[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Remove routerinfo_t->is_trusted_dir, and all the twisted ma...



Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv2980/src/or

Modified Files:
	or.h router.c routerlist.c routerparse.c test.c 
Log Message:
Remove routerinfo_t->is_trusted_dir, and all the twisted machinery used to
maintain it.

Have clients default to the nickname "client" in their certificates.

Give a less frightening warning on obsolete (pre-0.0.8) routerinfo_t's.



Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.440
retrieving revision 1.441
diff -u -d -r1.440 -r1.441
--- or.h	19 Oct 2004 17:46:06 -0000	1.440
+++ or.h	19 Oct 2004 18:19:59 -0000	1.441
@@ -595,7 +595,6 @@
   int is_running; /**< As far as we know, is this OR currently running? */
   time_t status_set_at; /**< When did we last update is_running? */
   int is_verified; /**< Has a trusted dirserver validated this OR? */
-  int is_trusted_dir; /**< Do we trust this OR as a directory server? */
 
   smartlist_t *declared_family; /**< Nicknames of router which this router
                                  * claims are its family. */
@@ -1451,13 +1450,10 @@
 int router_digest_is_trusted_dir(const char *digest);
 void router_get_routerlist(routerlist_t **prouterlist);
 void routerlist_free(routerlist_t *routerlist);
-void routerlist_clear_trusted_directories(void);
 void routerinfo_free(routerinfo_t *router);
 routerinfo_t *routerinfo_copy(const routerinfo_t *router);
 void router_mark_as_down(const char *digest);
 void routerlist_remove_old_routers(int age);
-int router_load_routerlist_from_file(char *routerfile, int trusted);
-int router_load_routerlist_from_string(const char *s, int trusted);
 int router_load_routerlist_from_directory(const char *s,crypto_pk_env_t *pkey,
                                           int check_version);
 int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,

Index: router.c
===================================================================
RCS file: /home/or/cvsroot/src/or/router.c,v
retrieving revision 1.101
retrieving revision 1.102
diff -u -d -r1.101 -r1.102
--- router.c	17 Oct 2004 21:51:20 -0000	1.101
+++ router.c	19 Oct 2004 18:19:59 -0000	1.102
@@ -242,8 +242,10 @@
     if (crypto_pk_generate_key(prkey))
       return -1;
     set_identity_key(prkey);
-/* XXX NM: do we have a convention for what client's Nickname is? */
-    if (tor_tls_context_new(get_identity_key(), 1, options.Nickname,
+    /* XXX NM: do we have a convention for what client's Nickname is?
+     * No.  Let me propose one: */
+    if (tor_tls_context_new(get_identity_key(), 1, 
+                            options.Nickname ? options.Nickname : "client",
                             MAX_SSL_KEY_LIFETIME) < 0) {
       log_fn(LOG_ERR, "Error creating TLS context for OP.");
       return -1;
@@ -398,7 +400,7 @@
 }
 
 int router_is_clique_mode(routerinfo_t *router) {
-  if(router->is_trusted_dir)
+  if(router_digest_is_trusted_dir(router->identity_digest))
     return 1;
   return 0;
 }
@@ -541,7 +543,6 @@
   ri->bandwidthburst = options.BandwidthBurst;
   ri->bandwidthcapacity = router_get_bandwidth_capacity();
   router_add_exit_policy_from_config(ri);
-  ri->is_trusted_dir = authdir_mode();
   if(desc_routerinfo) /* inherit values */
     ri->is_verified = desc_routerinfo->is_verified;
   if (options.MyFamily) {

Index: routerlist.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerlist.c,v
retrieving revision 1.164
retrieving revision 1.165
diff -u -d -r1.164 -r1.165
--- routerlist.c	17 Oct 2004 21:51:20 -0000	1.164
+++ routerlist.c	19 Oct 2004 18:19:59 -0000	1.165
@@ -48,7 +48,6 @@
 int router_reload_router_list(void)
 {
   char filename[512];
-  routerlist_clear_trusted_directories();
   if (get_data_directory(&options)) {
     char *s;
     snprintf(filename,sizeof(filename),"%s/cached-directory", get_data_directory(&options));
@@ -107,7 +106,6 @@
   log_fn(LOG_INFO,"Still no %s router entries. Reloading and trying again.",
          options.FascistFirewall ? "reachable" : "known");
   has_fetched_directory=0; /* reset it */
-  routerlist_clear_trusted_directories();
   if(router_reload_router_list()) {
     return NULL;
   }
@@ -135,7 +133,6 @@
   log_fn(LOG_WARN,"Still no dirservers %s. Reloading and trying again.",
          options.FascistFirewall ? "reachable" : "known");
   has_fetched_directory=0; /* reset it */
-  routerlist_clear_trusted_directories();
   if(router_reload_router_list()) {
     return NULL;
   }
@@ -221,11 +218,11 @@
 static void mark_all_trusteddirservers_up(void) {
   if(routerlist) {
     SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, router,
-                      if(router->is_trusted_dir) {
-                        tor_assert(router->dir_port > 0);
-                        router->is_running = 1;
-                        router->status_set_at = time(NULL);
-                      });
+                 if(router_digest_is_trusted_dir(router->identity_digest)) {
+                   tor_assert(router->dir_port > 0);
+                   router->is_running = 1;
+                   router->status_set_at = time(NULL);
+                 });
   }
   if (trusted_dir_servers) {
     SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, dir,
@@ -737,8 +734,6 @@
   for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
     r = smartlist_get(routerlist->routers, i);
 
-    r->is_trusted_dir = router_digest_is_trusted_dir(r->identity_digest);
-
     if (!crypto_pk_cmp_keys(router->identity_pkey, r->identity_pkey)) {
       if (router->published_on > r->published_on) {
         log_fn(LOG_DEBUG, "Replacing entry for router '%s/%s' [%s]",
@@ -809,9 +804,8 @@
   cutoff = time(NULL) - age;
   for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
     router = smartlist_get(routerlist->routers, i);
-    if (router->published_on <= cutoff &&
-      !router->is_trusted_dir) {
-      /* Too old.  Remove it. But never remove dirservers! */
+    if (router->published_on <= cutoff) {
+      /* Too old.  Remove it. */
       log_fn(LOG_INFO,"Forgetting obsolete routerinfo for node %s.", router->nickname);
       routerinfo_free(router);
       smartlist_del(routerlist->routers, i--);
@@ -823,83 +817,6 @@
  * Code to parse router descriptors and directories.
  */
 
-/** Update the current router list with the one stored in
- * <b>routerfile</b>. If <b>trusted</b> is true, then we'll use
- * directory servers from the file. */
-int router_load_routerlist_from_file(char *routerfile, int trusted)
-{
-  char *string;
-
-  string = read_file_to_str(routerfile,0);
-  if(!string) {
-    log_fn(LOG_WARN,"Failed to load routerfile %s.",routerfile);
-    return -1;
-  }
-
-  if(router_load_routerlist_from_string(string, trusted) < 0) {
-    log_fn(LOG_WARN,"The routerfile itself was corrupt.");
-    tor_free(string);
-    return -1;
-  }
-  /* dump_onion_keys(LOG_NOTICE); */
-
-  tor_free(string);
-  return 0;
-}
-
-/** Mark all directories in the routerlist as nontrusted. */
-void routerlist_clear_trusted_directories(void)
-{
-  if (routerlist) {
-    SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, r,
-                      r->is_trusted_dir = 0);
-  }
-}
-
-/** Helper function: read routerinfo elements from s, and throw out the
- * ones that don't parse and resolve.  Add all remaining elements to the
- * routerlist.  If <b>trusted</b> is true, then we'll use
- * directory servers from the string
- */
-int router_load_routerlist_from_string(const char *s, int trusted)
-{
-  routerlist_t *new_list=NULL;
-
-  if (router_parse_list_from_string(&s, &new_list, NULL, 0)) {
-    log(LOG_WARN, "Error parsing router file");
-    return -1;
-  }
-  if (*s) {
-    log(LOG_WARN, "Extraneous text at start of router file");
-    return -1;
-  }
-  if (trusted) {
-    int i;
-    for (i=0;i<smartlist_len(new_list->routers);++i) {
-      routerinfo_t *r = smartlist_get(new_list->routers, i);
-      if (r->dir_port) {
-        log_fn(LOG_DEBUG,"Trusting router %s.", r->nickname);
-        r->is_trusted_dir = 1;
-        add_trusted_dir_server(r->address, r->dir_port, r->identity_digest);
-      }
-    }
-  }
-  if (routerlist) {
-    SMARTLIST_FOREACH(new_list->routers, routerinfo_t *, r,
-                      router_add_to_routerlist(r));
-    smartlist_clear(new_list->routers);
-    routerlist_free(new_list);
-  } else {
-    routerlist = new_list;
-  }
-  if (router_resolve_routerlist(routerlist)) {
-    log(LOG_WARN, "Error resolving routerlist");
-    return -1;
-  }
-  /* dump_onion_keys(LOG_NOTICE); */
-
-  return 0;
-}
 
 /** Add to the current routerlist each router stored in the
  * signed directory <b>s</b>.  If pkey is provided, check the signature against

Index: routerparse.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerparse.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -d -r1.62 -r1.63
--- routerparse.c	17 Oct 2004 21:51:20 -0000	1.62
+++ routerparse.c	19 Oct 2004 18:19:59 -0000	1.63
@@ -599,9 +599,7 @@
  * was used to sign it, so we will use that key only if it is an
  * authoritative directory signing key.
  *
- * Otherwise, try to look up the router whose nickname is given in the
- * directory-signature token.  If this fails, or the named router is
- * not authoritative, try to use pkey.
+ * Otherwise, if pkey is provided, try to use it.
  *
  * (New callers should always use <b>declared_key</b> when possible;
  * <b>pkey is only for debugging.)
@@ -612,7 +610,6 @@
                                      crypto_pk_env_t *declared_key)
 {
   char signed_digest[PK_BYTES];
-  routerinfo_t *r;
   crypto_pk_env_t *_pkey = NULL;
 
   if (tok->n_args != 1) {
@@ -624,24 +621,13 @@
     if (dir_signing_key_is_trusted(declared_key))
       _pkey = declared_key;
   }
+  if (!_pkey && pkey) {
+    /* pkey provided for debugging purposes */
+    _pkey = pkey;
+  }
   if (!_pkey) {
-    log_fn(LOG_WARN, "Processing directory in old (before 0.0.9pre3) format--this may fail.");
-    r = router_get_by_nickname(tok->args[0]);
-    log_fn(LOG_DEBUG, "Got directory signed (allegedly) by %s", tok->args[0]);
-    if (r && r->is_trusted_dir) {
-      _pkey = r->identity_pkey;
-    } else if (!r && pkey) {
-      /* pkey provided for debugging purposes. */
-      _pkey = pkey;
-    } else if (!r) {
-      log_fn(LOG_WARN, "No server descriptor loaded for signer %s",
-             tok->args[0]);
-      return -1;
-    } else if (r && !r->is_trusted_dir) {
-      log_fn(LOG_WARN, "Directory was signed by non-trusted server %s",
-             tok->args[0]);
-      return -1;
-    }
+    log_fn(LOG_WARN, "Found directory in old (before 0.0.9pre3) format--rejecting.");
+    return -1;
   }
 
   if (strcmp(tok->object_type, "SIGNATURE") || tok->object_size != 128) {
@@ -825,7 +811,8 @@
     goto err;
   } else if (tok) {
     if (tok->n_args < 3) {
-      log_fn(LOG_WARN,"Not enough arguments to \"bandwidth\"");
+      /* XXXX Once 0.0.7 is *really* dead, restore this warning to its old form*/
+      log_fn(LOG_WARN,"Not enough arguments to \"bandwidth\": must be an obsolete server. Rejecting.");
       goto err;
     }
     router->bandwidthrate = tor_parse_long(tok->args[0],10,0,INT_MAX,NULL,NULL);

Index: test.c
===================================================================
RCS file: /home/or/cvsroot/src/or/test.c,v
retrieving revision 1.131
retrieving revision 1.132
diff -u -d -r1.131 -r1.132
--- test.c	17 Oct 2004 15:45:54 -0000	1.131
+++ test.c	19 Oct 2004 18:19:59 -0000	1.132
@@ -927,7 +927,6 @@
   r1.or_port = 9000;
   r1.socks_port = 9002;
   r1.dir_port = 9003;
-  r1.is_trusted_dir = 1;
   r1.onion_pkey = pk1;
   r1.identity_pkey = pk2;
   r1.bandwidthrate = 1000;