mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 21:23:58 +01:00
Merge remote-tracking branch 'karsten/task-11070'
This commit is contained in:
commit
f4e2c72bee
4
changes/bug11070
Normal file
4
changes/bug11070
Normal file
@ -0,0 +1,4 @@
|
||||
o Removed code:
|
||||
- Remove all code for the long unused v1 directory protocol. Resolves
|
||||
ticket 11070.
|
||||
|
@ -342,9 +342,7 @@ GENERAL OPTIONS
|
||||
many times, for multiple authoritative directory servers. Flags are
|
||||
separated by spaces, and determine what kind of an authority this directory
|
||||
is. By default, an authority is not authoritative for any directory style
|
||||
or version unless an appropriate flag is given. If the "v1" flag is
|
||||
provided, Tor will use this server as an authority for old-style (v1)
|
||||
directories as well. (Only directory mirrors care about this.)
|
||||
or version unless an appropriate flag is given.
|
||||
Tor will use this authority as a bridge authoritative directory if the
|
||||
"bridge" flag is set. If a flag "orport=**port**" is given, Tor will use the
|
||||
given port when opening encrypted tunnels to the dirserver. If a flag
|
||||
@ -1584,7 +1582,7 @@ is non-zero):
|
||||
If set to a path, only the specified path will be executed.
|
||||
(Default: tor-fw-helper)
|
||||
|
||||
[[PublishServerDescriptor]] **PublishServerDescriptor** **0**|**1**|**v1**|**v2**|**v3**|**bridge**,**...**::
|
||||
[[PublishServerDescriptor]] **PublishServerDescriptor** **0**|**1**|**v3**|**bridge**,**...**::
|
||||
This option specifies which descriptors Tor will publish when acting as
|
||||
a relay. You can
|
||||
choose multiple arguments, separated by commas.
|
||||
@ -1774,17 +1772,6 @@ if DirPort is non-zero):
|
||||
to set up a separate webserver. There's a sample disclaimer in
|
||||
contrib/tor-exit-notice.html.
|
||||
|
||||
[[V1AuthoritativeDirectory]] **V1AuthoritativeDirectory** **0**|**1**::
|
||||
When this option is set in addition to **AuthoritativeDirectory**, Tor
|
||||
generates version 1 directory and running-routers documents (for legacy
|
||||
Tor clients up to 0.1.0.x).
|
||||
|
||||
[[V2AuthoritativeDirectory]] **V2AuthoritativeDirectory** **0**|**1**::
|
||||
When this option is set in addition to **AuthoritativeDirectory**, Tor
|
||||
generates version 2 network statuses and serves descriptors, etc as
|
||||
described in doc/spec/dir-spec-v2.txt (for Tor clients and servers running
|
||||
0.1.1.x and 0.1.2.x).
|
||||
|
||||
[[V3AuthoritativeDirectory]] **V3AuthoritativeDirectory** **0**|**1**::
|
||||
When this option is set in addition to **AuthoritativeDirectory**, Tor
|
||||
generates version 3 network statuses and serves descriptors, etc as
|
||||
|
@ -420,7 +420,7 @@ static config_var_t option_vars_[] = {
|
||||
V(UseNTorHandshake, AUTOBOOL, "1"),
|
||||
V(User, STRING, NULL),
|
||||
V(UserspaceIOCPBuffers, BOOL, "0"),
|
||||
VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),
|
||||
OBSOLETE("V1AuthoritativeDirectory"),
|
||||
OBSOLETE("V2AuthoritativeDirectory"),
|
||||
VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"),
|
||||
V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
|
||||
@ -846,7 +846,7 @@ add_default_trusted_dir_authorities(dirinfo_type_t type)
|
||||
"moria1 orport=9101 "
|
||||
"v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
|
||||
"128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
|
||||
"tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
|
||||
"tor26 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
|
||||
"86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
|
||||
"dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
|
||||
"194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
|
||||
@ -978,8 +978,7 @@ consider_adding_dir_servers(const or_options_t *options,
|
||||
if (!options->AlternateBridgeAuthority)
|
||||
type |= BRIDGE_DIRINFO;
|
||||
if (!options->AlternateDirAuthority)
|
||||
type |= V1_DIRINFO | V3_DIRINFO | EXTRAINFO_DIRINFO |
|
||||
MICRODESC_DIRINFO;
|
||||
type |= V3_DIRINFO | EXTRAINFO_DIRINFO | MICRODESC_DIRINFO;
|
||||
add_default_trusted_dir_authorities(type);
|
||||
}
|
||||
if (!options->FallbackDir)
|
||||
@ -2367,14 +2366,16 @@ compute_publishserverdescriptor(or_options_t *options)
|
||||
return 0;
|
||||
SMARTLIST_FOREACH_BEGIN(list, const char *, string) {
|
||||
if (!strcasecmp(string, "v1"))
|
||||
*auth |= V1_DIRINFO;
|
||||
log_warn(LD_CONFIG, "PublishServerDescriptor v1 has no effect, because "
|
||||
"there are no v1 directory authorities anymore.");
|
||||
else if (!strcmp(string, "1"))
|
||||
if (options->BridgeRelay)
|
||||
*auth |= BRIDGE_DIRINFO;
|
||||
else
|
||||
*auth |= V3_DIRINFO;
|
||||
else if (!strcasecmp(string, "v2"))
|
||||
/* obsolete */;
|
||||
log_warn(LD_CONFIG, "PublishServerDescriptor v2 has no effect, because "
|
||||
"there are no v2 directory authorities anymore.");
|
||||
else if (!strcasecmp(string, "v3"))
|
||||
*auth |= V3_DIRINFO;
|
||||
else if (!strcasecmp(string, "bridge"))
|
||||
@ -2595,8 +2596,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
if (options->AuthoritativeDir) {
|
||||
if (!options->ContactInfo && !options->TestingTorNetwork)
|
||||
REJECT("Authoritative directory servers must set ContactInfo");
|
||||
if (options->V1AuthoritativeDir && !options->RecommendedVersions)
|
||||
REJECT("V1 authoritative dir servers must set RecommendedVersions.");
|
||||
if (!options->RecommendedClientVersions)
|
||||
options->RecommendedClientVersions =
|
||||
config_lines_dup(options->RecommendedVersions);
|
||||
@ -2619,10 +2618,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
options->DownloadExtraInfo = 1;
|
||||
}
|
||||
if (!(options->BridgeAuthoritativeDir ||
|
||||
options->V1AuthoritativeDir ||
|
||||
options->V3AuthoritativeDir))
|
||||
REJECT("AuthoritativeDir is set, but none of "
|
||||
"(Bridge/V1/V3)AuthoritativeDir is set.");
|
||||
"(Bridge/V3)AuthoritativeDir is set.");
|
||||
/* If we have a v3bandwidthsfile and it's broken, complain on startup */
|
||||
if (options->V3BandwidthsFile && !old_options) {
|
||||
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL);
|
||||
@ -2827,8 +2825,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
|
||||
if ((options->BridgeRelay
|
||||
|| options->PublishServerDescriptor_ & BRIDGE_DIRINFO)
|
||||
&& (options->PublishServerDescriptor_
|
||||
& (V1_DIRINFO|V3_DIRINFO))) {
|
||||
&& (options->PublishServerDescriptor_ & V3_DIRINFO)) {
|
||||
REJECT("Bridges are not supposed to publish router descriptors to the "
|
||||
"directory authorities. Please correct your "
|
||||
"PublishServerDescriptor line.");
|
||||
@ -5055,9 +5052,7 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
|
||||
char *flag = smartlist_get(items, 0);
|
||||
if (TOR_ISDIGIT(flag[0]))
|
||||
break;
|
||||
if (!strcasecmp(flag, "v1")) {
|
||||
type |= V1_DIRINFO;
|
||||
} else if (!strcasecmp(flag, "hs") ||
|
||||
if (!strcasecmp(flag, "hs") ||
|
||||
!strcasecmp(flag, "no-hs")) {
|
||||
log_warn(LD_CONFIG, "The DirAuthority options 'hs' and 'no-hs' are "
|
||||
"obsolete; you don't need them any more.");
|
||||
|
@ -2513,9 +2513,8 @@ connection_bucket_write_limit(connection_t *conn, time_t now)
|
||||
* shouldn't send <b>attempt</b> bytes of low-priority directory stuff
|
||||
* out to <b>conn</b>. Else return 0.
|
||||
|
||||
* Priority is 1 for v1 requests (directories and running-routers),
|
||||
* and 2 for v2 requests (statuses and descriptors). But see FFFF in
|
||||
* directory_handle_command_get() for why we don't use priority 2 yet.
|
||||
* Priority was 1 for v1 requests (directories and running-routers),
|
||||
* and 2 for v2 requests and later (statuses and descriptors).
|
||||
*
|
||||
* There are a lot of parameters we could use here:
|
||||
* - global_relayed_write_bucket. Low is bad.
|
||||
|
@ -1760,8 +1760,6 @@ connection_tls_finish_handshake(or_connection_t *conn)
|
||||
safe_str_client(conn->base_.address),
|
||||
tor_tls_get_ciphersuite_name(conn->tls));
|
||||
|
||||
directory_set_dirty();
|
||||
|
||||
if (connection_or_check_valid_tls_handshake(conn, started_here,
|
||||
digest_rcvd) < 0)
|
||||
return -1;
|
||||
|
@ -148,8 +148,6 @@ authdir_type_to_string(dirinfo_type_t auth)
|
||||
{
|
||||
char *result;
|
||||
smartlist_t *lst = smartlist_new();
|
||||
if (auth & V1_DIRINFO)
|
||||
smartlist_add(lst, (void*)"V1");
|
||||
if (auth & V3_DIRINFO)
|
||||
smartlist_add(lst, (void*)"V3");
|
||||
if (auth & BRIDGE_DIRINFO)
|
||||
@ -247,7 +245,7 @@ directories_have_accepted_server_descriptor(void)
|
||||
* <b>router_purpose</b> describes the type of descriptor we're
|
||||
* publishing, if we're publishing a descriptor -- e.g. general or bridge.
|
||||
*
|
||||
* <b>type</b> specifies what sort of dir authorities (V1, V3,
|
||||
* <b>type</b> specifies what sort of dir authorities (V3,
|
||||
* BRIDGE, etc) we should upload to.
|
||||
*
|
||||
* If <b>extrainfo_len</b> is nonzero, the first <b>payload_len</b> bytes of
|
||||
@ -1488,8 +1486,8 @@ parse_http_response(const char *headers, int *code, time_t *date,
|
||||
}
|
||||
|
||||
/** Return true iff <b>body</b> doesn't start with a plausible router or
|
||||
* running-list or directory opening. This is a sign of possible compression.
|
||||
**/
|
||||
* network-status or microdescriptor opening. This is a sign of possible
|
||||
* compression. */
|
||||
static int
|
||||
body_is_plausible(const char *body, size_t len, int purpose)
|
||||
{
|
||||
@ -1503,9 +1501,7 @@ body_is_plausible(const char *body, size_t len, int purpose)
|
||||
}
|
||||
if (1) {
|
||||
if (!strcmpstart(body,"router") ||
|
||||
!strcmpstart(body,"signed-directory") ||
|
||||
!strcmpstart(body,"network-status") ||
|
||||
!strcmpstart(body,"running-routers"))
|
||||
!strcmpstart(body,"network-status"))
|
||||
return 1;
|
||||
for (i=0;i<32;++i) {
|
||||
if (!TOR_ISPRINT(body[i]) && !TOR_ISSPACE(body[i]))
|
||||
@ -2585,75 +2581,6 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
|
||||
/* if no disclaimer file, fall through and continue */
|
||||
}
|
||||
|
||||
if (!strcmp(url,"/tor/") || !strcmp(url,"/tor/dir")) { /* v1 dir fetch */
|
||||
cached_dir_t *d = dirserv_get_directory();
|
||||
|
||||
if (!d) {
|
||||
log_info(LD_DIRSERV,"Client asked for the mirrored directory, but we "
|
||||
"don't have a good one yet. Sending 503 Dir not available.");
|
||||
write_http_status_line(conn, 503, "Directory unavailable");
|
||||
goto done;
|
||||
}
|
||||
if (d->published < if_modified_since) {
|
||||
write_http_status_line(conn, 304, "Not modified");
|
||||
goto done;
|
||||
}
|
||||
|
||||
dlen = compressed ? d->dir_z_len : d->dir_len;
|
||||
|
||||
if (global_write_bucket_low(TO_CONN(conn), dlen, 1)) {
|
||||
log_debug(LD_DIRSERV,
|
||||
"Client asked for the mirrored directory, but we've been "
|
||||
"writing too many bytes lately. Sending 503 Dir busy.");
|
||||
write_http_status_line(conn, 503, "Directory busy, try again later");
|
||||
goto done;
|
||||
}
|
||||
|
||||
note_request(url, dlen);
|
||||
|
||||
log_debug(LD_DIRSERV,"Dumping %sdirectory to client.",
|
||||
compressed?"compressed ":"");
|
||||
write_http_response_header(conn, dlen, compressed,
|
||||
FULL_DIR_CACHE_LIFETIME);
|
||||
conn->cached_dir = d;
|
||||
conn->cached_dir_offset = 0;
|
||||
if (!compressed)
|
||||
conn->zlib_state = tor_zlib_new(0, ZLIB_METHOD);
|
||||
++d->refcnt;
|
||||
|
||||
/* Prime the connection with some data. */
|
||||
conn->dir_spool_src = DIR_SPOOL_CACHED_DIR;
|
||||
connection_dirserv_flushed_some(conn);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!strcmp(url,"/tor/running-routers")) { /* running-routers fetch */
|
||||
cached_dir_t *d = dirserv_get_runningrouters();
|
||||
if (!d) {
|
||||
write_http_status_line(conn, 503, "Directory unavailable");
|
||||
goto done;
|
||||
}
|
||||
if (d->published < if_modified_since) {
|
||||
write_http_status_line(conn, 304, "Not modified");
|
||||
goto done;
|
||||
}
|
||||
dlen = compressed ? d->dir_z_len : d->dir_len;
|
||||
|
||||
if (global_write_bucket_low(TO_CONN(conn), dlen, 1)) {
|
||||
log_info(LD_DIRSERV,
|
||||
"Client asked for running-routers, but we've been "
|
||||
"writing too many bytes lately. Sending 503 Dir busy.");
|
||||
write_http_status_line(conn, 503, "Directory busy, try again later");
|
||||
goto done;
|
||||
}
|
||||
note_request(url, dlen);
|
||||
write_http_response_header(conn, dlen, compressed,
|
||||
RUNNINGROUTERS_CACHE_LIFETIME);
|
||||
connection_write_to_buf(compressed ? d->dir_z : d->dir, dlen,
|
||||
TO_CONN(conn));
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!strcmpstart(url, "/tor/status-vote/current/consensus")) {
|
||||
/* v3 network status fetch. */
|
||||
smartlist_t *dir_fps = smartlist_new();
|
||||
@ -3268,8 +3195,6 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
|
||||
was_router_added_t r = dirserv_add_multiple_descriptors(body, purpose,
|
||||
conn->base_.address, &msg);
|
||||
tor_assert(msg);
|
||||
if (WRA_WAS_ADDED(r))
|
||||
dirserv_get_directory(); /* rebuild and write to disk */
|
||||
|
||||
if (r == ROUTER_ADDED_NOTIFY_GENERATOR) {
|
||||
/* Accepted with a message. */
|
||||
|
258
src/or/dirserv.c
258
src/or/dirserv.c
@ -42,28 +42,10 @@
|
||||
* directory authorities. */
|
||||
#define MAX_UNTRUSTED_NETWORKSTATUSES 16
|
||||
|
||||
/** If a v1 directory is older than this, discard it. */
|
||||
#define MAX_V1_DIRECTORY_AGE (30*24*60*60)
|
||||
/** If a v1 running-routers is older than this, discard it. */
|
||||
#define MAX_V1_RR_AGE (7*24*60*60)
|
||||
|
||||
extern time_t time_of_process_start; /* from main.c */
|
||||
|
||||
extern long stats_n_seconds_working; /* from main.c */
|
||||
|
||||
/** Do we need to regenerate the v1 directory when someone asks for it? */
|
||||
static time_t the_directory_is_dirty = 1;
|
||||
/** Do we need to regenerate the v1 runningrouters document when somebody
|
||||
* asks for it? */
|
||||
static time_t runningrouters_is_dirty = 1;
|
||||
|
||||
/** Most recently generated encoded signed v1 directory. (v1 auth dirservers
|
||||
* only.) */
|
||||
static cached_dir_t *the_directory = NULL;
|
||||
|
||||
/** For authoritative directories: the current (v1) network status. */
|
||||
static cached_dir_t the_runningrouters;
|
||||
|
||||
/** Total number of routers with measured bandwidth; this is set by
|
||||
* dirserv_count_measured_bws() before the loop in
|
||||
* dirserv_generate_networkstatus_vote_obj() and checked by
|
||||
@ -72,7 +54,6 @@ static cached_dir_t the_runningrouters;
|
||||
static int routers_with_measured_bw = 0;
|
||||
|
||||
static void directory_remove_invalid(void);
|
||||
static cached_dir_t *dirserv_regenerate_directory(void);
|
||||
static char *format_versions_list(config_line_t *ln);
|
||||
struct authdir_config_t;
|
||||
static int add_fingerprint_to_dir(const char *nickname, const char *fp,
|
||||
@ -827,7 +808,6 @@ dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
|
||||
static void
|
||||
directory_remove_invalid(void)
|
||||
{
|
||||
int changed = 0;
|
||||
routerlist_t *rl = router_get_routerlist();
|
||||
smartlist_t *nodes = smartlist_new();
|
||||
smartlist_add_all(nodes, nodelist_get_list());
|
||||
@ -845,7 +825,6 @@ directory_remove_invalid(void)
|
||||
log_info(LD_DIRSERV, "Router %s is now rejected: %s",
|
||||
description, msg?msg:"");
|
||||
routerlist_remove(rl, ent, 0, time(NULL));
|
||||
changed = 1;
|
||||
continue;
|
||||
}
|
||||
#if 0
|
||||
@ -854,70 +833,35 @@ directory_remove_invalid(void)
|
||||
"Router %s is now %snamed.", description,
|
||||
(r&FP_NAMED)?"":"un");
|
||||
ent->is_named = (r&FP_NAMED)?1:0;
|
||||
changed = 1;
|
||||
}
|
||||
if (bool_neq((r & FP_UNNAMED), ent->auth_says_is_unnamed)) {
|
||||
log_info(LD_DIRSERV,
|
||||
"Router '%s' is now %snamed. (FP_UNNAMED)", description,
|
||||
(r&FP_NAMED)?"":"un");
|
||||
ent->is_named = (r&FP_NUNAMED)?0:1;
|
||||
changed = 1;
|
||||
}
|
||||
#endif
|
||||
if (bool_neq((r & FP_INVALID), !node->is_valid)) {
|
||||
log_info(LD_DIRSERV, "Router '%s' is now %svalid.", description,
|
||||
(r&FP_INVALID) ? "in" : "");
|
||||
node->is_valid = (r&FP_INVALID)?0:1;
|
||||
changed = 1;
|
||||
}
|
||||
if (bool_neq((r & FP_BADDIR), node->is_bad_directory)) {
|
||||
log_info(LD_DIRSERV, "Router '%s' is now a %s directory", description,
|
||||
(r & FP_BADDIR) ? "bad" : "good");
|
||||
node->is_bad_directory = (r&FP_BADDIR) ? 1: 0;
|
||||
changed = 1;
|
||||
}
|
||||
if (bool_neq((r & FP_BADEXIT), node->is_bad_exit)) {
|
||||
log_info(LD_DIRSERV, "Router '%s' is now a %s exit", description,
|
||||
(r & FP_BADEXIT) ? "bad" : "good");
|
||||
node->is_bad_exit = (r&FP_BADEXIT) ? 1: 0;
|
||||
changed = 1;
|
||||
}
|
||||
} SMARTLIST_FOREACH_END(node);
|
||||
if (changed)
|
||||
directory_set_dirty();
|
||||
|
||||
routerlist_assert_ok(rl);
|
||||
smartlist_free(nodes);
|
||||
}
|
||||
|
||||
/** Mark the directory as <b>dirty</b> -- when we're next asked for a
|
||||
* directory, we will rebuild it instead of reusing the most recently
|
||||
* generated one.
|
||||
*/
|
||||
void
|
||||
directory_set_dirty(void)
|
||||
{
|
||||
time_t now = time(NULL);
|
||||
int set_v1_dirty=0;
|
||||
|
||||
/* Regenerate stubs only every 8 hours.
|
||||
* XXXX It would be nice to generate less often, but these are just
|
||||
* stubs: it doesn't matter. */
|
||||
#define STUB_REGENERATE_INTERVAL (8*60*60)
|
||||
if (!the_directory || !the_runningrouters.dir)
|
||||
set_v1_dirty = 1;
|
||||
else if (the_directory->published < now - STUB_REGENERATE_INTERVAL ||
|
||||
the_runningrouters.published < now - STUB_REGENERATE_INTERVAL)
|
||||
set_v1_dirty = 1;
|
||||
|
||||
if (set_v1_dirty) {
|
||||
if (!the_directory_is_dirty)
|
||||
the_directory_is_dirty = now;
|
||||
if (!runningrouters_is_dirty)
|
||||
runningrouters_is_dirty = now;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Allocate and return a description of the status of the server <b>desc</b>,
|
||||
* for use in a v1-style router-status line. The server is listed
|
||||
@ -1306,51 +1250,10 @@ directory_too_idle_to_fetch_descriptors(const or_options_t *options,
|
||||
|
||||
/********************************************************************/
|
||||
|
||||
/* Used only by non-v1-auth dirservers: The v1 directory and
|
||||
* runningrouters we'll serve when requested. */
|
||||
|
||||
/** The v1 directory we'll serve (as a cache or as an authority) if
|
||||
* requested. */
|
||||
static cached_dir_t *cached_directory = NULL;
|
||||
/** The v1 runningrouters document we'll serve (as a cache or as an authority)
|
||||
* if requested. */
|
||||
static cached_dir_t cached_runningrouters;
|
||||
|
||||
/** Map from flavor name to the cached_dir_t for the v3 consensuses that we're
|
||||
* currently serving. */
|
||||
static strmap_t *cached_consensuses = NULL;
|
||||
|
||||
/** Possibly replace the contents of <b>d</b> with the value of
|
||||
* <b>directory</b> published on <b>when</b>, unless <b>when</b> is older than
|
||||
* the last value, or too far in the future.
|
||||
*
|
||||
* Does not copy <b>directory</b>; frees it if it isn't used.
|
||||
*/
|
||||
static void
|
||||
set_cached_dir(cached_dir_t *d, char *directory, time_t when)
|
||||
{
|
||||
time_t now = time(NULL);
|
||||
if (when<=d->published) {
|
||||
log_info(LD_DIRSERV, "Ignoring old directory; not caching.");
|
||||
tor_free(directory);
|
||||
} else if (when>=now+ROUTER_MAX_AGE_TO_PUBLISH) {
|
||||
log_info(LD_DIRSERV, "Ignoring future directory; not caching.");
|
||||
tor_free(directory);
|
||||
} else {
|
||||
/* if (when>d->published && when<now+ROUTER_MAX_AGE) */
|
||||
log_debug(LD_DIRSERV, "Caching directory.");
|
||||
tor_free(d->dir);
|
||||
d->dir = directory;
|
||||
d->dir_len = strlen(directory);
|
||||
tor_free(d->dir_z);
|
||||
if (tor_gzip_compress(&(d->dir_z), &(d->dir_z_len), d->dir, d->dir_len,
|
||||
ZLIB_METHOD)) {
|
||||
log_warn(LD_BUG,"Error compressing cached directory");
|
||||
}
|
||||
d->published = when;
|
||||
}
|
||||
}
|
||||
|
||||
/** Decrement the reference count on <b>d</b>, and free it if it no longer has
|
||||
* any references. */
|
||||
void
|
||||
@ -1400,22 +1303,6 @@ free_cached_dir_(void *_d)
|
||||
cached_dir_decref(d);
|
||||
}
|
||||
|
||||
/** If we have no cached v1 directory, or it is older than <b>published</b>,
|
||||
* then replace it with <b>directory</b>, published at <b>published</b>.
|
||||
*
|
||||
* If <b>published</b> is too old, do nothing.
|
||||
*
|
||||
* If <b>is_running_routers</b>, this is really a v1 running_routers
|
||||
* document rather than a v1 directory.
|
||||
*/
|
||||
static void
|
||||
dirserv_set_cached_directory(const char *directory, time_t published)
|
||||
{
|
||||
|
||||
cached_dir_decref(cached_directory);
|
||||
cached_directory = new_cached_dir(tor_strdup(directory), published);
|
||||
}
|
||||
|
||||
/** Replace the v3 consensus networkstatus of type <b>flavor_name</b> that
|
||||
* we're serving with <b>networkstatus</b>, published at <b>published</b>. No
|
||||
* validation is performed. */
|
||||
@ -1438,146 +1325,6 @@ dirserv_set_cached_consensus_networkstatus(const char *networkstatus,
|
||||
cached_dir_decref(old_networkstatus);
|
||||
}
|
||||
|
||||
/** Helper: If we're an authority for the right directory version (v1)
|
||||
* (based on <b>auth_type</b>), try to regenerate
|
||||
* auth_src as appropriate and return it, falling back to cache_src on
|
||||
* failure. If we're a cache, simply return cache_src.
|
||||
*/
|
||||
static cached_dir_t *
|
||||
dirserv_pick_cached_dir_obj(cached_dir_t *cache_src,
|
||||
cached_dir_t *auth_src,
|
||||
time_t dirty, cached_dir_t *(*regenerate)(void),
|
||||
const char *name,
|
||||
dirinfo_type_t auth_type)
|
||||
{
|
||||
const or_options_t *options = get_options();
|
||||
int authority = (auth_type == V1_DIRINFO && authdir_mode_v1(options));
|
||||
|
||||
if (!authority || authdir_mode_bridge(options)) {
|
||||
return cache_src;
|
||||
} else {
|
||||
/* We're authoritative. */
|
||||
if (regenerate != NULL) {
|
||||
if (dirty && dirty + DIR_REGEN_SLACK_TIME < time(NULL)) {
|
||||
if (!(auth_src = regenerate())) {
|
||||
log_err(LD_BUG, "Couldn't generate %s?", name);
|
||||
exit(1);
|
||||
}
|
||||
} else {
|
||||
log_info(LD_DIRSERV, "The %s is still clean; reusing.", name);
|
||||
}
|
||||
}
|
||||
return auth_src ? auth_src : cache_src;
|
||||
}
|
||||
}
|
||||
|
||||
/** Return the most recently generated encoded signed v1 directory,
|
||||
* generating a new one as necessary. If not a v1 authoritative directory
|
||||
* may return NULL if no directory is yet cached. */
|
||||
cached_dir_t *
|
||||
dirserv_get_directory(void)
|
||||
{
|
||||
return dirserv_pick_cached_dir_obj(cached_directory, the_directory,
|
||||
the_directory_is_dirty,
|
||||
dirserv_regenerate_directory,
|
||||
"v1 server directory", V1_DIRINFO);
|
||||
}
|
||||
|
||||
/** Only called by v1 auth dirservers.
|
||||
* Generate a fresh v1 directory; set the_directory and return a pointer
|
||||
* to the new value.
|
||||
*/
|
||||
static cached_dir_t *
|
||||
dirserv_regenerate_directory(void)
|
||||
{
|
||||
/* XXXX 024 Get rid of this function if we can confirm that nobody's
|
||||
* fetching these any longer */
|
||||
char *new_directory=NULL;
|
||||
|
||||
if (dirserv_dump_directory_to_string(&new_directory,
|
||||
get_server_identity_key())) {
|
||||
log_warn(LD_BUG, "Error creating directory.");
|
||||
tor_free(new_directory);
|
||||
return NULL;
|
||||
}
|
||||
cached_dir_decref(the_directory);
|
||||
the_directory = new_cached_dir(new_directory, time(NULL));
|
||||
log_info(LD_DIRSERV,"New directory (size %d) has been built.",
|
||||
(int)the_directory->dir_len);
|
||||
log_debug(LD_DIRSERV,"New directory (size %d):\n%s",
|
||||
(int)the_directory->dir_len, the_directory->dir);
|
||||
|
||||
the_directory_is_dirty = 0;
|
||||
|
||||
/* Save the directory to disk so we re-load it quickly on startup.
|
||||
*/
|
||||
dirserv_set_cached_directory(the_directory->dir, time(NULL));
|
||||
|
||||
return the_directory;
|
||||
}
|
||||
|
||||
/** Only called by v1 auth dirservers.
|
||||
* Replace the current running-routers list with a newly generated one. */
|
||||
static cached_dir_t *
|
||||
generate_runningrouters(void)
|
||||
{
|
||||
char *s=NULL;
|
||||
char digest[DIGEST_LEN];
|
||||
char published[ISO_TIME_LEN+1];
|
||||
size_t len;
|
||||
crypto_pk_t *private_key = get_server_identity_key();
|
||||
char *identity_pkey; /* Identity key, DER64-encoded. */
|
||||
size_t identity_pkey_len;
|
||||
|
||||
if (crypto_pk_write_public_key_to_string(private_key,&identity_pkey,
|
||||
&identity_pkey_len)<0) {
|
||||
log_warn(LD_BUG,"write identity_pkey to string failed!");
|
||||
goto err;
|
||||
}
|
||||
format_iso_time(published, time(NULL));
|
||||
|
||||
len = 2048;
|
||||
s = tor_malloc_zero(len);
|
||||
tor_snprintf(s, len,
|
||||
"network-status\n"
|
||||
"published %s\n"
|
||||
"router-status %s\n"
|
||||
"dir-signing-key\n%s"
|
||||
"directory-signature %s\n",
|
||||
published, "", identity_pkey,
|
||||
get_options()->Nickname);
|
||||
tor_free(identity_pkey);
|
||||
if (router_get_runningrouters_hash(s,digest)) {
|
||||
log_warn(LD_BUG,"couldn't compute digest");
|
||||
goto err;
|
||||
}
|
||||
note_crypto_pk_op(SIGN_DIR);
|
||||
if (router_append_dirobj_signature(s, len, digest, DIGEST_LEN,
|
||||
private_key)<0)
|
||||
goto err;
|
||||
|
||||
set_cached_dir(&the_runningrouters, s, time(NULL));
|
||||
runningrouters_is_dirty = 0;
|
||||
|
||||
return &the_runningrouters;
|
||||
err:
|
||||
tor_free(s);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/** Set *<b>rr</b> to the most recently generated encoded signed
|
||||
* running-routers list, generating a new one as necessary. Return the
|
||||
* size of the directory on success, and 0 on failure. */
|
||||
cached_dir_t *
|
||||
dirserv_get_runningrouters(void)
|
||||
{
|
||||
return dirserv_pick_cached_dir_obj(
|
||||
&cached_runningrouters, &the_runningrouters,
|
||||
runningrouters_is_dirty,
|
||||
generate_runningrouters,
|
||||
"v1 network status list", V1_DIRINFO);
|
||||
}
|
||||
|
||||
/** Return the latest downloaded consensus networkstatus in encoded, signed,
|
||||
* optionally compressed format, suitable for sending to clients. */
|
||||
cached_dir_t *
|
||||
@ -3733,11 +3480,6 @@ dirserv_free_all(void)
|
||||
{
|
||||
dirserv_free_fingerprint_list();
|
||||
|
||||
cached_dir_decref(the_directory);
|
||||
clear_cached_dir(&the_runningrouters);
|
||||
cached_dir_decref(cached_directory);
|
||||
clear_cached_dir(&cached_runningrouters);
|
||||
|
||||
strmap_free(cached_consensuses, free_cached_dir_);
|
||||
cached_consensuses = NULL;
|
||||
|
||||
|
@ -62,9 +62,6 @@ int directory_permits_begindir_requests(const or_options_t *options);
|
||||
int directory_too_idle_to_fetch_descriptors(const or_options_t *options,
|
||||
time_t now);
|
||||
|
||||
void directory_set_dirty(void);
|
||||
cached_dir_t *dirserv_get_directory(void);
|
||||
cached_dir_t *dirserv_get_runningrouters(void);
|
||||
cached_dir_t *dirserv_get_consensus(const char *flavor_name);
|
||||
void dirserv_set_cached_consensus_networkstatus(const char *consensus,
|
||||
const char *flavor_name,
|
||||
|
@ -2586,9 +2586,6 @@ typedef struct authority_cert_t {
|
||||
*/
|
||||
typedef enum {
|
||||
NO_DIRINFO = 0,
|
||||
/** Serves/signs v1 directory information: Big lists of routers, and short
|
||||
* routerstatus documents. */
|
||||
V1_DIRINFO = 1 << 0,
|
||||
/** Serves/signs v3 directory information: votes, consensuses, certs */
|
||||
V3_DIRINFO = 1 << 2,
|
||||
/** Serves bridge descriptors. */
|
||||
@ -3494,8 +3491,6 @@ typedef struct {
|
||||
|
||||
int AssumeReachable; /**< Whether to publish our descriptor regardless. */
|
||||
int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
|
||||
int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory
|
||||
* for version 1 directories? */
|
||||
int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
|
||||
* for version 3 directories? */
|
||||
int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory
|
||||
|
@ -961,8 +961,7 @@ init_keys(void)
|
||||
}
|
||||
/* 6b. [authdirserver only] add own key to approved directories. */
|
||||
crypto_pk_get_digest(get_server_identity_key(), digest);
|
||||
type = ((options->V1AuthoritativeDir ? V1_DIRINFO : NO_DIRINFO) |
|
||||
(options->V3AuthoritativeDir ?
|
||||
type = ((options->V3AuthoritativeDir ?
|
||||
(V3_DIRINFO|MICRODESC_DIRINFO|EXTRAINFO_DIRINFO) : NO_DIRINFO) |
|
||||
(options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO));
|
||||
|
||||
@ -1283,14 +1282,6 @@ authdir_mode(const or_options_t *options)
|
||||
{
|
||||
return options->AuthoritativeDir != 0;
|
||||
}
|
||||
/** Return true iff we believe ourselves to be a v1 authoritative
|
||||
* directory server.
|
||||
*/
|
||||
int
|
||||
authdir_mode_v1(const or_options_t *options)
|
||||
{
|
||||
return authdir_mode(options) && options->V1AuthoritativeDir != 0;
|
||||
}
|
||||
/** Return true iff we believe ourselves to be a v3 authoritative
|
||||
* directory server.
|
||||
*/
|
||||
@ -1299,12 +1290,11 @@ authdir_mode_v3(const or_options_t *options)
|
||||
{
|
||||
return authdir_mode(options) && options->V3AuthoritativeDir != 0;
|
||||
}
|
||||
/** Return true iff we are a v1 or v3 directory authority. */
|
||||
/** Return true iff we are a v3 directory authority. */
|
||||
int
|
||||
authdir_mode_any_main(const or_options_t *options)
|
||||
{
|
||||
return options->V1AuthoritativeDir ||
|
||||
options->V3AuthoritativeDir;
|
||||
return options->V3AuthoritativeDir;
|
||||
}
|
||||
/** Return true if we believe ourselves to be any kind of
|
||||
* authoritative directory beyond just a hidserv authority. */
|
||||
|
@ -50,7 +50,6 @@ void router_perform_bandwidth_test(int num_circs, time_t now);
|
||||
int net_is_disabled(void);
|
||||
|
||||
int authdir_mode(const or_options_t *options);
|
||||
int authdir_mode_v1(const or_options_t *options);
|
||||
int authdir_mode_v3(const or_options_t *options);
|
||||
int authdir_mode_any_main(const or_options_t *options);
|
||||
int authdir_mode_any_nonhidserv(const or_options_t *options);
|
||||
|
@ -3414,7 +3414,6 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
|
||||
signed_desc_append_to_journal(&router->cache_info,
|
||||
&routerlist->desc_store);
|
||||
}
|
||||
directory_set_dirty();
|
||||
*msg = authdir_believes_valid ? "Valid server updated" :
|
||||
("Invalid server updated. (This dirserver is marking your "
|
||||
"server as unapproved.)");
|
||||
@ -3436,7 +3435,6 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
|
||||
signed_desc_append_to_journal(&router->cache_info,
|
||||
&routerlist->desc_store);
|
||||
}
|
||||
directory_set_dirty();
|
||||
return ROUTER_ADDED_SUCCESSFULLY;
|
||||
}
|
||||
|
||||
|
@ -603,17 +603,6 @@ router_get_router_hash(const char *s, size_t s_len, char *digest)
|
||||
DIGEST_SHA1);
|
||||
}
|
||||
|
||||
/** Set <b>digest</b> to the SHA-1 digest of the hash of the running-routers
|
||||
* string in <b>s</b>. Return 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
router_get_runningrouters_hash(const char *s, char *digest)
|
||||
{
|
||||
return router_get_hash_impl(s, strlen(s), digest,
|
||||
"network-status","\ndirectory-signature", '\n',
|
||||
DIGEST_SHA1);
|
||||
}
|
||||
|
||||
/** Set <b>digests</b> to all the digests of the consensus document in
|
||||
* <b>s</b> */
|
||||
int
|
||||
|
@ -14,7 +14,6 @@
|
||||
|
||||
int router_get_router_hash(const char *s, size_t s_len, char *digest);
|
||||
int router_get_dir_hash(const char *s, char *digest);
|
||||
int router_get_runningrouters_hash(const char *s, char *digest);
|
||||
int router_get_networkstatus_v3_hashes(const char *s, digests_t *digests);
|
||||
int router_get_extrainfo_hash(const char *s, size_t s_len, char *digest);
|
||||
#define DIROBJ_MAX_SIG_LEN 256
|
||||
|
Loading…
Reference in New Issue
Block a user