# Copyright 2011-2018, Damian Johnson and The Tor Project # See LICENSE for licensing information """ Module for interacting with the Tor control socket. The :class:`~stem.control.Controller` is a wrapper around a :class:`~stem.socket.ControlSocket`, retaining many of its methods (connect, close, is_alive, etc) in addition to providing its own for working with the socket at a higher level. Stem has `several ways <../faq.html#how-do-i-connect-to-tor>`_ of getting a :class:`~stem.control.Controller`, but the most flexible are :func:`~stem.control.Controller.from_port` and :func:`~stem.control.Controller.from_socket_file`. These static :class:`~stem.control.Controller` methods give you an **unauthenticated** Controller you can then authenticate yourself using its :func:`~stem.control.Controller.authenticate` method. For example... :: import getpass import sys import stem import stem.connection from stem.control import Controller if __name__ == '__main__': try: controller = Controller.from_port() except stem.SocketError as exc: print("Unable to connect to tor on port 9051: %s" % exc) sys.exit(1) try: controller.authenticate() except stem.connection.MissingPassword: pw = getpass.getpass("Controller password: ") try: controller.authenticate(password = pw) except stem.connection.PasswordAuthFailed: print("Unable to authenticate, password is incorrect") sys.exit(1) except stem.connection.AuthenticationFailure as exc: print("Unable to authenticate: %s" % exc) sys.exit(1) print("Tor is running version %s" % controller.get_version()) controller.close() If you're fine with allowing your script to raise exceptions then this can be more nicely done as... :: from stem.control import Controller if __name__ == '__main__': with Controller.from_port() as controller: controller.authenticate() print("Tor is running version %s" % controller.get_version()) **Module Overview:** :: event_description - brief description of a tor event type Controller - General controller class intended for direct use | |- from_port - Provides a Controller based on a port connection. | +- from_socket_file - Provides a Controller based on a socket file connection. | |- authenticate - authenticates this controller with tor |- reconnect - reconnects and authenticates to socket | |- get_info - issues a GETINFO query for a parameter |- get_version - provides our tor version |- get_exit_policy - provides our exit policy |- get_ports - provides the local ports where tor is listening for connections |- get_listeners - provides the addresses and ports where tor is listening for connections |- get_accounting_stats - provides stats related to relaying limits |- get_protocolinfo - information about the controller interface |- get_user - provides the user tor is running as |- get_pid - provides the pid of our tor process |- is_user_traffic_allowed - checks if we send or receive direct user traffic | |- get_microdescriptor - querying the microdescriptor for a relay |- get_microdescriptors - provides all currently available microdescriptors |- get_server_descriptor - querying the server descriptor for a relay |- get_server_descriptors - provides all currently available server descriptors |- get_network_status - querying the router status entry for a relay |- get_network_statuses - provides all presently available router status entries |- get_hidden_service_descriptor - queries the given hidden service descriptor | |- get_conf - gets the value of a configuration option |- get_conf_map - gets the values of multiple configuration options |- is_set - determines if an option differs from its default |- set_conf - sets the value of a configuration option |- reset_conf - reverts configuration options to their default values |- set_options - sets or resets the values of multiple configuration options | |- get_hidden_service_conf - provides our hidden service configuration |- set_hidden_service_conf - sets our hidden service configuration |- create_hidden_service - creates a new hidden service or adds a new port |- remove_hidden_service - removes a hidden service or drops a port | |- list_ephemeral_hidden_services - list ephemeral hidden serivces |- create_ephemeral_hidden_service - create a new ephemeral hidden service |- remove_ephemeral_hidden_service - removes an ephemeral hidden service | |- add_event_listener - attaches an event listener to be notified of tor events |- remove_event_listener - removes a listener so it isn't notified of further events | |- is_caching_enabled - true if the controller has enabled caching |- set_caching - enables or disables caching |- clear_cache - clears any cached results | |- load_conf - loads configuration information as if it was in the torrc |- save_conf - saves configuration information to the torrc | |- is_feature_enabled - checks if a given controller feature is enabled |- enable_feature - enables a controller feature that has been disabled by default | |- get_circuit - provides an active circuit |- get_circuits - provides a list of active circuits |- new_circuit - create new circuits |- extend_circuit - create new circuits and extend existing ones |- repurpose_circuit - change a circuit's purpose |- close_circuit - close a circuit | |- get_streams - provides a list of active streams |- attach_stream - attach a stream to a circuit |- close_stream - close a stream | |- signal - sends a signal to the tor client |- is_newnym_available - true if tor would currently accept a NEWNYM signal |- get_newnym_wait - seconds until tor would accept a NEWNYM signal |- get_effective_rate - provides our effective relaying rate limit |- is_geoip_unavailable - true if we've discovered our geoip db to be unavailable |- map_address - maps one address to another such that connections to the original are replaced with the other +- drop_guards - drops our set of guard relays and picks a new set BaseController - Base controller class asynchronous message handling |- msg - communicates with the tor process |- is_alive - reports if our connection to tor is open or closed |- is_localhost - returns if the connection is for the local system or not |- connection_time - time when we last connected or disconnected |- is_authenticated - checks if we're authenticated to tor |- connect - connects or reconnects to tor |- close - shuts down our connection to the tor process |- get_socket - provides the socket used for control communication |- get_latest_heartbeat - timestamp for when we last heard from tor |- add_status_listener - notifies a callback of changes in our status +- remove_status_listener - prevents further notification of status changes .. data:: State (enum) Enumeration for states that a controller can have. ========== =========== State Description ========== =========== **INIT** new control connection **RESET** received a reset/sighup signal **CLOSED** control connection closed ========== =========== .. data:: EventType (enum) Known types of events that the :func:`~stem.control.Controller.add_event_listener` method of the :class:`~stem.control.Controller` can listen for. The most frequently listened for event types tend to be the logging events (**DEBUG**, **INFO**, **NOTICE**, **WARN**, and **ERR**), bandwidth usage (**BW**), and circuit or stream changes (**CIRC** and **STREAM**). Enums are mapped to :class:`~stem.response.events.Event` subclasses as follows... .. deprecated:: 1.6.0 Tor dropped EventType.AUTHDIR_NEWDESCS as of version 0.3.2.1. (:spec:`6e887ba`) ======================= =========== EventType Event Class ======================= =========== **ADDRMAP** :class:`stem.response.events.AddrMapEvent` **AUTHDIR_NEWDESCS** :class:`stem.response.events.AuthDirNewDescEvent` **BUILDTIMEOUT_SET** :class:`stem.response.events.BuildTimeoutSetEvent` **BW** :class:`stem.response.events.BandwidthEvent` **CELL_STATS** :class:`stem.response.events.CellStatsEvent` **CIRC** :class:`stem.response.events.CircuitEvent` **CIRC_BW** :class:`stem.response.events.CircuitBandwidthEvent` **CIRC_MINOR** :class:`stem.response.events.CircMinorEvent` **CLIENTS_SEEN** :class:`stem.response.events.ClientsSeenEvent` **CONF_CHANGED** :class:`stem.response.events.ConfChangedEvent` **CONN_BW** :class:`stem.response.events.ConnectionBandwidthEvent` **DEBUG** :class:`stem.response.events.LogEvent` **DESCCHANGED** :class:`stem.response.events.DescChangedEvent` **ERR** :class:`stem.response.events.LogEvent` **GUARD** :class:`stem.response.events.GuardEvent` **HS_DESC** :class:`stem.response.events.HSDescEvent` **HS_DESC_CONTENT** :class:`stem.response.events.HSDescContentEvent` **INFO** :class:`stem.response.events.LogEvent` **NETWORK_LIVENESS** :class:`stem.response.events.NetworkLivenessEvent` **NEWCONSENSUS** :class:`stem.response.events.NewConsensusEvent` **NEWDESC** :class:`stem.response.events.NewDescEvent` **NOTICE** :class:`stem.response.events.LogEvent` **NS** :class:`stem.response.events.NetworkStatusEvent` **ORCONN** :class:`stem.response.events.ORConnEvent` **SIGNAL** :class:`stem.response.events.SignalEvent` **STATUS_CLIENT** :class:`stem.response.events.StatusEvent` **STATUS_GENERAL** :class:`stem.response.events.StatusEvent` **STATUS_SERVER** :class:`stem.response.events.StatusEvent` **STREAM** :class:`stem.response.events.StreamEvent` **STREAM_BW** :class:`stem.response.events.StreamBwEvent` **TB_EMPTY** :class:`stem.response.events.TokenBucketEmptyEvent` **TRANSPORT_LAUNCHED** :class:`stem.response.events.TransportLaunchedEvent` **WARN** :class:`stem.response.events.LogEvent` ======================= =========== .. data:: Listener (enum) Purposes for inbound connections that Tor handles. ============= =========== Listener Description ============= =========== **OR** traffic we're relaying as a member of the network (torrc's **ORPort** and **ORListenAddress**) **DIR** mirroring for tor descriptor content (torrc's **DirPort** and **DirListenAddress**) **SOCKS** client traffic we're sending over Tor (torrc's **SocksPort** and **SocksListenAddress**) **TRANS** transparent proxy handling (torrc's **TransPort** and **TransListenAddress**) **NATD** forwarding for ipfw NATD connections (torrc's **NatdPort** and **NatdListenAddress**) **DNS** DNS lookups for our traffic (torrc's **DNSPort** and **DNSListenAddress**) **CONTROL** controller applications (torrc's **ControlPort** and **ControlListenAddress**) ============= =========== """ import calendar import collections import functools import inspect import io import os import threading import time try: # Added in 2.7 from collections import OrderedDict except ImportError: from stem.util.ordereddict import OrderedDict try: # Added in 3.x import queue except ImportError: import Queue as queue import stem.descriptor.microdescriptor import stem.descriptor.reader import stem.descriptor.router_status_entry import stem.descriptor.server_descriptor import stem.exit_policy import stem.response import stem.response.events import stem.socket import stem.util import stem.util.conf import stem.util.connection import stem.util.enum import stem.util.str_tools import stem.util.system import stem.util.tor_tools import stem.version from stem import UNDEFINED, CircStatus, Signal from stem.util import log # When closing the controller we attempt to finish processing enqueued events, # but if it takes longer than this we terminate. EVENTS_LISTENING_TIMEOUT = 0.1 MALFORMED_EVENTS = 'MALFORMED_EVENTS' # state changes a control socket can have State = stem.util.enum.Enum('INIT', 'RESET', 'CLOSED') EventType = stem.util.enum.UppercaseEnum( 'ADDRMAP', 'AUTHDIR_NEWDESCS', 'BUILDTIMEOUT_SET', 'BW', 'CELL_STATS', 'CIRC', 'CIRC_BW', 'CIRC_MINOR', 'CONF_CHANGED', 'CONN_BW', 'CLIENTS_SEEN', 'DEBUG', 'DESCCHANGED', 'ERR', 'GUARD', 'HS_DESC', 'HS_DESC_CONTENT', 'INFO', 'NETWORK_LIVENESS', 'NEWCONSENSUS', 'NEWDESC', 'NOTICE', 'NS', 'ORCONN', 'SIGNAL', 'STATUS_CLIENT', 'STATUS_GENERAL', 'STATUS_SERVER', 'STREAM', 'STREAM_BW', 'TB_EMPTY', 'TRANSPORT_LAUNCHED', 'WARN', ) Listener = stem.util.enum.UppercaseEnum( 'OR', 'DIR', 'SOCKS', 'TRANS', 'NATD', 'DNS', 'CONTROL', ) # torrc options that cannot be changed once tor's running IMMUTABLE_CONFIG_OPTIONS = set(map(stem.util.str_tools._to_unicode, map(str.lower, ( 'AccelDir', 'AccelName', 'DataDirectory', 'DisableAllSwap', 'DisableDebuggerAttachment', 'HardwareAccel', 'HiddenServiceNonAnonymousMode', 'HiddenServiceSingleHopMode', 'KeepBindCapabilities', 'PidFile', 'RunAsDaemon', 'Sandbox', 'SyslogIdentityTag', 'TokenBucketRefillInterval', 'User', )))) LOG_CACHE_FETCHES = True # provide trace level logging for cache hits # Configuration options that are fetched by a special key. The keys are # lowercase to make case insensitive lookups easier. MAPPED_CONFIG_KEYS = { 'hiddenservicedir': 'HiddenServiceOptions', 'hiddenserviceport': 'HiddenServiceOptions', 'hiddenserviceversion': 'HiddenServiceOptions', 'hiddenserviceauthorizeclient': 'HiddenServiceOptions', 'hiddenserviceoptions': 'HiddenServiceOptions', } # unchangeable GETINFO parameters CACHEABLE_GETINFO_PARAMS = ( 'address', 'version', 'config-file', 'exit-policy/default', 'fingerprint', 'config/names', 'config/defaults', 'info/names', 'events/names', 'features/names', 'process/descriptor-limit', 'status/version/current', ) CACHEABLE_GETINFO_PARAMS_UNTIL_SETCONF = ( 'accounting/enabled', ) # GETCONF parameters we shouldn't cache. This includes hidden service # perameters due to the funky way they're set and retrieved (for instance, # 'SETCONF HiddenServiceDir' effects 'GETCONF HiddenServiceOptions'). UNCACHEABLE_GETCONF_PARAMS = ( 'hiddenserviceoptions', 'hiddenservicedir', 'hiddenserviceport', 'hiddenserviceversion', 'hiddenserviceauthorizeclient', ) SERVER_DESCRIPTORS_UNSUPPORTED = "Tor is currently not configured to retrieve \ server descriptors. As of Tor version 0.2.3.25 it downloads microdescriptors \ instead unless you set 'UseMicrodescriptors 0' in your torrc." EVENT_DESCRIPTIONS = None class AccountingStats(collections.namedtuple('AccountingStats', ['retrieved', 'status', 'interval_end', 'time_until_reset', 'read_bytes', 'read_bytes_left', 'read_limit', 'written_bytes', 'write_bytes_left', 'write_limit'])): """ Accounting information, determining the limits where our relay suspends itself. :var float retrieved: unix timestamp for when this was fetched :var str status: hibernation status of 'awake', 'soft', or 'hard' :var datetime interval_end: time when our limits reset :var int time_until_reset: seconds until our limits reset :var int read_bytes: number of bytes we've read relaying :var int read_bytes_left: number of bytes we can read until we suspend :var int read_limit: reading threshold where we suspend :var int written_bytes: number of bytes we've written relaying :var int write_bytes_left: number of bytes we can write until we suspend :var int write_limit: writing threshold where we suspend """ class UserTrafficAllowed(collections.namedtuple('UserTrafficAllowed', ['inbound', 'outbound'])): """ Indicates if we're likely to be servicing direct user traffic or not. :var bool inbound: if **True** we're likely providing guard or bridge connnections :var bool outbound: if **True** we're likely providng exit connections """ class CreateHiddenServiceOutput(collections.namedtuple('CreateHiddenServiceOutput', ['path', 'hostname', 'hostname_for_client', 'config'])): """ Attributes of a hidden service we've created. Both the **hostnames** and **hostname_for_client** attributes can only be provided if we're able to read the hidden service directory. If the method was called with **client_names** then we may provide the **hostname_for_client**, and otherwise can provide the **hostnames**. :var str path: hidden service directory :var str hostname: content of the hostname file if available :var dict hostname_for_client: mapping of client names to their onion address if available :var dict config: tor's new hidden service configuration """ def with_default(yields = False): """ Provides a decorator to support having a default value. This should be treated as private. """ def decorator(func): def get_default(func, args, kwargs): arg_names = inspect.getargspec(func).args[1:] # drop 'self' default_position = arg_names.index('default') if 'default' in arg_names else None if default_position is not None and default_position < len(args): return args[default_position] else: return kwargs.get('default', UNDEFINED) if not yields: @functools.wraps(func) def wrapped(self, *args, **kwargs): try: return func(self, *args, **kwargs) except: default = get_default(func, args, kwargs) if default == UNDEFINED: raise else: return default else: @functools.wraps(func) def wrapped(self, *args, **kwargs): try: for val in func(self, *args, **kwargs): yield val except: default = get_default(func, args, kwargs) if default == UNDEFINED: raise else: if default is not None: for val in default: yield val return wrapped return decorator def event_description(event): """ Provides a description for Tor events. :param str event: the event for which a description is needed :returns: **str** The event description or **None** if this is an event name we don't have a description for """ global EVENT_DESCRIPTIONS if EVENT_DESCRIPTIONS is None: config = stem.util.conf.Config() config_path = os.path.join(os.path.dirname(__file__), 'settings.cfg') try: config.load(config_path) EVENT_DESCRIPTIONS = dict([(key.lower()[18:], config.get_value(key)) for key in config.keys() if key.startswith('event.description.')]) except Exception as exc: log.warn("BUG: stem failed to load its internal manual information from '%s': %s" % (config_path, exc)) return None return EVENT_DESCRIPTIONS.get(event.lower()) class BaseController(object): """ Controller for the tor process. This is a minimal base class for other controllers, providing basic process communication and event listing. Don't use this directly - subclasses like the :class:`~stem.control.Controller` provide higher level functionality. It's highly suggested that you don't interact directly with the :class:`~stem.socket.ControlSocket` that we're constructed from - use our wrapper methods instead. If the **control_socket** is already authenticated to Tor then the caller should provide the **is_authenticated** flag. Otherwise, we will treat the socket as though it hasn't yet been authenticated. """ def __init__(self, control_socket, is_authenticated = False): self._socket = control_socket self._msg_lock = threading.RLock() self._status_listeners = [] # tuples of the form (callback, spawn_thread) self._status_listeners_lock = threading.RLock() # queues where incoming messages are directed self._reply_queue = queue.Queue() self._event_queue = queue.Queue() # thread to continually pull from the control socket self._reader_thread = None # thread to pull from the _event_queue and call handle_event self._event_notice = threading.Event() self._event_thread = None # saves our socket's prior _connect() and _close() methods so they can be # called along with ours self._socket_connect = self._socket._connect self._socket_close = self._socket._close self._socket._connect = self._connect self._socket._close = self._close self._last_heartbeat = 0.0 # timestamp for when we last heard from tor self._is_authenticated = False self._state_change_threads = [] # threads we've spawned to notify of state changes if self._socket.is_alive(): self._launch_threads() if is_authenticated: self._post_authentication() def msg(self, message): """ Sends a message to our control socket and provides back its reply. :param str message: message to be formatted and sent to tor :returns: :class:`~stem.response.ControlMessage` with the response :raises: * :class:`stem.ProtocolError` the content from the socket is malformed * :class:`stem.SocketError` if a problem arises in using the socket * :class:`stem.SocketClosed` if the socket is shut down """ with self._msg_lock: # If our _reply_queue isn't empty then one of a few things happened... # # - Our connection was closed and probably re-restablished. This was # in reply to pulling for an asynchronous event and getting this is # expected - ignore it. # # - Pulling for asynchronous events produced an error. If this was a # ProtocolError then it's a tor bug, and if a non-closure SocketError # then it was probably a socket glitch. Deserves an INFO level log # message. # # - This is a leftover response for a msg() call. We can't tell who an # exception was earmarked for, so we only know that this was the case # if it's a ControlMessage. # # This is the most concerning situation since it indicates that one of # our callers didn't get their reply. However, this is still a # perfectly viable use case. For instance... # # 1. We send a request. # 2. The reader thread encounters an exception, for instance a socket # error. We enqueue the exception. # 3. The reader thread receives the reply. # 4. We raise the socket error, and have an undelivered message. # # Thankfully this only seems to arise in edge cases around rapidly # closing/reconnecting the socket. while not self._reply_queue.empty(): try: response = self._reply_queue.get_nowait() if isinstance(response, stem.SocketClosed): pass # this is fine elif isinstance(response, stem.ProtocolError): log.info('Tor provided a malformed message (%s)' % response) elif isinstance(response, stem.ControllerError): log.info('Socket experienced a problem (%s)' % response) elif isinstance(response, stem.response.ControlMessage): log.info('Failed to deliver a response: %s' % response) except queue.Empty: # the empty() method is documented to not be fully reliable so this # isn't entirely surprising break try: self._socket.send(message) response = self._reply_queue.get() # If the message we received back had an exception then re-raise it to the # caller. Otherwise return the response. if isinstance(response, stem.ControllerError): raise response else: return response except stem.SocketClosed: # If the recv() thread caused the SocketClosed then we could still be # in the process of closing. Calling close() here so that we can # provide an assurance to the caller that when we raise a SocketClosed # exception we are shut down afterward for realz. self.close() raise def is_alive(self): """ Checks if our socket is currently connected. This is a pass-through for our socket's :func:`~stem.socket.BaseSocket.is_alive` method. :returns: **bool** that's **True** if our socket is connected and **False** otherwise """ return self._socket.is_alive() def is_localhost(self): """ Returns if the connection is for the local system or not. .. versionadded:: 1.3.0 :returns: **bool** that's **True** if the connection is for the local host and **False** otherwise """ return self._socket.is_localhost() def connection_time(self): """ Provides the unix timestamp for when our socket was either connected or disconnected. That is to say, the time we connected if we're currently connected and the time we disconnected if we're not connected. .. versionadded:: 1.3.0 :returns: **float** for when we last connected or disconnected, zero if we've never connected """ return self._socket.connection_time() def is_authenticated(self): """ Checks if our socket is both connected and authenticated. :returns: **bool** that's **True** if our socket is authenticated to tor and **False** otherwise """ return self._is_authenticated if self.is_alive() else False def connect(self): """ Reconnects our control socket. This is a pass-through for our socket's :func:`~stem.socket.ControlSocket.connect` method. :raises: :class:`stem.SocketError` if unable to make a socket """ self._socket.connect() def close(self): """ Closes our socket connection. This is a pass-through for our socket's :func:`~stem.socket.BaseSocket.close` method. """ self._socket.close() # Join on any outstanding state change listeners. Closing is a state change # of its own, so if we have any listeners it's quite likely there's some # work in progress. # # It's important that we do this outside of our locks so those daemons have # access to us. This is why we're doing this here rather than _close(). for t in self._state_change_threads: if t.is_alive() and threading.current_thread() != t: t.join() def get_socket(self): """ Provides the socket used to speak with the tor process. Communicating with the socket directly isn't advised since it may confuse this controller. :returns: :class:`~stem.socket.ControlSocket` we're communicating with """ return self._socket def get_latest_heartbeat(self): """ Provides the unix timestamp for when we last heard from tor. This is zero if we've never received a message. :returns: float for the unix timestamp of when we last heard from tor """ return self._last_heartbeat def add_status_listener(self, callback, spawn = True): """ Notifies a given function when the state of our socket changes. Functions are expected to be of the form... :: my_function(controller, state, timestamp) The state is a value from the :data:`stem.control.State` enum. Functions **must** allow for new values. The timestamp is a float for the unix time when the change occurred. This class only provides **State.INIT** and **State.CLOSED** notifications. Subclasses may provide others. If spawn is **True** then the callback is notified via a new daemon thread. If **False** then the notice is under our locks, within the thread where the change occurred. In general this isn't advised, especially if your callback could block for a while. If still outstanding these threads are joined on as part of closing this controller. :param function callback: function to be notified when our state changes :param bool spawn: calls function via a new thread if **True**, otherwise it's part of the connect/close method call """ with self._status_listeners_lock: self._status_listeners.append((callback, spawn)) def remove_status_listener(self, callback): """ Stops listener from being notified of further events. :param function callback: function to be removed from our listeners :returns: **bool** that's **True** if we removed one or more occurrences of the callback, **False** otherwise """ with self._status_listeners_lock: new_listeners, is_changed = [], False for listener, spawn in self._status_listeners: if listener != callback: new_listeners.append((listener, spawn)) else: is_changed = True self._status_listeners = new_listeners return is_changed def __enter__(self): return self def __exit__(self, exit_type, value, traceback): self.close() def _handle_event(self, event_message): """ Callback to be overwritten by subclasses for event listening. This is notified whenever we receive an event from the control socket. :param stem.response.ControlMessage event_message: message received from the control socket """ pass def _connect(self): self._launch_threads() self._notify_status_listeners(State.INIT) self._socket_connect() self._is_authenticated = False def _close(self): # Our is_alive() state is now false. Our reader thread should already be # awake from recv() raising a closure exception. Wake up the event thread # too so it can end. self._event_notice.set() self._is_authenticated = False # joins on our threads if it's safe to do so for t in (self._reader_thread, self._event_thread): if t and t.is_alive() and threading.current_thread() != t: t.join() self._notify_status_listeners(State.CLOSED) self._socket_close() def _post_authentication(self): # actions to be taken after we have a newly authenticated connection self._is_authenticated = True def _notify_status_listeners(self, state): """ Informs our status listeners that a state change occurred. :param stem.control.State state: state change that has occurred """ # Any changes to our is_alive() state happen under the send lock, so we # need to have it to ensure it doesn't change beneath us. with self._socket._get_send_lock(): with self._status_listeners_lock: # States imply that our socket is either alive or not, which may not # hold true when multiple events occur in quick succession. For # instance, a sighup could cause two events (State.RESET for the sighup # and State.CLOSE if it causes tor to crash). However, there's no # guarantee of the order in which they occur, and it would be bad if # listeners got the State.RESET last, implying that we were alive. expect_alive = None if state in (State.INIT, State.RESET): expect_alive = True elif state == State.CLOSED: expect_alive = False change_timestamp = time.time() if expect_alive is not None and expect_alive != self.is_alive(): return self._state_change_threads = list(filter(lambda t: t.is_alive(), self._state_change_threads)) for listener, spawn in self._status_listeners: if spawn: args = (self, state, change_timestamp) notice_thread = threading.Thread(target = listener, args = args, name = '%s notification' % state) notice_thread.setDaemon(True) notice_thread.start() self._state_change_threads.append(notice_thread) else: listener(self, state, change_timestamp) def _launch_threads(self): """ Initializes daemon threads. Threads can't be reused so we need to recreate them if we're restarted. """ # In theory concurrent calls could result in multiple start() calls on a # single thread, which would cause an unexpected exception. Best be safe. with self._socket._get_send_lock(): if not self._reader_thread or not self._reader_thread.is_alive(): self._reader_thread = threading.Thread(target = self._reader_loop, name = 'Tor listener') self._reader_thread.setDaemon(True) self._reader_thread.start() if not self._event_thread or not self._event_thread.is_alive(): self._event_thread = threading.Thread(target = self._event_loop, name = 'Event notifier') self._event_thread.setDaemon(True) self._event_thread.start() def _reader_loop(self): """ Continually pulls from the control socket, directing the messages into queues based on their type. Controller messages come in two varieties... * Responses to messages we've sent (GETINFO, SETCONF, etc). * Asynchronous events, identified by a status code of 650. """ while self.is_alive(): try: control_message = self._socket.recv() self._last_heartbeat = time.time() if control_message.content()[-1][0] == '650': # asynchronous message, adds to the event queue and wakes up its handler self._event_queue.put(control_message) self._event_notice.set() else: # response to a msg() call self._reply_queue.put(control_message) except stem.ControllerError as exc: # Assume that all exceptions belong to the reader. This isn't always # true, but the msg() call can do a better job of sorting it out. # # Be aware that the msg() method relies on this to unblock callers. self._reply_queue.put(exc) def _event_loop(self): """ Continually pulls messages from the _event_queue and sends them to our handle_event callback. This is done via its own thread so subclasses with a lengthy handle_event implementation don't block further reading from the socket. """ socket_closed_at = None while True: try: event_message = self._event_queue.get_nowait() self._handle_event(event_message) # Attempt to finish processing enqueued events when our controller closes if not self.is_alive(): if not socket_closed_at: socket_closed_at = time.time() elif time.time() - socket_closed_at > EVENTS_LISTENING_TIMEOUT: break except queue.Empty: if not self.is_alive(): break self._event_notice.wait() self._event_notice.clear() class Controller(BaseController): """ Connection with Tor's control socket. This is built on top of the BaseController and provides a more user friendly API for library users. """ @staticmethod def from_port(address = '127.0.0.1', port = 'default'): """ Constructs a :class:`~stem.socket.ControlPort` based Controller. If the **port** is **'default'** then this checks on both 9051 (default for relays) and 9151 (default for the Tor Browser). This default may change in the future. .. versionchanged:: 1.5.0 Use both port 9051 and 9151 by default. :param str address: ip address of the controller :param int port: port number of the controller :returns: :class:`~stem.control.Controller` attached to the given port :raises: :class:`stem.SocketError` if we're unable to establish a connection """ import stem.connection if not stem.util.connection.is_valid_ipv4_address(address): raise ValueError('Invalid IP address: %s' % address) elif port != 'default' and not stem.util.connection.is_valid_port(port): raise ValueError('Invalid port: %s' % port) if port == 'default': control_port = stem.connection._connection_for_default_port(address) else: control_port = stem.socket.ControlPort(address, port) return Controller(control_port) @staticmethod def from_socket_file(path = '/var/run/tor/control'): """ Constructs a :class:`~stem.socket.ControlSocketFile` based Controller. :param str path: path where the control socket is located :returns: :class:`~stem.control.Controller` attached to the given socket file :raises: :class:`stem.SocketError` if we're unable to establish a connection """ control_socket = stem.socket.ControlSocketFile(path) return Controller(control_socket) def __init__(self, control_socket, is_authenticated = False): self._is_caching_enabled = True self._request_cache = {} self._last_newnym = 0.0 self._cache_lock = threading.RLock() # mapping of event types to their listeners self._event_listeners = {} self._event_listeners_lock = threading.RLock() self._enabled_features = [] self._is_geoip_unavailable = None self._last_address_exc = None self._last_fingerprint_exc = None super(Controller, self).__init__(control_socket, is_authenticated) def _sighup_listener(event): if event.signal == Signal.RELOAD: self.clear_cache() self._notify_status_listeners(State.RESET) self.add_event_listener(_sighup_listener, EventType.SIGNAL) def _confchanged_listener(event): if self.is_caching_enabled(): to_cache_changed = dict((k.lower(), v) for k, v in event.changed.items()) to_cache_unset = dict((k.lower(), []) for k in event.unset) # [] represents None value in cache to_cache = {} to_cache.update(to_cache_changed) to_cache.update(to_cache_unset) self._set_cache(to_cache, 'getconf') self._confchanged_cache_invalidation(to_cache) self.add_event_listener(_confchanged_listener, EventType.CONF_CHANGED) def _address_changed_listener(event): if event.action in ('EXTERNAL_ADDRESS', 'DNS_USELESS'): self._set_cache({'exit_policy': None}) self._set_cache({'address': None}, 'getinfo') self._last_address_exc = None self.add_event_listener(_address_changed_listener, EventType.STATUS_SERVER) def close(self): self.clear_cache() super(Controller, self).close() def authenticate(self, *args, **kwargs): """ A convenience method to authenticate the controller. This is just a pass-through to :func:`stem.connection.authenticate`. """ import stem.connection stem.connection.authenticate(self, *args, **kwargs) def reconnect(self, *args, **kwargs): """ Reconnects and authenticates to our control socket. .. versionadded:: 1.5.0 :raises: * :class:`stem.SocketError` if unable to re-establish socket * :class:`stem.connection.AuthenticationFailure` if unable to authenticate """ with self._msg_lock: self.connect() self.clear_cache() self.authenticate(*args, **kwargs) @with_default() def get_info(self, params, default = UNDEFINED, get_bytes = False): """ get_info(params, default = UNDEFINED, get_bytes = False) Queries the control socket for the given GETINFO option. If provided a default then that's returned if the GETINFO option is undefined or the call fails for any reason (error response, control port closed, initiated, etc). .. versionchanged:: 1.1.0 Added the get_bytes argument. .. versionchanged:: 1.7.0 Errors commonly provided a :class:`stem.ProtocolError` when we should raise a :class:`stem.OperationFailed`. :param str,list params: GETINFO option or options to be queried :param object default: response if the query fails :param bool get_bytes: provides **bytes** values rather than a **str** under python 3.x :returns: Response depends upon how we were called as follows... * **str** with the response if our param was a **str** * **dict** with the 'param => response' mapping if our param was a **list** * default if one was provided and our call failed :raises: * :class:`stem.ControllerError` if the call fails and we weren't provided a default response * :class:`stem.InvalidArguments` if the 'params' requested was invalid * :class:`stem.ProtocolError` if the geoip database is unavailable """ start_time = time.time() reply = {} if stem.util._is_str(params): is_multiple = False params = set([params]) else: if not params: return {} is_multiple = True params = set(params) for param in params: if param.startswith('ip-to-country/') and param != 'ip-to-country/0.0.0.0' and self.is_geoip_unavailable(): raise stem.ProtocolError('Tor geoip database is unavailable') elif param == 'address' and self._last_address_exc: raise self._last_address_exc # we already know we can't resolve an address elif param == 'fingerprint' and self._last_fingerprint_exc and self.get_conf('ORPort', None) is None: raise self._last_fingerprint_exc # we already know we're not a relay # check for cached results from_cache = [param.lower() for param in params] cached_results = self._get_cache_map(from_cache, 'getinfo') for key in cached_results: user_expected_key = _case_insensitive_lookup(params, key) reply[user_expected_key] = cached_results[key] params.remove(user_expected_key) # if everything was cached then short circuit making the query if not params: if LOG_CACHE_FETCHES: log.trace('GETINFO %s (cache fetch)' % ' '.join(reply.keys())) if is_multiple: return reply else: return list(reply.values())[0] try: response = self.msg('GETINFO %s' % ' '.join(params)) stem.response.convert('GETINFO', response) response._assert_matches(params) # usually we want unicode values under python 3.x if stem.prereq.is_python_3() and not get_bytes: response.entries = dict((k, stem.util.str_tools._to_unicode(v)) for (k, v) in response.entries.items()) reply.update(response.entries) if self.is_caching_enabled(): to_cache = {} for key, value in response.entries.items(): key = key.lower() # make case insensitive if key in CACHEABLE_GETINFO_PARAMS or key in CACHEABLE_GETINFO_PARAMS_UNTIL_SETCONF: to_cache[key] = value elif key.startswith('ip-to-country/'): to_cache[key] = value self._set_cache(to_cache, 'getinfo') if 'address' in params: self._last_address_exc = None if 'fingerprint' in params: self._last_fingerprint_exc = None log.debug('GETINFO %s (runtime: %0.4f)' % (' '.join(params), time.time() - start_time)) if is_multiple: return reply else: return list(reply.values())[0] except stem.ControllerError as exc: if 'address' in params: self._last_address_exc = exc if 'fingerprint' in params: self._last_fingerprint_exc = exc log.debug('GETINFO %s (failed: %s)' % (' '.join(params), exc)) raise @with_default() def get_version(self, default = UNDEFINED): """ get_version(default = UNDEFINED) A convenience method to get tor version that current controller is connected to. :param object default: response if the query fails :returns: :class:`~stem.version.Version` of the tor instance that we're connected to :raises: * :class:`stem.ControllerError` if unable to query the version * **ValueError** if unable to parse the version An exception is only raised if we weren't provided a default response. """ version = self._get_cache('version') if not version: version_str = self.get_info('version') version = stem.version.Version(version_str[4:] if version_str.startswith('Tor ') else version_str) self._set_cache({'version': version}) return version @with_default() def get_exit_policy(self, default = UNDEFINED): """ get_exit_policy(default = UNDEFINED) Effective ExitPolicy for our relay. .. versionchanged:: 1.7.0 Policies retrieved through 'GETINFO exit-policy/full' rather than parsing the user's torrc entries. This should be more reliable for some edge cases. (:trac:`25739`) :param object default: response if the query fails :returns: :class:`~stem.exit_policy.ExitPolicy` of the tor instance that we're connected to :raises: * :class:`stem.ControllerError` if unable to query the policy * **ValueError** if unable to parse the policy An exception is only raised if we weren't provided a default response. """ policy = self._get_cache('exit_policy') if not policy: try: policy = stem.exit_policy.ExitPolicy(*self.get_info('exit-policy/full').splitlines()) self._set_cache({'exit_policy': policy}) except stem.OperationFailed: # There's a few situations where 'GETINFO exit-policy/full' will fail, # most commonly... # # * Error 551: Descriptor still rebuilding - not ready yet # # Tor hasn't yet finished making our server descriptor. This often # arises when tor has first started. # # * Error 552: Not running in server mode # # We're not configured to be a relay (no ORPort), or haven't yet # been able to determine our externally facing IP address. # # When these arise best we can do is infer our policy from the torrc. # Skipping caching so we'll retry GETINFO policy resolution next time # we're called. rules = [] if self.get_conf('ExitRelay') == '0': rules.append('reject *:*') if self.get_conf('ExitPolicyRejectPrivate') == '1': rules.append('reject private:*') for policy_line in self.get_conf('ExitPolicy', multiple = True): rules += policy_line.split(',') rules += self.get_info('exit-policy/default').split(',') policy = stem.exit_policy.get_config_policy(rules, self.get_info('address', None)) return policy @with_default() def get_ports(self, listener_type, default = UNDEFINED): """ get_ports(listener_type, default = UNDEFINED) Provides the local ports where tor is listening for the given type of connections. This is similar to :func:`~stem.control.Controller.get_listeners`, but doesn't provide addresses nor include non-local endpoints. .. versionadded:: 1.2.0 :param stem.control.Listener listener_type: connection type being handled by the ports we return :param object default: response if the query fails :returns: **list** of **ints** for the local ports where tor handles connections of the given type :raises: :class:`stem.ControllerError` if unable to determine the ports and no default was provided """ def is_localhost(address): if stem.util.connection.is_valid_ipv4_address(address): return address == '0.0.0.0' or address.startswith('127.') elif stem.util.connection.is_valid_ipv6_address(address): return stem.util.connection.expand_ipv6_address(address) in ( '0000:0000:0000:0000:0000:0000:0000:0000', '0000:0000:0000:0000:0000:0000:0000:0001', ) else: log.info("Request for %s ports got an address that's neither IPv4 or IPv6: %s" % (listener_type, address)) return False return [port for (addr, port) in self.get_listeners(listener_type) if is_localhost(addr)] @with_default() def get_listeners(self, listener_type, default = UNDEFINED): """ get_listeners(listener_type, default = UNDEFINED) Provides the addresses and ports where tor is listening for connections of the given type. This is similar to :func:`~stem.control.Controller.get_ports` but includes listener addresses and non-local endpoints. .. versionadded:: 1.2.0 .. versionchanged:: 1.5.0 Recognize listeners with IPv6 addresses. :param stem.control.Listener listener_type: connection type being handled by the listeners we return :param object default: response if the query fails :returns: **list** of **(address, port)** tuples for the available listeners :raises: :class:`stem.ControllerError` if unable to determine the listeners and no default was provided """ listeners = self._get_cache(listener_type, 'listeners') if listeners is None: proxy_addrs = [] query = 'net/listeners/%s' % listener_type.lower() try: for listener in self.get_info(query).split(): if not (listener.startswith('"') and listener.endswith('"')): raise stem.ProtocolError("'GETINFO %s' responses are expected to be quoted: %s" % (query, listener)) elif ':' not in listener: raise stem.ProtocolError("'GETINFO %s' had a listener without a colon: %s" % (query, listener)) listener = listener[1:-1] # strip quotes addr, port = listener.rsplit(':', 1) # Skip unix sockets, for instance... # # GETINFO net/listeners/control # 250-net/listeners/control="unix:/tmp/tor/socket" # 250 OK if addr == 'unix': continue if addr.startswith('[') and addr.endswith(']'): addr = addr[1:-1] # unbracket ipv6 address proxy_addrs.append((addr, port)) except stem.InvalidArguments: # Tor version is old (pre-tor-0.2.2.26-beta), use get_conf() instead. # Some options (like the ORPort) can have optional attributes after the # actual port number. port_option = { Listener.OR: 'ORPort', Listener.DIR: 'DirPort', Listener.SOCKS: 'SocksPort', Listener.TRANS: 'TransPort', Listener.NATD: 'NatdPort', Listener.DNS: 'DNSPort', Listener.CONTROL: 'ControlPort', }[listener_type] listener_option = { Listener.OR: 'ORListenAddress', Listener.DIR: 'DirListenAddress', Listener.SOCKS: 'SocksListenAddress', Listener.TRANS: 'TransListenAddress', Listener.NATD: 'NatdListenAddress', Listener.DNS: 'DNSListenAddress', Listener.CONTROL: 'ControlListenAddress', }[listener_type] port_value = self.get_conf(port_option).split()[0] for listener in self.get_conf(listener_option, multiple = True): if ':' in listener: addr, port = listener.rsplit(':', 1) if addr.startswith('[') and addr.endswith(']'): addr = addr[1:-1] # unbracket ipv6 address proxy_addrs.append((addr, port)) else: proxy_addrs.append((listener, port_value)) # validate that address/ports are valid, and convert ports to ints for addr, port in proxy_addrs: if not stem.util.connection.is_valid_ipv4_address(addr) and not stem.util.connection.is_valid_ipv6_address(addr): raise stem.ProtocolError('Invalid address for a %s listener: %s' % (listener_type, addr)) elif not stem.util.connection.is_valid_port(port): raise stem.ProtocolError('Invalid port for a %s listener: %s' % (listener_type, port)) listeners = [(addr, int(port)) for (addr, port) in proxy_addrs] self._set_cache({listener_type: listeners}, 'listeners') return listeners @with_default() def get_accounting_stats(self, default = UNDEFINED): """ get_accounting_stats(default = UNDEFINED) Provides stats related to our relaying limitations if AccountingMax was set in our torrc. .. versionadded:: 1.3.0 :param object default: response if the query fails :returns: :class:`~stem.control.AccountingStats` with our accounting stats :raises: :class:`stem.ControllerError` if unable to determine the listeners and no default was provided """ if self.get_info('accounting/enabled') != '1': raise stem.ControllerError("Accounting isn't enabled") retrieved = time.time() status = self.get_info('accounting/hibernating') interval_end = self.get_info('accounting/interval-end') used = self.get_info('accounting/bytes') left = self.get_info('accounting/bytes-left') interval_end = stem.util.str_tools._parse_timestamp(interval_end) used_read, used_written = [int(val) for val in used.split(' ', 1)] left_read, left_written = [int(val) for val in left.split(' ', 1)] return AccountingStats( retrieved = retrieved, status = status, interval_end = interval_end, time_until_reset = calendar.timegm(interval_end.timetuple()) - int(retrieved), read_bytes = used_read, read_bytes_left = left_read, read_limit = used_read + left_read, written_bytes = used_written, write_bytes_left = left_written, write_limit = used_written + left_written, ) def get_socks_listeners(self, default = UNDEFINED): """ Provides the SOCKS **(address, port)** tuples that tor has open. .. deprecated:: 1.2.0 Use :func:`~stem.control.Controller.get_listeners` with **Listener.SOCKS** instead. :param object default: response if the query fails :returns: list of **(address, port)** tuples for the available SOCKS listeners :raises: :class:`stem.ControllerError` if unable to determine the listeners and no default was provided """ return self.get_listeners(Listener.SOCKS, default) @with_default() def get_protocolinfo(self, default = UNDEFINED): """ get_protocolinfo(default = UNDEFINED) A convenience method to get the protocol info of the controller. :param object default: response if the query fails :returns: :class:`~stem.response.protocolinfo.ProtocolInfoResponse` provided by tor :raises: * :class:`stem.ProtocolError` if the PROTOCOLINFO response is malformed * :class:`stem.SocketError` if problems arise in establishing or using the socket An exception is only raised if we weren't provided a default response. """ import stem.connection return stem.connection.get_protocolinfo(self) @with_default() def get_user(self, default = UNDEFINED): """ get_user(default = UNDEFINED) Provides the user tor is running as. This often only works if tor is running locally. Also, most of its checks are platform dependent, and hence are not entirely reliable. .. versionadded:: 1.1.0 :param object default: response if the query fails :returns: str with the username tor is running as """ user = self._get_cache('user') if not user: user = self.get_info('process/user', None) if not user and self.is_localhost(): pid = self.get_pid(None) if pid: user = stem.util.system.user(pid) if user: self._set_cache({'user': user}) return user else: raise ValueError("Unable to resolve tor's user" if self.is_localhost() else "Tor isn't running locally") @with_default() def get_pid(self, default = UNDEFINED): """ get_pid(default = UNDEFINED) Provides the process id of tor. This often only works if tor is running locally. Also, most of its checks are platform dependent, and hence are not entirely reliable. .. versionadded:: 1.1.0 :param object default: response if the query fails :returns: **int** for tor's pid :raises: **ValueError** if unable to determine the pid and no default was provided """ pid = self._get_cache('pid') if not pid: getinfo_pid = self.get_info('process/pid', None) if getinfo_pid and getinfo_pid.isdigit(): pid = int(getinfo_pid) if not pid and self.is_localhost(): pid_file_path = self.get_conf('PidFile', None) if pid_file_path is not None: with open(pid_file_path) as pid_file: pid_file_contents = pid_file.read().strip() if pid_file_contents.isdigit(): pid = int(pid_file_contents) if not pid: pid = stem.util.system.pid_by_name('tor') if not pid: control_socket = self.get_socket() if isinstance(control_socket, stem.socket.ControlPort): pid = stem.util.system.pid_by_port(control_socket.port) elif isinstance(control_socket, stem.socket.ControlSocketFile): pid = stem.util.system.pid_by_open_file(control_socket.path) if pid: self._set_cache({'pid': pid}) return pid else: raise ValueError("Unable to resolve tor's pid" if self.is_localhost() else "Tor isn't running locally") def is_user_traffic_allowed(self): """ Checks if we're likely to service direct user traffic. This essentially boils down to... * If we're a bridge or guard relay, inbound connections are possibly from users. * If our exit policy allows traffic then output connections are possibly from users. Note the word 'likely'. These is a decent guess in practice, but not always correct. For instance, information about which flags we have are only fetched periodically. This method is intended to help you avoid eavesdropping on user traffic. Monitoring user connections is not only unethical, but likely a violation of wiretapping laws. .. versionadded:: 1.5.0 :returns: :class:`~stem.cotroller.UserTrafficAllowed` with **inbound** and **outbound** boolean attributes to indicate if we're likely servicing direct user traffic """ inbound_allowed, outbound_allowed = False, False if self.get_conf('BridgeRelay', None) == '1': inbound_allowed = True if self.get_conf('ORPort', None): if not inbound_allowed: consensus_entry = self.get_network_status(default = None) inbound_allowed = consensus_entry and 'Guard' in consensus_entry.flags exit_policy = self.get_exit_policy(None) outbound_allowed = exit_policy and exit_policy.is_exiting_allowed() return UserTrafficAllowed(inbound_allowed, outbound_allowed) @with_default() def get_microdescriptor(self, relay = None, default = UNDEFINED): """ get_microdescriptor(relay = None, default = UNDEFINED) Provides the microdescriptor for the relay with the given fingerprint or nickname. If the relay identifier could be either a fingerprint *or* nickname then it's queried as a fingerprint. If no **relay** is provided then this defaults to ourselves. Remember that this requires that we've retrieved our own descriptor from remote authorities so this both won't be available for newly started relays and may be up to around an hour out of date. .. versionchanged:: 1.3.0 Changed so we'd fetch our own descriptor if no 'relay' is provided. :param str relay: fingerprint or nickname of the relay to be queried :param object default: response if the query fails :returns: :class:`~stem.descriptor.microdescriptor.Microdescriptor` for the given relay :raises: * :class:`stem.DescriptorUnavailable` if unable to provide a descriptor for the given relay * :class:`stem.ControllerError` if unable to query the descriptor * **ValueError** if **relay** doesn't conform with the pattern for being a fingerprint or nickname An exception is only raised if we weren't provided a default response. """ if relay is None: try: relay = self.get_info('fingerprint') except stem.ControllerError as exc: raise stem.ControllerError('Unable to determine our own fingerprint: %s' % exc) if stem.util.tor_tools.is_valid_fingerprint(relay): query = 'md/id/%s' % relay elif stem.util.tor_tools.is_valid_nickname(relay): query = 'md/name/%s' % relay else: raise ValueError("'%s' isn't a valid fingerprint or nickname" % relay) try: desc_content = self.get_info(query, get_bytes = True) except stem.InvalidArguments as exc: if str(exc).startswith('GETINFO request contained unrecognized keywords:'): raise stem.DescriptorUnavailable("Tor was unable to provide the descriptor for '%s'" % relay) else: raise if not desc_content: raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it') return stem.descriptor.microdescriptor.Microdescriptor(desc_content) @with_default(yields = True) def get_microdescriptors(self, default = UNDEFINED): """ get_microdescriptors(default = UNDEFINED) Provides an iterator for all of the microdescriptors that tor currently knows about. Prior to Tor 0.3.5.1 this information was not available via the control protocol. When connected to prior versions we read the microdescriptors directly from disk instead, which will not work remotely or if our process lacks read permissions. :param list default: items to provide if the query fails :returns: iterates over :class:`~stem.descriptor.microdescriptor.Microdescriptor` for relays in the tor network :raises: :class:`stem.ControllerError` if unable to query tor and no default was provided """ if self.get_version() >= stem.version.Requirement.GETINFO_MICRODESCRIPTORS: desc_content = self.get_info('md/all', get_bytes = True) if not desc_content: raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it') for desc in stem.descriptor.microdescriptor._parse_file(io.BytesIO(desc_content)): yield desc else: # TODO: remove when tor versions that require this are obsolete try: data_directory = self.get_conf('DataDirectory') except stem.ControllerError as exc: raise stem.OperationFailed(message = 'Unable to determine the data directory (%s)' % exc) cached_descriptor_path = os.path.join(data_directory, 'cached-microdescs') if not os.path.exists(data_directory): raise stem.OperationFailed(message = "Data directory reported by tor doesn't exist (%s)" % data_directory) elif not os.path.exists(cached_descriptor_path): raise stem.OperationFailed(message = "Data directory doesn't contain cached microdescriptors (%s)" % cached_descriptor_path) with stem.descriptor.reader.DescriptorReader([cached_descriptor_path]) as reader: for desc in reader: # It shouldn't be possible for these to be something other than # microdescriptors but as the saying goes: trust but verify. if not isinstance(desc, stem.descriptor.microdescriptor.Microdescriptor): raise stem.OperationFailed(message = 'BUG: Descriptor reader provided non-microdescriptor content (%s)' % type(desc)) yield desc @with_default() def get_server_descriptor(self, relay = None, default = UNDEFINED): """ get_server_descriptor(relay = None, default = UNDEFINED) Provides the server descriptor for the relay with the given fingerprint or nickname. If the relay identifier could be either a fingerprint *or* nickname then it's queried as a fingerprint. If no **relay** is provided then this defaults to ourselves. Remember that this requires that we've retrieved our own descriptor from remote authorities so this both won't be available for newly started relays and may be up to around an hour out of date. **As of Tor version 0.2.3.25 relays no longer get server descriptors by default.** It's advised that you use microdescriptors instead, but if you really need server descriptors then you can get them by setting 'UseMicrodescriptors 0'. .. versionchanged:: 1.3.0 Changed so we'd fetch our own descriptor if no 'relay' is provided. :param str relay: fingerprint or nickname of the relay to be queried :param object default: response if the query fails :returns: :class:`~stem.descriptor.server_descriptor.RelayDescriptor` for the given relay :raises: * :class:`stem.DescriptorUnavailable` if unable to provide a descriptor for the given relay * :class:`stem.ControllerError` if unable to query the descriptor * **ValueError** if **relay** doesn't conform with the pattern for being a fingerprint or nickname An exception is only raised if we weren't provided a default response. """ try: if relay is None: try: relay = self.get_info('fingerprint') except stem.ControllerError as exc: raise stem.ControllerError('Unable to determine our own fingerprint: %s' % exc) if stem.util.tor_tools.is_valid_fingerprint(relay): query = 'desc/id/%s' % relay elif stem.util.tor_tools.is_valid_nickname(relay): query = 'desc/name/%s' % relay else: raise ValueError("'%s' isn't a valid fingerprint or nickname" % relay) try: desc_content = self.get_info(query, get_bytes = True) except stem.InvalidArguments as exc: if str(exc).startswith('GETINFO request contained unrecognized keywords:'): raise stem.DescriptorUnavailable("Tor was unable to provide the descriptor for '%s'" % relay) else: raise if not desc_content: raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it') return stem.descriptor.server_descriptor.RelayDescriptor(desc_content) except: if not self._is_server_descriptors_available(): raise ValueError(SERVER_DESCRIPTORS_UNSUPPORTED) raise @with_default(yields = True) def get_server_descriptors(self, default = UNDEFINED): """ get_server_descriptors(default = UNDEFINED) Provides an iterator for all of the server descriptors that tor currently knows about. **As of Tor version 0.2.3.25 relays no longer get server descriptors by default.** It's advised that you use microdescriptors instead, but if you really need server descriptors then you can get them by setting 'UseMicrodescriptors 0'. :param list default: items to provide if the query fails :returns: iterates over :class:`~stem.descriptor.server_descriptor.RelayDescriptor` for relays in the tor network :raises: :class:`stem.ControllerError` if unable to query tor and no default was provided """ # TODO: We should iterate over the descriptors as they're read from the # socket rather than reading the whole thing into memory. # # https://trac.torproject.org/8248 desc_content = self.get_info('desc/all-recent', get_bytes = True) if not desc_content: if not self._is_server_descriptors_available(): raise stem.ControllerError(SERVER_DESCRIPTORS_UNSUPPORTED) else: raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it') for desc in stem.descriptor.server_descriptor._parse_file(io.BytesIO(desc_content)): yield desc def _is_server_descriptors_available(self): """ Checks to see if tor server descriptors should be available or not. """ # TODO: Replace with a 'GETINFO desc/download-enabled' request when they're # widely available... # # https://gitweb.torproject.org/torspec.git/commit/?id=378699c return self.get_version() < stem.version.Requirement.MICRODESCRIPTOR_IS_DEFAULT or \ self.get_conf('UseMicrodescriptors', None) == '0' @with_default() def get_network_status(self, relay = None, default = UNDEFINED): """ get_network_status(relay = None, default = UNDEFINED) Provides the router status entry for the relay with the given fingerprint or nickname. If the relay identifier could be either a fingerprint *or* nickname then it's queried as a fingerprint. If no **relay** is provided then this defaults to ourselves. Remember that this requires that we've retrieved our own descriptor from remote authorities so this both won't be available for newly started relays and may be up to around an hour out of date. .. versionchanged:: 1.3.0 Changed so we'd fetch our own descriptor if no 'relay' is provided. :param str relay: fingerprint or nickname of the relay to be queried :param object default: response if the query fails :returns: :class:`~stem.descriptor.router_status_entry.RouterStatusEntryV3` for the given relay :raises: * :class:`stem.DescriptorUnavailable` if unable to provide a descriptor for the given relay * :class:`stem.ControllerError` if unable to query the descriptor * **ValueError** if **relay** doesn't conform with the pattern for being a fingerprint or nickname An exception is only raised if we weren't provided a default response. """ if relay is None: try: relay = self.get_info('fingerprint') except stem.ControllerError as exc: raise stem.ControllerError('Unable to determine our own fingerprint: %s' % exc) if stem.util.tor_tools.is_valid_fingerprint(relay): query = 'ns/id/%s' % relay elif stem.util.tor_tools.is_valid_nickname(relay): query = 'ns/name/%s' % relay else: raise ValueError("'%s' isn't a valid fingerprint or nickname" % relay) try: desc_content = self.get_info(query, get_bytes = True) except stem.InvalidArguments as exc: if str(exc).startswith('GETINFO request contained unrecognized keywords:'): raise stem.DescriptorUnavailable("Tor was unable to provide the descriptor for '%s'" % relay) else: raise if not desc_content: raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it') return stem.descriptor.router_status_entry.RouterStatusEntryV3(desc_content) @with_default(yields = True) def get_network_statuses(self, default = UNDEFINED): """ get_network_statuses(default = UNDEFINED) Provides an iterator for all of the router status entries that tor currently knows about. :param list default: items to provide if the query fails :returns: iterates over :class:`~stem.descriptor.router_status_entry.RouterStatusEntryV3` for relays in the tor network :raises: :class:`stem.ControllerError` if unable to query tor and no default was provided """ # TODO: We should iterate over the descriptors as they're read from the # socket rather than reading the whole thing into memory. # # https://trac.torproject.org/8248 desc_content = self.get_info('ns/all', get_bytes = True) if not desc_content: raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it') desc_iterator = stem.descriptor.router_status_entry._parse_file( io.BytesIO(desc_content), False, entry_class = stem.descriptor.router_status_entry.RouterStatusEntryV3, ) for desc in desc_iterator: yield desc @with_default() def get_hidden_service_descriptor(self, address, default = UNDEFINED, servers = None, await_result = True, timeout = None): """ get_hidden_service_descriptor(address, default = UNDEFINED, servers = None, await_result = True) Provides the descriptor for a hidden service. The **address** is the '.onion' address of the hidden service (for instance 3g2upl4pq6kufc4m.onion for DuckDuckGo). If **await_result** is **True** then this blocks until we either receive the descriptor or the request fails. If **False** this returns right away. **This method only supports v2 hidden services, not v3.** (:trac:`25417`) .. versionadded:: 1.4.0 .. versionchanged:: 1.7.0 Added the timeout argument. :param str address: address of the hidden service descriptor, the '.onion' suffix is optional :param object default: response if the query fails :param list servers: requrest the descriptor from these specific servers :param float timeout: seconds to wait when **await_result** is **True** :returns: :class:`~stem.descriptor.hidden_service_descriptor.HiddenServiceDescriptor` for the given service if **await_result** is **True**, or **None** otherwise :raises: * :class:`stem.DescriptorUnavailable` if **await_result** is **True** and unable to provide a descriptor for the given service * :class:`stem.Timeout` if **timeout** was reached * :class:`stem.ControllerError` if unable to query the descriptor * **ValueError** if **address** doesn't conform with the pattern of a hidden service address An exception is only raised if we weren't provided a default response. """ if address.endswith('.onion'): address = address[:-6] if not stem.util.tor_tools.is_valid_hidden_service_address(address): raise ValueError("'%s.onion' isn't a valid hidden service address" % address) if self.get_version() < stem.version.Requirement.HSFETCH: raise stem.UnsatisfiableRequest(message = 'HSFETCH was added in tor version %s' % stem.version.Requirement.HSFETCH) hs_desc_queue, hs_desc_listener = queue.Queue(), None hs_desc_content_queue, hs_desc_content_listener = queue.Queue(), None start_time = time.time() if await_result: def hs_desc_listener(event): hs_desc_queue.put(event) def hs_desc_content_listener(event): hs_desc_content_queue.put(event) self.add_event_listener(hs_desc_listener, EventType.HS_DESC) self.add_event_listener(hs_desc_content_listener, EventType.HS_DESC_CONTENT) try: request = 'HSFETCH %s' % address if servers: request += ' ' + ' '.join(['SERVER=%s' % s for s in servers]) response = self.msg(request) stem.response.convert('SINGLELINE', response) if not response.is_ok(): raise stem.ProtocolError('HSFETCH returned unexpected response code: %s' % response.code) if not await_result: return None # not waiting, so nothing to provide back else: while True: event = _get_with_timeout(hs_desc_content_queue, timeout, start_time) if event.address == address: if event.descriptor: return event.descriptor else: # no descriptor, looking through HS_DESC to figure out why while True: event = _get_with_timeout(hs_desc_queue, timeout, start_time) if event.address == address and event.action == stem.HSDescAction.FAILED: if event.reason == stem.HSDescReason.NOT_FOUND: raise stem.DescriptorUnavailable('No running hidden service at %s.onion' % address) else: raise stem.DescriptorUnavailable('Unable to retrieve the descriptor for %s.onion (retrieved from %s): %s' % (address, event.directory_fingerprint, event.reason)) finally: if hs_desc_listener: self.remove_event_listener(hs_desc_listener) if hs_desc_content_listener: self.remove_event_listener(hs_desc_content_listener) def get_conf(self, param, default = UNDEFINED, multiple = False): """ get_conf(param, default = UNDEFINED, multiple = False) Queries the current value for a configuration option. Some configuration options (like the ExitPolicy) can have multiple values. This provides a **list** with all of the values if **multiple** is **True**. Otherwise this will be a **str** with the first value. If provided with a **default** then that is provided if the configuration option was unset or the query fails (invalid configuration option, error response, control port closed, initiated, etc). If the configuration value is unset and no **default** was given then this provides **None** if **multiple** was **False** and an empty list if it was **True**. :param str param: configuration option to be queried :param object default: response if the option is unset or the query fails :param bool multiple: if **True** then provides a list with all of the present values (this is an empty list if the config option is unset) :returns: Response depends upon how we were called as follows... * **str** with the configuration value if **multiple** was **False**, **None** if it was unset * **list** with the response strings if multiple was **True** * default if one was provided and the configuration option was either unset or our call failed :raises: * :class:`stem.ControllerError` if the call fails and we weren't provided a default response * :class:`stem.InvalidArguments` if the configuration option requested was invalid """ # Config options are case insensitive and don't contain whitespace. Using # strip so the following check will catch whitespace-only params. param = param.lower().strip() if not param: return default if default != UNDEFINED else None entries = self.get_conf_map(param, default, multiple) return _case_insensitive_lookup(entries, param, default) def get_conf_map(self, params, default = UNDEFINED, multiple = True): """ get_conf_map(params, default = UNDEFINED, multiple = True) Similar to :func:`~stem.control.Controller.get_conf` but queries multiple configuration options, providing back a mapping of those options to their values. There are three use cases for GETCONF: 1. a single value is provided (e.g. **ControlPort**) 2. multiple values are provided for the option (e.g. **ExitPolicy**) 3. a set of options that weren't necessarily requested are returned (for instance querying **HiddenServiceOptions** gives **HiddenServiceDir**, **HiddenServicePort**, etc) The vast majority of the options fall into the first two categories, in which case calling :func:`~stem.control.Controller.get_conf` is sufficient. However, for batch queries or the special options that give a set of values this provides back the full response. As of tor version 0.2.1.25 **HiddenServiceOptions** was the only option that falls into the third category. **Note:** HiddenServiceOptions are best retrieved via the :func:`~stem.control.Controller.get_hidden_service_conf` method instead. :param str,list params: configuration option(s) to be queried :param object default: value for the mappings if the configuration option is either undefined or the query fails :param bool multiple: if **True** then the values provided are lists with all of the present values :returns: **dict** of the 'config key => value' mappings. The value is a... * **str** if **multiple** is **False**, **None** if the configuration option is unset * **list** if **multiple** is **True** * the **default** if it was set and the value was either undefined or our lookup failed :raises: * :class:`stem.ControllerError` if the call fails and we weren't provided a default response * :class:`stem.InvalidArguments` if the configuration option requested was invalid """ start_time = time.time() reply = {} if stem.util._is_str(params): params = [params] # remove strings which contain only whitespace params = [entry for entry in params if entry.strip()] if params == []: return {} # translate context sensitive options lookup_params = set([MAPPED_CONFIG_KEYS.get(entry, entry) for entry in params]) # check for cached results from_cache = [param.lower() for param in lookup_params] cached_results = self._get_cache_map(from_cache, 'getconf') for key in cached_results: user_expected_key = _case_insensitive_lookup(lookup_params, key) reply[user_expected_key] = cached_results[key] lookup_params.remove(user_expected_key) # if everything was cached then short circuit making the query if not lookup_params: if LOG_CACHE_FETCHES: log.trace('GETCONF %s (cache fetch)' % ' '.join(reply.keys())) return self._get_conf_dict_to_response(reply, default, multiple) try: response = self.msg('GETCONF %s' % ' '.join(lookup_params)) stem.response.convert('GETCONF', response) reply.update(response.entries) if self.is_caching_enabled(): to_cache = dict((k.lower(), v) for k, v in response.entries.items()) self._set_cache(to_cache, 'getconf') # Maps the entries back to the parameters that the user requested so the # capitalization matches (ie, if they request "exitpolicy" then that # should be the key rather than "ExitPolicy"). When the same # configuration key is provided multiple times this determines the case # based on the first and ignores the rest. # # This retains the tor provided camel casing of MAPPED_CONFIG_KEYS # entries since the user didn't request those by their key, so we can't # be sure what they wanted. for key in list(reply): if not key.lower() in MAPPED_CONFIG_KEYS.values(): user_expected_key = _case_insensitive_lookup(params, key, key) if key != user_expected_key: reply[user_expected_key] = reply[key] del reply[key] log.debug('GETCONF %s (runtime: %0.4f)' % (' '.join(lookup_params), time.time() - start_time)) return self._get_conf_dict_to_response(reply, default, multiple) except stem.ControllerError as exc: log.debug('GETCONF %s (failed: %s)' % (' '.join(lookup_params), exc)) if default != UNDEFINED: return dict((param, default) for param in params) else: raise def _get_conf_dict_to_response(self, config_dict, default, multiple): """ Translates a dictionary of 'config key => [value1, value2...]' into the return value of :func:`~stem.control.Controller.get_conf_map`, taking into account what the caller requested. """ return_dict = {} for key, values in list(config_dict.items()): if values == []: # config option was unset if default != UNDEFINED: return_dict[key] = default else: return_dict[key] = [] if multiple else None else: return_dict[key] = values if multiple else values[0] return return_dict @with_default() def is_set(self, param, default = UNDEFINED): """ is_set(param, default = UNDEFINED) Checks if a configuration option differs from its default or not. .. versionadded:: 1.5.0 :param str param: configuration option to check :param object default: response if the query fails :returns: **True** if option differs from its default and **False** otherwise :raises: :class:`stem.ControllerError` if the call fails and we weren't provided a default response """ return param in self._get_custom_options() def _get_custom_options(self): result = self._get_cache('get_custom_options') if not result: config_lines = self.get_info('config-text').splitlines() # Tor provides some config options even if they haven't been set... # # https://trac.torproject.org/projects/tor/ticket/2362 # https://trac.torproject.org/projects/tor/ticket/17909 default_lines = ( 'Log notice stdout', 'Log notice file /var/log/tor/log', 'DataDirectory /home/%s/.tor' % self.get_user('undefined'), 'HiddenServiceStatistics 0', ) for line in default_lines: if line in config_lines: config_lines.remove(line) result = dict([line.split(' ', 1) for line in config_lines]) self._set_cache({'get_custom_options': result}) return result def set_conf(self, param, value): """ Changes the value of a tor configuration option. Our value can be any of the following... * a string to set a single value * a list of strings to set a series of values (for instance the ExitPolicy) * None to either set the value to 0/NULL :param str param: configuration option to be set :param str,list value: value to set the parameter to :raises: * :class:`stem.ControllerError` if the call fails * :class:`stem.InvalidArguments` if configuration options requested was invalid * :class:`stem.InvalidRequest` if the configuration setting is impossible or if there's a syntax error in the configuration values """ self.set_options({param: value}, False) def reset_conf(self, *params): """ Reverts one or more parameters to their default values. :param str params: configuration option to be reset :raises: * :class:`stem.ControllerError` if the call fails * :class:`stem.InvalidArguments` if configuration options requested was invalid * :class:`stem.InvalidRequest` if the configuration setting is impossible or if there's a syntax error in the configuration values """ self.set_options(dict([(entry, None) for entry in params]), True) def set_options(self, params, reset = False): """ Changes multiple tor configuration options via either a SETCONF or RESETCONF query. Both behave identically unless our value is None, in which case SETCONF sets the value to 0 or NULL, and RESETCONF returns it to its default value. This accepts str, list, or None values in a similar fashion to :func:`~stem.control.Controller.set_conf`. For example... :: my_controller.set_options({ 'Nickname': 'caerSidi', 'ExitPolicy': ['accept *:80', 'accept *:443', 'reject *:*'], 'ContactInfo': 'caerSidi-exit@someplace.com', 'Log': None, }) The params can optionally be a list of key/value tuples, though the only reason this type of argument would be useful is for hidden service configuration (those options are order dependent). :param dict,list params: mapping of configuration options to the values we're setting it to :param bool reset: issues a RESETCONF, returning **None** values to their defaults if **True** :raises: * :class:`stem.ControllerError` if the call fails * :class:`stem.InvalidArguments` if configuration options requested was invalid * :class:`stem.InvalidRequest` if the configuration setting is impossible or if there's a syntax error in the configuration values """ start_time = time.time() # constructs the SETCONF or RESETCONF query query_comp = ['RESETCONF' if reset else 'SETCONF'] if isinstance(params, dict): params = list(params.items()) for param, value in params: if isinstance(value, str): query_comp.append('%s="%s"' % (param, value.strip())) elif isinstance(value, collections.Iterable): query_comp.extend(['%s="%s"' % (param, val.strip()) for val in value]) elif not value: query_comp.append(param) else: raise ValueError('Cannot set %s to %s since the value was a %s but we only accept strings' % (param, value, type(value).__name__)) query = ' '.join(query_comp) response = self.msg(query) stem.response.convert('SINGLELINE', response) if response.is_ok(): log.debug('%s (runtime: %0.4f)' % (query, time.time() - start_time)) if self.is_caching_enabled(): # clear cache for params; the CONF_CHANGED event will set cache for changes to_cache = dict((k.lower(), None) for k, v in params) self._set_cache(to_cache, 'getconf') self._confchanged_cache_invalidation(dict(params)) else: log.debug('%s (failed, code: %s, message: %s)' % (query, response.code, response.message)) immutable_params = [k for k, v in params if stem.util.str_tools._to_unicode(k).lower() in IMMUTABLE_CONFIG_OPTIONS] if immutable_params: raise stem.InvalidArguments(message = "%s cannot be changed while tor's running" % ', '.join(sorted(immutable_params)), arguments = immutable_params) if response.code == '552': if response.message.startswith("Unrecognized option: Unknown option '"): key = response.message[37:response.message.find("'", 37)] raise stem.InvalidArguments(response.code, response.message, [key]) raise stem.InvalidRequest(response.code, response.message) elif response.code in ('513', '553'): raise stem.InvalidRequest(response.code, response.message) else: raise stem.ProtocolError('Returned unexpected status code: %s' % response.code) @with_default() def get_hidden_service_conf(self, default = UNDEFINED): """ get_hidden_service_conf(default = UNDEFINED) This provides a mapping of hidden service directories to their attribute's key/value pairs. All hidden services are assured to have a 'HiddenServicePort', but other entries may or may not exist. :: { "/var/lib/tor/hidden_service_empty/": { "HiddenServicePort": [ ] }, "/var/lib/tor/hidden_service_with_two_ports/": { "HiddenServiceAuthorizeClient": "stealth a, b", "HiddenServicePort": [ (8020, "127.0.0.1", 8020), # the ports order is kept (8021, "127.0.0.1", 8021) ], "HiddenServiceVersion": "2" }, } .. versionadded:: 1.3.0 :param object default: response if the query fails :returns: **dict** with the hidden service configuration :raises: :class:`stem.ControllerError` if the call fails and we weren't provided a default response """ service_dir_map = self._get_cache('hidden_service_conf') if service_dir_map is not None: if LOG_CACHE_FETCHES: log.trace('GETCONF HiddenServiceOptions (cache fetch)') return service_dir_map start_time = time.time() try: response = self.msg('GETCONF HiddenServiceOptions') stem.response.convert('GETCONF', response) log.debug('GETCONF HiddenServiceOptions (runtime: %0.4f)' % (time.time() - start_time)) except stem.ControllerError as exc: log.debug('GETCONF HiddenServiceOptions (failed: %s)' % exc) raise service_dir_map = OrderedDict() directory = None for status_code, divider, content in response.content(): if content == 'HiddenServiceOptions': continue if '=' not in content: continue k, v = content.split('=', 1) if k == 'HiddenServiceDir': directory = v service_dir_map[directory] = {'HiddenServicePort': []} elif k == 'HiddenServicePort': port = target_port = v target_address = '127.0.0.1' if not v.isdigit(): port, target = v.split() if target.isdigit(): target_port = target else: target_address, target_port = target.rsplit(':', 1) if not stem.util.connection.is_valid_port(port): raise stem.ProtocolError('GETCONF provided an invalid HiddenServicePort port (%s): %s' % (port, content)) elif not stem.util.connection.is_valid_ipv4_address(target_address): raise stem.ProtocolError('GETCONF provided an invalid HiddenServicePort target address (%s): %s' % (target_address, content)) elif not stem.util.connection.is_valid_port(target_port): raise stem.ProtocolError('GETCONF provided an invalid HiddenServicePort target port (%s): %s' % (target_port, content)) service_dir_map[directory]['HiddenServicePort'].append((int(port), target_address, int(target_port))) else: service_dir_map[directory][k] = v self._set_cache({'hidden_service_conf': service_dir_map}) return service_dir_map def set_hidden_service_conf(self, conf): """ Update all the configured hidden services from a dictionary having the same format as :func:`~stem.control.Controller.get_hidden_service_conf`. For convenience the HiddenServicePort entries can be an integer, string, or tuple. If an **int** then we treat it as just a port. If a **str** we pass that directly as the HiddenServicePort. And finally, if a **tuple** then it's expected to be the **(port, target_address, target_port)** as provided by :func:`~stem.control.Controller.get_hidden_service_conf`. This is to say the following three are equivalent... :: "HiddenServicePort": [ 80, '80 127.0.0.1:80', (80, '127.0.0.1', 80), ] .. versionadded:: 1.3.0 :param dict conf: configuration dictionary :raises: * :class:`stem.ControllerError` if the call fails * :class:`stem.InvalidArguments` if configuration options requested was invalid * :class:`stem.InvalidRequest` if the configuration setting is impossible or if there's a syntax error in the configuration values """ # If we're not adding or updating any hidden services then call RESETCONF # so we drop existing values. Otherwise calling SETCONF is a no-op. if not conf: self.reset_conf('HiddenServiceDir') return # Convert conf dictionary into a list of ordered config tuples hidden_service_options = [] for directory in conf: hidden_service_options.append(('HiddenServiceDir', directory)) for k, v in list(conf[directory].items()): if k == 'HiddenServicePort': for entry in v: if isinstance(entry, int): entry = '%s 127.0.0.1:%s' % (entry, entry) elif isinstance(entry, str): pass # just pass along what the user gave us elif isinstance(entry, tuple): port, target_address, target_port = entry entry = '%s %s:%s' % (port, target_address, target_port) hidden_service_options.append(('HiddenServicePort', entry)) else: hidden_service_options.append((k, str(v))) self.set_options(hidden_service_options) def create_hidden_service(self, path, port, target_address = None, target_port = None, auth_type = None, client_names = None): """ Create a new hidden service. If the directory is already present, a new port is added. Our *.onion address is fetched by reading the hidden service directory. However, this directory is only readable by the tor user, so if unavailable the **hostname** will be **None**. **As of Tor 0.2.7.1 there's two ways for creating hidden services, and this method is no longer recommended.** Rather, try using :func:`~stem.control.Controller.create_ephemeral_hidden_service` instead. .. versionadded:: 1.3.0 .. versionchanged:: 1.4.0 Added the auth_type and client_names arguments. :param str path: path for the hidden service's data directory :param int port: hidden service port :param str target_address: address of the service, by default 127.0.0.1 :param int target_port: port of the service, by default this is the same as **port** :param str auth_type: authentication type: basic, stealth or None to disable auth :param list client_names: client names (1-16 characters "A-Za-z0-9+-_") :returns: :class:`~stem.cotroller.CreateHiddenServiceOutput` if we create or update a hidden service, **None** otherwise :raises: :class:`stem.ControllerError` if the call fails """ if not stem.util.connection.is_valid_port(port): raise ValueError("%s isn't a valid port number" % port) elif target_address and not stem.util.connection.is_valid_ipv4_address(target_address): raise ValueError("%s isn't a valid IPv4 address" % target_address) elif target_port is not None and not stem.util.connection.is_valid_port(target_port): raise ValueError("%s isn't a valid port number" % target_port) elif auth_type not in (None, 'basic', 'stealth'): raise ValueError("%s isn't a recognized type of authentication" % auth_type) port = int(port) target_address = target_address if target_address else '127.0.0.1' target_port = port if target_port is None else int(target_port) conf = self.get_hidden_service_conf() if path in conf and (port, target_address, target_port) in conf[path]['HiddenServicePort']: return None conf.setdefault(path, OrderedDict()).setdefault('HiddenServicePort', []).append((port, target_address, target_port)) if auth_type and client_names: hsac = "%s %s" % (auth_type, ','.join(client_names)) conf[path]['HiddenServiceAuthorizeClient'] = hsac # Tor 0.3.5 changes its default for HS creation from v2 to v3. This is # fine, but there's a couple options that are incompatible with v3. If # creating a service with one of those we should explicitly create a v2 # service instead. # # https://trac.torproject.org/projects/tor/ticket/27446 for path in conf: if 'HiddenServiceAuthorizeClient' in conf[path] or 'RendPostPeriod' in conf[path]: conf[path]['HiddenServiceVersion'] = '2' self.set_hidden_service_conf(conf) hostname, hostname_for_client = None, {} if self.is_localhost(): hostname_path = os.path.join(path, 'hostname') if not os.path.isabs(hostname_path): cwd = stem.util.system.cwd(self.get_pid(None)) if cwd: hostname_path = stem.util.system.expand_path(hostname_path, cwd) if os.path.isabs(hostname_path): start_time = time.time() while not os.path.exists(hostname_path): wait_time = time.time() - start_time if wait_time >= 3: break else: time.sleep(0.05) try: with open(hostname_path) as hostname_file: hostname = hostname_file.read().strip() if client_names and '\n' in hostname: # When there's multiple clients this looks like... # # ndisjxzkgcdhrwqf.onion sjUwjTSPznqWLdOPuwRUzg # client: c1 # ndisjxzkgcdhrwqf.onion sUu92axuL5bKnA76s2KRfw # client: c2 for line in hostname.splitlines(): if ' # client: ' in line: address = line.split()[0] client = line.split(' # client: ', 1)[1] if len(address) == 22 and address.endswith('.onion'): hostname_for_client[client] = address except: pass return CreateHiddenServiceOutput( path = path, hostname = hostname, hostname_for_client = hostname_for_client, config = conf, ) def remove_hidden_service(self, path, port = None): """ Discontinues a given hidden service. .. versionadded:: 1.3.0 :param str path: path for the hidden service's data directory :param int port: hidden service port :returns: **True** if the hidden service is discontinued, **False** if it wasn't running in the first place :raises: :class:`stem.ControllerError` if the call fails """ if port and not stem.util.connection.is_valid_port(port): raise ValueError("%s isn't a valid port number" % port) port = int(port) if port else None conf = self.get_hidden_service_conf() if path not in conf: return False if not port: del conf[path] else: to_remove = [entry for entry in conf[path]['HiddenServicePort'] if entry[0] == port] if not to_remove: return False for entry in to_remove: conf[path]['HiddenServicePort'].remove(entry) if not conf[path]['HiddenServicePort']: del conf[path] # no ports left self.set_hidden_service_conf(conf) return True @with_default() def list_ephemeral_hidden_services(self, default = UNDEFINED, our_services = True, detached = False): """ list_ephemeral_hidden_services(default = UNDEFINED, our_services = True, detached = False) Lists hidden service addresses created by :func:`~stem.control.Controller.create_ephemeral_hidden_service`. .. versionadded:: 1.4.0 .. versionchanged:: 1.6.0 Tor change caused this to start providing empty strings if unset (:trac:`21329`). :param object default: response if the query fails :param bool our_services: include services created with this controller that weren't flagged as 'detached' :param bool detached: include services whos contiuation isn't tied to a controller :returns: **list** of hidden service addresses without their '.onion' suffix :raises: :class:`stem.ControllerError` if the call fails and we weren't provided a default response """ if self.get_version() < stem.version.Requirement.ADD_ONION: raise stem.UnsatisfiableRequest(message = 'Ephemeral hidden services were added in tor version %s' % stem.version.Requirement.ADD_ONION) result = [] if our_services: try: result += self.get_info('onions/current').split('\n') except stem.ProtocolError as exc: # TODO: Tor's behavior around this was changed in Feb 2017, we should # drop it when all versions that did this are deprecated... # # https://trac.torproject.org/projects/tor/ticket/21329 if 'No onion services of the specified type.' not in str(exc): raise if detached: try: result += self.get_info('onions/detached').split('\n') except stem.ProtocolError as exc: if 'No onion services of the specified type.' not in str(exc): raise return [r for r in result if r] # drop any empty responses (GETINFO is blank if unset) def create_ephemeral_hidden_service(self, ports, key_type = 'NEW', key_content = 'BEST', discard_key = False, detached = False, await_publication = False, timeout = None, basic_auth = None, max_streams = None): """ Creates a new hidden service. Unlike :func:`~stem.control.Controller.create_hidden_service` this style of hidden service doesn't touch disk, carrying with it a lot of advantages. This is the suggested method for making hidden services. Our **ports** argument can be a single port... :: create_ephemeral_hidden_service(80) ... list of ports the service is available on... :: create_ephemeral_hidden_service([80, 443]) ... or a mapping of hidden service ports to their targets... :: create_ephemeral_hidden_service({80: 80, 443: '173.194.33.133:443'}) If **basic_auth** is provided this service will require basic authentication to access. This means users must set HidServAuth in their torrc with credentials to access it. **basic_auth** is a mapping of usernames to their credentials. If the credential is **None** one is generated and returned as part of the response. For instance, only bob can access using the given newly generated credentials... :: >>> response = controller.create_ephemeral_hidden_service(80, basic_auth = {'bob': None}) >>> print(response.client_auth) {'bob': 'nKwfvVPmTNr2k2pG0pzV4g'} ... while both alice and bob can access with existing credentials in the following... :: controller.create_ephemeral_hidden_service(80, basic_auth = { 'alice': 'l4BT016McqV2Oail+Bwe6w', 'bob': 'vGnNRpWYiMBFTWD2gbBlcA', }) To create a **version 3** service simply specify **ED25519-V3** as the our key type, and to create a **version 2** service use **RSA1024**. The default version of newly created hidden services is based on the **HiddenServiceVersion** value in your torrc... :: response = controller.create_ephemeral_hidden_service( 80, key_content = 'ED25519-V3', await_publication = True, ) print('service established at %s.onion' % response.service_id) .. versionadded:: 1.4.0 .. versionchanged:: 1.5.0 Added the basic_auth argument. .. versionchanged:: 1.5.0 Added support for non-anonymous services. To do so set 'HiddenServiceSingleHopMode 1' and 'HiddenServiceNonAnonymousMode 1' in your torrc. .. versionchanged:: 1.7.0 Added the timeout and max_streams arguments. :param int,list,dict ports: hidden service port(s) or mapping of hidden service ports to their targets :param str key_type: type of key being provided, generates a new key if 'NEW' (options are: **NEW**, **RSA1024**, and **ED25519-V3**) :param str key_content: key for the service to use or type of key to be generated (options when **key_type** is **NEW** are **BEST**, **RSA1024**, and **ED25519-V3**) :param bool discard_key: avoid providing the key back in our response :param bool detached: continue this hidden service even after this control connection is closed if **True** :param bool await_publication: blocks until our descriptor is successfully published if **True** :param float timeout: seconds to wait when **await_result** is **True** :param dict basic_auth: required user credentials to access this service :param int max_streams: maximum number of streams the hidden service will accept, unlimited if zero or not set :returns: :class:`~stem.response.add_onion.AddOnionResponse` with the response :raises: * :class:`stem.ControllerError` if the call fails * :class:`stem.Timeout` if **timeout** was reached """ if self.get_version() < stem.version.Requirement.ADD_ONION: raise stem.UnsatisfiableRequest(message = 'Ephemeral hidden services were added in tor version %s' % stem.version.Requirement.ADD_ONION) hs_desc_queue, hs_desc_listener = queue.Queue(), None start_time = time.time() if await_publication: def hs_desc_listener(event): hs_desc_queue.put(event) self.add_event_listener(hs_desc_listener, EventType.HS_DESC) request = 'ADD_ONION %s:%s' % (key_type, key_content) flags = [] if discard_key: flags.append('DiscardPK') if detached: flags.append('Detach') if basic_auth is not None: if self.get_version() < stem.version.Requirement.ADD_ONION_BASIC_AUTH: raise stem.UnsatisfiableRequest(message = 'Basic authentication support was added to ADD_ONION in tor version %s' % stem.version.Requirement.ADD_ONION_BASIC_AUTH) flags.append('BasicAuth') if max_streams is not None: if self.get_version() < stem.version.Requirement.ADD_ONION_MAX_STREAMS: raise stem.UnsatisfiableRequest(message = 'Limitation of the maximum number of streams to accept was added to ADD_ONION in tor version %s' % stem.version.Requirement.ADD_ONION_MAX_STREAMS) flags.append('MaxStreamsCloseCircuit') if self.get_version() >= stem.version.Requirement.ADD_ONION_NON_ANONYMOUS: if self.get_conf('HiddenServiceSingleHopMode', None) == '1' and self.get_conf('HiddenServiceNonAnonymousMode', None) == '1': flags.append('NonAnonymous') if flags: request += ' Flags=%s' % ','.join(flags) if max_streams is not None: request += ' MaxStreams=%s' % max_streams if isinstance(ports, int): request += ' Port=%s' % ports elif isinstance(ports, list): for port in ports: request += ' Port=%s' % port elif isinstance(ports, dict): for port, target in ports.items(): request += ' Port=%s,%s' % (port, target) else: raise ValueError("The 'ports' argument of create_ephemeral_hidden_service() needs to be an int, list, or dict") if basic_auth is not None: for client_name, client_blob in basic_auth.items(): if client_blob: request += ' ClientAuth=%s:%s' % (client_name, client_blob) else: request += ' ClientAuth=%s' % client_name response = self.msg(request) stem.response.convert('ADD_ONION', response) if await_publication: # We should receive five UPLOAD events, followed by up to another five # UPLOADED to indicate they've finished. Presently tor seems to have an # issue where the address is provided for UPLOAD but not UPLOADED so need # to just guess that if it's for the same hidden service authority then # it's what we're looking for. directories_uploaded_to, failures = [], [] try: while True: event = _get_with_timeout(hs_desc_queue, timeout, start_time) if event.action == stem.HSDescAction.UPLOAD and event.address == response.service_id: directories_uploaded_to.append(event.directory_fingerprint) elif event.action == stem.HSDescAction.UPLOADED and event.directory_fingerprint in directories_uploaded_to: break # successfully uploaded to a HS authority... maybe elif event.action == stem.HSDescAction.FAILED and event.directory_fingerprint in directories_uploaded_to: failures.append('%s (%s)' % (event.directory_fingerprint, event.reason)) if len(directories_uploaded_to) == len(failures): raise stem.OperationFailed(message = 'Failed to upload our hidden service descriptor to %s' % ', '.join(failures)) finally: self.remove_event_listener(hs_desc_listener) return response def remove_ephemeral_hidden_service(self, service_id): """ Discontinues a given hidden service that was created with :func:`~stem.control.Controller.create_ephemeral_hidden_service`. .. versionadded:: 1.4.0 :param str service_id: hidden service address without the '.onion' suffix :returns: **True** if the hidden service is discontinued, **False** if it wasn't running in the first place :raises: :class:`stem.ControllerError` if the call fails """ if self.get_version() < stem.version.Requirement.ADD_ONION: raise stem.UnsatisfiableRequest(message = 'Ephemeral hidden services were added in tor version %s' % stem.version.Requirement.ADD_ONION) response = self.msg('DEL_ONION %s' % service_id) stem.response.convert('SINGLELINE', response) if response.is_ok(): return True elif response.code == '552': return False # no hidden service to discontinue else: raise stem.ProtocolError('DEL_ONION returned unexpected response code: %s' % response.code) def add_event_listener(self, listener, *events): """ Directs further tor controller events to a given function. The function is expected to take a single argument, which is a :class:`~stem.response.events.Event` subclass. For instance the following would print the bytes sent and received by tor over five seconds... :: import time from stem.control import Controller, EventType def print_bw(event): print('sent: %i, received: %i' % (event.written, event.read)) with Controller.from_port(port = 9051) as controller: controller.authenticate() controller.add_event_listener(print_bw, EventType.BW) time.sleep(5) If a new control connection is initialized then this listener will be reattached. If tor emits a malformed event it can be received by listening for the stem.control.MALFORMED_EVENTS constant. .. versionchanged:: 1.7.0 Listener exceptions and malformed events no longer break further event processing. Added the **MALFORMED_EVENTS** constant. :param functor listener: function to be called when an event is received :param stem.control.EventType events: event types to be listened for :raises: :class:`stem.ProtocolError` if unable to set the events """ # first checking that tor supports these event types with self._event_listeners_lock: if self.is_authenticated(): for event_type in events: event_type = stem.response.events.EVENT_TYPE_TO_CLASS.get(event_type) if event_type and (self.get_version() < event_type._VERSION_ADDED): raise stem.InvalidRequest(552, '%s event requires Tor version %s or later' % (event_type, event_type._VERSION_ADDED)) for event_type in events: self._event_listeners.setdefault(event_type, []).append(listener) failed_events = self._attach_listeners()[1] # restricted the failures to just things we requested failed_events = set(failed_events).intersection(set(events)) if failed_events: raise stem.ProtocolError('SETEVENTS rejected %s' % ', '.join(failed_events)) def remove_event_listener(self, listener): """ Stops a listener from being notified of further tor events. :param stem.control.EventListener listener: listener to be removed :raises: :class:`stem.ProtocolError` if unable to set the events """ with self._event_listeners_lock: event_types_changed = False for event_type, event_listeners in list(self._event_listeners.items()): if listener in event_listeners: event_listeners.remove(listener) if len(event_listeners) == 0: event_types_changed = True del self._event_listeners[event_type] if event_types_changed: response = self.msg('SETEVENTS %s' % ' '.join(self._event_listeners.keys())) if not response.is_ok(): raise stem.ProtocolError('SETEVENTS received unexpected response\n%s' % response) def _get_cache(self, param, namespace = None): """ Queries our request cache for the given key. :param str param: key to be queried :param str namespace: namespace in which to check for the key :returns: cached value corresponding to key or **None** if the key wasn't found """ with self._cache_lock: if not self.is_caching_enabled(): return None cache_key = '%s.%s' % (namespace, param) if namespace else param return self._request_cache.get(cache_key, None) def _get_cache_map(self, params, namespace = None): """ Queries our request cache for multiple entries. :param list params: keys to be queried :param str namespace: namespace in which to check for the keys :returns: **dict** of 'param => cached value' pairs of keys present in cache """ with self._cache_lock: cached_values = {} if self.is_caching_enabled(): for param in params: cache_key = '%s.%s' % (namespace, param) if namespace else param if cache_key in self._request_cache: cached_values[param] = self._request_cache[cache_key] return cached_values def _set_cache(self, params, namespace = None): """ Sets the given request cache entries. If the new cache value is **None** then it is removed from our cache. :param dict params: **dict** of 'cache_key => value' pairs to be cached :param str namespace: namespace for the keys """ with self._cache_lock: if not self.is_caching_enabled(): return # if params is None then clear the namespace if params is None and namespace: for cache_key in list(self._request_cache.keys()): if cache_key.startswith('%s.' % namespace): del self._request_cache[cache_key] return # remove uncacheable items if namespace == 'getconf': # shallow copy before edit so as not to change it for the caller params = params.copy() for key in UNCACHEABLE_GETCONF_PARAMS: if key in params: del params[key] for key, value in list(params.items()): if namespace: cache_key = '%s.%s' % (namespace, key) else: cache_key = key if value is None: if cache_key in list(self._request_cache.keys()): del self._request_cache[cache_key] else: self._request_cache[cache_key] = value def _confchanged_cache_invalidation(self, params): """ Drops dependent portions of the cache when configuration changes. :param dict params: **dict** of 'config_key => value' pairs for configs that changed. The entries' values are currently unused. """ with self._cache_lock: if not self.is_caching_enabled(): return if any('hidden' in param.lower() for param in params.keys()): self._set_cache({'hidden_service_conf': None}) # reset any getinfo parameters that can be changed by a SETCONF self._set_cache(dict([(k.lower(), None) for k in CACHEABLE_GETINFO_PARAMS_UNTIL_SETCONF]), 'getinfo') self._set_cache(None, 'listeners') self._set_cache({'get_custom_options': None}) self._set_cache({'exit_policy': None}) # numerous options can change our policy def is_caching_enabled(self): """ **True** if caching has been enabled, **False** otherwise. :returns: bool to indicate if caching is enabled """ return self._is_caching_enabled def set_caching(self, enabled): """ Enables or disables caching of information retrieved from tor. :param bool enabled: **True** to enable caching, **False** to disable it """ self._is_caching_enabled = enabled if not self._is_caching_enabled: self.clear_cache() def clear_cache(self): """ Drops any cached results. """ with self._cache_lock: self._request_cache = {} self._last_newnym = 0.0 self._is_geoip_unavailable = None def load_conf(self, configtext): """ Sends the configuration text to Tor and loads it as if it has been read from the torrc. :param str configtext: the configuration text :raises: :class:`stem.ControllerError` if the call fails """ response = self.msg('LOADCONF\n%s' % configtext) stem.response.convert('SINGLELINE', response) if response.code in ('552', '553'): if response.code == '552' and response.message.startswith('Invalid config file: Failed to parse/validate config: Unknown option'): raise stem.InvalidArguments(response.code, response.message, [response.message[70:response.message.find('.', 70) - 1]]) raise stem.InvalidRequest(response.code, response.message) elif not response.is_ok(): raise stem.ProtocolError('+LOADCONF Received unexpected response\n%s' % str(response)) def save_conf(self, force = False): """ Saves the current configuration options into the active torrc file. .. versionchanged:: 1.6.0 Added the force argument. :param bool force: overwrite the configuration even if it includes a '%include' clause, this is ignored if tor doesn't support it :raises: * :class:`stem.ControllerError` if the call fails * :class:`stem.OperationFailed` if the client is unable to save the configuration file """ if self.get_version() < stem.version.Requirement.SAVECONF_FORCE: force = False response = self.msg('SAVECONF FORCE' if force else 'SAVECONF') stem.response.convert('SINGLELINE', response) if response.is_ok(): return True elif response.code == '551': raise stem.OperationFailed(response.code, response.message) else: raise stem.ProtocolError('SAVECONF returned unexpected response code') def is_feature_enabled(self, feature): """ Checks if a control connection feature is enabled. These features can be enabled using :func:`~stem.control.Controller.enable_feature`. :param str feature: feature to be checked :returns: **True** if feature is enabled, **False** otherwise """ feature = feature.upper() if feature in self._enabled_features: return True else: # check if this feature is on by default defaulted_version = None if feature == 'EXTENDED_EVENTS': defaulted_version = stem.version.Requirement.FEATURE_EXTENDED_EVENTS elif feature == 'VERBOSE_NAMES': defaulted_version = stem.version.Requirement.FEATURE_VERBOSE_NAMES if defaulted_version: our_version = self.get_version(None) if our_version and our_version >= defaulted_version: self._enabled_features.append(feature) return feature in self._enabled_features def enable_feature(self, features): """ Enables features that are disabled by default to maintain backward compatibility. Once enabled, a feature cannot be disabled and a new control connection must be opened to get a connection with the feature disabled. Feature names are case-insensitive. The following features are currently accepted: * EXTENDED_EVENTS - Requests the extended event syntax * VERBOSE_NAMES - Replaces ServerID with LongName in events and GETINFO results :param str,list features: a single feature or a list of features to be enabled :raises: * :class:`stem.ControllerError` if the call fails * :class:`stem.InvalidArguments` if features passed were invalid """ if stem.util._is_str(features): features = [features] response = self.msg('USEFEATURE %s' % ' '.join(features)) stem.response.convert('SINGLELINE', response) if not response.is_ok(): if response.code == '552': invalid_feature = [] if response.message.startswith('Unrecognized feature "'): invalid_feature = [response.message[22:response.message.find('"', 22)]] raise stem.InvalidArguments(response.code, response.message, invalid_feature) raise stem.ProtocolError('USEFEATURE provided an invalid response code: %s' % response.code) self._enabled_features += [entry.upper() for entry in features] @with_default() def get_circuit(self, circuit_id, default = UNDEFINED): """ get_circuit(circuit_id, default = UNDEFINED) Provides a circuit currently available from tor. :param int circuit_id: circuit to be fetched :param object default: response if the query fails :returns: :class:`stem.response.events.CircuitEvent` for the given circuit :raises: * :class:`stem.ControllerError` if the call fails * **ValueError** if the circuit doesn't exist An exception is only raised if we weren't provided a default response. """ for circ in self.get_circuits(): if circ.id == circuit_id: return circ raise ValueError("Tor currently does not have a circuit with the id of '%s'" % circuit_id) @with_default() def get_circuits(self, default = UNDEFINED): """ get_circuits(default = UNDEFINED) Provides tor's currently available circuits. :param object default: response if the query fails :returns: **list** of :class:`stem.response.events.CircuitEvent` for our circuits :raises: :class:`stem.ControllerError` if the call fails and no default was provided """ circuits = [] response = self.get_info('circuit-status') for circ in response.splitlines(): circ_message = stem.socket.recv_message(io.BytesIO(stem.util.str_tools._to_bytes('650 CIRC %s\r\n' % circ))) stem.response.convert('EVENT', circ_message, arrived_at = 0) circuits.append(circ_message) return circuits def new_circuit(self, path = None, purpose = 'general', await_build = False, timeout = None): """ Requests a new circuit. If the path isn't provided, one is automatically selected. .. versionchanged:: 1.7.0 Added the timeout argument. :param list,str path: one or more relays to make a circuit through :param str purpose: 'general' or 'controller' :param bool await_build: blocks until the circuit is built if **True** :param float timeout: seconds to wait when **await_build** is **True** :returns: str of the circuit id of the newly created circuit :raises: * :class:`stem.ControllerError` if the call fails * :class:`stem.Timeout` if **timeout** was reached """ return self.extend_circuit('0', path, purpose, await_build, timeout) def extend_circuit(self, circuit_id = '0', path = None, purpose = 'general', await_build = False, timeout = None): """ Either requests the creation of a new circuit or extends an existing one. When called with a circuit value of zero (the default) a new circuit is created, and when non-zero the circuit with that id is extended. If the path isn't provided, one is automatically selected. A python interpreter session used to create circuits could look like this... :: >>> controller.extend_circuit('0', ['718BCEA286B531757ACAFF93AE04910EA73DE617', '30BAB8EE7606CBD12F3CC269AE976E0153E7A58D', '2765D8A8C4BBA3F89585A9FFE0E8575615880BEB']) 19 >>> controller.extend_circuit('0') 20 >>> print(controller.get_info('circuit-status')) 20 EXTENDED $718BCEA286B531757ACAFF93AE04910EA73DE617=KsmoinOK,$649F2D0ACF418F7CFC6539AB2257EB2D5297BAFA=Eskimo BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2012-12-06T13:51:11.433755 19 BUILT $718BCEA286B531757ACAFF93AE04910EA73DE617=KsmoinOK,$30BAB8EE7606CBD12F3CC269AE976E0153E7A58D=Pascal1,$2765D8A8C4BBA3F89585A9FFE0E8575615880BEB=Anthracite PURPOSE=GENERAL TIME_CREATED=2012-12-06T13:50:56.969938 .. versionchanged:: 1.7.0 Added the timeout argument. :param str circuit_id: id of a circuit to be extended :param list,str path: one or more relays to make a circuit through, this is required if the circuit id is non-zero :param str purpose: 'general' or 'controller' :param bool await_build: blocks until the circuit is built if **True** :param float timeout: seconds to wait when **await_build** is **True** :returns: str of the circuit id of the created or extended circuit :raises: * :class:`stem.InvalidRequest` if one of the parameters were invalid * :class:`stem.CircuitExtensionFailed` if we were waiting for the circuit to build but it failed * :class:`stem.Timeout` if **timeout** was reached * :class:`stem.ControllerError` if the call fails """ # Attaches a temporary listener for CIRC events if we'll be waiting for it # to build. This is icky, but we can't reliably do this via polling since # we then can't get the failure if it can't be created. circ_queue, circ_listener = queue.Queue(), None start_time = time.time() if await_build: def circ_listener(event): circ_queue.put(event) self.add_event_listener(circ_listener, EventType.CIRC) try: # we might accidently get integer circuit ids circuit_id = str(circuit_id) if path is None and circuit_id == '0': path_opt_version = stem.version.Requirement.EXTENDCIRCUIT_PATH_OPTIONAL if not self.get_version() >= path_opt_version: raise stem.InvalidRequest(512, 'EXTENDCIRCUIT requires the path prior to version %s' % path_opt_version) args = [circuit_id] if stem.util._is_str(path): path = [path] if path: args.append(','.join(path)) if purpose: args.append('purpose=%s' % purpose) response = self.msg('EXTENDCIRCUIT %s' % ' '.join(args)) stem.response.convert('SINGLELINE', response) if response.code in ('512', '552'): raise stem.InvalidRequest(response.code, response.message) elif not response.is_ok(): raise stem.ProtocolError('EXTENDCIRCUIT returned unexpected response code: %s' % response.code) if not response.message.startswith('EXTENDED '): raise stem.ProtocolError('EXTENDCIRCUIT response invalid:\n%s', response) new_circuit = response.message.split(' ', 1)[1] if await_build: while True: circ = _get_with_timeout(circ_queue, timeout, start_time) if circ.id == new_circuit: if circ.status == CircStatus.BUILT: break elif circ.status == CircStatus.FAILED: raise stem.CircuitExtensionFailed('Circuit failed to be created: %s' % circ.reason, circ) elif circ.status == CircStatus.CLOSED: raise stem.CircuitExtensionFailed('Circuit was closed prior to build', circ) return new_circuit finally: if circ_listener: self.remove_event_listener(circ_listener) def repurpose_circuit(self, circuit_id, purpose): """ Changes a circuit's purpose. Currently, two purposes are recognized... * general * controller :param str circuit_id: id of the circuit whose purpose is to be changed :param str purpose: purpose (either 'general' or 'controller') :raises: :class:`stem.InvalidArguments` if the circuit doesn't exist or if the purpose was invalid """ response = self.msg('SETCIRCUITPURPOSE %s purpose=%s' % (circuit_id, purpose)) stem.response.convert('SINGLELINE', response) if not response.is_ok(): if response.code == '552': raise stem.InvalidRequest(response.code, response.message) else: raise stem.ProtocolError('SETCIRCUITPURPOSE returned unexpected response code: %s' % response.code) def close_circuit(self, circuit_id, flag = ''): """ Closes the specified circuit. :param str circuit_id: id of the circuit to be closed :param str flag: optional value to modify closing, the only flag available is 'IfUnused' which will not close the circuit unless it is unused :raises: :class:`stem.InvalidArguments` if the circuit is unknown :raises: :class:`stem.InvalidRequest` if not enough information is provided """ response = self.msg('CLOSECIRCUIT %s %s' % (circuit_id, flag)) stem.response.convert('SINGLELINE', response) if not response.is_ok(): if response.code in ('512', '552'): if response.message.startswith('Unknown circuit '): raise stem.InvalidArguments(response.code, response.message, [circuit_id]) raise stem.InvalidRequest(response.code, response.message) else: raise stem.ProtocolError('CLOSECIRCUIT returned unexpected response code: %s' % response.code) @with_default() def get_streams(self, default = UNDEFINED): """ get_streams(default = UNDEFINED) Provides the list of streams tor is currently handling. :param object default: response if the query fails :returns: list of :class:`stem.response.events.StreamEvent` objects :raises: :class:`stem.ControllerError` if the call fails and no default was provided """ streams = [] response = self.get_info('stream-status') for stream in response.splitlines(): message = stem.socket.recv_message(io.BytesIO(stem.util.str_tools._to_bytes('650 STREAM %s\r\n' % stream))) stem.response.convert('EVENT', message, arrived_at = 0) streams.append(message) return streams def attach_stream(self, stream_id, circuit_id, exiting_hop = None): """ Attaches a stream to a circuit. Note: Tor attaches streams to circuits automatically unless the __LeaveStreamsUnattached configuration variable is set to '1' :param str stream_id: id of the stream that must be attached :param str circuit_id: id of the circuit to which it must be attached :param int exiting_hop: hop in the circuit where traffic should exit :raises: * :class:`stem.InvalidRequest` if the stream or circuit id were unrecognized * :class:`stem.UnsatisfiableRequest` if the stream isn't in a state where it can be attached * :class:`stem.OperationFailed` if the stream couldn't be attached for any other reason """ query = 'ATTACHSTREAM %s %s' % (stream_id, circuit_id) if exiting_hop: query += ' HOP=%s' % exiting_hop response = self.msg(query) stem.response.convert('SINGLELINE', response) if not response.is_ok(): if response.code == '552': raise stem.InvalidRequest(response.code, response.message) elif response.code == '551': raise stem.OperationFailed(response.code, response.message) elif response.code == '555': raise stem.UnsatisfiableRequest(response.code, response.message) else: raise stem.ProtocolError('ATTACHSTREAM returned unexpected response code: %s' % response.code) def close_stream(self, stream_id, reason = stem.RelayEndReason.MISC, flag = ''): """ Closes the specified stream. :param str stream_id: id of the stream to be closed :param stem.RelayEndReason reason: reason the stream is closing :param str flag: not currently used :raises: * :class:`stem.InvalidArguments` if the stream or reason are not recognized * :class:`stem.InvalidRequest` if the stream and/or reason are missing """ # there's a single value offset between RelayEndReason.index_of() and the # value that tor expects since tor's value starts with the index of one response = self.msg('CLOSESTREAM %s %s %s' % (stream_id, stem.RelayEndReason.index_of(reason) + 1, flag)) stem.response.convert('SINGLELINE', response) if not response.is_ok(): if response.code in ('512', '552'): if response.message.startswith('Unknown stream '): raise stem.InvalidArguments(response.code, response.message, [stream_id]) elif response.message.startswith('Unrecognized reason '): raise stem.InvalidArguments(response.code, response.message, [reason]) raise stem.InvalidRequest(response.code, response.message) else: raise stem.ProtocolError('CLOSESTREAM returned unexpected response code: %s' % response.code) def signal(self, signal): """ Sends a signal to the Tor client. :param stem.Signal signal: type of signal to be sent :raises: * :class:`stem.ControllerError` if sending the signal failed * :class:`stem.InvalidArguments` if signal provided wasn't recognized """ response = self.msg('SIGNAL %s' % signal) stem.response.convert('SINGLELINE', response) if response.is_ok(): if signal == stem.Signal.NEWNYM: self._last_newnym = time.time() else: if response.code == '552': raise stem.InvalidArguments(response.code, response.message, [signal]) raise stem.ProtocolError('SIGNAL response contained unrecognized status code: %s' % response.code) def is_newnym_available(self): """ Indicates if tor would currently accept a NEWNYM signal. This can only account for signals sent via this controller. .. versionadded:: 1.2.0 :returns: **True** if tor would currently accept a NEWNYM signal, **False** otherwise """ if self.is_alive(): return self.get_newnym_wait() == 0.0 else: return False def get_newnym_wait(self): """ Provides the number of seconds until a NEWNYM signal would be respected. This can only account for signals sent via this controller. .. versionadded:: 1.2.0 :returns: **float** for the number of seconds until tor would respect another NEWNYM signal """ return max(0.0, self._last_newnym + 10 - time.time()) @with_default() def get_effective_rate(self, default = UNDEFINED, burst = False): """ get_effective_rate(default = UNDEFINED, burst = False) Provides the maximum rate this relay is configured to relay in bytes per second. This is based on multiple torrc parameters if they're set... * Effective Rate = min(BandwidthRate, RelayBandwidthRate, MaxAdvertisedBandwidth) * Effective Burst = min(BandwidthBurst, RelayBandwidthBurst) .. versionadded:: 1.3.0 :param object default: response if the query fails :param bool burst: provides the burst bandwidth, otherwise this provides the standard rate :returns: **int** with the effective bandwidth rate in bytes per second :raises: :class:`stem.ControllerError` if the call fails and no default was provided """ if not burst: attributes = ('BandwidthRate', 'RelayBandwidthRate', 'MaxAdvertisedBandwidth') else: attributes = ('BandwidthBurst', 'RelayBandwidthBurst') value = None for attr in attributes: attr_value = int(self.get_conf(attr)) if attr_value == 0 and attr.startswith('Relay'): continue # RelayBandwidthRate and RelayBandwidthBurst default to zero value = min(value, attr_value) if value else attr_value return value def is_geoip_unavailable(self): """ Provides **True** if tor's geoip database is unavailable, **False** otherwise. .. versionchanged:: 1.6.0 No longer requires previously failed GETINFO requests to determine this. .. deprecated:: 1.6.0 This is available as of Tor 0.3.2.1 through the following instead... :: controller.get_info('ip-to-country/ipv4-available', 0) == '1' :returns: **bool** indicating if we've determined tor's geoip database to be unavailable or not """ if self._is_geoip_unavailable is None: try: self.get_info('ip-to-country/0.0.0.0') self._is_geoip_unavailable = False except stem.ControllerError as exc: if 'GeoIP data not loaded' in str(exc): self._is_geoip_unavailable = True else: return False # unexpected issue, fail open and don't cache return self._is_geoip_unavailable def map_address(self, mapping): """ Map addresses to replacement addresses. Tor replaces subseqent connections to the original addresses with the replacement addresses. If the original address is a null address, i.e., one of '0.0.0.0', '::0', or '.' Tor picks an original address itself and returns it in the reply. If the original address is already mapped to a different address the mapping is removed. :param dict mapping: mapping of original addresses to replacement addresses :raises: * :class:`stem.InvalidRequest` if the addresses are malformed * :class:`stem.OperationFailed` if Tor couldn't fulfill the request :returns: **dict** with 'original -> replacement' address mappings """ mapaddress_arg = ' '.join(['%s=%s' % (k, v) for (k, v) in list(mapping.items())]) response = self.msg('MAPADDRESS %s' % mapaddress_arg) stem.response.convert('MAPADDRESS', response) return response.entries def drop_guards(self): """ Drops our present guard nodes and picks a new set. .. versionadded:: 1.2.0 :raises: :class:`stem.ControllerError` if Tor couldn't fulfill the request """ if self.get_version() < stem.version.Requirement.DROPGUARDS: raise stem.UnsatisfiableRequest(message = 'DROPGUARDS was added in tor version %s' % stem.version.Requirement.DROPGUARDS) self.msg('DROPGUARDS') def _post_authentication(self): super(Controller, self)._post_authentication() # try to re-attach event listeners to the new instance with self._event_listeners_lock: try: failed_events = self._attach_listeners()[1] if failed_events: # remove our listeners for these so we don't keep failing for event_type in failed_events: del self._event_listeners[event_type] logging_id = 'stem.controller.event_reattach-%s' % '-'.join(failed_events) log.log_once(logging_id, log.WARN, 'We were unable to re-attach our event listeners to the new tor instance for: %s' % ', '.join(failed_events)) except stem.ProtocolError as exc: log.warn('Unable to issue the SETEVENTS request to re-attach our listeners (%s)' % exc) # issue TAKEOWNERSHIP if we're the owning process for this tor instance owning_pid = self.get_conf('__OwningControllerProcess', None) if owning_pid == str(os.getpid()) and self.is_localhost(): response = self.msg('TAKEOWNERSHIP') stem.response.convert('SINGLELINE', response) if response.is_ok(): # Now that tor is tracking our ownership of the process via the control # connection, we can stop having it check for us via our pid. try: self.reset_conf('__OwningControllerProcess') except stem.ControllerError as exc: log.warn("We were unable to reset tor's __OwningControllerProcess configuration. It will continue to periodically check if our pid exists. (%s)" % exc) else: log.warn('We were unable assert ownership of tor through TAKEOWNERSHIP, despite being configured to be the owning process through __OwningControllerProcess. (%s)' % response) def _handle_event(self, event_message): try: stem.response.convert('EVENT', event_message, arrived_at = time.time()) event_type = event_message.type except stem.ProtocolError as exc: log.error('Tor sent a malformed event (%s): %s' % (exc, event_message)) event_type = MALFORMED_EVENTS with self._event_listeners_lock: for listener_type, event_listeners in list(self._event_listeners.items()): if listener_type == event_type: for listener in event_listeners: try: listener(event_message) except Exception as exc: log.warn('Event listener raised an uncaught exception (%s): %s' % (exc, event_message)) def _attach_listeners(self): """ Attempts to subscribe to the self._event_listeners events from tor. This is a no-op if we're not currently authenticated. :returns: tuple of the form (set_events, failed_events) :raises: :class:`stem.ControllerError` if unable to make our request to tor """ set_events, failed_events = [], [] with self._event_listeners_lock: if self.is_authenticated(): # try to set them all response = self.msg('SETEVENTS %s' % ' '.join(self._event_listeners.keys())) if response.is_ok(): set_events = list(self._event_listeners.keys()) else: # One of the following likely happened... # # * Our user attached listeners before having an authenticated # connection, so we couldn't check if we met the version # requirement. # # * User attached listeners to one tor instance, then connected us to # an older tor instancce. # # * Some other controller hiccup (far less likely). # # See if we can set some subset of our events. for event in list(self._event_listeners.keys()): response = self.msg('SETEVENTS %s' % ' '.join(set_events + [event])) if response.is_ok(): set_events.append(event) else: failed_events.append(event) return (set_events, failed_events) def _parse_circ_path(path): """ Parses a circuit path as a list of **(fingerprint, nickname)** tuples. Tor circuit paths are defined as being of the form... :: Path = LongName *("," LongName) LongName = Fingerprint [ ( "=" / "~" ) Nickname ] example: $999A226EBED397F331B612FE1E4CFAE5C1F201BA=piyaz ... *unless* this is prior to tor version 0.2.2.1 with the VERBOSE_NAMES feature turned off (or before version 0.1.2.2 where the feature was introduced). In that case either the fingerprint or nickname in the tuple will be **None**, depending on which is missing. :: Path = ServerID *("," ServerID) ServerID = Nickname / Fingerprint example: $E57A476CD4DFBD99B4EE52A100A58610AD6E80B9,hamburgerphone,PrivacyRepublic14 :param str path: circuit path to be parsed :returns: list of **(fingerprint, nickname)** tuples, fingerprints do not have a proceeding '$' :raises: :class:`stem.ProtocolError` if the path is malformed """ if path: try: return [_parse_circ_entry(entry) for entry in path.split(',')] except stem.ProtocolError as exc: # include the path with the exception raise stem.ProtocolError('%s: %s' % (exc, path)) else: return [] def _parse_circ_entry(entry): """ Parses a single relay's 'LongName' or 'ServerID'. See the :func:`~stem.control._parse_circ_path` function for more information. :param str entry: relay information to be parsed :returns: **(fingerprint, nickname)** tuple :raises: :class:`stem.ProtocolError` if the entry is malformed """ if '=' in entry: # common case fingerprint, nickname = entry.split('=') elif '~' in entry: # this is allowed for by the spec, but I've never seen it used fingerprint, nickname = entry.split('~') elif entry[0] == '$': # old style, fingerprint only fingerprint, nickname = entry, None else: # old style, nickname only fingerprint, nickname = None, entry if fingerprint is not None: if not stem.util.tor_tools.is_valid_fingerprint(fingerprint, True): raise stem.ProtocolError('Fingerprint in the circuit path is malformed (%s)' % fingerprint) fingerprint = fingerprint[1:] # strip off the leading '$' if nickname is not None and not stem.util.tor_tools.is_valid_nickname(nickname): raise stem.ProtocolError('Nickname in the circuit path is malformed (%s)' % nickname) return (fingerprint, nickname) @with_default() def _case_insensitive_lookup(entries, key, default = UNDEFINED): """ Makes a case insensitive lookup within a list or dictionary, providing the first matching entry that we come across. :param list,dict entries: list or dictionary to be searched :param str key: entry or key value to look up :param object default: value to be returned if the key doesn't exist :returns: case insensitive match or default if one was provided and key wasn't found :raises: **ValueError** if no such value exists """ if entries is not None: if isinstance(entries, dict): for k, v in list(entries.items()): if k.lower() == key.lower(): return v else: for entry in entries: if entry.lower() == key.lower(): return entry raise ValueError("key '%s' doesn't exist in dict: %s" % (key, entries)) def _get_with_timeout(event_queue, timeout, start_time): """ Pulls an item from a queue with a given timeout. """ if timeout: time_left = timeout - (time.time() - start_time) if time_left <= 0: raise stem.Timeout('Reached our %0.1f second timeout' % timeout) try: return event_queue.get(True, time_left) except queue.Empty: raise stem.Timeout('Reached our %0.1f second timeout' % timeout) else: return event_queue.get()