[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] Remove need for dirservers file: now, we note trusted dirse...
- To: or-cvs@freehaven.net
- Subject: [or-cvs] Remove need for dirservers file: now, we note trusted dirse...
- From: nickm@seul.org (Nick Mathewson)
- Date: Wed, 13 Oct 2004 21:44:35 -0400 (EDT)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Wed, 13 Oct 2004 21:45:45 -0400
- Reply-to: or-dev@freehaven.net
- Sender: owner-or-cvs@freehaven.net
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv21434/src/or
Modified Files:
config.c connection.c directory.c or.h router.c routerlist.c
Log Message:
Remove need for dirservers file: now, we note trusted dirservers in configuration options, and only need to remember addr:port and key digest for each one.
Index: config.c
===================================================================
RCS file: /home/or/cvsroot/src/or/config.c,v
retrieving revision 1.165
retrieving revision 1.166
diff -u -d -r1.165 -r1.166
--- config.c 13 Oct 2004 19:53:10 -0000 1.165
+++ config.c 14 Oct 2004 01:44:32 -0000 1.166
@@ -282,124 +282,6 @@
return 0;
}
-const char default_dirservers_string[] =
-"router moria1 18.244.0.188 9001 9021 9031\n"
-"platform Tor 0.0.6rc1 on Linux moria.mit.edu i686\n"
-"published 2004-04-25 21:54:28\n"
-"bandwidth 800000 10000000\n"
-"onion-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBANoIvHieyHUTzIacbnWOnyTyzGrLOdXqbcjz2GGMxyHEd5K1bO1ZBNHP\n"
-"9i5qLQpN5viFk2K2rEGuG8tFgDEzSWZEtBqv3NVfUdiumdERWMBwlaQ0MVK4C+jf\n"
-"y5gZ8KI3o9ZictgPS1AQF+Kk932/vIHTuRIUKb4ILTnQilNvID0NAgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"signing-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBAMHa0ZC/jo2Q2DrwKYF/6ZbmZ27PFYG91u4gUzzmZ/VXLpZ8wNzEV3oW\n"
-"nt+I61048fBiC1frT1/DZ351n2bLSk9zJbB6jyGZJn0380FPRX3+cXyXS0Gq8Ril\n"
-"xkhMQf5XuNFUb8UmYPSOH4WErjvYjKvU+gfjbK/82Jo9SuHpYz+BAgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"reject 0.0.0.0/255.0.0.0:*\n"
-"reject 169.254.0.0/255.255.0.0:*\n"
-"reject 127.0.0.0/255.0.0.0:*\n"
-"reject 192.168.0.0/255.255.0.0:*\n"
-"reject 10.0.0.0/255.0.0.0:*\n"
-"reject 172.16.0.0/255.240.0.0:*\n"
-"accept *:20-22\n"
-"accept *:53\n"
-"accept *:79-80\n"
-"accept *:110\n"
-"accept *:143\n"
-"accept *:443\n"
-"accept *:873\n"
-"accept *:993\n"
-"accept *:995\n"
-"accept *:1024-65535\n"
-"reject *:*\n"
-"router-signature\n"
-"-----BEGIN SIGNATURE-----\n"
-"o1eAoRHDAEAXsnh5wN++vIwrupd+DbAJ2p3wxHDrmqxTpygzxxCnyQyhMfX03ua2\n"
-"4iplyNlwyFwzWcw0sk31otlO2HBYXT1V9G0YxGtKMOeOBMHjfGbUjGvEALHzWi4z\n"
-"8DXGJp13zgnUyP4ZA6xaGROwcT6oB5e7UlztvvpGxTg=\n"
-"-----END SIGNATURE-----\n"
-"\n"
-"router moria2 18.244.0.188 9002 9022 9032\n"
-"platform Tor 0.0.6rc1 on Linux moria.mit.edu i686\n"
-"published 2004-04-25 21:54:30\n"
-"bandwidth 800000 10000000\n"
-"onion-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBAM4Cc/npgYC54XrYLC+grVxJp7PDmNO2DRRJOxKttBBtvLpnR1UaueTi\n"
-"kyknT5kmlx+ihgZF/jmye//2dDUp2+kK/kSkpRV4xnDLXZmed+sNSQxqmm9TtZQ9\n"
-"/hjpxhp5J9HmUTYhntBs+4E4CUKokmrI6oRLoln4SA39AX9QLPcnAgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"signing-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBAOcrht/y5rkaahfX7sMe2qnpqoPibsjTSJaDvsUtaNP/Bq0MgNDGOR48\n"
-"rtwfqTRff275Edkp/UYw3G3vSgKCJr76/bqOHCmkiZrnPV1zxNfrK18gNw2Cxre0\n"
-"nTA+fD8JQqpPtb8b0SnG9kwy75eS//sRu7TErie2PzGMxrf9LH0LAgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"reject 0.0.0.0/255.0.0.0:*\n"
-"reject 169.254.0.0/255.255.0.0:*\n"
-"reject 127.0.0.0/255.0.0.0:*\n"
-"reject 192.168.0.0/255.255.0.0:*\n"
-"reject 10.0.0.0/255.0.0.0:*\n"
-"reject 172.16.0.0/255.240.0.0:*\n"
-"accept *:20-22\n"
-"accept *:53\n"
-"accept *:79-80\n"
-"accept *:110\n"
-"accept *:143\n"
-"accept *:443\n"
-"accept *:873\n"
-"accept *:993\n"
-"accept *:995\n"
-"accept *:1024-65535\n"
-"reject *:*\n"
-"router-signature\n"
-"-----BEGIN SIGNATURE-----\n"
-"RKROLwP1ExjTZeg6wuN0pzYqed9IJUd5lAe9hp4ritbnmJAgS6qfww6jgx61CfUR\n"
-"6SElhOLE7Q77jAdoL45Ji5pn/Y+Q+E+5lJm1E/ed9ha+YsOPaOc7z6GQ7E4mihCL\n"
-"gI1vsw92+P1Ty4RHj6fyD9DhbV19nh2Qs+pvGJOS2FY=\n"
-"-----END SIGNATURE-----\n"
-"\n"
-"router tor26 62.116.124.106 9001 9050 9030\n"
-"platform Tor 0.0.6 on Linux seppia i686\n"
-"published 2004-05-06 21:33:23\n"
-"bandwidth 500000 10000000\n"
-"onion-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBAMEHdDnpj3ik1AF1xe/VqjoguH2DbANifYqXXfempu0fS+tU9FGo6dU/\n"
-"fnVHAZwL9Ek9k2rMzumShi1RduK9p035R/Gk+PBBcLfvwYJ/Nat+ZO/L8jn/3bZe\n"
-"ieQd9CKj2LjNGKpRNry37vkwMGIOIlegwK+2us8aXJ7sIvlNts0TAgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"signing-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBAMQgV2gXLbXgesWgeAsj8P1Uvm/zibrFXqwDq27lLKNgWGYGX2ax3LyT\n"
-"3nzI1Y5oLs4kPKTsMM5ft9aokwf417lKoCRlZc9ptfRbgxDx90c9GtWVmkrmDvCK\n"
-"ae59TMoXIiGfZiwWT6KKq5Zm9/Fu2Il3B2vHGkKJYKixmiBJRKp/AgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"accept 62.245.184.24:25\n"
-"accept 62.116.124.106:6666-6670\n"
-"accept *:48099\n"
-"reject *:*\n"
-"router-signature\n"
-"-----BEGIN SIGNATURE-----\n"
-"qh/xRoqfLNFzPaB8VdpbdMAwRyuk5qjx4LeLVQ2pDwTZ55PqmG99+VKUNte2WTTD\n"
-"7dZEA7um2rueohGe4nYmvbhJWr20/I0ZxmWDRDvFy0b5nwzDMGvLvDw95Zu/XJQ2\n"
-"md32NE3y9VZCfbCN+GlvETX3fdR3Svzcm8Kzesg2/s4=\n"
-"-----END SIGNATURE-----\n"
-;
-
-int config_assign_default_dirservers(void) {
- if(router_load_routerlist_from_string(default_dirservers_string, 1) < 0) {
- log_fn(LOG_WARN,"Bug: the default dirservers internal string is corrupt.");
- return -1;
- }
-
- return 0;
-}
-
static void add_default_trusted_dirservers(void) {
/* moria1 */
parse_dir_server_line("18.244.0.188:9031 "
@@ -894,7 +776,6 @@
}
}
-
clear_trusted_dir_servers();
if (!options->DirServers) {
add_default_trusted_dirservers();
Index: connection.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection.c,v
retrieving revision 1.258
retrieving revision 1.259
diff -u -d -r1.258 -r1.259
--- connection.c 13 Oct 2004 20:17:45 -0000 1.258
+++ connection.c 14 Oct 2004 01:44:32 -0000 1.259
@@ -738,7 +738,8 @@
/* it's a directory server and connecting failed: forget about this router */
/* XXX I suspect pollerr may make Windows not get to this point. :( */
router_mark_as_down(conn->identity_digest);
- if(conn->purpose == DIR_PURPOSE_FETCH_DIR && !all_directory_servers_down()) {
+ if(conn->purpose == DIR_PURPOSE_FETCH_DIR &&
+ !all_trusted_directory_servers_down()) {
log_fn(LOG_INFO,"Giving up on dirserver %s; trying another.", conn->address);
directory_get_from_dirserver(DIR_PURPOSE_FETCH_DIR, NULL, 0);
}
Index: directory.c
===================================================================
RCS file: /home/or/cvsroot/src/or/directory.c,v
retrieving revision 1.140
retrieving revision 1.141
diff -u -d -r1.140 -r1.141
--- directory.c 12 Oct 2004 15:55:20 -0000 1.140
+++ directory.c 14 Oct 2004 01:44:32 -0000 1.141
@@ -105,20 +105,18 @@
if (purpose == DIR_PURPOSE_FETCH_DIR) {
if (advertised_server_mode()) {
/* only ask authdirservers, and don't ask myself */
- r = router_pick_directory_server(1, 1);
- /* XXXX NM Enable this once we actually set keys for dirservers.
- * ds = router_pick_trusteddirserver(1);
- */
+ ds = router_pick_trusteddirserver(1);
} else {
/* anybody with a non-zero dirport will do */
- r = router_pick_directory_server(0, 1);
+ r = router_pick_directory_server(1);
+ if (!r) {
+ log_fn(LOG_INFO, "No router found for directory; falling back to dirserver list");
+ ds = router_pick_trusteddirserver(1);
+ }
}
} else { // (purpose == DIR_PURPOSE_FETCH_RENDDESC)
/* only ask authdirservers, any of them will do */
- r = router_pick_directory_server(1, 0);
- /* XXXX NM Enable this once we actually set keys for dirservers.
- * ds = router_pick_trusteddirserver(0);
- */
+ ds = router_pick_trusteddirserver(0);
}
if (r)
@@ -152,7 +150,7 @@
directory_initiate_command_trusted_dir(trusted_dir_server_t *dirserv,
uint8_t purpose, const char *payload, int payload_len)
{
- directory_initiate_command(dirserv->address, dirserv->addr, dirserv->dir_port,
+ directory_initiate_command(dirserv->address, dirserv->addr,dirserv->dir_port,
NULL, dirserv->digest, purpose, payload, payload_len);
}
@@ -212,7 +210,8 @@
switch(connection_connect(conn, conn->address, conn->addr, conn->port)) {
case -1:
router_mark_as_down(conn->identity_digest); /* don't try him again */
- if(purpose == DIR_PURPOSE_FETCH_DIR && !all_directory_servers_down()) {
+ if(purpose == DIR_PURPOSE_FETCH_DIR &&
+ !all_trusted_directory_servers_down()) {
log_fn(LOG_INFO,"Giving up on dirserver %s; trying another.", conn->nickname);
directory_get_from_dirserver(purpose, payload, payload_len);
}
Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.428
retrieving revision 1.429
diff -u -d -r1.428 -r1.429
--- or.h 13 Oct 2004 20:05:57 -0000 1.428
+++ or.h 14 Oct 2004 01:44:32 -0000 1.429
@@ -1411,9 +1411,9 @@
} trusted_dir_server_t;
int router_reload_router_list(void);
-routerinfo_t *router_pick_directory_server(int requireauth, int requireothers);
+routerinfo_t *router_pick_directory_server(int requireothers);
trusted_dir_server_t *router_pick_trusteddirserver(int requireothers);
-int all_directory_servers_down(void);
+int all_trusted_directory_servers_down(void);
struct smartlist_t;
void routerlist_add_friends(struct smartlist_t *sl, routerinfo_t *router);
void add_nickname_list_to_smartlist(struct smartlist_t *sl, const char *list, int warn_if_down);
Index: router.c
===================================================================
RCS file: /home/or/cvsroot/src/or/router.c,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -d -r1.92 -r1.93
--- router.c 13 Oct 2004 01:25:42 -0000 1.92
+++ router.c 14 Oct 2004 01:44:32 -0000 1.93
@@ -228,6 +228,7 @@
char *cp;
const char *tmp, *mydesc, *datadir;
crypto_pk_env_t *prkey;
+ char digest[20];
if (!key_lock)
key_lock = tor_mutex_new();
@@ -345,6 +346,16 @@
log_fn(LOG_ERR, "Error loading fingerprints");
return -1;
}
+ /* 6b. [authdirserver only] add own key to approved directories. */
+ crypto_pk_get_digest(get_identity_key(), digest);
+ if (!router_digest_is_trusted_dir(digest)) {
+ uint32_t addr;
+ if(resolve_my_address(options.Address, &addr) < 0) {
+ log_fn(LOG_WARN,"options.Address didn't resolve into an IP.");
+ return -1;
+ }
+ add_trusted_dir_server(addr, options.DirPort, digest);
+ }
/* 7. [authdirserver only] load old directory, if it's there */
sprintf(keydir,"%s/cached-directory", datadir);
log_fn(LOG_INFO,"Loading cached directory from %s...",keydir);
Index: routerlist.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerlist.c,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -d -r1.151 -r1.152
--- routerlist.c 13 Oct 2004 19:56:42 -0000 1.151
+++ routerlist.c 14 Oct 2004 01:44:32 -0000 1.152
@@ -22,7 +22,7 @@
/* static function prototypes */
static routerinfo_t *
-router_pick_directory_server_impl(int requireauth, int requireothers, int fascistfirewall);
+router_pick_directory_server_impl(int requireothers, int fascistfirewall);
static trusted_dir_server_t *
router_pick_trusteddirserver_impl(int requireother, int fascistfirewall);
static void mark_all_trusteddirservers_up(void);
@@ -49,17 +49,6 @@
{
char filename[512];
routerlist_clear_trusted_directories();
- if (options.RouterFile) {
- log_fn(LOG_INFO, "Loading router list from %s", options.RouterFile);
- if (router_load_routerlist_from_file(options.RouterFile, 1) < 0) {
- log_fn(LOG_ERR,"Error loading router list '%s'.", options.RouterFile);
- return -1;
- }
- } else {
- log_fn(LOG_INFO, "Loading internal default router list.");
- if (config_assign_default_dirservers() < 0)
- return -1;
- }
if (get_data_directory(&options)) {
char *s;
snprintf(filename,sizeof(filename),"%s/cached-directory", get_data_directory(&options));
@@ -70,7 +59,7 @@
if (router_load_routerlist_from_directory(s, NULL, 0) < 0) {
log_fn(LOG_WARN, "Cached directory '%s' was unparseable; ignoring.", filename);
}
- if(routerlist->published_on > time(NULL) - OLD_MIN_ONION_KEY_LIFETIME/2) {
+ if( routerlist && routerlist->published_on > time(NULL) - OLD_MIN_ONION_KEY_LIFETIME/2) {
/* XXX use new onion key lifetime when 0.0.8 servers are obsolete */
directory_has_arrived(); /* do things we've been waiting to do */
}
@@ -84,22 +73,25 @@
* in our routerlist, set all the authoritative ones as running again,
* and pick one. If there are no dirservers at all in our routerlist,
* reload the routerlist and try one last time. */
-routerinfo_t *router_pick_directory_server(int requireauth, int requireothers) {
+routerinfo_t *router_pick_directory_server(int requireothers) {
routerinfo_t *choice;
- choice = router_pick_directory_server_impl(requireauth, requireothers, options.FascistFirewall);
+ if (!routerlist)
+
+
+ choice = router_pick_directory_server_impl(requireothers, options.FascistFirewall);
if(choice)
return choice;
- log_fn(LOG_INFO,"No dirservers are reachable. Trying them all again.");
+ log_fn(LOG_INFO,"No reachable router entries for dirservers. Trying them all again.");
/* mark all authdirservers as up again */
mark_all_trusteddirservers_up();
/* try again */
- choice = router_pick_directory_server_impl(requireauth, requireothers, 0);
+ choice = router_pick_directory_server_impl(requireothers, options.FascistFirewall);
if(choice)
return choice;
- log_fn(LOG_WARN,"Still no dirservers %s. Reloading and trying again.",
+ log_fn(LOG_INFO,"Still no %s router entries. Reloading and trying again.",
options.FascistFirewall ? "reachable" : "known");
has_fetched_directory=0; /* reset it */
routerlist_clear_trusted_directories();
@@ -107,7 +99,7 @@
return NULL;
}
/* give it one last try */
- choice = router_pick_directory_server_impl(requireauth, requireothers, 0);
+ choice = router_pick_directory_server_impl(requireothers, 0);
return choice;
}
@@ -143,7 +135,7 @@
* it has to be a trusted server. If requireothers, it cannot be us.
*/
static routerinfo_t *
-router_pick_directory_server_impl(int requireauth, int requireothers, int fascistfirewall)
+router_pick_directory_server_impl(int requireothers, int fascistfirewall)
{
int i;
routerinfo_t *router;
@@ -159,8 +151,6 @@
router = smartlist_get(routerlist->routers, i);
if(!router->is_running || !router->dir_port)
continue;
- if(requireauth && !router->is_trusted_dir)
- continue;
if(requireothers && router_is_me(router))
continue;
if(fascistfirewall) {
@@ -224,24 +214,11 @@
/** Return 0 if \exists an authoritative dirserver that's currently
* thought to be running, else return 1.
*/
-int all_directory_servers_down(void) {
- int i;
- routerinfo_t *router;
- if(!routerlist)
- return 1; /* if no dirservers, I guess they're all down */
- for(i=0;i< smartlist_len(routerlist->routers); i++) {
- router = smartlist_get(routerlist->routers, i);
- if(router->is_running && router->is_trusted_dir) {
- tor_assert(router->dir_port > 0);
- return 0;
- }
- }
- /* XXXX NM look at trusted_dir_servers instead.
+int all_trusted_directory_servers_down(void) {
if (!trusted_dir_servers)
return 1;
SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, dir,
if (dir->is_running) return 0);
- */
return 1;
}
@@ -680,15 +657,14 @@
*/
for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
r = smartlist_get(routerlist->routers, i);
+
+ r->is_trusted_dir = router_digest_is_trusted_dir(r->identity_digest);
+
if (!crypto_pk_cmp_keys(router->identity_pkey, r->identity_pkey)) {
if (router->published_on > r->published_on) {
log_fn(LOG_DEBUG, "Replacing entry for router '%s/%s' [%s]",
router->nickname, r->nickname, hex_str(id_digest,DIGEST_LEN));
/* Remember whether we trust this router as a dirserver. */
- /*XXXXNM first test is redundant; second should move elsewhere */
- if (r->is_trusted_dir ||
- router_digest_is_trusted_dir(router->identity_digest))
- router->is_trusted_dir = 1;
/* If the address hasn't changed; no need to re-resolve. */
if (!strcasecmp(r->address, router->address))
router->addr = r->addr;
@@ -698,10 +674,6 @@
} else {
log_fn(LOG_DEBUG, "Skipping old entry for router '%s'",
router->nickname);
- /* If we now trust 'router', then we trust the one in the routerlist
- * too. */
- if (router->is_trusted_dir)
- r->is_trusted_dir = 1;
/* Update the is_running status to whatever we were told. */
r->is_running = router->is_running;
routerinfo_free(router);
@@ -803,7 +775,6 @@
SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, r,
r->is_trusted_dir = 0);
}
- clear_trusted_dir_servers();
}
/** Helper function: read routerinfo elements from s, and throw out the
@@ -1154,7 +1125,7 @@
ent = tor_malloc(sizeof(trusted_dir_server_t));
ent->address = tor_strdup(addr);
- ent->addr = a;
+ ent->addr = ntohl(a);
ent->dir_port = port;
ent->is_running = 1;
memcpy(ent->digest, digest, DIGEST_LEN);