nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-23 20:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'tor-github/pr/1477'

Browse Source
This commit is contained in:
teor 2019-11-05 14:23:10 +10:00
commit 6169469546
No known key found for this signature in database
GPG Key ID: 10FEAA0E7075672A
175 changed files with 4000 additions and 2033 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile.am
View File

@ -488,19 +488,19 @@ version:
.PHONY: autostyle-ifdefs
autostyle-ifdefs:
$(PYTHON) scripts/maint/annotate_ifdef_directives.py $(OWNED_TOR_C_FILES)
$(PYTHON) $(top_srcdir)/scripts/maint/annotate_ifdef_directives.py $(OWNED_TOR_C_FILES)
.PHONY: autostyle-ifdefs
autostyle-operators:
$(PERL) scripts/coccinelle/test-operator-cleanup $(OWNED_TOR_C_FILES)
$(PERL) $(top_srcdir)/scripts/coccinelle/test-operator-cleanup $(OWNED_TOR_C_FILES)
.PHONY: rectify-includes
rectify-includes:
$(PYTHON) scripts/maint/rectify_include_paths.py
$(PYTHON) $(top_srcdir)/scripts/maint/rectify_include_paths.py
.PHONY: update-copyright
update-copyright:
$(PERL) scripts/maint/updateCopyright.pl $(OWNED_TOR_C_FILES)
$(PERL) $(top_srcdir)/scripts/maint/updateCopyright.pl $(OWNED_TOR_C_FILES)
.PHONY: autostyle
autostyle: update-versions rustfmt autostyle-ifdefs rectify-includes

20
changes/bug32213 Normal file
View File

@ -0,0 +1,20 @@
o Minor bugfixes (dirauth module):
- When the dirauth module is disabled, reject attempts to set the
AuthoritativeDir option, rather than ignoring the value of the
option. Fixes bug 32213; bugfix on 0.3.4.1-alpha.
- Split the dirauth config code into a separate file in the dirauth
module. Disable this code when the dirauth module is disabled.
Closes ticket 32213.
o Minor features (relay module):
- When the relay module is disabled, reject attempts to set the
ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or
ServerTransport* options, rather than ignoring the values of these
options. Closes ticket 32213.
- Split the relay and server pluggable transport config code into
separate files in the relay module. Disable this code when the relay
module is disabled. Closes ticket 32213.
o Code simplification and refactoring:
- Simplify some relay and dirauth config code. Closes ticket 32213.
o Testing:
- Improve test coverage for relay and dirauth config code, focusing on
option validation and normalization. Closes ticket 32213.

6
changes/bug32352 Normal file
View File

@ -0,0 +1,6 @@
o Minor bugfixes (config):
- When dumping the config, stop adding a trailing space after the option
name, when there is no option value. This issue only affects options
that accept an empty value or list. (Most options reject empty values,
or delete the entire line from the dumped options.)
Fixes bug 32352; bugfix on 0.0.9pre6.

4
changes/bug32368 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes (test):
- Use the same code to find the tor binary in all of our test scripts.
This change makes sure we are always using the coverage binary, when
coverage is enabled. Fixes bug 32368; bugfix on 0.2.7.3-rc.

3
changes/bug32370 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (build):
- Fix "make autostyle" for out-of-tree builds.
Fixes bug 32370; bugfix on 0.4.1.2-alpha.

3
changes/bug32371 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (scripts):
- Fix update_versions.py for out-of-tree builds.
Fixes bug 32371; bugfix on 0.4.0.1-alpha.

3
changes/ticket32213_parseconf Normal file
View File

@ -0,0 +1,3 @@
o Testing:
- Improve the consistency of test_parseconf.sh output, and run all the
tests, even if one fails. Closes ticket 32213.

30
scripts/maint/practracker/exceptions.txt
View File

@ -33,25 +33,25 @@
#
# Remember: It is better to fix the problem than to add a new exception!
problem file-size /src/app/config/config.c 8459
problem include-count /src/app/config/config.c 89
problem file-size /src/app/config/config.c 7223
problem include-count /src/app/config/config.c 80
problem function-size /src/app/config/config.c:options_act_reversible() 296
problem function-size /src/app/config/config.c:options_act() 589
problem function-size /src/app/config/config.c:options_act() 381
problem function-size /src/app/config/config.c:resolve_my_address() 190
problem function-size /src/app/config/config.c:options_validate_cb() 1209
problem function-size /src/app/config/config.c:options_init_from_torrc() 207
problem function-size /src/app/config/config.c:options_init_from_string() 113
problem function-size /src/app/config/config.c:options_init_logs() 145
problem function-size /src/app/config/config.c:options_validate_cb() 785
problem function-size /src/app/config/config.c:options_init_from_torrc() 188
problem function-size /src/app/config/config.c:options_init_from_string() 103
problem function-size /src/app/config/config.c:options_init_logs() 125
problem function-size /src/app/config/config.c:parse_bridge_line() 104
problem function-size /src/app/config/config.c:parse_transport_line() 189
problem function-size /src/app/config/config.c:pt_parse_transport_line() 189
problem function-size /src/app/config/config.c:parse_dir_authority_line() 150
problem function-size /src/app/config/config.c:parse_dir_fallback_line() 101
problem function-size /src/app/config/config.c:parse_port_config() 446
problem function-size /src/app/config/config.c:parse_ports() 168
problem file-size /src/app/config/or_options_st.h 1121
problem function-size /src/app/config/config.c:port_parse_config() 446
problem function-size /src/app/config/config.c:parse_ports() 132
problem file-size /src/app/config/or_options_st.h 1117
problem include-count /src/app/main/main.c 68
problem function-size /src/app/main/main.c:dumpstats() 102
problem function-size /src/app/main/main.c:tor_init() 137
problem function-size /src/app/main/main.c:tor_init() 111
problem function-size /src/app/main/main.c:sandbox_init_filter() 291
problem function-size /src/app/main/main.c:run_tor_main_loop() 105
problem function-size /src/app/main/ntmain.c:nt_service_install() 126
@ -204,7 +204,7 @@ problem function-size /src/feature/control/control_cmd.c:add_onion_helper_keyarg
problem function-size /src/feature/control/control_events.c:control_event_stream_status() 118
problem include-count /src/feature/control/control_getinfo.c 54
problem function-size /src/feature/control/control_getinfo.c:getinfo_helper_misc() 108
problem function-size /src/feature/control/control_getinfo.c:getinfo_helper_dir() 302
problem function-size /src/feature/control/control_getinfo.c:getinfo_helper_dir() 297
problem function-size /src/feature/control/control_getinfo.c:getinfo_helper_events() 234
problem function-size /src/feature/dirauth/bwauth.c:dirserv_read_measured_bandwidths() 121
problem file-size /src/feature/dirauth/dirvote.c 4700
@ -257,7 +257,7 @@ problem function-size /src/feature/hs/hs_descriptor.c:decrypt_desc_layer() 111
problem function-size /src/feature/hs/hs_descriptor.c:decode_introduction_point() 122
problem function-size /src/feature/hs/hs_descriptor.c:desc_decode_superencrypted_v3() 107
problem function-size /src/feature/hs/hs_descriptor.c:desc_decode_encrypted_v3() 107
problem file-size /src/feature/hs/hs_service.c 4182
problem file-size /src/feature/hs/hs_service.c 4172
problem function-size /src/feature/keymgt/loadkey.c:ed_key_init_from_file() 326
problem function-size /src/feature/nodelist/authcert.c:trusted_dirs_load_certs_from_string() 123
problem function-size /src/feature/nodelist/authcert.c:authority_certs_fetch_missing() 295
@ -320,7 +320,7 @@ problem function-size /src/lib/net/address.c:tor_addr_compare_masked() 110
problem function-size /src/lib/net/inaddr.c:tor_inet_pton() 107
problem function-size /src/lib/net/socketpair.c:tor_ersatz_socketpair() 102
problem function-size /src/lib/osinfo/uname.c:get_uname() 116
problem function-size /src/lib/process/process_unix.c:process_unix_exec() 220
problem function-size /src/lib/process/process_unix.c:process_unix_exec() 213
problem function-size /src/lib/process/process_win32.c:process_win32_exec() 151
problem function-size /src/lib/process/process_win32.c:process_win32_create_pipe() 109
problem function-size /src/lib/process/restrict.c:set_max_file_descriptors() 102

2
scripts/maint/update_versions.py
View File

@ -95,7 +95,7 @@ def update_file(fname,
replace_on_change(fname, have_changed)
# Find out our version
with open("configure.ac") as f:
with open(P("configure.ac")) as f:
version = find_version(f)
# If we have no version, we can't proceed.

1557
src/app/config/config.c
View File

File diff suppressed because it is too large Load Diff

55
src/app/config/config.h
View File

@ -31,7 +31,6 @@
#define MAX_DEFAULT_MEMORY_QUEUE_SIZE (UINT64_C(2) << 30)
#endif
MOCK_DECL(const char*, get_dirportfrontpage, (void));
MOCK_DECL(const or_options_t *, get_options, (void));
MOCK_DECL(or_options_t *, get_options_mutable, (void));
int set_options(or_options_t *new_val, char **msg);
@ -163,6 +162,8 @@ int write_to_data_subdir(const char* subdir, const char* fname,
int get_num_cpus(const or_options_t *options);
MOCK_DECL(const smartlist_t *,get_configured_ports,(void));
int port_binds_ipv4(const port_cfg_t *port);
int port_binds_ipv6(const port_cfg_t *port);
int get_first_advertised_port_by_type_af(int listener_type,
int address_family);
#define get_primary_or_port() \
@ -181,17 +182,10 @@ char *get_first_listener_addrport_string(int listener_type);
int options_need_geoip_info(const or_options_t *options,
const char **reason_out);
smartlist_t *get_list_of_ports_to_forward(void);
int getinfo_helper_config(control_connection_t *conn,
const char *question, char **answer,
const char **errmsg);
uint32_t get_effective_bwrate(const or_options_t *options);
uint32_t get_effective_bwburst(const or_options_t *options);
char *get_transport_bindaddr_from_config(const char *transport);
int init_cookie_authentication(const char *fname, const char *header,
int cookie_len, int group_readable,
uint8_t **cookie_out, int *cookie_is_set_out);
@ -246,14 +240,16 @@ void bridge_line_free_(bridge_line_t *bridge_line);
#define bridge_line_free(line) \
FREE_AND_NULL(bridge_line_t, bridge_line_free_, (line))
bridge_line_t *parse_bridge_line(const char *line);
smartlist_t *get_options_from_transport_options_line(const char *line,
const char *transport);
smartlist_t *get_options_for_server_transport(const char *transport);
/* Port helper functions. */
int options_any_client_port_set(const or_options_t *options);
#ifdef CONFIG_PRIVATE
int port_parse_config(smartlist_t *out,
const struct config_line_t *ports,
const char *portname,
int listener_type,
const char *defaultaddr,
int defaultport,
const unsigned flags);
#define CL_PORT_NO_STREAM_OPTIONS (1u<<0)
#define CL_PORT_WARN_NONLOCAL (1u<<1)
@ -264,24 +260,32 @@ int options_any_client_port_set(const or_options_t *options);
#define CL_PORT_IS_UNIXSOCKET (1u<<6)
#define CL_PORT_DFLT_GROUP_WRITABLE (1u<<7)
port_cfg_t *port_cfg_new(size_t namelen);
#define port_cfg_free(port) \
FREE_AND_NULL(port_cfg_t, port_cfg_free_, (port))
void port_cfg_free_(port_cfg_t *port);
int port_count_real_listeners(const smartlist_t *ports,
int listenertype,
int count_sockets);
int pt_parse_transport_line(const or_options_t *options,
const char *line, int validate_only,
int server);
int config_ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg);
#ifdef CONFIG_PRIVATE
MOCK_DECL(STATIC int, options_act,(const or_options_t *old_options));
MOCK_DECL(STATIC int, options_act_reversible,(const or_options_t *old_options,
char **msg));
struct config_mgr_t;
STATIC const struct config_mgr_t *get_options_mgr(void);
STATIC port_cfg_t *port_cfg_new(size_t namelen);
#define port_cfg_free(port) \
FREE_AND_NULL(port_cfg_t, port_cfg_free_, (port))
STATIC void port_cfg_free_(port_cfg_t *port);
#define or_options_free(opt) \
FREE_AND_NULL(or_options_t, or_options_free_, (opt))
STATIC void or_options_free_(or_options_t *options);
STATIC int options_validate_single_onion(or_options_t *options,
char **msg);
STATIC int parse_transport_line(const or_options_t *options,
const char *line, int validate_only,
int server);
STATIC int consider_adding_dir_servers(const or_options_t *options,
const or_options_t *old_options);
STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type);
@ -290,17 +294,6 @@ STATIC int parse_dir_authority_line(const char *line,
dirinfo_type_t required_type,
int validate_only);
STATIC int parse_dir_fallback_line(const char *line, int validate_only);
STATIC int have_enough_mem_for_dircache(const or_options_t *options,
size_t total_mem, char **msg);
STATIC int parse_port_config(smartlist_t *out,
const struct config_line_t *ports,
const char *portname,
int listener_type,
const char *defaultaddr,
int defaultport,
const unsigned flags);
STATIC int check_bridge_distribution_setting(const char *bd);
STATIC uint64_t compute_real_max_mem_in_queues(const uint64_t val,
int log_guess);

3
src/app/config/statefile.c
View File

@ -32,6 +32,7 @@
#include "core/or/or.h"
#include "core/or/circuitstats.h"
#include "app/config/config.h"
#include "feature/relay/transport_config.h"
#include "lib/confmgt/confmgt.h"
#include "core/mainloop/mainloop.h"
#include "core/mainloop/netstatus.h"
@ -638,7 +639,7 @@ get_stored_bindaddr_for_server_transport(const char *transport)
{
/* See if the user explicitly asked for a specific listening
address for this transport. */
char *conf_bindaddr = get_transport_bindaddr_from_config(transport);
char *conf_bindaddr = pt_get_bindaddr_from_config(transport);
if (conf_bindaddr)
return conf_bindaddr;
}

2
src/app/main/shutdown.c
View File

@ -45,6 +45,7 @@
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/routerlist.h"
#include "feature/relay/ext_orport.h"
#include "feature/relay/relay_config.h"
#include "feature/rend/rendcache.h"
#include "feature/rend/rendclient.h"
#include "feature/stats/geoip_stats.h"
@ -143,6 +144,7 @@ tor_free_all(int postfork)
if (!postfork) {
config_free_all();
relay_config_free_all();
or_state_free_all();
}
if (!postfork) {

12
src/core/include.am
View File

@ -171,14 +171,17 @@ endif
LIBTOR_APP_TESTING_A_SOURCES = $(LIBTOR_APP_A_SOURCES)
# The Relay module.
MODULE_RELAY_SOURCES = \
src/feature/relay/routermode.c
MODULE_RELAY_SOURCES = \
src/feature/relay/routermode.c \
src/feature/relay/relay_config.c \
src/feature/relay/transport_config.c
# The Directory Authority module.
MODULE_DIRAUTH_SOURCES = \
MODULE_DIRAUTH_SOURCES = \
src/feature/dirauth/authmode.c \
src/feature/dirauth/bridgeauth.c \
src/feature/dirauth/bwauth.c \
src/feature/dirauth/dirauth_config.c \
src/feature/dirauth/dirauth_periodic.c \
src/feature/dirauth/dirauth_sys.c \
src/feature/dirauth/dircollate.c \
@ -336,6 +339,7 @@ noinst_HEADERS += \
src/feature/dirauth/authmode.h \
src/feature/dirauth/bridgeauth.h \
src/feature/dirauth/bwauth.h \
src/feature/dirauth/dirauth_config.h \
src/feature/dirauth/dirauth_periodic.h \
src/feature/dirauth/dirauth_sys.h \
src/feature/dirauth/dircollate.h \
@ -428,12 +432,14 @@ noinst_HEADERS += \
src/feature/relay/dns_structs.h \
src/feature/relay/ext_orport.h \
src/feature/relay/onion_queue.h \
src/feature/relay/relay_config.h \
src/feature/relay/relay_periodic.h \
src/feature/relay/relay_sys.h \
src/feature/relay/router.h \
src/feature/relay/routerkeys.h \
src/feature/relay/routermode.h \
src/feature/relay/selftest.h \
src/feature/relay/transport_config.h \
src/feature/rend/rend_authorized_client_st.h \
src/feature/rend/rend_encoded_v2_service_descriptor_st.h \
src/feature/rend/rend_intro_point_st.h \

4
src/feature/client/transports.c
View File

@ -97,6 +97,8 @@
#include "core/or/circuitbuild.h"
#include "feature/client/transports.h"
#include "feature/relay/router.h"
/* 31851: split the server transport code out of the client module */
#include "feature/relay/transport_config.h"
#include "app/config/statefile.h"
#include "core/or/connection_or.h"
#include "feature/relay/ext_orport.h"
@ -1279,7 +1281,7 @@ get_transport_options_for_server_proxy(const managed_proxy_t *mp)
string. */
SMARTLIST_FOREACH_BEGIN(mp->transports_to_launch, const char *, transport) {
smartlist_t *options_tmp_sl = NULL;
options_tmp_sl = get_options_for_server_transport(transport);
options_tmp_sl = pt_get_options_for_server_transport(transport);
if (!options_tmp_sl)
continue;

440
src/feature/dirauth/dirauth_config.c Normal file
View File

@ -0,0 +1,440 @@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2019, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* @file dirauth_config.c
* @brief Code to interpret the user's configuration of Tor's directory
* authority module.
**/
#include "orconfig.h"
#include "feature/dirauth/dirauth_config.h"
#include "lib/encoding/confline.h"
#include "lib/confmgt/confmgt.h"
/* Required for dirinfo_type_t in or_options_t */
#include "core/or/or.h"
#include "app/config/config.h"
#include "feature/dircommon/voting_schedule.h"
#include "feature/stats/rephist.h"
#include "feature/dirauth/authmode.h"
#include "feature/dirauth/bwauth.h"
#include "feature/dirauth/dirauth_periodic.h"
#include "feature/dirauth/dirvote.h"
#include "feature/dirauth/guardfraction.h"
/* Copied from config.c, we will refactor later in 29211. */
#define REJECT(arg) \
STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
#if defined(__GNUC__) && __GNUC__ <= 3
#define COMPLAIN(args...) \
STMT_BEGIN log_warn(LD_CONFIG, args); STMT_END
#else
#define COMPLAIN(args, ...) \
STMT_BEGIN log_warn(LD_CONFIG, args, ##__VA_ARGS__); STMT_END
#endif /* defined(__GNUC__) && __GNUC__ <= 3 */
#define YES_IF_CHANGED_INT(opt) \
if (!CFG_EQ_INT(old_options, new_options, opt)) return 1;
/**
* Legacy validation/normalization function for the dirauth mode options in
* options. Uses old_options as the previous options.
*
* Returns 0 on success, returns -1 and sets *msg to a newly allocated string
* on error.
*/
int
options_validate_dirauth_mode(const or_options_t *old_options,
or_options_t *options,
char **msg)
{
if (BUG(!options))
return -1;
if (BUG(!msg))
return -1;
if (!authdir_mode(options))
return 0;
/* confirm that our address isn't broken, so we can complain now */
uint32_t tmp;
if (resolve_my_address(LOG_WARN, options, &tmp, NULL, NULL) < 0)
REJECT("Failed to resolve/guess local address. See logs for details.");
if (!options->ContactInfo && !options->TestingTorNetwork)
REJECT("Authoritative directory servers must set ContactInfo");
if (!options->RecommendedClientVersions)
options->RecommendedClientVersions =
config_lines_dup(options->RecommendedVersions);
if (!options->RecommendedServerVersions)
options->RecommendedServerVersions =
config_lines_dup(options->RecommendedVersions);
if (options->VersioningAuthoritativeDir &&
(!options->RecommendedClientVersions ||
!options->RecommendedServerVersions))
REJECT("Versioning authoritative dir servers must set "
"Recommended*Versions.");
char *t;
/* Call these functions to produce warnings only. */
t = format_recommended_version_list(options->RecommendedClientVersions, 1);
tor_free(t);
t = format_recommended_version_list(options->RecommendedServerVersions, 1);
tor_free(t);
if (options->UseEntryGuards) {
log_info(LD_CONFIG, "Authoritative directory servers can't set "
"UseEntryGuards. Disabling.");
options->UseEntryGuards = 0;
}
if (!options->DownloadExtraInfo && authdir_mode_v3(options)) {
log_info(LD_CONFIG, "Authoritative directories always try to download "
"extra-info documents. Setting DownloadExtraInfo.");
options->DownloadExtraInfo = 1;
}
if (!(options->BridgeAuthoritativeDir ||
options->V3AuthoritativeDir))
REJECT("AuthoritativeDir is set, but none of "
"(Bridge/V3)AuthoritativeDir is set.");
/* If we have a v3bandwidthsfile and it's broken, complain on startup */
if (options->V3BandwidthsFile && !old_options) {
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL, NULL,
NULL);
}
/* same for guardfraction file */
if (options->GuardfractionFile && !old_options) {
dirserv_read_guardfraction_file(options->GuardfractionFile, NULL);
}
if (!options->DirPort_set)
REJECT("Running as authoritative directory, but no DirPort set.");
if (!options->ORPort_set)
REJECT("Running as authoritative directory, but no ORPort set.");
if (options->ClientOnly)
REJECT("Running as authoritative directory, but ClientOnly also set.");
if (options->MinUptimeHidServDirectoryV2 < 0) {
log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at "
"least 0 seconds. Changing to 0.");
options->MinUptimeHidServDirectoryV2 = 0;
}
return 0;
}
/**
* Legacy validation/normalization function for the dirauth bandwidth options
* in options. Uses old_options as the previous options.
*
* Returns 0 on success, returns -1 and sets *msg to a newly allocated string
* on error.
*/
int
options_validate_dirauth_bandwidth(const or_options_t *old_options,
or_options_t *options,
char **msg)
{
(void)old_options;
if (BUG(!options))
return -1;
if (BUG(!msg))
return -1;
if (!authdir_mode(options))
return 0;
if (config_ensure_bandwidth_cap(&options->AuthDirFastGuarantee,
"AuthDirFastGuarantee", msg) < 0)
return -1;
if (config_ensure_bandwidth_cap(&options->AuthDirGuardBWGuarantee,
"AuthDirGuardBWGuarantee", msg) < 0)
return -1;
return 0;
}
/**
* Legacy validation/normalization function for the dirauth schedule options
* in options. Uses old_options as the previous options.
*
* Returns 0 on success, returns -1 and sets *msg to a newly allocated string
* on error.
*/
int
options_validate_dirauth_schedule(const or_options_t *old_options,
or_options_t *options,
char **msg)
{
(void)old_options;
if (BUG(!options))
return -1;
if (BUG(!msg))
return -1;
if (!authdir_mode_v3(options))
return 0;
if (options->V3AuthVoteDelay + options->V3AuthDistDelay >=
options->V3AuthVotingInterval/2) {
REJECT("V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
"V3AuthVotingInterval");
}
if (options->V3AuthVoteDelay < MIN_VOTE_SECONDS) {
if (options->TestingTorNetwork) {
if (options->V3AuthVoteDelay < MIN_VOTE_SECONDS_TESTING) {
REJECT("V3AuthVoteDelay is way too low.");
} else {
COMPLAIN("V3AuthVoteDelay is very low. "
"This may lead to failure to vote for a consensus.");
}
} else {
REJECT("V3AuthVoteDelay is way too low.");
}
}
if (options->V3AuthDistDelay < MIN_DIST_SECONDS) {
if (options->TestingTorNetwork) {
if (options->V3AuthDistDelay < MIN_DIST_SECONDS_TESTING) {
REJECT("V3AuthDistDelay is way too low.");
} else {
COMPLAIN("V3AuthDistDelay is very low. "
"This may lead to missing votes in a consensus.");
}
} else {
REJECT("V3AuthDistDelay is way too low.");
}
}
if (options->V3AuthNIntervalsValid < 2)
REJECT("V3AuthNIntervalsValid must be at least 2.");
if (options->V3AuthVotingInterval < MIN_VOTE_INTERVAL) {
if (options->TestingTorNetwork) {
if (options->V3AuthVotingInterval < MIN_VOTE_INTERVAL_TESTING) {
/* Unreachable, covered by earlier checks */
REJECT("V3AuthVotingInterval is insanely low."); /* LCOV_EXCL_LINE */
} else {
COMPLAIN("V3AuthVotingInterval is very low. "
"This may lead to failure to synchronise for a consensus.");
}
} else {
REJECT("V3AuthVotingInterval is insanely low.");
}
} else if (options->V3AuthVotingInterval > 24*60*60) {
REJECT("V3AuthVotingInterval is insanely high.");
} else if (((24*60*60) % options->V3AuthVotingInterval) != 0) {
COMPLAIN("V3AuthVotingInterval does not divide evenly into 24 hours.");
}
return 0;
}
/**
* Legacy validation/normalization function for the dirauth testing options
* in options. Uses old_options as the previous options.
*
* Returns 0 on success, returns -1 and sets *msg to a newly allocated string
* on error.
*/
int
options_validate_dirauth_testing(const or_options_t *old_options,
or_options_t *options,
char **msg)
{
(void)old_options;
if (BUG(!options))
return -1;
if (BUG(!msg))
return -1;
if (!authdir_mode(options))
return 0;
if (options->TestingAuthDirTimeToLearnReachability < 0) {
REJECT("TestingAuthDirTimeToLearnReachability must be non-negative.");
} else if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) {
COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high.");
}
if (!authdir_mode_v3(options))
return 0;
if (options->TestingV3AuthInitialVotingInterval
< MIN_VOTE_INTERVAL_TESTING_INITIAL) {
REJECT("TestingV3AuthInitialVotingInterval is insanely low.");
} else if (((30*60) % options->TestingV3AuthInitialVotingInterval) != 0) {
REJECT("TestingV3AuthInitialVotingInterval does not divide evenly into "
"30 minutes.");
}
if (options->TestingV3AuthInitialVoteDelay < MIN_VOTE_SECONDS_TESTING) {
REJECT("TestingV3AuthInitialVoteDelay is way too low.");
}
if (options->TestingV3AuthInitialDistDelay < MIN_DIST_SECONDS_TESTING) {
REJECT("TestingV3AuthInitialDistDelay is way too low.");
}
if (options->TestingV3AuthInitialVoteDelay +
options->TestingV3AuthInitialDistDelay >=
options->TestingV3AuthInitialVotingInterval) {
REJECT("TestingV3AuthInitialVoteDelay plus TestingV3AuthInitialDistDelay "
"must be less than TestingV3AuthInitialVotingInterval");
}
if (options->TestingV3AuthVotingStartOffset >
MIN(options->TestingV3AuthInitialVotingInterval,
options->V3AuthVotingInterval)) {
REJECT("TestingV3AuthVotingStartOffset is higher than the voting "
"interval.");
} else if (options->TestingV3AuthVotingStartOffset < 0) {
REJECT("TestingV3AuthVotingStartOffset must be non-negative.");
}
return 0;
}
/**
* Return true if changing the configuration from <b>old</b> to <b>new</b>
* affects the timing of the voting subsystem
*/
static int
options_transition_affects_dirauth_timing(const or_options_t *old_options,
const or_options_t *new_options)
{
tor_assert(old_options);
tor_assert(new_options);
if (authdir_mode_v3(old_options) != authdir_mode_v3(new_options))
return 1;
if (! authdir_mode_v3(new_options))
return 0;
YES_IF_CHANGED_INT(V3AuthVotingInterval);
YES_IF_CHANGED_INT(V3AuthVoteDelay);
YES_IF_CHANGED_INT(V3AuthDistDelay);
YES_IF_CHANGED_INT(TestingV3AuthInitialVotingInterval);
YES_IF_CHANGED_INT(TestingV3AuthInitialVoteDelay);
YES_IF_CHANGED_INT(TestingV3AuthInitialDistDelay);
YES_IF_CHANGED_INT(TestingV3AuthVotingStartOffset);
return 0;
}
/** Fetch the active option list, and take dirauth actions based on it. All of
* the things we do should survive being done repeatedly. If present,
* <b>old_options</b> contains the previous value of the options.
*
* Return 0 if all goes well, return -1 if it's time to die.
*
* Note: We haven't moved all the "act on new configuration" logic
* into the options_act* functions yet. Some is still in do_hup() and other
* places.
*/
int
options_act_dirauth(const or_options_t *old_options)
{
const or_options_t *options = get_options();
/* We may need to reschedule some dirauth stuff if our status changed. */
if (old_options) {
if (options_transition_affects_dirauth_timing(old_options, options)) {
voting_schedule_recalculate_timing(options, time(NULL));
reschedule_dirvote(options);
}
}
return 0;
}
/** Fetch the active option list, and take dirauth mtbf actions based on it.
* All of the things we do should survive being done repeatedly. If present,
* <b>old_options</b> contains the previous value of the options.
*
* Must be called immediately after a successful or_state_load().
*
* Return 0 if all goes well, return -1 if it's time to die.
*
* Note: We haven't moved all the "act on new configuration" logic
* into the options_act* functions yet. Some is still in do_hup() and other
* places.
*/
int
options_act_dirauth_mtbf(const or_options_t *old_options)
{
(void)old_options;
const or_options_t *options = get_options();
int running_tor = options->command == CMD_RUN_TOR;
if (!authdir_mode(options))
return 0;
/* Load dirauth state */
if (running_tor) {
rep_hist_load_mtbf_data(time(NULL));
}
return 0;
}
/** Fetch the active option list, and take dirauth statistics actions based
* on it. All of the things we do should survive being done repeatedly. If
* present, <b>old_options</b> contains the previous value of the options.
*
* Sets <b>*print_notice_out</b> if we enabled stats, and need to print
* a stats log using options_act_relay_stats_msg().
*
* Return 0 if all goes well, return -1 if it's time to die.
*
* Note: We haven't moved all the "act on new configuration" logic
* into the options_act* functions yet. Some is still in do_hup() and other
* places.
*/
int
options_act_dirauth_stats(const or_options_t *old_options,
bool *print_notice_out)
{
if (BUG(!print_notice_out))
return -1;
const or_options_t *options = get_options();
if (authdir_mode_bridge(options)) {
time_t now = time(NULL);
int print_notice = 0;
if (!old_options || !authdir_mode_bridge(old_options)) {
rep_hist_desc_stats_init(now);
print_notice = 1;
}
if (print_notice)
*print_notice_out = 1;
}
/* If we used to have statistics enabled but we just disabled them,
stop gathering them. */
if (old_options && authdir_mode_bridge(old_options) &&
!authdir_mode_bridge(options))
rep_hist_desc_stats_term();
return 0;
}

87
src/feature/dirauth/dirauth_config.h Normal file
View File

@ -0,0 +1,87 @@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2019, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* @file dirauth_config.h
* @brief Header for feature/dirauth/dirauth_config.c
**/
#ifndef TOR_FEATURE_DIRAUTH_DIRAUTH_CONFIG_H
#define TOR_FEATURE_DIRAUTH_DIRAUTH_CONFIG_H
typedef struct or_options_t or_options_t;
#ifdef HAVE_MODULE_DIRAUTH
#include "lib/cc/torint.h"
int options_validate_dirauth_mode(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_validate_dirauth_bandwidth(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_validate_dirauth_schedule(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_validate_dirauth_testing(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_act_dirauth(const or_options_t *old_options);
int options_act_dirauth_mtbf(const or_options_t *old_options);
int options_act_dirauth_stats(const or_options_t *old_options,
bool *print_notice_out);
#else /* !defined(HAVE_MODULE_DIRAUTH) */
/** When tor is compiled with the dirauth module disabled, it can't be
* configured as a directory authority.
*
* Returns -1 and sets msg to a newly allocated string, if AuthoritativeDir
* is set in options. Otherwise returns 0. */
static inline int
options_validate_dirauth_mode(const or_options_t *old_options,
or_options_t *options,
char **msg)
{
(void)old_options;
/* Only check the primary option for now, #29211 will disable more
* options. */
if (options->AuthoritativeDir) {
/* REJECT() this configuration */
*msg = tor_strdup("This tor was built with dirauth mode disabled. "
"It can not be configured with AuthoritativeDir 1.");
return -1;
}
return 0;
}
#define options_validate_dirauth_bandwidth(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_validate_dirauth_schedule(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_validate_dirauth_testing(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_validate_dirauth_testing(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_act_dirauth(old_options) \
(((void)(old_options)),0)
#define options_act_dirauth_mtbf(old_options) \
(((void)(old_options)),0)
#define options_act_dirauth_stats(old_options, print_notice_out) \
(((void)(old_options)),((void)(print_notice_out)),0)
#endif /* defined(HAVE_MODULE_DIRAUTH) */
#endif /* !defined(TOR_FEATURE_DIRAUTH_DIRAUTH_CONFIG_H) */

3
src/feature/dircache/dircache.c
View File

@ -28,6 +28,7 @@
#include "feature/nodelist/authcert.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/routerlist.h"
#include "feature/relay/relay_config.h"
#include "feature/relay/routermode.h"
#include "feature/rend/rendcache.h"
#include "feature/stats/geoip_stats.h"
@ -478,7 +479,7 @@ static int
handle_get_frontpage(dir_connection_t *conn, const get_handler_args_t *args)
{
(void) args; /* unused */
const char *frontpage = get_dirportfrontpage();
const char *frontpage = relay_get_dirportfrontpage();
if (frontpage) {
size_t dlen;

1440
src/feature/relay/relay_config.c Normal file
View File

File diff suppressed because it is too large Load Diff

188
src/feature/relay/relay_config.h Normal file
View File

@ -0,0 +1,188 @@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2019, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* @file relay_config.h
* @brief Header for feature/relay/relay_config.c
**/
#ifndef TOR_FEATURE_RELAY_RELAY_CONFIG_H
#define TOR_FEATURE_RELAY_RELAY_CONFIG_H
typedef struct or_options_t or_options_t;
#ifdef HAVE_MODULE_RELAY
#include "lib/cc/torint.h"
#include "lib/testsupport/testsupport.h"
typedef struct smartlist_t smartlist_t;
int options_validate_relay_mode(const or_options_t *old_options,
or_options_t *options,
char **msg);
MOCK_DECL(const char*, relay_get_dirportfrontpage, (void));
void relay_config_free_all(void);
uint32_t relay_get_effective_bwrate(const or_options_t *options);
uint32_t relay_get_effective_bwburst(const or_options_t *options);
void port_warn_nonlocal_ext_orports(const smartlist_t *ports,
const char *portname);
int port_parse_ports_relay(or_options_t *options,
char **msg,
smartlist_t *ports_out,
int *have_low_ports_out);
void port_update_port_set_relay(or_options_t *options,
const smartlist_t *ports);
int options_validate_relay_os(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_validate_relay_info(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_validate_publish_server(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_validate_relay_padding(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_validate_relay_bandwidth(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_validate_relay_accounting(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_validate_relay_testing(const or_options_t *old_options,
or_options_t *options,
char **msg);
int options_act_relay(const or_options_t *old_options);
int options_act_relay_accounting(const or_options_t *old_options);
int options_act_relay_bandwidth(const or_options_t *old_options);
int options_act_bridge_stats(const or_options_t *old_options);
int options_act_relay_stats(const or_options_t *old_options,
bool *print_notice_out);
void options_act_relay_stats_msg(void);
int options_act_relay_desc(const or_options_t *old_options);
int options_act_relay_dos(const or_options_t *old_options);
int options_act_relay_dir(const or_options_t *old_options);
#ifdef RELAY_CONFIG_PRIVATE
STATIC int check_bridge_distribution_setting(const char *bd);
STATIC int have_enough_mem_for_dircache(const or_options_t *options,
size_t total_mem, char **msg);
#endif /* defined(RELAY_CONFIG_PRIVATE) */
#else /* !defined(HAVE_MODULE_RELAY) */
#include "lib/cc/compat_compiler.h"
/** When tor is compiled with the relay module disabled, it can't be
* configured as a relay or bridge.
*
* Always sets ClientOnly to 1.
*
* Returns -1 and sets msg to a newly allocated string, if ORPort, DirPort,
* DirCache, or BridgeRelay are set in options. Otherwise returns 0. */
static inline int
options_validate_relay_mode(const or_options_t *old_options,
or_options_t *options,
char **msg)
{
(void)old_options;
/* Only check the primary options for now, #29211 will disable more
* options. These ORPort and DirPort checks are too strict, and will
* reject valid configs that disable ports, like "ORPort 0". */
if (options->DirCache ||
options->BridgeRelay ||
options->ORPort_lines ||
options->DirPort_lines) {
/* REJECT() this configuration */
*msg = tor_strdup("This tor was built with relay mode disabled. "
"It can not be configured with an ORPort, a DirPort, "
"DirCache 1, or BridgeRelay 1.");
return -1;
}
/* 31851 / 29211: Set this option the correct way */
options->ClientOnly = 1;
return 0;
}
#define relay_get_dirportfrontpage() \
(NULL)
#define relay_config_free_all() \
STMT_BEGIN STMT_END
#define relay_get_effective_bwrate(options) \
(((void)(options)),0)
#define relay_get_effective_bwburst(options) \
(((void)(options)),0)
#define port_warn_nonlocal_ext_orports(ports, portname) \
(((void)(ports)),((void)(portname)))
#define port_parse_ports_relay(options, msg, ports_out, have_low_ports_out) \
(((void)(options)),((void)(msg)),((void)(ports_out)), \
((void)(have_low_ports_out)),0)
#define port_update_port_set_relay(options, ports) \
(((void)(options)),((void)(ports)))
#define options_validate_relay_os(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_validate_relay_info(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_validate_publish_server(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_validate_relay_padding(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_validate_relay_bandwidth(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_validate_relay_accounting(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_validate_relay_testing(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_act_relay(old_options) \
(((void)(old_options)),0)
#define options_act_relay_accounting(old_options) \
(((void)(old_options)),0)
#define options_act_relay_bandwidth(old_options) \
(((void)(old_options)),0)
#define options_act_bridge_stats(old_options) \
(((void)(old_options)),0)
#define options_act_relay_stats(old_options, print_notice_out) \
(((void)(old_options)),((void)(print_notice_out)),0)
#define options_act_relay_stats_msg() \
STMT_BEGIN STMT_END
#define options_act_relay_desc(old_options) \
(((void)(old_options)),0)
#define options_act_relay_dos(old_options) \
(((void)(old_options)),0)
#define options_act_relay_dir(old_options) \
(((void)(old_options)),0)
#endif /* defined(HAVE_MODULE_RELAY) */
#endif /* !defined(TOR_FEATURE_RELAY_RELAY_CONFIG_H) */

7
src/feature/relay/router.c
View File

@ -35,6 +35,7 @@
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/torcert.h"
#include "feature/relay/dns.h"
#include "feature/relay/relay_config.h"
#include "feature/relay/router.h"
#include "feature/relay/routerkeys.h"
#include "feature/relay/routermode.h"
@ -1222,7 +1223,7 @@ router_should_be_dirserver(const or_options_t *options, int dir_port)
* much larger effect on output than input so there is no reason to turn it
* off if using AccountingRule in. */
int interval_length = accounting_get_interval_length();
uint32_t effective_bw = get_effective_bwrate(options);
uint32_t effective_bw = relay_get_effective_bwrate(options);
uint64_t acc_bytes;
if (!interval_length) {
log_warn(LD_BUG, "An accounting interval is not allowed to be zero "
@ -2041,10 +2042,10 @@ router_build_fresh_unsigned_routerinfo,(routerinfo_t **ri_out))
ri->protocol_list = tor_strdup(protover_get_supported_protocols());
/* compute ri->bandwidthrate as the min of various options */
ri->bandwidthrate = get_effective_bwrate(options);
ri->bandwidthrate = relay_get_effective_bwrate(options);
/* and compute ri->bandwidthburst similarly */
ri->bandwidthburst = get_effective_bwburst(options);
ri->bandwidthburst = relay_get_effective_bwburst(options);
/* Report bandwidth, unless we're hibernating or shutting down */
ri->bandwidthcapacity = hibernating ? 0 : rep_hist_bandwidth_assess();

307
src/feature/relay/transport_config.c Normal file
View File

@ -0,0 +1,307 @@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2019, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* @file transport_config.c
* @brief Code to interpret the user's configuration of Tor's server
* pluggable transports.
**/
#include "orconfig.h"
#define RELAY_TRANSPORT_CONFIG_PRIVATE
#include "feature/relay/transport_config.h"
#include "lib/encoding/confline.h"
#include "lib/encoding/keyval.h"
#include "lib/container/smartlist.h"
/* Required for dirinfo_type_t in or_options_t */
#include "core/or/or.h"
#include "app/config/config.h"
#include "feature/relay/ext_orport.h"
#include "feature/relay/routermode.h"
/* Copied from config.c, we will refactor later in 29211. */
#define REJECT(arg) \
STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
/** Given a ServerTransportListenAddr <b>line</b>, return its
* <address:port> string. Return NULL if the line was not
* well-formed.
*
* If <b>transport</b> is set, return NULL if the line is not
* referring to <b>transport</b>.
*
* The returned string is allocated on the heap and it's the
* responsibility of the caller to free it. */
static char *
get_bindaddr_from_transport_listen_line(const char *line,
const char *transport)
{
smartlist_t *items = NULL;
const char *parsed_transport = NULL;
char *addrport = NULL;
tor_addr_t addr;
uint16_t port = 0;
items = smartlist_new();
smartlist_split_string(items, line, NULL,
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
if (smartlist_len(items) < 2) {
log_warn(LD_CONFIG,"Too few arguments on ServerTransportListenAddr line.");
goto err;
}
parsed_transport = smartlist_get(items, 0);
addrport = tor_strdup(smartlist_get(items, 1));
/* If 'transport' is given, check if it matches the one on the line */
if (transport && strcmp(transport, parsed_transport))
goto err;
/* Validate addrport */
if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port, -1)<0) {
log_warn(LD_CONFIG, "Error parsing ServerTransportListenAddr "
"address '%s'", addrport);
goto err;
}
goto done;
err:
tor_free(addrport);
addrport = NULL;
done:
SMARTLIST_FOREACH(items, char*, s, tor_free(s));
smartlist_free(items);
return addrport;
}
/** Given the name of a pluggable transport in <b>transport</b>, check
* the configuration file to see if the user has explicitly asked for
* it to listen on a specific port. Return a <address:port> string if
* so, otherwise NULL. */
char *
pt_get_bindaddr_from_config(const char *transport)
{
config_line_t *cl;
const or_options_t *options = get_options();
for (cl = options->ServerTransportListenAddr; cl; cl = cl->next) {
char *bindaddr =
get_bindaddr_from_transport_listen_line(cl->value, transport);
if (bindaddr)
return bindaddr;
}
return NULL;
}
/** Given a ServerTransportOptions <b>line</b>, return a smartlist
* with the options. Return NULL if the line was not well-formed.
*
* If <b>transport</b> is set, return NULL if the line is not
* referring to <b>transport</b>.
*
* The returned smartlist and its strings are allocated on the heap
* and it's the responsibility of the caller to free it. */
STATIC smartlist_t *
get_options_from_transport_options_line(const char *line,
const char *transport)
{
smartlist_t *items = smartlist_new();
smartlist_t *pt_options = smartlist_new();
const char *parsed_transport = NULL;
smartlist_split_string(items, line, NULL,
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
if (smartlist_len(items) < 2) {
log_warn(LD_CONFIG,"Too few arguments on ServerTransportOptions line.");
goto err;
}
parsed_transport = smartlist_get(items, 0);
/* If 'transport' is given, check if it matches the one on the line */
if (transport && strcmp(transport, parsed_transport))
goto err;
SMARTLIST_FOREACH_BEGIN(items, const char *, option) {
if (option_sl_idx == 0) /* skip the transport field (first field)*/
continue;
/* validate that it's a k=v value */
if (!string_is_key_value(LOG_WARN, option)) {
log_warn(LD_CONFIG, "%s is not a k=v value.", escaped(option));
goto err;
}
/* add it to the options smartlist */
smartlist_add_strdup(pt_options, option);
log_debug(LD_CONFIG, "Added %s to the list of options", escaped(option));
} SMARTLIST_FOREACH_END(option);
goto done;
err:
SMARTLIST_FOREACH(pt_options, char*, s, tor_free(s));
smartlist_free(pt_options);
pt_options = NULL;
done:
SMARTLIST_FOREACH(items, char*, s, tor_free(s));
smartlist_free(items);
return pt_options;
}
/** Given the name of a pluggable transport in <b>transport</b>, check
* the configuration file to see if the user has asked us to pass any
* parameters to the pluggable transport. Return a smartlist
* containing the parameters, otherwise NULL. */
smartlist_t *
pt_get_options_for_server_transport(const char *transport)
{
config_line_t *cl;
const or_options_t *options = get_options();
for (cl = options->ServerTransportOptions; cl; cl = cl->next) {
smartlist_t *options_sl =
get_options_from_transport_options_line(cl->value, transport);
if (options_sl)
return options_sl;
}
return NULL;
}
/**
* Legacy validation/normalization function for the server transport options.
* Uses old_options as the previous options.
*
* Returns 0 on success, returns -1 and sets *msg to a newly allocated string
* on error.
*/
int
options_validate_server_transport(const or_options_t *old_options,
or_options_t *options,
char **msg)
{
(void)old_options;
if (BUG(!options))
return -1;
if (BUG(!msg))
return -1;
config_line_t *cl;
if (options->ServerTransportPlugin && !server_mode(options)) {
log_notice(LD_GENERAL, "Tor is not configured as a relay but you specified"
" a ServerTransportPlugin line (%s). The ServerTransportPlugin "
"line will be ignored.",
escaped(options->ServerTransportPlugin->value));
}
if (options->ServerTransportListenAddr && !options->ServerTransportPlugin) {
log_notice(LD_GENERAL, "You need at least a single managed-proxy to "
"specify a transport listen address. The "
"ServerTransportListenAddr line will be ignored.");
}
for (cl = options->ServerTransportPlugin; cl; cl = cl->next) {
if (pt_parse_transport_line(options, cl->value, 1, 1) < 0)
REJECT("Invalid server transport line. See logs for details.");
}
for (cl = options->ServerTransportListenAddr; cl; cl = cl->next) {
/** If get_bindaddr_from_transport_listen_line() fails with
'transport' being NULL, it means that something went wrong
while parsing the ServerTransportListenAddr line. */
char *bindaddr = get_bindaddr_from_transport_listen_line(cl->value, NULL);
if (!bindaddr)
REJECT("ServerTransportListenAddr did not parse. See logs for details.");
tor_free(bindaddr);
}
for (cl = options->ServerTransportOptions; cl; cl = cl->next) {
/** If get_options_from_transport_options_line() fails with
'transport' being NULL, it means that something went wrong
while parsing the ServerTransportOptions line. */
smartlist_t *options_sl =
get_options_from_transport_options_line(cl->value, NULL);
if (!options_sl)
REJECT("ServerTransportOptions did not parse. See logs for details.");
SMARTLIST_FOREACH(options_sl, char *, cp, tor_free(cp));
smartlist_free(options_sl);
}
return 0;
}
/** Fetch the active option list, and take server pluggable transport actions
* based on it. All of the things we do should survive being done repeatedly.
* If present, <b>old_options</b> contains the previous value of the options.
*
* Return 0 if all goes well, return -1 if it's time to die.
*
* Note: We haven't moved all the "act on new configuration" logic
* into the options_act* functions yet. Some is still in do_hup() and other
* places.
*/
int
options_act_server_transport(const or_options_t *old_options)
{
(void)old_options;
config_line_t *cl;
const or_options_t *options = get_options();
int running_tor = options->command == CMD_RUN_TOR;
/* If we are a bridge with a pluggable transport proxy but no
Extended ORPort, inform the user that they are missing out. */
if (options->ServerTransportPlugin &&
!options->ExtORPort_lines) {
log_notice(LD_CONFIG, "We use pluggable transports but the Extended "
"ORPort is disabled. Tor and your pluggable transports proxy "
"communicate with each other via the Extended ORPort so it "
"is suggested you enable it: it will also allow your Bridge "
"to collect statistics about its clients that use pluggable "
"transports. Please enable it using the ExtORPort torrc option "
"(e.g. set 'ExtORPort auto').");
}
/* If we have an ExtORPort, initialize its auth cookie. */
if (running_tor &&
init_ext_or_cookie_authentication(!!options->ExtORPort_lines) < 0) {
log_warn(LD_CONFIG,"Error creating Extended ORPort cookie file.");
return -1;
}
if (!options->DisableNetwork) {
if (options->ServerTransportPlugin) {
for (cl = options->ServerTransportPlugin; cl; cl = cl->next) {
if (pt_parse_transport_line(options, cl->value, 0, 1) < 0) {
// LCOV_EXCL_START
log_warn(LD_BUG,
"Previously validated ServerTransportPlugin line "
"could not be added!");
return -1;
// LCOV_EXCL_STOP
}
}
}
}
return 0;
}

85
src/feature/relay/transport_config.h Normal file
View File

@ -0,0 +1,85 @@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2019, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* @file transport_config.h
* @brief Header for feature/relay/transport_config.c
**/
#ifndef TOR_FEATURE_RELAY_TRANSPORT_CONFIG_H
#define TOR_FEATURE_RELAY_TRANSPORT_CONFIG_H
#ifdef HAVE_MODULE_RELAY
#include "lib/testsupport/testsupport.h"
typedef struct or_options_t or_options_t;
typedef struct smartlist_t smartlist_t;
int options_validate_server_transport(const or_options_t *old_options,
or_options_t *options,
char **msg);
char *pt_get_bindaddr_from_config(const char *transport);
smartlist_t *pt_get_options_for_server_transport(const char *transport);
int options_act_server_transport(const or_options_t *old_options);
#ifdef RELAY_TRANSPORT_CONFIG_PRIVATE
STATIC smartlist_t *get_options_from_transport_options_line(
const char *line,
const char *transport);
#endif /* defined(RELAY_TRANSPORT_CONFIG_PRIVATE) */
#else /* !defined(HAVE_MODULE_RELAY) */
/** When tor is compiled with the relay module disabled, it can't be
* configured with server pluggable transports.
*
* Returns -1 and sets msg to a newly allocated string, if ExtORPort,
* ServerTransportPlugin, ServerTransportListenAddr, or
* ServerTransportOptions are set in options. Otherwise returns 0. */
static inline int
options_validate_server_transport(const or_options_t *old_options,
or_options_t *options,
char **msg)
{
(void)old_options;
/* These ExtORPort checks are too strict, and will reject valid configs
* that disable ports, like "ExtORPort 0". */
if (options->ServerTransportPlugin ||
options->ServerTransportListenAddr ||
options->ServerTransportOptions ||
options->ExtORPort_lines) {
/* REJECT() this configuration */
*msg = tor_strdup("This tor was built with relay mode disabled. "
"It can not be configured with an ExtORPort, "
"a ServerTransportPlugin, a ServerTransportListenAddr, "
"or ServerTransportOptions.");
return -1;
}
return 0;
}
#define pt_get_bindaddr_from_config(transport) \
(((void)(transport)),NULL)
/* 31851: called from client/transports.c, but only from server code */
#define pt_get_options_for_server_transport(transport) \
(((void)(transport)),NULL)
#define options_validate_server_transport(old_options, options, msg) \
(((void)(old_options)),((void)(options)),((void)(msg)),0)
#define options_act_server_transport(old_options) \
(((void)(old_options)),0)
#endif /* defined(HAVE_MODULE_RELAY) */
#endif /* !defined(TOR_FEATURE_RELAY_TRANSPORT_CONFIG_H) */

9
src/lib/confmgt/confmgt.c
View File

@ -1307,9 +1307,10 @@ config_dump(const config_mgr_t *mgr, const void *default_options,
*/
continue;
}
smartlist_add_asprintf(elements, "%s%s %s\n",
int value_exists = line->value && *(line->value);
smartlist_add_asprintf(elements, "%s%s%s%s\n",
comment_option ? "# " : "",
line->key, line->value);
line->key, value_exists ? " " : "", line->value);
}
config_free_lines(assigned);
} SMARTLIST_FOREACH_END(mv);
@ -1317,7 +1318,9 @@ config_dump(const config_mgr_t *mgr, const void *default_options,
if (fmt->extra) {
line = *(config_line_t**)STRUCT_VAR_P(options, fmt->extra->offset);
for (; line; line = line->next) {
smartlist_add_asprintf(elements, "%s %s\n", line->key, line->value);
int value_exists = line->value && *(line->value);
smartlist_add_asprintf(elements, "%s%s%s\n",
line->key, value_exists ? " " : "", line->value);
}
}

1
src/test/conf_examples/badnick_1/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/badnick_2/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/bridgeauth_1/error_no_dirauth Normal file
View File

@ -0,0 +1 @@
This tor was built with dirauth mode disabled.

1
src/test/conf_examples/bridgeauth_1/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with dirauth mode disabled.

7
src/test/conf_examples/bridgeauth_1/expected_no_dirauth
View File

@ -1,7 +0,0 @@
Address 198.51.100.123
AuthoritativeDirectory 1
BridgeAuthoritativeDir 1
ContactInfo tor_parse_test@example.com
DirPort 80
Nickname Unnamed
ORPort 443

6
src/test/conf_examples/bridgeauth_1/expected_no_dirauth_relay
View File

@ -1,6 +0,0 @@
Address 198.51.100.123
AuthoritativeDirectory 1
BridgeAuthoritativeDir 1
ContactInfo tor_parse_test@example.com
DirPort 80
ORPort 443

1
src/test/conf_examples/contactinfo_notutf8/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/dirauth_1/error_no_dirauth Normal file
View File

@ -0,0 +1 @@
This tor was built with dirauth mode disabled.

1
src/test/conf_examples/dirauth_1/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with dirauth mode disabled.

7
src/test/conf_examples/dirauth_1/expected_no_dirauth
View File

@ -1,7 +0,0 @@
Address 192.0.2.1
AuthoritativeDirectory 1
ContactInfo tor_parse_test@example.net
DirPort 9030
Nickname Unnamed
ORPort 9001
V3AuthoritativeDirectory 1

6
src/test/conf_examples/dirauth_1/expected_no_dirauth_relay
View File

@ -1,6 +0,0 @@
Address 192.0.2.1
AuthoritativeDirectory 1
ContactInfo tor_parse_test@example.net
DirPort 9030
ORPort 9001
V3AuthoritativeDirectory 1

1
src/test/conf_examples/example_1/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/example_3/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/include_1/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/include_bug_31408/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/large_1/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/ops_1/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/ops_1/expected_no_dirauth_relay
View File

@ -1 +0,0 @@
ORPort 1000

1
src/test/conf_examples/ops_3/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

2
src/test/conf_examples/ops_3/expected_no_dirauth_relay
View File

@ -1,2 +0,0 @@
ORPort 9999
ORPort 1000

1
src/test/conf_examples/ops_4/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/ops_4/expected_no_dirauth_relay
View File

@ -1 +0,0 @@
ORPort 9099

1
src/test/conf_examples/ops_5/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

2
src/test/conf_examples/ops_5/expected_no_dirauth_relay
View File

@ -1,2 +0,0 @@
ORPort 9000
ORPort 9099

1
src/test/conf_examples/pt_01/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

0
src/test/conf_examples/pt_01/expected Normal file
View File

7
src/test/conf_examples/pt_01/torrc Normal file
View File

@ -0,0 +1,7 @@
# Relay PT tests
# Options from relay/transport_config.c
# Empty linelist values are ignored with a warning
ExtORPort
ServerTransportPlugin
ServerTransportListenAddr
ServerTransportOptions

1
src/test/conf_examples/pt_02/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

0
src/test/conf_examples/pt_02/expected Normal file
View File

11
src/test/conf_examples/pt_02/torrc Normal file
View File

@ -0,0 +1,11 @@
# Relay PT tests
# Options from relay/transport_config.c
# Bad options are also ignored
ExtORPort illegal_hostname_chars$()^*%(%#%)#(%*
ServerTransportPlugin bad
ServerTransportPlugin bad2 exec
ServerTransportPlugin bad3 exec /
ServerTransportListenAddr bad
ServerTransportListenAddr bad2 illegal_hostname_chars$()^*%(%#%)#(%*
ServerTransportOptions bad
ServerTransportOptions bad2 not_kv

1
src/test/conf_examples/pt_03/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

1
src/test/conf_examples/pt_03/expected Normal file
View File

@ -0,0 +1 @@
ServerTransportPlugin bad3 exec /

4
src/test/conf_examples/pt_03/torrc Normal file
View File

@ -0,0 +1,4 @@
# Relay PT tests
# Options from relay/transport_config.c
# Plugin, but no ExtORPort
ServerTransportPlugin bad3 exec /

1
src/test/conf_examples/pt_04/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

3
src/test/conf_examples/pt_04/expected Normal file
View File

@ -0,0 +1,3 @@
ExtORPortCookieAuthFile /
ExtORPort 1
ServerTransportPlugin bad3 exec /

6
src/test/conf_examples/pt_04/torrc Normal file
View File

@ -0,0 +1,6 @@
# Relay PT tests
# Options from relay/transport_config.c
# Try a bad cookie auth file
ExtORPort 1
ExtORPortCookieAuthFile /
ServerTransportPlugin bad3 exec /

1
src/test/conf_examples/pt_05/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

4
src/test/conf_examples/pt_05/expected Normal file
View File

@ -0,0 +1,4 @@
ExtORPort 1
Nickname Unnamed
ORPort 2
ServerTransportPlugin bad3 exec /

6
src/test/conf_examples/pt_05/torrc Normal file
View File

@ -0,0 +1,6 @@
# Relay PT tests
# Options from relay/transport_config.c
# Try a valid minimal config
ORPort 2
ExtORPort 1
ServerTransportPlugin bad3 exec /

1
src/test/conf_examples/pt_06/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

6
src/test/conf_examples/pt_06/expected Normal file
View File

@ -0,0 +1,6 @@
ExtORPortCookieAuthFile /
ExtORPortCookieAuthFileGroupReadable 1
ExtORPort 1
ServerTransportListenAddr bad3 127.0.0.1:2
ServerTransportOptions bad3 a=b
ServerTransportPlugin bad3 exec /

9
src/test/conf_examples/pt_06/torrc Normal file
View File

@ -0,0 +1,9 @@
# Relay PT tests
# Options from relay/transport_config.c
# Try a config with all the options
ExtORPort 1
ExtORPortCookieAuthFile /
ExtORPortCookieAuthFileGroupReadable 1
ServerTransportPlugin bad3 exec /
ServerTransportListenAddr bad3 127.0.0.1:2
ServerTransportOptions bad3 a=b

1
src/test/conf_examples/pt_07/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

4
src/test/conf_examples/pt_07/expected Normal file
View File

@ -0,0 +1,4 @@
ExtORPort 2.2.2.2:1
Nickname Unnamed
ORPort 2
ServerTransportPlugin bad3 exec /

6
src/test/conf_examples/pt_07/torrc Normal file
View File

@ -0,0 +1,6 @@
# Relay PT tests
# Options from relay/transport_config.c
# Try a valid config with a risky ExtORPort address
ORPort 2
ExtORPort 2.2.2.2:1
ServerTransportPlugin bad3 exec /

1
src/test/conf_examples/pt_08/error Normal file
View File

@ -0,0 +1 @@
ExtORPort does not support unix sockets

1
src/test/conf_examples/pt_08/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

5
src/test/conf_examples/pt_08/torrc Normal file
View File

@ -0,0 +1,5 @@
# Relay PT tests
# Options from relay/transport_config.c
# Try an invalid config with a unix socket for ExtORPort
ExtORPort unix:/
ServerTransportPlugin bad3 exec /

1
src/test/conf_examples/pt_09/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

0
src/test/conf_examples/pt_09/expected Normal file
View File

7
src/test/conf_examples/pt_09/torrc Normal file
View File

@ -0,0 +1,7 @@
# Relay PT tests
# Options from relay/transport_config.c
# Try a valid minimal config, with a bad ServerTransportListenAddr
ORPort 2
ExtORPort 1
ServerTransportPlugin bad3 exec /
ServerTransportListenAddr bad3 [aaaa::bbbb:ccccc]

1
src/test/conf_examples/relay_01/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

0
src/test/conf_examples/relay_01/expected Normal file
View File

5
src/test/conf_examples/relay_01/torrc Normal file
View File

@ -0,0 +1,5 @@
# Relay tests
# Options from relay/relay_config.c
# Empty linelist values are ignored with a warning
ORPort
DirPort

1
src/test/conf_examples/relay_02/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
Unrecognized value bad

0
src/test/conf_examples/relay_02/expected Normal file
View File

7
src/test/conf_examples/relay_02/torrc Normal file
View File

@ -0,0 +1,7 @@
# Relay tests
# Options from relay/relay_config.c
# Bad options are also ignored
ORPort illegal_hostname_chars$()^*%(%#%)#(%*
DirPort illegal_hostname_chars$()^*%(%#%)#(%*
DirCache bad
BridgeRelay bad

1
src/test/conf_examples/relay_03/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

2
src/test/conf_examples/relay_03/expected Normal file
View File

@ -0,0 +1,2 @@
DirPort 1
ORPort 0

5
src/test/conf_examples/relay_03/torrc Normal file
View File

@ -0,0 +1,5 @@
# Relay tests
# Options from relay/relay_config.c
# DirPort, but no ORPort
ORPort 0
DirPort 1

1
src/test/conf_examples/relay_04/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

2
src/test/conf_examples/relay_04/expected Normal file
View File

@ -0,0 +1,2 @@
Nickname Unnamed
ORPort 1

4
src/test/conf_examples/relay_04/torrc Normal file
View File

@ -0,0 +1,4 @@
# Relay tests
# Options from relay/relay_config.c
# Try a valid minimal config
ORPort 1

1
src/test/conf_examples/relay_05/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

3
src/test/conf_examples/relay_05/expected Normal file
View File

@ -0,0 +1,3 @@
DirPort 2
Nickname Unnamed
ORPort 1

5
src/test/conf_examples/relay_05/torrc Normal file
View File

@ -0,0 +1,5 @@
# Relay tests
# Options from relay/relay_config.c
# Try a valid minimal directory mirror config
ORPort 1
DirPort 2

1
src/test/conf_examples/relay_06/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

3
src/test/conf_examples/relay_06/expected Normal file
View File

@ -0,0 +1,3 @@
BridgeRelay 1
Nickname Unnamed
ORPort 1

5
src/test/conf_examples/relay_06/torrc Normal file
View File

@ -0,0 +1,5 @@
# Relay tests
# Options from relay/relay_config.c
# Try a valid minimal bridge config
ORPort 1
BridgeRelay 1

1
src/test/conf_examples/relay_07/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

3
src/test/conf_examples/relay_07/expected Normal file
View File

@ -0,0 +1,3 @@
DirCache 0
Nickname Unnamed
ORPort 1

5
src/test/conf_examples/relay_07/torrc Normal file
View File

@ -0,0 +1,5 @@
# Relay tests
# Options from relay/relay_config.c
# Try a valid minimal non-directory cache config
ORPort 1
DirCache 0

1
src/test/conf_examples/relay_08/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

3
src/test/conf_examples/relay_08/expected Normal file
View File

@ -0,0 +1,3 @@
BridgeRelay 1
Nickname Unnamed
ORPort 1

6
src/test/conf_examples/relay_08/torrc Normal file
View File

@ -0,0 +1,6 @@
# Relay tests
# Options from relay/relay_config.c
# Try a valid config with all the bridge options
ORPort 1
BridgeRelay 1
DirCache 1

1
src/test/conf_examples/relay_09/error_no_dirauth_relay Normal file
View File

@ -0,0 +1 @@
This tor was built with relay mode disabled.

Some files were not shown because too many files have changed in this diff Show More