summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/common/compat_threads.c16
-rw-r--r--src/common/container.c25
-rw-r--r--src/common/container.h8
-rw-r--r--src/common/crypto.c18
-rw-r--r--src/common/tortls.c57
-rw-r--r--src/common/util.c14
-rw-r--r--src/common/util.h1
-rw-r--r--src/ext/ht.h29
-rw-r--r--src/or/config.c119
-rw-r--r--src/or/config.h1
-rw-r--r--src/or/connection.c226
-rw-r--r--src/or/connection.h8
-rw-r--r--src/or/connection_edge.c36
-rw-r--r--src/or/control.c16
-rw-r--r--src/or/cpuworker.c6
-rw-r--r--src/or/dirserv.c95
-rw-r--r--src/or/dirserv.h2
-rw-r--r--src/or/dirvote.c100
-rw-r--r--src/or/dirvote.h6
-rw-r--r--src/or/entrynodes.c4
-rw-r--r--src/or/networkstatus.c31
-rw-r--r--src/or/or.h8
-rw-r--r--src/or/rendservice.c173
-rw-r--r--src/or/routerparse.c12
-rw-r--r--src/test/test_dir.c147
-rw-r--r--src/tools/tor-resolve.c27
26 files changed, 1001 insertions, 184 deletions
diff --git a/src/common/compat_threads.c b/src/common/compat_threads.c
index d2d929e430..15648d2851 100644
--- a/src/common/compat_threads.c
+++ b/src/common/compat_threads.c
@@ -171,10 +171,12 @@ pipe_drain(int fd)
{
char buf[32];
ssize_t r;
- while ((r = read_ni(fd, buf, sizeof(buf))) >= 0)
- ;
- if (r == 0 || errno != EAGAIN)
+ do {
+ r = read_ni(fd, buf, sizeof(buf));
+ } while (r > 0);
+ if (r < 0 && errno != EAGAIN)
return -1;
+ /* A value of r = 0 means EOF on the fd so successfully drained. */
return 0;
}
#endif
@@ -193,10 +195,12 @@ sock_drain(tor_socket_t fd)
{
char buf[32];
ssize_t r;
- while ((r = recv_ni(fd, buf, sizeof(buf), 0)) >= 0)
- ;
- if (r == 0 || !ERRNO_IS_EAGAIN(tor_socket_errno(fd)))
+ do {
+ r = recv_ni(fd, buf, sizeof(buf), 0);
+ } while (r > 0);
+ if (r < 0 && !ERRNO_IS_EAGAIN(tor_socket_errno(fd)))
return -1;
+ /* A value of r = 0 means EOF on the fd so successfully drained. */
return 0;
}
diff --git a/src/common/container.c b/src/common/container.c
index 37e28004ae..864fd8a552 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -518,11 +518,13 @@ smartlist_sort(smartlist_t *sl, int (*compare)(const void **a, const void **b))
/** Given a smartlist <b>sl</b> sorted with the function <b>compare</b>,
* return the most frequent member in the list. Break ties in favor of
- * later elements. If the list is empty, return NULL.
+ * later elements. If the list is empty, return NULL. If count_out is
+ * non-null, set it to the most frequent member.
*/
void *
-smartlist_get_most_frequent(const smartlist_t *sl,
- int (*compare)(const void **a, const void **b))
+smartlist_get_most_frequent_(const smartlist_t *sl,
+ int (*compare)(const void **a, const void **b),
+ int *count_out)
{
const void *most_frequent = NULL;
int most_frequent_count = 0;
@@ -530,8 +532,11 @@ smartlist_get_most_frequent(const smartlist_t *sl,
const void *cur = NULL;
int i, count=0;
- if (!sl->num_used)
+ if (!sl->num_used) {
+ if (count_out)
+ *count_out = 0;
return NULL;
+ }
for (i = 0; i < sl->num_used; ++i) {
const void *item = sl->list[i];
if (cur && 0 == compare(&cur, &item)) {
@@ -549,6 +554,8 @@ smartlist_get_most_frequent(const smartlist_t *sl,
most_frequent = cur;
most_frequent_count = count;
}
+ if (count_out)
+ *count_out = most_frequent_count;
return (void*)most_frequent;
}
@@ -728,6 +735,16 @@ smartlist_get_most_frequent_string(smartlist_t *sl)
return smartlist_get_most_frequent(sl, compare_string_ptrs_);
}
+/** Return the most frequent string in the sorted list <b>sl</b>.
+ * If <b>count_out</b> is provided, set <b>count_out</b> to the
+ * number of times that string appears.
+ */
+char *
+smartlist_get_most_frequent_string_(smartlist_t *sl, int *count_out)
+{
+ return smartlist_get_most_frequent_(sl, compare_string_ptrs_, count_out);
+}
+
/** Remove duplicate strings from a sorted list, and free them with tor_free().
*/
void
diff --git a/src/common/container.h b/src/common/container.h
index 377cdf5dba..6edc80f75b 100644
--- a/src/common/container.h
+++ b/src/common/container.h
@@ -94,8 +94,11 @@ void smartlist_del_keeporder(smartlist_t *sl, int idx);
void smartlist_insert(smartlist_t *sl, int idx, void *val);
void smartlist_sort(smartlist_t *sl,
int (*compare)(const void **a, const void **b));
-void *smartlist_get_most_frequent(const smartlist_t *sl,
- int (*compare)(const void **a, const void **b));
+void *smartlist_get_most_frequent_(const smartlist_t *sl,
+ int (*compare)(const void **a, const void **b),
+ int *count_out);
+#define smartlist_get_most_frequent(sl, compare) \
+ smartlist_get_most_frequent_((sl), (compare), NULL)
void smartlist_uniq(smartlist_t *sl,
int (*compare)(const void **a, const void **b),
void (*free_fn)(void *elt));
@@ -106,6 +109,7 @@ void smartlist_sort_digests256(smartlist_t *sl);
void smartlist_sort_pointers(smartlist_t *sl);
char *smartlist_get_most_frequent_string(smartlist_t *sl);
+char *smartlist_get_most_frequent_string_(smartlist_t *sl, int *count_out);
char *smartlist_get_most_frequent_digest256(smartlist_t *sl);
void smartlist_uniq_strings(smartlist_t *sl);
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 370c04a315..218c7bea1e 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -1780,9 +1780,13 @@ crypto_generate_dynamic_dh_modulus(void)
dynamic_dh_modulus = BN_new();
tor_assert(dynamic_dh_modulus);
- dh_parameters = DH_generate_parameters(DH_BYTES*8, DH_GENERATOR, NULL, NULL);
+ dh_parameters = DH_new();
tor_assert(dh_parameters);
+ r = DH_generate_parameters_ex(dh_parameters,
+ DH_BYTES*8, DH_GENERATOR, NULL);
+ tor_assert(r == 0);
+
r = DH_check(dh_parameters, &dh_codes);
tor_assert(r && !dh_codes);
@@ -3115,6 +3119,14 @@ openssl_dynlock_destroy_cb_(struct CRYPTO_dynlock_value *v,
tor_free(v);
}
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
+static void
+tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
+{
+ CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
+}
+#endif
+
/** @{ */
/** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
* multithreaded. */
@@ -3128,7 +3140,11 @@ setup_openssl_threading(void)
for (i=0; i < n; ++i)
openssl_mutexes_[i] = tor_mutex_new();
CRYPTO_set_locking_callback(openssl_locking_cb_);
+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,0)
CRYPTO_set_id_callback(tor_get_thread_id);
+#else
+ CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
+#endif
CRYPTO_set_dynlock_create_callback(openssl_dynlock_create_cb_);
CRYPTO_set_dynlock_lock_callback(openssl_dynlock_lock_cb_);
CRYPTO_set_dynlock_destroy_callback(openssl_dynlock_destroy_cb_);
diff --git a/src/common/tortls.c b/src/common/tortls.c
index ca629135a6..97a82bf6e1 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -50,6 +50,8 @@
#include <openssl/asn1.h>
#include <openssl/bio.h>
#include <openssl/opensslv.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
#if __GNUC__ && GCC_VERSION >= 402
#if GCC_VERSION >= 406
@@ -474,6 +476,8 @@ tor_tls_get_error(tor_tls_t *tls, int r, int extra,
static void
tor_tls_init(void)
{
+ check_no_tls_errors();
+
if (!tls_library_is_initialized) {
long version;
SSL_library_init();
@@ -572,6 +576,8 @@ tor_tls_init(void)
void
tor_tls_free_all(void)
{
+ check_no_tls_errors();
+
if (server_tls_context) {
tor_tls_context_t *ctx = server_tls_context;
server_tls_context = NULL;
@@ -883,29 +889,33 @@ tor_cert_decode(const uint8_t *certificate, size_t certificate_len)
const unsigned char *cp = (const unsigned char *)certificate;
tor_cert_t *newcert;
tor_assert(certificate);
+ check_no_tls_errors();
if (certificate_len > INT_MAX)
- return NULL;
+ goto err;
x509 = d2i_X509(NULL, &cp, (int)certificate_len);
if (!x509)
- return NULL; /* Couldn't decode */
+ goto err; /* Couldn't decode */
if (cp - certificate != (int)certificate_len) {
X509_free(x509);
- return NULL; /* Didn't use all the bytes */
+ goto err; /* Didn't use all the bytes */
}
newcert = tor_cert_new(x509);
if (!newcert) {
- return NULL;
+ goto err;
}
if (newcert->encoded_len != certificate_len ||
fast_memneq(newcert->encoded, certificate, certificate_len)) {
/* Cert wasn't in DER */
tor_cert_free(newcert);
- return NULL;
+ goto err;
}
return newcert;
+ err:
+ tls_log_errors(NULL, LOG_INFO, LD_CRYPTO, "decoding a certificate");
+ return NULL;
}
/** Set *<b>encoded_out</b> and *<b>size_out</b> to <b>cert</b>'s encoded DER
@@ -1047,21 +1057,24 @@ tor_tls_cert_is_valid(int severity,
const tor_cert_t *signing_cert,
int check_rsa_1024)
{
+ check_no_tls_errors();
+
EVP_PKEY *cert_key;
EVP_PKEY *signing_key = X509_get_pubkey(signing_cert->cert);
int r, key_ok = 0;
+
if (!signing_key)
- return 0;
+ goto bad;
r = X509_verify(cert->cert, signing_key);
EVP_PKEY_free(signing_key);
if (r <= 0)
- return 0;
+ goto bad;
/* okay, the signature checked out right. Now let's check the check the
* lifetime. */
if (check_cert_lifetime_internal(severity, cert->cert,
48*60*60, 30*24*60*60) < 0)
- return 0;
+ goto bad;
cert_key = X509_get_pubkey(cert->cert);
if (check_rsa_1024 && cert_key) {
@@ -1081,11 +1094,14 @@ tor_tls_cert_is_valid(int severity,
}
EVP_PKEY_free(cert_key);
if (!key_ok)
- return 0;
+ goto bad;
/* XXXX compare DNs or anything? */
return 1;
+ bad:
+ tls_log_errors(NULL, LOG_INFO, LD_CRYPTO, "checking a certificate");
+ return 0;
}
/** Increase the reference count of <b>ctx</b>. */
@@ -1112,6 +1128,7 @@ tor_tls_context_init(unsigned flags,
int rv1 = 0;
int rv2 = 0;
const int is_public_server = flags & TOR_TLS_CTX_IS_PUBLIC_SERVER;
+ check_no_tls_errors();
if (is_public_server) {
tor_tls_context_t *new_ctx;
@@ -1156,6 +1173,7 @@ tor_tls_context_init(unsigned flags,
1);
}
+ tls_log_errors(NULL, LOG_WARN, LD_CRYPTO, "constructing a TLS context");
return MIN(rv1, rv2);
}
@@ -1879,11 +1897,12 @@ tor_tls_new(int sock, int isServer)
client_tls_context;
result->magic = TOR_TLS_MAGIC;
+ check_no_tls_errors();
tor_assert(context); /* make sure somebody made it first */
if (!(result->ssl = SSL_new(context->ctx))) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "creating SSL object");
tor_free(result);
- return NULL;
+ goto err;
}
#ifdef SSL_set_tlsext_host_name
@@ -1903,7 +1922,7 @@ tor_tls_new(int sock, int isServer)
#endif
SSL_free(result->ssl);
tor_free(result);
- return NULL;
+ goto err;
}
if (!isServer)
rectify_client_ciphers(&result->ssl->cipher_list);
@@ -1916,7 +1935,7 @@ tor_tls_new(int sock, int isServer)
#endif
SSL_free(result->ssl);
tor_free(result);
- return NULL;
+ goto err;
}
{
int set_worked =
@@ -1950,6 +1969,10 @@ tor_tls_new(int sock, int isServer)
if (isServer)
tor_tls_setup_session_secret_cb(result);
+ goto done;
+ err:
+ result = NULL;
+ done:
/* Not expected to get called. */
tls_log_errors(NULL, LOG_WARN, LD_NET, "creating tor_tls_t object");
return result;
@@ -2197,6 +2220,7 @@ int
tor_tls_finish_handshake(tor_tls_t *tls)
{
int r = TOR_TLS_DONE;
+ check_no_tls_errors();
if (tls->isServer) {
SSL_set_info_callback(tls->ssl, NULL);
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, always_accept_verify_cb);
@@ -2242,6 +2266,7 @@ tor_tls_finish_handshake(tor_tls_t *tls)
r = TOR_TLS_ERROR_MISC;
}
}
+ tls_log_errors(NULL, LOG_WARN, LD_NET, "finishing the handshake");
return r;
}
@@ -2272,6 +2297,8 @@ tor_tls_renegotiate(tor_tls_t *tls)
/* We could do server-initiated renegotiation too, but that would be tricky.
* Instead of "SSL_renegotiate, then SSL_do_handshake until done" */
tor_assert(!tls->isServer);
+
+ check_no_tls_errors();
if (tls->state != TOR_TLS_ST_RENEGOTIATE) {
int r = SSL_renegotiate(tls->ssl);
if (r <= 0) {
@@ -2300,6 +2327,7 @@ tor_tls_shutdown(tor_tls_t *tls)
char buf[128];
tor_assert(tls);
tor_assert(tls->ssl);
+ check_no_tls_errors();
while (1) {
if (tls->state == TOR_TLS_ST_SENTCLOSE) {
@@ -2487,6 +2515,7 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity_key)
RSA *rsa;
int r = -1;
+ check_no_tls_errors();
*identity_key = NULL;
try_to_extract_certs_from_tls(severity, tls, &cert, &id_cert);
@@ -2727,6 +2756,8 @@ dn_indicates_v3_cert(X509_NAME *name)
int
tor_tls_received_v3_certificate(tor_tls_t *tls)
{
+ check_no_tls_errors();
+
X509 *cert = SSL_get_peer_certificate(tls->ssl);
EVP_PKEY *key = NULL;
X509_NAME *issuer_name, *subject_name;
@@ -2759,6 +2790,8 @@ tor_tls_received_v3_certificate(tor_tls_t *tls)
}
done:
+ tls_log_errors(tls, LOG_WARN, LD_NET, "checking for a v3 cert");
+
if (key)
EVP_PKEY_free(key);
if (cert)
diff --git a/src/common/util.c b/src/common/util.c
index be866a5fe6..442d57a2cf 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1381,6 +1381,20 @@ esc_for_log(const char *s)
return result;
}
+/** Similar to esc_for_log. Allocate and return a new string representing
+ * the first n characters in <b>chars</b>, surround by quotes and using
+ * standard C escapes. If a NUL character is encountered in <b>chars</b>,
+ * the resulting string will be terminated there.
+ */
+char *
+esc_for_log_len(const char *chars, size_t n)
+{
+ char *string = tor_strndup(chars, n);
+ char *string_escaped = esc_for_log(string);
+ tor_free(string);
+ return string_escaped;
+}
+
/** Allocate and return a new string representing the contents of <b>s</b>,
* surrounded by quotes and using standard C escapes.
*
diff --git a/src/common/util.h b/src/common/util.h
index 89c140032a..175a078c6b 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -239,6 +239,7 @@ int tor_mem_is_zero(const char *mem, size_t len);
int tor_digest_is_zero(const char *digest);
int tor_digest256_is_zero(const char *digest);
char *esc_for_log(const char *string) ATTR_MALLOC;
+char *esc_for_log_len(const char *chars, size_t n) ATTR_MALLOC;
const char *escaped(const char *string);
char *tor_escape_str_for_pt_args(const char *string,
diff --git a/src/ext/ht.h b/src/ext/ht.h
index e7a76196f5..19a67a6a41 100644
--- a/src/ext/ht.h
+++ b/src/ext/ht.h
@@ -121,16 +121,24 @@ ht_string_hash(const char *s)
((void)0)
#endif
+#define HT_BUCKET_NUM_(head, field, elm, hashfn) \
+ (HT_ELT_HASH_(elm,field,hashfn) % head->hth_table_length)
+
/* Helper: alias for the bucket containing 'elm'. */
#define HT_BUCKET_(head, field, elm, hashfn) \
- ((head)->hth_table[HT_ELT_HASH_(elm,field,hashfn) \
- % head->hth_table_length])
+ ((head)->hth_table[HT_BUCKET_NUM_(head, field, elm, hashfn)])
#define HT_FOREACH(x, name, head) \
for ((x) = HT_START(name, head); \
(x) != NULL; \
(x) = HT_NEXT(name, head, x))
+#ifndef HT_NDEBUG
+#define HT_ASSERT_(x) tor_assert(x)
+#else
+#define HT_ASSERT_(x) (void)0
+#endif
+
#define HT_PROTOTYPE(name, type, field, hashfn, eqfn) \
int name##_HT_GROW(struct name *ht, unsigned min_capacity); \
void name##_HT_CLEAR(struct name *ht); \
@@ -257,8 +265,11 @@ ht_string_hash(const char *s)
{ \
unsigned b = 0; \
while (b < head->hth_table_length) { \
- if (head->hth_table[b]) \
+ if (head->hth_table[b]) { \
+ HT_ASSERT_(b == \
+ HT_BUCKET_NUM_(head,field,head->hth_table[b],hashfn)); \
return &head->hth_table[b]; \
+ } \
++b; \
} \
return NULL; \
@@ -272,13 +283,17 @@ ht_string_hash(const char *s)
name##_HT_NEXT(struct name *head, struct type **elm) \
{ \
if ((*elm)->field.hte_next) { \
+ HT_ASSERT_(HT_BUCKET_NUM_(head,field,*elm,hashfn) == \
+ HT_BUCKET_NUM_(head,field,(*elm)->field.hte_next,hashfn)); \
return &(*elm)->field.hte_next; \
} else { \
- unsigned b = (HT_ELT_HASH_(*elm, field, hashfn) \
- % head->hth_table_length)+1; \
+ unsigned b = HT_BUCKET_NUM_(head,field,*elm,hashfn)+1; \
while (b < head->hth_table_length) { \
- if (head->hth_table[b]) \
+ if (head->hth_table[b]) { \
+ HT_ASSERT_(b == \
+ HT_BUCKET_NUM_(head,field,head->hth_table[b],hashfn)); \
return &head->hth_table[b]; \
+ } \
++b; \
} \
return NULL; \
@@ -418,7 +433,7 @@ ht_string_hash(const char *s)
for (elm = head->hth_table[i]; elm; elm = elm->field.hte_next) { \
if (HT_ELT_HASH_(elm, field, hashfn) != hashfn(elm)) \
return 1000 + i; \
- if ((HT_ELT_HASH_(elm, field, hashfn) % head->hth_table_length) != i) \
+ if (HT_BUCKET_NUM_(head,field,elm,hashfn) != i) \
return 10000 + i; \
++n; \
} \
diff --git a/src/or/config.c b/src/or/config.c
index 3ff60e5fc5..ae33a07996 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -68,6 +68,9 @@
/* From main.c */
extern int quiet_level;
+/* Prefix used to indicate a Unix socket in a FooPort configuration. */
+static const char unix_socket_prefix[] = "unix:";
+
/** A list of abbreviations and aliases to map command-line options, obsolete
* option names, or alternative option names, to their current values. */
static config_abbrev_t option_abbrevs_[] = {
@@ -83,6 +86,7 @@ static config_abbrev_t option_abbrevs_[] = {
PLURAL(HiddenServiceExcludeNode),
PLURAL(NumCPU),
PLURAL(RendNode),
+ PLURAL(RecommendedPackage),
PLURAL(RendExcludeNode),
PLURAL(StrictEntryNode),
PLURAL(StrictExitNode),
@@ -200,7 +204,6 @@ static config_var_t option_vars_[] = {
V(ControlPortWriteToFile, FILENAME, NULL),
V(ControlSocket, LINELIST, NULL),
V(ControlSocketsGroupWritable, BOOL, "0"),
- V(SocksSocket, LINELIST, NULL),
V(SocksSocketsGroupWritable, BOOL, "0"),
V(CookieAuthentication, BOOL, "0"),
V(CookieAuthFileGroupReadable, BOOL, "0"),
@@ -365,6 +368,7 @@ static config_var_t option_vars_[] = {
V(RecommendedVersions, LINELIST, NULL),
V(RecommendedClientVersions, LINELIST, NULL),
V(RecommendedServerVersions, LINELIST, NULL),
+ V(RecommendedPackages, LINELIST, NULL),
V(RefuseUnknownExits, AUTOBOOL, "auto"),
V(RejectPlaintextPorts, CSV, ""),
V(RelayBandwidthBurst, MEMUNIT, "0"),
@@ -1050,20 +1054,6 @@ options_act_reversible(const or_options_t *old_options, char **msg)
}
#endif
-#ifndef HAVE_SYS_UN_H
- if (options->SocksSocket || options->SocksSocketsGroupWritable) {
- *msg = tor_strdup("Unix domain sockets (SocksSocket) not supported "
- "on this OS/with this build.");
- goto rollback;
- }
-#else
- if (options->SocksSocketsGroupWritable && !options->SocksSocket) {
- *msg = tor_strdup("Setting SocksSocketGroupWritable without setting"
- "a SocksSocket makes no sense.");
- goto rollback;
- }
-#endif
-
if (running_tor) {
int n_ports=0;
/* We need to set the connection limit before we can open the listeners. */
@@ -1629,7 +1619,7 @@ options_act(const or_options_t *old_options)
}
if (parse_outbound_addresses(options, 0, &msg) < 0) {
- log_warn(LD_BUG, "Failed parsing oubound bind addresses: %s", msg);
+ log_warn(LD_BUG, "Failed parsing outbound bind addresses: %s", msg);
tor_free(msg);
return -1;
}
@@ -2755,6 +2745,13 @@ options_validate(or_options_t *old_options, or_options_t *options,
"features to be broken in unpredictable ways.");
}
+ for (cl = options->RecommendedPackages; cl; cl = cl->next) {
+ if (! validate_recommended_package_line(cl->value)) {
+ log_warn(LD_CONFIG, "Invalid RecommendedPackage line %s will be ignored",
+ escaped(cl->value));
+ }
+ }
+
if (options->AuthoritativeDir) {
if (!options->ContactInfo && !options->TestingTorNetwork)
REJECT("Authoritative directory servers must set ContactInfo");
@@ -5643,6 +5640,55 @@ warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
#define CL_PORT_TAKES_HOSTNAMES (1u<<5)
#define CL_PORT_IS_UNIXSOCKET (1u<<6)
+#ifdef HAVE_SYS_UN_H
+
+/** Parse the given <b>addrport</b> and set <b>path_out</b> if a Unix socket
+ * path is found. Return 0 on success. On error, a negative value is
+ * returned, -ENOENT if no Unix statement found, -EINVAL if the socket path
+ * is empty and -ENOSYS if AF_UNIX is not supported (see function in the
+ * #else statement below). */
+
+int
+config_parse_unix_port(const char *addrport, char **path_out)
+{
+ tor_assert(path_out);
+ tor_assert(addrport);
+
+ if (strcmpstart(addrport, unix_socket_prefix)) {
+ /* Not a Unix socket path. */
+ return -ENOENT;
+ }
+
+ if (strlen(addrport + strlen(unix_socket_prefix)) == 0) {
+ /* Empty socket path, not very usable. */
+ return -EINVAL;
+ }
+
+ *path_out = tor_strdup(addrport + strlen(unix_socket_prefix));
+ return 0;
+}
+
+#else /* defined(HAVE_SYS_UN_H) */
+
+int
+config_parse_unix_port(const char *addrport, char **path_out)
+{
+ tor_assert(path_out);
+ tor_assert(addrport);
+
+ if (strcmpstart(addrport, unix_socket_prefix)) {
+ /* Not a Unix socket path. */
+ return -ENOENT;
+ }
+
+ log_warn(LD_CONFIG,
+ "Port configuration %s is for an AF_UNIX socket, but we have no"
+ "support available on this platform",
+ escaped(addrport));
+ return -ENOSYS;
+}
+#endif /* defined(HAVE_SYS_UN_H) */
+
/**
* Parse port configuration for a single port type.
*
@@ -5704,6 +5750,7 @@ parse_port_config(smartlist_t *out,
const unsigned takes_hostnames = flags & CL_PORT_TAKES_HOSTNAMES;
const unsigned is_unix_socket = flags & CL_PORT_IS_UNIXSOCKET;
int got_zero_port=0, got_nonzero_port=0;
+ char *unix_socket_path = NULL;
/* FooListenAddress is deprecated; let's make it work like it used to work,
* though. */
@@ -5808,7 +5855,7 @@ parse_port_config(smartlist_t *out,
for (; ports; ports = ports->next) {
tor_addr_t addr;
- int port;
+ int port, ret;
int sessiongroup = SESSION_GROUP_UNSET;
unsigned isolation = ISO_DEFAULT;
int prefer_no_auth = 0;
@@ -5837,8 +5884,26 @@ parse_port_config(smartlist_t *out,
/* Now parse the addr/port value */
addrport = smartlist_get(elts, 0);
- if (is_unix_socket) {
- /* leave it as it is. */
+
+ /* Let's start to check if it's a Unix socket path. */
+ ret = config_parse_unix_port(addrport, &unix_socket_path);
+ if (ret < 0 && ret != -ENOENT) {
+ if (ret == -EINVAL) {
+ log_warn(LD_CONFIG, "Empty Unix socket path.");
+ }
+ goto err;
+ }
+
+ if (unix_socket_path &&
+ ! conn_listener_type_supports_af_unix(listener_type)) {
+ log_warn(LD_CONFIG, "%sPort does not support unix sockets", portname);
+ goto err;
+ }
+
+ if (unix_socket_path) {
+ port = 1;
+ } else if (is_unix_socket) {
+ unix_socket_path = tor_strdup(addrport);
if (!strcmp(addrport, "0"))
port = 0;
else
@@ -6028,12 +6093,13 @@ parse_port_config(smartlist_t *out,
}
if (out && port) {
- size_t namelen = is_unix_socket ? strlen(addrport) : 0;
+ size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
port_cfg_t *cfg = port_cfg_new(namelen);
- if (is_unix_socket) {
+ if (unix_socket_path) {
tor_addr_make_unspec(&cfg->addr);
- memcpy(cfg->unix_addr, addrport, strlen(addrport) + 1);
+ memcpy(cfg->unix_addr, unix_socket_path, namelen + 1);
cfg->is_unix_addr = 1;
+ tor_free(unix_socket_path);
} else {
tor_addr_copy(&cfg->addr, &addr);
cfg->port = port;
@@ -6183,13 +6249,6 @@ parse_ports(or_options_t *options, int validate_only,
*msg = tor_strdup("Invalid ControlSocket configuration");
goto err;
}
- if (parse_port_config(ports, options->SocksSocket, NULL,
- "SocksSocket",
- CONN_TYPE_AP_LISTENER, NULL, 0,
- CL_PORT_IS_UNIXSOCKET) < 0) {
- *msg = tor_strdup("Invalid SocksSocket configuration");
- goto err;
- }
}
if (! options->ClientOnly) {
if (parse_port_config(ports,
@@ -6233,8 +6292,6 @@ parse_ports(or_options_t *options, int validate_only,
!! count_real_listeners(ports, CONN_TYPE_OR_LISTENER);
options->SocksPort_set =
!! count_real_listeners(ports, CONN_TYPE_AP_LISTENER);
- options->SocksSocket_set =
- !! count_real_listeners(ports, CONN_TYPE_AP_LISTENER);
options->TransPort_set =
!! count_real_listeners(ports, CONN_TYPE_AP_TRANS_LISTENER);
options->NATDPort_set =
diff --git a/src/or/config.h b/src/or/config.h
index 6bd3eb5734..b064f05321 100644
--- a/src/or/config.h
+++ b/src/or/config.h
@@ -113,6 +113,7 @@ int addressmap_register_auto(const char *from, const char *to,
time_t expires,
addressmap_entry_source_t addrmap_source,
const char **msg);
+int config_parse_unix_port(const char *addrport, char **path_out);
/** Represents the information stored in a torrc Bridge line. */
typedef struct bridge_line_t {
diff --git a/src/or/connection.c b/src/or/connection.c
index 97fdee732e..0ce4f72209 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -56,6 +56,11 @@
#include <pwd.h>
#endif
+#ifdef HAVE_SYS_UN_H
+#include <sys/socket.h>
+#include <sys/un.h>
+#endif
+
static connection_t *connection_listener_new(
const struct sockaddr *listensockaddr,
socklen_t listensocklen, int type,
@@ -444,6 +449,22 @@ connection_link_connections(connection_t *conn_a, connection_t *conn_b)
conn_b->linked_conn = conn_a;
}
+/** Return true iff the provided connection listener type supports AF_UNIX
+ * sockets. */
+int
+conn_listener_type_supports_af_unix(int type)
+{
+ /* For now only control ports or SOCKS ports can be Unix domain sockets
+ * and listeners at the same time */
+ switch (type) {
+ case CONN_TYPE_CONTROL_LISTENER:
+ case CONN_TYPE_AP_LISTENER:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
/** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
* necessary, close its socket if necessary, and mark the directory as dirty
* if <b>conn</b> is an OR or OP connection.
@@ -511,8 +532,7 @@ connection_free_(connection_t *conn)
if (conn->socket_family == AF_UNIX) {
/* For now only control and SOCKS ports can be Unix domain sockets
* and listeners at the same time */
- tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER ||
- conn->type == CONN_TYPE_AP_LISTENER);
+ tor_assert(conn_listener_type_supports_af_unix(conn->type));
if (unlink(conn->address) < 0 && errno != ENOENT) {
log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
@@ -1167,17 +1187,13 @@ connection_listener_new(const struct sockaddr *listensockaddr,
}
#ifdef HAVE_SYS_UN_H
/*
- * AF_UNIX generic setup stuff (this covers both CONN_TYPE_CONTROL_LISTENER
- * and CONN_TYPE_AP_LISTENER cases)
+ * AF_UNIX generic setup stuff
*/
} else if (listensockaddr->sa_family == AF_UNIX) {
/* We want to start reading for both AF_UNIX cases */
start_reading = 1;
- /* For now only control ports or SOCKS ports can be Unix domain sockets
- * and listeners at the same time */
- tor_assert(type == CONN_TYPE_CONTROL_LISTENER ||
- type == CONN_TYPE_AP_LISTENER);
+ tor_assert(conn_listener_type_supports_af_unix(type));
if (check_location_for_unix_socket(options, address,
(type == CONN_TYPE_CONTROL_LISTENER) ?
@@ -1491,7 +1507,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
newconn->port = 0;
newconn->address = tor_strdup(conn->address);
- log_info(LD_NET, "New SOCKS SocksSocket connection opened");
+ log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
}
if (new_type == CONN_TYPE_CONTROL) {
log_notice(LD_CONTROL, "New control connection opened from %s.",
@@ -1585,37 +1601,31 @@ connection_init_accepted_conn(connection_t *conn,
return 0;
}
-/** Take conn, make a nonblocking socket; try to connect to
- * addr:port (they arrive in *host order*). If fail, return -1 and if
- * applicable put your best guess about errno into *<b>socket_error</b>.
- * Else assign s to conn-\>s: if connected return 1, if EAGAIN return 0.
- *
- * address is used to make the logs useful.
- *
- * On success, add conn to the list of polled connections.
- */
-int
-connection_connect(connection_t *conn, const char *address,
- const tor_addr_t *addr, uint16_t port, int *socket_error)
+
+static int
+connection_connect_sockaddr(connection_t *conn,
+ const struct sockaddr *sa,
+ socklen_t sa_len,
+ const struct sockaddr *bindaddr,
+ socklen_t bindaddr_len,
+ int *socket_error)
{
tor_socket_t s;
int inprogress = 0;
- struct sockaddr_storage addrbuf;
- struct sockaddr *dest_addr;
- int dest_addr_len;
const or_options_t *options = get_options();
int protocol_family;
+ tor_assert(conn);
+ tor_assert(sa);
+ tor_assert(socket_error);
+
if (get_n_open_sockets() >= get_options()->ConnLimit_-1) {
warn_too_many_conns();
*socket_error = SOCK_ERRNO(ENOBUFS);
return -1;
}
- if (tor_addr_family(addr) == AF_INET6)
- protocol_family = PF_INET6;
- else
- protocol_family = PF_INET;
+ protocol_family = sa->sa_family;
if (get_options()->DisableNetwork) {
/* We should never even try to connect anyplace if DisableNetwork is set.
@@ -1628,7 +1638,7 @@ connection_connect(connection_t *conn, const char *address,
return -1;
}
- s = tor_open_socket_nonblocking(protocol_family,SOCK_STREAM,IPPROTO_TCP);
+ s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, 0);
if (! SOCKET_OK(s)) {
*socket_error = tor_socket_errno(-1);
log_warn(LD_NET,"Error creating network socket: %s",
@@ -1641,6 +1651,74 @@ connection_connect(connection_t *conn, const char *address,
tor_socket_strerror(errno));
}
+ if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
+ *socket_error = tor_socket_errno(s);
+ log_warn(LD_NET,"Error binding network socket: %s",
+ tor_socket_strerror(*socket_error));
+ tor_close_socket(s);
+ return -1;
+ }
+
+ tor_assert(options);
+ if (options->ConstrainedSockets)
+ set_constrained_socket_buffers(s, (int)options->ConstrainedSockSize);
+
+ if (connect(s, sa, sa_len) < 0) {
+ int e = tor_socket_errno(s);
+ if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
+ /* yuck. kill it. */
+ *socket_error = e;
+ log_info(LD_NET,
+ "connect() to socket failed: %s",
+ tor_socket_strerror(e));
+ tor_close_socket(s);
+ return -1;
+ } else {
+ inprogress = 1;
+ }
+ }
+
+ /* it succeeded. we're connected. */
+ log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
+ "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
+ inprogress ? "in progress" : "established", s);
+ conn->s = s;
+ if (connection_add_connecting(conn) < 0) {
+ /* no space, forget it */
+ *socket_error = SOCK_ERRNO(ENOBUFS);
+ return -1;
+ }
+ return inprogress ? 0 : 1;
+
+}
+
+
+/** Take conn, make a nonblocking socket; try to connect to
+ * addr:port (they arrive in *host order*). If fail, return -1 and if
+ * applicable put your best guess about errno into *<b>socket_error</b>.
+ * Else assign s to conn-\>s: if connected return 1, if EAGAIN return 0.
+ *
+ * address is used to make the logs useful.
+ *
+ * On success, add conn to the list of polled connections.
+ */
+int
+connection_connect(connection_t *conn, const char *address,
+ const tor_addr_t *addr, uint16_t port, int *socket_error)
+{
+ struct sockaddr_storage addrbuf;
+ struct sockaddr_storage bind_addr_ss;
+ struct sockaddr *bind_addr = NULL;
+ struct sockaddr *dest_addr;
+ int dest_addr_len, bind_addr_len = 0;
+ const or_options_t *options = get_options();
+ int protocol_family;
+
+ if (tor_addr_family(addr) == AF_INET6)
+ protocol_family = PF_INET6;
+ else
+ protocol_family = PF_INET;
+
if (!tor_addr_is_loopback(addr)) {
const tor_addr_t *ext_addr = NULL;
if (protocol_family == AF_INET &&
@@ -1650,33 +1728,20 @@ connection_connect(connection_t *conn, const char *address,
!tor_addr_is_null(&options->OutboundBindAddressIPv6_))
ext_addr = &options->OutboundBindAddressIPv6_;
if (ext_addr) {
- struct sockaddr_storage ext_addr_sa;
- socklen_t ext_addr_len = 0;
- memset(&ext_addr_sa, 0, sizeof(ext_addr_sa));
- ext_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
- (struct sockaddr *) &ext_addr_sa,
- sizeof(ext_addr_sa));
- if (ext_addr_len == 0) {
+ memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
+ bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
+ (struct sockaddr *) &bind_addr_ss,
+ sizeof(bind_addr_ss));
+ if (bind_addr_len == 0) {
log_warn(LD_NET,
"Error converting OutboundBindAddress %s into sockaddr. "
"Ignoring.", fmt_and_decorate_addr(ext_addr));
} else {
- if (bind(s, (struct sockaddr *) &ext_addr_sa, ext_addr_len) < 0) {
- *socket_error = tor_socket_errno(s);
- log_warn(LD_NET,"Error binding network socket to %s: %s",
- fmt_and_decorate_addr(ext_addr),
- tor_socket_strerror(*socket_error));
- tor_close_socket(s);
- return -1;
- }
+ bind_addr = (struct sockaddr *)&bind_addr_ss;
}
}
}
- tor_assert(options);
- if (options->ConstrainedSockets)
- set_constrained_socket_buffers(s, (int)options->ConstrainedSockSize);
-
memset(&addrbuf,0,sizeof(addrbuf));
dest_addr = (struct sockaddr*) &addrbuf;
dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
@@ -1685,36 +1750,51 @@ connection_connect(connection_t *conn, const char *address,
log_debug(LD_NET, "Connecting to %s:%u.",
escaped_safe_str_client(address), port);
- if (connect(s, dest_addr, (socklen_t)dest_addr_len) < 0) {
- int e = tor_socket_errno(s);
- if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
- /* yuck. kill it. */
- *socket_error = e;
- log_info(LD_NET,
- "connect() to %s:%u failed: %s",
- escaped_safe_str_client(address),
- port, tor_socket_strerror(e));
- tor_close_socket(s);
- return -1;
- } else {
- inprogress = 1;
- }
- }
+ return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
+ bind_addr, bind_addr_len, socket_error);
+}
- /* it succeeded. we're connected. */
- log_fn(inprogress?LOG_DEBUG:LOG_INFO, LD_NET,
- "Connection to %s:%u %s (sock "TOR_SOCKET_T_FORMAT").",
- escaped_safe_str_client(address),
- port, inprogress?"in progress":"established", s);
- conn->s = s;
- if (connection_add_connecting(conn) < 0) {
- /* no space, forget it */
- *socket_error = SOCK_ERRNO(ENOBUFS);
+#ifdef HAVE_SYS_UN_H
+
+/** Take conn, make a nonblocking socket; try to connect to
+ * an AF_UNIX socket at socket_path. If fail, return -1 and if applicable
+ * put your best guess about errno into *<b>socket_error</b>. Else assign s
+ * to conn-\>s: if connected return 1, if EAGAIN return 0.
+ *
+ * On success, add conn to the list of polled connections.
+ */
+int
+connection_connect_unix(connection_t *conn, const char *socket_path,
+ int *socket_error)
+{
+ struct sockaddr_un dest_addr;
+
+ tor_assert(socket_path);
+
+ /* Check that we'll be able to fit it into dest_addr later */
+ if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
+ log_warn(LD_NET,
+ "Path %s is too long for an AF_UNIX socket\n",
+ escaped_safe_str_client(socket_path));
+ *socket_error = SOCK_ERRNO(ENAMETOOLONG);
return -1;
}
- return inprogress ? 0 : 1;
+
+ memset(&dest_addr, 0, sizeof(dest_addr));
+ dest_addr.sun_family = AF_UNIX;
+ strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
+
+ log_debug(LD_NET,
+ "Connecting to AF_UNIX socket at %s.",
+ escaped_safe_str_client(socket_path));
+
+ return connection_connect_sockaddr(conn,
+ (struct sockaddr *)&dest_addr, sizeof(dest_addr),
+ NULL, 0, socket_error);
}
+#endif /* defined(HAVE_SYS_UN_H) */
+
/** Convert state number to string representation for logging purposes.
*/
static const char *
diff --git a/src/or/connection.h b/src/or/connection.h
index ce6ed284c1..d0a34ece5c 100644
--- a/src/or/connection.h
+++ b/src/or/connection.h
@@ -17,6 +17,7 @@
const char *conn_type_to_string(int type);
const char *conn_state_to_string(int type, int state);
+int conn_listener_type_supports_af_unix(int type);
dir_connection_t *dir_connection_new(int socket_family);
or_connection_t *or_connection_new(int type, int socket_family);
@@ -89,6 +90,13 @@ int connection_connect(connection_t *conn, const char *address,
const tor_addr_t *addr,
uint16_t port, int *socket_error);
+#ifdef HAVE_SYS_UN_H
+
+int connection_connect_unix(connection_t *conn, const char *socket_path,
+ int *socket_error);
+
+#endif /* defined(HAVE_SYS_UN_H) */
+
/** Maximum size of information that we can fit into SOCKS5 username
or password fields. */
#define MAX_SOCKS5_AUTH_FIELD_SIZE 255
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index f541249992..9690653d59 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2940,7 +2940,7 @@ connection_exit_connect(edge_connection_t *edge_conn)
const tor_addr_t *addr;
uint16_t port;
connection_t *conn = TO_CONN(edge_conn);
- int socket_error = 0;
+ int socket_error = 0, result;
if ( (!connection_edge_is_rendezvous_stream(edge_conn) &&
router_compare_to_my_exit_policy(&edge_conn->base_.addr,
@@ -2955,14 +2955,36 @@ connection_exit_connect(edge_connection_t *edge_conn)
return;
}
- addr = &conn->addr;
- port = conn->port;
+#ifdef HAVE_SYS_UN_H
+ if (conn->socket_family != AF_UNIX) {
+#else
+ {
+#endif /* defined(HAVE_SYS_UN_H) */
+ addr = &conn->addr;
+ port = conn->port;
+
+ if (tor_addr_family(addr) == AF_INET6)
+ conn->socket_family = AF_INET6;
+
+ log_debug(LD_EXIT, "about to try connecting");
+ result = connection_connect(conn, conn->address,
+ addr, port, &socket_error);
+#ifdef HAVE_SYS_UN_H
+ } else {
+ /*
+ * In the AF_UNIX case, we expect to have already had conn->port = 1,
+ * tor_addr_make_unspec(conn->addr) (cf. the way we mark in the incoming
+ * case in connection_handle_listener_read()), and conn->address should
+ * have the socket path to connect to.
+ */
+ tor_assert(conn->address && strlen(conn->address) > 0);
- if (tor_addr_family(addr) == AF_INET6)
- conn->socket_family = AF_INET6;
+ log_debug(LD_EXIT, "about to try connecting");
+ result = connection_connect_unix(conn, conn->address, &socket_error);
+#endif /* defined(HAVE_SYS_UN_H) */
+ }
- log_debug(LD_EXIT,"about to try connecting");
- switch (connection_connect(conn, conn->address, addr, port, &socket_error)) {
+ switch (result) {
case -1: {
int reason = errno_to_stream_end_reason(socket_error);
connection_edge_end(edge_conn, reason);
diff --git a/src/or/control.c b/src/or/control.c
index 00cb4311fb..24e1479b50 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -1882,6 +1882,20 @@ circuit_describe_status_for_controller(origin_circuit_t *circ)
smartlist_add_asprintf(descparts, "TIME_CREATED=%s", tbuf);
}
+ // Show username and/or password if available.
+ if (circ->socks_username_len > 0) {
+ char* socks_username_escaped = esc_for_log_len(circ->socks_username,
+ (size_t) circ->socks_username_len);
+ smartlist_add_asprintf(descparts, "SOCKS_USERNAME=%s", socks_username_escaped);
+ tor_free(socks_username_escaped);
+ }
+ if (circ->socks_password_len > 0) {
+ char* socks_password_escaped = esc_for_log_len(circ->socks_password,
+ (size_t) circ->socks_password_len);
+ smartlist_add_asprintf(descparts, "SOCKS_PASSWORD=%s", socks_password_escaped);
+ tor_free(socks_password_escaped);
+ }
+
rv = smartlist_join_strings(descparts, " ", 0, NULL);
SMARTLIST_FOREACH(descparts, char *, cp, tor_free(cp));
@@ -2169,6 +2183,8 @@ static const getinfo_item_t getinfo_items[] = {
"Brief summary of router status by nickname (v2 directory format)."),
PREFIX("ns/purpose/", networkstatus,
"Brief summary of router status by purpose (v2 directory format)."),
+ PREFIX("consensus/", networkstatus,
+ "Information about and from the ns consensus."),
ITEM("network-status", dir,
"Brief summary of router status (v1 directory format)"),
ITEM("circuit-status", events, "List of current circuits originating here."),
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index 0785c671d9..3ddb37a262 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -347,6 +347,12 @@ cpuworker_onion_handshake_replyfn(void *work_)
circ->workqueue_entry = NULL;
+ if (TO_CIRCUIT(circ)->marked_for_close) {
+ /* We already marked this circuit; we can't call it open. */
+ log_debug(LD_OR,"circuit is already marked.");
+ goto done_processing;
+ }
+
if (rpl.success == 0) {
log_debug(LD_OR,
"decoding onionskin failed. "
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index b694f8af77..d90619520b 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1305,14 +1305,7 @@ dirserv_thinks_router_is_hs_dir(const routerinfo_t *router,
else
uptime = real_uptime(router, now);
- /* XXX We shouldn't need to check dir_port, but we do because of
- * bug 1693. In the future, once relays set wants_to_be_hs_dir
- * correctly, we can revert to only checking dir_port if router's
- * version is too old. */
- /* XXX Unfortunately, we need to keep checking dir_port until all
- * *clients* suffering from bug 2722 are obsolete. The first version
- * to fix the bug was 0.2.2.25-alpha. */
- return (router->wants_to_be_hs_dir && router->dir_port &&
+ return (router->wants_to_be_hs_dir &&
uptime >= get_options()->MinUptimeHidServDirectoryV2 &&
router_is_active(router, node, now));
}
@@ -2511,6 +2504,15 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
v3_out->client_versions = client_versions;
v3_out->server_versions = server_versions;
+ v3_out->package_lines = smartlist_new();
+ {
+ config_line_t *cl;
+ for (cl = get_options()->RecommendedPackages; cl; cl = cl->next) {
+ if (validate_recommended_package_line(cl->value))
+ smartlist_add(v3_out->package_lines, tor_strdup(cl->value));
+ }
+ }
+
v3_out->known_flags = smartlist_new();
smartlist_split_string(v3_out->known_flags,
"Authority Exit Fast Guard Stable V2Dir Valid",
@@ -3256,6 +3258,83 @@ connection_dirserv_flushed_some(dir_connection_t *conn)
}
}
+/** Return true iff <b>line</b> is a valid RecommendedPackages line.
+ */
+/*
+ The grammar is:
+
+ "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
+
+ PACKAGENAME = NONSPACE
+ VERSION = NONSPACE
+ URL = NONSPACE
+ DIGESTS = DIGEST | DIGESTS SP DIGEST
+ DIGEST = DIGESTTYPE "=" DIGESTVAL
+
+ NONSPACE = one or more non-space printing characters
+
+ DIGESTVAL = DIGESTTYPE = one or more non-=, non-" " characters.
+
+ SP = " "
+ NL = a newline
+
+ */
+int
+validate_recommended_package_line(const char *line)
+{
+ const char *cp = line;
+
+#define WORD() \
+ do { \
+ if (*cp == ' ') \
+ return 0; \
+ cp = strchr(cp, ' '); \
+ if (!cp) \
+ return 0; \
+ } while (0)
+
+ WORD(); /* skip packagename */
+ ++cp;
+ WORD(); /* skip version */
+ ++cp;
+ WORD(); /* Skip URL */
+ ++cp;
+
+ /* Skip digesttype=digestval + */
+ int n_entries = 0;
+ while (1) {
+ const char *start_of_word = cp;
+ const char *end_of_word = strchr(cp, ' ');
+ if (! end_of_word)
+ end_of_word = cp + strlen(cp);
+
+ if (start_of_word == end_of_word)
+ return 0;
+
+ const char *eq = memchr(start_of_word, '=', end_of_word - start_of_word);
+
+ if (!eq)
+ return 0;
+ if (eq == start_of_word)
+ return 0;
+ if (eq == end_of_word - 1)
+ return 0;
+ if (memchr(eq+1, '=', end_of_word - (eq+1)))
+ return 0;
+
+ ++n_entries;
+ if (0 == *end_of_word)
+ break;
+
+ cp = end_of_word + 1;
+ }
+
+ if (n_entries == 0)
+ return 0;
+
+ return 1;
+}
+
/** Release all storage used by the directory server. */
void
dirserv_free_all(void)
diff --git a/src/or/dirserv.h b/src/or/dirserv.h
index d4ce54260c..514ec444e6 100644
--- a/src/or/dirserv.h
+++ b/src/or/dirserv.h
@@ -104,6 +104,8 @@ void dirserv_free_all(void);
void cached_dir_decref(cached_dir_t *d);
cached_dir_t *new_cached_dir(char *s, time_t published);
+int validate_recommended_package_line(const char *line);
+
#ifdef DIRSERV_PRIVATE
/* Put the MAX_MEASUREMENT_AGE #define here so unit tests can see it */
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index f0dcc88070..7739c52d15 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -66,6 +66,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
{
smartlist_t *chunks = smartlist_new();
const char *client_versions = NULL, *server_versions = NULL;
+ char *packages = NULL;
char fingerprint[FINGERPRINT_LEN+1];
char digest[DIGEST_LEN];
uint32_t addr;
@@ -98,6 +99,18 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
server_versions_line = tor_strdup("");
}
+ if (v3_ns->package_lines) {
+ smartlist_t *tmp = smartlist_new();
+ SMARTLIST_FOREACH(v3_ns->package_lines, const char *, p,
+ if (validate_recommended_package_line(p))
+ smartlist_add_asprintf(tmp, "package %s\n", p));
+ packages = smartlist_join_strings(tmp, "", 0, NULL);
+ SMARTLIST_FOREACH(tmp, char *, cp, tor_free(cp));
+ smartlist_free(tmp);
+ } else {
+ packages = tor_strdup("");
+ }
+
{
char published[ISO_TIME_LEN+1];
char va[ISO_TIME_LEN+1];
@@ -132,6 +145,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
"valid-until %s\n"
"voting-delay %d %d\n"
"%s%s" /* versions */
+ "%s" /* packages */
"known-flags %s\n"
"flag-thresholds %s\n"
"params %s\n"
@@ -143,6 +157,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
v3_ns->vote_seconds, v3_ns->dist_seconds,
client_versions_line,
server_versions_line,
+ packages,
flags,
flag_thresholds,
params,
@@ -230,6 +245,7 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key,
done:
tor_free(client_versions_line);
tor_free(server_versions_line);
+ tor_free(packages);
SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
smartlist_free(chunks);
@@ -1037,6 +1053,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
const routerstatus_format_type_t rs_format =
flavor == FLAV_NS ? NS_V3_CONSENSUS : NS_V3_CONSENSUS_MICRODESC;
char *params = NULL;
+ char *packages = NULL;
int added_weights = 0;
tor_assert(flavor == FLAV_NS || flavor == FLAV_MICRODESC);
tor_assert(total_authorities >= smartlist_len(votes));
@@ -1120,6 +1137,11 @@ networkstatus_compute_consensus(smartlist_t *votes,
n_versioning_servers);
client_versions = compute_consensus_versions_list(combined_client_versions,
n_versioning_clients);
+ if (consensus_method >= MIN_METHOD_FOR_PACKAGE_LINES) {
+ packages = compute_consensus_package_lines(votes);
+ } else {
+ packages = tor_strdup("");
+ }
SMARTLIST_FOREACH(combined_server_versions, char *, cp, tor_free(cp));
SMARTLIST_FOREACH(combined_client_versions, char *, cp, tor_free(cp));
@@ -1162,10 +1184,13 @@ networkstatus_compute_consensus(smartlist_t *votes,
"voting-delay %d %d\n"
"client-versions %s\n"
"server-versions %s\n"
+ "%s" /* packages */
"known-flags %s\n",
va_buf, fu_buf, vu_buf,
vote_seconds, dist_seconds,
- client_versions, server_versions, flaglist);
+ client_versions, server_versions,
+ packages,
+ flaglist);
tor_free(flaglist);
}
@@ -1852,6 +1877,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
tor_free(client_versions);
tor_free(server_versions);
+ tor_free(packages);
SMARTLIST_FOREACH(flags, char *, cp, tor_free(cp));
smartlist_free(flags);
SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp));
@@ -1860,6 +1886,78 @@ networkstatus_compute_consensus(smartlist_t *votes,
return result;
}
+/** Given a list of networkstatus_t for each vote, return a newly allocated
+ * string containing the "package" lines for the vote. */
+STATIC char *
+compute_consensus_package_lines(smartlist_t *votes)
+{
+ const int n_votes = smartlist_len(votes);
+
+ /* This will be a map from "packagename version" strings to arrays
+ * of const char *, with the i'th member of the array corresponding to the
+ * package line from the i'th vote.
+ */
+ strmap_t *package_status = strmap_new();
+
+ SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
+ if (! v->package_lines)
+ continue;
+ SMARTLIST_FOREACH_BEGIN(v->package_lines, const char *, line) {
+ if (! validate_recommended_package_line(line))
+ continue;
+
+ /* Skip 'cp' to the second space in the line. */
+ const char *cp = strchr(line, ' ');
+ if (!cp) continue;
+ ++cp;
+ cp = strchr(cp, ' ');
+ if (!cp) continue;
+
+ char *key = tor_strndup(line, cp - line);
+
+ const char **status = strmap_get(package_status, key);
+ if (!status) {
+ status = tor_calloc(n_votes, sizeof(const char *));
+ strmap_set(package_status, key, status);
+ }
+ status[v_sl_idx] = line; /* overwrite old value */
+ tor_free(key);
+ } SMARTLIST_FOREACH_END(line);
+ } SMARTLIST_FOREACH_END(v);
+
+ smartlist_t *entries = smartlist_new(); /* temporary */
+ smartlist_t *result_list = smartlist_new(); /* output */
+ STRMAP_FOREACH(package_status, key, const char **, values) {
+ int i, count=-1;
+ for (i = 0; i < n_votes; ++i) {
+ if (values[i])
+ smartlist_add(entries, (void*) values[i]);
+ }
+ smartlist_sort_strings(entries);
+ int n_voting_for_entry = smartlist_len(entries);
+ const char *most_frequent =
+ smartlist_get_most_frequent_string_(entries, &count);
+
+ if (n_voting_for_entry >= 3 && count > n_voting_for_entry / 2) {
+ smartlist_add_asprintf(result_list, "package %s\n", most_frequent);
+ }
+
+ smartlist_clear(entries);
+
+ } STRMAP_FOREACH_END;
+
+ smartlist_sort_strings(result_list);
+
+ char *result = smartlist_join_strings(result_list, "", 0, NULL);
+
+ SMARTLIST_FOREACH(result_list, char *, cp, tor_free(cp));
+ smartlist_free(result_list);
+ smartlist_free(entries);
+ strmap_free(package_status, tor_free_);
+
+ return result;
+}
+
/** Given a consensus vote <b>target</b> and a set of detached signatures in
* <b>sigs</b> that correspond to the same consensus, check whether there are
* any new signatures in <b>src_voter_list</b> that should be added to
diff --git a/src/or/dirvote.h b/src/or/dirvote.h
index 8908336fa1..20dcbcd5b6 100644
--- a/src/or/dirvote.h
+++ b/src/or/dirvote.h
@@ -55,7 +55,7 @@
#define MIN_SUPPORTED_CONSENSUS_METHOD 13
/** The highest consensus method that we currently support. */
-#define MAX_SUPPORTED_CONSENSUS_METHOD 18
+#define MAX_SUPPORTED_CONSENSUS_METHOD 19
/** Lowest consensus method where microdesc consensuses omit any entry
* with no microdesc. */
@@ -79,6 +79,9 @@
* microdescriptors. */
#define MIN_METHOD_FOR_ID_HASH_IN_MD 18
+/** Lowest consensus method where we include "package" lines*/
+#define MIN_METHOD_FOR_PACKAGE_LINES 19
+
/** Default bandwidth to clip unmeasured bandwidths to using method >=
* MIN_METHOD_TO_CLIP_UNMEASURED_BW */
#define DEFAULT_MAX_UNMEASURED_BW_KB 20
@@ -160,6 +163,7 @@ STATIC char *format_networkstatus_vote(crypto_pk_t *private_key,
networkstatus_t *v3_ns);
STATIC char *dirvote_compute_params(smartlist_t *votes, int method,
int total_authorities);
+STATIC char *compute_consensus_package_lines(smartlist_t *votes);
#endif
#endif
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 5b0e342662..17cb825de3 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -2368,7 +2368,9 @@ entries_retry_helper(const or_options_t *options, int act)
SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e) {
node = node_get_by_id(e->identity);
if (node && node_has_descriptor(node) &&
- node_is_bridge(node) == need_bridges) {
+ node_is_bridge(node) == need_bridges &&
+ (!need_bridges || (!e->bad_since &&
+ node_is_a_configured_bridge(node)))) {
any_known = 1;
if (node->is_running)
any_running = 1; /* some entry is both known and running */
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 59ba1e6cb7..da110fdff6 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -257,6 +257,10 @@ networkstatus_vote_free(networkstatus_t *ns)
SMARTLIST_FOREACH(ns->supported_methods, char *, c, tor_free(c));
smartlist_free(ns->supported_methods);
}
+ if (ns->package_lines) {
+ SMARTLIST_FOREACH(ns->package_lines, char *, c, tor_free(c));
+ smartlist_free(ns->package_lines);
+ }
if (ns->voters) {
SMARTLIST_FOREACH_BEGIN(ns->voters, networkstatus_voter_info_t *, voter) {
tor_free(voter->nickname);
@@ -1909,6 +1913,33 @@ getinfo_helper_networkstatus(control_connection_t *conn,
} else if (!strcmpstart(question, "ns/purpose/")) {
*answer = networkstatus_getinfo_by_purpose(question+11, time(NULL));
return *answer ? 0 : -1;
+ } else if (!strcmp(question, "consensus/packages")) {
+ const networkstatus_t *ns = networkstatus_get_latest_consensus();
+ if (ns && ns->package_lines)
+ *answer = smartlist_join_strings(ns->package_lines, "\n", 0, NULL);
+ else
+ *errmsg = "No consensus available";
+ return *answer ? 0 : -1;
+ } else if (!strcmp(question, "consensus/valid-after") ||
+ !strcmp(question, "consensus/fresh-until") ||
+ !strcmp(question, "consensus/valid-until")) {
+ const networkstatus_t *ns = networkstatus_get_latest_consensus();
+ if (ns) {
+ time_t t;
+ if (!strcmp(question, "consensus/valid-after"))
+ t = ns->valid_after;
+ else if (!strcmp(question, "consensus/fresh-until"))
+ t = ns->fresh_until;
+ else
+ t = ns->valid_until;
+
+ char tbuf[ISO_TIME_LEN+1];
+ format_iso_time(tbuf, t);
+ *answer = tor_strdup(tbuf);
+ } else {
+ *errmsg = "No consensus available";
+ }
+ return *answer ? 0 : -1;
} else {
return 0;
}
diff --git a/src/or/or.h b/src/or/or.h
index 49068784f9..520b7dba89 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2417,6 +2417,9 @@ typedef struct networkstatus_t {
/** Vote only: what methods is this voter willing to use? */
smartlist_t *supported_methods;
+ /** List of 'package' lines describing hashes of downloadable packages */
+ smartlist_t *package_lines;
+
/** How long does this vote/consensus claim that authorities take to
* distribute their votes to one another? */
int vote_seconds;
@@ -3433,6 +3436,7 @@ typedef struct {
config_line_t *RecommendedVersions;
config_line_t *RecommendedClientVersions;
config_line_t *RecommendedServerVersions;
+ config_line_t *RecommendedPackages;
/** Whether dirservers allow router descriptors with private IPs. */
int DirAllowPrivateAddresses;
/** Whether routers accept EXTEND cells to routers with private IPs. */
@@ -3463,9 +3467,6 @@ typedef struct {
* for control connections. */
int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
- config_line_t *SocksSocket; /**< List of Unix Domain Sockets to listen on
- * for SOCKS connections. */
-
int SocksSocketsGroupWritable; /**< Boolean: Are SOCKS sockets g+rw? */
/** Ports to listen on for directory connections. */
config_line_t *DirPort_lines;
@@ -3489,7 +3490,6 @@ typedef struct {
*/
unsigned int ORPort_set : 1;
unsigned int SocksPort_set : 1;
- unsigned int SocksSocket_set : 1;
unsigned int TransPort_set : 1;
unsigned int NATDPort_set : 1;
unsigned int ControlPort_set : 1;
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 5a12d074ac..6ae569cd8f 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -66,9 +66,16 @@ static ssize_t rend_service_parse_intro_for_v3(
* a real port on some IP.
*/
typedef struct rend_service_port_config_t {
+ /* The incoming HS virtual port we're mapping */
uint16_t virtual_port;
+ /* Is this an AF_UNIX port? */
+ unsigned int is_unix_addr:1;
+ /* The outgoing TCP port to use, if !is_unix_addr */
uint16_t real_port;
+ /* The outgoing IPv4 or IPv6 address to use, if !is_unix_addr */
tor_addr_t real_addr;
+ /* The socket path to connect to, if is_unix_addr */
+ char unix_addr[FLEXIBLE_ARRAY_MEMBER];
} rend_service_port_config_t;
/** Try to maintain this many intro points per service by default. */
@@ -279,16 +286,48 @@ rend_add_service(rend_service_t *service)
service->directory);
for (i = 0; i < smartlist_len(service->ports); ++i) {
p = smartlist_get(service->ports, i);
- log_debug(LD_REND,"Service maps port %d to %s",
- p->virtual_port, fmt_addrport(&p->real_addr, p->real_port));
+ if (!(p->is_unix_addr)) {
+ log_debug(LD_REND,
+ "Service maps port %d to %s",
+ p->virtual_port,
+ fmt_addrport(&p->real_addr, p->real_port));
+ } else {
+#ifdef HAVE_SYS_UN_H
+ log_debug(LD_REND,
+ "Service maps port %d to socket at \"%s\"",
+ p->virtual_port, p->unix_addr);
+#else
+ log_debug(LD_REND,
+ "Service maps port %d to an AF_UNIX socket, but we "
+ "have no AF_UNIX support on this platform. This is "
+ "probably a bug.",
+ p->virtual_port);
+#endif /* defined(HAVE_SYS_UN_H) */
+ }
}
}
}
+/** Return a new rend_service_port_config_t with its path set to
+ * <b>socket_path</b> or empty if <b>socket_path</b> is NULL */
+static rend_service_port_config_t *
+rend_service_port_config_new(const char *socket_path)
+{
+ if (!socket_path)
+ return tor_malloc_zero(sizeof(rend_service_port_config_t));
+
+ const size_t pathlen = strlen(socket_path) + 1;
+ rend_service_port_config_t *conf =
+ tor_malloc_zero(sizeof(rend_service_port_config_t) + pathlen);
+ memcpy(conf->unix_addr, socket_path, pathlen);
+ conf->is_unix_addr = 1;
+ return conf;
+}
+
/** Parses a real-port to virtual-port mapping and returns a new
* rend_service_port_config_t.
*
- * The format is: VirtualPort (IP|RealPort|IP:RealPort)?
+ * The format is: VirtualPort (IP|RealPort|IP:RealPort|'socket':path)?
*
* IP defaults to 127.0.0.1; RealPort defaults to VirtualPort.
*/
@@ -297,11 +336,13 @@ parse_port_config(const char *string)
{
smartlist_t *sl;
int virtport;
- int realport;
+ int realport = 0;
uint16_t p;
tor_addr_t addr;
const char *addrport;
rend_service_port_config_t *result = NULL;
+ unsigned int is_unix_addr = 0;
+ char *socket_path = NULL;
sl = smartlist_new();
smartlist_split_string(sl, string, " ",
@@ -323,8 +364,21 @@ parse_port_config(const char *string)
realport = virtport;
tor_addr_from_ipv4h(&addr, 0x7F000001u); /* 127.0.0.1 */
} else {
+ int ret;
+
addrport = smartlist_get(sl,1);
- if (strchr(addrport, ':') || strchr(addrport, '.')) {
+ ret = config_parse_unix_port(addrport, &socket_path);
+ if (ret < 0 && ret != -ENOENT) {
+ if (ret == -EINVAL) {
+ log_warn(LD_CONFIG,
+ "Empty socket path in hidden service port configuration.");
+ }
+ goto err;
+ }
+ if (socket_path) {
+ is_unix_addr = 1;
+ } else if (strchr(addrport, ':') || strchr(addrport, '.')) {
+ /* else try it as an IP:port pair if it has a : or . in it */
if (tor_addr_port_lookup(addrport, &addr, &p)<0) {
log_warn(LD_CONFIG,"Unparseable address in hidden service port "
"configuration.");
@@ -343,13 +397,21 @@ parse_port_config(const char *string)
}
}
- result = tor_malloc(sizeof(rend_service_port_config_t));
+ /* Allow room for unix_addr */
+ result = rend_service_port_config_new(socket_path);
result->virtual_port = virtport;
- result->real_port = realport;
- tor_addr_copy(&result->real_addr, &addr);
+ result->is_unix_addr = is_unix_addr;
+ if (!is_unix_addr) {
+ result->real_port = realport;
+ tor_addr_copy(&result->real_addr, &addr);
+ result->unix_addr[0] = '\0';
+ }
+
err:
SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
smartlist_free(sl);
+ if (socket_path) tor_free(socket_path);
+
return result;
}
@@ -1070,8 +1132,8 @@ rend_check_authorization(rend_service_t *service,
}
/* Allow the request. */
- log_debug(LD_REND, "Client %s authorized for service %s.",
- auth_client->client_name, service->service_id);
+ log_info(LD_REND, "Client %s authorized for service %s.",
+ auth_client->client_name, service->service_id);
return 1;
}
@@ -3402,6 +3464,60 @@ rend_service_dump_stats(int severity)
}
}
+#ifdef HAVE_SYS_UN_H
+
+/** Given <b>ports</b>, a smarlist containing rend_service_port_config_t,
+ * add the given <b>p</b>, a AF_UNIX port to the list. Return 0 on success
+ * else return -ENOSYS if AF_UNIX is not supported (see function in the
+ * #else statement below). */
+static int
+add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
+{
+ tor_assert(ports);
+ tor_assert(p);
+ tor_assert(p->is_unix_addr);
+
+ smartlist_add(ports, p);
+ return 0;
+}
+
+/** Given <b>conn</b> set it to use the given port <b>p</b> values. Return 0
+ * on success else return -ENOSYS if AF_UNIX is not supported (see function
+ * in the #else statement below). */
+static int
+set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
+{
+ tor_assert(conn);
+ tor_assert(p);
+ tor_assert(p->is_unix_addr);
+
+ conn->base_.socket_family = AF_UNIX;
+ tor_addr_make_unspec(&conn->base_.addr);
+ conn->base_.port = 1;
+ conn->base_.address = tor_strdup(p->unix_addr);
+ return 0;
+}
+
+#else /* defined(HAVE_SYS_UN_H) */
+
+static int
+set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p)
+{
+ (void) conn;
+ (void) p;
+ return -ENOSYS;
+}
+
+static int
+add_unix_port(smartlist_t *ports, rend_service_port_config_t *p)
+{
+ (void) ports;
+ (void) p;
+ return -ENOSYS;
+}
+
+#endif /* HAVE_SYS_UN_H */
+
/** Given <b>conn</b>, a rendezvous exit stream, look up the hidden service for
* 'circ', and look up the port and address based on conn-\>port.
* Assign the actual conn-\>addr and conn-\>port. Return -2 on failure
@@ -3416,6 +3532,7 @@ rend_service_set_connection_addr_port(edge_connection_t *conn,
char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
smartlist_t *matching_ports;
rend_service_port_config_t *chosen_port;
+ unsigned int warn_once = 0;
tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_S_REND_JOINED);
tor_assert(circ->rend_data);
@@ -3433,19 +3550,45 @@ rend_service_set_connection_addr_port(edge_connection_t *conn,
matching_ports = smartlist_new();
SMARTLIST_FOREACH(service->ports, rend_service_port_config_t *, p,
{
- if (conn->base_.port == p->virtual_port) {
+ if (conn->base_.port != p->virtual_port) {
+ continue;
+ }
+ if (!(p->is_unix_addr)) {
smartlist_add(matching_ports, p);
+ } else {
+ if (add_unix_port(matching_ports, p)) {
+ if (!warn_once) {
+ /* Unix port not supported so warn only once. */
+ log_warn(LD_REND,
+ "Saw AF_UNIX virtual port mapping for port %d on service "
+ "%s, which is unsupported on this platform. Ignoring it.",
+ conn->base_.port, serviceid);
+ }
+ warn_once++;
+ }
}
});
chosen_port = smartlist_choose(matching_ports);
smartlist_free(matching_ports);
if (chosen_port) {
- tor_addr_copy(&conn->base_.addr, &chosen_port->real_addr);
- conn->base_.port = chosen_port->real_port;
+ if (!(chosen_port->is_unix_addr)) {
+ /* Get a non-AF_UNIX connection ready for connection_exit_connect() */
+ tor_addr_copy(&conn->base_.addr, &chosen_port->real_addr);
+ conn->base_.port = chosen_port->real_port;
+ } else {
+ if (set_unix_port(conn, chosen_port)) {
+ /* Simply impossible to end up here else we were able to add a Unix
+ * port without AF_UNIX support... ? */
+ tor_assert(0);
+ }
+ }
return 0;
}
- log_info(LD_REND, "No virtual port mapping exists for port %d on service %s",
- conn->base_.port,serviceid);
+
+ log_info(LD_REND,
+ "No virtual port mapping exists for port %d on service %s",
+ conn->base_.port, serviceid);
+
if (service->allow_unknown_ports)
return -1;
else
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index a2bc8fbb93..f7687e0e40 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -131,6 +131,7 @@ typedef enum {
K_CONSENSUS_METHOD,
K_LEGACY_DIR_KEY,
K_DIRECTORY_FOOTER,
+ K_PACKAGE,
A_PURPOSE,
A_LAST_LISTED,
@@ -420,6 +421,7 @@ static token_rule_t networkstatus_token_table[] = {
T1("known-flags", K_KNOWN_FLAGS, ARGS, NO_OBJ ),
T01("params", K_PARAMS, ARGS, NO_OBJ ),
T( "fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
+ T0N("package", K_PACKAGE, CONCAT_ARGS, NO_OBJ ),
CERTIFICATE_MEMBERS
@@ -2626,6 +2628,16 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
ns->server_versions = tor_strdup(tok->args[0]);
}
+ {
+ smartlist_t *package_lst = find_all_by_keyword(tokens, K_PACKAGE);
+ ns->package_lines = smartlist_new();
+ if (package_lst) {
+ SMARTLIST_FOREACH(package_lst, directory_token_t *, t,
+ smartlist_add(ns->package_lines, tor_strdup(t->args[0])));
+ }
+ smartlist_free(package_lst);
+ }
+
tok = find_by_keyword(tokens, K_KNOWN_FLAGS);
ns->known_flags = smartlist_new();
inorder = 1;
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 991e613cb6..84e80ea760 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -2954,6 +2954,152 @@ test_dir_fetch_type(void *arg)
done: ;
}
+static void
+test_dir_packages(void *arg)
+{
+ smartlist_t *votes = smartlist_new();
+ char *res = NULL;
+ (void)arg;
+
+#define BAD(s) \
+ tt_int_op(0, ==, validate_recommended_package_line(s));
+#define GOOD(s) \
+ tt_int_op(1, ==, validate_recommended_package_line(s));
+ GOOD("tor 0.2.6.3-alpha "
+ "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz "
+ "sha256=sssdlkfjdsklfjdskfljasdklfj");
+ GOOD("tor 0.2.6.3-alpha "
+ "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz "
+ "sha256=sssdlkfjdsklfjdskfljasdklfj blake2b=fred");
+ BAD("tor 0.2.6.3-alpha "
+ "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz "
+ "sha256=sssdlkfjdsklfjdskfljasdklfj=");
+ BAD("tor 0.2.6.3-alpha "
+ "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz "
+ "sha256=sssdlkfjdsklfjdskfljasdklfj blake2b");
+ BAD("tor 0.2.6.3-alpha "
+ "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz ");
+ BAD("tor 0.2.6.3-alpha "
+ "http://torproject.example.com/dist/tor-0.2.6.3-alpha.tar.gz");
+ BAD("tor 0.2.6.3-alpha ");
+ BAD("tor 0.2.6.3-alpha");
+ BAD("tor ");
+ BAD("tor");
+ BAD("");
+ BAD("=foobar sha256="
+ "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+ BAD("= = sha256="
+ "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+
+ BAD("sha512= sha256="
+ "3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7");
+
+ votes = smartlist_new();
+ smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+ smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+ smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+ smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+ smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+ smartlist_add(votes, tor_malloc_zero(sizeof(networkstatus_t)));
+ SMARTLIST_FOREACH(votes, networkstatus_t *, ns,
+ ns->package_lines = smartlist_new());
+
+#define ADD(i, s) \
+ smartlist_add(((networkstatus_t*)smartlist_get(votes, (i)))->package_lines, \
+ (void*)(s));
+
+ /* Only one vote for this one. */
+ ADD(4, "cisco 99z http://foobar.example.com/ sha256=blahblah");
+
+ /* Only two matching entries for this one, but 3 voters */
+ ADD(1, "mystic 99y http://barfoo.example.com/ sha256=blahblah");
+ ADD(3, "mystic 99y http://foobar.example.com/ sha256=blahblah");
+ ADD(4, "mystic 99y http://foobar.example.com/ sha256=blahblah");
+
+ /* Only two matching entries for this one, but at least 4 voters */
+ ADD(1, "mystic 99p http://barfoo.example.com/ sha256=ggggggg");
+ ADD(3, "mystic 99p http://foobar.example.com/ sha256=blahblah");
+ ADD(4, "mystic 99p http://foobar.example.com/ sha256=blahblah");
+ ADD(5, "mystic 99p http://foobar.example.com/ sha256=ggggggg");
+
+ /* This one has only invalid votes. */
+ ADD(0, "haffenreffer 1.2 http://foobar.example.com/ sha256");
+ ADD(1, "haffenreffer 1.2 http://foobar.example.com/ ");
+ ADD(2, "haffenreffer 1.2 ");
+ ADD(3, "haffenreffer ");
+ ADD(4, "haffenreffer");
+
+ /* Three matching votes for this; it should actually go in! */
+ ADD(2, "element 0.66.1 http://quux.example.com/ sha256=abcdef");
+ ADD(3, "element 0.66.1 http://quux.example.com/ sha256=abcdef");
+ ADD(4, "element 0.66.1 http://quux.example.com/ sha256=abcdef");
+ ADD(1, "element 0.66.1 http://quum.example.com/ sha256=abcdef");
+ ADD(0, "element 0.66.1 http://quux.example.com/ sha256=abcde");
+
+ /* Three votes for A, three votes for B */
+ ADD(0, "clownshoes 22alpha1 http://quumble.example.com/ blake2=foob");
+ ADD(1, "clownshoes 22alpha1 http://quumble.example.com/ blake2=foob");
+ ADD(2, "clownshoes 22alpha1 http://quumble.example.com/ blake2=foob");
+ ADD(3, "clownshoes 22alpha1 http://quumble.example.com/ blake2=fooz");
+ ADD(4, "clownshoes 22alpha1 http://quumble.example.com/ blake2=fooz");
+ ADD(5, "clownshoes 22alpha1 http://quumble.example.com/ blake2=fooz");
+
+ /* Three votes for A, two votes for B */
+ ADD(1, "clownshoes 22alpha3 http://quumble.example.com/ blake2=foob");
+ ADD(2, "clownshoes 22alpha3 http://quumble.example.com/ blake2=foob");
+ ADD(3, "clownshoes 22alpha3 http://quumble.example.com/ blake2=fooz");
+ ADD(4, "clownshoes 22alpha3 http://quumble.example.com/ blake2=fooz");
+ ADD(5, "clownshoes 22alpha3 http://quumble.example.com/ blake2=fooz");
+
+ /* Four votes for A, two for B. */
+ ADD(0, "clownshoes 22alpha4 http://quumble.example.com/ blake2=foob");
+ ADD(1, "clownshoes 22alpha4 http://quumble.example.com/ blake2=foob");
+ ADD(2, "clownshoes 22alpha4 http://quumble.example.cam/ blake2=fooa");
+ ADD(3, "clownshoes 22alpha4 http://quumble.example.cam/ blake2=fooa");
+ ADD(4, "clownshoes 22alpha4 http://quumble.example.cam/ blake2=fooa");
+ ADD(5, "clownshoes 22alpha4 http://quumble.example.cam/ blake2=fooa");
+
+ /* Five votes for A ... all from the same guy. Three for B. */
+ ADD(0, "cbc 99.1.11.1.1 http://example.com/cbc/ cubehash=ahooy sha512=m");
+ ADD(1, "cbc 99.1.11.1.1 http://example.com/cbc/ cubehash=ahooy sha512=m");
+ ADD(3, "cbc 99.1.11.1.1 http://example.com/cbc/ cubehash=ahooy sha512=m");
+ ADD(2, "cbc 99.1.11.1.1 http://example.com/ cubehash=ahooy");
+ ADD(2, "cbc 99.1.11.1.1 http://example.com/ cubehash=ahooy");
+ ADD(2, "cbc 99.1.11.1.1 http://example.com/ cubehash=ahooy");
+ ADD(2, "cbc 99.1.11.1.1 http://example.com/ cubehash=ahooy");
+ ADD(2, "cbc 99.1.11.1.1 http://example.com/ cubehash=ahooy");
+
+ /* As above but new replaces old: no two match. */
+ ADD(0, "cbc 99.1.11.1.2 http://example.com/cbc/ cubehash=ahooy sha512=m");
+ ADD(1, "cbc 99.1.11.1.2 http://example.com/cbc/ cubehash=ahooy sha512=m");
+ ADD(1, "cbc 99.1.11.1.2 http://example.com/cbc/x cubehash=ahooy sha512=m");
+ ADD(2, "cbc 99.1.11.1.2 http://example.com/cbc/ cubehash=ahooy sha512=m");
+ ADD(2, "cbc 99.1.11.1.2 http://example.com/ cubehash=ahooy");
+ ADD(2, "cbc 99.1.11.1.2 http://example.com/ cubehash=ahooy");
+ ADD(2, "cbc 99.1.11.1.2 http://example.com/ cubehash=ahooy");
+ ADD(2, "cbc 99.1.11.1.2 http://example.com/ cubehash=ahooy");
+ ADD(2, "cbc 99.1.11.1.2 http://example.com/ cubehash=ahooy");
+
+
+ res = compute_consensus_package_lines(votes);
+ tt_assert(res);
+ tt_str_op(res, ==,
+ "package cbc 99.1.11.1.1 http://example.com/cbc/ cubehash=ahooy sha512=m\n"
+ "package clownshoes 22alpha3 http://quumble.example.com/ blake2=fooz\n"
+ "package clownshoes 22alpha4 http://quumble.example.cam/ blake2=fooa\n"
+ "package element 0.66.1 http://quux.example.com/ sha256=abcdef\n"
+ "package mystic 99y http://foobar.example.com/ sha256=blahblah\n"
+ );
+
+#undef ADD
+#undef BAD
+#undef GOOD
+ done:
+ SMARTLIST_FOREACH(votes, networkstatus_t *, ns,
+ { smartlist_free(ns->package_lines); tor_free(ns); });
+ tor_free(res);
+}
+
#define DIR_LEGACY(name) \
{ #name, test_dir_ ## name , TT_FORK, NULL, NULL }
@@ -2983,6 +3129,7 @@ struct testcase_t dir_tests[] = {
DIR(http_handling, 0),
DIR(purpose_needs_anonymity, 0),
DIR(fetch_type, 0),
+ DIR(packages, 0),
END_OF_TESTCASES
};
diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c
index e6eadf1dd3..04815a63f7 100644
--- a/src/tools/tor-resolve.c
+++ b/src/tools/tor-resolve.c
@@ -108,6 +108,18 @@ build_socks_resolve_request(char **out,
return len;
}
+static void
+onion_warning(const char *hostname)
+{
+ log_warn(LD_NET,
+ "%s is a hidden service; those don't have IP addresses. "
+ "You can use the AutomapHostsOnResolve option to have Tor return a "
+ "fake address for hidden services. Or you can have your "
+ "application send the address to Tor directly; we recommend an "
+ "application that uses SOCKS 5 with hostnames.",
+ hostname);
+}
+
/** Given a <b>len</b>-byte SOCKS4a response in <b>response</b>, set
* *<b>addr_out</b> to the address it contains (in host order).
* Return 0 on success, -1 on error.
@@ -137,10 +149,7 @@ parse_socks4a_resolve_response(const char *hostname,
if (status != 90) {
log_warn(LD_NET,"Got status response '%d': socks request failed.", status);
if (!strcasecmpend(hostname, ".onion")) {
- log_warn(LD_NET,
- "%s is a hidden service; those don't have IP addresses. "
- "To connect to a hidden service, you need to send the hostname "
- "to Tor; we suggest an application that uses SOCKS 4a.",hostname);
+ onion_warning(hostname);
return -1;
}
return -1;
@@ -276,11 +285,7 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
(unsigned)reply_buf[1],
socks5_reason_to_string(reply_buf[1]));
if (reply_buf[1] == 4 && !strcasecmpend(hostname, ".onion")) {
- log_warn(LD_NET,
- "%s is a hidden service; those don't have IP addresses. "
- "To connect to a hidden service, you need to send the hostname "
- "to Tor; we suggest an application that uses SOCKS 4a.",
- hostname);
+ onion_warning(hostname);
}
goto err;
}
@@ -326,8 +331,8 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
static void
usage(void)
{
- puts("Syntax: tor-resolve [-4] [-v] [-x] [-F] [-p port] "
- "hostname [sockshost:socksport]");
+ puts("Syntax: tor-resolve [-4] [-5] [-v] [-x] [-F] [-p port] "
+ "hostname [sockshost[:socksport]]");
exit(1);
}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion