search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Improve log statement when publishing v2 hs desc.
[tor/rransom.git] / src / or / rendservice.c
blobb6981d6258f7154f474b97d947a554e2235874eb
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2 * Copyright (c) 2007-2009, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4
5 /**
6 * \file rendservice.c
7 * \brief The hidden-service side of rendezvous functionality.
8 **/
9
10 #include "or.h"
11
12 static origin_circuit_t *find_intro_circuit(rend_intro_point_t *intro,
13 const char *pk_digest);
14
15 /** Represents the mapping from a virtual port of a rendezvous service to
16 * a real port on some IP.
17 */
18 typedef struct rend_service_port_config_t {
19 uint16_t virtual_port;
20 uint16_t real_port;
21 tor_addr_t real_addr;
22 } rend_service_port_config_t;
23
24 /** Try to maintain this many intro points per service if possible. */
25 #define NUM_INTRO_POINTS 3
26
27 /** If we can't build our intro circuits, don't retry for this long. */
28 #define INTRO_CIRC_RETRY_PERIOD (60*5)
29 /** Don't try to build more than this many circuits before giving up
30 * for a while.*/
31 #define MAX_INTRO_CIRCS_PER_PERIOD 10
32 /** How many times will a hidden service operator attempt to connect to
33 * a requested rendezvous point before giving up? */
34 #define MAX_REND_FAILURES 30
35 /** How many seconds should we spend trying to connect to a requested
36 * rendezvous point before giving up? */
37 #define MAX_REND_TIMEOUT 30
38
39 /** Represents a single hidden service running at this OP. */
40 typedef struct rend_service_t {
41 /* Fields specified in config file */
42 char *directory; /**< where in the filesystem it stores it */
43 smartlist_t *ports; /**< List of rend_service_port_config_t */
44 rend_auth_type_t auth_type; /**< Client authorization type or 0 if no client
45 * authorization is performed. */
46 smartlist_t *clients; /**< List of rend_authorized_client_t's of
47 * clients that may access our service. Can be NULL
48 * if no client authorization is performed. */
49 /* Other fields */
50 crypto_pk_env_t *private_key; /**< Permanent hidden-service key. */
51 char service_id[REND_SERVICE_ID_LEN_BASE32+1]; /**< Onion address without
52 * '.onion' */
53 char pk_digest[DIGEST_LEN]; /**< Hash of permanent hidden-service key. */
54 smartlist_t *intro_nodes; /**< List of rend_intro_point_t's we have,
55 * or are trying to establish. */
56 time_t intro_period_started; /**< Start of the current period to build
57 * introduction points. */
58 int n_intro_circuits_launched; /**< Count of intro circuits we have
59 * established in this period. */
60 rend_service_descriptor_t *desc; /**< Current hidden service descriptor. */
61 time_t desc_is_dirty; /**< Time at which changes to the hidden service
62 * descriptor content occurred, or 0 if it's
63 * up-to-date. */
64 time_t next_upload_time; /**< Scheduled next hidden service descriptor
65 * upload time. */
66 /** Map from digests of Diffie-Hellman values INTRODUCE2 to time_t of when
67 * they were received; used to prevent replays. */
68 digestmap_t *accepted_intros;
69 /** Time at which we last removed expired values from accepted_intros. */
70 time_t last_cleaned_accepted_intros;
71 } rend_service_t;
72
73 /** A list of rend_service_t's for services run on this OP.
74 */
75 static smartlist_t *rend_service_list = NULL;
76
77 /** Return the number of rendezvous services we have configured. */
78 int
79 num_rend_services(void)
80 {
81 if (!rend_service_list)
82 return 0;
83 return smartlist_len(rend_service_list);
84 }
85
86 /** Helper: free storage held by a single service authorized client entry. */
87 static void
88 rend_authorized_client_free(rend_authorized_client_t *client)
89 {
90 if (!client) return;
91 if (client->client_key)
92 crypto_free_pk_env(client->client_key);
93 tor_free(client->client_name);
94 tor_free(client);
95 }
96
97 /** Helper for strmap_free. */
98 static void
99 rend_authorized_client_strmap_item_free(void *authorized_client)
100 {
101 rend_authorized_client_free(authorized_client);
102 }
103
104 /** Release the storage held by <b>service</b>.
105 */
106 static void
107 rend_service_free(rend_service_t *service)
108 {
109 if (!service) return;
110 tor_free(service->directory);
111 SMARTLIST_FOREACH(service->ports, void*, p, tor_free(p));
112 smartlist_free(service->ports);
113 if (service->private_key)
114 crypto_free_pk_env(service->private_key);
115 if (service->intro_nodes) {
116 SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro,
117 rend_intro_point_free(intro););
118 smartlist_free(service->intro_nodes);
119 }
120 if (service->desc)
121 rend_service_descriptor_free(service->desc);
122 if (service->clients) {
123 SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, c,
124 rend_authorized_client_free(c););
125 smartlist_free(service->clients);
126 }
127 if (service->accepted_intros)
128 digestmap_free(service->accepted_intros, _tor_free);
129 tor_free(service);
130 }
131
132 /** Release all the storage held in rend_service_list.
133 */
134 void
135 rend_service_free_all(void)
136 {
137 if (!rend_service_list) {
138 return;
139 }
140 SMARTLIST_FOREACH(rend_service_list, rend_service_t*, ptr,
141 rend_service_free(ptr));
142 smartlist_free(rend_service_list);
143 rend_service_list = NULL;
144 }
145
146 /** Validate <b>service</b> and add it to rend_service_list if possible.
147 */
148 static void
149 rend_add_service(rend_service_t *service)
150 {
151 int i;
152 rend_service_port_config_t *p;
153
154 service->intro_nodes = smartlist_create();
155
156 if (service->auth_type != REND_NO_AUTH &&
157 smartlist_len(service->clients) == 0) {
158 log_warn(LD_CONFIG, "Hidden service with client authorization but no "
159 "clients; ignoring.");
160 rend_service_free(service);
161 return;
162 }
163
164 if (!smartlist_len(service->ports)) {
165 log_warn(LD_CONFIG, "Hidden service with no ports configured; ignoring.");
166 rend_service_free(service);
167 } else {
168 smartlist_add(rend_service_list, service);
169 log_debug(LD_REND,"Configuring service with directory \"%s\"",
170 service->directory);
171 for (i = 0; i < smartlist_len(service->ports); ++i) {
172 p = smartlist_get(service->ports, i);
173 log_debug(LD_REND,"Service maps port %d to %s:%d",
174 p->virtual_port, fmt_addr(&p->real_addr), p->real_port);
175 }
176 }
177 }
178
179 /** Parses a real-port to virtual-port mapping and returns a new
180 * rend_service_port_config_t.
181 *
182 * The format is: VirtualPort (IP|RealPort|IP:RealPort)?
183 *
184 * IP defaults to 127.0.0.1; RealPort defaults to VirtualPort.
185 */
186 static rend_service_port_config_t *
187 parse_port_config(const char *string)
188 {
189 smartlist_t *sl;
190 int virtport;
191 int realport;
192 uint16_t p;
193 tor_addr_t addr;
194 const char *addrport;
195 rend_service_port_config_t *result = NULL;
196
197 sl = smartlist_create();
198 smartlist_split_string(sl, string, " ",
199 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
200 if (smartlist_len(sl) < 1 || smartlist_len(sl) > 2) {
201 log_warn(LD_CONFIG, "Bad syntax in hidden service port configuration.");
202 goto err;
203 }
204
205 virtport = (int)tor_parse_long(smartlist_get(sl,0), 10, 1, 65535, NULL,NULL);
206 if (!virtport) {
207 log_warn(LD_CONFIG, "Missing or invalid port %s in hidden service port "
208 "configuration", escaped(smartlist_get(sl,0)));
209 goto err;
210 }
211
212 if (smartlist_len(sl) == 1) {
213 /* No addr:port part; use default. */
214 realport = virtport;
215 tor_addr_from_ipv4h(&addr, 0x7F000001u); /* 127.0.0.1 */
216 } else {
217 addrport = smartlist_get(sl,1);
218 if (strchr(addrport, ':') || strchr(addrport, '.')) {
219 if (tor_addr_port_parse(addrport, &addr, &p)<0) {
220 log_warn(LD_CONFIG,"Unparseable address in hidden service port "
221 "configuration.");
222 goto err;
223 }
224 realport = p?p:virtport;
225 } else {
226 /* No addr:port, no addr -- must be port. */
227 realport = (int)tor_parse_long(addrport, 10, 1, 65535, NULL, NULL);
228 if (!realport) {
229 log_warn(LD_CONFIG,"Unparseable or out-of-range port %s in hidden "
230 "service port configuration.", escaped(addrport));
231 goto err;
232 }
233 tor_addr_from_ipv4h(&addr, 0x7F000001u); /* Default to 127.0.0.1 */
234 }
235 }
236
237 result = tor_malloc(sizeof(rend_service_port_config_t));
238 result->virtual_port = virtport;
239 result->real_port = realport;
240 tor_addr_copy(&result->real_addr, &addr);
241 err:
242 SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
243 smartlist_free(sl);
244 return result;
245 }
246
247 /** Set up rend_service_list, based on the values of HiddenServiceDir and
248 * HiddenServicePort in <b>options</b>. Return 0 on success and -1 on
249 * failure. (If <b>validate_only</b> is set, parse, warn and return as
250 * normal, but don't actually change the configured services.)
251 */
252 int
253 rend_config_services(or_options_t *options, int validate_only)
254 {
255 config_line_t *line;
256 rend_service_t *service = NULL;
257 rend_service_port_config_t *portcfg;
258 smartlist_t *old_service_list = NULL;
259
260 if (!validate_only) {
261 old_service_list = rend_service_list;
262 rend_service_list = smartlist_create();
263 }
264
265 for (line = options->RendConfigLines; line; line = line->next) {
266 if (!strcasecmp(line->key, "HiddenServiceDir")) {
267 if (service) { /* register the one we just finished parsing */
268 if (validate_only)
269 rend_service_free(service);
270 else
271 rend_add_service(service);
272 }
273 service = tor_malloc_zero(sizeof(rend_service_t));
274 service->directory = tor_strdup(line->value);
275 service->ports = smartlist_create();
276 service->intro_period_started = time(NULL);
277 continue;
278 }
279 if (!service) {
280 log_warn(LD_CONFIG, "%s with no preceding HiddenServiceDir directive",
281 line->key);
282 rend_service_free(service);
283 return -1;
284 }
285 if (!strcasecmp(line->key, "HiddenServicePort")) {
286 portcfg = parse_port_config(line->value);
287 if (!portcfg) {
288 rend_service_free(service);
289 return -1;
290 }
291 smartlist_add(service->ports, portcfg);
292 } else if (!strcasecmp(line->key, "HiddenServiceAuthorizeClient")) {
293 /* Parse auth type and comma-separated list of client names and add a
294 * rend_authorized_client_t for each client to the service's list
295 * of authorized clients. */
296 smartlist_t *type_names_split, *clients;
297 const char *authname;
298 int num_clients;
299 if (service->auth_type != REND_NO_AUTH) {
300 log_warn(LD_CONFIG, "Got multiple HiddenServiceAuthorizeClient "
301 "lines for a single service.");
302 rend_service_free(service);
303 return -1;
304 }
305 type_names_split = smartlist_create();
306 smartlist_split_string(type_names_split, line->value, " ", 0, 2);
307 if (smartlist_len(type_names_split) < 1) {
308 log_warn(LD_BUG, "HiddenServiceAuthorizeClient has no value. This "
309 "should have been prevented when parsing the "
310 "configuration.");
311 smartlist_free(type_names_split);
312 rend_service_free(service);
313 return -1;
314 }
315 authname = smartlist_get(type_names_split, 0);
316 if (!strcasecmp(authname, "basic")) {
317 service->auth_type = REND_BASIC_AUTH;
318 } else if (!strcasecmp(authname, "stealth")) {
319 service->auth_type = REND_STEALTH_AUTH;
320 } else {
321 log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains "
322 "unrecognized auth-type '%s'. Only 'basic' or 'stealth' "
323 "are recognized.",
324 (char *) smartlist_get(type_names_split, 0));
325 SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
326 smartlist_free(type_names_split);
327 rend_service_free(service);
328 return -1;
329 }
330 service->clients = smartlist_create();
331 if (smartlist_len(type_names_split) < 2) {
332 log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains "
333 "auth-type '%s', but no client names.",
334 service->auth_type == REND_BASIC_AUTH ? "basic" : "stealth");
335 SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
336 smartlist_free(type_names_split);
337 continue;
338 }
339 clients = smartlist_create();
340 smartlist_split_string(clients, smartlist_get(type_names_split, 1),
341 ",", SPLIT_SKIP_SPACE, 0);
342 SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
343 smartlist_free(type_names_split);
344 /* Remove duplicate client names. */
345 num_clients = smartlist_len(clients);
346 smartlist_sort_strings(clients);
347 smartlist_uniq_strings(clients);
348 if (smartlist_len(clients) < num_clients) {
349 log_info(LD_CONFIG, "HiddenServiceAuthorizeClient contains %d "
350 "duplicate client name(s); removing.",
351 num_clients - smartlist_len(clients));
352 num_clients = smartlist_len(clients);
353 }
354 SMARTLIST_FOREACH_BEGIN(clients, const char *, client_name)
355 {
356 rend_authorized_client_t *client;
357 size_t len = strlen(client_name);
358 if (len < 1 || len > REND_CLIENTNAME_MAX_LEN) {
359 log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains an "
360 "illegal client name: '%s'. Length must be "
361 "between 1 and %d characters.",
362 client_name, REND_CLIENTNAME_MAX_LEN);
363 SMARTLIST_FOREACH(clients, char *, cp, tor_free(cp));
364 smartlist_free(clients);
365 rend_service_free(service);
366 return -1;
367 }
368 if (strspn(client_name, REND_LEGAL_CLIENTNAME_CHARACTERS) != len) {
369 log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains an "
370 "illegal client name: '%s'. Valid "
371 "characters are [A-Za-z0-9+-_].",
372 client_name);
373 SMARTLIST_FOREACH(clients, char *, cp, tor_free(cp));
374 smartlist_free(clients);
375 rend_service_free(service);
376 return -1;
377 }
378 client = tor_malloc_zero(sizeof(rend_authorized_client_t));
379 client->client_name = tor_strdup(client_name);
380 smartlist_add(service->clients, client);
381 log_debug(LD_REND, "Adding client name '%s'", client_name);
382 }
383 SMARTLIST_FOREACH_END(client_name);
384 SMARTLIST_FOREACH(clients, char *, cp, tor_free(cp));
385 smartlist_free(clients);
386 /* Ensure maximum number of clients. */
387 if ((service->auth_type == REND_BASIC_AUTH &&
388 smartlist_len(service->clients) > 512) ||
389 (service->auth_type == REND_STEALTH_AUTH &&
390 smartlist_len(service->clients) > 16)) {
391 log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains %d "
392 "client authorization entries, but only a "
393 "maximum of %d entries is allowed for "
394 "authorization type '%s'.",
395 smartlist_len(service->clients),
396 service->auth_type == REND_BASIC_AUTH ? 512 : 16,
397 service->auth_type == REND_BASIC_AUTH ? "basic" : "stealth");
398 rend_service_free(service);
399 return -1;
400 }
401 } else {
402 tor_assert(!strcasecmp(line->key, "HiddenServiceVersion"));
403 if (strcmp(line->value, "2")) {
404 log_warn(LD_CONFIG,
405 "The only supported HiddenServiceVersion is 2.");
406 rend_service_free(service);
407 return -1;
408 }
409 }
410 }
411 if (service) {
412 if (validate_only)
413 rend_service_free(service);
414 else
415 rend_add_service(service);
416 }
417
418 /* If this is a reload and there were hidden services configured before,
419 * keep the introduction points that are still needed and close the
420 * other ones. */
421 if (old_service_list && !validate_only) {
422 smartlist_t *surviving_services = smartlist_create();
423 circuit_t *circ;
424
425 /* Copy introduction points to new services. */
426 /* XXXX This is O(n^2), but it's only called on reconfigure, so it's
427 * probably ok? */
428 SMARTLIST_FOREACH(rend_service_list, rend_service_t *, new, {
429 SMARTLIST_FOREACH(old_service_list, rend_service_t *, old, {
430 if (!strcmp(old->directory, new->directory)) {
431 smartlist_add_all(new->intro_nodes, old->intro_nodes);
432 smartlist_clear(old->intro_nodes);
433 smartlist_add(surviving_services, old);
434 break;
435 }
436 });
437 });
438
439 /* Close introduction circuits of services we don't serve anymore. */
440 /* XXXX it would be nicer if we had a nicer abstraction to use here,
441 * so we could just iterate over the list of services to close, but
442 * once again, this isn't critical-path code. */
443 for (circ = _circuit_get_global_list(); circ; circ = circ->next) {
444 if (!circ->marked_for_close &&
445 circ->state == CIRCUIT_STATE_OPEN &&
446 (circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
447 circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) {
448 origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ);
449 int keep_it = 0;
450 tor_assert(oc->rend_data);
451 SMARTLIST_FOREACH(surviving_services, rend_service_t *, ptr, {
452 if (!memcmp(ptr->pk_digest, oc->rend_data->rend_pk_digest,
453 DIGEST_LEN)) {
454 keep_it = 1;
455 break;
456 }
457 });
458 if (keep_it)
459 continue;
460 log_info(LD_REND, "Closing intro point %s for service %s.",
461 safe_str(oc->build_state->chosen_exit->nickname),
462 oc->rend_data->onion_address);
463 circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
464 /* XXXX Is there another reason we should use here? */
465 }
466 }
467 smartlist_free(surviving_services);
468 SMARTLIST_FOREACH(old_service_list, rend_service_t *, ptr,
469 rend_service_free(ptr));
470 smartlist_free(old_service_list);
471 }
472
473 return 0;
474 }
475
476 /** Replace the old value of <b>service</b>-\>desc with one that reflects
477 * the other fields in service.
478 */
479 static void
480 rend_service_update_descriptor(rend_service_t *service)
481 {
482 rend_service_descriptor_t *d;
483 origin_circuit_t *circ;
484 int i;
485 if (service->desc) {
486 rend_service_descriptor_free(service->desc);
487 service->desc = NULL;
488 }
489 d = service->desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
490 d->pk = crypto_pk_dup_key(service->private_key);
491 d->timestamp = time(NULL);
492 d->intro_nodes = smartlist_create();
493 /* Support intro protocols 2 and 3. */
494 d->protocols = (1 << 2) + (1 << 3);
495
496 for (i = 0; i < smartlist_len(service->intro_nodes); ++i) {
497 rend_intro_point_t *intro_svc = smartlist_get(service->intro_nodes, i);
498 rend_intro_point_t *intro_desc;
499 circ = find_intro_circuit(intro_svc, service->pk_digest);
500 if (!circ || circ->_base.purpose != CIRCUIT_PURPOSE_S_INTRO)
501 continue;
502
503 /* We have an entirely established intro circuit. */
504 intro_desc = tor_malloc_zero(sizeof(rend_intro_point_t));
505 intro_desc->extend_info = extend_info_dup(intro_svc->extend_info);
506 if (intro_svc->intro_key)
507 intro_desc->intro_key = crypto_pk_dup_key(intro_svc->intro_key);
508 smartlist_add(d->intro_nodes, intro_desc);
509 }
510 }
511
512 /** Load and/or generate private keys for all hidden services, possibly
513 * including keys for client authorization. Return 0 on success, -1 on
514 * failure.
515 */
516 int
517 rend_service_load_keys(void)
518 {
519 int r = 0;
520 char fname[512];
521 char buf[1500];
522
523 SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) {
524 if (s->private_key)
525 continue;
526 log_info(LD_REND, "Loading hidden-service keys from \"%s\"",
527 s->directory);
528
529 /* Check/create directory */
530 if (check_private_dir(s->directory, CPD_CREATE) < 0)
531 return -1;
532
533 /* Load key */
534 if (strlcpy(fname,s->directory,sizeof(fname)) >= sizeof(fname) ||
535 strlcat(fname,PATH_SEPARATOR"private_key",sizeof(fname))
536 >= sizeof(fname)) {
537 log_warn(LD_CONFIG, "Directory name too long to store key file: \"%s\".",
538 s->directory);
539 return -1;
540 }
541 s->private_key = init_key_from_file(fname, 1, LOG_ERR);
542 if (!s->private_key)
543 return -1;
544
545 /* Create service file */
546 if (rend_get_service_id(s->private_key, s->service_id)<0) {
547 log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
548 return -1;
549 }
550 if (crypto_pk_get_digest(s->private_key, s->pk_digest)<0) {
551 log_warn(LD_BUG, "Couldn't compute hash of public key.");
552 return -1;
553 }
554 if (strlcpy(fname,s->directory,sizeof(fname)) >= sizeof(fname) ||
555 strlcat(fname,PATH_SEPARATOR"hostname",sizeof(fname))
556 >= sizeof(fname)) {
557 log_warn(LD_CONFIG, "Directory name too long to store hostname file:"
558 " \"%s\".", s->directory);
559 return -1;
560 }
561 tor_snprintf(buf, sizeof(buf),"%s.onion\n", s->service_id);
562 if (write_str_to_file(fname,buf,0)<0) {
563 log_warn(LD_CONFIG, "Could not write onion address to hostname file.");
564 return -1;
565 }
566
567 /* If client authorization is configured, load or generate keys. */
568 if (s->auth_type != REND_NO_AUTH) {
569 char *client_keys_str = NULL;
570 strmap_t *parsed_clients = strmap_new();
571 char cfname[512];
572 FILE *cfile, *hfile;
573 open_file_t *open_cfile = NULL, *open_hfile = NULL;
574
575 /* Load client keys and descriptor cookies, if available. */
576 if (tor_snprintf(cfname, sizeof(cfname), "%s"PATH_SEPARATOR"client_keys",
577 s->directory)<0) {
578 log_warn(LD_CONFIG, "Directory name too long to store client keys "
579 "file: \"%s\".", s->directory);
580 goto err;
581 }
582 client_keys_str = read_file_to_str(cfname, RFTS_IGNORE_MISSING, NULL);
583 if (client_keys_str) {
584 if (rend_parse_client_keys(parsed_clients, client_keys_str) < 0) {
585 log_warn(LD_CONFIG, "Previously stored client_keys file could not "
586 "be parsed.");
587 goto err;
588 } else {
589 log_info(LD_CONFIG, "Parsed %d previously stored client entries.",
590 strmap_size(parsed_clients));
591 tor_free(client_keys_str);
592 }
593 }
594
595 /* Prepare client_keys and hostname files. */
596 if (!(cfile = start_writing_to_stdio_file(cfname, OPEN_FLAGS_REPLACE,
597 0600, &open_cfile))) {
598 log_warn(LD_CONFIG, "Could not open client_keys file %s",
599 escaped(cfname));
600 goto err;
601 }
602 if (!(hfile = start_writing_to_stdio_file(fname, OPEN_FLAGS_REPLACE,
603 0600, &open_hfile))) {
604 log_warn(LD_CONFIG, "Could not open hostname file %s", escaped(fname));
605 goto err;
606 }
607
608 /* Either use loaded keys for configured clients or generate new
609 * ones if a client is new. */
610 SMARTLIST_FOREACH_BEGIN(s->clients, rend_authorized_client_t *, client)
611 {
612 char desc_cook_out[3*REND_DESC_COOKIE_LEN_BASE64+1];
613 char service_id[16+1];
614 rend_authorized_client_t *parsed =
615 strmap_get(parsed_clients, client->client_name);
616 int written;
617 size_t len;
618 /* Copy descriptor cookie from parsed entry or create new one. */
619 if (parsed) {
620 memcpy(client->descriptor_cookie, parsed->descriptor_cookie,
621 REND_DESC_COOKIE_LEN);
622 } else {
623 crypto_rand(client->descriptor_cookie, REND_DESC_COOKIE_LEN);
624 }
625 if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
626 client->descriptor_cookie,
627 REND_DESC_COOKIE_LEN) < 0) {
628 log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
629 strmap_free(parsed_clients, rend_authorized_client_strmap_item_free);
630 return -1;
631 }
632 /* Copy client key from parsed entry or create new one if required. */
633 if (parsed && parsed->client_key) {
634 client->client_key = crypto_pk_dup_key(parsed->client_key);
635 } else if (s->auth_type == REND_STEALTH_AUTH) {
636 /* Create private key for client. */
637 crypto_pk_env_t *prkey = NULL;
638 if (!(prkey = crypto_new_pk_env())) {
639 log_warn(LD_BUG,"Error constructing client key");
640 goto err;
641 }
642 if (crypto_pk_generate_key(prkey)) {
643 log_warn(LD_BUG,"Error generating client key");
644 crypto_free_pk_env(prkey);
645 goto err;
646 }
647 if (crypto_pk_check_key(prkey) <= 0) {
648 log_warn(LD_BUG,"Generated client key seems invalid");
649 crypto_free_pk_env(prkey);
650 goto err;
651 }
652 client->client_key = prkey;
653 }
654 /* Add entry to client_keys file. */
655 desc_cook_out[strlen(desc_cook_out)-1] = '\0'; /* Remove newline. */
656 written = tor_snprintf(buf, sizeof(buf),
657 "client-name %s\ndescriptor-cookie %s\n",
658 client->client_name, desc_cook_out);
659 if (written < 0) {
660 log_warn(LD_BUG, "Could not write client entry.");
661 goto err;
662 }
663 if (client->client_key) {
664 char *client_key_out = NULL;
665 crypto_pk_write_private_key_to_string(client->client_key,
666 &client_key_out, &len);
667 if (rend_get_service_id(client->client_key, service_id)<0) {
668 log_warn(LD_BUG, "Internal error: couldn't encode service ID.");
669 tor_free(client_key_out);
670 goto err;
671 }
672 written = tor_snprintf(buf + written, sizeof(buf) - written,
673 "client-key\n%s", client_key_out);
674 tor_free(client_key_out);
675 if (written < 0) {
676 log_warn(LD_BUG, "Could not write client entry.");
677 goto err;
678 }
679 }
680
681 if (fputs(buf, cfile) < 0) {
682 log_warn(LD_FS, "Could not append client entry to file: %s",
683 strerror(errno));
684 goto err;
685 }
686
687 /* Add line to hostname file. */
688 if (s->auth_type == REND_BASIC_AUTH) {
689 /* Remove == signs (newline has been removed above). */
690 desc_cook_out[strlen(desc_cook_out)-2] = '\0';
691 tor_snprintf(buf, sizeof(buf),"%s.onion %s # client: %s\n",
692 s->service_id, desc_cook_out, client->client_name);
693 } else {
694 char extended_desc_cookie[REND_DESC_COOKIE_LEN+1];
695 memcpy(extended_desc_cookie, client->descriptor_cookie,
696 REND_DESC_COOKIE_LEN);
697 extended_desc_cookie[REND_DESC_COOKIE_LEN] =
698 ((int)s->auth_type - 1) << 4;
699 if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1,
700 extended_desc_cookie,
701 REND_DESC_COOKIE_LEN+1) < 0) {
702 log_warn(LD_BUG, "Could not base64-encode descriptor cookie.");
703 goto err;
704 }
705 desc_cook_out[strlen(desc_cook_out)-3] = '\0'; /* Remove A= and
706 newline. */
707 tor_snprintf(buf, sizeof(buf),"%s.onion %s # client: %s\n",
708 service_id, desc_cook_out, client->client_name);
709 }
710
711 if (fputs(buf, hfile)<0) {
712 log_warn(LD_FS, "Could not append host entry to file: %s",
713 strerror(errno));
714 goto err;
715 }
716 }
717 SMARTLIST_FOREACH_END(client);
718
719 goto done;
720 err:
721 r = -1;
722 done:
723 tor_free(client_keys_str);
724 strmap_free(parsed_clients, rend_authorized_client_strmap_item_free);
725 if (r<0) {
726 if (open_cfile)
727 abort_writing_to_file(open_cfile);
728 if (open_hfile)
729 abort_writing_to_file(open_hfile);
730 return r;
731 } else {
732 finish_writing_to_file(open_cfile);
733 finish_writing_to_file(open_hfile);
734 }
735 }
736 } SMARTLIST_FOREACH_END(s);
737 return r;
738 }
739
740 /** Return the service whose public key has a digest of <b>digest</b>, or
741 * NULL if no such service exists.
742 */
743 static rend_service_t *
744 rend_service_get_by_pk_digest(const char* digest)
745 {
746 SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s,
747 if (!memcmp(s->pk_digest,digest,DIGEST_LEN))
748 return s);
749 return NULL;
750 }
751
752 /** Return 1 if any virtual port in <b>service</b> wants a circuit
753 * to have good uptime. Else return 0.
754 */
755 static int
756 rend_service_requires_uptime(rend_service_t *service)
757 {
758 int i;
759 rend_service_port_config_t *p;
760
761 for (i=0; i < smartlist_len(service->ports); ++i) {
762 p = smartlist_get(service->ports, i);
763 if (smartlist_string_num_isin(get_options()->LongLivedPorts,
764 p->virtual_port))
765 return 1;
766 }
767 return 0;
768 }
769
770 /** Check client authorization of a given <b>descriptor_cookie</b> for
771 * <b>service</b>. Return 1 for success and 0 for failure. */
772 static int
773 rend_check_authorization(rend_service_t *service,
774 const char *descriptor_cookie)
775 {
776 rend_authorized_client_t *auth_client = NULL;
777 tor_assert(service);
778 tor_assert(descriptor_cookie);
779 if (!service->clients) {
780 log_warn(LD_BUG, "Can't check authorization for a service that has no "
781 "authorized clients configured.");
782 return 0;
783 }
784
785 /* Look up client authorization by descriptor cookie. */
786 SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, client, {
787 if (!memcmp(client->descriptor_cookie, descriptor_cookie,
788 REND_DESC_COOKIE_LEN)) {
789 auth_client = client;
790 break;
791 }
792 });
793 if (!auth_client) {
794 char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
795 base64_encode(descriptor_cookie_base64, sizeof(descriptor_cookie_base64),
796 descriptor_cookie, REND_DESC_COOKIE_LEN);
797 log_info(LD_REND, "No authorization found for descriptor cookie '%s'! "
798 "Dropping cell!",
799 descriptor_cookie_base64);
800 return 0;
801 }
802
803 /* Allow the request. */
804 log_debug(LD_REND, "Client %s authorized for service %s.",
805 auth_client->client_name, service->service_id);
806 return 1;
807 }
808
809 /** Remove elements from <b>service</b>'s replay cache that are old enough to
810 * be noticed by timestamp checking. */
811 static void
812 clean_accepted_intros(rend_service_t *service, time_t now)
813 {
814 const time_t cutoff = now - REND_REPLAY_TIME_INTERVAL;
815
816 service->last_cleaned_accepted_intros = now;
817 if (!service->accepted_intros)
818 return;
819
820 DIGESTMAP_FOREACH_MODIFY(service->accepted_intros, digest, time_t *, t) {
821 if (*t < cutoff) {
822 tor_free(t);
823 MAP_DEL_CURRENT(digest);
824 }
825 } DIGESTMAP_FOREACH_END;
826 }
827
828 /******
829 * Handle cells
830 ******/
831
832 /** Respond to an INTRODUCE2 cell by launching a circuit to the chosen
833 * rendezvous point.
834 */
835 int
836 rend_service_introduce(origin_circuit_t *circuit, const char *request,
837 size_t request_len)
838 {
839 char *ptr, *r_cookie;
840 extend_info_t *extend_info = NULL;
841 char buf[RELAY_PAYLOAD_SIZE];
842 char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN]; /* Holds KH, Df, Db, Kf, Kb */
843 rend_service_t *service;
844 int r, i, v3_shift = 0;
845 size_t len, keylen;
846 crypto_dh_env_t *dh = NULL;
847 origin_circuit_t *launched = NULL;
848 crypt_path_t *cpath = NULL;
849 char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
850 char hexcookie[9];
851 int circ_needs_uptime;
852 int reason = END_CIRC_REASON_TORPROTOCOL;
853 crypto_pk_env_t *intro_key;
854 char intro_key_digest[DIGEST_LEN];
855 int auth_type;
856 size_t auth_len = 0;
857 char auth_data[REND_DESC_COOKIE_LEN];
858 crypto_digest_env_t *digest = NULL;
859 time_t now = time(NULL);
860 char diffie_hellman_hash[DIGEST_LEN];
861 time_t *access_time;
862 tor_assert(circuit->rend_data);
863
864 base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
865 circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
866 log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %d.",
867 escaped(serviceid), circuit->_base.n_circ_id);
868
869 if (circuit->_base.purpose != CIRCUIT_PURPOSE_S_INTRO) {
870 log_warn(LD_PROTOCOL,
871 "Got an INTRODUCE2 over a non-introduction circuit %d.",
872 circuit->_base.n_circ_id);
873 return -1;
874 }
875
876 /* min key length plus digest length plus nickname length */
877 if (request_len < DIGEST_LEN+REND_COOKIE_LEN+(MAX_NICKNAME_LEN+1)+
878 DH_KEY_LEN+42) {
879 log_warn(LD_PROTOCOL, "Got a truncated INTRODUCE2 cell on circ %d.",
880 circuit->_base.n_circ_id);
881 return -1;
882 }
883
884 /* look up service depending on circuit. */
885 service = rend_service_get_by_pk_digest(
886 circuit->rend_data->rend_pk_digest);
887 if (!service) {
888 log_warn(LD_REND, "Got an INTRODUCE2 cell for an unrecognized service %s.",
889 escaped(serviceid));
890 return -1;
891 }
892
893 /* use intro key instead of service key. */
894 intro_key = circuit->intro_key;
895
896 /* first DIGEST_LEN bytes of request is intro or service pk digest */
897 crypto_pk_get_digest(intro_key, intro_key_digest);
898 if (memcmp(intro_key_digest, request, DIGEST_LEN)) {
899 base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
900 request, REND_SERVICE_ID_LEN);
901 log_warn(LD_REND, "Got an INTRODUCE2 cell for the wrong service (%s).",
902 escaped(serviceid));
903 return -1;
904 }
905
906 keylen = crypto_pk_keysize(intro_key);
907 if (request_len < keylen+DIGEST_LEN) {
908 log_warn(LD_PROTOCOL,
909 "PK-encrypted portion of INTRODUCE2 cell was truncated.");
910 return -1;
911 }
912 /* Next N bytes is encrypted with service key */
913 note_crypto_pk_op(REND_SERVER);
914 r = crypto_pk_private_hybrid_decrypt(
915 intro_key,buf,request+DIGEST_LEN,request_len-DIGEST_LEN,
916 PK_PKCS1_OAEP_PADDING,1);
917 if (r<0) {
918 log_warn(LD_PROTOCOL, "Couldn't decrypt INTRODUCE2 cell.");
919 return -1;
920 }
921 len = r;
922 if (*buf == 3) {
923 /* Version 3 INTRODUCE2 cell. */
924 time_t ts = 0;
925 v3_shift = 1;
926 auth_type = buf[1];
927 switch (auth_type) {
928 case REND_BASIC_AUTH:
929 /* fall through */
930 case REND_STEALTH_AUTH:
931 auth_len = ntohs(get_uint16(buf+2));
932 if (auth_len != REND_DESC_COOKIE_LEN) {
933 log_info(LD_REND, "Wrong auth data size %d, should be %d.",
934 (int)auth_len, REND_DESC_COOKIE_LEN);
935 return -1;
936 }
937 memcpy(auth_data, buf+4, sizeof(auth_data));
938 v3_shift += 2+REND_DESC_COOKIE_LEN;
939 break;
940 case REND_NO_AUTH:
941 break;
942 default:
943 log_info(LD_REND, "Unknown authorization type '%d'", auth_type);
944 }
945
946 /* Check timestamp. */
947 ts = ntohl(get_uint32(buf+1+v3_shift));
948 v3_shift += 4;
949 if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
950 (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
951 log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
952 (now - ts) < 0 ? "old" : "new");
953 return -1;
954 }
955 }
956 if (*buf == 2 || *buf == 3) {
957 /* Version 2 INTRODUCE2 cell. */
958 int klen;
959 extend_info = tor_malloc_zero(sizeof(extend_info_t));
960 tor_addr_from_ipv4n(&extend_info->addr, get_uint32(buf+v3_shift+1));
961 extend_info->port = ntohs(get_uint16(buf+v3_shift+5));
962 memcpy(extend_info->identity_digest, buf+v3_shift+7,
963 DIGEST_LEN);
964 extend_info->nickname[0] = '$';
965 base16_encode(extend_info->nickname+1, sizeof(extend_info->nickname)-1,
966 extend_info->identity_digest, DIGEST_LEN);
967
968 klen = ntohs(get_uint16(buf+v3_shift+7+DIGEST_LEN));
969 if ((int)len != v3_shift+7+DIGEST_LEN+2+klen+20+128) {
970 log_warn(LD_PROTOCOL, "Bad length %u for version %d INTRODUCE2 cell.",
971 (int)len, *buf);
972 reason = END_CIRC_REASON_TORPROTOCOL;
973 goto err;
974 }
975 extend_info->onion_key =
976 crypto_pk_asn1_decode(buf+v3_shift+7+DIGEST_LEN+2, klen);
977 if (!extend_info->onion_key) {
978 log_warn(LD_PROTOCOL, "Error decoding onion key in version %d "
979 "INTRODUCE2 cell.", *buf);
980 reason = END_CIRC_REASON_TORPROTOCOL;
981 goto err;
982 }
983 ptr = buf+v3_shift+7+DIGEST_LEN+2+klen;
984 len -= v3_shift+7+DIGEST_LEN+2+klen;
985 } else {
986 char *rp_nickname;
987 size_t nickname_field_len;
988 routerinfo_t *router;
989 int version;
990 if (*buf == 1) {
991 rp_nickname = buf+1;
992 nickname_field_len = MAX_HEX_NICKNAME_LEN+1;
993 version = 1;
994 } else {
995 nickname_field_len = MAX_NICKNAME_LEN+1;
996 rp_nickname = buf;
997 version = 0;
998 }
999 ptr=memchr(rp_nickname,0,nickname_field_len);
1000 if (!ptr || ptr == rp_nickname) {
1001 log_warn(LD_PROTOCOL,
1002 "Couldn't find a nul-padded nickname in INTRODUCE2 cell.");
1003 return -1;
1004 }
1005 if ((version == 0 && !is_legal_nickname(rp_nickname)) ||
1006 (version == 1 && !is_legal_nickname_or_hexdigest(rp_nickname))) {
1007 log_warn(LD_PROTOCOL, "Bad nickname in INTRODUCE2 cell.");
1008 return -1;
1009 }
1010 /* Okay, now we know that a nickname is at the start of the buffer. */
1011 ptr = rp_nickname+nickname_field_len;
1012 len -= nickname_field_len;
1013 len -= rp_nickname - buf; /* also remove header space used by version, if
1014 * any */
1015 router = router_get_by_nickname(rp_nickname, 0);
1016 if (!router) {
1017 log_info(LD_REND, "Couldn't find router %s named in introduce2 cell.",
1018 escaped_safe_str(rp_nickname));
1019 /* XXXX Add a no-such-router reason? */
1020 reason = END_CIRC_REASON_TORPROTOCOL;
1021 goto err;
1022 }
1023
1024 extend_info = extend_info_from_router(router);
1025 }
1026
1027 if (len != REND_COOKIE_LEN+DH_KEY_LEN) {
1028 log_warn(LD_PROTOCOL, "Bad length %u for INTRODUCE2 cell.", (int)len);
1029 reason = END_CIRC_REASON_TORPROTOCOL;
1030 goto err;
1031 }
1032
1033 r_cookie = ptr;
1034 base16_encode(hexcookie,9,r_cookie,4);
1035
1036 /* Determine hash of Diffie-Hellman, part 1 to detect replays. */
1037 digest = crypto_new_digest_env();
1038 crypto_digest_add_bytes(digest, ptr+REND_COOKIE_LEN, DH_KEY_LEN);
1039 crypto_digest_get_digest(digest, diffie_hellman_hash, DIGEST_LEN);
1040 crypto_free_digest_env(digest);
1041
1042 /* Check whether there is a past request with the same Diffie-Hellman,
1043 * part 1. */
1044 if (!service->accepted_intros)
1045 service->accepted_intros = digestmap_new();
1046
1047 access_time = digestmap_get(service->accepted_intros, diffie_hellman_hash);
1048 if (access_time != NULL) {
1049 log_warn(LD_REND, "Possible replay detected! We received an "
1050 "INTRODUCE2 cell with same first part of "
1051 "Diffie-Hellman handshake %d seconds ago. Dropping "
1052 "cell.",
1053 (int) (now - *access_time));
1054 goto err;
1055 }
1056
1057 /* Add request to access history, including time and hash of Diffie-Hellman,
1058 * part 1, and possibly remove requests from the history that are older than
1059 * one hour. */
1060 access_time = tor_malloc(sizeof(time_t));
1061 *access_time = now;
1062 digestmap_set(service->accepted_intros, diffie_hellman_hash, access_time);
1063 if (service->last_cleaned_accepted_intros + REND_REPLAY_TIME_INTERVAL < now)
1064 clean_accepted_intros(service, now);
1065
1066 /* If the service performs client authorization, check included auth data. */
1067 if (service->clients) {
1068 if (auth_len > 0) {
1069 if (rend_check_authorization(service, auth_data)) {
1070 log_info(LD_REND, "Authorization data in INTRODUCE2 cell are valid.");
1071 } else {
1072 log_info(LD_REND, "The authorization data that are contained in "
1073 "the INTRODUCE2 cell are invalid. Dropping cell.");
1074 reason = END_CIRC_REASON_CONNECTFAILED;
1075 goto err;
1076 }
1077 } else {
1078 log_info(LD_REND, "INTRODUCE2 cell does not contain authentication "
1079 "data, but we require client authorization. Dropping cell.");
1080 reason = END_CIRC_REASON_CONNECTFAILED;
1081 goto err;
1082 }
1083 }
1084
1085 /* Try DH handshake... */
1086 dh = crypto_dh_new();
1087 if (!dh || crypto_dh_generate_public(dh)<0) {
1088 log_warn(LD_BUG,"Internal error: couldn't build DH state "
1089 "or generate public key.");
1090 reason = END_CIRC_REASON_INTERNAL;
1091 goto err;
1092 }
1093 if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh, ptr+REND_COOKIE_LEN,
1094 DH_KEY_LEN, keys,
1095 DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
1096 log_warn(LD_BUG, "Internal error: couldn't complete DH handshake");
1097 reason = END_CIRC_REASON_INTERNAL;
1098 goto err;
1099 }
1100
1101 circ_needs_uptime = rend_service_requires_uptime(service);
1102
1103 /* help predict this next time */
1104 rep_hist_note_used_internal(now, circ_needs_uptime, 1);
1105
1106 /* Launch a circuit to alice's chosen rendezvous point.
1107 */
1108 for (i=0;i<MAX_REND_FAILURES;i++) {
1109 int flags = CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_IS_INTERNAL;
1110 if (circ_needs_uptime) flags |= CIRCLAUNCH_NEED_UPTIME;
1111 launched = circuit_launch_by_extend_info(
1112 CIRCUIT_PURPOSE_S_CONNECT_REND, extend_info, flags);
1113
1114 if (launched)
1115 break;
1116 }
1117 if (!launched) { /* give up */
1118 log_warn(LD_REND, "Giving up launching first hop of circuit to rendezvous "
1119 "point %s for service %s.",
1120 escaped_safe_str(extend_info->nickname), serviceid);
1121 reason = END_CIRC_REASON_CONNECTFAILED;
1122 goto err;
1123 }
1124 log_info(LD_REND,
1125 "Accepted intro; launching circuit to %s "
1126 "(cookie %s) for service %s.",
1127 escaped_safe_str(extend_info->nickname), hexcookie, serviceid);
1128 tor_assert(launched->build_state);
1129 /* Fill in the circuit's state. */
1130 launched->rend_data = tor_malloc_zero(sizeof(rend_data_t));
1131 memcpy(launched->rend_data->rend_pk_digest,
1132 circuit->rend_data->rend_pk_digest,
1133 DIGEST_LEN);
1134 memcpy(launched->rend_data->rend_cookie, r_cookie, REND_COOKIE_LEN);
1135 strlcpy(launched->rend_data->onion_address, service->service_id,
1136 sizeof(launched->rend_data->onion_address));
1137 launched->build_state->pending_final_cpath = cpath =
1138 tor_malloc_zero(sizeof(crypt_path_t));
1139 cpath->magic = CRYPT_PATH_MAGIC;
1140 launched->build_state->expiry_time = now + MAX_REND_TIMEOUT;
1141
1142 cpath->dh_handshake_state = dh;
1143 dh = NULL;
1144 if (circuit_init_cpath_crypto(cpath,keys+DIGEST_LEN,1)<0)
1145 goto err;
1146 memcpy(cpath->handshake_digest, keys, DIGEST_LEN);
1147 if (extend_info) extend_info_free(extend_info);
1148
1149 return 0;
1150 err:
1151 if (dh) crypto_dh_free(dh);
1152 if (launched)
1153 circuit_mark_for_close(TO_CIRCUIT(launched), reason);
1154 if (extend_info) extend_info_free(extend_info);
1155 return -1;
1156 }
1157
1158 /** Called when we fail building a rendezvous circuit at some point other
1159 * than the last hop: launches a new circuit to the same rendezvous point.
1160 */
1161 void
1162 rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc)
1163 {
1164 origin_circuit_t *newcirc;
1165 cpath_build_state_t *newstate, *oldstate;
1166
1167 tor_assert(oldcirc->_base.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND);
1168
1169 if (!oldcirc->build_state ||
1170 oldcirc->build_state->failure_count > MAX_REND_FAILURES ||
1171 oldcirc->build_state->expiry_time < time(NULL)) {
1172 log_info(LD_REND,
1173 "Attempt to build circuit to %s for rendezvous has failed "
1174 "too many times or expired; giving up.",
1175 oldcirc->build_state ?
1176 oldcirc->build_state->chosen_exit->nickname : "*unknown*");
1177 return;
1178 }
1179
1180 oldstate = oldcirc->build_state;
1181 tor_assert(oldstate);
1182
1183 if (oldstate->pending_final_cpath == NULL) {
1184 log_info(LD_REND,"Skipping relaunch of circ that failed on its first hop. "
1185 "Initiator will retry.");
1186 return;
1187 }
1188
1189 log_info(LD_REND,"Reattempting rendezvous circuit to '%s'",
1190 oldstate->chosen_exit->nickname);
1191
1192 newcirc = circuit_launch_by_extend_info(CIRCUIT_PURPOSE_S_CONNECT_REND,
1193 oldstate->chosen_exit,
1194 CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL);
1195
1196 if (!newcirc) {
1197 log_warn(LD_REND,"Couldn't relaunch rendezvous circuit to '%s'.",
1198 oldstate->chosen_exit->nickname);
1199 return;
1200 }
1201 newstate = newcirc->build_state;
1202 tor_assert(newstate);
1203 newstate->failure_count = oldstate->failure_count+1;
1204 newstate->expiry_time = oldstate->expiry_time;
1205 newstate->pending_final_cpath = oldstate->pending_final_cpath;
1206 oldstate->pending_final_cpath = NULL;
1207
1208 newcirc->rend_data = rend_data_dup(oldcirc->rend_data);
1209 }
1210
1211 /** Launch a circuit to serve as an introduction point for the service
1212 * <b>service</b> at the introduction point <b>nickname</b>
1213 */
1214 static int
1215 rend_service_launch_establish_intro(rend_service_t *service,
1216 rend_intro_point_t *intro)
1217 {
1218 origin_circuit_t *launched;
1219
1220 log_info(LD_REND,
1221 "Launching circuit to introduction point %s for service %s",
1222 escaped_safe_str(intro->extend_info->nickname),
1223 service->service_id);
1224
1225 rep_hist_note_used_internal(time(NULL), 1, 0);
1226
1227 ++service->n_intro_circuits_launched;
1228 launched = circuit_launch_by_extend_info(CIRCUIT_PURPOSE_S_ESTABLISH_INTRO,
1229 intro->extend_info,
1230 CIRCLAUNCH_NEED_UPTIME|CIRCLAUNCH_IS_INTERNAL);
1231
1232 if (!launched) {
1233 log_info(LD_REND,
1234 "Can't launch circuit to establish introduction at %s.",
1235 escaped_safe_str(intro->extend_info->nickname));
1236 return -1;
1237 }
1238
1239 if (memcmp(intro->extend_info->identity_digest,
1240 launched->build_state->chosen_exit->identity_digest, DIGEST_LEN)) {
1241 char cann[HEX_DIGEST_LEN+1], orig[HEX_DIGEST_LEN+1];
1242 base16_encode(cann, sizeof(cann),
1243 launched->build_state->chosen_exit->identity_digest,
1244 DIGEST_LEN);
1245 base16_encode(orig, sizeof(orig),
1246 intro->extend_info->identity_digest, DIGEST_LEN);
1247 log_info(LD_REND, "The intro circuit we just cannibalized ends at $%s, "
1248 "but we requested an intro circuit to $%s. Updating "
1249 "our service.", cann, orig);
1250 extend_info_free(intro->extend_info);
1251 intro->extend_info = extend_info_dup(launched->build_state->chosen_exit);
1252 }
1253
1254 launched->rend_data = tor_malloc_zero(sizeof(rend_data_t));
1255 strlcpy(launched->rend_data->onion_address, service->service_id,
1256 sizeof(launched->rend_data->onion_address));
1257 memcpy(launched->rend_data->rend_pk_digest, service->pk_digest, DIGEST_LEN);
1258 launched->intro_key = crypto_pk_dup_key(intro->intro_key);
1259 if (launched->_base.state == CIRCUIT_STATE_OPEN)
1260 rend_service_intro_has_opened(launched);
1261 return 0;
1262 }
1263
1264 /** Return the number of introduction points that are or have been
1265 * established for the given service address in <b>query</b>. */
1266 static int
1267 count_established_intro_points(const char *query)
1268 {
1269 int num_ipos = 0;
1270 circuit_t *circ;
1271 for (circ = _circuit_get_global_list(); circ; circ = circ->next) {
1272 if (!circ->marked_for_close &&
1273 circ->state == CIRCUIT_STATE_OPEN &&
1274 (circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
1275 circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) {
1276 origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ);
1277 if (oc->rend_data &&
1278 !rend_cmp_service_ids(query, oc->rend_data->onion_address))
1279 num_ipos++;
1280 }
1281 }
1282 return num_ipos;
1283 }
1284
1285 /** Called when we're done building a circuit to an introduction point:
1286 * sends a RELAY_ESTABLISH_INTRO cell.
1287 */
1288 void
1289 rend_service_intro_has_opened(origin_circuit_t *circuit)
1290 {
1291 rend_service_t *service;
1292 size_t len;
1293 int r;
1294 char buf[RELAY_PAYLOAD_SIZE];
1295 char auth[DIGEST_LEN + 9];
1296 char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
1297 int reason = END_CIRC_REASON_TORPROTOCOL;
1298 crypto_pk_env_t *intro_key;
1299
1300 tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
1301 tor_assert(circuit->cpath);
1302 tor_assert(circuit->rend_data);
1303
1304 base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
1305 circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
1306
1307 service = rend_service_get_by_pk_digest(
1308 circuit->rend_data->rend_pk_digest);
1309 if (!service) {
1310 log_warn(LD_REND, "Unrecognized service ID %s on introduction circuit %d.",
1311 serviceid, circuit->_base.n_circ_id);
1312 reason = END_CIRC_REASON_NOSUCHSERVICE;
1313 goto err;
1314 }
1315
1316 /* If we already have enough introduction circuits for this service,
1317 * redefine this one as a general circuit. */
1318 if (count_established_intro_points(serviceid) > NUM_INTRO_POINTS) {
1319 log_info(LD_CIRC|LD_REND, "We have just finished an introduction "
1320 "circuit, but we already have enough. Redefining purpose to "
1321 "general.");
1322 TO_CIRCUIT(circuit)->purpose = CIRCUIT_PURPOSE_C_GENERAL;
1323 circuit_has_opened(circuit);
1324 return;
1325 }
1326
1327 log_info(LD_REND,
1328 "Established circuit %d as introduction point for service %s",
1329 circuit->_base.n_circ_id, serviceid);
1330
1331 /* Use the intro key instead of the service key in ESTABLISH_INTRO. */
1332 intro_key = circuit->intro_key;
1333 /* Build the payload for a RELAY_ESTABLISH_INTRO cell. */
1334 r = crypto_pk_asn1_encode(intro_key, buf+2,
1335 RELAY_PAYLOAD_SIZE-2);
1336 if (r < 0) {
1337 log_warn(LD_BUG, "Internal error; failed to establish intro point.");
1338 reason = END_CIRC_REASON_INTERNAL;
1339 goto err;
1340 }
1341 len = r;
1342 set_uint16(buf, htons((uint16_t)len));
1343 len += 2;
1344 memcpy(auth, circuit->cpath->prev->handshake_digest, DIGEST_LEN);
1345 memcpy(auth+DIGEST_LEN, "INTRODUCE", 9);
1346 if (crypto_digest(buf+len, auth, DIGEST_LEN+9))
1347 goto err;
1348 len += 20;
1349 note_crypto_pk_op(REND_SERVER);
1350 r = crypto_pk_private_sign_digest(intro_key, buf+len, buf, len);
1351 if (r<0) {
1352 log_warn(LD_BUG, "Internal error: couldn't sign introduction request.");
1353 reason = END_CIRC_REASON_INTERNAL;
1354 goto err;
1355 }
1356 len += r;
1357
1358 if (relay_send_command_from_edge(0, TO_CIRCUIT(circuit),
1359 RELAY_COMMAND_ESTABLISH_INTRO,
1360 buf, len, circuit->cpath->prev)<0) {
1361 log_info(LD_GENERAL,
1362 "Couldn't send introduction request for service %s on circuit %d",
1363 serviceid, circuit->_base.n_circ_id);
1364 reason = END_CIRC_REASON_INTERNAL;
1365 goto err;
1366 }
1367
1368 return;
1369 err:
1370 circuit_mark_for_close(TO_CIRCUIT(circuit), reason);
1371 }
1372
1373 /** Called when we get an INTRO_ESTABLISHED cell; mark the circuit as a
1374 * live introduction point, and note that the service descriptor is
1375 * now out-of-date.*/
1376 int
1377 rend_service_intro_established(origin_circuit_t *circuit, const char *request,
1378 size_t request_len)
1379 {
1380 rend_service_t *service;
1381 char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
1382 (void) request;
1383 (void) request_len;
1384
1385 if (circuit->_base.purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
1386 log_warn(LD_PROTOCOL,
1387 "received INTRO_ESTABLISHED cell on non-intro circuit.");
1388 goto err;
1389 }
1390 tor_assert(circuit->rend_data);
1391 service = rend_service_get_by_pk_digest(
1392 circuit->rend_data->rend_pk_digest);
1393 if (!service) {
1394 log_warn(LD_REND, "Unknown service on introduction circuit %d.",
1395 circuit->_base.n_circ_id);
1396 goto err;
1397 }
1398 service->desc_is_dirty = time(NULL);
1399 circuit->_base.purpose = CIRCUIT_PURPOSE_S_INTRO;
1400
1401 base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1,
1402 circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
1403 log_info(LD_REND,
1404 "Received INTRO_ESTABLISHED cell on circuit %d for service %s",
1405 circuit->_base.n_circ_id, serviceid);
1406
1407 return 0;
1408 err:
1409 circuit_mark_for_close(TO_CIRCUIT(circuit), END_CIRC_REASON_TORPROTOCOL);
1410 return -1;
1411 }
1412
1413 /** Called once a circuit to a rendezvous point is established: sends a
1414 * RELAY_COMMAND_RENDEZVOUS1 cell.
1415 */
1416 void
1417 rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
1418 {
1419 rend_service_t *service;
1420 char buf[RELAY_PAYLOAD_SIZE];
1421 crypt_path_t *hop;
1422 char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
1423 char hexcookie[9];
1424 int reason;
1425
1426 tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND);
1427 tor_assert(circuit->cpath);
1428 tor_assert(circuit->build_state);
1429 tor_assert(circuit->rend_data);
1430 hop = circuit->build_state->pending_final_cpath;
1431 tor_assert(hop);
1432
1433 base16_encode(hexcookie,9,circuit->rend_data->rend_cookie,4);
1434 base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
1435 circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
1436
1437 log_info(LD_REND,
1438 "Done building circuit %d to rendezvous with "
1439 "cookie %s for service %s",
1440 circuit->_base.n_circ_id, hexcookie, serviceid);
1441
1442 service = rend_service_get_by_pk_digest(
1443 circuit->rend_data->rend_pk_digest);
1444 if (!service) {
1445 log_warn(LD_GENERAL, "Internal error: unrecognized service ID on "
1446 "introduction circuit.");
1447 reason = END_CIRC_REASON_INTERNAL;
1448 goto err;
1449 }
1450
1451 /* All we need to do is send a RELAY_RENDEZVOUS1 cell... */
1452 memcpy(buf, circuit->rend_data->rend_cookie, REND_COOKIE_LEN);
1453 if (crypto_dh_get_public(hop->dh_handshake_state,
1454 buf+REND_COOKIE_LEN, DH_KEY_LEN)<0) {
1455 log_warn(LD_GENERAL,"Couldn't get DH public key.");
1456 reason = END_CIRC_REASON_INTERNAL;
1457 goto err;
1458 }
1459 memcpy(buf+REND_COOKIE_LEN+DH_KEY_LEN, hop->handshake_digest,
1460 DIGEST_LEN);
1461
1462 /* Send the cell */
1463 if (relay_send_command_from_edge(0, TO_CIRCUIT(circuit),
1464 RELAY_COMMAND_RENDEZVOUS1,
1465 buf, REND_COOKIE_LEN+DH_KEY_LEN+DIGEST_LEN,
1466 circuit->cpath->prev)<0) {
1467 log_warn(LD_GENERAL, "Couldn't send RENDEZVOUS1 cell.");
1468 reason = END_CIRC_REASON_INTERNAL;
1469 goto err;
1470 }
1471
1472 crypto_dh_free(hop->dh_handshake_state);
1473 hop->dh_handshake_state = NULL;
1474
1475 /* Append the cpath entry. */
1476 hop->state = CPATH_STATE_OPEN;
1477 /* set the windows to default. these are the windows
1478 * that bob thinks alice has.
1479 */
1480 hop->package_window = circuit_initial_package_window();
1481 hop->deliver_window = CIRCWINDOW_START;
1482
1483 onion_append_to_cpath(&circuit->cpath, hop);
1484 circuit->build_state->pending_final_cpath = NULL; /* prevent double-free */
1485
1486 /* Change the circuit purpose. */
1487 circuit->_base.purpose = CIRCUIT_PURPOSE_S_REND_JOINED;
1488
1489 return;
1490 err:
1491 circuit_mark_for_close(TO_CIRCUIT(circuit), reason);
1492 }
1493
1494 /*
1495 * Manage introduction points
1496 */
1497
1498 /** Return the (possibly non-open) introduction circuit ending at
1499 * <b>intro</b> for the service whose public key is <b>pk_digest</b>.
1500 * (<b>desc_version</b> is ignored). Return NULL if no such service is
1501 * found.
1502 */
1503 static origin_circuit_t *
1504 find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest)
1505 {
1506 origin_circuit_t *circ = NULL;
1507
1508 tor_assert(intro);
1509 while ((circ = circuit_get_next_by_pk_and_purpose(circ,pk_digest,
1510 CIRCUIT_PURPOSE_S_INTRO))) {
1511 if (!memcmp(circ->build_state->chosen_exit->identity_digest,
1512 intro->extend_info->identity_digest, DIGEST_LEN) &&
1513 circ->rend_data) {
1514 return circ;
1515 }
1516 }
1517
1518 circ = NULL;
1519 while ((circ = circuit_get_next_by_pk_and_purpose(circ,pk_digest,
1520 CIRCUIT_PURPOSE_S_ESTABLISH_INTRO))) {
1521 if (!memcmp(circ->build_state->chosen_exit->identity_digest,
1522 intro->extend_info->identity_digest, DIGEST_LEN) &&
1523 circ->rend_data) {
1524 return circ;
1525 }
1526 }
1527 return NULL;
1528 }
1529
1530 /** Determine the responsible hidden service directories for the
1531 * rend_encoded_v2_service_descriptor_t's in <b>descs</b> and upload them;
1532 * <b>service_id</b> and <b>seconds_valid</b> are only passed for logging
1533 * purposes. */
1534 static void
1535 directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
1536 smartlist_t *descs, const char *service_id,
1537 int seconds_valid)
1538 {
1539 int i, j, failed_upload = 0;
1540 smartlist_t *responsible_dirs = smartlist_create();
1541 smartlist_t *successful_uploads = smartlist_create();
1542 routerstatus_t *hs_dir;
1543 for (i = 0; i < smartlist_len(descs); i++) {
1544 rend_encoded_v2_service_descriptor_t *desc = smartlist_get(descs, i);
1545 /* Determine responsible dirs. */
1546 if (hid_serv_get_responsible_directories(responsible_dirs,
1547 desc->desc_id) < 0) {
1548 log_warn(LD_REND, "Could not determine the responsible hidden service "
1549 "directories to post descriptors to.");
1550 smartlist_free(responsible_dirs);
1551 smartlist_free(successful_uploads);
1552 return;
1553 }
1554 for (j = 0; j < smartlist_len(responsible_dirs); j++) {
1555 char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
1556 char *hs_dir_ip;
1557 hs_dir = smartlist_get(responsible_dirs, j);
1558 if (smartlist_digest_isin(renddesc->successful_uploads,
1559 hs_dir->identity_digest))
1560 /* Don't upload descriptor if we succeeded in doing so last time. */
1561 continue;
1562 if (!router_get_by_digest(hs_dir->identity_digest)) {
1563 log_info(LD_REND, "Not sending publish request for v2 descriptor to "
1564 "hidden service directory '%s'; we don't have its "
1565 "router descriptor. Queuing for later upload.",
1566 hs_dir->nickname);
1567 failed_upload = -1;
1568 continue;
1569 }
1570 /* Send publish request. */
1571 directory_initiate_command_routerstatus(hs_dir,
1572 DIR_PURPOSE_UPLOAD_RENDDESC_V2,
1573 ROUTER_PURPOSE_GENERAL,
1574 1, NULL, desc->desc_str,
1575 strlen(desc->desc_str), 0);
1576 base32_encode(desc_id_base32, sizeof(desc_id_base32),
1577 desc->desc_id, DIGEST_LEN);
1578 hs_dir_ip = tor_dup_ip(hs_dir->addr);
1579 log_info(LD_REND, "Sending publish request for v2 descriptor for "
1580 "service '%s' with descriptor ID '%s' with validity "
1581 "of %d seconds to hidden service directory '%s' on "
1582 "%s:%d.",
1583 safe_str(service_id),
1584 safe_str(desc_id_base32),
1585 seconds_valid,
1586 hs_dir->nickname,
1587 hs_dir_ip,
1588 hs_dir->or_port);
1589 tor_free(hs_dir_ip);
1590 /* Remember successful upload to this router for next time. */
1591 if (!smartlist_digest_isin(successful_uploads, hs_dir->identity_digest))
1592 smartlist_add(successful_uploads, hs_dir->identity_digest);
1593 }
1594 smartlist_clear(responsible_dirs);
1595 }
1596 if (!failed_upload) {
1597 if (renddesc->successful_uploads) {
1598 SMARTLIST_FOREACH(renddesc->successful_uploads, char *, c, tor_free(c););
1599 smartlist_free(renddesc->successful_uploads);
1600 renddesc->successful_uploads = NULL;
1601 }
1602 renddesc->all_uploads_performed = 1;
1603 } else {
1604 /* Remember which routers worked this time, so that we don't upload the
1605 * descriptor to them again. */
1606 if (!renddesc->successful_uploads)
1607 renddesc->successful_uploads = smartlist_create();
1608 SMARTLIST_FOREACH(successful_uploads, const char *, c, {
1609 if (!smartlist_digest_isin(renddesc->successful_uploads, c)) {
1610 char *hsdir_id = tor_memdup(c, DIGEST_LEN);
1611 smartlist_add(renddesc->successful_uploads, hsdir_id);
1612 }
1613 });
1614 }
1615 smartlist_free(responsible_dirs);
1616 smartlist_free(successful_uploads);
1617 }
1618
1619 /** Encode and sign an up-to-date service descriptor for <b>service</b>,
1620 * and upload it/them to the responsible hidden service directories.
1621 */
1622 static void
1623 upload_service_descriptor(rend_service_t *service)
1624 {
1625 time_t now = time(NULL);
1626 int rendpostperiod;
1627 char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
1628 int uploaded = 0;
1629
1630 rendpostperiod = get_options()->RendPostPeriod;
1631
1632 /* Upload descriptor? */
1633 if (get_options()->PublishHidServDescriptors) {
1634 networkstatus_t *c = networkstatus_get_latest_consensus();
1635 if (c && smartlist_len(c->routerstatus_list) > 0) {
1636 int seconds_valid, i, j, num_descs;
1637 smartlist_t *descs = smartlist_create();
1638 smartlist_t *client_cookies = smartlist_create();
1639 /* Either upload a single descriptor (including replicas) or one
1640 * descriptor for each authorized client in case of authorization
1641 * type 'stealth'. */
1642 num_descs = service->auth_type == REND_STEALTH_AUTH ?
1643 smartlist_len(service->clients) : 1;
1644 for (j = 0; j < num_descs; j++) {
1645 crypto_pk_env_t *client_key = NULL;
1646 rend_authorized_client_t *client = NULL;
1647 smartlist_clear(client_cookies);
1648 switch (service->auth_type) {
1649 case REND_NO_AUTH:
1650 /* Do nothing here. */
1651 break;
1652 case REND_BASIC_AUTH:
1653 SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *,
1654 cl, smartlist_add(client_cookies, cl->descriptor_cookie));
1655 break;
1656 case REND_STEALTH_AUTH:
1657 client = smartlist_get(service->clients, j);
1658 client_key = client->client_key;
1659 smartlist_add(client_cookies, client->descriptor_cookie);
1660 break;
1661 }
1662 /* Encode the current descriptor. */
1663 seconds_valid = rend_encode_v2_descriptors(descs, service->desc,
1664 now, 0,
1665 service->auth_type,
1666 client_key,
1667 client_cookies);
1668 if (seconds_valid < 0) {
1669 log_warn(LD_BUG, "Internal error: couldn't encode service "
1670 "descriptor; not uploading.");
1671 smartlist_free(descs);
1672 smartlist_free(client_cookies);
1673 return;
1674 }
1675 /* Post the current descriptors to the hidden service directories. */
1676 rend_get_service_id(service->desc->pk, serviceid);
1677 log_info(LD_REND, "Sending publish request for hidden service %s",
1678 serviceid);
1679 directory_post_to_hs_dir(service->desc, descs, serviceid,
1680 seconds_valid);
1681 /* Free memory for descriptors. */
1682 for (i = 0; i < smartlist_len(descs); i++)
1683 rend_encoded_v2_service_descriptor_free(smartlist_get(descs, i));
1684 smartlist_clear(descs);
1685 /* Update next upload time. */
1686 if (seconds_valid - REND_TIME_PERIOD_OVERLAPPING_V2_DESCS
1687 > rendpostperiod)
1688 service->next_upload_time = now + rendpostperiod;
1689 else if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS)
1690 service->next_upload_time = now + seconds_valid + 1;
1691 else
1692 service->next_upload_time = now + seconds_valid -
1693 REND_TIME_PERIOD_OVERLAPPING_V2_DESCS + 1;
1694 /* Post also the next descriptors, if necessary. */
1695 if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS) {
1696 seconds_valid = rend_encode_v2_descriptors(descs, service->desc,
1697 now, 1,
1698 service->auth_type,
1699 client_key,
1700 client_cookies);
1701 if (seconds_valid < 0) {
1702 log_warn(LD_BUG, "Internal error: couldn't encode service "
1703 "descriptor; not uploading.");
1704 smartlist_free(descs);
1705 smartlist_free(client_cookies);
1706 return;
1707 }
1708 directory_post_to_hs_dir(service->desc, descs, serviceid,
1709 seconds_valid);
1710 /* Free memory for descriptors. */
1711 for (i = 0; i < smartlist_len(descs); i++)
1712 rend_encoded_v2_service_descriptor_free(smartlist_get(descs, i));
1713 smartlist_clear(descs);
1714 }
1715 }
1716 smartlist_free(descs);
1717 smartlist_free(client_cookies);
1718 uploaded = 1;
1719 log_info(LD_REND, "Successfully uploaded v2 rend descriptors!");
1720 }
1721 }
1722
1723 /* If not uploaded, try again in one minute. */
1724 if (!uploaded)
1725 service->next_upload_time = now + 60;
1726
1727 /* Unmark dirty flag of this service. */
1728 service->desc_is_dirty = 0;
1729 }
1730
1731 /** For every service, check how many intro points it currently has, and:
1732 * - Pick new intro points as necessary.
1733 * - Launch circuits to any new intro points.
1734 */
1735 void
1736 rend_services_introduce(void)
1737 {
1738 int i,j,r;
1739 routerinfo_t *router;
1740 rend_service_t *service;
1741 rend_intro_point_t *intro;
1742 int changed, prev_intro_nodes;
1743 smartlist_t *intro_routers;
1744 time_t now;
1745 or_options_t *options = get_options();
1746
1747 intro_routers = smartlist_create();
1748 now = time(NULL);
1749
1750 for (i=0; i < smartlist_len(rend_service_list); ++i) {
1751 smartlist_clear(intro_routers);
1752 service = smartlist_get(rend_service_list, i);
1753
1754 tor_assert(service);
1755 changed = 0;
1756 if (now > service->intro_period_started+INTRO_CIRC_RETRY_PERIOD) {
1757 /* One period has elapsed; we can try building circuits again. */
1758 service->intro_period_started = now;
1759 service->n_intro_circuits_launched = 0;
1760 } else if (service->n_intro_circuits_launched >=
1761 MAX_INTRO_CIRCS_PER_PERIOD) {
1762 /* We have failed too many times in this period; wait for the next
1763 * one before we try again. */
1764 continue;
1765 }
1766
1767 /* Find out which introduction points we have in progress for this
1768 service. */
1769 for (j=0; j < smartlist_len(service->intro_nodes); ++j) {
1770 intro = smartlist_get(service->intro_nodes, j);
1771 router = router_get_by_digest(intro->extend_info->identity_digest);
1772 if (!router || !find_intro_circuit(intro, service->pk_digest)) {
1773 log_info(LD_REND,"Giving up on %s as intro point for %s.",
1774 intro->extend_info->nickname, service->service_id);
1775 if (service->desc) {
1776 SMARTLIST_FOREACH(service->desc->intro_nodes, rend_intro_point_t *,
1777 dintro, {
1778 if (!memcmp(dintro->extend_info->identity_digest,
1779 intro->extend_info->identity_digest, DIGEST_LEN)) {
1780 log_info(LD_REND, "The intro point we are giving up on was "
1781 "included in the last published descriptor. "
1782 "Marking current descriptor as dirty.");
1783 service->desc_is_dirty = now;
1784 }
1785 });
1786 }
1787 rend_intro_point_free(intro);
1788 smartlist_del(service->intro_nodes,j--);
1789 changed = 1;
1790 }
1791 if (router)
1792 smartlist_add(intro_routers, router);
1793 }
1794
1795 /* We have enough intro points, and the intro points we thought we had were
1796 * all connected.
1797 */
1798 if (!changed && smartlist_len(service->intro_nodes) >= NUM_INTRO_POINTS) {
1799 /* We have all our intro points! Start a fresh period and reset the
1800 * circuit count. */
1801 service->intro_period_started = now;
1802 service->n_intro_circuits_launched = 0;
1803 continue;
1804 }
1805
1806 /* Remember how many introduction circuits we started with. */
1807 prev_intro_nodes = smartlist_len(service->intro_nodes);
1808 /* We have enough directory information to start establishing our
1809 * intro points. We want to end up with three intro points, but if
1810 * we're just starting, we launch five and pick the first three that
1811 * complete.
1812 *
1813 * The ones after the first three will be converted to 'general'
1814 * internal circuits in rend_service_intro_has_opened(), and then
1815 * we'll drop them from the list of intro points next time we
1816 * go through the above "find out which introduction points we have
1817 * in progress" loop. */
1818 #define NUM_INTRO_POINTS_INIT (NUM_INTRO_POINTS + 2)
1819 for (j=prev_intro_nodes; j < (prev_intro_nodes == 0 ?
1820 NUM_INTRO_POINTS_INIT : NUM_INTRO_POINTS); ++j) {
1821 router_crn_flags_t flags = CRN_NEED_UPTIME;
1822 if (get_options()->_AllowInvalid & ALLOW_INVALID_INTRODUCTION)
1823 flags |= CRN_ALLOW_INVALID;
1824 router = router_choose_random_node(NULL, intro_routers,
1825 options->ExcludeNodes, flags);
1826 if (!router) {
1827 log_warn(LD_REND,
1828 "Could only establish %d introduction points for %s.",
1829 smartlist_len(service->intro_nodes), service->service_id);
1830 break;
1831 }
1832 changed = 1;
1833 smartlist_add(intro_routers, router);
1834 intro = tor_malloc_zero(sizeof(rend_intro_point_t));
1835 intro->extend_info = extend_info_from_router(router);
1836 intro->intro_key = crypto_new_pk_env();
1837 tor_assert(!crypto_pk_generate_key(intro->intro_key));
1838 smartlist_add(service->intro_nodes, intro);
1839 log_info(LD_REND, "Picked router %s as an intro point for %s.",
1840 router->nickname, service->service_id);
1841 }
1842
1843 /* If there's no need to launch new circuits, stop here. */
1844 if (!changed)
1845 continue;
1846
1847 /* Establish new introduction points. */
1848 for (j=prev_intro_nodes; j < smartlist_len(service->intro_nodes); ++j) {
1849 intro = smartlist_get(service->intro_nodes, j);
1850 r = rend_service_launch_establish_intro(service, intro);
1851 if (r<0) {
1852 log_warn(LD_REND, "Error launching circuit to node %s for service %s.",
1853 intro->extend_info->nickname, service->service_id);
1854 }
1855 }
1856 }
1857 smartlist_free(intro_routers);
1858 }
1859
1860 /** Regenerate and upload rendezvous service descriptors for all
1861 * services, if necessary. If the descriptor has been dirty enough
1862 * for long enough, definitely upload; else only upload when the
1863 * periodic timeout has expired.
1864 *
1865 * For the first upload, pick a random time between now and two periods
1866 * from now, and pick it independently for each service.
1867 */
1868 void
1869 rend_consider_services_upload(time_t now)
1870 {
1871 int i;
1872 rend_service_t *service;
1873 int rendpostperiod = get_options()->RendPostPeriod;
1874
1875 if (!get_options()->PublishHidServDescriptors)
1876 return;
1877
1878 for (i=0; i < smartlist_len(rend_service_list); ++i) {
1879 service = smartlist_get(rend_service_list, i);
1880 if (!service->next_upload_time) { /* never been uploaded yet */
1881 /* The fixed lower bound of 30 seconds ensures that the descriptor
1882 * is stable before being published. See comment below. */
1883 service->next_upload_time =
1884 now + 30 + crypto_rand_int(2*rendpostperiod);
1885 }
1886 if (service->next_upload_time < now ||
1887 (service->desc_is_dirty &&
1888 service->desc_is_dirty < now-30)) {
1889 /* if it's time, or if the directory servers have a wrong service
1890 * descriptor and ours has been stable for 30 seconds, upload a
1891 * new one of each format. */
1892 rend_service_update_descriptor(service);
1893 upload_service_descriptor(service);
1894 }
1895 }
1896 }
1897
1898 /** True if the list of available router descriptors might have changed so
1899 * that we should have a look whether we can republish previously failed
1900 * rendezvous service descriptors. */
1901 static int consider_republishing_rend_descriptors = 1;
1902
1903 /** Called when our internal view of the directory has changed, so that we
1904 * might have router descriptors of hidden service directories available that
1905 * we did not have before. */
1906 void
1907 rend_hsdir_routers_changed(void)
1908 {
1909 consider_republishing_rend_descriptors = 1;
1910 }
1911
1912 /** Consider republication of v2 rendezvous service descriptors that failed
1913 * previously, but without regenerating descriptor contents.
1914 */
1915 void
1916 rend_consider_descriptor_republication(void)
1917 {
1918 int i;
1919 rend_service_t *service;
1920
1921 if (!consider_republishing_rend_descriptors)
1922 return;
1923 consider_republishing_rend_descriptors = 0;
1924
1925 if (!get_options()->PublishHidServDescriptors)
1926 return;
1927
1928 for (i=0; i < smartlist_len(rend_service_list); ++i) {
1929 service = smartlist_get(rend_service_list, i);
1930 if (service->desc && !service->desc->all_uploads_performed) {
1931 /* If we failed in uploading a descriptor last time, try again *without*
1932 * updating the descriptor's contents. */
1933 upload_service_descriptor(service);
1934 }
1935 }
1936 }
1937
1938 /** Log the status of introduction points for all rendezvous services
1939 * at log severity <b>severity</b>.
1940 */
1941 void
1942 rend_service_dump_stats(int severity)
1943 {
1944 int i,j;
1945 rend_service_t *service;
1946 rend_intro_point_t *intro;
1947 const char *safe_name;
1948 origin_circuit_t *circ;
1949
1950 for (i=0; i < smartlist_len(rend_service_list); ++i) {
1951 service = smartlist_get(rend_service_list, i);
1952 log(severity, LD_GENERAL, "Service configured in \"%s\":",
1953 service->directory);
1954 for (j=0; j < smartlist_len(service->intro_nodes); ++j) {
1955 intro = smartlist_get(service->intro_nodes, j);
1956 safe_name = safe_str(intro->extend_info->nickname);
1957
1958 circ = find_intro_circuit(intro, service->pk_digest);
1959 if (!circ) {
1960 log(severity, LD_GENERAL, " Intro point %d at %s: no circuit",
1961 j, safe_name);
1962 continue;
1963 }
1964 log(severity, LD_GENERAL, " Intro point %d at %s: circuit is %s",
1965 j, safe_name, circuit_state_to_string(circ->_base.state));
1966 }
1967 }
1968 }
1969
1970 /** Given <b>conn</b>, a rendezvous exit stream, look up the hidden service for
1971 * 'circ', and look up the port and address based on conn-\>port.
1972 * Assign the actual conn-\>addr and conn-\>port. Return -1 if failure,
1973 * or 0 for success.
1974 */
1975 int
1976 rend_service_set_connection_addr_port(edge_connection_t *conn,
1977 origin_circuit_t *circ)
1978 {
1979 rend_service_t *service;
1980 char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
1981 smartlist_t *matching_ports;
1982 rend_service_port_config_t *chosen_port;
1983
1984 tor_assert(circ->_base.purpose == CIRCUIT_PURPOSE_S_REND_JOINED);
1985 tor_assert(circ->rend_data);
1986 log_debug(LD_REND,"beginning to hunt for addr/port");
1987 base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
1988 circ->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
1989 service = rend_service_get_by_pk_digest(
1990 circ->rend_data->rend_pk_digest);
1991 if (!service) {
1992 log_warn(LD_REND, "Couldn't find any service associated with pk %s on "
1993 "rendezvous circuit %d; closing.",
1994 serviceid, circ->_base.n_circ_id);
1995 return -1;
1996 }
1997 matching_ports = smartlist_create();
1998 SMARTLIST_FOREACH(service->ports, rend_service_port_config_t *, p,
1999 {
2000 if (conn->_base.port == p->virtual_port) {
2001 smartlist_add(matching_ports, p);
2002 }
2003 });
2004 chosen_port = smartlist_choose(matching_ports);
2005 smartlist_free(matching_ports);
2006 if (chosen_port) {
2007 tor_addr_copy(&conn->_base.addr, &chosen_port->real_addr);
2008 conn->_base.port = chosen_port->real_port;
2009 return 0;
2010 }
2011 log_info(LD_REND, "No virtual port mapping exists for port %d on service %s",
2012 conn->_base.port,serviceid);
2013 return -1;
2014 }
2015