1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 /**
7 * @file dirclient.c
8 * @brief Download directory information
9 **/
10
11 #define DIRCLIENT_PRIVATE
12
13 #include "core/or/or.h"
14
15 #include "app/config/config.h"
16 #include "core/mainloop/connection.h"
17 #include "core/mainloop/mainloop.h"
18 #include "core/or/connection_edge.h"
19 #include "core/or/policies.h"
20 #include "feature/client/bridges.h"
21 #include "feature/client/entrynodes.h"
22 #include "feature/control/control_events.h"
23 #include "feature/dirauth/authmode.h"
24 #include "feature/dirclient/dirclient.h"
25 #include "feature/dirauth/dirvote.h"
26 #include "feature/dirauth/shared_random.h"
27 #include "feature/dircache/dirserv.h"
28 #include "feature/dirclient/dirclient.h"
29 #include "feature/dirclient/dirclient_modes.h"
30 #include "feature/dirclient/dlstatus.h"
31 #include "feature/dircommon/consdiff.h"
32 #include "feature/dircommon/directory.h"
33 #include "feature/dircommon/fp_pair.h"
34 #include "feature/hs/hs_cache.h"
35 #include "feature/hs/hs_client.h"
36 #include "feature/hs/hs_control.h"
37 #include "feature/nodelist/authcert.h"
38 #include "feature/nodelist/describe.h"
39 #include "feature/nodelist/dirlist.h"
40 #include "feature/nodelist/microdesc.h"
41 #include "feature/nodelist/networkstatus.h"
42 #include "feature/nodelist/node_select.h"
43 #include "feature/nodelist/nodelist.h"
44 #include "feature/nodelist/routerinfo.h"
45 #include "feature/nodelist/routerlist.h"
46 #include "feature/nodelist/routerset.h"
47 #include "feature/relay/relay_find_addr.h"
48 #include "feature/relay/routermode.h"
49 #include "feature/relay/selftest.h"
50 #include "feature/rend/rendcommon.h"
51 #include "feature/stats/predict_ports.h"
52
53 #include "lib/cc/ctassert.h"
54 #include "lib/compress/compress.h"
55 #include "lib/crypt_ops/crypto_format.h"
56 #include "lib/crypt_ops/crypto_util.h"
57 #include "lib/encoding/confline.h"
58 #include "lib/err/backtrace.h"
59
60 #include "core/or/entry_connection_st.h"
61 #include "feature/dircache/cached_dir_st.h"
62 #include "feature/dirclient/dir_server_st.h"
63 #include "feature/dircommon/dir_connection_st.h"
64 #include "feature/nodelist/networkstatus_st.h"
65 #include "feature/nodelist/node_st.h"
66 #include "feature/nodelist/routerinfo_st.h"
67
68 /** Maximum size, in bytes, for any directory object that we've downloaded. */
69 #define MAX_DIR_DL_SIZE ((1<<24)-1) /* 16 MB - 1 */
70
71 /** How far in the future do we allow a directory server to tell us it is
72 * before deciding that one of us has the wrong time? */
73 #define ALLOW_DIRECTORY_TIME_SKEW (30*60)
74
75 static int body_is_plausible(const char *body, size_t body_len, int purpose);
76 static void connection_dir_download_routerdesc_failed(dir_connection_t *conn);
77 static void connection_dir_bridge_routerdesc_failed(dir_connection_t *conn);
78 static void connection_dir_download_cert_failed(
79 dir_connection_t *conn, int status_code);
80 static void connection_dir_retry_bridges(smartlist_t *descs);
81 static void dir_routerdesc_download_failed(smartlist_t *failed,
82 int status_code,
83 int router_purpose,
84 int was_extrainfo,
85 int was_descriptor_digests);
86 static void dir_microdesc_download_failed(smartlist_t *failed,
87 int status_code,
88 const char *dir_id);
89 static void directory_send_command(dir_connection_t *conn,
90 const int direct,
91 const directory_request_t *req);
92 static void connection_dir_close_consensus_fetches(
93 dir_connection_t *except_this_one, const char *resource);
94
95 /** Return a string describing a given directory connection purpose. */
96 STATIC const char *
dir_conn_purpose_to_string(int purpose)97 dir_conn_purpose_to_string(int purpose)
98 {
99 switch (purpose)
100 {
101 case DIR_PURPOSE_UPLOAD_DIR:
102 return "server descriptor upload";
103 case DIR_PURPOSE_UPLOAD_VOTE:
104 return "server vote upload";
105 case DIR_PURPOSE_UPLOAD_SIGNATURES:
106 return "consensus signature upload";
107 case DIR_PURPOSE_FETCH_SERVERDESC:
108 return "server descriptor fetch";
109 case DIR_PURPOSE_FETCH_EXTRAINFO:
110 return "extra-info fetch";
111 case DIR_PURPOSE_FETCH_CONSENSUS:
112 return "consensus network-status fetch";
113 case DIR_PURPOSE_FETCH_CERTIFICATE:
114 return "authority cert fetch";
115 case DIR_PURPOSE_FETCH_STATUS_VOTE:
116 return "status vote fetch";
117 case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
118 return "consensus signature fetch";
119 case DIR_PURPOSE_FETCH_HSDESC:
120 return "hidden-service descriptor fetch";
121 case DIR_PURPOSE_UPLOAD_HSDESC:
122 return "hidden-service descriptor upload";
123 case DIR_PURPOSE_FETCH_MICRODESC:
124 return "microdescriptor fetch";
125 }
126
127 log_warn(LD_BUG, "Called with unknown purpose %d", purpose);
128 return "(unknown)";
129 }
130
131 /** Return the requisite directory information types. */
132 STATIC dirinfo_type_t
dir_fetch_type(int dir_purpose,int router_purpose,const char * resource)133 dir_fetch_type(int dir_purpose, int router_purpose, const char *resource)
134 {
135 dirinfo_type_t type;
136 switch (dir_purpose) {
137 case DIR_PURPOSE_FETCH_EXTRAINFO:
138 type = EXTRAINFO_DIRINFO;
139 if (router_purpose == ROUTER_PURPOSE_BRIDGE)
140 type |= BRIDGE_DIRINFO;
141 else
142 type |= V3_DIRINFO;
143 break;
144 case DIR_PURPOSE_FETCH_SERVERDESC:
145 if (router_purpose == ROUTER_PURPOSE_BRIDGE)
146 type = BRIDGE_DIRINFO;
147 else
148 type = V3_DIRINFO;
149 break;
150 case DIR_PURPOSE_FETCH_STATUS_VOTE:
151 case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
152 case DIR_PURPOSE_FETCH_CERTIFICATE:
153 type = V3_DIRINFO;
154 break;
155 case DIR_PURPOSE_FETCH_CONSENSUS:
156 type = V3_DIRINFO;
157 if (resource && !strcmp(resource, "microdesc"))
158 type |= MICRODESC_DIRINFO;
159 break;
160 case DIR_PURPOSE_FETCH_MICRODESC:
161 type = MICRODESC_DIRINFO;
162 break;
163 default:
164 log_warn(LD_BUG, "Unexpected purpose %d", (int)dir_purpose);
165 type = NO_DIRINFO;
166 break;
167 }
168 return type;
169 }
170
171 /** Return true iff <b>identity_digest</b> is the digest of a router which
172 * says that it caches extrainfos. (If <b>is_authority</b> we always
173 * believe that to be true.) */
174 int
router_supports_extrainfo(const char * identity_digest,int is_authority)175 router_supports_extrainfo(const char *identity_digest, int is_authority)
176 {
177 const node_t *node = node_get_by_id(identity_digest);
178
179 if (node && node->ri) {
180 if (node->ri->caches_extra_info)
181 return 1;
182 }
183 if (is_authority) {
184 return 1;
185 }
186 return 0;
187 }
188
189 /** Return true iff any trusted directory authority has accepted our
190 * server descriptor.
191 *
192 * We consider any authority sufficient because waiting for all of
193 * them means it never happens while any authority is down; we don't
194 * go for something more complex in the middle (like \>1/3 or \>1/2 or
195 * \>=1/2) because that doesn't seem necessary yet.
196 */
197 int
directories_have_accepted_server_descriptor(void)198 directories_have_accepted_server_descriptor(void)
199 {
200 const smartlist_t *servers = router_get_trusted_dir_servers();
201 const or_options_t *options = get_options();
202 SMARTLIST_FOREACH(servers, dir_server_t *, d, {
203 if ((d->type & options->PublishServerDescriptor_) &&
204 d->has_accepted_serverdesc) {
205 return 1;
206 }
207 });
208 return 0;
209 }
210
211 /** Start a connection to every suitable directory authority, using
212 * connection purpose <b>dir_purpose</b> and uploading <b>payload</b>
213 * (of length <b>payload_len</b>). The dir_purpose should be one of
214 * 'DIR_PURPOSE_UPLOAD_{DIR|VOTE|SIGNATURES}'.
215 *
216 * <b>router_purpose</b> describes the type of descriptor we're
217 * publishing, if we're publishing a descriptor -- e.g. general or bridge.
218 *
219 * <b>type</b> specifies what sort of dir authorities (V3,
220 * BRIDGE, etc) we should upload to.
221 *
222 * If <b>extrainfo_len</b> is nonzero, the first <b>payload_len</b> bytes of
223 * <b>payload</b> hold a router descriptor, and the next <b>extrainfo_len</b>
224 * bytes of <b>payload</b> hold an extra-info document. Upload the descriptor
225 * to all authorities, and the extra-info document to all authorities that
226 * support it.
227 */
228 void
directory_post_to_dirservers(uint8_t dir_purpose,uint8_t router_purpose,dirinfo_type_t type,const char * payload,size_t payload_len,size_t extrainfo_len)229 directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
230 dirinfo_type_t type,
231 const char *payload,
232 size_t payload_len, size_t extrainfo_len)
233 {
234 const or_options_t *options = get_options();
235 dir_indirection_t indirection;
236 const smartlist_t *dirservers = router_get_trusted_dir_servers();
237 int found = 0;
238 const int exclude_self = (dir_purpose == DIR_PURPOSE_UPLOAD_VOTE ||
239 dir_purpose == DIR_PURPOSE_UPLOAD_SIGNATURES);
240 tor_assert(dirservers);
241 /* This tries dirservers which we believe to be down, but ultimately, that's
242 * harmless, and we may as well err on the side of getting things uploaded.
243 */
244 SMARTLIST_FOREACH_BEGIN(dirservers, dir_server_t *, ds) {
245 routerstatus_t *rs = &(ds->fake_status);
246 size_t upload_len = payload_len;
247
248 if ((type & ds->type) == 0)
249 continue;
250
251 if (exclude_self && router_digest_is_me(ds->digest)) {
252 /* we don't upload to ourselves, but at least there's now at least
253 * one authority of this type that has what we wanted to upload. */
254 found = 1;
255 continue;
256 }
257
258 if (options->StrictNodes &&
259 routerset_contains_routerstatus(options->ExcludeNodes, rs, -1)) {
260 log_warn(LD_DIR, "Wanted to contact authority '%s' for %s, but "
261 "it's in our ExcludedNodes list and StrictNodes is set. "
262 "Skipping.",
263 ds->nickname,
264 dir_conn_purpose_to_string(dir_purpose));
265 continue;
266 }
267
268 found = 1; /* at least one authority of this type was listed */
269 if (dir_purpose == DIR_PURPOSE_UPLOAD_DIR)
270 ds->has_accepted_serverdesc = 0;
271
272 if (extrainfo_len && router_supports_extrainfo(ds->digest, 1)) {
273 upload_len += extrainfo_len;
274 log_info(LD_DIR, "Uploading an extrainfo too (length %d)",
275 (int) extrainfo_len);
276 }
277 if (purpose_needs_anonymity(dir_purpose, router_purpose, NULL)) {
278 indirection = DIRIND_ANONYMOUS;
279 } else if (!reachable_addr_allows_dir_server(ds,
280 FIREWALL_DIR_CONNECTION,
281 0)) {
282 if (reachable_addr_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0))
283 indirection = DIRIND_ONEHOP;
284 else
285 indirection = DIRIND_ANONYMOUS;
286 } else {
287 indirection = DIRIND_DIRECT_CONN;
288 }
289
290 directory_request_t *req = directory_request_new(dir_purpose);
291 directory_request_set_routerstatus(req, rs);
292 directory_request_set_router_purpose(req, router_purpose);
293 directory_request_set_indirection(req, indirection);
294 directory_request_set_payload(req, payload, upload_len);
295 directory_initiate_request(req);
296 directory_request_free(req);
297 } SMARTLIST_FOREACH_END(ds);
298 if (!found) {
299 char *s = authdir_type_to_string(type);
300 log_warn(LD_DIR, "Publishing server descriptor to directory authorities "
301 "of type '%s', but no authorities of that type listed!", s);
302 tor_free(s);
303 }
304 }
305
306 /** Return true iff, according to the values in <b>options</b>, we should be
307 * using directory guards for direct downloads of directory information. */
308 STATIC int
should_use_directory_guards(const or_options_t * options)309 should_use_directory_guards(const or_options_t *options)
310 {
311 /* Public (non-bridge) servers never use directory guards. */
312 if (public_server_mode(options))
313 return 0;
314 /* If guards are disabled, we can't use directory guards.
315 */
316 if (!options->UseEntryGuards)
317 return 0;
318 /* If we're configured to fetch directory info aggressively or of a
319 * nonstandard type, don't use directory guards. */
320 if (options->DownloadExtraInfo || options->FetchDirInfoEarly ||
321 options->FetchDirInfoExtraEarly || options->FetchUselessDescriptors)
322 return 0;
323 return 1;
324 }
325
326 /** Pick an unconstrained directory server from among our guards, the latest
327 * networkstatus, or the fallback dirservers, for use in downloading
328 * information of type <b>type</b>, and return its routerstatus. */
329 static const routerstatus_t *
directory_pick_generic_dirserver(dirinfo_type_t type,int pds_flags,uint8_t dir_purpose,circuit_guard_state_t ** guard_state_out)330 directory_pick_generic_dirserver(dirinfo_type_t type, int pds_flags,
331 uint8_t dir_purpose,
332 circuit_guard_state_t **guard_state_out)
333 {
334 const routerstatus_t *rs = NULL;
335 const or_options_t *options = get_options();
336
337 if (options->UseBridges)
338 log_warn(LD_BUG, "Called when we have UseBridges set.");
339
340 if (should_use_directory_guards(options)) {
341 const node_t *node = guards_choose_dirguard(dir_purpose, guard_state_out);
342 if (node)
343 rs = node->rs;
344 } else {
345 /* anybody with a non-zero dirport will do */
346 rs = router_pick_directory_server(type, pds_flags);
347 }
348 if (!rs) {
349 log_info(LD_DIR, "No router found for %s; falling back to "
350 "dirserver list.", dir_conn_purpose_to_string(dir_purpose));
351 rs = router_pick_fallback_dirserver(type, pds_flags);
352 }
353
354 return rs;
355 }
356
357 /**
358 * Set the extra fields in <b>req</b> that are used when requesting a
359 * consensus of type <b>resource</b>.
360 *
361 * Right now, these fields are if-modified-since and x-or-diff-from-consensus.
362 */
363 static void
dir_consensus_request_set_additional_headers(directory_request_t * req,const char * resource)364 dir_consensus_request_set_additional_headers(directory_request_t *req,
365 const char *resource)
366 {
367 time_t if_modified_since = 0;
368 uint8_t or_diff_from[DIGEST256_LEN];
369 int or_diff_from_is_set = 0;
370
371 /* DEFAULT_IF_MODIFIED_SINCE_DELAY is 1/20 of the default consensus
372 * period of 1 hour.
373 */
374 const int DEFAULT_IF_MODIFIED_SINCE_DELAY = 180;
375 const int32_t DEFAULT_TRY_DIFF_FOR_CONSENSUS_NEWER = 72;
376 const int32_t MIN_TRY_DIFF_FOR_CONSENSUS_NEWER = 0;
377 const int32_t MAX_TRY_DIFF_FOR_CONSENSUS_NEWER = 8192;
378 const char TRY_DIFF_FOR_CONSENSUS_NEWER_NAME[] =
379 "try-diff-for-consensus-newer-than";
380
381 int flav = FLAV_NS;
382 if (resource)
383 flav = networkstatus_parse_flavor_name(resource);
384
385 int32_t max_age_for_diff = 3600 *
386 networkstatus_get_param(NULL,
387 TRY_DIFF_FOR_CONSENSUS_NEWER_NAME,
388 DEFAULT_TRY_DIFF_FOR_CONSENSUS_NEWER,
389 MIN_TRY_DIFF_FOR_CONSENSUS_NEWER,
390 MAX_TRY_DIFF_FOR_CONSENSUS_NEWER);
391
392 if (flav != -1) {
393 /* IF we have a parsed consensus of this type, we can do an
394 * if-modified-time based on it. */
395 networkstatus_t *v;
396 v = networkstatus_get_latest_consensus_by_flavor(flav);
397 if (v) {
398 /* In networks with particularly short V3AuthVotingIntervals,
399 * ask for the consensus if it's been modified since half the
400 * V3AuthVotingInterval of the most recent consensus. */
401 time_t ims_delay = DEFAULT_IF_MODIFIED_SINCE_DELAY;
402 if (v->fresh_until > v->valid_after
403 && ims_delay > (v->fresh_until - v->valid_after)/2) {
404 ims_delay = (v->fresh_until - v->valid_after)/2;
405 }
406 if_modified_since = v->valid_after + ims_delay;
407 if (v->valid_after >= approx_time() - max_age_for_diff) {
408 memcpy(or_diff_from, v->digest_sha3_as_signed, DIGEST256_LEN);
409 or_diff_from_is_set = 1;
410 }
411 }
412 } else {
413 /* Otherwise it might be a consensus we don't parse, but which we
414 * do cache. Look at the cached copy, perhaps. */
415 cached_dir_t *cd = dirserv_get_consensus(resource);
416 /* We have no method of determining the voting interval from an
417 * unparsed consensus, so we use the default. */
418 if (cd) {
419 if_modified_since = cd->published + DEFAULT_IF_MODIFIED_SINCE_DELAY;
420 if (cd->published >= approx_time() - max_age_for_diff) {
421 memcpy(or_diff_from, cd->digest_sha3_as_signed, DIGEST256_LEN);
422 or_diff_from_is_set = 1;
423 }
424 }
425 }
426
427 if (if_modified_since > 0)
428 directory_request_set_if_modified_since(req, if_modified_since);
429 if (or_diff_from_is_set) {
430 char hex[HEX_DIGEST256_LEN + 1];
431 base16_encode(hex, sizeof(hex),
432 (const char*)or_diff_from, sizeof(or_diff_from));
433 directory_request_add_header(req, X_OR_DIFF_FROM_CONSENSUS_HEADER, hex);
434 }
435 }
436 /** Start a connection to a random running directory server, using
437 * connection purpose <b>dir_purpose</b>, intending to fetch descriptors
438 * of purpose <b>router_purpose</b>, and requesting <b>resource</b>.
439 * Use <b>pds_flags</b> as arguments to router_pick_directory_server()
440 * or router_pick_trusteddirserver().
441 */
442 MOCK_IMPL(void,
443 directory_get_from_dirserver,(
444 uint8_t dir_purpose,
445 uint8_t router_purpose,
446 const char *resource,
447 int pds_flags,
448 download_want_authority_t want_authority))
449 {
450 const routerstatus_t *rs = NULL;
451 const or_options_t *options = get_options();
452 int prefer_authority = (dirclient_fetches_from_authorities(options)
453 || want_authority == DL_WANT_AUTHORITY);
454 int require_authority = 0;
455 int get_via_tor = purpose_needs_anonymity(dir_purpose, router_purpose,
456 resource);
457 dirinfo_type_t type = dir_fetch_type(dir_purpose, router_purpose, resource);
458
459 if (type == NO_DIRINFO)
460 return;
461
462 if (!options->FetchServerDescriptors)
463 return;
464
465 circuit_guard_state_t *guard_state = NULL;
466 if (!get_via_tor) {
467 if (options->UseBridges && !(type & BRIDGE_DIRINFO)) {
468 /* We want to ask a running bridge for which we have a descriptor.
469 *
470 * When we ask choose_random_entry() for a bridge, we specify what
471 * sort of dir fetch we'll be doing, so it won't return a bridge
472 * that can't answer our question.
473 */
474 const node_t *node = guards_choose_dirguard(dir_purpose, &guard_state);
475 if (node && node->ri) {
476 /* every bridge has a routerinfo. */
477 routerinfo_t *ri = node->ri;
478 /* clients always make OR connections to bridges */
479 tor_addr_port_t or_ap;
480 directory_request_t *req = directory_request_new(dir_purpose);
481 /* we are willing to use a non-preferred address if we need to */
482 reachable_addr_choose_from_node(node, FIREWALL_OR_CONNECTION, 0,
483 &or_ap);
484 directory_request_set_or_addr_port(req, &or_ap);
485 directory_request_set_directory_id_digest(req,
486 ri->cache_info.identity_digest);
487 directory_request_set_router_purpose(req, router_purpose);
488 directory_request_set_resource(req, resource);
489 if (dir_purpose == DIR_PURPOSE_FETCH_CONSENSUS)
490 dir_consensus_request_set_additional_headers(req, resource);
491 directory_request_set_guard_state(req, guard_state);
492 directory_initiate_request(req);
493 directory_request_free(req);
494 } else {
495 if (guard_state) {
496 entry_guard_cancel(&guard_state);
497 }
498 log_notice(LD_DIR, "Ignoring directory request, since no bridge "
499 "nodes are available yet.");
500 }
501
502 return;
503 } else {
504 if (prefer_authority || (type & BRIDGE_DIRINFO)) {
505 /* only ask authdirservers, and don't ask myself */
506 rs = router_pick_trusteddirserver(type, pds_flags);
507 if (rs == NULL && (pds_flags & (PDS_NO_EXISTING_SERVERDESC_FETCH|
508 PDS_NO_EXISTING_MICRODESC_FETCH))) {
509 /* We don't want to fetch from any authorities that we're currently
510 * fetching server descriptors from, and we got no match. Did we
511 * get no match because all the authorities have connections
512 * fetching server descriptors (in which case we should just
513 * return,) or because all the authorities are down or on fire or
514 * unreachable or something (in which case we should go on with
515 * our fallback code)? */
516 pds_flags &= ~(PDS_NO_EXISTING_SERVERDESC_FETCH|
517 PDS_NO_EXISTING_MICRODESC_FETCH);
518 rs = router_pick_trusteddirserver(type, pds_flags);
519 if (rs) {
520 log_debug(LD_DIR, "Deferring serverdesc fetch: all authorities "
521 "are in use.");
522 return;
523 }
524 }
525 if (rs == NULL && require_authority) {
526 log_info(LD_DIR, "No authorities were available for %s: will try "
527 "later.", dir_conn_purpose_to_string(dir_purpose));
528 return;
529 }
530 }
531 if (!rs && !(type & BRIDGE_DIRINFO)) {
532 rs = directory_pick_generic_dirserver(type, pds_flags,
533 dir_purpose,
534 &guard_state);
535 if (!rs)
536 get_via_tor = 1; /* last resort: try routing it via Tor */
537 }
538 }
539 }
540
541 if (get_via_tor) {
542 /* Never use fascistfirewall; we're going via Tor. */
543 pds_flags |= PDS_IGNORE_FASCISTFIREWALL;
544 rs = router_pick_directory_server(type, pds_flags);
545 }
546
547 /* If we have any hope of building an indirect conn, we know some router
548 * descriptors. If (rs==NULL), we can't build circuits anyway, so
549 * there's no point in falling back to the authorities in this case. */
550 if (rs) {
551 const dir_indirection_t indirection =
552 get_via_tor ? DIRIND_ANONYMOUS : DIRIND_ONEHOP;
553 directory_request_t *req = directory_request_new(dir_purpose);
554 directory_request_set_routerstatus(req, rs);
555 directory_request_set_router_purpose(req, router_purpose);
556 directory_request_set_indirection(req, indirection);
557 directory_request_set_resource(req, resource);
558 if (dir_purpose == DIR_PURPOSE_FETCH_CONSENSUS)
559 dir_consensus_request_set_additional_headers(req, resource);
560 if (guard_state)
561 directory_request_set_guard_state(req, guard_state);
562 directory_initiate_request(req);
563 directory_request_free(req);
564 } else {
565 log_notice(LD_DIR,
566 "While fetching directory info, "
567 "no running dirservers known. Will try again later. "
568 "(purpose %d)", dir_purpose);
569 if (!purpose_needs_anonymity(dir_purpose, router_purpose, resource)) {
570 /* remember we tried them all and failed. */
571 directory_all_unreachable(time(NULL));
572 }
573 }
574 }
575
576 /** As directory_get_from_dirserver, but initiates a request to <i>every</i>
577 * directory authority other than ourself. Only for use by authorities when
578 * searching for missing information while voting. */
579 void
directory_get_from_all_authorities(uint8_t dir_purpose,uint8_t router_purpose,const char * resource)580 directory_get_from_all_authorities(uint8_t dir_purpose,
581 uint8_t router_purpose,
582 const char *resource)
583 {
584 tor_assert(dir_purpose == DIR_PURPOSE_FETCH_STATUS_VOTE ||
585 dir_purpose == DIR_PURPOSE_FETCH_DETACHED_SIGNATURES);
586
587 SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
588 dir_server_t *, ds) {
589 if (router_digest_is_me(ds->digest))
590 continue;
591 if (!(ds->type & V3_DIRINFO))
592 continue;
593 const routerstatus_t *rs = &ds->fake_status;
594 directory_request_t *req = directory_request_new(dir_purpose);
595 directory_request_set_routerstatus(req, rs);
596 directory_request_set_router_purpose(req, router_purpose);
597 directory_request_set_resource(req, resource);
598 directory_initiate_request(req);
599 directory_request_free(req);
600 } SMARTLIST_FOREACH_END(ds);
601 }
602
603 /** Return true iff <b>ind</b> requires a multihop circuit. */
604 static int
dirind_is_anon(dir_indirection_t ind)605 dirind_is_anon(dir_indirection_t ind)
606 {
607 return ind == DIRIND_ANON_DIRPORT || ind == DIRIND_ANONYMOUS;
608 }
609
610 /* Choose reachable OR and Dir addresses and ports from status, copying them
611 * into use_or_ap and use_dir_ap. If indirection is anonymous, then we're
612 * connecting via another relay, so choose the primary IPv4 address and ports.
613 *
614 * status should have at least one reachable address, if we can't choose a
615 * reachable address, warn and return -1. Otherwise, return 0.
616 */
617 static int
directory_choose_address_routerstatus(const routerstatus_t * status,dir_indirection_t indirection,tor_addr_port_t * use_or_ap,tor_addr_port_t * use_dir_ap)618 directory_choose_address_routerstatus(const routerstatus_t *status,
619 dir_indirection_t indirection,
620 tor_addr_port_t *use_or_ap,
621 tor_addr_port_t *use_dir_ap)
622 {
623 tor_assert(status != NULL);
624 tor_assert(use_or_ap != NULL);
625 tor_assert(use_dir_ap != NULL);
626
627 const or_options_t *options = get_options();
628 int have_or = 0, have_dir = 0;
629
630 /* We expect status to have at least one reachable address if we're
631 * connecting to it directly.
632 *
633 * Therefore, we can simply use the other address if the one we want isn't
634 * allowed by the firewall.
635 *
636 * (When Tor uploads and downloads a hidden service descriptor, it uses
637 * DIRIND_ANONYMOUS. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS,
638 * to avoid HSDirs denying service by rejecting descriptors.)
639 */
640
641 /* Initialise the OR / Dir addresses */
642 tor_addr_make_null(&use_or_ap->addr, AF_UNSPEC);
643 use_or_ap->port = 0;
644 tor_addr_make_null(&use_dir_ap->addr, AF_UNSPEC);
645 use_dir_ap->port = 0;
646
647 /* ORPort connections */
648 if (indirection == DIRIND_ANONYMOUS) {
649 if (!tor_addr_is_null(&status->ipv4_addr)) {
650 /* Since we're going to build a 3-hop circuit and ask the 2nd relay
651 * to extend to this address, always use the primary (IPv4) OR address */
652 tor_addr_copy(&use_or_ap->addr, &status->ipv4_addr);
653 use_or_ap->port = status->ipv4_orport;
654 have_or = 1;
655 }
656 } else if (indirection == DIRIND_ONEHOP) {
657 /* We use an IPv6 address if we have one and we prefer it.
658 * Use the preferred address and port if they are reachable, otherwise,
659 * use the alternate address and port (if any).
660 */
661 reachable_addr_choose_from_rs(status, FIREWALL_OR_CONNECTION, 0,
662 use_or_ap);
663 have_or = tor_addr_port_is_valid_ap(use_or_ap, 0);
664 }
665
666 /* DirPort connections
667 * DIRIND_ONEHOP uses ORPort, but may fall back to the DirPort on relays */
668 if (indirection == DIRIND_DIRECT_CONN ||
669 indirection == DIRIND_ANON_DIRPORT ||
670 (indirection == DIRIND_ONEHOP
671 && !dirclient_must_use_begindir(options))) {
672 reachable_addr_choose_from_rs(status, FIREWALL_DIR_CONNECTION, 0,
673 use_dir_ap);
674 have_dir = tor_addr_port_is_valid_ap(use_dir_ap, 0);
675 }
676
677 /* We rejected all addresses in the relay's status. This means we can't
678 * connect to it. */
679 if (!have_or && !have_dir) {
680 static int logged_backtrace = 0;
681 char *ipv6_str = tor_addr_to_str_dup(&status->ipv6_addr);
682 log_info(LD_BUG, "Rejected all OR and Dir addresses from %s when "
683 "launching an outgoing directory connection to: IPv4 %s OR %d "
684 "Dir %d IPv6 %s OR %d Dir %d", routerstatus_describe(status),
685 fmt_addr(&status->ipv4_addr), status->ipv4_orport,
686 status->ipv4_dirport, ipv6_str, status->ipv6_orport,
687 status->ipv4_dirport);
688 tor_free(ipv6_str);
689 if (!logged_backtrace) {
690 log_backtrace(LOG_INFO, LD_BUG, "Addresses came from");
691 logged_backtrace = 1;
692 }
693 return -1;
694 }
695
696 return 0;
697 }
698
699 /** Called when we are unable to complete the client's request to a directory
700 * server due to a network error: Mark the router as down and try again if
701 * possible.
702 */
703 void
connection_dir_client_request_failed(dir_connection_t * conn)704 connection_dir_client_request_failed(dir_connection_t *conn)
705 {
706 if (conn->guard_state) {
707 /* We haven't seen a success on this guard state, so consider it to have
708 * failed. */
709 entry_guard_failed(&conn->guard_state);
710 }
711 if (!entry_list_is_constrained(get_options()))
712 /* We must not set a directory to non-running for HS purposes else we end
713 * up flagging nodes from the hashring has unusable. It doesn't have direct
714 * effect on the HS subsystem because the nodes are selected regardless of
715 * their status but still, we shouldn't flag them as non running.
716 *
717 * One example where this can go bad is if a tor instance gets added a lot
718 * of ephemeral services and with a network with problem then many nodes in
719 * the consenus ends up unusable.
720 *
721 * Furthermore, a service does close any pending directory connections
722 * before uploading a descriptor and thus we can end up here in a natural
723 * way since closing a pending directory connection leads to this code
724 * path. */
725 if (!DIR_PURPOSE_IS_HS(TO_CONN(conn)->purpose)) {
726 router_set_status(conn->identity_digest, 0);
727 }
728 if (conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
729 conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO) {
730 log_info(LD_DIR, "Giving up on serverdesc/extrainfo fetch from "
731 "directory server at %s; retrying",
732 connection_describe_peer(TO_CONN(conn)));
733 if (conn->router_purpose == ROUTER_PURPOSE_BRIDGE)
734 connection_dir_bridge_routerdesc_failed(conn);
735 connection_dir_download_routerdesc_failed(conn);
736 } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_CONSENSUS) {
737 if (conn->requested_resource)
738 networkstatus_consensus_download_failed(0, conn->requested_resource);
739 } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_CERTIFICATE) {
740 log_info(LD_DIR, "Giving up on certificate fetch from directory server "
741 "at %s; retrying",
742 connection_describe_peer(TO_CONN(conn)));
743 connection_dir_download_cert_failed(conn, 0);
744 } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_DETACHED_SIGNATURES) {
745 log_info(LD_DIR, "Giving up downloading detached signatures from %s",
746 connection_describe_peer(TO_CONN(conn)));
747 } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_STATUS_VOTE) {
748 log_info(LD_DIR, "Giving up downloading votes from %s",
749 connection_describe_peer(TO_CONN(conn)));
750 } else if (conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC) {
751 log_info(LD_DIR, "Giving up on downloading microdescriptors from "
752 "directory server at %s; will retry",
753 connection_describe_peer(TO_CONN(conn)));
754 connection_dir_download_routerdesc_failed(conn);
755 }
756 }
757
758 /** Helper: Attempt to fetch directly the descriptors of each bridge
759 * listed in <b>failed</b>.
760 */
761 static void
connection_dir_retry_bridges(smartlist_t * descs)762 connection_dir_retry_bridges(smartlist_t *descs)
763 {
764 char digest[DIGEST_LEN];
765 SMARTLIST_FOREACH(descs, const char *, cp,
766 {
767 if (base16_decode(digest, DIGEST_LEN, cp, strlen(cp)) != DIGEST_LEN) {
768 log_warn(LD_BUG, "Malformed fingerprint in list: %s",
769 escaped(cp));
770 continue;
771 }
772 retry_bridge_descriptor_fetch_directly(digest);
773 });
774 }
775
776 /** Called when an attempt to download one or more router descriptors
777 * or extra-info documents on connection <b>conn</b> failed.
778 */
779 static void
connection_dir_download_routerdesc_failed(dir_connection_t * conn)780 connection_dir_download_routerdesc_failed(dir_connection_t *conn)
781 {
782 /* No need to increment the failure count for routerdescs, since
783 * it's not their fault. */
784
785 /* No need to relaunch descriptor downloads here: we already do it
786 * every 10 or 60 seconds (FOO_DESCRIPTOR_RETRY_INTERVAL) in main.c. */
787 tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
788 conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO ||
789 conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC);
790
791 (void) conn;
792 }
793
794 /** Called when an attempt to download a bridge's routerdesc from
795 * one of the authorities failed due to a network error. If
796 * possible attempt to download descriptors from the bridge directly.
797 */
798 static void
connection_dir_bridge_routerdesc_failed(dir_connection_t * conn)799 connection_dir_bridge_routerdesc_failed(dir_connection_t *conn)
800 {
801 smartlist_t *which = NULL;
802
803 /* Requests for bridge descriptors are in the form 'fp/', so ignore
804 anything else. */
805 if (!conn->requested_resource || strcmpstart(conn->requested_resource,"fp/"))
806 return;
807
808 which = smartlist_new();
809 dir_split_resource_into_fingerprints(conn->requested_resource
810 + strlen("fp/"),
811 which, NULL, 0);
812
813 tor_assert(conn->base_.purpose != DIR_PURPOSE_FETCH_EXTRAINFO);
814 if (smartlist_len(which)) {
815 connection_dir_retry_bridges(which);
816 SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
817 }
818 smartlist_free(which);
819 }
820
821 /** Called when an attempt to fetch a certificate fails. */
822 static void
connection_dir_download_cert_failed(dir_connection_t * conn,int status)823 connection_dir_download_cert_failed(dir_connection_t *conn, int status)
824 {
825 const char *fp_pfx = "fp/";
826 const char *fpsk_pfx = "fp-sk/";
827 smartlist_t *failed;
828 tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_CERTIFICATE);
829
830 if (!conn->requested_resource)
831 return;
832 failed = smartlist_new();
833 /*
834 * We have two cases download by fingerprint (resource starts
835 * with "fp/") or download by fingerprint/signing key pair
836 * (resource starts with "fp-sk/").
837 */
838 if (!strcmpstart(conn->requested_resource, fp_pfx)) {
839 /* Download by fingerprint case */
840 dir_split_resource_into_fingerprints(conn->requested_resource +
841 strlen(fp_pfx),
842 failed, NULL, DSR_HEX);
843 SMARTLIST_FOREACH_BEGIN(failed, char *, cp) {
844 /* Null signing key digest indicates download by fp only */
845 authority_cert_dl_failed(cp, NULL, status);
846 tor_free(cp);
847 } SMARTLIST_FOREACH_END(cp);
848 } else if (!strcmpstart(conn->requested_resource, fpsk_pfx)) {
849 /* Download by (fp,sk) pairs */
850 dir_split_resource_into_fingerprint_pairs(conn->requested_resource +
851 strlen(fpsk_pfx), failed);
852 SMARTLIST_FOREACH_BEGIN(failed, fp_pair_t *, cp) {
853 authority_cert_dl_failed(cp->first, cp->second, status);
854 tor_free(cp);
855 } SMARTLIST_FOREACH_END(cp);
856 } else {
857 log_warn(LD_DIR,
858 "Don't know what to do with failure for cert fetch %s",
859 conn->requested_resource);
860 }
861
862 smartlist_free(failed);
863
864 update_certificate_downloads(time(NULL));
865 }
866
867 /** Evaluate the situation and decide if we should use an encrypted
868 * "begindir-style" connection for this directory request.
869 * 0) If there is no DirPort, yes.
870 * 1) If or_port is 0, or it's a direct conn and or_port is firewalled
871 * or we're a dir mirror, no.
872 * 2) If we prefer to avoid begindir conns, and we're not fetching or
873 * publishing a bridge relay descriptor, no.
874 * 3) Else yes.
875 * If returning 0, return in *reason why we can't use begindir.
876 * reason must not be NULL.
877 */
878 static int
directory_command_should_use_begindir(const or_options_t * options,const directory_request_t * req,const char ** reason)879 directory_command_should_use_begindir(const or_options_t *options,
880 const directory_request_t *req,
881 const char **reason)
882 {
883 const tor_addr_t *or_addr = &req->or_addr_port.addr;
884 //const tor_addr_t *dir_addr = &req->dir_addr_port.addr;
885 const int or_port = req->or_addr_port.port;
886 const int dir_port = req->dir_addr_port.port;
887
888 const dir_indirection_t indirection = req->indirection;
889
890 tor_assert(reason);
891 *reason = NULL;
892
893 /* Reasons why we must use begindir */
894 if (!dir_port) {
895 *reason = "(using begindir - directory with no DirPort)";
896 return 1; /* We don't know a DirPort -- must begindir. */
897 }
898 /* Reasons why we can't possibly use begindir */
899 if (!or_port) {
900 *reason = "directory with unknown ORPort";
901 return 0; /* We don't know an ORPort -- no chance. */
902 }
903 if (indirection == DIRIND_DIRECT_CONN ||
904 indirection == DIRIND_ANON_DIRPORT) {
905 *reason = "DirPort connection";
906 return 0;
907 }
908 if (indirection == DIRIND_ONEHOP) {
909 /* We're firewalled and want a direct OR connection */
910 if (!reachable_addr_allows_addr(or_addr, or_port,
911 FIREWALL_OR_CONNECTION, 0, 0)) {
912 *reason = "ORPort not reachable";
913 return 0;
914 }
915 }
916 /* Reasons why we want to avoid using begindir */
917 if (indirection == DIRIND_ONEHOP) {
918 if (!dirclient_must_use_begindir(options)) {
919 *reason = "in relay mode";
920 return 0;
921 }
922 }
923 /* DIRIND_ONEHOP on a client, or DIRIND_ANONYMOUS
924 */
925 *reason = "(using begindir)";
926 return 1;
927 }
928
929 /**
930 * Create and return a new directory_request_t with purpose
931 * <b>dir_purpose</b>.
932 */
933 directory_request_t *
directory_request_new(uint8_t dir_purpose)934 directory_request_new(uint8_t dir_purpose)
935 {
936 tor_assert(dir_purpose >= DIR_PURPOSE_MIN_);
937 tor_assert(dir_purpose <= DIR_PURPOSE_MAX_);
938 tor_assert(dir_purpose != DIR_PURPOSE_SERVER);
939 tor_assert(dir_purpose != DIR_PURPOSE_HAS_FETCHED_HSDESC);
940
941 directory_request_t *result = tor_malloc_zero(sizeof(*result));
942 tor_addr_make_null(&result->or_addr_port.addr, AF_INET);
943 result->or_addr_port.port = 0;
944 tor_addr_make_null(&result->dir_addr_port.addr, AF_INET);
945 result->dir_addr_port.port = 0;
946 result->dir_purpose = dir_purpose;
947 result->router_purpose = ROUTER_PURPOSE_GENERAL;
948 result->indirection = DIRIND_ONEHOP;
949 return result;
950 }
951 /**
952 * Release all resources held by <b>req</b>.
953 */
954 void
directory_request_free_(directory_request_t * req)955 directory_request_free_(directory_request_t *req)
956 {
957 if (req == NULL)
958 return;
959 config_free_lines(req->additional_headers);
960 tor_free(req);
961 }
962 /**
963 * Set the address and OR port to use for this directory request. If there is
964 * no OR port, we'll have to connect over the dirport. (If there are both,
965 * the indirection setting determines which to use.)
966 */
967 void
directory_request_set_or_addr_port(directory_request_t * req,const tor_addr_port_t * p)968 directory_request_set_or_addr_port(directory_request_t *req,
969 const tor_addr_port_t *p)
970 {
971 memcpy(&req->or_addr_port, p, sizeof(*p));
972 }
973 /**
974 * Set the address and dirport to use for this directory request. If there
975 * is no dirport, we'll have to connect over the OR port. (If there are both,
976 * the indirection setting determines which to use.)
977 */
978 void
directory_request_set_dir_addr_port(directory_request_t * req,const tor_addr_port_t * p)979 directory_request_set_dir_addr_port(directory_request_t *req,
980 const tor_addr_port_t *p)
981 {
982 memcpy(&req->dir_addr_port, p, sizeof(*p));
983 }
984 /**
985 * Set the RSA identity digest of the directory to use for this directory
986 * request.
987 */
988 void
directory_request_set_directory_id_digest(directory_request_t * req,const char * digest)989 directory_request_set_directory_id_digest(directory_request_t *req,
990 const char *digest)
991 {
992 memcpy(req->digest, digest, DIGEST_LEN);
993 }
994 /**
995 * Set the router purpose associated with uploaded and downloaded router
996 * descriptors and extrainfo documents in this directory request. The purpose
997 * must be one of ROUTER_PURPOSE_GENERAL (the default) or
998 * ROUTER_PURPOSE_BRIDGE.
999 */
1000 void
directory_request_set_router_purpose(directory_request_t * req,uint8_t router_purpose)1001 directory_request_set_router_purpose(directory_request_t *req,
1002 uint8_t router_purpose)
1003 {
1004 tor_assert(router_purpose == ROUTER_PURPOSE_GENERAL ||
1005 router_purpose == ROUTER_PURPOSE_BRIDGE);
1006 // assert that it actually makes sense to set this purpose, given
1007 // the dir_purpose.
1008 req->router_purpose = router_purpose;
1009 }
1010 /**
1011 * Set the indirection to be used for the directory request. The indirection
1012 * parameter configures whether to connect to a DirPort or ORPort, and whether
1013 * to anonymize the connection. DIRIND_ONEHOP (use ORPort, don't anonymize)
1014 * is the default. See dir_indirection_t for more information.
1015 */
1016 void
directory_request_set_indirection(directory_request_t * req,dir_indirection_t indirection)1017 directory_request_set_indirection(directory_request_t *req,
1018 dir_indirection_t indirection)
1019 {
1020 req->indirection = indirection;
1021 }
1022
1023 /**
1024 * Set a pointer to the resource to request from a directory. Different
1025 * request types use resources to indicate different components of their URL.
1026 * Note that only an alias to <b>resource</b> is stored, so the
1027 * <b>resource</b> must outlive the request.
1028 */
1029 void
directory_request_set_resource(directory_request_t * req,const char * resource)1030 directory_request_set_resource(directory_request_t *req,
1031 const char *resource)
1032 {
1033 req->resource = resource;
1034 }
1035 /**
1036 * Set a pointer to the payload to include with this directory request, along
1037 * with its length. Note that only an alias to <b>payload</b> is stored, so
1038 * the <b>payload</b> must outlive the request.
1039 */
1040 void
directory_request_set_payload(directory_request_t * req,const char * payload,size_t payload_len)1041 directory_request_set_payload(directory_request_t *req,
1042 const char *payload,
1043 size_t payload_len)
1044 {
1045 tor_assert(DIR_PURPOSE_IS_UPLOAD(req->dir_purpose));
1046
1047 req->payload = payload;
1048 req->payload_len = payload_len;
1049 }
1050 /**
1051 * Set an if-modified-since date to send along with the request. The
1052 * default is 0 (meaning, send no if-modified-since header).
1053 */
1054 void
directory_request_set_if_modified_since(directory_request_t * req,time_t if_modified_since)1055 directory_request_set_if_modified_since(directory_request_t *req,
1056 time_t if_modified_since)
1057 {
1058 req->if_modified_since = if_modified_since;
1059 }
1060
1061 /** Include a header of name <b>key</b> with content <b>val</b> in the
1062 * request. Neither may include newlines or other odd characters. Their
1063 * ordering is not currently guaranteed.
1064 *
1065 * Note that, as elsewhere in this module, header keys include a trailing
1066 * colon and space.
1067 */
1068 void
directory_request_add_header(directory_request_t * req,const char * key,const char * val)1069 directory_request_add_header(directory_request_t *req,
1070 const char *key,
1071 const char *val)
1072 {
1073 config_line_prepend(&req->additional_headers, key, val);
1074 }
1075 /**
1076 * Set an object containing HS connection identifier to be associated with
1077 * this request. Note that only an alias to <b>ident</b> is stored, so the
1078 * <b>ident</b> object must outlive the request.
1079 */
1080 void
directory_request_upload_set_hs_ident(directory_request_t * req,const hs_ident_dir_conn_t * ident)1081 directory_request_upload_set_hs_ident(directory_request_t *req,
1082 const hs_ident_dir_conn_t *ident)
1083 {
1084 if (ident) {
1085 tor_assert(req->dir_purpose == DIR_PURPOSE_UPLOAD_HSDESC);
1086 }
1087 req->hs_ident = ident;
1088 }
1089 /**
1090 * Set an object containing HS connection identifier to be associated with
1091 * this fetch request. Note that only an alias to <b>ident</b> is stored, so
1092 * the <b>ident</b> object must outlive the request.
1093 */
1094 void
directory_request_fetch_set_hs_ident(directory_request_t * req,const hs_ident_dir_conn_t * ident)1095 directory_request_fetch_set_hs_ident(directory_request_t *req,
1096 const hs_ident_dir_conn_t *ident)
1097 {
1098 if (ident) {
1099 tor_assert(req->dir_purpose == DIR_PURPOSE_FETCH_HSDESC);
1100 }
1101 req->hs_ident = ident;
1102 }
1103 /** Set a static circuit_guard_state_t object to affliate with the request in
1104 * <b>req</b>. This object will receive notification when the attempt to
1105 * connect to the guard either succeeds or fails. */
1106 void
directory_request_set_guard_state(directory_request_t * req,circuit_guard_state_t * state)1107 directory_request_set_guard_state(directory_request_t *req,
1108 circuit_guard_state_t *state)
1109 {
1110 req->guard_state = state;
1111 }
1112
1113 /**
1114 * Internal: Return true if any information for contacting the directory in
1115 * <b>req</b> has been set, other than by the routerstatus. */
1116 static int
directory_request_dir_contact_info_specified(const directory_request_t * req)1117 directory_request_dir_contact_info_specified(const directory_request_t *req)
1118 {
1119 /* We only check for ports here, since we don't use an addr unless the port
1120 * is set */
1121 return (req->or_addr_port.port ||
1122 req->dir_addr_port.port ||
1123 ! tor_digest_is_zero(req->digest));
1124 }
1125
1126 /**
1127 * Set the routerstatus to use for the directory associated with this
1128 * request. If this option is set, then no other function to set the
1129 * directory's address or identity should be called.
1130 */
1131 void
directory_request_set_routerstatus(directory_request_t * req,const routerstatus_t * status)1132 directory_request_set_routerstatus(directory_request_t *req,
1133 const routerstatus_t *status)
1134 {
1135 req->routerstatus = status;
1136 }
1137
1138 /**
1139 * Helper: update the addresses, ports, and identities in <b>req</b>
1140 * from the routerstatus object in <b>req</b>. Return 0 on success.
1141 * On failure, warn and return -1.
1142 */
1143 static int
directory_request_set_dir_from_routerstatus(directory_request_t * req)1144 directory_request_set_dir_from_routerstatus(directory_request_t *req)
1145
1146 {
1147 const routerstatus_t *status = req->routerstatus;
1148 if (BUG(status == NULL))
1149 return -1;
1150 const or_options_t *options = get_options();
1151 const node_t *node;
1152 tor_addr_port_t use_or_ap, use_dir_ap;
1153 const int anonymized_connection = dirind_is_anon(req->indirection);
1154
1155 tor_assert(status != NULL);
1156
1157 node = node_get_by_id(status->identity_digest);
1158
1159 /* XXX The below check is wrong: !node means it's not in the consensus,
1160 * but we haven't checked if we have a descriptor for it -- and also,
1161 * we only care about the descriptor if it's a begindir-style anonymized
1162 * connection. */
1163 if (!node && anonymized_connection) {
1164 log_info(LD_DIR, "Not sending anonymized request to directory '%s'; we "
1165 "don't have its router descriptor.",
1166 routerstatus_describe(status));
1167 return -1;
1168 }
1169
1170 if (options->ExcludeNodes && options->StrictNodes &&
1171 routerset_contains_routerstatus(options->ExcludeNodes, status, -1)) {
1172 log_warn(LD_DIR, "Wanted to contact directory mirror %s for %s, but "
1173 "it's in our ExcludedNodes list and StrictNodes is set. "
1174 "Skipping. This choice might make your Tor not work.",
1175 routerstatus_describe(status),
1176 dir_conn_purpose_to_string(req->dir_purpose));
1177 return -1;
1178 }
1179
1180 /* At this point, if we are a client making a direct connection to a
1181 * directory server, we have selected a server that has at least one address
1182 * allowed by ClientUseIPv4/6 and Reachable{"",OR,Dir}Addresses. This
1183 * selection uses the preference in ClientPreferIPv6{OR,Dir}Port, if
1184 * possible. (If UseBridges is set, clients always use IPv6, and prefer it
1185 * by default.)
1186 *
1187 * Now choose an address that we can use to connect to the directory server.
1188 */
1189 if (directory_choose_address_routerstatus(status,
1190 req->indirection, &use_or_ap,
1191 &use_dir_ap) < 0) {
1192 return -1;
1193 }
1194
1195 /* One last thing: If we're talking to an authority, we might want to use
1196 * a special HTTP port for it based on our purpose.
1197 */
1198 if (req->indirection == DIRIND_DIRECT_CONN && status->is_authority) {
1199 const dir_server_t *ds = router_get_trusteddirserver_by_digest(
1200 status->identity_digest);
1201 if (ds) {
1202 const tor_addr_port_t *v4 = NULL;
1203 if (authdir_mode_v3(get_options())) {
1204 // An authority connecting to another authority should always
1205 // prefer the VOTING usage, if one is specifically configured.
1206 v4 = trusted_dir_server_get_dirport_exact(
1207 ds, AUTH_USAGE_VOTING, AF_INET);
1208 }
1209 if (! v4) {
1210 // Everybody else should prefer a usage dependent on their
1211 // the dir_purpose.
1212 auth_dirport_usage_t usage =
1213 auth_dirport_usage_for_purpose(req->dir_purpose);
1214 v4 = trusted_dir_server_get_dirport(ds, usage, AF_INET);
1215 }
1216 tor_assert_nonfatal(v4);
1217 if (v4) {
1218 // XXXX We could, if we wanted, also select a v6 address. But a v4
1219 // address must exist here, and we as a relay are required to support
1220 // ipv4. So we just that.
1221 tor_addr_port_copy(&use_dir_ap, v4);
1222 }
1223 }
1224 }
1225
1226 directory_request_set_or_addr_port(req, &use_or_ap);
1227 directory_request_set_dir_addr_port(req, &use_dir_ap);
1228 directory_request_set_directory_id_digest(req, status->identity_digest);
1229 return 0;
1230 }
1231
1232 /**
1233 * Launch the provided directory request, configured in <b>request</b>.
1234 * After this function is called, you can free <b>request</b>.
1235 */
1236 MOCK_IMPL(void,
1237 directory_initiate_request,(directory_request_t *request))
1238 {
1239 tor_assert(request);
1240 if (request->routerstatus) {
1241 tor_assert_nonfatal(
1242 ! directory_request_dir_contact_info_specified(request));
1243 if (directory_request_set_dir_from_routerstatus(request) < 0) {
1244 return; // or here XXXX
1245 }
1246 }
1247
1248 const tor_addr_port_t *or_addr_port = &request->or_addr_port;
1249 const tor_addr_port_t *dir_addr_port = &request->dir_addr_port;
1250 const char *digest = request->digest;
1251 const uint8_t dir_purpose = request->dir_purpose;
1252 const uint8_t router_purpose = request->router_purpose;
1253 const dir_indirection_t indirection = request->indirection;
1254 const char *resource = request->resource;
1255 const hs_ident_dir_conn_t *hs_ident = request->hs_ident;
1256 circuit_guard_state_t *guard_state = request->guard_state;
1257
1258 tor_assert(or_addr_port->port || dir_addr_port->port);
1259 tor_assert(digest);
1260
1261 dir_connection_t *conn;
1262 const or_options_t *options = get_options();
1263 int socket_error = 0;
1264 const char *begindir_reason = NULL;
1265 /* Should the connection be to a relay's OR port (and inside that we will
1266 * send our directory request)? */
1267 const int use_begindir =
1268 directory_command_should_use_begindir(options, request, &begindir_reason);
1269
1270 /* Will the connection go via a three-hop Tor circuit? Note that this
1271 * is separate from whether it will use_begindir. */
1272 const int anonymized_connection = dirind_is_anon(indirection);
1273
1274 /* What is the address we want to make the directory request to? If
1275 * we're making a begindir request this is the ORPort of the relay
1276 * we're contacting; if not a begindir request, this is its DirPort.
1277 * Note that if anonymized_connection is true, we won't be initiating
1278 * a connection directly to this address. */
1279 tor_addr_t addr;
1280 tor_addr_copy(&addr, &(use_begindir ? or_addr_port : dir_addr_port)->addr);
1281 uint16_t port = (use_begindir ? or_addr_port : dir_addr_port)->port;
1282
1283 log_debug(LD_DIR, "anonymized %d, use_begindir %d.",
1284 anonymized_connection, use_begindir);
1285
1286 log_debug(LD_DIR, "Initiating %s", dir_conn_purpose_to_string(dir_purpose));
1287
1288 if (purpose_needs_anonymity(dir_purpose, router_purpose, resource)) {
1289 tor_assert(anonymized_connection ||
1290 hs_service_non_anonymous_mode_enabled(options));
1291 }
1292
1293 /* use encrypted begindir connections for everything except relays
1294 * this provides better protection for directory fetches */
1295 if (!use_begindir && dirclient_must_use_begindir(options)) {
1296 log_warn(LD_BUG, "Client could not use begindir connection: %s",
1297 begindir_reason ? begindir_reason : "(NULL)");
1298 return;
1299 }
1300
1301 /* ensure that we don't make direct connections when a SOCKS server is
1302 * configured. */
1303 if (!anonymized_connection && !use_begindir && !options->HTTPProxy &&
1304 (options->Socks4Proxy || options->Socks5Proxy)) {
1305 log_warn(LD_DIR, "Cannot connect to a directory server through a "
1306 "SOCKS proxy!");
1307 return;
1308 }
1309
1310 /* Make sure that the destination addr and port we picked is viable. */
1311 if (!port || tor_addr_is_null(&addr)) {
1312 static int logged_backtrace = 0;
1313 log_warn(LD_DIR,
1314 "Cannot make an outgoing %sconnection without a remote %sPort.",
1315 use_begindir ? "begindir " : "",
1316 use_begindir ? "OR" : "Dir");
1317 if (!logged_backtrace) {
1318 log_backtrace(LOG_INFO, LD_BUG, "Address came from");
1319 logged_backtrace = 1;
1320 }
1321 return;
1322 }
1323
1324 conn = dir_connection_new(tor_addr_family(&addr));
1325
1326 /* set up conn so it's got all the data we need to remember */
1327 tor_addr_copy(&conn->base_.addr, &addr);
1328 conn->base_.port = port;
1329 conn->base_.address = tor_addr_to_str_dup(&addr);
1330 memcpy(conn->identity_digest, digest, DIGEST_LEN);
1331
1332 conn->base_.purpose = dir_purpose;
1333 conn->router_purpose = router_purpose;
1334
1335 /* give it an initial state */
1336 conn->base_.state = DIR_CONN_STATE_CONNECTING;
1337
1338 /* decide whether we can learn our IP address from this conn */
1339 /* XXXX This is a bad name for this field now. */
1340 conn->dirconn_direct = !anonymized_connection;
1341
1342 if (hs_ident) {
1343 conn->hs_ident = hs_ident_dir_conn_dup(hs_ident);
1344 }
1345
1346 if (!anonymized_connection && !use_begindir) {
1347 /* then we want to connect to dirport directly */
1348
1349 if (options->HTTPProxy) {
1350 tor_addr_copy(&addr, &options->HTTPProxyAddr);
1351 port = options->HTTPProxyPort;
1352 }
1353
1354 // In this case we should not have picked a directory guard.
1355 if (BUG(guard_state)) {
1356 entry_guard_cancel(&guard_state);
1357 }
1358
1359 // XXXX This is the case where we replace.
1360
1361 switch (connection_connect(TO_CONN(conn), conn->base_.address, &addr,
1362 port, &socket_error)) {
1363 case -1:
1364 connection_mark_for_close(TO_CONN(conn));
1365 return;
1366 case 1:
1367 /* start flushing conn */
1368 conn->base_.state = DIR_CONN_STATE_CLIENT_SENDING;
1369 FALLTHROUGH;
1370 case 0:
1371 /* queue the command on the outbuf */
1372 directory_send_command(conn, 1, request);
1373 connection_watch_events(TO_CONN(conn), READ_EVENT | WRITE_EVENT);
1374 /* writable indicates finish, readable indicates broken link,
1375 error indicates broken link in windowsland. */
1376 }
1377 } else {
1378 /* We will use a Tor circuit (maybe 1-hop, maybe 3-hop, maybe with
1379 * begindir, maybe not with begindir) */
1380
1381 entry_connection_t *linked_conn;
1382
1383 /* Anonymized tunneled connections can never share a circuit.
1384 * One-hop directory connections can share circuits with each other
1385 * but nothing else. */
1386 int iso_flags = anonymized_connection ? ISO_STREAM : ISO_SESSIONGRP;
1387
1388 /* If it's an anonymized connection, remember the fact that we
1389 * wanted it for later: maybe we'll want it again soon. */
1390 if (anonymized_connection && use_begindir)
1391 rep_hist_note_used_internal(time(NULL), 0, 1);
1392 else if (anonymized_connection && !use_begindir)
1393 rep_hist_note_used_port(time(NULL), conn->base_.port);
1394
1395 // In this case we should not have a directory guard; we'll
1396 // get a regular guard later when we build the circuit.
1397 if (BUG(anonymized_connection && guard_state)) {
1398 entry_guard_cancel(&guard_state);
1399 }
1400
1401 conn->guard_state = guard_state;
1402
1403 /* make an AP connection
1404 * populate it and add it at the right state
1405 * hook up both sides
1406 */
1407 linked_conn =
1408 connection_ap_make_link(TO_CONN(conn),
1409 conn->base_.address, conn->base_.port,
1410 digest,
1411 SESSION_GROUP_DIRCONN, iso_flags,
1412 use_begindir, !anonymized_connection);
1413 if (!linked_conn) {
1414 log_warn(LD_NET,"Making tunnel to dirserver failed.");
1415 connection_mark_for_close(TO_CONN(conn));
1416 return;
1417 }
1418
1419 if (connection_add(TO_CONN(conn)) < 0) {
1420 log_warn(LD_NET,"Unable to add connection for link to dirserver.");
1421 connection_mark_for_close(TO_CONN(conn));
1422 return;
1423 }
1424 conn->base_.state = DIR_CONN_STATE_CLIENT_SENDING;
1425 /* queue the command on the outbuf */
1426 directory_send_command(conn, 0, request);
1427
1428 connection_watch_events(TO_CONN(conn), READ_EVENT|WRITE_EVENT);
1429 connection_start_reading(ENTRY_TO_CONN(linked_conn));
1430 }
1431 }
1432
1433 /** Helper for sorting
1434 *
1435 * sort strings alphabetically
1436 *
1437 * XXXX we have a smartlist_sort_strings() function, right?
1438 */
1439 static int
compare_strs_(const void ** a,const void ** b)1440 compare_strs_(const void **a, const void **b)
1441 {
1442 const char *s1 = *a, *s2 = *b;
1443 return strcmp(s1, s2);
1444 }
1445
1446 #define CONDITIONAL_CONSENSUS_FPR_LEN 3
1447 CTASSERT(CONDITIONAL_CONSENSUS_FPR_LEN <= DIGEST_LEN);
1448
1449 /** Return the URL we should use for a consensus download.
1450 *
1451 * Use the "conditional consensus downloading" feature described in
1452 * dir-spec.txt, i.e.
1453 * GET .../consensus/<b>fpr</b>+<b>fpr</b>+<b>fpr</b>
1454 *
1455 * If 'resource' is provided, it is the name of a consensus flavor to request.
1456 */
1457 static char *
directory_get_consensus_url(const char * resource)1458 directory_get_consensus_url(const char *resource)
1459 {
1460 char *url = NULL;
1461 const char *hyphen, *flavor;
1462 if (resource==NULL || strcmp(resource, "ns")==0) {
1463 flavor = ""; /* Request ns consensuses as "", so older servers will work*/
1464 hyphen = "";
1465 } else {
1466 flavor = resource;
1467 hyphen = "-";
1468 }
1469
1470 {
1471 char *authority_id_list;
1472 smartlist_t *authority_digests = smartlist_new();
1473
1474 SMARTLIST_FOREACH_BEGIN(router_get_trusted_dir_servers(),
1475 dir_server_t *, ds) {
1476 char *hex;
1477 if (!(ds->type & V3_DIRINFO))
1478 continue;
1479
1480 hex = tor_malloc(2*CONDITIONAL_CONSENSUS_FPR_LEN+1);
1481 base16_encode(hex, 2*CONDITIONAL_CONSENSUS_FPR_LEN+1,
1482 ds->v3_identity_digest, CONDITIONAL_CONSENSUS_FPR_LEN);
1483 smartlist_add(authority_digests, hex);
1484 } SMARTLIST_FOREACH_END(ds);
1485 smartlist_sort(authority_digests, compare_strs_);
1486 authority_id_list = smartlist_join_strings(authority_digests,
1487 "+", 0, NULL);
1488
1489 tor_asprintf(&url, "/tor/status-vote/current/consensus%s%s/%s.z",
1490 hyphen, flavor, authority_id_list);
1491
1492 SMARTLIST_FOREACH(authority_digests, char *, cp, tor_free(cp));
1493 smartlist_free(authority_digests);
1494 tor_free(authority_id_list);
1495 }
1496 return url;
1497 }
1498
1499 /**
1500 * Copies the ipv6 from source to destination, subject to buffer size limit
1501 * size. If decorate is true, makes sure the copied address is decorated.
1502 */
1503 static void
copy_ipv6_address(char * destination,const char * source,size_t len,int decorate)1504 copy_ipv6_address(char* destination, const char* source, size_t len,
1505 int decorate) {
1506 tor_assert(destination);
1507 tor_assert(source);
1508
1509 if (decorate && source[0] != '[') {
1510 tor_snprintf(destination, len, "[%s]", source);
1511 } else {
1512 strlcpy(destination, source, len);
1513 }
1514 }
1515
1516 /** Queue an appropriate HTTP command for <b>request</b> on
1517 * <b>conn</b>-\>outbuf. If <b>direct</b> is true, we're making a
1518 * non-anonymized connection to the dirport.
1519 */
1520 static void
directory_send_command(dir_connection_t * conn,const int direct,const directory_request_t * req)1521 directory_send_command(dir_connection_t *conn,
1522 const int direct,
1523 const directory_request_t *req)
1524 {
1525 tor_assert(req);
1526 const int purpose = req->dir_purpose;
1527 const char *resource = req->resource;
1528 const char *payload = req->payload;
1529 const size_t payload_len = req->payload_len;
1530 const time_t if_modified_since = req->if_modified_since;
1531 const int anonymized_connection = dirind_is_anon(req->indirection);
1532
1533 char proxystring[256];
1534 char hoststring[128];
1535 /* NEEDS to be the same size hoststring.
1536 Will be decorated with brackets around it if it is ipv6. */
1537 char decorated_address[128];
1538 smartlist_t *headers = smartlist_new();
1539 char *url;
1540 char *accept_encoding;
1541 size_t url_len;
1542 char request[8192];
1543 size_t request_len, total_request_len = 0;
1544 const char *httpcommand = NULL;
1545
1546 tor_assert(conn);
1547 tor_assert(conn->base_.type == CONN_TYPE_DIR);
1548
1549 tor_free(conn->requested_resource);
1550 if (resource)
1551 conn->requested_resource = tor_strdup(resource);
1552
1553 /* decorate the ip address if it is ipv6 */
1554 if (strchr(conn->base_.address, ':')) {
1555 copy_ipv6_address(decorated_address, conn->base_.address,
1556 sizeof(decorated_address), 1);
1557 } else {
1558 strlcpy(decorated_address, conn->base_.address, sizeof(decorated_address));
1559 }
1560
1561 /* come up with a string for which Host: we want */
1562 if (conn->base_.port == 80) {
1563 strlcpy(hoststring, decorated_address, sizeof(hoststring));
1564 } else {
1565 tor_snprintf(hoststring, sizeof(hoststring), "%s:%d",
1566 decorated_address, conn->base_.port);
1567 }
1568
1569 /* Format if-modified-since */
1570 if (if_modified_since) {
1571 char b[RFC1123_TIME_LEN+1];
1572 format_rfc1123_time(b, if_modified_since);
1573 smartlist_add_asprintf(headers, "If-Modified-Since: %s\r\n", b);
1574 }
1575
1576 /* come up with some proxy lines, if we're using one. */
1577 if (direct && get_options()->HTTPProxy) {
1578 char *base64_authenticator=NULL;
1579 const char *authenticator = get_options()->HTTPProxyAuthenticator;
1580
1581 tor_snprintf(proxystring, sizeof(proxystring),"http://%s", hoststring);
1582 if (authenticator) {
1583 base64_authenticator = alloc_http_authenticator(authenticator);
1584 if (!base64_authenticator)
1585 log_warn(LD_BUG, "Encoding http authenticator failed");
1586 }
1587 if (base64_authenticator) {
1588 smartlist_add_asprintf(headers,
1589 "Proxy-Authorization: Basic %s\r\n",
1590 base64_authenticator);
1591 tor_free(base64_authenticator);
1592 }
1593 } else {
1594 proxystring[0] = 0;
1595 }
1596
1597 if (! anonymized_connection) {
1598 /* Add Accept-Encoding. */
1599 accept_encoding = accept_encoding_header();
1600 smartlist_add_asprintf(headers, "Accept-Encoding: %s\r\n",
1601 accept_encoding);
1602 tor_free(accept_encoding);
1603 }
1604
1605 /* Add additional headers, if any */
1606 {
1607 config_line_t *h;
1608 for (h = req->additional_headers; h; h = h->next) {
1609 smartlist_add_asprintf(headers, "%s%s\r\n", h->key, h->value);
1610 }
1611 }
1612
1613 switch (purpose) {
1614 case DIR_PURPOSE_FETCH_CONSENSUS:
1615 /* resource is optional. If present, it's a flavor name */
1616 tor_assert(!payload);
1617 httpcommand = "GET";
1618 url = directory_get_consensus_url(resource);
1619 log_info(LD_DIR, "Downloading consensus from %s using %s",
1620 hoststring, url);
1621 break;
1622 case DIR_PURPOSE_FETCH_CERTIFICATE:
1623 tor_assert(resource);
1624 tor_assert(!payload);
1625 httpcommand = "GET";
1626 tor_asprintf(&url, "/tor/keys/%s", resource);
1627 break;
1628 case DIR_PURPOSE_FETCH_STATUS_VOTE:
1629 tor_assert(resource);
1630 tor_assert(!payload);
1631 httpcommand = "GET";
1632 tor_asprintf(&url, "/tor/status-vote/next/%s.z", resource);
1633 break;
1634 case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
1635 tor_assert(!resource);
1636 tor_assert(!payload);
1637 httpcommand = "GET";
1638 url = tor_strdup("/tor/status-vote/next/consensus-signatures.z");
1639 break;
1640 case DIR_PURPOSE_FETCH_SERVERDESC:
1641 tor_assert(resource);
1642 httpcommand = "GET";
1643 tor_asprintf(&url, "/tor/server/%s", resource);
1644 break;
1645 case DIR_PURPOSE_FETCH_EXTRAINFO:
1646 tor_assert(resource);
1647 httpcommand = "GET";
1648 tor_asprintf(&url, "/tor/extra/%s", resource);
1649 break;
1650 case DIR_PURPOSE_FETCH_MICRODESC:
1651 tor_assert(resource);
1652 httpcommand = "GET";
1653 tor_asprintf(&url, "/tor/micro/%s", resource);
1654 break;
1655 case DIR_PURPOSE_UPLOAD_DIR: {
1656 const char *why = router_get_descriptor_gen_reason();
1657 tor_assert(!resource);
1658 tor_assert(payload);
1659 httpcommand = "POST";
1660 url = tor_strdup("/tor/");
1661 if (!why) {
1662 why = "for no reason at all";
1663 }
1664 smartlist_add_asprintf(headers, "X-Desc-Gen-Reason: %s\r\n", why);
1665 break;
1666 }
1667 case DIR_PURPOSE_UPLOAD_VOTE:
1668 tor_assert(!resource);
1669 tor_assert(payload);
1670 httpcommand = "POST";
1671 url = tor_strdup("/tor/post/vote");
1672 break;
1673 case DIR_PURPOSE_UPLOAD_SIGNATURES:
1674 tor_assert(!resource);
1675 tor_assert(payload);
1676 httpcommand = "POST";
1677 url = tor_strdup("/tor/post/consensus-signature");
1678 break;
1679 case DIR_PURPOSE_FETCH_HSDESC:
1680 tor_assert(resource);
1681 tor_assert(strlen(resource) <= ED25519_BASE64_LEN);
1682 tor_assert(!payload);
1683 httpcommand = "GET";
1684 tor_asprintf(&url, "/tor/hs/3/%s", resource);
1685 break;
1686 case DIR_PURPOSE_UPLOAD_HSDESC:
1687 tor_assert(resource);
1688 tor_assert(payload);
1689 httpcommand = "POST";
1690 tor_asprintf(&url, "/tor/hs/%s/publish", resource);
1691 break;
1692 default:
1693 tor_assert(0);
1694 return;
1695 }
1696
1697 /* warn in the non-tunneled case */
1698 if (direct && (strlen(proxystring) + strlen(url) >= 4096)) {
1699 log_warn(LD_BUG,
1700 "Squid does not like URLs longer than 4095 bytes, and this "
1701 "one is %d bytes long: %s%s",
1702 (int)(strlen(proxystring) + strlen(url)), proxystring, url);
1703 }
1704
1705 tor_snprintf(request, sizeof(request), "%s %s", httpcommand, proxystring);
1706
1707 request_len = strlen(request);
1708 total_request_len += request_len;
1709 connection_buf_add(request, request_len, TO_CONN(conn));
1710
1711 url_len = strlen(url);
1712 total_request_len += url_len;
1713 connection_buf_add(url, url_len, TO_CONN(conn));
1714 tor_free(url);
1715
1716 if (!strcmp(httpcommand, "POST") || payload) {
1717 smartlist_add_asprintf(headers, "Content-Length: %lu\r\n",
1718 payload ? (unsigned long)payload_len : 0);
1719 }
1720
1721 {
1722 char *header = smartlist_join_strings(headers, "", 0, NULL);
1723 tor_snprintf(request, sizeof(request), " HTTP/1.0\r\nHost: %s\r\n%s\r\n",
1724 hoststring, header);
1725 tor_free(header);
1726 }
1727
1728 request_len = strlen(request);
1729 total_request_len += request_len;
1730 connection_buf_add(request, request_len, TO_CONN(conn));
1731
1732 if (payload) {
1733 /* then send the payload afterwards too */
1734 connection_buf_add(payload, payload_len, TO_CONN(conn));
1735 total_request_len += payload_len;
1736 }
1737
1738 SMARTLIST_FOREACH(headers, char *, h, tor_free(h));
1739 smartlist_free(headers);
1740
1741 log_debug(LD_DIR,
1742 "Sent request to directory server %s "
1743 "(purpose: %d, request size: %"TOR_PRIuSZ", "
1744 "payload size: %"TOR_PRIuSZ")",
1745 connection_describe_peer(TO_CONN(conn)),
1746 conn->base_.purpose,
1747 (total_request_len),
1748 (payload ? payload_len : 0));
1749 }
1750
1751 /** Return true iff <b>body</b> doesn't start with a plausible router or
1752 * network-status or microdescriptor opening. This is a sign of possible
1753 * compression. */
1754 static int
body_is_plausible(const char * body,size_t len,int purpose)1755 body_is_plausible(const char *body, size_t len, int purpose)
1756 {
1757 int i;
1758 if (len == 0)
1759 return 1; /* empty bodies don't need decompression */
1760 if (len < 32)
1761 return 0;
1762 if (purpose == DIR_PURPOSE_FETCH_MICRODESC) {
1763 return (!strcmpstart(body,"onion-key"));
1764 }
1765
1766 if (!strcmpstart(body,"router") ||
1767 !strcmpstart(body,"network-status"))
1768 return 1;
1769 for (i=0;i<32;++i) {
1770 if (!TOR_ISPRINT(body[i]) && !TOR_ISSPACE(body[i]))
1771 return 0;
1772 }
1773
1774 return 1;
1775 }
1776
1777 /** Called when we've just fetched a bunch of router descriptors in
1778 * <b>body</b>. The list <b>which</b>, if present, holds digests for
1779 * descriptors we requested: descriptor digests if <b>descriptor_digests</b>
1780 * is true, or identity digests otherwise. Parse the descriptors, validate
1781 * them, and annotate them as having purpose <b>purpose</b> and as having been
1782 * downloaded from <b>source</b>.
1783 *
1784 * Return the number of routers actually added. */
1785 static int
load_downloaded_routers(const char * body,smartlist_t * which,int descriptor_digests,int router_purpose,const char * source)1786 load_downloaded_routers(const char *body, smartlist_t *which,
1787 int descriptor_digests,
1788 int router_purpose,
1789 const char *source)
1790 {
1791 char buf[256];
1792 char time_buf[ISO_TIME_LEN+1];
1793 int added = 0;
1794 int general = router_purpose == ROUTER_PURPOSE_GENERAL;
1795 format_iso_time(time_buf, time(NULL));
1796 tor_assert(source);
1797
1798 if (tor_snprintf(buf, sizeof(buf),
1799 "@downloaded-at %s\n"
1800 "@source %s\n"
1801 "%s%s%s", time_buf, escaped(source),
1802 !general ? "@purpose " : "",
1803 !general ? router_purpose_to_string(router_purpose) : "",
1804 !general ? "\n" : "")<0)
1805 return added;
1806
1807 added = router_load_routers_from_string(body, NULL, SAVED_NOWHERE, which,
1808 descriptor_digests, buf);
1809 if (added && general)
1810 control_event_boot_dir(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
1811 count_loading_descriptors_progress());
1812 return added;
1813 }
1814
1815 static int handle_response_fetch_certificate(dir_connection_t *,
1816 const response_handler_args_t *);
1817 static int handle_response_fetch_status_vote(dir_connection_t *,
1818 const response_handler_args_t *);
1819 static int handle_response_fetch_detached_signatures(dir_connection_t *,
1820 const response_handler_args_t *);
1821 static int handle_response_fetch_desc(dir_connection_t *,
1822 const response_handler_args_t *);
1823 static int handle_response_upload_dir(dir_connection_t *,
1824 const response_handler_args_t *);
1825 static int handle_response_upload_vote(dir_connection_t *,
1826 const response_handler_args_t *);
1827 static int handle_response_upload_signatures(dir_connection_t *,
1828 const response_handler_args_t *);
1829 static int handle_response_upload_hsdesc(dir_connection_t *,
1830 const response_handler_args_t *);
1831
1832 static int
dir_client_decompress_response_body(char ** bodyp,size_t * bodylenp,dir_connection_t * conn,compress_method_t compression,int anonymized_connection)1833 dir_client_decompress_response_body(char **bodyp, size_t *bodylenp,
1834 dir_connection_t *conn,
1835 compress_method_t compression,
1836 int anonymized_connection)
1837 {
1838 int rv = 0;
1839 const char *body = *bodyp;
1840 size_t body_len = *bodylenp;
1841 int allow_partial = (conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
1842 conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO ||
1843 conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC);
1844
1845 int plausible = body_is_plausible(body, body_len, conn->base_.purpose);
1846
1847 if (plausible && compression == NO_METHOD) {
1848 return 0;
1849 }
1850
1851 int severity = LOG_DEBUG;
1852 char *new_body = NULL;
1853 size_t new_len = 0;
1854 const char *description1, *description2;
1855 int want_to_try_both = 0;
1856 int tried_both = 0;
1857 compress_method_t guessed = detect_compression_method(body, body_len);
1858
1859 description1 = compression_method_get_human_name(compression);
1860
1861 if (BUG(description1 == NULL))
1862 description1 = compression_method_get_human_name(UNKNOWN_METHOD);
1863
1864 if (guessed == UNKNOWN_METHOD && !plausible)
1865 description2 = "confusing binary junk";
1866 else
1867 description2 = compression_method_get_human_name(guessed);
1868
1869 /* Tell the user if we don't believe what we're told about compression.*/
1870 want_to_try_both = (compression == UNKNOWN_METHOD ||
1871 guessed != compression);
1872 if (want_to_try_both) {
1873 severity = LOG_PROTOCOL_WARN;
1874 }
1875
1876 tor_log(severity, LD_HTTP,
1877 "HTTP body from %s was labeled as %s, "
1878 "%s it seems to be %s.%s",
1879 connection_describe(TO_CONN(conn)),
1880 description1,
1881 guessed != compression?"but":"and",
1882 description2,
1883 (compression>0 && guessed>0 && want_to_try_both)?
1884 " Trying both.":"");
1885
1886 /* Try declared compression first if we can.
1887 * tor_compress_supports_method() also returns true for NO_METHOD.
1888 * Ensure that the server is not sending us data compressed using a
1889 * compression method that is not allowed for anonymous connections. */
1890 if (anonymized_connection &&
1891 ! allowed_anonymous_connection_compression_method(compression)) {
1892 warn_disallowed_anonymous_compression_method(compression);
1893 rv = -1;
1894 goto done;
1895 }
1896
1897 if (tor_compress_supports_method(compression)) {
1898 tor_uncompress(&new_body, &new_len, body, body_len, compression,
1899 !allow_partial, LOG_PROTOCOL_WARN);
1900 if (new_body) {
1901 /* We succeeded with the declared compression method. Great! */
1902 rv = 0;
1903 goto done;
1904 }
1905 }
1906
1907 /* Okay, if that didn't work, and we think that it was compressed
1908 * differently, try that. */
1909 if (anonymized_connection &&
1910 ! allowed_anonymous_connection_compression_method(guessed)) {
1911 warn_disallowed_anonymous_compression_method(guessed);
1912 rv = -1;
1913 goto done;
1914 }
1915
1916 if (tor_compress_supports_method(guessed) &&
1917 compression != guessed) {
1918 tor_uncompress(&new_body, &new_len, body, body_len, guessed,
1919 !allow_partial, LOG_INFO);
1920 tried_both = 1;
1921 }
1922 /* If we're pretty sure that we have a compressed directory, and
1923 * we didn't manage to uncompress it, then warn and bail. */
1924 if (!plausible && !new_body) {
1925 static ratelim_t warning_limit = RATELIM_INIT(60 * 60);
1926 log_fn_ratelim(&warning_limit, LOG_WARN, LD_HTTP,
1927 "Unable to decompress HTTP body (tried %s%s%s, on %s).",
1928 description1,
1929 tried_both?" and ":"",
1930 tried_both?description2:"",
1931 connection_describe(TO_CONN(conn)));
1932 rv = -1;
1933 goto done;
1934 }
1935
1936 done:
1937 if (new_body) {
1938 if (rv == 0) {
1939 /* success! */
1940 tor_free(*bodyp);
1941 *bodyp = new_body;
1942 *bodylenp = new_len;
1943 } else {
1944 tor_free(new_body);
1945 }
1946 }
1947
1948 return rv;
1949 }
1950
1951 /**
1952 * Total number of bytes downloaded of each directory purpose, when
1953 * bootstrapped, and when not bootstrapped.
1954 *
1955 * (For example, the number of bytes downloaded of purpose p while
1956 * not fully bootstrapped is total_dl[p][false].)
1957 **/
1958 static uint64_t total_dl[DIR_PURPOSE_MAX_][2];
1959
1960 /**
1961 * Heartbeat: dump a summary of how many bytes of which purpose we've
1962 * downloaded, when bootstrapping and when not bootstrapping.
1963 **/
1964 void
dirclient_dump_total_dls(void)1965 dirclient_dump_total_dls(void)
1966 {
1967 const or_options_t *options = get_options();
1968 for (int bootstrapped = 0; bootstrapped < 2; ++bootstrapped) {
1969 smartlist_t *lines = smartlist_new();
1970 for (int i=0; i < DIR_PURPOSE_MAX_; ++i) {
1971 uint64_t n = total_dl[i][bootstrapped];
1972 if (n == 0)
1973 continue;
1974 if (options->SafeLogging_ != SAFELOG_SCRUB_NONE &&
1975 purpose_needs_anonymity(i, ROUTER_PURPOSE_GENERAL, NULL))
1976 continue;
1977 smartlist_add_asprintf(lines, "%"PRIu64" (%s)",
1978 n, dir_conn_purpose_to_string(i));
1979 }
1980
1981 if (smartlist_len(lines) > 0) {
1982 char *log_line = smartlist_join_strings(lines, "; ", 0, NULL);
1983 log_notice(LD_NET, "While %sbootstrapping, fetched this many bytes: %s",
1984 bootstrapped?"not ":"", log_line);
1985 tor_free(log_line);
1986
1987 SMARTLIST_FOREACH(lines, char *, s, tor_free(s));
1988 }
1989 smartlist_free(lines);
1990 }
1991 }
1992
1993 /** We are a client, and we've finished reading the server's
1994 * response. Parse it and act appropriately.
1995 *
1996 * If we're still happy with using this directory server in the future, return
1997 * 0. Otherwise return -1; and the caller should consider trying the request
1998 * again.
1999 *
2000 * The caller will take care of marking the connection for close.
2001 */
2002 static int
connection_dir_client_reached_eof(dir_connection_t * conn)2003 connection_dir_client_reached_eof(dir_connection_t *conn)
2004 {
2005 char *body = NULL;
2006 char *headers = NULL;
2007 char *reason = NULL;
2008 size_t body_len = 0;
2009 int status_code;
2010 time_t date_header = 0;
2011 long apparent_skew;
2012 compress_method_t compression;
2013 int skewed = 0;
2014 int rv;
2015 int allow_partial = (conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
2016 conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO ||
2017 conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC);
2018 size_t received_bytes;
2019 const int anonymized_connection =
2020 purpose_needs_anonymity(conn->base_.purpose,
2021 conn->router_purpose,
2022 conn->requested_resource);
2023
2024 received_bytes = connection_get_inbuf_len(TO_CONN(conn));
2025
2026 log_debug(LD_DIR, "Downloaded %"TOR_PRIuSZ" bytes on connection of purpose "
2027 "%s; bootstrap %d%%",
2028 received_bytes,
2029 dir_conn_purpose_to_string(conn->base_.purpose),
2030 control_get_bootstrap_percent());
2031 {
2032 bool bootstrapped = control_get_bootstrap_percent() == 100;
2033 total_dl[conn->base_.purpose][bootstrapped] += received_bytes;
2034 }
2035
2036 switch (connection_fetch_from_buf_http(TO_CONN(conn),
2037 &headers, MAX_HEADERS_SIZE,
2038 &body, &body_len, MAX_DIR_DL_SIZE,
2039 allow_partial)) {
2040 case -1: /* overflow */
2041 log_warn(LD_PROTOCOL,
2042 "'fetch' response too large (%s). Closing.",
2043 connection_describe(TO_CONN(conn)));
2044 return -1;
2045 case 0:
2046 log_info(LD_HTTP,
2047 "'fetch' response not all here, but we're at eof. Closing.");
2048 return -1;
2049 /* case 1, fall through */
2050 }
2051
2052 if (parse_http_response(headers, &status_code, &date_header,
2053 &compression, &reason) < 0) {
2054 log_warn(LD_HTTP,"Unparseable headers (%s). Closing.",
2055 connection_describe(TO_CONN(conn)));
2056 rv = -1;
2057 goto done;
2058 }
2059 if (!reason) reason = tor_strdup("[no reason given]");
2060
2061 tor_log(LOG_DEBUG, LD_DIR,
2062 "Received response on %s: %d %s "
2063 "(purpose: %d, response size: %"TOR_PRIuSZ
2064 #ifdef MEASUREMENTS_21206
2065 ", data cells received: %d, data cells sent: %d"
2066 #endif
2067 ", compression: %d)",
2068 connection_describe(TO_CONN(conn)),
2069 status_code,
2070 escaped(reason), conn->base_.purpose,
2071 (received_bytes),
2072 #ifdef MEASUREMENTS_21206
2073 conn->data_cells_received, conn->data_cells_sent,
2074 #endif
2075 compression);
2076
2077 if (conn->guard_state) {
2078 /* we count the connection as successful once we can read from it. We do
2079 * not, however, delay use of the circuit here, since it's just for a
2080 * one-hop directory request. */
2081 /* XXXXprop271 note that this will not do the right thing for other
2082 * waiting circuits that would be triggered by this circuit becoming
2083 * complete/usable. But that's ok, I think.
2084 */
2085 entry_guard_succeeded(&conn->guard_state);
2086 circuit_guard_state_free(conn->guard_state);
2087 conn->guard_state = NULL;
2088 }
2089
2090 /* now check if it's got any hints for us about our IP address. */
2091 if (conn->dirconn_direct) {
2092 char *guess = http_get_header(headers, X_ADDRESS_HEADER);
2093 if (guess) {
2094 tor_addr_t addr;
2095 if (tor_addr_parse(&addr, guess) < 0) {
2096 log_debug(LD_DIR, "Malformed X-Your-Address-Is header %s. Ignoring.",
2097 escaped(guess));
2098 } else {
2099 relay_address_new_suggestion(&addr, &TO_CONN(conn)->addr, NULL);
2100 }
2101 tor_free(guess);
2102 }
2103 }
2104
2105 if (date_header > 0) {
2106 /* The date header was written very soon after we sent our request,
2107 * so compute the skew as the difference between sending the request
2108 * and the date header. (We used to check now-date_header, but that's
2109 * inaccurate if we spend a lot of time downloading.)
2110 */
2111 apparent_skew = conn->base_.timestamp_last_write_allowed - date_header;
2112 if (labs(apparent_skew)>ALLOW_DIRECTORY_TIME_SKEW) {
2113 int trusted = router_digest_is_trusted_dir(conn->identity_digest);
2114 clock_skew_warning(TO_CONN(conn), apparent_skew, trusted, LD_HTTP,
2115 "directory", "DIRSERV");
2116 skewed = 1; /* don't check the recommended-versions line */
2117 } else {
2118 log_debug(LD_HTTP, "Time on received directory is within tolerance; "
2119 "we are %ld seconds skewed. (That's okay.)", apparent_skew);
2120 }
2121 }
2122 (void) skewed; /* skewed isn't used yet. */
2123
2124 if (status_code == 503) {
2125 routerstatus_t *rs;
2126 dir_server_t *ds;
2127 const char *id_digest = conn->identity_digest;
2128 log_info(LD_DIR,"Received http status code %d (%s) from server "
2129 "%s. I'll try again soon.",
2130 status_code, escaped(reason),
2131 connection_describe_peer(TO_CONN(conn)));
2132 time_t now = approx_time();
2133 if ((rs = router_get_mutable_consensus_status_by_id(id_digest)))
2134 rs->last_dir_503_at = now;
2135 if ((ds = router_get_fallback_dirserver_by_digest(id_digest)))
2136 ds->fake_status.last_dir_503_at = now;
2137
2138 rv = -1;
2139 goto done;
2140 }
2141
2142 if (dir_client_decompress_response_body(&body, &body_len,
2143 conn, compression, anonymized_connection) < 0) {
2144 rv = -1;
2145 goto done;
2146 }
2147
2148 response_handler_args_t args;
2149 memset(&args, 0, sizeof(args));
2150 args.status_code = status_code;
2151 args.reason = reason;
2152 args.body = body;
2153 args.body_len = body_len;
2154 args.headers = headers;
2155
2156 switch (conn->base_.purpose) {
2157 case DIR_PURPOSE_FETCH_CONSENSUS:
2158 rv = handle_response_fetch_consensus(conn, &args);
2159 break;
2160 case DIR_PURPOSE_FETCH_CERTIFICATE:
2161 rv = handle_response_fetch_certificate(conn, &args);
2162 break;
2163 case DIR_PURPOSE_FETCH_STATUS_VOTE:
2164 rv = handle_response_fetch_status_vote(conn, &args);
2165 break;
2166 case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
2167 rv = handle_response_fetch_detached_signatures(conn, &args);
2168 break;
2169 case DIR_PURPOSE_FETCH_SERVERDESC:
2170 case DIR_PURPOSE_FETCH_EXTRAINFO:
2171 rv = handle_response_fetch_desc(conn, &args);
2172 break;
2173 case DIR_PURPOSE_FETCH_MICRODESC:
2174 rv = handle_response_fetch_microdesc(conn, &args);
2175 break;
2176 case DIR_PURPOSE_UPLOAD_DIR:
2177 rv = handle_response_upload_dir(conn, &args);
2178 break;
2179 case DIR_PURPOSE_UPLOAD_SIGNATURES:
2180 rv = handle_response_upload_signatures(conn, &args);
2181 break;
2182 case DIR_PURPOSE_UPLOAD_VOTE:
2183 rv = handle_response_upload_vote(conn, &args);
2184 break;
2185 case DIR_PURPOSE_UPLOAD_HSDESC:
2186 rv = handle_response_upload_hsdesc(conn, &args);
2187 break;
2188 case DIR_PURPOSE_FETCH_HSDESC:
2189 rv = handle_response_fetch_hsdesc_v3(conn, &args);
2190 break;
2191 default:
2192 tor_assert_nonfatal_unreached();
2193 rv = -1;
2194 break;
2195 }
2196
2197 done:
2198 tor_free(body);
2199 tor_free(headers);
2200 tor_free(reason);
2201 return rv;
2202 }
2203
2204 /**
2205 * Handler function: processes a response to a request for a networkstatus
2206 * consensus document by checking the consensus, storing it, and marking
2207 * router requests as reachable.
2208 **/
2209 STATIC int
handle_response_fetch_consensus(dir_connection_t * conn,const response_handler_args_t * args)2210 handle_response_fetch_consensus(dir_connection_t *conn,
2211 const response_handler_args_t *args)
2212 {
2213 tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_CONSENSUS);
2214 const int status_code = args->status_code;
2215 const char *body = args->body;
2216 const size_t body_len = args->body_len;
2217 const char *reason = args->reason;
2218 const time_t now = approx_time();
2219
2220 const char *consensus;
2221 char *new_consensus = NULL;
2222 const char *sourcename;
2223
2224 int r;
2225 const char *flavname = conn->requested_resource;
2226 if (status_code != 200) {
2227 int severity = (status_code == 304) ? LOG_INFO : LOG_WARN;
2228 tor_log(severity, LD_DIR,
2229 "Received http status code %d (%s) from server "
2230 "%s while fetching consensus directory.",
2231 status_code, escaped(reason),
2232 connection_describe_peer(TO_CONN(conn)));
2233 networkstatus_consensus_download_failed(status_code, flavname);
2234 return -1;
2235 }
2236
2237 if (looks_like_a_consensus_diff(body, body_len)) {
2238 /* First find our previous consensus. Maybe it's in ram, maybe not. */
2239 cached_dir_t *cd = NULL;
2240 const char *consensus_body = NULL;
2241 size_t consensus_body_len;
2242 tor_mmap_t *mapped_consensus = NULL;
2243
2244 /* We prefer the mmap'd version over the cached_dir_t version,
2245 * since that matches the logic we used when we picked a consensus
2246 * back in dir_consensus_request_set_additional_headers. */
2247 mapped_consensus = networkstatus_map_cached_consensus(flavname);
2248 if (mapped_consensus) {
2249 consensus_body = mapped_consensus->data;
2250 consensus_body_len = mapped_consensus->size;
2251 } else {
2252 cd = dirserv_get_consensus(flavname);
2253 if (cd) {
2254 consensus_body = cd->dir;
2255 consensus_body_len = cd->dir_len;
2256 }
2257 }
2258 if (!consensus_body) {
2259 log_warn(LD_DIR, "Received a consensus diff, but we can't find "
2260 "any %s-flavored consensus in our current cache.",flavname);
2261 tor_munmap_file(mapped_consensus);
2262 networkstatus_consensus_download_failed(0, flavname);
2263 // XXXX if this happens too much, see below
2264 return -1;
2265 }
2266
2267 new_consensus = consensus_diff_apply(consensus_body, consensus_body_len,
2268 body, body_len);
2269 tor_munmap_file(mapped_consensus);
2270 if (new_consensus == NULL) {
2271 log_warn(LD_DIR, "Could not apply consensus diff received from server "
2272 "%s", connection_describe_peer(TO_CONN(conn)));
2273 // XXXX If this happens too many times, we should maybe not use
2274 // XXXX this directory for diffs any more?
2275 networkstatus_consensus_download_failed(0, flavname);
2276 return -1;
2277 }
2278 log_info(LD_DIR, "Applied consensus diff (size %d) from server "
2279 "%s, resulting in a new consensus document (size %d).",
2280 (int)body_len, connection_describe_peer(TO_CONN(conn)),
2281 (int)strlen(new_consensus));
2282 consensus = new_consensus;
2283 sourcename = "generated based on a diff";
2284 } else {
2285 log_info(LD_DIR,"Received consensus directory (body size %d) from server "
2286 "%s", (int)body_len, connection_describe_peer(TO_CONN(conn)));
2287 consensus = body;
2288 sourcename = "downloaded";
2289 }
2290
2291 if ((r=networkstatus_set_current_consensus(consensus,
2292 strlen(consensus),
2293 flavname, 0,
2294 conn->identity_digest))<0) {
2295 log_fn(r<-1?LOG_WARN:LOG_INFO, LD_DIR,
2296 "Unable to load %s consensus directory %s from "
2297 "server %s. I'll try again soon.",
2298 flavname, sourcename,
2299 connection_describe_peer(TO_CONN(conn)));
2300 networkstatus_consensus_download_failed(0, flavname);
2301 tor_free(new_consensus);
2302 return -1;
2303 }
2304
2305 /* If we launched other fetches for this consensus, cancel them. */
2306 connection_dir_close_consensus_fetches(conn, flavname);
2307
2308 /* update the list of routers and directory guards */
2309 routers_update_all_from_networkstatus(now, 3);
2310 update_microdescs_from_networkstatus(now);
2311 directory_info_has_arrived(now, 0, 0);
2312
2313 if (authdir_mode_v3(get_options())) {
2314 sr_act_post_consensus(
2315 networkstatus_get_latest_consensus_by_flavor(FLAV_NS));
2316 }
2317 log_info(LD_DIR, "Successfully loaded consensus.");
2318
2319 tor_free(new_consensus);
2320 return 0;
2321 }
2322
2323 /**
2324 * Handler function: processes a response to a request for one or more
2325 * authority certificates
2326 **/
2327 static int
handle_response_fetch_certificate(dir_connection_t * conn,const response_handler_args_t * args)2328 handle_response_fetch_certificate(dir_connection_t *conn,
2329 const response_handler_args_t *args)
2330 {
2331 tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_CERTIFICATE);
2332 const int status_code = args->status_code;
2333 const char *reason = args->reason;
2334 const char *body = args->body;
2335 const size_t body_len = args->body_len;
2336
2337 if (status_code != 200) {
2338 log_warn(LD_DIR,
2339 "Received http status code %d (%s) from server "
2340 "%s while fetching \"/tor/keys/%s\".",
2341 status_code, escaped(reason),
2342 connection_describe_peer(TO_CONN(conn)),
2343 conn->requested_resource);
2344 connection_dir_download_cert_failed(conn, status_code);
2345 return -1;
2346 }
2347 log_info(LD_DIR,"Received authority certificates (body size %d) from "
2348 "server %s",
2349 (int)body_len, connection_describe_peer(TO_CONN(conn)));
2350
2351 /*
2352 * Tell trusted_dirs_load_certs_from_string() whether it was by fp
2353 * or fp-sk pair.
2354 */
2355 int src_code = -1;
2356 if (!strcmpstart(conn->requested_resource, "fp/")) {
2357 src_code = TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_DIGEST;
2358 } else if (!strcmpstart(conn->requested_resource, "fp-sk/")) {
2359 src_code = TRUSTED_DIRS_CERTS_SRC_DL_BY_ID_SK_DIGEST;
2360 }
2361
2362 if (src_code != -1) {
2363 if (trusted_dirs_load_certs_from_string(body, src_code, 1,
2364 conn->identity_digest)<0) {
2365 log_warn(LD_DIR, "Unable to parse fetched certificates");
2366 /* if we fetched more than one and only some failed, the successful
2367 * ones got flushed to disk so it's safe to call this on them */
2368 connection_dir_download_cert_failed(conn, status_code);
2369 } else {
2370 time_t now = approx_time();
2371 directory_info_has_arrived(now, 0, 0);
2372 log_info(LD_DIR, "Successfully loaded certificates from fetch.");
2373 }
2374 } else {
2375 log_warn(LD_DIR,
2376 "Couldn't figure out what to do with fetched certificates for "
2377 "unknown resource %s",
2378 conn->requested_resource);
2379 connection_dir_download_cert_failed(conn, status_code);
2380 }
2381 return 0;
2382 }
2383
2384 /**
2385 * Handler function: processes a response to a request for an authority's
2386 * current networkstatus vote.
2387 **/
2388 static int
handle_response_fetch_status_vote(dir_connection_t * conn,const response_handler_args_t * args)2389 handle_response_fetch_status_vote(dir_connection_t *conn,
2390 const response_handler_args_t *args)
2391 {
2392 tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_STATUS_VOTE);
2393 const int status_code = args->status_code;
2394 const char *reason = args->reason;
2395 const char *body = args->body;
2396 const size_t body_len = args->body_len;
2397
2398 const char *msg;
2399 int st;
2400 log_notice(LD_DIR,"Got votes (body size %d) from server %s",
2401 (int)body_len, connection_describe_peer(TO_CONN(conn)));
2402 if (status_code != 200) {
2403 log_warn(LD_DIR,
2404 "Received http status code %d (%s) from server "
2405 "%s while fetching \"/tor/status-vote/next/%s.z\".",
2406 status_code, escaped(reason),
2407 connection_describe_peer(TO_CONN(conn)),
2408 conn->requested_resource);
2409 return -1;
2410 }
2411 dirvote_add_vote(body, 0, TO_CONN(conn)->address, &msg, &st);
2412 if (st > 299) {
2413 log_warn(LD_DIR, "Error adding retrieved vote: %s", msg);
2414 } else {
2415 log_info(LD_DIR, "Added vote(s) successfully [msg: %s]", msg);
2416 }
2417
2418 return 0;
2419 }
2420
2421 /**
2422 * Handler function: processes a response to a request for the signatures
2423 * that an authority knows about on a given consensus.
2424 **/
2425 static int
handle_response_fetch_detached_signatures(dir_connection_t * conn,const response_handler_args_t * args)2426 handle_response_fetch_detached_signatures(dir_connection_t *conn,
2427 const response_handler_args_t *args)
2428 {
2429 tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_DETACHED_SIGNATURES);
2430 const int status_code = args->status_code;
2431 const char *reason = args->reason;
2432 const char *body = args->body;
2433 const size_t body_len = args->body_len;
2434
2435 const char *msg = NULL;
2436 log_info(LD_DIR,"Got detached signatures (body size %d) from server %s",
2437 (int)body_len,
2438 connection_describe_peer(TO_CONN(conn)));
2439 if (status_code != 200) {
2440 log_warn(LD_DIR,
2441 "Received http status code %d (%s) from server %s while fetching "
2442 "\"/tor/status-vote/next/consensus-signatures.z\".",
2443 status_code, escaped(reason),
2444 connection_describe_peer(TO_CONN(conn)));
2445 return -1;
2446 }
2447 if (dirvote_add_signatures(body, conn->base_.address, &msg)<0) {
2448 log_warn(LD_DIR, "Problem adding detached signatures from %s: %s",
2449 connection_describe_peer(TO_CONN(conn)),
2450 msg?msg:"???");
2451 }
2452
2453 return 0;
2454 }
2455
2456 /**
2457 * Handler function: processes a response to a request for a group of server
2458 * descriptors or an extrainfo documents.
2459 **/
2460 static int
handle_response_fetch_desc(dir_connection_t * conn,const response_handler_args_t * args)2461 handle_response_fetch_desc(dir_connection_t *conn,
2462 const response_handler_args_t *args)
2463 {
2464 tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_SERVERDESC ||
2465 conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO);
2466 const int status_code = args->status_code;
2467 const char *reason = args->reason;
2468 const char *body = args->body;
2469 const size_t body_len = args->body_len;
2470
2471 int was_ei = conn->base_.purpose == DIR_PURPOSE_FETCH_EXTRAINFO;
2472 smartlist_t *which = NULL;
2473 int n_asked_for = 0;
2474 int descriptor_digests = conn->requested_resource &&
2475 !strcmpstart(conn->requested_resource,"d/");
2476 log_info(LD_DIR,"Received %s (body size %d) from server %s",
2477 was_ei ? "extra server info" : "server info",
2478 (int)body_len, connection_describe_peer(TO_CONN(conn)));
2479 if (conn->requested_resource &&
2480 (!strcmpstart(conn->requested_resource,"d/") ||
2481 !strcmpstart(conn->requested_resource,"fp/"))) {
2482 which = smartlist_new();
2483 dir_split_resource_into_fingerprints(conn->requested_resource +
2484 (descriptor_digests ? 2 : 3),
2485 which, NULL, 0);
2486 n_asked_for = smartlist_len(which);
2487 }
2488 if (status_code != 200) {
2489 int dir_okay = status_code == 404 ||
2490 (status_code == 400 && !strcmp(reason, "Servers unavailable.")) ||
2491 status_code == 301;
2492 /* 404 means that it didn't have them; no big deal.
2493 * Older (pre-0.1.1.8) servers said 400 Servers unavailable instead.
2494 * 301 is considered as an error since Tor does not follow redirects,
2495 * which means we failed to reach the server we wanted. */
2496 log_fn(dir_okay ? LOG_INFO : LOG_WARN, LD_DIR,
2497 "Received http status code %d (%s) from server %s "
2498 "while fetching \"/tor/server/%s\". I'll try again soon.",
2499 status_code, escaped(reason),
2500 connection_describe_peer(TO_CONN(conn)),
2501 conn->requested_resource);
2502 if (!which) {
2503 connection_dir_download_routerdesc_failed(conn);
2504 } else {
2505 dir_routerdesc_download_failed(which, status_code,
2506 conn->router_purpose,
2507 was_ei, descriptor_digests);
2508 SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
2509 smartlist_free(which);
2510 }
2511 return dir_okay ? 0 : -1;
2512 }
2513 /* Learn the routers, assuming we requested by fingerprint or "all"
2514 * or "authority".
2515 *
2516 * We use "authority" to fetch our own descriptor for
2517 * testing, and to fetch bridge descriptors for bootstrapping. Ignore
2518 * the output of "authority" requests unless we are using bridges,
2519 * since otherwise they'll be the response from reachability tests,
2520 * and we don't really want to add that to our routerlist. */
2521 if (which || (conn->requested_resource &&
2522 (!strcmpstart(conn->requested_resource, "all") ||
2523 (!strcmpstart(conn->requested_resource, "authority") &&
2524 get_options()->UseBridges)))) {
2525 /* as we learn from them, we remove them from 'which' */
2526 if (was_ei) {
2527 router_load_extrainfo_from_string(body, NULL, SAVED_NOWHERE, which,
2528 descriptor_digests);
2529 } else {
2530 //router_load_routers_from_string(body, NULL, SAVED_NOWHERE, which,
2531 // descriptor_digests, conn->router_purpose);
2532 if (load_downloaded_routers(body, which, descriptor_digests,
2533 conn->router_purpose,
2534 conn->base_.address)) {
2535 time_t now = approx_time();
2536 directory_info_has_arrived(now, 0, 1);
2537 }
2538 }
2539 }
2540 if (which) { /* mark remaining ones as failed */
2541 log_info(LD_DIR, "Received %d/%d %s requested from %s",
2542 n_asked_for-smartlist_len(which), n_asked_for,
2543 was_ei ? "extra-info documents" : "router descriptors",
2544 connection_describe_peer(TO_CONN(conn)));
2545 if (smartlist_len(which)) {
2546 dir_routerdesc_download_failed(which, status_code,
2547 conn->router_purpose,
2548 was_ei, descriptor_digests);
2549 }
2550 SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
2551 smartlist_free(which);
2552 }
2553
2554 return 0;
2555 }
2556
2557 /**
2558 * Handler function: processes a response to a request for a group of
2559 * microdescriptors
2560 **/
2561 STATIC int
handle_response_fetch_microdesc(dir_connection_t * conn,const response_handler_args_t * args)2562 handle_response_fetch_microdesc(dir_connection_t *conn,
2563 const response_handler_args_t *args)
2564 {
2565 tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_MICRODESC);
2566 const int status_code = args->status_code;
2567 const char *reason = args->reason;
2568 const char *body = args->body;
2569 const size_t body_len = args->body_len;
2570
2571 smartlist_t *which = NULL;
2572 log_info(LD_DIR,"Received answer to microdescriptor request (status %d, "
2573 "body size %d) from server %s",
2574 status_code, (int)body_len,
2575 connection_describe_peer(TO_CONN(conn)));
2576 tor_assert(conn->requested_resource &&
2577 !strcmpstart(conn->requested_resource, "d/"));
2578 tor_assert_nonfatal(!fast_mem_is_zero(conn->identity_digest, DIGEST_LEN));
2579 which = smartlist_new();
2580 dir_split_resource_into_fingerprints(conn->requested_resource+2,
2581 which, NULL,
2582 DSR_DIGEST256|DSR_BASE64);
2583 if (status_code != 200) {
2584 log_info(LD_DIR, "Received status code %d (%s) from server "
2585 "%s while fetching \"/tor/micro/%s\". I'll try again "
2586 "soon.",
2587 status_code, escaped(reason),
2588 connection_describe_peer(TO_CONN(conn)),
2589 conn->requested_resource);
2590 dir_microdesc_download_failed(which, status_code, conn->identity_digest);
2591 SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
2592 smartlist_free(which);
2593 return 0;
2594 } else {
2595 smartlist_t *mds;
2596 time_t now = approx_time();
2597 mds = microdescs_add_to_cache(get_microdesc_cache(),
2598 body, body+body_len, SAVED_NOWHERE, 0,
2599 now, which);
2600 if (smartlist_len(which)) {
2601 /* Mark remaining ones as failed. */
2602 dir_microdesc_download_failed(which, status_code, conn->identity_digest);
2603 }
2604 if (mds && smartlist_len(mds)) {
2605 control_event_boot_dir(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
2606 count_loading_descriptors_progress());
2607 directory_info_has_arrived(now, 0, 1);
2608 }
2609 SMARTLIST_FOREACH(which, char *, cp, tor_free(cp));
2610 smartlist_free(which);
2611 smartlist_free(mds);
2612 }
2613
2614 return 0;
2615 }
2616
2617 /**
2618 * Handler function: processes a response to a POST request to upload our
2619 * router descriptor.
2620 **/
2621 static int
handle_response_upload_dir(dir_connection_t * conn,const response_handler_args_t * args)2622 handle_response_upload_dir(dir_connection_t *conn,
2623 const response_handler_args_t *args)
2624 {
2625 tor_assert(conn->base_.purpose == DIR_PURPOSE_UPLOAD_DIR);
2626 const int status_code = args->status_code;
2627 const char *reason = args->reason;
2628 const char *headers = args->headers;
2629
2630 switch (status_code) {
2631 case 200: {
2632 dir_server_t *ds =
2633 router_get_trusteddirserver_by_digest(conn->identity_digest);
2634 char *rejected_hdr = http_get_header(headers,
2635 "X-Descriptor-Not-New: ");
2636 if (rejected_hdr) {
2637 if (!strcmp(rejected_hdr, "Yes")) {
2638 log_info(LD_GENERAL,
2639 "Authority '%s' declined our descriptor (not new)",
2640 ds->nickname);
2641 /* XXXX use this information; be sure to upload next one
2642 * sooner. -NM */
2643 /* XXXX++ On further thought, the task above implies that we're
2644 * basing our regenerate-descriptor time on when we uploaded the
2645 * last descriptor, not on the published time of the last
2646 * descriptor. If those are different, that's a bad thing to
2647 * do. -NM */
2648 }
2649 tor_free(rejected_hdr);
2650 }
2651 log_info(LD_GENERAL,"eof (status 200) after uploading server "
2652 "descriptor: finished.");
2653 control_event_server_status(
2654 LOG_NOTICE, "ACCEPTED_SERVER_DESCRIPTOR DIRAUTH=%s:%d",
2655 conn->base_.address, conn->base_.port);
2656
2657 ds->has_accepted_serverdesc = 1;
2658 if (directories_have_accepted_server_descriptor())
2659 control_event_server_status(LOG_NOTICE, "GOOD_SERVER_DESCRIPTOR");
2660 }
2661 break;
2662 case 400:
2663 log_warn(LD_GENERAL,"http status 400 (%s) response from "
2664 "dirserver %s. Please correct.",
2665 escaped(reason), connection_describe_peer(TO_CONN(conn)));
2666 control_event_server_status(LOG_WARN,
2667 "BAD_SERVER_DESCRIPTOR DIRAUTH=%s:%d REASON=\"%s\"",
2668 conn->base_.address, conn->base_.port, escaped(reason));
2669 break;
2670 default:
2671 log_warn(LD_GENERAL,
2672 "HTTP status %d (%s) was unexpected while uploading "
2673 "descriptor to server %s'. Possibly the server is "
2674 "misconfigured?",
2675 status_code, escaped(reason),
2676 connection_describe_peer(TO_CONN(conn)));
2677 break;
2678 }
2679 /* return 0 in all cases, since we don't want to mark any
2680 * dirservers down just because they don't like us. */
2681
2682 return 0;
2683 }
2684
2685 /**
2686 * Handler function: processes a response to POST request to upload our
2687 * own networkstatus vote.
2688 **/
2689 static int
handle_response_upload_vote(dir_connection_t * conn,const response_handler_args_t * args)2690 handle_response_upload_vote(dir_connection_t *conn,
2691 const response_handler_args_t *args)
2692 {
2693 tor_assert(conn->base_.purpose == DIR_PURPOSE_UPLOAD_VOTE);
2694 const int status_code = args->status_code;
2695 const char *reason = args->reason;
2696
2697 switch (status_code) {
2698 case 200: {
2699 log_notice(LD_DIR,"Uploaded my vote to dirserver %s",
2700 connection_describe_peer(TO_CONN(conn)));
2701 }
2702 break;
2703 case 400:
2704 log_warn(LD_DIR,"http status 400 (%s) response after uploading "
2705 "vote to dirserver %s. Please correct.",
2706 escaped(reason), connection_describe_peer(TO_CONN(conn)));
2707 break;
2708 default:
2709 log_warn(LD_GENERAL,
2710 "HTTP status %d (%s) was unexpected while uploading "
2711 "vote to server %s.",
2712 status_code, escaped(reason),
2713 connection_describe_peer(TO_CONN(conn)));
2714 break;
2715 }
2716 /* return 0 in all cases, since we don't want to mark any
2717 * dirservers down just because they don't like us. */
2718 return 0;
2719 }
2720
2721 /**
2722 * Handler function: processes a response to POST request to upload our
2723 * view of the signatures on the current consensus.
2724 **/
2725 static int
handle_response_upload_signatures(dir_connection_t * conn,const response_handler_args_t * args)2726 handle_response_upload_signatures(dir_connection_t *conn,
2727 const response_handler_args_t *args)
2728 {
2729 tor_assert(conn->base_.purpose == DIR_PURPOSE_UPLOAD_SIGNATURES);
2730 const int status_code = args->status_code;
2731 const char *reason = args->reason;
2732
2733 switch (status_code) {
2734 case 200: {
2735 log_notice(LD_DIR,"Uploaded signature(s) to dirserver %s",
2736 connection_describe_peer(TO_CONN(conn)));
2737 }
2738 break;
2739 case 400:
2740 log_warn(LD_DIR,"http status 400 (%s) response after uploading "
2741 "signatures to dirserver %s. Please correct.",
2742 escaped(reason), connection_describe_peer(TO_CONN(conn)));
2743 break;
2744 default:
2745 log_warn(LD_GENERAL,
2746 "HTTP status %d (%s) was unexpected while uploading "
2747 "signatures to server %s.",
2748 status_code, escaped(reason),
2749 connection_describe_peer(TO_CONN(conn)));
2750 break;
2751 }
2752 /* return 0 in all cases, since we don't want to mark any
2753 * dirservers down just because they don't like us. */
2754
2755 return 0;
2756 }
2757
2758 /**
2759 * Handler function: processes a response to a request for a v3 hidden service
2760 * descriptor.
2761 **/
2762 STATIC int
handle_response_fetch_hsdesc_v3(dir_connection_t * conn,const response_handler_args_t * args)2763 handle_response_fetch_hsdesc_v3(dir_connection_t *conn,
2764 const response_handler_args_t *args)
2765 {
2766 const int status_code = args->status_code;
2767 const char *reason = args->reason;
2768 const char *body = args->body;
2769 const size_t body_len = args->body_len;
2770
2771 tor_assert(conn->hs_ident);
2772
2773 log_info(LD_REND,"Received v3 hsdesc (body size %d, status %d (%s))",
2774 (int)body_len, status_code, escaped(reason));
2775
2776 hs_client_dir_fetch_done(conn, reason, body, status_code);
2777 return 0;
2778 }
2779
2780 /**
2781 * Handler function: processes a response to a POST request to upload an
2782 * hidden service descriptor.
2783 **/
2784 static int
handle_response_upload_hsdesc(dir_connection_t * conn,const response_handler_args_t * args)2785 handle_response_upload_hsdesc(dir_connection_t *conn,
2786 const response_handler_args_t *args)
2787 {
2788 const int status_code = args->status_code;
2789 const char *reason = args->reason;
2790
2791 tor_assert(conn);
2792 tor_assert(conn->base_.purpose == DIR_PURPOSE_UPLOAD_HSDESC);
2793
2794 log_info(LD_REND, "Uploaded hidden service descriptor (status %d "
2795 "(%s))",
2796 status_code, escaped(reason));
2797 /* For this directory response, it MUST have an hidden service identifier on
2798 * this connection. */
2799 tor_assert(conn->hs_ident);
2800 switch (status_code) {
2801 case 200:
2802 log_info(LD_REND, "Uploading hidden service descriptor: "
2803 "finished with status 200 (%s)", escaped(reason));
2804 hs_control_desc_event_uploaded(conn->hs_ident, conn->identity_digest);
2805 break;
2806 case 400:
2807 log_fn(LOG_PROTOCOL_WARN, LD_REND,
2808 "Uploading hidden service descriptor: http "
2809 "status 400 (%s) response from dirserver "
2810 "%s. Malformed hidden service descriptor?",
2811 escaped(reason), connection_describe_peer(TO_CONN(conn)));
2812 hs_control_desc_event_failed(conn->hs_ident, conn->identity_digest,
2813 "UPLOAD_REJECTED");
2814 break;
2815 default:
2816 log_warn(LD_REND, "Uploading hidden service descriptor: http "
2817 "status %d (%s) response unexpected (server "
2818 "%s').",
2819 status_code, escaped(reason),
2820 connection_describe_peer(TO_CONN(conn)));
2821 hs_control_desc_event_failed(conn->hs_ident, conn->identity_digest,
2822 "UNEXPECTED");
2823 break;
2824 }
2825
2826 return 0;
2827 }
2828
2829 /** Called when a directory connection reaches EOF. */
2830 int
connection_dir_reached_eof(dir_connection_t * conn)2831 connection_dir_reached_eof(dir_connection_t *conn)
2832 {
2833 int retval;
2834 if (conn->base_.state != DIR_CONN_STATE_CLIENT_READING) {
2835 log_info(LD_HTTP,"conn reached eof, not reading. [state=%d] Closing.",
2836 conn->base_.state);
2837 connection_close_immediate(TO_CONN(conn)); /* error: give up on flushing */
2838 connection_mark_for_close(TO_CONN(conn));
2839 return -1;
2840 }
2841
2842 retval = connection_dir_client_reached_eof(conn);
2843 if (retval == 0) /* success */
2844 conn->base_.state = DIR_CONN_STATE_CLIENT_FINISHED;
2845 connection_mark_for_close(TO_CONN(conn));
2846 return retval;
2847 }
2848 /** We are closing a dir connection: If <b>dir_conn</b> is a dir connection
2849 * that tried to fetch an HS descriptor, check if it successfully fetched it,
2850 * or if we need to try again. */
2851 void
connection_dir_client_refetch_hsdesc_if_needed(dir_connection_t * dir_conn)2852 connection_dir_client_refetch_hsdesc_if_needed(dir_connection_t *dir_conn)
2853 {
2854 connection_t *conn = TO_CONN(dir_conn);
2855
2856 /* Check for v3 rend desc fetch */
2857 if (conn->purpose == DIR_PURPOSE_FETCH_HSDESC &&
2858 dir_conn->hs_ident &&
2859 !ed25519_public_key_is_zero(&dir_conn->hs_ident->identity_pk)) {
2860 hs_client_refetch_hsdesc(&dir_conn->hs_ident->identity_pk);
2861 }
2862 }
2863
2864 /** Array of compression methods to use (if supported) for requesting
2865 * compressed data, ordered from best to worst. */
2866 static compress_method_t client_meth_pref[] = {
2867 LZMA_METHOD,
2868 ZSTD_METHOD,
2869 ZLIB_METHOD,
2870 GZIP_METHOD,
2871 NO_METHOD
2872 };
2873
2874 /** Array of allowed compression methods to use (if supported) when receiving a
2875 * response from a request that was required to be anonymous. */
2876 static compress_method_t client_meth_allowed_anonymous_compression[] = {
2877 ZLIB_METHOD,
2878 GZIP_METHOD,
2879 NO_METHOD
2880 };
2881
2882 /** Return a newly allocated string containing a comma separated list of
2883 * supported encodings. */
2884 STATIC char *
accept_encoding_header(void)2885 accept_encoding_header(void)
2886 {
2887 smartlist_t *methods = smartlist_new();
2888 char *header = NULL;
2889 compress_method_t method;
2890 unsigned i;
2891
2892 for (i = 0; i < ARRAY_LENGTH(client_meth_pref); ++i) {
2893 method = client_meth_pref[i];
2894 if (tor_compress_supports_method(method))
2895 smartlist_add(methods, (char *)compression_method_get_name(method));
2896 }
2897
2898 header = smartlist_join_strings(methods, ", ", 0, NULL);
2899 smartlist_free(methods);
2900
2901 return header;
2902 }
2903
2904 /** Check if the given compression method is allowed for a connection that is
2905 * supposed to be anonymous. Returns 1 if the compression method is allowed,
2906 * otherwise 0. */
2907 STATIC int
allowed_anonymous_connection_compression_method(compress_method_t method)2908 allowed_anonymous_connection_compression_method(compress_method_t method)
2909 {
2910 unsigned u;
2911
2912 for (u = 0; u < ARRAY_LENGTH(client_meth_allowed_anonymous_compression);
2913 ++u) {
2914 compress_method_t allowed_method =
2915 client_meth_allowed_anonymous_compression[u];
2916
2917 if (! tor_compress_supports_method(allowed_method))
2918 continue;
2919
2920 if (method == allowed_method)
2921 return 1;
2922 }
2923
2924 return 0;
2925 }
2926
2927 /** Log a warning when a remote server has sent us a document using a
2928 * compression method that is not allowed for anonymous directory requests. */
2929 STATIC void
warn_disallowed_anonymous_compression_method(compress_method_t method)2930 warn_disallowed_anonymous_compression_method(compress_method_t method)
2931 {
2932 log_fn(LOG_PROTOCOL_WARN, LD_HTTP,
2933 "Received a %s HTTP response, which is not "
2934 "allowed for anonymous directory requests.",
2935 compression_method_get_human_name(method));
2936 }
2937
2938 /* We just got a new consensus! If there are other in-progress requests
2939 * for this consensus flavor (for example because we launched several in
2940 * parallel), cancel them.
2941 *
2942 * We do this check here (not just in
2943 * connection_ap_handshake_attach_circuit()) to handle the edge case where
2944 * a consensus fetch begins and ends before some other one tries to attach to
2945 * a circuit, in which case the other one won't know that we're all happy now.
2946 *
2947 * Don't mark the conn that just gave us the consensus -- otherwise we
2948 * would end up double-marking it when it cleans itself up.
2949 */
2950 static void
connection_dir_close_consensus_fetches(dir_connection_t * except_this_one,const char * resource)2951 connection_dir_close_consensus_fetches(dir_connection_t *except_this_one,
2952 const char *resource)
2953 {
2954 smartlist_t *conns_to_close =
2955 connection_dir_list_by_purpose_and_resource(DIR_PURPOSE_FETCH_CONSENSUS,
2956 resource);
2957 SMARTLIST_FOREACH_BEGIN(conns_to_close, dir_connection_t *, d) {
2958 if (d == except_this_one)
2959 continue;
2960 log_info(LD_DIR, "Closing consensus fetch (to %s) since one "
2961 "has just arrived.", connection_describe_peer(TO_CONN(d)));
2962 connection_mark_for_close(TO_CONN(d));
2963 } SMARTLIST_FOREACH_END(d);
2964 smartlist_free(conns_to_close);
2965 }
2966 /** Called when one or more routerdesc (or extrainfo, if <b>was_extrainfo</b>)
2967 * fetches have failed (with uppercase fingerprints listed in <b>failed</b>,
2968 * either as descriptor digests or as identity digests based on
2969 * <b>was_descriptor_digests</b>).
2970 */
2971 static void
dir_routerdesc_download_failed(smartlist_t * failed,int status_code,int router_purpose,int was_extrainfo,int was_descriptor_digests)2972 dir_routerdesc_download_failed(smartlist_t *failed, int status_code,
2973 int router_purpose,
2974 int was_extrainfo, int was_descriptor_digests)
2975 {
2976 char digest[DIGEST_LEN];
2977 time_t now = time(NULL);
2978 int server = dirclient_fetches_from_authorities(get_options());
2979 if (!was_descriptor_digests) {
2980 if (router_purpose == ROUTER_PURPOSE_BRIDGE) {
2981 tor_assert(!was_extrainfo);
2982 connection_dir_retry_bridges(failed);
2983 }
2984 return; /* FFFF should implement for other-than-router-purpose someday */
2985 }
2986 SMARTLIST_FOREACH_BEGIN(failed, const char *, cp) {
2987 download_status_t *dls = NULL;
2988 if (base16_decode(digest, DIGEST_LEN, cp, strlen(cp)) != DIGEST_LEN) {
2989 log_warn(LD_BUG, "Malformed fingerprint in list: %s", escaped(cp));
2990 continue;
2991 }
2992 if (was_extrainfo) {
2993 signed_descriptor_t *sd =
2994 router_get_by_extrainfo_digest(digest);
2995 if (sd)
2996 dls = &sd->ei_dl_status;
2997 } else {
2998 dls = router_get_dl_status_by_descriptor_digest(digest);
2999 }
3000 if (!dls)
3001 continue;
3002 download_status_increment_failure(dls, status_code, cp, server, now);
3003 } SMARTLIST_FOREACH_END(cp);
3004
3005 /* No need to relaunch descriptor downloads here: we already do it
3006 * every 10 or 60 seconds (FOO_DESCRIPTOR_RETRY_INTERVAL) in main.c. */
3007 }
3008
3009 /** Called when a connection to download microdescriptors from relay with
3010 * <b>dir_id</b> has failed in whole or in part. <b>failed</b> is a list
3011 * of every microdesc digest we didn't get. <b>status_code</b> is the http
3012 * status code we received. Reschedule the microdesc downloads as
3013 * appropriate. */
3014 static void
dir_microdesc_download_failed(smartlist_t * failed,int status_code,const char * dir_id)3015 dir_microdesc_download_failed(smartlist_t *failed,
3016 int status_code, const char *dir_id)
3017 {
3018 networkstatus_t *consensus
3019 = networkstatus_get_latest_consensus_by_flavor(FLAV_MICRODESC);
3020 routerstatus_t *rs;
3021 download_status_t *dls;
3022 time_t now = time(NULL);
3023 int server = dirclient_fetches_from_authorities(get_options());
3024
3025 if (! consensus)
3026 return;
3027
3028 /* We failed to fetch a microdescriptor from 'dir_id', note it down
3029 * so that we don't try the same relay next time... */
3030 microdesc_note_outdated_dirserver(dir_id);
3031
3032 SMARTLIST_FOREACH_BEGIN(failed, const char *, d) {
3033 rs = router_get_mutable_consensus_status_by_descriptor_digest(consensus,d);
3034 if (!rs)
3035 continue;
3036 dls = &rs->dl_status;
3037
3038 { /* Increment the failure count for this md fetch */
3039 char buf[BASE64_DIGEST256_LEN+1];
3040 digest256_to_base64(buf, d);
3041 log_info(LD_DIR, "Failed to download md %s from %s",
3042 buf, hex_str(dir_id, DIGEST_LEN));
3043 download_status_increment_failure(dls, status_code, buf,
3044 server, now);
3045 }
3046 } SMARTLIST_FOREACH_END(d);
3047 }
3048