Clients do not request version 0 hidserv descs anymore.

2024-12-01 08:03:31 +01:00 · 2009-05-03 00:09:18 +02:00 · 2009-05-03 00:09:18 +02:00 · f79688ddef
commit f79688ddef
parent 0d68da2381
7 changed files with 43 additions and 146 deletions
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@ -1110,12 +1110,7 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn,
        log_info(LD_REND,
                 "No intro points for '%s': refetching service descriptor.",
                 safe_str(conn->rend_data->onion_address));
        /* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
         * arrives first. Exception: When using client authorization, only
         * fetch v2 descriptors.*/
        rend_client_refetch_v2_renddesc(conn->rend_data);
        if (conn->rend_data->auth_type == REND_NO_AUTH)
          rend_client_refetch_renddesc(conn->rend_data->onion_address);
        conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT;
        return 0;
      }
--- a/src/or/connection.c
+++ b/src/or/connection.c
@ -544,13 +544,6 @@ connection_about_to_close_connection(connection_t *conn)
         * failed: forget about this router, and maybe try again. */
        connection_dir_request_failed(dir_conn);
      }
      if (conn->purpose == DIR_PURPOSE_FETCH_RENDDESC && dir_conn->rend_data) {
        /* Give it a try. However, there is no re-fetching for v0 rend
         * descriptors; if the response is empty or the descriptor is
         * unusable, close pending connections (unless a v2 request is
         * still in progress). */
        rend_client_desc_trynow(dir_conn->rend_data->onion_address, 0);
      }
      /* If we were trying to fetch a v2 rend desc and did not succeed,
       * retry as needed. (If a fetch is successful, the connection state
       * is changed to DIR_PURPOSE_HAS_FETCHED_RENDDESC to mark that
@ -2576,8 +2569,8 @@ connection_get_by_type_state(int type, int state)
 /** Return a connection of type <b>type</b> that has rendquery equal
 * to <b>rendquery</b>, and that is not marked for close. If state
- * is non-zero, conn must be of that state too. If rendversion is
+ * is non-zero, conn must be of that state too. (rendversion is
- * nonnegative, conn must be fetching that rendversion, too.
+ * ignored.)
 */
 connection_t *
 connection_get_by_type_state_rendquery(int type, int state,
@ -2585,6 +2578,7 @@ connection_get_by_type_state_rendquery(int type, int state,
                                       int rendversion)
 {
  smartlist_t *conns = get_connection_array();
  (void) rendversion;
  tor_assert(type == CONN_TYPE_DIR ||
             type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
@ -2597,8 +2591,6 @@ connection_get_by_type_state_rendquery(int type, int state,
        (!state || state == conn->state)) {
      if (type == CONN_TYPE_DIR &&
          TO_DIR_CONN(conn)->rend_data &&
          (rendversion < 0 ||
           rendversion == TO_DIR_CONN(conn)->rend_data->rend_desc_version) &&
          !rend_cmp_service_ids(rendquery,
                                TO_DIR_CONN(conn)->rend_data->onion_address))
        return conn;
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@ -1675,12 +1675,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
      conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT;
      log_info(LD_REND, "Unknown descriptor %s. Fetching.",
               safe_str(conn->rend_data->onion_address));
      /* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
       * arrives first. Exception: When using client authorization, only
       * fetch v2 descriptors.*/
      rend_client_refetch_v2_renddesc(conn->rend_data);
      if (conn->rend_data->auth_type == REND_NO_AUTH)
        rend_client_refetch_renddesc(conn->rend_data->onion_address);
    } else { /* r > 0 */
 /** How long after we receive a hidden service descriptor do we consider
 * it valid? */
@ -1697,12 +1692,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
        conn->_base.state = AP_CONN_STATE_RENDDESC_WAIT;
        log_info(LD_REND, "Stale descriptor %s. Refetching.",
                 safe_str(conn->rend_data->onion_address));
        /* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
         * arrives first. Exception: When using client authorization, only
         * fetch v2 descriptors.*/
        rend_client_refetch_v2_renddesc(conn->rend_data);
        if (conn->rend_data->auth_type == REND_NO_AUTH)
          rend_client_refetch_renddesc(conn->rend_data->onion_address);
      }
    }
    return 0;
--- a/src/or/directory.c
+++ b/src/or/directory.c
@ -1050,31 +1050,10 @@ directory_send_command(dir_connection_t *conn,
      httpcommand = "POST";
      url = tor_strdup("/tor/post/consensus-signature");
      break;
    case DIR_PURPOSE_FETCH_RENDDESC:
      tor_assert(resource);
      tor_assert(!payload);
      /* this must be true or we wouldn't be doing the lookup */
      tor_assert(strlen(resource) <= REND_SERVICE_ID_LEN_BASE32);
      /* This breaks the function abstraction. */
      conn->rend_data = tor_malloc_zero(sizeof(rend_data_t));
      strlcpy(conn->rend_data->onion_address, resource,
              sizeof(conn->rend_data->onion_address));
      conn->rend_data->rend_desc_version = 0;
      httpcommand = "GET";
      /* Request the most recent versioned descriptor. */
      // (XXXX We were going to switch this to fetch rendezvous1 descriptors,
      // but that never got testing, and it wasn't a good design.)
      len = strlen(resource)+32;
      url = tor_malloc(len);
      tor_snprintf(url, len, "/tor/rendezvous/%s", resource);
      break;
    case DIR_PURPOSE_FETCH_RENDDESC_V2:
      tor_assert(resource);
      tor_assert(strlen(resource) <= REND_DESC_ID_V2_LEN_BASE32);
      tor_assert(!payload);
      conn->rend_data->rend_desc_version = 2;
      httpcommand = "GET";
      len = strlen(resource) + 32;
      url = tor_malloc(len);
--- a/src/or/or.h
+++ b/src/or/or.h
@ -730,12 +730,6 @@ typedef struct rend_data_t {
  /** Rendezvous cookie used by both, client and service. */
  char rend_cookie[REND_COOKIE_LEN];
  /** Rendezvous descriptor version that is used by a service. Used to
   * distinguish introduction and rendezvous points belonging to the same
   * rendezvous service ID, but different descriptor versions.
   */
  uint8_t rend_desc_version;
 } rend_data_t;
 /** Time interval for tracking possible replays of INTRODUCE2 cells.
@ -4014,7 +4008,6 @@ void rend_client_introcirc_has_opened(origin_circuit_t *circ);
 void rend_client_rendcirc_has_opened(origin_circuit_t *circ);
 int rend_client_introduction_acked(origin_circuit_t *circ, const char *request,
                                   size_t request_len);
 void rend_client_refetch_renddesc(const char *query);
 void rend_client_refetch_v2_renddesc(const rend_data_t *rend_query);
 int rend_client_remove_intro_point(extend_info_t *failed_intro,
                                   const rend_data_t *rend_query);
@ -4089,10 +4082,6 @@ void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
                             int command, size_t length, const char *payload);
 void rend_service_descriptor_free(rend_service_descriptor_t *desc);
 int rend_encode_service_descriptor(rend_service_descriptor_t *desc,
                                   crypto_pk_env_t *key,
                                   char **str_out,
                                   size_t *len_out);
 rend_service_descriptor_t *rend_parse_service_descriptor(const char *str,
                                                         size_t len);
 int rend_get_service_id(crypto_pk_env_t *pk, char *out);
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@ -63,7 +63,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
  rend_cache_entry_t *entry;
  crypt_path_t *cpath;
  off_t dh_offset;
-  crypto_pk_env_t *intro_key; /* either Bob's public key or an intro key. */
+  crypto_pk_env_t *intro_key = NULL;
  tor_assert(introcirc->_base.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
  tor_assert(rendcirc->_base.purpose == CIRCUIT_PURPOSE_C_REND_READY);
@ -80,10 +80,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
    goto err;
  }
-  /* first 20 bytes of payload are the hash of bob's pk */
+  /* first 20 bytes of payload are the hash of the intro key */
  if (entry->parsed->version == 0) { /* unversioned descriptor */
    intro_key = entry->parsed->pk;
  } else { /* versioned descriptor */
  intro_key = NULL;
  SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *,
                    intro, {
@ -97,7 +94,6 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
    log_warn(LD_BUG, "Internal error: could not find intro key.");
    goto err;
  }
  }
  if (crypto_pk_get_digest(intro_key, payload)<0) {
    log_warn(LD_BUG, "Internal error: couldn't hash public key.");
    goto err;
@ -451,28 +447,6 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
  return 1;
 }
 /** If we are not currently fetching a rendezvous service descriptor
 * for the service ID <b>query</b>, start a directory connection to fetch a
 * new one.
 */
 void
 rend_client_refetch_renddesc(const char *query)
 {
  if (!get_options()->FetchHidServDescriptors)
    return;
  log_info(LD_REND, "Fetching rendezvous descriptor for service %s",
           escaped_safe_str(query));
  if (connection_get_by_type_state_rendquery(CONN_TYPE_DIR, 0, query, 0)) {
    log_info(LD_REND,"Would fetch a new renddesc here (for %s), but one is "
             "already in progress.", escaped_safe_str(query));
  } else {
    /* not one already; initiate a dir rend desc lookup */
    directory_get_from_dirserver(DIR_PURPOSE_FETCH_RENDDESC,
                                 ROUTER_PURPOSE_GENERAL, query,
                                 PDS_RETRY_IF_NO_SERVERS);
  }
 }
 /** Start a connection to a hidden service directory to fetch a v2
 * rendezvous service descriptor for the base32-encoded service ID
 * <b>query</b>.
@ -552,12 +526,7 @@ rend_client_remove_intro_point(extend_info_t *failed_intro,
  if (r==0) {
    log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.",
             escaped_safe_str(rend_query->onion_address));
    /* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
     * arrives first. Exception: When using client authorization, only
     * fetch v2 descriptors.*/
    rend_client_refetch_v2_renddesc(rend_query);
    if (rend_query->auth_type == REND_NO_AUTH)
      rend_client_refetch_renddesc(rend_query->onion_address);
    return 0;
  }
@ -575,12 +544,7 @@ rend_client_remove_intro_point(extend_info_t *failed_intro,
    log_info(LD_REND,
             "No more intro points remain for %s. Re-fetching descriptor.",
             escaped_safe_str(rend_query->onion_address));
    /* Fetch both, v0 and v2 rend descriptors in parallel. Use whichever
     * arrives first. Exception: When using client authorization, only
     * fetch v2 descriptors.*/
    rend_client_refetch_v2_renddesc(rend_query);
    if (rend_query->auth_type == REND_NO_AUTH)
      rend_client_refetch_renddesc(rend_query->onion_address);
    /* move all pending streams back to renddesc_wait */
    while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP,
@ -696,11 +660,11 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
 /** Find all the apconns in state AP_CONN_STATE_RENDDESC_WAIT that
 * are waiting on query. If there's a working cache entry here
- * with at least one intro point, move them to the next state. If
+ * with at least one intro point, move them to the next state.
- * <b>rend_version</b> is non-negative, fail connections that have
+ * (<b>rend_version</b> was used to keep the connection open when
- * requested <b>query</b> unless there are still descriptor fetch
+ * there were still descriptor fetch requests in progress for other
- * requests in progress for other descriptor versions than
+ * descriptor versions than <b>rend_version</b>, but this is obsolete
- * <b>rend_version</b>.
+ * now that we support only version 2.)
 */
 void
 rend_client_desc_trynow(const char *query, int rend_version)
@ -708,8 +672,9 @@ rend_client_desc_trynow(const char *query, int rend_version)
  edge_connection_t *conn;
  rend_cache_entry_t *entry;
  time_t now = time(NULL);
  smartlist_t *conns = get_connection_array();
  (void) rend_version;
  SMARTLIST_FOREACH(conns, connection_t *, _conn,
  {
    if (_conn->type != CONN_TYPE_AP ||
@ -743,16 +708,10 @@ rend_client_desc_trynow(const char *query, int rend_version)
          connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
      }
    } else { /* 404, or fetch didn't get that far */
      /* Unless there are requests for another descriptor version pending,
       * close the connection. */
      if (rend_version >= 0 &&
          !connection_get_by_type_state_rendquery(CONN_TYPE_DIR, 0, query,
                                                  rend_version == 0 ? 2 : 0)) {
      log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is "
                 "unavailable (try again later).", safe_str(query));
      connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED);
    }
    }
  });
 }
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@ -458,10 +458,9 @@ rend_config_services(or_options_t *options, int validate_only)
        });
        if (keep_it)
          continue;
-        log_info(LD_REND, "Closing intro point %s for service %s version %d.",
+        log_info(LD_REND, "Closing intro point %s for service %s.",
                 safe_str(oc->build_state->chosen_exit->nickname),
-                 oc->rend_data->onion_address,
+                 oc->rend_data->onion_address);
                 oc->rend_data->rend_desc_version);
        circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
        /* XXXX Is there another reason we should use here? */
      }
@ -889,8 +888,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
  /* look up service depending on circuit. */
  service = rend_service_get_by_pk_digest_and_version(
-              circuit->rend_data->rend_pk_digest,
+              circuit->rend_data->rend_pk_digest, -1);
              circuit->rend_data->rend_desc_version);
  if (!service) {
    log_warn(LD_REND, "Got an INTRODUCE2 cell for an unrecognized service %s.",
             escaped(serviceid));
@ -1269,12 +1267,14 @@ rend_service_launch_establish_intro(rend_service_t *service,
 }
 /** Return the number of introduction points that are or have been
- * established for the given service address and rendezvous version. */
+ * established for the given service address in <b>query</b>.
 * (<b>rend_version</b> is ignored.) */
 static int
 count_established_intro_points(const char *query, int rend_version)
 {
  int num_ipos = 0;
  circuit_t *circ;
  (void) rend_version;
  for (circ = _circuit_get_global_list(); circ; circ = circ->next) {
    if (!circ->marked_for_close &&
        circ->state == CIRCUIT_STATE_OPEN &&
@ -1282,7 +1282,6 @@ count_established_intro_points(const char *query, int rend_version)
         circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) {
      origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ);
      if (oc->rend_data &&
          oc->rend_data->rend_desc_version == rend_version &&
          !rend_cmp_service_ids(query, oc->rend_data->onion_address))
        num_ipos++;
    }
@ -1313,8 +1312,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
                circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
  service = rend_service_get_by_pk_digest_and_version(
-              circuit->rend_data->rend_pk_digest,
+              circuit->rend_data->rend_pk_digest, -1);
              circuit->rend_data->rend_desc_version);
  if (!service) {
    log_warn(LD_REND, "Unrecognized service ID %s on introduction circuit %d.",
             serviceid, circuit->_base.n_circ_id);
@ -1324,8 +1322,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
  /* If we already have enough introduction circuits for this service,
   * redefine this one as a general circuit. */
-  if (count_established_intro_points(serviceid,
+  if (count_established_intro_points(serviceid, -1) > NUM_INTRO_POINTS) {
          circuit->rend_data->rend_desc_version) > NUM_INTRO_POINTS) {
    log_info(LD_CIRC|LD_REND, "We have just finished an introduction "
             "circuit, but we already have enough. Redefining purpose to "
             "general.");
@ -1399,8 +1396,7 @@ rend_service_intro_established(origin_circuit_t *circuit, const char *request,
  }
  tor_assert(circuit->rend_data);
  service = rend_service_get_by_pk_digest_and_version(
-              circuit->rend_data->rend_pk_digest,
+              circuit->rend_data->rend_pk_digest, -1);
              circuit->rend_data->rend_desc_version);
  if (!service) {
    log_warn(LD_REND, "Unknown service on introduction circuit %d.",
             circuit->_base.n_circ_id);
@ -1451,8 +1447,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
           circuit->_base.n_circ_id, hexcookie, serviceid);
  service = rend_service_get_by_pk_digest_and_version(
-              circuit->rend_data->rend_pk_digest,
+              circuit->rend_data->rend_pk_digest, -1);
              circuit->rend_data->rend_desc_version);
  if (!service) {
    log_warn(LD_GENERAL, "Internal error: unrecognized service ID on "
             "introduction circuit.");
@ -1508,23 +1503,23 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
 */
 /** Return the (possibly non-open) introduction circuit ending at
- * <b>intro</b> for the service whose public key is <b>pk_digest</b> and
+ * <b>intro</b> for the service whose public key is <b>pk_digest</b>.
- * which publishes descriptor of version <b>desc_version</b>.  Return
+ * (<b>desc_version</b> is ignored). Return NULL if no such service is
- * NULL if no such service is found.
+ * found.
 */
 static origin_circuit_t *
 find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest,
                   int desc_version)
 {
  origin_circuit_t *circ = NULL;
  (void) desc_version;
  tor_assert(intro);
  while ((circ = circuit_get_next_by_pk_and_purpose(circ,pk_digest,
                                                  CIRCUIT_PURPOSE_S_INTRO))) {
    if (!memcmp(circ->build_state->chosen_exit->identity_digest,
                intro->extend_info->identity_digest, DIGEST_LEN) &&
-        circ->rend_data &&
+        circ->rend_data) {
        circ->rend_data->rend_desc_version == desc_version) {
      return circ;
    }
  }
@ -1534,8 +1529,7 @@ find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest,
                                        CIRCUIT_PURPOSE_S_ESTABLISH_INTRO))) {
    if (!memcmp(circ->build_state->chosen_exit->identity_digest,
                intro->extend_info->identity_digest, DIGEST_LEN) &&
-        circ->rend_data &&
+        circ->rend_data) {
        circ->rend_data->rend_desc_version == desc_version) {
      return circ;
    }
  }
@ -1998,8 +1992,7 @@ rend_service_set_connection_addr_port(edge_connection_t *conn,
  base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
                circ->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
  service = rend_service_get_by_pk_digest_and_version(
-                circ->rend_data->rend_pk_digest,
+                circ->rend_data->rend_pk_digest, -1);
                circ->rend_data->rend_desc_version);
  if (!service) {
    log_warn(LD_REND, "Couldn't find any service associated with pk %s on "
             "rendezvous circuit %d; closing.",