Grcov report - lib.rs

1

#![cfg_attr(docsrs, feature(doc_cfg))]

2

#![doc = include_str!("../README.md")]

3

// @@ begin lint list maintained by maint/add_warning @@

4

#![allow(renamed_and_removed_lints)] // @@REMOVE_WHEN(ci_arti_stable)

5

#![allow(unknown_lints)] // @@REMOVE_WHEN(ci_arti_nightly)

6

#![warn(missing_docs)]

7

#![warn(noop_method_call)]

8

#![warn(unreachable_pub)]

9

#![warn(clippy::all)]

10

#![deny(clippy::await_holding_lock)]

11

#![deny(clippy::cargo_common_metadata)]

12

#![deny(clippy::cast_lossless)]

13

#![deny(clippy::checked_conversions)]

14

#![warn(clippy::cognitive_complexity)]

15

#![deny(clippy::debug_assert_with_mut_call)]

16

#![deny(clippy::exhaustive_enums)]

17

#![deny(clippy::exhaustive_structs)]

18

#![deny(clippy::expl_impl_clone_on_copy)]

19

#![deny(clippy::fallible_impl_from)]

20

#![deny(clippy::implicit_clone)]

21

#![deny(clippy::large_stack_arrays)]

22

#![warn(clippy::manual_ok_or)]

23

#![deny(clippy::missing_docs_in_private_items)]

24

#![warn(clippy::needless_borrow)]

25

#![warn(clippy::needless_pass_by_value)]

26

#![warn(clippy::option_option)]

27

#![deny(clippy::print_stderr)]

28

#![deny(clippy::print_stdout)]

29

#![warn(clippy::rc_buffer)]

30

#![deny(clippy::ref_option_ref)]

31

#![warn(clippy::semicolon_if_nothing_returned)]

32

#![warn(clippy::trait_duplication_in_bounds)]

33

#![deny(clippy::unchecked_time_subtraction)]

34

#![deny(clippy::unnecessary_wraps)]

35

#![warn(clippy::unseparated_literal_suffix)]

36

#![deny(clippy::unwrap_used)]

37

#![deny(clippy::mod_module_files)]

38

#![allow(clippy::let_unit_value)] // This can reasonably be done for explicitness

39

#![allow(clippy::uninlined_format_args)]

40

#![allow(clippy::significant_drop_in_scrutinee)] // arti/-/merge_requests/588/#note_2812945

41

#![allow(clippy::result_large_err)] // temporary workaround for arti#587

42

#![allow(clippy::needless_raw_string_hashes)] // complained-about code is fine, often best

43

#![allow(clippy::needless_lifetimes)] // See arti#1765

44

#![allow(mismatched_lifetime_syntaxes)] // temporary workaround for arti#2060

45

#![allow(clippy::collapsible_if)] // See arti#2342

46

#![deny(clippy::unused_async)]

47

//! <!-- @@ end lint list maintained by maint/add_warning @@ -->

48

49

// TODO #1645 (either remove this, or decide to have it everywhere)

50

#![cfg_attr(not(all(feature = "full", feature = "experimental")), allow(unused))]

51

// Overrides specific to this crate:

52

#![allow(clippy::print_stderr)]

53

#![allow(clippy::print_stdout)]

54

55

mod subcommands;

56

57

/// Helper:

58

/// Declare a series of modules as public if experimental_api is set,

59

/// and as non-public otherwise.

60

//

61

// TODO: We'd like to use visibility::make(pub) here, but it doesn't

62

// work on modules.

63

macro_rules! semipublic_mod {

64

65

$(

66

            $( #[$meta:meta] )*

67

            $dflt_vis:vis mod $name:ident ;

68

)*

69

    }  => {

70

$(

71

            cfg_if::cfg_if! {

72

                if #[cfg(feature="experimental-api")] {

73

                   $( #[$meta])*

74

                   pub mod $name;

75

                } else {

76

                   $( #[$meta])*

77

                   $dflt_vis mod $name;

78

79

80

)*

81

82

83

84

/// Helper:

85

/// Import a set of items as public if experimental_api is set,

86

/// and as non-public otherwise.

87

macro_rules! semipublic_use {

88

89

        $dflt_vis:vis use $($tok:tt)+

90

    } => {

91

        cfg_if::cfg_if! {

92

            if #[cfg(feature="experimental-api")] {

93

                pub use $($tok)+

94

            } else {

95

                $dflt_vis use $($tok)+

96

97

98

99

100

101

semipublic_mod! {

102

    mod cfg;

103

    #[cfg(feature = "dns-proxy")]

104

    mod dns;

105

    mod exit;

106

    mod logging;

107

    #[cfg(feature="onion-service-service")]

108

    mod onion_proxy;

109

    mod process;

110

    mod reload_cfg;

111

    mod proxy;

112

113

114

cfg_if::cfg_if! {

115

    if #[cfg(all(feature="experimental-api", feature="rpc"))] {

116

        pub mod rpc;

117

    } else if #[cfg(all(feature="experimental-api", not(feature="rpc")))] {

118

        #[path = "rpc_stub.rs"]

119

        pub mod rpc;

120

    } else if #[cfg(feature = "rpc")] {

121

        mod rpc;

122

    } else {

123

        #[path = "rpc_stub.rs"]

124

        mod rpc;

125

126

127

128

use std::ffi::OsString;

129

use std::fmt::Write;

130

131

semipublic_use! {

132

    use cfg::{

133

        ARTI_EXAMPLE_CONFIG, ApplicationConfig, ApplicationConfigBuilder, ArtiCombinedConfig,

134

        ArtiConfig, ArtiConfigBuilder, ProxyConfig, ProxyConfigBuilder, SystemConfig,

135

        SystemConfigBuilder,

136

};

137

138

semipublic_use! {

139

    use logging::{LoggingConfig, LoggingConfigBuilder};

140

141

142

use arti_client::TorClient;

143

use arti_client::config::default_config_files;

144

use safelog::with_safe_logging_suppressed;

145

use tor_config::ConfigurationSources;

146

use tor_config::mistrust::BuilderExt as _;

147

use tor_rtcompat::ToplevelRuntime;

148

149

use anyhow::{Context, Error, Result};

150

use clap::{Arg, ArgAction, Command, value_parser};

151

#[allow(unused_imports)]

152

use tracing::{error, info, instrument, warn};

153

154

#[cfg(any(

155

    feature = "hsc",

156

    feature = "onion-service-service",

157

    feature = "onion-service-cli-extra",

158

))]

159

use clap::Subcommand as _;

160

161

#[cfg(feature = "experimental-api")]

162

#[cfg_attr(docsrs, doc(cfg(feature = "experimental-api")))]

163

pub use subcommands::proxy::run_proxy;

164

165

/// Return an appropriate CryptoProvider for use with rustls.

166

#[allow(dead_code)]

167

#[cfg(feature = "rustls-base")]

168

fn rustls_crypto_provider() -> rustls_crate::crypto::CryptoProvider {

169

    cfg_if::cfg_if! {

170

        if #[cfg(feature = "rustls-aws-lc-rs")] {

171

            rustls_crate::crypto::aws_lc_rs::default_provider()

172

        } else if #[cfg(feature = "rustls-ring")]{

173

            rustls_crate::crypto::ring::default_provider()

174

        } else {

175

            compile_error!(r#"When building with rustls, you must select "rustls-aws-lc-rs" or "rustls-ring". \

176

                              "rustls" is an alias for one of these."#);

177

            // The rustls feature is just an alias for "rustls-aws-lc-rs".

178

179

180

181

182

/// Create a runtime for Arti to use.

183

360

fn create_runtime() -> std::io::Result<impl ToplevelRuntime> {

184

    cfg_if::cfg_if! {

185

        if #[cfg(all(feature="tokio", feature="native-tls"))] {

186

            use tor_rtcompat::tokio::TokioNativeTlsRuntime as ChosenRuntime;

187

        } else if #[cfg(all(feature="tokio", feature="rustls-base"))] {

188

            use tor_rtcompat::tokio::TokioRustlsRuntime as ChosenRuntime;

189

            // Note: See comments in tor_rtcompat::impls::rustls::RustlsProvider

190

            // about choice of default crypto provider.

191

            let _idempotent_ignore = rustls_crate::crypto::CryptoProvider::install_default(

192

                rustls_crypto_provider()

193

);

194

        } else if #[cfg(all(feature="async-std", feature="native-tls"))] {

195

            use tor_rtcompat::async_std::AsyncStdNativeTlsRuntime as ChosenRuntime;

196

        } else if #[cfg(all(feature="async-std", feature="rustls-base"))] {

197

            use tor_rtcompat::async_std::AsyncStdRustlsRuntime as ChosenRuntime;

198

            // Note: See comments in tor_rtcompat::impls::rustls::RustlsProvider

199

            // about choice of default crypto provider.

200

            let _idempotent_ignore = rustls_crate::crypto::CryptoProvider::install_default(

201

                rustls_crypto_provider()

202

);

203

        } else {

204

            compile_error!("You must configure both an async runtime and a TLS stack. See doc/TROUBLESHOOTING.md for more.");

205

206

207

360

    ChosenRuntime::create()

208

360

209

210

/// Return a (non-exhaustive) array of enabled Cargo features, for version printing purposes.

211

360

fn list_enabled_features() -> &'static [&'static str] {

212

    // HACK(eta): We can't get this directly, so we just do this awful hack instead.

213

    // Note that we only list features that aren't about the runtime used, since that already

214

    // gets printed separately.

215

360

&[

216

360

        #[cfg(feature = "journald")]

217

360

        "journald",

218

360

        #[cfg(any(feature = "static-sqlite", feature = "static"))]

219

360

        "static-sqlite",

220

360

        #[cfg(any(feature = "static-native-tls", feature = "static"))]

221

360

        "static-native-tls",

222

360

223

360

224

225

/// Inner function, to handle a set of CLI arguments and return a single

226

/// `Result<()>` for convenient handling.

227

///

228

/// # ⚠️ Warning! ⚠️

229

///

230

/// If your program needs to call this function, you are setting yourself up for

231

/// some serious maintenance headaches.  See discussion on [`main`] and please

232

/// reach out to help us build you a better API.

233

///

234

/// # Panics

235

///

236

/// Currently, might panic if wrong arguments are specified.

237

360

#[cfg_attr(feature = "experimental-api", visibility::make(pub))]

238

360

#[allow(clippy::cognitive_complexity)]

239

360

#[instrument(skip_all, level = "trace")]

240

360

fn main_main<I, T>(cli_args: I) -> Result<()>

241

360

where

242

360

    I: IntoIterator<Item = T>,

243

360

    T: Into<std::ffi::OsString> + Clone,

244

245

    // We describe a default here, rather than using `default()`, because the

246

    // correct behavior is different depending on whether the filename is given

247

    // explicitly or not.

248

360

    let mut config_file_help = "Specify which config file(s) to read.".to_string();

249

360

    if let Ok(default) = default_config_files() {

250

360

        // If we couldn't resolve the default config file, then too bad.  If something

251

360

        // actually tries to use it, it will produce an error, but don't fail here

252

360

        // just for that reason.

253

360

        write!(config_file_help, " Defaults to {:?}", default).expect("Can't write to string");

254

360

255

256

360

    let runtime = create_runtime()?;

257

258

    // Configure tor-log-ratelim early before we begin logging.

259

360

    tor_log_ratelim::install_runtime(runtime.clone())

260

360

        .context("Failed to initialize tor-log-ratelim")?;

261

262

    // Use the runtime's `Debug` impl to describe it for the version string.

263

360

    let features = list_enabled_features();

264

360

    let long_version = format!(

265

        "{}\nusing runtime: {:?}\noptional features: {}",

266

        env!("CARGO_PKG_VERSION"),

267

        runtime,

268

360

        if features.is_empty() {

269

            "<none>".into()

270

        } else {

271

360

            features.join(", ")

272

273

);

274

275

360

    let clap_app = Command::new("Arti")

276

            // HACK(eta): clap generates "arti [OPTIONS] <SUBCOMMAND>" for this usage string by

277

            //            default, but then fails to parse options properly if you do put them

278

            //            before the subcommand.

279

            //            We just declare all options as `global` and then require them to be

280

            //            put after the subcommand, hence this new usage string.

281

360

            .override_usage("arti <SUBCOMMAND> [OPTIONS]")

282

360

            .arg(

283

360

                Arg::new("config-files")

284

360

                    .short('c')

285

360

                    .long("config")

286

360

                    .action(ArgAction::Set)

287

360

                    .value_name("FILE")

288

360

                    .value_parser(value_parser!(OsString))

289

360

                    .action(ArgAction::Append)

290

                    // NOTE: don't forget the `global` flag on all arguments declared at this level!

291

360

                    .global(true)

292

360

                    .help(config_file_help),

293

294

360

            .arg(

295

360

                Arg::new("option")

296

360

                    .short('o')

297

360

                    .action(ArgAction::Set)

298

360

                    .value_name("KEY=VALUE")

299

360

                    .action(ArgAction::Append)

300

360

                    .global(true)

301

360

                    .help("Override config file parameters, using TOML-like syntax."),

302

303

360

            .arg(

304

360

                Arg::new("loglevel")

305

360

                    .short('l')

306

360

                    .long("log-level")

307

360

                    .global(true)

308

360

                    .action(ArgAction::Set)

309

360

                    .value_name("LEVEL")

310

360

                    .help("Override the log level (usually one of 'trace', 'debug', 'info', 'warn', 'error')."),

311

312

360

            .arg(

313

360

                Arg::new("disable-fs-permission-checks")

314

360

                    .long("disable-fs-permission-checks")

315

360

                    .global(true)

316

360

                    .action(ArgAction::SetTrue)

317

360

                    .help("Don't check permissions on the files we use."),

318

319

360

            .subcommand(

320

360

                Command::new("proxy")

321

360

                    .about(

322

                        "Run Arti in proxy mode, proxying connections through the Tor network.",

323

324

360

                    .arg(

325

                        // TODO: Allow a proxy-port alias for this too, once http-connect is stable.

326

360

                        Arg::new("socks-port")

327

360

                            .short('p')

328

360

                            .action(ArgAction::Set)

329

360

                            .value_name("PORT")

330

360

                            .value_parser(clap::value_parser!(u16))

331

360

                            .help(r#"Localhost port to listen on for SOCKS connections (0 means "disabled"; overrides addresses in the config if specified)."#)

332

333

360

                    .arg(

334

360

                        Arg::new("dns-port")

335

360

                            .short('d')

336

360

                            .action(ArgAction::Set)

337

360

                            .value_name("PORT")

338

360

                            .value_parser(clap::value_parser!(u16))

339

360

                            .help(r#"Localhost port to listen on for DNS requests (0 means "disabled"; overrides addresses in the config if specified)."#)

340

341

342

360

            .subcommand_required(true)

343

360

            .arg_required_else_help(true);

344

345

    // When adding a subcommand, it may be necessary to add an entry in

346

    // `maint/check-cli-help`, to the function `help_arg`.

347

348

    cfg_if::cfg_if! {

349

        if #[cfg(feature = "onion-service-service")] {

350

360

            let clap_app = subcommands::hss::HssSubcommands::augment_subcommands(clap_app);

351

352

353

354

    cfg_if::cfg_if! {

355

        if #[cfg(feature = "hsc")] {

356

360

            let clap_app = subcommands::hsc::HscSubcommands::augment_subcommands(clap_app);

357

358

359

360

    cfg_if::cfg_if! {

361

        if #[cfg(feature = "onion-service-cli-extra")] {

362

360

            let clap_app = subcommands::keys::KeysSubcommands::augment_subcommands(clap_app);

363

360

            let clap_app = subcommands::raw::RawSubcommands::augment_subcommands(clap_app);

364

365

366

367

360

    let clap_app = clap_app

368

360

        .version(env!("CARGO_PKG_VERSION"))

369

360

        .long_version(long_version)

370

360

        .author("The Tor Project Developers")

371

360

        .about("A Rust Tor implementation.");

372

373

    // Tracing doesn't log anything when there is no subscriber set.  But we want to see

374

    // logging messages from config parsing etc.  We can't set the global default subscriber

375

    // because we can only set it once.  The other ways involve a closure.  So we have a

376

    // closure for all the startup code which runs *before* we set the logging properly.

377

//

378

    // There is no cooked way to print our program name, so we do it like this.  This

379

    // closure is called to "make" a "Writer" for each message, so it runs at the right time:

380

    // before each message.

381

360

    let pre_config_logging_writer = || {

382

        // Weirdly, with .without_time(), tracing produces messages with a leading space.

383

132

        eprint!("arti:");

384

132

        std::io::stderr()

385

132

};

386

360

    let pre_config_logging = tracing_subscriber::fmt()

387

360

        .without_time()

388

360

        .with_writer(pre_config_logging_writer)

389

360

        .finish();

390

360

    let pre_config_logging = tracing::Dispatch::new(pre_config_logging);

391

360

    let pre_config_logging_ret = tracing::dispatcher::with_default(&pre_config_logging, || {

392

360

        let matches = clap_app.try_get_matches_from(cli_args)?;

393

394

306

        let fs_mistrust_disabled = matches.get_flag("disable-fs-permission-checks");

395

396

        // A Mistrust object to use for loading our configuration.  Elsewhere, we

397

        // use the value _from_ the configuration.

398

306

        let cfg_mistrust = if fs_mistrust_disabled {

399

            fs_mistrust::Mistrust::new_dangerously_trust_everyone()

400

        } else {

401

306

            fs_mistrust::MistrustBuilder::default()

402

306

                .build_for_arti()

403

306

                .expect("Could not construct default fs-mistrust")

404

};

405

406

306

        let mut override_options: Vec<String> = matches

407

306

            .get_many::<String>("option")

408

306

            .unwrap_or_default()

409

306

            .cloned()

410

306

            .collect();

411

306

        if fs_mistrust_disabled {

412

            override_options.push("storage.permissions.dangerously_trust_everyone=true".to_owned());

413

306

414

415

306

        let cfg_sources = {

416

306

            let mut cfg_sources = ConfigurationSources::try_from_cmdline(

417

                || default_config_files().context("identify default config file locations"),

418

306

                matches

419

306

                    .get_many::<OsString>("config-files")

420

306

                    .unwrap_or_default(),

421

306

                override_options,

422

)?;

423

306

            cfg_sources.set_mistrust(cfg_mistrust);

424

306

            cfg_sources

425

};

426

427

306

        let cfg = cfg_sources.load()?;

428

306

        let (config, client_config) =

429

306

            tor_config::resolve::<ArtiCombinedConfig>(cfg).context("read configuration")?;

430

431

306

        let log_mistrust = client_config.fs_mistrust().clone();

432

433

306

        Ok::<_, Error>((matches, cfg_sources, config, client_config, log_mistrust))

434

360

    })?;

435

    // Sadly I don't seem to be able to persuade rustfmt to format the two lists of

436

    // variable names identically.

437

306

    let (matches, cfg_sources, config, client_config, log_mistrust) = pre_config_logging_ret;

438

439

306

    let _log_guards = logging::setup_logging(

440

306

        config.logging(),

441

306

        &log_mistrust,

442

306

        client_config.as_ref(),

443

306

        matches.get_one::<String>("loglevel").map(|s| s.as_str()),

444

)?;

445

446

306

    if !config.application().allow_running_as_root {

447

        process::exit_if_root();

448

306

449

450

    #[cfg(feature = "harden")]

451

306

    if !config.application().permit_debugging {

452

306

        if let Err(e) = process::enable_process_hardening() {

453

            error!(

454

                "Encountered a problem while enabling hardening. To disable this feature, set application.permit_debugging to true."

455

);

456

            return Err(e);

457

306

458

459

460

    // Check for the "proxy" subcommand.

461

306

    if let Some(proxy_matches) = matches.subcommand_matches("proxy") {

462

        return subcommands::proxy::run(runtime, proxy_matches, cfg_sources, config, client_config);

463

306

464

465

    // Check for the optional "keys" and "keys-raw" subcommand.

466

    cfg_if::cfg_if! {

467

        if #[cfg(feature = "onion-service-cli-extra")] {

468

306

            if let Some(keys_matches) = matches.subcommand_matches("keys") {

469

60

                return subcommands::keys::run(runtime, keys_matches, &config, &client_config);

470

246

            } else if let Some(raw_matches) = matches.subcommand_matches("keys-raw") {

471

                return subcommands::raw::run(runtime, raw_matches, &client_config);

472

246

473

474

475

476

    // Check for the optional "hss" subcommand.

477

    cfg_if::cfg_if! {

478

        if #[cfg(feature = "onion-service-service")] {

479

246

            if let Some(hss_matches) = matches.subcommand_matches("hss") {

480

114

                return subcommands::hss::run(runtime, hss_matches, &config, &client_config);

481

132

482

483

484

485

    // Check for the optional "hsc" subcommand.

486

    cfg_if::cfg_if! {

487

        if #[cfg(feature = "hsc")] {

488

132

            if let Some(hsc_matches) = matches.subcommand_matches("hsc") {

489

132

                return subcommands::hsc::run(runtime, hsc_matches, &client_config);

490

491

492

493

494

    panic!("Subcommand added to clap subcommand list, but not yet implemented");

495

360

496

497

/// Main program, callable directly from a binary crate's `main`

498

///

499

/// This function behaves the same as `main_main()`, except:

500

///   * It takes command-line arguments from `std::env::args_os` rather than

501

///     from an argument.

502

///   * It exits the process with an appropriate error code on error.

503

///

504

/// # ⚠️ Warning ⚠️

505

///

506

/// Calling this function, or the related experimental function `main_main`, is

507

/// probably a bad idea for your code.  It means that you are invoking Arti as

508

/// if from the command line, but keeping it embedded inside your process. Doing

509

/// this will block your process take over handling for several signal types,

510

/// possibly disable debugger attachment, and a lot more junk that a library

511

/// really has no business doing for you.  It is not designed to run in this

512

/// way, and may give you strange results.

513

///

514

/// If the functionality you want is available in [`arti_client`] crate, or from

515

/// a *non*-experimental API in this crate, it would be better for you to use

516

/// that API instead.

517

///

518

/// Alternatively, if you _do_ need some underlying function from the `arti`

519

/// crate, it would be better for all of us if you had a stable interface to that

520

/// function. Please reach out to the Arti developers, so we can work together

521

/// to get you the stable API you need.

522

360

pub fn main() {

523

360

    match main_main(std::env::args_os()) {

524

210

        Ok(()) => {}

525

150

        Err(e) => {

526

            use arti_client::HintableError;

527

150

            if let Some(hint) = e.hint() {

528

                info!("{}", hint);

529

150

530

531

150

            match e.downcast_ref::<clap::Error>() {

532

54

                Some(clap_err) => clap_err.exit(),

533

112

                None => with_safe_logging_suppressed(|| tor_error::report_and_exit(e)),

534

535

536

537

306