Roger Dingledine [Tue, 31 May 2011 03:50:37 +0000 (23:50 -0400)]
stop asserting at boot
The patch for 3228 made us try to run init_keys() before we had loaded
our state file, resulting in an assert inside init_keys. We had moved
it too early in the function.
Now it's later in the function, but still above the accounting calls.
Nick Mathewson [Mon, 30 May 2011 19:15:10 +0000 (15:15 -0400)]
Improve comments and defensive programming for 3045
The comment fixes are trivial. The defensive programming trick is to
tolerate receiving NULL inputs on the describe functions. That should
never actually happen, but it seems like the likeliest mistake for us
to make in the future.
Nick Mathewson [Mon, 23 May 2011 20:38:35 +0000 (16:38 -0400)]
Reinit keys at the start of options_act().
Previously we did this nearer to the end (in the old_options &&
transition_affects_workers() block). But other stuff cares about
keys being consistent with options... particularly anything which
tries to access a key, which can die in assert_identity_keys_ok().
Robert Ransom [Sun, 29 May 2011 15:03:41 +0000 (08:03 -0700)]
Set timestamp_dirty on HS circuits as circuit_expire_building requires
Fixes part of #1297; bugfix on 48e0228f1e031a709c1deb149c7dfd187c3609cf,
when circuit_expire_building was changed to assume that timestamp_dirty
was set when a circuit changed purpose to _C_REND_READY. (It wasn't.)
Nick Mathewson [Tue, 24 May 2011 15:55:08 +0000 (11:55 -0400)]
Don't try to build descriptors when router_get_advertised_or_port()==0
The previous attempt was incomplete: it told us not to publish a
descriptor, but didn't stop us from generating one. Now we treat an
absent OR port the same as not knowing our address. (This means
that when we _do_ get an OR port, we need to mark the descriptor
dirty.)
Nick Mathewson [Wed, 18 May 2011 01:42:35 +0000 (21:42 -0400)]
Don't build descriptors if ORPort auto is set and we have no OR listener
This situation can happen easily if you set 'ORPort auto' and
'AccountingMax'. Doing so means that when you have no ORPort, you
won't be able to set an ORPort in a descriptor, so instead you would
just generate lots of invalid descriptors, freaking out all the time.
Nick Mathewson [Mon, 23 May 2011 21:04:38 +0000 (17:04 -0400)]
Fix GCC 4.6's new -Wunused-but-set-variable warnings.
Most instances were dead code; for those, I removed the assignments.
Some were pieces of info we don't currently plan to use, but which
we might in the future. For those, I added an explicit cast-to-void
to indicate that we know that the thing's unused. Finally, one was
a case where we were testing the wrong variable in a unit test.
That one I fixed.
Nick Mathewson [Mon, 23 May 2011 20:59:41 +0000 (16:59 -0400)]
Remove the -F option from tor-resolve.
It used to mean "Force": it would tell tor-resolve to ask tor to
resolve an address even if it ended with .onion. But when
AutomapHostsOnResolve was added, automatically refusing to resolve
.onion hosts stopped making sense. So in 0.2.1.16-rc (commit 298dc95dfd8), we made tor-resolve happy to resolve anything.
The -F option stayed in, though, even though it didn't do anything.
Oddly, it never got documented.
Found while fixing GCC 4.6 "set, unused variable" warnings.
Nick Mathewson [Mon, 23 May 2011 04:17:48 +0000 (00:17 -0400)]
Use a 64-bit type to hold sockets on win64.
On win64, sockets are of type UINT_PTR; on win32 they're u_int;
elsewhere they're int. The correct windows way to check a socket for
being set is to compare it with INVALID_SOCKET; elsewhere you see if
it is negative.
On Libevent 2, all callbacks take sockets as evutil_socket_t; we've
been passing them int.
This patch should fix compilation and correctness when built for
64-bit windows. Fixes bug 3270.
Sebastian Hahn [Sat, 21 May 2011 17:10:11 +0000 (19:10 +0200)]
Don't recreate descriptor on sighup
We used to regenerate our descriptor whenever we'd get a sighup. This
was caused by a bug in options_transition_affects_workers() that would
return true even if the options were exactly the same. Down the call
path we'd call init_keys(), which made us make a new descriptor which
the authorities would reject, and the node would subsequently fall out
of the consensus.
This patch fixes only the first part of this bug:
options_transition_affects_workers() behaves correctly now. The second
part still wants a fix.
Robert Ransom [Mon, 16 May 2011 17:25:59 +0000 (10:25 -0700)]
Exit immediately if we can't monitor our owning controller process
tor_process_monitor_new can't currently return NULL, but if it ever can,
we want that to be an explicitly fatal error, without relying on the fact
that monitor_owning_controller_process's chain of caller will exit if it
fails.
Roger Dingledine [Mon, 16 May 2011 16:58:44 +0000 (12:58 -0400)]
refetch bridge descriptors in a timely fashion
When we configure a new bridge via the controller, don't wait up to ten
seconds before trying to fetch its descriptor. This wasn't so bad when
you listed your bridges in torrc, but it's dreadful if you configure
your bridges via vidalia.
Bumped the char maximum to 512 for HTTPProxyAuthenticator &
HTTPSProxyAuthenticator. Now stripping all '\n' after base64
encoding in alloc_http_authenticator.
Nick Mathewson [Mon, 16 May 2011 18:44:23 +0000 (14:44 -0400)]
squash! Add crypto_pk_check_key_public_exponent function
Rename crypto_pk_check_key_public_exponent to crypto_pk_public_exponent_ok:
it's nice to name predicates s.t. you can tell how to interpret true
and false.
Nick Mathewson [Mon, 16 May 2011 01:58:46 +0000 (21:58 -0400)]
Log descriptions of nodes, not just nicknames.
This patch introduces a few new functions in router.c to produce a
more helpful description of a node than its nickame, and then tweaks
nearly all log messages taking a nickname as an argument to call these
functions instead.
There are a few cases where I left the old log messages alone: in
these cases, the nickname was that of an authority (whose nicknames
are useful and unique), or the message already included an identity
and/or an address. I might have missed a couple more too.
Nick Mathewson [Fri, 13 May 2011 19:40:03 +0000 (15:40 -0400)]
Add a new flag to check_private_dir to make it _not_ change permissions
We'll need this for checking permissions on the directories that hold
control sockets: if somebody says "ControlSocket ~/foo", it would be
pretty rude to do a chmod 700 on their homedir.
When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel. But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.
This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.
See <http://bugs.debian.org/552556> for more details.
Nick Mathewson [Sun, 15 May 2011 16:46:26 +0000 (12:46 -0400)]
Preserve bridge download status across SETCONF, HUP
This code changes it so that we don't remove bridges immediately when
we start re-parsing our configuration. Instead, we mark them all, and
remove all the marked ones after re-parsing our bridge lines. As we
add a bridge, we see if it's already in the list. If so, we just
unmark it.
This new behavior will lose the property we used to have that bridges
were in bridge_list in the same order in which they appeared in the
torrc. I took a quick look through the code, and I'm pretty sure we
didn't actually depend on that anywhere.
This is for bug 3019; it's a fix on 0.2.0.3-alpha.
Nick Mathewson [Sun, 15 May 2011 15:14:28 +0000 (11:14 -0400)]
Rip out more of hid_serv_acting_as_directory
rransom notes correctly that now that we aren't checking our HSDir
flag, we have no actual reason to check whether we are listed in the
consensus at all when determining if we should act like a hidden
service directory.
Nick Mathewson [Fri, 13 May 2011 20:59:31 +0000 (16:59 -0400)]
Handle transitions in Automap*, VirtualAddrNetwork correctly
Previously, if they changed in torrc during a SIGHUP, all was well,
since we would just clear all transient entries from the addrmap
thanks to bug 1345. But if you changed them from the controller, Tor
would leave old mappings in place.
The VirtualAddrNetwork bug has been here since 0.1.1.19-rc; the
AutomapHosts* bug has been here since 0.2.0.1-alpha.
Nick Mathewson [Fri, 13 May 2011 20:22:58 +0000 (16:22 -0400)]
When TrackExitHosts changes, remove all no-longer-valid mappings
This bug couldn't happen when TrackExitHosts changed in torrc, since
the SIGHUP to reload the torrc would clear out all the transient
addressmap entries before. But if you used SETCONF to change
TrackExitHosts, old entries would be left alone: that's a bug, and so
this is a bugfix on Tor 0.1.0.1-rc.
Nick Mathewson [Fri, 13 May 2011 20:20:01 +0000 (16:20 -0400)]
Don't clear out transient addressmap entries on HUP
If you really want to purge the client DNS cache, the TrackHostExits
mappings, and the virtual address mappings, you should be using NEWNYM
instead.
Fixes bug 1345; bugfix on Tor 0.1.0.1-rc.
Note that this needs more work: now that we aren't nuking the
transient addressmap entries on HUP, we need to make sure that
configuration changes to VirtualAddressMap and TrackHostExits actually
have a reasonable effect.
projects / thirdparty / tor.git / log
