Commit Graph

28503 Commits

Author SHA1 Message Date
David Goulet
d8509b450a vote: Return error when adding vote/signature if no dirauth module
Commit 0f3b765b3c added
tor_assert_nonfatal_unreached() to dirvote_add_vote() and
dirvote_add_signatures() when the dirauth module is disabled.

However, they need to return a value. Furthermore, the dirvote_add_vote()
needs to set the msg_out and status_out so it can be sent back. Else,
uninitialized values would be used.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:15:28 -04:00
David Goulet
15e8ce3937 Move back dirvote_authority_cert_dup to dirvote.c
Originally, it was made public outside of the dirauth module but it is no
longer needed. In doing so, we put it back in dirvote.c and reverted its name
to the original one:

dirvote_authority_cert_dup() --> authority_cert_dup()

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
43bba89656 build: Always compile module support for tests
The --disable-module-* configure option removes code from the final binary but
we still build the unit tests with the disable module(s) so we can actually
test that code path all the time and not forget about it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
a2ff4975f3 dirvote: Move the vote creation code into dirvote.c
This code is only for dirauth so this commit moves it into the module in
dirvote.c.

No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
0f3b765b3c dirvote: Handling adding vote and signature if module is disabled
Both functions are used for directory request but they can only be used if the
running tor instance is a directory authority.

For this reason, make those symbols visible but hard assert() if they are
called when the module is disabled. This would mean we failed to safeguard the
entry point into the module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:09 -04:00
David Goulet
fdc01cb40e dirvote: Move the handling of GET /tor/status-vote to dirauth module
In order to further isolate the dirauth code into its module, this moves the
handling of the directory request GET /tor/status-vote/* into the module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:07:08 -04:00
David Goulet
6ee6533fd8 dirvote: Free vote commits in the dirauth module
In order to make sr_commit_free() only used by the dirauth module, this
commits moves the commits free from a vote object into the dirvote.c file
which is now only for the module.

The function does nothing if the module is disabled.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-01 10:06:13 -04:00
Nick Mathewson
4cf6b67f5e Merge remote-tracking branch 'neel/b23094' 2018-05-01 08:56:23 -04:00
Nick Mathewson
07b486c17a Merge branch 'bug24734_squashed' 2018-05-01 08:51:32 -04:00
Neel Chauhan
5458ff20a5 Remove the return value from the fascist_firewall_choose_address_* family of functions 2018-05-01 08:51:16 -04:00
Neel Chauhan
ddb2b965de Initialize ap in the fascist_firewall_choose_address_* family of functions to 0 2018-05-01 08:51:15 -04:00
George Kadianakis
e17f436fff Fix memleak found by unittests. 2018-05-01 00:59:27 +00:00
George Kadianakis
627d2fdbf0 Write unittests to check basic vanguard path selection.
Adds two unittests:
- First checks the path selection of basic Tor circs.
- Second checks the path selection of vanguard circs.

There is a TODO on the second unittest that we might want to test sooner than
later, but it's not trivial to do it right now.

To do these unittests we needed the following mods:
- Make some functions STATIC.
- Add some more fields to the big fake network nodes of test_entrynodes.c
- Switch fake node nicknames to base32 (because base64 does not produce valid nicknames).
2018-05-01 00:59:27 +00:00
Mike Perry
98dea0bc63 Changes file for bug25870. 2018-05-01 00:59:27 +00:00
Mike Perry
289c04b065 Bug 25870: Allow 4th hop of vanguard circuits to be the guard.
This prevents a malicious RP/IP from learning the guard node in the case that
we are using only one (because we aren't using two guards, or because one of
those two guards is temporarily down).

This ensures the "strong" version of Property #6 from
https://lists.torproject.org/pipermail/tor-dev/2018-April/013098.html
(Information about the guard(s) does not leak to the website/RP at all).
2018-05-01 00:59:21 +00:00
Mike Perry
e34bf50604 Bug 25870: Prevent the creation of A - B - A vanguard sub-paths.
These paths are illegal in Tor and relays will reject them.

We do this by using specific nodes in the exclude list (but ignore /16 and
family).
2018-05-01 00:59:10 +00:00
Nick Mathewson
3a2470762d Add a cast to make clang happy. 2018-04-30 17:14:40 -04:00
Nick Mathewson
72124dc1ef Merge branch 'ticket25948_squashed' 2018-04-30 16:46:59 -04:00
Nick Mathewson
987a7f6676 Move responsibility for or_state_save() to a scheduled callback
Closes ticket 25948.
2018-04-30 16:46:52 -04:00
Nick Mathewson
a9dfaafca4 Merge branch 'ticket24790' 2018-04-30 16:44:30 -04:00
Nick Mathewson
d1a0534649 Make unit tests pass with new dirserver role. 2018-04-30 10:36:00 -04:00
Nick Mathewson
3800d5916f Merge remote-tracking branch 'dgoulet/ticket25900_034_01' 2018-04-30 10:27:22 -04:00
Nick Mathewson
b205061eb1 Describe schedules as TimeInterval, not TimeIntervalCommaList. 2018-04-30 09:47:35 -04:00
Nick Mathewson
6cb467b462 Merge remote-tracking branch 'github/ticket23354' 2018-04-30 09:45:28 -04:00
Nick Mathewson
a9736f1f38 Merge remote-tracking branch 'github/ticket19429_034' 2018-04-30 09:41:33 -04:00
Marcin Cieślak
0c7740b7de Document default value for Nickname 2018-04-29 13:54:56 +00:00
Neel Chauhan
bfe5a739b7 Make hsdir_index in node_t a hsdir_index_t rather than a pointer. 2018-04-28 20:35:30 -04:00
Mike Perry
d634c1ba6b Bug 25870: Allow the last hop in a vanguard circuit to be our guard.
The last hop in vanguard circuits can be an RP/IP/HSDir.

Since vanguard circuits are at least 3 hops (sometimes 4) before this node,
this change will not cause A - B - A paths.
2018-04-28 01:26:50 +03:00
Nick Mathewson
cb0af6157c Move stdbool include to torint.h
It's friday, and this seems like a good idea, and they're egging me
on in IRC.
2018-04-27 15:08:27 -04:00
Nick Mathewson
78eb0192da Merge branch 'maint-0.3.3' 2018-04-27 13:26:17 -04:00
teor
b116710e31 Stop initialising rust submodules, travis does this for us
Fixes #24630.
2018-04-27 13:26:12 -04:00
Nick Mathewson
d6a773f57d Only define X509_get_not{BeforeAfter} if they are not defined
(The originally submitted version of a15b2c57e1 broke
with OpenSSL 1.1.0.)
2018-04-27 12:55:52 -04:00
Nick Mathewson
346c2eb4e6 Merge branch 'bug25843_v2_squashed' 2018-04-27 12:45:07 -04:00
George Kadianakis
d00ed406e0 Introduce torrc option NumPrimaryGuards 2018-04-27 12:44:54 -04:00
David Goulet
2963e65c30 dirvote: Move SR commit parsing into dirauth module
When parsing a vote in routerparse.c, only dirauth extract the commits from
the vote so move all this code into dirvote.c so we can make it specific to
the dirauth module.

If the dirauth module is disabled, the commit parsing does nothing.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
d7e4706f22 ns: Move ns_detached_signatures_free() to networkstatus.c
From dirvote.c to networkstatus.c where it makes more sense both in terms of
namespace and subsystem responsability.

This removes one less dependency on the dirauth module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
35ff2a3b86 dirvote: Rename authority_cert_dup()
Renamed to follow the file namespace.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
43bee06dd0 dirvote: Rename voter_get_sig_by_algorithm()
In order to follow the public namespace of dirvote.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
26817d9d22 dirvote: Extract shared functions to common file
No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
79a1112a49 sr: Static inline functions if no dirauth module
Add static inline dirauth public functions used outside of the dirauth module
so they can be seen by the tor code but simply do nothing.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
bdcf3a3839 sr: Extract shared SR functions
Move most of the shared random functions that are needed outside of the
dirauth module.

At this commit, because dirvote.c hasn't been refactor, it doesn't compile
because some SR functions need a dirvote function.

Furthermore, 5 functions haven't been touched yet because they are dirauth
only but are in used in other C files than the dirauth module ones.

No code behavior change. Only moving code around.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
2115a54b4a mod: Move dirauth specific files to its own module
This is a pretty big commit but it only moves these files to src/or/dirauth:

  dircollate.c dirvote.c shared_random.c shared_random_state.c
  dircollate.h dirvote.h shared_random.h shared_random_state.h

Then many files are modified to change the include line for those header files
that have moved into a new directory.

Without using --disable-module-dirauth, everything builds fine. When using the
flag to disable the module, tor doesn't build due to linking errors. This will
be addressed in the next commit(s).

No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
35d86b088d dirvote: Reorganize the dirvote.h file
Remove useless include.

Clearly identify functions that are used by other part of Tor, functions that
are only used by the dirauth subsystem and functions that are exposed for unit
tests.

This will help us in the dirauth modularization effort.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
5e1e906a5c dirvote: Move voting_schedule_t to dirvote.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
d177067860 dirvote: Trim down the public API
Many functions become static to the C file or exposed to the tests within the
PRIVATE define of dirvote.h.

This commit moves a function to the top. No code behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
f0838e7257 config: Make circuit_build_times_disabled() use authdir_mode()
Don't access the AuthoritativeDir options directly. We do this so we can move
authdir_mode() to the dirauth module.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
b27dc1cfb5 mod: Build system changes for dirauth module
Make our build system support a disable dirauth module option. It can only be
disabled explicitly with:

  $ ./configure --disable-module-dirauth

If *not* specified that is enabled, an automake conditional variable is set to
true and a defined value for the C code:

  AM_CONDITIONAL: BUILD_MODULE_DIRAUTH
  AC_DEFINE: HAVE_MODULE_DIRAUTH=1

This introduces the dirauth/ module directory in src/or/ for which .c files
are only compiled if the BUILD_MODULE_DIRAUTH is set.

All the header files are compiled in regardless of the support so we can use
the alternative entry point functions of the dirauth subsystem.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:40:44 -04:00
David Goulet
8b58e1e323 test: Unit test for the HS service event rescan
Because we rescan the main loop event list if the global map of services has
changed, this makes sure it does work.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:16:57 -04:00
David Goulet
f7633c1fca hs: Rescan the main loop event list if the service map changes
Because ADD_ONION/DEL_ONION can modify the global service map (both for v2 and
v3), we need to rescan the event list so we either enable or disable the HS
service main loop event.

Fixees #25939

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:16:57 -04:00
David Goulet
3ab017b10c main: Don't rescan main loop events if not initialized
This is done because it makes our life easier with unit tests. Also, a rescan
on an uninitialized event list will result in a stacktrace.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-04-27 11:16:57 -04:00