10 #define RENDSERVICE_PRIVATE 22 #include "feature/client/circpathbias.h" 35 #include "feature/nodelist/routerset.h" 38 #include "feature/rend/rendparse.h" 40 #include "feature/stats/predict_ports.h" 47 #include "core/or/cpath_build_state_st.h" 48 #include "core/or/crypt_path_st.h" 49 #include "core/or/crypt_path_reference_st.h" 50 #include "core/or/edge_connection_st.h" 51 #include "core/or/extend_info_st.h" 52 #include "feature/nodelist/networkstatus_st.h" 53 #include "core/or/origin_circuit_st.h" 54 #include "feature/rend/rend_authorized_client_st.h" 55 #include "feature/rend/rend_encoded_v2_service_descriptor_st.h" 56 #include "feature/rend/rend_intro_point_st.h" 57 #include "feature/rend/rend_service_descriptor_st.h" 58 #include "feature/nodelist/routerstatus_st.h" 66 #ifdef HAVE_SYS_STAT_H 70 struct rend_service_t;
72 const char *pk_digest);
92 const struct rend_service_t *s);
102 size_t plaintext_len,
107 size_t plaintext_len,
111 const rend_service_t *s,
122 static const char *private_key_fname =
"private_key";
123 static const char *hostname_fname =
"hostname";
124 static const char *client_keys_fname =
"client_keys";
125 static const char *sos_poison_fname =
"onion_service_non_anonymous";
136 rend_get_service_list(
const smartlist_t* substitute_service_list)
140 return rend_get_service_list_mutable((
smartlist_t*)substitute_service_list);
150 rend_get_service_list_mutable(
smartlist_t* substitute_service_list)
152 if (substitute_service_list) {
153 return substitute_service_list;
171 return (s->directory == NULL);
197 if (client->client_key)
198 crypto_pk_free(client->client_key);
199 if (client->client_name)
200 memwipe(client->client_name, 0, strlen(client->client_name));
202 memwipe(client->descriptor_cookie, 0,
sizeof(client->descriptor_cookie));
222 if (service->ports) {
224 rend_service_port_config_free(p));
225 smartlist_free(service->ports);
227 if (service->private_key)
228 crypto_pk_free(service->private_key);
229 if (service->intro_nodes) {
231 rend_intro_point_free(intro););
232 smartlist_free(service->intro_nodes);
234 if (service->expiring_nodes) {
236 rend_intro_point_free(intro););
237 smartlist_free(service->expiring_nodes);
240 rend_service_descriptor_free(service->desc);
241 if (service->clients) {
243 rend_authorized_client_free(c););
244 smartlist_free(service->clients);
246 if (service->accepted_intro_dh_parts) {
247 replaycache_free(service->accepted_intro_dh_parts);
254 rend_service_free_staging_list(
void)
258 rend_service_free(ptr));
271 rend_service_free(ptr));
275 rend_service_free_staging_list();
280 rend_service_init(
void)
293 rend_validate_service(
const smartlist_t *service_list,
294 const rend_service_t *service)
299 if (service->max_streams_per_circuit < 0) {
300 log_warn(
LD_CONFIG,
"Hidden service (%s) configured with negative max " 301 "streams per circuit.",
306 if (service->max_streams_close_circuit < 0 ||
307 service->max_streams_close_circuit > 1) {
308 log_warn(
LD_CONFIG,
"Hidden service (%s) configured with invalid " 309 "max streams handling.",
314 if (service->auth_type != REND_NO_AUTH &&
315 (!service->clients || smartlist_len(service->clients) == 0)) {
316 log_warn(
LD_CONFIG,
"Hidden service (%s) with client authorization but " 322 if (!service->ports || !smartlist_len(service->ports)) {
323 log_warn(
LD_CONFIG,
"Hidden service (%s) with no ports configured.",
345 smartlist_t *s_list = rend_get_service_list_mutable(service_list);
349 rend_service_free(service);
353 service->intro_nodes = smartlist_new();
354 service->expiring_nodes = smartlist_new();
356 log_debug(
LD_REND,
"Configuring service with directory %s",
358 for (i = 0; i < smartlist_len(service->ports); ++i) {
359 p = smartlist_get(service->ports, i);
360 if (!(p->is_unix_addr)) {
362 "Service maps port %d to %s",
368 "Service maps port %d to socket at \"%s\"",
369 p->virtual_port, p->unix_addr);
372 "Service maps port %d to an AF_UNIX socket, but we " 373 "have no AF_UNIX support on this platform. This is " 376 rend_service_free(service);
389 hs_service_map_has_changed();
402 const size_t pathlen = strlen(socket_path) + 1;
405 memcpy(conf->unix_addr, socket_path, pathlen);
406 conf->is_unix_addr = 1;
428 unsigned int is_unix_addr = 0;
429 const char *socket_path = NULL;
430 char *err_msg = NULL;
431 char *addrport = NULL;
433 sl = smartlist_new();
435 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
436 if (smartlist_len(sl) < 1 || BUG(smartlist_len(sl) > 2)) {
437 err_msg = tor_strdup(
"Bad syntax in hidden service port configuration.");
440 virtport = (int)
tor_parse_long(smartlist_get(sl,0), 10, 1, 65535, NULL,NULL);
442 tor_asprintf(&err_msg,
"Missing or invalid port %s in hidden service " 443 "port configuration",
escaped(smartlist_get(sl,0)));
447 if (smartlist_len(sl) == 1) {
454 const char *addrport_element = smartlist_get(sl,1);
455 const char *rest = NULL;
461 tor_asprintf(&err_msg,
"Couldn't process address <%s> from hidden " 462 "service configuration", addrport_element);
466 if (rest && strlen(rest)) {
467 err_msg = tor_strdup(
"HiddenServicePort parse error: invalid port " 473 socket_path = addrport;
475 }
else if (strchr(addrport,
':') || strchr(addrport,
'.')) {
478 err_msg = tor_strdup(
"Unparseable address in hidden service port " 482 realport = p?p:virtport;
485 realport = (int)
tor_parse_long(addrport, 10, 1, 65535, NULL, NULL);
487 tor_asprintf(&err_msg,
"Unparseable or out-of-range port %s in " 488 "hidden service port configuration.",
498 result->virtual_port = virtport;
499 result->is_unix_addr = is_unix_addr;
501 result->real_port = realport;
503 result->unix_addr[0] =
'\0';
508 if (err_msg_out != NULL) {
509 *err_msg_out = err_msg;
531 copy_service_on_prunning(rend_service_t *dst, rend_service_t *src)
539 dst->desc_is_dirty = src->desc_is_dirty;
540 dst->next_upload_time = src->next_upload_time;
542 dst->accepted_intro_dh_parts = src->accepted_intro_dh_parts;
543 src->accepted_intro_dh_parts = NULL;
545 dst->intro_period_started = src->intro_period_started;
546 dst->n_intro_circuits_launched = src->n_intro_circuits_launched;
547 dst->n_intro_points_wanted = src->n_intro_points_wanted;
555 rend_service_prune_list_impl_(
void)
558 smartlist_t *surviving_services, *old_service_list, *new_service_list;
575 if (!old_service_list) {
584 surviving_services = smartlist_new();
606 } SMARTLIST_FOREACH_END(old);
616 strcmp(old->directory, new->directory)) {
625 copy_service_on_prunning(
new, old);
630 } SMARTLIST_FOREACH_END(old);
631 } SMARTLIST_FOREACH_END(
new);
642 if (rend_circuit_pk_digest_eq(ocirc, (uint8_t *) s->pk_digest)) {
647 } SMARTLIST_FOREACH_END(s);
651 log_info(
LD_REND,
"Closing intro point %s for service %s.",
654 safe_str_client(rend_data_get_address(ocirc->
rend_data)));
657 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
659 smartlist_free(surviving_services);
661 hs_service_map_has_changed();
668 rend_service_prune_list(
void)
676 rend_service_prune_list_impl_();
677 if (old_service_list) {
681 rend_service_free(s));
682 smartlist_free(old_service_list);
692 service_config_shadow_copy(rend_service_t *service,
698 service->directory = tor_strdup(config->directory_path);
699 service->dir_group_readable = config->dir_group_readable;
700 service->allow_unknown_ports = config->allow_unknown_ports;
704 service->max_streams_per_circuit = (int) config->max_streams_per_rdv_circuit;
705 if (BUG(config->max_streams_per_rdv_circuit >
706 HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT)) {
707 service->max_streams_per_circuit = HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT;
709 service->max_streams_close_circuit = config->max_streams_close_circuit;
710 service->n_intro_points_wanted = config->num_intro_points;
713 smartlist_free(config->ports);
714 config->ports = NULL;
728 rend_service_t *service = NULL;
742 service = tor_malloc_zero(
sizeof(rend_service_t));
743 service->intro_period_started = time(NULL);
744 service->ports = smartlist_new();
747 service_config_shadow_copy(service, config);
749 for (line = line_; line; line = line->next) {
750 if (!strcasecmp(line->key,
"HiddenServiceDir")) {
755 if (!strcasecmp(line->key,
"HiddenServiceNumIntroductionPoints")) {
758 service->n_intro_points_wanted =
763 "HiddenServiceNumIntroductionPoints " 764 "should be between %d and %d, not %s",
768 log_info(
LD_CONFIG,
"HiddenServiceNumIntroductionPoints=%d for %s",
769 service->n_intro_points_wanted,
escaped(service->directory));
772 if (!strcasecmp(line->key,
"HiddenServiceAuthorizeClient")) {
777 const char *authname;
778 if (service->auth_type != REND_NO_AUTH) {
779 log_warn(
LD_CONFIG,
"Got multiple HiddenServiceAuthorizeClient " 780 "lines for a single service.");
783 type_names_split = smartlist_new();
785 if (smartlist_len(type_names_split) < 1) {
786 log_warn(
LD_BUG,
"HiddenServiceAuthorizeClient has no value. This " 787 "should have been prevented when parsing the " 789 smartlist_free(type_names_split);
792 authname = smartlist_get(type_names_split, 0);
793 if (!strcasecmp(authname,
"basic")) {
794 service->auth_type = REND_BASIC_AUTH;
795 }
else if (!strcasecmp(authname,
"stealth")) {
796 service->auth_type = REND_STEALTH_AUTH;
798 log_warn(
LD_CONFIG,
"HiddenServiceAuthorizeClient contains " 799 "unrecognized auth-type '%s'. Only 'basic' or 'stealth' " 801 (
char *) smartlist_get(type_names_split, 0));
803 smartlist_free(type_names_split);
806 service->clients = smartlist_new();
807 if (smartlist_len(type_names_split) < 2) {
808 log_warn(
LD_CONFIG,
"HiddenServiceAuthorizeClient contains " 809 "auth-type '%s', but no client names.",
810 service->auth_type == REND_BASIC_AUTH ?
"basic" :
"stealth");
812 smartlist_free(type_names_split);
815 clients = smartlist_new();
817 ",", SPLIT_SKIP_SPACE, 0);
819 smartlist_free(type_names_split);
822 int num_clients = smartlist_len(clients);
825 if (smartlist_len(clients) < num_clients) {
826 log_info(
LD_CONFIG,
"HiddenServiceAuthorizeClient contains %d " 827 "duplicate client name(s); removing.",
828 num_clients - smartlist_len(clients));
835 log_warn(
LD_CONFIG,
"HiddenServiceAuthorizeClient contains an " 836 "illegal client name: '%s'. Names must be " 837 "between 1 and %d characters and contain " 838 "only [A-Za-z0-9+_-].",
841 smartlist_free(clients);
845 client->client_name = tor_strdup(client_name);
847 log_debug(
LD_REND,
"Adding client name '%s'", client_name);
849 SMARTLIST_FOREACH_END(client_name);
851 smartlist_free(clients);
853 if ((service->auth_type == REND_BASIC_AUTH &&
854 smartlist_len(service->clients) > 512) ||
855 (service->auth_type == REND_STEALTH_AUTH &&
856 smartlist_len(service->clients) > 16)) {
857 log_warn(
LD_CONFIG,
"HiddenServiceAuthorizeClient contains %d " 858 "client authorization entries, but only a " 859 "maximum of %d entries is allowed for " 860 "authorization type '%s'.",
861 smartlist_len(service->clients),
862 service->auth_type == REND_BASIC_AUTH ? 512 : 16,
863 service->auth_type == REND_BASIC_AUTH ?
"basic" :
"stealth");
885 rend_service_free(service);
906 int max_streams_per_circuit,
907 int max_streams_close_circuit,
910 char **service_id_out)
912 *service_id_out = NULL;
916 rend_service_t *s = tor_malloc_zero(
sizeof(rend_service_t));
919 s->auth_type = auth_type;
920 s->clients = auth_clients;
922 s->intro_period_started = time(NULL);
924 s->max_streams_per_circuit = max_streams_per_circuit;
925 s->max_streams_close_circuit = max_streams_close_circuit;
927 rend_service_free(s);
931 if (!s->ports || smartlist_len(s->ports) == 0) {
932 log_warn(
LD_CONFIG,
"At least one VIRTPORT/TARGET must be specified.");
933 rend_service_free(s);
936 if (s->auth_type != REND_NO_AUTH &&
937 (!s->clients || smartlist_len(s->clients) == 0)) {
938 log_warn(
LD_CONFIG,
"At least one authorized client must be specified.");
939 rend_service_free(s);
947 log_warn(
LD_CONFIG,
"Onion Service private key collides with an " 948 "existing service.");
949 rend_service_free(s);
953 log_warn(
LD_CONFIG,
"Onion Service id collides with an existing service.");
954 rend_service_free(s);
962 *service_id_out = tor_strdup(s->service_id);
964 log_debug(
LD_CONFIG,
"Added ephemeral Onion Service: %s", s->service_id);
976 log_warn(
LD_CONFIG,
"Requested malformed Onion Service id for removal.");
980 log_warn(
LD_CONFIG,
"Requested non-existent Onion Service id for " 985 log_warn(
LD_CONFIG,
"Requested non-ephemeral Onion Service for removal.");
996 if (!circ->marked_for_close &&
1001 !rend_circuit_pk_digest_eq(oc, (uint8_t *) s->pk_digest)) {
1004 log_debug(
LD_REND,
"Closing intro point %s for service %s.",
1008 circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
1010 } SMARTLIST_FOREACH_END(circ);
1013 hs_service_map_has_changed();
1014 rend_service_free(s);
1016 log_debug(
LD_CONFIG,
"Removed ephemeral Onion Service: %s", service_id);
1023 #define INTRO_CIRC_RETRY_PERIOD_SLOP 10 1031 int exceeded_limit = (service->n_intro_circuits_launched >=
1033 service->n_intro_points_wanted));
1034 int severity = min_severity;
1036 if (exceeded_limit) {
1039 time_t intro_period_elapsed = time(NULL) - service->intro_period_started;
1040 tor_assert_nonfatal(intro_period_elapsed >= 0);
1046 "Hidden service %s %s %d intro points in the last %d seconds. " 1047 "Intro circuit launches are limited to %d per %d seconds.%s",
1048 service->service_id,
1049 exceeded_limit ?
"exceeded launch limit with" :
"launched",
1050 service->n_intro_circuits_launched,
1051 (
int)intro_period_elapsed,
1069 rend_service_descriptor_free(service->desc);
1070 service->desc = NULL;
1080 for (i = 0; i < smartlist_len(service->intro_nodes); ++i) {
1114 unsigned int have_intro = (
unsigned int)smartlist_len(d->
intro_nodes);
1115 if (have_intro != service->n_intro_points_wanted) {
1118 if (have_intro < service->n_intro_points_wanted ||
1125 log_fn(severity,
LD_REND,
"Hidden service %s wanted %d intro points, but " 1126 "descriptor was updated with %d instead.",
1127 service->service_id,
1128 service->n_intro_points_wanted, have_intro);
1139 rend_service_path(
const rend_service_t *service,
const char *file_name)
1142 return hs_path_from_filename(service->directory, file_name);
1150 rend_service_sos_poison_path(
const rend_service_t *service)
1152 return rend_service_path(service, sos_poison_fname);
1160 char *poison_fname = NULL;
1164 if (BUG(!service)) {
1172 poison_fname = rend_service_sos_poison_path(service);
1180 if (fstatus == FN_FILE || fstatus == FN_EMPTY) {
1190 rend_service_private_key_exists(
const rend_service_t *service)
1192 char *private_key_path = rend_service_path(service, private_key_fname);
1198 return private_key_status == FN_FILE;
1225 if (BUG(!s->directory)) {
1231 if (!rend_service_private_key_exists(s)) {
1237 rend_service_non_anonymous_mode_enabled(options)) {
1254 poison_new_single_onion_hidden_service_dir_impl(
const rend_service_t *service,
1258 if (BUG(!service)) {
1263 tor_assert(rend_service_non_anonymous_mode_enabled(options));
1267 char *poison_fname = NULL;
1270 log_info(
LD_REND,
"Ephemeral HS started in non-anonymous mode.");
1275 if (rend_service_private_key_exists(service)) {
1276 log_warn(
LD_BUG,
"Tried to single onion poison a service directory after " 1277 "the private key was created.");
1282 if (BUG(hs_check_service_private_dir(options->
User, service->directory,
1283 service->dir_group_readable, 0) < 0))
1286 poison_fname = rend_service_sos_poison_path(service);
1291 log_warn(
LD_FS,
"Can't read single onion poison file \"%s\"",
1296 log_debug(
LD_FS,
"Tried to re-poison a single onion poisoned file \"%s\"",
1302 log_warn(
LD_FS,
"Could not create single onion poison file %s",
1335 tor_assert(rend_service_non_anonymous_mode_enabled(options));
1343 if (BUG(!s->directory)) {
1347 if (!rend_service_private_key_exists(s)) {
1348 if (poison_new_single_onion_hidden_service_dir_impl(s, options)
1360 rend_service_key_on_disk(
const char *directory_path)
1369 fname = hs_path_from_filename(directory_path, private_key_fname);
1390 const smartlist_t *s_list = rend_get_service_list(service_list);
1398 log_info(
LD_REND,
"Loading hidden-service keys from %s",
1403 } SMARTLIST_FOREACH_END(s);
1415 smartlist_add(lst, rend_service_path(s, private_key_fname));
1417 smartlist_add(lst, rend_service_path(s, client_keys_fname));
1435 } SMARTLIST_FOREACH_END(s);
1445 log_warn(
LD_BUG,
"Internal error: couldn't encode service ID.");
1449 log_warn(
LD_BUG,
"Couldn't compute hash of public key.");
1467 const rend_service_t *s,
1476 if (hs_check_service_private_dir(options->
User, s->directory,
1477 s->dir_group_readable, create) < 0) {
1488 log_warn(
LD_GENERAL,
"We are configured with " 1489 "HiddenServiceNonAnonymousMode %d, but the hidden " 1490 "service key in directory %s was created in %s mode. " 1491 "This is not allowed.",
1492 rend_service_non_anonymous_mode_enabled(options) ? 1 : 0,
1494 rend_service_non_anonymous_mode_enabled(options) ?
1495 "an anonymous" :
"a non-anonymous" 1505 if (create && rend_service_non_anonymous_mode_enabled(options)) {
1506 static int logged_warning = 0;
1509 log_warn(
LD_GENERAL,
"Failed to mark new hidden services as non-anonymous" 1514 if (!logged_warning) {
1516 log_notice(
LD_REND,
"The configured onion service directories have been " 1517 "used in single onion mode. They can not be used for " 1518 "anonymous hidden services.");
1541 fname = rend_service_path(s, private_key_fname);
1544 if (!s->private_key)
1552 fname = rend_service_path(s, hostname_fname);
1554 tor_snprintf(buf,
sizeof(buf),
"%s.onion\n", s->service_id);
1555 if (write_str_to_file(fname,buf,0)<0) {
1556 log_warn(
LD_CONFIG,
"Could not write onion address to hostname file.");
1560 if (s->dir_group_readable) {
1562 if (chmod(fname, 0640))
1563 log_warn(
LD_FS,
"Unable to make hidden hostname file %s group-readable.",
1569 if (s->auth_type != REND_NO_AUTH) {
1592 char *cfname = NULL;
1593 char *client_keys_str = NULL;
1594 strmap_t *parsed_clients = strmap_new();
1595 FILE *cfile, *hfile;
1596 open_file_t *open_cfile = NULL, *open_hfile = NULL;
1598 char service_id[16+1];
1602 cfname = rend_service_path(s, client_keys_fname);
1604 if (client_keys_str) {
1606 log_warn(
LD_CONFIG,
"Previously stored client_keys file could not " 1610 log_info(
LD_CONFIG,
"Parsed %d previously stored client entries.",
1611 strmap_size(parsed_clients));
1617 OPEN_FLAGS_REPLACE | O_TEXT,
1618 0600, &open_cfile))) {
1619 log_warn(
LD_CONFIG,
"Could not open client_keys file %s",
1625 OPEN_FLAGS_REPLACE | O_TEXT,
1626 0600, &open_hfile))) {
1635 strmap_get(parsed_clients, client->client_name);
1640 memcpy(client->descriptor_cookie, parsed->descriptor_cookie,
1648 (
char *) client->descriptor_cookie,
1650 log_warn(
LD_BUG,
"Could not base64-encode descriptor cookie.");
1654 if (parsed && parsed->client_key) {
1656 }
else if (s->auth_type == REND_STEALTH_AUTH) {
1659 if (!(prkey = crypto_pk_new())) {
1660 log_warn(
LD_BUG,
"Error constructing client key");
1663 if (crypto_pk_generate_key(prkey)) {
1664 log_warn(
LD_BUG,
"Error generating client key");
1665 crypto_pk_free(prkey);
1669 log_warn(
LD_BUG,
"Generated client key seems invalid");
1670 crypto_pk_free(prkey);
1673 client->client_key = prkey;
1677 "client-name %s\ndescriptor-cookie %s\n",
1678 client->client_name, desc_cook_out);
1680 log_warn(
LD_BUG,
"Could not write client entry.");
1683 if (client->client_key) {
1684 char *client_key_out = NULL;
1686 &client_key_out, &len) != 0) {
1687 log_warn(
LD_BUG,
"Internal error: " 1688 "crypto_pk_write_private_key_to_string() failed.");
1692 log_warn(
LD_BUG,
"Internal error: couldn't encode service ID.");
1697 memwipe(client_key_out, 0, len);
1701 written =
tor_snprintf(buf + written,
sizeof(buf) - written,
1702 "client-key\n%s", client_key_out);
1703 memwipe(client_key_out, 0, len);
1706 log_warn(
LD_BUG,
"Could not write client entry.");
1710 strlcpy(service_id, s->service_id,
sizeof(service_id));
1713 if (fputs(buf, cfile) < 0) {
1714 log_warn(
LD_FS,
"Could not append client entry to file: %s",
1723 if (!encoded_cookie) {
1724 log_warn(
LD_BUG,
"Could not base64-encode descriptor cookie.");
1727 tor_snprintf(buf,
sizeof(buf),
"%s.onion %s # client: %s\n",
1728 service_id, encoded_cookie, client->client_name);
1729 memwipe(encoded_cookie, 0, strlen(encoded_cookie));
1732 if (fputs(buf, hfile)<0) {
1733 log_warn(
LD_FS,
"Could not append host entry to file: %s",
1737 } SMARTLIST_FOREACH_END(client);
1750 if (client_keys_str) {
1751 memwipe(client_keys_str, 0, strlen(client_keys_str));
1757 memwipe(cfname, 0, strlen(cfname));
1763 memwipe(desc_cook_out, 0,
sizeof(desc_cook_out));
1764 memwipe(service_id, 0,
sizeof(service_id));
1772 static rend_service_t *
1784 static struct rend_service_t *
1800 const char *descriptor_cookie,
1806 if (!service->clients) {
1807 log_warn(
LD_BUG,
"Can't check authorization for a service that has no " 1808 "authorized clients configured.");
1813 log_info(
LD_REND,
"Descriptor cookie is %lu bytes, but we expected " 1814 "%lu bytes. Dropping cell.",
1821 if (tor_memeq(client->descriptor_cookie, descriptor_cookie,
1822 REND_DESC_COOKIE_LEN)) {
1823 auth_client = client;
1829 base64_encode(descriptor_cookie_base64,
sizeof(descriptor_cookie_base64),
1831 log_info(
LD_REND,
"No authorization found for descriptor cookie '%s'! " 1833 descriptor_cookie_base64);
1838 log_info(
LD_REND,
"Client %s authorized for service %s.",
1839 auth_client->client_name, service->service_id);
1846 rend_service_use_direct_connection(
const or_options_t* options,
1852 return (rend_service_allow_non_anonymous_connection(options) &&
1854 FIREWALL_OR_CONNECTION, 0, 0));
1859 rend_service_use_direct_connection_node(
const or_options_t* options,
1864 return (rend_service_allow_non_anonymous_connection(options) &&
1877 const uint8_t *request,
1881 int status = 0, result;
1883 char *err_msg = NULL;
1885 const char *stage_descr = NULL, *rend_pk_digest;
1886 int reason = END_CIRC_REASON_TORPROTOCOL;
1889 rend_service_t *service = NULL;
1898 char keys[
DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
1904 int circ_needs_uptime;
1905 time_t now = time(NULL);
1913 "Got an INTRODUCE2 over a non-introduction circuit %u.",
1918 assert_circ_anonymity_ok(circuit, options);
1921 rend_pk_digest = (
char *) rend_data_get_pk_digest(circuit->
rend_data, NULL);
1931 "Internal error: Got an INTRODUCE2 cell on an intro " 1932 "circ for an unrecognized service %s.",
1938 if (intro_point == NULL) {
1940 if (intro_point == NULL) {
1942 "Internal error: Got an INTRODUCE2 cell on an " 1943 "intro circ (for service %s) with no corresponding " 1944 "rend_intro_point_t.",
1950 log_info(
LD_REND,
"Received INTRODUCE2 cell for service %s on circ %u.",
1954 intro_key = circuit->intro_key;
1959 stage_descr =
"early parsing";
1965 }
else if (err_msg) {
1966 log_info(
LD_REND,
"%s on circ %u.", err_msg,
1972 if (!service->accepted_intro_dh_parts) {
1973 service->accepted_intro_dh_parts =
1986 parsed_req->ciphertext, MIN(parsed_req->ciphertext_len, keylen),
1991 "Possible replay detected! We received an " 1992 "INTRODUCE2 cell with same PK-encrypted part %d " 1993 "seconds ago. Dropping cell.",
1998 stage_descr =
"decryption";
2003 }
else if (err_msg) {
2004 log_info(
LD_REND,
"%s on circ %u.", err_msg,
2009 stage_descr =
"late parsing";
2014 }
else if (err_msg) {
2015 log_info(
LD_REND,
"%s on circ %u.", err_msg,
2020 stage_descr =
"late validation";
2025 }
else if (err_msg) {
2026 log_info(
LD_REND,
"%s on circ %u.", err_msg,
2038 err_msg_severity = LOG_PROTOCOL_WARN;
2045 log_warn(
LD_REND,
"Client asked to rendezvous at a relay that we " 2046 "exclude, and StrictNodes is set. Refusing service.");
2047 reason = END_CIRC_REASON_INTERNAL;
2051 base16_encode(hexcookie, 9, (
const char *)(parsed_req->rc), 4);
2056 service->accepted_intro_dh_parts,
2068 log_info(
LD_REND,
"We received an " 2069 "INTRODUCE2 cell with same first part of " 2070 "Diffie-Hellman handshake %d seconds ago. Dropping " 2077 if (service->clients) {
2078 if (parsed_req->version == 3 && parsed_req->u.v3.auth_len > 0) {
2080 (
const char*)parsed_req->u.v3.auth_data,
2081 parsed_req->u.v3.auth_len)) {
2082 log_info(
LD_REND,
"Authorization data in INTRODUCE2 cell are valid.");
2084 log_info(
LD_REND,
"The authorization data that are contained in " 2085 "the INTRODUCE2 cell are invalid. Dropping cell.");
2086 reason = END_CIRC_REASON_CONNECTFAILED;
2090 log_info(
LD_REND,
"INTRODUCE2 cell does not contain authentication " 2091 "data, but we require client authorization. Dropping cell.");
2092 reason = END_CIRC_REASON_CONNECTFAILED;
2100 log_warn(
LD_BUG,
"Internal error: couldn't build DH state " 2101 "or generate public key.");
2102 reason = END_CIRC_REASON_INTERNAL;
2106 (
char *)(parsed_req->dh),
2109 log_warn(
LD_BUG,
"Internal error: couldn't complete DH handshake");
2110 reason = END_CIRC_REASON_INTERNAL;
2114 circ_needs_uptime = hs_service_requires_uptime_circ(service->ports);
2122 for (i=0;i<max_rend_failures;i++) {
2127 if (rend_service_use_direct_connection(options, rp)) {
2137 log_warn(
LD_REND,
"Giving up launching first hop of circuit to rendezvous " 2138 "point %s for service %s.",
2141 reason = END_CIRC_REASON_CONNECTFAILED;
2145 "Accepted intro; launching circuit to %s " 2146 "(cookie %s) for service %s.",
2148 hexcookie, serviceid);
2153 rend_data_service_create(service->service_id, rend_pk_digest,
2154 parsed_req->rc, service->auth_type);
2162 cpath->magic = CRYPT_PATH_MAGIC;
2179 "unknown %s error for INTRODUCE2", stage_descr);
2181 err_msg = tor_strdup(
"unknown error for INTRODUCE2");
2189 if (dh) crypto_dh_free(dh);
2191 circuit_mark_for_close(
TO_CIRCUIT(launched), reason);
2196 memwipe(keys, 0,
sizeof(keys));
2198 memwipe(serviceid, 0,
sizeof(serviceid));
2199 memwipe(hexcookie, 0,
sizeof(hexcookie));
2202 rend_service_free_intro(parsed_req);
2205 extend_info_free(rp);
2218 char *err_msg = NULL;
2219 const char *rp_nickname = NULL;
2220 const node_t *node = NULL;
2224 err_msg = tor_strdup(
"Bad parameters to find_rp_for_intro()");
2229 if (intro->version == 0 || intro->version == 1) {
2230 rp_nickname = (
const char *)(intro->u.v0_v1.rp);
2232 node = node_get_by_nickname(rp_nickname, NNF_NO_WARN_UNNAMED);
2236 "Couldn't find router %s named in INTRODUCE2 cell",
2244 const int allow_direct = rend_service_allow_non_anonymous_connection(
2250 "Couldn't build extend_info_t for router %s named " 2251 "in INTRODUCE2 cell",
2257 }
else if (intro->version == 2) {
2259 }
else if (intro->version == 3) {
2264 "Unknown version %d in INTRODUCE2 cell",
2265 (
int)(intro->version));
2281 "Relay IP in INTRODUCE2 cell is private address.");
2283 extend_info_free(rp);
2291 *err_msg_out = err_msg;
2311 request->ciphertext_len = 0;
2314 if (request->plaintext) {
2316 memwipe(request->plaintext, 0, request->plaintext_len);
2318 request->plaintext_len = 0;
2322 if (request->parsed) {
2323 switch (request->version) {
2332 extend_info_free(request->u.v2.extend_info);
2333 request->u.v2.extend_info = NULL;
2336 if (request->u.v3.auth_data) {
2337 memwipe(request->u.v3.auth_data, 0, request->u.v3.auth_len);
2341 extend_info_free(request->u.v3.extend_info);
2342 request->u.v3.extend_info = NULL;
2346 "rend_service_free_intro() saw unknown protocol " 2353 memwipe(request, 0,
sizeof(*request));
2378 char *err_msg = NULL;
2380 if (!request || request_len <= 0)
goto err;
2381 if (!(type == 1 || type == 2))
goto err;
2391 "got a truncated INTRODUCE%d cell",
2398 rv = tor_malloc_zero(
sizeof(*rv));
2407 rv->ciphertext = tor_malloc(request_len -
DIGEST_LEN);
2409 rv->ciphertext_len = request_len -
DIGEST_LEN;
2414 rend_service_free_intro(rv);
2417 if (err_msg_out && !err_msg) {
2419 "unknown INTRODUCE%d error",
2424 if (err_msg_out) *err_msg_out = err_msg;
2438 size_t plaintext_len,
2441 const char *rp_nickname, *endptr;
2442 size_t nickname_field_len, ver_specific_len;
2444 if (intro->version == 1) {
2446 rp_nickname = ((
const char *)buf) + 1;
2448 }
else if (intro->version == 0) {
2450 rp_nickname = (
const char *)buf;
2455 "rend_service_parse_intro_for_v0_or_v1() called with " 2456 "bad version %d on INTRODUCE%d cell (this is a bug)",
2458 (
int)(intro->type));
2462 if (plaintext_len < ver_specific_len) {
2465 "short plaintext of encrypted part in v1 INTRODUCE%d " 2466 "cell (%lu bytes, needed %lu)",
2468 (
unsigned long)plaintext_len,
2469 (
unsigned long)ver_specific_len);
2473 endptr = memchr(rp_nickname, 0, nickname_field_len);
2474 if (!endptr || endptr == rp_nickname) {
2477 "couldn't find a nul-padded nickname in " 2479 (
int)(intro->type));
2484 if ((intro->version == 0 &&
2486 (intro->version == 1 &&
2490 "bad nickname in INTRODUCE%d cell",
2491 (
int)(intro->type));
2496 memcpy(intro->u.v0_v1.rp, rp_nickname, endptr - rp_nickname + 1);
2498 return ver_specific_len;
2511 size_t plaintext_len,
2516 ssize_t ver_specific_len;
2523 if (!(intro->version == 2 ||
2524 intro->version == 3)) {
2527 "rend_service_parse_intro_for_v2() called with " 2528 "bad version %d on INTRODUCE%d cell (this is a bug)",
2530 (
int)(intro->type));
2538 "truncated plaintext of encrypted parted of " 2539 "version %d INTRODUCE%d cell",
2541 (
int)(intro->type));
2557 if (plaintext_len < 7 +
DIGEST_LEN + 2 + klen) {
2560 "truncated plaintext of encrypted parted of " 2561 "version %d INTRODUCE%d cell",
2563 (
int)(intro->type));
2574 "error decoding onion key in version %d " 2585 "invalid onion key size in version %d INTRODUCE%d cell",
2595 if (intro->version == 2) intro->u.v2.extend_info = extend_info;
2596 else intro->u.v3.extend_info = extend_info;
2598 return ver_specific_len;
2601 extend_info_free(extend_info);
2613 size_t plaintext_len,
2616 ssize_t adjust, v2_ver_specific_len, ts_offset;
2619 if (intro->version != 3) {
2622 "rend_service_parse_intro_for_v3() called with " 2623 "bad version %d on INTRODUCE%d cell (this is a bug)",
2625 (
int)(intro->type));
2634 if (plaintext_len < 4) {
2637 "truncated plaintext of encrypted parted of " 2638 "version %d INTRODUCE%d cell",
2640 (
int)(intro->type));
2655 intro->u.v3.auth_type = buf[1];
2656 if (intro->u.v3.auth_type != REND_NO_AUTH) {
2657 intro->u.v3.auth_len = ntohs(
get_uint16(buf + 2));
2658 ts_offset = 4 + intro->u.v3.auth_len;
2660 intro->u.v3.auth_len = 0;
2665 if (intro->u.v3.auth_type == REND_BASIC_AUTH ||
2666 intro->u.v3.auth_type == REND_STEALTH_AUTH) {
2670 "wrong auth data size %d for INTRODUCE%d cell, " 2672 (
int)(intro->u.v3.auth_len),
2682 if (plaintext_len < (
size_t)(ts_offset)+4) {
2685 "truncated plaintext of encrypted parted of " 2686 "version %d INTRODUCE%d cell",
2688 (
int)(intro->type));
2694 if (intro->u.v3.auth_type != REND_NO_AUTH &&
2695 intro->u.v3.auth_len > 0) {
2697 intro->u.v3.auth_data = tor_malloc(intro->u.v3.auth_len);
2702 memcpy(intro->u.v3.auth_data, buf + 4, intro->u.v3.auth_len);
2711 adjust = 3 + ts_offset;
2713 v2_ver_specific_len =
2715 buf + adjust, plaintext_len - adjust,
2719 if (v2_ver_specific_len >= 0)
return v2_ver_specific_len + adjust;
2721 else return v2_ver_specific_len;
2753 char *err_msg = NULL;
2758 int result, status = -1;
2760 if (!intro || !key) {
2763 tor_strdup(
"rend_service_decrypt_intro() called with bad " 2772 if (!(intro->ciphertext) || intro->ciphertext_len <= 0) {
2775 "rend_intro_cell_t was missing ciphertext for " 2777 (
int)(intro->type));
2788 *err_msg_out = tor_strdup(
"Couldn't compute RSA digest.");
2789 log_warn(
LD_BUG,
"Couldn't compute key digest.");
2794 if (tor_memneq(key_digest, intro->pk,
DIGEST_LEN)) {
2799 "got an INTRODUCE%d cell for the wrong service (%s)",
2811 if (intro->ciphertext_len < key_len) {
2814 "got an INTRODUCE%d cell with a truncated PK-encrypted " 2816 (
int)(intro->type));
2826 key, (
char *)buf,
sizeof(buf),
2827 (
const char *)(intro->ciphertext), intro->ciphertext_len,
2832 "couldn't decrypt INTRODUCE%d cell",
2833 (
int)(intro->type));
2838 intro->plaintext_len = result;
2839 intro->plaintext = tor_malloc(intro->plaintext_len);
2840 memcpy(intro->plaintext, buf, intro->plaintext_len);
2847 if (err_msg_out && !err_msg) {
2849 "unknown INTRODUCE%d error decrypting encrypted part",
2850 intro ? (
int)(intro->type) : -1);
2854 if (err_msg_out) *err_msg_out = err_msg;
2859 memwipe(key_digest, 0,
sizeof(key_digest));
2860 memwipe(service_id, 0,
sizeof(service_id));
2875 char *err_msg = NULL;
2876 ssize_t ver_specific_len, ver_invariant_len;
2883 tor_strdup(
"rend_service_parse_intro_plaintext() called with NULL " 2884 "rend_intro_cell_t");
2892 if (!(intro->plaintext) || intro->plaintext_len <= 0) {
2894 err_msg = tor_strdup(
"rend_intro_cell_t was missing plaintext");
2901 version = intro->plaintext[0];
2904 if (version > 3) version = 0;
2907 intro->version = version;
2912 intro->plaintext, intro->plaintext_len,
2914 if (ver_specific_len < 0) {
2923 ver_invariant_len = intro->plaintext_len - ver_specific_len;
2926 "decrypted plaintext of INTRODUCE%d cell was truncated (%ld bytes)",
2928 (
long)(intro->plaintext_len));
2933 "decrypted plaintext of INTRODUCE%d cell was too long (%ld bytes)",
2935 (
long)(intro->plaintext_len));
2940 intro->plaintext + ver_specific_len,
2954 if (err_msg_out && !err_msg) {
2956 "unknown INTRODUCE%d error parsing encrypted part",
2957 intro ? (
int)(intro->type) : -1);
2961 if (err_msg_out) *err_msg_out = err_msg;
2985 tor_strdup(
"NULL intro cell passed to " 2986 "rend_service_validate_intro_late()");
2992 if (intro->version == 3 && intro->parsed) {
2993 if (!(intro->u.v3.auth_type == REND_NO_AUTH ||
2994 intro->u.v3.auth_type == REND_BASIC_AUTH ||
2995 intro->u.v3.auth_type == REND_STEALTH_AUTH)) {
2999 "unknown authorization type %d",
3000 intro->u.v3.auth_type);
3016 const char *rend_pk_digest;
3017 rend_service_t *service = NULL;
3026 log_info(
LD_REND,
"Skipping relaunch of circ that failed on its first hop. " 3027 "Initiator will retry.");
3031 log_info(
LD_REND,
"Reattempting rendezvous circuit to '%s'",
3035 rend_pk_digest = (
char *) rend_data_get_pk_digest(oldcirc->
rend_data, NULL);
3043 log_warn(
LD_BUG,
"Internal error: Trying to relaunch a rendezvous circ " 3044 "for an unrecognized service %s.",
3045 safe_str_client(serviceid));
3049 if (hs_service_requires_uptime_circ(service->ports)) {
3061 log_warn(
LD_REND,
"Couldn't relaunch rendezvous circuit to '%s'.",
3090 if (rend_service_allow_non_anonymous_connection(options)) {
3105 if (rend_service_use_direct_connection_node(options, node)) {
3107 if (BUG(!direct_ei)) {
3114 launch_ei = direct_ei;
3126 "Launching circuit to introduction point %s%s%s for service %s",
3128 direct_ei ?
" via direct address " :
"",
3130 service->service_id);
3134 ++service->n_intro_circuits_launched;
3140 "Can't launch circuit to establish introduction at %s%s%s.",
3142 direct_ei ?
" via direct address " :
"",
3145 extend_info_free(direct_ei);
3154 launched->
rend_data = rend_data_service_create(service->service_id,
3155 service->pk_digest, NULL,
3156 service->auth_type);
3160 extend_info_free(direct_ei);
3169 unsigned int num = 0;
3184 unsigned int num_ipos = 0;
3186 if (!circ->marked_for_close &&
3192 rend_circuit_pk_digest_eq(oc, (uint8_t *) service->pk_digest)) {
3197 SMARTLIST_FOREACH_END(circ);
3208 rend_service_encode_establish_intro_cell(
char *cell_body_out,
3209 size_t cell_body_out_len,
3211 const char *rend_circ_nonce)
3225 log_warn(
LD_BUG,
"Internal error; failed to establish intro point.");
3229 set_uint16(cell_body_out, htons((uint16_t)len));
3233 if (crypto_digest(cell_body_out+len, auth,
DIGEST_LEN+9))
3237 cell_body_out_len - len,
3238 cell_body_out, len);
3240 log_warn(
LD_BUG,
"Internal error: couldn't sign introduction request.");
3248 memwipe(auth, 0,
sizeof(auth));
3259 rend_service_t *service;
3262 unsigned int expiring_nodes_len, num_ip_circuits, valid_ip_circuits = 0;
3263 int reason = END_CIRC_REASON_TORPROTOCOL;
3264 const char *rend_pk_digest;
3267 assert_circ_anonymity_ok(circuit, get_options());
3271 rend_pk_digest = (
char *) rend_data_get_pk_digest(circuit->
rend_data, NULL);
3278 log_warn(
LD_REND,
"Unrecognized service ID %s on introduction circuit %u.",
3279 safe_str_client(serviceid), (
unsigned)circuit->base_.
n_circ_id);
3280 reason = END_CIRC_REASON_NOSUCHSERVICE;
3286 expiring_nodes_len = (
unsigned int) smartlist_len(service->expiring_nodes);
3291 if (num_ip_circuits > expiring_nodes_len) {
3292 valid_ip_circuits = num_ip_circuits - expiring_nodes_len;
3299 if (valid_ip_circuits > service->n_intro_points_wanted) {
3304 if (intro != NULL) {
3306 rend_intro_point_free(intro);
3313 log_info(
LD_CIRC|
LD_REND,
"We have just finished an introduction " 3314 "circuit, but we already have enough. Closing it.");
3315 reason = END_CIRC_REASON_NONE;
3319 log_info(
LD_CIRC|
LD_REND,
"We have just finished an introduction " 3320 "circuit, but we already have enough. Redefining purpose to " 3321 "general; leaving as internal.");
3336 circuit->intro_key = NULL;
3337 crypto_pk_free(intro_key);
3346 "Established circuit %u as introduction point for service %s",
3347 (
unsigned)circuit->base_.
n_circ_id, serviceid);
3353 len = rend_service_encode_establish_intro_cell(buf,
sizeof(buf),
3357 reason = END_CIRC_REASON_INTERNAL;
3361 if (relay_send_command_from_edge(0,
TO_CIRCUIT(circuit),
3362 RELAY_COMMAND_ESTABLISH_INTRO,
3365 "Couldn't send introduction request for service %s on circuit %u",
3366 serviceid, (
unsigned)circuit->base_.
n_circ_id);
3377 circuit_mark_for_close(
TO_CIRCUIT(circuit), reason);
3380 memwipe(serviceid, 0,
sizeof(serviceid));
3390 const uint8_t *request,
3393 rend_service_t *service;
3400 const char *rend_pk_digest =
3401 (
char *) rend_data_get_pk_digest(circuit->
rend_data, NULL);
3405 "received INTRO_ESTABLISHED cell on non-intro circuit.");
3410 log_warn(
LD_REND,
"Unknown service on introduction circuit %u.",
3419 if (intro == NULL) {
3421 "Introduction circuit established without a rend_intro_point_t " 3422 "object for service %s on circuit %u",
3423 safe_str_client(serviceid), (
unsigned)circuit->base_.
n_circ_id);
3429 service->desc_is_dirty = time(NULL);
3433 "Received INTRO_ESTABLISHED cell on circuit %u for service %s",
3434 (
unsigned)circuit->base_.
n_circ_id, serviceid);
3442 circuit_mark_for_close(
TO_CIRCUIT(circuit), END_CIRC_REASON_TORPROTOCOL);
3452 rend_service_t *service;
3458 const char *rend_cookie, *rend_pk_digest;
3463 assert_circ_anonymity_ok(circuit, get_options());
3467 rend_pk_digest = (
char *) rend_data_get_pk_digest(circuit->
rend_data,
3486 "Done building circuit %u to rendezvous with " 3487 "cookie %s for service %s",
3488 (
unsigned)circuit->base_.
n_circ_id, hexcookie, serviceid);
3499 log_info(
LD_REND,
"Another rend circ has already reached this rend point; " 3500 "closing this rend circ.");
3501 reason = END_CIRC_REASON_NONE;
3514 log_warn(
LD_GENERAL,
"Internal error: unrecognized service ID on " 3515 "rendezvous circuit.");
3516 reason = END_CIRC_REASON_INTERNAL;
3524 log_warn(
LD_GENERAL,
"Couldn't get DH public key.");
3525 reason = END_CIRC_REASON_INTERNAL;
3532 if (relay_send_command_from_edge(0,
TO_CIRCUIT(circuit),
3533 RELAY_COMMAND_RENDEZVOUS1,
3534 buf, HS_LEGACY_RENDEZVOUS_CELL_SIZE,
3536 log_warn(
LD_GENERAL,
"Couldn't send RENDEZVOUS1 cell.");
3544 hop->
state = CPATH_STATE_OPEN;
3560 circuit_mark_for_close(
TO_CIRCUIT(circuit), reason);
3563 memwipe(serviceid, 0,
sizeof(serviceid));
3564 memwipe(hexcookie, 0,
sizeof(hexcookie));
3595 (uint8_t *) pk_digest,
3629 const char *serviceid;
3630 rend_service_t *service = NULL;
3635 serviceid = rend_data_get_address(circ->
rend_data);
3643 if (service == NULL)
return NULL;
3662 const char *service_id,
int seconds_valid)
3664 int i, j, failed_upload = 0;
3666 smartlist_t *successful_uploads = smartlist_new();
3668 for (i = 0; i < smartlist_len(descs); i++) {
3672 if (hs_dirs && smartlist_len(hs_dirs) > 0) {
3678 log_warn(
LD_REND,
"Could not determine the responsible hidden service " 3679 "directories to post descriptors to.");
3686 for (j = 0; j < smartlist_len(responsible_dirs); j++) {
3691 hs_dir = smartlist_get(responsible_dirs, j);
3698 log_info(
LD_REND,
"Not launching upload for for v2 descriptor to " 3699 "hidden service directory %s; we don't have its " 3700 "router descriptor. Queuing for later upload.",
3709 rend_data = rend_data_client_create(service_id, desc->
desc_id, NULL,
3718 directory_initiate_request(req);
3719 directory_request_free(req);
3721 rend_data_free(rend_data);
3725 log_info(
LD_REND,
"Launching upload for v2 descriptor for " 3726 "service '%s' with descriptor ID '%s' with validity " 3727 "of %d seconds to hidden service directory '%s' on " 3729 safe_str_client(service_id),
3730 safe_str_client(desc_id_base32),
3737 desc_id_base32, NULL);
3746 if (!failed_upload) {
3760 char *hsdir_id = tor_memdup(c, DIGEST_LEN);
3761 smartlist_add(renddesc->successful_uploads, hsdir_id);
3766 smartlist_free(responsible_dirs);
3767 smartlist_free(successful_uploads);
3776 time_t now = time(NULL);
3781 rendpostperiod = get_options()->RendPostPeriod;
3785 int seconds_valid, i, j, num_descs;
3791 num_descs = service->auth_type == REND_STEALTH_AUTH ?
3792 smartlist_len(service->clients) : 1;
3793 for (j = 0; j < num_descs; j++) {
3797 switch (service->auth_type) {
3801 case REND_BASIC_AUTH:
3805 case REND_STEALTH_AUTH:
3806 client = smartlist_get(service->clients, j);
3807 client_key = client->client_key;
3817 if (seconds_valid < 0) {
3818 log_warn(
LD_BUG,
"Internal error: couldn't encode service " 3819 "descriptor; not uploading.");
3820 smartlist_free(descs);
3821 smartlist_free(client_cookies);
3825 if (get_options()->PublishHidServDescriptors) {
3827 log_info(
LD_REND,
"Launching upload for hidden service %s",
3833 for (i = 0; i < smartlist_len(descs); i++)
3839 service->next_upload_time = now + rendpostperiod;
3841 service->next_upload_time = now + seconds_valid + 1;
3843 service->next_upload_time = now + seconds_valid -
3852 if (seconds_valid < 0) {
3853 log_warn(
LD_BUG,
"Internal error: couldn't encode service " 3854 "descriptor; not uploading.");
3855 smartlist_free(descs);
3856 smartlist_free(client_cookies);
3859 if (get_options()->PublishHidServDescriptors) {
3864 for (i = 0; i < smartlist_len(descs); i++)
3869 smartlist_free(descs);
3870 smartlist_free(client_cookies);
3872 if (get_options()->PublishHidServDescriptors) {
3873 log_info(
LD_REND,
"Successfully uploaded v2 rend descriptors!");
3875 log_info(
LD_REND,
"Successfully stored created v2 rend descriptors!");
3881 service->next_upload_time = now + 60;
3884 service->desc_is_dirty = 0;
3918 int intro_point_lifetime_seconds =
3962 rend_intro_point_free(intro);
3963 } SMARTLIST_FOREACH_END(intro);
3969 node_get_by_id(intro->extend_info->identity_digest);
3976 if (node && exclude_nodes) {
3982 if (intro_circ == NULL) {
3983 log_info(
LD_REND,
"Attempting to retry on %s as intro point for %s" 3984 " (circuit disappeared).",
3986 safe_str_client(service->service_id));
3989 intro->circuit_established = 0;
3995 rend_intro_point_free(intro);
4017 log_info(
LD_REND,
"Expiring %s as intro point for %s.",
4019 safe_str_client(service->service_id));
4028 intro->circuit_established = 0;
4030 } SMARTLIST_FOREACH_END(intro);
4039 rend_service_t *service;
4040 const char *onion_address;
4044 onion_address = rend_data_get_address(rend_data);
4047 if (service == NULL) {
4055 if (intro_circ != NULL) {
4056 circuit_mark_for_close(
TO_CIRCUIT(intro_circ),
4057 END_CIRC_REASON_FINISHED);
4060 rend_intro_point_free(intro);
4061 } SMARTLIST_FOREACH_END(intro);
4095 const int allow_direct = rend_service_allow_non_anonymous_connection(
4107 exclude_nodes = smartlist_new();
4108 retry_nodes = smartlist_new();
4114 unsigned int n_intro_points_to_open;
4117 unsigned int intro_nodes_len;
4135 service->intro_period_started = now;
4136 service->n_intro_circuits_launched = 0;
4137 }
else if (service->n_intro_circuits_launched >=
4139 service->n_intro_points_wanted)) {
4150 log_warn(
LD_REND,
"Error launching circuit to node %s for service %s.",
4152 safe_str_client(service->service_id));
4156 rend_intro_point_free(intro);
4159 intro->circuit_retries++;
4160 } SMARTLIST_FOREACH_END(intro);
4163 intro_nodes_len = (
unsigned int) smartlist_len(service->intro_nodes);
4169 if (intro_nodes_len >= service->n_intro_points_wanted) {
4176 n_intro_points_to_open = service->n_intro_points_wanted - intro_nodes_len;
4177 if (intro_nodes_len == 0) {
4191 for (i = 0; i < (int) n_intro_points_to_open; i++) {
4196 direct_flags |= CRN_PREF_ADDR;
4197 direct_flags |= CRN_DIRECT_CONN;
4201 allow_direct ? direct_flags : flags);
4204 if (allow_direct && !node) {
4206 "Unable to find an intro point that we can connect to " 4207 "directly for %s, falling back to a 3-hop path.",
4208 safe_str_client(service->service_id));
4215 "We only have %d introduction points established for %s; " 4217 smartlist_len(service->intro_nodes),
4218 safe_str_client(service->service_id),
4219 n_intro_points_to_open);
4235 const int fail = crypto_pk_generate_key(intro->
intro_key);
4241 INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS);
4243 log_info(
LD_REND,
"Picked router %s as an intro point for %s.",
4245 safe_str_client(service->service_id));
4249 log_warn(
LD_REND,
"Error launching circuit to node %s for service %s.",
4251 safe_str_client(service->service_id));
4257 } SMARTLIST_FOREACH_END(service);
4258 smartlist_free(exclude_nodes);
4259 smartlist_free(retry_nodes);
4262 #define MIN_REND_INITIAL_POST_DELAY (30) 4263 #define MIN_REND_INITIAL_POST_DELAY_TESTING (5) 4277 rend_service_t *service;
4281 MIN_REND_INITIAL_POST_DELAY_TESTING :
4282 MIN_REND_INITIAL_POST_DELAY);
4286 if (!service->next_upload_time) {
4289 service->next_upload_time =
4294 if (rend_service_reveal_startup_time(options)) {
4295 service->next_upload_time = now + rendinitialpostdelay;
4299 unsigned int intro_points_ready =
4301 service->n_intro_points_wanted;
4302 if (intro_points_ready &&
4303 (service->next_upload_time < now ||
4304 (service->desc_is_dirty &&
4305 service->desc_is_dirty < now-rendinitialpostdelay))) {
4336 rend_service_t *service;
4342 if (!get_options()->PublishHidServDescriptors)
4347 if (service->desc && !service->desc->all_uploads_performed) {
4362 rend_service_t *service;
4364 const char *safe_name;
4371 for (j=0; j < smartlist_len(service->intro_nodes); ++j) {
4372 intro = smartlist_get(service->intro_nodes, j);
4397 rend_service_t *service;
4399 const char *rend_pk_digest;
4403 log_debug(
LD_REND,
"beginning to hunt for addr/port");
4404 rend_pk_digest = (
char *) rend_data_get_pk_digest(circ->
rend_data, NULL);
4409 log_warn(
LD_REND,
"Couldn't find any service associated with pk %s on " 4410 "rendezvous circuit %u; closing.",
4411 serviceid, (
unsigned)circ->base_.
n_circ_id);
4414 if (service->max_streams_per_circuit > 0) {
4417 #define MAX_STREAM_WARN_INTERVAL 600 4418 static struct ratelim_t stream_ratelim =
4419 RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
4422 "Maximum streams per circuit limit reached on rendezvous " 4423 "circuit %u; %s. Circuit has %d out of %d streams.",
4425 service->max_streams_close_circuit ?
4427 "ignoring open stream request",
4429 service->max_streams_per_circuit);
4430 return service->max_streams_close_circuit ? -2 : -1;
4434 if (hs_set_conn_addr_port(service->ports, conn) == 0) {
4440 "No virtual port mapping exists for port %d on service %s",
4441 conn->base_.
port, serviceid);
4443 if (service->allow_unknown_ports)
4452 rend_service_non_anonymous_mode_consistent(
const or_options_t *options)
4456 !! options->HiddenServiceNonAnonymousMode);
4465 rend_service_allow_non_anonymous_connection(
const or_options_t *options)
4467 tor_assert(rend_service_non_anonymous_mode_consistent(options));
4479 rend_service_reveal_startup_time(
const or_options_t *options)
4481 tor_assert(rend_service_non_anonymous_mode_consistent(options));
4482 return rend_service_non_anonymous_mode_enabled(options);
4491 rend_service_non_anonymous_mode_enabled(
const or_options_t *options)
4493 tor_assert(rend_service_non_anonymous_mode_consistent(options));
4494 return options->HiddenServiceNonAnonymousMode ? 1 : 0;
4497 #ifdef TOR_UNIT_TESTS 4506 set_rend_rend_service_staging_list(
smartlist_t *new_list)
#define RELAY_PAYLOAD_SIZE
void rep_hist_note_used_internal(time_t now, int need_uptime, int need_capacity)
int crypto_pk_write_private_key_to_string(crypto_pk_t *env, char **dest, size_t *len)
#define CIRCLAUNCH_ONEHOP_TUNNEL
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
static int rend_service_derive_key_digests(struct rend_service_t *s)
Header file for rendcommon.c.
#define CIRCLAUNCH_IS_INTERNAL
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *rs)
int crypto_pk_eq_keys(const crypto_pk_t *a, const crypto_pk_t *b)
#define MAX_HEX_NICKNAME_LEN
Header file for dirclient.c.
void rend_service_desc_has_uploaded(const rend_data_t *rend_data)
static struct rend_service_t * rend_service_get_by_service_id(const char *id)
int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
int rend_num_services(void)
Header file containing common data for the whole HS subsytem.
Header file containing configuration ABI/API for the HS subsytem.
unsigned int hs_circ_has_timed_out
void rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
Common functions for using (pseudo-)random number generators.
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
static smartlist_t * rend_service_list
static unsigned int count_intro_point_circuits(const rend_service_t *service)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
void cpath_extend_linked_list(crypt_path_t **head_ptr, crypt_path_t *new_hop)
int tor_open_cloexec(const char *path, int flags, unsigned mode)
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
int rend_service_load_all_keys(const smartlist_t *service_list)
int rend_service_validate_intro_late(const rend_intro_cell_t *intro, char **err_msg_out)
Header file for node_select.c.
static smartlist_t * rend_service_staging_list
void rend_service_free_all(void)
STATIC void rend_service_free_(rend_service_t *service)
void rend_consider_services_intro_points(time_t now)
const char * extend_info_describe(const extend_info_t *ei)
crypt_path_reference_t * service_pending_final_cpath_ref
static void set_uint16(void *cp, uint16_t v)
#define INTRO_POINT_LIFETIME_MAX_SECONDS
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc)
struct crypto_dh_t * rend_dh_handshake_state
crypt_path_t * pending_final_cpath
static int consider_republishing_rend_descriptors
#define CIRCLAUNCH_NEED_UPTIME
int rend_service_receive_introduction(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
char identity_digest[DIGEST_LEN]
Header file for describe.c.
Header file for nodelist.c.
void rend_service_free_intro_(rend_intro_cell_t *request)
static const char * rend_service_escaped_dir(const struct rend_service_t *s)
static int intro_point_should_expire_now(rend_intro_point_t *intro, time_t now)
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
#define NUM_INTRO_POINTS_MAX
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
#define REND_DESC_COOKIE_LEN_BASE64
int rend_service_decrypt_intro(rend_intro_cell_t *intro, crypto_pk_t *key, char **err_msg_out)
int crypto_dh_get_public(crypto_dh_t *dh, char *pubkey_out, size_t pubkey_out_len)
#define REND_SERVICE_ID_LEN
static origin_circuit_t * find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest)
char * rate_limit_log(ratelim_t *lim, time_t now)
#define REND_DESC_ID_V2_LEN_BASE32
struct directory_request_t directory_request_t
Header file for config.c.
Header file for nickname.c.
int accepted_introduce2_count
Header file for replaycache.c.
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
void smartlist_uniq_strings(smartlist_t *sl)
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
void rend_service_intro_has_opened(origin_circuit_t *circuit)
int crypto_rand_int_range(unsigned int min, unsigned int max)
int is_legal_nickname_or_hexdigest(const char *s)
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
int replaycache_add_test_and_elapsed(replaycache_t *r, const void *data, size_t len, time_t *elapsed)
#define SMARTLIST_DEL_CURRENT(sl, var)
Header file for mainloop.c.
static int rend_service_load_keys(struct rend_service_t *s)
void memwipe(void *mem, uint8_t byte, size_t sz)
void smartlist_sort_strings(smartlist_t *sl)
static void upload_service_descriptor(rend_service_t *service)
int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out, uint16_t *port_out)
#define REND_CLIENTNAME_MAX_LEN
FILE * start_writing_to_stdio_file(const char *fname, int open_flags, int mode, open_file_t **data_out)
static uint32_t get_uint32(const void *cp)
static rend_intro_point_t * find_expiring_intro_point(struct rend_service_t *service, origin_circuit_t *circ)
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
static int service_is_single_onion_poisoned(const rend_service_t *service)
int circuit_should_use_vanguards(uint8_t purpose)
Header file for loadkey.c.
smartlist_t * intro_nodes
Header file for policies.c.
static rend_intro_point_t * find_intro_point(origin_circuit_t *circ)
int crypto_dh_generate_public(crypto_dh_t *dh)
int port_cfg_line_extract_addrport(const char *line, char **addrport_out, int *is_unix_out, const char **rest_out)
extend_info_t * extend_info
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
int32_t circuit_initial_package_window(void)
int all_uploads_performed
Common functions for cryptographic routines.
crypto_pk_t * crypto_pk_asn1_decode(const char *str, size_t len)
directory_request_t * directory_request_new(uint8_t dir_purpose)
static int rend_service_load_auth_keys(struct rend_service_t *s, const char *hfname)
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
unsigned int circuit_established
#define tor_addr_from_ipv4h(dest, v4addr)
static extend_info_t * find_rp_for_intro(const rend_intro_cell_t *intro, char **err_msg_out)
static int rend_service_check_private_dir(const or_options_t *options, const rend_service_t *s, int create)
static ssize_t rend_service_parse_intro_for_v3(rend_intro_cell_t *intro, const uint8_t *buf, size_t plaintext_len, char **err_msg_out)
void rend_consider_services_upload(time_t now)
int finish_writing_to_file(open_file_t *file_data)
int tor_memeq(const void *a, const void *b, size_t sz)
static unsigned int rend_service_is_ephemeral(const struct rend_service_t *s)
int tor_asprintf(char **strp, const char *fmt,...)
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
static rend_service_port_config_t * rend_service_port_config_new(const char *socket_path)
origin_circuit_t * circuit_get_next_intro_circ(const origin_circuit_t *start, bool want_client_circ)
routerset_t * ExcludeNodes
char nickname[MAX_HEX_NICKNAME_LEN+1]
static int rend_add_service(smartlist_t *service_list, rend_service_t *service)
void rend_hsdir_routers_changed(void)
#define PK_PKCS1_OAEP_PADDING
const char * node_describe(const node_t *node)
rend_service_port_config_t * rend_service_parse_port_config(const char *string, const char *sep, char **err_msg_out)
Master header file for Tor-specific functionality.
#define CIRCUIT_STATE_OPEN
#define INTRO_CIRC_RETRY_PERIOD
Header file for circuitbuild.c.
int crypto_rand_int(unsigned int max)
int rend_service_parse_intro_plaintext(rend_intro_cell_t *intro, char **err_msg_out)
struct crypto_pk_t * intro_key
void smartlist_remove(smartlist_t *sl, const void *element)
static uint16_t get_uint16(const void *cp)
#define NUM_INTRO_POINTS_EXTRA
int rend_valid_v2_service_id(const char *query)
hs_service_add_ephemeral_status_t
extend_info_t * extend_info_dup(extend_info_t *info)
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
STATIC int rend_service_verify_single_onion_poison(const rend_service_t *s, const or_options_t *options)
static int intro_point_accepted_intro_count(rend_intro_point_t *intro)
const char * routerstatus_describe(const routerstatus_t *rs)
static int rend_check_authorization(rend_service_t *service, const char *descriptor_cookie, size_t cookie_len)
#define log_fn_ratelim(ratelim, severity, domain, args,...)
char nickname[MAX_NICKNAME_LEN+1]
char rend_circ_nonce[DIGEST_LEN]
Header file for circuituse.c.
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
int fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
char * rend_auth_encode_cookie(const uint8_t *cookie_in, rend_auth_type_t auth_type)
int rend_service_del_ephemeral(const char *service_id)
replaycache_t * replaycache_new(time_t horizon, time_t interval)
int rend_parse_client_keys(strmap_t *parsed_clients, const char *ckstr)
#define RFTS_IGNORE_MISSING
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Header file for circuitlist.c.
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
Header file for rendservice.c.
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
static void rend_log_intro_limit(const rend_service_t *service, int min_severity)
static unsigned int count_established_intro_points(const rend_service_t *service)
int rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
int rend_valid_client_name(const char *client_name)
int cpath_init_circuit_crypto(crypt_path_t *cpath, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
#define CIRCLAUNCH_NEED_CAPACITY
void rend_services_add_filenames_to_lists(smartlist_t *open_lst, smartlist_t *stat_lst)
#define CIRCUIT_PURPOSE_S_INTRO
int smartlist_contains_digest(const smartlist_t *sl, const char *element)
smartlist_t * routerstatus_list
int is_legal_nickname(const char *s)
static void rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s)
#define CIRCUIT_PURPOSE_HS_VANGUARDS
int rend_encode_v2_descriptors(smartlist_t *descs_out, rend_service_descriptor_t *desc, time_t now, uint8_t period, rend_auth_type_t auth_type, crypto_pk_t *client_key, smartlist_t *client_cookies)
struct crypt_path_t * prev
cpath_build_state_t * build_state
int HiddenServiceSingleHopMode
void rend_encoded_v2_service_descriptor_free_(rend_encoded_v2_service_descriptor_t *desc)
#define REND_SERVICE_ID_LEN_BASE32
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
void circuit_has_opened(origin_circuit_t *circ)
#define NUM_INTRO_POINTS_DEFAULT
Header file for crypt_path.c.
const char * circuit_state_to_string(int state)
int tor_snprintf(char *str, size_t size, const char *format,...)
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
static ssize_t rend_service_parse_intro_for_v2(rend_intro_cell_t *intro, const uint8_t *buf, size_t plaintext_len, char **err_msg_out)
char rend_cookie[REND_COOKIE_LEN]
hs_service_add_ephemeral_status_t rend_service_add_ephemeral(crypto_pk_t *pk, smartlist_t *ports, int max_streams_per_circuit, int max_streams_close_circuit, rend_auth_type_t auth_type, smartlist_t *auth_clients, char **service_id_out)
origin_circuit_t * circuit_launch_by_extend_info(uint8_t purpose, extend_info_t *extend_info, int flags)
crypto_dh_t * crypto_dh_new(int dh_type)
int hs_get_service_max_rend_failures(void)
char identity_digest[DIGEST_LEN]
#define SMARTLIST_FOREACH(sl, type, var, cmd)
const char * escaped(const char *s)
static struct rend_service_t * rend_service_get_by_pk_digest(const char *digest)
#define DIR_PURPOSE_UPLOAD_RENDDESC_V2
void directory_request_set_rend_query(directory_request_t *req, const rend_data_t *query)
int fascist_firewall_allows_node(const node_t *node, firewall_connection_t fw_connection, int pref_only)
rend_intro_cell_t * rend_service_begin_parse_intro(const uint8_t *request, size_t request_len, uint8_t type, char **err_msg_out)
static void remove_invalid_intro_points(rend_service_t *service, smartlist_t *exclude_nodes, smartlist_t *retry_nodes, time_t now)
#define log_fn(severity, domain, args,...)
int rend_get_service_id(crypto_pk_t *pk, char *out)
#define REND_TIME_PERIOD_OVERLAPPING_V2_DESCS
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
crypto_pk_t * init_key_from_file(const char *fname, int generate, int severity, bool *created_out)
int hid_serv_get_responsible_directories(smartlist_t *responsible_dirs, const char *id)
void rend_service_port_config_free_(rend_service_port_config_t *p)
size_t crypto_pk_keysize(const crypto_pk_t *env)
#define CIRCUIT_PURPOSE_C_GENERAL
struct replaycache_t * accepted_intro_rsa_parts
void pathbias_count_use_attempt(origin_circuit_t *circ)
unsigned int listed_in_last_desc
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
static ssize_t rend_service_parse_intro_for_v0_or_v1(rend_intro_cell_t *intro, const uint8_t *buf, size_t plaintext_len, char **err_msg_out)
int abort_writing_to_file(open_file_t *file_data)
static int rend_max_intro_circs_per_period(unsigned int n_intro_points_wanted)
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
int crypto_pk_is_valid_private_key(const crypto_pk_t *env)
STATIC int rend_service_poison_new_single_onion_dir(const rend_service_t *s, const or_options_t *options)
void rend_service_dump_stats(int severity)
extend_info_t * chosen_exit
smartlist_t * successful_uploads
ssize_t crypto_dh_compute_secret(int severity, crypto_dh_t *dh, const char *pubkey, size_t pubkey_len, char *secret_out, size_t secret_bytes_out)
#define INTRO_POINT_LIFETIME_MIN_SECONDS
int crypto_pk_asn1_encode(const crypto_pk_t *pk, char *dest, size_t dest_len)
origin_circuit_t * circuit_get_next_by_pk_and_purpose(origin_circuit_t *start, const uint8_t *digest, uint8_t purpose)
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
static void rend_authorized_client_free_void(void *authorized_client)
int rend_service_set_connection_addr_port(edge_connection_t *conn, origin_circuit_t *circ)
#define CIRCUIT_PURPOSE_S_REND_JOINED
int crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int warnOnFailure)
Header file for rendclient.c.
static ssize_t(* intro_version_handlers[])(rend_intro_cell_t *, const uint8_t *, size_t, char **)
static void rend_service_update_descriptor(rend_service_t *service)
Header file for control_events.c.
void smartlist_clear(smartlist_t *sl)
#define REND_DESC_COOKIE_LEN
static int rend_service_launch_establish_intro(rend_service_t *service, rend_intro_point_t *intro)
void control_event_hs_descriptor_upload(const char *onion_address, const char *id_digest, const char *desc_id, const char *hsdir_index)
void rend_authorized_client_free_(rend_authorized_client_t *client)
void pathbias_mark_use_success(origin_circuit_t *circ)
#define REND_REPLAY_TIME_INTERVAL
file_status_t file_status(const char *filename)
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Header file for networkstatus.c.
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
const char * escaped_safe_str_client(const char *address)
int have_completed_a_circuit(void)
void rend_consider_descriptor_republication(void)
void directory_post_to_hs_dir(rend_service_descriptor_t *renddesc, smartlist_t *descs, smartlist_t *hs_dirs, const char *service_id, int seconds_valid)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
char * tor_dup_ip(uint32_t addr)
