control.c 263 KB
Newer Older
1

2
/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
3
 * Copyright (c) 2007-2018, The Tor Project, Inc. */
4
5
/* See LICENSE for licensing information */

Nick Mathewson's avatar
Nick Mathewson committed
6
/**
7
8
 * \file control.c
 * \brief Implementation for Tor's control-socket interface.
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 *
 * A "controller" is an external program that monitors and controls a Tor
 * instance via a text-based protocol. It connects to Tor via a connection
 * to a local socket.
 *
 * The protocol is line-driven.  The controller sends commands terminated by a
 * CRLF.  Tor sends lines that are either <em>replies</em> to what the
 * controller has said, or <em>events</em> that Tor sends to the controller
 * asynchronously based on occurrences in the Tor network model.
 *
 * See the control-spec.txt file in the torspec.git repository for full
 * details on protocol.
 *
 * This module generally has two kinds of entry points: those based on having
 * received a command on a controller socket, which are handled in
 * connection_control_process_inbuf(), and dispatched to individual functions
 * with names like control_handle_COMMANDNAME(); and those based on events
 * that occur elsewhere in Tor, which are handled by functions with names like
 * control_event_EVENTTYPE().
 *
 * Controller events are not sent immediately; rather, they are inserted into
 * the queued_control_events array, and flushed later from
 * flush_queued_events_cb().  Doing this simplifies our callgraph greatly,
 * by limiting the number of places in Tor that can call back into the network
 * stack.
34
 **/
Nick Mathewson's avatar
Nick Mathewson committed
35

36
37
#define CONTROL_PRIVATE

38
39
40
#include "core/or/or.h"
#include "feature/client/addressmap.h"
#include "feature/client/bridges.h"
41
#include "lib/container/buffers.h"
42
43
44
45
46
47
48
#include "core/or/channel.h"
#include "core/or/channeltls.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitstats.h"
#include "core/or/circuituse.h"
#include "core/or/command.h"
49
#include "lib/evloop/compat_libevent.h"
50
51
52
53
54
55
#include "app/config/config.h"
#include "app/config/confparse.h"
#include "core/mainloop/connection.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
#include "feature/control/control.h"
56
57
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#include "feature/dircache/directory.h"
#include "feature/dircache/dirserv.h"
#include "feature/client/dnsserv.h"
#include "feature/client/entrynodes.h"
#include "feature/stats/geoip.h"
#include "feature/hibernate/hibernate.h"
#include "feature/hs/hs_cache.h"
#include "feature/hs/hs_common.h"
#include "feature/hs/hs_control.h"
#include "core/mainloop/main.h"
#include "feature/nodelist/microdesc.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "core/or/policies.h"
#include "core/proto/proto_control0.h"
#include "core/proto/proto_http.h"
#include "core/or/reasons.h"
#include "feature/rend/rendclient.h"
#include "feature/rend/rendcommon.h"
#include "feature/rend/rendservice.h"
#include "feature/stats/rephist.h"
#include "feature/relay/router.h"
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/routerparse.h"
#include "feature/hs_common/shared_random_client.h"
83
#include "lib/encoding/confline.h"
84

85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#include "feature/dircache/cached_dir_st.h"
#include "feature/control/control_connection_st.h"
#include "core/or/cpath_build_state_st.h"
#include "core/or/entry_connection_st.h"
#include "feature/nodelist/extrainfo_st.h"
#include "feature/nodelist/networkstatus_st.h"
#include "feature/nodelist/node_st.h"
#include "core/or/or_connection_st.h"
#include "core/or/or_circuit_st.h"
#include "core/or/origin_circuit_st.h"
#include "feature/nodelist/microdesc_st.h"
#include "feature/rend/rend_authorized_client_st.h"
#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
#include "feature/rend/rend_service_descriptor_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerlist_st.h"
#include "core/or/socks_request_st.h"
102

103
104
105
106
107
108
109
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif

110
#ifndef _WIN32
111
112
113
114
#include <pwd.h>
#include <sys/resource.h>
#endif

115
#include "lib/crypt_ops/crypto_s2k.h"
116
117
#include "lib/evloop/procmon.h"
#include "lib/evloop/compat_libevent.h"
118

119
120
/** Yield true iff <b>s</b> is the state of a control_connection_t that has
 * finished authentication and is accepting commands. */
121
#define STATE_IS_OPEN(s) ((s) == CONTROL_CONN_STATE_OPEN)
122

123
/** Bitfield: The bit 1&lt;&lt;e is set if <b>any</b> open control
Nick Mathewson's avatar
Nick Mathewson committed
124
125
 * connection is interested in events of type <b>e</b>.  We use this
 * so that we can decide to skip generating event messages that nobody
Roger Dingledine's avatar
Roger Dingledine committed
126
 * has interest in without having to walk over the global connection
Nick Mathewson's avatar
Nick Mathewson committed
127
128
 * list to find out.
 **/
Nick Mathewson's avatar
Nick Mathewson committed
129
typedef uint64_t event_mask_t;
130

131
132
133
/** An event mask of all the events that any controller is interested in
 * receiving. */
static event_mask_t global_event_mask = 0;
134

135
136
137
/** True iff we have disabled log messages from being sent to the controller */
static int disable_log_messages = 0;

Nick Mathewson's avatar
Nick Mathewson committed
138
139
/** Macro: true if any control connection is interested in events of type
 * <b>e</b>. */
140
#define EVENT_IS_INTERESTING(e) \
141
  (!! (global_event_mask & EVENT_MASK_(e)))
Nick Mathewson's avatar
Nick Mathewson committed
142

143
144
/** Macro: true if any event from the bitfield 'e' is interesting. */
#define ANY_EVENT_IS_INTERESTING(e) \
145
  (!! (global_event_mask & (e)))
146

Nick Mathewson's avatar
Nick Mathewson committed
147
148
/** If we're using cookie-type authentication, how long should our cookies be?
 */
149
#define AUTHENTICATION_COOKIE_LEN 32
Nick Mathewson's avatar
Nick Mathewson committed
150
151
152

/** If true, we've set authentication_cookie to a secret code and
 * stored it to disk. */
153
static int authentication_cookie_is_set = 0;
154
155
/** If authentication_cookie_is_set, a secret cookie that we've stored to disk
 * and which we're using to authenticate controllers.  (If the controller can
Robert Ransom's avatar
Robert Ransom committed
156
 * read it off disk, it has permission to connect.) */
157
static uint8_t *authentication_cookie = NULL;
158

159
160
161
162
163
164
#define SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT \
  "Tor safe cookie authentication server-to-controller hash"
#define SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT \
  "Tor safe cookie authentication controller-to-server hash"
#define SAFECOOKIE_SERVER_NONCE_LEN DIGEST256_LEN

165
166
167
168
169
/** The list of onion services that have been added via ADD_ONION that do not
 * belong to any particular control connection.
 */
static smartlist_t *detached_onion_services = NULL;

170
171
172
173
174
175
176
/** A sufficiently large size to record the last bootstrap phase string. */
#define BOOTSTRAP_MSG_LEN 1024

/** What was the last bootstrap phase message we sent? We keep track
 * of this so we can respond to getinfo status/bootstrap-phase queries. */
static char last_sent_bootstrap_message[BOOTSTRAP_MSG_LEN];

177
static void connection_printf_to_buf(control_connection_t *conn,
178
                                     const char *format, ...)
179
  CHECK_PRINTF(2,3);
180
static void send_control_event_impl(uint16_t event,
181
                                    const char *format, va_list ap)
182
  CHECK_PRINTF(2,0);
183
184
185
186
static int control_event_status(int type, int severity, const char *format,
                                va_list args)
  CHECK_PRINTF(3,0);

187
static void send_control_done(control_connection_t *conn);
188
static void send_control_event(uint16_t event,
189
                               const char *format, ...)
190
  CHECK_PRINTF(2,3);
191
static int handle_control_setconf(control_connection_t *conn, uint32_t len,
192
                                  char *body);
193
static int handle_control_resetconf(control_connection_t *conn, uint32_t len,
194
                                    char *body);
195
static int handle_control_getconf(control_connection_t *conn, uint32_t len,
196
                                  const char *body);
197
198
static int handle_control_loadconf(control_connection_t *conn, uint32_t len,
                                  const char *body);
199
static int handle_control_setevents(control_connection_t *conn, uint32_t len,
200
                                    const char *body);
201
202
static int handle_control_authenticate(control_connection_t *conn,
                                       uint32_t len,
203
                                       const char *body);
204
static int handle_control_signal(control_connection_t *conn, uint32_t len,
205
                                 const char *body);
206
static int handle_control_mapaddress(control_connection_t *conn, uint32_t len,
207
                                     const char *body);
208
static char *list_getinfo_options(void);
209
static int handle_control_getinfo(control_connection_t *conn, uint32_t len,
210
                                  const char *body);
211
212
static int handle_control_extendcircuit(control_connection_t *conn,
                                        uint32_t len,
213
                                        const char *body);
214
215
static int handle_control_setcircuitpurpose(control_connection_t *conn,
                                            uint32_t len, const char *body);
216
217
static int handle_control_attachstream(control_connection_t *conn,
                                       uint32_t len,
218
                                        const char *body);
219
220
static int handle_control_postdescriptor(control_connection_t *conn,
                                         uint32_t len,
221
                                         const char *body);
222
223
static int handle_control_redirectstream(control_connection_t *conn,
                                         uint32_t len,
224
                                         const char *body);
225
static int handle_control_closestream(control_connection_t *conn, uint32_t len,
226
                                      const char *body);
227
228
static int handle_control_closecircuit(control_connection_t *conn,
                                       uint32_t len,
229
                                       const char *body);
230
231
static int handle_control_resolve(control_connection_t *conn, uint32_t len,
                                  const char *body);
232
233
234
static int handle_control_usefeature(control_connection_t *conn,
                                     uint32_t len,
                                     const char *body);
235
236
static int handle_control_hsfetch(control_connection_t *conn, uint32_t len,
                                  const char *body);
237
238
static int handle_control_hspost(control_connection_t *conn, uint32_t len,
                                 const char *body);
239
240
241
242
static int handle_control_add_onion(control_connection_t *conn, uint32_t len,
                                    const char *body);
static int handle_control_del_onion(control_connection_t *conn, uint32_t len,
                                    const char *body);
243
static int write_stream_target_to_buf(entry_connection_t *conn, char *buf,
244
                                      size_t len);
245
static void orconn_target_get_name(char *buf, size_t len,
246
                                   or_connection_t *conn);
247

248
249
250
static int get_cached_network_liveness(void);
static void set_cached_network_liveness(int liveness);

251
static void flush_queued_events_cb(mainloop_event_t *event, void *arg);
252

253
static char * download_status_to_string(const download_status_t *dl);
254
static void control_get_bytes_rw_last_sec(uint64_t *r, uint64_t *w);
255

256
257
258
259
260
261
262
263
264
/** Convert a connection_t* to an control_connection_t*; assert if the cast is
 * invalid. */
control_connection_t *
TO_CONTROL_CONN(connection_t *c)
{
  tor_assert(c->magic == CONTROL_CONNECTION_MAGIC);
  return DOWNCAST(control_connection_t, c);
}

265
266
/** Given a control event code for a message event, return the corresponding
 * log severity. */
267
static inline int
268
269
270
271
272
273
274
275
276
277
278
279
event_to_log_severity(int event)
{
  switch (event) {
    case EVENT_DEBUG_MSG: return LOG_DEBUG;
    case EVENT_INFO_MSG: return LOG_INFO;
    case EVENT_NOTICE_MSG: return LOG_NOTICE;
    case EVENT_WARN_MSG: return LOG_WARN;
    case EVENT_ERR_MSG: return LOG_ERR;
    default: return -1;
  }
}

280
/** Given a log severity, return the corresponding control event code. */
281
static inline int
282
283
284
285
286
287
288
289
290
291
292
293
log_severity_to_event(int severity)
{
  switch (severity) {
    case LOG_DEBUG: return EVENT_DEBUG_MSG;
    case LOG_INFO: return EVENT_INFO_MSG;
    case LOG_NOTICE: return EVENT_NOTICE_MSG;
    case LOG_WARN: return EVENT_WARN_MSG;
    case LOG_ERR: return EVENT_ERR_MSG;
    default: return -1;
  }
}

294
295
296
297
298
/** Helper: clear bandwidth counters of all origin circuits. */
static void
clear_circ_bw_fields(void)
{
  origin_circuit_t *ocirc;
299
  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
300
301
302
303
    if (!CIRCUIT_IS_ORIGIN(circ))
      continue;
    ocirc = TO_ORIGIN_CIRCUIT(circ);
    ocirc->n_written_circ_bw = ocirc->n_read_circ_bw = 0;
304
305
    ocirc->n_overhead_written_circ_bw = ocirc->n_overhead_read_circ_bw = 0;
    ocirc->n_delivered_written_circ_bw = ocirc->n_delivered_read_circ_bw = 0;
306
  }
307
  SMARTLIST_FOREACH_END(circ);
308
309
}

310
311
/** Set <b>global_event_mask*</b> to the bitwise OR of each live control
 * connection's event_mask field. */
312
313
void
control_update_global_event_mask(void)
314
{
315
  smartlist_t *conns = get_connection_array();
316
  event_mask_t old_mask, new_mask;
317
  old_mask = global_event_mask;
318
  int any_old_per_sec_events = control_any_per_second_event_enabled();
319

320
  global_event_mask = 0;
321
322
323
324
325
  SMARTLIST_FOREACH(conns, connection_t *, _conn,
  {
    if (_conn->type == CONN_TYPE_CONTROL &&
        STATE_IS_OPEN(_conn->state)) {
      control_connection_t *conn = TO_CONTROL_CONN(_conn);
326
      global_event_mask |= conn->event_mask;
327
    }
328
  });
329

330
  new_mask = global_event_mask;
331
332
333

  /* Handle the aftermath.  Set up the log callback to tell us only what
   * we want to hear...*/
334
  control_adjust_event_log_severity();
335

336
337
338
339
  /* Macro: true if ev was false before and is true now. */
#define NEWLY_ENABLED(ev) \
  (! (old_mask & (ev)) && (new_mask & (ev)))

Karsten Loesing's avatar
Karsten Loesing committed
340
341
  /* ...then, if we've started logging stream or circ bw, clear the
   * appropriate fields. */
342
  if (NEWLY_ENABLED(EVENT_STREAM_BANDWIDTH_USED)) {
343
344
345
346
347
    SMARTLIST_FOREACH(conns, connection_t *, conn,
    {
      if (conn->type == CONN_TYPE_AP) {
        edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
        edge_conn->n_written = edge_conn->n_read = 0;
348
      }
349
    });
350
  }
351
  if (NEWLY_ENABLED(EVENT_CIRC_BANDWIDTH_USED)) {
352
    clear_circ_bw_fields();
Karsten Loesing's avatar
Karsten Loesing committed
353
  }
354
355
356
357
  if (NEWLY_ENABLED(EVENT_BANDWIDTH_USED)) {
    uint64_t r, w;
    control_get_bytes_rw_last_sec(&r, &w);
  }
358
359
360
361
  if (any_old_per_sec_events != control_any_per_second_event_enabled()) {
    reschedule_per_second_timer();
  }

362
#undef NEWLY_ENABLED
363
364
}

365
366
367
/** Adjust the log severities that result in control_event_logmsg being called
 * to match the severity of log messages that any controllers are interested
 * in. */
368
void
369
control_adjust_event_log_severity(void)
370
{
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
  int i;
  int min_log_event=EVENT_ERR_MSG, max_log_event=EVENT_DEBUG_MSG;

  for (i = EVENT_DEBUG_MSG; i <= EVENT_ERR_MSG; ++i) {
    if (EVENT_IS_INTERESTING(i)) {
      min_log_event = i;
      break;
    }
  }
  for (i = EVENT_ERR_MSG; i >= EVENT_DEBUG_MSG; --i) {
    if (EVENT_IS_INTERESTING(i)) {
      max_log_event = i;
      break;
    }
  }
386
  if (EVENT_IS_INTERESTING(EVENT_STATUS_GENERAL)) {
387
388
389
390
391
    if (min_log_event > EVENT_NOTICE_MSG)
      min_log_event = EVENT_NOTICE_MSG;
    if (max_log_event < EVENT_ERR_MSG)
      max_log_event = EVENT_ERR_MSG;
  }
392
393
394
395
396
397
398
  if (min_log_event <= max_log_event)
    change_callback_log_severity(event_to_log_severity(min_log_event),
                                 event_to_log_severity(max_log_event),
                                 control_event_logmsg);
  else
    change_callback_log_severity(LOG_ERR, LOG_ERR,
                                 control_event_logmsg);
399
400
}

401
402
403
404
405
406
407
408
409
410
/** Return true iff the event with code <b>c</b> is being sent to any current
 * control connection.  This is useful if the amount of work needed to prepare
 * to call the appropriate control_event_...() function is high.
 */
int
control_event_is_interesting(int event)
{
  return EVENT_IS_INTERESTING(event);
}

411
412
413
414
415
/** Return true if any event that needs to fire once a second is enabled. */
int
control_any_per_second_event_enabled(void)
{
  return ANY_EVENT_IS_INTERESTING(
416
417
418
419
420
      EVENT_MASK_(EVENT_BANDWIDTH_USED) |
      EVENT_MASK_(EVENT_CELL_STATS) |
      EVENT_MASK_(EVENT_CIRC_BANDWIDTH_USED) |
      EVENT_MASK_(EVENT_CONN_BW) |
      EVENT_MASK_(EVENT_STREAM_BANDWIDTH_USED)
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
  );
}

/* The value of 'get_bytes_read()' the previous time that
 * control_get_bytes_rw_last_sec() as called. */
static uint64_t stats_prev_n_read = 0;
/* The value of 'get_bytes_written()' the previous time that
 * control_get_bytes_rw_last_sec() as called. */
static uint64_t stats_prev_n_written = 0;

/**
 * Set <b>n_read</b> and <b>n_written</b> to the total number of bytes read
 * and written by Tor since the last call to this function.
 *
 * Call this only from the main thread.
 */
static void
control_get_bytes_rw_last_sec(uint64_t *n_read,
                              uint64_t *n_written)
{
  const uint64_t stats_n_bytes_read = get_bytes_read();
  const uint64_t stats_n_bytes_written = get_bytes_written();

  *n_read = stats_n_bytes_read - stats_prev_n_read;
  *n_written = stats_n_bytes_written - stats_prev_n_written;
  stats_prev_n_read = stats_n_bytes_read;
  stats_prev_n_written = stats_n_bytes_written;
}

/**
 * Run all the controller events (if any) that are scheduled to trigger once
 * per second.
 */
void
control_per_second_events(void)
{
  if (!control_any_per_second_event_enabled())
    return;

  uint64_t bytes_read, bytes_written;
  control_get_bytes_rw_last_sec(&bytes_read, &bytes_written);
  control_event_bandwidth_used((uint32_t)bytes_read,(uint32_t)bytes_written);

  control_event_stream_bandwidth_used();
  control_event_conn_bandwidth_used();
  control_event_circ_bandwidth_used();
  control_event_circuit_cell_stats();
}

470
/** Append a NUL-terminated string <b>s</b> to the end of
471
 * <b>conn</b>-\>outbuf.
472
 */
473
static inline void
474
connection_write_str_to_buf(const char *s, control_connection_t *conn)
475
476
{
  size_t len = strlen(s);
477
  connection_buf_add(s, len, TO_CONN(conn));
478
479
}

480
/** Given a <b>len</b>-character string in <b>data</b>, made of lines
481
482
 * terminated by CRLF, allocate a new string in *<b>out</b>, and copy the
 * contents of <b>data</b> into *<b>out</b>, adding a period before any period
483
 * that appears at the start of a line, and adding a period-CRLF line at
484
485
 * the end. Replace all LF characters sequences with CRLF.  Return the number
 * of bytes in *<b>out</b>.
486
 */
487
STATIC size_t
488
write_escaped_data(const char *data, size_t len, char **out)
489
{
490
491
  tor_assert(len < SIZE_MAX - 9);
  size_t sz_out = len+8+1;
492
  char *outp;
493
  const char *start = data, *end;
494
  size_t i;
495
  int start_of_line;
496
497
  for (i=0; i < len; ++i) {
    if (data[i] == '\n') {
498
      sz_out += 2; /* Maybe add a CR; maybe add a dot. */
499
500
501
502
503
504
      if (sz_out >= SIZE_T_CEILING) {
        log_warn(LD_BUG, "Input to write_escaped_data was too long");
        *out = tor_strdup(".\r\n");
        return 3;
      }
    }
505
  }
506
  *out = outp = tor_malloc(sz_out);
507
508
509
510
  end = data+len;
  start_of_line = 1;
  while (data < end) {
    if (*data == '\n') {
511
      if (data > start && data[-1] != '\r')
512
513
514
515
516
517
518
519
520
521
522
523
        *outp++ = '\r';
      start_of_line = 1;
    } else if (*data == '.') {
      if (start_of_line) {
        start_of_line = 0;
        *outp++ = '.';
      }
    } else {
      start_of_line = 0;
    }
    *outp++ = *data++;
  }
524
  if (outp < *out+2 || fast_memcmp(outp-2, "\r\n", 2)) {
525
526
527
    *outp++ = '\r';
    *outp++ = '\n';
  }
528
529
530
  *outp++ = '.';
  *outp++ = '\r';
  *outp++ = '\n';
531
  *outp = '\0'; /* NUL-terminate just in case. */
532
533
  tor_assert(outp >= *out);
  tor_assert((size_t)(outp - *out) <= sz_out);
534
535
536
  return outp - *out;
}

537
538
539
/** Given a <b>len</b>-character string in <b>data</b>, made of lines
 * terminated by CRLF, allocate a new string in *<b>out</b>, and copy
 * the contents of <b>data</b> into *<b>out</b>, removing any period
540
541
 * that appears at the start of a line, and replacing all CRLF sequences
 * with LF.   Return the number of
542
 * bytes in *<b>out</b>. */
543
STATIC size_t
544
read_escaped_data(const char *data, size_t len, char **out)
545
546
547
{
  char *outp;
  const char *next;
548
549
550
  const char *end;

  *out = outp = tor_malloc(len+1);
551

552
  end = data+len;
553

554
  while (data < end) {
555
    /* we're at the start of a line. */
556
557
    if (*data == '.')
      ++data;
558
    next = memchr(data, '\n', end-data);
559
    if (next) {
560
561
562
563
564
565
566
567
      size_t n_to_copy = next-data;
      /* Don't copy a CR that precedes this LF. */
      if (n_to_copy && *(next-1) == '\r')
        --n_to_copy;
      memcpy(outp, data, n_to_copy);
      outp += n_to_copy;
      data = next+1; /* This will point at the start of the next line,
                      * or the end of the string, or a period. */
568
    } else {
569
570
571
      memcpy(outp, data, end-data);
      outp += (end-data);
      *outp = '\0';
572
573
      return outp - *out;
    }
574
    *outp++ = '\n';
575
576
  }

577
  *outp = '\0';
578
579
  return outp - *out;
}
580

581
/** If the first <b>in_len_max</b> characters in <b>start</b> contain a
582
583
 * double-quoted string with escaped characters, return the length of that
 * string (as encoded, including quotes).  Otherwise return -1. */
584
static inline int
585
586
get_escaped_string_length(const char *start, size_t in_len_max,
                          int *chars_out)
587
588
{
  const char *cp, *end;
589
  int chars = 0;
590
591

  if (*start != '\"')
592
    return -1;
593
594
595
596
597
598

  cp = start+1;
  end = start+in_len_max;

  /* Calculate length. */
  while (1) {
599
600
601
    if (cp >= end) {
      return -1; /* Too long. */
    } else if (*cp == '\\') {
602
      if (++cp == end)
603
        return -1; /* Can't escape EOS. */
604
      ++cp;
605
      ++chars;
606
607
608
609
    } else if (*cp == '\"') {
      break;
    } else {
      ++cp;
610
      ++chars;
611
612
    }
  }
613
614
  if (chars_out)
    *chars_out = chars;
615
  return (int)(cp - start+1);
616
}
617

618
619
620
621
622
623
624
625
626
627
/** As decode_escaped_string, but does not decode the string: copies the
 * entire thing, including quotation marks. */
static const char *
extract_escaped_string(const char *start, size_t in_len_max,
                       char **out, size_t *out_len)
{
  int length = get_escaped_string_length(start, in_len_max, NULL);
  if (length<0)
    return NULL;
  *out_len = length;
628
  *out = tor_strndup(start, *out_len);
629
  return start+length;
630
631
}

632
/** Given a pointer to a string starting at <b>start</b> containing
633
 * <b>in_len_max</b> characters, decode a string beginning with one double
634
 * quote, containing any number of non-quote characters or characters escaped
635
 * with a backslash, and ending with a final double quote.  Place the resulting
636
637
638
 * string (unquoted, unescaped) into a newly allocated string in *<b>out</b>;
 * store its length in <b>out_len</b>.  On success, return a pointer to the
 * character immediately following the escaped string.  On failure, return
Roger Dingledine's avatar
Roger Dingledine committed
639
 * NULL. */
640
static const char *
641
decode_escaped_string(const char *start, size_t in_len_max,
642
                   char **out, size_t *out_len)
643
{
644
645
  const char *cp, *end;
  char *outp;
646
  int len, n_chars = 0;
647

648
649
  len = get_escaped_string_length(start, in_len_max, &n_chars);
  if (len<0)
650
651
    return NULL;

652
653
  end = start+len-1; /* Index of last quote. */
  tor_assert(*end == '\"');
654
  outp = *out = tor_malloc(len+1);
655
  *out_len = n_chars;
656

657
658
659
660
661
662
663
  cp = start+1;
  while (cp < end) {
    if (*cp == '\\')
      ++cp;
    *outp++ = *cp++;
  }
  *outp = '\0';
664
  tor_assert((outp - *out) == (int)*out_len);
665
666
667
668

  return end+1;
}

669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
/** Create and add a new controller connection on <b>sock</b>.  If
 * <b>CC_LOCAL_FD_IS_OWNER</b> is set in <b>flags</b>, this Tor process should
 * exit when the connection closes.  If <b>CC_LOCAL_FD_IS_AUTHENTICATED</b>
 * is set, then the connection does not need to authenticate.
 */
int
control_connection_add_local_fd(tor_socket_t sock, unsigned flags)
{
  if (BUG(! SOCKET_OK(sock)))
    return -1;
  const int is_owner = !!(flags & CC_LOCAL_FD_IS_OWNER);
  const int is_authenticated = !!(flags & CC_LOCAL_FD_IS_AUTHENTICATED);
  control_connection_t *control_conn = control_connection_new(AF_UNSPEC);
  connection_t *conn = TO_CONN(control_conn);
  conn->s = sock;
  tor_addr_make_unspec(&conn->addr);
  conn->port = 1;
  conn->address = tor_strdup("<local socket>");

  /* We take ownership of this socket so that later, when we close it,
   * we don't freak out. */
  tor_take_socket_ownership(sock);

  if (set_socket_nonblocking(sock) < 0 ||
      connection_add(conn) < 0) {
    connection_free(conn);
    return -1;
  }

  control_conn->is_owning_control_connection = is_owner;

  if (connection_init_accepted_conn(conn, NULL) < 0) {
    connection_mark_for_close(conn);
    return -1;
  }

  if (is_authenticated) {
    conn->state = CONTROL_CONN_STATE_OPEN;
  }

  return 0;
}

712
/** Acts like sprintf, but writes its formatted string to the end of
713
 * <b>conn</b>-\>outbuf. */
714
static void
715
connection_printf_to_buf(control_connection_t *conn, const char *format, ...)
716
717
{
  va_list ap;
718
719
720
  char *buf = NULL;
  int len;

721
  va_start(ap,format);
722
  len = tor_vasprintf(&buf, format, ap);
723
  va_end(ap);
724
725

  if (len < 0) {
726
727
    log_err(LD_BUG, "Unable to format string for controller.");
    tor_assert(0);
728
  }
729

730
  connection_buf_add(buf, (size_t)len, TO_CONN(conn));
731
732

  tor_free(buf);
733
734
}

735
736
737
738
739
740
/** Write all of the open control ports to ControlPortWriteToFile */
void
control_ports_write_to_file(void)
{
  smartlist_t *lines;
  char *joined = NULL;
741
  const or_options_t *options = get_options();
742
743
744
745

  if (!options->ControlPortWriteToFile)
    return;

746
  lines = smartlist_new();
747
748
749
750
751
752

  SMARTLIST_FOREACH_BEGIN(get_connection_array(), const connection_t *, conn) {
    if (conn->type != CONN_TYPE_CONTROL_LISTENER || conn->marked_for_close)
      continue;
#ifdef AF_UNIX
    if (conn->socket_family == AF_UNIX) {
753
      smartlist_add_asprintf(lines, "UNIX_PORT=%s\n", conn->address);
754
755
      continue;
    }
756
#endif /* defined(AF_UNIX) */
757
    smartlist_add_asprintf(lines, "PORT=%s:%d\n", conn->address, conn->port);
758
759
760
761
762
763
764
765
  } SMARTLIST_FOREACH_END(conn);

  joined = smartlist_join_strings(lines, "", 0, NULL);

  if (write_str_to_file(options->ControlPortWriteToFile, joined, 0) < 0) {
    log_warn(LD_CONTROL, "Writing %s failed: %s",
             options->ControlPortWriteToFile, strerror(errno));
  }
766
#ifndef _WIN32
767
768
769
770
771
772
  if (options->ControlPortFileGroupReadable) {
    if (chmod(options->ControlPortWriteToFile, 0640)) {
      log_warn(LD_FS,"Unable to make %s group-readable.",
               options->ControlPortWriteToFile);
    }
  }
773
#endif /* !defined(_WIN32) */
774
775
776
777
778
  tor_free(joined);
  SMARTLIST_FOREACH(lines, char *, cp, tor_free(cp));
  smartlist_free(lines);
}

779
/** Send a "DONE" message down the control connection <b>conn</b>. */
780
static void
781
send_control_done(control_connection_t *conn)
782
{
783
  connection_write_str_to_buf("250 OK\r\n", conn);
784
785
}

786
787
788
789
790
791
792
/** Represents an event that's queued to be sent to one or more
 * controllers. */
typedef struct queued_event_s {
  uint16_t event;
  char *msg;
} queued_event_t;

793
794
/** Pointer to int. If this is greater than 0, we don't allow new events to be
 * queued. */
795
static tor_threadlocal_t block_event_queue_flag;
796
797
798
799
800

/** Holds a smartlist of queued_event_t objects that may need to be sent
 * to one or more controllers */
static smartlist_t *queued_control_events = NULL;

801
802
803
804
805
806
/** True if the flush_queued_events_event is pending. */
static int flush_queued_event_pending = 0;

/** Lock to protect the above fields. */
static tor_mutex_t *queued_control_events_lock = NULL;

807
808
/** An event that should fire in order to flush the contents of
 * queued_control_events. */
809
static mainloop_event_t *flush_queued_events_event = NULL;
810

811
812
813
814
815
816
817
818
819
820
void
control_initialize_event_queue(void)
{
  if (queued_control_events == NULL) {
    queued_control_events = smartlist_new();
  }

  if (flush_queued_events_event == NULL) {
    struct event_base *b = tor_libevent_get_base();
    if (b) {
821
822
      flush_queued_events_event =
        mainloop_event_new(flush_queued_events_cb, NULL);
823
824
825
      tor_assert(flush_queued_events_event);
    }
  }
826
827
828

  if (queued_control_events_lock == NULL) {
    queued_control_events_lock = tor_mutex_new();
829
    tor_threadlocal_init(&block_event_queue_flag);
830
  }
831
832
}

833
834
835
static int *
get_block_event_queue(void)
{
836
  int *val = tor_threadlocal_get(&block_event_queue_flag);
837
838
  if (PREDICT_UNLIKELY(val == NULL)) {
    val = tor_malloc_zero(sizeof(int));
839
    tor_threadlocal_set(&block_event_queue_flag, val);
840
841
842
843
  }
  return val;
}

844
845
/** Helper: inserts an event on the list of events queued to be sent to
 * one or more controllers, and schedules the events to be flushed if needed.
846
 *
847
 * This function takes ownership of <b>msg</b>, and may free it.
848
 *
849
850
851
852
853
854
 * We queue these events rather than send them immediately in order to break
 * the dependency in our callgraph from code that generates events for the
 * controller, and the network layer at large.  Otherwise, nearly every
 * interesting part of Tor would potentially call every other interesting part
 * of Tor.
 */
855
MOCK_IMPL(STATIC void,
856
queue_control_event_string,(uint16_t event, char *msg))
857
{
858
859
860
861
862
863
864
  /* This is redundant with checks done elsewhere, but it's a last-ditch
   * attempt to avoid queueing something we shouldn't have to queue. */
  if (PREDICT_UNLIKELY( ! EVENT_IS_INTERESTING(event) )) {
    tor_free(msg);
    return;
  }

865
866
  int *block_event_queue = get_block_event_queue();
  if (*block_event_queue) {
867
868
869
870
    tor_free(msg);
    return;
  }

871
872
873
874
  queued_event_t *ev = tor_malloc(sizeof(*ev));
  ev->event = event;
  ev->msg = msg;

875
  /* No queueing an event while queueing an event */
876
  ++*block_event_queue;
877

878
  tor_mutex_acquire(queued_control_events_lock);
879
  tor_assert(queued_control_events);
880
881
  smartlist_add(queued_control_events, ev);

882
883
884
885
886
887
888
889
  int activate_event = 0;
  if (! flush_queued_event_pending && in_main_thread()) {
    activate_event = 1;
    flush_queued_event_pending = 1;
  }

  tor_mutex_release(queued_control_events_lock);

890
891
  --*block_event_queue;

892
893
894
  /* We just put an event on the queue; mark the queue to be
   * flushed.  We only do this from the main thread for now; otherwise,
   * we'd need to incur locking overhead in Libevent or use a socket.
895
   */
896
  if (activate_event) {
897
    tor_assert(flush_queued_events_event);
898
    mainloop_event_activate(flush_queued_events_event);
899
900
901
  }
}

902
903
904
#define queued_event_free(ev) \
  FREE_AND_NULL(queued_event_t, queued_event_free_, (ev))

905
906
/** Release all storage held by <b>ev</b>. */
static void
907
queued_event_free_(queued_event_t *ev)
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
{
  if (ev == NULL)
    return;

  tor_free(ev->msg);
  tor_free(ev);
}

/** Send every queued event to every controller that's interested in it,
 * and remove the events from the queue.  If <b>force</b> is true,
 * then make all controllers send their data out immediately, since we
 * may be about to shut down. */
static void
queued_events_flush_all(int force)
{
923
924
925
  /* Make sure that we get all the pending log events, if there are any. */
  flush_pending_log_callbacks();

926
927
928
  if (PREDICT_UNLIKELY(queued_control_events == NULL)) {
    return;
  }
929
930
931
  smartlist_t *all_conns = get_connection_array();
  smartlist_t *controllers = smartlist_new();
  smartlist_t *queued_events;
932

933
934
935
  int *block_event_queue = get_block_event_queue();
  ++*block_event_queue;

936
  tor_mutex_acquire(queued_control_events_lock);
937
  /* No queueing an event while flushing events. */
938
939
940
941
  flush_queued_event_pending = 0;
  queued_events = queued_control_events;
  queued_control_events = smartlist_new();
  tor_mutex_release(queued_control_events_lock);
942

943
944
  /* Gather all the controllers that will care... */
  SMARTLIST_FOREACH_BEGIN(all_conns, connection_t *, conn) {
945
946
947
948
    if (conn->type == CONN_TYPE_CONTROL &&
        !conn->marked_for_close &&
        conn->state == CONTROL_CONN_STATE_OPEN) {
      control_connection_t *control_conn = TO_CONTROL_CONN(conn);
949

950
      smartlist_add(controllers, control_conn);
951
    }
952
  } SMARTLIST_FOREACH_END(conn);
953

954
  SMARTLIST_FOREACH_BEGIN(queued_events, queued_event_t *, ev) {
955
956
957
958
959
    const event_mask_t bit = ((event_mask_t)1) << ev->event;
    const size_t msg_len = strlen(ev->msg);
    SMARTLIST_FOREACH_BEGIN(controllers, control_connection_t *,
                            control_conn) {
      if (control_conn->event_mask & bit) {
960
        connection_buf_add(ev->msg, msg_len, TO_CONN(control_conn));
961
962
963
964
965
966
967
968
969
970
971
972
973
      }
    } SMARTLIST_FOREACH_END(control_conn);

    queued_event_free(ev);
  } SMARTLIST_FOREACH_END(ev);

  if (force) {
    SMARTLIST_FOREACH_BEGIN(controllers, control_connection_t *,
                            control_conn) {
      connection_flush(TO_CONN(control_conn));
    } SMARTLIST_FOREACH_END(control_conn);
  }

974
  smartlist_free(queued_events);
975
976
  smartlist_free(controllers);

977
  --*block_event_queue;
978
979
980
}

/** Libevent callback: Flushes pending events to controllers that are
981
 * interested in them. */
982
static void
983
flush_queued_events_cb(mainloop_event_t *event, void *arg)
984
{
985
  (void) event;
986
987
988
989
  (void) arg;
  queued_events_flush_all(0);
}

990
/** Send an event to all v1 controllers that are listening for code
991
992
 * <b>event</b>.  The event's body is given by <b>msg</b>.
 *
993
 * The EXTENDED_FORMAT and NONEXTENDED_FORMAT flags behave similarly with
994
 * respect to the EXTENDED_EVENTS feature. */
995
MOCK_IMPL(STATIC void,
996
send_control_event_string,(uint16_t event,
997
                           const char *msg))
998
{
999
  tor_assert(event >= EVENT_MIN_ && event <= EVENT_MAX_);
1000
  queue_control_event_string(event, tor_strdup(msg));
For faster browsing, not all history is shown. View entire blame