| blob | f8d71674ded1dbad06ee3dc17de9ff606fd325e5 |
1 /* Copyright (c) 2017-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
4 /**
5 * \file hs_config.c
6 * \brief Implement hidden service configuration subsystem.
7 *
8 * \details
9 *
10 * This file has basically one main entry point: hs_config_service_all(). It
11 * takes the torrc options and configure hidden service from it. In validate
12 * mode, nothing is added to the global service list or keys are not generated
13 * nor loaded.
14 *
15 * A service is configured in two steps. It is first created using the tor
16 * options and then put in a staging list. It will stay there until
17 * hs_service_load_all_keys() is called. That function is responsible to
18 * load/generate the keys for the service in the staging list and if
19 * successful, transferred the service to the main global service list where
20 * at that point it is ready to be used.
21 *
22 * Configuration functions are per-version and there is a main generic one for
23 * every option that is common to all version (config_generic_service).
24 **/
40 /* Declare the table mapping hs options to hs_opts_t */
41 #define CONF_CONTEXT TABLE
43 #undef CONF_CONTEXT
45 /** Magic number for hs_opts_t. */
46 #define HS_OPTS_MAGIC 0x6f6e796e
51 HS_OPTS_MAGIC,
54 };
56 /** Global configuration manager to handle HS sections*/
59 /**
60 * Return a configuration manager for the hs_opts_t configuration type.
61 **/
64 {
68 }
70 }
72 /**
73 * Allocate, initialize, and return a new hs_opts_t.
74 **/
77 {
83 }
85 /**
86 * Free an hs_opts_t.
87 **/
88 #define hs_opts_free(opts) \
89 config_free(get_hs_opts_mgr(), (opts))
91 /** Using the given list of services, stage them into our global state. Every
92 * service version are handled. This function can remove entries in the given
93 * service_list.
94 *
95 * Staging a service means that we take all services in service_list and we
96 * put them in the staging list (global) which acts as a temporary list that
97 * is used by the service loading key process. In other words, staging a
98 * service puts it in a list to be considered when loading the keys and then
99 * moved to the main global list. */
100 static void
102 {
105 /* This is v2 specific. Trigger service pruning which will make sure the
106 * just configured services end up in the main global list. It should only
107 * be done in non validation mode because v2 subsystem handles service
108 * object differently. */
111 /* Cleanup v2 service from the list, we don't need those object anymore
112 * because we validated them all against the others and we want to stage
113 * only >= v3 service. And remember, v2 has a different object type which is
114 * shadow copied from an hs_service_t type. */
119 }
122 /* This is >= v3 specific. Using the newly configured service list, stage
123 * them into our global state. Every object ownership is lost after. */
125 }
127 /** Validate the given service against all service in the given list. If the
128 * service is ephemeral, this function ignores it. Services with the same
129 * directory path aren't allowed and will return an error. If a duplicate is
130 * found, 1 is returned else 0 if none found. */
131 static int
134 {
140 /* Ephemeral service don't have a directory configured so no need to check
141 * for a service in the list having the same path. */
144 }
146 /* XXX: Validate if we have any service that has the given service dir path.
147 * This has two problems:
148 *
149 * a) It's O(n^2), but the same comment from the bottom of
150 * rend_config_services() should apply.
151 *
152 * b) We only compare directory paths as strings, so we can't
153 * detect two distinct paths that specify the same directory
154 * (which can arise from symlinks, case-insensitivity, bind
155 * mounts, etc.).
156 *
157 * It also can't detect that two separate Tor instances are trying
158 * to use the same HiddenServiceDir; for that, we would need a
159 * lock file. But this is enough to detect a simple mistake that
160 * at least one person has actually made. */
168 }
171 end:
173 }
175 /** Check whether an integer <b>i</b> is out of bounds (not between <b>low</b>
176 * and <b>high</b> incusive). If it is, then log a warning about the option
177 * <b>name</b>, and return true. Otherwise return false. */
178 static bool
180 {
187 }
189 }
191 }
193 /**
194 * Helper: check whether the integer value called <b>name</b> in <b>opts</b>
195 * is out-of-bounds.
196 **/
197 #define CHECK_OOB(opts, name, low, high) \
198 check_value_oob((opts)->name, #name, (low), (high))
200 /** Helper function: Given a configuration option and its value, parse the
201 * value as a hs_circuit_id_protocol_t. On success, ok is set to 1 and ret is
202 * the parse value. On error, ok is set to 0 and the "none"
203 * hs_circuit_id_protocol_t is returned. This function logs on error. */
204 static hs_circuit_id_protocol_t
206 {
222 }
224 err:
226 }
228 /** Return the service version by trying to learn it from the key on disk if
229 * any. If nothing is found, the current service configured version is
230 * returned. */
231 static int
233 {
241 }
244 }
246 /**
247 * Header key indicating the start of a new hidden service configuration
248 * block.
249 **/
252 /** Return true iff the given options starting at line_ for a hidden service
253 * contains at least one invalid option. Each hidden service option don't
254 * apply to all versions so this function can find out. The line_ MUST start
255 * right after the HiddenServiceDir line of this service.
256 *
257 * This is mainly for usability so we can inform the user of any invalid
258 * option for the hidden service version instead of silently ignoring. */
259 static int
262 {
270 /* List of options that a v3 service doesn't support thus must exclude from
271 * its configuration. */
274 NULL /* End marker. */
275 };
283 NULL /* End marker. */
284 };
286 /* Defining the size explicitly allows us to take advantage of the compiler
287 * which warns us if we ever bump the max version but forget to grow this
288 * array. The plus one is because we have a version 0 :). */
296 };
300 /* No exclude options to look at for this version. */
302 }
307 /* We just hit the next hidden service, stop right now.
308 * (This shouldn't be possible, now that we have partitioned the list
309 * into sections.) */
312 }
320 /* Special case this v2 option so that we can offer alternatives.
321 * If more such special cases appear, it would be good to
322 * generalize the exception mechanism here. */
324 "please read the 'CLIENT AUTHORIZATION' section in the "
326 }
329 /* Continue the loop so we can find all possible options. */
331 }
332 }
333 }
334 end:
336 }
338 /** Validate service configuration. This is used when loading the configuration
339 * and once we've setup a service object, it's config object is passed to this
340 * function for further validation. This does not validate service key
341 * material. Return 0 if valid else -1 if invalid. */
342 static int
344 {
347 /* Amount of ports validation. */
352 }
354 /* DoS validation values. */
361 }
363 /* Valid. */
365 invalid:
367 }
369 /** Configuration function for a version 3 service. The given service
370 * object must be already allocated and passed through
371 * config_generic_service() prior to calling this function.
372 *
373 * Return 0 on success else a negative value. */
374 static int
377 {
381 /* Number of introduction points. */
383 NUM_INTRO_POINTS_DEFAULT,
384 HS_CONFIG_V3_MAX_INTRO_POINTS)) {
386 }
389 /* Circuit ID export setting. */
398 }
399 }
401 /* Is the DoS defense enabled? */
405 /* Rate for DoS defense */
407 HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MIN,
408 HS_CONFIG_V3_DOS_DEFENSE_RATE_PER_SEC_MAX)) {
410 }
417 HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MIN,
418 HS_CONFIG_V3_DOS_DEFENSE_BURST_PER_SEC_MAX)) {
420 }
426 /* Is this an onionbalance instance? */
428 /* Option is enabled, parse config file. */
431 }
432 }
434 /* We do not load the key material for the service at this stage. This is
435 * done later once tor can confirm that it is in a running state. */
437 /* We are about to return a fully configured service so do one last pass of
438 * validation at it. */
441 }
444 err:
446 }
448 /** Configure a service using the given options in hs_opts and options. This is
449 * called for any service regardless of its version which means that all
450 * directives in this function are generic to any service version. This
451 * function will also check the validity of the service directory path.
452 *
453 * The line_ must be pointing to the directive directly after a
454 * HiddenServiceDir. That way, when hitting the next HiddenServiceDir line or
455 * reaching the end of the list of lines, we know that we have to stop looking
456 * for more options.
457 *
458 * Return 0 on success else -1. */
459 static int
463 {
470 /* Makes thing easier. */
473 /* Directory where the service's keys are stored. */
479 /* Protocol version for the service. */
481 /* No value was set; stay with the default. */
488 }
490 /* Virtual port. */
494 /* XXX: Can we rename this? */
500 }
503 }
508 }
510 /* Do we allow unknown ports? */
513 /* Directory group readable. */
516 /* Maximum streams per circuit. */
520 }
523 /* Maximum amount of streams before we close the circuit. */
527 /* Check if we are configured in non anonymous mode meaning every service
528 * becomes a single onion service. */
531 }
533 /* Success */
535 err:
537 }
539 /** Configure a service using the given line and options. This function will
540 * call the corresponding configuration function for a specific service
541 * version and validate the service against the other ones. On success, add
542 * the service to the given list and return 0. On error, nothing is added to
543 * the list and a negative value is returned. */
544 static int
547 {
557 /* We have a new hidden service. */
560 /* Try to validate and parse the configuration lines into 'hs_opts' */
566 }
573 }
576 /* We'll configure that service as a generic one and then pass it to a
577 * specific function according to the configured version number. */
580 }
584 /* Check permission on service directory that was just parsed. And this must
585 * be done regardless of the service version. Do not ask for the directory
586 * to be created, this is done when the keys are loaded because we could be
587 * in validation mode right now. */
593 }
595 /* We'll try to learn the service version here by loading the key(s) if
596 * present and we did not set HiddenServiceVersion. Depending on the key
597 * format, we can figure out the service version. */
600 }
602 /* We make sure that this set of options for a service are valid that is for
603 * instance an option only for v2 is not used for v3. */
606 }
608 /* Different functions are in charge of specific options for a version. We
609 * start just after the service directory line so once we hit another
610 * directory line, the function knows that it has to stop parsing. */
619 /* We do validate before if we support the parsed version. */
622 }
625 }
627 /* We'll check if this service can be kept depending on the others
628 * configured previously. */
631 }
633 /* Passes, add it to the given list. */
639 err:
644 }
646 /** From a set of <b>options</b>, setup every hidden service found. Return 0 on
647 * success or -1 on failure. If <b>validate_only</b> is set, parse, warn and
648 * return as normal, but don't actually change the configured services. */
649 int
651 {
658 /* Newly configured service are put in that list which is then used for
659 * validation and staging for >= v3. */
662 /* We need to start with a HiddenServiceDir line */
668 }
675 /* Try to configure this service now. On success, it will be added to the
676 * list and validated against the service in that same list. */
681 }
682 }
684 /* In non validation mode, we'll stage those services we just successfully
685 * configured. Service ownership is transferred from the list to the global
686 * state. If any service is invalid, it will be removed from the list and
687 * freed. All versions are handled in that function. */
691 /* We've just validated that we were able to build a clean working list of
692 * services. We don't need those objects anymore. */
695 /* For the v2 subsystem, the configuration function adds the service
696 * object to the staging list and it is transferred in the main list
697 * through the prunning process. In validation mode, we thus have to purge
698 * the staging list so it's not kept in memory as valid service. */
700 }
702 /* Success. Note that the service list has no ownership of its content. */
706 err:
709 end:
711 /* Tor main should call the free all function on error. */
713 }
715 /** From a set of <b>options</b>, setup every client authorization found.
716 * Return 0 on success or -1 on failure. If <b>validate_only</b> is set,
717 * parse, warn and return as normal, but don't actually change the
718 * configured state. */
719 int
721 {
724 /* Configure v2 authorization. */
727 }
729 /* Configure v3 authorization. */
732 }
734 /* Success. */
736 done:
738 }
740 /**
741 * Free all resources held by the hs_config.c module.
742 **/
743 void
745 {
747 }