arti_client/client.rs
1//! A general interface for Tor client usage.
2//!
3//! To construct a client, run the [`TorClient::create_bootstrapped`] method.
4//! Once the client is bootstrapped, you can make anonymous
5//! connections ("streams") over the Tor network using
6//! [`TorClient::connect`].
7
8#[cfg(feature = "rpc")]
9use {derive_deftly::Deftly, tor_rpcbase::templates::*};
10
11use crate::address::{IntoTorAddr, ResolveInstructions, StreamInstructions};
12
13use crate::config::{
14 ClientAddrConfig, SoftwareStatusOverrideConfig, StreamTimeoutConfig, TorClientConfig,
15};
16use safelog::{sensitive, Sensitive};
17use tor_async_utils::{DropNotifyWatchSender, PostageWatchSenderExt};
18use tor_circmgr::isolation::{Isolation, StreamIsolation};
19use tor_circmgr::{isolation::StreamIsolationBuilder, IsolationToken, TargetPort};
20use tor_config::MutCfg;
21#[cfg(feature = "bridge-client")]
22use tor_dirmgr::bridgedesc::BridgeDescMgr;
23use tor_dirmgr::{DirMgrStore, Timeliness};
24use tor_error::{error_report, internal, Bug};
25use tor_guardmgr::{GuardMgr, RetireCircuits};
26use tor_keymgr::Keystore;
27use tor_memquota::MemoryQuotaTracker;
28use tor_netdir::{params::NetParameters, NetDirProvider};
29#[cfg(feature = "onion-service-service")]
30use tor_persist::state_dir::StateDirectory;
31use tor_persist::{FsStateMgr, StateMgr};
32use tor_proto::circuit::ClientCirc;
33use tor_proto::stream::{DataStream, IpVersionPreference, StreamParameters};
34#[cfg(all(
35 any(feature = "native-tls", feature = "rustls"),
36 any(feature = "async-std", feature = "tokio")
37))]
38use tor_rtcompat::PreferredRuntime;
39use tor_rtcompat::{Runtime, SleepProviderExt};
40#[cfg(feature = "onion-service-client")]
41use {
42 tor_config::BoolOrAuto,
43 tor_hsclient::{HsClientConnector, HsClientDescEncKeypairSpecifier, HsClientSecretKeysBuilder},
44 tor_hscrypto::pk::{HsClientDescEncKey, HsClientDescEncKeypair, HsClientDescEncSecretKey},
45 tor_netdir::DirEvent,
46};
47
48#[cfg(all(feature = "onion-service-service", feature = "experimental-api"))]
49use tor_hsservice::HsIdKeypairSpecifier;
50#[cfg(all(feature = "onion-service-client", feature = "experimental-api"))]
51use {tor_hscrypto::pk::HsId, tor_hscrypto::pk::HsIdKeypair, tor_keymgr::KeystoreSelector};
52
53use tor_keymgr::{config::ArtiKeystoreKind, ArtiNativeKeystore, KeyMgr, KeyMgrBuilder};
54
55#[cfg(feature = "ephemeral-keystore")]
56use tor_keymgr::ArtiEphemeralKeystore;
57
58#[cfg(feature = "ctor-keystore")]
59use tor_keymgr::{CTorClientKeystore, CTorServiceKeystore};
60
61use futures::lock::Mutex as AsyncMutex;
62use futures::task::SpawnExt;
63use futures::StreamExt as _;
64use std::net::IpAddr;
65use std::result::Result as StdResult;
66use std::sync::{Arc, Mutex};
67
68use crate::err::ErrorDetail;
69use crate::{status, util, TorClientBuilder};
70#[cfg(feature = "geoip")]
71use tor_geoip::CountryCode;
72use tor_rtcompat::scheduler::TaskHandle;
73use tracing::{debug, info};
74
75/// An active client session on the Tor network.
76///
77/// While it's running, it will fetch directory information, build
78/// circuits, and make connections for you.
79///
80/// Cloning this object makes a new reference to the same underlying
81/// handles: it's usually better to clone the `TorClient` than it is to
82/// create a new one.
83///
84/// # In the Arti RPC System
85///
86/// An open client on the Tor network.
87///
88/// A `TorClient` can be used to open anonymous connections,
89/// and (eventually) perform other activities.
90///
91/// You can use an `RpcSession` as a `TorClient`, or use the `isolated_client` method
92/// to create a new `TorClient` whose stream will not share circuits with any other Tor client.
93///
94/// This ObjectID for this object can be used as the target of a SOCKS stream.
95// TODO(nickm): This type now has 5 Arcs inside it, and 2 types that have
96// implicit Arcs inside them! maybe it's time to replace much of the insides of
97// this with an Arc<TorClientInner>?
98#[derive(Clone)]
99#[cfg_attr(
100 feature = "rpc",
101 derive(Deftly),
102 derive_deftly(Object),
103 deftly(rpc(expose_outside_of_session))
104)]
105pub struct TorClient<R: Runtime> {
106 /// Asynchronous runtime object.
107 runtime: R,
108 /// Default isolation token for streams through this client.
109 ///
110 /// This is eventually used for `owner_token` in `tor-circmgr/src/usage.rs`, and is orthogonal
111 /// to the `stream_isolation` which comes from `connect_prefs` (or a passed-in `StreamPrefs`).
112 /// (ie, both must be the same to share a circuit).
113 client_isolation: IsolationToken,
114 /// Connection preferences. Starts out as `Default`, Inherited by our clones.
115 connect_prefs: StreamPrefs,
116 /// Memory quota tracker
117 memquota: Arc<MemoryQuotaTracker>,
118 /// Channel manager, used by circuits etc.,
119 ///
120 /// Used directly by client only for reconfiguration.
121 chanmgr: Arc<tor_chanmgr::ChanMgr<R>>,
122 /// Circuit manager for keeping our circuits up to date and building
123 /// them on-demand.
124 circmgr: Arc<tor_circmgr::CircMgr<R>>,
125 /// Directory manager persistent storage.
126 #[cfg_attr(not(feature = "bridge-client"), allow(dead_code))]
127 dirmgr_store: DirMgrStore<R>,
128 /// Directory manager for keeping our directory material up to date.
129 dirmgr: Arc<dyn tor_dirmgr::DirProvider>,
130 /// Bridge descriptor manager
131 ///
132 /// None until we have bootstrapped.
133 ///
134 /// Lock hierarchy: don't acquire this before dormant
135 //
136 // TODO: after or as part of https://gitlab.torproject.org/tpo/core/arti/-/issues/634
137 // this can be bridge_desc_mgr: BridgeDescMgr<R>>
138 // since BridgeDescMgr is Clone and all its methods take `&self` (it has a lock inside)
139 // Or maybe BridgeDescMgr should not be Clone, since we want to make Weaks of it,
140 // which we can't do when the Arc is inside.
141 #[cfg(feature = "bridge-client")]
142 bridge_desc_mgr: Arc<Mutex<Option<Arc<BridgeDescMgr<R>>>>>,
143 /// Pluggable transport manager.
144 #[cfg(feature = "pt-client")]
145 pt_mgr: Arc<tor_ptmgr::PtMgr<R>>,
146 /// HS client connector
147 #[cfg(feature = "onion-service-client")]
148 hsclient: HsClientConnector<R>,
149 /// Circuit pool for providing onion services with circuits.
150 #[cfg(any(feature = "onion-service-client", feature = "onion-service-service"))]
151 hs_circ_pool: Arc<tor_circmgr::hspool::HsCircPool<R>>,
152 /// A handle to this client's [`InertTorClient`].
153 ///
154 /// Used for accessing the key manager and other persistent state.
155 inert_client: InertTorClient,
156 /// Guard manager
157 #[cfg_attr(not(feature = "bridge-client"), allow(dead_code))]
158 guardmgr: GuardMgr<R>,
159 /// Location on disk where we store persistent data containing both location and Mistrust information.
160 ///
161 ///
162 /// This path is configured via `[storage]` in the config but is not used directly as a
163 /// StateDirectory in most places. Instead, its path and Mistrust information are copied
164 /// to subsystems like `dirmgr`, `keymgr`, and `statemgr` during `TorClient` creation.
165 #[cfg(feature = "onion-service-service")]
166 state_directory: StateDirectory,
167 /// Location on disk where we store persistent data (cooked state manager).
168 statemgr: FsStateMgr,
169 /// Client address configuration
170 addrcfg: Arc<MutCfg<ClientAddrConfig>>,
171 /// Client DNS configuration
172 timeoutcfg: Arc<MutCfg<StreamTimeoutConfig>>,
173 /// Software status configuration.
174 software_status_cfg: Arc<MutCfg<SoftwareStatusOverrideConfig>>,
175 /// Mutex used to serialize concurrent attempts to reconfigure a TorClient.
176 ///
177 /// See [`TorClient::reconfigure`] for more information on its use.
178 reconfigure_lock: Arc<Mutex<()>>,
179
180 /// A stream of bootstrap messages that we can clone when a client asks for
181 /// it.
182 ///
183 /// (We don't need to observe this stream ourselves, since it drops each
184 /// unobserved status change when the next status change occurs.)
185 status_receiver: status::BootstrapEvents,
186
187 /// mutex used to prevent two tasks from trying to bootstrap at once.
188 bootstrap_in_progress: Arc<AsyncMutex<()>>,
189
190 /// Whether or not we should call `bootstrap` before doing things that require
191 /// bootstrapping. If this is `false`, we will just call `wait_for_bootstrap`
192 /// instead.
193 should_bootstrap: BootstrapBehavior,
194
195 /// Shared boolean for whether we're currently in "dormant mode" or not.
196 //
197 // The sent value is `Option`, so that `None` is sent when the sender, here,
198 // is dropped,. That shuts down the monitoring task.
199 dormant: Arc<Mutex<DropNotifyWatchSender<Option<DormantMode>>>>,
200
201 /// The path resolver given to us by a [`TorClientConfig`].
202 ///
203 /// We must not add our own variables to it since `TorClientConfig` uses it to perform its own
204 /// path expansions. If we added our own variables, it would introduce an inconsistency where
205 /// paths expanded by the `TorClientConfig` would expand differently than when expanded by us.
206 // This is an Arc so that we can make cheap clones of it.
207 path_resolver: Arc<tor_config_path::CfgPathResolver>,
208}
209
210/// A Tor client that is not runnable.
211///
212/// Can be used to access the state that would be used by a running [`TorClient`].
213///
214/// An `InertTorClient` never connects to the network.
215#[derive(Clone)]
216pub struct InertTorClient {
217 /// The key manager.
218 ///
219 /// This is used for retrieving private keys, certificates, and other sensitive data (for
220 /// example, for retrieving the keys necessary for connecting to hidden services that are
221 /// running in restricted discovery mode).
222 ///
223 /// If this crate is compiled _with_ the `keymgr` feature, [`TorClient`] will use a functional
224 /// key manager implementation.
225 ///
226 /// If this crate is compiled _without_ the `keymgr` feature, then [`TorClient`] will use a
227 /// no-op key manager implementation instead.
228 ///
229 /// See the [`KeyMgr`] documentation for more details.
230 keymgr: Option<Arc<KeyMgr>>,
231}
232
233impl InertTorClient {
234 /// Create an `InertTorClient` from a `TorClientConfig`.
235 pub(crate) fn new(config: &TorClientConfig) -> StdResult<Self, ErrorDetail> {
236 let keymgr = Self::create_keymgr(config)?;
237
238 Ok(Self { keymgr })
239 }
240
241 /// Create a [`KeyMgr`] using the specified configuration.
242 ///
243 /// Returns `Ok(None)` if keystore use is disabled.
244 fn create_keymgr(config: &TorClientConfig) -> StdResult<Option<Arc<KeyMgr>>, ErrorDetail> {
245 let keystore = config.storage.keystore();
246 let permissions = config.storage.permissions();
247 let primary_store: Box<dyn Keystore> = match keystore.primary_kind() {
248 Some(ArtiKeystoreKind::Native) => {
249 let (state_dir, _mistrust) = config.state_dir()?;
250 let key_store_dir = state_dir.join("keystore");
251
252 let native_store =
253 ArtiNativeKeystore::from_path_and_mistrust(&key_store_dir, permissions)?;
254 info!("Using keystore from {key_store_dir:?}");
255
256 Box::new(native_store)
257 }
258 #[cfg(feature = "ephemeral-keystore")]
259 Some(ArtiKeystoreKind::Ephemeral) => {
260 // TODO: make the keystore ID somehow configurable
261 let ephemeral_store: ArtiEphemeralKeystore =
262 ArtiEphemeralKeystore::new("ephemeral".to_string());
263 Box::new(ephemeral_store)
264 }
265 None => {
266 info!("Running without a keystore");
267 return Ok(None);
268 }
269 ty => return Err(internal!("unrecognized keystore type {ty:?}").into()),
270 };
271
272 let mut builder = KeyMgrBuilder::default().primary_store(primary_store);
273
274 #[cfg(feature = "ctor-keystore")]
275 for config in config.storage.keystore().ctor_svc_stores() {
276 let store: Box<dyn Keystore> = Box::new(CTorServiceKeystore::from_path_and_mistrust(
277 config.path(),
278 permissions,
279 config.id().clone(),
280 // TODO: these nicknames should be cross-checked with configured
281 // svc nicknames as part of config validation!!!
282 config.nickname().clone(),
283 )?);
284
285 builder.secondary_stores().push(store);
286 }
287
288 #[cfg(feature = "ctor-keystore")]
289 for config in config.storage.keystore().ctor_client_stores() {
290 let store: Box<dyn Keystore> = Box::new(CTorClientKeystore::from_path_and_mistrust(
291 config.path(),
292 permissions,
293 config.id().clone(),
294 )?);
295
296 builder.secondary_stores().push(store);
297 }
298
299 let keymgr = builder
300 .build()
301 .map_err(|_| internal!("failed to build keymgr"))?;
302 Ok(Some(Arc::new(keymgr)))
303 }
304
305 /// Generate a service discovery keypair for connecting to a hidden service running in
306 /// "restricted discovery" mode.
307 ///
308 /// See [`TorClient::generate_service_discovery_key`].
309 //
310 // TODO: decide whether this should use get_or_generate before making it
311 // non-experimental
312 #[cfg(all(
313 feature = "onion-service-client",
314 feature = "experimental-api",
315 feature = "keymgr"
316 ))]
317 #[cfg_attr(
318 docsrs,
319 doc(cfg(all(
320 feature = "onion-service-client",
321 feature = "experimental-api",
322 feature = "keymgr"
323 )))
324 )]
325 pub fn generate_service_discovery_key(
326 &self,
327 selector: KeystoreSelector,
328 hsid: HsId,
329 ) -> crate::Result<HsClientDescEncKey> {
330 let mut rng = tor_llcrypto::rng::CautiousRng;
331 let spec = HsClientDescEncKeypairSpecifier::new(hsid);
332 let key = self
333 .keymgr
334 .as_ref()
335 .ok_or(ErrorDetail::KeystoreRequired {
336 action: "generate client service discovery key",
337 })?
338 .generate::<HsClientDescEncKeypair>(
339 &spec, selector, &mut rng, false, /* overwrite */
340 )?;
341
342 Ok(key.public().clone())
343 }
344
345 /// Rotate the service discovery keypair for connecting to a hidden service running in
346 /// "restricted discovery" mode.
347 ///
348 /// See [`TorClient::rotate_service_discovery_key`].
349 #[cfg(all(
350 feature = "onion-service-client",
351 feature = "experimental-api",
352 feature = "keymgr"
353 ))]
354 #[cfg_attr(
355 docsrs,
356 doc(cfg(all(
357 feature = "onion-service-client",
358 feature = "experimental-api",
359 feature = "keymgr"
360 )))
361 )]
362 pub fn rotate_service_discovery_key(
363 &self,
364 selector: KeystoreSelector,
365 hsid: HsId,
366 ) -> crate::Result<HsClientDescEncKey> {
367 let mut rng = tor_llcrypto::rng::CautiousRng;
368 let spec = HsClientDescEncKeypairSpecifier::new(hsid);
369 let key = self
370 .keymgr
371 .as_ref()
372 .ok_or(ErrorDetail::KeystoreRequired {
373 action: "rotate client service discovery key",
374 })?
375 .generate::<HsClientDescEncKeypair>(
376 &spec, selector, &mut rng, true, /* overwrite */
377 )?;
378
379 Ok(key.public().clone())
380 }
381
382 /// Insert a service discovery secret key for connecting to a hidden service running in
383 /// "restricted discovery" mode
384 ///
385 /// See [`TorClient::insert_service_discovery_key`].
386 #[cfg(all(
387 feature = "onion-service-client",
388 feature = "experimental-api",
389 feature = "keymgr"
390 ))]
391 #[cfg_attr(
392 docsrs,
393 doc(cfg(all(
394 feature = "onion-service-client",
395 feature = "experimental-api",
396 feature = "keymgr"
397 )))
398 )]
399 pub fn insert_service_discovery_key(
400 &self,
401 selector: KeystoreSelector,
402 hsid: HsId,
403 hs_client_desc_enc_secret_key: HsClientDescEncSecretKey,
404 ) -> crate::Result<HsClientDescEncKey> {
405 let spec = HsClientDescEncKeypairSpecifier::new(hsid);
406 let client_desc_enc_key = HsClientDescEncKey::from(&hs_client_desc_enc_secret_key);
407 let client_desc_enc_keypair =
408 HsClientDescEncKeypair::new(client_desc_enc_key.clone(), hs_client_desc_enc_secret_key);
409 let _key = self
410 .keymgr
411 .as_ref()
412 .ok_or(ErrorDetail::KeystoreRequired {
413 action: "insert client service discovery key",
414 })?
415 .insert::<HsClientDescEncKeypair>(client_desc_enc_keypair, &spec, selector, false)?;
416 Ok(client_desc_enc_key)
417 }
418
419 /// Return the service discovery public key for the service with the specified `hsid`.
420 ///
421 /// See [`TorClient::get_service_discovery_key`].
422 #[cfg(all(feature = "onion-service-client", feature = "experimental-api"))]
423 #[cfg_attr(
424 docsrs,
425 doc(cfg(all(feature = "onion-service-client", feature = "experimental-api")))
426 )]
427 pub fn get_service_discovery_key(
428 &self,
429 hsid: HsId,
430 ) -> crate::Result<Option<HsClientDescEncKey>> {
431 let spec = HsClientDescEncKeypairSpecifier::new(hsid);
432 let key = self
433 .keymgr
434 .as_ref()
435 .ok_or(ErrorDetail::KeystoreRequired {
436 action: "get client service discovery key",
437 })?
438 .get::<HsClientDescEncKeypair>(&spec)?
439 .map(|key| key.public().clone());
440
441 Ok(key)
442 }
443
444 /// Removes the service discovery keypair for the service with the specified `hsid`.
445 ///
446 /// See [`TorClient::remove_service_discovery_key`].
447 #[cfg(all(
448 feature = "onion-service-client",
449 feature = "experimental-api",
450 feature = "keymgr"
451 ))]
452 #[cfg_attr(
453 docsrs,
454 doc(cfg(all(
455 feature = "onion-service-client",
456 feature = "experimental-api",
457 feature = "keymgr"
458 )))
459 )]
460 pub fn remove_service_discovery_key(
461 &self,
462 selector: KeystoreSelector,
463 hsid: HsId,
464 ) -> crate::Result<Option<()>> {
465 let spec = HsClientDescEncKeypairSpecifier::new(hsid);
466 let result = self
467 .keymgr
468 .as_ref()
469 .ok_or(ErrorDetail::KeystoreRequired {
470 action: "remove client service discovery key",
471 })?
472 .remove::<HsClientDescEncKeypair>(&spec, selector)?;
473 match result {
474 Some(_) => Ok(Some(())),
475 None => Ok(None),
476 }
477 }
478
479 /// Getter for keymgr.
480 #[cfg(feature = "onion-service-cli-extra")]
481 pub fn keymgr(&self) -> crate::Result<&KeyMgr> {
482 Ok(self.keymgr.as_ref().ok_or(ErrorDetail::KeystoreRequired {
483 action: "get key manager handle",
484 })?)
485 }
486}
487
488/// Preferences for whether a [`TorClient`] should bootstrap on its own or not.
489#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)]
490#[non_exhaustive]
491pub enum BootstrapBehavior {
492 /// Bootstrap the client automatically when requests are made that require the client to be
493 /// bootstrapped.
494 #[default]
495 OnDemand,
496 /// Make no attempts to automatically bootstrap. [`TorClient::bootstrap`] must be manually
497 /// invoked in order for the [`TorClient`] to become useful.
498 ///
499 /// Attempts to use the client (e.g. by creating connections or resolving hosts over the Tor
500 /// network) before calling [`bootstrap`](TorClient::bootstrap) will fail, and
501 /// return an error that has kind [`ErrorKind::BootstrapRequired`](crate::ErrorKind::BootstrapRequired).
502 Manual,
503}
504
505/// What level of sleep to put a Tor client into.
506#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)]
507#[non_exhaustive]
508pub enum DormantMode {
509 /// The client functions as normal, and background tasks run periodically.
510 #[default]
511 Normal,
512 /// Background tasks are suspended, conserving CPU usage. Attempts to use the client will
513 /// wake it back up again.
514 Soft,
515}
516
517/// Preferences for how to route a stream over the Tor network.
518#[derive(Debug, Default, Clone)]
519pub struct StreamPrefs {
520 /// What kind of IPv6/IPv4 we'd prefer, and how strongly.
521 ip_ver_pref: IpVersionPreference,
522 /// How should we isolate connection(s)?
523 isolation: StreamIsolationPreference,
524 /// Whether to return the stream optimistically.
525 optimistic_stream: bool,
526 // TODO GEOIP Ideally this would be unconditional, with CountryCode maybe being Void
527 // This probably applies in many other places, so probably: git grep 'cfg.*geoip'
528 // and consider each one with a view to making it unconditional. Background:
529 // https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1537#note_2935256
530 // https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1537#note_2942214
531 #[cfg(feature = "geoip")]
532 /// A country to restrict the exit relay's location to.
533 country_code: Option<CountryCode>,
534 /// Whether to try to make connections to onion services.
535 ///
536 /// `Auto` means to use the client configuration.
537 #[cfg(feature = "onion-service-client")]
538 pub(crate) connect_to_onion_services: BoolOrAuto,
539}
540
541/// Record of how we are isolating connections
542#[derive(Debug, Default, Clone)]
543enum StreamIsolationPreference {
544 /// No additional isolation
545 #[default]
546 None,
547 /// Isolation parameter to use for connections
548 Explicit(Box<dyn Isolation>),
549 /// Isolate every connection!
550 EveryStream,
551}
552
553impl From<DormantMode> for tor_chanmgr::Dormancy {
554 fn from(dormant: DormantMode) -> tor_chanmgr::Dormancy {
555 match dormant {
556 DormantMode::Normal => tor_chanmgr::Dormancy::Active,
557 DormantMode::Soft => tor_chanmgr::Dormancy::Dormant,
558 }
559 }
560}
561#[cfg(feature = "bridge-client")]
562impl From<DormantMode> for tor_dirmgr::bridgedesc::Dormancy {
563 fn from(dormant: DormantMode) -> tor_dirmgr::bridgedesc::Dormancy {
564 match dormant {
565 DormantMode::Normal => tor_dirmgr::bridgedesc::Dormancy::Active,
566 DormantMode::Soft => tor_dirmgr::bridgedesc::Dormancy::Dormant,
567 }
568 }
569}
570
571impl StreamPrefs {
572 /// Construct a new StreamPrefs.
573 pub fn new() -> Self {
574 Self::default()
575 }
576
577 /// Indicate that a stream may be made over IPv4 or IPv6, but that
578 /// we'd prefer IPv6.
579 pub fn ipv6_preferred(&mut self) -> &mut Self {
580 self.ip_ver_pref = IpVersionPreference::Ipv6Preferred;
581 self
582 }
583
584 /// Indicate that a stream may only be made over IPv6.
585 ///
586 /// When this option is set, we will only pick exit relays that
587 /// support IPv6, and we will tell them to only give us IPv6
588 /// connections.
589 pub fn ipv6_only(&mut self) -> &mut Self {
590 self.ip_ver_pref = IpVersionPreference::Ipv6Only;
591 self
592 }
593
594 /// Indicate that a stream may be made over IPv4 or IPv6, but that
595 /// we'd prefer IPv4.
596 ///
597 /// This is the default.
598 pub fn ipv4_preferred(&mut self) -> &mut Self {
599 self.ip_ver_pref = IpVersionPreference::Ipv4Preferred;
600 self
601 }
602
603 /// Indicate that a stream may only be made over IPv4.
604 ///
605 /// When this option is set, we will only pick exit relays that
606 /// support IPv4, and we will tell them to only give us IPv4
607 /// connections.
608 pub fn ipv4_only(&mut self) -> &mut Self {
609 self.ip_ver_pref = IpVersionPreference::Ipv4Only;
610 self
611 }
612
613 /// Indicate that a stream should appear to come from the given country.
614 ///
615 /// When this option is set, we will only pick exit relays that
616 /// have an IP address that matches the country in our GeoIP database.
617 #[cfg(feature = "geoip")]
618 #[cfg_attr(docsrs, doc(cfg(feature = "geoip")))]
619 pub fn exit_country(&mut self, country_code: CountryCode) -> &mut Self {
620 self.country_code = Some(country_code);
621 self
622 }
623
624 /// Indicate that we don't care which country a stream appears to come from.
625 ///
626 /// This is available even in the case where GeoIP support is compiled out,
627 /// to make things easier.
628 pub fn any_exit_country(&mut self) -> &mut Self {
629 #[cfg(feature = "geoip")]
630 {
631 self.country_code = None;
632 }
633 self
634 }
635
636 /// Indicate that the stream should be opened "optimistically".
637 ///
638 /// By default, streams are not "optimistic". When you call
639 /// [`TorClient::connect()`], it won't give you a stream until the
640 /// exit node has confirmed that it has successfully opened a
641 /// connection to your target address. It's safer to wait in this
642 /// way, but it is slower: it takes an entire round trip to get
643 /// your confirmation.
644 ///
645 /// If a stream _is_ configured to be "optimistic", on the other
646 /// hand, then `TorClient::connect()` will return the stream
647 /// immediately, without waiting for an answer from the exit. You
648 /// can start sending data on the stream right away, though of
649 /// course this data will be lost if the connection is not
650 /// actually successful.
651 pub fn optimistic(&mut self) -> &mut Self {
652 self.optimistic_stream = true;
653 self
654 }
655
656 /// Return true if this stream has been configured as "optimistic".
657 ///
658 /// See [`StreamPrefs::optimistic`] for more info.
659 pub fn is_optimistic(&self) -> bool {
660 self.optimistic_stream
661 }
662
663 /// Indicate whether connection to a hidden service (`.onion` service) should be allowed
664 ///
665 /// If `Explicit(false)`, attempts to connect to Onion Services will be forced to fail with
666 /// an error of kind [`InvalidStreamTarget`](crate::ErrorKind::InvalidStreamTarget).
667 ///
668 /// If `Explicit(true)`, Onion Service connections are enabled.
669 ///
670 /// If `Auto`, the behaviour depends on the `address_filter.allow_onion_addrs`
671 /// configuration option, which is in turn **disabled** by default.
672 ///
673 /// **Note**: Arti currently lacks the
674 /// "vanguards" feature that Tor uses to prevent guard discovery attacks over time.
675 /// As such, you should probably stick with C Tor if you need to make a large
676 /// number of onion service connections, or if you are using the Tor protocol
677 /// in a way that lets an attacker control how many onion services connections that you make -
678 /// for example, when using Arti's SOCKS support from a web browser such as Tor Browser.
679 #[cfg(feature = "onion-service-client")]
680 pub fn connect_to_onion_services(
681 &mut self,
682 connect_to_onion_services: BoolOrAuto,
683 ) -> &mut Self {
684 self.connect_to_onion_services = connect_to_onion_services;
685 self
686 }
687 /// Return a TargetPort to describe what kind of exit policy our
688 /// target circuit needs to support.
689 fn wrap_target_port(&self, port: u16) -> TargetPort {
690 match self.ip_ver_pref {
691 IpVersionPreference::Ipv6Only => TargetPort::ipv6(port),
692 _ => TargetPort::ipv4(port),
693 }
694 }
695
696 /// Return a new StreamParameters based on this configuration.
697 fn stream_parameters(&self) -> StreamParameters {
698 let mut params = StreamParameters::default();
699 params
700 .ip_version(self.ip_ver_pref)
701 .optimistic(self.optimistic_stream);
702 params
703 }
704
705 /// Indicate that connections with these preferences should have their own isolation group
706 ///
707 /// This is a convenience method which creates a fresh [`IsolationToken`]
708 /// and sets it for these preferences.
709 ///
710 /// This connection preference is orthogonal to isolation established by
711 /// [`TorClient::isolated_client`]. Connections made with an `isolated_client` (and its
712 /// clones) will not share circuits with the original client, even if the same
713 /// `isolation` is specified via the `ConnectionPrefs` in force.
714 pub fn new_isolation_group(&mut self) -> &mut Self {
715 self.isolation = StreamIsolationPreference::Explicit(Box::new(IsolationToken::new()));
716 self
717 }
718
719 /// Indicate which other connections might use the same circuit
720 /// as this one.
721 ///
722 /// By default all connections made on all clones of a `TorClient` may share connections.
723 /// Connections made with a particular `isolation` may share circuits with each other.
724 ///
725 /// This connection preference is orthogonal to isolation established by
726 /// [`TorClient::isolated_client`]. Connections made with an `isolated_client` (and its
727 /// clones) will not share circuits with the original client, even if the same
728 /// `isolation` is specified via the `ConnectionPrefs` in force.
729 pub fn set_isolation<T>(&mut self, isolation: T) -> &mut Self
730 where
731 T: Into<Box<dyn Isolation>>,
732 {
733 self.isolation = StreamIsolationPreference::Explicit(isolation.into());
734 self
735 }
736
737 /// Indicate that no connection should share a circuit with any other.
738 ///
739 /// **Use with care:** This is likely to have poor performance, and imposes a much greater load
740 /// on the Tor network. Use this option only to make small numbers of connections each of
741 /// which needs to be isolated from all other connections.
742 ///
743 /// (Don't just use this as a "get more privacy!!" method: the circuits
744 /// that it put connections on will have no more privacy than any other
745 /// circuits. The only benefit is that these circuits will not be shared
746 /// by multiple streams.)
747 ///
748 /// This can be undone by calling `set_isolation` or `new_isolation_group` on these
749 /// preferences.
750 pub fn isolate_every_stream(&mut self) -> &mut Self {
751 self.isolation = StreamIsolationPreference::EveryStream;
752 self
753 }
754
755 /// Return an [`Isolation`] which separates according to these `StreamPrefs` (only)
756 ///
757 /// This describes which connections or operations might use
758 /// the same circuit(s) as this one.
759 ///
760 /// Since this doesn't have access to the `TorClient`,
761 /// it doesn't separate streams which ought to be separated because of
762 /// the way their `TorClient`s are isolated.
763 /// For that, use [`TorClient::isolation`].
764 fn prefs_isolation(&self) -> Option<Box<dyn Isolation>> {
765 use StreamIsolationPreference as SIP;
766 match self.isolation {
767 SIP::None => None,
768 SIP::Explicit(ref ig) => Some(ig.clone()),
769 SIP::EveryStream => Some(Box::new(IsolationToken::new())),
770 }
771 }
772
773 // TODO: Add some way to be IPFlexible, and require exit to support both.
774}
775
776#[cfg(all(
777 any(feature = "native-tls", feature = "rustls"),
778 any(feature = "async-std", feature = "tokio")
779))]
780impl TorClient<PreferredRuntime> {
781 /// Bootstrap a connection to the Tor network, using the provided `config`.
782 ///
783 /// Returns a client once there is enough directory material to
784 /// connect safely over the Tor network.
785 ///
786 /// Consider using [`TorClient::builder`] for more fine-grained control.
787 ///
788 /// # Panics
789 ///
790 /// If Tokio is being used (the default), panics if created outside the context of a currently
791 /// running Tokio runtime. See the documentation for [`PreferredRuntime::current`] for
792 /// more information.
793 ///
794 /// If using `async-std`, either take care to ensure Arti is not compiled with Tokio support,
795 /// or manually create an `async-std` runtime using [`tor_rtcompat`] and use it with
796 /// [`TorClient::with_runtime`].
797 ///
798 /// # Do not fork
799 ///
800 /// The process [**may not fork**](tor_rtcompat#do-not-fork)
801 /// (except, very carefully, before exec)
802 /// after calling this function, because it creates a [`PreferredRuntime`].
803 pub async fn create_bootstrapped(config: TorClientConfig) -> crate::Result<Self> {
804 let runtime = PreferredRuntime::current()
805 .expect("TorClient could not get an asynchronous runtime; are you running in the right context?");
806
807 Self::with_runtime(runtime)
808 .config(config)
809 .create_bootstrapped()
810 .await
811 }
812
813 /// Return a new builder for creating TorClient objects.
814 ///
815 /// If you want to make a [`TorClient`] synchronously, this is what you want; call
816 /// `TorClientBuilder::create_unbootstrapped` on the returned builder.
817 ///
818 /// # Panics
819 ///
820 /// If Tokio is being used (the default), panics if created outside the context of a currently
821 /// running Tokio runtime. See the documentation for `tokio::runtime::Handle::current` for
822 /// more information.
823 ///
824 /// If using `async-std`, either take care to ensure Arti is not compiled with Tokio support,
825 /// or manually create an `async-std` runtime using [`tor_rtcompat`] and use it with
826 /// [`TorClient::with_runtime`].
827 ///
828 /// # Do not fork
829 ///
830 /// The process [**may not fork**](tor_rtcompat#do-not-fork)
831 /// (except, very carefully, before exec)
832 /// after calling this function, because it creates a [`PreferredRuntime`].
833 pub fn builder() -> TorClientBuilder<PreferredRuntime> {
834 let runtime = PreferredRuntime::current()
835 .expect("TorClient could not get an asynchronous runtime; are you running in the right context?");
836
837 TorClientBuilder::new(runtime)
838 }
839}
840
841impl<R: Runtime> TorClient<R> {
842 /// Return a new builder for creating TorClient objects, with a custom provided [`Runtime`].
843 ///
844 /// See the [`tor_rtcompat`] crate for more information on custom runtimes.
845 pub fn with_runtime(runtime: R) -> TorClientBuilder<R> {
846 TorClientBuilder::new(runtime)
847 }
848
849 /// Implementation of `create_unbootstrapped`, split out in order to avoid manually specifying
850 /// double error conversions.
851 pub(crate) fn create_inner(
852 runtime: R,
853 config: &TorClientConfig,
854 autobootstrap: BootstrapBehavior,
855 dirmgr_builder: &dyn crate::builder::DirProviderBuilder<R>,
856 dirmgr_extensions: tor_dirmgr::config::DirMgrExtensions,
857 ) -> StdResult<Self, ErrorDetail> {
858 if crate::util::running_as_setuid() {
859 return Err(tor_error::bad_api_usage!(
860 "Arti does not support running in a setuid or setgid context."
861 )
862 .into());
863 }
864
865 let memquota = MemoryQuotaTracker::new(&runtime, config.system.memory.clone())?;
866
867 let path_resolver = Arc::new(config.path_resolver.clone());
868
869 let (state_dir, mistrust) = config.state_dir()?;
870 #[cfg(feature = "onion-service-service")]
871 let state_directory =
872 StateDirectory::new(&state_dir, mistrust).map_err(ErrorDetail::StateAccess)?;
873
874 let dormant = DormantMode::Normal;
875 let dir_cfg = {
876 let mut c: tor_dirmgr::DirMgrConfig = config.dir_mgr_config()?;
877 c.extensions = dirmgr_extensions;
878 c
879 };
880 let statemgr = FsStateMgr::from_path_and_mistrust(&state_dir, mistrust)
881 .map_err(ErrorDetail::StateMgrSetup)?;
882 // Try to take state ownership early, so we'll know if we have it.
883 // (At this point we don't yet care if we have it.)
884 let _ignore_status = statemgr.try_lock().map_err(ErrorDetail::StateMgrSetup)?;
885
886 let addr_cfg = config.address_filter.clone();
887
888 let (status_sender, status_receiver) = postage::watch::channel();
889 let status_receiver = status::BootstrapEvents {
890 inner: status_receiver,
891 };
892 let chanmgr = Arc::new(tor_chanmgr::ChanMgr::new(
893 runtime.clone(),
894 &config.channel,
895 dormant.into(),
896 &NetParameters::from_map(&config.override_net_params),
897 memquota.clone(),
898 ));
899 let guardmgr = tor_guardmgr::GuardMgr::new(runtime.clone(), statemgr.clone(), config)
900 .map_err(ErrorDetail::GuardMgrSetup)?;
901
902 #[cfg(feature = "pt-client")]
903 let pt_mgr = {
904 let pt_state_dir = state_dir.as_path().join("pt_state");
905 config.storage.permissions().make_directory(&pt_state_dir)?;
906
907 let mgr = Arc::new(tor_ptmgr::PtMgr::new(
908 config.bridges.transports.clone(),
909 pt_state_dir,
910 Arc::clone(&path_resolver),
911 runtime.clone(),
912 )?);
913
914 chanmgr.set_pt_mgr(mgr.clone());
915
916 mgr
917 };
918
919 let circmgr = Arc::new(
920 tor_circmgr::CircMgr::new(
921 config,
922 statemgr.clone(),
923 &runtime,
924 Arc::clone(&chanmgr),
925 &guardmgr,
926 )
927 .map_err(ErrorDetail::CircMgrSetup)?,
928 );
929
930 let timeout_cfg = config.stream_timeouts.clone();
931
932 let dirmgr_store =
933 DirMgrStore::new(&dir_cfg, runtime.clone(), false).map_err(ErrorDetail::DirMgrSetup)?;
934 let dirmgr = dirmgr_builder
935 .build(
936 runtime.clone(),
937 dirmgr_store.clone(),
938 Arc::clone(&circmgr),
939 dir_cfg,
940 )
941 .map_err(crate::Error::into_detail)?;
942
943 let software_status_cfg = Arc::new(MutCfg::new(config.use_obsolete_software.clone()));
944 let rtclone = runtime.clone();
945 #[allow(clippy::print_stderr)]
946 crate::protostatus::enforce_protocol_recommendations(
947 &runtime,
948 Arc::clone(&dirmgr),
949 crate::software_release_date(),
950 crate::supported_protocols(),
951 Arc::clone(&software_status_cfg),
952 // TODO #1932: It would be nice to have a cleaner shutdown mechanism here,
953 // but that will take some work.
954 |fatal| async move {
955 use tor_error::ErrorReport as _;
956 // We already logged this error, but let's tell stderr too.
957 eprintln!(
958 "Shutting down because of unsupported software version.\nError was:\n{}",
959 fatal.report(),
960 );
961 if let Some(hint) = crate::err::Error::from(fatal).hint() {
962 eprintln!("{}", hint);
963 }
964 // Give the tracing module a while to flush everything, since it has no built-in
965 // flush function.
966 rtclone.sleep(std::time::Duration::new(5, 0)).await;
967 std::process::exit(1);
968 },
969 )?;
970
971 let mut periodic_task_handles = circmgr
972 .launch_background_tasks(&runtime, &dirmgr, statemgr.clone())
973 .map_err(ErrorDetail::CircMgrSetup)?;
974 periodic_task_handles.extend(dirmgr.download_task_handle());
975
976 periodic_task_handles.extend(
977 chanmgr
978 .launch_background_tasks(&runtime, dirmgr.clone().upcast_arc())
979 .map_err(ErrorDetail::ChanMgrSetup)?,
980 );
981
982 let (dormant_send, dormant_recv) = postage::watch::channel_with(Some(dormant));
983 let dormant_send = DropNotifyWatchSender::new(dormant_send);
984 #[cfg(feature = "bridge-client")]
985 let bridge_desc_mgr = Arc::new(Mutex::new(None));
986
987 #[cfg(any(feature = "onion-service-client", feature = "onion-service-service"))]
988 let hs_circ_pool = {
989 let circpool = Arc::new(tor_circmgr::hspool::HsCircPool::new(&circmgr));
990 circpool
991 .launch_background_tasks(&runtime, &dirmgr.clone().upcast_arc())
992 .map_err(ErrorDetail::CircMgrSetup)?;
993 circpool
994 };
995
996 #[cfg(feature = "onion-service-client")]
997 let hsclient = {
998 // Prompt the hs connector to do its data housekeeping when we get a new consensus.
999 // That's a time we're doing a bunch of thinking anyway, and it's not very frequent.
1000 let housekeeping = dirmgr.events().filter_map(|event| async move {
1001 match event {
1002 DirEvent::NewConsensus => Some(()),
1003 _ => None,
1004 }
1005 });
1006 let housekeeping = Box::pin(housekeeping);
1007
1008 HsClientConnector::new(runtime.clone(), hs_circ_pool.clone(), config, housekeeping)?
1009 };
1010
1011 runtime
1012 .spawn(tasks_monitor_dormant(
1013 dormant_recv,
1014 dirmgr.clone().upcast_arc(),
1015 chanmgr.clone(),
1016 #[cfg(feature = "bridge-client")]
1017 bridge_desc_mgr.clone(),
1018 periodic_task_handles,
1019 ))
1020 .map_err(|e| ErrorDetail::from_spawn("periodic task dormant monitor", e))?;
1021
1022 let conn_status = chanmgr.bootstrap_events();
1023 let dir_status = dirmgr.bootstrap_events();
1024 let skew_status = circmgr.skew_events();
1025 runtime
1026 .spawn(status::report_status(
1027 status_sender,
1028 conn_status,
1029 dir_status,
1030 skew_status,
1031 ))
1032 .map_err(|e| ErrorDetail::from_spawn("top-level status reporter", e))?;
1033
1034 let client_isolation = IsolationToken::new();
1035 let inert_client = InertTorClient::new(config)?;
1036
1037 Ok(TorClient {
1038 runtime,
1039 client_isolation,
1040 connect_prefs: Default::default(),
1041 memquota,
1042 chanmgr,
1043 circmgr,
1044 dirmgr_store,
1045 dirmgr,
1046 #[cfg(feature = "bridge-client")]
1047 bridge_desc_mgr,
1048 #[cfg(feature = "pt-client")]
1049 pt_mgr,
1050 #[cfg(feature = "onion-service-client")]
1051 hsclient,
1052 #[cfg(any(feature = "onion-service-client", feature = "onion-service-service"))]
1053 hs_circ_pool,
1054 inert_client,
1055 guardmgr,
1056 statemgr,
1057 addrcfg: Arc::new(addr_cfg.into()),
1058 timeoutcfg: Arc::new(timeout_cfg.into()),
1059 reconfigure_lock: Arc::new(Mutex::new(())),
1060 status_receiver,
1061 bootstrap_in_progress: Arc::new(AsyncMutex::new(())),
1062 should_bootstrap: autobootstrap,
1063 dormant: Arc::new(Mutex::new(dormant_send)),
1064 #[cfg(feature = "onion-service-service")]
1065 state_directory,
1066 path_resolver,
1067 software_status_cfg,
1068 })
1069 }
1070
1071 /// Bootstrap a connection to the Tor network, with a client created by `create_unbootstrapped`.
1072 ///
1073 /// Since cloned copies of a `TorClient` share internal state, you can bootstrap a client by
1074 /// cloning it and running this function in a background task (or similar). This function
1075 /// only needs to be called on one client in order to bootstrap all of its clones.
1076 ///
1077 /// Returns once there is enough directory material to connect safely over the Tor network.
1078 /// If the client or one of its clones has already been bootstrapped, returns immediately with
1079 /// success. If a bootstrap is in progress, waits for it to finish, then retries it if it
1080 /// failed (returning success if it succeeded).
1081 ///
1082 /// Bootstrap progress can be tracked by listening to the event receiver returned by
1083 /// [`bootstrap_events`](TorClient::bootstrap_events).
1084 ///
1085 /// # Failures
1086 ///
1087 /// If the bootstrapping process fails, returns an error. This function can safely be called
1088 /// again later to attempt to bootstrap another time.
1089 pub async fn bootstrap(&self) -> crate::Result<()> {
1090 self.bootstrap_inner().await.map_err(ErrorDetail::into)
1091 }
1092
1093 /// Implementation of `bootstrap`, split out in order to avoid manually specifying
1094 /// double error conversions.
1095 async fn bootstrap_inner(&self) -> StdResult<(), ErrorDetail> {
1096 // Make sure we have a bridge descriptor manager, which is active iff required
1097 #[cfg(feature = "bridge-client")]
1098 {
1099 let mut dormant = self.dormant.lock().expect("dormant lock poisoned");
1100 let dormant = dormant.borrow();
1101 let dormant = dormant.ok_or_else(|| internal!("dormant dropped"))?.into();
1102
1103 let mut bdm = self.bridge_desc_mgr.lock().expect("bdm lock poisoned");
1104 if bdm.is_none() {
1105 let new_bdm = Arc::new(BridgeDescMgr::new(
1106 &Default::default(),
1107 self.runtime.clone(),
1108 self.dirmgr_store.clone(),
1109 self.circmgr.clone(),
1110 dormant,
1111 )?);
1112 self.guardmgr
1113 .install_bridge_desc_provider(&(new_bdm.clone() as _))
1114 .map_err(ErrorDetail::GuardMgrSetup)?;
1115 // If ^ that fails, we drop the BridgeDescMgr again. It may do some
1116 // work but will hopefully eventually quit.
1117 *bdm = Some(new_bdm);
1118 }
1119 }
1120
1121 // Wait for an existing bootstrap attempt to finish first.
1122 //
1123 // This is a futures::lock::Mutex, so it's okay to await while we hold it.
1124 let _bootstrap_lock = self.bootstrap_in_progress.lock().await;
1125
1126 if self
1127 .statemgr
1128 .try_lock()
1129 .map_err(ErrorDetail::StateAccess)?
1130 .held()
1131 {
1132 debug!("It appears we have the lock on our state files.");
1133 } else {
1134 info!(
1135 "Another process has the lock on our state files. We'll proceed in read-only mode."
1136 );
1137 }
1138
1139 // If we fail to bootstrap (i.e. we return before the disarm() point below), attempt to
1140 // unlock the state files.
1141 let unlock_guard = util::StateMgrUnlockGuard::new(&self.statemgr);
1142
1143 self.dirmgr
1144 .bootstrap()
1145 .await
1146 .map_err(ErrorDetail::DirMgrBootstrap)?;
1147
1148 // Since we succeeded, disarm the unlock guard.
1149 unlock_guard.disarm();
1150
1151 Ok(())
1152 }
1153
1154 /// ## For `BootstrapBehavior::OnDemand` clients
1155 ///
1156 /// Initiate a bootstrap by calling `bootstrap` (which is idempotent, so attempts to
1157 /// bootstrap twice will just do nothing).
1158 ///
1159 /// ## For `BootstrapBehavior::Manual` clients
1160 ///
1161 /// Check whether a bootstrap is in progress; if one is, wait until it finishes
1162 /// and then return. (Otherwise, return immediately.)
1163 async fn wait_for_bootstrap(&self) -> StdResult<(), ErrorDetail> {
1164 match self.should_bootstrap {
1165 BootstrapBehavior::OnDemand => {
1166 self.bootstrap_inner().await?;
1167 }
1168 BootstrapBehavior::Manual => {
1169 // Grab the lock, and immediately release it. That will ensure that nobody else is trying to bootstrap.
1170 self.bootstrap_in_progress.lock().await;
1171 }
1172 }
1173 self.dormant
1174 .lock()
1175 .map_err(|_| internal!("dormant poisoned"))?
1176 .try_maybe_send(|dormant| {
1177 Ok::<_, Bug>(Some({
1178 match dormant.ok_or_else(|| internal!("dormant dropped"))? {
1179 DormantMode::Soft => DormantMode::Normal,
1180 other @ DormantMode::Normal => other,
1181 }
1182 }))
1183 })?;
1184 Ok(())
1185 }
1186
1187 /// Change the configuration of this TorClient to `new_config`.
1188 ///
1189 /// The `how` describes whether to perform an all-or-nothing
1190 /// reconfiguration: either all of the configuration changes will be
1191 /// applied, or none will. If you have disabled all-or-nothing changes, then
1192 /// only fatal errors will be reported in this function's return value.
1193 ///
1194 /// This function applies its changes to **all** TorClient instances derived
1195 /// from the same call to `TorClient::create_*`: even ones whose circuits
1196 /// are isolated from this handle.
1197 ///
1198 /// # Limitations
1199 ///
1200 /// Although most options are reconfigurable, there are some whose values
1201 /// can't be changed on an a running TorClient. Those options (or their
1202 /// sections) are explicitly documented not to be changeable.
1203 /// NOTE: Currently, not all of these non-reconfigurable options are
1204 /// documented. See [arti#1721][arti-1721].
1205 ///
1206 /// [arti-1721]: https://gitlab.torproject.org/tpo/core/arti/-/issues/1721
1207 ///
1208 /// Changing some options do not take effect immediately on all open streams
1209 /// and circuits, but rather affect only future streams and circuits. Those
1210 /// are also explicitly documented.
1211 pub fn reconfigure(
1212 &self,
1213 new_config: &TorClientConfig,
1214 how: tor_config::Reconfigure,
1215 ) -> crate::Result<()> {
1216 // We need to hold this lock while we're reconfiguring the client: even
1217 // though the individual fields have their own synchronization, we can't
1218 // safely let two threads change them at once. If we did, then we'd
1219 // introduce time-of-check/time-of-use bugs in checking our configuration,
1220 // deciding how to change it, then applying the changes.
1221 let guard = self.reconfigure_lock.lock().expect("Poisoned lock");
1222
1223 match how {
1224 tor_config::Reconfigure::AllOrNothing => {
1225 // We have to check before we make any changes.
1226 self.reconfigure_inner(
1227 new_config,
1228 tor_config::Reconfigure::CheckAllOrNothing,
1229 &guard,
1230 )?;
1231 }
1232 tor_config::Reconfigure::CheckAllOrNothing => {}
1233 tor_config::Reconfigure::WarnOnFailures => {}
1234 _ => {}
1235 }
1236
1237 // Actually reconfigure
1238 self.reconfigure_inner(new_config, how, &guard)?;
1239
1240 Ok(())
1241 }
1242
1243 /// This is split out from `reconfigure` so we can do the all-or-nothing
1244 /// check without recursion. the caller to this method must hold the
1245 /// `reconfigure_lock`.
1246 fn reconfigure_inner(
1247 &self,
1248 new_config: &TorClientConfig,
1249 how: tor_config::Reconfigure,
1250 _reconfigure_lock_guard: &std::sync::MutexGuard<'_, ()>,
1251 ) -> crate::Result<()> {
1252 // We ignore 'new_config.path_resolver' here since CfgPathResolver does not impl PartialEq
1253 // and we have no way to compare them, but this field is explicitly documented as being
1254 // non-reconfigurable anyways.
1255
1256 let dir_cfg = new_config.dir_mgr_config().map_err(wrap_err)?;
1257 let state_cfg = new_config
1258 .storage
1259 .expand_state_dir(&self.path_resolver)
1260 .map_err(wrap_err)?;
1261 let addr_cfg = &new_config.address_filter;
1262 let timeout_cfg = &new_config.stream_timeouts;
1263
1264 if state_cfg != self.statemgr.path() {
1265 how.cannot_change("storage.state_dir").map_err(wrap_err)?;
1266 }
1267
1268 self.memquota
1269 .reconfigure(new_config.system.memory.clone(), how)
1270 .map_err(wrap_err)?;
1271
1272 let retire_circuits = self
1273 .circmgr
1274 .reconfigure(new_config, how)
1275 .map_err(wrap_err)?;
1276
1277 #[cfg(any(feature = "onion-service-client", feature = "onion-service-service"))]
1278 if retire_circuits != RetireCircuits::None {
1279 self.hs_circ_pool.retire_all_circuits().map_err(wrap_err)?;
1280 }
1281
1282 self.dirmgr.reconfigure(&dir_cfg, how).map_err(wrap_err)?;
1283
1284 let netparams = self.dirmgr.params();
1285
1286 self.chanmgr
1287 .reconfigure(&new_config.channel, how, netparams)
1288 .map_err(wrap_err)?;
1289
1290 #[cfg(feature = "pt-client")]
1291 self.pt_mgr
1292 .reconfigure(how, new_config.bridges.transports.clone())
1293 .map_err(wrap_err)?;
1294
1295 if how == tor_config::Reconfigure::CheckAllOrNothing {
1296 return Ok(());
1297 }
1298
1299 self.addrcfg.replace(addr_cfg.clone());
1300 self.timeoutcfg.replace(timeout_cfg.clone());
1301 self.software_status_cfg
1302 .replace(new_config.use_obsolete_software.clone());
1303
1304 Ok(())
1305 }
1306
1307 /// Return a new isolated `TorClient` handle.
1308 ///
1309 /// The two `TorClient`s will share internal state and configuration, but
1310 /// their streams will never share circuits with one another.
1311 ///
1312 /// Use this function when you want separate parts of your program to
1313 /// each have a TorClient handle, but where you don't want their
1314 /// activities to be linkable to one another over the Tor network.
1315 ///
1316 /// Calling this function is usually preferable to creating a
1317 /// completely separate TorClient instance, since it can share its
1318 /// internals with the existing `TorClient`.
1319 ///
1320 /// (Connections made with clones of the returned `TorClient` may
1321 /// share circuits with each other.)
1322 #[must_use]
1323 pub fn isolated_client(&self) -> TorClient<R> {
1324 let mut result = self.clone();
1325 result.client_isolation = IsolationToken::new();
1326 result
1327 }
1328
1329 /// Launch an anonymized connection to the provided address and port over
1330 /// the Tor network.
1331 ///
1332 /// Note that because Tor prefers to do DNS resolution on the remote side of
1333 /// the network, this function takes its address as a string:
1334 ///
1335 /// ```no_run
1336 /// # use arti_client::*;use tor_rtcompat::Runtime;
1337 /// # async fn ex<R:Runtime>(tor_client: TorClient<R>) -> Result<()> {
1338 /// // The most usual way to connect is via an address-port tuple.
1339 /// let socket = tor_client.connect(("www.example.com", 443)).await?;
1340 ///
1341 /// // You can also specify an address and port as a colon-separated string.
1342 /// let socket = tor_client.connect("www.example.com:443").await?;
1343 /// # Ok(())
1344 /// # }
1345 /// ```
1346 ///
1347 /// Hostnames are _strongly_ preferred here: if this function allowed the
1348 /// caller here to provide an IPAddr or [`IpAddr`] or
1349 /// [`SocketAddr`](std::net::SocketAddr) address, then
1350 ///
1351 /// ```no_run
1352 /// # use arti_client::*; use tor_rtcompat::Runtime;
1353 /// # async fn ex<R:Runtime>(tor_client: TorClient<R>) -> Result<()> {
1354 /// # use std::net::ToSocketAddrs;
1355 /// // BAD: We're about to leak our target address to the local resolver!
1356 /// let address = "www.example.com:443".to_socket_addrs().unwrap().next().unwrap();
1357 /// // 🤯 Oh no! Now any eavesdropper can tell where we're about to connect! 🤯
1358 ///
1359 /// // Fortunately, this won't compile, since SocketAddr doesn't implement IntoTorAddr.
1360 /// // let socket = tor_client.connect(address).await?;
1361 /// // ^^^^^^^ the trait `IntoTorAddr` is not implemented for `std::net::SocketAddr`
1362 /// # Ok(())
1363 /// # }
1364 /// ```
1365 ///
1366 /// If you really do need to connect to an IP address rather than a
1367 /// hostname, and if you're **sure** that the IP address came from a safe
1368 /// location, there are a few ways to do so.
1369 ///
1370 /// ```no_run
1371 /// # use arti_client::{TorClient,Result};use tor_rtcompat::Runtime;
1372 /// # use std::net::{SocketAddr,IpAddr};
1373 /// # async fn ex<R:Runtime>(tor_client: TorClient<R>) -> Result<()> {
1374 /// # use std::net::ToSocketAddrs;
1375 /// // ⚠️This is risky code!⚠️
1376 /// // (Make sure your addresses came from somewhere safe...)
1377 ///
1378 /// // If we have a fixed address, we can just provide it as a string.
1379 /// let socket = tor_client.connect("192.0.2.22:443").await?;
1380 /// let socket = tor_client.connect(("192.0.2.22", 443)).await?;
1381 ///
1382 /// // If we have a SocketAddr or an IpAddr, we can use the
1383 /// // DangerouslyIntoTorAddr trait.
1384 /// use arti_client::DangerouslyIntoTorAddr;
1385 /// let sockaddr = SocketAddr::from(([192, 0, 2, 22], 443));
1386 /// let ipaddr = IpAddr::from([192, 0, 2, 22]);
1387 /// let socket = tor_client.connect(sockaddr.into_tor_addr_dangerously().unwrap()).await?;
1388 /// let socket = tor_client.connect((ipaddr, 443).into_tor_addr_dangerously().unwrap()).await?;
1389 /// # Ok(())
1390 /// # }
1391 /// ```
1392 pub async fn connect<A: IntoTorAddr>(&self, target: A) -> crate::Result<DataStream> {
1393 self.connect_with_prefs(target, &self.connect_prefs).await
1394 }
1395
1396 /// Launch an anonymized connection to the provided address and
1397 /// port over the Tor network, with explicit connection preferences.
1398 ///
1399 /// Note that because Tor prefers to do DNS resolution on the remote
1400 /// side of the network, this function takes its address as a string.
1401 /// (See [`TorClient::connect()`] for more information.)
1402 pub async fn connect_with_prefs<A: IntoTorAddr>(
1403 &self,
1404 target: A,
1405 prefs: &StreamPrefs,
1406 ) -> crate::Result<DataStream> {
1407 let addr = target.into_tor_addr().map_err(wrap_err)?;
1408 let mut stream_parameters = prefs.stream_parameters();
1409
1410 let (circ, addr, port) = match addr.into_stream_instructions(&self.addrcfg.get(), prefs)? {
1411 StreamInstructions::Exit {
1412 hostname: addr,
1413 port,
1414 } => {
1415 let exit_ports = [prefs.wrap_target_port(port)];
1416 let circ = self
1417 .get_or_launch_exit_circ(&exit_ports, prefs)
1418 .await
1419 .map_err(wrap_err)?;
1420 debug!("Got a circuit for {}:{}", sensitive(&addr), port);
1421 (circ, addr, port)
1422 }
1423
1424 #[cfg(not(feature = "onion-service-client"))]
1425 #[allow(unused_variables)] // for hostname and port
1426 StreamInstructions::Hs {
1427 hsid,
1428 hostname,
1429 port,
1430 } => void::unreachable(hsid.0),
1431
1432 #[cfg(feature = "onion-service-client")]
1433 StreamInstructions::Hs {
1434 hsid,
1435 hostname,
1436 port,
1437 } => {
1438 self.wait_for_bootstrap().await?;
1439 let netdir = self.netdir(Timeliness::Timely, "connect to a hidden service")?;
1440
1441 let mut hs_client_secret_keys_builder = HsClientSecretKeysBuilder::default();
1442
1443 if let Some(keymgr) = &self.inert_client.keymgr {
1444 let desc_enc_key_spec = HsClientDescEncKeypairSpecifier::new(hsid);
1445
1446 let ks_hsc_desc_enc =
1447 keymgr.get::<HsClientDescEncKeypair>(&desc_enc_key_spec)?;
1448
1449 if let Some(ks_hsc_desc_enc) = ks_hsc_desc_enc {
1450 debug!("Found descriptor decryption key for {hsid}");
1451 hs_client_secret_keys_builder.ks_hsc_desc_enc(ks_hsc_desc_enc);
1452 }
1453 };
1454
1455 let hs_client_secret_keys = hs_client_secret_keys_builder
1456 .build()
1457 .map_err(ErrorDetail::Configuration)?;
1458
1459 let circ = self
1460 .hsclient
1461 .get_or_launch_circuit(
1462 &netdir,
1463 hsid,
1464 hs_client_secret_keys,
1465 self.isolation(prefs),
1466 )
1467 .await
1468 .map_err(|cause| ErrorDetail::ObtainHsCircuit {
1469 cause,
1470 hsid: hsid.into(),
1471 })?;
1472 // On connections to onion services, we have to suppress
1473 // everything except the port from the BEGIN message. We also
1474 // disable optimistic data.
1475 stream_parameters
1476 .suppress_hostname()
1477 .suppress_begin_flags()
1478 .optimistic(false);
1479 (circ, hostname, port)
1480 }
1481 };
1482
1483 let stream_future = circ.begin_stream(&addr, port, Some(stream_parameters));
1484 // This timeout is needless but harmless for optimistic streams.
1485 let stream = self
1486 .runtime
1487 .timeout(self.timeoutcfg.get().connect_timeout, stream_future)
1488 .await
1489 .map_err(|_| ErrorDetail::ExitTimeout)?
1490 .map_err(|cause| ErrorDetail::StreamFailed {
1491 cause,
1492 kind: "data",
1493 })?;
1494
1495 Ok(stream)
1496 }
1497
1498 /// Sets the default preferences for future connections made with this client.
1499 ///
1500 /// The preferences set with this function will be inherited by clones of this client, but
1501 /// updates to the preferences in those clones will not propagate back to the original. I.e.,
1502 /// the preferences are copied by `clone`.
1503 ///
1504 /// Connection preferences always override configuration, even configuration set later
1505 /// (eg, by a config reload).
1506 pub fn set_stream_prefs(&mut self, connect_prefs: StreamPrefs) {
1507 self.connect_prefs = connect_prefs;
1508 }
1509
1510 /// Provides a new handle on this client, but with adjusted default preferences.
1511 ///
1512 /// Connections made with e.g. [`connect`](TorClient::connect) on the returned handle will use
1513 /// `connect_prefs`. This is a convenience wrapper for `clone` and `set_connect_prefs`.
1514 #[must_use]
1515 pub fn clone_with_prefs(&self, connect_prefs: StreamPrefs) -> Self {
1516 let mut result = self.clone();
1517 result.set_stream_prefs(connect_prefs);
1518 result
1519 }
1520
1521 /// On success, return a list of IP addresses.
1522 pub async fn resolve(&self, hostname: &str) -> crate::Result<Vec<IpAddr>> {
1523 self.resolve_with_prefs(hostname, &self.connect_prefs).await
1524 }
1525
1526 /// On success, return a list of IP addresses, but use prefs.
1527 pub async fn resolve_with_prefs(
1528 &self,
1529 hostname: &str,
1530 prefs: &StreamPrefs,
1531 ) -> crate::Result<Vec<IpAddr>> {
1532 // TODO This dummy port is only because `address::Host` is not pub(crate),
1533 // but I see no reason why it shouldn't be? Then `into_resolve_instructions`
1534 // should be a method on `Host`, not `TorAddr`. -Diziet.
1535 let addr = (hostname, 1).into_tor_addr().map_err(wrap_err)?;
1536
1537 match addr.into_resolve_instructions(&self.addrcfg.get(), prefs)? {
1538 ResolveInstructions::Exit(hostname) => {
1539 let circ = self.get_or_launch_exit_circ(&[], prefs).await?;
1540
1541 let resolve_future = circ.resolve(&hostname);
1542 let addrs = self
1543 .runtime
1544 .timeout(self.timeoutcfg.get().resolve_timeout, resolve_future)
1545 .await
1546 .map_err(|_| ErrorDetail::ExitTimeout)?
1547 .map_err(|cause| ErrorDetail::StreamFailed {
1548 cause,
1549 kind: "DNS lookup",
1550 })?;
1551
1552 Ok(addrs)
1553 }
1554 ResolveInstructions::Return(addrs) => Ok(addrs),
1555 }
1556 }
1557
1558 /// Perform a remote DNS reverse lookup with the provided IP address.
1559 ///
1560 /// On success, return a list of hostnames.
1561 pub async fn resolve_ptr(&self, addr: IpAddr) -> crate::Result<Vec<String>> {
1562 self.resolve_ptr_with_prefs(addr, &self.connect_prefs).await
1563 }
1564
1565 /// Perform a remote DNS reverse lookup with the provided IP address.
1566 ///
1567 /// On success, return a list of hostnames.
1568 pub async fn resolve_ptr_with_prefs(
1569 &self,
1570 addr: IpAddr,
1571 prefs: &StreamPrefs,
1572 ) -> crate::Result<Vec<String>> {
1573 let circ = self.get_or_launch_exit_circ(&[], prefs).await?;
1574
1575 let resolve_ptr_future = circ.resolve_ptr(addr);
1576 let hostnames = self
1577 .runtime
1578 .timeout(
1579 self.timeoutcfg.get().resolve_ptr_timeout,
1580 resolve_ptr_future,
1581 )
1582 .await
1583 .map_err(|_| ErrorDetail::ExitTimeout)?
1584 .map_err(|cause| ErrorDetail::StreamFailed {
1585 cause,
1586 kind: "reverse DNS lookup",
1587 })?;
1588
1589 Ok(hostnames)
1590 }
1591
1592 /// Return a reference to this client's directory manager.
1593 ///
1594 /// This function is unstable. It is only enabled if the crate was
1595 /// built with the `experimental-api` feature.
1596 #[cfg(feature = "experimental-api")]
1597 pub fn dirmgr(&self) -> &Arc<dyn tor_dirmgr::DirProvider> {
1598 &self.dirmgr
1599 }
1600
1601 /// Return a reference to this client's circuit manager.
1602 ///
1603 /// This function is unstable. It is only enabled if the crate was
1604 /// built with the `experimental-api` feature.
1605 #[cfg(feature = "experimental-api")]
1606 pub fn circmgr(&self) -> &Arc<tor_circmgr::CircMgr<R>> {
1607 &self.circmgr
1608 }
1609
1610 /// Return a reference to this client's channel manager.
1611 ///
1612 /// This function is unstable. It is only enabled if the crate was
1613 /// built with the `experimental-api` feature.
1614 #[cfg(feature = "experimental-api")]
1615 pub fn chanmgr(&self) -> &Arc<tor_chanmgr::ChanMgr<R>> {
1616 &self.chanmgr
1617 }
1618
1619 /// Return a reference to this client's circuit pool.
1620 ///
1621 /// This function is unstable. It is only enabled if the crate was
1622 /// built with the `experimental-api` feature and any of `onion-service-client`
1623 /// or `onion-service-service` features. This method is required to invoke
1624 /// tor_hsservice::OnionService::launch()
1625 #[cfg(all(
1626 feature = "experimental-api",
1627 any(feature = "onion-service-client", feature = "onion-service-service")
1628 ))]
1629 pub fn hs_circ_pool(&self) -> &Arc<tor_circmgr::hspool::HsCircPool<R>> {
1630 &self.hs_circ_pool
1631 }
1632
1633 /// Return a reference to the runtime being used by this client.
1634 //
1635 // This API is not a hostage to fortune since we already require that R: Clone,
1636 // and necessarily a TorClient must have a clone of it.
1637 //
1638 // We provide it simply to save callers who have a TorClient from
1639 // having to separately keep their own handle,
1640 pub fn runtime(&self) -> &R {
1641 &self.runtime
1642 }
1643
1644 /// Return a netdir that is timely according to the rules of `timeliness`.
1645 ///
1646 /// The `action` string is a description of what we wanted to do with the
1647 /// directory, to be put into the error message if we couldn't find a directory.
1648 fn netdir(
1649 &self,
1650 timeliness: Timeliness,
1651 action: &'static str,
1652 ) -> StdResult<Arc<tor_netdir::NetDir>, ErrorDetail> {
1653 use tor_netdir::Error as E;
1654 match self.dirmgr.netdir(timeliness) {
1655 Ok(netdir) => Ok(netdir),
1656 Err(E::NoInfo) | Err(E::NotEnoughInfo) => {
1657 Err(ErrorDetail::BootstrapRequired { action })
1658 }
1659 Err(error) => Err(ErrorDetail::NoDir { error, action }),
1660 }
1661 }
1662
1663 /// Get or launch an exit-suitable circuit with a given set of
1664 /// exit ports.
1665 async fn get_or_launch_exit_circ(
1666 &self,
1667 exit_ports: &[TargetPort],
1668 prefs: &StreamPrefs,
1669 ) -> StdResult<Arc<ClientCirc>, ErrorDetail> {
1670 // TODO HS probably this netdir ought to be made in connect_with_prefs
1671 // like for StreamInstructions::Hs.
1672 self.wait_for_bootstrap().await?;
1673 let dir = self.netdir(Timeliness::Timely, "build a circuit")?;
1674
1675 let circ = self
1676 .circmgr
1677 .get_or_launch_exit(
1678 dir.as_ref().into(),
1679 exit_ports,
1680 self.isolation(prefs),
1681 #[cfg(feature = "geoip")]
1682 prefs.country_code,
1683 )
1684 .await
1685 .map_err(|cause| ErrorDetail::ObtainExitCircuit {
1686 cause,
1687 exit_ports: Sensitive::new(exit_ports.into()),
1688 })?;
1689 drop(dir); // This decreases the refcount on the netdir.
1690
1691 Ok(circ)
1692 }
1693
1694 /// Return an overall [`Isolation`] for this `TorClient` and a `StreamPrefs`.
1695 ///
1696 /// This describes which operations might use
1697 /// circuit(s) with this one.
1698 ///
1699 /// This combines isolation information from
1700 /// [`StreamPrefs::prefs_isolation`]
1701 /// and the `TorClient`'s isolation (eg from [`TorClient::isolated_client`]).
1702 fn isolation(&self, prefs: &StreamPrefs) -> StreamIsolation {
1703 let mut b = StreamIsolationBuilder::new();
1704 // Always consider our client_isolation.
1705 b.owner_token(self.client_isolation);
1706 // Consider stream isolation too, if it's set.
1707 if let Some(tok) = prefs.prefs_isolation() {
1708 b.stream_isolation(tok);
1709 }
1710 // Failure should be impossible with this builder.
1711 b.build().expect("Failed to construct StreamIsolation")
1712 }
1713
1714 /// Try to launch an onion service with a given configuration.
1715 ///
1716 /// This onion service will not actually handle any requests on its own: you
1717 /// will need to
1718 /// pull [`RendRequest`](tor_hsservice::RendRequest) objects from the returned stream,
1719 /// [`accept`](tor_hsservice::RendRequest::accept) the ones that you want to
1720 /// answer, and then wait for them to give you [`StreamRequest`](tor_hsservice::StreamRequest)s.
1721 ///
1722 /// You may find the [`tor_hsservice::handle_rend_requests`] API helpful for
1723 /// translating `RendRequest`s into `StreamRequest`s.
1724 ///
1725 /// If you want to forward all the requests from an onion service to a set
1726 /// of local ports, you may want to use the `tor-hsrproxy` crate.
1727 #[cfg(feature = "onion-service-service")]
1728 pub fn launch_onion_service(
1729 &self,
1730 config: tor_hsservice::OnionServiceConfig,
1731 ) -> crate::Result<(
1732 Arc<tor_hsservice::RunningOnionService>,
1733 impl futures::Stream<Item = tor_hsservice::RendRequest>,
1734 )> {
1735 let keymgr = self
1736 .inert_client
1737 .keymgr
1738 .as_ref()
1739 .ok_or(ErrorDetail::KeystoreRequired {
1740 action: "launch onion service",
1741 })?
1742 .clone();
1743 let state_dir = self.state_directory.clone();
1744
1745 let service = tor_hsservice::OnionService::builder()
1746 .config(config) // TODO #1186: Allow override of KeyMgr for "ephemeral" operation?
1747 .keymgr(keymgr)
1748 // TODO #1186: Allow override of StateMgr for "ephemeral" operation?
1749 .state_dir(state_dir)
1750 .build()
1751 .map_err(ErrorDetail::LaunchOnionService)?;
1752 let (service, stream) = service
1753 .launch(
1754 self.runtime.clone(),
1755 self.dirmgr.clone().upcast_arc(),
1756 self.hs_circ_pool.clone(),
1757 Arc::clone(&self.path_resolver),
1758 )
1759 .map_err(ErrorDetail::LaunchOnionService)?;
1760
1761 Ok((service, stream))
1762 }
1763
1764 /// Try to launch an onion service with a given configuration and provided
1765 /// [`HsIdKeypair`]. If an onion service with the given nickname already has an
1766 /// associated `HsIdKeypair` in this `TorClient`'s `KeyMgr`, then this operation
1767 /// fails rather than overwriting the existing key.
1768 ///
1769 /// The specified `HsIdKeypair` will be inserted in the primary keystore.
1770 ///
1771 /// **Important**: depending on the configuration of your
1772 /// [primary keystore](tor_keymgr::config::PrimaryKeystoreConfig),
1773 /// the `HsIdKeypair` **may** get persisted to disk.
1774 /// By default, Arti's primary keystore is the [native](ArtiKeystoreKind::Native),
1775 /// disk-based keystore.
1776 ///
1777 /// This onion service will not actually handle any requests on its own: you
1778 /// will need to
1779 /// pull [`RendRequest`](tor_hsservice::RendRequest) objects from the returned stream,
1780 /// [`accept`](tor_hsservice::RendRequest::accept) the ones that you want to
1781 /// answer, and then wait for them to give you [`StreamRequest`](tor_hsservice::StreamRequest)s.
1782 ///
1783 /// You may find the [`tor_hsservice::handle_rend_requests`] API helpful for
1784 /// translating `RendRequest`s into `StreamRequest`s.
1785 ///
1786 /// If you want to forward all the requests from an onion service to a set
1787 /// of local ports, you may want to use the `tor-hsrproxy` crate.
1788 #[cfg(all(feature = "onion-service-service", feature = "experimental-api"))]
1789 pub fn launch_onion_service_with_hsid(
1790 &self,
1791 config: tor_hsservice::OnionServiceConfig,
1792 id_keypair: HsIdKeypair,
1793 ) -> crate::Result<(
1794 Arc<tor_hsservice::RunningOnionService>,
1795 impl futures::Stream<Item = tor_hsservice::RendRequest>,
1796 )> {
1797 let nickname = config.nickname();
1798 let hsid_spec = HsIdKeypairSpecifier::new(nickname.clone());
1799 let selector = KeystoreSelector::Primary;
1800
1801 let _kp = self
1802 .inert_client
1803 .keymgr
1804 .as_ref()
1805 .ok_or(ErrorDetail::KeystoreRequired {
1806 action: "launch onion service ex",
1807 })?
1808 .insert::<HsIdKeypair>(id_keypair, &hsid_spec, selector, false)?;
1809
1810 self.launch_onion_service(config)
1811 }
1812
1813 /// Generate a service discovery keypair for connecting to a hidden service running in
1814 /// "restricted discovery" mode.
1815 ///
1816 /// The `selector` argument is used for choosing the keystore in which to generate the keypair.
1817 /// While most users will want to write to the [`Primary`](KeystoreSelector::Primary), if you
1818 /// have configured this `TorClient` with a non-default keystore and wish to generate the
1819 /// keypair in it, you can do so by calling this function with a [KeystoreSelector::Id]
1820 /// specifying the keystore ID of your keystore.
1821 ///
1822 // Note: the selector argument exists for future-proofing reasons. We don't currently support
1823 // configuring custom or non-default keystores (see #1106).
1824 ///
1825 /// Returns an error if the key already exists in the specified key store.
1826 ///
1827 /// Important: the public part of the generated keypair must be shared with the service, and
1828 /// the service needs to be configured to allow the owner of its private counterpart to
1829 /// discover its introduction points. The caller is responsible for sharing the public part of
1830 /// the key with the hidden service.
1831 ///
1832 /// This function does not require the `TorClient` to be running or bootstrapped.
1833 //
1834 // TODO: decide whether this should use get_or_generate before making it
1835 // non-experimental
1836 #[cfg(all(
1837 feature = "onion-service-client",
1838 feature = "experimental-api",
1839 feature = "keymgr"
1840 ))]
1841 #[cfg_attr(
1842 docsrs,
1843 doc(cfg(all(
1844 feature = "onion-service-client",
1845 feature = "experimental-api",
1846 feature = "keymgr"
1847 )))
1848 )]
1849 pub fn generate_service_discovery_key(
1850 &self,
1851 selector: KeystoreSelector,
1852 hsid: HsId,
1853 ) -> crate::Result<HsClientDescEncKey> {
1854 self.inert_client
1855 .generate_service_discovery_key(selector, hsid)
1856 }
1857
1858 /// Rotate the service discovery keypair for connecting to a hidden service running in
1859 /// "restricted discovery" mode.
1860 ///
1861 /// **If the specified keystore already contains a restricted discovery keypair
1862 /// for the service, it will be overwritten.** Otherwise, a new keypair is generated.
1863 ///
1864 /// The `selector` argument is used for choosing the keystore in which to generate the keypair.
1865 /// While most users will want to write to the [`Primary`](KeystoreSelector::Primary), if you
1866 /// have configured this `TorClient` with a non-default keystore and wish to generate the
1867 /// keypair in it, you can do so by calling this function with a [KeystoreSelector::Id]
1868 /// specifying the keystore ID of your keystore.
1869 ///
1870 // Note: the selector argument exists for future-proofing reasons. We don't currently support
1871 // configuring custom or non-default keystores (see #1106).
1872 ///
1873 /// Important: the public part of the generated keypair must be shared with the service, and
1874 /// the service needs to be configured to allow the owner of its private counterpart to
1875 /// discover its introduction points. The caller is responsible for sharing the public part of
1876 /// the key with the hidden service.
1877 ///
1878 /// This function does not require the `TorClient` to be running or bootstrapped.
1879 #[cfg(all(
1880 feature = "onion-service-client",
1881 feature = "experimental-api",
1882 feature = "keymgr"
1883 ))]
1884 #[cfg_attr(
1885 docsrs,
1886 doc(cfg(all(
1887 feature = "onion-service-client",
1888 feature = "experimental-api",
1889 feature = "keymgr"
1890 )))
1891 )]
1892 pub fn rotate_service_discovery_key(
1893 &self,
1894 selector: KeystoreSelector,
1895 hsid: HsId,
1896 ) -> crate::Result<HsClientDescEncKey> {
1897 self.inert_client
1898 .rotate_service_discovery_key(selector, hsid)
1899 }
1900
1901 /// Insert a service discovery secret key for connecting to a hidden service running in
1902 /// "restricted discovery" mode
1903 ///
1904 /// The `selector` argument is used for choosing the keystore in which to generate the keypair.
1905 /// While most users will want to write to the [`Primary`](KeystoreSelector::Primary), if you
1906 /// have configured this `TorClient` with a non-default keystore and wish to insert the
1907 /// key in it, you can do so by calling this function with a [KeystoreSelector::Id]
1908 ///
1909 // Note: the selector argument exists for future-proofing reasons. We don't currently support
1910 // configuring custom or non-default keystores (see #1106).
1911 ///
1912 /// Returns an error if the key already exists in the specified key store.
1913 ///
1914 /// Important: the public part of the generated keypair must be shared with the service, and
1915 /// the service needs to be configured to allow the owner of its private counterpart to
1916 /// discover its introduction points. The caller is responsible for sharing the public part of
1917 /// the key with the hidden service.
1918 ///
1919 /// This function does not require the `TorClient` to be running or bootstrapped.
1920 #[cfg(all(
1921 feature = "onion-service-client",
1922 feature = "experimental-api",
1923 feature = "keymgr"
1924 ))]
1925 #[cfg_attr(
1926 docsrs,
1927 doc(cfg(all(
1928 feature = "onion-service-client",
1929 feature = "experimental-api",
1930 feature = "keymgr"
1931 )))
1932 )]
1933 pub fn insert_service_discovery_key(
1934 &self,
1935 selector: KeystoreSelector,
1936 hsid: HsId,
1937 hs_client_desc_enc_secret_key: HsClientDescEncSecretKey,
1938 ) -> crate::Result<HsClientDescEncKey> {
1939 self.inert_client.insert_service_discovery_key(
1940 selector,
1941 hsid,
1942 hs_client_desc_enc_secret_key,
1943 )
1944 }
1945
1946 /// Return the service discovery public key for the service with the specified `hsid`.
1947 ///
1948 /// Returns `Ok(None)` if no such key exists.
1949 ///
1950 /// This function does not require the `TorClient` to be running or bootstrapped.
1951 #[cfg(all(feature = "onion-service-client", feature = "experimental-api"))]
1952 #[cfg_attr(
1953 docsrs,
1954 doc(cfg(all(feature = "onion-service-client", feature = "experimental-api")))
1955 )]
1956 pub fn get_service_discovery_key(
1957 &self,
1958 hsid: HsId,
1959 ) -> crate::Result<Option<HsClientDescEncKey>> {
1960 self.inert_client.get_service_discovery_key(hsid)
1961 }
1962
1963 /// Removes the service discovery keypair for the service with the specified `hsid`.
1964 ///
1965 /// Returns an error if the selected keystore is not the default keystore or one of the
1966 /// configured secondary stores.
1967 ///
1968 /// Returns `Ok(None)` if no such keypair exists whereas `Ok(Some()) means the keypair was successfully removed.
1969 ///
1970 /// Returns `Err` if an error occurred while trying to remove the key.
1971 #[cfg(all(
1972 feature = "onion-service-client",
1973 feature = "experimental-api",
1974 feature = "keymgr"
1975 ))]
1976 #[cfg_attr(
1977 docsrs,
1978 doc(cfg(all(
1979 feature = "onion-service-client",
1980 feature = "experimental-api",
1981 feature = "keymgr"
1982 )))
1983 )]
1984 pub fn remove_service_discovery_key(
1985 &self,
1986 selector: KeystoreSelector,
1987 hsid: HsId,
1988 ) -> crate::Result<Option<()>> {
1989 self.inert_client
1990 .remove_service_discovery_key(selector, hsid)
1991 }
1992
1993 /// Create (but do not launch) a new
1994 /// [`OnionService`](tor_hsservice::OnionService)
1995 /// using the given configuration.
1996 ///
1997 /// The returned `OnionService` can be launched using
1998 /// [`OnionService::launch()`](tor_hsservice::OnionService::launch).
1999 #[cfg(feature = "onion-service-service")]
2000 pub fn create_onion_service(
2001 config: &TorClientConfig,
2002 svc_config: tor_hsservice::OnionServiceConfig,
2003 ) -> crate::Result<tor_hsservice::OnionService> {
2004 let inert_client = InertTorClient::new(config)?;
2005 let keymgr = inert_client.keymgr.ok_or(ErrorDetail::KeystoreRequired {
2006 action: "create onion service",
2007 })?;
2008
2009 let (state_dir, mistrust) = config.state_dir()?;
2010 let state_dir =
2011 self::StateDirectory::new(state_dir, mistrust).map_err(ErrorDetail::StateAccess)?;
2012
2013 Ok(tor_hsservice::OnionService::builder()
2014 .config(svc_config)
2015 .keymgr(keymgr)
2016 .state_dir(state_dir)
2017 .build()
2018 .map_err(ErrorDetail::OnionServiceSetup)?)
2019 }
2020
2021 /// Return a current [`status::BootstrapStatus`] describing how close this client
2022 /// is to being ready for user traffic.
2023 pub fn bootstrap_status(&self) -> status::BootstrapStatus {
2024 self.status_receiver.inner.borrow().clone()
2025 }
2026
2027 /// Return a stream of [`status::BootstrapStatus`] events that will be updated
2028 /// whenever the client's status changes.
2029 ///
2030 /// The receiver might not receive every update sent to this stream, though
2031 /// when it does poll the stream it should get the most recent one.
2032 //
2033 // TODO(nickm): will this also need to implement Send and 'static?
2034 pub fn bootstrap_events(&self) -> status::BootstrapEvents {
2035 self.status_receiver.clone()
2036 }
2037
2038 /// Change the client's current dormant mode, putting background tasks to sleep
2039 /// or waking them up as appropriate.
2040 ///
2041 /// This can be used to conserve CPU usage if you aren't planning on using the
2042 /// client for a while, especially on mobile platforms.
2043 ///
2044 /// See the [`DormantMode`] documentation for more details.
2045 pub fn set_dormant(&self, mode: DormantMode) {
2046 *self
2047 .dormant
2048 .lock()
2049 .expect("dormant lock poisoned")
2050 .borrow_mut() = Some(mode);
2051 }
2052
2053 /// Return a [`Future`](futures::Future) which resolves
2054 /// once this TorClient has stopped.
2055 #[cfg(feature = "experimental-api")]
2056 pub fn wait_for_stop(&self) -> impl futures::Future<Output = ()> + Send + Sync + 'static {
2057 // We defer to the "wait for unlock" handle on our statemgr.
2058 //
2059 // The statemgr won't actually be unlocked until it is finally
2060 // dropped, which will happen when this TorClient is
2061 // dropped—which is what we want.
2062 self.statemgr.wait_for_unlock()
2063 }
2064}
2065
2066/// Monitor `dormant_mode` and enable/disable periodic tasks as applicable
2067///
2068/// This function is spawned as a task during client construction.
2069// TODO should this perhaps be done by each TaskHandle?
2070async fn tasks_monitor_dormant<R: Runtime>(
2071 mut dormant_rx: postage::watch::Receiver<Option<DormantMode>>,
2072 netdir: Arc<dyn NetDirProvider>,
2073 chanmgr: Arc<tor_chanmgr::ChanMgr<R>>,
2074 #[cfg(feature = "bridge-client")] bridge_desc_mgr: Arc<Mutex<Option<Arc<BridgeDescMgr<R>>>>>,
2075 periodic_task_handles: Vec<TaskHandle>,
2076) {
2077 while let Some(Some(mode)) = dormant_rx.next().await {
2078 let netparams = netdir.params();
2079
2080 chanmgr
2081 .set_dormancy(mode.into(), netparams)
2082 .unwrap_or_else(|e| error_report!(e, "couldn't set dormancy"));
2083
2084 // IEFI simplifies handling of exceptional cases, as "never mind, then".
2085 #[cfg(feature = "bridge-client")]
2086 (|| {
2087 let mut bdm = bridge_desc_mgr.lock().ok()?;
2088 let bdm = bdm.as_mut()?;
2089 bdm.set_dormancy(mode.into());
2090 Some(())
2091 })();
2092
2093 let is_dormant = matches!(mode, DormantMode::Soft);
2094
2095 for task in periodic_task_handles.iter() {
2096 if is_dormant {
2097 task.cancel();
2098 } else {
2099 task.fire();
2100 }
2101 }
2102 }
2103}
2104
2105/// Alias for TorError::from(Error)
2106pub(crate) fn wrap_err<T>(err: T) -> crate::Error
2107where
2108 ErrorDetail: From<T>,
2109{
2110 ErrorDetail::from(err).into()
2111}
2112
2113#[cfg(test)]
2114mod test {
2115 // @@ begin test lint list maintained by maint/add_warning @@
2116 #![allow(clippy::bool_assert_comparison)]
2117 #![allow(clippy::clone_on_copy)]
2118 #![allow(clippy::dbg_macro)]
2119 #![allow(clippy::mixed_attributes_style)]
2120 #![allow(clippy::print_stderr)]
2121 #![allow(clippy::print_stdout)]
2122 #![allow(clippy::single_char_pattern)]
2123 #![allow(clippy::unwrap_used)]
2124 #![allow(clippy::unchecked_duration_subtraction)]
2125 #![allow(clippy::useless_vec)]
2126 #![allow(clippy::needless_pass_by_value)]
2127 //! <!-- @@ end test lint list maintained by maint/add_warning @@ -->
2128
2129 use tor_config::Reconfigure;
2130
2131 use super::*;
2132 use crate::config::TorClientConfigBuilder;
2133 use crate::{ErrorKind, HasKind};
2134
2135 #[test]
2136 fn create_unbootstrapped() {
2137 tor_rtcompat::test_with_one_runtime!(|rt| async {
2138 let state_dir = tempfile::tempdir().unwrap();
2139 let cache_dir = tempfile::tempdir().unwrap();
2140 let cfg = TorClientConfigBuilder::from_directories(state_dir, cache_dir)
2141 .build()
2142 .unwrap();
2143 let _ = TorClient::with_runtime(rt)
2144 .config(cfg)
2145 .bootstrap_behavior(BootstrapBehavior::Manual)
2146 .create_unbootstrapped()
2147 .unwrap();
2148 });
2149 }
2150
2151 #[test]
2152 fn unbootstrapped_client_unusable() {
2153 tor_rtcompat::test_with_one_runtime!(|rt| async {
2154 let state_dir = tempfile::tempdir().unwrap();
2155 let cache_dir = tempfile::tempdir().unwrap();
2156 let cfg = TorClientConfigBuilder::from_directories(state_dir, cache_dir)
2157 .build()
2158 .unwrap();
2159 let client = TorClient::with_runtime(rt)
2160 .config(cfg)
2161 .bootstrap_behavior(BootstrapBehavior::Manual)
2162 .create_unbootstrapped()
2163 .unwrap();
2164 let result = client.connect("example.com:80").await;
2165 assert!(result.is_err());
2166 assert_eq!(result.err().unwrap().kind(), ErrorKind::BootstrapRequired);
2167 });
2168 }
2169
2170 #[test]
2171 fn streamprefs_isolate_every_stream() {
2172 let mut observed = StreamPrefs::new();
2173 observed.isolate_every_stream();
2174 match observed.isolation {
2175 StreamIsolationPreference::EveryStream => (),
2176 _ => panic!("unexpected isolation: {:?}", observed.isolation),
2177 };
2178 }
2179
2180 #[test]
2181 fn streamprefs_new_has_expected_defaults() {
2182 let observed = StreamPrefs::new();
2183 assert_eq!(observed.ip_ver_pref, IpVersionPreference::Ipv4Preferred);
2184 assert!(!observed.optimistic_stream);
2185 // StreamIsolationPreference does not implement Eq, check manually.
2186 match observed.isolation {
2187 StreamIsolationPreference::None => (),
2188 _ => panic!("unexpected isolation: {:?}", observed.isolation),
2189 };
2190 }
2191
2192 #[test]
2193 fn streamprefs_new_isolation_group() {
2194 let mut observed = StreamPrefs::new();
2195 observed.new_isolation_group();
2196 match observed.isolation {
2197 StreamIsolationPreference::Explicit(_) => (),
2198 _ => panic!("unexpected isolation: {:?}", observed.isolation),
2199 };
2200 }
2201
2202 #[test]
2203 fn streamprefs_ipv6_only() {
2204 let mut observed = StreamPrefs::new();
2205 observed.ipv6_only();
2206 assert_eq!(observed.ip_ver_pref, IpVersionPreference::Ipv6Only);
2207 }
2208
2209 #[test]
2210 fn streamprefs_ipv6_preferred() {
2211 let mut observed = StreamPrefs::new();
2212 observed.ipv6_preferred();
2213 assert_eq!(observed.ip_ver_pref, IpVersionPreference::Ipv6Preferred);
2214 }
2215
2216 #[test]
2217 fn streamprefs_ipv4_only() {
2218 let mut observed = StreamPrefs::new();
2219 observed.ipv4_only();
2220 assert_eq!(observed.ip_ver_pref, IpVersionPreference::Ipv4Only);
2221 }
2222
2223 #[test]
2224 fn streamprefs_ipv4_preferred() {
2225 let mut observed = StreamPrefs::new();
2226 observed.ipv4_preferred();
2227 assert_eq!(observed.ip_ver_pref, IpVersionPreference::Ipv4Preferred);
2228 }
2229
2230 #[test]
2231 fn streamprefs_optimistic() {
2232 let mut observed = StreamPrefs::new();
2233 observed.optimistic();
2234 assert!(observed.optimistic_stream);
2235 }
2236
2237 #[test]
2238 fn streamprefs_set_isolation() {
2239 let mut observed = StreamPrefs::new();
2240 observed.set_isolation(IsolationToken::new());
2241 match observed.isolation {
2242 StreamIsolationPreference::Explicit(_) => (),
2243 _ => panic!("unexpected isolation: {:?}", observed.isolation),
2244 };
2245 }
2246
2247 #[test]
2248 fn reconfigure_all_or_nothing() {
2249 tor_rtcompat::test_with_one_runtime!(|rt| async {
2250 let state_dir = tempfile::tempdir().unwrap();
2251 let cache_dir = tempfile::tempdir().unwrap();
2252 let cfg = TorClientConfigBuilder::from_directories(state_dir, cache_dir)
2253 .build()
2254 .unwrap();
2255 let tor_client = TorClient::with_runtime(rt)
2256 .config(cfg.clone())
2257 .bootstrap_behavior(BootstrapBehavior::Manual)
2258 .create_unbootstrapped()
2259 .unwrap();
2260 tor_client
2261 .reconfigure(&cfg, Reconfigure::AllOrNothing)
2262 .unwrap();
2263 });
2264 }
2265}