Move AuthDirPinKeys to dirauth module.

2024-11-27 22:03:31 +01:00 · 2019-12-19 09:27:35 -05:00 · 2019-12-19 09:27:35 -05:00 · 99874ecc1d
commit 99874ecc1d
parent 9386b0b28a
4 changed files with 7 additions and 5 deletions
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@ -329,7 +329,6 @@ static const config_var_t option_vars_[] = {
  V(AuthDirBadExitCCs,           CSV,      ""),
  V(AuthDirInvalid,              LINELIST, NULL),
  V(AuthDirInvalidCCs,           CSV,      ""),
-  V(AuthDirPinKeys,              BOOL,     "1"),
  V(AuthDirReject,               LINELIST, NULL),
  V(AuthDirRejectCCs,            CSV,      ""),
  OBSOLETE("AuthDirRejectUnlisted"),
--- a/src/app/config/or_options_st.h
+++ b/src/app/config/or_options_st.h
@ -457,8 +457,6 @@ struct or_options_t {
  struct smartlist_t *AuthDirRejectCCs;
  /**@}*/

-  int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */
-
  char *AccountingStart; /**< How long is the accounting interval, and when
                          * does it start? */
  uint64_t AccountingMax; /**< How many bytes do we allow per accounting
--- a/src/feature/dirauth/dirauth_options.inc
+++ b/src/feature/dirauth/dirauth_options.inc
@ -30,6 +30,9 @@ CONF_VAR(AuthDirListBadExits, BOOL, 0, "0")
 /** Do not permit more than this number of servers per IP address. */
 CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2")

+/** Boolean: Do we enforce key-pinning? */
+CONF_VAR(AuthDirPinKeys, BOOL, 0, "1")
+
 /** Which versions of tor should we tell users to run? */
 CONF_VAR(RecommendedVersions, LINELIST, 0, NULL)

--- a/src/feature/dirauth/process_descs.c
+++ b/src/feature/dirauth/process_descs.c
@ -18,6 +18,7 @@
 #include "app/config/config.h"
 #include "core/or/policies.h"
 #include "core/or/versions.h"
+#include "feature/dirauth/dirauth_sys.h"
 #include "feature/dirauth/keypin.h"
 #include "feature/dirauth/reachability.h"
 #include "feature/dirclient/dlstatus.h"
@ -32,6 +33,7 @@
 #include "feature/relay/router.h"

 #include "core/or/tor_version_st.h"
+#include "feature/dirauth/dirauth_options_st.h"
 #include "feature/nodelist/extrainfo_st.h"
 #include "feature/nodelist/node_st.h"
 #include "feature/nodelist/routerinfo_st.h"
@ -232,7 +234,7 @@ dirserv_router_get_status(const routerinfo_t *router, const char **msg,
                          int severity)
 {
  char d[DIGEST_LEN];
-  const int key_pinning = get_options()->AuthDirPinKeys;
+  const int key_pinning = dirauth_get_options()->AuthDirPinKeys;

  if (crypto_pk_get_digest(router->identity_pkey, d)) {
    log_warn(LD_BUG,"Error computing fingerprint");
@ -666,7 +668,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
  char *desc, *nickname;
  const size_t desclen = ri->cache_info.signed_descriptor_len +
      ri->cache_info.annotations_len;
-  const int key_pinning = get_options()->AuthDirPinKeys;
+  const int key_pinning = dirauth_get_options()->AuthDirPinKeys;
  *msg = NULL;

  /* If it's too big, refuse it now. Otherwise we'll cache it all over the