summaryrefslogtreecommitdiff
path: root/src/or/dirserv.c
AgeCommit message (Collapse)Author
2017-03-09Remove fgets() compatbility function and related tests.Alexander Færøy
This patch removes the `tor_fgets()` wrapper around `fgets(3)` since it is no longer needed. The function was created due to inconsistency between the returned values of `fgets(3)` on different versions of Unix when using `fgets(3)` on non-blocking file descriptors, but with the recent changes in bug #21654 we switch from unbuffered to direct I/O on non-blocking file descriptors in our utility module. We continue to use `fgets(3)` directly in the geoip and dirserv module since this usage is considered safe. This patch also removes the test-case that was created to detect differences in the implementation of `fgets(3)` as well as the changes file since these changes was not included in any releases yet. See: https://bugs.torproject.org/21654
2017-03-01Use tor_fgets() instead of fgets().Alexander Færøy
This patch changes our use of fgets() to tor_fgets() for more consistent error handling across different versions of the C library.
2017-02-27Merge branch 'bug21369_check_029_squashed' into maint-0.3.0Nick Mathewson
2017-02-27Add one other BUG check to try to fix/solve 21369.Nick Mathewson
Teor thinks that this connection_dirserv_add_dir_bytes_to_outbuf() might be the problem, if the "remaining" calculation underflows. So I'm adding a couple of checks there, and improving the casts.
2017-02-15Merge branch 'maint-0.2.9'Nick Mathewson
2017-02-15When examining descriptors as a dirserver, reject ones with bad versionsNick Mathewson
This is an extra fix for bug 21278: it ensures that these descriptors and platforms will never be listed in a legit consensus.
2017-02-02dirauth: Fix for calling routers unreachable for wrong ed25519Nick Mathewson
Previously the dirserv_orconn_tls_done() function would skip routers when they advertised an ed25519 key but didn't present it during the link handshake. But that covers all versions between 0.2.7.2-alpha and 0.2.9.x inclusive! Fixes bug 21107; bugfix on 0.3.0.1-alpha.
2017-02-02In dirserv_single_reachability_test, node can be const.Nick Mathewson
2017-01-31Merge branch 'bug21108_029'Nick Mathewson
2017-01-31be explicit in clear_status_flags_on_sybil that we leave BadExit aloneRoger Dingledine
2017-01-31Do not clear is_bad_exit on sybil.Nick Mathewson
But do clear is_v2_dir. Fixes bug 21108 -- bugfix on d95e7c7d67134b9b964d49cf8c2bdbf805a in 0.2.0.13-alpha.
2016-12-18fix typos and trivial syntax problemsRoger Dingledine
2016-12-13Remove AuthDirMaxServersPerAuthAddrNick Mathewson
Back when Roger had do do most of our testing on the moria host, we needed a higher limit for the number of relays running on a single IP address when that limit was shared with an authority. Nowadays, the idea is pretty obsolete. Also remove the router_addr_is_trusted_dir() function, which served no other purpose. Closes ticket 20960.
2016-12-12Replace "people" with the appropriate network component in commentsJ. Ryan Stinnett
Fixes #18145.
2016-12-08Merge branch 'feature15056_v1_squashed'Nick Mathewson
2016-12-08Add an option to disable dirauth ed25519 link key checks.Nick Mathewson
If there is some horrible bug in our ed25519 link authentication code that causes us to label every single ed25519-having node as non-running, we'll be glad we had this. Otherwise we can remove it later.
2016-12-08Enforce Ed25519 identities (client-side)Nick Mathewson
This patch makes two absolutely critical changes: - If an ed25519 identity is not as expected when creating a channel, we call that channel unsuccessful and close it. - When a client creating a channel or an extend cell for a circuit, we only include the ed25519 identity if we believe that the node on the other side supports ed25519 link authentication (from #15055). Otherwise we will insist on nodes without the right link protocol authenticating themselves. - When deciding to extend to another relay, we only upgrade the extend to extend by ed25519 ID when we know the ed25519 ID _and_ we know that the other side can authenticate. This patch also tells directory servers, when probing nodes, to try to check their ed25519 identities too (if they can authenticate by ed25519 identity). Also, handle the case where we connect by RSA Id, and learn the ED25519 ID for the node in doing so.
2016-12-08Dirauth: Don't treat a router as reachable if the Ed25519 key didn't matchNick Mathewson
2016-12-08Propagate Ed25519 identities downwards into more functions.Nick Mathewson
Actually set ed25519 identities on channels when we set a channel's identity.
2016-11-30Fetch unknown certificates if FetchUselessDescriptors is trueteor
2016-11-30Stop discarding consensus flavors and descriptors we wanted to fetchteor
Instead, fetch and store consensus flavors and descriptors we wanted to fetch. And serve them if we are a directory cache (or authority).
2016-11-21Merge branch 'maint-0.2.9'Nick Mathewson
2016-11-16don't attempt a resolve when the cached answer will doRoger Dingledine
For relays that don't know their own address, avoid attempting a local hostname resolve for each descriptor we download. Also cut down on the number of "Success: chose address 'x.x.x.x'" log lines. Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
2016-11-16refactor router_pick_published_address to have another argRoger Dingledine
no change in behavior except fewer log entries in the case where we use a cached result.
2016-11-03Merge branch 'feature_15055_v2'Nick Mathewson
2016-11-03Add "Ed ID" arguments to a bunch of connection-ID-related fns.Nick Mathewson
In particular, these functions are the ones that set the identity of a given connection or channel, and/or confirm that we have learned said IDs. There's a lot of stub code here: we don't actually need to use the new keys till we start looking up connections/channels by Ed25519 IDs. Still, we want to start passing the Ed25519 IDs in now, so it makes sense to add these stubs as part of 15055.
2016-10-27Automated change to use smartlist_add_strdupovercaffeinated
Use the following coccinelle script to change uses of smartlist_add(sl, tor_strdup(str)) to smartlist_add_strdup(sl, string) (coccinelle script from nickm via bug 20048): @@ expression a; expression b; @@ - smartlist_add + smartlist_add_strdup (a, - tor_strdup( b - ) )
2016-10-17Write a bunch of module documentation.Nick Mathewson
This commit adds or improves the module-level documenation for: buffers.c circuitstats.c command.c connection_edge.c control.c cpuworker.c crypto_curve25519.c crypto_curve25519.h crypto_ed25519.c crypto_format.c dircollate.c dirserv.c dns.c dns_structs.h fp_pair.c geoip.c hibernate.c keypin.c ntmain.c onion.c onion_fast.c onion_ntor.c onion_tap.c periodic.c protover.c protover.h reasons.c rephist.c replaycache.c routerlist.c routerparse.c routerset.c statefile.c status.c tor_main.c workqueue.c In particular, I've tried to explain (for each documented module) what each module does, what's in it, what the big idea is, why it belongs in Tor, and who calls it. In a few cases, I've added TODO notes about refactoring opportunities. I've also renamed an argument, and fixed a few DOCDOC comments.
2016-09-26protovers: during voting, assert that we are not voting to shut down.Nick Mathewson
As a failsafe, we should make sure that no authority ever votes for a set of protocol versions that it does not itself support.
2016-09-26Rename "proto " to "pr " in consensusesNick Mathewson
2016-09-26Update prop264 implementation to split HSMid->HS{Intro,Rend}Nick Mathewson
2016-09-26Update authority votes to match updated proposal.Nick Mathewson
2016-09-26Include protocol versions in votes.Nick Mathewson
2016-09-26Include protocol version lines in votes.Nick Mathewson
2016-07-15Clients avoid choosing nodes that can't do ntorteor (Tim Wilson-Brown)
If we know a node's version, and it can't do ntor, consider it not running. If we have a node's descriptor, and it doesn't have a valid ntor key, consider it not running. Refactor these checks so they're consistent between authorities and clients.
2016-07-15Authorities reject descriptors without ntor keysteor (Tim Wilson-Brown)
Before, they checked for version 0.2.4.18-rc or later, but this would not catch relays without version lines, or buggy or malicious relays missing an ntor key.
2016-06-30fix naked memcmpsNick Mathewson
2016-06-20Make base16_decodes return number of decoded bytesnikkolasg
base16_decodes() now returns the number of decoded bytes. It's interface changes from returning a "int" to a "ssize_t". Every callsite now checks the returned value. Fixes #14013 Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-06-11Merge branch 'bug19180_easy_squashed'Nick Mathewson
2016-06-11Add -Wmissing-variable-declarations, with attendant fixesNick Mathewson
This is a big-ish patch, but it's very straightforward. Under this clang warning, we're not actually allowed to have a global variable without a previous extern declaration for it. The cases where we violated this rule fall into three roughly equal groups: * Stuff that should have been static. * Stuff that was global but where the extern was local to some other C file. * Stuff that was only global when built for the unit tests, that needed a conditional extern in the headers. The first two were IMO genuine problems; the last is a wart of how we build tests.
2016-05-30Replace nearly all XXX0vv comments with smarter onesNick Mathewson
So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we had better revisit this comment and fix it!" But we have a huge pile of such comments accumulated for a large number of released versions! Not cool. So, here's what I tried to do: * 0.2.9 and 0.2.8 are retained, since those are not yet released. * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks quite important!" * The others, after one-by-one examination, are downgraded to plain old XXX. Which doesn't mean they aren't a problem -- just that they cannot possibly be a release-blocking problem.
2016-05-30We no longer generate v0 directories. Remove the code to do soNick Mathewson
2016-05-19Merge branch 'maint-0.2.8'Nick Mathewson
2016-05-17whitespace fixesNick Mathewson
2016-05-17Remove duplicate siging_key_cert fields.Nick Mathewson
With the fix for #17150, I added a duplicate certificate here. Here I remove the original location in 0.2.8. (I wouldn't want to do that in 027, due to the amount of authority-voting-related code drift.) Closes 19073.
2016-05-17Merge branch 'maint-0.2.8'Nick Mathewson
2016-05-17Merge branch 'bug17150_027_extra' into maint-0.2.8Nick Mathewson
2016-05-17Improve API of routerinfo_incompatible_with_extrainfo()Nick Mathewson
This API change makes it so that routerinfo_incompatible...() no longer takes a routerinfo_t, so that it's obvious that it should only look at fields from the signed_descriptor_t. This change should prevent a recurrence of #17150.
2016-05-17Merge branch 'maint-0.2.8'Nick Mathewson
2016-05-17Merge remote-tracking branch 'arma/bug18616-v4' into maint-0.2.8Nick Mathewson