nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 06:13:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

link nicknames to trusted directory servers; log these nicknames when mentioning servers; also, when we get a naming conflict; log which nicknames or keys are supposed to bind.

Browse Source 
svn:r5184
This commit is contained in:
Nick Mathewson 2005-10-04 21:21:09 +00:00
parent b10df0d595
commit 2d203fdcf3
6 changed files with 84 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/tor.1.in
View File

@ -83,7 +83,7 @@ their current liveness status. A value of "0 seconds" tells Tor to choose an
appropriate default. (Default: 1 hour for clients, 20 minutes for servers) appropriate default. (Default: 1 hour for clients, 20 minutes for servers)
.LP .LP
.TP .TP
\fBDirServer \fR[v1] \fIaddress:port fingerprint\fP \fBDirServer \fR[\fInickname\fR] [\fBv1\fR] \fIaddress\fR\fB:\fIport fingerprint\fP
Use a nonstandard authoritative directory server at the provided Use a nonstandard authoritative directory server at the provided
address and port, with the specified key fingerprint. This option can address and port, with the specified key fingerprint. This option can
be repeated many times, for multiple authoritative directory be repeated many times, for multiple authoritative directory

6
src/config/torrc.complete.in
View File

@ -77,9 +77,9 @@
## uncommenting these lines is a bad idea. They are the defaults now, ## uncommenting these lines is a bad idea. They are the defaults now,
## but the defaults may change in the future, leaving you behind. ## but the defaults may change in the future, leaving you behind.
## ##
#DirServer v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 #DirServer moria1 v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
#DirServer v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF #DirServer moria2 v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
#DirServer v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D #DirServer tor26 v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
## On startup, setgid to this user. ## On startup, setgid to this user.
#Group GID #Group GID

51
src/or/config.c
View File

@ -1313,15 +1313,12 @@ option_reset(config_format_t *fmt, or_options_t *options,
static void static void
add_default_trusted_dirservers(or_options_t *options) add_default_trusted_dirservers(or_options_t *options)
{ {
/* moria1 */
config_line_append(&options->DirServers, "DirServer", config_line_append(&options->DirServers, "DirServer",
"v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441"); "moria1 v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441");
/* moria2 */
config_line_append(&options->DirServers, "DirServer", config_line_append(&options->DirServers, "DirServer",
"v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF"); "moria2 v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF");
/* tor26 */
config_line_append(&options->DirServers, "DirServer", config_line_append(&options->DirServers, "DirServer",
"v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D"); "tor26 v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D");
// "tor.noreply.org:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D"); // "tor.noreply.org:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D");
} }
@ -2871,23 +2868,31 @@ static int
parse_dir_server_line(const char *line, int validate_only) parse_dir_server_line(const char *line, int validate_only)
{ {
smartlist_t *items = NULL; smartlist_t *items = NULL;
int r; int r, idx;
char *addrport, *address=NULL; char *addrport, *address=NULL, *nickname=NULL, *fingerprint=NULL;
uint16_t port; uint16_t port;
char digest[DIGEST_LEN]; char digest[DIGEST_LEN];
int supports_v1 = 1; /*XXXX011 change default when clients support v2. */ int supports_v1 = 1; /*XXXX011 change default when clients support v2. */
while (TOR_ISSPACE(*line))
++line;
if (!strcmpstart(line, "v1 ")) {
line += 3;
supports_v1 = 1;
}
items = smartlist_create(); items = smartlist_create();
smartlist_split_string(items, line, NULL, smartlist_split_string(items, line, NULL,
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2); SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
if (smartlist_len(items) < 2) {
}
idx = 0;
if (is_legal_nickname(smartlist_get(items, 0))) {
nickname = smartlist_get(items, 0);
smartlist_del_keeporder(items, 0);
}
if (!strcmp(smartlist_get(items, 0), "v1")) {
char *v1 = smartlist_get(items, 0);
tor_free(v1);
supports_v1 = 1;
smartlist_del_keeporder(items, 0);
}
if (smartlist_len(items) < 2) { if (smartlist_len(items) < 2) {
log_fn(LOG_WARN, "Too few arguments to DirServer line."); log_fn(LOG_WARN, "Too few arguments to DirServer line.");
goto err; goto err;
@ -2901,14 +2906,14 @@ parse_dir_server_line(const char *line, int validate_only)
log_fn(LOG_WARN, "Missing port in DirServer address '%s'",addrport); log_fn(LOG_WARN, "Missing port in DirServer address '%s'",addrport);
goto err; goto err;
} }
smartlist_del_keeporder(items, 0);
tor_strstrip(smartlist_get(items, 1), " "); fingerprint = smartlist_join_strings(items, "", 0, NULL);
if (strlen(smartlist_get(items, 1)) != HEX_DIGEST_LEN) { if (strlen(fingerprint) != HEX_DIGEST_LEN) {
log_fn(LOG_WARN, "Key digest for DirServer is wrong length."); log_fn(LOG_WARN, "Key digest for DirServer is wrong length.");
goto err; goto err;
} }
if (base16_decode(digest, DIGEST_LEN, if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
smartlist_get(items,1), HEX_DIGEST_LEN)<0) {
log_fn(LOG_WARN, "Unable to decode DirServer key digest."); log_fn(LOG_WARN, "Unable to decode DirServer key digest.");
goto err; goto err;
} }
@ -2916,7 +2921,7 @@ parse_dir_server_line(const char *line, int validate_only)
if (!validate_only) { if (!validate_only) {
log_fn(LOG_DEBUG, "Trusted dirserver at %s:%d (%s)", address, (int)port, log_fn(LOG_DEBUG, "Trusted dirserver at %s:%d (%s)", address, (int)port,
(char*)smartlist_get(items,1)); (char*)smartlist_get(items,1));
add_trusted_dir_server(address, port, digest, supports_v1); add_trusted_dir_server(nickname, address, port, digest, supports_v1);
} }
r = 0; r = 0;
@ -2929,6 +2934,8 @@ parse_dir_server_line(const char *line, int validate_only)
SMARTLIST_FOREACH(items, char*, s, tor_free(s)); SMARTLIST_FOREACH(items, char*, s, tor_free(s));
smartlist_free(items); smartlist_free(items);
tor_free(address); tor_free(address);
tor_free(nickname);
tor_free(fingerprint);
return r; return r;
} }

5
src/or/or.h
View File

@ -2062,6 +2062,8 @@ void router_free_all_keys(void);
/** Represents information about a single trusted directory server. */ /** Represents information about a single trusted directory server. */
typedef struct trusted_dir_server_t { typedef struct trusted_dir_server_t {
char *description;
char *nickname;
char *address; /**< Hostname */ char *address; /**< Hostname */
uint32_t addr; /**< IPv4 address */ uint32_t addr; /**< IPv4 address */
uint16_t dir_port; /**< Directory port */ uint16_t dir_port; /**< Directory port */
@ -2138,7 +2140,8 @@ int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port,
int need_uptime); int need_uptime);
int router_exit_policy_rejects_all(routerinfo_t *router); int router_exit_policy_rejects_all(routerinfo_t *router);
void add_trusted_dir_server(const char *addr, uint16_t port, void add_trusted_dir_server(const char *nickname,
const char *addr, uint16_t port,
const char *digest, int supports_v1); const char *digest, int supports_v1);
void clear_trusted_dir_servers(void); void clear_trusted_dir_servers(void);
networkstatus_t *networkstatus_get_by_digest(const char *digest); networkstatus_t *networkstatus_get_by_digest(const char *digest);

3
src/or/router.c
View File

@ -370,7 +370,8 @@ init_keys(void)
/* 6b. [authdirserver only] add own key to approved directories. */ /* 6b. [authdirserver only] add own key to approved directories. */
crypto_pk_get_digest(get_identity_key(), digest); crypto_pk_get_digest(get_identity_key(), digest);
if (!router_digest_is_trusted_dir(digest)) { if (!router_digest_is_trusted_dir(digest)) {
add_trusted_dir_server(NULL, (uint16_t)options->DirPort, digest, add_trusted_dir_server(options->Nickname, NULL,
(uint16_t)options->DirPort, digest,
options->V1AuthoritativeDir); options->V1AuthoritativeDir);
} }
/* success */ /* success */

67
src/or/routerlist.c
View File

@ -1416,7 +1416,7 @@ router_set_networkstatus(const char *s, time_t arrived_at,
format_iso_time(published, ns->published_on); format_iso_time(published, ns->published_on);
if (ns->published_on > now + NETWORKSTATUS_ALLOW_SKEW) { if (ns->published_on > now + NETWORKSTATUS_ALLOW_SKEW) {
log_fn(LOG_WARN, "Network status was published in the future (%s GMT). Somebody is skewed here: check your clock. Not caching.", published); log_fn(LOG_WARN, "Network status from %s was published in the future (%s GMT). Somebody is skewed here: check your clock. Not caching.", trusted_dir->description, published);
skewed = 1; skewed = 1;
} }
@ -1455,8 +1455,8 @@ router_set_networkstatus(const char *s, time_t arrived_at,
/* Same one we had before. */ /* Same one we had before. */
networkstatus_free(ns); networkstatus_free(ns);
log_fn(LOG_NOTICE, log_fn(LOG_NOTICE,
"Dropping network-status from %s:%d (published %s); already have it.", "Dropping network-status from %s (published %s); already have it.",
trusted_dir->address, trusted_dir->dir_port, published); trusted_dir->description, published);
if (old_ns->received_on < arrived_at) { if (old_ns->received_on < arrived_at) {
if (source != NS_FROM_CACHE) { if (source != NS_FROM_CACHE) {
char *fn = networkstatus_get_cache_filename(old_ns); char *fn = networkstatus_get_cache_filename(old_ns);
@ -1471,9 +1471,9 @@ router_set_networkstatus(const char *s, time_t arrived_at,
char old_published[ISO_TIME_LEN+1]; char old_published[ISO_TIME_LEN+1];
format_iso_time(old_published, old_ns->published_on); format_iso_time(old_published, old_ns->published_on);
log_fn(LOG_NOTICE, log_fn(LOG_NOTICE,
"Dropping network-status from %s:%d (published %s);" "Dropping network-status from %s (published %s);"
" we have a newer one (published %s) for this authority.", " we have a newer one (published %s) for this authority.",
trusted_dir->address, trusted_dir->dir_port, published, trusted_dir->description, published,
old_published); old_published);
networkstatus_free(ns); networkstatus_free(ns);
return 0; return 0;
@ -1490,10 +1490,10 @@ router_set_networkstatus(const char *s, time_t arrived_at,
smartlist_add(networkstatus_list, ns); smartlist_add(networkstatus_list, ns);
/*XXXX011 downgrade to INFO NM */ /*XXXX011 downgrade to INFO NM */
log_fn(LOG_NOTICE, "Setting networkstatus %s %s:%d (published %s)", log_fn(LOG_NOTICE, "Setting networkstatus %s %s (published %s)",
source == NS_FROM_CACHE?"cached from": source == NS_FROM_CACHE?"cached from":
(source==NS_FROM_DIR?"downloaded from":"generated for"), (source==NS_FROM_DIR?"downloaded from":"generated for"),
trusted_dir->address, trusted_dir->dir_port, published); trusted_dir->description, published);
networkstatus_list_has_changed = 1; networkstatus_list_has_changed = 1;
smartlist_sort(networkstatus_list, _compare_networkstatus_published_on); smartlist_sort(networkstatus_list, _compare_networkstatus_published_on);
@ -1699,11 +1699,10 @@ update_networkstatus_client_downloads(time_t now)
/* Also, download at least 1 every NETWORKSTATUS_CLIENT_DL_INTERVAL. */ /* Also, download at least 1 every NETWORKSTATUS_CLIENT_DL_INTERVAL. */
if (n_running_dirservers && if (n_running_dirservers &&
most_recent_received < now-NETWORKSTATUS_CLIENT_DL_INTERVAL && needed < 1) { most_recent_received < now-NETWORKSTATUS_CLIENT_DL_INTERVAL && needed < 1) {
const char *addr = most_recent?most_recent->address:"nobody"; log_fn(LOG_NOTICE, "Our most recent network-status document (from %s) "
int port = most_recent?most_recent->dir_port:0;
log_fn(LOG_NOTICE, "Our most recent network-status document (from %s:%d) "
"is %d seconds old; downloading another.", "is %d seconds old; downloading another.",
addr, port, (int)(now-most_recent_received)); most_recent?most_recent->description:"nobody",
(int)(now-most_recent_received));
needed = 1; needed = 1;
} }
@ -1932,12 +1931,13 @@ router_exit_policy_rejects_all(routerinfo_t *router)
* <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If
* <b>address</b> is NULL, add ourself. */ * <b>address</b> is NULL, add ourself. */
void void
add_trusted_dir_server(const char *address, uint16_t port, const char *digest, add_trusted_dir_server(const char *nickname, const char *address,
int supports_v1) uint16_t port, const char *digest, int supports_v1)
{ {
trusted_dir_server_t *ent; trusted_dir_server_t *ent;
uint32_t a; uint32_t a;
char *hostname = NULL; char *hostname = NULL;
size_t dlen;
if (!trusted_dir_servers) if (!trusted_dir_servers)
trusted_dir_servers = smartlist_create(); trusted_dir_servers = smartlist_create();
@ -1957,12 +1957,23 @@ add_trusted_dir_server(const char *address, uint16_t port, const char *digest,
} }
ent = tor_malloc_zero(sizeof(trusted_dir_server_t)); ent = tor_malloc_zero(sizeof(trusted_dir_server_t));
ent->nickname = nickname ? tor_strdup(nickname) : NULL;
ent->address = hostname; ent->address = hostname;
ent->addr = a; ent->addr = a;
ent->dir_port = port; ent->dir_port = port;
ent->is_running = 1; ent->is_running = 1;
ent->supports_v1_protocol = supports_v1; ent->supports_v1_protocol = supports_v1;
memcpy(ent->digest, digest, DIGEST_LEN); memcpy(ent->digest, digest, DIGEST_LEN);
dlen = 64 + strlen(hostname) + (nickname?strlen(nickname):0);
ent->description = tor_malloc(dlen);
if (nickname)
tor_snprintf(ent->description, dlen, "directory server \"%s\" at %s:%d",
nickname, hostname, (int)port);
else
tor_snprintf(ent->description, dlen, "directory server at %s:%d",
hostname, (int)port);
smartlist_add(trusted_dir_servers, ent); smartlist_add(trusted_dir_servers, ent);
} }
@ -1972,7 +1983,12 @@ clear_trusted_dir_servers(void)
{ {
if (trusted_dir_servers) { if (trusted_dir_servers) {
SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ent, SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ent,
{ tor_free(ent->address); tor_free(ent); }); {
tor_free(ent->nickname);
tor_free(ent->description);
tor_free(ent->address);
tor_free(ent);
});
smartlist_clear(trusted_dir_servers); smartlist_clear(trusted_dir_servers);
} else { } else {
trusted_dir_servers = smartlist_create(); trusted_dir_servers = smartlist_create();
@ -2116,13 +2132,16 @@ networkstatus_list_update_recent(time_t now)
changed = 0; changed = 0;
for (i=n_statuses-1; i >= 0; --i) { for (i=n_statuses-1; i >= 0; --i) {
networkstatus_t *ns = smartlist_get(networkstatus_list, i); networkstatus_t *ns = smartlist_get(networkstatus_list, i);
trusted_dir_server_t *ds =
router_get_trusteddirserver_by_digest(ns->identity_digest);
const char *src = ds?ds->description:ns->source_address;
if (n_recent < MIN_TO_INFLUENCE_RUNNING || if (n_recent < MIN_TO_INFLUENCE_RUNNING ||
ns->published_on + DEFAULT_RUNNING_INTERVAL > now) { ns->published_on + DEFAULT_RUNNING_INTERVAL > now) {
if (!ns->is_recent) { if (!ns->is_recent) {
format_iso_time(published, ns->published_on); format_iso_time(published, ns->published_on);
log_fn(LOG_NOTICE, log_fn(LOG_NOTICE,
"Networkstatus from %s:%d (published %s) is now \"recent\"", "Networkstatus from %s (published %s) is now \"recent\"",
ns->source_address, ns->source_dirport, published); src, published);
changed = 1; changed = 1;
} }
ns->is_recent = 1; ns->is_recent = 1;
@ -2131,8 +2150,8 @@ networkstatus_list_update_recent(time_t now)
if (ns->is_recent) { if (ns->is_recent) {
format_iso_time(published, ns->published_on); format_iso_time(published, ns->published_on);
log_fn(LOG_NOTICE, log_fn(LOG_NOTICE,
"Networkstatus from %s:%d (published %s) is no longer \"recent\"", "Networkstatus from %s (published %s) is no longer \"recent\"",
ns->source_address, ns->source_dirport, published); src, published);
changed = 1; changed = 1;
ns->is_recent = 0; ns->is_recent = 0;
} }
@ -2211,9 +2230,13 @@ routerstatus_list_update_from_networkstatus(time_t now)
else if (memcmp(other_digest, rs->identity_digest, DIGEST_LEN) && else if (memcmp(other_digest, rs->identity_digest, DIGEST_LEN) &&
other_digest != conflict) { other_digest != conflict) {
/*XXXX011 rate-limit this?*/ /*XXXX011 rate-limit this?*/
char fp1[HEX_DIGEST_LEN+1];
char fp2[HEX_DIGEST_LEN+1];
base16_encode(fp1, sizeof(fp1), other_digest, DIGEST_LEN);
base16_encode(fp2, sizeof(fp2), rs->identity_digest, DIGEST_LEN);
log_fn(LOG_WARN, log_fn(LOG_WARN,
"Naming authorities disagree about which key goes with %s.", "Naming authorities disagree about which key goes with %s. ($%s vs $%s)",
rs->nickname); rs->nickname, fp1, fp2);
strmap_set_lc(name_map, rs->nickname, conflict); strmap_set_lc(name_map, rs->nickname, conflict);
} }
}); });
@ -2275,8 +2298,8 @@ routerstatus_list_update_from_networkstatus(time_t now)
} else if (strcmp(the_name,"**mismatch**")) { } else if (strcmp(the_name,"**mismatch**")) {
char hd[HEX_DIGEST_LEN+1]; char hd[HEX_DIGEST_LEN+1];
base16_encode(hd, HEX_DIGEST_LEN+1, rs->identity_digest, DIGEST_LEN); base16_encode(hd, HEX_DIGEST_LEN+1, rs->identity_digest, DIGEST_LEN);
log_fn(LOG_WARN, "Naming authorities disagree about nicknames for $%s", log_fn(LOG_WARN, "Naming authorities disagree about nicknames for $%s (\"%s\" vs \"%s\")",
hd); hd, the_name, rs->nickname);
the_name = "**mismatch**"; the_name = "**mismatch**";
} }
} }