search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Control port STREAM XON/XOFF status event notification
[tor.git] / src / feature / control / control_cmd.c
blobdd0cde4f7d992504fb21377164d88228d7b2e32e
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2 * Copyright (c) 2007-2021, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4
5 /**
6 * \file control_cmd.c
7 * \brief Implement various commands for Tor's control-socket interface.
8 **/
9
10 #define CONTROL_MODULE_PRIVATE
11 #define CONTROL_CMD_PRIVATE
12 #define CONTROL_EVENTS_PRIVATE
13
14 #include "core/or/or.h"
15 #include "app/config/config.h"
16 #include "lib/confmgt/confmgt.h"
17 #include "app/main/main.h"
18 #include "core/mainloop/connection.h"
19 #include "core/or/circuitbuild.h"
20 #include "core/or/circuitlist.h"
21 #include "core/or/circuituse.h"
22 #include "core/or/connection_edge.h"
23 #include "core/or/circuitstats.h"
24 #include "core/or/extendinfo.h"
25 #include "feature/client/addressmap.h"
26 #include "feature/client/dnsserv.h"
27 #include "feature/client/entrynodes.h"
28 #include "feature/control/control.h"
29 #include "feature/control/control_auth.h"
30 #include "feature/control/control_cmd.h"
31 #include "feature/control/control_hs.h"
32 #include "feature/control/control_events.h"
33 #include "feature/control/control_getinfo.h"
34 #include "feature/control/control_proto.h"
35 #include "feature/hs/hs_control.h"
36 #include "feature/hs/hs_service.h"
37 #include "feature/nodelist/nodelist.h"
38 #include "feature/nodelist/routerinfo.h"
39 #include "feature/nodelist/routerlist.h"
40 #include "feature/rend/rendcommon.h"
41 #include "lib/crypt_ops/crypto_rand.h"
42 #include "lib/crypt_ops/crypto_util.h"
43 #include "lib/encoding/confline.h"
44 #include "lib/encoding/kvline.h"
45
46 #include "core/or/cpath_build_state_st.h"
47 #include "core/or/entry_connection_st.h"
48 #include "core/or/origin_circuit_st.h"
49 #include "core/or/socks_request_st.h"
50 #include "feature/control/control_cmd_args_st.h"
51 #include "feature/control/control_connection_st.h"
52 #include "feature/nodelist/node_st.h"
53 #include "feature/nodelist/routerinfo_st.h"
54
55 #include "app/config/statefile.h"
56
57 static int control_setconf_helper(control_connection_t *conn,
58 const control_cmd_args_t *args,
59 int use_defaults);
60
61 /** Yield true iff <b>s</b> is the state of a control_connection_t that has
62 * finished authentication and is accepting commands. */
63 #define STATE_IS_OPEN(s) ((s) == CONTROL_CONN_STATE_OPEN)
64
65 /**
66 * Release all storage held in <b>args</b>
67 **/
68 void
69 control_cmd_args_free_(control_cmd_args_t *args)
70 {
71 if (! args)
72 return;
73
74 if (args->args) {
75 SMARTLIST_FOREACH(args->args, char *, c, tor_free(c));
76 smartlist_free(args->args);
77 }
78 config_free_lines(args->kwargs);
79 tor_free(args->cmddata);
80
81 tor_free(args);
82 }
83
84 /** Erase all memory held in <b>args</b>. */
85 void
86 control_cmd_args_wipe(control_cmd_args_t *args)
87 {
88 if (!args)
89 return;
90
91 if (args->args) {
92 SMARTLIST_FOREACH(args->args, char *, c, memwipe(c, 0, strlen(c)));
93 }
94 for (config_line_t *line = args->kwargs; line; line = line->next) {
95 memwipe(line->key, 0, strlen(line->key));
96 memwipe(line->value, 0, strlen(line->value));
97 }
98 if (args->cmddata)
99 memwipe(args->cmddata, 0, args->cmddata_len);
100 }
101
102 /**
103 * Return true iff any element of the NULL-terminated <b>array</b> matches
104 * <b>kwd</b>. Case-insensitive.
105 **/
106 static bool
107 string_array_contains_keyword(const char **array, const char *kwd)
108 {
109 for (unsigned i = 0; array[i]; ++i) {
110 if (! strcasecmp(array[i], kwd))
111 return true;
112 }
113 return false;
114 }
115
116 /** Helper for argument parsing: check whether the keyword arguments just
117 * parsed in <b>result</b> were well-formed according to <b>syntax</b>.
118 *
119 * On success, return 0. On failure, return -1 and set *<b>error_out</b>
120 * to a newly allocated error string.
121 **/
122 static int
123 kvline_check_keyword_args(const control_cmd_args_t *result,
124 const control_cmd_syntax_t *syntax,
125 char **error_out)
126 {
127 if (result->kwargs == NULL) {
128 tor_asprintf(error_out, "Cannot parse keyword argument(s)");
129 return -1;
130 }
131
132 if (! syntax->allowed_keywords) {
133 /* All keywords are permitted. */
134 return 0;
135 }
136
137 /* Check for unpermitted arguments */
138 const config_line_t *line;
139 for (line = result->kwargs; line; line = line->next) {
140 if (! string_array_contains_keyword(syntax->allowed_keywords,
141 line->key)) {
142 tor_asprintf(error_out, "Unrecognized keyword argument %s",
143 escaped(line->key));
144 return -1;
145 }
146 }
147
148 return 0;
149 }
150
151 /**
152 * Helper: parse the arguments to a command according to <b>syntax</b>. On
153 * success, set *<b>error_out</b> to NULL and return a newly allocated
154 * control_cmd_args_t. On failure, set *<b>error_out</b> to newly allocated
155 * error string, and return NULL.
156 **/
157 STATIC control_cmd_args_t *
158 control_cmd_parse_args(const char *command,
159 const control_cmd_syntax_t *syntax,
160 size_t body_len,
161 const char *body,
162 char **error_out)
163 {
164 *error_out = NULL;
165 control_cmd_args_t *result = tor_malloc_zero(sizeof(control_cmd_args_t));
166 const char *cmdline;
167 char *cmdline_alloc = NULL;
168 tor_assert(syntax->max_args < INT_MAX || syntax->max_args == UINT_MAX);
169
170 result->command = command;
171
172 if (syntax->store_raw_body) {
173 tor_assert(body[body_len] == 0);
174 result->raw_body = body;
175 }
176
177 const char *eol = memchr(body, '\n', body_len);
178 if (syntax->want_cmddata) {
179 if (! eol || (eol+1) == body+body_len) {
180 *error_out = tor_strdup("Empty body");
181 goto err;
182 }
183 cmdline_alloc = tor_memdup_nulterm(body, eol-body);
184 cmdline = cmdline_alloc;
185 ++eol;
186 result->cmddata_len = read_escaped_data(eol, (body+body_len)-eol,
187 &result->cmddata);
188 } else {
189 if (eol && (eol+1) != body+body_len) {
190 *error_out = tor_strdup("Unexpected body");
191 goto err;
192 }
193 cmdline = body;
194 }
195
196 result->args = smartlist_new();
197 smartlist_split_string(result->args, cmdline, " ",
198 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK,
199 (int)(syntax->max_args+1));
200 size_t n_args = smartlist_len(result->args);
201 if (n_args < syntax->min_args) {
202 tor_asprintf(error_out, "Need at least %u argument(s)",
203 syntax->min_args);
204 goto err;
205 } else if (n_args > syntax->max_args && ! syntax->accept_keywords) {
206 tor_asprintf(error_out, "Cannot accept more than %u argument(s)",
207 syntax->max_args);
208 goto err;
209 }
210
211 if (n_args > syntax->max_args) {
212 /* We have extra arguments after the positional arguments, and we didn't
213 treat them as an error, so they must count as keyword arguments: Either
214 K=V pairs, or flags, or both. */
215 tor_assert(n_args == syntax->max_args + 1);
216 tor_assert(syntax->accept_keywords);
217 char *remainder = smartlist_pop_last(result->args);
218 result->kwargs = kvline_parse(remainder, syntax->kvline_flags);
219 tor_free(remainder);
220 if (kvline_check_keyword_args(result, syntax, error_out) < 0) {
221 goto err;
222 }
223 }
224
225 tor_assert_nonfatal(*error_out == NULL);
226 goto done;
227 err:
228 tor_assert_nonfatal(*error_out != NULL);
229 control_cmd_args_free(result);
230 done:
231 tor_free(cmdline_alloc);
232 return result;
233 }
234
235 /**
236 * Return true iff <b>lines</b> contains <b>flags</b> as a no-value
237 * (keyword-only) entry.
238 **/
239 static bool
240 config_lines_contain_flag(const config_line_t *lines, const char *flag)
241 {
242 const config_line_t *line = config_line_find_case(lines, flag);
243 return line && !strcmp(line->value, "");
244 }
245
246 static const control_cmd_syntax_t setconf_syntax = {
247 .max_args=0,
248 .accept_keywords=true,
249 .kvline_flags=KV_OMIT_VALS|KV_QUOTED,
250 };
251
252 /** Called when we receive a SETCONF message: parse the body and try
253 * to update our configuration. Reply with a DONE or ERROR message.
254 * Modifies the contents of body.*/
255 static int
256 handle_control_setconf(control_connection_t *conn,
257 const control_cmd_args_t *args)
258 {
259 return control_setconf_helper(conn, args, 0);
260 }
261
262 static const control_cmd_syntax_t resetconf_syntax = {
263 .max_args=0,
264 .accept_keywords=true,
265 .kvline_flags=KV_OMIT_VALS|KV_QUOTED,
266 };
267
268 /** Called when we receive a RESETCONF message: parse the body and try
269 * to update our configuration. Reply with a DONE or ERROR message.
270 * Modifies the contents of body. */
271 static int
272 handle_control_resetconf(control_connection_t *conn,
273 const control_cmd_args_t *args)
274 {
275 return control_setconf_helper(conn, args, 1);
276 }
277
278 static const control_cmd_syntax_t getconf_syntax = {
279 .max_args=UINT_MAX
280 };
281
282 /** Called when we receive a GETCONF message. Parse the request, and
283 * reply with a CONFVALUE or an ERROR message */
284 static int
285 handle_control_getconf(control_connection_t *conn,
286 const control_cmd_args_t *args)
287 {
288 const smartlist_t *questions = args->args;
289 smartlist_t *answers = smartlist_new();
290 smartlist_t *unrecognized = smartlist_new();
291 const or_options_t *options = get_options();
292
293 SMARTLIST_FOREACH_BEGIN(questions, const char *, q) {
294 if (!option_is_recognized(q)) {
295 control_reply_add_printf(unrecognized, 552,
296 "Unrecognized configuration key \"%s\"", q);
297 } else {
298 config_line_t *answer = option_get_assignment(options,q);
299 if (!answer) {
300 const char *name = option_get_canonical_name(q);
301 control_reply_add_one_kv(answers, 250, KV_OMIT_VALS, name, "");
302 }
303
304 while (answer) {
305 config_line_t *next;
306 control_reply_add_one_kv(answers, 250, KV_RAW, answer->key,
307 answer->value);
308 next = answer->next;
309 tor_free(answer->key);
310 tor_free(answer->value);
311 tor_free(answer);
312 answer = next;
313 }
314 }
315 } SMARTLIST_FOREACH_END(q);
316
317 if (smartlist_len(unrecognized)) {
318 control_write_reply_lines(conn, unrecognized);
319 } else if (smartlist_len(answers)) {
320 control_write_reply_lines(conn, answers);
321 } else {
322 send_control_done(conn);
323 }
324
325 control_reply_free(answers);
326 control_reply_free(unrecognized);
327 return 0;
328 }
329
330 static const control_cmd_syntax_t loadconf_syntax = {
331 .want_cmddata = true
332 };
333
334 /** Called when we get a +LOADCONF message. */
335 static int
336 handle_control_loadconf(control_connection_t *conn,
337 const control_cmd_args_t *args)
338 {
339 setopt_err_t retval;
340 char *errstring = NULL;
341
342 retval = options_init_from_string(NULL, args->cmddata,
343 CMD_RUN_TOR, NULL, &errstring);
344
345 if (retval != SETOPT_OK)
346 log_warn(LD_CONTROL,
347 "Controller gave us config file that didn't validate: %s",
348 errstring);
349
350 #define SEND_ERRMSG(code, msg) \
351 control_printf_endreply(conn, code, msg "%s%s", \
352 errstring ? ": " : "", \
353 errstring ? errstring : "")
354 switch (retval) {
355 case SETOPT_ERR_PARSE:
356 SEND_ERRMSG(552, "Invalid config file");
357 break;
358 case SETOPT_ERR_TRANSITION:
359 SEND_ERRMSG(553, "Transition not allowed");
360 break;
361 case SETOPT_ERR_SETTING:
362 SEND_ERRMSG(553, "Unable to set option");
363 break;
364 case SETOPT_ERR_MISC:
365 default:
366 SEND_ERRMSG(550, "Unable to load config");
367 break;
368 case SETOPT_OK:
369 send_control_done(conn);
370 break;
371 }
372 #undef SEND_ERRMSG
373 tor_free(errstring);
374 return 0;
375 }
376
377 static const control_cmd_syntax_t setevents_syntax = {
378 .max_args = UINT_MAX
379 };
380
381 /** Called when we get a SETEVENTS message: update conn->event_mask,
382 * and reply with DONE or ERROR. */
383 static int
384 handle_control_setevents(control_connection_t *conn,
385 const control_cmd_args_t *args)
386 {
387 int event_code;
388 event_mask_t event_mask = 0;
389 const smartlist_t *events = args->args;
390
391 SMARTLIST_FOREACH_BEGIN(events, const char *, ev)
392 {
393 if (!strcasecmp(ev, "EXTENDED") ||
394 !strcasecmp(ev, "AUTHDIR_NEWDESCS")) {
395 log_warn(LD_CONTROL, "The \"%s\" SETEVENTS argument is no longer "
396 "supported.", ev);
397 continue;
398 } else {
399 int i;
400 event_code = -1;
401
402 for (i = 0; control_event_table[i].event_name != NULL; ++i) {
403 if (!strcasecmp(ev, control_event_table[i].event_name)) {
404 event_code = control_event_table[i].event_code;
405 break;
406 }
407 }
408
409 if (event_code == -1) {
410 control_printf_endreply(conn, 552, "Unrecognized event \"%s\"", ev);
411 return 0;
412 }
413 }
414 event_mask |= (((event_mask_t)1) << event_code);
415 }
416 SMARTLIST_FOREACH_END(ev);
417
418 conn->event_mask = event_mask;
419
420 control_update_global_event_mask();
421 send_control_done(conn);
422 return 0;
423 }
424
425 static const control_cmd_syntax_t saveconf_syntax = {
426 .max_args = 0,
427 .accept_keywords = true,
428 .kvline_flags=KV_OMIT_VALS,
429 };
430
431 /** Called when we get a SAVECONF command. Try to flush the current options to
432 * disk, and report success or failure. */
433 static int
434 handle_control_saveconf(control_connection_t *conn,
435 const control_cmd_args_t *args)
436 {
437 bool force = config_lines_contain_flag(args->kwargs, "FORCE");
438 const or_options_t *options = get_options();
439 if ((!force && options->IncludeUsed) || options_save_current() < 0) {
440 control_write_endreply(conn, 551,
441 "Unable to write configuration to disk.");
442 } else {
443 send_control_done(conn);
444 }
445 return 0;
446 }
447
448 static const control_cmd_syntax_t signal_syntax = {
449 .min_args = 1,
450 .max_args = 1,
451 };
452
453 /** Called when we get a SIGNAL command. React to the provided signal, and
454 * report success or failure. (If the signal results in a shutdown, success
455 * may not be reported.) */
456 static int
457 handle_control_signal(control_connection_t *conn,
458 const control_cmd_args_t *args)
459 {
460 int sig = -1;
461 int i;
462
463 tor_assert(smartlist_len(args->args) == 1);
464 const char *s = smartlist_get(args->args, 0);
465
466 for (i = 0; signal_table[i].signal_name != NULL; ++i) {
467 if (!strcasecmp(s, signal_table[i].signal_name)) {
468 sig = signal_table[i].sig;
469 break;
470 }
471 }
472
473 if (sig < 0)
474 control_printf_endreply(conn, 552, "Unrecognized signal code \"%s\"", s);
475 if (sig < 0)
476 return 0;
477
478 send_control_done(conn);
479 /* Flush the "done" first if the signal might make us shut down. */
480 if (sig == SIGTERM || sig == SIGINT)
481 connection_flush(TO_CONN(conn));
482
483 activate_signal(sig);
484
485 return 0;
486 }
487
488 static const control_cmd_syntax_t takeownership_syntax = {
489 .max_args = UINT_MAX, // This should probably become zero. XXXXX
490 };
491
492 /** Called when we get a TAKEOWNERSHIP command. Mark this connection
493 * as an owning connection, so that we will exit if the connection
494 * closes. */
495 static int
496 handle_control_takeownership(control_connection_t *conn,
497 const control_cmd_args_t *args)
498 {
499 (void)args;
500
501 conn->is_owning_control_connection = 1;
502
503 log_info(LD_CONTROL, "Control connection %d has taken ownership of this "
504 "Tor instance.",
505 (int)(conn->base_.s));
506
507 send_control_done(conn);
508 return 0;
509 }
510
511 static const control_cmd_syntax_t dropownership_syntax = {
512 .max_args = UINT_MAX, // This should probably become zero. XXXXX
513 };
514
515 /** Called when we get a DROPOWNERSHIP command. Mark this connection
516 * as a non-owning connection, so that we will not exit if the connection
517 * closes. */
518 static int
519 handle_control_dropownership(control_connection_t *conn,
520 const control_cmd_args_t *args)
521 {
522 (void)args;
523
524 conn->is_owning_control_connection = 0;
525
526 log_info(LD_CONTROL, "Control connection %d has dropped ownership of this "
527 "Tor instance.",
528 (int)(conn->base_.s));
529
530 send_control_done(conn);
531 return 0;
532 }
533
534 /** Given a text circuit <b>id</b>, return the corresponding circuit. */
535 static origin_circuit_t *
536 get_circ(const char *id)
537 {
538 uint32_t n_id;
539 int ok;
540 n_id = (uint32_t) tor_parse_ulong(id, 10, 0, UINT32_MAX, &ok, NULL);
541 if (!ok)
542 return NULL;
543 return circuit_get_by_global_id(n_id);
544 }
545
546 /** Given a text stream <b>id</b>, return the corresponding AP connection. */
547 static entry_connection_t *
548 get_stream(const char *id)
549 {
550 uint64_t n_id;
551 int ok;
552 connection_t *conn;
553 n_id = tor_parse_uint64(id, 10, 0, UINT64_MAX, &ok, NULL);
554 if (!ok)
555 return NULL;
556 conn = connection_get_by_global_id(n_id);
557 if (!conn || conn->type != CONN_TYPE_AP || conn->marked_for_close)
558 return NULL;
559 return TO_ENTRY_CONN(conn);
560 }
561
562 /** Helper for setconf and resetconf. Acts like setconf, except
563 * it passes <b>use_defaults</b> on to options_trial_assign(). Modifies the
564 * contents of body.
565 */
566 static int
567 control_setconf_helper(control_connection_t *conn,
568 const control_cmd_args_t *args,
569 int use_defaults)
570 {
571 setopt_err_t opt_err;
572 char *errstring = NULL;
573 const unsigned flags =
574 CAL_CLEAR_FIRST | (use_defaults ? CAL_USE_DEFAULTS : 0);
575
576 // We need a copy here, since confmgt.c wants to canonicalize cases.
577 config_line_t *lines = config_lines_dup(args->kwargs);
578
579 opt_err = options_trial_assign(lines, flags, &errstring);
580 {
581 #define SEND_ERRMSG(code, msg) \
582 control_printf_endreply(conn, code, msg ": %s", errstring);
583
584 switch (opt_err) {
585 case SETOPT_ERR_MISC:
586 SEND_ERRMSG(552, "Unrecognized option");
587 break;
588 case SETOPT_ERR_PARSE:
589 SEND_ERRMSG(513, "Unacceptable option value");
590 break;
591 case SETOPT_ERR_TRANSITION:
592 SEND_ERRMSG(553, "Transition not allowed");
593 break;
594 case SETOPT_ERR_SETTING:
595 default:
596 SEND_ERRMSG(553, "Unable to set option");
597 break;
598 case SETOPT_OK:
599 config_free_lines(lines);
600 send_control_done(conn);
601 return 0;
602 }
603 #undef SEND_ERRMSG
604 log_warn(LD_CONTROL,
605 "Controller gave us config lines that didn't validate: %s",
606 errstring);
607 config_free_lines(lines);
608 tor_free(errstring);
609 return 0;
610 }
611 }
612
613 /** Return true iff <b>addr</b> is unusable as a mapaddress target because of
614 * containing funny characters. */
615 static int
616 address_is_invalid_mapaddress_target(const char *addr)
617 {
618 if (!strcmpstart(addr, "*."))
619 return address_is_invalid_destination(addr+2, 1);
620 else
621 return address_is_invalid_destination(addr, 1);
622 }
623
624 static const control_cmd_syntax_t mapaddress_syntax = {
625 // no positional arguments are expected
626 .max_args=0,
627 // an arbitrary number of K=V entries are supported.
628 .accept_keywords=true,
629 };
630
631 /** Called when we get a MAPADDRESS command; try to bind all listed addresses,
632 * and report success or failure. */
633 static int
634 handle_control_mapaddress(control_connection_t *conn,
635 const control_cmd_args_t *args)
636 {
637 smartlist_t *reply;
638 char *r;
639 size_t sz;
640
641 reply = smartlist_new();
642 const config_line_t *line;
643 for (line = args->kwargs; line; line = line->next) {
644 const char *from = line->key;
645 const char *to = line->value;
646 {
647 if (address_is_invalid_mapaddress_target(to)) {
648 smartlist_add_asprintf(reply,
649 "512-syntax error: invalid address '%s'", to);
650 log_warn(LD_CONTROL,
651 "Skipping invalid argument '%s' in MapAddress msg", to);
652 } else if (!strcmp(from, ".") || !strcmp(from, "0.0.0.0") ||
653 !strcmp(from, "::")) {
654 const char type =
655 !strcmp(from,".") ? RESOLVED_TYPE_HOSTNAME :
656 (!strcmp(from, "0.0.0.0") ? RESOLVED_TYPE_IPV4 : RESOLVED_TYPE_IPV6);
657 const char *address = addressmap_register_virtual_address(
658 type, tor_strdup(to));
659 if (!address) {
660 smartlist_add_asprintf(reply,
661 "451-resource exhausted: skipping '%s=%s'", from,to);
662 log_warn(LD_CONTROL,
663 "Unable to allocate address for '%s' in MapAddress msg",
664 safe_str_client(to));
665 } else {
666 smartlist_add_asprintf(reply, "250-%s=%s", address, to);
667 }
668 } else {
669 const char *msg;
670 if (addressmap_register_auto(from, to, 1,
671 ADDRMAPSRC_CONTROLLER, &msg) < 0) {
672 smartlist_add_asprintf(reply,
673 "512-syntax error: invalid address mapping "
674 " '%s=%s': %s", from, to, msg);
675 log_warn(LD_CONTROL,
676 "Skipping invalid argument '%s=%s' in MapAddress msg: %s",
677 from, to, msg);
678 } else {
679 smartlist_add_asprintf(reply, "250-%s=%s", from, to);
680 }
681 }
682 }
683 }
684
685 if (smartlist_len(reply)) {
686 ((char*)smartlist_get(reply,smartlist_len(reply)-1))[3] = ' ';
687 r = smartlist_join_strings(reply, "\r\n", 1, &sz);
688 connection_buf_add(r, sz, TO_CONN(conn));
689 tor_free(r);
690 } else {
691 control_write_endreply(conn, 512, "syntax error: "
692 "not enough arguments to mapaddress.");
693 }
694
695 SMARTLIST_FOREACH(reply, char *, cp, tor_free(cp));
696 smartlist_free(reply);
697 return 0;
698 }
699
700 /** Given a string, convert it to a circuit purpose. */
701 static uint8_t
702 circuit_purpose_from_string(const char *string)
703 {
704 if (!strcasecmpstart(string, "purpose="))
705 string += strlen("purpose=");
706
707 if (!strcasecmp(string, "general"))
708 return CIRCUIT_PURPOSE_C_GENERAL;
709 else if (!strcasecmp(string, "controller"))
710 return CIRCUIT_PURPOSE_CONTROLLER;
711 else
712 return CIRCUIT_PURPOSE_UNKNOWN;
713 }
714
715 static const control_cmd_syntax_t extendcircuit_syntax = {
716 .min_args=1,
717 .max_args=1, // see note in function
718 .accept_keywords=true,
719 .kvline_flags=KV_OMIT_VALS
720 };
721
722 /** Called when we get an EXTENDCIRCUIT message. Try to extend the listed
723 * circuit, and report success or failure. */
724 static int
725 handle_control_extendcircuit(control_connection_t *conn,
726 const control_cmd_args_t *args)
727 {
728 smartlist_t *router_nicknames=smartlist_new(), *nodes=NULL;
729 origin_circuit_t *circ = NULL;
730 uint8_t intended_purpose = CIRCUIT_PURPOSE_C_GENERAL;
731 const config_line_t *kwargs = args->kwargs;
732 const char *circ_id = smartlist_get(args->args, 0);
733 const char *path_str = NULL;
734 char *path_str_alloc = NULL;
735
736 /* The syntax for this command is unfortunate. The second argument is
737 optional, and is a comma-separated list long-format fingerprints, which
738 can (historically!) contain an equals sign.
739
740 Here we check the second argument to see if it's a path, and if so we
741 remove it from the kwargs list and put it in path_str.
742 */
743 if (kwargs) {
744 const config_line_t *arg1 = kwargs;
745 if (!strcmp(arg1->value, "")) {
746 path_str = arg1->key;
747 kwargs = kwargs->next;
748 } else if (arg1->key[0] == '$') {
749 tor_asprintf(&path_str_alloc, "%s=%s", arg1->key, arg1->value);
750 path_str = path_str_alloc;
751 kwargs = kwargs->next;
752 }
753 }
754
755 const config_line_t *purpose_line = config_line_find_case(kwargs, "PURPOSE");
756 bool zero_circ = !strcmp("0", circ_id);
757
758 if (purpose_line) {
759 intended_purpose = circuit_purpose_from_string(purpose_line->value);
760 if (intended_purpose == CIRCUIT_PURPOSE_UNKNOWN) {
761 control_printf_endreply(conn, 552, "Unknown purpose \"%s\"",
762 purpose_line->value);
763 goto done;
764 }
765 }
766
767 if (zero_circ) {
768 if (!path_str) {
769 // "EXTENDCIRCUIT 0" with no path.
770 circ = circuit_launch(intended_purpose, CIRCLAUNCH_NEED_CAPACITY);
771 if (!circ) {
772 control_write_endreply(conn, 551, "Couldn't start circuit");
773 } else {
774 control_printf_endreply(conn, 250, "EXTENDED %lu",
775 (unsigned long)circ->global_identifier);
776 }
777 goto done;
778 }
779 }
780
781 if (!zero_circ && !(circ = get_circ(circ_id))) {
782 control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id);
783 goto done;
784 }
785
786 if (!path_str) {
787 control_write_endreply(conn, 512, "syntax error: path required.");
788 goto done;
789 }
790
791 smartlist_split_string(router_nicknames, path_str, ",", 0, 0);
792
793 nodes = smartlist_new();
794 bool first_node = zero_circ;
795 SMARTLIST_FOREACH_BEGIN(router_nicknames, const char *, n) {
796 const node_t *node = node_get_by_nickname(n, 0);
797 if (!node) {
798 control_printf_endreply(conn, 552, "No such router \"%s\"", n);
799 goto done;
800 }
801 if (!node_has_preferred_descriptor(node, first_node)) {
802 control_printf_endreply(conn, 552, "No descriptor for \"%s\"", n);
803 goto done;
804 }
805 smartlist_add(nodes, (void*)node);
806 first_node = false;
807 } SMARTLIST_FOREACH_END(n);
808
809 if (!smartlist_len(nodes)) {
810 control_write_endreply(conn, 512, "No router names provided");
811 goto done;
812 }
813
814 if (zero_circ) {
815 /* start a new circuit */
816 circ = origin_circuit_init(intended_purpose, 0);
817 circ->first_hop_from_controller = 1;
818 }
819
820 circ->any_hop_from_controller = 1;
821
822 /* now circ refers to something that is ready to be extended */
823 first_node = zero_circ;
824 SMARTLIST_FOREACH(nodes, const node_t *, node,
825 {
826 /* We treat every hop as an exit to try to negotiate congestion
827 * control, because we have no idea which hop the controller wil
828 * try to use for streams and when */
829 extend_info_t *info = extend_info_from_node(node, first_node, true);
830 if (!info) {
831 tor_assert_nonfatal(first_node);
832 log_warn(LD_CONTROL,
833 "controller tried to connect to a node that lacks a suitable "
834 "descriptor, or which doesn't have any "
835 "addresses that are allowed by the firewall configuration; "
836 "circuit marked for closing.");
837 circuit_mark_for_close(TO_CIRCUIT(circ), -END_CIRC_REASON_CONNECTFAILED);
838 control_write_endreply(conn, 551, "Couldn't start circuit");
839 goto done;
840 }
841 circuit_append_new_exit(circ, info);
842 if (circ->build_state->desired_path_len > 1) {
843 circ->build_state->onehop_tunnel = 0;
844 }
845 extend_info_free(info);
846 first_node = 0;
847 });
848
849 /* now that we've populated the cpath, start extending */
850 if (zero_circ) {
851 int err_reason = 0;
852 if ((err_reason = circuit_handle_first_hop(circ)) < 0) {
853 circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason);
854 control_write_endreply(conn, 551, "Couldn't start circuit");
855 goto done;
856 }
857 } else {
858 if (circ->base_.state == CIRCUIT_STATE_OPEN ||
859 circ->base_.state == CIRCUIT_STATE_GUARD_WAIT) {
860 int err_reason = 0;
861 circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_BUILDING);
862 if ((err_reason = circuit_send_next_onion_skin(circ)) < 0) {
863 log_info(LD_CONTROL,
864 "send_next_onion_skin failed; circuit marked for closing.");
865 circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason);
866 control_write_endreply(conn, 551, "Couldn't send onion skin");
867 goto done;
868 }
869 }
870 }
871
872 control_printf_endreply(conn, 250, "EXTENDED %lu",
873 (unsigned long)circ->global_identifier);
874 if (zero_circ) /* send a 'launched' event, for completeness */
875 circuit_event_status(circ, CIRC_EVENT_LAUNCHED, 0);
876 done:
877 SMARTLIST_FOREACH(router_nicknames, char *, n, tor_free(n));
878 smartlist_free(router_nicknames);
879 smartlist_free(nodes);
880 tor_free(path_str_alloc);
881 return 0;
882 }
883
884 static const control_cmd_syntax_t setcircuitpurpose_syntax = {
885 .max_args=1,
886 .accept_keywords=true,
887 };
888
889 /** Called when we get a SETCIRCUITPURPOSE message. If we can find the
890 * circuit and it's a valid purpose, change it. */
891 static int
892 handle_control_setcircuitpurpose(control_connection_t *conn,
893 const control_cmd_args_t *args)
894 {
895 origin_circuit_t *circ = NULL;
896 uint8_t new_purpose;
897 const char *circ_id = smartlist_get(args->args,0);
898
899 if (!(circ = get_circ(circ_id))) {
900 control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id);
901 goto done;
902 }
903
904 {
905 const config_line_t *purp = config_line_find_case(args->kwargs, "PURPOSE");
906 if (!purp) {
907 control_write_endreply(conn, 552, "No purpose given");
908 goto done;
909 }
910 new_purpose = circuit_purpose_from_string(purp->value);
911 if (new_purpose == CIRCUIT_PURPOSE_UNKNOWN) {
912 control_printf_endreply(conn, 552, "Unknown purpose \"%s\"",
913 purp->value);
914 goto done;
915 }
916 }
917
918 circuit_change_purpose(TO_CIRCUIT(circ), new_purpose);
919 send_control_done(conn);
920
921 done:
922 return 0;
923 }
924
925 static const char *attachstream_keywords[] = {
926 "HOP", NULL
927 };
928 static const control_cmd_syntax_t attachstream_syntax = {
929 .min_args=2, .max_args=2,
930 .accept_keywords=true,
931 .allowed_keywords=attachstream_keywords
932 };
933
934 /** Called when we get an ATTACHSTREAM message. Try to attach the requested
935 * stream, and report success or failure. */
936 static int
937 handle_control_attachstream(control_connection_t *conn,
938 const control_cmd_args_t *args)
939 {
940 entry_connection_t *ap_conn = NULL;
941 origin_circuit_t *circ = NULL;
942 crypt_path_t *cpath=NULL;
943 int hop=0, hop_line_ok=1;
944 const char *stream_id = smartlist_get(args->args, 0);
945 const char *circ_id = smartlist_get(args->args, 1);
946 int zero_circ = !strcmp(circ_id, "0");
947 const config_line_t *hoparg = config_line_find_case(args->kwargs, "HOP");
948
949 if (!(ap_conn = get_stream(stream_id))) {
950 control_printf_endreply(conn, 552, "Unknown stream \"%s\"", stream_id);
951 return 0;
952 } else if (!zero_circ && !(circ = get_circ(circ_id))) {
953 control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id);
954 return 0;
955 } else if (circ) {
956 if (hoparg) {
957 hop = (int) tor_parse_ulong(hoparg->value, 10, 0, INT_MAX,
958 &hop_line_ok, NULL);
959 if (!hop_line_ok) { /* broken hop line */
960 control_printf_endreply(conn, 552, "Bad value hop=%s",
961 hoparg->value);
962 return 0;
963 }
964 }
965 }
966
967 if (ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONTROLLER_WAIT &&
968 ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONNECT_WAIT &&
969 ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_RESOLVE_WAIT) {
970 control_write_endreply(conn, 555,
971 "Connection is not managed by controller.");
972 return 0;
973 }
974
975 /* Do we need to detach it first? */
976 if (ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONTROLLER_WAIT) {
977 edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(ap_conn);
978 circuit_t *tmpcirc = circuit_get_by_edge_conn(edge_conn);
979 connection_edge_end(edge_conn, END_STREAM_REASON_TIMEOUT);
980 /* Un-mark it as ending, since we're going to reuse it. */
981 edge_conn->edge_has_sent_end = 0;
982 edge_conn->end_reason = 0;
983 if (tmpcirc)
984 circuit_detach_stream(tmpcirc, edge_conn);
985 connection_entry_set_controller_wait(ap_conn);
986 }
987
988 if (circ && (circ->base_.state != CIRCUIT_STATE_OPEN)) {
989 control_write_endreply(conn, 551,
990 "Can't attach stream to non-open origin circuit");
991 return 0;
992 }
993 /* Is this a single hop circuit? */
994 if (circ && (circuit_get_cpath_len(circ)<2 || hop==1)) {
995 control_write_endreply(conn, 551,
996 "Can't attach stream to this one-hop circuit.");
997 return 0;
998 }
999
1000 if (circ && hop>0) {
1001 /* find this hop in the circuit, and set cpath */
1002 cpath = circuit_get_cpath_hop(circ, hop);
1003 if (!cpath) {
1004 control_printf_endreply(conn, 551, "Circuit doesn't have %d hops.", hop);
1005 return 0;
1006 }
1007 }
1008 if (connection_ap_handshake_rewrite_and_attach(ap_conn, circ, cpath) < 0) {
1009 control_write_endreply(conn, 551, "Unable to attach stream");
1010 return 0;
1011 }
1012 send_control_done(conn);
1013 return 0;
1014 }
1015
1016 static const char *postdescriptor_keywords[] = {
1017 "cache", "purpose", NULL,
1018 };
1019
1020 static const control_cmd_syntax_t postdescriptor_syntax = {
1021 .max_args = 0,
1022 .accept_keywords = true,
1023 .allowed_keywords = postdescriptor_keywords,
1024 .want_cmddata = true,
1025 };
1026
1027 /** Called when we get a POSTDESCRIPTOR message. Try to learn the provided
1028 * descriptor, and report success or failure. */
1029 static int
1030 handle_control_postdescriptor(control_connection_t *conn,
1031 const control_cmd_args_t *args)
1032 {
1033 const char *msg=NULL;
1034 uint8_t purpose = ROUTER_PURPOSE_GENERAL;
1035 int cache = 0; /* eventually, we may switch this to 1 */
1036 const config_line_t *line;
1037
1038 line = config_line_find_case(args->kwargs, "purpose");
1039 if (line) {
1040 purpose = router_purpose_from_string(line->value);
1041 if (purpose == ROUTER_PURPOSE_UNKNOWN) {
1042 control_printf_endreply(conn, 552, "Unknown purpose \"%s\"",
1043 line->value);
1044 goto done;
1045 }
1046 }
1047 line = config_line_find_case(args->kwargs, "cache");
1048 if (line) {
1049 if (!strcasecmp(line->value, "no"))
1050 cache = 0;
1051 else if (!strcasecmp(line->value, "yes"))
1052 cache = 1;
1053 else {
1054 control_printf_endreply(conn, 552, "Unknown cache request \"%s\"",
1055 line->value);
1056 goto done;
1057 }
1058 }
1059
1060 switch (router_load_single_router(args->cmddata, purpose, cache, &msg)) {
1061 case -1:
1062 if (!msg) msg = "Could not parse descriptor";
1063 control_write_endreply(conn, 554, msg);
1064 break;
1065 case 0:
1066 if (!msg) msg = "Descriptor not added";
1067 control_write_endreply(conn, 251, msg);
1068 break;
1069 case 1:
1070 send_control_done(conn);
1071 break;
1072 }
1073
1074 done:
1075 return 0;
1076 }
1077
1078 static const control_cmd_syntax_t redirectstream_syntax = {
1079 .min_args = 2,
1080 .max_args = UINT_MAX, // XXX should be 3.
1081 };
1082
1083 /** Called when we receive a REDIRECTSTREAM command. Try to change the target
1084 * address of the named AP stream, and report success or failure. */
1085 static int
1086 handle_control_redirectstream(control_connection_t *conn,
1087 const control_cmd_args_t *cmd_args)
1088 {
1089 entry_connection_t *ap_conn = NULL;
1090 char *new_addr = NULL;
1091 uint16_t new_port = 0;
1092 const smartlist_t *args = cmd_args->args;
1093
1094 if (!(ap_conn = get_stream(smartlist_get(args, 0)))
1095 || !ap_conn->socks_request) {
1096 control_printf_endreply(conn, 552, "Unknown stream \"%s\"",
1097 (char*)smartlist_get(args, 0));
1098 } else {
1099 int ok = 1;
1100 if (smartlist_len(args) > 2) { /* they included a port too */
1101 new_port = (uint16_t) tor_parse_ulong(smartlist_get(args, 2),
1102 10, 1, 65535, &ok, NULL);
1103 }
1104 if (!ok) {
1105 control_printf_endreply(conn, 512, "Cannot parse port \"%s\"",
1106 (char*)smartlist_get(args, 2));
1107 } else {
1108 new_addr = tor_strdup(smartlist_get(args, 1));
1109 }
1110 }
1111
1112 if (!new_addr)
1113 return 0;
1114
1115 strlcpy(ap_conn->socks_request->address, new_addr,
1116 sizeof(ap_conn->socks_request->address));
1117 if (new_port)
1118 ap_conn->socks_request->port = new_port;
1119 tor_free(new_addr);
1120 send_control_done(conn);
1121 return 0;
1122 }
1123
1124 static const control_cmd_syntax_t closestream_syntax = {
1125 .min_args = 2,
1126 .max_args = UINT_MAX, /* XXXX This is the original behavior, but
1127 * maybe we should change the spec. */
1128 };
1129
1130 /** Called when we get a CLOSESTREAM command; try to close the named stream
1131 * and report success or failure. */
1132 static int
1133 handle_control_closestream(control_connection_t *conn,
1134 const control_cmd_args_t *cmd_args)
1135 {
1136 entry_connection_t *ap_conn=NULL;
1137 uint8_t reason=0;
1138 int ok;
1139 const smartlist_t *args = cmd_args->args;
1140
1141 tor_assert(smartlist_len(args) >= 2);
1142
1143 if (!(ap_conn = get_stream(smartlist_get(args, 0))))
1144 control_printf_endreply(conn, 552, "Unknown stream \"%s\"",
1145 (char*)smartlist_get(args, 0));
1146 else {
1147 reason = (uint8_t) tor_parse_ulong(smartlist_get(args,1), 10, 0, 255,
1148 &ok, NULL);
1149 if (!ok) {
1150 control_printf_endreply(conn, 552, "Unrecognized reason \"%s\"",
1151 (char*)smartlist_get(args, 1));
1152 ap_conn = NULL;
1153 }
1154 }
1155 if (!ap_conn)
1156 return 0;
1157
1158 connection_mark_unattached_ap(ap_conn, reason);
1159 send_control_done(conn);
1160 return 0;
1161 }
1162
1163 static const control_cmd_syntax_t closecircuit_syntax = {
1164 .min_args=1, .max_args=1,
1165 .accept_keywords=true,
1166 .kvline_flags=KV_OMIT_VALS,
1167 // XXXX we might want to exclude unrecognized flags, but for now we
1168 // XXXX just ignore them for backward compatibility.
1169 };
1170
1171 /** Called when we get a CLOSECIRCUIT command; try to close the named circuit
1172 * and report success or failure. */
1173 static int
1174 handle_control_closecircuit(control_connection_t *conn,
1175 const control_cmd_args_t *args)
1176 {
1177 const char *circ_id = smartlist_get(args->args, 0);
1178 origin_circuit_t *circ = NULL;
1179
1180 if (!(circ=get_circ(circ_id))) {
1181 control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id);
1182 return 0;
1183 }
1184
1185 bool safe = config_lines_contain_flag(args->kwargs, "IfUnused");
1186
1187 if (!safe || !circ->p_streams) {
1188 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_REQUESTED);
1189 }
1190
1191 send_control_done(conn);
1192 return 0;
1193 }
1194
1195 static const control_cmd_syntax_t resolve_syntax = {
1196 .max_args=0,
1197 .accept_keywords=true,
1198 .kvline_flags=KV_OMIT_VALS,
1199 };
1200
1201 /** Called when we get a RESOLVE command: start trying to resolve
1202 * the listed addresses. */
1203 static int
1204 handle_control_resolve(control_connection_t *conn,
1205 const control_cmd_args_t *args)
1206 {
1207 smartlist_t *failed;
1208 int is_reverse = 0;
1209
1210 if (!(conn->event_mask & (((event_mask_t)1)<<EVENT_ADDRMAP))) {
1211 log_warn(LD_CONTROL, "Controller asked us to resolve an address, but "
1212 "isn't listening for ADDRMAP events. It probably won't see "
1213 "the answer.");
1214 }
1215
1216 {
1217 const config_line_t *modearg = config_line_find_case(args->kwargs, "mode");
1218 if (modearg && !strcasecmp(modearg->value, "reverse"))
1219 is_reverse = 1;
1220 }
1221 failed = smartlist_new();
1222 for (const config_line_t *line = args->kwargs; line; line = line->next) {
1223 if (!strlen(line->value)) {
1224 const char *addr = line->key;
1225 if (dnsserv_launch_request(addr, is_reverse, conn)<0)
1226 smartlist_add(failed, (char*)addr);
1227 } else {
1228 // XXXX arguably we should reject unrecognized keyword arguments,
1229 // XXXX but the old implementation didn't do that.
1230 }
1231 }
1232
1233 send_control_done(conn);
1234 SMARTLIST_FOREACH(failed, const char *, arg, {
1235 control_event_address_mapped(arg, arg, time(NULL),
1236 "internal", 0, 0);
1237 });
1238
1239 smartlist_free(failed);
1240 return 0;
1241 }
1242
1243 static const control_cmd_syntax_t protocolinfo_syntax = {
1244 .max_args = UINT_MAX
1245 };
1246
1247 /** Return a comma-separated list of authentication methods for
1248 handle_control_protocolinfo(). Caller must free this string. */
1249 static char *
1250 get_authmethods(const or_options_t *options)
1251 {
1252 int cookies = options->CookieAuthentication;
1253 char *methods;
1254 int passwd = (options->HashedControlPassword != NULL ||
1255 options->HashedControlSessionPassword != NULL);
1256 smartlist_t *mlist = smartlist_new();
1257
1258 if (cookies) {
1259 smartlist_add(mlist, (char*)"COOKIE");
1260 smartlist_add(mlist, (char*)"SAFECOOKIE");
1261 }
1262 if (passwd)
1263 smartlist_add(mlist, (char*)"HASHEDPASSWORD");
1264 if (!cookies && !passwd)
1265 smartlist_add(mlist, (char*)"NULL");
1266 methods = smartlist_join_strings(mlist, ",", 0, NULL);
1267 smartlist_free(mlist);
1268
1269 return methods;
1270 }
1271
1272 /** Return escaped cookie filename. Caller must free this string.
1273 Return NULL if cookie authentication is disabled. */
1274 static char *
1275 get_esc_cfile(const or_options_t *options)
1276 {
1277 char *cfile = NULL, *abs_cfile = NULL, *esc_cfile = NULL;
1278
1279 if (!options->CookieAuthentication)
1280 return NULL;
1281
1282 cfile = get_controller_cookie_file_name();
1283 abs_cfile = make_path_absolute(cfile);
1284 esc_cfile = esc_for_log(abs_cfile);
1285 tor_free(cfile);
1286 tor_free(abs_cfile);
1287 return esc_cfile;
1288 }
1289
1290 /** Compose the auth methods line of a PROTOCOLINFO reply. */
1291 static void
1292 add_authmethods(smartlist_t *reply)
1293 {
1294 const or_options_t *options = get_options();
1295 char *methods = get_authmethods(options);
1296 char *esc_cfile = get_esc_cfile(options);
1297
1298 control_reply_add_str(reply, 250, "AUTH");
1299 control_reply_append_kv(reply, "METHODS", methods);
1300 if (esc_cfile)
1301 control_reply_append_kv(reply, "COOKIEFILE", esc_cfile);
1302
1303 tor_free(methods);
1304 tor_free(esc_cfile);
1305 }
1306
1307 /** Called when we get a PROTOCOLINFO command: send back a reply. */
1308 static int
1309 handle_control_protocolinfo(control_connection_t *conn,
1310 const control_cmd_args_t *cmd_args)
1311 {
1312 const char *bad_arg = NULL;
1313 const smartlist_t *args = cmd_args->args;
1314 smartlist_t *reply = NULL;
1315
1316 conn->have_sent_protocolinfo = 1;
1317
1318 SMARTLIST_FOREACH(args, const char *, arg, {
1319 int ok;
1320 tor_parse_long(arg, 10, 0, LONG_MAX, &ok, NULL);
1321 if (!ok) {
1322 bad_arg = arg;
1323 break;
1324 }
1325 });
1326 if (bad_arg) {
1327 control_printf_endreply(conn, 513, "No such version %s",
1328 escaped(bad_arg));
1329 /* Don't tolerate bad arguments when not authenticated. */
1330 if (!STATE_IS_OPEN(TO_CONN(conn)->state))
1331 connection_mark_for_close(TO_CONN(conn));
1332 return 0;
1333 }
1334 reply = smartlist_new();
1335 control_reply_add_str(reply, 250, "PROTOCOLINFO 1");
1336 add_authmethods(reply);
1337 control_reply_add_str(reply, 250, "VERSION");
1338 control_reply_append_kv(reply, "Tor", escaped(VERSION));
1339 control_reply_add_done(reply);
1340
1341 control_write_reply_lines(conn, reply);
1342 control_reply_free(reply);
1343 return 0;
1344 }
1345
1346 static const control_cmd_syntax_t usefeature_syntax = {
1347 .max_args = UINT_MAX
1348 };
1349
1350 /** Called when we get a USEFEATURE command: parse the feature list, and
1351 * set up the control_connection's options properly. */
1352 static int
1353 handle_control_usefeature(control_connection_t *conn,
1354 const control_cmd_args_t *cmd_args)
1355 {
1356 const smartlist_t *args = cmd_args->args;
1357 int bad = 0;
1358 SMARTLIST_FOREACH_BEGIN(args, const char *, arg) {
1359 if (!strcasecmp(arg, "VERBOSE_NAMES"))
1360 ;
1361 else if (!strcasecmp(arg, "EXTENDED_EVENTS"))
1362 ;
1363 else {
1364 control_printf_endreply(conn, 552, "Unrecognized feature \"%s\"",
1365 arg);
1366 bad = 1;
1367 break;
1368 }
1369 } SMARTLIST_FOREACH_END(arg);
1370
1371 if (!bad) {
1372 send_control_done(conn);
1373 }
1374
1375 return 0;
1376 }
1377
1378 static const control_cmd_syntax_t dropguards_syntax = {
1379 .max_args = 0,
1380 };
1381
1382 /** Implementation for the DROPGUARDS command. */
1383 static int
1384 handle_control_dropguards(control_connection_t *conn,
1385 const control_cmd_args_t *args)
1386 {
1387 (void) args; /* We don't take arguments. */
1388
1389 static int have_warned = 0;
1390 if (! have_warned) {
1391 log_warn(LD_CONTROL, "DROPGUARDS is dangerous; make sure you understand "
1392 "the risks before using it. It may be removed in a future "
1393 "version of Tor.");
1394 have_warned = 1;
1395 }
1396
1397 remove_all_entry_guards();
1398 send_control_done(conn);
1399
1400 return 0;
1401 }
1402
1403 static const control_cmd_syntax_t droptimeouts_syntax = {
1404 .max_args = 0,
1405 };
1406
1407 /** Implementation for the DROPTIMEOUTS command. */
1408 static int
1409 handle_control_droptimeouts(control_connection_t *conn,
1410 const control_cmd_args_t *args)
1411 {
1412 (void) args; /* We don't take arguments. */
1413
1414 static int have_warned = 0;
1415 if (! have_warned) {
1416 log_warn(LD_CONTROL, "DROPTIMEOUTS is dangerous; make sure you understand "
1417 "the risks before using it. It may be removed in a future "
1418 "version of Tor.");
1419 have_warned = 1;
1420 }
1421
1422 circuit_build_times_reset(get_circuit_build_times_mutable());
1423 send_control_done(conn);
1424 or_state_mark_dirty(get_or_state(), 0);
1425 cbt_control_event_buildtimeout_set(get_circuit_build_times(),
1426 BUILDTIMEOUT_SET_EVENT_RESET);
1427
1428 return 0;
1429 }
1430
1431 static const char *hsfetch_keywords[] = {
1432 "SERVER", NULL,
1433 };
1434 static const control_cmd_syntax_t hsfetch_syntax = {
1435 .min_args = 1, .max_args = 1,
1436 .accept_keywords = true,
1437 .allowed_keywords = hsfetch_keywords,
1438 };
1439
1440 /** Implementation for the HSFETCH command. */
1441 static int
1442 handle_control_hsfetch(control_connection_t *conn,
1443 const control_cmd_args_t *args)
1444
1445 {
1446 smartlist_t *hsdirs = NULL;
1447 ed25519_public_key_t v3_pk;
1448 uint32_t version;
1449 const char *hsaddress = NULL;
1450
1451 /* Extract the first argument (either HSAddress or DescID). */
1452 const char *arg1 = smartlist_get(args->args, 0);
1453 if (hs_address_is_valid(arg1)) {
1454 hsaddress = arg1;
1455 version = HS_VERSION_THREE;
1456 hs_parse_address(hsaddress, &v3_pk, NULL, NULL);
1457 } else {
1458 control_printf_endreply(conn, 513, "Invalid argument \"%s\"", arg1);
1459 goto done;
1460 }
1461
1462 for (const config_line_t *line = args->kwargs; line; line = line->next) {
1463 if (!strcasecmp(line->key, "SERVER")) {
1464 const char *server = line->value;
1465
1466 const node_t *node = node_get_by_hex_id(server, 0);
1467 if (!node) {
1468 control_printf_endreply(conn, 552, "Server \"%s\" not found", server);
1469 goto done;
1470 }
1471 if (!hsdirs) {
1472 /* Stores routerstatus_t cmddata for each specified server. */
1473 hsdirs = smartlist_new();
1474 }
1475 /* Valid server, add it to our local list. */
1476 smartlist_add(hsdirs, node->rs);
1477 } else {
1478 tor_assert_nonfatal_unreached();
1479 }
1480 }
1481
1482 /* We are about to trigger HSDir fetch so send the OK now because after
1483 * that 650 event(s) are possible so better to have the 250 OK before them
1484 * to avoid out of order replies. */
1485 send_control_done(conn);
1486
1487 /* Trigger the fetch using the built rend query and possibly a list of HS
1488 * directory to use. This function ignores the client cache thus this will
1489 * always send a fetch command. */
1490 if (version == HS_VERSION_THREE) {
1491 hs_control_hsfetch_command(&v3_pk, hsdirs);
1492 }
1493
1494 done:
1495 /* Contains data pointer that we don't own thus no cleanup. */
1496 smartlist_free(hsdirs);
1497 return 0;
1498 }
1499
1500 static const char *hspost_keywords[] = {
1501 "SERVER", "HSADDRESS", NULL
1502 };
1503 static const control_cmd_syntax_t hspost_syntax = {
1504 .min_args = 0, .max_args = 0,
1505 .accept_keywords = true,
1506 .want_cmddata = true,
1507 .allowed_keywords = hspost_keywords
1508 };
1509
1510 /** Implementation for the HSPOST command. */
1511 static int
1512 handle_control_hspost(control_connection_t *conn,
1513 const control_cmd_args_t *args)
1514 {
1515 smartlist_t *hs_dirs = NULL;
1516 const char *encoded_desc = args->cmddata;
1517 const char *onion_address = NULL;
1518 const config_line_t *line;
1519
1520 for (line = args->kwargs; line; line = line->next) {
1521 if (!strcasecmpstart(line->key, "SERVER")) {
1522 const char *server = line->value;
1523 const node_t *node = node_get_by_hex_id(server, 0);
1524
1525 if (!node || !node->rs) {
1526 control_printf_endreply(conn, 552, "Server \"%s\" not found",
1527 server);
1528 goto done;
1529 }
1530 /* Valid server, add it to our local list. */
1531 if (!hs_dirs)
1532 hs_dirs = smartlist_new();
1533 smartlist_add(hs_dirs, node->rs);
1534 } else if (!strcasecmpstart(line->key, "HSADDRESS")) {
1535 const char *address = line->value;
1536 if (!hs_address_is_valid(address)) {
1537 control_write_endreply(conn, 512, "Malformed onion address");
1538 goto done;
1539 }
1540 onion_address = address;
1541 } else {
1542 tor_assert_nonfatal_unreached();
1543 }
1544 }
1545
1546 /* Handle the v3 case. */
1547 if (onion_address) {
1548 if (hs_control_hspost_command(encoded_desc, onion_address, hs_dirs) < 0) {
1549 control_write_endreply(conn, 554, "Invalid descriptor");
1550 } else {
1551 send_control_done(conn);
1552 }
1553 goto done;
1554 }
1555
1556 done:
1557 smartlist_free(hs_dirs); /* Contents belong to the rend service code. */
1558 return 0;
1559 }
1560
1561 /* Helper function for ADD_ONION that adds an ephemeral service depending on
1562 * the given hs_version.
1563 *
1564 * The secret key in pk depends on the hs_version. The ownership of the key
1565 * used in pk is given to the HS subsystem so the caller must stop accessing
1566 * it after.
1567 *
1568 * The port_cfgs is a list of service port. Ownership transferred to service.
1569 * The max_streams refers to the MaxStreams= key.
1570 * The max_streams_close_circuit refers to the MaxStreamsCloseCircuit key.
1571 * The ownership of that list is transferred to the service.
1572 *
1573 * On success (RSAE_OKAY), the address_out points to a newly allocated string
1574 * containing the onion address without the .onion part. On error, address_out
1575 * is untouched. */
1576 STATIC hs_service_add_ephemeral_status_t
1577 add_onion_helper_add_service(int hs_version,
1578 add_onion_secret_key_t *pk,
1579 smartlist_t *port_cfgs, int max_streams,
1580 int max_streams_close_circuit,
1581 smartlist_t *auth_clients_v3, char **address_out)
1582 {
1583 hs_service_add_ephemeral_status_t ret;
1584
1585 tor_assert(pk);
1586 tor_assert(port_cfgs);
1587 tor_assert(address_out);
1588
1589 switch (hs_version) {
1590 case HS_VERSION_THREE:
1591 ret = hs_service_add_ephemeral(pk->v3, port_cfgs, max_streams,
1592 max_streams_close_circuit,
1593 auth_clients_v3, address_out);
1594 break;
1595 default:
1596 tor_assert_unreached();
1597 }
1598
1599 return ret;
1600 }
1601
1602 /** The list of onion services that have been added via ADD_ONION that do not
1603 * belong to any particular control connection.
1604 */
1605 static smartlist_t *detached_onion_services = NULL;
1606
1607 /**
1608 * Return a list of detached onion services, or NULL if none exist.
1609 **/
1610 smartlist_t *
1611 get_detached_onion_services(void)
1612 {
1613 return detached_onion_services;
1614 }
1615
1616 static const char *add_onion_keywords[] = {
1617 "Port", "Flags", "MaxStreams", "ClientAuth", "ClientAuthV3", NULL
1618 };
1619 static const control_cmd_syntax_t add_onion_syntax = {
1620 .min_args = 1, .max_args = 1,
1621 .accept_keywords = true,
1622 .allowed_keywords = add_onion_keywords
1623 };
1624
1625 /** Called when we get a ADD_ONION command; parse the body, and set up
1626 * the new ephemeral Onion Service. */
1627 static int
1628 handle_control_add_onion(control_connection_t *conn,
1629 const control_cmd_args_t *args)
1630 {
1631 /* Parse all of the arguments that do not involve handling cryptographic
1632 * material first, since there's no reason to touch that at all if any of
1633 * the other arguments are malformed.
1634 */
1635 rend_auth_type_t auth_type = REND_NO_AUTH;
1636 smartlist_t *port_cfgs = smartlist_new();
1637 smartlist_t *auth_clients_v3 = NULL;
1638 smartlist_t *auth_clients_v3_str = NULL;
1639 int discard_pk = 0;
1640 int detach = 0;
1641 int max_streams = 0;
1642 int max_streams_close_circuit = 0;
1643 int non_anonymous = 0;
1644 const config_line_t *arg;
1645
1646 for (arg = args->kwargs; arg; arg = arg->next) {
1647 if (!strcasecmp(arg->key, "Port")) {
1648 /* "Port=VIRTPORT[,TARGET]". */
1649 hs_port_config_t *cfg = hs_parse_port_config(arg->value, ",", NULL);
1650 if (!cfg) {
1651 control_write_endreply(conn, 512, "Invalid VIRTPORT/TARGET");
1652 goto out;
1653 }
1654 smartlist_add(port_cfgs, cfg);
1655 } else if (!strcasecmp(arg->key, "MaxStreams")) {
1656 /* "MaxStreams=[0..65535]". */
1657 int ok = 0;
1658 max_streams = (int)tor_parse_long(arg->value, 10, 0, 65535, &ok, NULL);
1659 if (!ok) {
1660 control_write_endreply(conn, 512, "Invalid MaxStreams");
1661 goto out;
1662 }
1663 } else if (!strcasecmp(arg->key, "Flags")) {
1664 /* "Flags=Flag[,Flag]", where Flag can be:
1665 * * 'DiscardPK' - If tor generates the keypair, do not include it in
1666 * the response.
1667 * * 'Detach' - Do not tie this onion service to any particular control
1668 * connection.
1669 * * 'MaxStreamsCloseCircuit' - Close the circuit if MaxStreams is
1670 * exceeded.
1671 * * 'BasicAuth' - Client authorization using the 'basic' method.
1672 * * 'NonAnonymous' - Add a non-anonymous Single Onion Service. If this
1673 * flag is present, tor must be in non-anonymous
1674 * hidden service mode. If this flag is absent,
1675 * tor must be in anonymous hidden service mode.
1676 */
1677 static const char *discard_flag = "DiscardPK";
1678 static const char *detach_flag = "Detach";
1679 static const char *max_s_close_flag = "MaxStreamsCloseCircuit";
1680 static const char *v3auth_flag = "V3Auth";
1681 static const char *non_anonymous_flag = "NonAnonymous";
1682
1683 smartlist_t *flags = smartlist_new();
1684 int bad = 0;
1685
1686 smartlist_split_string(flags, arg->value, ",", SPLIT_IGNORE_BLANK, 0);
1687 if (smartlist_len(flags) < 1) {
1688 control_write_endreply(conn, 512, "Invalid 'Flags' argument");
1689 bad = 1;
1690 }
1691 SMARTLIST_FOREACH_BEGIN(flags, const char *, flag)
1692 {
1693 if (!strcasecmp(flag, discard_flag)) {
1694 discard_pk = 1;
1695 } else if (!strcasecmp(flag, detach_flag)) {
1696 detach = 1;
1697 } else if (!strcasecmp(flag, max_s_close_flag)) {
1698 max_streams_close_circuit = 1;
1699 } else if (!strcasecmp(flag, v3auth_flag)) {
1700 auth_type = REND_V3_AUTH;
1701 } else if (!strcasecmp(flag, non_anonymous_flag)) {
1702 non_anonymous = 1;
1703 } else {
1704 control_printf_endreply(conn, 512, "Invalid 'Flags' argument: %s",
1705 escaped(flag));
1706 bad = 1;
1707 break;
1708 }
1709 } SMARTLIST_FOREACH_END(flag);
1710 SMARTLIST_FOREACH(flags, char *, cp, tor_free(cp));
1711 smartlist_free(flags);
1712 if (bad)
1713 goto out;
1714 } else if (!strcasecmp(arg->key, "ClientAuthV3")) {
1715 hs_service_authorized_client_t *client_v3 =
1716 parse_authorized_client_key(arg->value, LOG_INFO);
1717 if (!client_v3) {
1718 control_write_endreply(conn, 512, "Cannot decode v3 client auth key");
1719 goto out;
1720 }
1721
1722 if (auth_clients_v3 == NULL) {
1723 auth_clients_v3 = smartlist_new();
1724 auth_clients_v3_str = smartlist_new();
1725 }
1726
1727 smartlist_add(auth_clients_v3, client_v3);
1728 smartlist_add(auth_clients_v3_str, tor_strdup(arg->value));
1729 } else {
1730 tor_assert_nonfatal_unreached();
1731 goto out;
1732 }
1733 }
1734 if (smartlist_len(port_cfgs) == 0) {
1735 control_write_endreply(conn, 512, "Missing 'Port' argument");
1736 goto out;
1737 } else if (auth_type == REND_NO_AUTH && auth_clients_v3 != NULL) {
1738 control_write_endreply(conn, 512, "No auth type specified");
1739 goto out;
1740 } else if (auth_type != REND_NO_AUTH && auth_clients_v3 == NULL) {
1741 control_write_endreply(conn, 512, "No auth clients specified");
1742 goto out;
1743 } else if (non_anonymous != hs_service_non_anonymous_mode_enabled(
1744 get_options())) {
1745 /* If we failed, and the non-anonymous flag is set, Tor must be in
1746 * anonymous hidden service mode.
1747 * The error message changes based on the current Tor config:
1748 * 512 Tor is in anonymous hidden service mode
1749 * 512 Tor is in non-anonymous hidden service mode
1750 * (I've deliberately written them out in full here to aid searchability.)
1751 */
1752 control_printf_endreply(conn, 512,
1753 "Tor is in %sanonymous hidden service " "mode",
1754 non_anonymous ? "" : "non-");
1755 goto out;
1756 }
1757
1758 /* Parse the "keytype:keyblob" argument. */
1759 int hs_version = 0;
1760 add_onion_secret_key_t pk = { NULL };
1761 const char *key_new_alg = NULL;
1762 char *key_new_blob = NULL;
1763
1764 const char *onionkey = smartlist_get(args->args, 0);
1765 if (add_onion_helper_keyarg(onionkey, discard_pk,
1766 &key_new_alg, &key_new_blob, &pk, &hs_version,
1767 conn) < 0) {
1768 goto out;
1769 }
1770
1771 /* Create the HS, using private key pk and port config port_cfg.
1772 * hs_service_add_ephemeral() will take ownership of pk and port_cfg,
1773 * regardless of success/failure. */
1774 char *service_id = NULL;
1775 int ret = add_onion_helper_add_service(hs_version, &pk, port_cfgs,
1776 max_streams,
1777 max_streams_close_circuit,
1778 auth_clients_v3, &service_id);
1779 port_cfgs = NULL; /* port_cfgs is now owned by the hs_service code. */
1780 auth_clients_v3 = NULL; /* so is auth_clients_v3 */
1781 switch (ret) {
1782 case RSAE_OKAY:
1783 {
1784 if (detach) {
1785 if (!detached_onion_services)
1786 detached_onion_services = smartlist_new();
1787 smartlist_add(detached_onion_services, service_id);
1788 } else {
1789 if (!conn->ephemeral_onion_services)
1790 conn->ephemeral_onion_services = smartlist_new();
1791 smartlist_add(conn->ephemeral_onion_services, service_id);
1792 }
1793
1794 tor_assert(service_id);
1795 control_printf_midreply(conn, 250, "ServiceID=%s", service_id);
1796 if (key_new_alg) {
1797 tor_assert(key_new_blob);
1798 control_printf_midreply(conn, 250, "PrivateKey=%s:%s",
1799 key_new_alg, key_new_blob);
1800 }
1801 if (auth_clients_v3_str) {
1802 SMARTLIST_FOREACH(auth_clients_v3_str, char *, client_str, {
1803 control_printf_midreply(conn, 250, "ClientAuthV3=%s", client_str);
1804 });
1805 }
1806
1807 send_control_done(conn);
1808 break;
1809 }
1810 case RSAE_BADPRIVKEY:
1811 control_write_endreply(conn, 551, "Failed to generate onion address");
1812 break;
1813 case RSAE_ADDREXISTS:
1814 control_write_endreply(conn, 550, "Onion address collision");
1815 break;
1816 case RSAE_BADVIRTPORT:
1817 control_write_endreply(conn, 512, "Invalid VIRTPORT/TARGET");
1818 break;
1819 case RSAE_BADAUTH:
1820 control_write_endreply(conn, 512, "Invalid client authorization");
1821 break;
1822 case RSAE_INTERNAL: FALLTHROUGH;
1823 default:
1824 control_write_endreply(conn, 551, "Failed to add Onion Service");
1825 }
1826 if (key_new_blob) {
1827 memwipe(key_new_blob, 0, strlen(key_new_blob));
1828 tor_free(key_new_blob);
1829 }
1830
1831 out:
1832 if (port_cfgs) {
1833 SMARTLIST_FOREACH(port_cfgs, hs_port_config_t*, p,
1834 hs_port_config_free(p));
1835 smartlist_free(port_cfgs);
1836 }
1837 if (auth_clients_v3) {
1838 SMARTLIST_FOREACH(auth_clients_v3, hs_service_authorized_client_t *, ac,
1839 service_authorized_client_free(ac));
1840 smartlist_free(auth_clients_v3);
1841 }
1842 if (auth_clients_v3_str) {
1843 SMARTLIST_FOREACH(auth_clients_v3_str, char *, client_str,
1844 tor_free(client_str));
1845 smartlist_free(auth_clients_v3_str);
1846 }
1847
1848 return 0;
1849 }
1850
1851 /** Helper function to handle parsing the KeyType:KeyBlob argument to the
1852 * ADD_ONION command. Return a new crypto_pk_t and if a new key was generated
1853 * and the private key not discarded, the algorithm and serialized private key,
1854 * or NULL and an optional control protocol error message on failure. The
1855 * caller is responsible for freeing the returned key_new_blob.
1856 *
1857 * Note: The error messages returned are deliberately vague to avoid echoing
1858 * key material.
1859 *
1860 * Note: conn is only used for writing control replies. For testing
1861 * purposes, it can be NULL if control_write_reply() is appropriately
1862 * mocked.
1863 */
1864 STATIC int
1865 add_onion_helper_keyarg(const char *arg, int discard_pk,
1866 const char **key_new_alg_out, char **key_new_blob_out,
1867 add_onion_secret_key_t *decoded_key, int *hs_version,
1868 control_connection_t *conn)
1869 {
1870 smartlist_t *key_args = smartlist_new();
1871 const char *key_new_alg = NULL;
1872 char *key_new_blob = NULL;
1873 int ret = -1;
1874
1875 smartlist_split_string(key_args, arg, ":", SPLIT_IGNORE_BLANK, 0);
1876 if (smartlist_len(key_args) != 2) {
1877 control_write_endreply(conn, 512, "Invalid key type/blob");
1878 goto err;
1879 }
1880
1881 /* The format is "KeyType:KeyBlob". */
1882 static const char *key_type_new = "NEW";
1883 static const char *key_type_best = "BEST";
1884 static const char *key_type_ed25519_v3 = "ED25519-V3";
1885
1886 const char *key_type = smartlist_get(key_args, 0);
1887 const char *key_blob = smartlist_get(key_args, 1);
1888
1889 if (!strcasecmp(key_type_ed25519_v3, key_type)) {
1890 /* parsing of private ed25519 key */
1891 /* "ED25519-V3:<Base64 Blob>" - Loading a pre-existing ed25519 key. */
1892 ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk));
1893 if (base64_decode((char *) sk->seckey, sizeof(sk->seckey), key_blob,
1894 strlen(key_blob)) != sizeof(sk->seckey)) {
1895 tor_free(sk);
1896 control_write_endreply(conn, 512, "Failed to decode ED25519-V3 key");
1897 goto err;
1898 }
1899 decoded_key->v3 = sk;
1900 *hs_version = HS_VERSION_THREE;
1901 } else if (!strcasecmp(key_type_new, key_type)) {
1902 /* "NEW:<Algorithm>" - Generating a new key, blob as algorithm. */
1903 if (!strcasecmp(key_type_ed25519_v3, key_blob) ||
1904 !strcasecmp(key_type_best, key_blob)) {
1905 /* "ED25519-V3", ed25519 key, also currently "BEST" by default. */
1906 ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk));
1907 if (ed25519_secret_key_generate(sk, 1) < 0) {
1908 tor_free(sk);
1909 control_printf_endreply(conn, 551, "Failed to generate %s key",
1910 key_type_ed25519_v3);
1911 goto err;
1912 }
1913 if (!discard_pk) {
1914 ssize_t len = base64_encode_size(sizeof(sk->seckey), 0) + 1;
1915 key_new_blob = tor_malloc_zero(len);
1916 if (base64_encode(key_new_blob, len, (const char *) sk->seckey,
1917 sizeof(sk->seckey), 0) != (len - 1)) {
1918 tor_free(sk);
1919 tor_free(key_new_blob);
1920 control_printf_endreply(conn, 551, "Failed to encode %s key",
1921 key_type_ed25519_v3);
1922 goto err;
1923 }
1924 key_new_alg = key_type_ed25519_v3;
1925 }
1926 decoded_key->v3 = sk;
1927 *hs_version = HS_VERSION_THREE;
1928 } else {
1929 control_write_endreply(conn, 513, "Invalid key type");
1930 goto err;
1931 }
1932 } else {
1933 control_write_endreply(conn, 513, "Invalid key type");
1934 goto err;
1935 }
1936
1937 /* Succeeded in loading or generating a private key. */
1938 ret = 0;
1939
1940 err:
1941 SMARTLIST_FOREACH(key_args, char *, cp, {
1942 memwipe(cp, 0, strlen(cp));
1943 tor_free(cp);
1944 });
1945 smartlist_free(key_args);
1946
1947 *key_new_alg_out = key_new_alg;
1948 *key_new_blob_out = key_new_blob;
1949
1950 return ret;
1951 }
1952
1953 static const control_cmd_syntax_t del_onion_syntax = {
1954 .min_args = 1, .max_args = 1,
1955 };
1956
1957 /** Called when we get a DEL_ONION command; parse the body, and remove
1958 * the existing ephemeral Onion Service. */
1959 static int
1960 handle_control_del_onion(control_connection_t *conn,
1961 const control_cmd_args_t *cmd_args)
1962 {
1963 int hs_version = 0;
1964 smartlist_t *args = cmd_args->args;
1965 tor_assert(smartlist_len(args) == 1);
1966
1967 const char *service_id = smartlist_get(args, 0);
1968 if (hs_address_is_valid(service_id)) {
1969 hs_version = HS_VERSION_THREE;
1970 } else {
1971 control_write_endreply(conn, 512, "Malformed Onion Service id");
1972 goto out;
1973 }
1974
1975 /* Determine if the onion service belongs to this particular control
1976 * connection, or if it is in the global list of detached services. If it
1977 * is in neither, either the service ID is invalid in some way, or it
1978 * explicitly belongs to a different control connection, and an error
1979 * should be returned.
1980 */
1981 smartlist_t *services[2] = {
1982 conn->ephemeral_onion_services,
1983 detached_onion_services
1984 };
1985 smartlist_t *onion_services = NULL;
1986 int idx = -1;
1987 for (size_t i = 0; i < ARRAY_LENGTH(services); i++) {
1988 idx = smartlist_string_pos(services[i], service_id);
1989 if (idx != -1) {
1990 onion_services = services[i];
1991 break;
1992 }
1993 }
1994 if (onion_services == NULL) {
1995 control_write_endreply(conn, 552, "Unknown Onion Service id");
1996 } else {
1997 int ret = -1;
1998 switch (hs_version) {
1999 case HS_VERSION_THREE:
2000 ret = hs_service_del_ephemeral(service_id);
2001 break;
2002 default:
2003 /* The ret value will be -1 thus hitting the warning below. This should
2004 * never happen because of the check at the start of the function. */
2005 break;
2006 }
2007 if (ret < 0) {
2008 /* This should *NEVER* fail, since the service is on either the
2009 * per-control connection list, or the global one.
2010 */
2011 log_warn(LD_BUG, "Failed to remove Onion Service %s.",
2012 escaped(service_id));
2013 tor_fragile_assert();
2014 }
2015
2016 /* Remove/scrub the service_id from the appropriate list. */
2017 char *cp = smartlist_get(onion_services, idx);
2018 smartlist_del(onion_services, idx);
2019 memwipe(cp, 0, strlen(cp));
2020 tor_free(cp);
2021
2022 send_control_done(conn);
2023 }
2024
2025 out:
2026 return 0;
2027 }
2028
2029 static const control_cmd_syntax_t obsolete_syntax = {
2030 .max_args = UINT_MAX
2031 };
2032
2033 /**
2034 * Called when we get an obsolete command: tell the controller that it is
2035 * obsolete.
2036 */
2037 static int
2038 handle_control_obsolete(control_connection_t *conn,
2039 const control_cmd_args_t *args)
2040 {
2041 (void)args;
2042 char *command = tor_strdup(conn->current_cmd);
2043 tor_strupper(command);
2044 control_printf_endreply(conn, 511, "%s is obsolete.", command);
2045 tor_free(command);
2046 return 0;
2047 }
2048
2049 /**
2050 * Function pointer to a handler function for a controller command.
2051 **/
2052 typedef int (*handler_fn_t) (control_connection_t *conn,
2053 const control_cmd_args_t *args);
2054
2055 /**
2056 * Definition for a controller command.
2057 */
2058 typedef struct control_cmd_def_t {
2059 /**
2060 * The name of the command. If the command is multiline, the name must
2061 * begin with "+". This is not case-sensitive. */
2062 const char *name;
2063 /**
2064 * A function to execute the command.
2065 */
2066 handler_fn_t handler;
2067 /**
2068 * Zero or more CMD_FL_* flags, or'd together.
2069 */
2070 unsigned flags;
2071 /**
2072 * For parsed command: a syntax description.
2073 */
2074 const control_cmd_syntax_t *syntax;
2075 } control_cmd_def_t;
2076
2077 /**
2078 * Indicates that the command's arguments are sensitive, and should be
2079 * memwiped after use.
2080 */
2081 #define CMD_FL_WIPE (1u<<0)
2082
2083 #ifndef COCCI
2084 /** Macro: declare a command with a one-line argument, a given set of flags,
2085 * and a syntax definition.
2086 **/
2087 #define ONE_LINE(name, flags) \
2088 { \
2089 (#name), \
2090 handle_control_ ##name, \
2091 flags, \
2092 &name##_syntax, \
2093 }
2094
2095 /**
2096 * Macro: declare a command with a multi-line argument and a given set of
2097 * flags.
2098 **/
2099 #define MULTLINE(name, flags) \
2100 { ("+"#name), \
2101 handle_control_ ##name, \
2102 flags, \
2103 &name##_syntax \
2104 }
2105
2106 /**
2107 * Macro: declare an obsolete command. (Obsolete commands give a different
2108 * error than non-existent ones.)
2109 **/
2110 #define OBSOLETE(name) \
2111 { #name, \
2112 handle_control_obsolete, \
2113 0, \
2114 &obsolete_syntax, \
2115 }
2116 #endif /* !defined(COCCI) */
2117
2118 /**
2119 * An array defining all the recognized controller commands.
2120 **/
2121 static const control_cmd_def_t CONTROL_COMMANDS[] =
2122 {
2123 ONE_LINE(setconf, 0),
2124 ONE_LINE(resetconf, 0),
2125 ONE_LINE(getconf, 0),
2126 MULTLINE(loadconf, 0),
2127 ONE_LINE(setevents, 0),
2128 ONE_LINE(authenticate, CMD_FL_WIPE),
2129 ONE_LINE(saveconf, 0),
2130 ONE_LINE(signal, 0),
2131 ONE_LINE(takeownership, 0),
2132 ONE_LINE(dropownership, 0),
2133 ONE_LINE(mapaddress, 0),
2134 ONE_LINE(getinfo, 0),
2135 ONE_LINE(extendcircuit, 0),
2136 ONE_LINE(setcircuitpurpose, 0),
2137 OBSOLETE(setrouterpurpose),
2138 ONE_LINE(attachstream, 0),
2139 MULTLINE(postdescriptor, 0),
2140 ONE_LINE(redirectstream, 0),
2141 ONE_LINE(closestream, 0),
2142 ONE_LINE(closecircuit, 0),
2143 ONE_LINE(usefeature, 0),
2144 ONE_LINE(resolve, 0),
2145 ONE_LINE(protocolinfo, 0),
2146 ONE_LINE(authchallenge, CMD_FL_WIPE),
2147 ONE_LINE(dropguards, 0),
2148 ONE_LINE(droptimeouts, 0),
2149 ONE_LINE(hsfetch, 0),
2150 MULTLINE(hspost, 0),
2151 ONE_LINE(add_onion, CMD_FL_WIPE),
2152 ONE_LINE(del_onion, CMD_FL_WIPE),
2153 ONE_LINE(onion_client_auth_add, CMD_FL_WIPE),
2154 ONE_LINE(onion_client_auth_remove, 0),
2155 ONE_LINE(onion_client_auth_view, 0),
2156 };
2157
2158 /**
2159 * The number of entries in CONTROL_COMMANDS.
2160 **/
2161 static const size_t N_CONTROL_COMMANDS = ARRAY_LENGTH(CONTROL_COMMANDS);
2162
2163 /**
2164 * Run a single control command, as defined by a control_cmd_def_t,
2165 * with a given set of arguments.
2166 */
2167 static int
2168 handle_single_control_command(const control_cmd_def_t *def,
2169 control_connection_t *conn,
2170 uint32_t cmd_data_len,
2171 char *args)
2172 {
2173 int rv = 0;
2174
2175 control_cmd_args_t *parsed_args;
2176 char *err=NULL;
2177 tor_assert(def->syntax);
2178 parsed_args = control_cmd_parse_args(conn->current_cmd,
2179 def->syntax,
2180 cmd_data_len, args,
2181 &err);
2182 if (!parsed_args) {
2183 control_printf_endreply(conn, 512, "Bad arguments to %s: %s",
2184 conn->current_cmd, err?err:"");
2185 tor_free(err);
2186 } else {
2187 if (BUG(err))
2188 tor_free(err);
2189 if (def->handler(conn, parsed_args))
2190 rv = 0;
2191
2192 if (def->flags & CMD_FL_WIPE)
2193 control_cmd_args_wipe(parsed_args);
2194
2195 control_cmd_args_free(parsed_args);
2196 }
2197
2198 if (def->flags & CMD_FL_WIPE)
2199 memwipe(args, 0, cmd_data_len);
2200
2201 return rv;
2202 }
2203
2204 /**
2205 * Run a given controller command, as selected by the current_cmd field of
2206 * <b>conn</b>.
2207 */
2208 int
2209 handle_control_command(control_connection_t *conn,
2210 uint32_t cmd_data_len,
2211 char *args)
2212 {
2213 tor_assert(conn);
2214 tor_assert(args);
2215 tor_assert(args[cmd_data_len] == '\0');
2216
2217 for (unsigned i = 0; i < N_CONTROL_COMMANDS; ++i) {
2218 const control_cmd_def_t *def = &CONTROL_COMMANDS[i];
2219 if (!strcasecmp(conn->current_cmd, def->name)) {
2220 return handle_single_control_command(def, conn, cmd_data_len, args);
2221 }
2222 }
2223
2224 control_printf_endreply(conn, 510, "Unrecognized command \"%s\"",
2225 conn->current_cmd);
2226
2227 return 0;
2228 }
2229
2230 void
2231 control_cmd_free_all(void)
2232 {
2233 if (detached_onion_services) { /* Free the detached onion services */
2234 SMARTLIST_FOREACH(detached_onion_services, char *, cp, tor_free(cp));
2235 smartlist_free(detached_onion_services);
2236 }
2237 }
The Onion Router