| blob | 9e6f72e9ac9eea6b01a6ce4301de17a6276c652f |
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2019, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
21 /**
22 * \file directory.c
23 * \brief Code to send and fetch information from directory authorities and
24 * caches via HTTP.
25 *
26 * Directory caches and authorities use dirserv.c to generate the results of a
27 * query and stream them to the connection; clients use routerparse.c to parse
28 * them.
29 *
30 * Every directory request has a dir_connection_t on the client side and on
31 * the server side. In most cases, the dir_connection_t object is a linked
32 * connection, tunneled through an edge_connection_t so that it can be a
33 * stream on the Tor network. The only non-tunneled connections are those
34 * that are used to upload material (descriptors and votes) to authorities.
35 * Among tunneled connections, some use one-hop circuits, and others use
36 * multi-hop circuits for anonymity.
37 *
38 * Directory requests are launched by calling
39 * directory_initiate_request(). This
40 * launch the connection, will construct an HTTP request with
41 * directory_send_command(), send the and wait for a response. The client
42 * later handles the response with connection_dir_client_reached_eof(),
43 * which passes the information received to another part of Tor.
44 *
45 * On the server side, requests are read in directory_handle_command(),
46 * which dispatches first on the request type (GET or POST), and then on
47 * the URL requested. GET requests are processed with a table-based
48 * dispatcher in url_table[]. The process of handling larger GET requests
49 * is complicated because we need to avoid allocating a copy of all the
50 * data to be sent to the client in one huge buffer. Instead, we spool the
51 * data into the buffer using logic in connection_dirserv_flushed_some() in
52 * dirserv.c. (TODO: If we extended buf.c to have a zero-copy
53 * reference-based buffer type, we could remove most of that code, at the
54 * cost of a bit more reference counting.)
55 **/
57 /* In-points to directory.c:
58 *
59 * - directory_post_to_dirservers(), called from
60 * router_upload_dir_desc_to_dirservers() in router.c
61 * upload_service_descriptor() in rendservice.c
62 * - directory_get_from_dirserver(), called from
63 * rend_client_refetch_renddesc() in rendclient.c
64 * run_scheduled_events() in main.c
65 * do_hup() in main.c
66 * - connection_dir_process_inbuf(), called from
67 * connection_process_inbuf() in connection.c
68 * - connection_dir_finished_flushing(), called from
69 * connection_finished_flushing() in connection.c
70 * - connection_dir_finished_connecting(), called from
71 * connection_finished_connecting() in connection.c
72 */
74 /** Convert a connection_t* to a dir_connection_t*; assert if the cast is
75 * invalid. */
76 dir_connection_t *
78 {
81 }
83 /** Return false if the directory purpose <b>dir_purpose</b>
84 * does not require an anonymous (three-hop) connection.
85 *
86 * Return true 1) by default, 2) if all directory actions have
87 * specifically been configured to be over an anonymous connection,
88 * or 3) if the router is a bridge */
89 int
92 {
99 /* We are asking a bridge for its own descriptor. That doesn't need
100 anonymity. */
102 }
103 /* Assume all other bridge stuff needs anonymity. */
105 * needed to be safe. */
106 }
109 {
134 }
135 }
137 /** Return a newly allocated string describing <b>auth</b>. Only describes
138 * authority features. */
141 {
152 }
155 }
157 /** Return true iff anything we say on <b>conn</b> is being encrypted before
158 * we send it to the client/server. */
159 int
161 {
162 /* Right now it's sufficient to see if conn is or has been linked, since
163 * the only thing it could be linked to is an edge connection on a
164 * circuit, and the only way it could have been unlinked is at the edge
165 * connection getting closed.
166 */
168 }
170 /** Parse an HTTP request line at the start of a headers string. On failure,
171 * return -1. On success, set *<b>command_out</b> to a copy of the HTTP
172 * command ("get", "post", etc), set *<b>url_out</b> to a copy of the URL, and
173 * return 0. */
174 int
176 {
192 /* tolerate the http[s] proxy style of putting the hostname in the url */
196 tmp++;
202 }
203 }
204 }
206 /* Check if the header is well formed (next sequence
207 * should be HTTP/1.X\r\n). Assumes we're supporting 1.0? */
208 {
214 }
217 }
222 }
224 /** Return a copy of the first HTTP header in <b>headers</b> whose key is
225 * <b>which</b>. The key should be given with a terminating colon and space;
226 * this function copies everything after, up to but not including the
227 * following \\r\\n. */
230 {
238 else
240 }
244 }
246 }
247 /** Parse an HTTP response string <b>headers</b> of the form
248 * \verbatim
249 * "HTTP/1.\%d \%d\%s\r\n...".
250 * \endverbatim
251 *
252 * If it's well-formed, assign the status code to *<b>code</b> and
253 * return 0. Otherwise, return -1.
254 *
255 * On success: If <b>date</b> is provided, set *date to the Date
256 * header in the http headers, or 0 if no such header is found. If
257 * <b>compression</b> is provided, set *<b>compression</b> to the
258 * compression method given in the Content-Encoding header, or 0 if no
259 * such header is found, or -1 if the value of the header is not
260 * recognized. If <b>reason</b> is provided, strdup the reason string
261 * into it.
262 */
263 int
266 {
280 }
296 }
299 }
305 /* This will do nothing on failure, so we don't need to check
306 the result. We shouldn't warn, since there are many other valid
307 date formats besides the one we use. */
310 });
311 }
317 });
327 }
328 }
333 }
335 /** If any directory object is arriving, and it's over 10MB large, we're
336 * getting DoS'd. (As of 0.1.2.x, raw directories are about 1MB, and we never
337 * ask for more than 96 router descriptors at a time.)
338 */
339 #define MAX_DIRECTORY_OBJECT_SIZE (10*(1<<20))
341 #define MAX_VOTE_DL_SIZE (MAX_DIRECTORY_OBJECT_SIZE * 5)
343 /** Read handler for directory connections. (That's connections <em>to</em>
344 * directory servers and connections <em>at</em> directory servers.)
345 */
346 int
348 {
353 /* Directory clients write, then read data until they receive EOF;
354 * directory servers read data until they get an HTTP command, then
355 * write their response (when it's finished flushing, they mark for
356 * close).
357 */
359 /* If we're on the dirserver side, look for a command. */
364 }
366 }
368 max_size =
374 "Too much data received from directory connection (%s): "
379 }
384 }
386 /** Called when we're about to finally unlink and free a directory connection:
387 * perform necessary accounting and cleanup */
388 void
390 {
394 /* It's a directory connection and connecting or fetching
395 * failed: forget about this router, and maybe try again. */
397 }
400 }
402 /** Write handler for directory connections; called when all data has
403 * been flushed. Close the connection or wait for a response as
404 * appropriate.
405 */
406 int
408 {
415 /* Note that we have finished writing the directory response. For direct
416 * connections this means we're done; for tunneled connections it's only
417 * an intermediate step. */
420 DIRREQ_FLUSHING_DIR_CONN_FINISHED);
421 else
423 DIRREQ_DIRECT,
424 DIRREQ_FLUSHING_DIR_CONN_FINISHED);
438 }
445 }
447 }
449 /** Connected handler for directory connections: begin sending data to the
450 * server, and return 0.
451 * Only used when connections don't immediately connect. */
452 int
454 {
462 /* start flushing conn */
465 }
467 /** Helper. Compare two fp_pair_t objects, and return negative, 0, or
468 * positive as appropriate. */
469 static int
471 {
476 else
478 }
480 /** Divide a string <b>res</b> of the form FP1-FP2+FP3-FP4...[.z], where each
481 * FP is a hex-encoded fingerprint, into a sequence of distinct sorted
482 * fp_pair_t. Skip malformed pairs. On success, return 0 and add those
483 * fp_pair_t into <b>pairs_out</b>. On failure, return -1. */
484 int
487 {
497 }
498 }
507 fp_pair_t pair;
515 }
516 }
521 /* Uniq-and-sort */
528 }
530 /** Given a directory <b>resource</b> request, containing zero
531 * or more strings separated by plus signs, followed optionally by ".z", store
532 * the strings, in order, into <b>fp_out</b>. If <b>compressed_out</b> is
533 * non-NULL, set it to 1 if the resource ends in ".z", else set it to 0.
534 *
535 * If (flags & DSR_HEX), then delete all elements that aren't hex digests, and
536 * decode the rest. If (flags & DSR_BASE64), then use "-" rather than "+" as
537 * a separator, delete all the elements that aren't base64-encoded digests,
538 * and decode the rest. If (flags & DSR_DIGEST256), these digests should be
539 * 256 bits long; else they should be 160.
540 *
541 * If (flags & DSR_SORT_UNIQ), then sort the list and remove all duplicates.
542 */
543 int
547 {
573 }
574 }
586 }
595 }
598 again:
601 }
602 }
611 }
615 }
616 }
620 }
622 /** As dir_split_resource_into_fingerprints, but instead fills
623 * <b>spool_out</b> with a list of spoolable_resource_t for the resource
624 * identified through <b>source</b>. */
625 int
627 dir_spool_source_t source,
631 {
640 /* This is not a very efficient implementation XXXX */
651 }