dirclient.c 116 KB
Newer Older
1
2
/* Copyright (c) 2001-2004, Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
3
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
Roger Dingledine's avatar
Roger Dingledine committed
4
/* See LICENSE for licensing information */
5

6
#define DIRCLIENT_PRIVATE
7

8
#include "core/or/or.h"
9

10
11
#include "app/config/config.h"
#include "core/mainloop/connection.h"
12
#include "core/mainloop/mainloop.h"
13
#include "core/or/connection_edge.h"
14
15
16
#include "core/or/policies.h"
#include "feature/client/bridges.h"
#include "feature/client/entrynodes.h"
17
#include "feature/control/control.h"
18
#include "feature/dirauth/authmode.h"
19
20
#include "feature/dirauth/dirvote.h"
#include "feature/dirauth/shared_random.h"
21
#include "feature/dircache/dirserv.h"
22
23
24
25
#include "feature/dirclient/dirclient.h"
#include "feature/dirclient/dlstatus.h"
#include "feature/dircommon/consdiff.h"
#include "feature/dircommon/directory.h"
26
27
28
#include "feature/dircommon/fp_pair.h"
#include "feature/hs/hs_cache.h"
#include "feature/hs/hs_client.h"
29
30
#include "feature/hs/hs_control.h"
#include "feature/nodelist/authcert.h"
31
#include "feature/nodelist/describe.h"
32
#include "feature/nodelist/dirlist.h"
33
34
#include "feature/nodelist/microdesc.h"
#include "feature/nodelist/networkstatus.h"
35
#include "feature/nodelist/node_select.h"
36
#include "feature/nodelist/nodelist.h"
37
#include "feature/nodelist/routerinfo.h"
38
39
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/routerset.h"
40
#include "feature/relay/routermode.h"
41
#include "feature/relay/selftest.h"
42
#include "feature/rend/rendcache.h"
43
44
45
#include "feature/rend/rendclient.h"
#include "feature/rend/rendcommon.h"
#include "feature/rend/rendservice.h"
46
#include "feature/stats/predict_ports.h"
47

48
#include "lib/compress/compress.h"
49
#include "lib/crypt_ops/crypto_format.h"
50
51
52
#include "lib/crypt_ops/crypto_util.h"
#include "lib/encoding/confline.h"
#include "lib/err/backtrace.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
53

54
#include "core/or/entry_connection_st.h"
55
56
#include "feature/dircache/cached_dir_st.h"
#include "feature/dirclient/dir_server_st.h"
57
#include "feature/dircommon/dir_connection_st.h"
58
59
60
#include "feature/nodelist/networkstatus_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/routerinfo_st.h"
61
#include "feature/rend/rend_service_descriptor_st.h"
62

63
64
65
66
67
68
/** Maximum size, in bytes, for any directory object that we've downloaded. */
#define MAX_DIR_DL_SIZE ((1<<24)-1) /* 16 MB - 1 */

/** How far in the future do we allow a directory server to tell us it is
 * before deciding that one of us has the wrong time? */
#define ALLOW_DIRECTORY_TIME_SKEW (30*60)
69

70
static int body_is_plausible(const char *body, size_t body_len, int purpose);
71
static void connection_dir_download_routerdesc_failed(dir_connection_t *conn);
72
static void connection_dir_bridge_routerdesc_failed(dir_connection_t *conn);
73
74
static void connection_dir_download_cert_failed(
                               dir_connection_t *conn, int status_code);
75
static void connection_dir_retry_bridges(smartlist_t *descs);
76
static void dir_routerdesc_download_failed(smartlist_t *failed,
77
                                           int status_code,
78
                                           int router_purpose,
79
80
                                           int was_extrainfo,
                                           int was_descriptor_digests);
81
static void dir_microdesc_download_failed(smartlist_t *failed,
82
83
                                          int status_code,
                                          const char *dir_id);
84
85
86
static void directory_send_command(dir_connection_t *conn,
                                   const int direct,
                                   const directory_request_t *req);
87
88
89
static void connection_dir_close_consensus_fetches(
                   dir_connection_t *except_this_one, const char *resource);

90
/** Return a string describing a given directory connection purpose. */
91
STATIC const char *
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
dir_conn_purpose_to_string(int purpose)
{
  switch (purpose)
    {
    case DIR_PURPOSE_UPLOAD_DIR:
      return "server descriptor upload";
    case DIR_PURPOSE_UPLOAD_VOTE:
      return "server vote upload";
    case DIR_PURPOSE_UPLOAD_SIGNATURES:
      return "consensus signature upload";
    case DIR_PURPOSE_FETCH_SERVERDESC:
      return "server descriptor fetch";
    case DIR_PURPOSE_FETCH_EXTRAINFO:
      return "extra-info fetch";
    case DIR_PURPOSE_FETCH_CONSENSUS:
      return "consensus network-status fetch";
    case DIR_PURPOSE_FETCH_CERTIFICATE:
      return "authority cert fetch";
    case DIR_PURPOSE_FETCH_STATUS_VOTE:
      return "status vote fetch";
    case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
      return "consensus signature fetch";
114
115
116
117
    case DIR_PURPOSE_FETCH_RENDDESC_V2:
      return "hidden-service v2 descriptor fetch";
    case DIR_PURPOSE_UPLOAD_RENDDESC_V2:
      return "hidden-service v2 descriptor upload";
118
119
120
121
    case DIR_PURPOSE_FETCH_HSDESC:
      return "hidden-service descriptor fetch";
    case DIR_PURPOSE_UPLOAD_HSDESC:
      return "hidden-service descriptor upload";
122
123
    case DIR_PURPOSE_FETCH_MICRODESC:
      return "microdescriptor fetch";
124
125
126
127
128
129
    }

  log_warn(LD_BUG, "Called with unknown purpose %d", purpose);
  return "(unknown)";
}

130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
/** Return the requisite directory information types. */
STATIC dirinfo_type_t
dir_fetch_type(int dir_purpose, int router_purpose, const char *resource)
{
  dirinfo_type_t type;
  switch (dir_purpose) {
    case DIR_PURPOSE_FETCH_EXTRAINFO:
      type = EXTRAINFO_DIRINFO;
      if (router_purpose == ROUTER_PURPOSE_BRIDGE)
        type |= BRIDGE_DIRINFO;
      else
        type |= V3_DIRINFO;
      break;
    case DIR_PURPOSE_FETCH_SERVERDESC:
      if (router_purpose == ROUTER_PURPOSE_BRIDGE)
        type = BRIDGE_DIRINFO;
      else
        type = V3_DIRINFO;
      break;
    case DIR_PURPOSE_FETCH_STATUS_VOTE:
    case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
    case DIR_PURPOSE_FETCH_CERTIFICATE:
      type = V3_DIRINFO;
      break;
    case DIR_PURPOSE_FETCH_CONSENSUS:
      type = V3_DIRINFO;
      if (resource && !strcmp(resource, "microdesc"))
        type |= MICRODESC_DIRINFO;
      break;
    case DIR_PURPOSE_FETCH_MICRODESC:
      type = MICRODESC_DIRINFO;
      break;
    default:
      log_warn(LD_BUG, "Unexpected purpose %d", (int)dir_purpose);
      type = NO_DIRINFO;
      break;
  }
  return type;
}

170
171
172
/** Return true iff <b>identity_digest</b> is the digest of a router which
 * says that it caches extrainfos.  (If <b>is_authority</b> we always
 * believe that to be true.) */
173
174
175
int
router_supports_extrainfo(const char *identity_digest, int is_authority)
{
176
  const node_t *node = node_get_by_id(identity_digest);
177

Nick Mathewson's avatar
Nick Mathewson committed
178
  if (node && node->ri) {
179
    if (node->ri->caches_extra_info)
180
181
182
      return 1;
  }
  if (is_authority) {
183
    return 1;
184
185
186
187
  }
  return 0;
}

188
189
190
191
192
193
194
195
/** Return true iff any trusted directory authority has accepted our
 * server descriptor.
 *
 * We consider any authority sufficient because waiting for all of
 * them means it never happens while any authority is down; we don't
 * go for something more complex in the middle (like \>1/3 or \>1/2 or
 * \>=1/2) because that doesn't seem necessary yet.
 */
196
197
198
int
directories_have_accepted_server_descriptor(void)
{
199
  const smartlist_t *servers = router_get_trusted_dir_servers();
200
  const or_options_t *options = get_options();
201
  SMARTLIST_FOREACH(servers, dir_server_t *, d, {
202
    if ((d->type & options->PublishServerDescriptor_) &&
203
204
        d->has_accepted_serverdesc) {
      return 1;
205
206
    }
  });
207
  return 0;
208
209
}

210
/** Start a connection to every suitable directory authority, using
211
212
 * connection purpose <b>dir_purpose</b> and uploading <b>payload</b>
 * (of length <b>payload_len</b>). The dir_purpose should be one of
213
 * 'DIR_PURPOSE_UPLOAD_{DIR|VOTE|SIGNATURES}'.
214
 *
215
216
217
 * <b>router_purpose</b> describes the type of descriptor we're
 * publishing, if we're publishing a descriptor -- e.g. general or bridge.
 *
218
 * <b>type</b> specifies what sort of dir authorities (V3,
219
 * BRIDGE, etc) we should upload to.
220
 *
221
222
223
224
225
 * If <b>extrainfo_len</b> is nonzero, the first <b>payload_len</b> bytes of
 * <b>payload</b> hold a router descriptor, and the next <b>extrainfo_len</b>
 * bytes of <b>payload</b> hold an extra-info document.  Upload the descriptor
 * to all authorities, and the extra-info document to all authorities that
 * support it.
Roger Dingledine's avatar
Roger Dingledine committed
226
227
 */
void
228
directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
229
                             dirinfo_type_t type,
230
                             const char *payload,
231
                             size_t payload_len, size_t extrainfo_len)
Roger Dingledine's avatar
Roger Dingledine committed
232
{
233
  const or_options_t *options = get_options();
234
  dir_indirection_t indirection;
235
  const smartlist_t *dirservers = router_get_trusted_dir_servers();
236
  int found = 0;
237
238
  const int exclude_self = (dir_purpose == DIR_PURPOSE_UPLOAD_VOTE ||
                            dir_purpose == DIR_PURPOSE_UPLOAD_SIGNATURES);
239
  tor_assert(dirservers);
Nick Mathewson's avatar
Nick Mathewson committed
240
241
242
  /* This tries dirservers which we believe to be down, but ultimately, that's
   * harmless, and we may as well err on the side of getting things uploaded.
   */
243
  SMARTLIST_FOREACH_BEGIN(dirservers, dir_server_t *, ds) {
244
      routerstatus_t *rs = &(ds->fake_status);
245
      size_t upload_len = payload_len;
246
247

      if ((type & ds->type) == 0)
248
        continue;
249

250
251
252
253
      if (exclude_self && router_digest_is_me(ds->digest)) {
        /* we don't upload to ourselves, but at least there's now at least
         * one authority of this type that has what we wanted to upload. */
        found = 1;
254
        continue;
255
      }
256

257
      if (options->StrictNodes &&
258
          routerset_contains_routerstatus(options->ExcludeNodes, rs, -1)) {
259
260
261
262
263
264
265
266
        log_warn(LD_DIR, "Wanted to contact authority '%s' for %s, but "
                 "it's in our ExcludedNodes list and StrictNodes is set. "
                 "Skipping.",
                 ds->nickname,
                 dir_conn_purpose_to_string(dir_purpose));
        continue;
      }

267
      found = 1; /* at least one authority of this type was listed */
268
      if (dir_purpose == DIR_PURPOSE_UPLOAD_DIR)
269
        ds->has_accepted_serverdesc = 0;
270

271
      if (extrainfo_len && router_supports_extrainfo(ds->digest, 1)) {
272
        upload_len += extrainfo_len;
273
        log_info(LD_DIR, "Uploading an extrainfo too (length %d)",
274
                 (int) extrainfo_len);
275
      }
276
      if (purpose_needs_anonymity(dir_purpose, router_purpose, NULL)) {
277
        indirection = DIRIND_ANONYMOUS;
278
279
280
281
      } else if (!fascist_firewall_allows_dir_server(ds,
                                                     FIREWALL_DIR_CONNECTION,
                                                     0)) {
        if (fascist_firewall_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0))
282
283
284
285
286
287
          indirection = DIRIND_ONEHOP;
        else
          indirection = DIRIND_ANONYMOUS;
      } else {
        indirection = DIRIND_DIRECT_CONN;
      }
288
289
290
291
292
293
294
295

      directory_request_t *req = directory_request_new(dir_purpose);
      directory_request_set_routerstatus(req, rs);
      directory_request_set_router_purpose(req, router_purpose);
      directory_request_set_indirection(req, indirection);
      directory_request_set_payload(req, payload, upload_len);
      directory_initiate_request(req);
      directory_request_free(req);
296
  } SMARTLIST_FOREACH_END(ds);
297
  if (!found) {
298
    char *s = authdir_type_to_string(type);
299
    log_warn(LD_DIR, "Publishing server descriptor to directory authorities "
300
301
             "of type '%s', but no authorities of that type listed!", s);
    tor_free(s);
302
  }
Roger Dingledine's avatar
Roger Dingledine committed
303
304
}

305
306
/** Return true iff, according to the values in <b>options</b>, we should be
 * using directory guards for direct downloads of directory information. */
307
STATIC int
308
309
310
311
312
should_use_directory_guards(const or_options_t *options)
{
  /* Public (non-bridge) servers never use directory guards. */
  if (public_server_mode(options))
    return 0;
Nick Mathewson's avatar
Nick Mathewson committed
313
  /* If guards are disabled, we can't use directory guards.
314
   */
Nick Mathewson's avatar
Nick Mathewson committed
315
  if (!options->UseEntryGuards)
316
317
318
319
    return 0;
  /* If we're configured to fetch directory info aggressively or of a
   * nonstandard type, don't use directory guards. */
  if (options->DownloadExtraInfo || options->FetchDirInfoEarly ||
320
      options->FetchDirInfoExtraEarly || options->FetchUselessDescriptors)
321
322
323
324
    return 0;
  return 1;
}

Roger Dingledine's avatar
Roger Dingledine committed
325
/** Pick an unconstrained directory server from among our guards, the latest
326
327
 * networkstatus, or the fallback dirservers, for use in downloading
 * information of type <b>type</b>, and return its routerstatus. */
328
329
static const routerstatus_t *
directory_pick_generic_dirserver(dirinfo_type_t type, int pds_flags,
330
331
                                 uint8_t dir_purpose,
                                 circuit_guard_state_t **guard_state_out)
332
{
333
  const routerstatus_t *rs = NULL;
334
  const or_options_t *options = get_options();
335

336
337
338
339
  if (options->UseBridges)
    log_warn(LD_BUG, "Called when we have UseBridges set.");

  if (should_use_directory_guards(options)) {
340
    const node_t *node = guards_choose_dirguard(dir_purpose, guard_state_out);
341
342
343
344
345
346
    if (node)
      rs = node->rs;
  } else {
    /* anybody with a non-zero dirport will do */
    rs = router_pick_directory_server(type, pds_flags);
  }
347
348
349
350
351
352
353
354
355
  if (!rs) {
    log_info(LD_DIR, "No router found for %s; falling back to "
             "dirserver list.", dir_conn_purpose_to_string(dir_purpose));
    rs = router_pick_fallback_dirserver(type, pds_flags);
  }

  return rs;
}

356
357
358
/**
 * Set the extra fields in <b>req</b> that are used when requesting a
 * consensus of type <b>resource</b>.
359
360
 *
 * Right now, these fields are if-modified-since and x-or-diff-from-consensus.
Roger Dingledine's avatar
Roger Dingledine committed
361
 */
362
363
364
static void
dir_consensus_request_set_additional_headers(directory_request_t *req,
                                             const char *resource)
Roger Dingledine's avatar
Roger Dingledine committed
365
{
366
  time_t if_modified_since = 0;
367
368
  uint8_t or_diff_from[DIGEST256_LEN];
  int or_diff_from_is_set = 0;
369

370
371
372
373
  /* DEFAULT_IF_MODIFIED_SINCE_DELAY is 1/20 of the default consensus
   * period of 1 hour.
   */
  const int DEFAULT_IF_MODIFIED_SINCE_DELAY = 180;
374
375
376
377
378
  const int32_t DEFAULT_TRY_DIFF_FOR_CONSENSUS_NEWER = 72;
  const int32_t MIN_TRY_DIFF_FOR_CONSENSUS_NEWER = 0;
  const int32_t MAX_TRY_DIFF_FOR_CONSENSUS_NEWER = 8192;
  const char TRY_DIFF_FOR_CONSENSUS_NEWER_NAME[] =
    "try-diff-for-consensus-newer-than";
379

380
381
382
383
  int flav = FLAV_NS;
  if (resource)
    flav = networkstatus_parse_flavor_name(resource);

384
385
386
387
388
389
390
  int32_t max_age_for_diff = 3600 *
    networkstatus_get_param(NULL,
                            TRY_DIFF_FOR_CONSENSUS_NEWER_NAME,
                            DEFAULT_TRY_DIFF_FOR_CONSENSUS_NEWER,
                            MIN_TRY_DIFF_FOR_CONSENSUS_NEWER,
                            MAX_TRY_DIFF_FOR_CONSENSUS_NEWER);

391
392
393
  if (flav != -1) {
    /* IF we have a parsed consensus of this type, we can do an
     * if-modified-time based on it. */
394
    networkstatus_t *v;
395
396
397
398
399
400
401
402
403
    v = networkstatus_get_latest_consensus_by_flavor(flav);
    if (v) {
      /* In networks with particularly short V3AuthVotingIntervals,
       * ask for the consensus if it's been modified since half the
       * V3AuthVotingInterval of the most recent consensus. */
      time_t ims_delay = DEFAULT_IF_MODIFIED_SINCE_DELAY;
      if (v->fresh_until > v->valid_after
          && ims_delay > (v->fresh_until - v->valid_after)/2) {
        ims_delay = (v->fresh_until - v->valid_after)/2;
404
      }
405
      if_modified_since = v->valid_after + ims_delay;
406
407
408
409
      if (v->valid_after >= approx_time() - max_age_for_diff) {
        memcpy(or_diff_from, v->digest_sha3_as_signed, DIGEST256_LEN);
        or_diff_from_is_set = 1;
      }
410
    }
411
412
413
414
415
416
  } else {
    /* Otherwise it might be a consensus we don't parse, but which we
     * do cache.  Look at the cached copy, perhaps. */
    cached_dir_t *cd = dirserv_get_consensus(resource);
    /* We have no method of determining the voting interval from an
     * unparsed consensus, so we use the default. */
417
    if (cd) {
418
      if_modified_since = cd->published + DEFAULT_IF_MODIFIED_SINCE_DELAY;
419
420
421
422
      if (cd->published >= approx_time() - max_age_for_diff) {
        memcpy(or_diff_from, cd->digest_sha3_as_signed, DIGEST256_LEN);
        or_diff_from_is_set = 1;
      }
423
    }
424
  }
425

426
427
428
429
430
431
432
433
  if (if_modified_since > 0)
    directory_request_set_if_modified_since(req, if_modified_since);
  if (or_diff_from_is_set) {
    char hex[HEX_DIGEST256_LEN + 1];
    base16_encode(hex, sizeof(hex),
                  (const char*)or_diff_from, sizeof(or_diff_from));
    directory_request_add_header(req, X_OR_DIFF_FROM_CONSENSUS_HEADER, hex);
  }
434
435
436
437
438
439
440
}
/** Start a connection to a random running directory server, using
 * connection purpose <b>dir_purpose</b>, intending to fetch descriptors
 * of purpose <b>router_purpose</b>, and requesting <b>resource</b>.
 * Use <b>pds_flags</b> as arguments to router_pick_directory_server()
 * or router_pick_trusteddirserver().
 */
441
442
MOCK_IMPL(void,
directory_get_from_dirserver,(
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
                            uint8_t dir_purpose,
                            uint8_t router_purpose,
                            const char *resource,
                            int pds_flags,
                            download_want_authority_t want_authority))
{
  const routerstatus_t *rs = NULL;
  const or_options_t *options = get_options();
  int prefer_authority = (directory_fetches_from_authorities(options)
                          || want_authority == DL_WANT_AUTHORITY);
  int require_authority = 0;
  int get_via_tor = purpose_needs_anonymity(dir_purpose, router_purpose,
                                            resource);
  dirinfo_type_t type = dir_fetch_type(dir_purpose, router_purpose, resource);

  if (type == NO_DIRINFO)
    return;
460

461
  if (!options->FetchServerDescriptors)
462
463
    return;

464
  circuit_guard_state_t *guard_state = NULL;
465
  if (!get_via_tor) {
teor's avatar
teor committed
466
    if (options->UseBridges && !(type & BRIDGE_DIRINFO)) {
467
468
      /* We want to ask a running bridge for which we have a descriptor.
       *
469
470
471
       * When we ask choose_random_entry() for a bridge, we specify what
       * sort of dir fetch we'll be doing, so it won't return a bridge
       * that can't answer our question.
472
       */
473
      const node_t *node = guards_choose_dirguard(dir_purpose, &guard_state);
474
475
476
      if (node && node->ri) {
        /* every bridge has a routerinfo. */
        routerinfo_t *ri = node->ri;
477
478
        /* clients always make OR connections to bridges */
        tor_addr_port_t or_ap;
479
        directory_request_t *req = directory_request_new(dir_purpose);
480
481
482
        /* we are willing to use a non-preferred address if we need to */
        fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0,
                                             &or_ap);
483
484
485
486
487
        directory_request_set_or_addr_port(req, &or_ap);
        directory_request_set_directory_id_digest(req,
                                            ri->cache_info.identity_digest);
        directory_request_set_router_purpose(req, router_purpose);
        directory_request_set_resource(req, resource);
488
489
        if (dir_purpose == DIR_PURPOSE_FETCH_CONSENSUS)
          dir_consensus_request_set_additional_headers(req, resource);
490
491
492
        directory_request_set_guard_state(req, guard_state);
        directory_initiate_request(req);
        directory_request_free(req);
493
494
495
496
      } else {
        if (guard_state) {
          entry_guard_cancel(&guard_state);
        }
497
498
        log_notice(LD_DIR, "Ignoring directory request, since no bridge "
                           "nodes are available yet.");
499
500
      }

501
502
      return;
    } else {
teor's avatar
teor committed
503
      if (prefer_authority || (type & BRIDGE_DIRINFO)) {
504
        /* only ask authdirservers, and don't ask myself */
505
        rs = router_pick_trusteddirserver(type, pds_flags);
506
507
        if (rs == NULL && (pds_flags & (PDS_NO_EXISTING_SERVERDESC_FETCH|
                                        PDS_NO_EXISTING_MICRODESC_FETCH))) {
508
509
510
511
512
513
514
          /* We don't want to fetch from any authorities that we're currently
           * fetching server descriptors from, and we got no match.  Did we
           * get no match because all the authorities have connections
           * fetching server descriptors (in which case we should just
           * return,) or because all the authorities are down or on fire or
           * unreachable or something (in which case we should go on with
           * our fallback code)? */
515
516
          pds_flags &= ~(PDS_NO_EXISTING_SERVERDESC_FETCH|
                         PDS_NO_EXISTING_MICRODESC_FETCH);
517
518
519
520
521
522
523
          rs = router_pick_trusteddirserver(type, pds_flags);
          if (rs) {
            log_debug(LD_DIR, "Deferring serverdesc fetch: all authorities "
                      "are in use.");
            return;
          }
        }
524
525
526
527
528
        if (rs == NULL && require_authority) {
          log_info(LD_DIR, "No authorities were available for %s: will try "
                   "later.", dir_conn_purpose_to_string(dir_purpose));
          return;
        }
529
      }
teor's avatar
teor committed
530
      if (!rs && !(type & BRIDGE_DIRINFO)) {
531
        rs = directory_pick_generic_dirserver(type, pds_flags,
532
533
                                              dir_purpose,
                                              &guard_state);
534
        if (!rs)
535
          get_via_tor = 1; /* last resort: try routing it via Tor */
536
      }
537
    }
538
539
540
  }

  if (get_via_tor) {
541
    /* Never use fascistfirewall; we're going via Tor. */
Arlo Breault's avatar
Arlo Breault committed
542
543
    pds_flags |= PDS_IGNORE_FASCISTFIREWALL;
    rs = router_pick_directory_server(type, pds_flags);
544
545
  }

teor's avatar
teor committed
546
547
548
  /* If we have any hope of building an indirect conn, we know some router
   * descriptors.  If (rs==NULL), we can't build circuits anyway, so
   * there's no point in falling back to the authorities in this case. */
549
550
551
  if (rs) {
    const dir_indirection_t indirection =
      get_via_tor ? DIRIND_ANONYMOUS : DIRIND_ONEHOP;
552
553
554
555
556
    directory_request_t *req = directory_request_new(dir_purpose);
    directory_request_set_routerstatus(req, rs);
    directory_request_set_router_purpose(req, router_purpose);
    directory_request_set_indirection(req, indirection);
    directory_request_set_resource(req, resource);
557
558
    if (dir_purpose == DIR_PURPOSE_FETCH_CONSENSUS)
      dir_consensus_request_set_additional_headers(req, resource);
559
560
561
562
    if (guard_state)
      directory_request_set_guard_state(req, guard_state);
    directory_initiate_request(req);
    directory_request_free(req);
563
  } else {
564
    log_notice(LD_DIR,
565
566
               "While fetching directory info, "
               "no running dirservers known. Will try again later. "
567
               "(purpose %d)", dir_purpose);
568
    if (!purpose_needs_anonymity(dir_purpose, router_purpose, resource)) {
569
      /* remember we tried them all and failed. */
570
      directory_all_unreachable(time(NULL));
571
    }
572
  }
Roger Dingledine's avatar
Roger Dingledine committed
573
574
}

575
576
577
578
579
580
581
582
583
584
585
/** As directory_get_from_dirserver, but initiates a request to <i>every</i>
 * directory authority other than ourself.  Only for use by authorities when
 * searching for missing information while voting. */
void
directory_get_from_all_authorities(uint8_t dir_purpose,
                                   uint8_t router_purpose,
                                   const char *resource)
{
  tor_assert(dir_purpose == DIR_PURPOSE_FETCH_STATUS_VOTE ||
             dir_purpose == DIR_PURPOSE_FETCH_DETACHED_SIGNATURES);

586
  SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
587
                          dir_server_t *, ds) {
588
589
      if (router_digest_is_me(ds->digest))
        continue;
590
      if (!(ds->type & V3_DIRINFO))
591
        continue;
592
593
594
595
596
597
598
      const routerstatus_t *rs = &ds->fake_status;
      directory_request_t *req = directory_request_new(dir_purpose);
      directory_request_set_routerstatus(req, rs);
      directory_request_set_router_purpose(req, router_purpose);
      directory_request_set_resource(req, resource);
      directory_initiate_request(req);
      directory_request_free(req);
599
  } SMARTLIST_FOREACH_END(ds);
600
601
}

602
603
604
605
606
607
608
/** Return true iff <b>ind</b> requires a multihop circuit. */
static int
dirind_is_anon(dir_indirection_t ind)
{
  return ind == DIRIND_ANON_DIRPORT || ind == DIRIND_ANONYMOUS;
}

609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
/* Choose reachable OR and Dir addresses and ports from status, copying them
 * into use_or_ap and use_dir_ap. If indirection is anonymous, then we're
 * connecting via another relay, so choose the primary IPv4 address and ports.
 *
 * status should have at least one reachable address, if we can't choose a
 * reachable address, warn and return -1. Otherwise, return 0.
 */
static int
directory_choose_address_routerstatus(const routerstatus_t *status,
                                      dir_indirection_t indirection,
                                      tor_addr_port_t *use_or_ap,
                                      tor_addr_port_t *use_dir_ap)
{
  tor_assert(status != NULL);
  tor_assert(use_or_ap != NULL);
  tor_assert(use_dir_ap != NULL);

626
  const or_options_t *options = get_options();
627
628
629
630
631
632
633
634
635
  int have_or = 0, have_dir = 0;

  /* We expect status to have at least one reachable address if we're
   * connecting to it directly.
   *
   * Therefore, we can simply use the other address if the one we want isn't
   * allowed by the firewall.
   *
   * (When Tor uploads and downloads a hidden service descriptor, it uses
David Goulet's avatar
David Goulet committed
636
637
   * DIRIND_ANONYMOUS. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS,
   * to avoid HSDirs denying service by rejecting descriptors.)
638
639
640
641
642
643
644
645
   */

  /* Initialise the OR / Dir addresses */
  tor_addr_make_null(&use_or_ap->addr, AF_UNSPEC);
  use_or_ap->port = 0;
  tor_addr_make_null(&use_dir_ap->addr, AF_UNSPEC);
  use_dir_ap->port = 0;

646
647
648
649
650
651
652
653
654
655
  /* ORPort connections */
  if (indirection == DIRIND_ANONYMOUS) {
    if (status->addr) {
      /* Since we're going to build a 3-hop circuit and ask the 2nd relay
       * to extend to this address, always use the primary (IPv4) OR address */
      tor_addr_from_ipv4h(&use_or_ap->addr, status->addr);
      use_or_ap->port = status->or_port;
      have_or = 1;
    }
  } else if (indirection == DIRIND_ONEHOP) {
656
657
658
659
    /* We use an IPv6 address if we have one and we prefer it.
     * Use the preferred address and port if they are reachable, otherwise,
     * use the alternate address and port (if any).
     */
660
661
662
    fascist_firewall_choose_address_rs(status, FIREWALL_OR_CONNECTION, 0,
                                       use_or_ap);
    have_or = tor_addr_port_is_valid_ap(use_or_ap, 0);
663
664
  }

665
  /* DirPort connections
666
   * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */
667
668
  if (indirection == DIRIND_DIRECT_CONN ||
      indirection == DIRIND_ANON_DIRPORT ||
669
670
      (indirection == DIRIND_ONEHOP
       && !directory_must_use_begindir(options))) {
671
672
673
    fascist_firewall_choose_address_rs(status, FIREWALL_DIR_CONNECTION, 0,
                                       use_dir_ap);
    have_dir = tor_addr_port_is_valid_ap(use_dir_ap, 0);
674
  }
675

676
677
  /* We rejected all addresses in the relay's status. This means we can't
   * connect to it. */
678
  if (!have_or && !have_dir) {
679
680
    static int logged_backtrace = 0;
    log_info(LD_BUG, "Rejected all OR and Dir addresses from %s when "
681
682
             "launching an outgoing directory connection to: IPv4 %s OR %d "
             "Dir %d IPv6 %s OR %d Dir %d", routerstatus_describe(status),
683
684
685
             fmt_addr32(status->addr), status->or_port,
             status->dir_port, fmt_addr(&status->ipv6_addr),
             status->ipv6_orport, status->dir_port);
686
687
688
689
    if (!logged_backtrace) {
      log_backtrace(LOG_INFO, LD_BUG, "Addresses came from");
      logged_backtrace = 1;
    }
690
691
692
693
694
695
    return -1;
  }

  return 0;
}

696
697
698
/** Return true iff <b>conn</b> is the client side of a directory connection
 * we launched to ourself in order to determine the reachability of our
 * dir_port. */
699
700
701
702
703
static int
directory_conn_is_self_reachability_test(dir_connection_t *conn)
{
  if (conn->requested_resource &&
      !strcmpstart(conn->requested_resource,"authority")) {
704
    const routerinfo_t *me = router_get_my_routerinfo();
705
706
    if (me &&
        router_digest_is_me(conn->identity_digest) &&
707
708
        tor_addr_eq_ipv4h(&conn->base_.addr, me->addr) && /*XXXX prop 118*/
        me->dir_port == conn->base_.port)
709
710
711
712
713
      return 1;
  }
  return 0;
}

714
715
716
/** Called when we are unable to complete the client's request to a directory
 * server due to a network error: Mark the router as down and try again if
 * possible.
717
 */
718
719
void
connection_dir_client_request_failed(dir_connection_t *conn)
720
{
721
722
723
  if (conn->guard_state) {
    /* We haven't seen a success on this guard state, so consider it to have
     * failed. */
724
    entry_guard_failed(&conn->guard_state);
725
  }
726
  if (directory_conn_is_self_reachability_test(conn)) {
727
    return; /* this was a test fetch. don't retry. */
728
  }
729
  if (!entry_list_is_constrained(get_options()))
730
    router_set_status(conn->identity_digest, 0); /* don't try this one again */
731
  if (conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
732
             conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO) {
733
734
    log_info(LD_DIR, "Giving up on serverdesc/extrainfo fetch from "
             "directory server at '%s'; retrying",
735
             conn->base_.address);
736
737
    if (conn->router_purpose == ROUTER_PURPOSE_BRIDGE)
      connection_dir_bridge_routerdesc_failed(conn);
738
    connection_dir_download_routerdesc_failed(conn);
739
  } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_CONSENSUS) {
740
741
    if (conn->requested_resource)
      networkstatus_consensus_download_failed(0, conn->requested_resource);
742
  } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_CERTIFICATE) {
743
744
    log_info(LD_DIR, "Giving up on certificate fetch from directory server "
             "at '%s'; retrying",
745
             conn->base_.address);
746
    connection_dir_download_cert_failed(conn, 0);
747
  } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_DETACHED_SIGNATURES) {
748
    log_info(LD_DIR, "Giving up downloading detached signatures from '%s'",
749
750
             conn->base_.address);
  } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_STATUS_VOTE) {
751
    log_info(LD_DIR, "Giving up downloading votes from '%s'",
752
753
             conn->base_.address);
  } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC) {
754
    log_info(LD_DIR, "Giving up on downloading microdescriptors from "
755
             "directory server at '%s'; will retry", conn->base_.address);
756
    connection_dir_download_routerdesc_failed(conn);
757
758
759
  }
}

760
761
762
763
/** Helper: Attempt to fetch directly the descriptors of each bridge
 * listed in <b>failed</b>.
 */
static void
764
connection_dir_retry_bridges(smartlist_t *descs)
765
766
{
  char digest[DIGEST_LEN];
Robert Hogan's avatar
Robert Hogan committed
767
  SMARTLIST_FOREACH(descs, const char *, cp,
768
  {
769
    if (base16_decode(digest, DIGEST_LEN, cp, strlen(cp)) != DIGEST_LEN) {
770
771
772
773
774
775
776
777
      log_warn(LD_BUG, "Malformed fingerprint in list: %s",
              escaped(cp));
      continue;
    }
    retry_bridge_descriptor_fetch_directly(digest);
  });
}

778
/** Called when an attempt to download one or more router descriptors
779
 * or extra-info documents on connection <b>conn</b> failed.
780
781
 */
static void
782
connection_dir_download_routerdesc_failed(dir_connection_t *conn)
783
{
784
  /* No need to increment the failure count for routerdescs, since
785
   * it's not their fault. */
786

787
  /* No need to relaunch descriptor downloads here: we already do it
788
   * every 10 or 60 seconds (FOO_DESCRIPTOR_RETRY_INTERVAL) in main.c. */
789
790
791
  tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
             conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO ||
             conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC);
792

793
  (void) conn;
794
795
}

796
797
798
799
800
801
802
803
804
805
806
/** Called when an attempt to download a bridge's routerdesc from
 * one of the authorities failed due to a network error. If
 * possible attempt to download descriptors from the bridge directly.
 */
static void
connection_dir_bridge_routerdesc_failed(dir_connection_t *conn)
{
  smartlist_t *which = NULL;

  /* Requests for bridge descriptors are in the form 'fp/', so ignore
     anything else. */
807
  if (!conn->requested_resource || strcmpstart(conn->requested_resource,"fp/"))
808
809
    return;

810
  which = smartlist_new();
Robert Hogan's avatar
Robert Hogan committed
811
812
813
  dir_split_resource_into_fingerprints(conn->requested_resource
                                        + strlen("fp/"),
                                       which, NULL, 0);
814

815
  tor_assert(conn->base_.purpose != DIR_PURPOSE_FETCH_EXTRAINFO);
816
  if (smartlist_len(which)) {
Robert Hogan's avatar
Robert Hogan committed
817
    connection_dir_retry_bridges(which);
818
819
820
821
822
    SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
  }
  smartlist_free(which);
}

823
824
825
826
/** Called when an attempt to fetch a certificate fails. */
static void
connection_dir_download_cert_failed(dir_connection_t *conn, int status)
{
827
828
  const char *fp_pfx = "fp/";
  const char *fpsk_pfx = "fp-sk/";
829
  smartlist_t *failed;
830
  tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_CERTIFICATE);
831
832
833

  if (!conn->requested_resource)
    return;
834
  failed = smartlist_new();
835
836
837
838
839
  /*
   * We have two cases download by fingerprint (resource starts
   * with "fp/") or download by fingerprint/signing key pair
   * (resource starts with "fp-sk/").
   */
840
  if (!strcmpstart(conn->requested_resource, fp_pfx)) {
841
    /* Download by fingerprint case */
842
843
    dir_split_resource_into_fingerprints(conn->requested_resource +
                                         strlen(fp_pfx),
844
845
846
847
848
849
                                         failed, NULL, DSR_HEX);
    SMARTLIST_FOREACH_BEGIN(failed, char *, cp) {
      /* Null signing key digest indicates download by fp only */
      authority_cert_dl_failed(cp, NULL, status);
      tor_free(cp);
    } SMARTLIST_FOREACH_END(cp);
850
  } else if (!strcmpstart(conn->requested_resource, fpsk_pfx)) {
851
    /* Download by (fp,sk) pairs */
852
853
    dir_split_resource_into_fingerprint_pairs(conn->requested_resource +
                                              strlen(fpsk_pfx), failed);
854
855
856
857
858
859
860
861
862
863
    SMARTLIST_FOREACH_BEGIN(failed, fp_pair_t *, cp) {
      authority_cert_dl_failed(cp->first, cp->second, status);
      tor_free(cp);
    } SMARTLIST_FOREACH_END(cp);
  } else {
    log_warn(LD_DIR,
             "Don't know what to do with failure for cert fetch %s",
             conn->requested_resource);
  }

864
  smartlist_free(failed);
865
866

  update_certificate_downloads(time(NULL));
867
868
}

869
870
871
872
873
874
875
876
877
878
/* Should this tor instance only use begindir for all its directory requests?
 */
int
directory_must_use_begindir(const or_options_t *options)
{
  /* Clients, onion services, and bridges must use begindir,
   * relays and authorities do not have to */
  return !public_server_mode(options);
}

Roger Dingledine's avatar
Roger Dingledine committed
879
880
/** Evaluate the situation and decide if we should use an encrypted
 * "begindir-style" connection for this directory request.
881
 * 0) If there is no DirPort, yes.
Roger Dingledine's avatar
Roger Dingledine committed
882
883
884
 * 1) If or_port is 0, or it's a direct conn and or_port is firewalled
 *    or we're a dir mirror, no.
 * 2) If we prefer to avoid begindir conns, and we're not fetching or
Roger Dingledine's avatar
Roger Dingledine committed
885
 *    publishing a bridge relay descriptor, no.
Roger Dingledine's avatar
Roger Dingledine committed
886
 * 3) Else yes.
887
888
 * If returning 0, return in *reason why we can't use begindir.
 * reason must not be NULL.
Roger Dingledine's avatar
Roger Dingledine committed
889
890
 */
static int
891
directory_command_should_use_begindir(const or_options_t *options,
892
                                      const directory_request_t *req,
893
                                      const char **reason)
Roger Dingledine's avatar
Roger Dingledine committed
894
{
895
896
897
898
899
900
901
  const tor_addr_t *or_addr = &req->or_addr_port.addr;
  //const tor_addr_t *dir_addr = &req->dir_addr_port.addr;
  const int or_port = req->or_addr_port.port;
  const int dir_port = req->dir_addr_port.port;

  const dir_indirection_t indirection = req->indirection;

902
903
904
  tor_assert(reason);
  *reason = NULL;

905
906
907
908
909
  /* Reasons why we must use begindir */
  if (!dir_port) {
    *reason = "(using begindir - directory with no DirPort)";
    return 1; /* We don't know a DirPort -- must begindir. */
  }
910
911
912
  /* Reasons why we can't possibly use begindir */
  if (!or_port) {
    *reason = "directory with unknown ORPort";
Roger Dingledine's avatar
Roger Dingledine committed
913
    return 0; /* We don't know an ORPort -- no chance. */
914
915
916
917
  }
  if (indirection == DIRIND_DIRECT_CONN ||
      indirection == DIRIND_ANON_DIRPORT) {
    *reason = "DirPort connection";
918
    return 0;
919
920
921
  }
  if (indirection == DIRIND_ONEHOP) {
    /* We're firewalled and want a direct OR connection */
922
    if (!fascist_firewall_allows_address_addr(or_addr, or_port,
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
                                              FIREWALL_OR_CONNECTION, 0, 0)) {
      *reason = "ORPort not reachable";
      return 0;
    }
  }
  /* Reasons why we want to avoid using begindir */
  if (indirection == DIRIND_ONEHOP) {
    if (!directory_must_use_begindir(options)) {
      *reason = "in relay mode";
      return 0;
    }
  }
  /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS
   */
  *reason = "(using begindir)";
Roger Dingledine's avatar
Roger Dingledine committed
938
939
940
  return 1;
}

941
942
943
944
/**
 * Create and return a new directory_request_t with purpose
 * <b>dir_purpose</b>.
 */
945
946
947
948
949
950
951
directory_request_t *
directory_request_new(uint8_t dir_purpose)
{
  tor_assert(dir_purpose >= DIR_PURPOSE_MIN_);
  tor_assert(dir_purpose <= DIR_PURPOSE_MAX_);
  tor_assert(dir_purpose != DIR_PURPOSE_SERVER);
  tor_assert(dir_purpose != DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2);
952
  tor_assert(dir_purpose != DIR_PURPOSE_HAS_FETCHED_HSDESC);
953
954

  directory_request_t *result = tor_malloc_zero(sizeof(*result));
955
956
957
958
  tor_addr_make_null(&result->or_addr_port.addr, AF_INET);
  result->or_addr_port.port = 0;
  tor_addr_make_null(&result->dir_addr_port.addr, AF_INET);
  result->dir_addr_port.port = 0;
959
960
961
962
963
  result->dir_purpose = dir_purpose;
  result->router_purpose = ROUTER_PURPOSE_GENERAL;
  result->indirection = DIRIND_ONEHOP;
  return result;
}
964
965
966
/**
 * Release all resources held by <b>req</b>.
 */
967
void
968
directory_request_free_(directory_request_t *req)
969
970
971
{
  if (req == NULL)
    return;
972
  config_free_lines(req->additional_headers);
973
974
  tor_free(req);
}
975
976
977
/**
 * Set the address and OR port to use for this directory request.  If there is
 * no OR port, we'll have to connect over the dirport.  (If there are both,
978
 * the indirection setting determines which to use.)
979
 */
980
981
982
983
984
985
void
directory_request_set_or_addr_port(directory_request_t *req,
                                   const tor_addr_port_t *p)
{
  memcpy(&req->or_addr_port, p, sizeof(*p));
}
986
987
988
/**
 * Set the address and dirport to use for this directory request.  If there
 * is no dirport, we'll have to connect over the OR port.  (If there are both,
989
 * the indirection setting determines which to use.)
990
 */
991
992
993
994
995
996
void
directory_request_set_dir_addr_port(directory_request_t *req,
                                    const tor_addr_port_t *p)
{
  memcpy(&req->dir_addr_port, p, sizeof(*p));
}
997
998
999
1000
/**
 * Set the RSA identity digest of the directory to use for this directory
 * request.
 */
For faster browsing, not all history is shown. View entire blame