tor  0.4.1.0-alpha-dev
control.c
Go to the documentation of this file.
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2  * Copyright (c) 2007-2019, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4 
35 #define CONTROL_MODULE_PRIVATE
36 
37 #include "core/or/or.h"
38 #include "app/config/config.h"
39 #include "app/main/main.h"
41 #include "core/mainloop/mainloop.h"
42 #include "core/or/connection_or.h"
43 #include "core/proto/proto_control0.h"
44 #include "core/proto/proto_http.h"
52 #include "lib/evloop/procmon.h"
53 
54 #include "feature/control/control_connection_st.h"
55 
56 #ifdef HAVE_UNISTD_H
57 #include <unistd.h>
58 #endif
59 #ifdef HAVE_SYS_STAT_H
60 #include <sys/stat.h>
61 #endif
62 
67 {
68  tor_assert(c->magic == CONTROL_CONNECTION_MAGIC);
69  return DOWNCAST(control_connection_t, c);
70 }
71 
77 int
79 {
80  if (BUG(! SOCKET_OK(sock)))
81  return -1;
82  const int is_owner = !!(flags & CC_LOCAL_FD_IS_OWNER);
83  const int is_authenticated = !!(flags & CC_LOCAL_FD_IS_AUTHENTICATED);
84  control_connection_t *control_conn = control_connection_new(AF_UNSPEC);
85  connection_t *conn = TO_CONN(control_conn);
86  conn->s = sock;
87  tor_addr_make_unspec(&conn->addr);
88  conn->port = 1;
89  conn->address = tor_strdup("<local socket>");
90 
91  /* We take ownership of this socket so that later, when we close it,
92  * we don't freak out. */
94 
95  if (set_socket_nonblocking(sock) < 0 ||
96  connection_add(conn) < 0) {
97  connection_free(conn);
98  return -1;
99  }
100 
101  control_conn->is_owning_control_connection = is_owner;
102 
103  if (connection_init_accepted_conn(conn, NULL) < 0) {
104  connection_mark_for_close(conn);
105  return -1;
106  }
107 
108  if (is_authenticated) {
110  }
111 
112  return 0;
113 }
114 
116 void
118 {
119  smartlist_t *lines;
120  char *joined = NULL;
121  const or_options_t *options = get_options();
122 
123  if (!options->ControlPortWriteToFile)
124  return;
125 
126  lines = smartlist_new();
127 
128  SMARTLIST_FOREACH_BEGIN(get_connection_array(), const connection_t *, conn) {
129  if (conn->type != CONN_TYPE_CONTROL_LISTENER || conn->marked_for_close)
130  continue;
131 #ifdef AF_UNIX
132  if (conn->socket_family == AF_UNIX) {
133  smartlist_add_asprintf(lines, "UNIX_PORT=%s\n", conn->address);
134  continue;
135  }
136 #endif /* defined(AF_UNIX) */
137  smartlist_add_asprintf(lines, "PORT=%s:%d\n", conn->address, conn->port);
138  } SMARTLIST_FOREACH_END(conn);
139 
140  joined = smartlist_join_strings(lines, "", 0, NULL);
141 
142  if (write_str_to_file(options->ControlPortWriteToFile, joined, 0) < 0) {
143  log_warn(LD_CONTROL, "Writing %s failed: %s",
144  options->ControlPortWriteToFile, strerror(errno));
145  }
146 #ifndef _WIN32
147  if (options->ControlPortFileGroupReadable) {
148  if (chmod(options->ControlPortWriteToFile, 0640)) {
149  log_warn(LD_FS,"Unable to make %s group-readable.",
150  options->ControlPortWriteToFile);
151  }
152  }
153 #endif /* !defined(_WIN32) */
154  tor_free(joined);
155  SMARTLIST_FOREACH(lines, char *, cp, tor_free(cp));
156  smartlist_free(lines);
157 }
158 
159 const struct signal_name_t signal_table[] = {
160  { SIGHUP, "RELOAD" },
161  { SIGHUP, "HUP" },
162  { SIGINT, "SHUTDOWN" },
163  { SIGUSR1, "DUMP" },
164  { SIGUSR1, "USR1" },
165  { SIGUSR2, "DEBUG" },
166  { SIGUSR2, "USR2" },
167  { SIGTERM, "HALT" },
168  { SIGTERM, "TERM" },
169  { SIGTERM, "INT" },
170  { SIGNEWNYM, "NEWNYM" },
171  { SIGCLEARDNSCACHE, "CLEARDNSCACHE"},
172  { SIGHEARTBEAT, "HEARTBEAT"},
173  { SIGACTIVE, "ACTIVE" },
174  { SIGDORMANT, "DORMANT" },
175  { 0, NULL },
176 };
177 
179 int
181 {
182  tor_assert(conn);
183  return 0;
184 }
185 
187 int
189 {
190  tor_assert(conn);
191 
192  log_info(LD_CONTROL,"Control connection reached EOF. Closing.");
193  connection_mark_for_close(TO_CONN(conn));
194  return 0;
195 }
196 
199 static void
200 lost_owning_controller(const char *owner_type, const char *loss_manner)
201 {
202  log_notice(LD_CONTROL, "Owning controller %s has %s -- exiting now.",
203  owner_type, loss_manner);
204 
205  activate_signal(SIGTERM);
206 }
207 
209 void
211 {
212  tor_assert(conn);
213 
214  conn->event_mask = 0;
216 
217  /* Close all ephemeral Onion Services if any.
218  * The list and it's contents are scrubbed/freed in connection_free_.
219  */
220  if (conn->ephemeral_onion_services) {
222  if (rend_valid_v2_service_id(cp)) {
224  } else if (hs_address_is_valid(cp)) {
225  hs_service_del_ephemeral(cp);
226  } else {
227  /* An invalid .onion in our list should NEVER happen */
229  }
230  } SMARTLIST_FOREACH_END(cp);
231  }
232 
233  if (conn->is_owning_control_connection) {
234  lost_owning_controller("connection", "closed");
235  }
236 }
237 
240 static int
242 {
243  if (conn->base_.state == CONTROL_CONN_STATE_OPEN)
244  return 1;
245  if (!strcasecmp(cmd, "PROTOCOLINFO"))
246  return (!conn->have_sent_protocolinfo &&
247  conn->safecookie_client_hash == NULL);
248  if (!strcasecmp(cmd, "AUTHCHALLENGE"))
249  return (conn->safecookie_client_hash == NULL);
250  if (!strcasecmp(cmd, "AUTHENTICATE") ||
251  !strcasecmp(cmd, "QUIT"))
252  return 1;
253  return 0;
254 }
255 
259 #define MAX_COMMAND_LINE_LENGTH (1024*1024)
260 
265 static int
267 {
268  return peek_buf_has_control0_command(conn->inbuf);
269 }
270 
271 static int
272 peek_connection_has_http_command(connection_t *conn)
273 {
274  return peek_buf_has_http_command(conn->inbuf);
275 }
276 
277 static const char CONTROLPORT_IS_NOT_AN_HTTP_PROXY_MSG[] =
278  "HTTP/1.0 501 Tor ControlPort is not an HTTP proxy"
279  "\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n"
280  "<html>\n"
281  "<head>\n"
282  "<title>Tor's ControlPort is not an HTTP proxy</title>\n"
283  "</head>\n"
284  "<body>\n"
285  "<h1>Tor's ControlPort is not an HTTP proxy</h1>\n"
286  "<p>\n"
287  "It appears you have configured your web browser to use Tor's control port"
288  " as an HTTP proxy.\n"
289  "This is not correct: Tor's default SOCKS proxy port is 9050.\n"
290  "Please configure your client accordingly.\n"
291  "</p>\n"
292  "<p>\n"
293  "See <a href=\"https://www.torproject.org/documentation.html\">"
294  "https://www.torproject.org/documentation.html</a> for more "
295  "information.\n"
296  "<!-- Plus this comment, to make the body response more than 512 bytes, so "
297  " IE will be willing to display it. Comment comment comment comment "
298  " comment comment comment comment comment comment comment comment.-->\n"
299  "</p>\n"
300  "</body>\n"
301  "</html>\n";
302 
306 int
308 {
309  size_t data_len;
310  uint32_t cmd_data_len;
311  int cmd_len;
312  char *args;
313 
314  tor_assert(conn);
315  tor_assert(conn->base_.state == CONTROL_CONN_STATE_OPEN ||
316  conn->base_.state == CONTROL_CONN_STATE_NEEDAUTH);
317 
318  if (!conn->incoming_cmd) {
319  conn->incoming_cmd = tor_malloc(1024);
320  conn->incoming_cmd_len = 1024;
321  conn->incoming_cmd_cur_len = 0;
322  }
323 
324  if (conn->base_.state == CONTROL_CONN_STATE_NEEDAUTH &&
326  /* Detect v0 commands and send a "no more v0" message. */
327  size_t body_len;
328  char buf[128];
329  set_uint16(buf+2, htons(0x0000)); /* type == error */
330  set_uint16(buf+4, htons(0x0001)); /* code == internal error */
331  strlcpy(buf+6, "The v0 control protocol is not supported by Tor 0.1.2.17 "
332  "and later; upgrade your controller.",
333  sizeof(buf)-6);
334  body_len = 2+strlen(buf+6)+2; /* code, msg, nul. */
335  set_uint16(buf+0, htons(body_len));
336  connection_buf_add(buf, 4+body_len, TO_CONN(conn));
337 
338  connection_mark_and_flush(TO_CONN(conn));
339  return 0;
340  }
341 
342  /* If the user has the HTTP proxy port and the control port confused. */
343  if (conn->base_.state == CONTROL_CONN_STATE_NEEDAUTH &&
344  peek_connection_has_http_command(TO_CONN(conn))) {
345  connection_write_str_to_buf(CONTROLPORT_IS_NOT_AN_HTTP_PROXY_MSG, conn);
346  log_notice(LD_CONTROL, "Received HTTP request on ControlPort");
347  connection_mark_and_flush(TO_CONN(conn));
348  return 0;
349  }
350 
351  again:
352  while (1) {
353  size_t last_idx;
354  int r;
355  /* First, fetch a line. */
356  do {
357  data_len = conn->incoming_cmd_len - conn->incoming_cmd_cur_len;
360  &data_len);
361  if (r == 0)
362  /* Line not all here yet. Wait. */
363  return 0;
364  else if (r == -1) {
365  if (data_len + conn->incoming_cmd_cur_len > MAX_COMMAND_LINE_LENGTH) {
366  connection_write_str_to_buf("500 Line too long.\r\n", conn);
367  connection_stop_reading(TO_CONN(conn));
368  connection_mark_and_flush(TO_CONN(conn));
369  }
370  while (conn->incoming_cmd_len < data_len+conn->incoming_cmd_cur_len)
371  conn->incoming_cmd_len *= 2;
372  conn->incoming_cmd = tor_realloc(conn->incoming_cmd,
373  conn->incoming_cmd_len);
374  }
375  } while (r != 1);
376 
377  tor_assert(data_len);
378 
379  last_idx = conn->incoming_cmd_cur_len;
380  conn->incoming_cmd_cur_len += (int)data_len;
381 
382  /* We have appended a line to incoming_cmd. Is the command done? */
383  if (last_idx == 0 && *conn->incoming_cmd != '+')
384  /* One line command, didn't start with '+'. */
385  break;
386  /* XXXX this code duplication is kind of dumb. */
387  if (last_idx+3 == conn->incoming_cmd_cur_len &&
388  tor_memeq(conn->incoming_cmd + last_idx, ".\r\n", 3)) {
389  /* Just appended ".\r\n"; we're done. Remove it. */
390  conn->incoming_cmd[last_idx] = '\0';
391  conn->incoming_cmd_cur_len -= 3;
392  break;
393  } else if (last_idx+2 == conn->incoming_cmd_cur_len &&
394  tor_memeq(conn->incoming_cmd + last_idx, ".\n", 2)) {
395  /* Just appended ".\n"; we're done. Remove it. */
396  conn->incoming_cmd[last_idx] = '\0';
397  conn->incoming_cmd_cur_len -= 2;
398  break;
399  }
400  /* Otherwise, read another line. */
401  }
402  data_len = conn->incoming_cmd_cur_len;
403  /* Okay, we now have a command sitting on conn->incoming_cmd. See if we
404  * recognize it.
405  */
406  cmd_len = 0;
407  while ((size_t)cmd_len < data_len
408  && !TOR_ISSPACE(conn->incoming_cmd[cmd_len]))
409  ++cmd_len;
410 
411  conn->incoming_cmd[cmd_len]='\0';
412  args = conn->incoming_cmd+cmd_len+1;
413  tor_assert(data_len>(size_t)cmd_len);
414  data_len -= (cmd_len+1); /* skip the command and NUL we added after it */
415  while (TOR_ISSPACE(*args)) {
416  ++args;
417  --data_len;
418  }
419 
420  /* If the connection is already closing, ignore further commands */
421  if (TO_CONN(conn)->marked_for_close) {
422  return 0;
423  }
424 
425  /* Otherwise, Quit is always valid. */
426  if (!strcasecmp(conn->incoming_cmd, "QUIT")) {
427  connection_write_str_to_buf("250 closing connection\r\n", conn);
428  connection_mark_and_flush(TO_CONN(conn));
429  return 0;
430  }
431 
432  if (conn->base_.state == CONTROL_CONN_STATE_NEEDAUTH &&
433  !is_valid_initial_command(conn, conn->incoming_cmd)) {
434  connection_write_str_to_buf("514 Authentication required.\r\n", conn);
435  connection_mark_for_close(TO_CONN(conn));
436  return 0;
437  }
438 
439  if (data_len >= UINT32_MAX) {
440  connection_write_str_to_buf("500 A 4GB command? Nice try.\r\n", conn);
441  connection_mark_for_close(TO_CONN(conn));
442  return 0;
443  }
444 
445  cmd_data_len = (uint32_t)data_len;
446  if (handle_control_command(conn, cmd_data_len, args) < 0)
447  return -1;
448 
449  conn->incoming_cmd_cur_len = 0;
450  goto again;
451 }
452 
456 static int network_is_live = 0;
457 
458 int
459 get_cached_network_liveness(void)
460 {
461  return network_is_live;
462 }
463 
464 void
465 set_cached_network_liveness(int liveness)
466 {
467  network_is_live = liveness;
468 }
469 
472 static char *owning_controller_process_spec = NULL;
473 
477 
480 static void
482 {
483  (void)unused;
484 
485  lost_owning_controller("process", "vanished");
486 }
487 
490 void
491 monitor_owning_controller_process(const char *process_spec)
492 {
493  const char *msg;
494 
497 
498  if (owning_controller_process_spec != NULL) {
499  if ((process_spec != NULL) && !strcmp(process_spec,
501  /* Same process -- return now, instead of disposing of and
502  * recreating the process-termination monitor. */
503  return;
504  }
505 
506  /* We are currently owned by a process, and we should no longer be
507  * owned by it. Free the process-termination monitor. */
508  tor_process_monitor_free(owning_controller_process_monitor);
510 
513  }
514 
517 
518  if (process_spec == NULL)
519  return;
520 
521  owning_controller_process_spec = tor_strdup(process_spec);
523  tor_process_monitor_new(tor_libevent_get_base(),
525  LD_CONTROL,
527  &msg);
528 
529  if (owning_controller_process_monitor == NULL) {
530  log_err(LD_BUG, "Couldn't create process-termination monitor for "
531  "owning controller: %s. Exiting.",
532  msg);
535  }
536 }
537 
539 void
541 {
542  control_auth_free_all();
543  control_events_free_all();
544  control_cmd_free_all();
546 }
tor_socket_t s
Definition: connection_st.h:88
int set_socket_nonblocking(tor_socket_t sock)
Definition: socket.c:561
Header file for rendcommon.c.
#define CONN_TYPE_CONTROL_LISTENER
Definition: connection.h:38
Header file for control_auth.c.
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define TO_CONN(c)
Definition: or.h:735
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
tor_addr_t addr
Header file for connection.c.
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:73
void tor_take_socket_ownership(tor_socket_t s)
Definition: socket.c:335
#define DOWNCAST(to, ptr)
Definition: or.h:110
uint8_t state
Definition: connection_st.h:44
Headers for procmon.c.
void monitor_owning_controller_process(const char *process_spec)
Definition: control.c:491
Header file for control_fmt.c.
#define CONTROL_CONN_STATE_OPEN
Definition: control.h:19
Header file for config.c.
control_connection_t * TO_CONTROL_CONN(connection_t *c)
Definition: control.c:66
static int network_is_live
Definition: control.c:456
static int is_valid_initial_command(control_connection_t *conn, const char *cmd)
Definition: control.c:241
uint16_t port
void connection_control_closed(control_connection_t *conn)
Definition: control.c:210
#define tor_free(p)
Definition: malloc.h:52
void tor_shutdown_event_loop_and_exit(int exitcode)
Definition: mainloop.c:768
#define tor_fragile_assert()
Definition: util_bug.h:240
Header file for mainloop.c.
Header file for main.c.
unsigned int have_sent_protocolinfo
control_connection_t * control_connection_new(int socket_family)
Definition: connection.c:425
#define SOCKET_OK(s)
Definition: nettypes.h:39
struct buf_t * inbuf
Definition: connection_st.h:93
tor_assert(buffer)
#define LD_CONTROL
Definition: log.h:77
void control_free_all(void)
Definition: control.c:540
int connection_control_reached_eof(control_connection_t *conn)
Definition: control.c:188
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
static int peek_connection_has_control0_command(connection_t *conn)
Definition: control.c:266
void control_update_global_event_mask(void)
int connection_control_process_inbuf(control_connection_t *conn)
Definition: control.c:307
#define CONTROL_CONN_STATE_NEEDAUTH
Definition: control.h:22
int connection_init_accepted_conn(connection_t *conn, const listener_connection_t *listener)
Definition: connection.c:1867
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
Definition: smartlist.c:36
static tor_process_monitor_t * owning_controller_process_monitor
Definition: control.c:476
#define MAX_COMMAND_LINE_LENGTH
Definition: control.c:259
Master header file for Tor-specific functionality.
void control_event_bootstrap_reset(void)
int control_connection_add_local_fd(tor_socket_t sock, unsigned flags)
Definition: control.c:78
char * ControlPortWriteToFile
int rend_valid_v2_service_id(const char *query)
Definition: rendcommon.c:719
static void owning_controller_procmon_cb(void *unused)
Definition: control.c:481
Header file for control_cmd.c.
int rend_service_del_ephemeral(const char *service_id)
Definition: rendservice.c:971
int ControlPortFileGroupReadable
Header file for rendservice.c.
#define tor_socket_t
Definition: nettypes.h:36
#define LD_FS
Definition: log.h:67
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
#define SMARTLIST_FOREACH(sl, type, var, cmd)
unsigned int is_owning_control_connection
int connection_control_finished_flushing(control_connection_t *conn)
Definition: control.c:180
Header file for control.c.
static char * owning_controller_process_spec
Definition: control.c:472
uint32_t magic
Definition: connection_st.h:41
void connection_write_str_to_buf(const char *s, control_connection_t *conn)
Definition: control_fmt.c:30
Header file for connection_or.c.
smartlist_t * ephemeral_onion_services
Header file for control_events.c.
tor_process_monitor_t * tor_process_monitor_new(struct event_base *base, const char *process_spec, log_domain_mask_t log_domain, tor_procmon_callback_t cb, void *cb_arg, const char **msg)
Definition: procmon.c:181
int connection_buf_get_line(connection_t *conn, char *data, size_t *data_len)
Definition: connection.c:3881
static void lost_owning_controller(const char *owner_type, const char *loss_manner)
Definition: control.c:200
#define LD_BUG
Definition: log.h:83
void control_ports_write_to_file(void)
Definition: control.c:117