control.c 264 KB
Newer Older
1

2
/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
3
 * Copyright (c) 2007-2019, The Tor Project, Inc. */
4
5
/* See LICENSE for licensing information */

Nick Mathewson's avatar
Nick Mathewson committed
6
/**
7
8
 * \file control.c
 * \brief Implementation for Tor's control-socket interface.
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 *
 * A "controller" is an external program that monitors and controls a Tor
 * instance via a text-based protocol. It connects to Tor via a connection
 * to a local socket.
 *
 * The protocol is line-driven.  The controller sends commands terminated by a
 * CRLF.  Tor sends lines that are either <em>replies</em> to what the
 * controller has said, or <em>events</em> that Tor sends to the controller
 * asynchronously based on occurrences in the Tor network model.
 *
 * See the control-spec.txt file in the torspec.git repository for full
 * details on protocol.
 *
 * This module generally has two kinds of entry points: those based on having
 * received a command on a controller socket, which are handled in
 * connection_control_process_inbuf(), and dispatched to individual functions
 * with names like control_handle_COMMANDNAME(); and those based on events
 * that occur elsewhere in Tor, which are handled by functions with names like
 * control_event_EVENTTYPE().
 *
 * Controller events are not sent immediately; rather, they are inserted into
 * the queued_control_events array, and flushed later from
 * flush_queued_events_cb().  Doing this simplifies our callgraph greatly,
 * by limiting the number of places in Tor that can call back into the network
 * stack.
34
 **/
Nick Mathewson's avatar
Nick Mathewson committed
35

36
37
#define CONTROL_PRIVATE

38
#include "core/or/or.h"
39
40
41
42
43
#include "app/config/config.h"
#include "app/config/confparse.h"
#include "app/main/main.h"
#include "core/mainloop/connection.h"
#include "core/mainloop/mainloop.h"
44
45
46
47
48
49
50
51
52
#include "core/or/channel.h"
#include "core/or/channeltls.h"
#include "core/or/circuitbuild.h"
#include "core/or/circuitlist.h"
#include "core/or/circuitstats.h"
#include "core/or/circuituse.h"
#include "core/or/command.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
53
54
#include "core/or/policies.h"
#include "core/or/reasons.h"
55
#include "core/or/versions.h"
56
57
58
59
60
61
#include "core/proto/proto_control0.h"
#include "core/proto/proto_http.h"
#include "feature/client/addressmap.h"
#include "feature/client/bridges.h"
#include "feature/client/dnsserv.h"
#include "feature/client/entrynodes.h"
62
#include "feature/control/control.h"
63
#include "feature/control/fmt_serverstatus.h"
64
#include "feature/control/getinfo_geoip.h"
65
#include "feature/dircache/dirserv.h"
66
67
#include "feature/dirclient/dirclient.h"
#include "feature/dirclient/dlstatus.h"
68
#include "feature/dircommon/directory.h"
69
70
71
72
#include "feature/hibernate/hibernate.h"
#include "feature/hs/hs_cache.h"
#include "feature/hs/hs_common.h"
#include "feature/hs/hs_control.h"
73
74
75
#include "feature/hs_common/shared_random_client.h"
#include "feature/nodelist/authcert.h"
#include "feature/nodelist/dirlist.h"
76
77
78
#include "feature/nodelist/microdesc.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
79
80
81
82
83
#include "feature/nodelist/routerinfo.h"
#include "feature/nodelist/routerlist.h"
#include "feature/relay/router.h"
#include "feature/relay/routermode.h"
#include "feature/relay/selftest.h"
84
85
#include "feature/rend/rendclient.h"
#include "feature/rend/rendcommon.h"
86
#include "feature/rend/rendparse.h"
87
#include "feature/rend/rendservice.h"
88
#include "feature/stats/geoip_stats.h"
89
#include "feature/stats/predict_ports.h"
90
91
92
#include "lib/container/buffers.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_util.h"
93
#include "lib/encoding/confline.h"
94
#include "lib/evloop/compat_libevent.h"
95

96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#include "feature/dircache/cached_dir_st.h"
#include "feature/control/control_connection_st.h"
#include "core/or/cpath_build_state_st.h"
#include "core/or/entry_connection_st.h"
#include "feature/nodelist/extrainfo_st.h"
#include "feature/nodelist/networkstatus_st.h"
#include "feature/nodelist/node_st.h"
#include "core/or/or_connection_st.h"
#include "core/or/or_circuit_st.h"
#include "core/or/origin_circuit_st.h"
#include "feature/nodelist/microdesc_st.h"
#include "feature/rend/rend_authorized_client_st.h"
#include "feature/rend/rend_encoded_v2_service_descriptor_st.h"
#include "feature/rend/rend_service_descriptor_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerlist_st.h"
#include "core/or/socks_request_st.h"
113

114
115
116
117
118
119
120
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif

121
#ifndef _WIN32
122
123
124
125
#include <pwd.h>
#include <sys/resource.h>
#endif

126
#include "lib/crypt_ops/crypto_s2k.h"
127
128
#include "lib/evloop/procmon.h"
#include "lib/evloop/compat_libevent.h"
129

130
131
/** Yield true iff <b>s</b> is the state of a control_connection_t that has
 * finished authentication and is accepting commands. */
132
#define STATE_IS_OPEN(s) ((s) == CONTROL_CONN_STATE_OPEN)
133

134
/** Bitfield: The bit 1&lt;&lt;e is set if <b>any</b> open control
Nick Mathewson's avatar
Nick Mathewson committed
135
136
 * connection is interested in events of type <b>e</b>.  We use this
 * so that we can decide to skip generating event messages that nobody
Roger Dingledine's avatar
Roger Dingledine committed
137
 * has interest in without having to walk over the global connection
Nick Mathewson's avatar
Nick Mathewson committed
138
139
 * list to find out.
 **/
Nick Mathewson's avatar
Nick Mathewson committed
140
typedef uint64_t event_mask_t;
141

142
143
144
/** An event mask of all the events that any controller is interested in
 * receiving. */
static event_mask_t global_event_mask = 0;
145

146
147
148
/** True iff we have disabled log messages from being sent to the controller */
static int disable_log_messages = 0;

Nick Mathewson's avatar
Nick Mathewson committed
149
150
/** Macro: true if any control connection is interested in events of type
 * <b>e</b>. */
151
#define EVENT_IS_INTERESTING(e) \
152
  (!! (global_event_mask & EVENT_MASK_(e)))
Nick Mathewson's avatar
Nick Mathewson committed
153

154
155
/** Macro: true if any event from the bitfield 'e' is interesting. */
#define ANY_EVENT_IS_INTERESTING(e) \
156
  (!! (global_event_mask & (e)))
157

Nick Mathewson's avatar
Nick Mathewson committed
158
159
/** If we're using cookie-type authentication, how long should our cookies be?
 */
160
#define AUTHENTICATION_COOKIE_LEN 32
Nick Mathewson's avatar
Nick Mathewson committed
161
162
163

/** If true, we've set authentication_cookie to a secret code and
 * stored it to disk. */
164
static int authentication_cookie_is_set = 0;
165
166
/** If authentication_cookie_is_set, a secret cookie that we've stored to disk
 * and which we're using to authenticate controllers.  (If the controller can
Robert Ransom's avatar
Robert Ransom committed
167
 * read it off disk, it has permission to connect.) */
168
static uint8_t *authentication_cookie = NULL;
169

170
171
172
173
174
175
#define SAFECOOKIE_SERVER_TO_CONTROLLER_CONSTANT \
  "Tor safe cookie authentication server-to-controller hash"
#define SAFECOOKIE_CONTROLLER_TO_SERVER_CONSTANT \
  "Tor safe cookie authentication controller-to-server hash"
#define SAFECOOKIE_SERVER_NONCE_LEN DIGEST256_LEN

176
177
178
179
180
/** The list of onion services that have been added via ADD_ONION that do not
 * belong to any particular control connection.
 */
static smartlist_t *detached_onion_services = NULL;

181
182
183
184
185
186
187
/** A sufficiently large size to record the last bootstrap phase string. */
#define BOOTSTRAP_MSG_LEN 1024

/** What was the last bootstrap phase message we sent? We keep track
 * of this so we can respond to getinfo status/bootstrap-phase queries. */
static char last_sent_bootstrap_message[BOOTSTRAP_MSG_LEN];

188
static void connection_printf_to_buf(control_connection_t *conn,
189
                                     const char *format, ...)
190
  CHECK_PRINTF(2,3);
191
static void send_control_event_impl(uint16_t event,
192
                                    const char *format, va_list ap)
193
  CHECK_PRINTF(2,0);
194
195
196
197
static int control_event_status(int type, int severity, const char *format,
                                va_list args)
  CHECK_PRINTF(3,0);

198
static void send_control_done(control_connection_t *conn);
199
static void send_control_event(uint16_t event,
200
                               const char *format, ...)
201
  CHECK_PRINTF(2,3);
202
static int handle_control_setconf(control_connection_t *conn, uint32_t len,
203
                                  char *body);
204
static int handle_control_resetconf(control_connection_t *conn, uint32_t len,
205
                                    char *body);
206
static int handle_control_getconf(control_connection_t *conn, uint32_t len,
207
                                  const char *body);
208
209
static int handle_control_loadconf(control_connection_t *conn, uint32_t len,
                                  const char *body);
210
static int handle_control_setevents(control_connection_t *conn, uint32_t len,
211
                                    const char *body);
212
213
static int handle_control_authenticate(control_connection_t *conn,
                                       uint32_t len,
214
                                       const char *body);
215
static int handle_control_signal(control_connection_t *conn, uint32_t len,
216
                                 const char *body);
217
static int handle_control_mapaddress(control_connection_t *conn, uint32_t len,
218
                                     const char *body);
219
static char *list_getinfo_options(void);
220
static int handle_control_getinfo(control_connection_t *conn, uint32_t len,
221
                                  const char *body);
222
223
static int handle_control_extendcircuit(control_connection_t *conn,
                                        uint32_t len,
224
                                        const char *body);
225
226
static int handle_control_setcircuitpurpose(control_connection_t *conn,
                                            uint32_t len, const char *body);
227
228
static int handle_control_attachstream(control_connection_t *conn,
                                       uint32_t len,
229
                                        const char *body);
230
231
static int handle_control_postdescriptor(control_connection_t *conn,
                                         uint32_t len,
232
                                         const char *body);
233
234
static int handle_control_redirectstream(control_connection_t *conn,
                                         uint32_t len,
235
                                         const char *body);
236
static int handle_control_closestream(control_connection_t *conn, uint32_t len,
237
                                      const char *body);
238
239
static int handle_control_closecircuit(control_connection_t *conn,
                                       uint32_t len,
240
                                       const char *body);
241
242
static int handle_control_resolve(control_connection_t *conn, uint32_t len,
                                  const char *body);
243
244
245
static int handle_control_usefeature(control_connection_t *conn,
                                     uint32_t len,
                                     const char *body);
246
247
static int handle_control_hsfetch(control_connection_t *conn, uint32_t len,
                                  const char *body);
248
249
static int handle_control_hspost(control_connection_t *conn, uint32_t len,
                                 const char *body);
250
251
252
253
static int handle_control_add_onion(control_connection_t *conn, uint32_t len,
                                    const char *body);
static int handle_control_del_onion(control_connection_t *conn, uint32_t len,
                                    const char *body);
254
static int write_stream_target_to_buf(entry_connection_t *conn, char *buf,
255
                                      size_t len);
256
static void orconn_target_get_name(char *buf, size_t len,
257
                                   or_connection_t *conn);
258

259
260
261
static int get_cached_network_liveness(void);
static void set_cached_network_liveness(int liveness);

262
static void flush_queued_events_cb(mainloop_event_t *event, void *arg);
263

264
static char * download_status_to_string(const download_status_t *dl);
265
static void control_get_bytes_rw_last_sec(uint64_t *r, uint64_t *w);
266

267
268
269
270
271
272
273
274
275
/** Convert a connection_t* to an control_connection_t*; assert if the cast is
 * invalid. */
control_connection_t *
TO_CONTROL_CONN(connection_t *c)
{
  tor_assert(c->magic == CONTROL_CONNECTION_MAGIC);
  return DOWNCAST(control_connection_t, c);
}

276
277
/** Given a control event code for a message event, return the corresponding
 * log severity. */
278
static inline int
279
280
281
282
283
284
285
286
287
288
289
290
event_to_log_severity(int event)
{
  switch (event) {
    case EVENT_DEBUG_MSG: return LOG_DEBUG;
    case EVENT_INFO_MSG: return LOG_INFO;
    case EVENT_NOTICE_MSG: return LOG_NOTICE;
    case EVENT_WARN_MSG: return LOG_WARN;
    case EVENT_ERR_MSG: return LOG_ERR;
    default: return -1;
  }
}

291
/** Given a log severity, return the corresponding control event code. */
292
static inline int
293
294
295
296
297
298
299
300
301
302
303
304
log_severity_to_event(int severity)
{
  switch (severity) {
    case LOG_DEBUG: return EVENT_DEBUG_MSG;
    case LOG_INFO: return EVENT_INFO_MSG;
    case LOG_NOTICE: return EVENT_NOTICE_MSG;
    case LOG_WARN: return EVENT_WARN_MSG;
    case LOG_ERR: return EVENT_ERR_MSG;
    default: return -1;
  }
}

305
306
307
308
309
/** Helper: clear bandwidth counters of all origin circuits. */
static void
clear_circ_bw_fields(void)
{
  origin_circuit_t *ocirc;
310
  SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
311
312
313
314
    if (!CIRCUIT_IS_ORIGIN(circ))
      continue;
    ocirc = TO_ORIGIN_CIRCUIT(circ);
    ocirc->n_written_circ_bw = ocirc->n_read_circ_bw = 0;
315
316
    ocirc->n_overhead_written_circ_bw = ocirc->n_overhead_read_circ_bw = 0;
    ocirc->n_delivered_written_circ_bw = ocirc->n_delivered_read_circ_bw = 0;
317
  }
318
  SMARTLIST_FOREACH_END(circ);
319
320
}

321
322
/** Set <b>global_event_mask*</b> to the bitwise OR of each live control
 * connection's event_mask field. */
323
324
void
control_update_global_event_mask(void)
325
{
326
  smartlist_t *conns = get_connection_array();
327
  event_mask_t old_mask, new_mask;
328
  old_mask = global_event_mask;
329
  int any_old_per_sec_events = control_any_per_second_event_enabled();
330

331
  global_event_mask = 0;
332
333
334
335
336
  SMARTLIST_FOREACH(conns, connection_t *, _conn,
  {
    if (_conn->type == CONN_TYPE_CONTROL &&
        STATE_IS_OPEN(_conn->state)) {
      control_connection_t *conn = TO_CONTROL_CONN(_conn);
337
      global_event_mask |= conn->event_mask;
338
    }
339
  });
340

341
  new_mask = global_event_mask;
342
343
344

  /* Handle the aftermath.  Set up the log callback to tell us only what
   * we want to hear...*/
345
  control_adjust_event_log_severity();
346

347
348
349
350
  /* Macro: true if ev was false before and is true now. */
#define NEWLY_ENABLED(ev) \
  (! (old_mask & (ev)) && (new_mask & (ev)))

Karsten Loesing's avatar
Karsten Loesing committed
351
352
  /* ...then, if we've started logging stream or circ bw, clear the
   * appropriate fields. */
353
  if (NEWLY_ENABLED(EVENT_STREAM_BANDWIDTH_USED)) {
354
355
356
357
358
    SMARTLIST_FOREACH(conns, connection_t *, conn,
    {
      if (conn->type == CONN_TYPE_AP) {
        edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
        edge_conn->n_written = edge_conn->n_read = 0;
359
      }
360
    });
361
  }
362
  if (NEWLY_ENABLED(EVENT_CIRC_BANDWIDTH_USED)) {
363
    clear_circ_bw_fields();
Karsten Loesing's avatar
Karsten Loesing committed
364
  }
365
366
367
368
  if (NEWLY_ENABLED(EVENT_BANDWIDTH_USED)) {
    uint64_t r, w;
    control_get_bytes_rw_last_sec(&r, &w);
  }
369
370
371
372
  if (any_old_per_sec_events != control_any_per_second_event_enabled()) {
    reschedule_per_second_timer();
  }

373
#undef NEWLY_ENABLED
374
375
}

376
377
378
/** Adjust the log severities that result in control_event_logmsg being called
 * to match the severity of log messages that any controllers are interested
 * in. */
379
void
380
control_adjust_event_log_severity(void)
381
{
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
  int i;
  int min_log_event=EVENT_ERR_MSG, max_log_event=EVENT_DEBUG_MSG;

  for (i = EVENT_DEBUG_MSG; i <= EVENT_ERR_MSG; ++i) {
    if (EVENT_IS_INTERESTING(i)) {
      min_log_event = i;
      break;
    }
  }
  for (i = EVENT_ERR_MSG; i >= EVENT_DEBUG_MSG; --i) {
    if (EVENT_IS_INTERESTING(i)) {
      max_log_event = i;
      break;
    }
  }
397
  if (EVENT_IS_INTERESTING(EVENT_STATUS_GENERAL)) {
398
399
400
401
402
    if (min_log_event > EVENT_NOTICE_MSG)
      min_log_event = EVENT_NOTICE_MSG;
    if (max_log_event < EVENT_ERR_MSG)
      max_log_event = EVENT_ERR_MSG;
  }
403
404
405
406
407
408
409
  if (min_log_event <= max_log_event)
    change_callback_log_severity(event_to_log_severity(min_log_event),
                                 event_to_log_severity(max_log_event),
                                 control_event_logmsg);
  else
    change_callback_log_severity(LOG_ERR, LOG_ERR,
                                 control_event_logmsg);
410
411
}

412
413
414
415
416
417
418
419
420
421
/** Return true iff the event with code <b>c</b> is being sent to any current
 * control connection.  This is useful if the amount of work needed to prepare
 * to call the appropriate control_event_...() function is high.
 */
int
control_event_is_interesting(int event)
{
  return EVENT_IS_INTERESTING(event);
}

422
423
424
425
426
/** Return true if any event that needs to fire once a second is enabled. */
int
control_any_per_second_event_enabled(void)
{
  return ANY_EVENT_IS_INTERESTING(
427
428
429
430
431
      EVENT_MASK_(EVENT_BANDWIDTH_USED) |
      EVENT_MASK_(EVENT_CELL_STATS) |
      EVENT_MASK_(EVENT_CIRC_BANDWIDTH_USED) |
      EVENT_MASK_(EVENT_CONN_BW) |
      EVENT_MASK_(EVENT_STREAM_BANDWIDTH_USED)
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
  );
}

/* The value of 'get_bytes_read()' the previous time that
 * control_get_bytes_rw_last_sec() as called. */
static uint64_t stats_prev_n_read = 0;
/* The value of 'get_bytes_written()' the previous time that
 * control_get_bytes_rw_last_sec() as called. */
static uint64_t stats_prev_n_written = 0;

/**
 * Set <b>n_read</b> and <b>n_written</b> to the total number of bytes read
 * and written by Tor since the last call to this function.
 *
 * Call this only from the main thread.
 */
static void
control_get_bytes_rw_last_sec(uint64_t *n_read,
                              uint64_t *n_written)
{
  const uint64_t stats_n_bytes_read = get_bytes_read();
  const uint64_t stats_n_bytes_written = get_bytes_written();

  *n_read = stats_n_bytes_read - stats_prev_n_read;
  *n_written = stats_n_bytes_written - stats_prev_n_written;
  stats_prev_n_read = stats_n_bytes_read;
  stats_prev_n_written = stats_n_bytes_written;
}

/**
 * Run all the controller events (if any) that are scheduled to trigger once
 * per second.
 */
void
control_per_second_events(void)
{
  if (!control_any_per_second_event_enabled())
    return;

  uint64_t bytes_read, bytes_written;
  control_get_bytes_rw_last_sec(&bytes_read, &bytes_written);
  control_event_bandwidth_used((uint32_t)bytes_read,(uint32_t)bytes_written);

  control_event_stream_bandwidth_used();
  control_event_conn_bandwidth_used();
  control_event_circ_bandwidth_used();
  control_event_circuit_cell_stats();
}

481
/** Append a NUL-terminated string <b>s</b> to the end of
482
 * <b>conn</b>-\>outbuf.
483
 */
484
static inline void
485
connection_write_str_to_buf(const char *s, control_connection_t *conn)
486
487
{
  size_t len = strlen(s);
488
  connection_buf_add(s, len, TO_CONN(conn));
489
490
}

491
/** Given a <b>len</b>-character string in <b>data</b>, made of lines
492
493
 * terminated by CRLF, allocate a new string in *<b>out</b>, and copy the
 * contents of <b>data</b> into *<b>out</b>, adding a period before any period
494
 * that appears at the start of a line, and adding a period-CRLF line at
495
496
 * the end. Replace all LF characters sequences with CRLF.  Return the number
 * of bytes in *<b>out</b>.
497
 */
498
STATIC size_t
499
write_escaped_data(const char *data, size_t len, char **out)
500
{
501
502
  tor_assert(len < SIZE_MAX - 9);
  size_t sz_out = len+8+1;
503
  char *outp;
504
  const char *start = data, *end;
505
  size_t i;
506
  int start_of_line;
507
508
  for (i=0; i < len; ++i) {
    if (data[i] == '\n') {
509
      sz_out += 2; /* Maybe add a CR; maybe add a dot. */
510
511
512
513
514
515
      if (sz_out >= SIZE_T_CEILING) {
        log_warn(LD_BUG, "Input to write_escaped_data was too long");
        *out = tor_strdup(".\r\n");
        return 3;
      }
    }
516
  }
517
  *out = outp = tor_malloc(sz_out);
518
519
520
521
  end = data+len;
  start_of_line = 1;
  while (data < end) {
    if (*data == '\n') {
522
      if (data > start && data[-1] != '\r')
523
524
525
526
527
528
529
530
531
532
533
534
        *outp++ = '\r';
      start_of_line = 1;
    } else if (*data == '.') {
      if (start_of_line) {
        start_of_line = 0;
        *outp++ = '.';
      }
    } else {
      start_of_line = 0;
    }
    *outp++ = *data++;
  }
535
  if (outp < *out+2 || fast_memcmp(outp-2, "\r\n", 2)) {
536
537
538
    *outp++ = '\r';
    *outp++ = '\n';
  }
539
540
541
  *outp++ = '.';
  *outp++ = '\r';
  *outp++ = '\n';
542
  *outp = '\0'; /* NUL-terminate just in case. */
543
544
  tor_assert(outp >= *out);
  tor_assert((size_t)(outp - *out) <= sz_out);
545
546
547
  return outp - *out;
}

548
549
550
/** Given a <b>len</b>-character string in <b>data</b>, made of lines
 * terminated by CRLF, allocate a new string in *<b>out</b>, and copy
 * the contents of <b>data</b> into *<b>out</b>, removing any period
551
552
 * that appears at the start of a line, and replacing all CRLF sequences
 * with LF.   Return the number of
553
 * bytes in *<b>out</b>. */
554
STATIC size_t
555
read_escaped_data(const char *data, size_t len, char **out)
556
557
558
{
  char *outp;
  const char *next;
559
560
561
  const char *end;

  *out = outp = tor_malloc(len+1);
562

563
  end = data+len;
564

565
  while (data < end) {
566
    /* we're at the start of a line. */
567
568
    if (*data == '.')
      ++data;
569
    next = memchr(data, '\n', end-data);
570
    if (next) {
571
572
573
574
575
576
577
578
      size_t n_to_copy = next-data;
      /* Don't copy a CR that precedes this LF. */
      if (n_to_copy && *(next-1) == '\r')
        --n_to_copy;
      memcpy(outp, data, n_to_copy);
      outp += n_to_copy;
      data = next+1; /* This will point at the start of the next line,
                      * or the end of the string, or a period. */
579
    } else {
580
581
582
      memcpy(outp, data, end-data);
      outp += (end-data);
      *outp = '\0';
583
584
      return outp - *out;
    }
585
    *outp++ = '\n';
586
587
  }

588
  *outp = '\0';
589
590
  return outp - *out;
}
591

592
/** If the first <b>in_len_max</b> characters in <b>start</b> contain a
593
594
 * double-quoted string with escaped characters, return the length of that
 * string (as encoded, including quotes).  Otherwise return -1. */
595
static inline int
596
597
get_escaped_string_length(const char *start, size_t in_len_max,
                          int *chars_out)
598
599
{
  const char *cp, *end;
600
  int chars = 0;
601
602

  if (*start != '\"')
603
    return -1;
604
605
606
607
608
609

  cp = start+1;
  end = start+in_len_max;

  /* Calculate length. */
  while (1) {
610
611
612
    if (cp >= end) {
      return -1; /* Too long. */
    } else if (*cp == '\\') {
613
      if (++cp == end)
614
        return -1; /* Can't escape EOS. */
615
      ++cp;
616
      ++chars;
617
618
619
620
    } else if (*cp == '\"') {
      break;
    } else {
      ++cp;
621
      ++chars;
622
623
    }
  }
624
625
  if (chars_out)
    *chars_out = chars;
626
  return (int)(cp - start+1);
627
}
628

629
630
631
632
633
634
635
636
637
638
/** As decode_escaped_string, but does not decode the string: copies the
 * entire thing, including quotation marks. */
static const char *
extract_escaped_string(const char *start, size_t in_len_max,
                       char **out, size_t *out_len)
{
  int length = get_escaped_string_length(start, in_len_max, NULL);
  if (length<0)
    return NULL;
  *out_len = length;
639
  *out = tor_strndup(start, *out_len);
640
  return start+length;
641
642
}

643
/** Given a pointer to a string starting at <b>start</b> containing
644
 * <b>in_len_max</b> characters, decode a string beginning with one double
645
 * quote, containing any number of non-quote characters or characters escaped
646
 * with a backslash, and ending with a final double quote.  Place the resulting
647
648
649
 * string (unquoted, unescaped) into a newly allocated string in *<b>out</b>;
 * store its length in <b>out_len</b>.  On success, return a pointer to the
 * character immediately following the escaped string.  On failure, return
Roger Dingledine's avatar
Roger Dingledine committed
650
 * NULL. */
651
static const char *
652
decode_escaped_string(const char *start, size_t in_len_max,
653
                   char **out, size_t *out_len)
654
{
655
656
  const char *cp, *end;
  char *outp;
657
  int len, n_chars = 0;
658

659
660
  len = get_escaped_string_length(start, in_len_max, &n_chars);
  if (len<0)
661
662
    return NULL;

663
664
  end = start+len-1; /* Index of last quote. */
  tor_assert(*end == '\"');
665
  outp = *out = tor_malloc(len+1);
666
  *out_len = n_chars;
667

668
669
670
671
672
673
674
  cp = start+1;
  while (cp < end) {
    if (*cp == '\\')
      ++cp;
    *outp++ = *cp++;
  }
  *outp = '\0';
675
  tor_assert((outp - *out) == (int)*out_len);
676
677
678
679

  return end+1;
}

680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
/** Create and add a new controller connection on <b>sock</b>.  If
 * <b>CC_LOCAL_FD_IS_OWNER</b> is set in <b>flags</b>, this Tor process should
 * exit when the connection closes.  If <b>CC_LOCAL_FD_IS_AUTHENTICATED</b>
 * is set, then the connection does not need to authenticate.
 */
int
control_connection_add_local_fd(tor_socket_t sock, unsigned flags)
{
  if (BUG(! SOCKET_OK(sock)))
    return -1;
  const int is_owner = !!(flags & CC_LOCAL_FD_IS_OWNER);
  const int is_authenticated = !!(flags & CC_LOCAL_FD_IS_AUTHENTICATED);
  control_connection_t *control_conn = control_connection_new(AF_UNSPEC);
  connection_t *conn = TO_CONN(control_conn);
  conn->s = sock;
  tor_addr_make_unspec(&conn->addr);
  conn->port = 1;
  conn->address = tor_strdup("<local socket>");

  /* We take ownership of this socket so that later, when we close it,
   * we don't freak out. */
  tor_take_socket_ownership(sock);

  if (set_socket_nonblocking(sock) < 0 ||
      connection_add(conn) < 0) {
    connection_free(conn);
    return -1;
  }

  control_conn->is_owning_control_connection = is_owner;

  if (connection_init_accepted_conn(conn, NULL) < 0) {
    connection_mark_for_close(conn);
    return -1;
  }

  if (is_authenticated) {
    conn->state = CONTROL_CONN_STATE_OPEN;
  }

  return 0;
}

723
/** Acts like sprintf, but writes its formatted string to the end of
724
 * <b>conn</b>-\>outbuf. */
725
static void
726
connection_printf_to_buf(control_connection_t *conn, const char *format, ...)
727
728
{
  va_list ap;
729
730
731
  char *buf = NULL;
  int len;

732
  va_start(ap,format);
733
  len = tor_vasprintf(&buf, format, ap);
734
  va_end(ap);
735
736

  if (len < 0) {
737
738
    log_err(LD_BUG, "Unable to format string for controller.");
    tor_assert(0);
739
  }
740

741
  connection_buf_add(buf, (size_t)len, TO_CONN(conn));
742
743

  tor_free(buf);
744
745
}

746
747
748
749
750
751
/** Write all of the open control ports to ControlPortWriteToFile */
void
control_ports_write_to_file(void)
{
  smartlist_t *lines;
  char *joined = NULL;
752
  const or_options_t *options = get_options();
753
754
755
756

  if (!options->ControlPortWriteToFile)
    return;

757
  lines = smartlist_new();
758
759
760
761
762
763

  SMARTLIST_FOREACH_BEGIN(get_connection_array(), const connection_t *, conn) {
    if (conn->type != CONN_TYPE_CONTROL_LISTENER || conn->marked_for_close)
      continue;
#ifdef AF_UNIX
    if (conn->socket_family == AF_UNIX) {
764
      smartlist_add_asprintf(lines, "UNIX_PORT=%s\n", conn->address);
765
766
      continue;
    }
767
#endif /* defined(AF_UNIX) */
768
    smartlist_add_asprintf(lines, "PORT=%s:%d\n", conn->address, conn->port);
769
770
771
772
773
774
775
776
  } SMARTLIST_FOREACH_END(conn);

  joined = smartlist_join_strings(lines, "", 0, NULL);

  if (write_str_to_file(options->ControlPortWriteToFile, joined, 0) < 0) {
    log_warn(LD_CONTROL, "Writing %s failed: %s",
             options->ControlPortWriteToFile, strerror(errno));
  }
777
#ifndef _WIN32
778
779
780
781
782
783
  if (options->ControlPortFileGroupReadable) {
    if (chmod(options->ControlPortWriteToFile, 0640)) {
      log_warn(LD_FS,"Unable to make %s group-readable.",
               options->ControlPortWriteToFile);
    }
  }
784
#endif /* !defined(_WIN32) */
785
786
787
788
789
  tor_free(joined);
  SMARTLIST_FOREACH(lines, char *, cp, tor_free(cp));
  smartlist_free(lines);
}

790
/** Send a "DONE" message down the control connection <b>conn</b>. */
791
static void
792
send_control_done(control_connection_t *conn)
793
{
794
  connection_write_str_to_buf("250 OK\r\n", conn);
795
796
}

797
798
799
800
801
802
803
/** Represents an event that's queued to be sent to one or more
 * controllers. */
typedef struct queued_event_s {
  uint16_t event;
  char *msg;
} queued_event_t;

804
805
/** Pointer to int. If this is greater than 0, we don't allow new events to be
 * queued. */
806
static tor_threadlocal_t block_event_queue_flag;
807
808
809
810
811

/** Holds a smartlist of queued_event_t objects that may need to be sent
 * to one or more controllers */
static smartlist_t *queued_control_events = NULL;

812
813
814
815
816
817
/** True if the flush_queued_events_event is pending. */
static int flush_queued_event_pending = 0;

/** Lock to protect the above fields. */
static tor_mutex_t *queued_control_events_lock = NULL;

818
819
/** An event that should fire in order to flush the contents of
 * queued_control_events. */
820
static mainloop_event_t *flush_queued_events_event = NULL;
821

822
823
824
825
826
827
828
829
830
831
void
control_initialize_event_queue(void)
{
  if (queued_control_events == NULL) {
    queued_control_events = smartlist_new();
  }

  if (flush_queued_events_event == NULL) {
    struct event_base *b = tor_libevent_get_base();
    if (b) {
832
833
      flush_queued_events_event =
        mainloop_event_new(flush_queued_events_cb, NULL);
834
835
836
      tor_assert(flush_queued_events_event);
    }
  }
837
838
839

  if (queued_control_events_lock == NULL) {
    queued_control_events_lock = tor_mutex_new();
840
    tor_threadlocal_init(&block_event_queue_flag);
841
  }
842
843
}

844
845
846
static int *
get_block_event_queue(void)
{
847
  int *val = tor_threadlocal_get(&block_event_queue_flag);
848
849
  if (PREDICT_UNLIKELY(val == NULL)) {
    val = tor_malloc_zero(sizeof(int));
850
    tor_threadlocal_set(&block_event_queue_flag, val);
851
852
853
854
  }
  return val;
}

855
856
/** Helper: inserts an event on the list of events queued to be sent to
 * one or more controllers, and schedules the events to be flushed if needed.
857
 *
858
 * This function takes ownership of <b>msg</b>, and may free it.
859
 *
860
861
862
863
864
865
 * We queue these events rather than send them immediately in order to break
 * the dependency in our callgraph from code that generates events for the
 * controller, and the network layer at large.  Otherwise, nearly every
 * interesting part of Tor would potentially call every other interesting part
 * of Tor.
 */
866
MOCK_IMPL(STATIC void,
867
queue_control_event_string,(uint16_t event, char *msg))
868
{
869
870
871
872
873
874
875
  /* This is redundant with checks done elsewhere, but it's a last-ditch
   * attempt to avoid queueing something we shouldn't have to queue. */
  if (PREDICT_UNLIKELY( ! EVENT_IS_INTERESTING(event) )) {
    tor_free(msg);
    return;
  }

876
877
  int *block_event_queue = get_block_event_queue();
  if (*block_event_queue) {
878
879
880
881
    tor_free(msg);
    return;
  }

882
883
884
885
  queued_event_t *ev = tor_malloc(sizeof(*ev));
  ev->event = event;
  ev->msg = msg;

886
  /* No queueing an event while queueing an event */
887
  ++*block_event_queue;
888

889
  tor_mutex_acquire(queued_control_events_lock);
890
  tor_assert(queued_control_events);
891
892
  smartlist_add(queued_control_events, ev);

893
894
895
896
897
898
899
900
  int activate_event = 0;
  if (! flush_queued_event_pending && in_main_thread()) {
    activate_event = 1;
    flush_queued_event_pending = 1;
  }

  tor_mutex_release(queued_control_events_lock);

901
902
  --*block_event_queue;

903
904
905
  /* We just put an event on the queue; mark the queue to be
   * flushed.  We only do this from the main thread for now; otherwise,
   * we'd need to incur locking overhead in Libevent or use a socket.
906
   */
907
  if (activate_event) {
908
    tor_assert(flush_queued_events_event);
909
    mainloop_event_activate(flush_queued_events_event);
910
911
912
  }
}

913
914
915
#define queued_event_free(ev) \
  FREE_AND_NULL(queued_event_t, queued_event_free_, (ev))

916
917
/** Release all storage held by <b>ev</b>. */
static void
918
queued_event_free_(queued_event_t *ev)
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
{
  if (ev == NULL)
    return;

  tor_free(ev->msg);
  tor_free(ev);
}

/** Send every queued event to every controller that's interested in it,
 * and remove the events from the queue.  If <b>force</b> is true,
 * then make all controllers send their data out immediately, since we
 * may be about to shut down. */
static void
queued_events_flush_all(int force)
{
934
935
936
  /* Make sure that we get all the pending log events, if there are any. */
  flush_pending_log_callbacks();

937
938
939
  if (PREDICT_UNLIKELY(queued_control_events == NULL)) {
    return;
  }
940
941
942
  smartlist_t *all_conns = get_connection_array();
  smartlist_t *controllers = smartlist_new();
  smartlist_t *queued_events;
943

944
945
946
  int *block_event_queue = get_block_event_queue();
  ++*block_event_queue;

947
  tor_mutex_acquire(queued_control_events_lock);
948
  /* No queueing an event while flushing events. */
949
950
951
952
  flush_queued_event_pending = 0;
  queued_events = queued_control_events;
  queued_control_events = smartlist_new();
  tor_mutex_release(queued_control_events_lock);
953

954
955
  /* Gather all the controllers that will care... */
  SMARTLIST_FOREACH_BEGIN(all_conns, connection_t *, conn) {
956
957
958
959
    if (conn->type == CONN_TYPE_CONTROL &&
        !conn->marked_for_close &&
        conn->state == CONTROL_CONN_STATE_OPEN) {
      control_connection_t *control_conn = TO_CONTROL_CONN(conn);
960

961
      smartlist_add(controllers, control_conn);
962
    }
963
  } SMARTLIST_FOREACH_END(conn);
964

965
  SMARTLIST_FOREACH_BEGIN(queued_events, queued_event_t *, ev) {
966
967
968
969
970
    const event_mask_t bit = ((event_mask_t)1) << ev->event;
    const size_t msg_len = strlen(ev->msg);
    SMARTLIST_FOREACH_BEGIN(controllers, control_connection_t *,
                            control_conn) {
      if (control_conn->event_mask & bit) {
971
        connection_buf_add(ev->msg, msg_len, TO_CONN(control_conn));
972
973
974
975
976
977
978
979
980
981
982
983
984
      }
    } SMARTLIST_FOREACH_END(control_conn);

    queued_event_free(ev);
  } SMARTLIST_FOREACH_END(ev);

  if (force) {
    SMARTLIST_FOREACH_BEGIN(controllers, control_connection_t *,
                            control_conn) {
      connection_flush(TO_CONN(control_conn));
    } SMARTLIST_FOREACH_END(control_conn);
  }

985
  smartlist_free(queued_events);
986
987
  smartlist_free(controllers);

988
  --*block_event_queue;
989
990
991
}

/** Libevent callback: Flushes pending events to controllers that are
992
 * interested in them. */
993
static void
994
flush_queued_events_cb(mainloop_event_t *event, void *arg)
995
{
996
  (void) event;
997
998
999
1000
  (void) arg;
  queued_events_flush_all(0);
}

For faster browsing, not all history is shown. View entire blame