From fd41cbcadf93698f1e07343d82b92863671f0542 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 20 Jan 2005 20:18:32 +0000 Subject: [PATCH] Have reason string for serverdesc post requests contain actual serverdesc status. Also fix return values of dirserv_add_descriptor to work as advertised. svn:r3391 --- src/or/directory.c | 9 +++++---- src/or/dirserv.c | 29 ++++++++++++++++++++--------- src/or/or.h | 2 +- src/or/router.c | 6 ++++-- src/or/test.c | 5 +++-- 5 files changed, 33 insertions(+), 18 deletions(-) diff --git a/src/or/directory.c b/src/or/directory.c index 567be557a9..1894a7209a 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -976,19 +976,20 @@ directory_handle_command_post(connection_t *conn, char *headers, log_fn(LOG_INFO,"rewritten url as '%s'.", url); if (!strcmp(url,"/tor/")) { /* server descriptor post */ + const char *msg; cp = body; - switch (dirserv_add_descriptor(&cp)) { + switch (dirserv_add_descriptor(&cp, &msg)) { case -1: /* malformed descriptor, or something wrong */ - write_http_status_line(conn, 400, "Malformed or unacceptable server descriptor"); + write_http_status_line(conn, 400, msg?msg:"Malformed or unacceptable server descriptor"); break; case 0: /* descriptor was well-formed but server has not been approved */ - write_http_status_line(conn, 200, "Unverified server descriptor accepted. Have you mailed us your key fingerprint? Are you using the right key?"); + write_http_status_line(conn, 200, msg?msg:"Unverified server descriptor accepted"); break; case 1: dirserv_get_directory(&cp, 0); /* rebuild and write to disk */ - write_http_status_line(conn, 200, "Verified server descriptor accepted"); + write_http_status_line(conn, 200, msg?msg:"Verified server descriptor accepted"); break; } tor_free(url); diff --git a/src/or/dirserv.c b/src/or/dirserv.c index dbe8f636aa..3abbb9bdff 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -307,14 +307,16 @@ dirserv_router_has_valid_address(routerinfo_t *ri) /** Parse the server descriptor at *desc and maybe insert it into the * list of server descriptors, and (if the descriptor is well-formed) - * advance *desc immediately past the descriptor's end. + * advance *desc immediately past the descriptor's end. Set msg to a + * message that should be passed back to the origin of this descriptor, or + * to NULL. * * Return 1 if descriptor is well-formed and accepted; * 0 if well-formed and server is unapproved; * -1 if not well-formed or other error. */ int -dirserv_add_descriptor(const char **desc) +dirserv_add_descriptor(const char **desc, const char **msg) { descriptor_entry_t *ent = NULL; routerinfo_t *ri = NULL; @@ -325,7 +327,8 @@ dirserv_add_descriptor(const char **desc) size_t desc_len; time_t now; int verified=1; /* whether we knew its fingerprint already */ - + tor_assert(msg); + *msg = NULL; if (!descriptor_list) descriptor_list = smartlist_create(); @@ -349,15 +352,17 @@ dirserv_add_descriptor(const char **desc) tor_free(desc_tmp); if (!ri) { log(LOG_WARN, "Couldn't parse descriptor"); + *msg = "Rejected: Couldn't parse server descriptor."; return -1; } /* Okay. Now check whether the fingerprint is recognized. */ r = dirserv_router_fingerprint_is_known(ri); if (r==-1) { log_fn(LOG_WARN, "Known nickname '%s', wrong fingerprint. Not adding.", ri->nickname); + *msg = "Rejected: There is already a verified server with this nickname and a different fingerprint."; routerinfo_free(ri); *desc = end; - return 0; + return -1; } if (r==0) { char fp[FINGERPRINT_LEN+1]; @@ -374,21 +379,24 @@ dirserv_add_descriptor(const char **desc) now = time(NULL); if (ri->published_on > now+ROUTER_ALLOW_SKEW) { log_fn(LOG_NOTICE, "Publication time for nickname '%s' is too far in the future; possible clock skew. Not adding.", ri->nickname); + *msg = "Rejected: Your clock is set too far in the future, or your timezone is not correct."; routerinfo_free(ri); *desc = end; - return 0; + return -1; } if (ri->published_on < now-ROUTER_MAX_AGE) { log_fn(LOG_NOTICE, "Publication time for router with nickname '%s' is too far in the past. Not adding.", ri->nickname); + *msg = "Rejected: Server is expired, or your clock is too far in the past, or your timezone is not correct."; routerinfo_free(ri); *desc = end; - return 0; + return -1; } if (dirserv_router_has_valid_address(ri) < 0) { log_fn(LOG_NOTICE, "Router with nickname '%s' has invalid address '%s'. Not adding.", ri->nickname, ri->address); + *msg = "Rejected: Address is not an IP, or IP is a private address."; routerinfo_free(ri); *desc = end; - return 0; + return -1; } /* Do we already have an entry for this router? */ @@ -404,6 +412,7 @@ dirserv_add_descriptor(const char **desc) if (ent->published >= ri->published_on) { /* We already have a newer or equal-time descriptor */ log_fn(LOG_INFO,"We already have a new enough desc for nickname '%s'. Not adding.",ri->nickname); + *msg = "We already have a newer descriptor."; /* This isn't really an error; return success. */ routerinfo_free(ri); *desc = end; @@ -411,11 +420,13 @@ dirserv_add_descriptor(const char **desc) } /* We don't have a newer one; we'll update this one. */ log_fn(LOG_INFO,"Dirserv updating desc for nickname '%s'",ri->nickname); + *msg = verified?"Verified server updated":"Unverified server updated (Have you sent us your key fingerprint?)"; free_descriptor_entry(ent); smartlist_del_keeporder(descriptor_list, found); } else { /* Add at the end. */ log_fn(LOG_INFO,"Dirserv adding desc for nickname '%s'",ri->nickname); + *msg = verified?"Verified server added":"Unverified server added (Have you sent us your key fingerprint?)"; } ent = tor_malloc(sizeof(descriptor_entry_t)); @@ -477,12 +488,12 @@ directory_set_dirty() int dirserv_load_from_directory_string(const char *dir) { - const char *cp = dir; + const char *cp = dir, *m; while (1) { cp = strstr(cp, "\nrouter "); if (!cp) break; ++cp; - if (dirserv_add_descriptor(&cp) < 0) { + if (dirserv_add_descriptor(&cp,&m) < 0) { return -1; } --cp; /*Back up to newline.*/ diff --git a/src/or/or.h b/src/or/or.h index a525f2ca38..55d492a543 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1349,7 +1349,7 @@ int dirserv_parse_fingerprint_file(const char *fname); int dirserv_router_fingerprint_is_known(const routerinfo_t *router); void dirserv_free_fingerprint_list(void); const char *dirserv_get_nickname_by_digest(const char *digest); -int dirserv_add_descriptor(const char **desc); +int dirserv_add_descriptor(const char **desc, const char **msg); int dirserv_load_from_directory_string(const char *dir); void dirserv_free_descriptors(void); void dirserv_remove_old_servers(int age); diff --git a/src/or/router.c b/src/or/router.c index 514f49c599..771d32ad67 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -315,13 +315,15 @@ int init_keys(void) { return -1; } if (authdir_mode(options)) { + const char *m; /* We need to add our own fingerprint so it gets recognized. */ if (dirserv_add_own_fingerprint(options->Nickname, get_identity_key())) { log_fn(LOG_ERR, "Error adding own fingerprint to approved set"); return -1; } - if (dirserv_add_descriptor(&tmp) != 1) { - log(LOG_ERR, "Unable to add own descriptor to directory."); + if (dirserv_add_descriptor(&tmp, &m) != 1) { + log(LOG_ERR, "Unable to add own descriptor to directory: %s", + m?m:""); return -1; } } diff --git a/src/or/test.c b/src/or/test.c index 632968ba2a..6fad24af7a 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -998,6 +998,7 @@ test_dir_format(void) routerlist_t *dir1 = NULL, *dir2 = NULL; tor_version_t ver1; char *bw_lines = NULL; + const char *m; test_assert( (pk1 = crypto_new_pk_env()) ); test_assert( (pk2 = crypto_new_pk_env()) ); @@ -1158,10 +1159,10 @@ test_dir_format(void) r2.published_on = time(NULL)-3*60*60; test_assert(router_dump_router_to_string(buf, 2048, &r1, pk2)>0); cp = buf; - test_eq(dirserv_add_descriptor((const char**)&cp), 1); + test_eq(dirserv_add_descriptor((const char**)&cp,&m), 1); test_assert(router_dump_router_to_string(buf, 2048, &r2, pk1)>0); cp = buf; - test_eq(dirserv_add_descriptor((const char**)&cp), 1); + test_eq(dirserv_add_descriptor((const char**)&cp,&m), 1); get_options()->Nickname = tor_strdup("DirServer"); test_assert(!dirserv_dump_directory_to_string(&cp,pk3)); test_assert(!router_parse_routerlist_from_directory(cp, &dir1, pk3, 1, 0));