|
Tor
0.4.7.0-alpha-dev
|
Implement next generation hidden service functionality. More...
#include "core/or/or.h"#include "app/config/config.h"#include "app/config/statefile.h"#include "core/mainloop/connection.h"#include "core/mainloop/mainloop.h"#include "core/or/circuitbuild.h"#include "core/or/circuitlist.h"#include "core/or/circuituse.h"#include "core/or/extendinfo.h"#include "core/or/relay.h"#include "feature/client/circpathbias.h"#include "feature/dirclient/dirclient.h"#include "feature/dircommon/directory.h"#include "feature/hs_common/shared_random_client.h"#include "feature/keymgt/loadkey.h"#include "feature/nodelist/describe.h"#include "feature/nodelist/microdesc.h"#include "feature/nodelist/networkstatus.h"#include "feature/nodelist/nickname.h"#include "feature/nodelist/node_select.h"#include "feature/nodelist/nodelist.h"#include "lib/crypt_ops/crypto_ope.h"#include "lib/crypt_ops/crypto_rand.h"#include "lib/crypt_ops/crypto_util.h"#include "feature/hs/hs_circuit.h"#include "feature/hs/hs_common.h"#include "feature/hs/hs_config.h"#include "feature/hs/hs_control.h"#include "feature/hs/hs_descriptor.h"#include "feature/hs/hs_ident.h"#include "feature/hs/hs_intropoint.h"#include "feature/hs/hs_metrics.h"#include "feature/hs/hs_service.h"#include "feature/hs/hs_stats.h"#include "feature/hs/hs_ob.h"#include "feature/dircommon/dir_connection_st.h"#include "core/or/edge_connection_st.h"#include "core/or/extend_info_st.h"#include "feature/nodelist/networkstatus_st.h"#include "feature/nodelist/node_st.h"#include "core/or/origin_circuit_st.h"#include "app/config/or_state_st.h"#include "feature/nodelist/routerstatus_st.h"#include "lib/encoding/confline.h"#include "lib/crypt_ops/crypto_format.h"#include "trunnel/ed25519_cert.h"#include "trunnel/hs/cell_common.h"#include "trunnel/hs/cell_establish_intro.h"Go to the source code of this file.
Macros | |
| #define | HS_SERVICE_PRIVATE |
| #define | FOR_EACH_SERVICE_BEGIN(var) |
| #define | FOR_EACH_SERVICE_END } STMT_END ; |
| #define | FOR_EACH_DESCRIPTOR_BEGIN(service, var) |
| #define | FOR_EACH_DESCRIPTOR_END } STMT_END ; |
| #define | MIN_INTRO_POINT_LIFETIME_TESTING 10 |
| #define | MAX_INTRO_POINT_LIFETIME_TESTING 30 |
| #define | MAX_INTRO_POINT_CIRCUIT_RETRIES_TESTING -1 |
| #define | LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO |
| #define | MAX_STREAM_WARN_INTERVAL 600 |
Enumerations | |
| enum | log_desc_upload_reason_t { LOG_DESC_UPLOAD_REASON_MISSING_IPS = 0 , LOG_DESC_UPLOAD_REASON_IP_NOT_ESTABLISHED = 1 , LOG_DESC_UPLOAD_REASON_NOT_TIME = 2 , LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS = 3 , LOG_DESC_UPLOAD_REASON_NO_DIRINFO = 4 } |
Variables | |
| static const char | fname_keyfile_prefix [] = "hs_ed25519" |
| static const char | dname_client_pubkeys [] = "authorized_clients" |
| static const char | fname_hostname [] = "hostname" |
| static const char | address_tld [] = "onion" |
| static smartlist_t * | hs_service_staging_list |
| static int | consider_republishing_hs_descriptors = 0 |
| static struct hs_service_ht * | hs_service_map |
Implement next generation hidden service functionality.
Definition in file hs_service.c.
| #define FOR_EACH_DESCRIPTOR_BEGIN | ( | service, | |
| var | |||
| ) |
Helper macro. Iterate over both current and previous descriptor of a service. The var is the name of the descriptor pointer. This macro skips any descriptor object of the service that is NULL.
Definition at line 85 of file hs_service.c.
| #define FOR_EACH_SERVICE_BEGIN | ( | var | ) |
Helper macro. Iterate over every service in the global map. The var is the name of the service pointer.
Definition at line 75 of file hs_service.c.
| #define LOG_DESC_UPLOAD_REASON_MAX LOG_DESC_UPLOAD_REASON_NO_DIRINFO |
Maximum number of reasons. This is used to allocate the static array of all rate limiting objects.
Definition at line 3108 of file hs_service.c.
These are all the reasons why a descriptor upload can't occur. We use those to log the reason properly with the right rate limiting and for the right descriptor.
Definition at line 3098 of file hs_service.c.
| STATIC void build_all_descriptors | ( | time_t | now | ) |
Build descriptors for each service if needed. There are conditions to build a descriptor which are details in the function.
Definition at line 2098 of file hs_service.c.
Referenced by run_build_descriptor_event().
|
static |
Using the given descriptor from the given service, build the descriptor intro point list so we can then encode the descriptor for publication. This function does not pick intro points, they have to be in the descriptor current map. Cryptographic material (keys) must be initialized in the descriptor for this function to make sense.
Definition at line 1694 of file hs_service.c.
Referenced by refresh_service_descriptor().
|
static |
Build the descriptor signing key certificate.
Definition at line 1730 of file hs_service.c.
Referenced by build_service_desc_plaintext(), and refresh_service_descriptor().
|
static |
Build both descriptors for the given service that has just booted up. Because it's a special case, it deserves its special function ;).
Definition at line 2048 of file hs_service.c.
Referenced by build_all_descriptors().
|
static |
Populate the descriptor encrypted section from the given service object. This will generate a valid list of introduction points that can be used after for circuit creation. Return 0 on success else -1 on error.
Definition at line 1759 of file hs_service.c.
Referenced by build_service_descriptor().
|
static |
For the given service and descriptor object, create the key material which is the blinded keypair, the descriptor signing keypair, the ephemeral keypair, and the descriptor cookie. Return 0 on success else -1 on error where the generated keys MUST be ignored.
Definition at line 1925 of file hs_service.c.
Referenced by build_service_descriptor().
|
static |
Populate the descriptor plaintext section from the given service object. The caller must make sure that the keys in the descriptors are valid that is are non-zero. This can't fail.
Definition at line 1873 of file hs_service.c.
Referenced by build_service_descriptor().
|
static |
Populate the descriptor superencrypted section from the given service object. This will generate a valid list of hs_desc_authorized_client_t of clients that are authorized to use the service. Return 0 on success else -1 on error.
Definition at line 1790 of file hs_service.c.
Referenced by build_service_descriptor().
|
static |
Given a service and the current time, build a descriptor for the service. This function does not pick introduction point, this needs to be done by the update function. On success, desc_out will point to the newly allocated descriptor object.
This can error if we are unable to create keys or certificate.
Definition at line 1989 of file hs_service.c.
Referenced by build_descriptors_for_new_service().
| STATIC int can_service_launch_intro_circuit | ( | hs_service_t * | service, |
| time_t | now | ||
| ) |
For the given service, return 1 if the service is allowed to launch more introduction circuits else 0 if the maximum has been reached for the retry period of INTRO_CIRC_RETRY_PERIOD.
Definition at line 2792 of file hs_service.c.
|
static |
Go over the given set of intro points for each service and remove any invalid ones.
If an intro point is removed, the circuit (if any) is immediately close. If a circuit can't be found, the intro point is kept if it hasn't reached its maximum circuit retry value and thus should be retried.
Definition at line 2456 of file hs_service.c.
Referenced by run_housekeeping_event().
| STATIC int client_filename_is_valid | ( | const char * | filename | ) |
Check if the client file name is valid or not. Return 1 if valid, otherwise return 0.
Definition at line 1110 of file hs_service.c.
|
static |
For a given service and descriptor of that service, close all active directory connections.
Definition at line 743 of file hs_service.c.
Referenced by upload_descriptor_to_all().
|
static |
Close the circuit(s) for the given map of introduction points.
Definition at line 807 of file hs_service.c.
Referenced by close_service_intro_circuits(), and rotate_service_descriptors().
|
static |
Close any circuits related to the given service.
Definition at line 836 of file hs_service.c.
|
static |
Close all introduction circuits for the given service.
Definition at line 825 of file hs_service.c.
|
static |
Close all rendezvous circuits for the given service.
Definition at line 777 of file hs_service.c.
|
static |
Helper for sorting authorized clients.
Definition at line 1412 of file hs_service.c.
| STATIC unsigned int count_desc_circuit_established | ( | const hs_service_descriptor_t * | desc | ) |
Return the number of introduction points that are established for the given descriptor.
Definition at line 726 of file hs_service.c.
|
static |
Helper function to return a human readable description of the given intro point object.
This function is not thread-safe. Each call to this invalidates the previous values returned by it.
Definition at line 300 of file hs_service.c.
| STATIC hs_service_t* find_service | ( | hs_service_ht * | map, |
| const ed25519_public_key_t * | pk | ||
| ) |
Query the given service map with a public key and return a service object if found else NULL. It is also possible to set a directory path in the search query. If pk is NULL, then it will be set to zero indicating the hash table to compare the directory path instead.
Definition at line 177 of file hs_service.c.
Referenced by get_objects_from_ident(), hs_service_exports_circuit_id(), hs_service_find(), hs_service_lookup_current_desc(), and register_service().
|
static |
Compute the descriptor's OPE cipher for encrypting revision counters.
Definition at line 1904 of file hs_service.c.
|
static |
Given a service intro point, return the extend_info_t for it. This can return NULL if the node can't be found for the intro point or the extend info can't be created for the found node. If direct_conn is set, the extend info is validated on if we can connect directly.
Definition at line 699 of file hs_service.c.
|
static |
Return the upper bound of maximum INTRODUCE2 cells per circuit before we rotate intro point (defined by a consensus parameter or the default value).
Definition at line 343 of file hs_service.c.
|
static |
Return the maximum lifetime in seconds of an introduction point defined by a consensus parameter or the default value.
Definition at line 372 of file hs_service.c.
|
static |
Return the lower bound of maximum INTRODUCE2 cells per circuit before we rotate intro point (defined by a consensus parameter or the default value).
Definition at line 330 of file hs_service.c.
|
static |
Return the minimum lifetime in seconds of an introduction point defined by a consensus parameter or the default value.
Definition at line 355 of file hs_service.c.
|
static |
Return the number of extra introduction point defined by a consensus parameter or the default value.
Definition at line 389 of file hs_service.c.
|
static |
From a given intro point, return the first link specifier of type encountered in the link specifier list. Return NULL if it can't be found.
The caller does NOT have ownership of the object, the intro point does.
Definition at line 657 of file hs_service.c.
Referenced by get_node_from_intro_point().
|
static |
Don't try to build more than this many circuits before giving up for a while. Dynamically calculated based on the configured number of intro points for the given service and how many descriptor exists. The default use case of 3 introduction points and two descriptors will allow 28 circuits for a retry period (((3 + 2) + (3 * 3)) * 2).
For a testing network, allow to do it for the maximum amount so circuit creation and rotation and so on can actually be tested without limit.
Definition at line 2749 of file hs_service.c.
Referenced by can_service_launch_intro_circuit().
| STATIC const node_t* get_node_from_intro_point | ( | const hs_service_intro_point_t * | ip | ) |
Given a service intro point, return the node_t associated to it. This can return NULL if the given intro point has no legacy ID or if the node can't be found in the consensus.
Definition at line 679 of file hs_service.c.
Referenced by get_extend_info_from_intro_point(), and should_remove_intro_point().
| STATIC void get_objects_from_ident | ( | const hs_ident_circuit_t * | ident, |
| hs_service_t ** | service, | ||
| hs_service_intro_point_t ** | ip, | ||
| hs_service_descriptor_t ** | desc | ||
| ) |
From a circuit identifier, get all the possible objects associated with the ident. If not NULL, service, ip or desc are set if the object can be found. They are untouched if they can't be found.
This is an helper function because we do those lookups often so it's more convenient to simply call this functions to get all the things at once.
Definition at line 626 of file hs_service.c.
Referenced by hs_service_set_conn_addr_port(), service_handle_intro_established(), service_handle_introduce2(), and service_rendezvous_circ_has_opened().
| hs_service_add_ephemeral_status_t hs_service_add_ephemeral | ( | ed25519_secret_key_t * | sk, |
| smartlist_t * | ports, | ||
| int | max_streams_per_rdv_circuit, | ||
| int | max_streams_close_circuit, | ||
| smartlist_t * | auth_clients_v3, | ||
| char ** | address_out | ||
| ) |
Add the ephemeral service using the secret key sk and ports. Both max streams parameter will be set in the newly created service.
Ownership of sk, ports, and auth_clients_v3 is passed to this routine. Regardless of success/failure, callers should not touch these values after calling this routine, and may assume that correct cleanup has been done on failure.
Return an appropriate hs_service_add_ephemeral_status_t.
Definition at line 3752 of file hs_service.c.
| void hs_service_circuit_cleanup_on_close | ( | const circuit_t * | circ | ) |
Called when a circuit was just cleaned up. This is done right before the circuit is marked for close.
Definition at line 3660 of file hs_service.c.
Referenced by hs_circ_cleanup_on_close().
| void hs_service_circuit_has_opened | ( | origin_circuit_t * | circ | ) |
Called when any kind of hidden service circuit is done building thus opened. This is the entry point from the circuit subsystem.
Definition at line 4127 of file hs_service.c.
| int hs_service_del_ephemeral | ( | const char * | address | ) |
For the given onion address, delete the ephemeral service. Return 0 on success else -1 on error.
Definition at line 3843 of file hs_service.c.
Referenced by connection_control_closed().
| void hs_service_dir_info_changed | ( | void | ) |
Called when our internal view of the directory has changed. We might have received a new batch of descriptors which might affect the shape of the HSDir hash ring. Signal that we should reexamine the hash ring and re-upload our HS descriptors if needed.
Definition at line 4051 of file hs_service.c.
Referenced by router_dir_info_changed().
| void hs_service_dump_stats | ( | int | severity | ) |
Log the status of introduction points for all version 3 onion services at log severity severity.
Definition at line 4205 of file hs_service.c.
| hs_circuit_id_protocol_t hs_service_exports_circuit_id | ( | const ed25519_public_key_t * | pk | ) |
Does the service with identity pubkey pk export the circuit IDs of its clients?
Definition at line 4014 of file hs_service.c.
| hs_service_t* hs_service_find | ( | const ed25519_public_key_t * | identity_pk | ) |
Lookup the global service map for the given identitiy public key and return the service object if found, NULL if not.
Definition at line 4280 of file hs_service.c.
Referenced by hs_metrics_update_by_ident().
| void hs_service_free_ | ( | hs_service_t * | service | ) |
Free the given service object and all its content. This function also takes care of wiping service keys from memory. It is safe to pass a NULL pointer.
Definition at line 4312 of file hs_service.c.
| void hs_service_free_all | ( | void | ) |
Release all global storage of the hidden service subsystem.
Definition at line 4384 of file hs_service.c.
Referenced by hs_free_all().
| smartlist_t* hs_service_get_metrics_stores | ( | void | ) |
Return a newly allocated list of all the service's metrics store.
Definition at line 4264 of file hs_service.c.
| unsigned int hs_service_get_num_services | ( | void | ) |
Return the number of service we have configured and usable.
Definition at line 3918 of file hs_service.c.
Referenced by check_network_participation_callback(), hs_service_dir_info_changed(), and log_onion_service_stats().
| int hs_service_get_version_from_key | ( | const hs_service_t * | service | ) |
Return the service version by looking at the key in the service directory. If the key is not found or unrecognized, -1 is returned. Else, the service version is returned.
Definition at line 4151 of file hs_service.c.
Referenced by config_learn_service_version().
|
inlinestatic |
Helper: Function to compare two objects in the service map. Return 1 if the two service have the same master public identity key.
Definition at line 128 of file hs_service.c.
|
inlinestatic |
Helper: Function for the service hash table code below. The key used is the master public identity key which is ultimately the onion address.
Definition at line 140 of file hs_service.c.
| void hs_service_init | ( | void | ) |
Initialize the service HS subsystem.
Definition at line 4370 of file hs_service.c.
Referenced by hs_init().
| void hs_service_lists_fnames_for_sandbox | ( | smartlist_t * | file_list, |
| smartlist_t * | dir_list | ||
| ) |
Add to file_list every filename used by a configured hidden service, and to dir_list every directory path used by a configured hidden service. This is used by the sandbox subsystem to allowlist those.
Definition at line 4028 of file hs_service.c.
| int hs_service_load_all_keys | ( | void | ) |
Load and/or generate keys for all onion services including the client authorization if any. Return 0 on success, -1 on failure.
Definition at line 4175 of file hs_service.c.
| char* hs_service_lookup_current_desc | ( | const ed25519_public_key_t * | pk | ) |
Using the ed25519 public key pk, find a service for that key and return the current encoded descriptor as a newly allocated string or NULL if not found. This is used by the control port subsystem.
Definition at line 3894 of file hs_service.c.
| void hs_service_map_has_changed | ( | void | ) |
This is called every time the service map changes that is if an element is added or removed.
Definition at line 3686 of file hs_service.c.
Referenced by register_service().
| hs_service_t* hs_service_new | ( | const or_options_t * | options | ) |
Allocate and initialize a service object. The service configuration will contain the default values. Return the newly allocated object pointer. This function can't fail.
Definition at line 4294 of file hs_service.c.
Referenced by config_service(), and hs_service_add_ephemeral().
| int hs_service_receive_intro_established | ( | origin_circuit_t * | circ, |
| const uint8_t * | payload, | ||
| size_t | payload_len | ||
| ) |
Called when we get an INTRO_ESTABLISHED cell. Mark the circuit as an established introduction point. Return 0 on success else a negative value and the circuit is closed.
Definition at line 4095 of file hs_service.c.
| int hs_service_receive_introduce2 | ( | origin_circuit_t * | circ, |
| const uint8_t * | payload, | ||
| size_t | payload_len | ||
| ) |
Called when we get an INTRODUCE2 cell on the circ. Respond to the cell and launch a circuit to the rendezvous point.
Definition at line 4066 of file hs_service.c.
| void hs_service_run_scheduled_events | ( | time_t | now | ) |
Periodic callback. Entry point from the main loop to the HS service subsystem. This is call every second. This is skipped if tor can't build a circuit or the network is disabled.
Definition at line 4349 of file hs_service.c.
| int hs_service_set_conn_addr_port | ( | const origin_circuit_t * | circ, |
| edge_connection_t * | conn | ||
| ) |
Given conn, a rendezvous edge connection acting as an exit stream, look up the hidden service for the circuit circ, and look up the port and address based on the connection port. Assign the actual connection address.
Return 0 on success. Return -1 on failure and the caller should NOT close the circuit. Return -2 on failure and the caller MUST close the circuit for security reasons.
Definition at line 3934 of file hs_service.c.
| void hs_service_stage_services | ( | const smartlist_t * | service_list | ) |
Put all service object in the given service list. After this, the caller looses ownership of every elements in the list and responsible to free the list pointer.
Definition at line 4249 of file hs_service.c.
Referenced by stage_services().
| void hs_service_upload_desc_to_dir | ( | const char * | encoded_desc, |
| const uint8_t | version, | ||
| const ed25519_public_key_t * | identity_pk, | ||
| const ed25519_public_key_t * | blinded_pk, | ||
| const routerstatus_t * | hsdir_rs | ||
| ) |
Upload an encoded descriptor in encoded_desc of the given version. This descriptor is for the service identity_pk and blinded_pk used to setup the directory connection identifier. It is uploaded to the directory hsdir_rs routerstatus_t object.
NOTE: This function does NOT check for PublishHidServDescriptors because it is only used by the control port command HSPOST outside of this subsystem. Inside this code, upload_descriptor_to_hsdir() should be used.
Definition at line 3703 of file hs_service.c.
|
static |
Helper: Function that needs to return 1 for the HT for each loop which frees every service in an hash map.
Definition at line 400 of file hs_service.c.
Referenced by service_free_all().
| STATIC int intro_point_should_expire | ( | const hs_service_intro_point_t * | ip, |
| time_t | now | ||
| ) |
Return true iff the given intro point has expired that is it has been used for too long or we've reached our max seen INTRODUCE2 cell.
Definition at line 2372 of file hs_service.c.
Referenced by should_remove_intro_point().
|
inlinestatic |
Return true iff the given service has client authorization configured that is the client list is non empty.
Definition at line 166 of file hs_service.c.
Referenced by service_encode_descriptor().
|
static |
For the given service, launch any intro point circuits that could be needed. This considers every descriptor of the service.
Definition at line 2692 of file hs_service.c.
|
static |
Load all the client public keys for the given service. Return 0 on success else -1 on failure.
Definition at line 1235 of file hs_service.c.
|
static |
Load and/or generate private keys for the given service. On success, the hostname file will be written to disk along with the master private key iff the service is not configured for offline keys. Return 0 on success else -1 on failure.
Definition at line 1036 of file hs_service.c.
|
static |
Log the reason why we can't upload the given descriptor for the given service. This takes a message string (allocated by the caller) and a reason.
Depending on the reason and descriptor, different rate limit applies. This is done because this function will basically be called every second. Each descriptor for each reason uses its own log rate limit object in order to avoid message suppression for different reasons and descriptors.
Definition at line 3119 of file hs_service.c.
|
static |
Move descriptor(s) from the src service to the dst service and modify their content if necessary. We do this during SIGHUP when we re-create our hidden services.
Definition at line 1483 of file hs_service.c.
|
static |
Move every ephemeral services from the src service map to the dst service map. It is possible that a service can't be register to the dst map which won't stop the process of moving them all but will trigger a log warn.
Definition at line 854 of file hs_service.c.
|
static |
Move the hidden service state from src to dst. We do this when we receive a SIGHUP: dst is the post-HUP service
Definition at line 893 of file hs_service.c.
| STATIC hs_service_authorized_client_t* parse_authorized_client | ( | const char * | client_key_str | ) |
Parse an authorized client from a string. The format of a client string looks like (see rend-spec-v3.txt):
<auth-type>:<key-type>:<base32-encoded-public-key>
The <auth-type> can only be "descriptor". The <key-type> can only be "x25519".
Return the key on success, return NULL, otherwise.
Definition at line 1176 of file hs_service.c.
| hs_service_authorized_client_t* parse_authorized_client_key | ( | const char * | key_str, |
| int | severity | ||
| ) |
Parse an base32-encoded authorized client from a string.
Return the key on success, return NULL, otherwise.
Definition at line 1133 of file hs_service.c.
|
static |
Randomly pick a node to become an introduction point but not present in the given exclude_nodes list. The chosen node is put in the exclude list regardless of success or not because in case of failure, the node is simply unsusable from that point on.
If direct_conn is set, try to pick a node that our local firewall/policy allows us to connect to directly. If we can't find any, return NULL. This function supports selecting dual-stack nodes for direct single onion service IPv6 connections. But it does not send IPv6 addresses in link specifiers. (Current clients don't use IPv6 addresses to extend, and direct client connections to intro points are not supported.)
Return a newly allocated service intro point ready to be used for encoding. Return NULL on error.
Definition at line 2143 of file hs_service.c.
|
static |
For a given descriptor from the given service, pick any needed intro points and update the current map with those newly picked intro points. Return the number node that might have been added to the descriptor current map.
Definition at line 2193 of file hs_service.c.
Referenced by update_service_descriptor_intro_points().
|
static |
Refresh the given service descriptor meaning this will update every mutable field that needs to be updated before we upload.
This should ONLY be called before uploading a descriptor. It assumes that the descriptor has been built (desc->desc) and that all intro point circuits have been established.
Definition at line 3252 of file hs_service.c.
|
static |
Register services that are in the staging list. Once this function returns, the global service map will be set with the right content and all non surviving services will be cleaned up.
Definition at line 926 of file hs_service.c.
| STATIC int register_service | ( | hs_service_ht * | map, |
| hs_service_t * | service | ||
| ) |
Register the given service in the given map. If the service already exists in the map, -1 is returned. On success, 0 is returned and the service ownership has been transferred to the global map.
Definition at line 191 of file hs_service.c.
Referenced by move_ephemeral_services().
|
static |
For the given failing intro point ip, we add its time of failure to the failed map and index it by identity digest (legacy ID) in the descriptor desc failed id map.
Definition at line 1579 of file hs_service.c.
|
static |
From the given service, remove all expired failing intro points for each descriptor.
Definition at line 1541 of file hs_service.c.
Referenced by run_housekeeping_event().
| STATIC void remove_service | ( | hs_service_ht * | map, |
| hs_service_t * | service | ||
| ) |
Remove a given service from the given map. If service is NULL or the service key is unset, return gracefully.
Definition at line 219 of file hs_service.c.
| STATIC void rotate_all_descriptors | ( | time_t | now | ) |
Rotate descriptors for each service if needed. A non existing current descriptor will trigger a descriptor build for the next time period.
Definition at line 2607 of file hs_service.c.
Referenced by run_build_descriptor_event().
|
static |
Rotate the service descriptors of the given service. The current descriptor will be freed, the next one put in as the current and finally the next descriptor pointer is NULLified.
Definition at line 2586 of file hs_service.c.
|
static |
Scheduled event run from the main loop. Make sure we have all the circuits we need for each service.
Definition at line 2837 of file hs_service.c.
Referenced by hs_service_run_scheduled_events().
|
static |
Scheduled event run from the main loop. Make sure all descriptors are up to date. Once this returns, each service descriptor needs to be considered for new introduction circuits and then for upload.
Definition at line 2672 of file hs_service.c.
Referenced by hs_service_run_scheduled_events().
| STATIC void run_housekeeping_event | ( | time_t | now | ) |
Scheduled event run from the main loop. Make sure all our services are up to date and ready for the other scheduled events. This includes looking at the introduction points status and descriptor rotation time.
Definition at line 2637 of file hs_service.c.
Referenced by hs_service_run_scheduled_events().
| STATIC void run_upload_descriptor_event | ( | time_t | now | ) |
Scheduled event run from the main loop. Try to upload the descriptor for each service.
Definition at line 3279 of file hs_service.c.
Referenced by hs_service_run_scheduled_events().
|
static |
Add to list every filename used by service. This is used by the sandbox subsystem.
Definition at line 3535 of file hs_service.c.
Referenced by hs_service_lists_fnames_for_sandbox().
|
static |
If two authorized clients are equal, return 0. If the first one should come before the second, return less than zero. If the first should come after the second, return greater than zero.
Definition at line 1397 of file hs_service.c.
Referenced by compare_service_authorzized_client_().
| STATIC int service_authorized_client_config_equal | ( | const hs_service_config_t * | config1, |
| const hs_service_config_t * | config2 | ||
| ) |
If the list of hs_service_authorized_client_t's is different between src and dst, return 1. Otherwise, return 0.
Definition at line 1421 of file hs_service.c.
|
static |
Allocate and return a deep copy of client.
Definition at line 1377 of file hs_service.c.
| void service_authorized_client_free_ | ( | hs_service_authorized_client_t * | client | ) |
Release all storage held in client.
Definition at line 1332 of file hs_service.c.
| STATIC void service_clear_config | ( | hs_service_config_t * | config | ) |
From a service configuration object config, clear everything from it meaning free allocated pointers and reset the values.
Definition at line 270 of file hs_service.c.
|
static |
Clear previous cached HSDirs in desc.
Definition at line 2270 of file hs_service.c.
Referenced by service_desc_schedule_upload(), and upload_descriptor_to_all().
| STATIC hs_service_descriptor_t* service_desc_find_by_intro | ( | const hs_service_t * | service, |
| const hs_service_intro_point_t * | ip | ||
| ) |
For a given service and intro point, return the descriptor for which the intro point is assigned to. NULL is returned if not found.
Definition at line 600 of file hs_service.c.
Referenced by get_objects_from_ident().
| STATIC int service_desc_hsdirs_changed | ( | const hs_service_t * | service, |
| const hs_service_descriptor_t * | desc | ||
| ) |
The set of HSDirs have changed: check if the change affects our descriptor HSDir placement, and if it does, reupload the desc.
Definition at line 3060 of file hs_service.c.
Referenced by run_upload_descriptor_event().
|
static |
Note that we attempted to upload desc to hsdir.
Definition at line 2282 of file hs_service.c.
| STATIC void service_desc_schedule_upload | ( | hs_service_descriptor_t * | desc, |
| time_t | now, | ||
| int | descriptor_changed | ||
| ) |
Schedule an upload of desc. If descriptor_changed is set, it means that this descriptor is dirty.
Definition at line 2299 of file hs_service.c.
Referenced by run_upload_descriptor_event().
| STATIC void service_descriptor_free_ | ( | hs_service_descriptor_t * | desc | ) |
Free a given service descriptor object and all key material is wiped.
Definition at line 1343 of file hs_service.c.
| STATIC hs_service_descriptor_t* service_descriptor_new | ( | void | ) |
Return a newly allocated service descriptor object.
Definition at line 1364 of file hs_service.c.
Referenced by build_service_descriptor().
|
static |
This is a proxy function before actually calling hs_desc_encode_descriptor because we need some preprocessing here
Definition at line 3581 of file hs_service.c.
Referenced by hs_service_lookup_current_desc().
|
static |
Return a const string of the directory path escaped. If this is an ephemeral service, it returns "[EPHEMERAL]". This can only be called from the main thread because escaped() uses a static variable.
Definition at line 884 of file hs_service.c.
Referenced by hs_service_dump_stats().
|
static |
Free every service that can be found in the global map. Once done, clear and free the global map.
Definition at line 412 of file hs_service.c.
Referenced by hs_service_free_all().
|
static |
We've been expecting an INTRO_ESTABLISHED cell on this circuit and it just arrived. Handle the INTRO_ESTABLISHED cell arriving on the given introduction circuit. Return 0 on success else a negative value.
Definition at line 3430 of file hs_service.c.
|
static |
We just received an INTRODUCE2 cell on the established introduction circuit circ. Handle the cell and return 0 on success else a negative value.
Definition at line 3485 of file hs_service.c.
|
static |
Called when the introduction point circuit is done building and ready to be used.
Definition at line 3321 of file hs_service.c.
Referenced by hs_service_circuit_has_opened().
| STATIC void service_intro_point_add | ( | digest256map_t * | map, |
| hs_service_intro_point_t * | ip | ||
| ) |
Add the given intro point object to the given intro point map. The intro point MUST have its RSA encryption key set if this is a legacy type or the authentication key set otherwise.
Definition at line 536 of file hs_service.c.
| STATIC hs_service_intro_point_t* service_intro_point_find | ( | const hs_service_t * | service, |
| const ed25519_public_key_t * | auth_key | ||
| ) |
For a given service and authentication key, return the intro point or NULL if not found. This will check both descriptors in the service.
Definition at line 569 of file hs_service.c.
Referenced by get_objects_from_ident().
| STATIC void service_intro_point_free_ | ( | hs_service_intro_point_t * | ip | ) |
Free a given service intro point object.
Definition at line 433 of file hs_service.c.
Referenced by service_intro_point_free_void().
|
static |
Helper: free an hs_service_intro_point_t object. This function is used by digest256map_free() which requires a void * pointer.
Definition at line 449 of file hs_service.c.
| STATIC hs_service_intro_point_t* service_intro_point_new | ( | const node_t * | node | ) |
Return a newly allocated service intro point and fully initialized from the given node_t node, if non NULL.
If node is NULL, returns a hs_service_intro_point_t with an empty link specifier list and no onion key. (This is used for testing.) On any other error, NULL is returned.
node must be an node_t with an IPv4 address.
Definition at line 463 of file hs_service.c.
| STATIC void service_intro_point_remove | ( | const hs_service_t * | service, |
| const hs_service_intro_point_t * | ip | ||
| ) |
For a given service, remove the intro point from that service's descriptors (check both current and next descriptor)
Definition at line 551 of file hs_service.c.
|
static |
Return true iff the given service identity key is present on disk.
Definition at line 3556 of file hs_service.c.
Referenced by hs_service_get_version_from_key().
|
static |
Called when a rendezvous circuit is done building and ready to be used.
Definition at line 3378 of file hs_service.c.
Referenced by hs_service_circuit_has_opened().
|
static |
Set the revision counter in hs_desc. We do this by encrypting a timestamp using an OPE scheme and using the ciphertext as our revision counter.
If is_current is true, then this is the current HS descriptor, otherwise it's the next one.
Definition at line 2932 of file hs_service.c.
Referenced by refresh_service_descriptor().
|
static |
Set the next rotation time of the descriptors for the given service for the time now.
Definition at line 2513 of file hs_service.c.
Referenced by rotate_service_descriptors(), and run_housekeeping_event().
|
static |
Set the default values for a service configuration object c.
Definition at line 248 of file hs_service.c.
|
static |
Using a given descriptor signing keypair signing_kp, a service intro point object ip and the time now, setup the content of an already allocated descriptor intro desc_ip.
Return 0 on success else a negative value.
Definition at line 1605 of file hs_service.c.
|
static |
For the given descriptor desc, put all node_t object found from its failing intro point list and put them in the given node_list.
Definition at line 1560 of file hs_service.c.
|
static |
Return true iff we should remove the intro point ip from its service.
We remove an intro point from the service descriptor list if one of these criteria is met:
If an established or pending circuit is found for the given ip object, this return false indicating it should not be removed.
Definition at line 2402 of file hs_service.c.
|
static |
Return true iff the service should rotate its descriptor. The time now is only used to fetch the live consensus and if none can be found, this returns false.
Definition at line 2533 of file hs_service.c.
Referenced by rotate_all_descriptors().
|
static |
Return 1 if the given descriptor from the given service can be uploaded else return 0 if it can not.
Definition at line 3169 of file hs_service.c.
Referenced by run_upload_descriptor_event().
| STATIC void update_all_descriptors_intro_points | ( | time_t | now | ) |
Update descriptor intro points for each service if needed. We do this as part of the periodic event because we need to establish intro point circuits before we publish descriptors.
Definition at line 2358 of file hs_service.c.
Referenced by run_build_descriptor_event().
|
static |
Pick missing intro points for this descriptor if needed.
Definition at line 2315 of file hs_service.c.
Referenced by update_all_descriptors_intro_points().
| STATIC void upload_descriptor_to_all | ( | const hs_service_t * | service, |
| hs_service_descriptor_t * | desc | ||
| ) |
Encode and sign the service descriptor desc and upload it to the responsible hidden service directories. If for_next_period is true, the set of directories are selected using the next hsdir_index. This does nothing if PublishHidServDescriptors is false.
Clear list of previous hsdirs since we are about to upload to a new list. Let's keep it up to date.
Definition at line 3003 of file hs_service.c.
|
static |
Encode and sign the service descriptor desc and upload it to the given hidden service directory. This does nothing if PublishHidServDescriptors is false.
Definition at line 2863 of file hs_service.c.
Referenced by upload_descriptor_to_all().
| STATIC int write_address_to_file | ( | const hs_service_t * | service, |
| const char * | fname_ | ||
| ) |
Write the onion address of a given service to the given filename fname_ in the service directory. Return 0 on success else -1 on error.
Definition at line 993 of file hs_service.c.
|
static |
True if the list of available router descriptors might have changed which might result in an altered hash ring. Check if the hash ring changed and reupload if needed
Definition at line 111 of file hs_service.c.
Referenced by run_upload_descriptor_event().
|
static |
This is the global hash map of hidden services which indexed the service contained in it by master public identity key which is roughly the onion address of the service.
Definition at line 150 of file hs_service.c.
Referenced by get_objects_from_ident(), hs_service_exports_circuit_id(), hs_service_find(), hs_service_get_metrics_stores(), hs_service_get_num_services(), hs_service_init(), hs_service_lookup_current_desc(), register_service(), and service_free_all().
|
static |
Staging list of service object. When configuring service, we add them to this list considered a staging area and they will get added to our global map once the keys have been loaded. These two steps are separated because loading keys requires that we are an actual running tor process.
Definition at line 106 of file hs_service.c.
Referenced by hs_service_init(), hs_service_load_all_keys(), hs_service_stage_services(), register_all_services(), and service_free_all().
1.9.1