nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

inform unapproved servers when we reject their descriptors

Browse Source 
svn:r1263
This commit is contained in:
Roger Dingledine 2004-03-12 12:43:13 +00:00
parent 623cb0e311
commit 6af8d0606f
3 changed files with 141 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
src/or/directory.c
View File

@ -12,8 +12,8 @@ static int directory_handle_command(connection_t *conn);
extern or_options_t options; /* command-line and config-file options */
extern int has_fetched_directory;
static char fetchstring[] = "GET / HTTP/1.0\r\n\r\n";
static char answerstring[] = "HTTP/1.0 200 OK\r\n\r\n";
#define MAX_HEADERS_SIZE 2048
#define MAX_BODY_SIZE 500000
/********* END VARIABLES ************/
@ -69,6 +69,7 @@ void directory_initiate_command(routerinfo_t *router, int command) {
}
static int directory_send_command(connection_t *conn, int command) {
char fetchstring[] = "GET / HTTP/1.0\r\n\r\n";
const char *s;
char tmp[8192];
@ -94,59 +95,116 @@ static int directory_send_command(connection_t *conn, int command) {
return 0;
}
/* Parse "HTTP/1.%d %d%s\r\n".
* If it's well-formed, assign *code, point *message to the first
* non-space character after code if there is one and message is non-NULL
* (else leave it alone), and return 0.
* Otherwise, return -1.
*/
int parse_http_response(char *headers, int *code, char **message) {
int n1, n2;
assert(headers && code);
while(isspace(*headers)) headers++; /* tolerate leading whitespace */
if(sscanf(headers, "HTTP/1.%d %d", &n1, &n2) < 2 ||
(n1 != 0 && n1 != 1) ||
(n2 < 100 || n2 >= 600)) {
log_fn(LOG_WARN,"Failed to parse header '%s'",headers);
return -1;
}
*code = n2;
if(message) {
/* XXX should set *message correctly */
}
return 0;
}
int connection_dir_process_inbuf(connection_t *conn) {
char *directory;
int directorylen=0;
char *headers;
int status_code;
assert(conn && conn->type == CONN_TYPE_DIR);
if(conn->inbuf_reached_eof) {
switch(conn->state) {
case DIR_CONN_STATE_CLIENT_READING_FETCH:
/* kill it, but first fetch/process the directory to learn about new routers. */
switch(fetch_from_buf_http(conn->inbuf,
NULL, 0, &directory, MAX_DIR_SIZE)) {
case -1: /* overflow */
log_fn(LOG_WARN,"'fetch' response too large. Failing.");
connection_mark_for_close(conn,0);
return -1;
case 0:
log_fn(LOG_INFO,"'fetch' response not all here, but we're at eof. Closing.");
connection_mark_for_close(conn,0);
return -1;
/* case 1, fall through */
}
/* XXX check headers, at least make sure returned 2xx */
directorylen = strlen(directory);
log_fn(LOG_INFO,"Received directory (size %d):\n%s", directorylen, directory);
if(directorylen == 0) {
log_fn(LOG_INFO,"Empty directory. Ignoring.");
free(directory);
connection_mark_for_close(conn,0);
return 0;
}
if(router_set_routerlist_from_directory(directory, conn->identity_pkey) < 0){
log_fn(LOG_INFO,"...but parsing failed. Ignoring.");
} else {
log_fn(LOG_INFO,"updated routers.");
}
has_fetched_directory=1;
if(options.ORPort) { /* connect to them all */
router_retry_connections();
}
free(directory);
connection_mark_for_close(conn,0);
return 0;
case DIR_CONN_STATE_CLIENT_READING_UPLOAD:
/* XXX make sure there's a 200 OK on the buffer */
log_fn(LOG_INFO,"eof while reading upload response. Finished.");
connection_mark_for_close(conn,0);
return 0;
default:
log_fn(LOG_INFO,"conn reached eof, not reading. Closing.");
connection_close_immediate(conn); /* it was an error; give up on flushing */
if(conn->state != DIR_CONN_STATE_CLIENT_READING_FETCH &&
conn->state != DIR_CONN_STATE_CLIENT_READING_UPLOAD) {
log_fn(LOG_INFO,"conn reached eof, not reading. Closing.");
connection_close_immediate(conn); /* it was an error; give up on flushing */
connection_mark_for_close(conn,0);
return -1;
}
switch(fetch_from_buf_http(conn->inbuf,
&headers, MAX_HEADERS_SIZE,
&directory, MAX_DIR_SIZE)) {
case -1: /* overflow */
log_fn(LOG_WARN,"'fetch' response too large. Failing.");
connection_mark_for_close(conn,0);
return -1;
case 0:
log_fn(LOG_INFO,"'fetch' response not all here, but we're at eof. Closing.");
connection_mark_for_close(conn,0);
return -1;
/* case 1, fall through */
}
if(parse_http_response(headers, &status_code, NULL) < 0) {
log_fn(LOG_WARN,"Unparseable headers. Closing.");
free(directory); free(headers);
connection_mark_for_close(conn,0);
return -1;
}
if(conn->state == DIR_CONN_STATE_CLIENT_READING_FETCH) {
/* fetch/process the directory to learn about new routers. */
int directorylen;
directorylen = strlen(directory);
log_fn(LOG_INFO,"Received directory (size %d):\n%s", directorylen, directory);
if(status_code == 503 || directorylen == 0) {
log_fn(LOG_INFO,"Empty directory. Ignoring.");
free(directory); free(headers);
connection_mark_for_close(conn,0);
return 0;
}
if(status_code != 200) {
log_fn(LOG_WARN,"Received http status code %d from dirserver. Failing.",
status_code);
free(directory); free(headers);
connection_mark_for_close(conn,0);
return -1;
}
if(router_set_routerlist_from_directory(directory, conn->identity_pkey) < 0){
log_fn(LOG_INFO,"...but parsing failed. Ignoring.");
} else {
log_fn(LOG_INFO,"updated routers.");
}
has_fetched_directory=1;
if(options.ORPort) { /* connect to them all */
router_retry_connections();
}
free(directory); free(headers);
connection_mark_for_close(conn,0);
return 0;
}
if(conn->state == DIR_CONN_STATE_CLIENT_READING_UPLOAD) {
switch(status_code) {
case 200:
log_fn(LOG_INFO,"eof (status 200) while reading upload response: finished.");
break;
case 400:
log_fn(LOG_WARN,"http status 400 (bad request) from dirserver. Is your clock skewed?");
break;
case 403:
log_fn(LOG_WARN,"http status 403 (unapproved server) from dirserver. Have you mailed arma your identity fingerprint? Are you using the right key?");
break;
}
free(directory); free(headers);
connection_mark_for_close(conn,0);
return 0;
}
}
@ -159,6 +217,11 @@ int connection_dir_process_inbuf(connection_t *conn) {
return 0;
}
static char answer200[] = "HTTP/1.0 200 OK\r\n\r\n";
static char answer400[] = "HTTP/1.0 400 Bad request\r\n\r\n";
static char answer403[] = "HTTP/1.0 403 Unapproved server\r\n\r\n";
static char answer503[] = "HTTP/1.0 503 Directory unavailable\r\n\r\n";
static int directory_handle_command_get(connection_t *conn,
char *headers, char *body) {
size_t dlen;
@ -171,11 +234,13 @@ static int directory_handle_command_get(connection_t *conn,
if(dlen == 0) {
log_fn(LOG_WARN,"My directory is empty. Closing.");
return -1; /* XXX send some helpful http error code */
connection_write_to_buf(answer503, strlen(answer503), conn);
conn->state = DIR_CONN_STATE_SERVER_WRITING;
return 0;
}
log_fn(LOG_DEBUG,"Dumping directory to client.");
connection_write_to_buf(answerstring, strlen(answerstring), conn);
connection_write_to_buf(answer200, strlen(answer200), conn);
connection_write_to_buf(cp, dlen, conn);
conn->state = DIR_CONN_STATE_SERVER_WRITING;
return 0;
@ -188,12 +253,20 @@ static int directory_handle_command_post(connection_t *conn,
/* XXX should check url and http version */
log_fn(LOG_DEBUG,"Received POST command.");
cp = body;
if(dirserv_add_descriptor(&cp) < 0) {
log_fn(LOG_WARN,"dirserv_add_descriptor() failed. Dropping.");
return -1; /* XXX should write an http failed code */
switch(dirserv_add_descriptor(&cp)) {
case -1:
/* malformed descriptor, or clock is skewed, or something wrong */
connection_write_to_buf(answer400, strlen(answer400), conn);
break;
case 0:
/* descriptor was well-formed but server has not been approved */
connection_write_to_buf(answer403, strlen(answer403), conn);
break;
case 1:
dirserv_get_directory(&cp); /* rebuild and write to disk */
connection_write_to_buf(answer200, strlen(answer200), conn);
break;
}
dirserv_get_directory(&cp); /* rebuild and write to disk */
connection_write_to_buf(answerstring, strlen(answerstring), conn);
conn->state = DIR_CONN_STATE_SERVER_WRITING;
return 0;
}
@ -202,9 +275,6 @@ static int directory_handle_command(connection_t *conn) {
char *headers=NULL, *body=NULL;
int r;
#define MAX_HEADERS_SIZE 2048
#define MAX_BODY_SIZE 500000
assert(conn && conn->type == CONN_TYPE_DIR);
switch(fetch_from_buf_http(conn->inbuf,

34
src/or/dirserv.c
View File

@ -182,15 +182,13 @@ dirserv_free_descriptors()
n_descriptors = 0;
}
/* Return 0 if descriptor is well-formed; -1 if descriptor is not
* well-formed. Update *desc to point after the descriptor if the
/* Return 1 if descriptor is well-formed and accepted;
* 0 if well-formed and server is unapproved;
* -1 if not well-formed or if clock is skewed or other error.
*
* Update *desc to point after the descriptor if the
* descriptor is well-formed.
*/
/* XXX down the road perhaps we should return 1 for accepted, 0 for
* well-formed but rejected, -1 for not-well-formed. So remote servers
* can know if their submission was accepted and not just whether it
* was well-formed. ...Or maybe we shouldn't give them that info?
*/
int
dirserv_add_descriptor(const char **desc)
{
@ -205,7 +203,7 @@ dirserv_add_descriptor(const char **desc)
start = strstr(*desc, "router ");
if (!start) {
log(LOG_WARN, "no descriptor found.");
goto err;
return -1;
}
if ((end = strstr(start+6, "\nrouter "))) {
++end; /* Include NL. */
@ -219,11 +217,11 @@ dirserv_add_descriptor(const char **desc)
/* Check: is the descriptor syntactically valid? */
ri = router_get_entry_from_string(cp, NULL);
tor_free(desc_tmp);
if (!ri) {
log(LOG_WARN, "Couldn't parse descriptor");
goto err;
return -1;
}
tor_free(desc_tmp);
/* Okay. Now check whether the fingerprint is recognized. */
r = dirserv_router_fingerprint_is_known(ri);
if(r<1) {
@ -248,7 +246,7 @@ dirserv_add_descriptor(const char **desc)
log_fn(LOG_WARN, "Publication time for nickname %s is too far in the future; possible clock skew. Not adding", ri->nickname);
routerinfo_free(ri);
*desc = end;
return 0;
return -1;
}
/* Do we already have an entry for this router? */
desc_ent_ptr = NULL;
@ -263,10 +261,10 @@ dirserv_add_descriptor(const char **desc)
if ((*desc_ent_ptr)->published > ri->published_on) {
/* We already have a newer descriptor */
log_fn(LOG_INFO,"We already have a newer desc for nickname %s. Not adding.",ri->nickname);
/* This isn't really an error; return. */
/* This isn't really an error; return success. */
routerinfo_free(ri);
*desc = end;
return 0;
return 1;
}
/* We don't have a newer one; we'll update this one. */
free_descriptor_entry(*desc_ent_ptr);
@ -287,13 +285,7 @@ dirserv_add_descriptor(const char **desc)
directory_set_dirty();
routerinfo_free(ri);
return 0;
err:
tor_free(desc_tmp);
if (ri)
routerinfo_free(ri);
return -1;
return 1;
}
void
@ -310,7 +302,7 @@ dirserv_init_from_directory_string(const char *dir)
cp = strstr(cp, "\nrouter ");
if (!cp) break;
++cp;
if (dirserv_add_descriptor(&cp)) {
if (dirserv_add_descriptor(&cp) < 0) {
return -1;
}
--cp; /*Back up to newline.*/

2
src/or/router.c
View File

@ -161,7 +161,7 @@ int init_keys(void) {
return -1;
}
tmp = mydesc = router_get_my_descriptor();
if (dirserv_add_descriptor(&tmp)) {
if (dirserv_add_descriptor(&tmp) != 1) {
log(LOG_ERR, "Unable to add own descriptor to directory.");
return -1;
}