search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
break reached_eof() out of process_inbuf()
[tor.git] / src / or / control.c
blob92297f35013b0cb088b86616d1784d34aca4c86c
1 /* Copyright 2004 Roger Dingledine, Nick Mathewson. */
2 /* See LICENSE for licensing information */
3 /* $Id$ */
4
5 /**
6 * /file control.c
7 *
8 * /brief Implementation for Tor's control-socket interface.
9 */
10
11 #include "or.h"
12
13 /* Protocol outline: a bidirectional stream, over which each side
14 * sends a series of messages. Each message has a two-byte length field,
15 * a two-byte typecode, and a variable-length body whose length is
16 * given in the length field.
17 *
18 * By default, the server only sends messages in response to client messages.
19 * Every client message gets a message in response. The client may, however,
20 * _request_ that other messages be delivered asynchronously.
21 *
22 *
23 * Every message type is either client-only or server-only, and every
24 * server message type is either synchronous-only (only occurs in
25 * response to a client request) or asynchronous-only (never is an
26 * answer to a client request.
27 *
28 * See control-spec.txt for full details.
29 */
30
31 /* Recognized message type codes. */
32 #define CONTROL_CMD_ERROR 0x0000
33 #define CONTROL_CMD_DONE 0x0001
34 #define CONTROL_CMD_SETCONF 0x0002
35 #define CONTROL_CMD_GETCONF 0x0003
36 #define CONTROL_CMD_CONFVALUE 0x0004
37 #define CONTROL_CMD_SETEVENTS 0x0005
38 #define CONTROL_CMD_EVENT 0x0006
39 #define CONTROL_CMD_AUTHENTICATE 0x0007
40 #define CONTROL_CMD_SAVECONF 0x0008
41 #define _CONTROL_CMD_MAX_RECOGNIZED 0x0008
42
43 /* Recognized error codes. */
44 #define ERR_UNSPECIFIED 0x0000
45 #define ERR_INTERNAL 0x0001
46 #define ERR_UNRECOGNIZED_TYPE 0x0002
47 #define ERR_SYNTAX 0x0003
48 #define ERR_UNRECOGNIZED_CONFIG_KEY 0x0004
49 #define ERR_INVALID_CONFIG_VALUE 0x0005
50 #define ERR_UNRECOGNIZED_EVENT_CODE 0x0006
51 #define ERR_UNAUTHORIZED 0x0007
52 #define ERR_REJECTED_AUTHENTICATION 0x0008
53
54 /* Recognized asynchronous event types. */
55 #define _EVENT_MIN 0x0001
56 #define EVENT_CIRCUIT_STATUS 0x0001
57 #define EVENT_STREAM_STATUS 0x0002
58 #define EVENT_OR_CONN_STATUS 0x0003
59 #define EVENT_BANDWIDTH_USED 0x0004
60 #define EVENT_WARNING 0x0005
61 #define _EVENT_MAX 0x0005
62
63 /** Array mapping from message type codes to human-readable message
64 * type names. */
65 static const char * CONTROL_COMMANDS[] = {
66 "error",
67 "done",
68 "setconf",
69 "getconf",
70 "confvalue",
71 "setevents",
72 "events",
73 "authenticate",
74 "saveconf",
75 };
76
77 /** Bitfield: The bit 1&lt;&lt;e is set if <b>any</b> open control
78 * connection is interested in events of type <b>e</b>. We use this
79 * so that we can decide to skip generating event messages that nobody
80 * has interest in without having to walk over the global connection
81 * list to find out.
82 **/
83 static uint32_t global_event_mask = 0;
84
85 /** Macro: true if any control connection is interested in events of type
86 * <b>e</b>. */
87 #define EVENT_IS_INTERESTING(e) (global_event_mask & (1<<(e)))
88
89 /** If we're using cookie-type authentication, how long should our cookies be?
90 */
91 #define AUTHENTICATION_COOKIE_LEN 32
92
93 /** If true, we've set authentication_cookie to a secret code and
94 * stored it to disk. */
95 static int authentication_cookie_is_set = 0;
96 static char authentication_cookie[AUTHENTICATION_COOKIE_LEN];
97
98 static void update_global_event_mask(void);
99 static void send_control_message(connection_t *conn, uint16_t type,
100 uint16_t len, const char *body);
101 static void send_control_done(connection_t *conn);
102 static void send_control_error(connection_t *conn, uint16_t error,
103 const char *message);
104 static void send_control_event(uint16_t event, uint16_t len, const char *body);
105 static int handle_control_setconf(connection_t *conn, uint16_t len,
106 char *body);
107 static int handle_control_getconf(connection_t *conn, uint16_t len,
108 const char *body);
109 static int handle_control_setevents(connection_t *conn, uint16_t len,
110 const char *body);
111 static int handle_control_authenticate(connection_t *conn, uint16_t len,
112 const char *body);
113 static int handle_control_saveconf(connection_t *conn, uint16_t len,
114 const char *body);
115
116 /** Given a possibly invalid message type code <b>cmd</b>, return a
117 * human-readable string equivalent. */
118 static INLINE const char *
119 control_cmd_to_string(uint16_t cmd)
120 {
121 return (cmd<=_CONTROL_CMD_MAX_RECOGNIZED) ? CONTROL_COMMANDS[cmd] : "Unknown";
122 }
123
124 /** Set <b>global_event_mask</b> to the bitwise OR of each live control
125 * connection's event_mask field. */
126 static void update_global_event_mask(void)
127 {
128 connection_t **conns;
129 int n_conns, i;
130
131 global_event_mask = 0;
132 get_connection_array(&conns, &n_conns);
133 for (i = 0; i < n_conns; ++i) {
134 if (conns[i]->type == CONN_TYPE_CONTROL &&
135 conns[i]->state == CONTROL_CONN_STATE_OPEN) {
136 global_event_mask |= conns[i]->event_mask;
137 }
138 }
139 }
140
141 /** Send a message of type <b>type</b> containing <b>len</b> bytes
142 * from <b>body</b> along the control connection <b>conn</b> */
143 static void
144 send_control_message(connection_t *conn, uint16_t type, uint16_t len,
145 const char *body)
146 {
147 char buf[4];
148 tor_assert(conn);
149 tor_assert(len || !body);
150 tor_assert(type <= _CONTROL_CMD_MAX_RECOGNIZED);
151 set_uint16(buf, htons(len));
152 set_uint16(buf+2, htons(type));
153 connection_write_to_buf(buf, 4, conn);
154 if (len)
155 connection_write_to_buf(body, len, conn);
156 }
157
158 /** Send a "DONE" message down the control connection <b>conn</b> */
159 static void
160 send_control_done(connection_t *conn)
161 {
162 send_control_message(conn, CONTROL_CMD_DONE, 0, NULL);
163 }
164
165 /** Send an error message with error code <b>error</b> and body
166 * <b>message</b> down the connection <b>conn</b> */
167 static void
168 send_control_error(connection_t *conn, uint16_t error, const char *message)
169 {
170 char buf[256];
171 size_t len;
172 set_uint16(buf, htons(error));
173 len = strlen(message);
174 tor_assert(len < (256-2));
175 memcpy(buf+2, message, len);
176 send_control_message(conn, CONTROL_CMD_ERROR, (uint16_t)(len+2), buf);
177 }
178
179 /** Send an 'event' message of event type <b>event</b>, containing
180 * <b>len</b> bytes in <b>body</b> to every control connection that
181 * is interested in it. */
182 static void
183 send_control_event(uint16_t event, uint16_t len, const char *body)
184 {
185 connection_t **conns;
186 int n_conns, i;
187 size_t buflen;
188 char *buf;
189
190 buflen = len + 2;
191 buf = tor_malloc_zero(buflen);
192 set_uint16(buf, htons(event));
193 memcpy(buf+2, body, len);
194
195 get_connection_array(&conns, &n_conns);
196 for (i = 0; i < n_conns; ++i) {
197 if (conns[i]->type == CONN_TYPE_CONTROL &&
198 conns[i]->state == CONTROL_CONN_STATE_OPEN &&
199 conns[i]->event_mask & (1<<event)) {
200 send_control_message(conns[i], CONTROL_CMD_EVENT, (uint16_t)(buflen), buf);
201 }
202 }
203
204 tor_free(buf);
205 }
206
207 /** Called when we receive a SETCONF message: parse the body and try
208 * to update our configuration. Reply with a DONE or ERROR message. */
209 static int
210 handle_control_setconf(connection_t *conn, uint16_t len, char *body)
211 {
212 int r;
213 struct config_line_t *lines=NULL;
214
215 if (config_get_lines(body, &lines) < 0) {
216 log_fn(LOG_WARN,"Controller gave us config lines we can't parse.");
217 send_control_error(conn, ERR_SYNTAX, "Couldn't parse configuration");
218 return 0;
219 }
220
221 if ((r=config_trial_assign(lines, 1)) < 0) {
222 log_fn(LOG_WARN,"Controller gave us config lines that didn't validate.");
223 if (r==-1) {
224 send_control_error(conn, ERR_UNRECOGNIZED_CONFIG_KEY,
225 "Unrecognized option");
226 } else {
227 send_control_error(conn, ERR_INVALID_CONFIG_VALUE,"Invalid option value");
228 }
229 config_free_lines(lines);
230 return 0;
231 }
232
233 config_free_lines(lines);
234 if (options_act() < 0) { /* acting on them failed. die. */
235 log_fn(LOG_ERR,"Acting on config options left us in a broken state. Dying.");
236 exit(1);
237 }
238 send_control_done(conn);
239 return 0;
240 }
241
242 /** Called when we receive a GETCONF message. Parse the request, and
243 * reply with a CONFVALUE or an ERROR message */
244 static int
245 handle_control_getconf(connection_t *conn, uint16_t body_len, const char *body)
246 {
247 smartlist_t *questions = NULL;
248 smartlist_t *answers = NULL;
249 char *msg = NULL;
250 size_t msg_len;
251 or_options_t *options = get_options();
252
253 questions = smartlist_create();
254 smartlist_split_string(questions, body, "\n",
255 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
256 answers = smartlist_create();
257 SMARTLIST_FOREACH(questions, const char *, q,
258 {
259 int recognized = config_option_is_recognized(q);
260 if (!recognized) {
261 send_control_error(conn, ERR_UNRECOGNIZED_CONFIG_KEY, body);
262 goto done;
263 } else {
264 struct config_line_t *answer = config_get_assigned_option(options,q);
265
266 while (answer) {
267 struct config_line_t *next;
268 size_t alen = strlen(answer->key)+strlen(answer->value)+2;
269 char *astr = tor_malloc(alen);
270 tor_snprintf(astr, alen, "%s %s\n", answer->key, answer->value);
271 smartlist_add(answers, astr);
272
273 next = answer->next;
274 tor_free(answer->key);
275 tor_free(answer->value);
276 tor_free(answer);
277 answer = next;
278 }
279 }
280 });
281
282 msg = smartlist_join_strings(answers, "", 0, &msg_len);
283 send_control_message(conn, CONTROL_CMD_CONFVALUE,
284 (uint16_t)msg_len, msg_len?msg:NULL);
285
286 done:
287 if (answers) SMARTLIST_FOREACH(answers, char *, cp, tor_free(cp));
288 if (questions) SMARTLIST_FOREACH(questions, char *, cp, tor_free(cp));
289 smartlist_free(answers);
290 smartlist_free(questions);
291 tor_free(msg);
292
293 return 0;
294 }
295
296 /** Called when we get a SETEVENTS message: update conn->event_mask,
297 * and reply with DONE or ERROR. */
298 static int
299 handle_control_setevents(connection_t *conn, uint16_t len, const char *body)
300 {
301 uint16_t event_code;
302 uint32_t event_mask = 0;
303 if (len % 2) {
304 send_control_error(conn, ERR_SYNTAX,
305 "Odd number of bytes in setevents message");
306 return 0;
307 }
308
309 for (; len; len -= 2, body += 2) {
310 event_code = ntohs(get_uint16(body));
311 if (event_code < _EVENT_MIN || event_code > _EVENT_MAX) {
312 send_control_error(conn, ERR_UNRECOGNIZED_EVENT_CODE,
313 "Unrecognized event code");
314 return 0;
315 }
316 event_mask |= (1 << event_code);
317 }
318
319 conn->event_mask = event_mask;
320
321 update_global_event_mask();
322 send_control_done(conn);
323 return 0;
324 }
325
326 /** Called when we get an AUTHENTICATE message. Check whether the
327 * authentication is valid, and if so, update the connection's state to
328 * OPEN. Reply with DONE or ERROR.
329 */
330 static int
331 handle_control_authenticate(connection_t *conn, uint16_t len, const char *body)
332 {
333 or_options_t *options = get_options();
334 if (options->CookieAuthentication) {
335 if (len == AUTHENTICATION_COOKIE_LEN &&
336 !memcmp(authentication_cookie, body, len)) {
337 goto ok;
338 }
339 } else if (options->HashedControlPassword) {
340 char expected[S2K_SPECIFIER_LEN+DIGEST_LEN];
341 char received[DIGEST_LEN];
342 if (base64_decode(expected,sizeof(expected),
343 options->HashedControlPassword,
344 strlen(options->HashedControlPassword))<0) {
345 log_fn(LOG_WARN,"Couldn't decode HashedControlPassword: invalid base64");
346 goto err;
347 }
348 secret_to_key(received,DIGEST_LEN,body,len,expected);
349 if (!memcmp(expected+S2K_SPECIFIER_LEN, received, DIGEST_LEN))
350 goto ok;
351 goto err;
352 } else {
353 if (len == 0) {
354 /* if Tor doesn't demand any stronger authentication, then
355 * the controller can get in with a blank auth line. */
356 goto ok;
357 }
358 goto err;
359 }
360
361 err:
362 send_control_error(conn, ERR_REJECTED_AUTHENTICATION,"Authentication failed");
363 return 0;
364 ok:
365 log_fn(LOG_INFO, "Authenticated control connection (%d)", conn->s);
366 send_control_done(conn);
367 conn->state = CONTROL_CONN_STATE_OPEN;
368 return 0;
369 }
370
371 static int
372 handle_control_saveconf(connection_t *conn, uint16_t len,
373 const char *body)
374 {
375 if (save_current_config()<0) {
376 send_control_error(conn, ERR_INTERNAL,
377 "Unable to write configuration to disk.");
378 } else {
379 send_control_done(conn);
380 }
381 return 0;
382 }
383
384 /** Called when <b>conn</b> has no more bytes left on its outbuf. */
385 int
386 connection_control_finished_flushing(connection_t *conn) {
387 tor_assert(conn);
388 tor_assert(conn->type == CONN_TYPE_CONTROL);
389
390 connection_stop_writing(conn);
391 return 0;
392 }
393
394 /** Called when <b>conn</b> has gotten its socket closed. */
395 int connection_control_reached_eof(connection_t *conn) {
396 log_fn(LOG_INFO,"Control connection reached EOF. Closing.");
397 connection_mark_for_close(conn);
398 return 0;
399 }
400
401 /** Called when <b>conn</b> has received more bytes on its inbuf.
402 */
403 int
404 connection_control_process_inbuf(connection_t *conn) {
405 uint16_t body_len, command_type;
406 char *body;
407
408 tor_assert(conn);
409 tor_assert(conn->type == CONN_TYPE_CONTROL);
410
411 again:
412 /* Try to suck a control message from the buffer. */
413 switch(fetch_from_buf_control(conn->inbuf, &body_len, &command_type, &body))
414 {
415 case -1:
416 tor_free(body);
417 log_fn(LOG_WARN, "Error in control command. Failing.");
418 return -1;
419 case 0:
420 /* Control command not all here yet. Wait. */
421 return 0;
422 case 1:
423 /* We got a command. Process it. */
424 break;
425 default:
426 tor_assert(0);
427 }
428
429 /* We got a command. If we need authentication, only authentication
430 * commands will be considered. */
431 if (conn->state == CONTROL_CONN_STATE_NEEDAUTH &&
432 command_type != CONTROL_CMD_AUTHENTICATE) {
433 log_fn(LOG_WARN, "Rejecting '%s' command; authentication needed.",
434 control_cmd_to_string(command_type));
435 send_control_error(conn, ERR_UNAUTHORIZED, "Authentication required");
436 tor_free(body);
437 goto again;
438 }
439
440 /* Okay, we're willing to process the command. */
441 switch(command_type)
442 {
443 case CONTROL_CMD_SETCONF:
444 if (handle_control_setconf(conn, body_len, body))
445 return -1;
446 break;
447 case CONTROL_CMD_GETCONF:
448 if (handle_control_getconf(conn, body_len, body))
449 return -1;
450 break;
451 case CONTROL_CMD_SETEVENTS:
452 if (handle_control_setevents(conn, body_len, body))
453 return -1;
454 break;
455 case CONTROL_CMD_AUTHENTICATE:
456 if (handle_control_authenticate(conn, body_len, body))
457 return -1;
458 break;
459 case CONTROL_CMD_SAVECONF:
460 if (handle_control_saveconf(conn, body_len, body))
461 return -1;
462 break;
463 case CONTROL_CMD_ERROR:
464 case CONTROL_CMD_DONE:
465 case CONTROL_CMD_CONFVALUE:
466 case CONTROL_CMD_EVENT:
467 log_fn(LOG_WARN, "Received client-only '%s' command; ignoring.",
468 control_cmd_to_string(command_type));
469 send_control_error(conn, ERR_UNRECOGNIZED_TYPE,
470 "Command type only valid from server to tor client");
471 break;
472 default:
473 log_fn(LOG_WARN, "Received unrecognized command type %d; ignoring.",
474 (int)command_type);
475 send_control_error(conn, ERR_UNRECOGNIZED_TYPE,
476 "Unrecognized command type");
477 break;
478 }
479 tor_free(body);
480 goto again; /* There might be more data. */
481 }
482
483 /** Something has happened to circuit <b>circ</b>: tell any interested
484 * control connections. */
485 int
486 control_event_circuit_status(circuit_t *circ, circuit_status_event_t tp)
487 {
488 char *path, *msg;
489 size_t path_len;
490 if (!EVENT_IS_INTERESTING(EVENT_CIRCUIT_STATUS))
491 return 0;
492 tor_assert(circ);
493 tor_assert(CIRCUIT_IS_ORIGIN(circ));
494
495 path = circuit_list_path(circ);
496 path_len = strlen(path);
497 msg = tor_malloc(1+4+path_len+1); /* event, circid, path, NUL. */
498 msg[0] = (uint8_t) tp;
499 set_uint32(msg+1, htonl(circ->global_identifier));
500 strlcpy(msg+5,path,path_len+1);
501
502 send_control_event(EVENT_STREAM_STATUS, (uint16_t)(path_len+6), msg);
503 tor_free(path);
504 tor_free(msg);
505 return 0;
506 }
507
508 /** Something has happened to the stream associated with AP connection
509 * <b>conn</b>: tell any interested control connections. */
510 int
511 control_event_stream_status(connection_t *conn, stream_status_event_t tp)
512 {
513 char *msg;
514 size_t len;
515 tor_assert(conn->type == CONN_TYPE_AP);
516 tor_assert(conn->socks_request);
517
518 if (!EVENT_IS_INTERESTING(EVENT_STREAM_STATUS))
519 return 0;
520
521 len = strlen(conn->socks_request->address);
522 msg = tor_malloc(5+len+1);
523 msg[0] = (uint8_t) tp;
524 set_uint32(msg+1, htonl(conn->s)); /* ???? Is this a security problem? */
525 strlcpy(msg+5, conn->socks_request->address, len+1);
526
527 send_control_event(EVENT_STREAM_STATUS, (uint16_t)(5+len+1), msg);
528 tor_free(msg);
529 return 0;
530 }
531
532 /** Something has happened to the OR connection <b>conn</b>: tell any
533 * interested control connections. */
534 int
535 control_event_or_conn_status(connection_t *conn,or_conn_status_event_t tp)
536 {
537 char buf[HEX_DIGEST_LEN+3]; /* status, dollar, identity, NUL */
538 size_t len;
539
540 tor_assert(conn->type == CONN_TYPE_OR);
541
542 if (!EVENT_IS_INTERESTING(EVENT_OR_CONN_STATUS))
543 return 0;
544
545 buf[0] = (uint8_t)tp;
546 strlcpy(buf+1,conn->nickname,sizeof(buf)-1);
547 len = strlen(buf+1);
548 send_control_event(EVENT_OR_CONN_STATUS, (uint16_t)(len+1), buf);
549 return 0;
550 }
551
552 /** A second or more has elapsed: tell any interested control
553 * connections how much bandwidth we used. */
554 int
555 control_event_bandwidth_used(uint32_t n_read, uint32_t n_written)
556 {
557 char buf[8];
558
559 if (!EVENT_IS_INTERESTING(EVENT_BANDWIDTH_USED))
560 return 0;
561
562 set_uint32(buf, htonl(n_read));
563 set_uint32(buf+4, htonl(n_written));
564 send_control_event(EVENT_BANDWIDTH_USED, 8, buf);
565
566 return 0;
567 }
568
569 /** We got a log message: tell any interested control connections. */
570 void
571 control_event_logmsg(int severity, const char *msg)
572 {
573 size_t len;
574 if (severity > LOG_WARN) /* Less important than warning? ignore for now. */
575 return;
576 if (!EVENT_IS_INTERESTING(EVENT_WARNING))
577 return;
578
579 len = strlen(msg);
580 send_control_event(EVENT_WARNING, (uint16_t)(len+1), msg);
581 }
582
583 /** Choose a random authentication cookie and write it to disk.
584 * Anybody who can read the cookie from disk will be considered
585 * authorized to use the control connection. */
586 int
587 init_cookie_authentication(int enabled)
588 {
589 char fname[512];
590
591 if (!enabled)
592 authentication_cookie_is_set = 0;
593
594 tor_snprintf(fname, sizeof(fname), "%s/control_auth_cookie",
595 get_options()->DataDirectory);
596 crypto_rand(authentication_cookie, AUTHENTICATION_COOKIE_LEN);
597 authentication_cookie_is_set = 1;
598 if (write_bytes_to_file(fname, authentication_cookie,
599 AUTHENTICATION_COOKIE_LEN, 1)) {
600 log_fn(LOG_WARN,"Error writing authentication cookie.");
601 return -1;
602 }
603
604 return 0;
605 }
606
607 /*
608 Local Variabls:
609 mode:c
610 indent-tabs-mode:nil
611 c-basic-offset:2
612 End:
613 */
The Onion Router