diff --git a/doc/TODO b/doc/TODO index 0b47cf2299..bc47fc8914 100644 --- a/doc/TODO +++ b/doc/TODO @@ -125,17 +125,28 @@ R - check reachability as soon as you hear about a new server - have new people be in limbo and need to demonstrate usefulness before we approve them - other? - - dirservers publish router-status with all these flags. +N . Authoritative dirservers publish very compressed network-status objects. + o Generate format + o Publish it +N . Everyone downloads network-status objects + - From all directories, round-robin + - Cache them, reload on restart + o Serve cached directories + - If DirPort, act as a cache. +N - Directories expose individual descriptors + o By server ID + o By 'all' + - By 'if-newer-than' (Does the spec require this??) + - Support compression. + o Expose "own most recent descriptor". +N - Alice acts on network-status objects, downloading descriptors as needed. o Servers publish new descriptors when: o options change o when 12-24 hours have passed o when uptime is reset o When bandwidth changes a lot. - - alices fetch many router-statuses and update descriptors as needed. - - add if-newer-than fetch options - - dirservers allow people to lookup by N descriptors, or to fetch all. - alices avoid duplicate class C nodes. - - everybody with a dirport will give you his descriptor. + o everybody with a dirport will give you his descriptor. - config option, on by default, to cache all descriptors. - Compress router desc sets before transmitting them M Analyze how bad the partitioning is or isn't. diff --git a/src/or/config.c b/src/or/config.c index 7ff0001677..3c6bf1e068 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -161,6 +161,8 @@ static config_var_t _option_vars[] = { VAR("PidFile", STRING, PidFile, NULL), VAR("ReachableAddresses", LINELIST, ReachableAddresses, NULL), VAR("RecommendedVersions", LINELIST, RecommendedVersions, NULL), + VAR("RecommendedClientVersions", LINELIST, RecommendedClientVersions, NULL), + VAR("RecommendedServerVersions", LINELIST, RecommendedServerVersions, NULL), VAR("RedirectExit", LINELIST, RedirectExit, NULL), VAR("RendExcludeNodes", STRING, RendExcludeNodes, NULL), VAR("RendNodes", STRING, RendNodes, NULL), @@ -875,6 +877,22 @@ option_get_assignment(or_options_t *options, const char *key) return get_assigned_option(&options_format, options, key); } +static config_line_t * +config_lines_dup(const config_line_t *inp) +{ + config_line_t *result = NULL; + config_line_t **next_out = &result; + while (inp) { + *next_out = tor_malloc(sizeof(config_line_t)); + (*next_out)->key = tor_strdup(inp->key); + (*next_out)->value = tor_strdup(inp->value); + inp = inp->next; + next_out = &((*next_out)->next); + } + (*next_out) = NULL; + return result; +} + static config_line_t * get_assigned_option(config_format_t *fmt, or_options_t *options, const char *key) { @@ -899,17 +917,7 @@ get_assigned_option(config_format_t *fmt, or_options_t *options, const char *key if (var->type == CONFIG_TYPE_LINELIST || var->type == CONFIG_TYPE_LINELIST_V) { /* Linelist requires special handling: we just copy and return it. */ - const config_line_t *next_in = *(const config_line_t**)value; - config_line_t **next_out = &result; - while (next_in) { - *next_out = tor_malloc(sizeof(config_line_t)); - (*next_out)->key = tor_strdup(next_in->key); - (*next_out)->value = tor_strdup(next_in->value); - next_in = next_in->next; - next_out = &((*next_out)->next); - } - (*next_out) = NULL; - return result; + return config_lines_dup(*(const config_line_t**)value); } result = tor_malloc_zero(sizeof(config_line_t)); @@ -1133,11 +1141,13 @@ print_usage(void) /** * Based on options-\>Address, guess our public IP address and put it - * in *addr. Return 0 if all is well, or -1 if we can't find a - * suitable public IP address. + * in *addr_out. If hostname_out is provided, set + * *hostname_out to a new string holding the hostname we used to get + * the address. Return 0 if all is well, or -1 if we can't find a suitable + * public IP address. */ int -resolve_my_address(or_options_t *options, uint32_t *addr) +resolve_my_address(or_options_t *options, uint32_t *addr_out, char **hostname_out) { struct in_addr in; struct hostent *rent; @@ -1147,7 +1157,7 @@ resolve_my_address(or_options_t *options, uint32_t *addr) static uint32_t old_addr=0; const char *address = options->Address; - tor_assert(addr); + tor_assert(addr_out); /* workaround: some people were leaving "Address " in their torrc, * and they had a buggy resolver that resolved " " to 0.0.0.0. Oops. @@ -1203,12 +1213,14 @@ resolve_my_address(or_options_t *options, uint32_t *addr) } log_fn(LOG_DEBUG, "Resolved Address to %s.", tmpbuf); - *addr = ntohl(in.s_addr); - if (old_addr && old_addr != *addr) { + *addr_out = ntohl(in.s_addr); + if (old_addr && old_addr != *addr_out) { log_fn(LOG_NOTICE,"Your IP seems to have changed. Updating."); server_has_changed_ip(); } - old_addr = *addr; + old_addr = *addr_out; + if (hostname_out) + *hostname_out = tor_strdup(hostname); return 0; } @@ -1582,7 +1594,7 @@ options_validate(or_options_t *options) if (server_mode(options)) { /* confirm that our address isn't broken, so we can complain now */ uint32_t tmp; - if (resolve_my_address(options, &tmp) < 0) + if (resolve_my_address(options, &tmp, NULL) < 0) result = -1; } @@ -1616,9 +1628,17 @@ options_validate(or_options_t *options) log(LOG_WARN, "StrictEntryNodes set, but no EntryNodes listed."); } - if (options->AuthoritativeDir && options->RecommendedVersions == NULL) { - log(LOG_WARN, "Directory servers must configure RecommendedVersions."); - result = -1; + if (options->AuthoritativeDir) { + if (!options->RecommendedVersions) { + log(LOG_WARN, "Directory servers must configure RecommendedVersions."); + result = -1; + } + if (!options->RecommendedClientVersions) + options->RecommendedClientVersions = + config_lines_dup(options->RecommendedVersions); + if (!options->RecommendedServerVersions) + options->RecommendedServerVersions = + config_lines_dup(options->RecommendedVersions); } if (options->AuthoritativeDir && !options->DirPort) { diff --git a/src/or/directory.c b/src/or/directory.c index a20e94f7c5..740dc1ba0d 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -1057,6 +1057,60 @@ directory_handle_command_get(connection_t *conn, char *headers, return 0; } + if (!strcmpstart(url,"/tor/status/")) { + /* v2 network status fetch. */ + size_t url_len = strlen(url); + int deflated = !strcmp(url+url_len-2, ".z"); + const char *key = url + strlen("/tor/status/"); + if (deflated) + url[url_len-2] = '\0'; + dlen = dirserv_get_networkstatus_v2(&cp, key, deflated); + tor_free(url); + if (!dlen) { /* we failed to create/cache cp */ + write_http_status_line(conn, 503, "Network status object unavailable"); + /* try to get a new one now */ + // XXXX NM + return 0; + } + format_rfc1123_time(date, time(NULL)); + tor_snprintf(tmp, sizeof(tmp), "HTTP/1.0 200 OK\r\nDate: %s\r\nContent-Length: %d\r\nContent-Type: text/plain\r\nContent-Encoding: %s\r\n\r\n", + date, + (int)dlen, + deflated?"deflate":"identity"); + connection_write_to_buf(tmp, strlen(tmp), conn); + connection_write_to_buf(cp, strlen(cp), conn); + return 0; + } + + if (!strcmpstart(url,"/tor/server/")) { + size_t url_len = strlen(url); + int deflated = !strcmp(url+url_len-2, ".z"); + smartlist_t *descs = smartlist_create(); + if (deflated) + url[url_len-2] = '\0'; + dirserv_get_routerdescs(descs, url); + tor_free(url); + if (!smartlist_len(descs)) { + write_http_status_line(conn, 400, "Servers unavailable."); + } else { + size_t len = 0; + format_rfc1123_time(date, time(NULL)); + SMARTLIST_FOREACH(descs, routerinfo_t *, ri, + len += ri->signed_descriptor_len); + /* XXXX We need to support deflate here. */ + tor_snprintf(tmp, sizeof(tmp), "HTTP/1.0 200 OK\r\nDate: %s\r\nContent-Length: %d\r\nContent-Type: application/octet-stream\r\n\r\n", + date, + (int)len); + connection_write_to_buf(tmp, strlen(tmp), conn); + SMARTLIST_FOREACH(descs, routerinfo_t *, ri, + connection_write_to_buf(ri->signed_descriptor, + ri->signed_descriptor_len, + conn)); + } + smartlist_free(descs); + return 0; + } + if (!strcmpstart(url,"/tor/rendezvous/") || !strcmpstart(url,"/tor/rendezvous1/")) { /* rendezvous descriptor fetch */ diff --git a/src/or/dirserv.c b/src/or/dirserv.c index ad126e6fc1..3acd954ea6 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -22,11 +22,14 @@ extern long stats_n_seconds_working; /** Do we need to regenerate the directory when someone asks for it? */ static int the_directory_is_dirty = 1; static int runningrouters_is_dirty = 1; +static int networkstatus_v2_is_dirty = 1; static void directory_remove_invalid(void); static int dirserv_regenerate_directory(void); +static char *format_versions_list(config_line_t *ln); /* Should be static; exposed for testing */ int add_fingerprint_to_dir(const char *nickname, const char *fp, smartlist_t *list); +static int router_is_general_exit(routerinfo_t *ri); /************** Fingerprint handling code ************/ @@ -660,6 +663,55 @@ dirserv_remove_old_servers(int age) } } +/* DOCDOC */ +static char * +format_versions_list(config_line_t *ln) +{ + smartlist_t *versions; + char *result; + versions = smartlist_create(); + for ( ; ln; ln = ln->next) { + smartlist_split_string(versions, ln->value, ",", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); + } + result = smartlist_join_strings(versions,",",0,NULL); + SMARTLIST_FOREACH(versions,char *,s,tor_free(s)); + smartlist_free(versions); + return result; +} + +/* DOCDOC */ +static int +append_signature(char *buf, size_t buf_len, const char *digest, + crypto_pk_env_t *private_key) +{ + char signature[PK_BYTES]; + int i; + + if (crypto_pk_private_sign(private_key, signature, digest, DIGEST_LEN) < 0) { + + log_fn(LOG_WARN,"Couldn't sign digest."); + return -1; + } + if (strlcat(buf, "-----BEGIN SIGNATURE-----\n", buf_len) >= buf_len) + goto truncated; + + i = strlen(buf); + if (base64_encode(buf+i, buf_len-i, signature, 128) < 0) { + log_fn(LOG_WARN,"couldn't base64-encode signature"); + tor_free(buf); + return -1; + } + + if (strlcat(buf, "-----END SIGNATURE-----\n", buf_len) >= buf_len) + goto truncated; + + return 0; + truncated: + log_fn(LOG_WARN,"tried to exceed string length."); + return -1; +} + /** Generate a new directory and write it into a newly allocated string. * Point *dir_out to the allocated string. Sign the * directory with private_key. Return 0 on success, -1 on @@ -672,13 +724,11 @@ dirserv_dump_directory_to_string(char **dir_out, char *router_status; char *identity_pkey; /* Identity key, DER64-encoded. */ char *recommended_versions; - char digest[20]; - char signature[128]; - char published[33]; + char digest[DIGEST_LEN]; + char published[ISO_TIME_LEN+1]; time_t published_on; char *buf = NULL; size_t buf_len; - int i; size_t identity_pkey_len; tor_assert(dir_out); @@ -696,18 +746,7 @@ dirserv_dump_directory_to_string(char **dir_out, return -1; } - { - smartlist_t *versions; - config_line_t *ln; - versions = smartlist_create(); - for (ln = get_options()->RecommendedVersions; ln; ln = ln->next) { - smartlist_split_string(versions, ln->value, ",", - SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); - } - recommended_versions = smartlist_join_strings(versions,",",0,NULL); - SMARTLIST_FOREACH(versions,char *,s,tor_free(s)); - smartlist_free(versions); - } + recommended_versions = format_versions_list(get_options()->RecommendedVersions); dirserv_remove_old_servers(ROUTER_MAX_AGE); published_on = time(NULL); @@ -755,25 +794,10 @@ dirserv_dump_directory_to_string(char **dir_out, tor_free(buf); return -1; } - if (crypto_pk_private_sign(private_key, signature, digest, 20) < 0) { - log_fn(LOG_WARN,"couldn't sign digest"); + if (append_signature(buf,buf_len,digest,private_key)<0) { tor_free(buf); return -1; } - log(LOG_DEBUG,"generated directory digest begins with %s",hex_str(digest,4)); - - if (strlcat(buf, "-----BEGIN SIGNATURE-----\n", buf_len) >= buf_len) - goto truncated; - - i = strlen(buf); - if (base64_encode(buf+i, buf_len-i, signature, 128) < 0) { - log_fn(LOG_WARN,"couldn't base64-encode signature"); - tor_free(buf); - return -1; - } - - if (strlcat(buf, "-----END SIGNATURE-----\n", buf_len) >= buf_len) - goto truncated; *dir_out = buf; return 0; @@ -783,12 +807,6 @@ dirserv_dump_directory_to_string(char **dir_out, return -1; } -/** Most recently generated encoded signed directory. */ -static char *the_directory = NULL; -static size_t the_directory_len = 0; -static char *the_directory_z = NULL; -static size_t the_directory_z_len = 0; - /** DOCDOC */ typedef struct cached_dir_t { char *dir; @@ -798,21 +816,22 @@ typedef struct cached_dir_t { time_t published; } cached_dir_t; +/** Most recently generated encoded signed directory. (auth dirservers only.)*/ +static cached_dir_t the_directory = { NULL, NULL, 0, 0, 0 }; + /* used only by non-auth dirservers */ static cached_dir_t cached_directory = { NULL, NULL, 0, 0, 0 }; static cached_dir_t cached_runningrouters = { NULL, NULL, 0, 0, 0 }; -/** If we have no cached directory, or it is older than when, then - * replace it with directory, published at when. - */ -void -dirserv_set_cached_directory(const char *directory, time_t when, - int is_running_routers) +/* Used for other dirservers' network statuses. Map from hexdigest to + * cached_dir_t. */ +static strmap_t *cached_v2_networkstatus = NULL; + +/** DOCDOC */ +static void +set_cached_dir(cached_dir_t *d, const char *directory, time_t when) { - time_t now; - cached_dir_t *d; - now = time(NULL); - d = is_running_routers ? &cached_runningrouters : &cached_directory; + time_t now = time(NULL); if (when<=d->published) { log_fn(LOG_INFO, "Ignoring old directory; not caching."); } else if (when>=now+ROUTER_MAX_AGE) { @@ -829,13 +848,105 @@ dirserv_set_cached_directory(const char *directory, time_t when, log_fn(LOG_WARN,"Error compressing cached directory"); } d->published = when; - if (!is_running_routers) { - char filename[512]; - tor_snprintf(filename,sizeof(filename),"%s/cached-directory", get_options()->DataDirectory); - if (write_str_to_file(filename,cached_directory.dir,0) < 0) { - log_fn(LOG_NOTICE, "Couldn't write cached directory to disk. Ignoring."); + } +} + +static void +clear_cached_dir(cached_dir_t *d) +{ + tor_free(d->dir); + tor_free(d->dir_z); + memset(d, 0, sizeof(cached_dir_t)); +} + +static void +free_cached_dir(void *_d) +{ + cached_dir_t *d = (cached_dir_t *)_d; + clear_cached_dir(d); + tor_free(d); +} + +/** If we have no cached directory, or it is older than when, then + * replace it with directory, published at when. + */ +void +dirserv_set_cached_directory(const char *directory, time_t published, + int is_running_routers) +{ + cached_dir_t *d; + d = is_running_routers ? &cached_runningrouters : &cached_directory; + set_cached_dir(d, directory, published); + if (!is_running_routers) { + char filename[512]; + tor_snprintf(filename,sizeof(filename),"%s/cached-directory", get_options()->DataDirectory); + if (write_str_to_file(filename,cached_directory.dir,0) < 0) { + log_fn(LOG_NOTICE, "Couldn't write cached directory to disk. Ignoring."); + } + } +} + +/** DOCDOC */ +void +dirserv_set_cached_networkstatus_v2(const char *directory, const char *fp, + time_t published) +{ + cached_dir_t *d; + char fname[512]; + if (!cached_v2_networkstatus) + cached_v2_networkstatus = strmap_new(); + + tor_assert(strlen(fp) == HEX_DIGEST_LEN); + + if (!(d = strmap_get(cached_v2_networkstatus, fp))) { + d = tor_malloc_zero(sizeof(cached_dir_t)); + strmap_set(cached_v2_networkstatus, fp, d); + } + + tor_assert(d); + set_cached_dir(d, directory, published); + + if (!d->dir) + return; + + tor_snprintf(fname,sizeof(fname), "%s/cached-status/%s", + get_options()->DataDirectory, fp); + if (write_str_to_file(fname, d->dir, 0)<0) { + log_fn(LOG_NOTICE, "Couldn't write cached network status to disk. Ignoring."); + } +} + +static size_t +dirserv_get_obj(const char **out, int compress, + cached_dir_t *cache_src, + cached_dir_t *auth_src, + time_t dirty, int (*regenerate)(void), + const char *name) +{ + cached_dir_t *d; + if (!get_options()->AuthoritativeDir || !auth_src) { + d = cache_src; + } else { + if (regenerate != NULL) { + if (dirty && dirty + DIR_REGEN_SLACK_TIME < time(NULL)) { + if (regenerate()) { + log_fn(LOG_ERR, "Couldn't generate %s?", name); + exit(1); + } + } else { + log_fn(LOG_INFO, "The %s is still clean; reusing.", name); } } + d = auth_src; + } + if (!d) + return 0; + *out = compress ? d->dir_z : d->dir; + if (*out) { + return compress ? d->dir_z_len : d->dir_len; + } else { + /* not yet available. */ + return 0; } } @@ -845,25 +956,11 @@ dirserv_set_cached_directory(const char *directory, time_t when, size_t dirserv_get_directory(const char **directory, int compress) { - if (!get_options()->AuthoritativeDir) { - cached_dir_t *d = &cached_directory; - *directory = compress ? d->dir_z : d->dir; - if (*directory) { - return compress ? d->dir_z_len : d->dir_len; - } else { - /* no directory yet retrieved */ - return 0; - } - } - if (the_directory_is_dirty && - the_directory_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL)) { - if (dirserv_regenerate_directory()) - return 0; - } else { - log(LOG_INFO,"Directory still clean, reusing."); - } - *directory = compress ? the_directory_z : the_directory; - return compress ? the_directory_z_len : the_directory_len; + return dirserv_get_obj(directory, compress, + &cached_directory, &the_directory, + the_directory_is_dirty, + dirserv_regenerate_directory, + "server directory"); } /** @@ -880,45 +977,31 @@ dirserv_regenerate_directory(void) tor_free(new_directory); return -1; } - tor_free(the_directory); - the_directory = new_directory; - the_directory_len = strlen(the_directory); - log_fn(LOG_INFO,"New directory (size %d):\n%s",(int)the_directory_len, - the_directory); - tor_free(the_directory_z); - if (tor_gzip_compress(&the_directory_z, &the_directory_z_len, - the_directory, the_directory_len, - ZLIB_METHOD)) { - log_fn(LOG_WARN, "Error gzipping directory."); - return -1; - } + set_cached_dir(&the_directory, new_directory, time(NULL)); + log_fn(LOG_INFO,"New directory (size %d):\n%s",(int)the_directory.dir_len, + the_directory.dir); the_directory_is_dirty = 0; /* Save the directory to disk so we re-load it quickly on startup. */ - dirserv_set_cached_directory(the_directory, time(NULL), 0); + dirserv_set_cached_directory(the_directory.dir, time(NULL), 0); return 0; } -static char *the_runningrouters=NULL; -static size_t the_runningrouters_len=0; -static char *the_runningrouters_z=NULL; -static size_t the_runningrouters_z_len=0; +static cached_dir_t the_runningrouters = { NULL, NULL, 0, 0, 0 }; /** Replace the current running-routers list with a newly generated one. */ static int -generate_runningrouters(crypto_pk_env_t *private_key) +generate_runningrouters(void) { - char *s=NULL, *cp; + char *s=NULL; char *router_status=NULL; char digest[DIGEST_LEN]; - char signature[PK_BYTES]; - int i; - char published[33]; + char published[ISO_TIME_LEN+1]; size_t len; - time_t published_on; + crypto_pk_env_t *private_key = get_identity_key(); char *identity_pkey; /* Identity key, DER64-encoded. */ size_t identity_pkey_len; @@ -933,49 +1016,27 @@ generate_runningrouters(crypto_pk_env_t *private_key) log_fn(LOG_WARN,"write identity_pkey to string failed!"); goto err; } - published_on = time(NULL); - format_iso_time(published, published_on); + format_iso_time(published, time(NULL)); len = 2048+strlen(router_status); s = tor_malloc_zero(len); - tor_snprintf(s, len, "network-status\n" - "published %s\n" - "router-status %s\n" - "dir-signing-key\n%s" - "directory-signature %s\n" - "-----BEGIN SIGNATURE-----\n", - published, router_status, identity_pkey, get_options()->Nickname); + tor_snprintf(s, len, + "network-status\n" + "published %s\n" + "router-status %s\n" + "dir-signing-key\n%s" + "directory-signature %s\n", + published, router_status, identity_pkey, get_options()->Nickname); tor_free(router_status); tor_free(identity_pkey); if (router_get_runningrouters_hash(s,digest)) { log_fn(LOG_WARN,"couldn't compute digest"); goto err; } - if (crypto_pk_private_sign(private_key, signature, digest, 20) < 0) { - log_fn(LOG_WARN,"couldn't sign digest"); + if (append_signature(s, len, digest, private_key)<0) goto err; - } - i = strlen(s); - cp = s+i; - if (base64_encode(cp, len-i, signature, 128) < 0) { - log_fn(LOG_WARN,"couldn't base64-encode signature"); - goto err; - } - if (strlcat(s, "-----END SIGNATURE-----\n", len) >= len) { - goto err; - } - - tor_free(the_runningrouters); - the_runningrouters = s; - the_runningrouters_len = strlen(s); - tor_free(the_runningrouters_z); - if (tor_gzip_compress(&the_runningrouters_z, &the_runningrouters_z_len, - the_runningrouters, the_runningrouters_len, - ZLIB_METHOD)) { - log_fn(LOG_WARN, "Error gzipping runningrouters"); - return -1; - } + set_cached_dir(&the_runningrouters, s, time(NULL)); runningrouters_is_dirty = 0; /* We don't cache running-routers to disk, so there's no point in @@ -995,25 +1056,255 @@ generate_runningrouters(crypto_pk_env_t *private_key) size_t dirserv_get_runningrouters(const char **rr, int compress) { - if (!get_options()->AuthoritativeDir) { - cached_dir_t *d = &cached_runningrouters; - *rr = compress ? d->dir_z : d->dir; - if (*rr) { - return compress ? d->dir_z_len : d->dir_len; - } else { - /* no directory yet retrieved */ - return 0; + return dirserv_get_obj(rr, compress, + &cached_runningrouters, &the_runningrouters, + runningrouters_is_dirty, + generate_runningrouters, + "v1 network status list"); +} + +/** DOCDOC */ +static int +router_is_general_exit(routerinfo_t *ri) +{ + static const int ports[] = { 80, 443, 194 }; + int n_allowed = 3; + int i; + for (i = 0; i < 3; ++i) { + struct addr_policy_t *policy = ri->exit_policy; + for ( ; policy; policy = policy->next) { + if (policy->prt_min > ports[i] || policy->prt_max < ports[i]) + continue; /* Doesn't cover our port. */ + if ((policy->msk & 0x00fffffful) != 0) + continue; /* Wider than /8. */ + if ((policy->addr & 0xff000000ul) == 0x7f000000ul) + continue; /* 127.x */ + /* We have a match that is wider than /24. */ + if (policy->policy_type != ADDR_POLICY_ACCEPT) + --n_allowed; + break; } } - if (runningrouters_is_dirty && - runningrouters_is_dirty + DIR_REGEN_SLACK_TIME < time(NULL)) { - if (generate_runningrouters(get_identity_key())) { - log_fn(LOG_ERR, "Couldn't generate running-routers list?"); - return 0; - } + return n_allowed > 0; +} + +static cached_dir_t the_v2_networkstatus = { NULL, NULL, 0, 0, 0 }; + +static int +generate_v2_networkstatus(void) +{ +#define BASE64_DIGEST_LEN 29 +#define LONGEST_STATUS_FLAG_NAME_LEN 7 +#define N_STATUS_FLAGS 6 +#define RS_ENTRY_LEN \ + ( /* first line */ \ + MAX_NICKNAME_LEN+BASE64_DIGEST_LEN*2+ISO_TIME_LEN+INET_NTOA_BUF_LEN+ \ + 5*2 /* ports */ + 10 /* punctuation */ + \ + /* second line */ \ + (LONGEST_STATUS_FLAG_NAME_LEN+1)*N_STATUS_FLAGS + 2) + + int r = -1; + size_t len, identity_pkey_len; + char *status = NULL, *client_versions = NULL, *server_versions = NULL, + *identity_pkey = NULL, *hostname = NULL; + char *outp, *endp; + or_options_t *options = get_options(); + char fingerprint[FINGERPRINT_LEN+1]; + char ipaddr[INET_NTOA_BUF_LEN+1]; + char published[ISO_TIME_LEN]; + char digest[DIGEST_LEN]; + struct in_addr in; + uint32_t addr; + crypto_pk_env_t *private_key = get_identity_key(); + + if (resolve_my_address(options, &addr, &hostname)<0) { + log_fn(LOG_WARN, "Couldn't resolve my hostname"); + goto done; + } + in.s_addr = htonl(addr); + tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr)); + + format_iso_time(published, time(NULL)); + + client_versions = format_versions_list(options->RecommendedClientVersions); + server_versions = format_versions_list(options->RecommendedServerVersions); + + if (crypto_pk_write_public_key_to_string(private_key, &identity_pkey, + &identity_pkey_len)<0) { + log_fn(LOG_WARN,"Writing public key to string failed."); + goto done; + } + + if (crypto_pk_get_fingerprint(private_key, fingerprint, 0)<0) { + log_fn(LOG_ERR, "Error computing fingerprint"); + return -1; + } + + len = 2048+strlen(client_versions)+strlen(server_versions)+identity_pkey_len*2; + len += (RS_ENTRY_LEN)*smartlist_len(descriptor_list) ; + + status = tor_malloc(len); + tor_snprintf(status, len, + "network-status-version 2\n" + "dir-source %s %s %d\n" + "dir-fingerprint %s\n" + "published %s\n" + "dir-options %s\n" + "client-versions %s\n" + "server-versions %s\n" + "dir-signing-key\n%s\n", + hostname, ipaddr, (int)options->DirPort, + fingerprint, + published, + "Names", + client_versions, + server_versions, + identity_pkey); + outp = status + strlen(status); + endp = status + len; + + SMARTLIST_FOREACH(descriptor_list, routerinfo_t *, ri, { + int f_exit = router_is_general_exit(ri); + int f_stable = !router_is_unreliable(ri, 1, 0); + int f_fast = !router_is_unreliable(ri, 0, 1); + int f_running; + int f_named = ri->is_verified; + int f_valid = f_named; + char identity64[128]; + char digest64[128]; + + if (options->AuthoritativeDir) { + connection_t *conn = connection_get_by_identity_digest( + ri->identity_digest, CONN_TYPE_OR); + f_running = (router_is_me(ri) && !we_are_hibernating()) || + (conn && conn->state == OR_CONN_STATE_OPEN); + } else { + f_running = ri->is_running; + } + + format_iso_time(published, ri->published_on); + + if (base64_encode(identity64, sizeof(identity64), + ri->identity_digest, DIGEST_LEN)<0) + goto done; + if (base64_encode(digest64, sizeof(digest64), + ri->signed_descriptor_digest, DIGEST_LEN)<0) + goto done; + identity64[BASE64_DIGEST_LEN] = '\0'; + digest64[BASE64_DIGEST_LEN] = '\0'; + + in.s_addr = htonl(ri->addr); + tor_inet_ntoa(&in, ipaddr, sizeof(ipaddr)); + + if (tor_snprintf(outp, endp-outp, + "r %s %s %s %s %s %d %d\n" + "s%s%s%s%s%s%s\n", + ri->nickname, + identity64, + digest64, + published, + ipaddr, + ri->or_port, + ri->dir_port, + f_exit?" Exit":"", + f_stable?" Stable":"", + f_fast?" Fast":"", + f_running?" Running":"", + f_named?" Named":"", + f_valid?" Valid":"")<0) { + log_fn(LOG_WARN, "Unable to print router status."); + goto done; + } + outp += strlen(outp); + }); + + if (tor_snprintf(outp, endp-outp, "directory-signature %s\n", + get_options()->Nickname)<0) { + log_fn(LOG_WARN, "Unable to write signature line."); + goto done; + } + + if (router_get_networkstatus_v2_hash(status, digest)<0) { + log_fn(LOG_WARN, "Unable to hash network status"); + goto done; + } + + if (append_signature(outp,endp-outp,digest,private_key)<0) + goto done; + + set_cached_dir(&the_v2_networkstatus, status, time(NULL)); + dirserv_set_cached_networkstatus_v2(status, fingerprint, time(NULL)); + + r = 0; + done: + tor_free(client_versions); + tor_free(server_versions); + tor_free(status); + tor_free(hostname); + tor_free(identity_pkey); + return r; +} + +size_t +dirserv_get_networkstatus_v2(const char **directory, const char *key, + int compress) +{ + *directory = NULL; + if (!(strcmp(key,"authority"))) { + if (get_options()->AuthoritativeDir) { + return dirserv_get_obj(directory, compress, NULL, + &the_v2_networkstatus, + networkstatus_v2_is_dirty, + generate_v2_networkstatus, + "network status list"); + } + } else if (!strcmp(key, "all")) { + // XXXX NM + return dirserv_get_networkstatus_v2(directory, "authority", compress); + } else if (strlen(key)==HEX_DIGEST_LEN) { + cached_dir_t *cached = strmap_get(cached_v2_networkstatus, key); + if (cached) + return dirserv_get_obj(directory, compress, cached, NULL, 0, NULL, + "cached network status"); + } + return 0; +} + +void +dirserv_get_routerdescs(smartlist_t *descs_out, const char *key) +{ + + if (!strcmp(key, "/tor/server/all")) { + smartlist_add_all(descs_out, descriptor_list); + } else if (!strcmp(key, "/tor/server/authority")) { + routerinfo_t *ri = router_get_my_routerinfo(); + if (ri) + smartlist_add(descs_out, ri); + } else if (!strcmpstart(key, "/tor/server/fp/")) { + smartlist_t *hexdigests = smartlist_create(); + smartlist_t *digests = smartlist_create(); + key += strlen("/tor/server/fp/"); + smartlist_split_string(hexdigests, key, "+", 0, 0); + SMARTLIST_FOREACH(hexdigests, char *, cp, + { + char *d; + if (strlen(cp) != HEX_DIGEST_LEN) + continue; + d = tor_malloc_zero(DIGEST_LEN); + base16_decode(d, DIGEST_LEN, cp, HEX_DIGEST_LEN); + tor_free(cp); + smartlist_add(digests, d); + }); + smartlist_free(hexdigests); + SMARTLIST_FOREACH(descriptor_list, routerinfo_t *, ri, + SMARTLIST_FOREACH(digests, const char *, d, + if (!memcmp(d,ri->identity_digest,DIGEST_LEN)) { + smartlist_add(descs_out,ri); + break; + })); + SMARTLIST_FOREACH(digests, char *, d, tor_free(d)); + smartlist_free(digests); } - *rr = compress ? the_runningrouters_z : the_runningrouters; - return compress ? the_runningrouters_z_len : the_runningrouters_len; } /** Called when a TLS handshake has completed successfully with a @@ -1087,19 +1378,11 @@ dirserv_free_all(void) smartlist_free(descriptor_list); descriptor_list = NULL; } - tor_free(the_directory); - tor_free(the_directory_z); - the_directory_len = 0; - the_directory_z_len = 0; - tor_free(the_runningrouters); - tor_free(the_runningrouters_z); - the_runningrouters_len = 0; - the_runningrouters_z_len = 0; - tor_free(cached_directory.dir); - tor_free(cached_directory.dir_z); - tor_free(cached_runningrouters.dir); - tor_free(cached_runningrouters.dir_z); - memset(&cached_directory, 0, sizeof(cached_directory)); - memset(&cached_runningrouters, 0, sizeof(cached_runningrouters)); + clear_cached_dir(&the_directory); + clear_cached_dir(&the_runningrouters); + clear_cached_dir(&cached_directory); + clear_cached_dir(&cached_runningrouters); + strmap_free(cached_v2_networkstatus, free_cached_dir); + cached_v2_networkstatus = NULL; } diff --git a/src/or/or.h b/src/or/or.h index 35c883eda6..a9bf51622c 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -708,6 +708,8 @@ typedef struct addr_policy_t { /** Information about another onion router in the network. */ typedef struct { char *signed_descriptor; /**< The original signed descriptor for this router*/ + size_t signed_descriptor_len; /**< The length of signed_descriptor */ + char signed_descriptor_digest[DIGEST_LEN]; /**< The digest of the signed descriptor. */ char *address; /**< Location of OR: either a hostname or an IP address. */ char *nickname; /**< Human-readable OR name. */ @@ -1078,6 +1080,8 @@ typedef struct { /** Directory server only: which versions of * Tor should we tell users to run? */ config_line_t *RecommendedVersions; + config_line_t *RecommendedClientVersions; + config_line_t *RecommendedServerVersions; /** Whether dirservers refuse router descriptors with private IPs. */ int DirAllowPrivateAddresses; char *User; /**< Name of user to run Tor as. */ @@ -1360,7 +1364,8 @@ const char *safe_str(const char *address); int config_get_lines(char *string, config_line_t **result); void config_free_lines(config_line_t *front); int options_trial_assign(config_line_t *list, int reset); -int resolve_my_address(or_options_t *options, uint32_t *addr); +int resolve_my_address(or_options_t *options, uint32_t *addr, + char **hostname_out); void options_init(or_options_t *options); int options_init_from_torrc(int argc, char **argv); int options_init_logs(or_options_t *options, int validate_only); @@ -1635,6 +1640,11 @@ size_t dirserv_get_directory(const char **cp, int compress); size_t dirserv_get_runningrouters(const char **rr, int compress); void dirserv_set_cached_directory(const char *directory, time_t when, int is_running_routers); +void dirserv_set_cached_networkstatus_v2(const char *directory, const char *fp, + time_t published); +size_t dirserv_get_networkstatus_v2(const char **directory, const char *key, + int compress); +void dirserv_get_routerdescs(smartlist_t *descs_out, const char *key); void dirserv_orconn_tls_done(const char *address, uint16_t or_port, const char *digest_rcvd, @@ -2023,6 +2033,7 @@ typedef struct tor_version_t { int router_get_router_hash(const char *s, char *digest); int router_get_dir_hash(const char *s, char *digest); int router_get_runningrouters_hash(const char *s, char *digest); +int router_get_networkstatus_v2_hash(const char *s, char *digest); int router_parse_list_from_string(const char **s, routerlist_t **dest, smartlist_t *good_nickname_list, diff --git a/src/or/router.c b/src/or/router.c index 1244e9e3df..174f96f7fb 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -728,7 +728,7 @@ router_rebuild_descriptor(int force) if (desc_clean_since && !force) return 0; - if (resolve_my_address(options, &addr) < 0) { + if (resolve_my_address(options, &addr, NULL) < 0) { log_fn(LOG_WARN,"options->Address didn't resolve into an IP."); return -1; } @@ -774,6 +774,9 @@ router_rebuild_descriptor(int force) log_fn(LOG_WARN, "Couldn't dump router to string."); return -1; } + ri->signed_descriptor_len = strlen(ri->signed_descriptor); + crypto_digest(ri->signed_descriptor_digest, + ri->signed_descriptor, ri->signed_descriptor_len); if (desc_routerinfo) routerinfo_free(desc_routerinfo); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 73e2ca8f96..6ebd5ff296 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -179,6 +179,14 @@ router_get_runningrouters_hash(const char *s, char *digest) "network-status","\ndirectory-signature"); } +/** DOCDOC */ +int +router_get_networkstatus_v2_hash(const char *s, char *digest) +{ + return router_get_hash_impl(s,digest, + "network-status-version","\ndirectory-signature"); +} + /** * Find the first instance of "recommended-software ...\n" at the start of * a line; return a newly allocated string containing the "..." portion. @@ -857,6 +865,8 @@ router_parse_entry_from_string(const char *s, const char *end) router = tor_malloc_zero(sizeof(routerinfo_t)); router->signed_descriptor = tor_strndup(s, end-s); + router->signed_descriptor_len = end-s; + crypto_digest(router->signed_descriptor_digest, s, end-s); ports_set = bw_set = 0; if (tok->n_args == 2 || tok->n_args == 5 || tok->n_args == 6) {