Tor  0.4.7.0-alpha-dev
control_cmd.c
Go to the documentation of this file.
1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2  * Copyright (c) 2007-2021, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4 
5 /**
6  * \file control_cmd.c
7  * \brief Implement various commands for Tor's control-socket interface.
8  **/
9 
10 #define CONTROL_MODULE_PRIVATE
11 #define CONTROL_CMD_PRIVATE
12 #define CONTROL_EVENTS_PRIVATE
13 
14 #include "core/or/or.h"
15 #include "app/config/config.h"
16 #include "lib/confmgt/confmgt.h"
17 #include "app/main/main.h"
19 #include "core/or/circuitbuild.h"
20 #include "core/or/circuitlist.h"
21 #include "core/or/circuituse.h"
23 #include "core/or/circuitstats.h"
24 #include "core/or/extendinfo.h"
26 #include "feature/client/dnsserv.h"
31 #include "feature/control/control_hs.h"
33 #include "feature/control/control_getinfo.h"
35 #include "feature/hs/hs_control.h"
36 #include "feature/hs/hs_service.h"
43 #include "lib/encoding/confline.h"
44 #include "lib/encoding/kvline.h"
45 
54 
55 #include "app/config/statefile.h"
56 
58  const control_cmd_args_t *args,
59  int use_defaults);
60 
61 /** Yield true iff <b>s</b> is the state of a control_connection_t that has
62  * finished authentication and is accepting commands. */
63 #define STATE_IS_OPEN(s) ((s) == CONTROL_CONN_STATE_OPEN)
64 
65 /**
66  * Release all storage held in <b>args</b>
67  **/
68 void
70 {
71  if (! args)
72  return;
73 
74  if (args->args) {
75  SMARTLIST_FOREACH(args->args, char *, c, tor_free(c));
76  smartlist_free(args->args);
77  }
78  config_free_lines(args->kwargs);
79  tor_free(args->cmddata);
80 
81  tor_free(args);
82 }
83 
84 /** Erase all memory held in <b>args</b>. */
85 void
87 {
88  if (!args)
89  return;
90 
91  if (args->args) {
92  SMARTLIST_FOREACH(args->args, char *, c, memwipe(c, 0, strlen(c)));
93  }
94  for (config_line_t *line = args->kwargs; line; line = line->next) {
95  memwipe(line->key, 0, strlen(line->key));
96  memwipe(line->value, 0, strlen(line->value));
97  }
98  if (args->cmddata)
99  memwipe(args->cmddata, 0, args->cmddata_len);
100 }
101 
102 /**
103  * Return true iff any element of the NULL-terminated <b>array</b> matches
104  * <b>kwd</b>. Case-insensitive.
105  **/
106 static bool
107 string_array_contains_keyword(const char **array, const char *kwd)
108 {
109  for (unsigned i = 0; array[i]; ++i) {
110  if (! strcasecmp(array[i], kwd))
111  return true;
112  }
113  return false;
114 }
115 
116 /** Helper for argument parsing: check whether the keyword arguments just
117  * parsed in <b>result</b> were well-formed according to <b>syntax</b>.
118  *
119  * On success, return 0. On failure, return -1 and set *<b>error_out</b>
120  * to a newly allocated error string.
121  **/
122 static int
124  const control_cmd_syntax_t *syntax,
125  char **error_out)
126 {
127  if (result->kwargs == NULL) {
128  tor_asprintf(error_out, "Cannot parse keyword argument(s)");
129  return -1;
130  }
131 
132  if (! syntax->allowed_keywords) {
133  /* All keywords are permitted. */
134  return 0;
135  }
136 
137  /* Check for unpermitted arguments */
138  const config_line_t *line;
139  for (line = result->kwargs; line; line = line->next) {
141  line->key)) {
142  tor_asprintf(error_out, "Unrecognized keyword argument %s",
143  escaped(line->key));
144  return -1;
145  }
146  }
147 
148  return 0;
149 }
150 
151 /**
152  * Helper: parse the arguments to a command according to <b>syntax</b>. On
153  * success, set *<b>error_out</b> to NULL and return a newly allocated
154  * control_cmd_args_t. On failure, set *<b>error_out</b> to newly allocated
155  * error string, and return NULL.
156  **/
159  const control_cmd_syntax_t *syntax,
160  size_t body_len,
161  const char *body,
162  char **error_out)
163 {
164  *error_out = NULL;
165  control_cmd_args_t *result = tor_malloc_zero(sizeof(control_cmd_args_t));
166  const char *cmdline;
167  char *cmdline_alloc = NULL;
168  tor_assert(syntax->max_args < INT_MAX || syntax->max_args == UINT_MAX);
169 
170  result->command = command;
171 
172  if (syntax->store_raw_body) {
173  tor_assert(body[body_len] == 0);
174  result->raw_body = body;
175  }
176 
177  const char *eol = memchr(body, '\n', body_len);
178  if (syntax->want_cmddata) {
179  if (! eol || (eol+1) == body+body_len) {
180  *error_out = tor_strdup("Empty body");
181  goto err;
182  }
183  cmdline_alloc = tor_memdup_nulterm(body, eol-body);
184  cmdline = cmdline_alloc;
185  ++eol;
186  result->cmddata_len = read_escaped_data(eol, (body+body_len)-eol,
187  &result->cmddata);
188  } else {
189  if (eol && (eol+1) != body+body_len) {
190  *error_out = tor_strdup("Unexpected body");
191  goto err;
192  }
193  cmdline = body;
194  }
195 
196  result->args = smartlist_new();
197  smartlist_split_string(result->args, cmdline, " ",
198  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK,
199  (int)(syntax->max_args+1));
200  size_t n_args = smartlist_len(result->args);
201  if (n_args < syntax->min_args) {
202  tor_asprintf(error_out, "Need at least %u argument(s)",
203  syntax->min_args);
204  goto err;
205  } else if (n_args > syntax->max_args && ! syntax->accept_keywords) {
206  tor_asprintf(error_out, "Cannot accept more than %u argument(s)",
207  syntax->max_args);
208  goto err;
209  }
210 
211  if (n_args > syntax->max_args) {
212  /* We have extra arguments after the positional arguments, and we didn't
213  treat them as an error, so they must count as keyword arguments: Either
214  K=V pairs, or flags, or both. */
215  tor_assert(n_args == syntax->max_args + 1);
216  tor_assert(syntax->accept_keywords);
217  char *remainder = smartlist_pop_last(result->args);
218  result->kwargs = kvline_parse(remainder, syntax->kvline_flags);
219  tor_free(remainder);
220  if (kvline_check_keyword_args(result, syntax, error_out) < 0) {
221  goto err;
222  }
223  }
224 
225  tor_assert_nonfatal(*error_out == NULL);
226  goto done;
227  err:
228  tor_assert_nonfatal(*error_out != NULL);
229  control_cmd_args_free(result);
230  done:
231  tor_free(cmdline_alloc);
232  return result;
233 }
234 
235 /**
236  * Return true iff <b>lines</b> contains <b>flags</b> as a no-value
237  * (keyword-only) entry.
238  **/
239 static bool
240 config_lines_contain_flag(const config_line_t *lines, const char *flag)
241 {
242  const config_line_t *line = config_line_find_case(lines, flag);
243  return line && !strcmp(line->value, "");
244 }
245 
246 static const control_cmd_syntax_t setconf_syntax = {
247  .max_args=0,
248  .accept_keywords=true,
249  .kvline_flags=KV_OMIT_VALS|KV_QUOTED,
250 };
251 
252 /** Called when we receive a SETCONF message: parse the body and try
253  * to update our configuration. Reply with a DONE or ERROR message.
254  * Modifies the contents of body.*/
255 static int
257  const control_cmd_args_t *args)
258 {
259  return control_setconf_helper(conn, args, 0);
260 }
261 
262 static const control_cmd_syntax_t resetconf_syntax = {
263  .max_args=0,
264  .accept_keywords=true,
265  .kvline_flags=KV_OMIT_VALS|KV_QUOTED,
266 };
267 
268 /** Called when we receive a RESETCONF message: parse the body and try
269  * to update our configuration. Reply with a DONE or ERROR message.
270  * Modifies the contents of body. */
271 static int
273  const control_cmd_args_t *args)
274 {
275  return control_setconf_helper(conn, args, 1);
276 }
277 
278 static const control_cmd_syntax_t getconf_syntax = {
279  .max_args=UINT_MAX
280 };
281 
282 /** Called when we receive a GETCONF message. Parse the request, and
283  * reply with a CONFVALUE or an ERROR message */
284 static int
286  const control_cmd_args_t *args)
287 {
288  const smartlist_t *questions = args->args;
289  smartlist_t *answers = smartlist_new();
290  smartlist_t *unrecognized = smartlist_new();
291  const or_options_t *options = get_options();
292 
293  SMARTLIST_FOREACH_BEGIN(questions, const char *, q) {
294  if (!option_is_recognized(q)) {
295  control_reply_add_printf(unrecognized, 552,
296  "Unrecognized configuration key \"%s\"", q);
297  } else {
298  config_line_t *answer = option_get_assignment(options,q);
299  if (!answer) {
300  const char *name = option_get_canonical_name(q);
301  control_reply_add_one_kv(answers, 250, KV_OMIT_VALS, name, "");
302  }
303 
304  while (answer) {
305  config_line_t *next;
306  control_reply_add_one_kv(answers, 250, KV_RAW, answer->key,
307  answer->value);
308  next = answer->next;
309  tor_free(answer->key);
310  tor_free(answer->value);
311  tor_free(answer);
312  answer = next;
313  }
314  }
315  } SMARTLIST_FOREACH_END(q);
316 
317  if (smartlist_len(unrecognized)) {
318  control_write_reply_lines(conn, unrecognized);
319  } else if (smartlist_len(answers)) {
320  control_write_reply_lines(conn, answers);
321  } else {
322  send_control_done(conn);
323  }
324 
325  control_reply_free(answers);
326  control_reply_free(unrecognized);
327  return 0;
328 }
329 
330 static const control_cmd_syntax_t loadconf_syntax = {
331  .want_cmddata = true
332 };
333 
334 /** Called when we get a +LOADCONF message. */
335 static int
337  const control_cmd_args_t *args)
338 {
339  setopt_err_t retval;
340  char *errstring = NULL;
341 
342  retval = options_init_from_string(NULL, args->cmddata,
343  CMD_RUN_TOR, NULL, &errstring);
344 
345  if (retval != SETOPT_OK)
346  log_warn(LD_CONTROL,
347  "Controller gave us config file that didn't validate: %s",
348  errstring);
349 
350 #define SEND_ERRMSG(code, msg) \
351  control_printf_endreply(conn, code, msg "%s%s", \
352  errstring ? ": " : "", \
353  errstring ? errstring : "")
354  switch (retval) {
355  case SETOPT_ERR_PARSE:
356  SEND_ERRMSG(552, "Invalid config file");
357  break;
358  case SETOPT_ERR_TRANSITION:
359  SEND_ERRMSG(553, "Transition not allowed");
360  break;
361  case SETOPT_ERR_SETTING:
362  SEND_ERRMSG(553, "Unable to set option");
363  break;
364  case SETOPT_ERR_MISC:
365  default:
366  SEND_ERRMSG(550, "Unable to load config");
367  break;
368  case SETOPT_OK:
369  send_control_done(conn);
370  break;
371  }
372 #undef SEND_ERRMSG
373  tor_free(errstring);
374  return 0;
375 }
376 
377 static const control_cmd_syntax_t setevents_syntax = {
378  .max_args = UINT_MAX
379 };
380 
381 /** Called when we get a SETEVENTS message: update conn->event_mask,
382  * and reply with DONE or ERROR. */
383 static int
385  const control_cmd_args_t *args)
386 {
387  int event_code;
388  event_mask_t event_mask = 0;
389  const smartlist_t *events = args->args;
390 
391  SMARTLIST_FOREACH_BEGIN(events, const char *, ev)
392  {
393  if (!strcasecmp(ev, "EXTENDED") ||
394  !strcasecmp(ev, "AUTHDIR_NEWDESCS")) {
395  log_warn(LD_CONTROL, "The \"%s\" SETEVENTS argument is no longer "
396  "supported.", ev);
397  continue;
398  } else {
399  int i;
400  event_code = -1;
401 
402  for (i = 0; control_event_table[i].event_name != NULL; ++i) {
403  if (!strcasecmp(ev, control_event_table[i].event_name)) {
404  event_code = control_event_table[i].event_code;
405  break;
406  }
407  }
408 
409  if (event_code == -1) {
410  control_printf_endreply(conn, 552, "Unrecognized event \"%s\"", ev);
411  return 0;
412  }
413  }
414  event_mask |= (((event_mask_t)1) << event_code);
415  }
416  SMARTLIST_FOREACH_END(ev);
417 
418  conn->event_mask = event_mask;
419 
421  send_control_done(conn);
422  return 0;
423 }
424 
425 static const control_cmd_syntax_t saveconf_syntax = {
426  .max_args = 0,
427  .accept_keywords = true,
428  .kvline_flags=KV_OMIT_VALS,
429 };
430 
431 /** Called when we get a SAVECONF command. Try to flush the current options to
432  * disk, and report success or failure. */
433 static int
435  const control_cmd_args_t *args)
436 {
437  bool force = config_lines_contain_flag(args->kwargs, "FORCE");
438  const or_options_t *options = get_options();
439  if ((!force && options->IncludeUsed) || options_save_current() < 0) {
440  control_write_endreply(conn, 551,
441  "Unable to write configuration to disk.");
442  } else {
443  send_control_done(conn);
444  }
445  return 0;
446 }
447 
448 static const control_cmd_syntax_t signal_syntax = {
449  .min_args = 1,
450  .max_args = 1,
451 };
452 
453 /** Called when we get a SIGNAL command. React to the provided signal, and
454  * report success or failure. (If the signal results in a shutdown, success
455  * may not be reported.) */
456 static int
458  const control_cmd_args_t *args)
459 {
460  int sig = -1;
461  int i;
462 
463  tor_assert(smartlist_len(args->args) == 1);
464  const char *s = smartlist_get(args->args, 0);
465 
466  for (i = 0; signal_table[i].signal_name != NULL; ++i) {
467  if (!strcasecmp(s, signal_table[i].signal_name)) {
468  sig = signal_table[i].sig;
469  break;
470  }
471  }
472 
473  if (sig < 0)
474  control_printf_endreply(conn, 552, "Unrecognized signal code \"%s\"", s);
475  if (sig < 0)
476  return 0;
477 
478  send_control_done(conn);
479  /* Flush the "done" first if the signal might make us shut down. */
480  if (sig == SIGTERM || sig == SIGINT)
481  connection_flush(TO_CONN(conn));
482 
483  activate_signal(sig);
484 
485  return 0;
486 }
487 
488 static const control_cmd_syntax_t takeownership_syntax = {
489  .max_args = UINT_MAX, // This should probably become zero. XXXXX
490 };
491 
492 /** Called when we get a TAKEOWNERSHIP command. Mark this connection
493  * as an owning connection, so that we will exit if the connection
494  * closes. */
495 static int
497  const control_cmd_args_t *args)
498 {
499  (void)args;
500 
502 
503  log_info(LD_CONTROL, "Control connection %d has taken ownership of this "
504  "Tor instance.",
505  (int)(conn->base_.s));
506 
507  send_control_done(conn);
508  return 0;
509 }
510 
511 static const control_cmd_syntax_t dropownership_syntax = {
512  .max_args = UINT_MAX, // This should probably become zero. XXXXX
513 };
514 
515 /** Called when we get a DROPOWNERSHIP command. Mark this connection
516  * as a non-owning connection, so that we will not exit if the connection
517  * closes. */
518 static int
520  const control_cmd_args_t *args)
521 {
522  (void)args;
523 
525 
526  log_info(LD_CONTROL, "Control connection %d has dropped ownership of this "
527  "Tor instance.",
528  (int)(conn->base_.s));
529 
530  send_control_done(conn);
531  return 0;
532 }
533 
534 /** Given a text circuit <b>id</b>, return the corresponding circuit. */
535 static origin_circuit_t *
536 get_circ(const char *id)
537 {
538  uint32_t n_id;
539  int ok;
540  n_id = (uint32_t) tor_parse_ulong(id, 10, 0, UINT32_MAX, &ok, NULL);
541  if (!ok)
542  return NULL;
543  return circuit_get_by_global_id(n_id);
544 }
545 
546 /** Given a text stream <b>id</b>, return the corresponding AP connection. */
547 static entry_connection_t *
548 get_stream(const char *id)
549 {
550  uint64_t n_id;
551  int ok;
552  connection_t *conn;
553  n_id = tor_parse_uint64(id, 10, 0, UINT64_MAX, &ok, NULL);
554  if (!ok)
555  return NULL;
556  conn = connection_get_by_global_id(n_id);
557  if (!conn || conn->type != CONN_TYPE_AP || conn->marked_for_close)
558  return NULL;
559  return TO_ENTRY_CONN(conn);
560 }
561 
562 /** Helper for setconf and resetconf. Acts like setconf, except
563  * it passes <b>use_defaults</b> on to options_trial_assign(). Modifies the
564  * contents of body.
565  */
566 static int
568  const control_cmd_args_t *args,
569  int use_defaults)
570 {
571  setopt_err_t opt_err;
572  char *errstring = NULL;
573  const unsigned flags =
574  CAL_CLEAR_FIRST | (use_defaults ? CAL_USE_DEFAULTS : 0);
575 
576  // We need a copy here, since confmgt.c wants to canonicalize cases.
577  config_line_t *lines = config_lines_dup(args->kwargs);
578 
579  opt_err = options_trial_assign(lines, flags, &errstring);
580  {
581 #define SEND_ERRMSG(code, msg) \
582  control_printf_endreply(conn, code, msg ": %s", errstring);
583 
584  switch (opt_err) {
585  case SETOPT_ERR_MISC:
586  SEND_ERRMSG(552, "Unrecognized option");
587  break;
588  case SETOPT_ERR_PARSE:
589  SEND_ERRMSG(513, "Unacceptable option value");
590  break;
591  case SETOPT_ERR_TRANSITION:
592  SEND_ERRMSG(553, "Transition not allowed");
593  break;
594  case SETOPT_ERR_SETTING:
595  default:
596  SEND_ERRMSG(553, "Unable to set option");
597  break;
598  case SETOPT_OK:
599  config_free_lines(lines);
600  send_control_done(conn);
601  return 0;
602  }
603 #undef SEND_ERRMSG
604  log_warn(LD_CONTROL,
605  "Controller gave us config lines that didn't validate: %s",
606  errstring);
607  config_free_lines(lines);
608  tor_free(errstring);
609  return 0;
610  }
611 }
612 
613 /** Return true iff <b>addr</b> is unusable as a mapaddress target because of
614  * containing funny characters. */
615 static int
617 {
618  if (!strcmpstart(addr, "*."))
619  return address_is_invalid_destination(addr+2, 1);
620  else
621  return address_is_invalid_destination(addr, 1);
622 }
623 
624 static const control_cmd_syntax_t mapaddress_syntax = {
625  // no positional arguments are expected
626  .max_args=0,
627  // an arbitrary number of K=V entries are supported.
628  .accept_keywords=true,
629 };
630 
631 /** Called when we get a MAPADDRESS command; try to bind all listed addresses,
632  * and report success or failure. */
633 static int
635  const control_cmd_args_t *args)
636 {
637  smartlist_t *reply;
638  char *r;
639  size_t sz;
640 
641  reply = smartlist_new();
642  const config_line_t *line;
643  for (line = args->kwargs; line; line = line->next) {
644  const char *from = line->key;
645  const char *to = line->value;
646  {
649  "512-syntax error: invalid address '%s'", to);
650  log_warn(LD_CONTROL,
651  "Skipping invalid argument '%s' in MapAddress msg", to);
652  } else if (!strcmp(from, ".") || !strcmp(from, "0.0.0.0") ||
653  !strcmp(from, "::")) {
654  const char type =
655  !strcmp(from,".") ? RESOLVED_TYPE_HOSTNAME :
656  (!strcmp(from, "0.0.0.0") ? RESOLVED_TYPE_IPV4 : RESOLVED_TYPE_IPV6);
657  const char *address = addressmap_register_virtual_address(
658  type, tor_strdup(to));
659  if (!address) {
661  "451-resource exhausted: skipping '%s=%s'", from,to);
662  log_warn(LD_CONTROL,
663  "Unable to allocate address for '%s' in MapAddress msg",
664  safe_str_client(to));
665  } else {
666  smartlist_add_asprintf(reply, "250-%s=%s", address, to);
667  }
668  } else {
669  const char *msg;
670  if (addressmap_register_auto(from, to, 1,
671  ADDRMAPSRC_CONTROLLER, &msg) < 0) {
673  "512-syntax error: invalid address mapping "
674  " '%s=%s': %s", from, to, msg);
675  log_warn(LD_CONTROL,
676  "Skipping invalid argument '%s=%s' in MapAddress msg: %s",
677  from, to, msg);
678  } else {
679  smartlist_add_asprintf(reply, "250-%s=%s", from, to);
680  }
681  }
682  }
683  }
684 
685  if (smartlist_len(reply)) {
686  ((char*)smartlist_get(reply,smartlist_len(reply)-1))[3] = ' ';
687  r = smartlist_join_strings(reply, "\r\n", 1, &sz);
688  connection_buf_add(r, sz, TO_CONN(conn));
689  tor_free(r);
690  } else {
691  control_write_endreply(conn, 512, "syntax error: "
692  "not enough arguments to mapaddress.");
693  }
694 
695  SMARTLIST_FOREACH(reply, char *, cp, tor_free(cp));
696  smartlist_free(reply);
697  return 0;
698 }
699 
700 /** Given a string, convert it to a circuit purpose. */
701 static uint8_t
702 circuit_purpose_from_string(const char *string)
703 {
704  if (!strcasecmpstart(string, "purpose="))
705  string += strlen("purpose=");
706 
707  if (!strcasecmp(string, "general"))
709  else if (!strcasecmp(string, "controller"))
711  else
713 }
714 
715 static const control_cmd_syntax_t extendcircuit_syntax = {
716  .min_args=1,
717  .max_args=1, // see note in function
718  .accept_keywords=true,
719  .kvline_flags=KV_OMIT_VALS
720 };
721 
722 /** Called when we get an EXTENDCIRCUIT message. Try to extend the listed
723  * circuit, and report success or failure. */
724 static int
726  const control_cmd_args_t *args)
727 {
728  smartlist_t *router_nicknames=smartlist_new(), *nodes=NULL;
729  origin_circuit_t *circ = NULL;
730  uint8_t intended_purpose = CIRCUIT_PURPOSE_C_GENERAL;
731  const config_line_t *kwargs = args->kwargs;
732  const char *circ_id = smartlist_get(args->args, 0);
733  const char *path_str = NULL;
734  char *path_str_alloc = NULL;
735 
736  /* The syntax for this command is unfortunate. The second argument is
737  optional, and is a comma-separated list long-format fingerprints, which
738  can (historically!) contain an equals sign.
739 
740  Here we check the second argument to see if it's a path, and if so we
741  remove it from the kwargs list and put it in path_str.
742  */
743  if (kwargs) {
744  const config_line_t *arg1 = kwargs;
745  if (!strcmp(arg1->value, "")) {
746  path_str = arg1->key;
747  kwargs = kwargs->next;
748  } else if (arg1->key[0] == '$') {
749  tor_asprintf(&path_str_alloc, "%s=%s", arg1->key, arg1->value);
750  path_str = path_str_alloc;
751  kwargs = kwargs->next;
752  }
753  }
754 
755  const config_line_t *purpose_line = config_line_find_case(kwargs, "PURPOSE");
756  bool zero_circ = !strcmp("0", circ_id);
757 
758  if (purpose_line) {
759  intended_purpose = circuit_purpose_from_string(purpose_line->value);
760  if (intended_purpose == CIRCUIT_PURPOSE_UNKNOWN) {
761  control_printf_endreply(conn, 552, "Unknown purpose \"%s\"",
762  purpose_line->value);
763  goto done;
764  }
765  }
766 
767  if (zero_circ) {
768  if (!path_str) {
769  // "EXTENDCIRCUIT 0" with no path.
770  circ = circuit_launch(intended_purpose, CIRCLAUNCH_NEED_CAPACITY);
771  if (!circ) {
772  control_write_endreply(conn, 551, "Couldn't start circuit");
773  } else {
774  control_printf_endreply(conn, 250, "EXTENDED %lu",
775  (unsigned long)circ->global_identifier);
776  }
777  goto done;
778  }
779  }
780 
781  if (!zero_circ && !(circ = get_circ(circ_id))) {
782  control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id);
783  goto done;
784  }
785 
786  if (!path_str) {
787  control_write_endreply(conn, 512, "syntax error: path required.");
788  goto done;
789  }
790 
791  smartlist_split_string(router_nicknames, path_str, ",", 0, 0);
792 
793  nodes = smartlist_new();
794  bool first_node = zero_circ;
795  SMARTLIST_FOREACH_BEGIN(router_nicknames, const char *, n) {
796  const node_t *node = node_get_by_nickname(n, 0);
797  if (!node) {
798  control_printf_endreply(conn, 552, "No such router \"%s\"", n);
799  goto done;
800  }
801  if (!node_has_preferred_descriptor(node, first_node)) {
802  control_printf_endreply(conn, 552, "No descriptor for \"%s\"", n);
803  goto done;
804  }
805  smartlist_add(nodes, (void*)node);
806  first_node = false;
807  } SMARTLIST_FOREACH_END(n);
808 
809  if (!smartlist_len(nodes)) {
810  control_write_endreply(conn, 512, "No router names provided");
811  goto done;
812  }
813 
814  if (zero_circ) {
815  /* start a new circuit */
816  circ = origin_circuit_init(intended_purpose, 0);
817  circ->first_hop_from_controller = 1;
818  }
819 
820  /* now circ refers to something that is ready to be extended */
821  first_node = zero_circ;
822  SMARTLIST_FOREACH(nodes, const node_t *, node,
823  {
824  extend_info_t *info = extend_info_from_node(node, first_node);
825  if (!info) {
826  tor_assert_nonfatal(first_node);
827  log_warn(LD_CONTROL,
828  "controller tried to connect to a node that lacks a suitable "
829  "descriptor, or which doesn't have any "
830  "addresses that are allowed by the firewall configuration; "
831  "circuit marked for closing.");
832  circuit_mark_for_close(TO_CIRCUIT(circ), -END_CIRC_REASON_CONNECTFAILED);
833  control_write_endreply(conn, 551, "Couldn't start circuit");
834  goto done;
835  }
836  circuit_append_new_exit(circ, info);
837  if (circ->build_state->desired_path_len > 1) {
838  circ->build_state->onehop_tunnel = 0;
839  }
840  extend_info_free(info);
841  first_node = 0;
842  });
843 
844  /* now that we've populated the cpath, start extending */
845  if (zero_circ) {
846  int err_reason = 0;
847  if ((err_reason = circuit_handle_first_hop(circ)) < 0) {
848  circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason);
849  control_write_endreply(conn, 551, "Couldn't start circuit");
850  goto done;
851  }
852  } else {
853  if (circ->base_.state == CIRCUIT_STATE_OPEN ||
854  circ->base_.state == CIRCUIT_STATE_GUARD_WAIT) {
855  int err_reason = 0;
857  if ((err_reason = circuit_send_next_onion_skin(circ)) < 0) {
858  log_info(LD_CONTROL,
859  "send_next_onion_skin failed; circuit marked for closing.");
860  circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason);
861  control_write_endreply(conn, 551, "Couldn't send onion skin");
862  goto done;
863  }
864  }
865  }
866 
867  control_printf_endreply(conn, 250, "EXTENDED %lu",
868  (unsigned long)circ->global_identifier);
869  if (zero_circ) /* send a 'launched' event, for completeness */
870  circuit_event_status(circ, CIRC_EVENT_LAUNCHED, 0);
871  done:
872  SMARTLIST_FOREACH(router_nicknames, char *, n, tor_free(n));
873  smartlist_free(router_nicknames);
874  smartlist_free(nodes);
875  tor_free(path_str_alloc);
876  return 0;
877 }
878 
879 static const control_cmd_syntax_t setcircuitpurpose_syntax = {
880  .max_args=1,
881  .accept_keywords=true,
882 };
883 
884 /** Called when we get a SETCIRCUITPURPOSE message. If we can find the
885  * circuit and it's a valid purpose, change it. */
886 static int
888  const control_cmd_args_t *args)
889 {
890  origin_circuit_t *circ = NULL;
891  uint8_t new_purpose;
892  const char *circ_id = smartlist_get(args->args,0);
893 
894  if (!(circ = get_circ(circ_id))) {
895  control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id);
896  goto done;
897  }
898 
899  {
900  const config_line_t *purp = config_line_find_case(args->kwargs, "PURPOSE");
901  if (!purp) {
902  control_write_endreply(conn, 552, "No purpose given");
903  goto done;
904  }
905  new_purpose = circuit_purpose_from_string(purp->value);
906  if (new_purpose == CIRCUIT_PURPOSE_UNKNOWN) {
907  control_printf_endreply(conn, 552, "Unknown purpose \"%s\"",
908  purp->value);
909  goto done;
910  }
911  }
912 
913  circuit_change_purpose(TO_CIRCUIT(circ), new_purpose);
914  send_control_done(conn);
915 
916  done:
917  return 0;
918 }
919 
920 static const char *attachstream_keywords[] = {
921  "HOP", NULL
922 };
923 static const control_cmd_syntax_t attachstream_syntax = {
924  .min_args=2, .max_args=2,
925  .accept_keywords=true,
926  .allowed_keywords=attachstream_keywords
927 };
928 
929 /** Called when we get an ATTACHSTREAM message. Try to attach the requested
930  * stream, and report success or failure. */
931 static int
933  const control_cmd_args_t *args)
934 {
935  entry_connection_t *ap_conn = NULL;
936  origin_circuit_t *circ = NULL;
937  crypt_path_t *cpath=NULL;
938  int hop=0, hop_line_ok=1;
939  const char *stream_id = smartlist_get(args->args, 0);
940  const char *circ_id = smartlist_get(args->args, 1);
941  int zero_circ = !strcmp(circ_id, "0");
942  const config_line_t *hoparg = config_line_find_case(args->kwargs, "HOP");
943 
944  if (!(ap_conn = get_stream(stream_id))) {
945  control_printf_endreply(conn, 552, "Unknown stream \"%s\"", stream_id);
946  return 0;
947  } else if (!zero_circ && !(circ = get_circ(circ_id))) {
948  control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id);
949  return 0;
950  } else if (circ) {
951  if (hoparg) {
952  hop = (int) tor_parse_ulong(hoparg->value, 10, 0, INT_MAX,
953  &hop_line_ok, NULL);
954  if (!hop_line_ok) { /* broken hop line */
955  control_printf_endreply(conn, 552, "Bad value hop=%s",
956  hoparg->value);
957  return 0;
958  }
959  }
960  }
961 
962  if (ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONTROLLER_WAIT &&
963  ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONNECT_WAIT &&
964  ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_RESOLVE_WAIT) {
965  control_write_endreply(conn, 555,
966  "Connection is not managed by controller.");
967  return 0;
968  }
969 
970  /* Do we need to detach it first? */
971  if (ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONTROLLER_WAIT) {
972  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(ap_conn);
973  circuit_t *tmpcirc = circuit_get_by_edge_conn(edge_conn);
974  connection_edge_end(edge_conn, END_STREAM_REASON_TIMEOUT);
975  /* Un-mark it as ending, since we're going to reuse it. */
976  edge_conn->edge_has_sent_end = 0;
977  edge_conn->end_reason = 0;
978  if (tmpcirc)
979  circuit_detach_stream(tmpcirc, edge_conn);
981  }
982 
983  if (circ && (circ->base_.state != CIRCUIT_STATE_OPEN)) {
984  control_write_endreply(conn, 551,
985  "Can't attach stream to non-open origin circuit");
986  return 0;
987  }
988  /* Is this a single hop circuit? */
989  if (circ && (circuit_get_cpath_len(circ)<2 || hop==1)) {
990  control_write_endreply(conn, 551,
991  "Can't attach stream to this one-hop circuit.");
992  return 0;
993  }
994 
995  if (circ && hop>0) {
996  /* find this hop in the circuit, and set cpath */
997  cpath = circuit_get_cpath_hop(circ, hop);
998  if (!cpath) {
999  control_printf_endreply(conn, 551, "Circuit doesn't have %d hops.", hop);
1000  return 0;
1001  }
1002  }
1003  if (connection_ap_handshake_rewrite_and_attach(ap_conn, circ, cpath) < 0) {
1004  control_write_endreply(conn, 551, "Unable to attach stream");
1005  return 0;
1006  }
1007  send_control_done(conn);
1008  return 0;
1009 }
1010 
1011 static const char *postdescriptor_keywords[] = {
1012  "cache", "purpose", NULL,
1013 };
1014 
1015 static const control_cmd_syntax_t postdescriptor_syntax = {
1016  .max_args = 0,
1017  .accept_keywords = true,
1018  .allowed_keywords = postdescriptor_keywords,
1019  .want_cmddata = true,
1020 };
1021 
1022 /** Called when we get a POSTDESCRIPTOR message. Try to learn the provided
1023  * descriptor, and report success or failure. */
1024 static int
1026  const control_cmd_args_t *args)
1027 {
1028  const char *msg=NULL;
1029  uint8_t purpose = ROUTER_PURPOSE_GENERAL;
1030  int cache = 0; /* eventually, we may switch this to 1 */
1031  const config_line_t *line;
1032 
1033  line = config_line_find_case(args->kwargs, "purpose");
1034  if (line) {
1035  purpose = router_purpose_from_string(line->value);
1036  if (purpose == ROUTER_PURPOSE_UNKNOWN) {
1037  control_printf_endreply(conn, 552, "Unknown purpose \"%s\"",
1038  line->value);
1039  goto done;
1040  }
1041  }
1042  line = config_line_find_case(args->kwargs, "cache");
1043  if (line) {
1044  if (!strcasecmp(line->value, "no"))
1045  cache = 0;
1046  else if (!strcasecmp(line->value, "yes"))
1047  cache = 1;
1048  else {
1049  control_printf_endreply(conn, 552, "Unknown cache request \"%s\"",
1050  line->value);
1051  goto done;
1052  }
1053  }
1054 
1055  switch (router_load_single_router(args->cmddata, purpose, cache, &msg)) {
1056  case -1:
1057  if (!msg) msg = "Could not parse descriptor";
1058  control_write_endreply(conn, 554, msg);
1059  break;
1060  case 0:
1061  if (!msg) msg = "Descriptor not added";
1062  control_write_endreply(conn, 251, msg);
1063  break;
1064  case 1:
1065  send_control_done(conn);
1066  break;
1067  }
1068 
1069  done:
1070  return 0;
1071 }
1072 
1073 static const control_cmd_syntax_t redirectstream_syntax = {
1074  .min_args = 2,
1075  .max_args = UINT_MAX, // XXX should be 3.
1076 };
1077 
1078 /** Called when we receive a REDIRECTSTERAM command. Try to change the target
1079  * address of the named AP stream, and report success or failure. */
1080 static int
1082  const control_cmd_args_t *cmd_args)
1083 {
1084  entry_connection_t *ap_conn = NULL;
1085  char *new_addr = NULL;
1086  uint16_t new_port = 0;
1087  const smartlist_t *args = cmd_args->args;
1088 
1089  if (!(ap_conn = get_stream(smartlist_get(args, 0)))
1090  || !ap_conn->socks_request) {
1091  control_printf_endreply(conn, 552, "Unknown stream \"%s\"",
1092  (char*)smartlist_get(args, 0));
1093  } else {
1094  int ok = 1;
1095  if (smartlist_len(args) > 2) { /* they included a port too */
1096  new_port = (uint16_t) tor_parse_ulong(smartlist_get(args, 2),
1097  10, 1, 65535, &ok, NULL);
1098  }
1099  if (!ok) {
1100  control_printf_endreply(conn, 512, "Cannot parse port \"%s\"",
1101  (char*)smartlist_get(args, 2));
1102  } else {
1103  new_addr = tor_strdup(smartlist_get(args, 1));
1104  }
1105  }
1106 
1107  if (!new_addr)
1108  return 0;
1109 
1110  strlcpy(ap_conn->socks_request->address, new_addr,
1111  sizeof(ap_conn->socks_request->address));
1112  if (new_port)
1113  ap_conn->socks_request->port = new_port;
1114  tor_free(new_addr);
1115  send_control_done(conn);
1116  return 0;
1117 }
1118 
1119 static const control_cmd_syntax_t closestream_syntax = {
1120  .min_args = 2,
1121  .max_args = UINT_MAX, /* XXXX This is the original behavior, but
1122  * maybe we should change the spec. */
1123 };
1124 
1125 /** Called when we get a CLOSESTREAM command; try to close the named stream
1126  * and report success or failure. */
1127 static int
1129  const control_cmd_args_t *cmd_args)
1130 {
1131  entry_connection_t *ap_conn=NULL;
1132  uint8_t reason=0;
1133  int ok;
1134  const smartlist_t *args = cmd_args->args;
1135 
1136  tor_assert(smartlist_len(args) >= 2);
1137 
1138  if (!(ap_conn = get_stream(smartlist_get(args, 0))))
1139  control_printf_endreply(conn, 552, "Unknown stream \"%s\"",
1140  (char*)smartlist_get(args, 0));
1141  else {
1142  reason = (uint8_t) tor_parse_ulong(smartlist_get(args,1), 10, 0, 255,
1143  &ok, NULL);
1144  if (!ok) {
1145  control_printf_endreply(conn, 552, "Unrecognized reason \"%s\"",
1146  (char*)smartlist_get(args, 1));
1147  ap_conn = NULL;
1148  }
1149  }
1150  if (!ap_conn)
1151  return 0;
1152 
1153  connection_mark_unattached_ap(ap_conn, reason);
1154  send_control_done(conn);
1155  return 0;
1156 }
1157 
1158 static const control_cmd_syntax_t closecircuit_syntax = {
1159  .min_args=1, .max_args=1,
1160  .accept_keywords=true,
1161  .kvline_flags=KV_OMIT_VALS,
1162  // XXXX we might want to exclude unrecognized flags, but for now we
1163  // XXXX just ignore them for backward compatibility.
1164 };
1165 
1166 /** Called when we get a CLOSECIRCUIT command; try to close the named circuit
1167  * and report success or failure. */
1168 static int
1170  const control_cmd_args_t *args)
1171 {
1172  const char *circ_id = smartlist_get(args->args, 0);
1173  origin_circuit_t *circ = NULL;
1174 
1175  if (!(circ=get_circ(circ_id))) {
1176  control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id);
1177  return 0;
1178  }
1179 
1180  bool safe = config_lines_contain_flag(args->kwargs, "IfUnused");
1181 
1182  if (!safe || !circ->p_streams) {
1183  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_REQUESTED);
1184  }
1185 
1186  send_control_done(conn);
1187  return 0;
1188 }
1189 
1190 static const control_cmd_syntax_t resolve_syntax = {
1191  .max_args=0,
1192  .accept_keywords=true,
1193  .kvline_flags=KV_OMIT_VALS,
1194 };
1195 
1196 /** Called when we get a RESOLVE command: start trying to resolve
1197  * the listed addresses. */
1198 static int
1200  const control_cmd_args_t *args)
1201 {
1202  smartlist_t *failed;
1203  int is_reverse = 0;
1204 
1205  if (!(conn->event_mask & (((event_mask_t)1)<<EVENT_ADDRMAP))) {
1206  log_warn(LD_CONTROL, "Controller asked us to resolve an address, but "
1207  "isn't listening for ADDRMAP events. It probably won't see "
1208  "the answer.");
1209  }
1210 
1211  {
1212  const config_line_t *modearg = config_line_find_case(args->kwargs, "mode");
1213  if (modearg && !strcasecmp(modearg->value, "reverse"))
1214  is_reverse = 1;
1215  }
1216  failed = smartlist_new();
1217  for (const config_line_t *line = args->kwargs; line; line = line->next) {
1218  if (!strlen(line->value)) {
1219  const char *addr = line->key;
1220  if (dnsserv_launch_request(addr, is_reverse, conn)<0)
1221  smartlist_add(failed, (char*)addr);
1222  } else {
1223  // XXXX arguably we should reject unrecognized keyword arguments,
1224  // XXXX but the old implementation didn't do that.
1225  }
1226  }
1227 
1228  send_control_done(conn);
1229  SMARTLIST_FOREACH(failed, const char *, arg, {
1230  control_event_address_mapped(arg, arg, time(NULL),
1231  "internal", 0, 0);
1232  });
1233 
1234  smartlist_free(failed);
1235  return 0;
1236 }
1237 
1238 static const control_cmd_syntax_t protocolinfo_syntax = {
1239  .max_args = UINT_MAX
1240 };
1241 
1242 /** Return a comma-separated list of authentication methods for
1243  handle_control_protocolinfo(). Caller must free this string. */
1244 static char *
1246 {
1247  int cookies = options->CookieAuthentication;
1248  char *methods;
1249  int passwd = (options->HashedControlPassword != NULL ||
1250  options->HashedControlSessionPassword != NULL);
1251  smartlist_t *mlist = smartlist_new();
1252 
1253  if (cookies) {
1254  smartlist_add(mlist, (char*)"COOKIE");
1255  smartlist_add(mlist, (char*)"SAFECOOKIE");
1256  }
1257  if (passwd)
1258  smartlist_add(mlist, (char*)"HASHEDPASSWORD");
1259  if (!cookies && !passwd)
1260  smartlist_add(mlist, (char*)"NULL");
1261  methods = smartlist_join_strings(mlist, ",", 0, NULL);
1262  smartlist_free(mlist);
1263 
1264  return methods;
1265 }
1266 
1267 /** Return escaped cookie filename. Caller must free this string.
1268  Return NULL if cookie authentication is disabled. */
1269 static char *
1271 {
1272  char *cfile = NULL, *abs_cfile = NULL, *esc_cfile = NULL;
1273 
1274  if (!options->CookieAuthentication)
1275  return NULL;
1276 
1278  abs_cfile = make_path_absolute(cfile);
1279  esc_cfile = esc_for_log(abs_cfile);
1280  tor_free(cfile);
1281  tor_free(abs_cfile);
1282  return esc_cfile;
1283 }
1284 
1285 /** Compose the auth methods line of a PROTOCOLINFO reply. */
1286 static void
1288 {
1289  const or_options_t *options = get_options();
1290  char *methods = get_authmethods(options);
1291  char *esc_cfile = get_esc_cfile(options);
1292 
1293  control_reply_add_str(reply, 250, "AUTH");
1294  control_reply_append_kv(reply, "METHODS", methods);
1295  if (esc_cfile)
1296  control_reply_append_kv(reply, "COOKIEFILE", esc_cfile);
1297 
1298  tor_free(methods);
1299  tor_free(esc_cfile);
1300 }
1301 
1302 /** Called when we get a PROTOCOLINFO command: send back a reply. */
1303 static int
1305  const control_cmd_args_t *cmd_args)
1306 {
1307  const char *bad_arg = NULL;
1308  const smartlist_t *args = cmd_args->args;
1309  smartlist_t *reply = NULL;
1310 
1311  conn->have_sent_protocolinfo = 1;
1312 
1313  SMARTLIST_FOREACH(args, const char *, arg, {
1314  int ok;
1315  tor_parse_long(arg, 10, 0, LONG_MAX, &ok, NULL);
1316  if (!ok) {
1317  bad_arg = arg;
1318  break;
1319  }
1320  });
1321  if (bad_arg) {
1322  control_printf_endreply(conn, 513, "No such version %s",
1323  escaped(bad_arg));
1324  /* Don't tolerate bad arguments when not authenticated. */
1325  if (!STATE_IS_OPEN(TO_CONN(conn)->state))
1326  connection_mark_for_close(TO_CONN(conn));
1327  return 0;
1328  }
1329  reply = smartlist_new();
1330  control_reply_add_str(reply, 250, "PROTOCOLINFO 1");
1331  add_authmethods(reply);
1332  control_reply_add_str(reply, 250, "VERSION");
1333  control_reply_append_kv(reply, "Tor", escaped(VERSION));
1334  control_reply_add_done(reply);
1335 
1336  control_write_reply_lines(conn, reply);
1337  control_reply_free(reply);
1338  return 0;
1339 }
1340 
1341 static const control_cmd_syntax_t usefeature_syntax = {
1342  .max_args = UINT_MAX
1343 };
1344 
1345 /** Called when we get a USEFEATURE command: parse the feature list, and
1346  * set up the control_connection's options properly. */
1347 static int
1349  const control_cmd_args_t *cmd_args)
1350 {
1351  const smartlist_t *args = cmd_args->args;
1352  int bad = 0;
1353  SMARTLIST_FOREACH_BEGIN(args, const char *, arg) {
1354  if (!strcasecmp(arg, "VERBOSE_NAMES"))
1355  ;
1356  else if (!strcasecmp(arg, "EXTENDED_EVENTS"))
1357  ;
1358  else {
1359  control_printf_endreply(conn, 552, "Unrecognized feature \"%s\"",
1360  arg);
1361  bad = 1;
1362  break;
1363  }
1364  } SMARTLIST_FOREACH_END(arg);
1365 
1366  if (!bad) {
1367  send_control_done(conn);
1368  }
1369 
1370  return 0;
1371 }
1372 
1373 static const control_cmd_syntax_t dropguards_syntax = {
1374  .max_args = 0,
1375 };
1376 
1377 /** Implementation for the DROPGUARDS command. */
1378 static int
1380  const control_cmd_args_t *args)
1381 {
1382  (void) args; /* We don't take arguments. */
1383 
1384  static int have_warned = 0;
1385  if (! have_warned) {
1386  log_warn(LD_CONTROL, "DROPGUARDS is dangerous; make sure you understand "
1387  "the risks before using it. It may be removed in a future "
1388  "version of Tor.");
1389  have_warned = 1;
1390  }
1391 
1393  send_control_done(conn);
1394 
1395  return 0;
1396 }
1397 
1398 static const control_cmd_syntax_t droptimeouts_syntax = {
1399  .max_args = 0,
1400 };
1401 
1402 /** Implementation for the DROPTIMEOUTS command. */
1403 static int
1405  const control_cmd_args_t *args)
1406 {
1407  (void) args; /* We don't take arguments. */
1408 
1409  static int have_warned = 0;
1410  if (! have_warned) {
1411  log_warn(LD_CONTROL, "DROPTIMEOUTS is dangerous; make sure you understand "
1412  "the risks before using it. It may be removed in a future "
1413  "version of Tor.");
1414  have_warned = 1;
1415  }
1416 
1418  send_control_done(conn);
1420  cbt_control_event_buildtimeout_set(get_circuit_build_times(),
1421  BUILDTIMEOUT_SET_EVENT_RESET);
1422 
1423  return 0;
1424 }
1425 
1426 static const char *hsfetch_keywords[] = {
1427  "SERVER", NULL,
1428 };
1429 static const control_cmd_syntax_t hsfetch_syntax = {
1430  .min_args = 1, .max_args = 1,
1431  .accept_keywords = true,
1432  .allowed_keywords = hsfetch_keywords,
1433 };
1434 
1435 /** Implementation for the HSFETCH command. */
1436 static int
1438  const control_cmd_args_t *args)
1439 
1440 {
1441  smartlist_t *hsdirs = NULL;
1442  ed25519_public_key_t v3_pk;
1443  uint32_t version;
1444  const char *hsaddress = NULL;
1445 
1446  /* Extract the first argument (either HSAddress or DescID). */
1447  const char *arg1 = smartlist_get(args->args, 0);
1448  if (hs_address_is_valid(arg1)) {
1449  hsaddress = arg1;
1450  version = HS_VERSION_THREE;
1451  hs_parse_address(hsaddress, &v3_pk, NULL, NULL);
1452  } else {
1453  control_printf_endreply(conn, 513, "Invalid argument \"%s\"", arg1);
1454  goto done;
1455  }
1456 
1457  for (const config_line_t *line = args->kwargs; line; line = line->next) {
1458  if (!strcasecmp(line->key, "SERVER")) {
1459  const char *server = line->value;
1460 
1461  const node_t *node = node_get_by_hex_id(server, 0);
1462  if (!node) {
1463  control_printf_endreply(conn, 552, "Server \"%s\" not found", server);
1464  goto done;
1465  }
1466  if (!hsdirs) {
1467  /* Stores routerstatus_t cmddata for each specified server. */
1468  hsdirs = smartlist_new();
1469  }
1470  /* Valid server, add it to our local list. */
1471  smartlist_add(hsdirs, node->rs);
1472  } else {
1474  }
1475  }
1476 
1477  /* We are about to trigger HSDir fetch so send the OK now because after
1478  * that 650 event(s) are possible so better to have the 250 OK before them
1479  * to avoid out of order replies. */
1480  send_control_done(conn);
1481 
1482  /* Trigger the fetch using the built rend query and possibly a list of HS
1483  * directory to use. This function ignores the client cache thus this will
1484  * always send a fetch command. */
1485  if (version == HS_VERSION_THREE) {
1486  hs_control_hsfetch_command(&v3_pk, hsdirs);
1487  }
1488 
1489  done:
1490  /* Contains data pointer that we don't own thus no cleanup. */
1491  smartlist_free(hsdirs);
1492  return 0;
1493 }
1494 
1495 static const char *hspost_keywords[] = {
1496  "SERVER", "HSADDRESS", NULL
1497 };
1498 static const control_cmd_syntax_t hspost_syntax = {
1499  .min_args = 0, .max_args = 0,
1500  .accept_keywords = true,
1501  .want_cmddata = true,
1502  .allowed_keywords = hspost_keywords
1503 };
1504 
1505 /** Implementation for the HSPOST command. */
1506 static int
1508  const control_cmd_args_t *args)
1509 {
1510  smartlist_t *hs_dirs = NULL;
1511  const char *encoded_desc = args->cmddata;
1512  const char *onion_address = NULL;
1513  const config_line_t *line;
1514 
1515  for (line = args->kwargs; line; line = line->next) {
1516  if (!strcasecmpstart(line->key, "SERVER")) {
1517  const char *server = line->value;
1518  const node_t *node = node_get_by_hex_id(server, 0);
1519 
1520  if (!node || !node->rs) {
1521  control_printf_endreply(conn, 552, "Server \"%s\" not found",
1522  server);
1523  goto done;
1524  }
1525  /* Valid server, add it to our local list. */
1526  if (!hs_dirs)
1527  hs_dirs = smartlist_new();
1528  smartlist_add(hs_dirs, node->rs);
1529  } else if (!strcasecmpstart(line->key, "HSADDRESS")) {
1530  const char *address = line->value;
1531  if (!hs_address_is_valid(address)) {
1532  control_write_endreply(conn, 512, "Malformed onion address");
1533  goto done;
1534  }
1535  onion_address = address;
1536  } else {
1538  }
1539  }
1540 
1541  /* Handle the v3 case. */
1542  if (onion_address) {
1543  if (hs_control_hspost_command(encoded_desc, onion_address, hs_dirs) < 0) {
1544  control_write_endreply(conn, 554, "Invalid descriptor");
1545  } else {
1546  send_control_done(conn);
1547  }
1548  goto done;
1549  }
1550 
1551  done:
1552  smartlist_free(hs_dirs); /* Contents belong to the rend service code. */
1553  return 0;
1554 }
1555 
1556 /* Helper function for ADD_ONION that adds an ephemeral service depending on
1557  * the given hs_version.
1558  *
1559  * The secret key in pk depends on the hs_version. The ownership of the key
1560  * used in pk is given to the HS subsystem so the caller must stop accessing
1561  * it after.
1562  *
1563  * The port_cfgs is a list of service port. Ownership transferred to service.
1564  * The max_streams refers to the MaxStreams= key.
1565  * The max_streams_close_circuit refers to the MaxStreamsCloseCircuit key.
1566  * The ownership of that list is transferred to the service.
1567  *
1568  * On success (RSAE_OKAY), the address_out points to a newly allocated string
1569  * containing the onion address without the .onion part. On error, address_out
1570  * is untouched. */
1572 add_onion_helper_add_service(int hs_version,
1573  add_onion_secret_key_t *pk,
1574  smartlist_t *port_cfgs, int max_streams,
1575  int max_streams_close_circuit,
1576  smartlist_t *auth_clients_v3, char **address_out)
1577 {
1579 
1580  tor_assert(pk);
1581  tor_assert(port_cfgs);
1582  tor_assert(address_out);
1583 
1584  switch (hs_version) {
1585  case HS_VERSION_THREE:
1586  ret = hs_service_add_ephemeral(pk->v3, port_cfgs, max_streams,
1587  max_streams_close_circuit,
1588  auth_clients_v3, address_out);
1589  break;
1590  default:
1591  tor_assert_unreached();
1592  }
1593 
1594  return ret;
1595 }
1596 
1597 /** The list of onion services that have been added via ADD_ONION that do not
1598  * belong to any particular control connection.
1599  */
1601 
1602 /**
1603  * Return a list of detached onion services, or NULL if none exist.
1604  **/
1605 smartlist_t *
1607 {
1608  return detached_onion_services;
1609 }
1610 
1611 static const char *add_onion_keywords[] = {
1612  "Port", "Flags", "MaxStreams", "ClientAuth", "ClientAuthV3", NULL
1613 };
1614 static const control_cmd_syntax_t add_onion_syntax = {
1615  .min_args = 1, .max_args = 1,
1616  .accept_keywords = true,
1617  .allowed_keywords = add_onion_keywords
1618 };
1619 
1620 /** Called when we get a ADD_ONION command; parse the body, and set up
1621  * the new ephemeral Onion Service. */
1622 static int
1624  const control_cmd_args_t *args)
1625 {
1626  /* Parse all of the arguments that do not involve handling cryptographic
1627  * material first, since there's no reason to touch that at all if any of
1628  * the other arguments are malformed.
1629  */
1630  rend_auth_type_t auth_type = REND_NO_AUTH;
1631  smartlist_t *port_cfgs = smartlist_new();
1632  smartlist_t *auth_clients_v3 = NULL;
1633  smartlist_t *auth_clients_v3_str = NULL;
1634  int discard_pk = 0;
1635  int detach = 0;
1636  int max_streams = 0;
1637  int max_streams_close_circuit = 0;
1638  int non_anonymous = 0;
1639  const config_line_t *arg;
1640 
1641  for (arg = args->kwargs; arg; arg = arg->next) {
1642  if (!strcasecmp(arg->key, "Port")) {
1643  /* "Port=VIRTPORT[,TARGET]". */
1644  hs_port_config_t *cfg = hs_parse_port_config(arg->value, ",", NULL);
1645  if (!cfg) {
1646  control_write_endreply(conn, 512, "Invalid VIRTPORT/TARGET");
1647  goto out;
1648  }
1649  smartlist_add(port_cfgs, cfg);
1650  } else if (!strcasecmp(arg->key, "MaxStreams")) {
1651  /* "MaxStreams=[0..65535]". */
1652  int ok = 0;
1653  max_streams = (int)tor_parse_long(arg->value, 10, 0, 65535, &ok, NULL);
1654  if (!ok) {
1655  control_write_endreply(conn, 512, "Invalid MaxStreams");
1656  goto out;
1657  }
1658  } else if (!strcasecmp(arg->key, "Flags")) {
1659  /* "Flags=Flag[,Flag]", where Flag can be:
1660  * * 'DiscardPK' - If tor generates the keypair, do not include it in
1661  * the response.
1662  * * 'Detach' - Do not tie this onion service to any particular control
1663  * connection.
1664  * * 'MaxStreamsCloseCircuit' - Close the circuit if MaxStreams is
1665  * exceeded.
1666  * * 'BasicAuth' - Client authorization using the 'basic' method.
1667  * * 'NonAnonymous' - Add a non-anonymous Single Onion Service. If this
1668  * flag is present, tor must be in non-anonymous
1669  * hidden service mode. If this flag is absent,
1670  * tor must be in anonymous hidden service mode.
1671  */
1672  static const char *discard_flag = "DiscardPK";
1673  static const char *detach_flag = "Detach";
1674  static const char *max_s_close_flag = "MaxStreamsCloseCircuit";
1675  static const char *v3auth_flag = "V3Auth";
1676  static const char *non_anonymous_flag = "NonAnonymous";
1677 
1678  smartlist_t *flags = smartlist_new();
1679  int bad = 0;
1680 
1681  smartlist_split_string(flags, arg->value, ",", SPLIT_IGNORE_BLANK, 0);
1682  if (smartlist_len(flags) < 1) {
1683  control_write_endreply(conn, 512, "Invalid 'Flags' argument");
1684  bad = 1;
1685  }
1686  SMARTLIST_FOREACH_BEGIN(flags, const char *, flag)
1687  {
1688  if (!strcasecmp(flag, discard_flag)) {
1689  discard_pk = 1;
1690  } else if (!strcasecmp(flag, detach_flag)) {
1691  detach = 1;
1692  } else if (!strcasecmp(flag, max_s_close_flag)) {
1693  max_streams_close_circuit = 1;
1694  } else if (!strcasecmp(flag, v3auth_flag)) {
1695  auth_type = REND_V3_AUTH;
1696  } else if (!strcasecmp(flag, non_anonymous_flag)) {
1697  non_anonymous = 1;
1698  } else {
1699  control_printf_endreply(conn, 512, "Invalid 'Flags' argument: %s",
1700  escaped(flag));
1701  bad = 1;
1702  break;
1703  }
1704  } SMARTLIST_FOREACH_END(flag);
1705  SMARTLIST_FOREACH(flags, char *, cp, tor_free(cp));
1706  smartlist_free(flags);
1707  if (bad)
1708  goto out;
1709  } else if (!strcasecmp(arg->key, "ClientAuthV3")) {
1710  hs_service_authorized_client_t *client_v3 =
1712  if (!client_v3) {
1713  control_write_endreply(conn, 512, "Cannot decode v3 client auth key");
1714  goto out;
1715  }
1716 
1717  if (auth_clients_v3 == NULL) {
1718  auth_clients_v3 = smartlist_new();
1719  auth_clients_v3_str = smartlist_new();
1720  }
1721 
1722  smartlist_add(auth_clients_v3, client_v3);
1723  smartlist_add(auth_clients_v3_str, tor_strdup(arg->value));
1724  } else {
1726  goto out;
1727  }
1728  }
1729  if (smartlist_len(port_cfgs) == 0) {
1730  control_write_endreply(conn, 512, "Missing 'Port' argument");
1731  goto out;
1732  } else if (auth_type == REND_NO_AUTH && auth_clients_v3 != NULL) {
1733  control_write_endreply(conn, 512, "No auth type specified");
1734  goto out;
1735  } else if (auth_type != REND_NO_AUTH && auth_clients_v3 == NULL) {
1736  control_write_endreply(conn, 512, "No auth clients specified");
1737  goto out;
1738  } else if (non_anonymous != hs_service_non_anonymous_mode_enabled(
1739  get_options())) {
1740  /* If we failed, and the non-anonymous flag is set, Tor must be in
1741  * anonymous hidden service mode.
1742  * The error message changes based on the current Tor config:
1743  * 512 Tor is in anonymous hidden service mode
1744  * 512 Tor is in non-anonymous hidden service mode
1745  * (I've deliberately written them out in full here to aid searchability.)
1746  */
1747  control_printf_endreply(conn, 512,
1748  "Tor is in %sanonymous hidden service " "mode",
1749  non_anonymous ? "" : "non-");
1750  goto out;
1751  }
1752 
1753  /* Parse the "keytype:keyblob" argument. */
1754  int hs_version = 0;
1755  add_onion_secret_key_t pk = { NULL };
1756  const char *key_new_alg = NULL;
1757  char *key_new_blob = NULL;
1758 
1759  const char *onionkey = smartlist_get(args->args, 0);
1760  if (add_onion_helper_keyarg(onionkey, discard_pk,
1761  &key_new_alg, &key_new_blob, &pk, &hs_version,
1762  conn) < 0) {
1763  goto out;
1764  }
1765 
1766  /* Create the HS, using private key pk and port config port_cfg.
1767  * hs_service_add_ephemeral() will take ownership of pk and port_cfg,
1768  * regardless of success/failure. */
1769  char *service_id = NULL;
1770  int ret = add_onion_helper_add_service(hs_version, &pk, port_cfgs,
1771  max_streams,
1772  max_streams_close_circuit,
1773  auth_clients_v3, &service_id);
1774  port_cfgs = NULL; /* port_cfgs is now owned by the hs_service code. */
1775  auth_clients_v3 = NULL; /* so is auth_clients_v3 */
1776  switch (ret) {
1777  case RSAE_OKAY:
1778  {
1779  if (detach) {
1783  } else {
1784  if (!conn->ephemeral_onion_services)
1786  smartlist_add(conn->ephemeral_onion_services, service_id);
1787  }
1788 
1789  tor_assert(service_id);
1790  control_printf_midreply(conn, 250, "ServiceID=%s", service_id);
1791  if (key_new_alg) {
1792  tor_assert(key_new_blob);
1793  control_printf_midreply(conn, 250, "PrivateKey=%s:%s",
1794  key_new_alg, key_new_blob);
1795  }
1796  if (auth_clients_v3_str) {
1797  SMARTLIST_FOREACH(auth_clients_v3_str, char *, client_str, {
1798  control_printf_midreply(conn, 250, "ClientAuthV3=%s", client_str);
1799  });
1800  }
1801 
1802  send_control_done(conn);
1803  break;
1804  }
1805  case RSAE_BADPRIVKEY:
1806  control_write_endreply(conn, 551, "Failed to generate onion address");
1807  break;
1808  case RSAE_ADDREXISTS:
1809  control_write_endreply(conn, 550, "Onion address collision");
1810  break;
1811  case RSAE_BADVIRTPORT:
1812  control_write_endreply(conn, 512, "Invalid VIRTPORT/TARGET");
1813  break;
1814  case RSAE_BADAUTH:
1815  control_write_endreply(conn, 512, "Invalid client authorization");
1816  break;
1817  case RSAE_INTERNAL: FALLTHROUGH;
1818  default:
1819  control_write_endreply(conn, 551, "Failed to add Onion Service");
1820  }
1821  if (key_new_blob) {
1822  memwipe(key_new_blob, 0, strlen(key_new_blob));
1823  tor_free(key_new_blob);
1824  }
1825 
1826  out:
1827  if (port_cfgs) {
1828  SMARTLIST_FOREACH(port_cfgs, hs_port_config_t*, p,
1829  hs_port_config_free(p));
1830  smartlist_free(port_cfgs);
1831  }
1832  if (auth_clients_v3) {
1833  SMARTLIST_FOREACH(auth_clients_v3, hs_service_authorized_client_t *, ac,
1834  service_authorized_client_free(ac));
1835  smartlist_free(auth_clients_v3);
1836  }
1837  if (auth_clients_v3_str) {
1838  SMARTLIST_FOREACH(auth_clients_v3_str, char *, client_str,
1839  tor_free(client_str));
1840  smartlist_free(auth_clients_v3_str);
1841  }
1842 
1843  return 0;
1844 }
1845 
1846 /** Helper function to handle parsing the KeyType:KeyBlob argument to the
1847  * ADD_ONION command. Return a new crypto_pk_t and if a new key was generated
1848  * and the private key not discarded, the algorithm and serialized private key,
1849  * or NULL and an optional control protocol error message on failure. The
1850  * caller is responsible for freeing the returned key_new_blob.
1851  *
1852  * Note: The error messages returned are deliberately vague to avoid echoing
1853  * key material.
1854  *
1855  * Note: conn is only used for writing control replies. For testing
1856  * purposes, it can be NULL if control_write_reply() is appropriately
1857  * mocked.
1858  */
1859 STATIC int
1860 add_onion_helper_keyarg(const char *arg, int discard_pk,
1861  const char **key_new_alg_out, char **key_new_blob_out,
1862  add_onion_secret_key_t *decoded_key, int *hs_version,
1863  control_connection_t *conn)
1864 {
1865  smartlist_t *key_args = smartlist_new();
1866  const char *key_new_alg = NULL;
1867  char *key_new_blob = NULL;
1868  int ret = -1;
1869 
1870  smartlist_split_string(key_args, arg, ":", SPLIT_IGNORE_BLANK, 0);
1871  if (smartlist_len(key_args) != 2) {
1872  control_write_endreply(conn, 512, "Invalid key type/blob");
1873  goto err;
1874  }
1875 
1876  /* The format is "KeyType:KeyBlob". */
1877  static const char *key_type_new = "NEW";
1878  static const char *key_type_best = "BEST";
1879  static const char *key_type_ed25519_v3 = "ED25519-V3";
1880 
1881  const char *key_type = smartlist_get(key_args, 0);
1882  const char *key_blob = smartlist_get(key_args, 1);
1883 
1884  if (!strcasecmp(key_type_ed25519_v3, key_type)) {
1885  /* parsing of private ed25519 key */
1886  /* "ED25519-V3:<Base64 Blob>" - Loading a pre-existing ed25519 key. */
1887  ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk));
1888  if (base64_decode((char *) sk->seckey, sizeof(sk->seckey), key_blob,
1889  strlen(key_blob)) != sizeof(sk->seckey)) {
1890  tor_free(sk);
1891  control_write_endreply(conn, 512, "Failed to decode ED25519-V3 key");
1892  goto err;
1893  }
1894  decoded_key->v3 = sk;
1895  *hs_version = HS_VERSION_THREE;
1896  } else if (!strcasecmp(key_type_new, key_type)) {
1897  /* "NEW:<Algorithm>" - Generating a new key, blob as algorithm. */
1898  if (!strcasecmp(key_type_ed25519_v3, key_blob) ||
1899  !strcasecmp(key_type_best, key_blob)) {
1900  /* "ED25519-V3", ed25519 key, also currently "BEST" by default. */
1901  ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk));
1902  if (ed25519_secret_key_generate(sk, 1) < 0) {
1903  tor_free(sk);
1904  control_printf_endreply(conn, 551, "Failed to generate %s key",
1905  key_type_ed25519_v3);
1906  goto err;
1907  }
1908  if (!discard_pk) {
1909  ssize_t len = base64_encode_size(sizeof(sk->seckey), 0) + 1;
1910  key_new_blob = tor_malloc_zero(len);
1911  if (base64_encode(key_new_blob, len, (const char *) sk->seckey,
1912  sizeof(sk->seckey), 0) != (len - 1)) {
1913  tor_free(sk);
1914  tor_free(key_new_blob);
1915  control_printf_endreply(conn, 551, "Failed to encode %s key",
1916  key_type_ed25519_v3);
1917  goto err;
1918  }
1919  key_new_alg = key_type_ed25519_v3;
1920  }
1921  decoded_key->v3 = sk;
1922  *hs_version = HS_VERSION_THREE;
1923  } else {
1924  control_write_endreply(conn, 513, "Invalid key type");
1925  goto err;
1926  }
1927  } else {
1928  control_write_endreply(conn, 513, "Invalid key type");
1929  goto err;
1930  }
1931 
1932  /* Succeeded in loading or generating a private key. */
1933  ret = 0;
1934 
1935  err:
1936  SMARTLIST_FOREACH(key_args, char *, cp, {
1937  memwipe(cp, 0, strlen(cp));
1938  tor_free(cp);
1939  });
1940  smartlist_free(key_args);
1941 
1942  *key_new_alg_out = key_new_alg;
1943  *key_new_blob_out = key_new_blob;
1944 
1945  return ret;
1946 }
1947 
1948 static const control_cmd_syntax_t del_onion_syntax = {
1949  .min_args = 1, .max_args = 1,
1950 };
1951 
1952 /** Called when we get a DEL_ONION command; parse the body, and remove
1953  * the existing ephemeral Onion Service. */
1954 static int
1956  const control_cmd_args_t *cmd_args)
1957 {
1958  int hs_version = 0;
1959  smartlist_t *args = cmd_args->args;
1960  tor_assert(smartlist_len(args) == 1);
1961 
1962  const char *service_id = smartlist_get(args, 0);
1963  if (hs_address_is_valid(service_id)) {
1964  hs_version = HS_VERSION_THREE;
1965  } else {
1966  control_write_endreply(conn, 512, "Malformed Onion Service id");
1967  goto out;
1968  }
1969 
1970  /* Determine if the onion service belongs to this particular control
1971  * connection, or if it is in the global list of detached services. If it
1972  * is in neither, either the service ID is invalid in some way, or it
1973  * explicitly belongs to a different control connection, and an error
1974  * should be returned.
1975  */
1976  smartlist_t *services[2] = {
1979  };
1980  smartlist_t *onion_services = NULL;
1981  int idx = -1;
1982  for (size_t i = 0; i < ARRAY_LENGTH(services); i++) {
1983  idx = smartlist_string_pos(services[i], service_id);
1984  if (idx != -1) {
1985  onion_services = services[i];
1986  break;
1987  }
1988  }
1989  if (onion_services == NULL) {
1990  control_write_endreply(conn, 552, "Unknown Onion Service id");
1991  } else {
1992  int ret = -1;
1993  switch (hs_version) {
1994  case HS_VERSION_THREE:
1995  ret = hs_service_del_ephemeral(service_id);
1996  break;
1997  default:
1998  /* The ret value will be -1 thus hitting the warning below. This should
1999  * never happen because of the check at the start of the function. */
2000  break;
2001  }
2002  if (ret < 0) {
2003  /* This should *NEVER* fail, since the service is on either the
2004  * per-control connection list, or the global one.
2005  */
2006  log_warn(LD_BUG, "Failed to remove Onion Service %s.",
2007  escaped(service_id));
2009  }
2010 
2011  /* Remove/scrub the service_id from the appropriate list. */
2012  char *cp = smartlist_get(onion_services, idx);
2013  smartlist_del(onion_services, idx);
2014  memwipe(cp, 0, strlen(cp));
2015  tor_free(cp);
2016 
2017  send_control_done(conn);
2018  }
2019 
2020  out:
2021  return 0;
2022 }
2023 
2024 static const control_cmd_syntax_t obsolete_syntax = {
2025  .max_args = UINT_MAX
2026 };
2027 
2028 /**
2029  * Called when we get an obsolete command: tell the controller that it is
2030  * obsolete.
2031  */
2032 static int
2034  const control_cmd_args_t *args)
2035 {
2036  (void)args;
2037  char *command = tor_strdup(conn->current_cmd);
2039  control_printf_endreply(conn, 511, "%s is obsolete.", command);
2040  tor_free(command);
2041  return 0;
2042 }
2043 
2044 /**
2045  * Function pointer to a handler function for a controller command.
2046  **/
2047 typedef int (*handler_fn_t) (control_connection_t *conn,
2048  const control_cmd_args_t *args);
2049 
2050 /**
2051  * Definition for a controller command.
2052  */
2053 typedef struct control_cmd_def_t {
2054  /**
2055  * The name of the command. If the command is multiline, the name must
2056  * begin with "+". This is not case-sensitive. */
2057  const char *name;
2058  /**
2059  * A function to execute the command.
2060  */
2062  /**
2063  * Zero or more CMD_FL_* flags, or'd together.
2064  */
2065  unsigned flags;
2066  /**
2067  * For parsed command: a syntax description.
2068  */
2071 
2072 /**
2073  * Indicates that the command's arguments are sensitive, and should be
2074  * memwiped after use.
2075  */
2076 #define CMD_FL_WIPE (1u<<0)
2077 
2078 #ifndef COCCI
2079 /** Macro: declare a command with a one-line argument, a given set of flags,
2080  * and a syntax definition.
2081  **/
2082 #define ONE_LINE(name, flags) \
2083  { \
2084  (#name), \
2085  handle_control_ ##name, \
2086  flags, \
2087  &name##_syntax, \
2088  }
2089 
2090 /**
2091  * Macro: declare a command with a multi-line argument and a given set of
2092  * flags.
2093  **/
2094 #define MULTLINE(name, flags) \
2095  { ("+"#name), \
2096  handle_control_ ##name, \
2097  flags, \
2098  &name##_syntax \
2099  }
2100 
2101 /**
2102  * Macro: declare an obsolete command. (Obsolete commands give a different
2103  * error than non-existent ones.)
2104  **/
2105 #define OBSOLETE(name) \
2106  { #name, \
2107  handle_control_obsolete, \
2108  0, \
2109  &obsolete_syntax, \
2110  }
2111 #endif /* !defined(COCCI) */
2112 
2113 /**
2114  * An array defining all the recognized controller commands.
2115  **/
2117 {
2118  ONE_LINE(setconf, 0),
2119  ONE_LINE(resetconf, 0),
2120  ONE_LINE(getconf, 0),
2121  MULTLINE(loadconf, 0),
2122  ONE_LINE(setevents, 0),
2123  ONE_LINE(authenticate, CMD_FL_WIPE),
2124  ONE_LINE(saveconf, 0),
2125  ONE_LINE(signal, 0),
2126  ONE_LINE(takeownership, 0),
2127  ONE_LINE(dropownership, 0),
2128  ONE_LINE(mapaddress, 0),
2129  ONE_LINE(getinfo, 0),
2130  ONE_LINE(extendcircuit, 0),
2131  ONE_LINE(setcircuitpurpose, 0),
2132  OBSOLETE(setrouterpurpose),
2133  ONE_LINE(attachstream, 0),
2134  MULTLINE(postdescriptor, 0),
2135  ONE_LINE(redirectstream, 0),
2136  ONE_LINE(closestream, 0),
2137  ONE_LINE(closecircuit, 0),
2138  ONE_LINE(usefeature, 0),
2139  ONE_LINE(resolve, 0),
2140  ONE_LINE(protocolinfo, 0),
2141  ONE_LINE(authchallenge, CMD_FL_WIPE),
2142  ONE_LINE(dropguards, 0),
2143  ONE_LINE(droptimeouts, 0),
2144  ONE_LINE(hsfetch, 0),
2145  MULTLINE(hspost, 0),
2146  ONE_LINE(add_onion, CMD_FL_WIPE),
2147  ONE_LINE(del_onion, CMD_FL_WIPE),
2148  ONE_LINE(onion_client_auth_add, CMD_FL_WIPE),
2149  ONE_LINE(onion_client_auth_remove, 0),
2150  ONE_LINE(onion_client_auth_view, 0),
2151 };
2152 
2153 /**
2154  * The number of entries in CONTROL_COMMANDS.
2155  **/
2157 
2158 /**
2159  * Run a single control command, as defined by a control_cmd_def_t,
2160  * with a given set of arguments.
2161  */
2162 static int
2164  control_connection_t *conn,
2165  uint32_t cmd_data_len,
2166  char *args)
2167 {
2168  int rv = 0;
2169 
2170  control_cmd_args_t *parsed_args;
2171  char *err=NULL;
2172  tor_assert(def->syntax);
2173  parsed_args = control_cmd_parse_args(conn->current_cmd,
2174  def->syntax,
2175  cmd_data_len, args,
2176  &err);
2177  if (!parsed_args) {
2178  control_printf_endreply(conn, 512, "Bad arguments to %s: %s",
2179  conn->current_cmd, err?err:"");
2180  tor_free(err);
2181  } else {
2182  if (BUG(err))
2183  tor_free(err);
2184  if (def->handler(conn, parsed_args))
2185  rv = 0;
2186 
2187  if (def->flags & CMD_FL_WIPE)
2188  control_cmd_args_wipe(parsed_args);
2189 
2190  control_cmd_args_free(parsed_args);
2191  }
2192 
2193  if (def->flags & CMD_FL_WIPE)
2194  memwipe(args, 0, cmd_data_len);
2195 
2196  return rv;
2197 }
2198 
2199 /**
2200  * Run a given controller command, as selected by the current_cmd field of
2201  * <b>conn</b>.
2202  */
2203 int
2205  uint32_t cmd_data_len,
2206  char *args)
2207 {
2208  tor_assert(conn);
2209  tor_assert(args);
2210  tor_assert(args[cmd_data_len] == '\0');
2211 
2212  for (unsigned i = 0; i < N_CONTROL_COMMANDS; ++i) {
2213  const control_cmd_def_t *def = &CONTROL_COMMANDS[i];
2214  if (!strcasecmp(conn->current_cmd, def->name)) {
2215  return handle_single_control_command(def, conn, cmd_data_len, args);
2216  }
2217  }
2218 
2219  control_printf_endreply(conn, 510, "Unrecognized command \"%s\"",
2220  conn->current_cmd);
2221 
2222  return 0;
2223 }
2224 
2225 void
2226 control_cmd_free_all(void)
2227 {
2228  if (detached_onion_services) { /* Free the detached onion services */
2230  smartlist_free(detached_onion_services);
2231  }
2232 }
const char * addressmap_register_virtual_address(int type, char *new_address)
Definition: addressmap.c:1000
Header for addressmap.c.
int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:396
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
size_t base64_encode_size(size_t srclen, int flags)
Definition: binascii.c:166
int circuit_handle_first_hop(origin_circuit_t *circ)
Definition: circuitbuild.c:539
origin_circuit_t * origin_circuit_init(uint8_t purpose, int flags)
Definition: circuitbuild.c:448
int circuit_send_next_onion_skin(origin_circuit_t *circ)
Definition: circuitbuild.c:925
int circuit_append_new_exit(origin_circuit_t *circ, extend_info_t *exit_ei)
Header file for circuitbuild.c.
void circuit_set_state(circuit_t *circ, uint8_t state)
Definition: circuitlist.c:543
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1571
int circuit_get_cpath_len(origin_circuit_t *circ)
Definition: circuitlist.c:1993
int circuit_event_status(origin_circuit_t *circ, circuit_status_event_t tp, int reason_code)
Definition: circuitlist.c:499
crypt_path_t * circuit_get_cpath_hop(origin_circuit_t *circ, int hopnum)
Definition: circuitlist.c:2029
origin_circuit_t * circuit_get_by_global_id(uint32_t id)
Definition: circuitlist.c:1418
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_UNKNOWN
Definition: circuitlist.h:136
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
#define CIRCUIT_STATE_BUILDING
Definition: circuitlist.h:21
#define CIRCUIT_PURPOSE_CONTROLLER
Definition: circuitlist.h:121
#define CIRCUIT_STATE_GUARD_WAIT
Definition: circuitlist.h:30
#define CIRCUIT_PURPOSE_C_GENERAL
Definition: circuitlist.h:70
const circuit_build_times_t * get_circuit_build_times(void)
Definition: circuitstats.c:78
circuit_build_times_t * get_circuit_build_times_mutable(void)
Definition: circuitstats.c:85
void circuit_build_times_reset(circuit_build_times_t *cbt)
Definition: circuitstats.c:545
Header file for circuitstats.c.
void circuit_detach_stream(circuit_t *circ, edge_connection_t *conn)
Definition: circuituse.c:1379
origin_circuit_t * circuit_launch(uint8_t purpose, int flags)
Definition: circuituse.c:1938
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Definition: circuituse.c:3074
Header file for circuituse.c.
#define CIRCLAUNCH_NEED_CAPACITY
Definition: circuituse.h:43
#define ARRAY_LENGTH(x)
int options_save_current(void)
Definition: config.c:7034
const or_options_t * get_options(void)
Definition: config.c:919
const char * name
Definition: config.c:2434
int option_is_recognized(const char *key)
Definition: config.c:2628
setopt_err_t options_trial_assign(config_line_t *list, unsigned flags, char **msg)
Definition: config.c:2659
const char * option_get_canonical_name(const char *key)
Definition: config.c:2636
int addressmap_register_auto(const char *from, const char *to, time_t expires, addressmap_entry_source_t addrmap_source, const char **msg)
Definition: config.c:4798
tor_cmdline_mode_t command
Definition: config.c:2440
setopt_err_t options_init_from_string(const char *cf_defaults, const char *cf, int command, const char *command_arg, char **msg)
Definition: config.c:4628
config_line_t * option_get_assignment(const or_options_t *options, const char *key)
Definition: config.c:2644
Header file for config.c.
setopt_err_t
Definition: config.h:51
config_line_t * config_lines_dup(const config_line_t *inp)
Definition: confline.c:226
const config_line_t * config_line_find_case(const config_line_t *lines, const char *key)
Definition: confline.c:87
Header for confline.c.
Header for confmgt.c.
#define CAL_USE_DEFAULTS
Definition: confmgt.h:50
#define CAL_CLEAR_FIRST
Definition: confmgt.h:59
int connection_flush(connection_t *conn)
Definition: connection.c:4599
connection_t * connection_get_by_global_id(uint64_t id)
Definition: connection.c:4810
Header file for connection.c.
#define CONN_TYPE_AP
Definition: connection.h:51
int connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
entry_connection_t * TO_ENTRY_CONN(connection_t *c)
void connection_entry_set_controller_wait(entry_connection_t *conn)
Header file for connection_edge.c.
#define AP_CONN_STATE_CONTROLLER_WAIT
int address_is_invalid_destination(const char *address, int client)
Definition: addressmap.c:1082
#define AP_CONN_STATE_CONNECT_WAIT
#define AP_CONN_STATE_RESOLVE_WAIT
Header file for control.c.
char * get_controller_cookie_file_name(void)
Definition: control_auth.c:48
Header file for control_auth.c.
static int handle_control_saveconf(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:434
static int handle_control_droptimeouts(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:1404
static int handle_control_usefeature(control_connection_t *conn, const control_cmd_args_t *cmd_args)
Definition: control_cmd.c:1348
static int control_setconf_helper(control_connection_t *conn, const control_cmd_args_t *args, int use_defaults)
Definition: control_cmd.c:567
static int kvline_check_keyword_args(const control_cmd_args_t *result, const control_cmd_syntax_t *syntax, char **error_out)
Definition: control_cmd.c:123
static const size_t N_CONTROL_COMMANDS
Definition: control_cmd.c:2156
void control_cmd_args_free_(control_cmd_args_t *args)
Definition: control_cmd.c:69
static int handle_control_hspost(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:1507
#define OBSOLETE(name)
Definition: control_cmd.c:2105
static int handle_control_extendcircuit(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:725
static uint8_t circuit_purpose_from_string(const char *string)
Definition: control_cmd.c:702
static int handle_control_setevents(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:384
static int handle_control_obsolete(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:2033
#define CMD_FL_WIPE
Definition: control_cmd.c:2076
static int handle_control_hsfetch(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:1437
static int handle_control_closestream(control_connection_t *conn, const control_cmd_args_t *cmd_args)
Definition: control_cmd.c:1128
static const control_cmd_def_t CONTROL_COMMANDS[]
Definition: control_cmd.c:2116
static int handle_control_signal(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:457
static int handle_single_control_command(const control_cmd_def_t *def, control_connection_t *conn, uint32_t cmd_data_len, char *args)
Definition: control_cmd.c:2163
static smartlist_t * detached_onion_services
Definition: control_cmd.c:1600
static int handle_control_loadconf(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:336
static bool string_array_contains_keyword(const char **array, const char *kwd)
Definition: control_cmd.c:107
static entry_connection_t * get_stream(const char *id)
Definition: control_cmd.c:548
void control_cmd_args_wipe(control_cmd_args_t *args)
Definition: control_cmd.c:86
int(* handler_fn_t)(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:2047
#define STATE_IS_OPEN(s)
Definition: control_cmd.c:63
static origin_circuit_t * get_circ(const char *id)
Definition: control_cmd.c:536
static int handle_control_getconf(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:285
static int handle_control_attachstream(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:932
STATIC int add_onion_helper_keyarg(const char *arg, int discard_pk, const char **key_new_alg_out, char **key_new_blob_out, add_onion_secret_key_t *decoded_key, int *hs_version, control_connection_t *conn)
Definition: control_cmd.c:1860
static int address_is_invalid_mapaddress_target(const char *addr)
Definition: control_cmd.c:616
static bool config_lines_contain_flag(const config_line_t *lines, const char *flag)
Definition: control_cmd.c:240
static int handle_control_dropguards(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:1379
STATIC control_cmd_args_t * control_cmd_parse_args(const char *command, const control_cmd_syntax_t *syntax, size_t body_len, const char *body, char **error_out)
Definition: control_cmd.c:158
static int handle_control_setconf(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:256
static int handle_control_postdescriptor(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:1025
static int handle_control_add_onion(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:1623
static int handle_control_closecircuit(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:1169
static int handle_control_takeownership(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:496
static void add_authmethods(smartlist_t *reply)
Definition: control_cmd.c:1287
#define MULTLINE(name, flags)
Definition: control_cmd.c:2094
static char * get_authmethods(const or_options_t *options)
Definition: control_cmd.c:1245
static int handle_control_redirectstream(control_connection_t *conn, const control_cmd_args_t *cmd_args)
Definition: control_cmd.c:1081
static int handle_control_resolve(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:1199
static int handle_control_dropownership(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:519
int handle_control_command(control_connection_t *conn, uint32_t cmd_data_len, char *args)
Definition: control_cmd.c:2204
static int handle_control_setcircuitpurpose(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:887
#define ONE_LINE(name, flags)
Definition: control_cmd.c:2082
static int handle_control_mapaddress(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:634
smartlist_t * get_detached_onion_services(void)
Definition: control_cmd.c:1606
static int handle_control_protocolinfo(control_connection_t *conn, const control_cmd_args_t *cmd_args)
Definition: control_cmd.c:1304
static char * get_esc_cfile(const or_options_t *options)
Definition: control_cmd.c:1270
static int handle_control_resetconf(control_connection_t *conn, const control_cmd_args_t *args)
Definition: control_cmd.c:272
static int handle_control_del_onion(control_connection_t *conn, const control_cmd_args_t *cmd_args)
Definition: control_cmd.c:1955
Header file for control_cmd.c.
Definition for control_cmd_args_t.
Controller connection structure.
const struct control_event_t control_event_table[]
int control_event_address_mapped(const char *from, const char *to, time_t expires, const char *error, const int cached, uint64_t stream_id)
void control_update_global_event_mask(void)
Header file for control_events.c.
void control_write_endreply(control_connection_t *conn, int code, const char *s)
void control_printf_midreply(control_connection_t *conn, int code, const char *fmt,...)
void send_control_done(control_connection_t *conn)
void control_printf_endreply(control_connection_t *conn, int code, const char *fmt,...)
size_t read_escaped_data(const char *data, size_t len, char **out)
Header file for control_proto.c.
Circuit-build-stse structure.
int ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out, int extra_strong)
Common functions for using (pseudo-)random number generators.
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
int dnsserv_launch_request(const char *name, int reverse, control_connection_t *control_conn)
Definition: dnsserv.c:210
Header file for dnsserv.c.
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
void remove_all_entry_guards(void)
Definition: entrynodes.c:3806
Header file for circuitbuild.c.
const char * escaped(const char *s)
Definition: escape.c:126
char * esc_for_log(const char *s)
Definition: escape.c:30
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
Definition: extendinfo.c:92
Header for core/or/extendinfo.c.
void control_reply_append_kv(smartlist_t *reply, const char *key, const char *val)
void control_write_reply_lines(control_connection_t *conn, smartlist_t *lines)
void control_reply_add_printf(smartlist_t *reply, int code, const char *fmt,...)
#define control_reply_free(r)
Free and null a smartlist of control_reply_line_t.
void control_reply_add_one_kv(smartlist_t *reply, int code, int flags, const char *key, const char *val)
void control_reply_add_str(smartlist_t *reply, int code, const char *s)
void control_reply_add_done(smartlist_t *reply)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
Definition: hs_common.c:840
int hs_address_is_valid(const char *address)
Definition: hs_common.c:856
hs_port_config_t * hs_parse_port_config(const char *string, const char *sep, char **err_msg_out)
Definition: hs_common.c:685
hs_service_add_ephemeral_status_t
Definition: hs_common.h:139
@ RSAE_OKAY
Definition: hs_common.h:145
@ RSAE_BADVIRTPORT
Definition: hs_common.h:141
@ RSAE_ADDREXISTS
Definition: hs_common.h:142
@ RSAE_INTERNAL
Definition: hs_common.h:144
@ RSAE_BADPRIVKEY
Definition: hs_common.h:143
@ RSAE_BADAUTH
Definition: hs_common.h:140
#define HS_VERSION_THREE
Definition: hs_common.h:23
int hs_control_hspost_command(const char *body, const char *onion_address, const smartlist_t *hsdirs_rs)
Definition: hs_control.c:204
void hs_control_hsfetch_command(const ed25519_public_key_t *onion_identity_pk, const smartlist_t *hsdirs)
Definition: hs_control.c:256
Header file containing control port event related code.
hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, int max_streams_close_circuit, smartlist_t *auth_clients_v3, char **address_out)
Definition: hs_service.c:3752
hs_service_authorized_client_t * parse_authorized_client_key(const char *key_str, int severity)
Definition: hs_service.c:1133
int hs_service_del_ephemeral(const char *address)
Definition: hs_service.c:3843
Header file containing service data for the HS subsystem.
config_line_t * kvline_parse(const char *line, unsigned flags)
Definition: kvline.c:199
Header for kvline.c.
#define LD_BUG
Definition: log.h:86
#define LD_CONTROL
Definition: log.h:80
#define LOG_INFO
Definition: log.h:45
Header file for main.c.
#define tor_free(p)
Definition: malloc.h:52
Node information structure.
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1500
const node_t * node_get_by_nickname(const char *nickname, unsigned flags)
Definition: nodelist.c:1085
const node_t * node_get_by_hex_id(const char *hex_id, unsigned flags)
Definition: nodelist.c:1058
Header file for nodelist.c.
Master header file for Tor-specific functionality.
@ ADDRMAPSRC_CONTROLLER
Definition: or.h:917
#define TO_CIRCUIT(x)
Definition: or.h:845
rend_auth_type_t
Definition: or.h:344
#define TO_CONN(c)
Definition: or.h:616
#define ENTRY_TO_CONN(c)
Definition: or.h:619
Origin circuit structure.
uint64_t tor_parse_uint64(const char *s, int base, uint64_t min, uint64_t max, int *ok, char **next)
Definition: parse_int.c:110
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:59
unsigned long tor_parse_ulong(const char *s, int base, unsigned long min, unsigned long max, int *ok, char **next)
Definition: parse_int.c:78
char * make_path_absolute(const char *fname)
Definition: path.c:280
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
Header file for rendcommon.c.
static crypto_pk_t * onionkey
Definition: router.c:105
uint8_t router_purpose_from_string(const char *s)
Definition: routerinfo.c:113
Header file for routerinfo.c.
Router descriptor structure.
#define ROUTER_PURPOSE_UNKNOWN
#define ROUTER_PURPOSE_GENERAL
Definition: routerinfo_st.h:98
int router_load_single_router(const char *s, uint8_t purpose, int cache, const char **msg)
Definition: routerlist.c:2047
Header file for routerlist.c.
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
Definition: smartlist.c:36
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
int smartlist_string_pos(const smartlist_t *sl, const char *element)
Definition: smartlist.c:106
void * smartlist_pop_last(smartlist_t *sl)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_del(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
Client request structure.
or_state_t * get_or_state(void)
Definition: statefile.c:220
void or_state_mark_dirty(or_state_t *state, time_t when)
Definition: statefile.c:784
Header for statefile.c.
uint8_t state
Definition: circuit_st.h:110
unsigned int type
Definition: connection_st.h:50
uint16_t marked_for_close
tor_socket_t s
Definition: connection_st.h:96
struct smartlist_t * args
struct config_line_t * kwargs
const control_cmd_syntax_t * syntax
Definition: control_cmd.c:2069
handler_fn_t handler
Definition: control_cmd.c:2061
const char * name
Definition: control_cmd.c:2057
unsigned int min_args
Definition: control_cmd.h:41
const char ** allowed_keywords
Definition: control_cmd.h:58
unsigned int max_args
Definition: control_cmd.h:46
smartlist_t * ephemeral_onion_services
unsigned int is_owning_control_connection
unsigned int have_sent_protocolinfo
uint8_t seckey[ED25519_SECKEY_LEN]
unsigned int edge_has_sent_end
socks_request_t * socks_request
Definition: node_st.h:34
struct config_line_t * HashedControlPassword
int CookieAuthentication
struct config_line_t * HashedControlSessionPassword
edge_connection_t * p_streams
cpath_build_state_t * build_state
unsigned first_hop_from_controller
char address[MAX_SOCKS_ADDR_LEN]
#define STATIC
Definition: testsupport.h:32
@ CMD_RUN_TOR
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:176
#define tor_assert(expr)
Definition: util_bug.h:102
#define tor_fragile_assert()
Definition: util_bug.h:270
int strcasecmpstart(const char *s1, const char *s2)
Definition: util_string.c:225
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:215
void tor_strupper(char *s)
Definition: util_string.c:138