mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 10:12:15 +01:00
r15048@catbus: nickm | 2007-09-11 14:20:39 -0400
Add code to warn about mauthorities on a consensus when they are not what we expect to find. svn:r11429
This commit is contained in:
parent
749da8e0e9
commit
4de4f53abd
4
doc/TODO
4
doc/TODO
@ -64,8 +64,8 @@ Things we'd like to do in 0.2.0.x:
|
||||
their keys are.
|
||||
- While we're at it, let v3 authorities have fqdns lines.
|
||||
- Fix all XXXX020s in vote code
|
||||
- Validate information properly.
|
||||
- Warn if we get a vote with different authorities than we know.
|
||||
. Validate information properly.
|
||||
o Warn if we get a vote with different authorities than we know.
|
||||
o Don't count votes with a different valid-after when generating
|
||||
the same consensus.
|
||||
- Dump certificates with the wrong time. Or just warn?
|
||||
|
@ -734,9 +734,11 @@ networkstatus_check_voter_signature(networkstatus_vote_t *consensus,
|
||||
|
||||
/** Given a v3 networkstatus consensus in <b>consensus</b>, check every
|
||||
* as-yet-unchecked signature on <b>consensus. Return 0 if there are enough
|
||||
* good signatures from recognized authorities on it, and -1 otherwise. */
|
||||
* good signatures from recognized authorities on it, and -1 otherwise.
|
||||
* DOCDOC warn. */
|
||||
int
|
||||
networkstatus_check_consensus_signature(networkstatus_vote_t *consensus)
|
||||
networkstatus_check_consensus_signature(networkstatus_vote_t *consensus,
|
||||
int warn)
|
||||
{
|
||||
int n_good = 0;
|
||||
int n_missing_key = 0;
|
||||
@ -744,6 +746,10 @@ networkstatus_check_consensus_signature(networkstatus_vote_t *consensus)
|
||||
int n_unknown = 0;
|
||||
int n_no_signature = 0;
|
||||
int n_required = get_n_authorities(V3_AUTHORITY)/2 + 1;
|
||||
smartlist_t *need_certs_from = smartlist_create();
|
||||
smartlist_t *unrecognized = smartlist_create();
|
||||
smartlist_t *missing_authorities = smartlist_create();
|
||||
int severity;
|
||||
|
||||
tor_assert(! consensus->is_vote);
|
||||
|
||||
@ -755,10 +761,15 @@ networkstatus_check_consensus_signature(networkstatus_vote_t *consensus)
|
||||
authority_cert_get_by_digests(voter->identity_digest,
|
||||
voter->signing_key_digest);
|
||||
if (! cert) {
|
||||
if (!trusteddirserver_get_by_v3_auth_digest(voter->identity_digest))
|
||||
smartlist_add(unrecognized, voter);
|
||||
else
|
||||
smartlist_add(need_certs_from, voter);
|
||||
++n_unknown;
|
||||
continue;
|
||||
}
|
||||
if (networkstatus_check_voter_signature(consensus, voter, cert) < 0) {
|
||||
smartlist_add(need_certs_from, voter);
|
||||
++n_missing_key;
|
||||
continue;
|
||||
}
|
||||
@ -771,10 +782,53 @@ networkstatus_check_consensus_signature(networkstatus_vote_t *consensus)
|
||||
++n_no_signature;
|
||||
});
|
||||
|
||||
log_notice(LD_DIR,
|
||||
/* Now see whether we're missing any voters entirely. */
|
||||
SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
|
||||
trusted_dir_server_t *, ds,
|
||||
{
|
||||
if ((ds->type & V3_AUTHORITY) &&
|
||||
!networkstatus_get_voter_by_id(consensus, ds->v3_identity_digest))
|
||||
smartlist_add(missing_authorities, ds);
|
||||
});
|
||||
|
||||
if (warn > 1 || (warn && n_good < n_required))
|
||||
severity = LOG_WARN;
|
||||
else
|
||||
severity = LOG_INFO;
|
||||
|
||||
if (warn >= 0) {
|
||||
SMARTLIST_FOREACH(unrecognized, networkstatus_voter_info_t *, voter,
|
||||
{
|
||||
log(severity, LD_DIR, "Consensus includes unrecognized authority '%s' "
|
||||
"at %s:%d (contact %s; identity %s)",
|
||||
voter->nickname, voter->address, (int)voter->dir_port,
|
||||
voter->contact?voter->contact:"n/a",
|
||||
hex_str(voter->identity_digest, DIGEST_LEN));
|
||||
});
|
||||
SMARTLIST_FOREACH(need_certs_from, networkstatus_voter_info_t *, voter,
|
||||
{
|
||||
log_info(LD_DIR, "Looks like we need to download a new certificate "
|
||||
"from authority '%s' at %s:%d (contact %s; identity %s)",
|
||||
voter->nickname, voter->address, (int)voter->dir_port,
|
||||
voter->contact?voter->contact:"n/a",
|
||||
hex_str(voter->identity_digest, DIGEST_LEN));
|
||||
});
|
||||
SMARTLIST_FOREACH(missing_authorities, trusted_dir_server_t *, ds,
|
||||
{
|
||||
log(severity, LD_DIR, "Consensus does not include configured "
|
||||
"authority '%s' at %s:%d (identity %s)",
|
||||
ds->nickname, ds->address, (int)ds->dir_port,
|
||||
hex_str(ds->v3_identity_digest, DIGEST_LEN));
|
||||
});
|
||||
log(severity, LD_DIR,
|
||||
"%d unknown, %d missing key, %d good, %d bad, %d no signature, "
|
||||
"%d required", n_unknown, n_missing_key, n_good, n_bad,
|
||||
n_no_signature, n_required);
|
||||
}
|
||||
|
||||
smartlist_free(unrecognized);
|
||||
smartlist_free(need_certs_from);
|
||||
smartlist_free(missing_authorities);
|
||||
|
||||
if (n_good >= n_required)
|
||||
return 0;
|
||||
@ -1444,7 +1498,7 @@ dirvote_compute_consensus(void)
|
||||
goto err;
|
||||
}
|
||||
/* 'Check' our own signature, to mark it valid. */
|
||||
networkstatus_check_consensus_signature(consensus);
|
||||
networkstatus_check_consensus_signature(consensus, -1);
|
||||
|
||||
signatures = networkstatus_get_detached_signatures(consensus);
|
||||
if (!signatures) {
|
||||
@ -1622,7 +1676,7 @@ dirvote_publish_consensus(void)
|
||||
{
|
||||
/* Can we actually publish it yet? */
|
||||
if (!pending_consensus ||
|
||||
networkstatus_check_consensus_signature(pending_consensus)<0) {
|
||||
networkstatus_check_consensus_signature(pending_consensus, 1)<0) {
|
||||
log_warn(LD_DIR, "Not enough info to publish pending consensus");
|
||||
return -1;
|
||||
}
|
||||
|
@ -2888,7 +2888,8 @@ char *networkstatus_compute_consensus(smartlist_t *votes,
|
||||
networkstatus_voter_info_t *networkstatus_get_voter_by_id(
|
||||
networkstatus_vote_t *vote,
|
||||
const char *identity);
|
||||
int networkstatus_check_consensus_signature(networkstatus_vote_t *consensus);
|
||||
int networkstatus_check_consensus_signature(networkstatus_vote_t *consensus,
|
||||
int warn);
|
||||
int networkstatus_add_consensus_signatures(networkstatus_vote_t *target,
|
||||
networkstatus_vote_t *src,
|
||||
char **new_signatures_out,
|
||||
|
@ -4038,7 +4038,7 @@ networkstatus_set_current_consensus(const char *consensus, int from_cache)
|
||||
}
|
||||
|
||||
/* Make sure it's signed enough. */
|
||||
if (networkstatus_check_consensus_signature(c)<0) {
|
||||
if (networkstatus_check_consensus_signature(c, 1)<0) {
|
||||
log_warn(LD_DIR, "Not enough good signatures on networkstatus consensus");
|
||||
networkstatus_vote_free(c);
|
||||
return -1;
|
||||
|
Loading…
Reference in New Issue
Block a user