openmedialibrary_platform/Shared/lib/python3.4/site-packages/stem/control.py
2018-12-15 01:08:54 +01:00

4104 lines
144 KiB
Python

# Copyright 2011-2018, Damian Johnson and The Tor Project
# See LICENSE for licensing information
"""
Module for interacting with the Tor control socket. The
:class:`~stem.control.Controller` is a wrapper around a
:class:`~stem.socket.ControlSocket`, retaining many of its methods (connect,
close, is_alive, etc) in addition to providing its own for working with the
socket at a higher level.
Stem has `several ways <../faq.html#how-do-i-connect-to-tor>`_ of getting a
:class:`~stem.control.Controller`, but the most flexible are
:func:`~stem.control.Controller.from_port` and
:func:`~stem.control.Controller.from_socket_file`. These static
:class:`~stem.control.Controller` methods give you an **unauthenticated**
Controller you can then authenticate yourself using its
:func:`~stem.control.Controller.authenticate` method. For example...
::
import getpass
import sys
import stem
import stem.connection
from stem.control import Controller
if __name__ == '__main__':
try:
controller = Controller.from_port()
except stem.SocketError as exc:
print("Unable to connect to tor on port 9051: %s" % exc)
sys.exit(1)
try:
controller.authenticate()
except stem.connection.MissingPassword:
pw = getpass.getpass("Controller password: ")
try:
controller.authenticate(password = pw)
except stem.connection.PasswordAuthFailed:
print("Unable to authenticate, password is incorrect")
sys.exit(1)
except stem.connection.AuthenticationFailure as exc:
print("Unable to authenticate: %s" % exc)
sys.exit(1)
print("Tor is running version %s" % controller.get_version())
controller.close()
If you're fine with allowing your script to raise exceptions then this can be more nicely done as...
::
from stem.control import Controller
if __name__ == '__main__':
with Controller.from_port() as controller:
controller.authenticate()
print("Tor is running version %s" % controller.get_version())
**Module Overview:**
::
event_description - brief description of a tor event type
Controller - General controller class intended for direct use
| |- from_port - Provides a Controller based on a port connection.
| +- from_socket_file - Provides a Controller based on a socket file connection.
|
|- authenticate - authenticates this controller with tor
|- reconnect - reconnects and authenticates to socket
|
|- get_info - issues a GETINFO query for a parameter
|- get_version - provides our tor version
|- get_exit_policy - provides our exit policy
|- get_ports - provides the local ports where tor is listening for connections
|- get_listeners - provides the addresses and ports where tor is listening for connections
|- get_accounting_stats - provides stats related to relaying limits
|- get_protocolinfo - information about the controller interface
|- get_user - provides the user tor is running as
|- get_pid - provides the pid of our tor process
|- is_user_traffic_allowed - checks if we send or receive direct user traffic
|
|- get_microdescriptor - querying the microdescriptor for a relay
|- get_microdescriptors - provides all currently available microdescriptors
|- get_server_descriptor - querying the server descriptor for a relay
|- get_server_descriptors - provides all currently available server descriptors
|- get_network_status - querying the router status entry for a relay
|- get_network_statuses - provides all presently available router status entries
|- get_hidden_service_descriptor - queries the given hidden service descriptor
|
|- get_conf - gets the value of a configuration option
|- get_conf_map - gets the values of multiple configuration options
|- is_set - determines if an option differs from its default
|- set_conf - sets the value of a configuration option
|- reset_conf - reverts configuration options to their default values
|- set_options - sets or resets the values of multiple configuration options
|
|- get_hidden_service_conf - provides our hidden service configuration
|- set_hidden_service_conf - sets our hidden service configuration
|- create_hidden_service - creates a new hidden service or adds a new port
|- remove_hidden_service - removes a hidden service or drops a port
|
|- list_ephemeral_hidden_services - list ephemeral hidden serivces
|- create_ephemeral_hidden_service - create a new ephemeral hidden service
|- remove_ephemeral_hidden_service - removes an ephemeral hidden service
|
|- add_event_listener - attaches an event listener to be notified of tor events
|- remove_event_listener - removes a listener so it isn't notified of further events
|
|- is_caching_enabled - true if the controller has enabled caching
|- set_caching - enables or disables caching
|- clear_cache - clears any cached results
|
|- load_conf - loads configuration information as if it was in the torrc
|- save_conf - saves configuration information to the torrc
|
|- is_feature_enabled - checks if a given controller feature is enabled
|- enable_feature - enables a controller feature that has been disabled by default
|
|- get_circuit - provides an active circuit
|- get_circuits - provides a list of active circuits
|- new_circuit - create new circuits
|- extend_circuit - create new circuits and extend existing ones
|- repurpose_circuit - change a circuit's purpose
|- close_circuit - close a circuit
|
|- get_streams - provides a list of active streams
|- attach_stream - attach a stream to a circuit
|- close_stream - close a stream
|
|- signal - sends a signal to the tor client
|- is_newnym_available - true if tor would currently accept a NEWNYM signal
|- get_newnym_wait - seconds until tor would accept a NEWNYM signal
|- get_effective_rate - provides our effective relaying rate limit
|- is_geoip_unavailable - true if we've discovered our geoip db to be unavailable
|- map_address - maps one address to another such that connections to the original are replaced with the other
+- drop_guards - drops our set of guard relays and picks a new set
BaseController - Base controller class asynchronous message handling
|- msg - communicates with the tor process
|- is_alive - reports if our connection to tor is open or closed
|- is_localhost - returns if the connection is for the local system or not
|- connection_time - time when we last connected or disconnected
|- is_authenticated - checks if we're authenticated to tor
|- connect - connects or reconnects to tor
|- close - shuts down our connection to the tor process
|- get_socket - provides the socket used for control communication
|- get_latest_heartbeat - timestamp for when we last heard from tor
|- add_status_listener - notifies a callback of changes in our status
+- remove_status_listener - prevents further notification of status changes
.. data:: State (enum)
Enumeration for states that a controller can have.
========== ===========
State Description
========== ===========
**INIT** new control connection
**RESET** received a reset/sighup signal
**CLOSED** control connection closed
========== ===========
.. data:: EventType (enum)
Known types of events that the
:func:`~stem.control.Controller.add_event_listener` method of the
:class:`~stem.control.Controller` can listen for.
The most frequently listened for event types tend to be the logging events
(**DEBUG**, **INFO**, **NOTICE**, **WARN**, and **ERR**), bandwidth usage
(**BW**), and circuit or stream changes (**CIRC** and **STREAM**).
Enums are mapped to :class:`~stem.response.events.Event` subclasses as
follows...
.. deprecated:: 1.6.0
Tor dropped EventType.AUTHDIR_NEWDESCS as of version 0.3.2.1.
(:spec:`6e887ba`)
======================= ===========
EventType Event Class
======================= ===========
**ADDRMAP** :class:`stem.response.events.AddrMapEvent`
**AUTHDIR_NEWDESCS** :class:`stem.response.events.AuthDirNewDescEvent`
**BUILDTIMEOUT_SET** :class:`stem.response.events.BuildTimeoutSetEvent`
**BW** :class:`stem.response.events.BandwidthEvent`
**CELL_STATS** :class:`stem.response.events.CellStatsEvent`
**CIRC** :class:`stem.response.events.CircuitEvent`
**CIRC_BW** :class:`stem.response.events.CircuitBandwidthEvent`
**CIRC_MINOR** :class:`stem.response.events.CircMinorEvent`
**CLIENTS_SEEN** :class:`stem.response.events.ClientsSeenEvent`
**CONF_CHANGED** :class:`stem.response.events.ConfChangedEvent`
**CONN_BW** :class:`stem.response.events.ConnectionBandwidthEvent`
**DEBUG** :class:`stem.response.events.LogEvent`
**DESCCHANGED** :class:`stem.response.events.DescChangedEvent`
**ERR** :class:`stem.response.events.LogEvent`
**GUARD** :class:`stem.response.events.GuardEvent`
**HS_DESC** :class:`stem.response.events.HSDescEvent`
**HS_DESC_CONTENT** :class:`stem.response.events.HSDescContentEvent`
**INFO** :class:`stem.response.events.LogEvent`
**NETWORK_LIVENESS** :class:`stem.response.events.NetworkLivenessEvent`
**NEWCONSENSUS** :class:`stem.response.events.NewConsensusEvent`
**NEWDESC** :class:`stem.response.events.NewDescEvent`
**NOTICE** :class:`stem.response.events.LogEvent`
**NS** :class:`stem.response.events.NetworkStatusEvent`
**ORCONN** :class:`stem.response.events.ORConnEvent`
**SIGNAL** :class:`stem.response.events.SignalEvent`
**STATUS_CLIENT** :class:`stem.response.events.StatusEvent`
**STATUS_GENERAL** :class:`stem.response.events.StatusEvent`
**STATUS_SERVER** :class:`stem.response.events.StatusEvent`
**STREAM** :class:`stem.response.events.StreamEvent`
**STREAM_BW** :class:`stem.response.events.StreamBwEvent`
**TB_EMPTY** :class:`stem.response.events.TokenBucketEmptyEvent`
**TRANSPORT_LAUNCHED** :class:`stem.response.events.TransportLaunchedEvent`
**WARN** :class:`stem.response.events.LogEvent`
======================= ===========
.. data:: Listener (enum)
Purposes for inbound connections that Tor handles.
============= ===========
Listener Description
============= ===========
**OR** traffic we're relaying as a member of the network (torrc's **ORPort** and **ORListenAddress**)
**DIR** mirroring for tor descriptor content (torrc's **DirPort** and **DirListenAddress**)
**SOCKS** client traffic we're sending over Tor (torrc's **SocksPort** and **SocksListenAddress**)
**TRANS** transparent proxy handling (torrc's **TransPort** and **TransListenAddress**)
**NATD** forwarding for ipfw NATD connections (torrc's **NatdPort** and **NatdListenAddress**)
**DNS** DNS lookups for our traffic (torrc's **DNSPort** and **DNSListenAddress**)
**CONTROL** controller applications (torrc's **ControlPort** and **ControlListenAddress**)
============= ===========
"""
import calendar
import collections
import functools
import inspect
import io
import os
import threading
import time
try:
# Added in 2.7
from collections import OrderedDict
except ImportError:
from stem.util.ordereddict import OrderedDict
try:
# Added in 3.x
import queue
except ImportError:
import Queue as queue
import stem.descriptor.microdescriptor
import stem.descriptor.reader
import stem.descriptor.router_status_entry
import stem.descriptor.server_descriptor
import stem.exit_policy
import stem.response
import stem.response.events
import stem.socket
import stem.util
import stem.util.conf
import stem.util.connection
import stem.util.enum
import stem.util.str_tools
import stem.util.system
import stem.util.tor_tools
import stem.version
from stem import UNDEFINED, CircStatus, Signal
from stem.util import log
# When closing the controller we attempt to finish processing enqueued events,
# but if it takes longer than this we terminate.
EVENTS_LISTENING_TIMEOUT = 0.1
MALFORMED_EVENTS = 'MALFORMED_EVENTS'
# state changes a control socket can have
State = stem.util.enum.Enum('INIT', 'RESET', 'CLOSED')
EventType = stem.util.enum.UppercaseEnum(
'ADDRMAP',
'AUTHDIR_NEWDESCS',
'BUILDTIMEOUT_SET',
'BW',
'CELL_STATS',
'CIRC',
'CIRC_BW',
'CIRC_MINOR',
'CONF_CHANGED',
'CONN_BW',
'CLIENTS_SEEN',
'DEBUG',
'DESCCHANGED',
'ERR',
'GUARD',
'HS_DESC',
'HS_DESC_CONTENT',
'INFO',
'NETWORK_LIVENESS',
'NEWCONSENSUS',
'NEWDESC',
'NOTICE',
'NS',
'ORCONN',
'SIGNAL',
'STATUS_CLIENT',
'STATUS_GENERAL',
'STATUS_SERVER',
'STREAM',
'STREAM_BW',
'TB_EMPTY',
'TRANSPORT_LAUNCHED',
'WARN',
)
Listener = stem.util.enum.UppercaseEnum(
'OR',
'DIR',
'SOCKS',
'TRANS',
'NATD',
'DNS',
'CONTROL',
)
# torrc options that cannot be changed once tor's running
IMMUTABLE_CONFIG_OPTIONS = set(map(stem.util.str_tools._to_unicode, map(str.lower, (
'AccelDir',
'AccelName',
'DataDirectory',
'DisableAllSwap',
'DisableDebuggerAttachment',
'HardwareAccel',
'HiddenServiceNonAnonymousMode',
'HiddenServiceSingleHopMode',
'KeepBindCapabilities',
'PidFile',
'RunAsDaemon',
'Sandbox',
'SyslogIdentityTag',
'TokenBucketRefillInterval',
'User',
))))
LOG_CACHE_FETCHES = True # provide trace level logging for cache hits
# Configuration options that are fetched by a special key. The keys are
# lowercase to make case insensitive lookups easier.
MAPPED_CONFIG_KEYS = {
'hiddenservicedir': 'HiddenServiceOptions',
'hiddenserviceport': 'HiddenServiceOptions',
'hiddenserviceversion': 'HiddenServiceOptions',
'hiddenserviceauthorizeclient': 'HiddenServiceOptions',
'hiddenserviceoptions': 'HiddenServiceOptions',
}
# unchangeable GETINFO parameters
CACHEABLE_GETINFO_PARAMS = (
'address',
'version',
'config-file',
'exit-policy/default',
'fingerprint',
'config/names',
'config/defaults',
'info/names',
'events/names',
'features/names',
'process/descriptor-limit',
'status/version/current',
)
CACHEABLE_GETINFO_PARAMS_UNTIL_SETCONF = (
'accounting/enabled',
)
# GETCONF parameters we shouldn't cache. This includes hidden service
# perameters due to the funky way they're set and retrieved (for instance,
# 'SETCONF HiddenServiceDir' effects 'GETCONF HiddenServiceOptions').
UNCACHEABLE_GETCONF_PARAMS = (
'hiddenserviceoptions',
'hiddenservicedir',
'hiddenserviceport',
'hiddenserviceversion',
'hiddenserviceauthorizeclient',
)
SERVER_DESCRIPTORS_UNSUPPORTED = "Tor is currently not configured to retrieve \
server descriptors. As of Tor version 0.2.3.25 it downloads microdescriptors \
instead unless you set 'UseMicrodescriptors 0' in your torrc."
EVENT_DESCRIPTIONS = None
class AccountingStats(collections.namedtuple('AccountingStats', ['retrieved', 'status', 'interval_end', 'time_until_reset', 'read_bytes', 'read_bytes_left', 'read_limit', 'written_bytes', 'write_bytes_left', 'write_limit'])):
"""
Accounting information, determining the limits where our relay suspends
itself.
:var float retrieved: unix timestamp for when this was fetched
:var str status: hibernation status of 'awake', 'soft', or 'hard'
:var datetime interval_end: time when our limits reset
:var int time_until_reset: seconds until our limits reset
:var int read_bytes: number of bytes we've read relaying
:var int read_bytes_left: number of bytes we can read until we suspend
:var int read_limit: reading threshold where we suspend
:var int written_bytes: number of bytes we've written relaying
:var int write_bytes_left: number of bytes we can write until we suspend
:var int write_limit: writing threshold where we suspend
"""
class UserTrafficAllowed(collections.namedtuple('UserTrafficAllowed', ['inbound', 'outbound'])):
"""
Indicates if we're likely to be servicing direct user traffic or not.
:var bool inbound: if **True** we're likely providing guard or bridge connnections
:var bool outbound: if **True** we're likely providng exit connections
"""
class CreateHiddenServiceOutput(collections.namedtuple('CreateHiddenServiceOutput', ['path', 'hostname', 'hostname_for_client', 'config'])):
"""
Attributes of a hidden service we've created.
Both the **hostnames** and **hostname_for_client** attributes can only be
provided if we're able to read the hidden service directory. If the method
was called with **client_names** then we may provide the
**hostname_for_client**, and otherwise can provide the **hostnames**.
:var str path: hidden service directory
:var str hostname: content of the hostname file if available
:var dict hostname_for_client: mapping of client names to their onion address
if available
:var dict config: tor's new hidden service configuration
"""
def with_default(yields = False):
"""
Provides a decorator to support having a default value. This should be
treated as private.
"""
def decorator(func):
def get_default(func, args, kwargs):
arg_names = inspect.getargspec(func).args[1:] # drop 'self'
default_position = arg_names.index('default') if 'default' in arg_names else None
if default_position is not None and default_position < len(args):
return args[default_position]
else:
return kwargs.get('default', UNDEFINED)
if not yields:
@functools.wraps(func)
def wrapped(self, *args, **kwargs):
try:
return func(self, *args, **kwargs)
except:
default = get_default(func, args, kwargs)
if default == UNDEFINED:
raise
else:
return default
else:
@functools.wraps(func)
def wrapped(self, *args, **kwargs):
try:
for val in func(self, *args, **kwargs):
yield val
except:
default = get_default(func, args, kwargs)
if default == UNDEFINED:
raise
else:
if default is not None:
for val in default:
yield val
return wrapped
return decorator
def event_description(event):
"""
Provides a description for Tor events.
:param str event: the event for which a description is needed
:returns: **str** The event description or **None** if this is an event name
we don't have a description for
"""
global EVENT_DESCRIPTIONS
if EVENT_DESCRIPTIONS is None:
config = stem.util.conf.Config()
config_path = os.path.join(os.path.dirname(__file__), 'settings.cfg')
try:
config.load(config_path)
EVENT_DESCRIPTIONS = dict([(key.lower()[18:], config.get_value(key)) for key in config.keys() if key.startswith('event.description.')])
except Exception as exc:
log.warn("BUG: stem failed to load its internal manual information from '%s': %s" % (config_path, exc))
return None
return EVENT_DESCRIPTIONS.get(event.lower())
class BaseController(object):
"""
Controller for the tor process. This is a minimal base class for other
controllers, providing basic process communication and event listing. Don't
use this directly - subclasses like the :class:`~stem.control.Controller`
provide higher level functionality.
It's highly suggested that you don't interact directly with the
:class:`~stem.socket.ControlSocket` that we're constructed from - use our
wrapper methods instead.
If the **control_socket** is already authenticated to Tor then the caller
should provide the **is_authenticated** flag. Otherwise, we will treat the
socket as though it hasn't yet been authenticated.
"""
def __init__(self, control_socket, is_authenticated = False):
self._socket = control_socket
self._msg_lock = threading.RLock()
self._status_listeners = [] # tuples of the form (callback, spawn_thread)
self._status_listeners_lock = threading.RLock()
# queues where incoming messages are directed
self._reply_queue = queue.Queue()
self._event_queue = queue.Queue()
# thread to continually pull from the control socket
self._reader_thread = None
# thread to pull from the _event_queue and call handle_event
self._event_notice = threading.Event()
self._event_thread = None
# saves our socket's prior _connect() and _close() methods so they can be
# called along with ours
self._socket_connect = self._socket._connect
self._socket_close = self._socket._close
self._socket._connect = self._connect
self._socket._close = self._close
self._last_heartbeat = 0.0 # timestamp for when we last heard from tor
self._is_authenticated = False
self._state_change_threads = [] # threads we've spawned to notify of state changes
if self._socket.is_alive():
self._launch_threads()
if is_authenticated:
self._post_authentication()
def msg(self, message):
"""
Sends a message to our control socket and provides back its reply.
:param str message: message to be formatted and sent to tor
:returns: :class:`~stem.response.ControlMessage` with the response
:raises:
* :class:`stem.ProtocolError` the content from the socket is
malformed
* :class:`stem.SocketError` if a problem arises in using the
socket
* :class:`stem.SocketClosed` if the socket is shut down
"""
with self._msg_lock:
# If our _reply_queue isn't empty then one of a few things happened...
#
# - Our connection was closed and probably re-restablished. This was
# in reply to pulling for an asynchronous event and getting this is
# expected - ignore it.
#
# - Pulling for asynchronous events produced an error. If this was a
# ProtocolError then it's a tor bug, and if a non-closure SocketError
# then it was probably a socket glitch. Deserves an INFO level log
# message.
#
# - This is a leftover response for a msg() call. We can't tell who an
# exception was earmarked for, so we only know that this was the case
# if it's a ControlMessage.
#
# This is the most concerning situation since it indicates that one of
# our callers didn't get their reply. However, this is still a
# perfectly viable use case. For instance...
#
# 1. We send a request.
# 2. The reader thread encounters an exception, for instance a socket
# error. We enqueue the exception.
# 3. The reader thread receives the reply.
# 4. We raise the socket error, and have an undelivered message.
#
# Thankfully this only seems to arise in edge cases around rapidly
# closing/reconnecting the socket.
while not self._reply_queue.empty():
try:
response = self._reply_queue.get_nowait()
if isinstance(response, stem.SocketClosed):
pass # this is fine
elif isinstance(response, stem.ProtocolError):
log.info('Tor provided a malformed message (%s)' % response)
elif isinstance(response, stem.ControllerError):
log.info('Socket experienced a problem (%s)' % response)
elif isinstance(response, stem.response.ControlMessage):
log.info('Failed to deliver a response: %s' % response)
except queue.Empty:
# the empty() method is documented to not be fully reliable so this
# isn't entirely surprising
break
try:
self._socket.send(message)
response = self._reply_queue.get()
# If the message we received back had an exception then re-raise it to the
# caller. Otherwise return the response.
if isinstance(response, stem.ControllerError):
raise response
else:
return response
except stem.SocketClosed:
# If the recv() thread caused the SocketClosed then we could still be
# in the process of closing. Calling close() here so that we can
# provide an assurance to the caller that when we raise a SocketClosed
# exception we are shut down afterward for realz.
self.close()
raise
def is_alive(self):
"""
Checks if our socket is currently connected. This is a pass-through for our
socket's :func:`~stem.socket.BaseSocket.is_alive` method.
:returns: **bool** that's **True** if our socket is connected and **False** otherwise
"""
return self._socket.is_alive()
def is_localhost(self):
"""
Returns if the connection is for the local system or not.
.. versionadded:: 1.3.0
:returns: **bool** that's **True** if the connection is for the local host and **False** otherwise
"""
return self._socket.is_localhost()
def connection_time(self):
"""
Provides the unix timestamp for when our socket was either connected or
disconnected. That is to say, the time we connected if we're currently
connected and the time we disconnected if we're not connected.
.. versionadded:: 1.3.0
:returns: **float** for when we last connected or disconnected, zero if
we've never connected
"""
return self._socket.connection_time()
def is_authenticated(self):
"""
Checks if our socket is both connected and authenticated.
:returns: **bool** that's **True** if our socket is authenticated to tor
and **False** otherwise
"""
return self._is_authenticated if self.is_alive() else False
def connect(self):
"""
Reconnects our control socket. This is a pass-through for our socket's
:func:`~stem.socket.ControlSocket.connect` method.
:raises: :class:`stem.SocketError` if unable to make a socket
"""
self._socket.connect()
def close(self):
"""
Closes our socket connection. This is a pass-through for our socket's
:func:`~stem.socket.BaseSocket.close` method.
"""
self._socket.close()
# Join on any outstanding state change listeners. Closing is a state change
# of its own, so if we have any listeners it's quite likely there's some
# work in progress.
#
# It's important that we do this outside of our locks so those daemons have
# access to us. This is why we're doing this here rather than _close().
for t in self._state_change_threads:
if t.is_alive() and threading.current_thread() != t:
t.join()
def get_socket(self):
"""
Provides the socket used to speak with the tor process. Communicating with
the socket directly isn't advised since it may confuse this controller.
:returns: :class:`~stem.socket.ControlSocket` we're communicating with
"""
return self._socket
def get_latest_heartbeat(self):
"""
Provides the unix timestamp for when we last heard from tor. This is zero
if we've never received a message.
:returns: float for the unix timestamp of when we last heard from tor
"""
return self._last_heartbeat
def add_status_listener(self, callback, spawn = True):
"""
Notifies a given function when the state of our socket changes. Functions
are expected to be of the form...
::
my_function(controller, state, timestamp)
The state is a value from the :data:`stem.control.State` enum. Functions
**must** allow for new values. The timestamp is a float for the unix time
when the change occurred.
This class only provides **State.INIT** and **State.CLOSED** notifications.
Subclasses may provide others.
If spawn is **True** then the callback is notified via a new daemon thread.
If **False** then the notice is under our locks, within the thread where
the change occurred. In general this isn't advised, especially if your
callback could block for a while. If still outstanding these threads are
joined on as part of closing this controller.
:param function callback: function to be notified when our state changes
:param bool spawn: calls function via a new thread if **True**, otherwise
it's part of the connect/close method call
"""
with self._status_listeners_lock:
self._status_listeners.append((callback, spawn))
def remove_status_listener(self, callback):
"""
Stops listener from being notified of further events.
:param function callback: function to be removed from our listeners
:returns: **bool** that's **True** if we removed one or more occurrences of
the callback, **False** otherwise
"""
with self._status_listeners_lock:
new_listeners, is_changed = [], False
for listener, spawn in self._status_listeners:
if listener != callback:
new_listeners.append((listener, spawn))
else:
is_changed = True
self._status_listeners = new_listeners
return is_changed
def __enter__(self):
return self
def __exit__(self, exit_type, value, traceback):
self.close()
def _handle_event(self, event_message):
"""
Callback to be overwritten by subclasses for event listening. This is
notified whenever we receive an event from the control socket.
:param stem.response.ControlMessage event_message: message received from
the control socket
"""
pass
def _connect(self):
self._launch_threads()
self._notify_status_listeners(State.INIT)
self._socket_connect()
self._is_authenticated = False
def _close(self):
# Our is_alive() state is now false. Our reader thread should already be
# awake from recv() raising a closure exception. Wake up the event thread
# too so it can end.
self._event_notice.set()
self._is_authenticated = False
# joins on our threads if it's safe to do so
for t in (self._reader_thread, self._event_thread):
if t and t.is_alive() and threading.current_thread() != t:
t.join()
self._notify_status_listeners(State.CLOSED)
self._socket_close()
def _post_authentication(self):
# actions to be taken after we have a newly authenticated connection
self._is_authenticated = True
def _notify_status_listeners(self, state):
"""
Informs our status listeners that a state change occurred.
:param stem.control.State state: state change that has occurred
"""
# Any changes to our is_alive() state happen under the send lock, so we
# need to have it to ensure it doesn't change beneath us.
with self._socket._get_send_lock():
with self._status_listeners_lock:
# States imply that our socket is either alive or not, which may not
# hold true when multiple events occur in quick succession. For
# instance, a sighup could cause two events (State.RESET for the sighup
# and State.CLOSE if it causes tor to crash). However, there's no
# guarantee of the order in which they occur, and it would be bad if
# listeners got the State.RESET last, implying that we were alive.
expect_alive = None
if state in (State.INIT, State.RESET):
expect_alive = True
elif state == State.CLOSED:
expect_alive = False
change_timestamp = time.time()
if expect_alive is not None and expect_alive != self.is_alive():
return
self._state_change_threads = list(filter(lambda t: t.is_alive(), self._state_change_threads))
for listener, spawn in self._status_listeners:
if spawn:
args = (self, state, change_timestamp)
notice_thread = threading.Thread(target = listener, args = args, name = '%s notification' % state)
notice_thread.setDaemon(True)
notice_thread.start()
self._state_change_threads.append(notice_thread)
else:
listener(self, state, change_timestamp)
def _launch_threads(self):
"""
Initializes daemon threads. Threads can't be reused so we need to recreate
them if we're restarted.
"""
# In theory concurrent calls could result in multiple start() calls on a
# single thread, which would cause an unexpected exception. Best be safe.
with self._socket._get_send_lock():
if not self._reader_thread or not self._reader_thread.is_alive():
self._reader_thread = threading.Thread(target = self._reader_loop, name = 'Tor listener')
self._reader_thread.setDaemon(True)
self._reader_thread.start()
if not self._event_thread or not self._event_thread.is_alive():
self._event_thread = threading.Thread(target = self._event_loop, name = 'Event notifier')
self._event_thread.setDaemon(True)
self._event_thread.start()
def _reader_loop(self):
"""
Continually pulls from the control socket, directing the messages into
queues based on their type. Controller messages come in two varieties...
* Responses to messages we've sent (GETINFO, SETCONF, etc).
* Asynchronous events, identified by a status code of 650.
"""
while self.is_alive():
try:
control_message = self._socket.recv()
self._last_heartbeat = time.time()
if control_message.content()[-1][0] == '650':
# asynchronous message, adds to the event queue and wakes up its handler
self._event_queue.put(control_message)
self._event_notice.set()
else:
# response to a msg() call
self._reply_queue.put(control_message)
except stem.ControllerError as exc:
# Assume that all exceptions belong to the reader. This isn't always
# true, but the msg() call can do a better job of sorting it out.
#
# Be aware that the msg() method relies on this to unblock callers.
self._reply_queue.put(exc)
def _event_loop(self):
"""
Continually pulls messages from the _event_queue and sends them to our
handle_event callback. This is done via its own thread so subclasses with a
lengthy handle_event implementation don't block further reading from the
socket.
"""
socket_closed_at = None
while True:
try:
event_message = self._event_queue.get_nowait()
self._handle_event(event_message)
# Attempt to finish processing enqueued events when our controller closes
if not self.is_alive():
if not socket_closed_at:
socket_closed_at = time.time()
elif time.time() - socket_closed_at > EVENTS_LISTENING_TIMEOUT:
break
except queue.Empty:
if not self.is_alive():
break
self._event_notice.wait()
self._event_notice.clear()
class Controller(BaseController):
"""
Connection with Tor's control socket. This is built on top of the
BaseController and provides a more user friendly API for library users.
"""
@staticmethod
def from_port(address = '127.0.0.1', port = 'default'):
"""
Constructs a :class:`~stem.socket.ControlPort` based Controller.
If the **port** is **'default'** then this checks on both 9051 (default
for relays) and 9151 (default for the Tor Browser). This default may change
in the future.
.. versionchanged:: 1.5.0
Use both port 9051 and 9151 by default.
:param str address: ip address of the controller
:param int port: port number of the controller
:returns: :class:`~stem.control.Controller` attached to the given port
:raises: :class:`stem.SocketError` if we're unable to establish a connection
"""
import stem.connection
if not stem.util.connection.is_valid_ipv4_address(address):
raise ValueError('Invalid IP address: %s' % address)
elif port != 'default' and not stem.util.connection.is_valid_port(port):
raise ValueError('Invalid port: %s' % port)
if port == 'default':
control_port = stem.connection._connection_for_default_port(address)
else:
control_port = stem.socket.ControlPort(address, port)
return Controller(control_port)
@staticmethod
def from_socket_file(path = '/var/run/tor/control'):
"""
Constructs a :class:`~stem.socket.ControlSocketFile` based Controller.
:param str path: path where the control socket is located
:returns: :class:`~stem.control.Controller` attached to the given socket file
:raises: :class:`stem.SocketError` if we're unable to establish a connection
"""
control_socket = stem.socket.ControlSocketFile(path)
return Controller(control_socket)
def __init__(self, control_socket, is_authenticated = False):
self._is_caching_enabled = True
self._request_cache = {}
self._last_newnym = 0.0
self._cache_lock = threading.RLock()
# mapping of event types to their listeners
self._event_listeners = {}
self._event_listeners_lock = threading.RLock()
self._enabled_features = []
self._is_geoip_unavailable = None
self._last_address_exc = None
self._last_fingerprint_exc = None
super(Controller, self).__init__(control_socket, is_authenticated)
def _sighup_listener(event):
if event.signal == Signal.RELOAD:
self.clear_cache()
self._notify_status_listeners(State.RESET)
self.add_event_listener(_sighup_listener, EventType.SIGNAL)
def _confchanged_listener(event):
if self.is_caching_enabled():
to_cache_changed = dict((k.lower(), v) for k, v in event.changed.items())
to_cache_unset = dict((k.lower(), []) for k in event.unset) # [] represents None value in cache
to_cache = {}
to_cache.update(to_cache_changed)
to_cache.update(to_cache_unset)
self._set_cache(to_cache, 'getconf')
self._confchanged_cache_invalidation(to_cache)
self.add_event_listener(_confchanged_listener, EventType.CONF_CHANGED)
def _address_changed_listener(event):
if event.action in ('EXTERNAL_ADDRESS', 'DNS_USELESS'):
self._set_cache({'exit_policy': None})
self._set_cache({'address': None}, 'getinfo')
self._last_address_exc = None
self.add_event_listener(_address_changed_listener, EventType.STATUS_SERVER)
def close(self):
self.clear_cache()
super(Controller, self).close()
def authenticate(self, *args, **kwargs):
"""
A convenience method to authenticate the controller. This is just a
pass-through to :func:`stem.connection.authenticate`.
"""
import stem.connection
stem.connection.authenticate(self, *args, **kwargs)
def reconnect(self, *args, **kwargs):
"""
Reconnects and authenticates to our control socket.
.. versionadded:: 1.5.0
:raises:
* :class:`stem.SocketError` if unable to re-establish socket
* :class:`stem.connection.AuthenticationFailure` if unable to authenticate
"""
with self._msg_lock:
self.connect()
self.clear_cache()
self.authenticate(*args, **kwargs)
@with_default()
def get_info(self, params, default = UNDEFINED, get_bytes = False):
"""
get_info(params, default = UNDEFINED, get_bytes = False)
Queries the control socket for the given GETINFO option. If provided a
default then that's returned if the GETINFO option is undefined or the
call fails for any reason (error response, control port closed, initiated,
etc).
.. versionchanged:: 1.1.0
Added the get_bytes argument.
.. versionchanged:: 1.7.0
Errors commonly provided a :class:`stem.ProtocolError` when we should
raise a :class:`stem.OperationFailed`.
:param str,list params: GETINFO option or options to be queried
:param object default: response if the query fails
:param bool get_bytes: provides **bytes** values rather than a **str** under python 3.x
:returns:
Response depends upon how we were called as follows...
* **str** with the response if our param was a **str**
* **dict** with the 'param => response' mapping if our param was a **list**
* default if one was provided and our call failed
:raises:
* :class:`stem.ControllerError` if the call fails and we weren't
provided a default response
* :class:`stem.InvalidArguments` if the 'params' requested was
invalid
* :class:`stem.ProtocolError` if the geoip database is unavailable
"""
start_time = time.time()
reply = {}
if stem.util._is_str(params):
is_multiple = False
params = set([params])
else:
if not params:
return {}
is_multiple = True
params = set(params)
for param in params:
if param.startswith('ip-to-country/') and param != 'ip-to-country/0.0.0.0' and self.is_geoip_unavailable():
raise stem.ProtocolError('Tor geoip database is unavailable')
elif param == 'address' and self._last_address_exc:
raise self._last_address_exc # we already know we can't resolve an address
elif param == 'fingerprint' and self._last_fingerprint_exc and self.get_conf('ORPort', None) is None:
raise self._last_fingerprint_exc # we already know we're not a relay
# check for cached results
from_cache = [param.lower() for param in params]
cached_results = self._get_cache_map(from_cache, 'getinfo')
for key in cached_results:
user_expected_key = _case_insensitive_lookup(params, key)
reply[user_expected_key] = cached_results[key]
params.remove(user_expected_key)
# if everything was cached then short circuit making the query
if not params:
if LOG_CACHE_FETCHES:
log.trace('GETINFO %s (cache fetch)' % ' '.join(reply.keys()))
if is_multiple:
return reply
else:
return list(reply.values())[0]
try:
response = self.msg('GETINFO %s' % ' '.join(params))
stem.response.convert('GETINFO', response)
response._assert_matches(params)
# usually we want unicode values under python 3.x
if stem.prereq.is_python_3() and not get_bytes:
response.entries = dict((k, stem.util.str_tools._to_unicode(v)) for (k, v) in response.entries.items())
reply.update(response.entries)
if self.is_caching_enabled():
to_cache = {}
for key, value in response.entries.items():
key = key.lower() # make case insensitive
if key in CACHEABLE_GETINFO_PARAMS or key in CACHEABLE_GETINFO_PARAMS_UNTIL_SETCONF:
to_cache[key] = value
elif key.startswith('ip-to-country/'):
to_cache[key] = value
self._set_cache(to_cache, 'getinfo')
if 'address' in params:
self._last_address_exc = None
if 'fingerprint' in params:
self._last_fingerprint_exc = None
log.debug('GETINFO %s (runtime: %0.4f)' % (' '.join(params), time.time() - start_time))
if is_multiple:
return reply
else:
return list(reply.values())[0]
except stem.ControllerError as exc:
if 'address' in params:
self._last_address_exc = exc
if 'fingerprint' in params:
self._last_fingerprint_exc = exc
log.debug('GETINFO %s (failed: %s)' % (' '.join(params), exc))
raise
@with_default()
def get_version(self, default = UNDEFINED):
"""
get_version(default = UNDEFINED)
A convenience method to get tor version that current controller is
connected to.
:param object default: response if the query fails
:returns: :class:`~stem.version.Version` of the tor instance that we're
connected to
:raises:
* :class:`stem.ControllerError` if unable to query the version
* **ValueError** if unable to parse the version
An exception is only raised if we weren't provided a default response.
"""
version = self._get_cache('version')
if not version:
version_str = self.get_info('version')
version = stem.version.Version(version_str[4:] if version_str.startswith('Tor ') else version_str)
self._set_cache({'version': version})
return version
@with_default()
def get_exit_policy(self, default = UNDEFINED):
"""
get_exit_policy(default = UNDEFINED)
Effective ExitPolicy for our relay.
.. versionchanged:: 1.7.0
Policies retrieved through 'GETINFO exit-policy/full' rather than
parsing the user's torrc entries. This should be more reliable for
some edge cases. (:trac:`25739`)
:param object default: response if the query fails
:returns: :class:`~stem.exit_policy.ExitPolicy` of the tor instance that
we're connected to
:raises:
* :class:`stem.ControllerError` if unable to query the policy
* **ValueError** if unable to parse the policy
An exception is only raised if we weren't provided a default response.
"""
policy = self._get_cache('exit_policy')
if not policy:
try:
policy = stem.exit_policy.ExitPolicy(*self.get_info('exit-policy/full').splitlines())
self._set_cache({'exit_policy': policy})
except stem.OperationFailed:
# There's a few situations where 'GETINFO exit-policy/full' will fail,
# most commonly...
#
# * Error 551: Descriptor still rebuilding - not ready yet
#
# Tor hasn't yet finished making our server descriptor. This often
# arises when tor has first started.
#
# * Error 552: Not running in server mode
#
# We're not configured to be a relay (no ORPort), or haven't yet
# been able to determine our externally facing IP address.
#
# When these arise best we can do is infer our policy from the torrc.
# Skipping caching so we'll retry GETINFO policy resolution next time
# we're called.
rules = []
if self.get_conf('ExitRelay') == '0':
rules.append('reject *:*')
if self.get_conf('ExitPolicyRejectPrivate') == '1':
rules.append('reject private:*')
for policy_line in self.get_conf('ExitPolicy', multiple = True):
rules += policy_line.split(',')
rules += self.get_info('exit-policy/default').split(',')
policy = stem.exit_policy.get_config_policy(rules, self.get_info('address', None))
return policy
@with_default()
def get_ports(self, listener_type, default = UNDEFINED):
"""
get_ports(listener_type, default = UNDEFINED)
Provides the local ports where tor is listening for the given type of
connections. This is similar to
:func:`~stem.control.Controller.get_listeners`, but doesn't provide
addresses nor include non-local endpoints.
.. versionadded:: 1.2.0
:param stem.control.Listener listener_type: connection type being handled
by the ports we return
:param object default: response if the query fails
:returns: **list** of **ints** for the local ports where tor handles
connections of the given type
:raises: :class:`stem.ControllerError` if unable to determine the ports
and no default was provided
"""
def is_localhost(address):
if stem.util.connection.is_valid_ipv4_address(address):
return address == '0.0.0.0' or address.startswith('127.')
elif stem.util.connection.is_valid_ipv6_address(address):
return stem.util.connection.expand_ipv6_address(address) in (
'0000:0000:0000:0000:0000:0000:0000:0000',
'0000:0000:0000:0000:0000:0000:0000:0001',
)
else:
log.info("Request for %s ports got an address that's neither IPv4 or IPv6: %s" % (listener_type, address))
return False
return [port for (addr, port) in self.get_listeners(listener_type) if is_localhost(addr)]
@with_default()
def get_listeners(self, listener_type, default = UNDEFINED):
"""
get_listeners(listener_type, default = UNDEFINED)
Provides the addresses and ports where tor is listening for connections of
the given type. This is similar to
:func:`~stem.control.Controller.get_ports` but includes listener addresses
and non-local endpoints.
.. versionadded:: 1.2.0
.. versionchanged:: 1.5.0
Recognize listeners with IPv6 addresses.
:param stem.control.Listener listener_type: connection type being handled
by the listeners we return
:param object default: response if the query fails
:returns: **list** of **(address, port)** tuples for the available
listeners
:raises: :class:`stem.ControllerError` if unable to determine the listeners
and no default was provided
"""
listeners = self._get_cache(listener_type, 'listeners')
if listeners is None:
proxy_addrs = []
query = 'net/listeners/%s' % listener_type.lower()
try:
for listener in self.get_info(query).split():
if not (listener.startswith('"') and listener.endswith('"')):
raise stem.ProtocolError("'GETINFO %s' responses are expected to be quoted: %s" % (query, listener))
elif ':' not in listener:
raise stem.ProtocolError("'GETINFO %s' had a listener without a colon: %s" % (query, listener))
listener = listener[1:-1] # strip quotes
addr, port = listener.rsplit(':', 1)
# Skip unix sockets, for instance...
#
# GETINFO net/listeners/control
# 250-net/listeners/control="unix:/tmp/tor/socket"
# 250 OK
if addr == 'unix':
continue
if addr.startswith('[') and addr.endswith(']'):
addr = addr[1:-1] # unbracket ipv6 address
proxy_addrs.append((addr, port))
except stem.InvalidArguments:
# Tor version is old (pre-tor-0.2.2.26-beta), use get_conf() instead.
# Some options (like the ORPort) can have optional attributes after the
# actual port number.
port_option = {
Listener.OR: 'ORPort',
Listener.DIR: 'DirPort',
Listener.SOCKS: 'SocksPort',
Listener.TRANS: 'TransPort',
Listener.NATD: 'NatdPort',
Listener.DNS: 'DNSPort',
Listener.CONTROL: 'ControlPort',
}[listener_type]
listener_option = {
Listener.OR: 'ORListenAddress',
Listener.DIR: 'DirListenAddress',
Listener.SOCKS: 'SocksListenAddress',
Listener.TRANS: 'TransListenAddress',
Listener.NATD: 'NatdListenAddress',
Listener.DNS: 'DNSListenAddress',
Listener.CONTROL: 'ControlListenAddress',
}[listener_type]
port_value = self.get_conf(port_option).split()[0]
for listener in self.get_conf(listener_option, multiple = True):
if ':' in listener:
addr, port = listener.rsplit(':', 1)
if addr.startswith('[') and addr.endswith(']'):
addr = addr[1:-1] # unbracket ipv6 address
proxy_addrs.append((addr, port))
else:
proxy_addrs.append((listener, port_value))
# validate that address/ports are valid, and convert ports to ints
for addr, port in proxy_addrs:
if not stem.util.connection.is_valid_ipv4_address(addr) and not stem.util.connection.is_valid_ipv6_address(addr):
raise stem.ProtocolError('Invalid address for a %s listener: %s' % (listener_type, addr))
elif not stem.util.connection.is_valid_port(port):
raise stem.ProtocolError('Invalid port for a %s listener: %s' % (listener_type, port))
listeners = [(addr, int(port)) for (addr, port) in proxy_addrs]
self._set_cache({listener_type: listeners}, 'listeners')
return listeners
@with_default()
def get_accounting_stats(self, default = UNDEFINED):
"""
get_accounting_stats(default = UNDEFINED)
Provides stats related to our relaying limitations if AccountingMax was set
in our torrc.
.. versionadded:: 1.3.0
:param object default: response if the query fails
:returns: :class:`~stem.control.AccountingStats` with our accounting stats
:raises: :class:`stem.ControllerError` if unable to determine the listeners
and no default was provided
"""
if self.get_info('accounting/enabled') != '1':
raise stem.ControllerError("Accounting isn't enabled")
retrieved = time.time()
status = self.get_info('accounting/hibernating')
interval_end = self.get_info('accounting/interval-end')
used = self.get_info('accounting/bytes')
left = self.get_info('accounting/bytes-left')
interval_end = stem.util.str_tools._parse_timestamp(interval_end)
used_read, used_written = [int(val) for val in used.split(' ', 1)]
left_read, left_written = [int(val) for val in left.split(' ', 1)]
return AccountingStats(
retrieved = retrieved,
status = status,
interval_end = interval_end,
time_until_reset = calendar.timegm(interval_end.timetuple()) - int(retrieved),
read_bytes = used_read,
read_bytes_left = left_read,
read_limit = used_read + left_read,
written_bytes = used_written,
write_bytes_left = left_written,
write_limit = used_written + left_written,
)
def get_socks_listeners(self, default = UNDEFINED):
"""
Provides the SOCKS **(address, port)** tuples that tor has open.
.. deprecated:: 1.2.0
Use :func:`~stem.control.Controller.get_listeners` with
**Listener.SOCKS** instead.
:param object default: response if the query fails
:returns: list of **(address, port)** tuples for the available SOCKS
listeners
:raises: :class:`stem.ControllerError` if unable to determine the listeners
and no default was provided
"""
return self.get_listeners(Listener.SOCKS, default)
@with_default()
def get_protocolinfo(self, default = UNDEFINED):
"""
get_protocolinfo(default = UNDEFINED)
A convenience method to get the protocol info of the controller.
:param object default: response if the query fails
:returns: :class:`~stem.response.protocolinfo.ProtocolInfoResponse` provided by tor
:raises:
* :class:`stem.ProtocolError` if the PROTOCOLINFO response is
malformed
* :class:`stem.SocketError` if problems arise in establishing or
using the socket
An exception is only raised if we weren't provided a default response.
"""
import stem.connection
return stem.connection.get_protocolinfo(self)
@with_default()
def get_user(self, default = UNDEFINED):
"""
get_user(default = UNDEFINED)
Provides the user tor is running as. This often only works if tor is
running locally. Also, most of its checks are platform dependent, and hence
are not entirely reliable.
.. versionadded:: 1.1.0
:param object default: response if the query fails
:returns: str with the username tor is running as
"""
user = self._get_cache('user')
if not user:
user = self.get_info('process/user', None)
if not user and self.is_localhost():
pid = self.get_pid(None)
if pid:
user = stem.util.system.user(pid)
if user:
self._set_cache({'user': user})
return user
else:
raise ValueError("Unable to resolve tor's user" if self.is_localhost() else "Tor isn't running locally")
@with_default()
def get_pid(self, default = UNDEFINED):
"""
get_pid(default = UNDEFINED)
Provides the process id of tor. This often only works if tor is running
locally. Also, most of its checks are platform dependent, and hence are not
entirely reliable.
.. versionadded:: 1.1.0
:param object default: response if the query fails
:returns: **int** for tor's pid
:raises: **ValueError** if unable to determine the pid and no default was
provided
"""
pid = self._get_cache('pid')
if not pid:
getinfo_pid = self.get_info('process/pid', None)
if getinfo_pid and getinfo_pid.isdigit():
pid = int(getinfo_pid)
if not pid and self.is_localhost():
pid_file_path = self.get_conf('PidFile', None)
if pid_file_path is not None:
with open(pid_file_path) as pid_file:
pid_file_contents = pid_file.read().strip()
if pid_file_contents.isdigit():
pid = int(pid_file_contents)
if not pid:
pid = stem.util.system.pid_by_name('tor')
if not pid:
control_socket = self.get_socket()
if isinstance(control_socket, stem.socket.ControlPort):
pid = stem.util.system.pid_by_port(control_socket.port)
elif isinstance(control_socket, stem.socket.ControlSocketFile):
pid = stem.util.system.pid_by_open_file(control_socket.path)
if pid:
self._set_cache({'pid': pid})
return pid
else:
raise ValueError("Unable to resolve tor's pid" if self.is_localhost() else "Tor isn't running locally")
def is_user_traffic_allowed(self):
"""
Checks if we're likely to service direct user traffic. This essentially
boils down to...
* If we're a bridge or guard relay, inbound connections are possibly from
users.
* If our exit policy allows traffic then output connections are possibly
from users.
Note the word 'likely'. These is a decent guess in practice, but not always
correct. For instance, information about which flags we have are only
fetched periodically.
This method is intended to help you avoid eavesdropping on user traffic.
Monitoring user connections is not only unethical, but likely a violation
of wiretapping laws.
.. versionadded:: 1.5.0
:returns: :class:`~stem.cotroller.UserTrafficAllowed` with **inbound** and
**outbound** boolean attributes to indicate if we're likely servicing
direct user traffic
"""
inbound_allowed, outbound_allowed = False, False
if self.get_conf('BridgeRelay', None) == '1':
inbound_allowed = True
if self.get_conf('ORPort', None):
if not inbound_allowed:
consensus_entry = self.get_network_status(default = None)
inbound_allowed = consensus_entry and 'Guard' in consensus_entry.flags
exit_policy = self.get_exit_policy(None)
outbound_allowed = exit_policy and exit_policy.is_exiting_allowed()
return UserTrafficAllowed(inbound_allowed, outbound_allowed)
@with_default()
def get_microdescriptor(self, relay = None, default = UNDEFINED):
"""
get_microdescriptor(relay = None, default = UNDEFINED)
Provides the microdescriptor for the relay with the given fingerprint or
nickname. If the relay identifier could be either a fingerprint *or*
nickname then it's queried as a fingerprint.
If no **relay** is provided then this defaults to ourselves. Remember that
this requires that we've retrieved our own descriptor from remote
authorities so this both won't be available for newly started relays and
may be up to around an hour out of date.
.. versionchanged:: 1.3.0
Changed so we'd fetch our own descriptor if no 'relay' is provided.
:param str relay: fingerprint or nickname of the relay to be queried
:param object default: response if the query fails
:returns: :class:`~stem.descriptor.microdescriptor.Microdescriptor` for the given relay
:raises:
* :class:`stem.DescriptorUnavailable` if unable to provide a descriptor
for the given relay
* :class:`stem.ControllerError` if unable to query the descriptor
* **ValueError** if **relay** doesn't conform with the pattern for being
a fingerprint or nickname
An exception is only raised if we weren't provided a default response.
"""
if relay is None:
try:
relay = self.get_info('fingerprint')
except stem.ControllerError as exc:
raise stem.ControllerError('Unable to determine our own fingerprint: %s' % exc)
if stem.util.tor_tools.is_valid_fingerprint(relay):
query = 'md/id/%s' % relay
elif stem.util.tor_tools.is_valid_nickname(relay):
query = 'md/name/%s' % relay
else:
raise ValueError("'%s' isn't a valid fingerprint or nickname" % relay)
try:
desc_content = self.get_info(query, get_bytes = True)
except stem.InvalidArguments as exc:
if str(exc).startswith('GETINFO request contained unrecognized keywords:'):
raise stem.DescriptorUnavailable("Tor was unable to provide the descriptor for '%s'" % relay)
else:
raise
if not desc_content:
raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')
return stem.descriptor.microdescriptor.Microdescriptor(desc_content)
@with_default(yields = True)
def get_microdescriptors(self, default = UNDEFINED):
"""
get_microdescriptors(default = UNDEFINED)
Provides an iterator for all of the microdescriptors that tor currently
knows about.
Prior to Tor 0.3.5.1 this information was not available via the control
protocol. When connected to prior versions we read the microdescriptors
directly from disk instead, which will not work remotely or if our process
lacks read permissions.
:param list default: items to provide if the query fails
:returns: iterates over
:class:`~stem.descriptor.microdescriptor.Microdescriptor` for relays in
the tor network
:raises: :class:`stem.ControllerError` if unable to query tor and no
default was provided
"""
if self.get_version() >= stem.version.Requirement.GETINFO_MICRODESCRIPTORS:
desc_content = self.get_info('md/all', get_bytes = True)
if not desc_content:
raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')
for desc in stem.descriptor.microdescriptor._parse_file(io.BytesIO(desc_content)):
yield desc
else:
# TODO: remove when tor versions that require this are obsolete
try:
data_directory = self.get_conf('DataDirectory')
except stem.ControllerError as exc:
raise stem.OperationFailed(message = 'Unable to determine the data directory (%s)' % exc)
cached_descriptor_path = os.path.join(data_directory, 'cached-microdescs')
if not os.path.exists(data_directory):
raise stem.OperationFailed(message = "Data directory reported by tor doesn't exist (%s)" % data_directory)
elif not os.path.exists(cached_descriptor_path):
raise stem.OperationFailed(message = "Data directory doesn't contain cached microdescriptors (%s)" % cached_descriptor_path)
with stem.descriptor.reader.DescriptorReader([cached_descriptor_path]) as reader:
for desc in reader:
# It shouldn't be possible for these to be something other than
# microdescriptors but as the saying goes: trust but verify.
if not isinstance(desc, stem.descriptor.microdescriptor.Microdescriptor):
raise stem.OperationFailed(message = 'BUG: Descriptor reader provided non-microdescriptor content (%s)' % type(desc))
yield desc
@with_default()
def get_server_descriptor(self, relay = None, default = UNDEFINED):
"""
get_server_descriptor(relay = None, default = UNDEFINED)
Provides the server descriptor for the relay with the given fingerprint or
nickname. If the relay identifier could be either a fingerprint *or*
nickname then it's queried as a fingerprint.
If no **relay** is provided then this defaults to ourselves. Remember that
this requires that we've retrieved our own descriptor from remote
authorities so this both won't be available for newly started relays and
may be up to around an hour out of date.
**As of Tor version 0.2.3.25 relays no longer get server descriptors by
default.** It's advised that you use microdescriptors instead, but if you
really need server descriptors then you can get them by setting
'UseMicrodescriptors 0'.
.. versionchanged:: 1.3.0
Changed so we'd fetch our own descriptor if no 'relay' is provided.
:param str relay: fingerprint or nickname of the relay to be queried
:param object default: response if the query fails
:returns: :class:`~stem.descriptor.server_descriptor.RelayDescriptor` for the given relay
:raises:
* :class:`stem.DescriptorUnavailable` if unable to provide a descriptor
for the given relay
* :class:`stem.ControllerError` if unable to query the descriptor
* **ValueError** if **relay** doesn't conform with the pattern for being
a fingerprint or nickname
An exception is only raised if we weren't provided a default response.
"""
try:
if relay is None:
try:
relay = self.get_info('fingerprint')
except stem.ControllerError as exc:
raise stem.ControllerError('Unable to determine our own fingerprint: %s' % exc)
if stem.util.tor_tools.is_valid_fingerprint(relay):
query = 'desc/id/%s' % relay
elif stem.util.tor_tools.is_valid_nickname(relay):
query = 'desc/name/%s' % relay
else:
raise ValueError("'%s' isn't a valid fingerprint or nickname" % relay)
try:
desc_content = self.get_info(query, get_bytes = True)
except stem.InvalidArguments as exc:
if str(exc).startswith('GETINFO request contained unrecognized keywords:'):
raise stem.DescriptorUnavailable("Tor was unable to provide the descriptor for '%s'" % relay)
else:
raise
if not desc_content:
raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')
return stem.descriptor.server_descriptor.RelayDescriptor(desc_content)
except:
if not self._is_server_descriptors_available():
raise ValueError(SERVER_DESCRIPTORS_UNSUPPORTED)
raise
@with_default(yields = True)
def get_server_descriptors(self, default = UNDEFINED):
"""
get_server_descriptors(default = UNDEFINED)
Provides an iterator for all of the server descriptors that tor currently
knows about.
**As of Tor version 0.2.3.25 relays no longer get server descriptors by
default.** It's advised that you use microdescriptors instead, but if you
really need server descriptors then you can get them by setting
'UseMicrodescriptors 0'.
:param list default: items to provide if the query fails
:returns: iterates over
:class:`~stem.descriptor.server_descriptor.RelayDescriptor` for relays in
the tor network
:raises: :class:`stem.ControllerError` if unable to query tor and no
default was provided
"""
# TODO: We should iterate over the descriptors as they're read from the
# socket rather than reading the whole thing into memory.
#
# https://trac.torproject.org/8248
desc_content = self.get_info('desc/all-recent', get_bytes = True)
if not desc_content:
if not self._is_server_descriptors_available():
raise stem.ControllerError(SERVER_DESCRIPTORS_UNSUPPORTED)
else:
raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')
for desc in stem.descriptor.server_descriptor._parse_file(io.BytesIO(desc_content)):
yield desc
def _is_server_descriptors_available(self):
"""
Checks to see if tor server descriptors should be available or not.
"""
# TODO: Replace with a 'GETINFO desc/download-enabled' request when they're
# widely available...
#
# https://gitweb.torproject.org/torspec.git/commit/?id=378699c
return self.get_version() < stem.version.Requirement.MICRODESCRIPTOR_IS_DEFAULT or \
self.get_conf('UseMicrodescriptors', None) == '0'
@with_default()
def get_network_status(self, relay = None, default = UNDEFINED):
"""
get_network_status(relay = None, default = UNDEFINED)
Provides the router status entry for the relay with the given fingerprint
or nickname. If the relay identifier could be either a fingerprint *or*
nickname then it's queried as a fingerprint.
If no **relay** is provided then this defaults to ourselves. Remember that
this requires that we've retrieved our own descriptor from remote
authorities so this both won't be available for newly started relays and
may be up to around an hour out of date.
.. versionchanged:: 1.3.0
Changed so we'd fetch our own descriptor if no 'relay' is provided.
:param str relay: fingerprint or nickname of the relay to be queried
:param object default: response if the query fails
:returns: :class:`~stem.descriptor.router_status_entry.RouterStatusEntryV3`
for the given relay
:raises:
* :class:`stem.DescriptorUnavailable` if unable to provide a descriptor
for the given relay
* :class:`stem.ControllerError` if unable to query the descriptor
* **ValueError** if **relay** doesn't conform with the pattern for being
a fingerprint or nickname
An exception is only raised if we weren't provided a default response.
"""
if relay is None:
try:
relay = self.get_info('fingerprint')
except stem.ControllerError as exc:
raise stem.ControllerError('Unable to determine our own fingerprint: %s' % exc)
if stem.util.tor_tools.is_valid_fingerprint(relay):
query = 'ns/id/%s' % relay
elif stem.util.tor_tools.is_valid_nickname(relay):
query = 'ns/name/%s' % relay
else:
raise ValueError("'%s' isn't a valid fingerprint or nickname" % relay)
try:
desc_content = self.get_info(query, get_bytes = True)
except stem.InvalidArguments as exc:
if str(exc).startswith('GETINFO request contained unrecognized keywords:'):
raise stem.DescriptorUnavailable("Tor was unable to provide the descriptor for '%s'" % relay)
else:
raise
if not desc_content:
raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')
return stem.descriptor.router_status_entry.RouterStatusEntryV3(desc_content)
@with_default(yields = True)
def get_network_statuses(self, default = UNDEFINED):
"""
get_network_statuses(default = UNDEFINED)
Provides an iterator for all of the router status entries that tor
currently knows about.
:param list default: items to provide if the query fails
:returns: iterates over
:class:`~stem.descriptor.router_status_entry.RouterStatusEntryV3` for
relays in the tor network
:raises: :class:`stem.ControllerError` if unable to query tor and no
default was provided
"""
# TODO: We should iterate over the descriptors as they're read from the
# socket rather than reading the whole thing into memory.
#
# https://trac.torproject.org/8248
desc_content = self.get_info('ns/all', get_bytes = True)
if not desc_content:
raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')
desc_iterator = stem.descriptor.router_status_entry._parse_file(
io.BytesIO(desc_content),
False,
entry_class = stem.descriptor.router_status_entry.RouterStatusEntryV3,
)
for desc in desc_iterator:
yield desc
@with_default()
def get_hidden_service_descriptor(self, address, default = UNDEFINED, servers = None, await_result = True, timeout = None):
"""
get_hidden_service_descriptor(address, default = UNDEFINED, servers = None, await_result = True)
Provides the descriptor for a hidden service. The **address** is the
'.onion' address of the hidden service (for instance 3g2upl4pq6kufc4m.onion
for DuckDuckGo).
If **await_result** is **True** then this blocks until we either receive
the descriptor or the request fails. If **False** this returns right away.
**This method only supports v2 hidden services, not v3.** (:trac:`25417`)
.. versionadded:: 1.4.0
.. versionchanged:: 1.7.0
Added the timeout argument.
:param str address: address of the hidden service descriptor, the '.onion' suffix is optional
:param object default: response if the query fails
:param list servers: requrest the descriptor from these specific servers
:param float timeout: seconds to wait when **await_result** is **True**
:returns: :class:`~stem.descriptor.hidden_service_descriptor.HiddenServiceDescriptor`
for the given service if **await_result** is **True**, or **None** otherwise
:raises:
* :class:`stem.DescriptorUnavailable` if **await_result** is **True** and
unable to provide a descriptor for the given service
* :class:`stem.Timeout` if **timeout** was reached
* :class:`stem.ControllerError` if unable to query the descriptor
* **ValueError** if **address** doesn't conform with the pattern of a
hidden service address
An exception is only raised if we weren't provided a default response.
"""
if address.endswith('.onion'):
address = address[:-6]
if not stem.util.tor_tools.is_valid_hidden_service_address(address):
raise ValueError("'%s.onion' isn't a valid hidden service address" % address)
if self.get_version() < stem.version.Requirement.HSFETCH:
raise stem.UnsatisfiableRequest(message = 'HSFETCH was added in tor version %s' % stem.version.Requirement.HSFETCH)
hs_desc_queue, hs_desc_listener = queue.Queue(), None
hs_desc_content_queue, hs_desc_content_listener = queue.Queue(), None
start_time = time.time()
if await_result:
def hs_desc_listener(event):
hs_desc_queue.put(event)
def hs_desc_content_listener(event):
hs_desc_content_queue.put(event)
self.add_event_listener(hs_desc_listener, EventType.HS_DESC)
self.add_event_listener(hs_desc_content_listener, EventType.HS_DESC_CONTENT)
try:
request = 'HSFETCH %s' % address
if servers:
request += ' ' + ' '.join(['SERVER=%s' % s for s in servers])
response = self.msg(request)
stem.response.convert('SINGLELINE', response)
if not response.is_ok():
raise stem.ProtocolError('HSFETCH returned unexpected response code: %s' % response.code)
if not await_result:
return None # not waiting, so nothing to provide back
else:
while True:
event = _get_with_timeout(hs_desc_content_queue, timeout, start_time)
if event.address == address:
if event.descriptor:
return event.descriptor
else:
# no descriptor, looking through HS_DESC to figure out why
while True:
event = _get_with_timeout(hs_desc_queue, timeout, start_time)
if event.address == address and event.action == stem.HSDescAction.FAILED:
if event.reason == stem.HSDescReason.NOT_FOUND:
raise stem.DescriptorUnavailable('No running hidden service at %s.onion' % address)
else:
raise stem.DescriptorUnavailable('Unable to retrieve the descriptor for %s.onion (retrieved from %s): %s' % (address, event.directory_fingerprint, event.reason))
finally:
if hs_desc_listener:
self.remove_event_listener(hs_desc_listener)
if hs_desc_content_listener:
self.remove_event_listener(hs_desc_content_listener)
def get_conf(self, param, default = UNDEFINED, multiple = False):
"""
get_conf(param, default = UNDEFINED, multiple = False)
Queries the current value for a configuration option. Some configuration
options (like the ExitPolicy) can have multiple values. This provides a
**list** with all of the values if **multiple** is **True**. Otherwise this
will be a **str** with the first value.
If provided with a **default** then that is provided if the configuration
option was unset or the query fails (invalid configuration option, error
response, control port closed, initiated, etc).
If the configuration value is unset and no **default** was given then this
provides **None** if **multiple** was **False** and an empty list if it was
**True**.
:param str param: configuration option to be queried
:param object default: response if the option is unset or the query fails
:param bool multiple: if **True** then provides a list with all of the
present values (this is an empty list if the config option is unset)
:returns:
Response depends upon how we were called as follows...
* **str** with the configuration value if **multiple** was **False**,
**None** if it was unset
* **list** with the response strings if multiple was **True**
* default if one was provided and the configuration option was either
unset or our call failed
:raises:
* :class:`stem.ControllerError` if the call fails and we weren't
provided a default response
* :class:`stem.InvalidArguments` if the configuration option
requested was invalid
"""
# Config options are case insensitive and don't contain whitespace. Using
# strip so the following check will catch whitespace-only params.
param = param.lower().strip()
if not param:
return default if default != UNDEFINED else None
entries = self.get_conf_map(param, default, multiple)
return _case_insensitive_lookup(entries, param, default)
def get_conf_map(self, params, default = UNDEFINED, multiple = True):
"""
get_conf_map(params, default = UNDEFINED, multiple = True)
Similar to :func:`~stem.control.Controller.get_conf` but queries multiple
configuration options, providing back a mapping of those options to their
values.
There are three use cases for GETCONF:
1. a single value is provided (e.g. **ControlPort**)
2. multiple values are provided for the option (e.g. **ExitPolicy**)
3. a set of options that weren't necessarily requested are returned (for
instance querying **HiddenServiceOptions** gives **HiddenServiceDir**,
**HiddenServicePort**, etc)
The vast majority of the options fall into the first two categories, in
which case calling :func:`~stem.control.Controller.get_conf` is sufficient.
However, for batch queries or the special options that give a set of values
this provides back the full response. As of tor version 0.2.1.25
**HiddenServiceOptions** was the only option that falls into the third
category.
**Note:** HiddenServiceOptions are best retrieved via the
:func:`~stem.control.Controller.get_hidden_service_conf` method instead.
:param str,list params: configuration option(s) to be queried
:param object default: value for the mappings if the configuration option
is either undefined or the query fails
:param bool multiple: if **True** then the values provided are lists with
all of the present values
:returns:
**dict** of the 'config key => value' mappings. The value is a...
* **str** if **multiple** is **False**, **None** if the configuration
option is unset
* **list** if **multiple** is **True**
* the **default** if it was set and the value was either undefined or our
lookup failed
:raises:
* :class:`stem.ControllerError` if the call fails and we weren't provided
a default response
* :class:`stem.InvalidArguments` if the configuration option requested
was invalid
"""
start_time = time.time()
reply = {}
if stem.util._is_str(params):
params = [params]
# remove strings which contain only whitespace
params = [entry for entry in params if entry.strip()]
if params == []:
return {}
# translate context sensitive options
lookup_params = set([MAPPED_CONFIG_KEYS.get(entry, entry) for entry in params])
# check for cached results
from_cache = [param.lower() for param in lookup_params]
cached_results = self._get_cache_map(from_cache, 'getconf')
for key in cached_results:
user_expected_key = _case_insensitive_lookup(lookup_params, key)
reply[user_expected_key] = cached_results[key]
lookup_params.remove(user_expected_key)
# if everything was cached then short circuit making the query
if not lookup_params:
if LOG_CACHE_FETCHES:
log.trace('GETCONF %s (cache fetch)' % ' '.join(reply.keys()))
return self._get_conf_dict_to_response(reply, default, multiple)
try:
response = self.msg('GETCONF %s' % ' '.join(lookup_params))
stem.response.convert('GETCONF', response)
reply.update(response.entries)
if self.is_caching_enabled():
to_cache = dict((k.lower(), v) for k, v in response.entries.items())
self._set_cache(to_cache, 'getconf')
# Maps the entries back to the parameters that the user requested so the
# capitalization matches (ie, if they request "exitpolicy" then that
# should be the key rather than "ExitPolicy"). When the same
# configuration key is provided multiple times this determines the case
# based on the first and ignores the rest.
#
# This retains the tor provided camel casing of MAPPED_CONFIG_KEYS
# entries since the user didn't request those by their key, so we can't
# be sure what they wanted.
for key in reply:
if not key.lower() in MAPPED_CONFIG_KEYS.values():
user_expected_key = _case_insensitive_lookup(params, key, key)
if key != user_expected_key:
reply[user_expected_key] = reply[key]
del reply[key]
log.debug('GETCONF %s (runtime: %0.4f)' % (' '.join(lookup_params), time.time() - start_time))
return self._get_conf_dict_to_response(reply, default, multiple)
except stem.ControllerError as exc:
log.debug('GETCONF %s (failed: %s)' % (' '.join(lookup_params), exc))
if default != UNDEFINED:
return dict((param, default) for param in params)
else:
raise
def _get_conf_dict_to_response(self, config_dict, default, multiple):
"""
Translates a dictionary of 'config key => [value1, value2...]' into the
return value of :func:`~stem.control.Controller.get_conf_map`, taking into
account what the caller requested.
"""
return_dict = {}
for key, values in list(config_dict.items()):
if values == []:
# config option was unset
if default != UNDEFINED:
return_dict[key] = default
else:
return_dict[key] = [] if multiple else None
else:
return_dict[key] = values if multiple else values[0]
return return_dict
@with_default()
def is_set(self, param, default = UNDEFINED):
"""
is_set(param, default = UNDEFINED)
Checks if a configuration option differs from its default or not.
.. versionadded:: 1.5.0
:param str param: configuration option to check
:param object default: response if the query fails
:returns: **True** if option differs from its default and **False**
otherwise
:raises: :class:`stem.ControllerError` if the call fails and we weren't
provided a default response
"""
return param in self._get_custom_options()
def _get_custom_options(self):
result = self._get_cache('get_custom_options')
if not result:
config_lines = self.get_info('config-text').splitlines()
# Tor provides some config options even if they haven't been set...
#
# https://trac.torproject.org/projects/tor/ticket/2362
# https://trac.torproject.org/projects/tor/ticket/17909
default_lines = (
'Log notice stdout',
'Log notice file /var/log/tor/log',
'DataDirectory /home/%s/.tor' % self.get_user('undefined'),
'HiddenServiceStatistics 0',
)
for line in default_lines:
if line in config_lines:
config_lines.remove(line)
result = dict([line.split(' ', 1) for line in config_lines])
self._set_cache({'get_custom_options': result})
return result
def set_conf(self, param, value):
"""
Changes the value of a tor configuration option. Our value can be any of
the following...
* a string to set a single value
* a list of strings to set a series of values (for instance the ExitPolicy)
* None to either set the value to 0/NULL
:param str param: configuration option to be set
:param str,list value: value to set the parameter to
:raises:
* :class:`stem.ControllerError` if the call fails
* :class:`stem.InvalidArguments` if configuration options
requested was invalid
* :class:`stem.InvalidRequest` if the configuration setting is
impossible or if there's a syntax error in the configuration values
"""
self.set_options({param: value}, False)
def reset_conf(self, *params):
"""
Reverts one or more parameters to their default values.
:param str params: configuration option to be reset
:raises:
* :class:`stem.ControllerError` if the call fails
* :class:`stem.InvalidArguments` if configuration options requested was invalid
* :class:`stem.InvalidRequest` if the configuration setting is
impossible or if there's a syntax error in the configuration values
"""
self.set_options(dict([(entry, None) for entry in params]), True)
def set_options(self, params, reset = False):
"""
Changes multiple tor configuration options via either a SETCONF or
RESETCONF query. Both behave identically unless our value is None, in which
case SETCONF sets the value to 0 or NULL, and RESETCONF returns it to its
default value. This accepts str, list, or None values in a similar fashion
to :func:`~stem.control.Controller.set_conf`. For example...
::
my_controller.set_options({
'Nickname': 'caerSidi',
'ExitPolicy': ['accept *:80', 'accept *:443', 'reject *:*'],
'ContactInfo': 'caerSidi-exit@someplace.com',
'Log': None,
})
The params can optionally be a list of key/value tuples, though the only
reason this type of argument would be useful is for hidden service
configuration (those options are order dependent).
:param dict,list params: mapping of configuration options to the values
we're setting it to
:param bool reset: issues a RESETCONF, returning **None** values to their
defaults if **True**
:raises:
* :class:`stem.ControllerError` if the call fails
* :class:`stem.InvalidArguments` if configuration options
requested was invalid
* :class:`stem.InvalidRequest` if the configuration setting is
impossible or if there's a syntax error in the configuration values
"""
start_time = time.time()
# constructs the SETCONF or RESETCONF query
query_comp = ['RESETCONF' if reset else 'SETCONF']
if isinstance(params, dict):
params = list(params.items())
for param, value in params:
if isinstance(value, str):
query_comp.append('%s="%s"' % (param, value.strip()))
elif isinstance(value, collections.Iterable):
query_comp.extend(['%s="%s"' % (param, val.strip()) for val in value])
elif not value:
query_comp.append(param)
else:
raise ValueError('Cannot set %s to %s since the value was a %s but we only accept strings' % (param, value, type(value).__name__))
query = ' '.join(query_comp)
response = self.msg(query)
stem.response.convert('SINGLELINE', response)
if response.is_ok():
log.debug('%s (runtime: %0.4f)' % (query, time.time() - start_time))
if self.is_caching_enabled():
# clear cache for params; the CONF_CHANGED event will set cache for changes
to_cache = dict((k.lower(), None) for k, v in params)
self._set_cache(to_cache, 'getconf')
self._confchanged_cache_invalidation(dict(params))
else:
log.debug('%s (failed, code: %s, message: %s)' % (query, response.code, response.message))
immutable_params = [k for k, v in params if stem.util.str_tools._to_unicode(k).lower() in IMMUTABLE_CONFIG_OPTIONS]
if immutable_params:
raise stem.InvalidArguments(message = "%s cannot be changed while tor's running" % ', '.join(sorted(immutable_params)), arguments = immutable_params)
if response.code == '552':
if response.message.startswith("Unrecognized option: Unknown option '"):
key = response.message[37:response.message.find("'", 37)]
raise stem.InvalidArguments(response.code, response.message, [key])
raise stem.InvalidRequest(response.code, response.message)
elif response.code in ('513', '553'):
raise stem.InvalidRequest(response.code, response.message)
else:
raise stem.ProtocolError('Returned unexpected status code: %s' % response.code)
@with_default()
def get_hidden_service_conf(self, default = UNDEFINED):
"""
get_hidden_service_conf(default = UNDEFINED)
This provides a mapping of hidden service directories to their
attribute's key/value pairs. All hidden services are assured to have a
'HiddenServicePort', but other entries may or may not exist.
::
{
"/var/lib/tor/hidden_service_empty/": {
"HiddenServicePort": [
]
},
"/var/lib/tor/hidden_service_with_two_ports/": {
"HiddenServiceAuthorizeClient": "stealth a, b",
"HiddenServicePort": [
(8020, "127.0.0.1", 8020), # the ports order is kept
(8021, "127.0.0.1", 8021)
],
"HiddenServiceVersion": "2"
},
}
.. versionadded:: 1.3.0
:param object default: response if the query fails
:returns: **dict** with the hidden service configuration
:raises: :class:`stem.ControllerError` if the call fails and we weren't
provided a default response
"""
service_dir_map = self._get_cache('hidden_service_conf')
if service_dir_map is not None:
if LOG_CACHE_FETCHES:
log.trace('GETCONF HiddenServiceOptions (cache fetch)')
return service_dir_map
start_time = time.time()
try:
response = self.msg('GETCONF HiddenServiceOptions')
stem.response.convert('GETCONF', response)
log.debug('GETCONF HiddenServiceOptions (runtime: %0.4f)' %
(time.time() - start_time))
except stem.ControllerError as exc:
log.debug('GETCONF HiddenServiceOptions (failed: %s)' % exc)
raise
service_dir_map = OrderedDict()
directory = None
for status_code, divider, content in response.content():
if content == 'HiddenServiceOptions':
continue
if '=' not in content:
continue
k, v = content.split('=', 1)
if k == 'HiddenServiceDir':
directory = v
service_dir_map[directory] = {'HiddenServicePort': []}
elif k == 'HiddenServicePort':
port = target_port = v
target_address = '127.0.0.1'
if not v.isdigit():
port, target = v.split()
if target.isdigit():
target_port = target
else:
target_address, target_port = target.rsplit(':', 1)
if not stem.util.connection.is_valid_port(port):
raise stem.ProtocolError('GETCONF provided an invalid HiddenServicePort port (%s): %s' % (port, content))
elif not stem.util.connection.is_valid_ipv4_address(target_address):
raise stem.ProtocolError('GETCONF provided an invalid HiddenServicePort target address (%s): %s' % (target_address, content))
elif not stem.util.connection.is_valid_port(target_port):
raise stem.ProtocolError('GETCONF provided an invalid HiddenServicePort target port (%s): %s' % (target_port, content))
service_dir_map[directory]['HiddenServicePort'].append((int(port), target_address, int(target_port)))
else:
service_dir_map[directory][k] = v
self._set_cache({'hidden_service_conf': service_dir_map})
return service_dir_map
def set_hidden_service_conf(self, conf):
"""
Update all the configured hidden services from a dictionary having
the same format as
:func:`~stem.control.Controller.get_hidden_service_conf`.
For convenience the HiddenServicePort entries can be an integer, string, or
tuple. If an **int** then we treat it as just a port. If a **str** we pass
that directly as the HiddenServicePort. And finally, if a **tuple** then
it's expected to be the **(port, target_address, target_port)** as provided
by :func:`~stem.control.Controller.get_hidden_service_conf`.
This is to say the following three are equivalent...
::
"HiddenServicePort": [
80,
'80 127.0.0.1:80',
(80, '127.0.0.1', 80),
]
.. versionadded:: 1.3.0
:param dict conf: configuration dictionary
:raises:
* :class:`stem.ControllerError` if the call fails
* :class:`stem.InvalidArguments` if configuration options
requested was invalid
* :class:`stem.InvalidRequest` if the configuration setting is
impossible or if there's a syntax error in the configuration values
"""
# If we're not adding or updating any hidden services then call RESETCONF
# so we drop existing values. Otherwise calling SETCONF is a no-op.
if not conf:
self.reset_conf('HiddenServiceDir')
return
# Convert conf dictionary into a list of ordered config tuples
hidden_service_options = []
for directory in conf:
hidden_service_options.append(('HiddenServiceDir', directory))
for k, v in list(conf[directory].items()):
if k == 'HiddenServicePort':
for entry in v:
if isinstance(entry, int):
entry = '%s 127.0.0.1:%s' % (entry, entry)
elif isinstance(entry, str):
pass # just pass along what the user gave us
elif isinstance(entry, tuple):
port, target_address, target_port = entry
entry = '%s %s:%s' % (port, target_address, target_port)
hidden_service_options.append(('HiddenServicePort', entry))
else:
hidden_service_options.append((k, str(v)))
self.set_options(hidden_service_options)
def create_hidden_service(self, path, port, target_address = None, target_port = None, auth_type = None, client_names = None):
"""
Create a new hidden service. If the directory is already present, a
new port is added.
Our *.onion address is fetched by reading the hidden service directory.
However, this directory is only readable by the tor user, so if unavailable
the **hostname** will be **None**.
**As of Tor 0.2.7.1 there's two ways for creating hidden services, and this
method is no longer recommended.** Rather, try using
:func:`~stem.control.Controller.create_ephemeral_hidden_service` instead.
.. versionadded:: 1.3.0
.. versionchanged:: 1.4.0
Added the auth_type and client_names arguments.
:param str path: path for the hidden service's data directory
:param int port: hidden service port
:param str target_address: address of the service, by default 127.0.0.1
:param int target_port: port of the service, by default this is the same as
**port**
:param str auth_type: authentication type: basic, stealth or None to disable auth
:param list client_names: client names (1-16 characters "A-Za-z0-9+-_")
:returns: :class:`~stem.cotroller.CreateHiddenServiceOutput` if we create
or update a hidden service, **None** otherwise
:raises: :class:`stem.ControllerError` if the call fails
"""
if not stem.util.connection.is_valid_port(port):
raise ValueError("%s isn't a valid port number" % port)
elif target_address and not stem.util.connection.is_valid_ipv4_address(target_address):
raise ValueError("%s isn't a valid IPv4 address" % target_address)
elif target_port is not None and not stem.util.connection.is_valid_port(target_port):
raise ValueError("%s isn't a valid port number" % target_port)
elif auth_type not in (None, 'basic', 'stealth'):
raise ValueError("%s isn't a recognized type of authentication" % auth_type)
port = int(port)
target_address = target_address if target_address else '127.0.0.1'
target_port = port if target_port is None else int(target_port)
conf = self.get_hidden_service_conf()
if path in conf and (port, target_address, target_port) in conf[path]['HiddenServicePort']:
return None
conf.setdefault(path, OrderedDict()).setdefault('HiddenServicePort', []).append((port, target_address, target_port))
if auth_type and client_names:
hsac = "%s %s" % (auth_type, ','.join(client_names))
conf[path]['HiddenServiceAuthorizeClient'] = hsac
# Tor 0.3.5 changes its default for HS creation from v2 to v3. This is
# fine, but there's a couple options that are incompatible with v3. If
# creating a service with one of those we should explicitly create a v2
# service instead.
#
# https://trac.torproject.org/projects/tor/ticket/27446
for path in conf:
if 'HiddenServiceAuthorizeClient' in conf[path] or 'RendPostPeriod' in conf[path]:
conf[path]['HiddenServiceVersion'] = '2'
self.set_hidden_service_conf(conf)
hostname, hostname_for_client = None, {}
if self.is_localhost():
hostname_path = os.path.join(path, 'hostname')
if not os.path.isabs(hostname_path):
cwd = stem.util.system.cwd(self.get_pid(None))
if cwd:
hostname_path = stem.util.system.expand_path(hostname_path, cwd)
if os.path.isabs(hostname_path):
start_time = time.time()
while not os.path.exists(hostname_path):
wait_time = time.time() - start_time
if wait_time >= 3:
break
else:
time.sleep(0.05)
try:
with open(hostname_path) as hostname_file:
hostname = hostname_file.read().strip()
if client_names and '\n' in hostname:
# When there's multiple clients this looks like...
#
# ndisjxzkgcdhrwqf.onion sjUwjTSPznqWLdOPuwRUzg # client: c1
# ndisjxzkgcdhrwqf.onion sUu92axuL5bKnA76s2KRfw # client: c2
for line in hostname.splitlines():
if ' # client: ' in line:
address = line.split()[0]
client = line.split(' # client: ', 1)[1]
if len(address) == 22 and address.endswith('.onion'):
hostname_for_client[client] = address
except:
pass
return CreateHiddenServiceOutput(
path = path,
hostname = hostname,
hostname_for_client = hostname_for_client,
config = conf,
)
def remove_hidden_service(self, path, port = None):
"""
Discontinues a given hidden service.
.. versionadded:: 1.3.0
:param str path: path for the hidden service's data directory
:param int port: hidden service port
:returns: **True** if the hidden service is discontinued, **False** if it
wasn't running in the first place
:raises: :class:`stem.ControllerError` if the call fails
"""
if port and not stem.util.connection.is_valid_port(port):
raise ValueError("%s isn't a valid port number" % port)
port = int(port) if port else None
conf = self.get_hidden_service_conf()
if path not in conf:
return False
if not port:
del conf[path]
else:
to_remove = [entry for entry in conf[path]['HiddenServicePort'] if entry[0] == port]
if not to_remove:
return False
for entry in to_remove:
conf[path]['HiddenServicePort'].remove(entry)
if not conf[path]['HiddenServicePort']:
del conf[path] # no ports left
self.set_hidden_service_conf(conf)
return True
@with_default()
def list_ephemeral_hidden_services(self, default = UNDEFINED, our_services = True, detached = False):
"""
list_ephemeral_hidden_services(default = UNDEFINED, our_services = True, detached = False)
Lists hidden service addresses created by
:func:`~stem.control.Controller.create_ephemeral_hidden_service`.
.. versionadded:: 1.4.0
.. versionchanged:: 1.6.0
Tor change caused this to start providing empty strings if unset
(:trac:`21329`).
:param object default: response if the query fails
:param bool our_services: include services created with this controller
that weren't flagged as 'detached'
:param bool detached: include services whos contiuation isn't tied to a
controller
:returns: **list** of hidden service addresses without their '.onion'
suffix
:raises: :class:`stem.ControllerError` if the call fails and we weren't
provided a default response
"""
if self.get_version() < stem.version.Requirement.ADD_ONION:
raise stem.UnsatisfiableRequest(message = 'Ephemeral hidden services were added in tor version %s' % stem.version.Requirement.ADD_ONION)
result = []
if our_services:
try:
result += self.get_info('onions/current').split('\n')
except stem.ProtocolError as exc:
# TODO: Tor's behavior around this was changed in Feb 2017, we should
# drop it when all versions that did this are deprecated...
#
# https://trac.torproject.org/projects/tor/ticket/21329
if 'No onion services of the specified type.' not in str(exc):
raise
if detached:
try:
result += self.get_info('onions/detached').split('\n')
except stem.ProtocolError as exc:
if 'No onion services of the specified type.' not in str(exc):
raise
return [r for r in result if r] # drop any empty responses (GETINFO is blank if unset)
def create_ephemeral_hidden_service(self, ports, key_type = 'NEW', key_content = 'BEST', discard_key = False, detached = False, await_publication = False, timeout = None, basic_auth = None, max_streams = None):
"""
Creates a new hidden service. Unlike
:func:`~stem.control.Controller.create_hidden_service` this style of
hidden service doesn't touch disk, carrying with it a lot of advantages.
This is the suggested method for making hidden services.
Our **ports** argument can be a single port...
::
create_ephemeral_hidden_service(80)
... list of ports the service is available on...
::
create_ephemeral_hidden_service([80, 443])
... or a mapping of hidden service ports to their targets...
::
create_ephemeral_hidden_service({80: 80, 443: '173.194.33.133:443'})
If **basic_auth** is provided this service will require basic
authentication to access. This means users must set HidServAuth in their
torrc with credentials to access it.
**basic_auth** is a mapping of usernames to their credentials. If the
credential is **None** one is generated and returned as part of the
response. For instance, only bob can access using the given newly generated
credentials...
::
>>> response = controller.create_ephemeral_hidden_service(80, basic_auth = {'bob': None})
>>> print(response.client_auth)
{'bob': 'nKwfvVPmTNr2k2pG0pzV4g'}
... while both alice and bob can access with existing credentials in the
following...
::
controller.create_ephemeral_hidden_service(80, basic_auth = {
'alice': 'l4BT016McqV2Oail+Bwe6w',
'bob': 'vGnNRpWYiMBFTWD2gbBlcA',
})
To create a **version 3** service simply specify **ED25519-V3** as the
our key type, and to create a **version 2** service use **RSA1024**. The
default version of newly created hidden services is based on the
**HiddenServiceVersion** value in your torrc...
::
response = controller.create_ephemeral_hidden_service(
80,
key_content = 'ED25519-V3',
await_publication = True,
)
print('service established at %s.onion' % response.service_id)
.. versionadded:: 1.4.0
.. versionchanged:: 1.5.0
Added the basic_auth argument.
.. versionchanged:: 1.5.0
Added support for non-anonymous services. To do so set
'HiddenServiceSingleHopMode 1' and 'HiddenServiceNonAnonymousMode 1' in
your torrc.
.. versionchanged:: 1.7.0
Added the timeout and max_streams arguments.
:param int,list,dict ports: hidden service port(s) or mapping of hidden
service ports to their targets
:param str key_type: type of key being provided, generates a new key if
'NEW' (options are: **NEW**, **RSA1024**, and **ED25519-V3**)
:param str key_content: key for the service to use or type of key to be
generated (options when **key_type** is **NEW** are **BEST**,
**RSA1024**, and **ED25519-V3**)
:param bool discard_key: avoid providing the key back in our response
:param bool detached: continue this hidden service even after this control
connection is closed if **True**
:param bool await_publication: blocks until our descriptor is successfully
published if **True**
:param float timeout: seconds to wait when **await_result** is **True**
:param dict basic_auth: required user credentials to access this service
:param int max_streams: maximum number of streams the hidden service will
accept, unlimited if zero or not set
:returns: :class:`~stem.response.add_onion.AddOnionResponse` with the response
:raises:
* :class:`stem.ControllerError` if the call fails
* :class:`stem.Timeout` if **timeout** was reached
"""
if self.get_version() < stem.version.Requirement.ADD_ONION:
raise stem.UnsatisfiableRequest(message = 'Ephemeral hidden services were added in tor version %s' % stem.version.Requirement.ADD_ONION)
hs_desc_queue, hs_desc_listener = queue.Queue(), None
start_time = time.time()
if await_publication:
def hs_desc_listener(event):
hs_desc_queue.put(event)
self.add_event_listener(hs_desc_listener, EventType.HS_DESC)
request = 'ADD_ONION %s:%s' % (key_type, key_content)
flags = []
if discard_key:
flags.append('DiscardPK')
if detached:
flags.append('Detach')
if basic_auth is not None:
if self.get_version() < stem.version.Requirement.ADD_ONION_BASIC_AUTH:
raise stem.UnsatisfiableRequest(message = 'Basic authentication support was added to ADD_ONION in tor version %s' % stem.version.Requirement.ADD_ONION_BASIC_AUTH)
flags.append('BasicAuth')
if max_streams is not None:
if self.get_version() < stem.version.Requirement.ADD_ONION_MAX_STREAMS:
raise stem.UnsatisfiableRequest(message = 'Limitation of the maximum number of streams to accept was added to ADD_ONION in tor version %s' % stem.version.Requirement.ADD_ONION_MAX_STREAMS)
flags.append('MaxStreamsCloseCircuit')
if self.get_version() >= stem.version.Requirement.ADD_ONION_NON_ANONYMOUS:
if self.get_conf('HiddenServiceSingleHopMode', None) == '1' and self.get_conf('HiddenServiceNonAnonymousMode', None) == '1':
flags.append('NonAnonymous')
if flags:
request += ' Flags=%s' % ','.join(flags)
if max_streams is not None:
request += ' MaxStreams=%s' % max_streams
if isinstance(ports, int):
request += ' Port=%s' % ports
elif isinstance(ports, list):
for port in ports:
request += ' Port=%s' % port
elif isinstance(ports, dict):
for port, target in ports.items():
request += ' Port=%s,%s' % (port, target)
else:
raise ValueError("The 'ports' argument of create_ephemeral_hidden_service() needs to be an int, list, or dict")
if basic_auth is not None:
for client_name, client_blob in basic_auth.items():
if client_blob:
request += ' ClientAuth=%s:%s' % (client_name, client_blob)
else:
request += ' ClientAuth=%s' % client_name
response = self.msg(request)
stem.response.convert('ADD_ONION', response)
if await_publication:
# We should receive five UPLOAD events, followed by up to another five
# UPLOADED to indicate they've finished. Presently tor seems to have an
# issue where the address is provided for UPLOAD but not UPLOADED so need
# to just guess that if it's for the same hidden service authority then
# it's what we're looking for.
directories_uploaded_to, failures = [], []
try:
while True:
event = _get_with_timeout(hs_desc_queue, timeout, start_time)
if event.action == stem.HSDescAction.UPLOAD and event.address == response.service_id:
directories_uploaded_to.append(event.directory_fingerprint)
elif event.action == stem.HSDescAction.UPLOADED and event.directory_fingerprint in directories_uploaded_to:
break # successfully uploaded to a HS authority... maybe
elif event.action == stem.HSDescAction.FAILED and event.directory_fingerprint in directories_uploaded_to:
failures.append('%s (%s)' % (event.directory_fingerprint, event.reason))
if len(directories_uploaded_to) == len(failures):
raise stem.OperationFailed(message = 'Failed to upload our hidden service descriptor to %s' % ', '.join(failures))
finally:
self.remove_event_listener(hs_desc_listener)
return response
def remove_ephemeral_hidden_service(self, service_id):
"""
Discontinues a given hidden service that was created with
:func:`~stem.control.Controller.create_ephemeral_hidden_service`.
.. versionadded:: 1.4.0
:param str service_id: hidden service address without the '.onion' suffix
:returns: **True** if the hidden service is discontinued, **False** if it
wasn't running in the first place
:raises: :class:`stem.ControllerError` if the call fails
"""
if self.get_version() < stem.version.Requirement.ADD_ONION:
raise stem.UnsatisfiableRequest(message = 'Ephemeral hidden services were added in tor version %s' % stem.version.Requirement.ADD_ONION)
response = self.msg('DEL_ONION %s' % service_id)
stem.response.convert('SINGLELINE', response)
if response.is_ok():
return True
elif response.code == '552':
return False # no hidden service to discontinue
else:
raise stem.ProtocolError('DEL_ONION returned unexpected response code: %s' % response.code)
def add_event_listener(self, listener, *events):
"""
Directs further tor controller events to a given function. The function is
expected to take a single argument, which is a
:class:`~stem.response.events.Event` subclass. For instance the following
would print the bytes sent and received by tor over five seconds...
::
import time
from stem.control import Controller, EventType
def print_bw(event):
print('sent: %i, received: %i' % (event.written, event.read))
with Controller.from_port(port = 9051) as controller:
controller.authenticate()
controller.add_event_listener(print_bw, EventType.BW)
time.sleep(5)
If a new control connection is initialized then this listener will be
reattached.
If tor emits a malformed event it can be received by listening for the
stem.control.MALFORMED_EVENTS constant.
.. versionchanged:: 1.7.0
Listener exceptions and malformed events no longer break further event
processing. Added the **MALFORMED_EVENTS** constant.
:param functor listener: function to be called when an event is received
:param stem.control.EventType events: event types to be listened for
:raises: :class:`stem.ProtocolError` if unable to set the events
"""
# first checking that tor supports these event types
with self._event_listeners_lock:
if self.is_authenticated():
for event_type in events:
event_type = stem.response.events.EVENT_TYPE_TO_CLASS.get(event_type)
if event_type and (self.get_version() < event_type._VERSION_ADDED):
raise stem.InvalidRequest(552, '%s event requires Tor version %s or later' % (event_type, event_type._VERSION_ADDED))
for event_type in events:
self._event_listeners.setdefault(event_type, []).append(listener)
failed_events = self._attach_listeners()[1]
# restricted the failures to just things we requested
failed_events = set(failed_events).intersection(set(events))
if failed_events:
raise stem.ProtocolError('SETEVENTS rejected %s' % ', '.join(failed_events))
def remove_event_listener(self, listener):
"""
Stops a listener from being notified of further tor events.
:param stem.control.EventListener listener: listener to be removed
:raises: :class:`stem.ProtocolError` if unable to set the events
"""
with self._event_listeners_lock:
event_types_changed = False
for event_type, event_listeners in list(self._event_listeners.items()):
if listener in event_listeners:
event_listeners.remove(listener)
if len(event_listeners) == 0:
event_types_changed = True
del self._event_listeners[event_type]
if event_types_changed:
response = self.msg('SETEVENTS %s' % ' '.join(self._event_listeners.keys()))
if not response.is_ok():
raise stem.ProtocolError('SETEVENTS received unexpected response\n%s' % response)
def _get_cache(self, param, namespace = None):
"""
Queries our request cache for the given key.
:param str param: key to be queried
:param str namespace: namespace in which to check for the key
:returns: cached value corresponding to key or **None** if the key wasn't found
"""
with self._cache_lock:
if not self.is_caching_enabled():
return None
cache_key = '%s.%s' % (namespace, param) if namespace else param
return self._request_cache.get(cache_key, None)
def _get_cache_map(self, params, namespace = None):
"""
Queries our request cache for multiple entries.
:param list params: keys to be queried
:param str namespace: namespace in which to check for the keys
:returns: **dict** of 'param => cached value' pairs of keys present in cache
"""
with self._cache_lock:
cached_values = {}
if self.is_caching_enabled():
for param in params:
cache_key = '%s.%s' % (namespace, param) if namespace else param
if cache_key in self._request_cache:
cached_values[param] = self._request_cache[cache_key]
return cached_values
def _set_cache(self, params, namespace = None):
"""
Sets the given request cache entries. If the new cache value is **None**
then it is removed from our cache.
:param dict params: **dict** of 'cache_key => value' pairs to be cached
:param str namespace: namespace for the keys
"""
with self._cache_lock:
if not self.is_caching_enabled():
return
# if params is None then clear the namespace
if params is None and namespace:
for cache_key in list(self._request_cache.keys()):
if cache_key.startswith('%s.' % namespace):
del self._request_cache[cache_key]
return
# remove uncacheable items
if namespace == 'getconf':
# shallow copy before edit so as not to change it for the caller
params = params.copy()
for key in UNCACHEABLE_GETCONF_PARAMS:
if key in params:
del params[key]
for key, value in list(params.items()):
if namespace:
cache_key = '%s.%s' % (namespace, key)
else:
cache_key = key
if value is None:
if cache_key in list(self._request_cache.keys()):
del self._request_cache[cache_key]
else:
self._request_cache[cache_key] = value
def _confchanged_cache_invalidation(self, params):
"""
Drops dependent portions of the cache when configuration changes.
:param dict params: **dict** of 'config_key => value' pairs for configs
that changed. The entries' values are currently unused.
"""
with self._cache_lock:
if not self.is_caching_enabled():
return
if any('hidden' in param.lower() for param in params.keys()):
self._set_cache({'hidden_service_conf': None})
# reset any getinfo parameters that can be changed by a SETCONF
self._set_cache(dict([(k.lower(), None) for k in CACHEABLE_GETINFO_PARAMS_UNTIL_SETCONF]), 'getinfo')
self._set_cache(None, 'listeners')
self._set_cache({'get_custom_options': None})
self._set_cache({'exit_policy': None}) # numerous options can change our policy
def is_caching_enabled(self):
"""
**True** if caching has been enabled, **False** otherwise.
:returns: bool to indicate if caching is enabled
"""
return self._is_caching_enabled
def set_caching(self, enabled):
"""
Enables or disables caching of information retrieved from tor.
:param bool enabled: **True** to enable caching, **False** to disable it
"""
self._is_caching_enabled = enabled
if not self._is_caching_enabled:
self.clear_cache()
def clear_cache(self):
"""
Drops any cached results.
"""
with self._cache_lock:
self._request_cache = {}
self._last_newnym = 0.0
self._is_geoip_unavailable = None
def load_conf(self, configtext):
"""
Sends the configuration text to Tor and loads it as if it has been read from
the torrc.
:param str configtext: the configuration text
:raises: :class:`stem.ControllerError` if the call fails
"""
response = self.msg('LOADCONF\n%s' % configtext)
stem.response.convert('SINGLELINE', response)
if response.code in ('552', '553'):
if response.code == '552' and response.message.startswith('Invalid config file: Failed to parse/validate config: Unknown option'):
raise stem.InvalidArguments(response.code, response.message, [response.message[70:response.message.find('.', 70) - 1]])
raise stem.InvalidRequest(response.code, response.message)
elif not response.is_ok():
raise stem.ProtocolError('+LOADCONF Received unexpected response\n%s' % str(response))
def save_conf(self, force = False):
"""
Saves the current configuration options into the active torrc file.
.. versionchanged:: 1.6.0
Added the force argument.
:param bool force: overwrite the configuration even if it includes a
'%include' clause, this is ignored if tor doesn't support it
:raises:
* :class:`stem.ControllerError` if the call fails
* :class:`stem.OperationFailed` if the client is unable to save
the configuration file
"""
if self.get_version() < stem.version.Requirement.SAVECONF_FORCE:
force = False
response = self.msg('SAVECONF FORCE' if force else 'SAVECONF')
stem.response.convert('SINGLELINE', response)
if response.is_ok():
return True
elif response.code == '551':
raise stem.OperationFailed(response.code, response.message)
else:
raise stem.ProtocolError('SAVECONF returned unexpected response code')
def is_feature_enabled(self, feature):
"""
Checks if a control connection feature is enabled. These features can be
enabled using :func:`~stem.control.Controller.enable_feature`.
:param str feature: feature to be checked
:returns: **True** if feature is enabled, **False** otherwise
"""
feature = feature.upper()
if feature in self._enabled_features:
return True
else:
# check if this feature is on by default
defaulted_version = None
if feature == 'EXTENDED_EVENTS':
defaulted_version = stem.version.Requirement.FEATURE_EXTENDED_EVENTS
elif feature == 'VERBOSE_NAMES':
defaulted_version = stem.version.Requirement.FEATURE_VERBOSE_NAMES
if defaulted_version:
our_version = self.get_version(None)
if our_version and our_version >= defaulted_version:
self._enabled_features.append(feature)
return feature in self._enabled_features
def enable_feature(self, features):
"""
Enables features that are disabled by default to maintain backward
compatibility. Once enabled, a feature cannot be disabled and a new
control connection must be opened to get a connection with the feature
disabled. Feature names are case-insensitive.
The following features are currently accepted:
* EXTENDED_EVENTS - Requests the extended event syntax
* VERBOSE_NAMES - Replaces ServerID with LongName in events and GETINFO results
:param str,list features: a single feature or a list of features to be enabled
:raises:
* :class:`stem.ControllerError` if the call fails
* :class:`stem.InvalidArguments` if features passed were invalid
"""
if stem.util._is_str(features):
features = [features]
response = self.msg('USEFEATURE %s' % ' '.join(features))
stem.response.convert('SINGLELINE', response)
if not response.is_ok():
if response.code == '552':
invalid_feature = []
if response.message.startswith('Unrecognized feature "'):
invalid_feature = [response.message[22:response.message.find('"', 22)]]
raise stem.InvalidArguments(response.code, response.message, invalid_feature)
raise stem.ProtocolError('USEFEATURE provided an invalid response code: %s' % response.code)
self._enabled_features += [entry.upper() for entry in features]
@with_default()
def get_circuit(self, circuit_id, default = UNDEFINED):
"""
get_circuit(circuit_id, default = UNDEFINED)
Provides a circuit currently available from tor.
:param int circuit_id: circuit to be fetched
:param object default: response if the query fails
:returns: :class:`stem.response.events.CircuitEvent` for the given circuit
:raises:
* :class:`stem.ControllerError` if the call fails
* **ValueError** if the circuit doesn't exist
An exception is only raised if we weren't provided a default response.
"""
for circ in self.get_circuits():
if circ.id == circuit_id:
return circ
raise ValueError("Tor currently does not have a circuit with the id of '%s'" % circuit_id)
@with_default()
def get_circuits(self, default = UNDEFINED):
"""
get_circuits(default = UNDEFINED)
Provides tor's currently available circuits.
:param object default: response if the query fails
:returns: **list** of :class:`stem.response.events.CircuitEvent` for our circuits
:raises: :class:`stem.ControllerError` if the call fails and no default was provided
"""
circuits = []
response = self.get_info('circuit-status')
for circ in response.splitlines():
circ_message = stem.socket.recv_message(io.BytesIO(stem.util.str_tools._to_bytes('650 CIRC %s\r\n' % circ)))
stem.response.convert('EVENT', circ_message, arrived_at = 0)
circuits.append(circ_message)
return circuits
def new_circuit(self, path = None, purpose = 'general', await_build = False, timeout = None):
"""
Requests a new circuit. If the path isn't provided, one is automatically
selected.
.. versionchanged:: 1.7.0
Added the timeout argument.
:param list,str path: one or more relays to make a circuit through
:param str purpose: 'general' or 'controller'
:param bool await_build: blocks until the circuit is built if **True**
:param float timeout: seconds to wait when **await_build** is **True**
:returns: str of the circuit id of the newly created circuit
:raises:
* :class:`stem.ControllerError` if the call fails
* :class:`stem.Timeout` if **timeout** was reached
"""
return self.extend_circuit('0', path, purpose, await_build, timeout)
def extend_circuit(self, circuit_id = '0', path = None, purpose = 'general', await_build = False, timeout = None):
"""
Either requests the creation of a new circuit or extends an existing one.
When called with a circuit value of zero (the default) a new circuit is
created, and when non-zero the circuit with that id is extended. If the
path isn't provided, one is automatically selected.
A python interpreter session used to create circuits could look like this...
::
>>> controller.extend_circuit('0', ['718BCEA286B531757ACAFF93AE04910EA73DE617', '30BAB8EE7606CBD12F3CC269AE976E0153E7A58D', '2765D8A8C4BBA3F89585A9FFE0E8575615880BEB'])
19
>>> controller.extend_circuit('0')
20
>>> print(controller.get_info('circuit-status'))
20 EXTENDED $718BCEA286B531757ACAFF93AE04910EA73DE617=KsmoinOK,$649F2D0ACF418F7CFC6539AB2257EB2D5297BAFA=Eskimo BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2012-12-06T13:51:11.433755
19 BUILT $718BCEA286B531757ACAFF93AE04910EA73DE617=KsmoinOK,$30BAB8EE7606CBD12F3CC269AE976E0153E7A58D=Pascal1,$2765D8A8C4BBA3F89585A9FFE0E8575615880BEB=Anthracite PURPOSE=GENERAL TIME_CREATED=2012-12-06T13:50:56.969938
.. versionchanged:: 1.7.0
Added the timeout argument.
:param str circuit_id: id of a circuit to be extended
:param list,str path: one or more relays to make a circuit through, this is
required if the circuit id is non-zero
:param str purpose: 'general' or 'controller'
:param bool await_build: blocks until the circuit is built if **True**
:param float timeout: seconds to wait when **await_build** is **True**
:returns: str of the circuit id of the created or extended circuit
:raises:
* :class:`stem.InvalidRequest` if one of the parameters were invalid
* :class:`stem.CircuitExtensionFailed` if we were waiting for the circuit
to build but it failed
* :class:`stem.Timeout` if **timeout** was reached
* :class:`stem.ControllerError` if the call fails
"""
# Attaches a temporary listener for CIRC events if we'll be waiting for it
# to build. This is icky, but we can't reliably do this via polling since
# we then can't get the failure if it can't be created.
circ_queue, circ_listener = queue.Queue(), None
start_time = time.time()
if await_build:
def circ_listener(event):
circ_queue.put(event)
self.add_event_listener(circ_listener, EventType.CIRC)
try:
# we might accidently get integer circuit ids
circuit_id = str(circuit_id)
if path is None and circuit_id == '0':
path_opt_version = stem.version.Requirement.EXTENDCIRCUIT_PATH_OPTIONAL
if not self.get_version() >= path_opt_version:
raise stem.InvalidRequest(512, 'EXTENDCIRCUIT requires the path prior to version %s' % path_opt_version)
args = [circuit_id]
if stem.util._is_str(path):
path = [path]
if path:
args.append(','.join(path))
if purpose:
args.append('purpose=%s' % purpose)
response = self.msg('EXTENDCIRCUIT %s' % ' '.join(args))
stem.response.convert('SINGLELINE', response)
if response.code in ('512', '552'):
raise stem.InvalidRequest(response.code, response.message)
elif not response.is_ok():
raise stem.ProtocolError('EXTENDCIRCUIT returned unexpected response code: %s' % response.code)
if not response.message.startswith('EXTENDED '):
raise stem.ProtocolError('EXTENDCIRCUIT response invalid:\n%s', response)
new_circuit = response.message.split(' ', 1)[1]
if await_build:
while True:
circ = _get_with_timeout(circ_queue, timeout, start_time)
if circ.id == new_circuit:
if circ.status == CircStatus.BUILT:
break
elif circ.status == CircStatus.FAILED:
raise stem.CircuitExtensionFailed('Circuit failed to be created: %s' % circ.reason, circ)
elif circ.status == CircStatus.CLOSED:
raise stem.CircuitExtensionFailed('Circuit was closed prior to build', circ)
return new_circuit
finally:
if circ_listener:
self.remove_event_listener(circ_listener)
def repurpose_circuit(self, circuit_id, purpose):
"""
Changes a circuit's purpose. Currently, two purposes are recognized...
* general
* controller
:param str circuit_id: id of the circuit whose purpose is to be changed
:param str purpose: purpose (either 'general' or 'controller')
:raises: :class:`stem.InvalidArguments` if the circuit doesn't exist or if the purpose was invalid
"""
response = self.msg('SETCIRCUITPURPOSE %s purpose=%s' % (circuit_id, purpose))
stem.response.convert('SINGLELINE', response)
if not response.is_ok():
if response.code == '552':
raise stem.InvalidRequest(response.code, response.message)
else:
raise stem.ProtocolError('SETCIRCUITPURPOSE returned unexpected response code: %s' % response.code)
def close_circuit(self, circuit_id, flag = ''):
"""
Closes the specified circuit.
:param str circuit_id: id of the circuit to be closed
:param str flag: optional value to modify closing, the only flag available
is 'IfUnused' which will not close the circuit unless it is unused
:raises: :class:`stem.InvalidArguments` if the circuit is unknown
:raises: :class:`stem.InvalidRequest` if not enough information is provided
"""
response = self.msg('CLOSECIRCUIT %s %s' % (circuit_id, flag))
stem.response.convert('SINGLELINE', response)
if not response.is_ok():
if response.code in ('512', '552'):
if response.message.startswith('Unknown circuit '):
raise stem.InvalidArguments(response.code, response.message, [circuit_id])
raise stem.InvalidRequest(response.code, response.message)
else:
raise stem.ProtocolError('CLOSECIRCUIT returned unexpected response code: %s' % response.code)
@with_default()
def get_streams(self, default = UNDEFINED):
"""
get_streams(default = UNDEFINED)
Provides the list of streams tor is currently handling.
:param object default: response if the query fails
:returns: list of :class:`stem.response.events.StreamEvent` objects
:raises: :class:`stem.ControllerError` if the call fails and no default was
provided
"""
streams = []
response = self.get_info('stream-status')
for stream in response.splitlines():
message = stem.socket.recv_message(io.BytesIO(stem.util.str_tools._to_bytes('650 STREAM %s\r\n' % stream)))
stem.response.convert('EVENT', message, arrived_at = 0)
streams.append(message)
return streams
def attach_stream(self, stream_id, circuit_id, exiting_hop = None):
"""
Attaches a stream to a circuit.
Note: Tor attaches streams to circuits automatically unless the
__LeaveStreamsUnattached configuration variable is set to '1'
:param str stream_id: id of the stream that must be attached
:param str circuit_id: id of the circuit to which it must be attached
:param int exiting_hop: hop in the circuit where traffic should exit
:raises:
* :class:`stem.InvalidRequest` if the stream or circuit id were unrecognized
* :class:`stem.UnsatisfiableRequest` if the stream isn't in a state where it can be attached
* :class:`stem.OperationFailed` if the stream couldn't be attached for any other reason
"""
query = 'ATTACHSTREAM %s %s' % (stream_id, circuit_id)
if exiting_hop:
query += ' HOP=%s' % exiting_hop
response = self.msg(query)
stem.response.convert('SINGLELINE', response)
if not response.is_ok():
if response.code == '552':
raise stem.InvalidRequest(response.code, response.message)
elif response.code == '551':
raise stem.OperationFailed(response.code, response.message)
elif response.code == '555':
raise stem.UnsatisfiableRequest(response.code, response.message)
else:
raise stem.ProtocolError('ATTACHSTREAM returned unexpected response code: %s' % response.code)
def close_stream(self, stream_id, reason = stem.RelayEndReason.MISC, flag = ''):
"""
Closes the specified stream.
:param str stream_id: id of the stream to be closed
:param stem.RelayEndReason reason: reason the stream is closing
:param str flag: not currently used
:raises:
* :class:`stem.InvalidArguments` if the stream or reason are not recognized
* :class:`stem.InvalidRequest` if the stream and/or reason are missing
"""
# there's a single value offset between RelayEndReason.index_of() and the
# value that tor expects since tor's value starts with the index of one
response = self.msg('CLOSESTREAM %s %s %s' % (stream_id, stem.RelayEndReason.index_of(reason) + 1, flag))
stem.response.convert('SINGLELINE', response)
if not response.is_ok():
if response.code in ('512', '552'):
if response.message.startswith('Unknown stream '):
raise stem.InvalidArguments(response.code, response.message, [stream_id])
elif response.message.startswith('Unrecognized reason '):
raise stem.InvalidArguments(response.code, response.message, [reason])
raise stem.InvalidRequest(response.code, response.message)
else:
raise stem.ProtocolError('CLOSESTREAM returned unexpected response code: %s' % response.code)
def signal(self, signal):
"""
Sends a signal to the Tor client.
:param stem.Signal signal: type of signal to be sent
:raises:
* :class:`stem.ControllerError` if sending the signal failed
* :class:`stem.InvalidArguments` if signal provided wasn't recognized
"""
response = self.msg('SIGNAL %s' % signal)
stem.response.convert('SINGLELINE', response)
if response.is_ok():
if signal == stem.Signal.NEWNYM:
self._last_newnym = time.time()
else:
if response.code == '552':
raise stem.InvalidArguments(response.code, response.message, [signal])
raise stem.ProtocolError('SIGNAL response contained unrecognized status code: %s' % response.code)
def is_newnym_available(self):
"""
Indicates if tor would currently accept a NEWNYM signal. This can only
account for signals sent via this controller.
.. versionadded:: 1.2.0
:returns: **True** if tor would currently accept a NEWNYM signal, **False**
otherwise
"""
if self.is_alive():
return self.get_newnym_wait() == 0.0
else:
return False
def get_newnym_wait(self):
"""
Provides the number of seconds until a NEWNYM signal would be respected.
This can only account for signals sent via this controller.
.. versionadded:: 1.2.0
:returns: **float** for the number of seconds until tor would respect
another NEWNYM signal
"""
return max(0.0, self._last_newnym + 10 - time.time())
@with_default()
def get_effective_rate(self, default = UNDEFINED, burst = False):
"""
get_effective_rate(default = UNDEFINED, burst = False)
Provides the maximum rate this relay is configured to relay in bytes per
second. This is based on multiple torrc parameters if they're set...
* Effective Rate = min(BandwidthRate, RelayBandwidthRate, MaxAdvertisedBandwidth)
* Effective Burst = min(BandwidthBurst, RelayBandwidthBurst)
.. versionadded:: 1.3.0
:param object default: response if the query fails
:param bool burst: provides the burst bandwidth, otherwise this provides
the standard rate
:returns: **int** with the effective bandwidth rate in bytes per second
:raises: :class:`stem.ControllerError` if the call fails and no default was
provided
"""
if not burst:
attributes = ('BandwidthRate', 'RelayBandwidthRate', 'MaxAdvertisedBandwidth')
else:
attributes = ('BandwidthBurst', 'RelayBandwidthBurst')
value = None
for attr in attributes:
attr_value = int(self.get_conf(attr))
if attr_value == 0 and attr.startswith('Relay'):
continue # RelayBandwidthRate and RelayBandwidthBurst default to zero
value = min(value, attr_value) if value else attr_value
return value
def is_geoip_unavailable(self):
"""
Provides **True** if tor's geoip database is unavailable, **False**
otherwise.
.. versionchanged:: 1.6.0
No longer requires previously failed GETINFO requests to determine this.
.. deprecated:: 1.6.0
This is available as of Tor 0.3.2.1 through the following instead...
::
controller.get_info('ip-to-country/ipv4-available', 0) == '1'
:returns: **bool** indicating if we've determined tor's geoip database to
be unavailable or not
"""
if self._is_geoip_unavailable is None:
try:
self.get_info('ip-to-country/0.0.0.0')
self._is_geoip_unavailable = False
except stem.ControllerError as exc:
if 'GeoIP data not loaded' in str(exc):
self._is_geoip_unavailable = True
else:
return False # unexpected issue, fail open and don't cache
return self._is_geoip_unavailable
def map_address(self, mapping):
"""
Map addresses to replacement addresses. Tor replaces subseqent connections
to the original addresses with the replacement addresses.
If the original address is a null address, i.e., one of '0.0.0.0', '::0', or
'.' Tor picks an original address itself and returns it in the reply. If the
original address is already mapped to a different address the mapping is
removed.
:param dict mapping: mapping of original addresses to replacement addresses
:raises:
* :class:`stem.InvalidRequest` if the addresses are malformed
* :class:`stem.OperationFailed` if Tor couldn't fulfill the request
:returns: **dict** with 'original -> replacement' address mappings
"""
mapaddress_arg = ' '.join(['%s=%s' % (k, v) for (k, v) in list(mapping.items())])
response = self.msg('MAPADDRESS %s' % mapaddress_arg)
stem.response.convert('MAPADDRESS', response)
return response.entries
def drop_guards(self):
"""
Drops our present guard nodes and picks a new set.
.. versionadded:: 1.2.0
:raises: :class:`stem.ControllerError` if Tor couldn't fulfill the request
"""
if self.get_version() < stem.version.Requirement.DROPGUARDS:
raise stem.UnsatisfiableRequest(message = 'DROPGUARDS was added in tor version %s' % stem.version.Requirement.DROPGUARDS)
self.msg('DROPGUARDS')
def _post_authentication(self):
super(Controller, self)._post_authentication()
# try to re-attach event listeners to the new instance
with self._event_listeners_lock:
try:
failed_events = self._attach_listeners()[1]
if failed_events:
# remove our listeners for these so we don't keep failing
for event_type in failed_events:
del self._event_listeners[event_type]
logging_id = 'stem.controller.event_reattach-%s' % '-'.join(failed_events)
log.log_once(logging_id, log.WARN, 'We were unable to re-attach our event listeners to the new tor instance for: %s' % ', '.join(failed_events))
except stem.ProtocolError as exc:
log.warn('Unable to issue the SETEVENTS request to re-attach our listeners (%s)' % exc)
# issue TAKEOWNERSHIP if we're the owning process for this tor instance
owning_pid = self.get_conf('__OwningControllerProcess', None)
if owning_pid == str(os.getpid()) and self.is_localhost():
response = self.msg('TAKEOWNERSHIP')
stem.response.convert('SINGLELINE', response)
if response.is_ok():
# Now that tor is tracking our ownership of the process via the control
# connection, we can stop having it check for us via our pid.
try:
self.reset_conf('__OwningControllerProcess')
except stem.ControllerError as exc:
log.warn("We were unable to reset tor's __OwningControllerProcess configuration. It will continue to periodically check if our pid exists. (%s)" % exc)
else:
log.warn('We were unable assert ownership of tor through TAKEOWNERSHIP, despite being configured to be the owning process through __OwningControllerProcess. (%s)' % response)
def _handle_event(self, event_message):
try:
stem.response.convert('EVENT', event_message, arrived_at = time.time())
event_type = event_message.type
except stem.ProtocolError as exc:
log.error('Tor sent a malformed event (%s): %s' % (exc, event_message))
event_type = MALFORMED_EVENTS
with self._event_listeners_lock:
for listener_type, event_listeners in list(self._event_listeners.items()):
if listener_type == event_type:
for listener in event_listeners:
try:
listener(event_message)
except Exception as exc:
log.warn('Event listener raised an uncaught exception (%s): %s' % (exc, event_message))
def _attach_listeners(self):
"""
Attempts to subscribe to the self._event_listeners events from tor. This is
a no-op if we're not currently authenticated.
:returns: tuple of the form (set_events, failed_events)
:raises: :class:`stem.ControllerError` if unable to make our request to tor
"""
set_events, failed_events = [], []
with self._event_listeners_lock:
if self.is_authenticated():
# try to set them all
response = self.msg('SETEVENTS %s' % ' '.join(self._event_listeners.keys()))
if response.is_ok():
set_events = list(self._event_listeners.keys())
else:
# One of the following likely happened...
#
# * Our user attached listeners before having an authenticated
# connection, so we couldn't check if we met the version
# requirement.
#
# * User attached listeners to one tor instance, then connected us to
# an older tor instancce.
#
# * Some other controller hiccup (far less likely).
#
# See if we can set some subset of our events.
for event in list(self._event_listeners.keys()):
response = self.msg('SETEVENTS %s' % ' '.join(set_events + [event]))
if response.is_ok():
set_events.append(event)
else:
failed_events.append(event)
return (set_events, failed_events)
def _parse_circ_path(path):
"""
Parses a circuit path as a list of **(fingerprint, nickname)** tuples. Tor
circuit paths are defined as being of the form...
::
Path = LongName *("," LongName)
LongName = Fingerprint [ ( "=" / "~" ) Nickname ]
example:
$999A226EBED397F331B612FE1E4CFAE5C1F201BA=piyaz
... *unless* this is prior to tor version 0.2.2.1 with the VERBOSE_NAMES
feature turned off (or before version 0.1.2.2 where the feature was
introduced). In that case either the fingerprint or nickname in the tuple
will be **None**, depending on which is missing.
::
Path = ServerID *("," ServerID)
ServerID = Nickname / Fingerprint
example:
$E57A476CD4DFBD99B4EE52A100A58610AD6E80B9,hamburgerphone,PrivacyRepublic14
:param str path: circuit path to be parsed
:returns: list of **(fingerprint, nickname)** tuples, fingerprints do not have a proceeding '$'
:raises: :class:`stem.ProtocolError` if the path is malformed
"""
if path:
try:
return [_parse_circ_entry(entry) for entry in path.split(',')]
except stem.ProtocolError as exc:
# include the path with the exception
raise stem.ProtocolError('%s: %s' % (exc, path))
else:
return []
def _parse_circ_entry(entry):
"""
Parses a single relay's 'LongName' or 'ServerID'. See the
:func:`~stem.control._parse_circ_path` function for more information.
:param str entry: relay information to be parsed
:returns: **(fingerprint, nickname)** tuple
:raises: :class:`stem.ProtocolError` if the entry is malformed
"""
if '=' in entry:
# common case
fingerprint, nickname = entry.split('=')
elif '~' in entry:
# this is allowed for by the spec, but I've never seen it used
fingerprint, nickname = entry.split('~')
elif entry[0] == '$':
# old style, fingerprint only
fingerprint, nickname = entry, None
else:
# old style, nickname only
fingerprint, nickname = None, entry
if fingerprint is not None:
if not stem.util.tor_tools.is_valid_fingerprint(fingerprint, True):
raise stem.ProtocolError('Fingerprint in the circuit path is malformed (%s)' % fingerprint)
fingerprint = fingerprint[1:] # strip off the leading '$'
if nickname is not None and not stem.util.tor_tools.is_valid_nickname(nickname):
raise stem.ProtocolError('Nickname in the circuit path is malformed (%s)' % nickname)
return (fingerprint, nickname)
@with_default()
def _case_insensitive_lookup(entries, key, default = UNDEFINED):
"""
Makes a case insensitive lookup within a list or dictionary, providing the
first matching entry that we come across.
:param list,dict entries: list or dictionary to be searched
:param str key: entry or key value to look up
:param object default: value to be returned if the key doesn't exist
:returns: case insensitive match or default if one was provided and key wasn't found
:raises: **ValueError** if no such value exists
"""
if entries is not None:
if isinstance(entries, dict):
for k, v in list(entries.items()):
if k.lower() == key.lower():
return v
else:
for entry in entries:
if entry.lower() == key.lower():
return entry
raise ValueError("key '%s' doesn't exist in dict: %s" % (key, entries))
def _get_with_timeout(event_queue, timeout, start_time):
"""
Pulls an item from a queue with a given timeout.
"""
if timeout:
time_left = timeout - (time.time() - start_time)
if time_left <= 0:
raise stem.Timeout('Reached our %0.1f second timeout' % timeout)
try:
return event_queue.get(True, time_left)
except queue.Empty:
raise stem.Timeout('Reached our %0.1f second timeout' % timeout)
else:
return event_queue.get()