int is_running; /**< As far as we know, is this OR currently running? */
time_t status_set_at; /**< When did we last update is_running? */
int is_verified; /**< Has a trusted dirserver validated this OR? */
- int is_trusted_dir; /**< Do we trust this OR as a directory server? */
smartlist_t *declared_family; /**< Nicknames of router which this router
* claims are its family. */
int router_digest_is_trusted_dir(const char *digest);
void router_get_routerlist(routerlist_t **prouterlist);
void routerlist_free(routerlist_t *routerlist);
-void routerlist_clear_trusted_directories(void);
void routerinfo_free(routerinfo_t *router);
routerinfo_t *routerinfo_copy(const routerinfo_t *router);
void router_mark_as_down(const char *digest);
void routerlist_remove_old_routers(int age);
-int router_load_routerlist_from_file(char *routerfile, int trusted);
-int router_load_routerlist_from_string(const char *s, int trusted);
int router_load_routerlist_from_directory(const char *s,crypto_pk_env_t *pkey,
int check_version);
int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
if (crypto_pk_generate_key(prkey))
return -1;
set_identity_key(prkey);
-/* XXX NM: do we have a convention for what client's Nickname is? */
- if (tor_tls_context_new(get_identity_key(), 1, options.Nickname,
+ /* XXX NM: do we have a convention for what client's Nickname is?
+ * No. Let me propose one: */
+ if (tor_tls_context_new(get_identity_key(), 1,
+ options.Nickname ? options.Nickname : "client",
MAX_SSL_KEY_LIFETIME) < 0) {
log_fn(LOG_ERR, "Error creating TLS context for OP.");
return -1;
}
int router_is_clique_mode(routerinfo_t *router) {
- if(router->is_trusted_dir)
+ if(router_digest_is_trusted_dir(router->identity_digest))
return 1;
return 0;
}
ri->bandwidthburst = options.BandwidthBurst;
ri->bandwidthcapacity = router_get_bandwidth_capacity();
router_add_exit_policy_from_config(ri);
- ri->is_trusted_dir = authdir_mode();
if(desc_routerinfo) /* inherit values */
ri->is_verified = desc_routerinfo->is_verified;
if (options.MyFamily) {
int router_reload_router_list(void)
{
char filename[512];
- routerlist_clear_trusted_directories();
if (get_data_directory(&options)) {
char *s;
snprintf(filename,sizeof(filename),"%s/cached-directory", get_data_directory(&options));
log_fn(LOG_INFO,"Still no %s router entries. Reloading and trying again.",
options.FascistFirewall ? "reachable" : "known");
has_fetched_directory=0; /* reset it */
- routerlist_clear_trusted_directories();
if(router_reload_router_list()) {
return NULL;
}
log_fn(LOG_WARN,"Still no dirservers %s. Reloading and trying again.",
options.FascistFirewall ? "reachable" : "known");
has_fetched_directory=0; /* reset it */
- routerlist_clear_trusted_directories();
if(router_reload_router_list()) {
return NULL;
}
static void mark_all_trusteddirservers_up(void) {
if(routerlist) {
SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, router,
- if(router->is_trusted_dir) {
- tor_assert(router->dir_port > 0);
- router->is_running = 1;
- router->status_set_at = time(NULL);
- });
+ if(router_digest_is_trusted_dir(router->identity_digest)) {
+ tor_assert(router->dir_port > 0);
+ router->is_running = 1;
+ router->status_set_at = time(NULL);
+ });
}
if (trusted_dir_servers) {
SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, dir,
for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
r = smartlist_get(routerlist->routers, i);
- r->is_trusted_dir = router_digest_is_trusted_dir(r->identity_digest);
-
if (!crypto_pk_cmp_keys(router->identity_pkey, r->identity_pkey)) {
if (router->published_on > r->published_on) {
log_fn(LOG_DEBUG, "Replacing entry for router '%s/%s' [%s]",
cutoff = time(NULL) - age;
for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
router = smartlist_get(routerlist->routers, i);
- if (router->published_on <= cutoff &&
- !router->is_trusted_dir) {
- /* Too old. Remove it. But never remove dirservers! */
+ if (router->published_on <= cutoff) {
+ /* Too old. Remove it. */
log_fn(LOG_INFO,"Forgetting obsolete routerinfo for node %s.", router->nickname);
routerinfo_free(router);
smartlist_del(routerlist->routers, i--);
* Code to parse router descriptors and directories.
*/
-/** Update the current router list with the one stored in
- * <b>routerfile</b>. If <b>trusted</b> is true, then we'll use
- * directory servers from the file. */
-int router_load_routerlist_from_file(char *routerfile, int trusted)
-{
- char *string;
-
- string = read_file_to_str(routerfile,0);
- if(!string) {
- log_fn(LOG_WARN,"Failed to load routerfile %s.",routerfile);
- return -1;
- }
-
- if(router_load_routerlist_from_string(string, trusted) < 0) {
- log_fn(LOG_WARN,"The routerfile itself was corrupt.");
- tor_free(string);
- return -1;
- }
- /* dump_onion_keys(LOG_NOTICE); */
-
- tor_free(string);
- return 0;
-}
-
-/** Mark all directories in the routerlist as nontrusted. */
-void routerlist_clear_trusted_directories(void)
-{
- if (routerlist) {
- SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, r,
- r->is_trusted_dir = 0);
- }
-}
-
-/** Helper function: read routerinfo elements from s, and throw out the
- * ones that don't parse and resolve. Add all remaining elements to the
- * routerlist. If <b>trusted</b> is true, then we'll use
- * directory servers from the string
- */
-int router_load_routerlist_from_string(const char *s, int trusted)
-{
- routerlist_t *new_list=NULL;
-
- if (router_parse_list_from_string(&s, &new_list, NULL, 0)) {
- log(LOG_WARN, "Error parsing router file");
- return -1;
- }
- if (*s) {
- log(LOG_WARN, "Extraneous text at start of router file");
- return -1;
- }
- if (trusted) {
- int i;
- for (i=0;i<smartlist_len(new_list->routers);++i) {
- routerinfo_t *r = smartlist_get(new_list->routers, i);
- if (r->dir_port) {
- log_fn(LOG_DEBUG,"Trusting router %s.", r->nickname);
- r->is_trusted_dir = 1;
- add_trusted_dir_server(r->address, r->dir_port, r->identity_digest);
- }
- }
- }
- if (routerlist) {
- SMARTLIST_FOREACH(new_list->routers, routerinfo_t *, r,
- router_add_to_routerlist(r));
- smartlist_clear(new_list->routers);
- routerlist_free(new_list);
- } else {
- routerlist = new_list;
- }
- if (router_resolve_routerlist(routerlist)) {
- log(LOG_WARN, "Error resolving routerlist");
- return -1;
- }
- /* dump_onion_keys(LOG_NOTICE); */
-
- return 0;
-}
/** Add to the current routerlist each router stored in the
* signed directory <b>s</b>. If pkey is provided, check the signature against
* was used to sign it, so we will use that key only if it is an
* authoritative directory signing key.
*
- * Otherwise, try to look up the router whose nickname is given in the
- * directory-signature token. If this fails, or the named router is
- * not authoritative, try to use pkey.
+ * Otherwise, if pkey is provided, try to use it.
*
* (New callers should always use <b>declared_key</b> when possible;
* <b>pkey is only for debugging.)
crypto_pk_env_t *declared_key)
{
char signed_digest[PK_BYTES];
- routerinfo_t *r;
crypto_pk_env_t *_pkey = NULL;
if (tok->n_args != 1) {
if (dir_signing_key_is_trusted(declared_key))
_pkey = declared_key;
}
+ if (!_pkey && pkey) {
+ /* pkey provided for debugging purposes */
+ _pkey = pkey;
+ }
if (!_pkey) {
- log_fn(LOG_WARN, "Processing directory in old (before 0.0.9pre3) format--this may fail.");
- r = router_get_by_nickname(tok->args[0]);
- log_fn(LOG_DEBUG, "Got directory signed (allegedly) by %s", tok->args[0]);
- if (r && r->is_trusted_dir) {
- _pkey = r->identity_pkey;
- } else if (!r && pkey) {
- /* pkey provided for debugging purposes. */
- _pkey = pkey;
- } else if (!r) {
- log_fn(LOG_WARN, "No server descriptor loaded for signer %s",
- tok->args[0]);
- return -1;
- } else if (r && !r->is_trusted_dir) {
- log_fn(LOG_WARN, "Directory was signed by non-trusted server %s",
- tok->args[0]);
- return -1;
- }
+ log_fn(LOG_WARN, "Found directory in old (before 0.0.9pre3) format--rejecting.");
+ return -1;
}
if (strcmp(tok->object_type, "SIGNATURE") || tok->object_size != 128) {
goto err;
} else if (tok) {
if (tok->n_args < 3) {
- log_fn(LOG_WARN,"Not enough arguments to \"bandwidth\"");
+ /* XXXX Once 0.0.7 is *really* dead, restore this warning to its old form*/
+ log_fn(LOG_WARN,"Not enough arguments to \"bandwidth\": must be an obsolete server. Rejecting.");
goto err;
}
router->bandwidthrate = tor_parse_long(tok->args[0],10,0,INT_MAX,NULL,NULL);
projects / thirdparty / tor.git / commitdiff
