[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] Remove routerinfo_t->is_trusted_dir, and all the twisted ma...
- To: or-cvs@freehaven.net
- Subject: [or-cvs] Remove routerinfo_t->is_trusted_dir, and all the twisted ma...
- From: nickm@seul.org (Nick Mathewson)
- Date: Tue, 19 Oct 2004 14:20:02 -0400 (EDT)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Tue, 19 Oct 2004 14:20:35 -0400
- Reply-to: or-dev@freehaven.net
- Sender: owner-or-cvs@freehaven.net
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv2980/src/or
Modified Files:
or.h router.c routerlist.c routerparse.c test.c
Log Message:
Remove routerinfo_t->is_trusted_dir, and all the twisted machinery used to
maintain it.
Have clients default to the nickname "client" in their certificates.
Give a less frightening warning on obsolete (pre-0.0.8) routerinfo_t's.
Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.440
retrieving revision 1.441
diff -u -d -r1.440 -r1.441
--- or.h 19 Oct 2004 17:46:06 -0000 1.440
+++ or.h 19 Oct 2004 18:19:59 -0000 1.441
@@ -595,7 +595,6 @@
int is_running; /**< As far as we know, is this OR currently running? */
time_t status_set_at; /**< When did we last update is_running? */
int is_verified; /**< Has a trusted dirserver validated this OR? */
- int is_trusted_dir; /**< Do we trust this OR as a directory server? */
smartlist_t *declared_family; /**< Nicknames of router which this router
* claims are its family. */
@@ -1451,13 +1450,10 @@
int router_digest_is_trusted_dir(const char *digest);
void router_get_routerlist(routerlist_t **prouterlist);
void routerlist_free(routerlist_t *routerlist);
-void routerlist_clear_trusted_directories(void);
void routerinfo_free(routerinfo_t *router);
routerinfo_t *routerinfo_copy(const routerinfo_t *router);
void router_mark_as_down(const char *digest);
void routerlist_remove_old_routers(int age);
-int router_load_routerlist_from_file(char *routerfile, int trusted);
-int router_load_routerlist_from_string(const char *s, int trusted);
int router_load_routerlist_from_directory(const char *s,crypto_pk_env_t *pkey,
int check_version);
int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
Index: router.c
===================================================================
RCS file: /home/or/cvsroot/src/or/router.c,v
retrieving revision 1.101
retrieving revision 1.102
diff -u -d -r1.101 -r1.102
--- router.c 17 Oct 2004 21:51:20 -0000 1.101
+++ router.c 19 Oct 2004 18:19:59 -0000 1.102
@@ -242,8 +242,10 @@
if (crypto_pk_generate_key(prkey))
return -1;
set_identity_key(prkey);
-/* XXX NM: do we have a convention for what client's Nickname is? */
- if (tor_tls_context_new(get_identity_key(), 1, options.Nickname,
+ /* XXX NM: do we have a convention for what client's Nickname is?
+ * No. Let me propose one: */
+ if (tor_tls_context_new(get_identity_key(), 1,
+ options.Nickname ? options.Nickname : "client",
MAX_SSL_KEY_LIFETIME) < 0) {
log_fn(LOG_ERR, "Error creating TLS context for OP.");
return -1;
@@ -398,7 +400,7 @@
}
int router_is_clique_mode(routerinfo_t *router) {
- if(router->is_trusted_dir)
+ if(router_digest_is_trusted_dir(router->identity_digest))
return 1;
return 0;
}
@@ -541,7 +543,6 @@
ri->bandwidthburst = options.BandwidthBurst;
ri->bandwidthcapacity = router_get_bandwidth_capacity();
router_add_exit_policy_from_config(ri);
- ri->is_trusted_dir = authdir_mode();
if(desc_routerinfo) /* inherit values */
ri->is_verified = desc_routerinfo->is_verified;
if (options.MyFamily) {
Index: routerlist.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerlist.c,v
retrieving revision 1.164
retrieving revision 1.165
diff -u -d -r1.164 -r1.165
--- routerlist.c 17 Oct 2004 21:51:20 -0000 1.164
+++ routerlist.c 19 Oct 2004 18:19:59 -0000 1.165
@@ -48,7 +48,6 @@
int router_reload_router_list(void)
{
char filename[512];
- routerlist_clear_trusted_directories();
if (get_data_directory(&options)) {
char *s;
snprintf(filename,sizeof(filename),"%s/cached-directory", get_data_directory(&options));
@@ -107,7 +106,6 @@
log_fn(LOG_INFO,"Still no %s router entries. Reloading and trying again.",
options.FascistFirewall ? "reachable" : "known");
has_fetched_directory=0; /* reset it */
- routerlist_clear_trusted_directories();
if(router_reload_router_list()) {
return NULL;
}
@@ -135,7 +133,6 @@
log_fn(LOG_WARN,"Still no dirservers %s. Reloading and trying again.",
options.FascistFirewall ? "reachable" : "known");
has_fetched_directory=0; /* reset it */
- routerlist_clear_trusted_directories();
if(router_reload_router_list()) {
return NULL;
}
@@ -221,11 +218,11 @@
static void mark_all_trusteddirservers_up(void) {
if(routerlist) {
SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, router,
- if(router->is_trusted_dir) {
- tor_assert(router->dir_port > 0);
- router->is_running = 1;
- router->status_set_at = time(NULL);
- });
+ if(router_digest_is_trusted_dir(router->identity_digest)) {
+ tor_assert(router->dir_port > 0);
+ router->is_running = 1;
+ router->status_set_at = time(NULL);
+ });
}
if (trusted_dir_servers) {
SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, dir,
@@ -737,8 +734,6 @@
for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
r = smartlist_get(routerlist->routers, i);
- r->is_trusted_dir = router_digest_is_trusted_dir(r->identity_digest);
-
if (!crypto_pk_cmp_keys(router->identity_pkey, r->identity_pkey)) {
if (router->published_on > r->published_on) {
log_fn(LOG_DEBUG, "Replacing entry for router '%s/%s' [%s]",
@@ -809,9 +804,8 @@
cutoff = time(NULL) - age;
for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
router = smartlist_get(routerlist->routers, i);
- if (router->published_on <= cutoff &&
- !router->is_trusted_dir) {
- /* Too old. Remove it. But never remove dirservers! */
+ if (router->published_on <= cutoff) {
+ /* Too old. Remove it. */
log_fn(LOG_INFO,"Forgetting obsolete routerinfo for node %s.", router->nickname);
routerinfo_free(router);
smartlist_del(routerlist->routers, i--);
@@ -823,83 +817,6 @@
* Code to parse router descriptors and directories.
*/
-/** Update the current router list with the one stored in
- * <b>routerfile</b>. If <b>trusted</b> is true, then we'll use
- * directory servers from the file. */
-int router_load_routerlist_from_file(char *routerfile, int trusted)
-{
- char *string;
-
- string = read_file_to_str(routerfile,0);
- if(!string) {
- log_fn(LOG_WARN,"Failed to load routerfile %s.",routerfile);
- return -1;
- }
-
- if(router_load_routerlist_from_string(string, trusted) < 0) {
- log_fn(LOG_WARN,"The routerfile itself was corrupt.");
- tor_free(string);
- return -1;
- }
- /* dump_onion_keys(LOG_NOTICE); */
-
- tor_free(string);
- return 0;
-}
-
-/** Mark all directories in the routerlist as nontrusted. */
-void routerlist_clear_trusted_directories(void)
-{
- if (routerlist) {
- SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, r,
- r->is_trusted_dir = 0);
- }
-}
-
-/** Helper function: read routerinfo elements from s, and throw out the
- * ones that don't parse and resolve. Add all remaining elements to the
- * routerlist. If <b>trusted</b> is true, then we'll use
- * directory servers from the string
- */
-int router_load_routerlist_from_string(const char *s, int trusted)
-{
- routerlist_t *new_list=NULL;
-
- if (router_parse_list_from_string(&s, &new_list, NULL, 0)) {
- log(LOG_WARN, "Error parsing router file");
- return -1;
- }
- if (*s) {
- log(LOG_WARN, "Extraneous text at start of router file");
- return -1;
- }
- if (trusted) {
- int i;
- for (i=0;i<smartlist_len(new_list->routers);++i) {
- routerinfo_t *r = smartlist_get(new_list->routers, i);
- if (r->dir_port) {
- log_fn(LOG_DEBUG,"Trusting router %s.", r->nickname);
- r->is_trusted_dir = 1;
- add_trusted_dir_server(r->address, r->dir_port, r->identity_digest);
- }
- }
- }
- if (routerlist) {
- SMARTLIST_FOREACH(new_list->routers, routerinfo_t *, r,
- router_add_to_routerlist(r));
- smartlist_clear(new_list->routers);
- routerlist_free(new_list);
- } else {
- routerlist = new_list;
- }
- if (router_resolve_routerlist(routerlist)) {
- log(LOG_WARN, "Error resolving routerlist");
- return -1;
- }
- /* dump_onion_keys(LOG_NOTICE); */
-
- return 0;
-}
/** Add to the current routerlist each router stored in the
* signed directory <b>s</b>. If pkey is provided, check the signature against
Index: routerparse.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerparse.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -d -r1.62 -r1.63
--- routerparse.c 17 Oct 2004 21:51:20 -0000 1.62
+++ routerparse.c 19 Oct 2004 18:19:59 -0000 1.63
@@ -599,9 +599,7 @@
* was used to sign it, so we will use that key only if it is an
* authoritative directory signing key.
*
- * Otherwise, try to look up the router whose nickname is given in the
- * directory-signature token. If this fails, or the named router is
- * not authoritative, try to use pkey.
+ * Otherwise, if pkey is provided, try to use it.
*
* (New callers should always use <b>declared_key</b> when possible;
* <b>pkey is only for debugging.)
@@ -612,7 +610,6 @@
crypto_pk_env_t *declared_key)
{
char signed_digest[PK_BYTES];
- routerinfo_t *r;
crypto_pk_env_t *_pkey = NULL;
if (tok->n_args != 1) {
@@ -624,24 +621,13 @@
if (dir_signing_key_is_trusted(declared_key))
_pkey = declared_key;
}
+ if (!_pkey && pkey) {
+ /* pkey provided for debugging purposes */
+ _pkey = pkey;
+ }
if (!_pkey) {
- log_fn(LOG_WARN, "Processing directory in old (before 0.0.9pre3) format--this may fail.");
- r = router_get_by_nickname(tok->args[0]);
- log_fn(LOG_DEBUG, "Got directory signed (allegedly) by %s", tok->args[0]);
- if (r && r->is_trusted_dir) {
- _pkey = r->identity_pkey;
- } else if (!r && pkey) {
- /* pkey provided for debugging purposes. */
- _pkey = pkey;
- } else if (!r) {
- log_fn(LOG_WARN, "No server descriptor loaded for signer %s",
- tok->args[0]);
- return -1;
- } else if (r && !r->is_trusted_dir) {
- log_fn(LOG_WARN, "Directory was signed by non-trusted server %s",
- tok->args[0]);
- return -1;
- }
+ log_fn(LOG_WARN, "Found directory in old (before 0.0.9pre3) format--rejecting.");
+ return -1;
}
if (strcmp(tok->object_type, "SIGNATURE") || tok->object_size != 128) {
@@ -825,7 +811,8 @@
goto err;
} else if (tok) {
if (tok->n_args < 3) {
- log_fn(LOG_WARN,"Not enough arguments to \"bandwidth\"");
+ /* XXXX Once 0.0.7 is *really* dead, restore this warning to its old form*/
+ log_fn(LOG_WARN,"Not enough arguments to \"bandwidth\": must be an obsolete server. Rejecting.");
goto err;
}
router->bandwidthrate = tor_parse_long(tok->args[0],10,0,INT_MAX,NULL,NULL);
Index: test.c
===================================================================
RCS file: /home/or/cvsroot/src/or/test.c,v
retrieving revision 1.131
retrieving revision 1.132
diff -u -d -r1.131 -r1.132
--- test.c 17 Oct 2004 15:45:54 -0000 1.131
+++ test.c 19 Oct 2004 18:19:59 -0000 1.132
@@ -927,7 +927,6 @@
r1.or_port = 9000;
r1.socks_port = 9002;
r1.dir_port = 9003;
- r1.is_trusted_dir = 1;
r1.onion_pkey = pk1;
r1.identity_pkey = pk2;
r1.bandwidthrate = 1000;