From 99874ecc1de43756bc5ba7f92ef8073e5d5b3c72 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 09:27:35 -0500 Subject: [PATCH] Move AuthDirPinKeys to dirauth module. --- src/app/config/config.c | 1 - src/app/config/or_options_st.h | 2 -- src/feature/dirauth/dirauth_options.inc | 3 +++ src/feature/dirauth/process_descs.c | 6 ++++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 815cd76e80..02ab2f2f88 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -329,7 +329,6 @@ static const config_var_t option_vars_[] = { V(AuthDirBadExitCCs, CSV, ""), V(AuthDirInvalid, LINELIST, NULL), V(AuthDirInvalidCCs, CSV, ""), - V(AuthDirPinKeys, BOOL, "1"), V(AuthDirReject, LINELIST, NULL), V(AuthDirRejectCCs, CSV, ""), OBSOLETE("AuthDirRejectUnlisted"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 45175e7c2e..b55c364c26 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -457,8 +457,6 @@ struct or_options_t { struct smartlist_t *AuthDirRejectCCs; /**@}*/ - int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */ - char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index af3a22c8fa..dddb538981 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -30,6 +30,9 @@ CONF_VAR(AuthDirListBadExits, BOOL, 0, "0") /** Do not permit more than this number of servers per IP address. */ CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2") +/** Boolean: Do we enforce key-pinning? */ +CONF_VAR(AuthDirPinKeys, BOOL, 0, "1") + /** Which versions of tor should we tell users to run? */ CONF_VAR(RecommendedVersions, LINELIST, 0, NULL) diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c index 8dae4e9335..207aae3791 100644 --- a/src/feature/dirauth/process_descs.c +++ b/src/feature/dirauth/process_descs.c @@ -18,6 +18,7 @@ #include "app/config/config.h" #include "core/or/policies.h" #include "core/or/versions.h" +#include "feature/dirauth/dirauth_sys.h" #include "feature/dirauth/keypin.h" #include "feature/dirauth/reachability.h" #include "feature/dirclient/dlstatus.h" @@ -32,6 +33,7 @@ #include "feature/relay/router.h" #include "core/or/tor_version_st.h" +#include "feature/dirauth/dirauth_options_st.h" #include "feature/nodelist/extrainfo_st.h" #include "feature/nodelist/node_st.h" #include "feature/nodelist/routerinfo_st.h" @@ -232,7 +234,7 @@ dirserv_router_get_status(const routerinfo_t *router, const char **msg, int severity) { char d[DIGEST_LEN]; - const int key_pinning = get_options()->AuthDirPinKeys; + const int key_pinning = dirauth_get_options()->AuthDirPinKeys; if (crypto_pk_get_digest(router->identity_pkey, d)) { log_warn(LD_BUG,"Error computing fingerprint"); @@ -666,7 +668,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source) char *desc, *nickname; const size_t desclen = ri->cache_info.signed_descriptor_len + ri->cache_info.annotations_len; - const int key_pinning = get_options()->AuthDirPinKeys; + const int key_pinning = dirauth_get_options()->AuthDirPinKeys; *msg = NULL; /* If it's too big, refuse it now. Otherwise we'll cache it all over the