[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Misc small code cleanups; remove exit_server_mode(); change...



Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv17343/src/or

Modified Files:
	circuitbuild.c connection_or.c main.c or.h router.c 
Log Message:
Misc small code cleanups; remove exit_server_mode(); change tor_tls_verify behavior

Index: circuitbuild.c
===================================================================
RCS file: /home/or/cvsroot/src/or/circuitbuild.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- circuitbuild.c	18 Jul 2004 21:47:03 -0000	1.12
+++ circuitbuild.c	21 Jul 2004 00:44:04 -0000	1.13
@@ -114,7 +114,9 @@
     return;
   }
   if (server_mode()) {
-    prev_digest = router_get_my_routerinfo()->identity_digest;
+    routerinfo_t *me = router_get_my_routerinfo();
+    tor_assert(me);
+    prev_digest = me->identity_digest;
   }
   do {
     router = router_get_by_digest(hop->identity_digest);

Index: connection_or.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_or.c,v
retrieving revision 1.117
retrieving revision 1.118
diff -u -d -r1.117 -r1.118
--- connection_or.c	21 Jul 2004 00:12:42 -0000	1.117
+++ connection_or.c	21 Jul 2004 00:44:04 -0000	1.118
@@ -155,10 +155,12 @@
 connection_t *connection_or_connect(uint32_t addr, uint16_t port,
                                     const char *id_digest) {
   connection_t *conn;
+  routerinfo_t *me;
 
   tor_assert(id_digest);
 
-  if(server_mode() && 0) { /* XXX008 if I'm an OR and id_digest is my digest */
+  if(server_mode() && (me=router_get_my_routerinfo()) &&
+     !memcmp(me->identity_digest, id_digest,DIGEST_LEN)) {
     log_fn(LOG_WARN,"Request to connect to myself! Failing.");
     return NULL;
   }
@@ -267,6 +269,7 @@
   routerinfo_t *router;
   char nickname[MAX_NICKNAME_LEN+1];
   connection_t *c;
+  crypto_pk_env_t *identity_rcvd=NULL;
 
   conn->state = OR_CONN_STATE_OPEN;
   connection_watch_events(conn, POLLIN);
@@ -298,12 +301,18 @@
            nickname, conn->address, conn->port);
     return -1;
   }
-  if(tor_tls_verify(conn->tls, router->identity_pkey)<0) {
+  if(tor_tls_verify(conn->tls, &identity_rcvd)<0) {
     log_fn(LOG_WARN,"Other side '%s' (%s:%d) has a cert but it's invalid. Closing.",
            nickname, conn->address, conn->port);
     return -1;
   }
   log_fn(LOG_DEBUG,"The router's cert is valid.");
+  if(crypto_pk_cmp_keys(identity_rcvd, router->identity_pkey) != 0) {
+    crypto_free_pk_env(identity_rcvd);
+    log_fn(LOG_WARN, "Identity key not as expected for %s", nickname);
+    return -1;
+  }
+  crypto_free_pk_env(identity_rcvd);
 
   /* XXXX008 This isn't right; fix this one we launch by identity digest
    * XXXX008 rather than by nickname */

Index: main.c
===================================================================
RCS file: /home/or/cvsroot/src/or/main.c,v
retrieving revision 1.298
retrieving revision 1.299
diff -u -d -r1.298 -r1.299
--- main.c	21 Jul 2004 00:12:42 -0000	1.298
+++ main.c	21 Jul 2004 00:44:04 -0000	1.299
@@ -473,14 +473,6 @@
   return (options.ORPort != 0);
 }
 
-/** Return true iff we are trying to be an exit server.
- */
-int exit_server_mode(void) {
-  /* XXX008 NM: non-exit servers still answer resolve requests, right? How
-   * is this to be used? */
-  return (options.ORPort != 0);
-}
-
 /** Return true iff we are trying to be a socks proxy. */
 int proxy_mode(void) {
   return (options.SocksPort != 0);
@@ -747,7 +739,7 @@
     /* Restart cpuworker and dnsworker processes, so they get up-to-date
      * configuration options. */
     cpuworkers_rotate();
-    if (exit_server_mode())
+    if (server_mode())
       dnsworkers_rotate();
     /* Rebuild fresh descriptor as needed. */
     router_rebuild_descriptor();
@@ -1011,7 +1003,7 @@
     log_fn(LOG_WARN,"You are running Tor as root. You don't need to, and you probably shouldn't.");
 #endif
 
-  if(exit_server_mode()) { /* only spawn dns handlers if we're a router */
+  if(server_mode()) { /* only spawn dns handlers if we're a router */
     dns_init(); /* initialize the dns resolve tree, and spawn workers */
   }
   if(proxy_mode()) {

Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.389
retrieving revision 1.390
diff -u -d -r1.389 -r1.390
--- or.h	21 Jul 2004 00:21:26 -0000	1.389
+++ or.h	21 Jul 2004 00:44:04 -0000	1.390
@@ -1198,7 +1198,6 @@
 int clique_mode(void);
 int server_mode(void);
 int advertised_server_mode(void);
-int exit_server_mode(void);
 int proxy_mode(void);
 
 int main(int argc, char *argv[]);

Index: router.c
===================================================================
RCS file: /home/or/cvsroot/src/or/router.c,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -d -r1.68 -r1.69
--- router.c	20 Jul 2004 21:13:11 -0000	1.68
+++ router.c	21 Jul 2004 00:44:04 -0000	1.69
@@ -516,8 +516,8 @@
     log_fn(LOG_WARN, "Couldn't dump router to string.");
     return -1;
   }
-  ri->is_trusted_dir = ri->dir_port &&
-    router_digest_is_trusted_dir(ri->identity_digest);
+  ri->is_trusted_dir = (ri->dir_port &&
+    router_digest_is_trusted_dir(ri->identity_digest));
   return 0;
 }