From ea91edff15014eb24458cb0309e22d761cb170c1 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 19 Dec 2019 08:24:46 -0500 Subject: [PATCH] Dirauth options: move versioning options to dirauth module This commit moves VersioningAuthoritativeDirectory, RecommendedClientVersions, and RecommendedServerVersions. --- src/app/config/config.c | 4 -- src/app/config/or_options_st.h | 8 --- src/feature/dirauth/dirauth_config.c | 71 ++++++++++++++++++------- src/feature/dirauth/dirauth_options.inc | 13 +++++ src/feature/dirauth/dirvote.c | 7 +-- src/test/test_options.c | 25 +++++++-- 6 files changed, 90 insertions(+), 38 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 680a7eeefa..095c12109c 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -623,9 +623,6 @@ static const config_var_t option_vars_[] = { V(ReachableAddresses, LINELIST, NULL), V(ReachableDirAddresses, LINELIST, NULL), V(ReachableORAddresses, LINELIST, NULL), - V(RecommendedVersions, LINELIST, NULL), - V(RecommendedClientVersions, LINELIST, NULL), - V(RecommendedServerVersions, LINELIST, NULL), OBSOLETE("RecommendedPackages"), V(ReducedConnectionPadding, BOOL, "0"), V(ConnectionPadding, AUTOBOOL, "auto"), @@ -703,7 +700,6 @@ static const config_var_t option_vars_[] = { V(V3AuthUseLegacyKey, BOOL, "0"), V(V3BandwidthsFile, FILENAME, NULL), V(GuardfractionFile, FILENAME, NULL), - VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"), OBSOLETE("VoteOnHidServDirectoriesV2"), V(VirtualAddrNetworkIPv4, STRING, "127.192.0.0/10"), V(VirtualAddrNetworkIPv6, STRING, "[FE80::]/10"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index e63ae2510f..037dbf5a32 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -113,11 +113,6 @@ struct or_options_t { * [][0] is IPv4, [][1] is IPv6 */ tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]; - /** Directory server only: which versions of - * Tor should we tell users to run? */ - struct config_line_t *RecommendedVersions; - struct config_line_t *RecommendedClientVersions; - struct config_line_t *RecommendedServerVersions; /** Whether dirservers allow router descriptors with private IPs. */ int DirAllowPrivateAddresses; /** Whether routers accept EXTEND cells to routers with private IPs. */ @@ -192,9 +187,6 @@ struct or_options_t { int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */ int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory * for version 3 directories? */ - int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative - * directory that's willing to recommend - * versions? */ int BridgeAuthoritativeDir; /**< Boolean: is this an authoritative directory * that aggregates bridge descriptors? */ diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c index b7e160c241..821ea38acd 100644 --- a/src/feature/dirauth/dirauth_config.c +++ b/src/feature/dirauth/dirauth_config.c @@ -73,24 +73,6 @@ options_validate_dirauth_mode(const or_options_t *old_options, if (!options->ContactInfo && !options->TestingTorNetwork) REJECT("Authoritative directory servers must set ContactInfo"); - if (!options->RecommendedClientVersions) - options->RecommendedClientVersions = - config_lines_dup(options->RecommendedVersions); - if (!options->RecommendedServerVersions) - options->RecommendedServerVersions = - config_lines_dup(options->RecommendedVersions); - if (options->VersioningAuthoritativeDir && - (!options->RecommendedClientVersions || - !options->RecommendedServerVersions)) - REJECT("Versioning authoritative dir servers must set " - "Recommended*Versions."); - - char *t; - /* Call these functions to produce warnings only. */ - t = format_recommended_version_list(options->RecommendedClientVersions, 1); - tor_free(t); - t = format_recommended_version_list(options->RecommendedServerVersions, 1); - tor_free(t); if (options->UseEntryGuards) { log_info(LD_CONFIG, "Authoritative directory servers can't set " @@ -441,6 +423,55 @@ options_act_dirauth_stats(const or_options_t *old_options, return 0; } +/** + * Make any necessary modifications to a dirauth_options_t that occur + * before validation. On success return 0; on failure return -1 and + * set *msg_out to a newly allocated error string. + **/ +static int +dirauth_options_pre_normalize(void *arg, char **msg_out) +{ + dirauth_options_t *options = arg; + (void)msg_out; + + if (!options->RecommendedClientVersions) + options->RecommendedClientVersions = + config_lines_dup(options->RecommendedVersions); + if (!options->RecommendedServerVersions) + options->RecommendedServerVersions = + config_lines_dup(options->RecommendedVersions); + + return 0; +} + +/** + * Check whether a dirauth_options_t is correct. + * + * On success return 0; on failure return -1 and set *msg_out to a + * newly allocated error string. + **/ +static int +dirauth_options_validate(const void *arg, char **msg) +{ + const dirauth_options_t *options = arg; + + if (options->VersioningAuthoritativeDirectory && + (!options->RecommendedClientVersions || + !options->RecommendedServerVersions)) { + REJECT("Versioning authoritative dir servers must set " + "Recommended*Versions."); + } + + char *t; + /* Call these functions to produce warnings only. */ + t = format_recommended_version_list(options->RecommendedClientVersions, 1); + tor_free(t); + t = format_recommended_version_list(options->RecommendedServerVersions, 1); + tor_free(t); + + return 0; +} + /* Declare the options field table for dirauth_options */ #define CONF_CONTEXT TABLE #include "feature/dirauth/dirauth_options.inc" @@ -458,5 +489,7 @@ const config_format_t dirauth_options_fmt = { DIRAUTH_OPTIONS_MAGIC, offsetof(dirauth_options_t, magic) }, .vars = dirauth_options_t_vars, -}; + .pre_normalize_fn = dirauth_options_pre_normalize, + .validate_fn = dirauth_options_validate +}; diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index 6b66f1e289..f9ca2bb4dc 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -15,4 +15,17 @@ BEGIN_CONF_STRUCT(dirauth_options_t) /** Do not permit more than this number of servers per IP address. */ CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2") +/** Which versions of tor should we tell users to run? */ +CONF_VAR(RecommendedVersions, LINELIST, 0, NULL) + +/** Which versions of tor should we tell users to run on clients? */ +CONF_VAR(RecommendedClientVersions, LINELIST, 0, NULL) + +/** Which versions of tor should we tell users to run on relays? */ +CONF_VAR(RecommendedServerVersions, LINELIST, 0, NULL) + +/** Boolean: is this an authoritative directory that's willing to recommend + * versions? */ +CONF_VAR(VersioningAuthoritativeDirectory, BOOL, 0, "0") + END_CONF_STRUCT(dirauth_options_t) diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index 13003bf639..acb6617178 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -4419,6 +4419,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, authority_cert_t *cert) { const or_options_t *options = get_options(); + const dirauth_options_t *d_options = dirauth_get_options(); networkstatus_t *v3_out = NULL; uint32_t addr; char *hostname = NULL, *client_versions = NULL, *server_versions = NULL; @@ -4458,11 +4459,11 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, hostname = tor_dup_ip(addr); } - if (options->VersioningAuthoritativeDir) { + if (d_options->VersioningAuthoritativeDirectory) { client_versions = - format_recommended_version_list(options->RecommendedClientVersions, 0); + format_recommended_version_list(d_options->RecommendedClientVersions, 0); server_versions = - format_recommended_version_list(options->RecommendedServerVersions, 0); + format_recommended_version_list(d_options->RecommendedServerVersions, 0); } contact = get_options()->ContactInfo; diff --git a/src/test/test_options.c b/src/test/test_options.c index e3b86c81ad..fe21cc96fd 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -10,6 +10,8 @@ #include "lib/confmgt/confmgt.h" #include "app/config/config.h" #include "feature/dirauth/dirauth_config.h" +#include "feature/dirauth/dirauth_options_st.h" +#include "feature/dirauth/dirauth_sys.h" #include "feature/relay/relay_config.h" #include "test/test.h" #include "lib/geoip/geoip.h" @@ -752,6 +754,14 @@ test_options_validate__logs(void *ignored) /* return config_line; */ /* } */ +static dirauth_options_t * +get_dirauth_options(or_options_t *opt) +{ + int idx = subsystems_get_options_idx(&sys_dirauth); + tor_assert(idx >= 0); + return config_mgr_get_obj_mutable(get_options_mgr(), opt, idx); +} + static void test_options_validate__authdir(void *ignored) { @@ -762,6 +772,7 @@ test_options_validate__authdir(void *ignored) options_test_data_t *tdata = get_options_test_data( ENABLE_AUTHORITY_V3_MIN "Address this.should.not!exist!.example.org"); + const dirauth_options_t *da_opt; sandbox_disable_getaddrinfo_cache(); @@ -820,8 +831,9 @@ test_options_validate__authdir(void *ignored) "RecommendedVersions 1.2, 3.14\n"); mock_clean_saved_logs(); options_validate(NULL, tdata->opt, &msg); - tt_str_op(tdata->opt->RecommendedClientVersions->value, OP_EQ, "1.2, 3.14"); - tt_str_op(tdata->opt->RecommendedServerVersions->value, OP_EQ, "1.2, 3.14"); + da_opt = get_dirauth_options(tdata->opt); + tt_str_op(da_opt->RecommendedClientVersions->value, OP_EQ, "1.2, 3.14"); + tt_str_op(da_opt->RecommendedServerVersions->value, OP_EQ, "1.2, 3.14"); tor_free(msg); free_options_test_data(tdata); @@ -831,8 +843,9 @@ test_options_validate__authdir(void *ignored) "RecommendedServerVersions 4.18\n"); mock_clean_saved_logs(); options_validate(NULL, tdata->opt, &msg); - tt_str_op(tdata->opt->RecommendedClientVersions->value, OP_EQ, "25"); - tt_str_op(tdata->opt->RecommendedServerVersions->value, OP_EQ, "4.18"); + da_opt = get_dirauth_options(tdata->opt); + tt_str_op(da_opt->RecommendedClientVersions->value, OP_EQ, "25"); + tt_str_op(da_opt->RecommendedServerVersions->value, OP_EQ, "4.18"); tor_free(msg); free_options_test_data(tdata); @@ -843,6 +856,7 @@ test_options_validate__authdir(void *ignored) "RecommendedServerVersions 4.18\n"); mock_clean_saved_logs(); options_validate(NULL, tdata->opt, &msg); + da_opt = get_dirauth_options(tdata->opt); tt_str_op(msg, OP_EQ, "AuthoritativeDir is set, but none of (Bridge/V3)" "AuthoritativeDir is set."); tor_free(msg); @@ -853,6 +867,7 @@ test_options_validate__authdir(void *ignored) "RecommendedServerVersions 4.18\n"); mock_clean_saved_logs(); options_validate(NULL, tdata->opt, &msg); + da_opt = get_dirauth_options(tdata->opt); tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set " "Recommended*Versions."); tor_free(msg); @@ -863,9 +878,11 @@ test_options_validate__authdir(void *ignored) "RecommendedClientVersions 4.18\n"); mock_clean_saved_logs(); options_validate(NULL, tdata->opt, &msg); + da_opt = get_dirauth_options(tdata->opt); tt_str_op(msg, OP_EQ, "Versioning authoritative dir servers must set " "Recommended*Versions."); tor_free(msg); + da_opt = NULL; free_options_test_data(tdata); tdata = get_options_test_data(ENABLE_AUTHORITY_V3