mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Merge branch 'dirauth_config_squashed'
This commit is contained in:
commit
a6ba56761b
@ -337,7 +337,6 @@ static const config_var_t option_vars_[] = {
|
||||
OBSOLETE("AuthDirRejectUnlisted"),
|
||||
OBSOLETE("AuthDirListBadDirs"),
|
||||
V(AuthDirListBadExits, BOOL, "0"),
|
||||
V(AuthDirMaxServersPerAddr, POSINT, "2"),
|
||||
OBSOLETE("AuthDirMaxServersPerAuthAddr"),
|
||||
V(AuthDirHasIPv6Connectivity, BOOL, "0"),
|
||||
VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
|
||||
|
@ -467,8 +467,6 @@ struct or_options_t {
|
||||
|
||||
int AuthDirListBadExits; /**< True iff we should list bad exits,
|
||||
* and vote for all other exits as good. */
|
||||
int AuthDirMaxServersPerAddr; /**< Do not permit more than this
|
||||
* number of servers per IP address. */
|
||||
int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */
|
||||
int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */
|
||||
|
||||
|
@ -66,13 +66,9 @@ const subsys_fns_t *tor_subsystems[] = {
|
||||
&sys_mainloop,
|
||||
&sys_or,
|
||||
|
||||
#ifdef HAVE_MODULE_RELAY
|
||||
&sys_relay,
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_MODULE_DIRAUTH
|
||||
&sys_dirauth,
|
||||
#endif
|
||||
};
|
||||
|
||||
const unsigned n_tor_subsystems = ARRAY_LENGTH(tor_subsystems);
|
||||
|
@ -157,6 +157,11 @@ LIBTOR_APP_A_SOURCES = \
|
||||
src/feature/stats/rephist.c \
|
||||
src/feature/stats/predict_ports.c
|
||||
|
||||
#
|
||||
# Sources that we only add for the real libtor_a, and not for testing.
|
||||
#
|
||||
LIBTOR_APP_A_STUB_SOURCES =
|
||||
|
||||
if BUILD_NT_SERVICES
|
||||
LIBTOR_APP_A_SOURCES += src/app/main/ntmain.c
|
||||
endif
|
||||
@ -199,13 +204,19 @@ MODULE_DIRAUTH_SOURCES = \
|
||||
|
||||
if BUILD_MODULE_RELAY
|
||||
LIBTOR_APP_A_SOURCES += $(MODULE_RELAY_SOURCES)
|
||||
else
|
||||
LIBTOR_APP_A_STUB_SOURCES += src/feature/relay/relay_stub.c
|
||||
endif
|
||||
|
||||
if BUILD_MODULE_DIRAUTH
|
||||
LIBTOR_APP_A_SOURCES += $(MODULE_DIRAUTH_SOURCES)
|
||||
else
|
||||
LIBTOR_APP_A_STUB_SOURCES += src/feature/dirauth/dirauth_stub.c
|
||||
endif
|
||||
|
||||
src_core_libtor_app_a_SOURCES = $(LIBTOR_APP_A_SOURCES)
|
||||
src_core_libtor_app_a_SOURCES = \
|
||||
$(LIBTOR_APP_A_SOURCES) \
|
||||
$(LIBTOR_APP_A_STUB_SOURCES)
|
||||
if UNITTESTS_ENABLED
|
||||
|
||||
# Add the sources of the modules that are needed for tests to work here.
|
||||
@ -344,6 +355,8 @@ noinst_HEADERS += \
|
||||
src/feature/dirauth/bridgeauth.h \
|
||||
src/feature/dirauth/bwauth.h \
|
||||
src/feature/dirauth/dirauth_config.h \
|
||||
src/feature/dirauth/dirauth_options.inc \
|
||||
src/feature/dirauth/dirauth_options_st.h \
|
||||
src/feature/dirauth/dirauth_periodic.h \
|
||||
src/feature/dirauth/dirauth_sys.h \
|
||||
src/feature/dirauth/dircollate.h \
|
||||
|
@ -1 +1,2 @@
|
||||
*.h
|
||||
feature/dirauth/*.inc
|
||||
|
@ -15,6 +15,7 @@
|
||||
|
||||
#include "lib/encoding/confline.h"
|
||||
#include "lib/confmgt/confmgt.h"
|
||||
#include "lib/conf/confdecl.h"
|
||||
|
||||
/* Required for dirinfo_type_t in or_options_t */
|
||||
#include "core/or/or.h"
|
||||
@ -28,6 +29,7 @@
|
||||
#include "feature/dirauth/dirauth_periodic.h"
|
||||
#include "feature/dirauth/dirvote.h"
|
||||
#include "feature/dirauth/guardfraction.h"
|
||||
#include "feature/dirauth/dirauth_options_st.h"
|
||||
|
||||
/* Copied from config.c, we will refactor later in 29211. */
|
||||
#define REJECT(arg) \
|
||||
@ -438,3 +440,23 @@ options_act_dirauth_stats(const or_options_t *old_options,
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Declare the options field table for dirauth_options */
|
||||
#define CONF_CONTEXT TABLE
|
||||
#include "feature/dirauth/dirauth_options.inc"
|
||||
#undef CONF_CONTEXT
|
||||
|
||||
/** Magic number for dirauth_options_t. */
|
||||
#define DIRAUTH_OPTIONS_MAGIC 0x41757448
|
||||
|
||||
/**
|
||||
* Declare the configuration options for the dirauth module.
|
||||
**/
|
||||
const config_format_t dirauth_options_fmt = {
|
||||
.size = sizeof(dirauth_options_t),
|
||||
.magic = { "dirauth_options_t",
|
||||
DIRAUTH_OPTIONS_MAGIC,
|
||||
offsetof(dirauth_options_t, magic) },
|
||||
.vars = dirauth_options_t_vars,
|
||||
};
|
||||
|
||||
|
@ -39,6 +39,8 @@ int options_act_dirauth_mtbf(const struct or_options_t *old_options);
|
||||
int options_act_dirauth_stats(const struct or_options_t *old_options,
|
||||
bool *print_notice_out);
|
||||
|
||||
extern const struct config_format_t dirauth_options_fmt;
|
||||
|
||||
#else /* !defined(HAVE_MODULE_DIRAUTH) */
|
||||
|
||||
/** When tor is compiled with the dirauth module disabled, it can't be
|
||||
|
18
src/feature/dirauth/dirauth_options.inc
Normal file
18
src/feature/dirauth/dirauth_options.inc
Normal file
@ -0,0 +1,18 @@
|
||||
/* Copyright (c) 2001 Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2019, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
* @file dirauth_options.inc
|
||||
* @brief Declare configuration options for the crypto_ops module.
|
||||
**/
|
||||
|
||||
/** Holds configuration about our directory authority options. */
|
||||
BEGIN_CONF_STRUCT(dirauth_options_t)
|
||||
|
||||
/** Do not permit more than this number of servers per IP address. */
|
||||
CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2")
|
||||
|
||||
END_CONF_STRUCT(dirauth_options_t)
|
22
src/feature/dirauth/dirauth_options_st.h
Normal file
22
src/feature/dirauth/dirauth_options_st.h
Normal file
@ -0,0 +1,22 @@
|
||||
/* Copyright (c) 2001 Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2019, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
* @file dirauth_options_st.h
|
||||
* @brief Structure dirauth_options_t to hold directory authority options.
|
||||
**/
|
||||
|
||||
#ifndef TOR_FEATURE_DIRAUTH_DIRAUTH_OPTIONS_ST_H
|
||||
#define TOR_FEATURE_DIRAUTH_DIRAUTH_OPTIONS_ST_H
|
||||
|
||||
#include "lib/conf/confdecl.h"
|
||||
#define CONF_CONTEXT STRUCT
|
||||
#include "feature/dirauth/dirauth_options.inc"
|
||||
#undef CONF_CONTEXT
|
||||
|
||||
typedef struct dirauth_options_t dirauth_options_t;
|
||||
|
||||
#endif /* !defined(TOR_FEATURE_DIRAUTH_DIRAUTH_OPTIONS_ST_H) */
|
33
src/feature/dirauth/dirauth_stub.c
Normal file
33
src/feature/dirauth/dirauth_stub.c
Normal file
@ -0,0 +1,33 @@
|
||||
/* Copyright (c) 2001 Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2019, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
* @file dirauth_stub.c
|
||||
* @brief Stub declarations for use when dirauth module is disabled.
|
||||
**/
|
||||
|
||||
#include "orconfig.h"
|
||||
#include "feature/dirauth/dirauth_sys.h"
|
||||
#include "lib/conf/conftypes.h"
|
||||
#include "lib/conf/confdecl.h"
|
||||
#include "lib/subsys/subsys.h"
|
||||
|
||||
/* Declare the options field table for dirauth_options */
|
||||
#define CONF_CONTEXT STUB_TABLE
|
||||
#include "feature/dirauth/dirauth_options.inc"
|
||||
#undef CONF_CONTEXT
|
||||
|
||||
static const config_format_t dirauth_options_stub_fmt = {
|
||||
.vars = dirauth_options_t_vars,
|
||||
};
|
||||
|
||||
const struct subsys_fns_t sys_dirauth = {
|
||||
.name = "dirauth",
|
||||
.supported = false,
|
||||
.level = DIRAUTH_SUBSYS_LEVEL,
|
||||
|
||||
.options_format = &dirauth_options_stub_fmt
|
||||
};
|
@ -17,9 +17,14 @@
|
||||
#include "feature/dirauth/dirauth_periodic.h"
|
||||
#include "feature/dirauth/keypin.h"
|
||||
#include "feature/dirauth/process_descs.h"
|
||||
#include "feature/dirauth/dirauth_config.h"
|
||||
|
||||
#include "feature/dirauth/dirauth_options_st.h"
|
||||
|
||||
#include "lib/subsys/subsys.h"
|
||||
|
||||
static const dirauth_options_t *global_dirauth_options;
|
||||
|
||||
static int
|
||||
subsys_dirauth_initialize(void)
|
||||
{
|
||||
@ -34,12 +39,31 @@ subsys_dirauth_shutdown(void)
|
||||
dirvote_free_all();
|
||||
dirserv_clear_measured_bw_cache();
|
||||
keypin_close_journal();
|
||||
global_dirauth_options = NULL;
|
||||
}
|
||||
|
||||
const dirauth_options_t *
|
||||
dirauth_get_options(void)
|
||||
{
|
||||
tor_assert(global_dirauth_options);
|
||||
return global_dirauth_options;
|
||||
}
|
||||
|
||||
static int
|
||||
dirauth_set_options(void *arg)
|
||||
{
|
||||
dirauth_options_t *opts = arg;
|
||||
global_dirauth_options = opts;
|
||||
return 0;
|
||||
}
|
||||
|
||||
const struct subsys_fns_t sys_dirauth = {
|
||||
.name = "dirauth",
|
||||
.supported = true,
|
||||
.level = 70,
|
||||
.level = DIRAUTH_SUBSYS_LEVEL,
|
||||
.initialize = subsys_dirauth_initialize,
|
||||
.shutdown = subsys_dirauth_shutdown,
|
||||
|
||||
.options_format = &dirauth_options_fmt,
|
||||
.set_options = dirauth_set_options,
|
||||
};
|
||||
|
@ -12,10 +12,17 @@
|
||||
#ifndef DIRAUTH_SYS_H
|
||||
#define DIRAUTH_SYS_H
|
||||
|
||||
#ifdef HAVE_MODULE_DIRAUTH
|
||||
struct dirauth_options_t;
|
||||
const struct dirauth_options_t *dirauth_get_options(void);
|
||||
|
||||
extern const struct subsys_fns_t sys_dirauth;
|
||||
|
||||
#endif
|
||||
/**
|
||||
* Subsystem level for the directory-authority system.
|
||||
*
|
||||
* Defined here so that it can be shared between the real and stub
|
||||
* definitions.
|
||||
**/
|
||||
#define DIRAUTH_SUBSYS_LEVEL 70
|
||||
|
||||
#endif /* !defined(DIRAUTH_SYS_H) */
|
||||
|
@ -41,10 +41,12 @@
|
||||
#include "feature/dirauth/dirvote.h"
|
||||
#include "feature/dirauth/authmode.h"
|
||||
#include "feature/dirauth/shared_random_state.h"
|
||||
#include "feature/dirauth/dirauth_sys.h"
|
||||
|
||||
#include "feature/nodelist/authority_cert_st.h"
|
||||
#include "feature/dircache/cached_dir_st.h"
|
||||
#include "feature/dirclient/dir_server_st.h"
|
||||
#include "feature/dirauth/dirauth_options_st.h"
|
||||
#include "feature/nodelist/document_signature_st.h"
|
||||
#include "feature/nodelist/microdesc_st.h"
|
||||
#include "feature/nodelist/networkstatus_st.h"
|
||||
@ -4228,7 +4230,7 @@ compare_routerinfo_by_ip_and_bw_(const void **a, const void **b)
|
||||
static digestmap_t *
|
||||
get_possible_sybil_list(const smartlist_t *routers)
|
||||
{
|
||||
const or_options_t *options = get_options();
|
||||
const dirauth_options_t *options = dirauth_get_options();
|
||||
digestmap_t *omit_as_sybil;
|
||||
smartlist_t *routers_by_ip = smartlist_new();
|
||||
uint32_t last_addr;
|
||||
|
20
src/feature/relay/relay_stub.c
Normal file
20
src/feature/relay/relay_stub.c
Normal file
@ -0,0 +1,20 @@
|
||||
/* Copyright (c) 2001 Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2019, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
* @file relay_stub.c
|
||||
* @brief Stub declarations for use when relay module is disabled.
|
||||
**/
|
||||
|
||||
#include "orconfig.h"
|
||||
#include "feature/relay/relay_sys.h"
|
||||
#include "lib/subsys/subsys.h"
|
||||
|
||||
const struct subsys_fns_t sys_relay = {
|
||||
.name = "relay",
|
||||
.supported = false,
|
||||
.level = RELAY_SUBSYS_LEVEL,
|
||||
};
|
@ -42,7 +42,7 @@ subsys_relay_shutdown(void)
|
||||
const struct subsys_fns_t sys_relay = {
|
||||
.name = "relay",
|
||||
.supported = true,
|
||||
.level = 50,
|
||||
.level = RELAY_SUBSYS_LEVEL,
|
||||
.initialize = subsys_relay_initialize,
|
||||
.shutdown = subsys_relay_shutdown,
|
||||
};
|
||||
|
@ -12,10 +12,14 @@
|
||||
#ifndef TOR_FEATURE_RELAY_RELAY_SYS_H
|
||||
#define TOR_FEATURE_RELAY_RELAY_SYS_H
|
||||
|
||||
#ifdef HAVE_MODULE_RELAY
|
||||
|
||||
extern const struct subsys_fns_t sys_relay;
|
||||
|
||||
#endif
|
||||
/**
|
||||
* Subsystem level for the relay system.
|
||||
*
|
||||
* Defined here so that it can be shared between the real and stub
|
||||
* definitions.
|
||||
**/
|
||||
#define RELAY_SUBSYS_LEVEL 50
|
||||
|
||||
#endif /* !defined(TOR_FEATURE_RELAY_RELAY_SYS_H) */
|
||||
|
@ -51,6 +51,7 @@
|
||||
|
||||
#undef CONF_CONTEXT
|
||||
#include "lib/cc/tokpaste.h"
|
||||
#include "lib/cc/torint.h"
|
||||
|
||||
/**
|
||||
* Begin the definition of a configuration object called `name`.
|
||||
@ -134,6 +135,28 @@
|
||||
.initvalue = initval \
|
||||
},
|
||||
/**@}*/
|
||||
|
||||
/* @defgroup STUB_TABLE_MACROS Internal macros: stub table declarations,
|
||||
* for use when a module is disabled.
|
||||
* Implementation helpers: the regular confdecl macros expand to these
|
||||
* when CONF_CONTEXT is defined to LL_TABLE. Don't use them directly.
|
||||
* @{*/
|
||||
#define BEGIN_CONF_STRUCT__STUB_TABLE(structname) \
|
||||
static const config_var_t structname##_vars[] = {
|
||||
#define END_CONF_STRUCT__STUB_TABLE(structname) \
|
||||
{ .member = { .name = NULL } } \
|
||||
};
|
||||
#define CONF_VAR__STUB_TABLE(varname, vartype, varflags, initval) \
|
||||
{ \
|
||||
.member = \
|
||||
{ .name = #varname, \
|
||||
.type = CONFIG_TYPE_IGNORE, \
|
||||
.offset = -1, \
|
||||
}, \
|
||||
.flags = CFLG_GROUP_DISABLED, \
|
||||
},
|
||||
/**@}*/
|
||||
|
||||
#endif /* !defined(COCCI) */
|
||||
|
||||
/** Type aliases for the "commonly used" configuration types.
|
||||
|
@ -131,6 +131,9 @@ typedef struct struct_member_t {
|
||||
*
|
||||
* These 'magic numbers' are 32-bit values used to tag objects to make sure
|
||||
* that they have the correct type.
|
||||
*
|
||||
* If all fields in this structure are zero or 0, the magic-number check is
|
||||
* not performed.
|
||||
*/
|
||||
typedef struct struct_magic_decl_t {
|
||||
/** The name of the structure */
|
||||
@ -199,6 +202,11 @@ typedef struct struct_magic_decl_t {
|
||||
* whenever the user tries to use it.
|
||||
**/
|
||||
#define CFLG_WARN_OBSOLETE (1u<<7)
|
||||
/**
|
||||
* Flag to indicate that we should warn that an option applies only to
|
||||
* a disabled module, whenever the user tries to use it.
|
||||
**/
|
||||
#define CFLG_WARN_DISABLED (1u<<8)
|
||||
|
||||
/**
|
||||
* A group of flags that should be set on all obsolete options and types.
|
||||
@ -207,6 +215,13 @@ typedef struct struct_magic_decl_t {
|
||||
(CFLG_NOCOPY|CFLG_NOCMP|CFLG_NODUMP|CFLG_NOSET|CFLG_NOLIST|\
|
||||
CFLG_WARN_OBSOLETE)
|
||||
|
||||
/**
|
||||
* A group of fflags that should be set on all disabled options.
|
||||
**/
|
||||
#define CFLG_GROUP_DISABLED \
|
||||
(CFLG_NOCOPY|CFLG_NOCMP|CFLG_NODUMP|CFLG_NOSET|CFLG_NOLIST|\
|
||||
CFLG_WARN_DISABLED)
|
||||
|
||||
/** A variable allowed in the configuration file or on the command line. */
|
||||
typedef struct config_var_t {
|
||||
struct_member_t member; /** A struct member corresponding to this
|
||||
|
@ -660,6 +660,9 @@ config_assign_value(const config_mgr_t *mgr, void *options,
|
||||
if (config_var_has_flag(var->cvar, CFLG_WARN_OBSOLETE)) {
|
||||
log_warn(LD_GENERAL, "Skipping obsolete configuration option \"%s\".",
|
||||
var->cvar->member.name);
|
||||
} else if (config_var_has_flag(var->cvar, CFLG_WARN_DISABLED)) {
|
||||
log_warn(LD_GENERAL, "This copy of Tor was built without support for "
|
||||
"the option \"%s\". Skipping.", var->cvar->member.name);
|
||||
}
|
||||
|
||||
return struct_var_kvassign(object, c, msg, &var->cvar->member);
|
||||
|
@ -29,14 +29,29 @@
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
/**
|
||||
* Return true iff all fields on <b>decl</b> are NULL or 0, indicating that
|
||||
* there is no object or no magic number to check.
|
||||
**/
|
||||
static inline bool
|
||||
magic_is_null(const struct_magic_decl_t *decl)
|
||||
{
|
||||
return decl->typename == NULL &&
|
||||
decl->magic_offset == 0 &&
|
||||
decl->magic_val == 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the 'magic number' on <b>object</b> to correspond to decl.
|
||||
**/
|
||||
void
|
||||
struct_set_magic(void *object, const struct_magic_decl_t *decl)
|
||||
{
|
||||
tor_assert(object);
|
||||
tor_assert(decl);
|
||||
if (magic_is_null(decl))
|
||||
return;
|
||||
|
||||
tor_assert(object);
|
||||
uint32_t *ptr = STRUCT_VAR_P(object, decl->magic_offset);
|
||||
*ptr = decl->magic_val;
|
||||
}
|
||||
@ -47,8 +62,11 @@ struct_set_magic(void *object, const struct_magic_decl_t *decl)
|
||||
void
|
||||
struct_check_magic(const void *object, const struct_magic_decl_t *decl)
|
||||
{
|
||||
tor_assert(object);
|
||||
tor_assert(decl);
|
||||
if (magic_is_null(decl))
|
||||
return;
|
||||
|
||||
tor_assert(object);
|
||||
|
||||
const uint32_t *ptr = STRUCT_VAR_P(object, decl->magic_offset);
|
||||
tor_assertf(*ptr == decl->magic_val,
|
||||
|
1
src/test/conf_examples/dirauth_2/expected
Normal file
1
src/test/conf_examples/dirauth_2/expected
Normal file
@ -0,0 +1 @@
|
||||
AuthDirMaxServersPerAddr 8
|
1
src/test/conf_examples/dirauth_2/expected_log
Normal file
1
src/test/conf_examples/dirauth_2/expected_log
Normal file
@ -0,0 +1 @@
|
||||
Read configuration file
|
1
src/test/conf_examples/dirauth_2/expected_log_no_dirauth
Normal file
1
src/test/conf_examples/dirauth_2/expected_log_no_dirauth
Normal file
@ -0,0 +1 @@
|
||||
This copy of Tor was built without support for the option "AuthDirMaxServersPerAddr". Skipping.
|
@ -0,0 +1 @@
|
||||
This copy of Tor was built without support for the option "AuthDirMaxServersPerAddr". Skipping.
|
5
src/test/conf_examples/dirauth_2/torrc
Normal file
5
src/test/conf_examples/dirauth_2/torrc
Normal file
@ -0,0 +1,5 @@
|
||||
#
|
||||
# This will get accepted if the module is enabled, and ignored if the module
|
||||
# is disabled.
|
||||
#
|
||||
AuthDirMaxServersPerAddr 8
|
Loading…
Reference in New Issue
Block a user