| blob | 5f9282ea7942d1e11b7c666c4a3badb7acd399e2 |
1 /* Copyright (c) 2017, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file hs_config.c
6 * \brief Implement hidden service configuration subsystem.
7 *
8 * \details
9 *
10 * This file has basically one main entry point: hs_config_service_all(). It
11 * takes the torrc options and configure hidden service from it. In validate
12 * mode, nothing is added to the global service list or keys are not generated
13 * nor loaded.
14 *
15 * A service is configured in two steps. It is first created using the tor
16 * options and then put in a staging list. It will stay there until
17 * hs_service_load_all_keys() is called. That function is responsible to
18 * load/generate the keys for the service in the staging list and if
19 * successful, transfert the service to the main global service list where
20 * at that point it is ready to be used.
21 *
22 * Configuration functions are per-version and there is a main generic one for
23 * every option that is common to all version (config_generic_service).
24 **/
26 #define HS_CONFIG_PRIVATE
33 /* Using the given list of services, stage them into our global state. Every
34 * service version are handled. This function can remove entries in the given
35 * service_list.
36 *
37 * Staging a service means that we take all services in service_list and we
38 * put them in the staging list (global) which acts as a temporary list that
39 * is used by the service loading key process. In other words, staging a
40 * service puts it in a list to be considered when loading the keys and then
41 * moved to the main global list. */
42 static void
44 {
47 /* This is v2 specific. Trigger service pruning which will make sure the
48 * just configured services end up in the main global list. It should only
49 * be done in non validation mode because v2 subsystem handles service
50 * object differently. */
53 /* Cleanup v2 service from the list, we don't need those object anymore
54 * because we validated them all against the others and we want to stage
55 * only >= v3 service. And remember, v2 has a different object type which is
56 * shadow copied from an hs_service_t type. */
61 }
64 /* This is >= v3 specific. Using the newly configured service list, stage
65 * them into our global state. Every object ownership is lost after. */
67 }
69 /* Validate the given service against all service in the given list. If the
70 * service is ephemeral, this function ignores it. Services with the same
71 * directory path aren't allowed and will return an error. If a duplicate is
72 * found, 1 is returned else 0 if none found. */
73 static int
76 {
82 /* Ephemeral service don't have a directory configured so no need to check
83 * for a service in the list having the same path. */
86 }
88 /* XXX: Validate if we have any service that has the given service dir path.
89 * This has two problems:
90 *
91 * a) It's O(n^2), but the same comment from the bottom of
92 * rend_config_services() should apply.
93 *
94 * b) We only compare directory paths as strings, so we can't
95 * detect two distinct paths that specify the same directory
96 * (which can arise from symlinks, case-insensitivity, bind
97 * mounts, etc.).
98 *
99 * It also can't detect that two separate Tor instances are trying
100 * to use the same HiddenServiceDir; for that, we would need a
101 * lock file. But this is enough to detect a simple mistake that
102 * at least one person has actually made. */
110 }
113 end:
115 }
117 /* Helper function: Given an configuration option name, its value, a minimum
118 * min and a maxium max, parse the value as a uint64_t. On success, ok is set
119 * to 1 and ret is the parsed value. On error, ok is set to 0 and ret must be
120 * ignored. This function logs both on error and success. */
121 static uint64_t
124 {
138 }
140 err:
142 }
144 /* Return true iff the given options starting at line_ for a hidden service
145 * contains at least one invalid option. Each hidden service option don't
146 * apply to all versions so this function can find out. The line_ MUST start
147 * right after the HiddenServiceDir line of this service.
148 *
149 * This is mainly for usability so we can inform the user of any invalid
150 * option for the hidden service version instead of silently ignoring. */
151 static int
154 {
162 /* List of options that a v3 service doesn't support thus must exclude from
163 * its configuration. */
166 NULL /* End marker. */
167 };
169 /* Defining the size explicitly allows us to take advantage of the compiler
170 * which warns us if we ever bump the max version but forget to grow this
171 * array. The plus one is because we have a version 0 :). */
179 };
183 /* No exclude options to look at for this version. */
185 }
190 /* We just hit the next hidden service, stop right now. */
192 }
199 /* Continue the loop so we can find all possible options. */
201 }
202 }
203 }
204 end:
206 }
208 /* Validate service configuration. This is used when loading the configuration
209 * and once we've setup a service object, it's config object is passed to this
210 * function for further validation. This does not validate service key
211 * material. Return 0 if valid else -1 if invalid. */
212 static int
214 {
217 /* Amount of ports validation. */
222 }
224 /* Valid. */
226 invalid:
228 }
230 /* Configuration funcion for a version 3 service. The line_ must be pointing
231 * to the directive directly after a HiddenServiceDir. That way, when hitting
232 * the next HiddenServiceDir line or reaching the end of the list of lines, we
233 * know that we have to stop looking for more options. The given service
234 * object must be already allocated and passed through
235 * config_generic_service() prior to calling this function.
236 *
237 * Return 0 on success else a negative value. */
238 static int
241 {
251 /* We just hit the next hidden service, stop right now. */
253 }
254 /* Number of introduction points. */
258 NUM_INTRO_POINTS_DEFAULT,
259 HS_CONFIG_V3_MAX_INTRO_POINTS,
265 }
268 }
269 }
271 /* We do not load the key material for the service at this stage. This is
272 * done later once tor can confirm that it is in a running state. */
274 /* We are about to return a fully configured service so do one last pass of
275 * validation at it. */
278 }
281 err:
284 }
286 }
288 /* Configure a service using the given options in line_ and options. This is
289 * called for any service regardless of its version which means that all
290 * directives in this function are generic to any service version. This
291 * function will also check the validity of the service directory path.
292 *
293 * The line_ must be pointing to the directive directly after a
294 * HiddenServiceDir. That way, when hitting the next HiddenServiceDir line or
295 * reaching the end of the list of lines, we know that we have to stop looking
296 * for more options.
297 *
298 * Return 0 on success else -1. */
299 static int
303 {
307 /* If this is set, we've seen a duplicate of this option. Keep the string
308 * so we can log the directive. */
310 /* These variables will tell us if we ever have duplicate. */
319 /* Makes thing easier. */
322 /* The first line starts with HiddenServiceDir so we consider what's next is
323 * the configuration of the service. */
327 /* This indicate that we have a new service to configure. */
329 /* This function only configures one service at a time so if we've
330 * already seen one, stop right now. */
333 }
334 /* Ok, we've seen one and we are about to configure it. */
340 }
343 }
344 /* Version of the service. */
353 }
356 }
357 /* Virtual port. */
360 /* XXX: Can we rename this? */
366 }
369 }
375 }
376 /* Do we allow unknown ports. */
384 }
387 }
388 /* Directory group readable. */
396 }
399 }
400 /* Maximum streams per circuit. */
409 }
412 }
413 /* Maximum amount of streams before we close the circuit. */
421 }
424 }
425 }
427 /* Check if we are configured in non anonymous mode and single hop mode
428 * meaning every service become single onion. */
432 }
434 /* Success */
436 err:
439 }
441 }
443 /* Configure a service using the given line and options. This function will
444 * call the corresponding configuration function for a specific service
445 * version and validate the service against the other ones. On success, add
446 * the service to the given list and return 0. On error, nothing is added to
447 * the list and a negative value is returned. */
448 static int
451 {
459 /* We have a new hidden service. */
461 /* We'll configure that service as a generic one and then pass it to a
462 * specific function according to the configured version number. */
465 }
467 /* Before we configure the service on a per-version basis, we'll make
468 * sure that this set of options for a service are valid that is for
469 * instance an option only for v2 is not used for v3. */
472 }
473 /* Check permission on service directory that was just parsed. And this must
474 * be done regardless of the service version. Do not ask for the directory
475 * to be created, this is done when the keys are loaded because we could be
476 * in validation mode right now. */
482 }
483 /* Different functions are in charge of specific options for a version. We
484 * start just after the service directory line so once we hit another
485 * directory line, the function knows that it has to stop parsing. */
494 /* We do validate before if we support the parsed version. */
497 }
500 }
501 /* We'll check if this service can be kept depending on the others
502 * configured previously. */
505 }
506 /* Passes, add it to the given list. */
510 err:
513 }
515 /* From a set of <b>options</b>, setup every hidden service found. Return 0 on
516 * success or -1 on failure. If <b>validate_only</b> is set, parse, warn and
517 * return as normal, but don't actually change the configured services. */
518 int
520 {
527 /* Newly configured service are put in that list which is then used for
528 * validation and staging for >= v3. */
532 /* Ignore all directives that aren't the start of a service. */
538 }
540 }
541 /* Flag that we've seen a directory directive and we'll use it to make
542 * sure that the torrc options ordering is actually valid. */
545 /* Try to configure this service now. On success, it will be added to the
546 * list and validated against the service in that same list. */
549 }
550 }
552 /* In non validation mode, we'll stage those services we just successfully
553 * configured. Service ownership is transfered from the list to the global
554 * state. If any service is invalid, it will be removed from the list and
555 * freed. All versions are handled in that function. */
559 /* We've just validated that we were able to build a clean working list of
560 * services. We don't need those objects anymore. */
563 /* For the v2 subsystem, the configuration function adds the service
564 * object to the staging list and it is transferred in the main list
565 * through the prunning process. In validation mode, we thus have to purge
566 * the staging list so it's not kept in memory as valid service. */
568 }
570 /* Success. Note that the service list has no ownership of its content. */
574 err:
577 end:
579 /* Tor main should call the free all function on error. */
581 }