r15048@catbus: nickm | 2007-09-11 14:20:39 -0400

Add code to warn about mauthorities on a consensus when they are not what we expect to find.


svn:r11429
This commit is contained in:
Nick Mathewson 2007-09-11 20:17:25 +00:00
parent 749da8e0e9
commit 4de4f53abd
4 changed files with 67 additions and 12 deletions

View File

@ -64,8 +64,8 @@ Things we'd like to do in 0.2.0.x:
their keys are.
- While we're at it, let v3 authorities have fqdns lines.
- Fix all XXXX020s in vote code
- Validate information properly.
- Warn if we get a vote with different authorities than we know.
. Validate information properly.
o Warn if we get a vote with different authorities than we know.
o Don't count votes with a different valid-after when generating
the same consensus.
- Dump certificates with the wrong time. Or just warn?

View File

@ -734,9 +734,11 @@ networkstatus_check_voter_signature(networkstatus_vote_t *consensus,
/** Given a v3 networkstatus consensus in <b>consensus</b>, check every
* as-yet-unchecked signature on <b>consensus. Return 0 if there are enough
* good signatures from recognized authorities on it, and -1 otherwise. */
* good signatures from recognized authorities on it, and -1 otherwise.
* DOCDOC warn. */
int
networkstatus_check_consensus_signature(networkstatus_vote_t *consensus)
networkstatus_check_consensus_signature(networkstatus_vote_t *consensus,
int warn)
{
int n_good = 0;
int n_missing_key = 0;
@ -744,6 +746,10 @@ networkstatus_check_consensus_signature(networkstatus_vote_t *consensus)
int n_unknown = 0;
int n_no_signature = 0;
int n_required = get_n_authorities(V3_AUTHORITY)/2 + 1;
smartlist_t *need_certs_from = smartlist_create();
smartlist_t *unrecognized = smartlist_create();
smartlist_t *missing_authorities = smartlist_create();
int severity;
tor_assert(! consensus->is_vote);
@ -755,10 +761,15 @@ networkstatus_check_consensus_signature(networkstatus_vote_t *consensus)
authority_cert_get_by_digests(voter->identity_digest,
voter->signing_key_digest);
if (! cert) {
if (!trusteddirserver_get_by_v3_auth_digest(voter->identity_digest))
smartlist_add(unrecognized, voter);
else
smartlist_add(need_certs_from, voter);
++n_unknown;
continue;
}
if (networkstatus_check_voter_signature(consensus, voter, cert) < 0) {
smartlist_add(need_certs_from, voter);
++n_missing_key;
continue;
}
@ -771,10 +782,53 @@ networkstatus_check_consensus_signature(networkstatus_vote_t *consensus)
++n_no_signature;
});
log_notice(LD_DIR,
/* Now see whether we're missing any voters entirely. */
SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
trusted_dir_server_t *, ds,
{
if ((ds->type & V3_AUTHORITY) &&
!networkstatus_get_voter_by_id(consensus, ds->v3_identity_digest))
smartlist_add(missing_authorities, ds);
});
if (warn > 1 || (warn && n_good < n_required))
severity = LOG_WARN;
else
severity = LOG_INFO;
if (warn >= 0) {
SMARTLIST_FOREACH(unrecognized, networkstatus_voter_info_t *, voter,
{
log(severity, LD_DIR, "Consensus includes unrecognized authority '%s' "
"at %s:%d (contact %s; identity %s)",
voter->nickname, voter->address, (int)voter->dir_port,
voter->contact?voter->contact:"n/a",
hex_str(voter->identity_digest, DIGEST_LEN));
});
SMARTLIST_FOREACH(need_certs_from, networkstatus_voter_info_t *, voter,
{
log_info(LD_DIR, "Looks like we need to download a new certificate "
"from authority '%s' at %s:%d (contact %s; identity %s)",
voter->nickname, voter->address, (int)voter->dir_port,
voter->contact?voter->contact:"n/a",
hex_str(voter->identity_digest, DIGEST_LEN));
});
SMARTLIST_FOREACH(missing_authorities, trusted_dir_server_t *, ds,
{
log(severity, LD_DIR, "Consensus does not include configured "
"authority '%s' at %s:%d (identity %s)",
ds->nickname, ds->address, (int)ds->dir_port,
hex_str(ds->v3_identity_digest, DIGEST_LEN));
});
log(severity, LD_DIR,
"%d unknown, %d missing key, %d good, %d bad, %d no signature, "
"%d required", n_unknown, n_missing_key, n_good, n_bad,
n_no_signature, n_required);
}
smartlist_free(unrecognized);
smartlist_free(need_certs_from);
smartlist_free(missing_authorities);
if (n_good >= n_required)
return 0;
@ -1444,7 +1498,7 @@ dirvote_compute_consensus(void)
goto err;
}
/* 'Check' our own signature, to mark it valid. */
networkstatus_check_consensus_signature(consensus);
networkstatus_check_consensus_signature(consensus, -1);
signatures = networkstatus_get_detached_signatures(consensus);
if (!signatures) {
@ -1622,7 +1676,7 @@ dirvote_publish_consensus(void)
{
/* Can we actually publish it yet? */
if (!pending_consensus ||
networkstatus_check_consensus_signature(pending_consensus)<0) {
networkstatus_check_consensus_signature(pending_consensus, 1)<0) {
log_warn(LD_DIR, "Not enough info to publish pending consensus");
return -1;
}

View File

@ -2888,7 +2888,8 @@ char *networkstatus_compute_consensus(smartlist_t *votes,
networkstatus_voter_info_t *networkstatus_get_voter_by_id(
networkstatus_vote_t *vote,
const char *identity);
int networkstatus_check_consensus_signature(networkstatus_vote_t *consensus);
int networkstatus_check_consensus_signature(networkstatus_vote_t *consensus,
int warn);
int networkstatus_add_consensus_signatures(networkstatus_vote_t *target,
networkstatus_vote_t *src,
char **new_signatures_out,

View File

@ -4038,7 +4038,7 @@ networkstatus_set_current_consensus(const char *consensus, int from_cache)
}
/* Make sure it's signed enough. */
if (networkstatus_check_consensus_signature(c)<0) {
if (networkstatus_check_consensus_signature(c, 1)<0) {
log_warn(LD_DIR, "Not enough good signatures on networkstatus consensus");
networkstatus_vote_free(c);
return -1;