diff options
| author | Nick Mathewson <nickm@torproject.org> | 2005-10-04 21:21:09 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2005-10-04 21:21:09 +0000 |
| commit | 2d203fdcf319b45477bdcad7e3476ac3c45ee7e0 (patch) | |
| tree | 77e9ae8a63c4ad69a1782a8d4c6798b125817743 | |
| parent | b10df0d5950c28f8e4684014a4f6d02d51b61f74 (diff) | |
| download | tor-2d203fdcf319b45477bdcad7e3476ac3c45ee7e0.tar.gz tor-2d203fdcf319b45477bdcad7e3476ac3c45ee7e0.zip | |
link nicknames to trusted directory servers; log these nicknames when mentioning servers; also, when we get a naming conflict; log which nicknames or keys are supposed to bind.
svn:r5184
| -rw-r--r-- | doc/tor.1.in | 2 | ||||
| -rw-r--r-- | src/config/torrc.complete.in | 6 | ||||
| -rw-r--r-- | src/or/config.c | 47 | ||||
| -rw-r--r-- | src/or/or.h | 5 | ||||
| -rw-r--r-- | src/or/router.c | 3 | ||||
| -rw-r--r-- | src/or/routerlist.c | 67 |
6 files changed, 82 insertions, 48 deletions
diff --git a/doc/tor.1.in b/doc/tor.1.in index 848d1b1464..d32ad5a6f2 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -83,7 +83,7 @@ their current liveness status. A value of "0 seconds" tells Tor to choose an appropriate default. (Default: 1 hour for clients, 20 minutes for servers) .LP .TP -\fBDirServer \fR[v1] \fIaddress:port fingerprint\fP +\fBDirServer \fR[\fInickname\fR] [\fBv1\fR] \fIaddress\fR\fB:\fIport fingerprint\fP Use a nonstandard authoritative directory server at the provided address and port, with the specified key fingerprint. This option can be repeated many times, for multiple authoritative directory diff --git a/src/config/torrc.complete.in b/src/config/torrc.complete.in index c382f95d32..10acb0a259 100644 --- a/src/config/torrc.complete.in +++ b/src/config/torrc.complete.in @@ -77,9 +77,9 @@ ## uncommenting these lines is a bad idea. They are the defaults now, ## but the defaults may change in the future, leaving you behind. ## -#DirServer v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 -#DirServer v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF -#DirServer v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D +#DirServer moria1 v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 +#DirServer moria2 v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF +#DirServer tor26 v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D ## On startup, setgid to this user. #Group GID diff --git a/src/or/config.c b/src/or/config.c index 05cf6f1f9e..4655e2c2bd 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1313,15 +1313,12 @@ option_reset(config_format_t *fmt, or_options_t *options, static void add_default_trusted_dirservers(or_options_t *options) { - /* moria1 */ config_line_append(&options->DirServers, "DirServer", - "v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441"); - /* moria2 */ + "moria1 v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441"); config_line_append(&options->DirServers, "DirServer", - "v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF"); - /* tor26 */ + "moria2 v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF"); config_line_append(&options->DirServers, "DirServer", - "v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D"); + "tor26 v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D"); // "tor.noreply.org:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D"); } @@ -2871,23 +2868,31 @@ static int parse_dir_server_line(const char *line, int validate_only) { smartlist_t *items = NULL; - int r; - char *addrport, *address=NULL; + int r, idx; + char *addrport, *address=NULL, *nickname=NULL, *fingerprint=NULL; uint16_t port; char digest[DIGEST_LEN]; int supports_v1 = 1; /*XXXX011 change default when clients support v2. */ - while (TOR_ISSPACE(*line)) - ++line; + items = smartlist_create(); + smartlist_split_string(items, line, NULL, + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + if (smartlist_len(items) < 2) { + } - if (!strcmpstart(line, "v1 ")) { - line += 3; + idx = 0; + if (is_legal_nickname(smartlist_get(items, 0))) { + nickname = smartlist_get(items, 0); + smartlist_del_keeporder(items, 0); + } + + if (!strcmp(smartlist_get(items, 0), "v1")) { + char *v1 = smartlist_get(items, 0); + tor_free(v1); supports_v1 = 1; + smartlist_del_keeporder(items, 0); } - items = smartlist_create(); - smartlist_split_string(items, line, NULL, - SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2); if (smartlist_len(items) < 2) { log_fn(LOG_WARN, "Too few arguments to DirServer line."); goto err; @@ -2901,14 +2906,14 @@ parse_dir_server_line(const char *line, int validate_only) log_fn(LOG_WARN, "Missing port in DirServer address '%s'",addrport); goto err; } + smartlist_del_keeporder(items, 0); - tor_strstrip(smartlist_get(items, 1), " "); - if (strlen(smartlist_get(items, 1)) != HEX_DIGEST_LEN) { + fingerprint = smartlist_join_strings(items, "", 0, NULL); + if (strlen(fingerprint) != HEX_DIGEST_LEN) { log_fn(LOG_WARN, "Key digest for DirServer is wrong length."); goto err; } - if (base16_decode(digest, DIGEST_LEN, - smartlist_get(items,1), HEX_DIGEST_LEN)<0) { + if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) { log_fn(LOG_WARN, "Unable to decode DirServer key digest."); goto err; } @@ -2916,7 +2921,7 @@ parse_dir_server_line(const char *line, int validate_only) if (!validate_only) { log_fn(LOG_DEBUG, "Trusted dirserver at %s:%d (%s)", address, (int)port, (char*)smartlist_get(items,1)); - add_trusted_dir_server(address, port, digest, supports_v1); + add_trusted_dir_server(nickname, address, port, digest, supports_v1); } r = 0; @@ -2929,6 +2934,8 @@ parse_dir_server_line(const char *line, int validate_only) SMARTLIST_FOREACH(items, char*, s, tor_free(s)); smartlist_free(items); tor_free(address); + tor_free(nickname); + tor_free(fingerprint); return r; } diff --git a/src/or/or.h b/src/or/or.h index ad5a0d0d15..c1e3203010 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2062,6 +2062,8 @@ void router_free_all_keys(void); /** Represents information about a single trusted directory server. */ typedef struct trusted_dir_server_t { + char *description; + char *nickname; char *address; /**< Hostname */ uint32_t addr; /**< IPv4 address */ uint16_t dir_port; /**< Directory port */ @@ -2138,7 +2140,8 @@ int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port, int need_uptime); int router_exit_policy_rejects_all(routerinfo_t *router); -void add_trusted_dir_server(const char *addr, uint16_t port, +void add_trusted_dir_server(const char *nickname, + const char *addr, uint16_t port, const char *digest, int supports_v1); void clear_trusted_dir_servers(void); networkstatus_t *networkstatus_get_by_digest(const char *digest); diff --git a/src/or/router.c b/src/or/router.c index 287c841e5e..3db797ffd2 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -370,7 +370,8 @@ init_keys(void) /* 6b. [authdirserver only] add own key to approved directories. */ crypto_pk_get_digest(get_identity_key(), digest); if (!router_digest_is_trusted_dir(digest)) { - add_trusted_dir_server(NULL, (uint16_t)options->DirPort, digest, + add_trusted_dir_server(options->Nickname, NULL, + (uint16_t)options->DirPort, digest, options->V1AuthoritativeDir); } /* success */ diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 1d763cf770..435d4dfd55 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1416,7 +1416,7 @@ router_set_networkstatus(const char *s, time_t arrived_at, format_iso_time(published, ns->published_on); if (ns->published_on > now + NETWORKSTATUS_ALLOW_SKEW) { - log_fn(LOG_WARN, "Network status was published in the future (%s GMT). Somebody is skewed here: check your clock. Not caching.", published); + log_fn(LOG_WARN, "Network status from %s was published in the future (%s GMT). Somebody is skewed here: check your clock. Not caching.", trusted_dir->description, published); skewed = 1; } @@ -1455,8 +1455,8 @@ router_set_networkstatus(const char *s, time_t arrived_at, /* Same one we had before. */ networkstatus_free(ns); log_fn(LOG_NOTICE, - "Dropping network-status from %s:%d (published %s); already have it.", - trusted_dir->address, trusted_dir->dir_port, published); + "Dropping network-status from %s (published %s); already have it.", + trusted_dir->description, published); if (old_ns->received_on < arrived_at) { if (source != NS_FROM_CACHE) { char *fn = networkstatus_get_cache_filename(old_ns); @@ -1471,9 +1471,9 @@ router_set_networkstatus(const char *s, time_t arrived_at, char old_published[ISO_TIME_LEN+1]; format_iso_time(old_published, old_ns->published_on); log_fn(LOG_NOTICE, - "Dropping network-status from %s:%d (published %s);" + "Dropping network-status from %s (published %s);" " we have a newer one (published %s) for this authority.", - trusted_dir->address, trusted_dir->dir_port, published, + trusted_dir->description, published, old_published); networkstatus_free(ns); return 0; @@ -1490,10 +1490,10 @@ router_set_networkstatus(const char *s, time_t arrived_at, smartlist_add(networkstatus_list, ns); /*XXXX011 downgrade to INFO NM */ - log_fn(LOG_NOTICE, "Setting networkstatus %s %s:%d (published %s)", + log_fn(LOG_NOTICE, "Setting networkstatus %s %s (published %s)", source == NS_FROM_CACHE?"cached from": (source==NS_FROM_DIR?"downloaded from":"generated for"), - trusted_dir->address, trusted_dir->dir_port, published); + trusted_dir->description, published); networkstatus_list_has_changed = 1; smartlist_sort(networkstatus_list, _compare_networkstatus_published_on); @@ -1699,11 +1699,10 @@ update_networkstatus_client_downloads(time_t now) /* Also, download at least 1 every NETWORKSTATUS_CLIENT_DL_INTERVAL. */ if (n_running_dirservers && most_recent_received < now-NETWORKSTATUS_CLIENT_DL_INTERVAL && needed < 1) { - const char *addr = most_recent?most_recent->address:"nobody"; - int port = most_recent?most_recent->dir_port:0; - log_fn(LOG_NOTICE, "Our most recent network-status document (from %s:%d) " + log_fn(LOG_NOTICE, "Our most recent network-status document (from %s) " "is %d seconds old; downloading another.", - addr, port, (int)(now-most_recent_received)); + most_recent?most_recent->description:"nobody", + (int)(now-most_recent_received)); needed = 1; } @@ -1932,12 +1931,13 @@ router_exit_policy_rejects_all(routerinfo_t *router) * <b>address</b>:<b>port</b>, with identity key <b>digest</b>. If * <b>address</b> is NULL, add ourself. */ void -add_trusted_dir_server(const char *address, uint16_t port, const char *digest, - int supports_v1) +add_trusted_dir_server(const char *nickname, const char *address, + uint16_t port, const char *digest, int supports_v1) { trusted_dir_server_t *ent; uint32_t a; char *hostname = NULL; + size_t dlen; if (!trusted_dir_servers) trusted_dir_servers = smartlist_create(); @@ -1957,12 +1957,23 @@ add_trusted_dir_server(const char *address, uint16_t port, const char *digest, } ent = tor_malloc_zero(sizeof(trusted_dir_server_t)); + ent->nickname = nickname ? tor_strdup(nickname) : NULL; ent->address = hostname; ent->addr = a; ent->dir_port = port; ent->is_running = 1; ent->supports_v1_protocol = supports_v1; memcpy(ent->digest, digest, DIGEST_LEN); + + dlen = 64 + strlen(hostname) + (nickname?strlen(nickname):0); + ent->description = tor_malloc(dlen); + if (nickname) + tor_snprintf(ent->description, dlen, "directory server \"%s\" at %s:%d", + nickname, hostname, (int)port); + else + tor_snprintf(ent->description, dlen, "directory server at %s:%d", + hostname, (int)port); + smartlist_add(trusted_dir_servers, ent); } @@ -1972,7 +1983,12 @@ clear_trusted_dir_servers(void) { if (trusted_dir_servers) { SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ent, - { tor_free(ent->address); tor_free(ent); }); + { + tor_free(ent->nickname); + tor_free(ent->description); + tor_free(ent->address); + tor_free(ent); + }); smartlist_clear(trusted_dir_servers); } else { trusted_dir_servers = smartlist_create(); @@ -2116,13 +2132,16 @@ networkstatus_list_update_recent(time_t now) changed = 0; for (i=n_statuses-1; i >= 0; --i) { networkstatus_t *ns = smartlist_get(networkstatus_list, i); + trusted_dir_server_t *ds = + router_get_trusteddirserver_by_digest(ns->identity_digest); + const char *src = ds?ds->description:ns->source_address; if (n_recent < MIN_TO_INFLUENCE_RUNNING || ns->published_on + DEFAULT_RUNNING_INTERVAL > now) { if (!ns->is_recent) { format_iso_time(published, ns->published_on); log_fn(LOG_NOTICE, - "Networkstatus from %s:%d (published %s) is now \"recent\"", - ns->source_address, ns->source_dirport, published); + "Networkstatus from %s (published %s) is now \"recent\"", + src, published); changed = 1; } ns->is_recent = 1; @@ -2131,8 +2150,8 @@ networkstatus_list_update_recent(time_t now) if (ns->is_recent) { format_iso_time(published, ns->published_on); log_fn(LOG_NOTICE, - "Networkstatus from %s:%d (published %s) is no longer \"recent\"", - ns->source_address, ns->source_dirport, published); + "Networkstatus from %s (published %s) is no longer \"recent\"", + src, published); changed = 1; ns->is_recent = 0; } @@ -2211,9 +2230,13 @@ routerstatus_list_update_from_networkstatus(time_t now) else if (memcmp(other_digest, rs->identity_digest, DIGEST_LEN) && other_digest != conflict) { /*XXXX011 rate-limit this?*/ + char fp1[HEX_DIGEST_LEN+1]; + char fp2[HEX_DIGEST_LEN+1]; + base16_encode(fp1, sizeof(fp1), other_digest, DIGEST_LEN); + base16_encode(fp2, sizeof(fp2), rs->identity_digest, DIGEST_LEN); log_fn(LOG_WARN, - "Naming authorities disagree about which key goes with %s.", - rs->nickname); + "Naming authorities disagree about which key goes with %s. ($%s vs $%s)", + rs->nickname, fp1, fp2); strmap_set_lc(name_map, rs->nickname, conflict); } }); @@ -2275,8 +2298,8 @@ routerstatus_list_update_from_networkstatus(time_t now) } else if (strcmp(the_name,"**mismatch**")) { char hd[HEX_DIGEST_LEN+1]; base16_encode(hd, HEX_DIGEST_LEN+1, rs->identity_digest, DIGEST_LEN); - log_fn(LOG_WARN, "Naming authorities disagree about nicknames for $%s", - hd); + log_fn(LOG_WARN, "Naming authorities disagree about nicknames for $%s (\"%s\" vs \"%s\")", + hd, the_name, rs->nickname); the_name = "**mismatch**"; } } |