10 #define RENDSERVICE_PRIVATE 21 #include "feature/client/circpathbias.h" 34 #include "feature/nodelist/routerset.h" 37 #include "feature/rend/rendparse.h" 39 #include "feature/stats/predict_ports.h" 46 #include "core/or/cpath_build_state_st.h" 47 #include "core/or/crypt_path_st.h" 48 #include "core/or/crypt_path_reference_st.h" 49 #include "core/or/edge_connection_st.h" 50 #include "core/or/extend_info_st.h" 51 #include "feature/nodelist/networkstatus_st.h" 52 #include "core/or/origin_circuit_st.h" 53 #include "feature/rend/rend_authorized_client_st.h" 54 #include "feature/rend/rend_encoded_v2_service_descriptor_st.h" 55 #include "feature/rend/rend_intro_point_st.h" 56 #include "feature/rend/rend_service_descriptor_st.h" 57 #include "feature/nodelist/routerstatus_st.h" 65 #ifdef HAVE_SYS_STAT_H 69 struct rend_service_t;
71 const char *pk_digest);
91 const struct rend_service_t *s);
101 size_t plaintext_len,
106 size_t plaintext_len,
110 const rend_service_t *s,
121 static const char *private_key_fname =
"private_key";
122 static const char *hostname_fname =
"hostname";
123 static const char *client_keys_fname =
"client_keys";
124 static const char *sos_poison_fname =
"onion_service_non_anonymous";
135 rend_get_service_list(
const smartlist_t* substitute_service_list)
139 return rend_get_service_list_mutable((
smartlist_t*)substitute_service_list);
149 rend_get_service_list_mutable(
smartlist_t* substitute_service_list)
151 if (substitute_service_list) {
152 return substitute_service_list;
170 return (s->directory == NULL);
196 if (client->client_key)
197 crypto_pk_free(client->client_key);
198 if (client->client_name)
199 memwipe(client->client_name, 0, strlen(client->client_name));
201 memwipe(client->descriptor_cookie, 0,
sizeof(client->descriptor_cookie));
221 if (service->ports) {
223 rend_service_port_config_free(p));
224 smartlist_free(service->ports);
226 if (service->private_key)
227 crypto_pk_free(service->private_key);
228 if (service->intro_nodes) {
230 rend_intro_point_free(intro););
231 smartlist_free(service->intro_nodes);
233 if (service->expiring_nodes) {
235 rend_intro_point_free(intro););
236 smartlist_free(service->expiring_nodes);
239 rend_service_descriptor_free(service->desc);
240 if (service->clients) {
242 rend_authorized_client_free(c););
243 smartlist_free(service->clients);
245 if (service->accepted_intro_dh_parts) {
246 replaycache_free(service->accepted_intro_dh_parts);
253 rend_service_free_staging_list(
void)
257 rend_service_free(ptr));
270 rend_service_free(ptr));
274 rend_service_free_staging_list();
279 rend_service_init(
void)
292 rend_validate_service(
const smartlist_t *service_list,
293 const rend_service_t *service)
298 if (service->max_streams_per_circuit < 0) {
299 log_warn(
LD_CONFIG,
"Hidden service (%s) configured with negative max " 300 "streams per circuit.",
305 if (service->max_streams_close_circuit < 0 ||
306 service->max_streams_close_circuit > 1) {
307 log_warn(
LD_CONFIG,
"Hidden service (%s) configured with invalid " 308 "max streams handling.",
313 if (service->auth_type != REND_NO_AUTH &&
314 (!service->clients || smartlist_len(service->clients) == 0)) {
315 log_warn(
LD_CONFIG,
"Hidden service (%s) with client authorization but " 321 if (!service->ports || !smartlist_len(service->ports)) {
322 log_warn(
LD_CONFIG,
"Hidden service (%s) with no ports configured.",
344 smartlist_t *s_list = rend_get_service_list_mutable(service_list);
348 rend_service_free(service);
352 service->intro_nodes = smartlist_new();
353 service->expiring_nodes = smartlist_new();
355 log_debug(
LD_REND,
"Configuring service with directory %s",
357 for (i = 0; i < smartlist_len(service->ports); ++i) {
358 p = smartlist_get(service->ports, i);
359 if (!(p->is_unix_addr)) {
361 "Service maps port %d to %s",
367 "Service maps port %d to socket at \"%s\"",
368 p->virtual_port, p->unix_addr);
371 "Service maps port %d to an AF_UNIX socket, but we " 372 "have no AF_UNIX support on this platform. This is " 375 rend_service_free(service);
388 hs_service_map_has_changed();
401 const size_t pathlen = strlen(socket_path) + 1;
404 memcpy(conf->unix_addr, socket_path, pathlen);
405 conf->is_unix_addr = 1;
427 unsigned int is_unix_addr = 0;
428 const char *socket_path = NULL;
429 char *err_msg = NULL;
430 char *addrport = NULL;
432 sl = smartlist_new();
434 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
435 if (smartlist_len(sl) < 1 || BUG(smartlist_len(sl) > 2)) {
436 err_msg = tor_strdup(
"Bad syntax in hidden service port configuration.");
439 virtport = (int)
tor_parse_long(smartlist_get(sl,0), 10, 1, 65535, NULL,NULL);
441 tor_asprintf(&err_msg,
"Missing or invalid port %s in hidden service " 442 "port configuration",
escaped(smartlist_get(sl,0)));
446 if (smartlist_len(sl) == 1) {
453 const char *addrport_element = smartlist_get(sl,1);
454 const char *rest = NULL;
460 tor_asprintf(&err_msg,
"Couldn't process address <%s> from hidden " 461 "service configuration", addrport_element);
465 if (rest && strlen(rest)) {
466 err_msg = tor_strdup(
"HiddenServicePort parse error: invalid port " 472 socket_path = addrport;
474 }
else if (strchr(addrport,
':') || strchr(addrport,
'.')) {
477 err_msg = tor_strdup(
"Unparseable address in hidden service port " 481 realport = p?p:virtport;
484 realport = (int)
tor_parse_long(addrport, 10, 1, 65535, NULL, NULL);
486 tor_asprintf(&err_msg,
"Unparseable or out-of-range port %s in " 487 "hidden service port configuration.",
497 result->virtual_port = virtport;
498 result->is_unix_addr = is_unix_addr;
500 result->real_port = realport;
502 result->unix_addr[0] =
'\0';
507 if (err_msg_out != NULL) {
508 *err_msg_out = err_msg;
530 copy_service_on_prunning(rend_service_t *dst, rend_service_t *src)
538 dst->desc_is_dirty = src->desc_is_dirty;
539 dst->next_upload_time = src->next_upload_time;
541 dst->accepted_intro_dh_parts = src->accepted_intro_dh_parts;
542 src->accepted_intro_dh_parts = NULL;
544 dst->intro_period_started = src->intro_period_started;
545 dst->n_intro_circuits_launched = src->n_intro_circuits_launched;
546 dst->n_intro_points_wanted = src->n_intro_points_wanted;
554 rend_service_prune_list_impl_(
void)
557 smartlist_t *surviving_services, *old_service_list, *new_service_list;
574 if (!old_service_list) {
583 surviving_services = smartlist_new();
605 } SMARTLIST_FOREACH_END(old);
615 strcmp(old->directory, new->directory)) {
624 copy_service_on_prunning(
new, old);
629 } SMARTLIST_FOREACH_END(old);
630 } SMARTLIST_FOREACH_END(
new);
641 if (rend_circuit_pk_digest_eq(ocirc, (uint8_t *) s->pk_digest)) {
646 } SMARTLIST_FOREACH_END(s);
650 log_info(
LD_REND,
"Closing intro point %s for service %s.",
653 safe_str_client(rend_data_get_address(ocirc->
rend_data)));
656 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
658 smartlist_free(surviving_services);
660 hs_service_map_has_changed();
667 rend_service_prune_list(
void)
675 rend_service_prune_list_impl_();
676 if (old_service_list) {
680 rend_service_free(s));
681 smartlist_free(old_service_list);
691 service_config_shadow_copy(rend_service_t *service,
697 service->directory = tor_strdup(config->directory_path);
698 service->dir_group_readable = config->dir_group_readable;
699 service->allow_unknown_ports = config->allow_unknown_ports;
703 service->max_streams_per_circuit = (int) config->max_streams_per_rdv_circuit;
704 if (BUG(config->max_streams_per_rdv_circuit >
705 HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT)) {
706 service->max_streams_per_circuit = HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT;
708 service->max_streams_close_circuit = config->max_streams_close_circuit;
709 service->n_intro_points_wanted = config->num_intro_points;
712 smartlist_free(config->ports);
713 config->ports = NULL;
727 rend_service_t *service = NULL;
741 service = tor_malloc_zero(
sizeof(rend_service_t));
742 service->intro_period_started = time(NULL);
743 service->ports = smartlist_new();
746 service_config_shadow_copy(service, config);
748 for (line = line_; line; line = line->next) {
749 if (!strcasecmp(line->key,
"HiddenServiceDir")) {
754 if (!strcasecmp(line->key,
"HiddenServiceNumIntroductionPoints")) {
757 service->n_intro_points_wanted =
762 "HiddenServiceNumIntroductionPoints " 763 "should be between %d and %d, not %s",
767 log_info(
LD_CONFIG,
"HiddenServiceNumIntroductionPoints=%d for %s",
768 service->n_intro_points_wanted,
escaped(service->directory));
771 if (!strcasecmp(line->key,
"HiddenServiceAuthorizeClient")) {
776 const char *authname;
777 if (service->auth_type != REND_NO_AUTH) {
778 log_warn(
LD_CONFIG,
"Got multiple HiddenServiceAuthorizeClient " 779 "lines for a single service.");
782 type_names_split = smartlist_new();
784 if (smartlist_len(type_names_split) < 1) {
785 log_warn(
LD_BUG,
"HiddenServiceAuthorizeClient has no value. This " 786 "should have been prevented when parsing the " 788 smartlist_free(type_names_split);
791 authname = smartlist_get(type_names_split, 0);
792 if (!strcasecmp(authname,
"basic")) {
793 service->auth_type = REND_BASIC_AUTH;
794 }
else if (!strcasecmp(authname,
"stealth")) {
795 service->auth_type = REND_STEALTH_AUTH;
797 log_warn(
LD_CONFIG,
"HiddenServiceAuthorizeClient contains " 798 "unrecognized auth-type '%s'. Only 'basic' or 'stealth' " 800 (
char *) smartlist_get(type_names_split, 0));
802 smartlist_free(type_names_split);
805 service->clients = smartlist_new();
806 if (smartlist_len(type_names_split) < 2) {
807 log_warn(
LD_CONFIG,
"HiddenServiceAuthorizeClient contains " 808 "auth-type '%s', but no client names.",
809 service->auth_type == REND_BASIC_AUTH ?
"basic" :
"stealth");
811 smartlist_free(type_names_split);
814 clients = smartlist_new();
816 ",", SPLIT_SKIP_SPACE, 0);
818 smartlist_free(type_names_split);
821 int num_clients = smartlist_len(clients);
824 if (smartlist_len(clients) < num_clients) {
825 log_info(
LD_CONFIG,
"HiddenServiceAuthorizeClient contains %d " 826 "duplicate client name(s); removing.",
827 num_clients - smartlist_len(clients));
834 log_warn(
LD_CONFIG,
"HiddenServiceAuthorizeClient contains an " 835 "illegal client name: '%s'. Names must be " 836 "between 1 and %d characters and contain " 837 "only [A-Za-z0-9+_-].",
840 smartlist_free(clients);
844 client->client_name = tor_strdup(client_name);
846 log_debug(
LD_REND,
"Adding client name '%s'", client_name);
848 SMARTLIST_FOREACH_END(client_name);
850 smartlist_free(clients);
852 if ((service->auth_type == REND_BASIC_AUTH &&
853 smartlist_len(service->clients) > 512) ||
854 (service->auth_type == REND_STEALTH_AUTH &&
855 smartlist_len(service->clients) > 16)) {
856 log_warn(
LD_CONFIG,
"HiddenServiceAuthorizeClient contains %d " 857 "client authorization entries, but only a " 858 "maximum of %d entries is allowed for " 859 "authorization type '%s'.",
860 smartlist_len(service->clients),
861 service->auth_type == REND_BASIC_AUTH ? 512 : 16,
862 service->auth_type == REND_BASIC_AUTH ?
"basic" :
"stealth");
884 rend_service_free(service);
905 int max_streams_per_circuit,
906 int max_streams_close_circuit,
909 char **service_id_out)
911 *service_id_out = NULL;
915 rend_service_t *s = tor_malloc_zero(
sizeof(rend_service_t));
918 s->auth_type = auth_type;
919 s->clients = auth_clients;
921 s->intro_period_started = time(NULL);
923 s->max_streams_per_circuit = max_streams_per_circuit;
924 s->max_streams_close_circuit = max_streams_close_circuit;
926 rend_service_free(s);
930 if (!s->ports || smartlist_len(s->ports) == 0) {
931 log_warn(
LD_CONFIG,
"At least one VIRTPORT/TARGET must be specified.");
932 rend_service_free(s);
935 if (s->auth_type != REND_NO_AUTH &&
936 (!s->clients || smartlist_len(s->clients) == 0)) {
937 log_warn(
LD_CONFIG,
"At least one authorized client must be specified.");
938 rend_service_free(s);
946 log_warn(
LD_CONFIG,
"Onion Service private key collides with an " 947 "existing service.");
948 rend_service_free(s);
952 log_warn(
LD_CONFIG,
"Onion Service id collides with an existing service.");
953 rend_service_free(s);
961 *service_id_out = tor_strdup(s->service_id);
963 log_debug(
LD_CONFIG,
"Added ephemeral Onion Service: %s", s->service_id);
975 log_warn(
LD_CONFIG,
"Requested malformed Onion Service id for removal.");
979 log_warn(
LD_CONFIG,
"Requested non-existent Onion Service id for " 984 log_warn(
LD_CONFIG,
"Requested non-ephemeral Onion Service for removal.");
995 if (!circ->marked_for_close &&
1000 !rend_circuit_pk_digest_eq(oc, (uint8_t *) s->pk_digest)) {
1003 log_debug(
LD_REND,
"Closing intro point %s for service %s.",
1007 circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
1009 } SMARTLIST_FOREACH_END(circ);
1012 hs_service_map_has_changed();
1013 rend_service_free(s);
1015 log_debug(
LD_CONFIG,
"Removed ephemeral Onion Service: %s", service_id);
1022 #define INTRO_CIRC_RETRY_PERIOD_SLOP 10 1030 int exceeded_limit = (service->n_intro_circuits_launched >=
1032 service->n_intro_points_wanted));
1033 int severity = min_severity;
1035 if (exceeded_limit) {
1038 time_t intro_period_elapsed = time(NULL) - service->intro_period_started;
1039 tor_assert_nonfatal(intro_period_elapsed >= 0);
1045 "Hidden service %s %s %d intro points in the last %d seconds. " 1046 "Intro circuit launches are limited to %d per %d seconds.%s",
1047 service->service_id,
1048 exceeded_limit ?
"exceeded launch limit with" :
"launched",
1049 service->n_intro_circuits_launched,
1050 (
int)intro_period_elapsed,
1068 rend_service_descriptor_free(service->desc);
1069 service->desc = NULL;
1079 for (i = 0; i < smartlist_len(service->intro_nodes); ++i) {
1113 unsigned int have_intro = (
unsigned int)smartlist_len(d->
intro_nodes);
1114 if (have_intro != service->n_intro_points_wanted) {
1117 if (have_intro < service->n_intro_points_wanted ||
1124 log_fn(severity,
LD_REND,
"Hidden service %s wanted %d intro points, but " 1125 "descriptor was updated with %d instead.",
1126 service->service_id,
1127 service->n_intro_points_wanted, have_intro);
1138 rend_service_path(
const rend_service_t *service,
const char *file_name)
1141 return hs_path_from_filename(service->directory, file_name);
1149 rend_service_sos_poison_path(
const rend_service_t *service)
1151 return rend_service_path(service, sos_poison_fname);
1159 char *poison_fname = NULL;
1163 if (BUG(!service)) {
1171 poison_fname = rend_service_sos_poison_path(service);
1179 if (fstatus == FN_FILE || fstatus == FN_EMPTY) {
1189 rend_service_private_key_exists(
const rend_service_t *service)
1191 char *private_key_path = rend_service_path(service, private_key_fname);
1197 return private_key_status == FN_FILE;
1224 if (BUG(!s->directory)) {
1230 if (!rend_service_private_key_exists(s)) {
1236 rend_service_non_anonymous_mode_enabled(options)) {
1253 poison_new_single_onion_hidden_service_dir_impl(
const rend_service_t *service,
1257 if (BUG(!service)) {
1262 tor_assert(rend_service_non_anonymous_mode_enabled(options));
1266 char *poison_fname = NULL;
1269 log_info(
LD_REND,
"Ephemeral HS started in non-anonymous mode.");
1274 if (rend_service_private_key_exists(service)) {
1275 log_warn(
LD_BUG,
"Tried to single onion poison a service directory after " 1276 "the private key was created.");
1281 if (BUG(hs_check_service_private_dir(options->
User, service->directory,
1282 service->dir_group_readable, 0) < 0))
1285 poison_fname = rend_service_sos_poison_path(service);
1290 log_warn(
LD_FS,
"Can't read single onion poison file \"%s\"",
1295 log_debug(
LD_FS,
"Tried to re-poison a single onion poisoned file \"%s\"",
1301 log_warn(
LD_FS,
"Could not create single onion poison file %s",
1334 tor_assert(rend_service_non_anonymous_mode_enabled(options));
1342 if (BUG(!s->directory)) {
1346 if (!rend_service_private_key_exists(s)) {
1347 if (poison_new_single_onion_hidden_service_dir_impl(s, options)
1359 rend_service_key_on_disk(
const char *directory_path)
1368 fname = hs_path_from_filename(directory_path, private_key_fname);
1389 const smartlist_t *s_list = rend_get_service_list(service_list);
1397 log_info(
LD_REND,
"Loading hidden-service keys from %s",
1402 } SMARTLIST_FOREACH_END(s);
1414 smartlist_add(lst, rend_service_path(s, private_key_fname));
1416 smartlist_add(lst, rend_service_path(s, client_keys_fname));
1434 } SMARTLIST_FOREACH_END(s);
1444 log_warn(
LD_BUG,
"Internal error: couldn't encode service ID.");
1448 log_warn(
LD_BUG,
"Couldn't compute hash of public key.");
1466 const rend_service_t *s,
1475 if (hs_check_service_private_dir(options->
User, s->directory,
1476 s->dir_group_readable, create) < 0) {
1487 log_warn(
LD_GENERAL,
"We are configured with " 1488 "HiddenServiceNonAnonymousMode %d, but the hidden " 1489 "service key in directory %s was created in %s mode. " 1490 "This is not allowed.",
1491 rend_service_non_anonymous_mode_enabled(options) ? 1 : 0,
1493 rend_service_non_anonymous_mode_enabled(options) ?
1494 "an anonymous" :
"a non-anonymous" 1504 if (create && rend_service_non_anonymous_mode_enabled(options)) {
1505 static int logged_warning = 0;
1508 log_warn(
LD_GENERAL,
"Failed to mark new hidden services as non-anonymous" 1513 if (!logged_warning) {
1515 log_notice(
LD_REND,
"The configured onion service directories have been " 1516 "used in single onion mode. They can not be used for " 1517 "anonymous hidden services.");
1540 fname = rend_service_path(s, private_key_fname);
1543 if (!s->private_key)
1551 fname = rend_service_path(s, hostname_fname);
1553 tor_snprintf(buf,
sizeof(buf),
"%s.onion\n", s->service_id);
1554 if (write_str_to_file(fname,buf,0)<0) {
1555 log_warn(
LD_CONFIG,
"Could not write onion address to hostname file.");
1559 if (s->dir_group_readable) {
1561 if (chmod(fname, 0640))
1562 log_warn(
LD_FS,
"Unable to make hidden hostname file %s group-readable.",
1568 if (s->auth_type != REND_NO_AUTH) {
1591 char *cfname = NULL;
1592 char *client_keys_str = NULL;
1593 strmap_t *parsed_clients = strmap_new();
1594 FILE *cfile, *hfile;
1595 open_file_t *open_cfile = NULL, *open_hfile = NULL;
1597 char service_id[16+1];
1601 cfname = rend_service_path(s, client_keys_fname);
1603 if (client_keys_str) {
1605 log_warn(
LD_CONFIG,
"Previously stored client_keys file could not " 1609 log_info(
LD_CONFIG,
"Parsed %d previously stored client entries.",
1610 strmap_size(parsed_clients));
1616 OPEN_FLAGS_REPLACE | O_TEXT,
1617 0600, &open_cfile))) {
1618 log_warn(
LD_CONFIG,
"Could not open client_keys file %s",
1624 OPEN_FLAGS_REPLACE | O_TEXT,
1625 0600, &open_hfile))) {
1634 strmap_get(parsed_clients, client->client_name);
1639 memcpy(client->descriptor_cookie, parsed->descriptor_cookie,
1647 (
char *) client->descriptor_cookie,
1649 log_warn(
LD_BUG,
"Could not base64-encode descriptor cookie.");
1653 if (parsed && parsed->client_key) {
1655 }
else if (s->auth_type == REND_STEALTH_AUTH) {
1658 if (!(prkey = crypto_pk_new())) {
1659 log_warn(
LD_BUG,
"Error constructing client key");
1662 if (crypto_pk_generate_key(prkey)) {
1663 log_warn(
LD_BUG,
"Error generating client key");
1664 crypto_pk_free(prkey);
1668 log_warn(
LD_BUG,
"Generated client key seems invalid");
1669 crypto_pk_free(prkey);
1672 client->client_key = prkey;
1676 "client-name %s\ndescriptor-cookie %s\n",
1677 client->client_name, desc_cook_out);
1679 log_warn(
LD_BUG,
"Could not write client entry.");
1682 if (client->client_key) {
1683 char *client_key_out = NULL;
1685 &client_key_out, &len) != 0) {
1686 log_warn(
LD_BUG,
"Internal error: " 1687 "crypto_pk_write_private_key_to_string() failed.");
1691 log_warn(
LD_BUG,
"Internal error: couldn't encode service ID.");
1696 memwipe(client_key_out, 0, len);
1700 written =
tor_snprintf(buf + written,
sizeof(buf) - written,
1701 "client-key\n%s", client_key_out);
1702 memwipe(client_key_out, 0, len);
1705 log_warn(
LD_BUG,
"Could not write client entry.");
1709 strlcpy(service_id, s->service_id,
sizeof(service_id));
1712 if (fputs(buf, cfile) < 0) {
1713 log_warn(
LD_FS,
"Could not append client entry to file: %s",
1722 if (!encoded_cookie) {
1723 log_warn(
LD_BUG,
"Could not base64-encode descriptor cookie.");
1726 tor_snprintf(buf,
sizeof(buf),
"%s.onion %s # client: %s\n",
1727 service_id, encoded_cookie, client->client_name);
1728 memwipe(encoded_cookie, 0, strlen(encoded_cookie));
1731 if (fputs(buf, hfile)<0) {
1732 log_warn(
LD_FS,
"Could not append host entry to file: %s",
1736 } SMARTLIST_FOREACH_END(client);
1749 if (client_keys_str) {
1750 memwipe(client_keys_str, 0, strlen(client_keys_str));
1756 memwipe(cfname, 0, strlen(cfname));
1762 memwipe(desc_cook_out, 0,
sizeof(desc_cook_out));
1763 memwipe(service_id, 0,
sizeof(service_id));
1771 static rend_service_t *
1783 static struct rend_service_t *
1799 const char *descriptor_cookie,
1805 if (!service->clients) {
1806 log_warn(
LD_BUG,
"Can't check authorization for a service that has no " 1807 "authorized clients configured.");
1812 log_info(
LD_REND,
"Descriptor cookie is %lu bytes, but we expected " 1813 "%lu bytes. Dropping cell.",
1820 if (tor_memeq(client->descriptor_cookie, descriptor_cookie,
1821 REND_DESC_COOKIE_LEN)) {
1822 auth_client = client;
1828 base64_encode(descriptor_cookie_base64,
sizeof(descriptor_cookie_base64),
1830 log_info(
LD_REND,
"No authorization found for descriptor cookie '%s'! " 1832 descriptor_cookie_base64);
1837 log_info(
LD_REND,
"Client %s authorized for service %s.",
1838 auth_client->client_name, service->service_id);
1845 rend_service_use_direct_connection(
const or_options_t* options,
1851 return (rend_service_allow_non_anonymous_connection(options) &&
1853 FIREWALL_OR_CONNECTION, 0, 0));
1858 rend_service_use_direct_connection_node(
const or_options_t* options,
1863 return (rend_service_allow_non_anonymous_connection(options) &&
1876 const uint8_t *request,
1880 int status = 0, result;
1882 char *err_msg = NULL;
1884 const char *stage_descr = NULL, *rend_pk_digest;
1885 int reason = END_CIRC_REASON_TORPROTOCOL;
1888 rend_service_t *service = NULL;
1897 char keys[
DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
1903 int circ_needs_uptime;
1904 time_t now = time(NULL);
1912 "Got an INTRODUCE2 over a non-introduction circuit %u.",
1917 assert_circ_anonymity_ok(circuit, options);
1920 rend_pk_digest = (
char *) rend_data_get_pk_digest(circuit->
rend_data, NULL);
1930 "Internal error: Got an INTRODUCE2 cell on an intro " 1931 "circ for an unrecognized service %s.",
1937 if (intro_point == NULL) {
1939 if (intro_point == NULL) {
1941 "Internal error: Got an INTRODUCE2 cell on an " 1942 "intro circ (for service %s) with no corresponding " 1943 "rend_intro_point_t.",
1949 log_info(
LD_REND,
"Received INTRODUCE2 cell for service %s on circ %u.",
1953 intro_key = circuit->intro_key;
1958 stage_descr =
"early parsing";
1964 }
else if (err_msg) {
1965 log_info(
LD_REND,
"%s on circ %u.", err_msg,
1971 if (!service->accepted_intro_dh_parts) {
1972 service->accepted_intro_dh_parts =
1985 parsed_req->ciphertext, MIN(parsed_req->ciphertext_len, keylen),
1990 "Possible replay detected! We received an " 1991 "INTRODUCE2 cell with same PK-encrypted part %d " 1992 "seconds ago. Dropping cell.",
1997 stage_descr =
"decryption";
2002 }
else if (err_msg) {
2003 log_info(
LD_REND,
"%s on circ %u.", err_msg,
2008 stage_descr =
"late parsing";
2013 }
else if (err_msg) {
2014 log_info(
LD_REND,
"%s on circ %u.", err_msg,
2019 stage_descr =
"late validation";
2024 }
else if (err_msg) {
2025 log_info(
LD_REND,
"%s on circ %u.", err_msg,
2037 err_msg_severity = LOG_PROTOCOL_WARN;
2044 log_warn(
LD_REND,
"Client asked to rendezvous at a relay that we " 2045 "exclude, and StrictNodes is set. Refusing service.");
2046 reason = END_CIRC_REASON_INTERNAL;
2050 base16_encode(hexcookie, 9, (
const char *)(parsed_req->rc), 4);
2055 service->accepted_intro_dh_parts,
2067 log_info(
LD_REND,
"We received an " 2068 "INTRODUCE2 cell with same first part of " 2069 "Diffie-Hellman handshake %d seconds ago. Dropping " 2076 if (service->clients) {
2077 if (parsed_req->version == 3 && parsed_req->u.v3.auth_len > 0) {
2079 (
const char*)parsed_req->u.v3.auth_data,
2080 parsed_req->u.v3.auth_len)) {
2081 log_info(
LD_REND,
"Authorization data in INTRODUCE2 cell are valid.");
2083 log_info(
LD_REND,
"The authorization data that are contained in " 2084 "the INTRODUCE2 cell are invalid. Dropping cell.");
2085 reason = END_CIRC_REASON_CONNECTFAILED;
2089 log_info(
LD_REND,
"INTRODUCE2 cell does not contain authentication " 2090 "data, but we require client authorization. Dropping cell.");
2091 reason = END_CIRC_REASON_CONNECTFAILED;
2099 log_warn(
LD_BUG,
"Internal error: couldn't build DH state " 2100 "or generate public key.");
2101 reason = END_CIRC_REASON_INTERNAL;
2105 (
char *)(parsed_req->dh),
2108 log_warn(
LD_BUG,
"Internal error: couldn't complete DH handshake");
2109 reason = END_CIRC_REASON_INTERNAL;
2113 circ_needs_uptime = hs_service_requires_uptime_circ(service->ports);
2121 for (i=0;i<max_rend_failures;i++) {
2126 if (rend_service_use_direct_connection(options, rp)) {
2136 log_warn(
LD_REND,
"Giving up launching first hop of circuit to rendezvous " 2137 "point %s for service %s.",
2140 reason = END_CIRC_REASON_CONNECTFAILED;
2144 "Accepted intro; launching circuit to %s " 2145 "(cookie %s) for service %s.",
2147 hexcookie, serviceid);
2152 rend_data_service_create(service->service_id, rend_pk_digest,
2153 parsed_req->rc, service->auth_type);
2161 cpath->magic = CRYPT_PATH_MAGIC;
2178 "unknown %s error for INTRODUCE2", stage_descr);
2180 err_msg = tor_strdup(
"unknown error for INTRODUCE2");
2188 if (dh) crypto_dh_free(dh);
2190 circuit_mark_for_close(
TO_CIRCUIT(launched), reason);
2195 memwipe(keys, 0,
sizeof(keys));
2197 memwipe(serviceid, 0,
sizeof(serviceid));
2198 memwipe(hexcookie, 0,
sizeof(hexcookie));
2201 rend_service_free_intro(parsed_req);
2204 extend_info_free(rp);
2217 char *err_msg = NULL;
2218 const char *rp_nickname = NULL;
2219 const node_t *node = NULL;
2223 err_msg = tor_strdup(
"Bad parameters to find_rp_for_intro()");
2228 if (intro->version == 0 || intro->version == 1) {
2229 rp_nickname = (
const char *)(intro->u.v0_v1.rp);
2231 node = node_get_by_nickname(rp_nickname, NNF_NO_WARN_UNNAMED);
2235 "Couldn't find router %s named in INTRODUCE2 cell",
2243 const int allow_direct = rend_service_allow_non_anonymous_connection(
2249 "Couldn't build extend_info_t for router %s named " 2250 "in INTRODUCE2 cell",
2256 }
else if (intro->version == 2) {
2258 }
else if (intro->version == 3) {
2263 "Unknown version %d in INTRODUCE2 cell",
2264 (
int)(intro->version));
2280 "Relay IP in INTRODUCE2 cell is private address.");
2282 extend_info_free(rp);
2290 *err_msg_out = err_msg;
2310 request->ciphertext_len = 0;
2313 if (request->plaintext) {
2315 memwipe(request->plaintext, 0, request->plaintext_len);
2317 request->plaintext_len = 0;
2321 if (request->parsed) {
2322 switch (request->version) {
2331 extend_info_free(request->u.v2.extend_info);
2332 request->u.v2.extend_info = NULL;
2335 if (request->u.v3.auth_data) {
2336 memwipe(request->u.v3.auth_data, 0, request->u.v3.auth_len);
2340 extend_info_free(request->u.v3.extend_info);
2341 request->u.v3.extend_info = NULL;
2345 "rend_service_free_intro() saw unknown protocol " 2352 memwipe(request, 0,
sizeof(*request));
2377 char *err_msg = NULL;
2379 if (!request || request_len <= 0)
goto err;
2380 if (!(type == 1 || type == 2))
goto err;
2390 "got a truncated INTRODUCE%d cell",
2397 rv = tor_malloc_zero(
sizeof(*rv));
2406 rv->ciphertext = tor_malloc(request_len -
DIGEST_LEN);
2408 rv->ciphertext_len = request_len -
DIGEST_LEN;
2413 rend_service_free_intro(rv);
2416 if (err_msg_out && !err_msg) {
2418 "unknown INTRODUCE%d error",
2423 if (err_msg_out) *err_msg_out = err_msg;
2437 size_t plaintext_len,
2440 const char *rp_nickname, *endptr;
2441 size_t nickname_field_len, ver_specific_len;
2443 if (intro->version == 1) {
2445 rp_nickname = ((
const char *)buf) + 1;
2447 }
else if (intro->version == 0) {
2449 rp_nickname = (
const char *)buf;
2454 "rend_service_parse_intro_for_v0_or_v1() called with " 2455 "bad version %d on INTRODUCE%d cell (this is a bug)",
2457 (
int)(intro->type));
2461 if (plaintext_len < ver_specific_len) {
2464 "short plaintext of encrypted part in v1 INTRODUCE%d " 2465 "cell (%lu bytes, needed %lu)",
2467 (
unsigned long)plaintext_len,
2468 (
unsigned long)ver_specific_len);
2472 endptr = memchr(rp_nickname, 0, nickname_field_len);
2473 if (!endptr || endptr == rp_nickname) {
2476 "couldn't find a nul-padded nickname in " 2478 (
int)(intro->type));
2483 if ((intro->version == 0 &&
2485 (intro->version == 1 &&
2489 "bad nickname in INTRODUCE%d cell",
2490 (
int)(intro->type));
2495 memcpy(intro->u.v0_v1.rp, rp_nickname, endptr - rp_nickname + 1);
2497 return ver_specific_len;
2510 size_t plaintext_len,
2515 ssize_t ver_specific_len;
2522 if (!(intro->version == 2 ||
2523 intro->version == 3)) {
2526 "rend_service_parse_intro_for_v2() called with " 2527 "bad version %d on INTRODUCE%d cell (this is a bug)",
2529 (
int)(intro->type));
2537 "truncated plaintext of encrypted parted of " 2538 "version %d INTRODUCE%d cell",
2540 (
int)(intro->type));
2556 if (plaintext_len < 7 +
DIGEST_LEN + 2 + klen) {
2559 "truncated plaintext of encrypted parted of " 2560 "version %d INTRODUCE%d cell",
2562 (
int)(intro->type));
2573 "error decoding onion key in version %d " 2584 "invalid onion key size in version %d INTRODUCE%d cell",
2594 if (intro->version == 2) intro->u.v2.extend_info = extend_info;
2595 else intro->u.v3.extend_info = extend_info;
2597 return ver_specific_len;
2600 extend_info_free(extend_info);
2612 size_t plaintext_len,
2615 ssize_t adjust, v2_ver_specific_len, ts_offset;
2618 if (intro->version != 3) {
2621 "rend_service_parse_intro_for_v3() called with " 2622 "bad version %d on INTRODUCE%d cell (this is a bug)",
2624 (
int)(intro->type));
2633 if (plaintext_len < 4) {
2636 "truncated plaintext of encrypted parted of " 2637 "version %d INTRODUCE%d cell",
2639 (
int)(intro->type));
2654 intro->u.v3.auth_type = buf[1];
2655 if (intro->u.v3.auth_type != REND_NO_AUTH) {
2656 intro->u.v3.auth_len = ntohs(
get_uint16(buf + 2));
2657 ts_offset = 4 + intro->u.v3.auth_len;
2659 intro->u.v3.auth_len = 0;
2664 if (intro->u.v3.auth_type == REND_BASIC_AUTH ||
2665 intro->u.v3.auth_type == REND_STEALTH_AUTH) {
2669 "wrong auth data size %d for INTRODUCE%d cell, " 2671 (
int)(intro->u.v3.auth_len),
2681 if (plaintext_len < (
size_t)(ts_offset)+4) {
2684 "truncated plaintext of encrypted parted of " 2685 "version %d INTRODUCE%d cell",
2687 (
int)(intro->type));
2693 if (intro->u.v3.auth_type != REND_NO_AUTH &&
2694 intro->u.v3.auth_len > 0) {
2696 intro->u.v3.auth_data = tor_malloc(intro->u.v3.auth_len);
2701 memcpy(intro->u.v3.auth_data, buf + 4, intro->u.v3.auth_len);
2710 adjust = 3 + ts_offset;
2712 v2_ver_specific_len =
2714 buf + adjust, plaintext_len - adjust,
2718 if (v2_ver_specific_len >= 0)
return v2_ver_specific_len + adjust;
2720 else return v2_ver_specific_len;
2752 char *err_msg = NULL;
2757 int result, status = -1;
2759 if (!intro || !key) {
2762 tor_strdup(
"rend_service_decrypt_intro() called with bad " 2771 if (!(intro->ciphertext) || intro->ciphertext_len <= 0) {
2774 "rend_intro_cell_t was missing ciphertext for " 2776 (
int)(intro->type));
2787 *err_msg_out = tor_strdup(
"Couldn't compute RSA digest.");
2788 log_warn(
LD_BUG,
"Couldn't compute key digest.");
2793 if (tor_memneq(key_digest, intro->pk,
DIGEST_LEN)) {
2798 "got an INTRODUCE%d cell for the wrong service (%s)",
2810 if (intro->ciphertext_len < key_len) {
2813 "got an INTRODUCE%d cell with a truncated PK-encrypted " 2815 (
int)(intro->type));
2825 key, (
char *)buf,
sizeof(buf),
2826 (
const char *)(intro->ciphertext), intro->ciphertext_len,
2831 "couldn't decrypt INTRODUCE%d cell",
2832 (
int)(intro->type));
2837 intro->plaintext_len = result;
2838 intro->plaintext = tor_malloc(intro->plaintext_len);
2839 memcpy(intro->plaintext, buf, intro->plaintext_len);
2846 if (err_msg_out && !err_msg) {
2848 "unknown INTRODUCE%d error decrypting encrypted part",
2849 intro ? (
int)(intro->type) : -1);
2853 if (err_msg_out) *err_msg_out = err_msg;
2858 memwipe(key_digest, 0,
sizeof(key_digest));
2859 memwipe(service_id, 0,
sizeof(service_id));
2874 char *err_msg = NULL;
2875 ssize_t ver_specific_len, ver_invariant_len;
2882 tor_strdup(
"rend_service_parse_intro_plaintext() called with NULL " 2883 "rend_intro_cell_t");
2891 if (!(intro->plaintext) || intro->plaintext_len <= 0) {
2893 err_msg = tor_strdup(
"rend_intro_cell_t was missing plaintext");
2900 version = intro->plaintext[0];
2903 if (version > 3) version = 0;
2906 intro->version = version;
2911 intro->plaintext, intro->plaintext_len,
2913 if (ver_specific_len < 0) {
2922 ver_invariant_len = intro->plaintext_len - ver_specific_len;
2925 "decrypted plaintext of INTRODUCE%d cell was truncated (%ld bytes)",
2927 (
long)(intro->plaintext_len));
2932 "decrypted plaintext of INTRODUCE%d cell was too long (%ld bytes)",
2934 (
long)(intro->plaintext_len));
2939 intro->plaintext + ver_specific_len,
2953 if (err_msg_out && !err_msg) {
2955 "unknown INTRODUCE%d error parsing encrypted part",
2956 intro ? (
int)(intro->type) : -1);
2960 if (err_msg_out) *err_msg_out = err_msg;
2984 tor_strdup(
"NULL intro cell passed to " 2985 "rend_service_validate_intro_late()");
2991 if (intro->version == 3 && intro->parsed) {
2992 if (!(intro->u.v3.auth_type == REND_NO_AUTH ||
2993 intro->u.v3.auth_type == REND_BASIC_AUTH ||
2994 intro->u.v3.auth_type == REND_STEALTH_AUTH)) {
2998 "unknown authorization type %d",
2999 intro->u.v3.auth_type);
3015 const char *rend_pk_digest;
3016 rend_service_t *service = NULL;
3025 log_info(
LD_REND,
"Skipping relaunch of circ that failed on its first hop. " 3026 "Initiator will retry.");
3030 log_info(
LD_REND,
"Reattempting rendezvous circuit to '%s'",
3034 rend_pk_digest = (
char *) rend_data_get_pk_digest(oldcirc->
rend_data, NULL);
3042 log_warn(
LD_BUG,
"Internal error: Trying to relaunch a rendezvous circ " 3043 "for an unrecognized service %s.",
3044 safe_str_client(serviceid));
3048 if (hs_service_requires_uptime_circ(service->ports)) {
3060 log_warn(
LD_REND,
"Couldn't relaunch rendezvous circuit to '%s'.",
3089 if (rend_service_allow_non_anonymous_connection(options)) {
3104 if (rend_service_use_direct_connection_node(options, node)) {
3106 if (BUG(!direct_ei)) {
3113 launch_ei = direct_ei;
3125 "Launching circuit to introduction point %s%s%s for service %s",
3127 direct_ei ?
" via direct address " :
"",
3129 service->service_id);
3133 ++service->n_intro_circuits_launched;
3139 "Can't launch circuit to establish introduction at %s%s%s.",
3141 direct_ei ?
" via direct address " :
"",
3144 extend_info_free(direct_ei);
3153 launched->
rend_data = rend_data_service_create(service->service_id,
3154 service->pk_digest, NULL,
3155 service->auth_type);
3159 extend_info_free(direct_ei);
3168 unsigned int num = 0;
3183 unsigned int num_ipos = 0;
3185 if (!circ->marked_for_close &&
3191 rend_circuit_pk_digest_eq(oc, (uint8_t *) service->pk_digest)) {
3196 SMARTLIST_FOREACH_END(circ);
3207 rend_service_encode_establish_intro_cell(
char *cell_body_out,
3208 size_t cell_body_out_len,
3210 const char *rend_circ_nonce)
3224 log_warn(
LD_BUG,
"Internal error; failed to establish intro point.");
3228 set_uint16(cell_body_out, htons((uint16_t)len));
3232 if (crypto_digest(cell_body_out+len, auth,
DIGEST_LEN+9))
3236 cell_body_out_len - len,
3237 cell_body_out, len);
3239 log_warn(
LD_BUG,
"Internal error: couldn't sign introduction request.");
3247 memwipe(auth, 0,
sizeof(auth));
3258 rend_service_t *service;
3261 unsigned int expiring_nodes_len, num_ip_circuits, valid_ip_circuits = 0;
3262 int reason = END_CIRC_REASON_TORPROTOCOL;
3263 const char *rend_pk_digest;
3266 assert_circ_anonymity_ok(circuit, get_options());
3270 rend_pk_digest = (
char *) rend_data_get_pk_digest(circuit->
rend_data, NULL);
3277 log_warn(
LD_REND,
"Unrecognized service ID %s on introduction circuit %u.",
3278 safe_str_client(serviceid), (
unsigned)circuit->base_.
n_circ_id);
3279 reason = END_CIRC_REASON_NOSUCHSERVICE;
3285 expiring_nodes_len = (
unsigned int) smartlist_len(service->expiring_nodes);
3290 if (num_ip_circuits > expiring_nodes_len) {
3291 valid_ip_circuits = num_ip_circuits - expiring_nodes_len;
3298 if (valid_ip_circuits > service->n_intro_points_wanted) {
3303 if (intro != NULL) {
3305 rend_intro_point_free(intro);
3312 log_info(
LD_CIRC|
LD_REND,
"We have just finished an introduction " 3313 "circuit, but we already have enough. Closing it.");
3314 reason = END_CIRC_REASON_NONE;
3318 log_info(
LD_CIRC|
LD_REND,
"We have just finished an introduction " 3319 "circuit, but we already have enough. Redefining purpose to " 3320 "general; leaving as internal.");
3335 circuit->intro_key = NULL;
3336 crypto_pk_free(intro_key);
3345 "Established circuit %u as introduction point for service %s",
3346 (
unsigned)circuit->base_.
n_circ_id, serviceid);
3352 len = rend_service_encode_establish_intro_cell(buf,
sizeof(buf),
3356 reason = END_CIRC_REASON_INTERNAL;
3360 if (relay_send_command_from_edge(0,
TO_CIRCUIT(circuit),
3361 RELAY_COMMAND_ESTABLISH_INTRO,
3364 "Couldn't send introduction request for service %s on circuit %u",
3365 serviceid, (
unsigned)circuit->base_.
n_circ_id);
3376 circuit_mark_for_close(
TO_CIRCUIT(circuit), reason);
3379 memwipe(serviceid, 0,
sizeof(serviceid));
3389 const uint8_t *request,
3392 rend_service_t *service;
3399 const char *rend_pk_digest =
3400 (
char *) rend_data_get_pk_digest(circuit->
rend_data, NULL);
3404 "received INTRO_ESTABLISHED cell on non-intro circuit.");
3409 log_warn(
LD_REND,
"Unknown service on introduction circuit %u.",
3418 if (intro == NULL) {
3420 "Introduction circuit established without a rend_intro_point_t " 3421 "object for service %s on circuit %u",
3422 safe_str_client(serviceid), (
unsigned)circuit->base_.
n_circ_id);
3428 service->desc_is_dirty = time(NULL);
3432 "Received INTRO_ESTABLISHED cell on circuit %u for service %s",
3433 (
unsigned)circuit->base_.
n_circ_id, serviceid);
3441 circuit_mark_for_close(
TO_CIRCUIT(circuit), END_CIRC_REASON_TORPROTOCOL);
3451 rend_service_t *service;
3457 const char *rend_cookie, *rend_pk_digest;
3462 assert_circ_anonymity_ok(circuit, get_options());
3466 rend_pk_digest = (
char *) rend_data_get_pk_digest(circuit->
rend_data,
3485 "Done building circuit %u to rendezvous with " 3486 "cookie %s for service %s",
3487 (
unsigned)circuit->base_.
n_circ_id, hexcookie, serviceid);
3498 log_info(
LD_REND,
"Another rend circ has already reached this rend point; " 3499 "closing this rend circ.");
3500 reason = END_CIRC_REASON_NONE;
3513 log_warn(
LD_GENERAL,
"Internal error: unrecognized service ID on " 3514 "rendezvous circuit.");
3515 reason = END_CIRC_REASON_INTERNAL;
3523 log_warn(
LD_GENERAL,
"Couldn't get DH public key.");
3524 reason = END_CIRC_REASON_INTERNAL;
3531 if (relay_send_command_from_edge(0,
TO_CIRCUIT(circuit),
3532 RELAY_COMMAND_RENDEZVOUS1,
3533 buf, HS_LEGACY_RENDEZVOUS_CELL_SIZE,
3535 log_warn(
LD_GENERAL,
"Couldn't send RENDEZVOUS1 cell.");
3543 hop->
state = CPATH_STATE_OPEN;
3559 circuit_mark_for_close(
TO_CIRCUIT(circuit), reason);
3562 memwipe(serviceid, 0,
sizeof(serviceid));
3563 memwipe(hexcookie, 0,
sizeof(hexcookie));
3594 (uint8_t *) pk_digest,
3628 const char *serviceid;
3629 rend_service_t *service = NULL;
3634 serviceid = rend_data_get_address(circ->
rend_data);
3642 if (service == NULL)
return NULL;
3661 const char *service_id,
int seconds_valid)
3663 int i, j, failed_upload = 0;
3665 smartlist_t *successful_uploads = smartlist_new();
3667 for (i = 0; i < smartlist_len(descs); i++) {
3671 if (hs_dirs && smartlist_len(hs_dirs) > 0) {
3677 log_warn(
LD_REND,
"Could not determine the responsible hidden service " 3678 "directories to post descriptors to.");
3685 for (j = 0; j < smartlist_len(responsible_dirs); j++) {
3690 hs_dir = smartlist_get(responsible_dirs, j);
3697 log_info(
LD_REND,
"Not launching upload for for v2 descriptor to " 3698 "hidden service directory %s; we don't have its " 3699 "router descriptor. Queuing for later upload.",
3708 rend_data = rend_data_client_create(service_id, desc->
desc_id, NULL,
3717 directory_initiate_request(req);
3718 directory_request_free(req);
3720 rend_data_free(rend_data);
3724 log_info(
LD_REND,
"Launching upload for v2 descriptor for " 3725 "service '%s' with descriptor ID '%s' with validity " 3726 "of %d seconds to hidden service directory '%s' on " 3728 safe_str_client(service_id),
3729 safe_str_client(desc_id_base32),
3736 desc_id_base32, NULL);
3745 if (!failed_upload) {
3759 char *hsdir_id = tor_memdup(c, DIGEST_LEN);
3760 smartlist_add(renddesc->successful_uploads, hsdir_id);
3765 smartlist_free(responsible_dirs);
3766 smartlist_free(successful_uploads);
3775 time_t now = time(NULL);
3780 rendpostperiod = get_options()->RendPostPeriod;
3784 int seconds_valid, i, j, num_descs;
3790 num_descs = service->auth_type == REND_STEALTH_AUTH ?
3791 smartlist_len(service->clients) : 1;
3792 for (j = 0; j < num_descs; j++) {
3796 switch (service->auth_type) {
3800 case REND_BASIC_AUTH:
3804 case REND_STEALTH_AUTH:
3805 client = smartlist_get(service->clients, j);
3806 client_key = client->client_key;
3816 if (seconds_valid < 0) {
3817 log_warn(
LD_BUG,
"Internal error: couldn't encode service " 3818 "descriptor; not uploading.");
3819 smartlist_free(descs);
3820 smartlist_free(client_cookies);
3824 if (get_options()->PublishHidServDescriptors) {
3826 log_info(
LD_REND,
"Launching upload for hidden service %s",
3832 for (i = 0; i < smartlist_len(descs); i++)
3838 service->next_upload_time = now + rendpostperiod;
3840 service->next_upload_time = now + seconds_valid + 1;
3842 service->next_upload_time = now + seconds_valid -
3851 if (seconds_valid < 0) {
3852 log_warn(
LD_BUG,
"Internal error: couldn't encode service " 3853 "descriptor; not uploading.");
3854 smartlist_free(descs);
3855 smartlist_free(client_cookies);
3858 if (get_options()->PublishHidServDescriptors) {
3863 for (i = 0; i < smartlist_len(descs); i++)
3868 smartlist_free(descs);
3869 smartlist_free(client_cookies);
3871 if (get_options()->PublishHidServDescriptors) {
3872 log_info(
LD_REND,
"Successfully uploaded v2 rend descriptors!");
3874 log_info(
LD_REND,
"Successfully stored created v2 rend descriptors!");
3880 service->next_upload_time = now + 60;
3883 service->desc_is_dirty = 0;
3917 int intro_point_lifetime_seconds =
3961 rend_intro_point_free(intro);
3962 } SMARTLIST_FOREACH_END(intro);
3968 node_get_by_id(intro->extend_info->identity_digest);
3975 if (node && exclude_nodes) {
3981 if (intro_circ == NULL) {
3982 log_info(
LD_REND,
"Attempting to retry on %s as intro point for %s" 3983 " (circuit disappeared).",
3985 safe_str_client(service->service_id));
3988 intro->circuit_established = 0;
3994 rend_intro_point_free(intro);
4016 log_info(
LD_REND,
"Expiring %s as intro point for %s.",
4018 safe_str_client(service->service_id));
4027 intro->circuit_established = 0;
4029 } SMARTLIST_FOREACH_END(intro);
4038 rend_service_t *service;
4039 const char *onion_address;
4043 onion_address = rend_data_get_address(rend_data);
4046 if (service == NULL) {
4054 if (intro_circ != NULL) {
4055 circuit_mark_for_close(
TO_CIRCUIT(intro_circ),
4056 END_CIRC_REASON_FINISHED);
4059 rend_intro_point_free(intro);
4060 } SMARTLIST_FOREACH_END(intro);
4094 const int allow_direct = rend_service_allow_non_anonymous_connection(
4106 exclude_nodes = smartlist_new();
4107 retry_nodes = smartlist_new();
4113 unsigned int n_intro_points_to_open;
4116 unsigned int intro_nodes_len;
4134 service->intro_period_started = now;
4135 service->n_intro_circuits_launched = 0;
4136 }
else if (service->n_intro_circuits_launched >=
4138 service->n_intro_points_wanted)) {
4149 log_warn(
LD_REND,
"Error launching circuit to node %s for service %s.",
4151 safe_str_client(service->service_id));
4155 rend_intro_point_free(intro);
4158 intro->circuit_retries++;
4159 } SMARTLIST_FOREACH_END(intro);
4162 intro_nodes_len = (
unsigned int) smartlist_len(service->intro_nodes);
4168 if (intro_nodes_len >= service->n_intro_points_wanted) {
4175 n_intro_points_to_open = service->n_intro_points_wanted - intro_nodes_len;
4176 if (intro_nodes_len == 0) {
4190 for (i = 0; i < (int) n_intro_points_to_open; i++) {
4195 direct_flags |= CRN_PREF_ADDR;
4196 direct_flags |= CRN_DIRECT_CONN;
4200 allow_direct ? direct_flags : flags);
4203 if (allow_direct && !node) {
4205 "Unable to find an intro point that we can connect to " 4206 "directly for %s, falling back to a 3-hop path.",
4207 safe_str_client(service->service_id));
4214 "We only have %d introduction points established for %s; " 4216 smartlist_len(service->intro_nodes),
4217 safe_str_client(service->service_id),
4218 n_intro_points_to_open);
4233 const int fail = crypto_pk_generate_key(intro->
intro_key);
4239 INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS);
4241 log_info(
LD_REND,
"Picked router %s as an intro point for %s.",
4243 safe_str_client(service->service_id));
4247 log_warn(
LD_REND,
"Error launching circuit to node %s for service %s.",
4249 safe_str_client(service->service_id));
4255 } SMARTLIST_FOREACH_END(service);
4256 smartlist_free(exclude_nodes);
4257 smartlist_free(retry_nodes);
4260 #define MIN_REND_INITIAL_POST_DELAY (30) 4261 #define MIN_REND_INITIAL_POST_DELAY_TESTING (5) 4275 rend_service_t *service;
4279 MIN_REND_INITIAL_POST_DELAY_TESTING :
4280 MIN_REND_INITIAL_POST_DELAY);
4284 if (!service->next_upload_time) {
4287 service->next_upload_time =
4292 if (rend_service_reveal_startup_time(options)) {
4293 service->next_upload_time = now + rendinitialpostdelay;
4297 unsigned int intro_points_ready =
4299 service->n_intro_points_wanted;
4300 if (intro_points_ready &&
4301 (service->next_upload_time < now ||
4302 (service->desc_is_dirty &&
4303 service->desc_is_dirty < now-rendinitialpostdelay))) {
4334 rend_service_t *service;
4340 if (!get_options()->PublishHidServDescriptors)
4345 if (service->desc && !service->desc->all_uploads_performed) {
4360 rend_service_t *service;
4362 const char *safe_name;
4369 for (j=0; j < smartlist_len(service->intro_nodes); ++j) {
4370 intro = smartlist_get(service->intro_nodes, j);
4395 rend_service_t *service;
4397 const char *rend_pk_digest;
4401 log_debug(
LD_REND,
"beginning to hunt for addr/port");
4402 rend_pk_digest = (
char *) rend_data_get_pk_digest(circ->
rend_data, NULL);
4407 log_warn(
LD_REND,
"Couldn't find any service associated with pk %s on " 4408 "rendezvous circuit %u; closing.",
4409 serviceid, (
unsigned)circ->base_.
n_circ_id);
4412 if (service->max_streams_per_circuit > 0) {
4415 #define MAX_STREAM_WARN_INTERVAL 600 4416 static struct ratelim_t stream_ratelim =
4417 RATELIM_INIT(MAX_STREAM_WARN_INTERVAL);
4420 "Maximum streams per circuit limit reached on rendezvous " 4421 "circuit %u; %s. Circuit has %d out of %d streams.",
4423 service->max_streams_close_circuit ?
4425 "ignoring open stream request",
4427 service->max_streams_per_circuit);
4428 return service->max_streams_close_circuit ? -2 : -1;
4432 if (hs_set_conn_addr_port(service->ports, conn) == 0) {
4438 "No virtual port mapping exists for port %d on service %s",
4439 conn->base_.
port, serviceid);
4441 if (service->allow_unknown_ports)
4450 rend_service_non_anonymous_mode_consistent(
const or_options_t *options)
4454 !! options->HiddenServiceNonAnonymousMode);
4463 rend_service_allow_non_anonymous_connection(
const or_options_t *options)
4465 tor_assert(rend_service_non_anonymous_mode_consistent(options));
4477 rend_service_reveal_startup_time(
const or_options_t *options)
4479 tor_assert(rend_service_non_anonymous_mode_consistent(options));
4480 return rend_service_non_anonymous_mode_enabled(options);
4489 rend_service_non_anonymous_mode_enabled(
const or_options_t *options)
4491 tor_assert(rend_service_non_anonymous_mode_consistent(options));
4492 return options->HiddenServiceNonAnonymousMode ? 1 : 0;
4495 #ifdef TOR_UNIT_TESTS 4504 set_rend_rend_service_staging_list(
smartlist_t *new_list)
#define RELAY_PAYLOAD_SIZE
void rep_hist_note_used_internal(time_t now, int need_uptime, int need_capacity)
int crypto_pk_write_private_key_to_string(crypto_pk_t *env, char **dest, size_t *len)
#define CIRCLAUNCH_ONEHOP_TUNNEL
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
static int rend_service_derive_key_digests(struct rend_service_t *s)
Header file for rendcommon.c.
#define CIRCLAUNCH_IS_INTERNAL
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *rs)
int crypto_pk_eq_keys(const crypto_pk_t *a, const crypto_pk_t *b)
#define MAX_HEX_NICKNAME_LEN
Header file for dirclient.c.
void rend_service_desc_has_uploaded(const rend_data_t *rend_data)
int circuit_init_cpath_crypto(crypt_path_t *cpath, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
static struct rend_service_t * rend_service_get_by_service_id(const char *id)
int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
int rend_num_services(void)
Header file containing common data for the whole HS subsytem.
Header file containing configuration ABI/API for the HS subsytem.
unsigned int hs_circ_has_timed_out
void rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
Common functions for using (pseudo-)random number generators.
#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS
static smartlist_t * rend_service_list
static unsigned int count_intro_point_circuits(const rend_service_t *service)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
int tor_open_cloexec(const char *path, int flags, unsigned mode)
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
int rend_service_load_all_keys(const smartlist_t *service_list)
int rend_service_validate_intro_late(const rend_intro_cell_t *intro, char **err_msg_out)
Header file for node_select.c.
static smartlist_t * rend_service_staging_list
void rend_service_free_all(void)
STATIC void rend_service_free_(rend_service_t *service)
void rend_consider_services_intro_points(time_t now)
const char * extend_info_describe(const extend_info_t *ei)
crypt_path_reference_t * service_pending_final_cpath_ref
static void set_uint16(void *cp, uint16_t v)
#define INTRO_POINT_LIFETIME_MAX_SECONDS
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc)
struct crypto_dh_t * rend_dh_handshake_state
crypt_path_t * pending_final_cpath
static int consider_republishing_rend_descriptors
#define CIRCLAUNCH_NEED_UPTIME
int rend_service_receive_introduction(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
char identity_digest[DIGEST_LEN]
Header file for describe.c.
Header file for nodelist.c.
void rend_service_free_intro_(rend_intro_cell_t *request)
static const char * rend_service_escaped_dir(const struct rend_service_t *s)
static int intro_point_should_expire_now(rend_intro_point_t *intro, time_t now)
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
#define MAX_INTRO_POINT_CIRCUIT_RETRIES
#define NUM_INTRO_POINTS_MAX
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
#define REND_DESC_COOKIE_LEN_BASE64
int rend_service_decrypt_intro(rend_intro_cell_t *intro, crypto_pk_t *key, char **err_msg_out)
int crypto_dh_get_public(crypto_dh_t *dh, char *pubkey_out, size_t pubkey_out_len)
#define REND_SERVICE_ID_LEN
static origin_circuit_t * find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest)
char * rate_limit_log(ratelim_t *lim, time_t now)
#define REND_DESC_ID_V2_LEN_BASE32
struct directory_request_t directory_request_t
Header file for config.c.
Header file for nickname.c.
int accepted_introduce2_count
Header file for replaycache.c.
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
void smartlist_uniq_strings(smartlist_t *sl)
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
void rend_service_intro_has_opened(origin_circuit_t *circuit)
int crypto_rand_int_range(unsigned int min, unsigned int max)
int is_legal_nickname_or_hexdigest(const char *s)
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
int replaycache_add_test_and_elapsed(replaycache_t *r, const void *data, size_t len, time_t *elapsed)
#define SMARTLIST_DEL_CURRENT(sl, var)
Header file for mainloop.c.
static int rend_service_load_keys(struct rend_service_t *s)
void memwipe(void *mem, uint8_t byte, size_t sz)
void smartlist_sort_strings(smartlist_t *sl)
static void upload_service_descriptor(rend_service_t *service)
int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out, uint16_t *port_out)
#define REND_CLIENTNAME_MAX_LEN
FILE * start_writing_to_stdio_file(const char *fname, int open_flags, int mode, open_file_t **data_out)
static uint32_t get_uint32(const void *cp)
static rend_intro_point_t * find_expiring_intro_point(struct rend_service_t *service, origin_circuit_t *circ)
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
static int service_is_single_onion_poisoned(const rend_service_t *service)
int circuit_should_use_vanguards(uint8_t purpose)
Header file for loadkey.c.
smartlist_t * intro_nodes
Header file for policies.c.
static rend_intro_point_t * find_intro_point(origin_circuit_t *circ)
int crypto_dh_generate_public(crypto_dh_t *dh)
int port_cfg_line_extract_addrport(const char *line, char **addrport_out, int *is_unix_out, const char **rest_out)
extend_info_t * extend_info
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
int32_t circuit_initial_package_window(void)
int all_uploads_performed
Common functions for cryptographic routines.
crypto_pk_t * crypto_pk_asn1_decode(const char *str, size_t len)
directory_request_t * directory_request_new(uint8_t dir_purpose)
static int rend_service_load_auth_keys(struct rend_service_t *s, const char *hfname)
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
unsigned int circuit_established
#define tor_addr_from_ipv4h(dest, v4addr)
static extend_info_t * find_rp_for_intro(const rend_intro_cell_t *intro, char **err_msg_out)
static int rend_service_check_private_dir(const or_options_t *options, const rend_service_t *s, int create)
static ssize_t rend_service_parse_intro_for_v3(rend_intro_cell_t *intro, const uint8_t *buf, size_t plaintext_len, char **err_msg_out)
void rend_consider_services_upload(time_t now)
int finish_writing_to_file(open_file_t *file_data)
int tor_memeq(const void *a, const void *b, size_t sz)
static unsigned int rend_service_is_ephemeral(const struct rend_service_t *s)
int tor_asprintf(char **strp, const char *fmt,...)
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
static rend_service_port_config_t * rend_service_port_config_new(const char *socket_path)
origin_circuit_t * circuit_get_next_intro_circ(const origin_circuit_t *start, bool want_client_circ)
routerset_t * ExcludeNodes
char nickname[MAX_HEX_NICKNAME_LEN+1]
static int rend_add_service(smartlist_t *service_list, rend_service_t *service)
void rend_hsdir_routers_changed(void)
#define PK_PKCS1_OAEP_PADDING
const char * node_describe(const node_t *node)
rend_service_port_config_t * rend_service_parse_port_config(const char *string, const char *sep, char **err_msg_out)
Master header file for Tor-specific functionality.
#define CIRCUIT_STATE_OPEN
#define INTRO_CIRC_RETRY_PERIOD
Header file for circuitbuild.c.
int crypto_rand_int(unsigned int max)
int rend_service_parse_intro_plaintext(rend_intro_cell_t *intro, char **err_msg_out)
struct crypto_pk_t * intro_key
void smartlist_remove(smartlist_t *sl, const void *element)
static uint16_t get_uint16(const void *cp)
#define NUM_INTRO_POINTS_EXTRA
int rend_valid_v2_service_id(const char *query)
hs_service_add_ephemeral_status_t
extend_info_t * extend_info_dup(extend_info_t *info)
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
STATIC int rend_service_verify_single_onion_poison(const rend_service_t *s, const or_options_t *options)
static int intro_point_accepted_intro_count(rend_intro_point_t *intro)
const char * routerstatus_describe(const routerstatus_t *rs)
static int rend_check_authorization(rend_service_t *service, const char *descriptor_cookie, size_t cookie_len)
#define log_fn_ratelim(ratelim, severity, domain, args,...)
char nickname[MAX_NICKNAME_LEN+1]
char rend_circ_nonce[DIGEST_LEN]
Header file for circuituse.c.
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
int fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
char * rend_auth_encode_cookie(const uint8_t *cookie_in, rend_auth_type_t auth_type)
int rend_service_del_ephemeral(const char *service_id)
replaycache_t * replaycache_new(time_t horizon, time_t interval)
int rend_parse_client_keys(strmap_t *parsed_clients, const char *ckstr)
#define RFTS_IGNORE_MISSING
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Header file for circuitlist.c.
crypto_pk_t * crypto_pk_dup_key(crypto_pk_t *orig)
Header file for rendservice.c.
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
static void rend_log_intro_limit(const rend_service_t *service, int min_severity)
static unsigned int count_established_intro_points(const rend_service_t *service)
int rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request, size_t request_len)
int rend_valid_client_name(const char *client_name)
#define CIRCLAUNCH_NEED_CAPACITY
void rend_services_add_filenames_to_lists(smartlist_t *open_lst, smartlist_t *stat_lst)
#define CIRCUIT_PURPOSE_S_INTRO
int smartlist_contains_digest(const smartlist_t *sl, const char *element)
smartlist_t * routerstatus_list
int is_legal_nickname(const char *s)
static void rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s)
#define CIRCUIT_PURPOSE_HS_VANGUARDS
int rend_encode_v2_descriptors(smartlist_t *descs_out, rend_service_descriptor_t *desc, time_t now, uint8_t period, rend_auth_type_t auth_type, crypto_pk_t *client_key, smartlist_t *client_cookies)
struct crypt_path_t * prev
cpath_build_state_t * build_state
int HiddenServiceSingleHopMode
void rend_encoded_v2_service_descriptor_free_(rend_encoded_v2_service_descriptor_t *desc)
#define REND_SERVICE_ID_LEN_BASE32
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
void circuit_has_opened(origin_circuit_t *circ)
#define NUM_INTRO_POINTS_DEFAULT
const char * circuit_state_to_string(int state)
int tor_snprintf(char *str, size_t size, const char *format,...)
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
static ssize_t rend_service_parse_intro_for_v2(rend_intro_cell_t *intro, const uint8_t *buf, size_t plaintext_len, char **err_msg_out)
char rend_cookie[REND_COOKIE_LEN]
hs_service_add_ephemeral_status_t rend_service_add_ephemeral(crypto_pk_t *pk, smartlist_t *ports, int max_streams_per_circuit, int max_streams_close_circuit, rend_auth_type_t auth_type, smartlist_t *auth_clients, char **service_id_out)
origin_circuit_t * circuit_launch_by_extend_info(uint8_t purpose, extend_info_t *extend_info, int flags)
crypto_dh_t * crypto_dh_new(int dh_type)
void onion_append_to_cpath(crypt_path_t **head_ptr, crypt_path_t *new_hop)
int hs_get_service_max_rend_failures(void)
char identity_digest[DIGEST_LEN]
#define SMARTLIST_FOREACH(sl, type, var, cmd)
const char * escaped(const char *s)
static struct rend_service_t * rend_service_get_by_pk_digest(const char *digest)
#define DIR_PURPOSE_UPLOAD_RENDDESC_V2
void directory_request_set_rend_query(directory_request_t *req, const rend_data_t *query)
int fascist_firewall_allows_node(const node_t *node, firewall_connection_t fw_connection, int pref_only)
rend_intro_cell_t * rend_service_begin_parse_intro(const uint8_t *request, size_t request_len, uint8_t type, char **err_msg_out)
static void remove_invalid_intro_points(rend_service_t *service, smartlist_t *exclude_nodes, smartlist_t *retry_nodes, time_t now)
#define log_fn(severity, domain, args,...)
int rend_get_service_id(crypto_pk_t *pk, char *out)
#define REND_TIME_PERIOD_OVERLAPPING_V2_DESCS
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
crypto_pk_t * init_key_from_file(const char *fname, int generate, int severity, bool *created_out)
int hid_serv_get_responsible_directories(smartlist_t *responsible_dirs, const char *id)
void rend_service_port_config_free_(rend_service_port_config_t *p)
size_t crypto_pk_keysize(const crypto_pk_t *env)
#define CIRCUIT_PURPOSE_C_GENERAL
struct replaycache_t * accepted_intro_rsa_parts
void pathbias_count_use_attempt(origin_circuit_t *circ)
unsigned int listed_in_last_desc
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
static ssize_t rend_service_parse_intro_for_v0_or_v1(rend_intro_cell_t *intro, const uint8_t *buf, size_t plaintext_len, char **err_msg_out)
int abort_writing_to_file(open_file_t *file_data)
static int rend_max_intro_circs_per_period(unsigned int n_intro_points_wanted)
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
int crypto_pk_is_valid_private_key(const crypto_pk_t *env)
STATIC int rend_service_poison_new_single_onion_dir(const rend_service_t *s, const or_options_t *options)
void rend_service_dump_stats(int severity)
extend_info_t * chosen_exit
smartlist_t * successful_uploads
ssize_t crypto_dh_compute_secret(int severity, crypto_dh_t *dh, const char *pubkey, size_t pubkey_len, char *secret_out, size_t secret_bytes_out)
#define INTRO_POINT_LIFETIME_MIN_SECONDS
int crypto_pk_asn1_encode(const crypto_pk_t *pk, char *dest, size_t dest_len)
origin_circuit_t * circuit_get_next_by_pk_and_purpose(origin_circuit_t *start, const uint8_t *digest, uint8_t purpose)
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
static void rend_authorized_client_free_void(void *authorized_client)
int rend_service_set_connection_addr_port(edge_connection_t *conn, origin_circuit_t *circ)
#define CIRCUIT_PURPOSE_S_REND_JOINED
int crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int warnOnFailure)
Header file for rendclient.c.
static ssize_t(* intro_version_handlers[])(rend_intro_cell_t *, const uint8_t *, size_t, char **)
static void rend_service_update_descriptor(rend_service_t *service)
Header file for control_events.c.
void smartlist_clear(smartlist_t *sl)
#define REND_DESC_COOKIE_LEN
static int rend_service_launch_establish_intro(rend_service_t *service, rend_intro_point_t *intro)
void control_event_hs_descriptor_upload(const char *onion_address, const char *id_digest, const char *desc_id, const char *hsdir_index)
void rend_authorized_client_free_(rend_authorized_client_t *client)
void pathbias_mark_use_success(origin_circuit_t *circ)
#define REND_REPLAY_TIME_INTERVAL
file_status_t file_status(const char *filename)
int extend_info_addr_is_allowed(const tor_addr_t *addr)
Header file for networkstatus.c.
void directory_request_set_payload(directory_request_t *req, const char *payload, size_t payload_len)
const char * escaped_safe_str_client(const char *address)
int have_completed_a_circuit(void)
void rend_consider_descriptor_republication(void)
void directory_post_to_hs_dir(rend_service_descriptor_t *renddesc, smartlist_t *descs, smartlist_t *hs_dirs, const char *service_id, int seconds_valid)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
char * tor_dup_ip(uint32_t addr)
