand(circ->rend_data->rend_cookie, REND_COOKIE_LEN);
87
88 /* Set timestamp_dirty, because circuit_expire_building expects it,
89 * and the rend cookie also means we've used the circ. */
90 circ->base_.timestamp_dirty = time(NULL);
91
92 /* We've attempted to use this circuit. Probe it if we fail */
93 pathbias_count_use_attempt(circ);
94
95 if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
96 RELAY_COMMAND_ESTABLISH_RENDEZVOUS,
97 circ->rend_data->rend_cookie,
98 REND_COOKIE_LEN,
99 circ->cpath->prev)<0) {
100 /* circ is already marked for close */
101 log_warn(LD_GENERAL, "Couldn't send ESTABLISH_RENDEZVOUS cell");
102 return -1;
103 }
104
105 return 0;
106 }
107
108 /** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
109 * down introcirc if possible.
110 */
111 int
112 rend_client_send_introduction(origin_circuit_t *introcirc,
113 origin_circuit_t *rendcirc)
114 {
115 const or_options_t *options = get_options();
116 size_t payload_len;
117 int r, v3_shift = 0;
118 char payload[RELAY_PAYLOAD_SIZE];
119 char tmp[RELAY_PAYLOAD_SIZE];
120 rend_cache_entry_t *entry = NULL;
121 crypt_path_t *cpath;
122 off_t dh_offset;
123 crypto_pk_t *intro_key = NULL;
124 int status = 0;
125 const char *onion_address;
126
127 tor_assert(introcirc->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
128 tor_assert(rendcirc->base_.purpose == CIRCUIT_PURPOSE_C_REND_READY);
129 tor_assert(introcirc->rend_data);
130 tor_assert(rendcirc->rend_data);
131 tor_assert(!rend_cmp_service_ids(rend_data_get_address(introcirc->rend_data),
132 rend_data_get_address(rendcirc->rend_data)));
133 assert_circ_anonymity_ok(introcirc, options);
134 assert_circ_anonymity_ok(rendcirc, options);
135 onion_address = rend_data_get_address(introcirc->rend_data);
136
137 r = rend_cache_lookup_entry(onion_address, -1, &entry);
138 /* An invalid onion address is not possible else we have a big issue. */
139 tor_assert(r != -EINVAL);
140 if (r < 0 || !rend_client_any_intro_points_usable(entry)) {
141 /* If the descriptor is not found or the intro points are not usable
142 * anymore, trigger a fetch. */
143 log_info(LD_REND,
144 "query %s didn't have valid rend desc in cache. "
145 "Refetching descriptor.",
146 safe_str_client(onion_address));
147 rend_client_refetch_v2_renddesc(introcirc->rend_data);
148 {
149 connection_t *conn;
150
151 while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
152 AP_CONN_STATE_CIRCUIT_WAIT, onion_address))) {
153 connection_ap_mark_as_waiting_for_renddesc(TO_ENTRY_CONN(conn));
154 }
155 }
156
157 status = -1;
158 goto cleanup;
159 }
160
161 /* first 20 bytes of payload are the hash of the service's pk */
162 intro_key = NULL;
163 SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *,
164 intro, {
165 if (tor_memeq(introcirc->build_state->chosen_exit->identity_digest,
166 intro->extend_info->identity_digest, DIGEST_LEN)) {
167 intro_key = intro->intro_key;
168 break;
169 }
170 });
171 if (!intro_key) {
172 log_info(LD_REND, "Could not find intro key for %s at %s; we "
173 "have a v2 rend desc with %d intro points. "
174 "Trying a different intro point...",
175 safe_str_client(onion_address),
176 safe_str_client(extend_info_describe(
177 introcirc->build_state->chosen_exit)),
178 smartlist_len(entry->parsed->intro_nodes));
179
180 if (hs_client_reextend_intro_circuit(introcirc)) {
181 status = -2;
182 goto perm_err;
183 } else {
184 status = -1;
185 goto cleanup;
186 }
187 }
188 if (crypto_pk_get_digest(intro_key, payload)<0) {
189 log_warn(LD_BUG, "Internal error: couldn't hash public key.");
190 status = -2;
191 goto perm_err;
192 }
193
194 /* Initialize the pending_final_cpath and start the DH handshake. */
195 cpath = rendcirc->build_state->pending_final_cpath;
196 if (!cpath) {
197 cpath = rendcirc->build_state->pending_final_cpath =
198 tor_malloc_zero(sizeof(crypt_path_t));
199 cpath->magic = CRYPT_PATH_MAGIC;
200 if (!(cpath->rend_dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) {
201 log_warn(LD_BUG, "Internal error: couldn't allocate DH.");
202 status = -2;
203 goto perm_err;
204 }
205 if (crypto_dh_generate_public(cpath->rend_dh_handshake_state)<0) {
206 log_warn(LD_BUG, "Internal error: couldn't generate g^x.");
207 status = -2;
208 goto perm_err;
209 }
210 }
211
212 /* If version is 3, write (optional) auth data and timestamp. */
213 if (entry->parsed->protocols & (1<<3)) {
214 tmp[0] = 3; /* version 3 of the cell format */
215 /* auth type, if any */
216 tmp[1] = (uint8_t) TO_REND_DATA_V2(introcirc->rend_data)->auth_type;
217 v3_shift = 1;
218 if (tmp[1] != REND_NO_AUTH) {
219 set_uint16(tmp+2, htons(REND_DESC_COOKIE_LEN));
220 memcpy(tmp+4, TO_REND_DATA_V2(introcirc->rend_data)->descriptor_cookie,
221 REND_DESC_COOKIE_LEN);
222 v3_shift += 2+REND_DESC_COOKIE_LEN;
223 }
224 /* Once this held a timestamp. */
225 set_uint32(tmp+v3_shift+1, 0);
226 v3_shift += 4;
227 } /* if version 2 only write version number */
228 else if (entry->parsed->protocols & (1<<2)) {
229 tmp[0] = 2; /* version 2 of the cell format */
230 }
231
232 /* write the remaining items into tmp */
233 if (entry->parsed->protocols & (1<<3) || entry->parsed->protocols & (1<<2)) {
234 /* version 2 format */
235 extend_info_t *extend_info = rendcirc->build_state->chosen_exit;
236 int klen;
237 /* nul pads */
238 set_uint32(tmp+v3_shift+1, tor_addr_to_ipv4n(&extend_info->addr));
239 set_uint16(tmp+v3_shift+5, htons(extend_info->port));
240 memcpy(tmp+v3_shift+7, extend_info->identity_digest, DIGEST_LEN);
241 klen = crypto_pk_asn1_encode(extend_info->onion_key,
242 tmp+v3_shift+7+DIGEST_LEN+2,
243 sizeof(tmp)-(v3_shift+7+DIGEST_LEN+2));
244 if (klen < 0) {
245 log_warn(LD_BUG,"Internal error: can't encode public key.");
246 status = -2;
247 goto perm_err;
248 }
249 set_uint16(tmp+v3_shift+7+DIGEST_LEN, htons(klen));
250 memcpy(tmp+v3_shift+7+DIGEST_LEN+2+klen, rendcirc->rend_data->rend_cookie,
251 REND_COOKIE_LEN);
252 dh_offset = v3_shift+7+DIGEST_LEN+2+klen+REND_COOKIE_LEN;
253 } else {
254 /* Version 0. */
255
256 /* Some compilers are smart enough to work out that nickname can be more
257 * than 19 characters, when it's a hexdigest. They warn that strncpy()
258 * will truncate hexdigests without NUL-terminating them. But we only put
259 * hexdigests in HSDir and general circuit exits. */
260 if (BUG(strlen(rendcirc->build_state->chosen_exit->nickname)
261 > MAX_NICKNAME_LEN)) {
262 goto perm_err;
263 }
264 strncpy(tmp, rendcirc->build_state->chosen_exit->nickname,
265 (MAX_NICKNAME_LEN+1)); /* nul pads */
266 memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie,
267 REND_COOKIE_LEN);
268 dh_offset = MAX_NICKNAME_LEN+1+REND_COOKIE_LEN;
269 }
270
271 if (crypto_dh_get_public(cpath->rend_dh_handshake_state, tmp+dh_offset,
272 DH1024_KEY_LEN)<0) {
273 log_warn(LD_BUG, "Internal error: couldn't extract g^x.");
274 status = -2;
275 goto perm_err;
276 }
277
278 /*XXX maybe give crypto_pk_obsolete_public_hybrid_encrypt a max_len arg,
279 * to avoid buffer overflows? */
280 r = crypto_pk_obsolete_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
281 sizeof(payload)-DIGEST_LEN,
282 tmp,
283 (int)(dh_offset+DH1024_KEY_LEN),
284 PK_PKCS1_OAEP_PADDING, 0);
285 if (r<0) {
286 log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed.");
287 status = -2;
288 goto perm_err;
289 }
290
291 payload_len = DIGEST_LEN + r;
292 tor_assert(payload_len <= RELAY_PAYLOAD_SIZE); /* we overran something */
293
294 /* Copy the rendezvous cookie from rendcirc to introcirc, so that
295 * when introcirc gets an ack, we can change the state of the right
296 * rendezvous circuit. */
297 memcpy(introcirc->rend_data->rend_cookie, rendcirc->rend_data->rend_cookie,
298 REND_COOKIE_LEN);
299
300 log_info(LD_REND, "Sending an INTRODUCE1 cell");
301 if (relay_send_command_from_edge(0, TO_CIRCUIT(introcirc),
302 RELAY_COMMAND_INTRODUCE1,
303 payload, payload_len,
304 introcirc->cpath->prev)<0) {
305 /* introcirc is already marked for close. leave rendcirc alone. */
306 log_warn(LD_BUG, "Couldn't send INTRODUCE1 cell");
307 status = -2;
308 goto cleanup;
309 }
310
311 /* Now, we wait for an ACK or NAK on this circuit. */
312 circuit_change_purpose(TO_CIRCUIT(introcirc),
313 CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT);
314 /* Set timestamp_dirty, because circuit_expire_building expects it
315 * to specify when a circuit entered the _C_INTRODUCE_ACK_WAIT
316 * state. */
317 introcirc->base_.timestamp_dirty = time(NULL);
318
319 pathbias_count_use_attempt(introcirc);
320
321 goto cleanup;
322
323 perm_err:
324 if (!introcirc->base_.marked_for_close)
325 circuit_mark_for_close(TO_CIRCUIT(introcirc), END_CIRC_REASON_INTERNAL);
326 circuit_mark_for_close(TO_CIRCUIT(rendcirc), END_CIRC_REASON_INTERNAL);
327 cleanup:
328 memwipe(payload, 0, sizeof(payload));
329 memwipe(tmp, 0, sizeof(tmp));
330
331 return status;
332 }
333
334 /** Called when a rendezvous circuit is open; sends a establish
335 * rendezvous circuit as appropriate. */
336 void
337 rend_client_rendcirc_has_opened(origin_circuit_t *circ)
338 {
339 tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND);
340
341 log_info(LD_REND,"rendcirc is open");
342
343 /* generate a rendezvous cookie, store it in circ */
344 if (rend_client_send_establish_rendezvous(circ) < 0) {
345 return;
346 }
347 }
348
349 /**
350 * Called to close other intro circuits we launched in parallel.
351 */
352 static void
353 rend_client_close_other_intros(const uint8_t *rend_pk_digest)
354 {
355 /* abort parallel intro circs, if any */
356 SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, c) {
357 if ((c->purpose == CIRCUIT_PURPOSE_C_INTRODUCING ||
358 c->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) &&
359 !c->marked_for_close && CIRCUIT_IS_ORIGIN(c)) {
360 origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(c);
361 if (oc->rend_data &&
362 rend_circuit_pk_digest_eq(oc, rend_pk_digest)) {
363 log_info(LD_REND|LD_CIRC, "Closing introduction circuit %d that we "
364 "built in parallel (Purpose %d).", oc->global_identifier,
365 c->purpose);
366 circuit_mark_for_close(c, END_CIRC_REASON_IP_NOW_REDUNDANT);
367 }
368 }
369 }
370 SMARTLIST_FOREACH_END(c);
371 }
372
373 /** Called when get an ACK or a NAK for a REND_INTRODUCE1 cell.
374 */
375 int
376 rend_client_introduction_acked(origin_circuit_t *circ,
377 const uint8_t *request, size_t request_len)
378 {
379 const or_options_t *options = get_options();
380 origin_circuit_t *rendcirc;
381 (void) request; // XXXX Use this.
382
383 tor_assert(circ->build_state);
384 tor_assert(circ->build_state->chosen_exit);
385 assert_circ_anonymity_ok(circ, options);
386 tor_assert(circ->rend_data);
387
388 if (request_len == 0) {
389 /* It's an ACK; the introduction point relayed our introduction request. */
390 /* Locate the rend circ which is waiting to hear about this ack,
391 * and tell it.
392 */
393 log_info(LD_REND,"Received ack. Telling rend circ...");
394 rendcirc = circuit_get_ready_rend_circ_by_rend_data(circ->rend_data);
395 if (rendcirc) { /* remember the ack */
396 assert_circ_anonymity_ok(rendcirc, options);
397 circuit_change_purpose(TO_CIRCUIT(rendcirc),
398 CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED);
399 /* Set timestamp_dirty, because circuit_expire_building expects
400 * it to specify when a circuit entered the
401 * _C_REND_READY_INTRO_ACKED state. */
402 rendcirc->base_.timestamp_dirty = time(NULL);
403 } else {
404 log_info(LD_REND,"...Found no rend circ. Dropping on the floor.");
405 }
406 /* close the circuit: we won't need it anymore. */
407 circuit_change_purpose(TO_CIRCUIT(circ),
408 CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
409 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
410
411 /* close any other intros launched in parallel */
412 rend_client_close_other_intros(rend_data_get_pk_digest(circ->rend_data,
413 NULL));
414 } else {
415 /* It's a NAK; the introduction point didn't relay our request. */
416 circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_INTRODUCING);
417 /* Remove this intro point from the set of viable introduction
418 * points. If any remain, extend to a new one and try again.
419 * If none remain, refetch the service descriptor.
420 */
421 log_info(LD_REND, "Got nack for %s from %s...",
422 safe_str_client(rend_data_get_address(circ->rend_data)),
423 safe_str_client(extend_info_describe(circ->build_state->chosen_exit)));
424 if (rend_client_report_intro_point_failure(circ->build_state->chosen_exit,
425 circ->rend_data,
426 INTRO_POINT_FAILURE_GENERIC)>0) {
427 /* There are introduction points left. Re-extend the circuit to
428 * another intro point and try again. */
429 int result = hs_client_reextend_intro_circuit(circ);
430 /* XXXX If that call failed, should we close the rend circuit,
431 * too? */
432 return result;
433 } else {
434 /* Close circuit because no more intro points are usable thus not
435 * useful anymore. Change it's purpose before so we don't report an
436 * intro point failure again triggering an extra descriptor fetch. */
437 circuit_change_purpose(TO_CIRCUIT(circ),
438 CIRCUIT_PURPOSE_C_INTRODUCE_ACKED);
439 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
440 }
441 }
442 return 0;
443 }
444
445 /** Determine the responsible hidden service directories for <b>desc_id</b>
446 * and fetch the descriptor with that ID from one of them. Only
447 * send a request to a hidden service directory that we have not yet tried
448 * during this attempt to connect to this hidden service; on success, return 1,
449 * in the case that no hidden service directory is left to ask for the
450 * descriptor, return 0, and in case of a failure -1. */
451 static int
452 directory_get_from_hs_dir(const char *desc_id,
453 const rend_data_t *rend_query,
454 routerstatus_t *rs_hsdir)
455 {
456 routerstatus_t *hs_dir = rs_hsdir;
457 char *hsdir_fp;
458 char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
459 char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
460 const rend_data_v2_t *rend_data;
461 const int how_to_fetch = DIRIND_ANONYMOUS;
462
463 tor_assert(desc_id);
464 tor_assert(rend_query);
465 rend_data = TO_REND_DATA_V2(rend_query);
466
467 base32_encode(desc_id_base32, sizeof(desc_id_base32),
468 desc_id, DIGEST_LEN);
469
470 /* Automatically pick an hs dir if none given. */
471 if (!rs_hsdir) {
472 bool rate_limited = false;
473
474 /* Determine responsible dirs. Even if we can't get all we want, work with
475 * the ones we have. If it's empty, we'll notice in hs_pick_hsdir(). */
476 smartlist_t *responsible_dirs = smartlist_new();
477 hid_serv_get_responsible_directories(responsible_dirs, desc_id);
478
479 hs_dir = hs_pick_hsdir(responsible_dirs, desc_id_base32, &rate_limited);
480 if (!hs_dir) {
481 /* No suitable hs dir can be found, stop right now. */
482 const char *query_response = (rate_limited) ? "QUERY_RATE_LIMITED" :
483 "QUERY_NO_HSDIR";
484 control_event_hsv2_descriptor_failed(rend_query, NULL, query_response);
485 control_event_hs_descriptor_content(rend_data_get_address(rend_query),
486 desc_id_base32, NULL, NULL);
487 return 0;
488 }
489 }
490
491 /* Add a copy of the HSDir identity digest to the query so we can track it
492 * on the control port. */
493 hsdir_fp = tor_memdup(hs_dir->identity_digest,
494 sizeof(hs_dir->identity_digest));
495 smartlist_add(rend_query->hsdirs_fp, hsdir_fp);
496
497 /* Encode descriptor cookie for logging purposes. Also, if the cookie is
498 * malformed, no fetch is triggered thus this needs to be done before the
499 * fetch request. */
500 if (rend_data->auth_type != REND_NO_AUTH) {
501 if (base64_encode(descriptor_cookie_base64,
502 sizeof(descriptor_cookie_base64),
503 rend_data->descriptor_cookie,
504 REND_DESC_COOKIE_LEN,
505 0)<0) {
506 log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
507 control_event_hsv2_descriptor_failed(rend_query, hsdir_fp, "BAD_DESC");
508 control_event_hs_descriptor_content(rend_data_get_address(rend_query),
509 desc_id_base32, hsdir_fp, NULL);
510 return 0;
511 }
512 /* Remove == signs. */
513 descriptor_cookie_base64[strlen(descriptor_cookie_base64)-2] = '\0';
514 } else {
515 strlcpy(descriptor_cookie_base64, "(none)",
516 sizeof(descriptor_cookie_base64));
517 }
518
519 /* Send fetch request. (Pass query and possibly descriptor cookie so that
520 * they can be written to the directory connection and be referred to when
521 * the response arrives. */
522 directory_request_t *req =
523 directory_request_new(DIR_PURPOSE_FETCH_RENDDESC_V2);
524 directory_request_set_routerstatus(req, hs_dir);
525 directory_request_set_indirection(req, how_to_fetch);
526 directory_request_set_resource(req, desc_id_base32);
527 directory_request_set_rend_query(req, rend_query);
528 directory_initiate_request(req);
529 directory_request_free(req);
530
531 log_info(LD_REND, "Sending fetch request for v2 descriptor for "
532 "service '%s' with descriptor ID '%s', auth type %d, "
533 "and descriptor cookie '%s' to hidden service "
534 "directory %s",
535 rend_data->onion_address, desc_id_base32,
536 rend_data->auth_type,
537 (rend_data->auth_type == REND_NO_AUTH ? "[none]" :
538 escaped_safe_str_client(descriptor_cookie_base64)),
539 routerstatus_describe(hs_dir));
540 control_event_hs_descriptor_requested(rend_data->onion_address,
541 rend_data->auth_type,
542 hs_dir->identity_digest,
543 desc_id_base32, NULL);
544 return 1;
545 }
546
547 /** Remove tracked HSDir requests from our history for this hidden service
548 * descriptor <b>desc_id</b> (of size DIGEST_LEN) */
549 static void
550 purge_v2_hidserv_req(const char *desc_id)
551 {
552 char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
553
554 /* The hsdir request tracker stores v2 keys using the base32 encoded
555 desc_id. Do it: */
556 base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id,
557 DIGEST_LEN);
558 hs_purge_hid_serv_from_last_hid_serv_requests(desc_id_base32);
559 }
560
561 /** Fetch a v2 descriptor using the given descriptor id. If any hsdir(s) are
562 * given, they will be used instead.
563 *
564 * On success, 1 is returned. If no hidden service is left to ask, return 0.
565 * On error, -1 is returned. */
566 static int
567 fetch_v2_desc_by_descid(const char *desc_id,
568 const rend_data_t *rend_query, smartlist_t *hsdirs)
569 {
570 int ret;
571
572 tor_assert(rend_query);
573
574 if (!hsdirs) {
575 ret = directory_get_from_hs_dir(desc_id, rend_query, NULL);
576 goto end; /* either success or failure, but we're done */
577 }
578
579 /* Using the given hsdir list, trigger a fetch on each of them. */
580 SMARTLIST_FOREACH_BEGIN(hsdirs, routerstatus_t *, hs_dir) {
581 /* This should always be a success. */
582 ret = directory_get_from_hs_dir(desc_id, rend_query, hs_dir);
583 tor_assert(ret);
584 } SMARTLIST_FOREACH_END(hs_dir);
585
586 /* Everything went well. */
587 ret = 0;
588
589 end:
590 return ret;
591 }
592
593 /** Fetch a v2 descriptor using the onion address in the given query object.
594 * This will compute the descriptor id for each replicas and fetch it on the
595 * given hsdir(s) if any or the responsible ones that are chosen
596 * automatically.
597 *
598 * On success, 1 is returned. If no hidden service is left to ask, return 0.
599 * On error, -1 is returned. */
600 static int
601 fetch_v2_desc_by_addr(rend_data_t *rend_query, smartlist_t *hsdirs)
602 {
603 char descriptor_id[DIGEST_LEN];
604 int replicas_left_to_try[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS];
605 int i, tries_left, ret;
606 rend_data_v2_t *rend_data = TO_REND_DATA_V2(rend_query);
607
608 /* Randomly iterate over the replicas until a descriptor can be fetched
609 * from one of the consecutive nodes, or no options are left. */
610 for (i = 0; i < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; i++) {
611 replicas_left_to_try[i] = i;
612 }
613
614 tries_left = REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS;
615 while (tries_left > 0) {
616 int rand_val = crypto_rand_int(tries_left);
617 int chosen_replica = replicas_left_to_try[rand_val];
618 replicas_left_to_try[rand_val] = replicas_left_to_try[--tries_left];
619
620 ret = rend_compute_v2_desc_id(descriptor_id,
621 rend_data->onion_address,
622 rend_data->auth_type == REND_STEALTH_AUTH ?
623 rend_data->descriptor_cookie : NULL,
624 time(NULL), chosen_replica);
625 if (ret < 0) {
626 /* Normally, on failure the descriptor_id is untouched but let's be
627 * safe in general in case the function changes at some point. */
628 goto end;
629 }
630
631 if (tor_memcmp(descriptor_id, rend_data->descriptor_id[chosen_replica],
632 sizeof(descriptor_id)) != 0) {
633 /* Not equal from what we currently have so purge the last hid serv
634 * request cache and update the descriptor ID with the new value. */
635 purge_v2_hidserv_req(rend_data->descriptor_id[chosen_replica]);
636 memcpy(rend_data->descriptor_id[chosen_replica], descriptor_id,
637 sizeof(rend_data->descriptor_id[chosen_replica]));
638 }
639
640 /* Trigger the fetch with the computed descriptor ID. */
641 ret = fetch_v2_desc_by_descid(descriptor_id, rend_query, hsdirs);
642 if (ret != 0) {
643 /* Either on success or failure, as long as we tried a fetch we are
644 * done here. */
645 goto end;
646 }
647 }
648
649 /* If we come here, there are no hidden service directories left. */
650 log_info(LD_REND, "Could not pick one of the responsible hidden "
651 "service directories to fetch descriptors, because "
652 "we already tried them all unsuccessfully.");
653 ret = 0;
654
655 end:
656 memwipe(descriptor_id, 0, sizeof(descriptor_id));
657 return ret;
658 }
659
660 /** Fetch a v2 descriptor using the given query. If any hsdir are specified,
661 * use them for the fetch.
662 *
663 * On success, 1 is returned. If no hidden service is left to ask, return 0.
664 * On error, -1 is returned. */
665 int
666 rend_client_fetch_v2_desc(rend_data_t *query, smartlist_t *hsdirs)
667 {
668 int ret;
669 rend_data_v2_t *rend_data;
670 const char *onion_address;
671
672 tor_assert(query);
673
674 /* Get the version 2 data structure of the query. */
675 rend_data = TO_REND_DATA_V2(query);
676 onion_address = rend_data_get_address(query);
677
678 /* Depending on what's available in the rend data query object, we will
679 * trigger a fetch by HS address or using a descriptor ID. */
680
681 if (onion_address[0] != '\0') {
682 ret = fetch_v2_desc_by_addr(query, hsdirs);
683 } else if (!tor_digest_is_zero(rend_data->desc_id_fetch)) {
684 ret = fetch_v2_desc_by_descid(rend_data->desc_id_fetch, query,
685 hsdirs);
686 } else {
687 /* Query data is invalid. */
688 ret = -1;
689 goto error;
690 }
691
692 error:
693 return ret;
694 }
695
696 /** Unless we already have a descriptor for <b>rend_query</b> with at least
697 * one (possibly) working introduction point in it, start a connection to a
698 * hidden service directory to fetch a v2 rendezvous service descriptor. */
699 void
700 rend_client_refetch_v2_renddesc(rend_data_t *rend_query)
701 {
702 rend_cache_entry_t *e = NULL;
703 const char *onion_address = rend_data_get_address(rend_query);
704
705 tor_assert(rend_query);
706 /* Before fetching, check if we already have a usable descriptor here. */
707 if (rend_cache_lookup_entry(onion_address, -1, &e) == 0 &&
708 rend_client_any_intro_points_usable(e)) {
709 log_info(LD_REND, "We would fetch a v2 rendezvous descriptor, but we "
710 "already have a usable descriptor here. Not fetching.");
711 return;
712 }
713 /* Are we configured to fetch descriptors? */
714 if (!get_options()->FetchHidServDescriptors) {
715 log_warn(LD_REND, "We received an onion address for a v2 rendezvous "
716 "service descriptor, but are not fetching service descriptors.");
717 return;
718 }
719 log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s",
720 safe_str_client(onion_address));
721
722 rend_client_fetch_v2_desc(rend_query, NULL);
723 /* We don't need to look the error code because either on failure or
724 * success, the necessary steps to continue the HS connection will be
725 * triggered once the descriptor arrives or if all fetch failed. */
726 return;
727 }
728
729 /** Cancel all rendezvous descriptor fetches currently in progress.
730 */
731 void
732 rend_client_cancel_descriptor_fetches(void)
733 {
734 smartlist_t *connection_array = get_connection_array();
735
736 SMARTLIST_FOREACH_BEGIN(connection_array, connection_t *, conn) {
737 if (conn->type == CONN_TYPE_DIR &&
738 conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2) {
739 /* It's a rendezvous descriptor fetch in progress -- cancel it
740 * by marking the connection for close.
741 *
742 * Even if this connection has already reached EOF, this is
743 * enough to make sure that if the descriptor hasn't been
744 * processed yet, it won't be. See the end of
745 * connection_handle_read; connection_reached_eof (indirectly)
746 * processes whatever response the connection received. */
747
748 const rend_data_t *rd = (TO_DIR_CONN(conn))->rend_data;
749 if (!rd) {
750 log_warn(LD_BUG | LD_REND,
751 "Marking for close dir conn fetching rendezvous "
752 "descriptor for unknown service!");
753 } else {
754 log_debug(LD_REND, "Marking for close dir conn fetching "
755 "rendezvous descriptor for service %s",
756 safe_str(rend_data_get_address(rd)));
757 }
758 connection_mark_for_close(conn);
759 }
760 } SMARTLIST_FOREACH_END(conn);
761 }
762
763 /** Mark <b>failed_intro</b> as a failed introduction point for the
764 * hidden service specified by <b>rend_query</b>. If the HS now has no
765 * usable intro points, or we do not have an HS descriptor for it,
766 * then launch a new renddesc fetch.
767 *
768 * If <b>failure_type</b> is INTRO_POINT_FAILURE_GENERIC, remove the
769 * intro point from (our parsed copy of) the HS descriptor.
770 *
771 * If <b>failure_type</b> is INTRO_POINT_FAILURE_TIMEOUT, mark the
772 * intro point as 'timed out'; it will not be retried until the
773 * current hidden service connection attempt has ended or it has
774 * appeared in a newly fetched rendezvous descriptor.
775 *
776 * If <b>failure_type</b> is INTRO_POINT_FAILURE_UNREACHABLE,
777 * increment the intro point's reachability-failure count; if it has
778 * now failed MAX_INTRO_POINT_REACHABILITY_FAILURES or more times,
779 * remove the intro point from (our parsed copy of) the HS descriptor.
780 *
781 * Return -1 if error, 0 if no usable intro points remain or service
782 * unrecognized, 1 if recognized and some intro points remain.
783 */
784 int
785 rend_client_report_intro_point_failure(extend_info_t *failed_intro,
786 rend_data_t *rend_data,
787 unsigned int failure_type)
788 {
789 int i, r;
790 rend_cache_entry_t *ent;
791 connection_t *conn;
792 const char *onion_address = rend_data_get_address(rend_data);
793
794 r = rend_cache_lookup_entry(onion_address, -1, &ent);
795 if (r < 0) {
796 /* Either invalid onion address or cache entry not found. */
797 switch (-r) {
798 case EINVAL:
799 log_warn(LD_BUG, "Malformed service ID %s.",
800 escaped_safe_str_client(onion_address));
801 return -1;
802 case ENOENT:
803 log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
804 escaped_safe_str_client(onion_address));
805 rend_client_refetch_v2_renddesc(rend_data);
806 return 0;
807 default:
808 log_warn(LD_BUG, "Unknown cache lookup returned code: %d", r);
809 return -1;
810 }
811 }
812 /* The intro points are not checked here if they are usable or not because
813 * this is called when an intro point circuit is closed thus there must be
814 * at least one intro point that is usable and is about to be flagged. */
815
816 for (i = 0; i < smartlist_len(ent->parsed->intro_nodes); i++) {
817 rend_intro_point_t *intro = smartlist_get(ent->parsed->intro_nodes, i);
818 if (tor_memeq(failed_intro->identity_digest,
819 intro->extend_info->identity_digest, DIGEST_LEN)) {
820 switch (failure_type) {
821 default:
822 log_warn(LD_BUG, "Unknown failure type %u. Removing intro point.",
823 failure_type);
824 tor_fragile_assert();
825 /* fall through */
826 case INTRO_POINT_FAILURE_GENERIC:
827 rend_cache_intro_failure_note(failure_type,
828 (uint8_t *)failed_intro->identity_digest,
829 onion_address);
830 rend_intro_point_free(intro);
831 smartlist_del(ent->parsed->intro_nodes, i);
832 break;
833 case INTRO_POINT_FAILURE_TIMEOUT:
834 intro->timed_out = 1;
835 break;
836 case INTRO_POINT_FAILURE_UNREACHABLE:
837 ++(intro->unreachable_count);
838 {
839 int zap_intro_point =
840 intro->unreachable_count >= MAX_INTRO_POINT_REACHABILITY_FAILURES;
841 log_info(LD_REND, "Failed to reach this intro point %u times.%s",
842 intro->unreachable_count,
843 zap_intro_point ? " Removing from descriptor.": "");
844 if (zap_intro_point) {
845 rend_cache_intro_failure_note(
846 failure_type,
847 (uint8_t *) failed_intro->identity_digest, onion_address);
848 rend_intro_point_free(intro);
849 smartlist_del(ent->parsed->intro_nodes, i);
850 }
851 }
852 break;
853 }
854 break;
855 }
856 }
857
858 if (! rend_client_any_intro_points_usable(ent)) {
859 log_info(LD_REND,
860 "No more intro points remain for %s. Re-fetching descriptor.",
861 escaped_safe_str_client(onion_address));
862 rend_client_refetch_v2_renddesc(rend_data);
863
864 /* move all pending streams back to renddesc_wait */
865 /* NOTE: We can now do this faster, if we use pending_entry_connections */
866 while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
867 AP_CONN_STATE_CIRCUIT_WAIT,
868 onion_address))) {
869 connection_ap_mark_as_waiting_for_renddesc(TO_ENTRY_CONN(conn));
870 }
871
872 return 0;
873 }
874 log_info(LD_REND,"%d options left for %s.",
875 smartlist_len(ent->parsed->intro_nodes),
876 escaped_safe_str_client(onion_address));
877 return 1;
878 }
879
880 /** The service sent us a rendezvous cell; join the circuits. */
881 int
882 rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
883 size_t request_len)
884 {
885 if (request_len != DH1024_KEY_LEN+DIGEST_LEN) {
886 log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.",
887 (int)request_len);
888 goto err;
889 }
890
891 if (hs_circuit_setup_e2e_rend_circ_legacy_client(circ, request) < 0) {
892 log_warn(LD_GENERAL, "Failed to setup circ");
893 goto err;
894 }
895 return 0;
896
897 err:
898 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
899 return -1;
900 }
901
902 /** Find all the apconns in state AP_CONN_STATE_RENDDESC_WAIT that are
903 * waiting on <b>query</b>. If there's a working cache entry here with at
904 * least one intro point, move them to the next state. */
905 void
906 rend_client_desc_trynow(const char *query)
907 {
908 entry_connection_t *conn;
909 rend_cache_entry_t *entry;
910 const rend_data_t *rend_data;
911 time_t now = time(NULL);
912
913 smartlist_t *conns = get_connection_array();
914 SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
915 if (base_conn->type != CONN_TYPE_AP ||
916 base_conn->state != AP_CONN_STATE_RENDDESC_WAIT ||
917 base_conn->marked_for_close)
918 continue;
919 conn = TO_ENTRY_CONN(base_conn);
920 rend_data = ENTRY_TO_EDGE_CONN(conn)->rend_data;
921 if (!rend_data)
922 continue;
923 const char *onion_address = rend_data_get_address(rend_data);
924 if (rend_cmp_service_ids(query, onion_address))
925 continue;
926 assert_connection_ok(base_conn, now);
927 if (rend_cache_lookup_entry(onion_address, -1,
928 &entry) == 0 &&
929 rend_client_any_intro_points_usable(entry)) {
930 /* either this fetch worked, or it failed but there was a
931 * valid entry from before which we should reuse */
932 log_info(LD_REND,"Rend desc is usable. Launching circuits.");
933 base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
934
935 /* restart their timeout values, so they get a fair shake at
936 * connecting to the hidden service. */
937 base_conn->timestamp_created = now;
938 base_conn->timestamp_last_read_allowed = now;
939 base_conn->timestamp_last_write_allowed = now;
940
941 connection_ap_mark_as_pending_circuit(conn);
942 } else { /* 404, or fetch didn't get that far */
943 log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
944 "unavailable (try again later).",
945 safe_str_client(query));
946 connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
947 rend_client_note_connection_attempt_ended(rend_data);
948 }
949 } SMARTLIST_FOREACH_END(base_conn);
950 }
951
952 /** Clear temporary state used only during an attempt to connect to the
953 * hidden service with <b>rend_data</b>. Called when a connection attempt
954 * has ended; it is possible for this to be called multiple times while
955 * handling an ended connection attempt, and any future changes to this
956 * function must ensure it remains idempotent. */
957 void
958 rend_client_note_connection_attempt_ended(const rend_data_t *rend_data)
959 {
960 unsigned int have_onion = 0;
961 rend_cache_entry_t *cache_entry = NULL;
962 const char *onion_address = rend_data_get_address(rend_data);
963 rend_data_v2_t *rend_data_v2 = TO_REND_DATA_V2(rend_data);
964
965 if (onion_address[0] != '\0') {
966 /* Ignore return value; we find an entry, or we don't. */
967 (void) rend_cache_lookup_entry(onion_address, -1, &cache_entry);
968 have_onion = 1;
969 }
970
971 /* Clear the timed_out flag on all remaining intro points for this HS. */
972 if (cache_entry != NULL) {
973 SMARTLIST_FOREACH(cache_entry->parsed->intro_nodes,
974 rend_intro_point_t *, ip,
975 ip->timed_out = 0; );
976 }
977
978 /* Remove the HS's entries in last_hid_serv_requests. */
979 if (have_onion) {
980 unsigned int replica;
981 for (replica = 0; replica < ARRAY_LENGTH(rend_data_v2->descriptor_id);
982 replica++) {
983 const char *desc_id = rend_data_v2->descriptor_id[replica];
984 purge_v2_hidserv_req(desc_id);
985 }
986 log_info(LD_REND, "Connection attempt for %s has ended; "
987 "cleaning up temporary state.",
988 safe_str_client(onion_address));
989 } else {
990 /* We only have an ID for a fetch. Probably used by HSFETCH. */
991 purge_v2_hidserv_req(rend_data_v2->desc_id_fetch);
992 }
993 }
994
995 /** Return a newly allocated extend_info_t* for a randomly chosen introduction
996 * point for the named hidden service. Return NULL if all introduction points
997 * have been tried and failed.
998 */
999 extend_info_t *
1000 rend_client_get_random_intro(const rend_data_t *rend_query)
1001 {
1002 int ret;
1003 extend_info_t *result;
1004 rend_cache_entry_t *entry;
1005 const char *onion_address = rend_data_get_address(rend_query);
1006
1007 ret = rend_cache_lookup_entry(onion_address, -1, &entry);
1008 if (ret < 0 || !rend_client_any_intro_points_usable(entry)) {
1009 log_warn(LD_REND,
1010 "Query '%s' didn't have valid rend desc in cache. Failing.",
1011 safe_str_client(onion_address));
1012 /* XXX: Should we refetch the descriptor here if the IPs are not usable
1013 * anymore ?. */
1014 return NULL;
1015 }
1016
1017 /* See if we can get a node that complies with ExcludeNodes */
1018 if ((result = rend_client_get_random_intro_impl(entry, 1, 1)))
1019 return result;
1020 /* If not, and StrictNodes is not set, see if we can return any old node
1021 */
1022 if (!get_options()->StrictNodes)
1023 return rend_client_get_random_intro_impl(entry, 0, 1);
1024 return NULL;
1025 }
1026
1027 /** As rend_client_get_random_intro, except assume that StrictNodes is set
1028 * iff <b>strict</b> is true. If <b>warnings</b> is false, don't complain
1029 * to the user when we're out of nodes, even if StrictNodes is true.
1030 */
1031 static extend_info_t *
1032 rend_client_get_random_intro_impl(const rend_cache_entry_t *entry,
1033 const int strict,
1034 const int warnings)
1035 {
1036 int i;
1037
1038 rend_intro_point_t *intro;
1039 const or_options_t *options = get_options();
1040 smartlist_t *usable_nodes;
1041 int n_excluded = 0;
1042
1043 /* We'll keep a separate list of the usable nodes. If this becomes empty,
1044 * no nodes are usable. */
1045 usable_nodes = smartlist_new();
1046 smartlist_add_all(usable_nodes, entry->parsed->intro_nodes);
1047
1048 /* Remove the intro points that have timed out during this HS
1049 * connection attempt from our list of usable nodes. */
1050 SMARTLIST_FOREACH(usable_nodes, rend_intro_point_t *, ip,
1051 if (ip->timed_out) {
1052 SMARTLIST_DEL_CURRENT(usable_nodes, ip);
1053 });
1054
1055 again:
1056 if (smartlist_len(usable_nodes) == 0) {
1057 if (n_excluded && get_options()->StrictNodes && warnings) {
1058 /* We only want to warn if StrictNodes is really set. Otherwise
1059 * we're just about to retry anyways.
1060 */
1061 log_warn(LD_REND, "All introduction points for hidden service are "
1062 "at excluded relays, and StrictNodes is set. Skipping.");
1063 }
1064 smartlist_free(usable_nodes);
1065 return NULL;
1066 }
1067
1068 i = crypto_rand_int(smartlist_len(usable_nodes));
1069 intro = smartlist_get(usable_nodes, i);
1070 if (BUG(!intro->extend_info)) {
1071 /* This should never happen, but it isn't fatal, just try another */
1072 smartlist_del(usable_nodes, i);
1073 goto again;
1074 }
1075 /* All version 2 HS descriptors come with a TAP onion key.
1076 * Clients used to try to get the TAP onion key from the consensus, but this
1077 * meant that hidden services could discover which consensus clients have. */
1078 if (!extend_info_supports_tap(intro->extend_info)) {
1079 log_info(LD_REND, "The HS descriptor is missing a TAP onion key for the "
1080 "intro-point relay '%s'; trying another.",
1081 safe_str_client(extend_info_describe(intro->extend_info)));
1082 smartlist_del(usable_nodes, i);
1083 goto again;
1084 }
1085 /* Check if we should refuse to talk to this router. */
1086 if (strict &&
1087 routerset_contains_extendinfo(options->ExcludeNodes,
1088 intro->extend_info)) {
1089 n_excluded++;
1090 smartlist_del(usable_nodes, i);
1091 goto again;
1092 }
1093
1094 smartlist_free(usable_nodes);
1095 return extend_info_dup(intro->extend_info);
1096 }
1097
1098 /** Return true iff any introduction points still listed in <b>entry</b> are
1099 * usable. */
1100 int
1101 rend_client_any_intro_points_usable(const rend_cache_entry_t *entry)
1102 {
1103 extend_info_t *extend_info =
1104 rend_client_get_random_intro_impl(entry, get_options()->StrictNodes, 0);
1105
1106 int rv = (extend_info != NULL);
1107
1108 extend_info_free(extend_info);
1109 return rv;
1110 }
1111
1112 /** Client-side authorizations for hidden services; map of onion address to
1113 * rend_service_authorization_t*. */
1114 static strmap_t *auth_hid_servs = NULL;
1115
1116 /** Look up the client-side authorization for the hidden service with
1117 * <b>onion_address</b>. Return NULL if no authorization is available for
1118 * that address. */
1119 rend_service_authorization_t*
1120 rend_client_lookup_service_authorization(const char *onion_address)
1121 {
1122 tor_assert(onion_address);
1123 if (!auth_hid_servs) return NULL;
1124 return strmap_get(auth_hid_servs, onion_address);
1125 }
1126
1127 #define rend_service_authorization_free(val) \
1128 FREE_AND_NULL(rend_service_authorization_t, \
1129 rend_service_authorization_free_, (val))
1130
1131 /** Helper: Free storage held by rend_service_authorization_t. */
1132 static void
1133 rend_service_authorization_free_(rend_service_authorization_t *auth)
1134 {
1135 tor_free(auth);
1136 }
1137
1138 /** Helper for strmap_free. */
1139 static void
1140 rend_service_authorization_free_void(void *service_auth)
1141 {
1142 rend_service_authorization_free_(service_auth);
1143 }
1144
1145 /** Release all the storage held in auth_hid_servs.
1146 */
1147 void
1148 rend_service_authorization_free_all(void)
1149 {
1150 if (!auth_hid_servs) {
1151 return;
1152 }
1153 strmap_free(auth_hid_servs, rend_service_authorization_free_void);
1154 auth_hid_servs = NULL;
1155 }
1156
1157 /** Parse <b>config_line</b> as a client-side authorization for a hidden
1158 * service and add it to the local map of hidden service authorizations.
1159 * Return 0 for success and -1 for failure. */
1160 int
1161 rend_parse_service_authorization(const or_options_t *options,
1162 int validate_only)
1163 {
1164 config_line_t *line;
1165 int res = -1;
1166 strmap_t *parsed = strmap_new();
1167 smartlist_t *sl = smartlist_new();
1168 rend_service_authorization_t *auth = NULL;
1169 char *err_msg = NULL;
1170
1171 for (line = options->HidServAuth; line; line = line->next) {
1172 char *onion_address, *descriptor_cookie;
1173 auth = NULL;
1174 SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
1175 smartlist_clear(sl);
1176 smartlist_split_string(sl, line->value, " ",
1177 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
1178 if (smartlist_len(sl) < 2) {
1179 log_warn(LD_CONFIG, "Configuration line does not consist of "
1180 "\"onion-address authorization-cookie [service-name]\": "
1181 "'%s'", line->value);
1182 goto err;
1183 }
1184 auth = tor_malloc_zero(sizeof(rend_service_authorization_t));
1185 /* Parse onion address. */
1186 onion_address = smartlist_get(sl, 0);
1187 if (strlen(onion_address) != REND_SERVICE_ADDRESS_LEN ||
1188 strcmpend(onion_address, ".onion")) {
1189 log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
1190 onion_address);
1191 goto err;
1192 }
1193 strlcpy(auth->onion_address, onion_address, REND_SERVICE_ID_LEN_BASE32+1);
1194 if (!rend_valid_v2_service_id(auth->onion_address)) {
1195 log_warn(LD_CONFIG, "Onion address has wrong format: '%s'",
1196 onion_address);
1197 goto err;
1198 }
1199 /* Parse descriptor cookie. */
1200 descriptor_cookie = smartlist_get(sl, 1);
1201 if (rend_auth_decode_cookie(descriptor_cookie, auth->descriptor_cookie,
1202 &auth->auth_type, &err_msg) < 0) {
1203 tor_assert(err_msg);
1204 log_warn(LD_CONFIG, "%s", err_msg);
1205 tor_free(err_msg);
1206 goto err;
1207 }
1208 if (strmap_get(parsed, auth->onion_address)) {
1209 log_warn(LD_CONFIG, "Duplicate authorization for the same hidden "
1210 "service.");
1211 goto err;
1212 }
1213 strmap_set(parsed, auth->onion_address, auth);
1214 auth = NULL;
1215 }
1216 res = 0;
1217 goto done;
1218 err:
1219 res = -1;
1220 done:
1221 rend_service_authorization_free(auth);
1222 SMARTLIST_FOREACH(sl, char *, c, tor_free(c););
1223 smartlist_free(sl);
1224 if (!validate_only && res == 0) {
1225 rend_service_authorization_free_all();
1226 auth_hid_servs = parsed;
1227 } else {
1228 strmap_free(parsed, rend_service_authorization_free_void);
1229 }
1230 return res;
1231 }
The Onion Router