mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-20 10:12:15 +01:00
Code Issues Projects Releases Wiki Activity

link nicknames to trusted directory servers; log these nicknames when mentioning servers; also, when we get a naming conflict; log which nicknames or keys are supposed to bind.

Browse Source 
svn:r5184
This commit is contained in:
Nick Mathewson 2005-10-04 21:21:09 +00:00
parent b10df0d595
commit 2d203fdcf3
6 changed files with 84 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/tor.1.in
View File

@ -83,7 +83,7 @@ their current liveness status. A value of "0 seconds" tells Tor to choose an
appropriate default. (Default: 1 hour for clients, 20 minutes for servers)
.LP
.TP
\fBDirServer \fR[v1] \fIaddress:port fingerprint\fP
\fBDirServer \fR[\fInickname\fR] [\fBv1\fR] \fIaddress\fR\fB:\fIport fingerprint\fP
Use a nonstandard authoritative directory server at the provided
address and port, with the specified key fingerprint. This option can
be repeated many times, for multiple authoritative directory

6
src/config/torrc.complete.in
View File

@ -77,9 +77,9 @@
## uncommenting these lines is a bad idea. They are the defaults now,
## but the defaults may change in the future, leaving you behind.
##
#DirServer v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
#DirServer v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
#DirServer v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
#DirServer moria1 v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
#DirServer moria2 v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
#DirServer tor26 v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
## On startup, setgid to this user.
#Group GID

51
src/or/config.c
View File

@ -1313,15 +1313,12 @@ option_reset(config_format_t *fmt, or_options_t *options,
static void
add_default_trusted_dirservers(or_options_t *options)
{
/* moria1 */
config_line_append(&options->DirServers, "DirServer",
"v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441");
/* moria2 */
"moria1 v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441");
config_line_append(&options->DirServers, "DirServer",
"v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF");
/* tor26 */
"moria2 v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF");
config_line_append(&options->DirServers, "DirServer",
"v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D");
"tor26 v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D");
// "tor.noreply.org:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D");
}
@ -2871,23 +2868,31 @@ static int
parse_dir_server_line(const char *line, int validate_only)
{
smartlist_t *items = NULL;
int r;
char *addrport, *address=NULL;
int r, idx;
char *addrport, *address=NULL, *nickname=NULL, *fingerprint=NULL;
uint16_t port;
char digest[DIGEST_LEN];
int supports_v1 = 1; /*XXXX011 change default when clients support v2. */
while (TOR_ISSPACE(*line))
++line;
if (!strcmpstart(line, "v1 ")) {
line += 3;
supports_v1 = 1;
}
items = smartlist_create();
smartlist_split_string(items, line, NULL,
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
if (smartlist_len(items) < 2) {
}
idx = 0;
if (is_legal_nickname(smartlist_get(items, 0))) {
nickname = smartlist_get(items, 0);
smartlist_del_keeporder(items, 0);
}
if (!strcmp(smartlist_get(items, 0), "v1")) {
char *v1 = smartlist_get(items, 0);
tor_free(v1);
supports_v1 = 1;
smartlist_del_keeporder(items, 0);
}
if (smartlist_len(items) < 2) {
log_fn(LOG_WARN, "Too few arguments to DirServer line.");
goto err;
@ -2901,14 +2906,14 @@ parse_dir_server_line(const char *line, int validate_only)
log_fn(LOG_WARN, "Missing port in DirServer address '%s'",addrport);
goto err;
}
smartlist_del_keeporder(items, 0);
tor_strstrip(smartlist_get(items, 1), " ");
if (strlen(smartlist_get(items, 1)) != HEX_DIGEST_LEN) {
fingerprint = smartlist_join_strings(items, "", 0, NULL);
if (strlen(fingerprint) != HEX_DIGEST_LEN) {
log_fn(LOG_WARN, "Key digest for DirServer is wrong length.");
goto err;
}
if (base16_decode(digest, DIGEST_LEN,
smartlist_get(items,1), HEX_DIGEST_LEN)<0) {
if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
log_fn(LOG_WARN, "Unable to decode DirServer key digest.");
goto err;
}
@ -2916,7 +2921,7 @@ parse_dir_server_line(const char *line, int validate_only)
if (!validate_only) {
log_fn(LOG_DEBUG, "Trusted dirserver at %s:%d (%s)", address, (int)port,
(char*)smartlist_get(items,1));
add_trusted_dir_server(address, port, digest, supports_v1);
add_trusted_dir_server(nickname, address, port, digest, supports_v1);
}
r = 0;
@ -2929,6 +2934,8 @@ parse_dir_server_line(const char *line, int validate_only)
SMARTLIST_FOREACH(items, char*, s, tor_free(s));
smartlist_free(items);
tor_free(address);
tor_free(nickname);
tor_free(fingerprint);
return r;
}

5
src/or/or.h
View File

@ -2062,6 +2062,8 @@ void router_free_all_keys(void);
/** Represents information about a single trusted directory server. */
typedef struct trusted_dir_server_t {
char *description;
char *nickname;
char *address; /**< Hostname */
uint32_t addr; /**< IPv4 address */
uint16_t dir_port; /**< Directory port */
@ -2138,7 +2140,8 @@ int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port,
int need_uptime);
int router_exit_policy_rejects_all(routerinfo_t *router);
void add_trusted_dir_server(const char *addr, uint16_t port,
void add_trusted_dir_server(const char *nickname,
const char *addr, uint16_t port,
const char *digest, int supports_v1);
void clear_trusted_dir_servers(void);
networkstatus_t *networkstatus_get_by_digest(const char *digest);

3
src/or/router.c
View File

@ -370,7 +370,8 @@ init_keys(void)
/* 6b. [authdirserver only] add own key to approved directories. */
crypto_pk_get_digest(get_identity_key(), digest);
if (!router_digest_is_trusted_dir(digest)) {
add_trusted_dir_server(NULL, (uint16_t)options->DirPort, digest,
add_trusted_dir_server(options->Nickname, NULL,
(uint16_t)options->DirPort, digest,
options->V1AuthoritativeDir);
}
/* success */

67
src/or/routerlist.c
View File

@ -1416,7 +1416,7 @@ router_set_networkstatus(const char *s, time_t arrived_at,
format_iso_time(published, ns->published_on);
if (ns->published_on > now + NETWORKSTATUS_ALLOW_SKEW) {
log_fn(LOG_WARN, "Network status was published in the future (%s GMT). Somebody is skewed here: check your clock. Not caching.", published);
log_fn(LOG_WARN, "Network status from %s was published in the future (%s GMT). Somebody is skewed here: check your clock. Not caching.", trusted_dir->description, published);
skewed = 1;
}
@ -1455,8 +1455,8 @@ router_set_networkstatus(const char *s, time_t arrived_at,
/* Same one we had before. */
networkstatus_free(ns);
log_fn(LOG_NOTICE,
"Dropping network-status from %s:%d (published %s); already have it.",
trusted_dir->address, trusted_dir->dir_port, published);
"Dropping network-status from %s (published %s); already have it.",
trusted_dir->description, published);
if (old_ns->received_on < arrived_at) {
if (source != NS_FROM_CACHE) {
char *fn = networkstatus_get_cache_filename(old_ns);
@ -1471,9 +1471,9 @@ router_set_networkstatus(const char *s, time_t arrived_at,
char old_published[ISO_TIME_LEN+1];
format_iso_time(old_published, old_ns->published_on);
log_fn(LOG_NOTICE,
"Dropping network-status from %s:%d (published %s);"
"Dropping network-status from %s (published %s);"
" we have a newer one (published %s) for this authority.",
trusted_dir->address, trusted_dir->dir_port, published,
trusted_dir->description, published,
old_published);
networkstatus_free(ns);
return 0;
@ -1490,10 +1490,10 @@ router_set_networkstatus(const char *s, time_t arrived_at,
smartlist_add(networkstatus_list, ns);
/*XXXX011 downgrade to INFO NM */
log_fn(LOG_NOTICE, "Setting networkstatus %s %s:%d (published %s)",
log_fn(LOG_NOTICE, "Setting networkstatus %s %s (published %s)",
source == NS_FROM_CACHE?"cached from":
(source==NS_FROM_DIR?"downloaded from":"generated for"),
trusted_dir->address, trusted_dir->dir_port, published);
trusted_dir->description, published);
networkstatus_list_has_changed = 1;
smartlist_sort(networkstatus_list, _compare_networkstatus_published_on);
@ -1699,11 +1699,10 @@ update_networkstatus_client_downloads(time_t now)
/* Also, download at least 1 every NETWORKSTATUS_CLIENT_DL_INTERVAL. */
if (n_running_dirservers &&
most_recent_received < now-NETWORKSTATUS_CLIENT_DL_INTERVAL && needed < 1) {
const char *addr = most_recent?most_recent->address:"nobody";
int port = most_recent?most_recent->dir_port:0;
log_fn(LOG_NOTICE, "Our most recent network-status document (from %s:%d) "
log_fn(LOG_NOTICE, "Our most recent network-status document (from %s) "
"is %d seconds old; downloading another.",
addr, port, (int)(now-most_recent_received));
most_recent?most_recent->description:"nobody",
(int)(now-most_recent_received));
needed = 1;
}
@ -1932,12 +1931,13 @@ router_exit_policy_rejects_all(routerinfo_t *router)
* <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If
* <b>address</b> is NULL, add ourself. */
void
add_trusted_dir_server(const char *address, uint16_t port, const char *digest,
int supports_v1)
add_trusted_dir_server(const char *nickname, const char *address,
uint16_t port, const char *digest, int supports_v1)
{
trusted_dir_server_t *ent;
uint32_t a;
char *hostname = NULL;
size_t dlen;
if (!trusted_dir_servers)
trusted_dir_servers = smartlist_create();
@ -1957,12 +1957,23 @@ add_trusted_dir_server(const char *address, uint16_t port, const char *digest,
}
ent = tor_malloc_zero(sizeof(trusted_dir_server_t));
ent->nickname = nickname ? tor_strdup(nickname) : NULL;
ent->address = hostname;
ent->addr = a;
ent->dir_port = port;
ent->is_running = 1;
ent->supports_v1_protocol = supports_v1;
memcpy(ent->digest, digest, DIGEST_LEN);
dlen = 64 + strlen(hostname) + (nickname?strlen(nickname):0);
ent->description = tor_malloc(dlen);
if (nickname)
tor_snprintf(ent->description, dlen, "directory server \"%s\" at %s:%d",
nickname, hostname, (int)port);
else
tor_snprintf(ent->description, dlen, "directory server at %s:%d",
hostname, (int)port);
smartlist_add(trusted_dir_servers, ent);
}
@ -1972,7 +1983,12 @@ clear_trusted_dir_servers(void)
{
if (trusted_dir_servers) {
SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ent,
{ tor_free(ent->address); tor_free(ent); });
{
tor_free(ent->nickname);
tor_free(ent->description);
tor_free(ent->address);
tor_free(ent);
});
smartlist_clear(trusted_dir_servers);
} else {
trusted_dir_servers = smartlist_create();
@ -2116,13 +2132,16 @@ networkstatus_list_update_recent(time_t now)
changed = 0;
for (i=n_statuses-1; i >= 0; --i) {
networkstatus_t *ns = smartlist_get(networkstatus_list, i);
trusted_dir_server_t *ds =
router_get_trusteddirserver_by_digest(ns->identity_digest);
const char *src = ds?ds->description:ns->source_address;
if (n_recent < MIN_TO_INFLUENCE_RUNNING ||
ns->published_on + DEFAULT_RUNNING_INTERVAL > now) {
if (!ns->is_recent) {
format_iso_time(published, ns->published_on);
log_fn(LOG_NOTICE,
"Networkstatus from %s:%d (published %s) is now \"recent\"",
ns->source_address, ns->source_dirport, published);
"Networkstatus from %s (published %s) is now \"recent\"",
src, published);
changed = 1;
}
ns->is_recent = 1;
@ -2131,8 +2150,8 @@ networkstatus_list_update_recent(time_t now)
if (ns->is_recent) {
format_iso_time(published, ns->published_on);
log_fn(LOG_NOTICE,
"Networkstatus from %s:%d (published %s) is no longer \"recent\"",
ns->source_address, ns->source_dirport, published);
"Networkstatus from %s (published %s) is no longer \"recent\"",
src, published);
changed = 1;
ns->is_recent = 0;
}
@ -2211,9 +2230,13 @@ routerstatus_list_update_from_networkstatus(time_t now)
else if (memcmp(other_digest, rs->identity_digest, DIGEST_LEN) &&
other_digest != conflict) {
/*XXXX011 rate-limit this?*/
char fp1[HEX_DIGEST_LEN+1];
char fp2[HEX_DIGEST_LEN+1];
base16_encode(fp1, sizeof(fp1), other_digest, DIGEST_LEN);
base16_encode(fp2, sizeof(fp2), rs->identity_digest, DIGEST_LEN);
log_fn(LOG_WARN,
"Naming authorities disagree about which key goes with %s.",
rs->nickname);
"Naming authorities disagree about which key goes with %s. ($%s vs $%s)",
rs->nickname, fp1, fp2);
strmap_set_lc(name_map, rs->nickname, conflict);
}
});
@ -2275,8 +2298,8 @@ routerstatus_list_update_from_networkstatus(time_t now)
} else if (strcmp(the_name,"**mismatch**")) {
char hd[HEX_DIGEST_LEN+1];
base16_encode(hd, HEX_DIGEST_LEN+1, rs->identity_digest, DIGEST_LEN);
log_fn(LOG_WARN, "Naming authorities disagree about nicknames for $%s",
hd);
log_fn(LOG_WARN, "Naming authorities disagree about nicknames for $%s (\"%s\" vs \"%s\")",
hd, the_name, rs->nickname);
the_name = "**mismatch**";
}
}