Commit 0d5a847f authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Remove need for dirservers file: now, we note trusted dirservers in...

Remove need for dirservers file: now, we note trusted dirservers in configuration options, and only need to remember addr:port and key digest for each one.


svn:r2479
parent 55634e4e
...@@ -13,8 +13,8 @@ ARMA - arma claims ...@@ -13,8 +13,8 @@ ARMA - arma claims
0.0.9pre2: 0.0.9pre2:
R . bandwidth buckets for write as well as read. R . bandwidth buckets for write as well as read.
N - switch dirservers entries to config lines. o switch dirservers entries to config lines.
N - add three default dirplaces if we parse the whole torrc and o add three default dirplaces if we parse the whole torrc and
no dirplaces are specified. no dirplaces are specified.
N - Handle rendezvousing with unverified nodes. N - Handle rendezvousing with unverified nodes.
- Specify: Stick rendezvous point's key in INTRODUCE cell. - Specify: Stick rendezvous point's key in INTRODUCE cell.
......
confdir = $(sysconfdir)/tor confdir = $(sysconfdir)/tor
EXTRA_DIST = dirservers EXTRA_DIST =
conf_DATA = dirservers torrc.sample conf_DATA = torrc.sample
# Configuration file for a typical tor user # Configuration file for a typical tor user
# List of routers. Tor nodes start out knowing about the directory
# servers, and from them they get a list of currently up nodes.
RouterFile @CONFDIR@/dirservers
# Replace this with "SocksPort 0" if you don't want clients to connect. # Replace this with "SocksPort 0" if you don't want clients to connect.
SocksPort 9050 SocksPort 9050
SocksBindAddress 127.0.0.1 # accept connections only from localhost SocksBindAddress 127.0.0.1 # accept connections only from localhost
...@@ -37,6 +33,14 @@ AllowUnverifiedNodes middle,rendezvous ...@@ -37,6 +33,14 @@ AllowUnverifiedNodes middle,rendezvous
# Uncomment this to start the process in the background # Uncomment this to start the process in the background
#RunAsDaemon 1 #RunAsDaemon 1
# The three trusted directory servers on the current Tor network. The entries
# below are for moria1, moria2, and tor26 respectively. Tor only trusts
# directories signed with one of these three keys, and uses the given addresses
# to conntect to the trusted directory servers.
DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
DirServer 18.244.0.188:9032 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
##################### Below is just for servers ##################### ##################### Below is just for servers #####################
## NOTE: If you enable these, you should consider mailing your ## NOTE: If you enable these, you should consider mailing your
......
...@@ -282,124 +282,6 @@ static int config_assign(or_options_t *options, struct config_line_t *list) { ...@@ -282,124 +282,6 @@ static int config_assign(or_options_t *options, struct config_line_t *list) {
return 0; return 0;
} }
const char default_dirservers_string[] =
"router moria1 18.244.0.188 9001 9021 9031\n"
"platform Tor 0.0.6rc1 on Linux moria.mit.edu i686\n"
"published 2004-04-25 21:54:28\n"
"bandwidth 800000 10000000\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBANoIvHieyHUTzIacbnWOnyTyzGrLOdXqbcjz2GGMxyHEd5K1bO1ZBNHP\n"
"9i5qLQpN5viFk2K2rEGuG8tFgDEzSWZEtBqv3NVfUdiumdERWMBwlaQ0MVK4C+jf\n"
"y5gZ8KI3o9ZictgPS1AQF+Kk932/vIHTuRIUKb4ILTnQilNvID0NAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMHa0ZC/jo2Q2DrwKYF/6ZbmZ27PFYG91u4gUzzmZ/VXLpZ8wNzEV3oW\n"
"nt+I61048fBiC1frT1/DZ351n2bLSk9zJbB6jyGZJn0380FPRX3+cXyXS0Gq8Ril\n"
"xkhMQf5XuNFUb8UmYPSOH4WErjvYjKvU+gfjbK/82Jo9SuHpYz+BAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"reject 0.0.0.0/255.0.0.0:*\n"
"reject 169.254.0.0/255.255.0.0:*\n"
"reject 127.0.0.0/255.0.0.0:*\n"
"reject 192.168.0.0/255.255.0.0:*\n"
"reject 10.0.0.0/255.0.0.0:*\n"
"reject 172.16.0.0/255.240.0.0:*\n"
"accept *:20-22\n"
"accept *:53\n"
"accept *:79-80\n"
"accept *:110\n"
"accept *:143\n"
"accept *:443\n"
"accept *:873\n"
"accept *:993\n"
"accept *:995\n"
"accept *:1024-65535\n"
"reject *:*\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"o1eAoRHDAEAXsnh5wN++vIwrupd+DbAJ2p3wxHDrmqxTpygzxxCnyQyhMfX03ua2\n"
"4iplyNlwyFwzWcw0sk31otlO2HBYXT1V9G0YxGtKMOeOBMHjfGbUjGvEALHzWi4z\n"
"8DXGJp13zgnUyP4ZA6xaGROwcT6oB5e7UlztvvpGxTg=\n"
"-----END SIGNATURE-----\n"
"\n"
"router moria2 18.244.0.188 9002 9022 9032\n"
"platform Tor 0.0.6rc1 on Linux moria.mit.edu i686\n"
"published 2004-04-25 21:54:30\n"
"bandwidth 800000 10000000\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAM4Cc/npgYC54XrYLC+grVxJp7PDmNO2DRRJOxKttBBtvLpnR1UaueTi\n"
"kyknT5kmlx+ihgZF/jmye//2dDUp2+kK/kSkpRV4xnDLXZmed+sNSQxqmm9TtZQ9\n"
"/hjpxhp5J9HmUTYhntBs+4E4CUKokmrI6oRLoln4SA39AX9QLPcnAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAOcrht/y5rkaahfX7sMe2qnpqoPibsjTSJaDvsUtaNP/Bq0MgNDGOR48\n"
"rtwfqTRff275Edkp/UYw3G3vSgKCJr76/bqOHCmkiZrnPV1zxNfrK18gNw2Cxre0\n"
"nTA+fD8JQqpPtb8b0SnG9kwy75eS//sRu7TErie2PzGMxrf9LH0LAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"reject 0.0.0.0/255.0.0.0:*\n"
"reject 169.254.0.0/255.255.0.0:*\n"
"reject 127.0.0.0/255.0.0.0:*\n"
"reject 192.168.0.0/255.255.0.0:*\n"
"reject 10.0.0.0/255.0.0.0:*\n"
"reject 172.16.0.0/255.240.0.0:*\n"
"accept *:20-22\n"
"accept *:53\n"
"accept *:79-80\n"
"accept *:110\n"
"accept *:143\n"
"accept *:443\n"
"accept *:873\n"
"accept *:993\n"
"accept *:995\n"
"accept *:1024-65535\n"
"reject *:*\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"RKROLwP1ExjTZeg6wuN0pzYqed9IJUd5lAe9hp4ritbnmJAgS6qfww6jgx61CfUR\n"
"6SElhOLE7Q77jAdoL45Ji5pn/Y+Q+E+5lJm1E/ed9ha+YsOPaOc7z6GQ7E4mihCL\n"
"gI1vsw92+P1Ty4RHj6fyD9DhbV19nh2Qs+pvGJOS2FY=\n"
"-----END SIGNATURE-----\n"
"\n"
"router tor26 62.116.124.106 9001 9050 9030\n"
"platform Tor 0.0.6 on Linux seppia i686\n"
"published 2004-05-06 21:33:23\n"
"bandwidth 500000 10000000\n"
"onion-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMEHdDnpj3ik1AF1xe/VqjoguH2DbANifYqXXfempu0fS+tU9FGo6dU/\n"
"fnVHAZwL9Ek9k2rMzumShi1RduK9p035R/Gk+PBBcLfvwYJ/Nat+ZO/L8jn/3bZe\n"
"ieQd9CKj2LjNGKpRNry37vkwMGIOIlegwK+2us8aXJ7sIvlNts0TAgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"signing-key\n"
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIGJAoGBAMQgV2gXLbXgesWgeAsj8P1Uvm/zibrFXqwDq27lLKNgWGYGX2ax3LyT\n"
"3nzI1Y5oLs4kPKTsMM5ft9aokwf417lKoCRlZc9ptfRbgxDx90c9GtWVmkrmDvCK\n"
"ae59TMoXIiGfZiwWT6KKq5Zm9/Fu2Il3B2vHGkKJYKixmiBJRKp/AgMBAAE=\n"
"-----END RSA PUBLIC KEY-----\n"
"accept 62.245.184.24:25\n"
"accept 62.116.124.106:6666-6670\n"
"accept *:48099\n"
"reject *:*\n"
"router-signature\n"
"-----BEGIN SIGNATURE-----\n"
"qh/xRoqfLNFzPaB8VdpbdMAwRyuk5qjx4LeLVQ2pDwTZ55PqmG99+VKUNte2WTTD\n"
"7dZEA7um2rueohGe4nYmvbhJWr20/I0ZxmWDRDvFy0b5nwzDMGvLvDw95Zu/XJQ2\n"
"md32NE3y9VZCfbCN+GlvETX3fdR3Svzcm8Kzesg2/s4=\n"
"-----END SIGNATURE-----\n"
;
int config_assign_default_dirservers(void) {
if(router_load_routerlist_from_string(default_dirservers_string, 1) < 0) {
log_fn(LOG_WARN,"Bug: the default dirservers internal string is corrupt.");
return -1;
}
return 0;
}
static void add_default_trusted_dirservers(void) { static void add_default_trusted_dirservers(void) {
/* moria1 */ /* moria1 */
parse_dir_server_line("18.244.0.188:9031 " parse_dir_server_line("18.244.0.188:9031 "
...@@ -894,7 +776,6 @@ int getconfig(int argc, char **argv, or_options_t *options) { ...@@ -894,7 +776,6 @@ int getconfig(int argc, char **argv, or_options_t *options) {
} }
} }
clear_trusted_dir_servers(); clear_trusted_dir_servers();
if (!options->DirServers) { if (!options->DirServers) {
add_default_trusted_dirservers(); add_default_trusted_dirservers();
......
...@@ -738,7 +738,8 @@ int connection_handle_read(connection_t *conn) { ...@@ -738,7 +738,8 @@ int connection_handle_read(connection_t *conn) {
/* it's a directory server and connecting failed: forget about this router */ /* it's a directory server and connecting failed: forget about this router */
/* XXX I suspect pollerr may make Windows not get to this point. :( */ /* XXX I suspect pollerr may make Windows not get to this point. :( */
router_mark_as_down(conn->identity_digest); router_mark_as_down(conn->identity_digest);
if(conn->purpose == DIR_PURPOSE_FETCH_DIR && !all_directory_servers_down()) { if(conn->purpose == DIR_PURPOSE_FETCH_DIR &&
!all_trusted_directory_servers_down()) {
log_fn(LOG_INFO,"Giving up on dirserver %s; trying another.", conn->address); log_fn(LOG_INFO,"Giving up on dirserver %s; trying another.", conn->address);
directory_get_from_dirserver(DIR_PURPOSE_FETCH_DIR, NULL, 0); directory_get_from_dirserver(DIR_PURPOSE_FETCH_DIR, NULL, 0);
} }
......
...@@ -105,20 +105,18 @@ directory_get_from_dirserver(uint8_t purpose, const char *payload, ...@@ -105,20 +105,18 @@ directory_get_from_dirserver(uint8_t purpose, const char *payload,
if (purpose == DIR_PURPOSE_FETCH_DIR) { if (purpose == DIR_PURPOSE_FETCH_DIR) {
if (advertised_server_mode()) { if (advertised_server_mode()) {
/* only ask authdirservers, and don't ask myself */ /* only ask authdirservers, and don't ask myself */
r = router_pick_directory_server(1, 1); ds = router_pick_trusteddirserver(1);
/* XXXX NM Enable this once we actually set keys for dirservers.
* ds = router_pick_trusteddirserver(1);
*/
} else { } else {
/* anybody with a non-zero dirport will do */ /* anybody with a non-zero dirport will do */
r = router_pick_directory_server(0, 1); r = router_pick_directory_server(1);
if (!r) {
log_fn(LOG_INFO, "No router found for directory; falling back to dirserver list");
ds = router_pick_trusteddirserver(1);
}
} }
} else { // (purpose == DIR_PURPOSE_FETCH_RENDDESC) } else { // (purpose == DIR_PURPOSE_FETCH_RENDDESC)
/* only ask authdirservers, any of them will do */ /* only ask authdirservers, any of them will do */
r = router_pick_directory_server(1, 0); ds = router_pick_trusteddirserver(0);
/* XXXX NM Enable this once we actually set keys for dirservers.
* ds = router_pick_trusteddirserver(0);
*/
} }
if (r) if (r)
...@@ -152,7 +150,7 @@ static void ...@@ -152,7 +150,7 @@ static void
directory_initiate_command_trusted_dir(trusted_dir_server_t *dirserv, directory_initiate_command_trusted_dir(trusted_dir_server_t *dirserv,
uint8_t purpose, const char *payload, int payload_len) uint8_t purpose, const char *payload, int payload_len)
{ {
directory_initiate_command(dirserv->address, dirserv->addr, dirserv->dir_port, directory_initiate_command(dirserv->address, dirserv->addr,dirserv->dir_port,
NULL, dirserv->digest, purpose, payload, payload_len); NULL, dirserv->digest, purpose, payload, payload_len);
} }
...@@ -212,7 +210,8 @@ directory_initiate_command(const char *address, uint32_t addr, ...@@ -212,7 +210,8 @@ directory_initiate_command(const char *address, uint32_t addr,
switch(connection_connect(conn, conn->address, conn->addr, conn->port)) { switch(connection_connect(conn, conn->address, conn->addr, conn->port)) {
case -1: case -1:
router_mark_as_down(conn->identity_digest); /* don't try him again */ router_mark_as_down(conn->identity_digest); /* don't try him again */
if(purpose == DIR_PURPOSE_FETCH_DIR && !all_directory_servers_down()) { if(purpose == DIR_PURPOSE_FETCH_DIR &&
!all_trusted_directory_servers_down()) {
log_fn(LOG_INFO,"Giving up on dirserver %s; trying another.", conn->nickname); log_fn(LOG_INFO,"Giving up on dirserver %s; trying another.", conn->nickname);
directory_get_from_dirserver(purpose, payload, payload_len); directory_get_from_dirserver(purpose, payload, payload_len);
} }
......
...@@ -1411,9 +1411,9 @@ typedef struct trusted_dir_server_t { ...@@ -1411,9 +1411,9 @@ typedef struct trusted_dir_server_t {
} trusted_dir_server_t; } trusted_dir_server_t;
int router_reload_router_list(void); int router_reload_router_list(void);
routerinfo_t *router_pick_directory_server(int requireauth, int requireothers); routerinfo_t *router_pick_directory_server(int requireothers);
trusted_dir_server_t *router_pick_trusteddirserver(int requireothers); trusted_dir_server_t *router_pick_trusteddirserver(int requireothers);
int all_directory_servers_down(void); int all_trusted_directory_servers_down(void);
struct smartlist_t; struct smartlist_t;
void routerlist_add_friends(struct smartlist_t *sl, routerinfo_t *router); void routerlist_add_friends(struct smartlist_t *sl, routerinfo_t *router);
void add_nickname_list_to_smartlist(struct smartlist_t *sl, const char *list, int warn_if_down); void add_nickname_list_to_smartlist(struct smartlist_t *sl, const char *list, int warn_if_down);
......
...@@ -228,6 +228,7 @@ int init_keys(void) { ...@@ -228,6 +228,7 @@ int init_keys(void) {
char *cp; char *cp;
const char *tmp, *mydesc, *datadir; const char *tmp, *mydesc, *datadir;
crypto_pk_env_t *prkey; crypto_pk_env_t *prkey;
char digest[20];
if (!key_lock) if (!key_lock)
key_lock = tor_mutex_new(); key_lock = tor_mutex_new();
...@@ -345,6 +346,16 @@ int init_keys(void) { ...@@ -345,6 +346,16 @@ int init_keys(void) {
log_fn(LOG_ERR, "Error loading fingerprints"); log_fn(LOG_ERR, "Error loading fingerprints");
return -1; return -1;
} }
/* 6b. [authdirserver only] add own key to approved directories. */
crypto_pk_get_digest(get_identity_key(), digest);
if (!router_digest_is_trusted_dir(digest)) {
uint32_t addr;
if(resolve_my_address(options.Address, &addr) < 0) {
log_fn(LOG_WARN,"options.Address didn't resolve into an IP.");
return -1;
}
add_trusted_dir_server(addr, options.DirPort, digest);
}
/* 7. [authdirserver only] load old directory, if it's there */ /* 7. [authdirserver only] load old directory, if it's there */
sprintf(keydir,"%s/cached-directory", datadir); sprintf(keydir,"%s/cached-directory", datadir);
log_fn(LOG_INFO,"Loading cached directory from %s...",keydir); log_fn(LOG_INFO,"Loading cached directory from %s...",keydir);
......
...@@ -22,7 +22,7 @@ static smartlist_t *trusted_dir_servers = NULL; ...@@ -22,7 +22,7 @@ static smartlist_t *trusted_dir_servers = NULL;
/* static function prototypes */ /* static function prototypes */
static routerinfo_t * static routerinfo_t *
router_pick_directory_server_impl(int requireauth, int requireothers, int fascistfirewall); router_pick_directory_server_impl(int requireothers, int fascistfirewall);
static trusted_dir_server_t * static trusted_dir_server_t *
router_pick_trusteddirserver_impl(int requireother, int fascistfirewall); router_pick_trusteddirserver_impl(int requireother, int fascistfirewall);
static void mark_all_trusteddirservers_up(void); static void mark_all_trusteddirservers_up(void);
...@@ -49,17 +49,6 @@ int router_reload_router_list(void) ...@@ -49,17 +49,6 @@ int router_reload_router_list(void)
{ {
char filename[512]; char filename[512];
routerlist_clear_trusted_directories(); routerlist_clear_trusted_directories();
if (options.RouterFile) {
log_fn(LOG_INFO, "Loading router list from %s", options.RouterFile);
if (router_load_routerlist_from_file(options.RouterFile, 1) < 0) {
log_fn(LOG_ERR,"Error loading router list '%s'.", options.RouterFile);
return -1;
}
} else {
log_fn(LOG_INFO, "Loading internal default router list.");
if (config_assign_default_dirservers() < 0)
return -1;
}
if (get_data_directory(&options)) { if (get_data_directory(&options)) {
char *s; char *s;
snprintf(filename,sizeof(filename),"%s/cached-directory", get_data_directory(&options)); snprintf(filename,sizeof(filename),"%s/cached-directory", get_data_directory(&options));
...@@ -70,7 +59,7 @@ int router_reload_router_list(void) ...@@ -70,7 +59,7 @@ int router_reload_router_list(void)
if (router_load_routerlist_from_directory(s, NULL, 0) < 0) { if (router_load_routerlist_from_directory(s, NULL, 0) < 0) {
log_fn(LOG_WARN, "Cached directory '%s' was unparseable; ignoring.", filename); log_fn(LOG_WARN, "Cached directory '%s' was unparseable; ignoring.", filename);
} }
if(routerlist->published_on > time(NULL) - OLD_MIN_ONION_KEY_LIFETIME/2) { if( routerlist && routerlist->published_on > time(NULL) - OLD_MIN_ONION_KEY_LIFETIME/2) {
/* XXX use new onion key lifetime when 0.0.8 servers are obsolete */ /* XXX use new onion key lifetime when 0.0.8 servers are obsolete */
directory_has_arrived(); /* do things we've been waiting to do */ directory_has_arrived(); /* do things we've been waiting to do */
} }
...@@ -84,22 +73,25 @@ int router_reload_router_list(void) ...@@ -84,22 +73,25 @@ int router_reload_router_list(void)
* in our routerlist, set all the authoritative ones as running again, * in our routerlist, set all the authoritative ones as running again,
* and pick one. If there are no dirservers at all in our routerlist, * and pick one. If there are no dirservers at all in our routerlist,
* reload the routerlist and try one last time. */ * reload the routerlist and try one last time. */
routerinfo_t *router_pick_directory_server(int requireauth, int requireothers) { routerinfo_t *router_pick_directory_server(int requireothers) {
routerinfo_t *choice; routerinfo_t *choice;
choice = router_pick_directory_server_impl(requireauth, requireothers, options.FascistFirewall); if (!routerlist)
choice = router_pick_directory_server_impl(requireothers, options.FascistFirewall);
if(choice) if(choice)
return choice; return choice;
log_fn(LOG_INFO,"No dirservers are reachable. Trying them all again."); log_fn(LOG_INFO,"No reachable router entries for dirservers. Trying them all again.");
/* mark all authdirservers as up again */ /* mark all authdirservers as up again */
mark_all_trusteddirservers_up(); mark_all_trusteddirservers_up();
/* try again */ /* try again */
choice = router_pick_directory_server_impl(requireauth, requireothers, 0); choice = router_pick_directory_server_impl(requireothers, options.FascistFirewall);
if(choice) if(choice)
return choice; return choice;
log_fn(LOG_WARN,"Still no dirservers %s. Reloading and trying again.", log_fn(LOG_INFO,"Still no %s router entries. Reloading and trying again.",
options.FascistFirewall ? "reachable" : "known"); options.FascistFirewall ? "reachable" : "known");
has_fetched_directory=0; /* reset it */ has_fetched_directory=0; /* reset it */
routerlist_clear_trusted_directories(); routerlist_clear_trusted_directories();
...@@ -107,7 +99,7 @@ routerinfo_t *router_pick_directory_server(int requireauth, int requireothers) { ...@@ -107,7 +99,7 @@ routerinfo_t *router_pick_directory_server(int requireauth, int requireothers) {
return NULL; return NULL;
} }
/* give it one last try */ /* give it one last try */
choice = router_pick_directory_server_impl(requireauth, requireothers, 0); choice = router_pick_directory_server_impl(requireothers, 0);
return choice; return choice;
} }
...@@ -143,7 +135,7 @@ trusted_dir_server_t *router_pick_trusteddirserver(int requireothers) { ...@@ -143,7 +135,7 @@ trusted_dir_server_t *router_pick_trusteddirserver(int requireothers) {
* it has to be a trusted server. If requireothers, it cannot be us. * it has to be a trusted server. If requireothers, it cannot be us.
*/ */
static routerinfo_t * static routerinfo_t *
router_pick_directory_server_impl(int requireauth, int requireothers, int fascistfirewall) router_pick_directory_server_impl(int requireothers, int fascistfirewall)
{ {
int i; int i;
routerinfo_t *router; routerinfo_t *router;
...@@ -159,8 +151,6 @@ router_pick_directory_server_impl(int requireauth, int requireothers, int fascis ...@@ -159,8 +151,6 @@ router_pick_directory_server_impl(int requireauth, int requireothers, int fascis
router = smartlist_get(routerlist->routers, i); router = smartlist_get(routerlist->routers, i);
if(!router->is_running || !router->dir_port) if(!router->is_running || !router->dir_port)
continue; continue;
if(requireauth && !router->is_trusted_dir)
continue;
if(requireothers && router_is_me(router)) if(requireothers && router_is_me(router))
continue; continue;
if(fascistfirewall) { if(fascistfirewall) {
...@@ -224,24 +214,11 @@ static void mark_all_trusteddirservers_up(void) { ...@@ -224,24 +214,11 @@ static void mark_all_trusteddirservers_up(void) {
/** Return 0 if \exists an authoritative dirserver that's currently /** Return 0 if \exists an authoritative dirserver that's currently
* thought to be running, else return 1. * thought to be running, else return 1.
*/ */
int all_directory_servers_down(void) { int all_trusted_directory_servers_down(void) {
int i;
routerinfo_t *router;
if(!routerlist)
return 1; /* if no dirservers, I guess they're all down */
for(i=0;i< smartlist_len(routerlist->routers); i++) {
router = smartlist_get(routerlist->routers, i);
if(router->is_running && router->is_trusted_dir) {
tor_assert(router->dir_port > 0);
return 0;
}
}
/* XXXX NM look at trusted_dir_servers instead.
if (!trusted_dir_servers) if (!trusted_dir_servers)
return 1; return 1;
SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, dir, SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, dir,
if (dir->is_running) return 0); if (dir->is_running) return 0);
*/
return 1; return 1;
} }
...@@ -680,15 +657,14 @@ int router_add_to_routerlist(routerinfo_t *router) { ...@@ -680,15 +657,14 @@ int router_add_to_routerlist(routerinfo_t *router) {
*/ */
for (i = 0; i < smartlist_len(routerlist->routers); ++i) { for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
r = smartlist_get(routerlist->routers, i); r = smartlist_get(routerlist->routers, i);
r->is_trusted_dir = router_digest_is_trusted_dir(r->identity_digest);
if (!crypto_pk_cmp_keys(router->identity_pkey, r->identity_pkey)) { if (!crypto_pk_cmp_keys(router->identity_pkey, r->identity_pkey)) {
if (router->published_on > r->published_on) { if (router->published_on > r->published_on) {
log_fn(LOG_DEBUG, "Replacing entry for router '%s/%s' [%s]", log_fn(LOG_DEBUG, "Replacing entry for router '%s/%s' [%s]",
router->nickname, r->nickname, hex_str(id_digest,DIGEST_LEN)); router->nickname, r->nickname, hex_str(id_digest,DIGEST_LEN));
/* Remember whether we trust this router as a dirserver. */ /* Remember whether we trust this router as a dirserver. */
/*XXXXNM first test is redundant; second should move elsewhere */
if (r->is_trusted_dir ||
router_digest_is_trusted_dir(router->identity_digest))
router->is_trusted_dir = 1;
/* If the address hasn't changed; no need to re-resolve. */ /* If the address hasn't changed; no need to re-resolve. */
if (!strcasecmp(r->address, router->address)) if (!strcasecmp(r->address, router->address))
router->addr = r->addr; router->addr = r->addr;
...@@ -698,10 +674,6 @@ int router_add_to_routerlist(routerinfo_t *router) { ...@@ -698,10 +674,6 @@ int router_add_to_routerlist(routerinfo_t *router) {
} else { } else {
log_fn(LOG_DEBUG, "Skipping old entry for router '%s'", log_fn(LOG_DEBUG, "Skipping old entry for router '%s'",
router->nickname); router->nickname);
/* If we now trust 'router', then we trust the one in the routerlist
* too. */
if (router->is_trusted_dir)
r->is_trusted_dir = 1;
/* Update the is_running status to whatever we were told. */ /* Update the is_running status to whatever we were told. */
r->is_running = router->is_running; r->is_running = router->is_running;
routerinfo_free(router); routerinfo_free(router);
...@@ -803,7 +775,6 @@ void routerlist_clear_trusted_directories(void) ...@@ -803,7 +775,6 @@ void routerlist_clear_trusted_directories(void)
SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, r, SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, r,
r->is_trusted_dir = 0); r->is_trusted_dir = 0);
} }
clear_trusted_dir_servers();
} }
/** Helper function: read routerinfo elements from s, and throw out the /** Helper function: read routerinfo elements from s, and throw out the
...@@ -1154,7 +1125,7 @@ void add_trusted_dir_server(const char *addr, uint16_t port, const char *digest) ...@@ -1154,7 +1125,7 @@ void add_trusted_dir_server(const char *addr, uint16_t port, const char *digest)
ent = tor_malloc(sizeof(trusted_dir_server_t)); ent = tor_malloc(sizeof(trusted_dir_server_t));
ent->address = tor_strdup(addr); ent->address = tor_strdup(addr);
ent->addr = a; ent->addr = ntohl(a);
ent->dir_port = port; ent->dir_port = port;
ent->is_running = 1; ent->is_running = 1;
memcpy(ent->digest, digest, DIGEST_LEN); memcpy(ent->digest, digest, DIGEST_LEN);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment