cleanup

prkey is only fetched when it's needed tor nodes who aren't dirservers now fetch directories and autoconnect to new nodes listed in the directory default role is a non-dirserver node svn:r120

cleanup
prkey is only fetched when it's needed tor nodes who aren't dirservers now fetch directories and autoconnect to new nodes listed in the directory default role is a non-dirserver node svn:r120
22285e6f · Roger Dingledine · 6934eb9f · 22285e6f · 22285e6f · 22285e6f
Commit 22285e6f authored Sep 28, 2002 by Roger Dingledine
--- a/src/config/moria1-orrc
+++ b/src/config/moria1-orrc
@@ -3,6 +3,8 @@
 # List of routers
 RouterFile ../config/routers.or

+Role 63
+
 # Private key
 PrivateKeyFile moria1-private


--- a/src/config/moria2-orrc
+++ b/src/config/moria2-orrc
@@ -3,6 +3,8 @@
 # List of routers
 RouterFile ../config/routers.or

+Role 63
+
 # Private key
 PrivateKeyFile moria2-private


--- a/src/config/moria3-orrc
+++ b/src/config/moria3-orrc
@@ -3,6 +3,8 @@
 # List of routers
 RouterFile ../config/routers.or

+Role 63
+
 # Private key
 PrivateKeyFile moria3-private


--- a/src/or/config.c
+++ b/src/or/config.c
@@ -123,8 +123,7 @@ RETURN VALUE: 0 on success, non-zero on error
   options->DirRebuildPeriod = 600;
   options->DirFetchPeriod = 6000;
 //   options->ReconnectPeriod = 6001;
-   options->Role = ROLE_OR_LISTEN | ROLE_OR_CONNECT_ALL | ROLE_OP_LISTEN | ROLE_AP_LISTEN |
-                   ROLE_DIR_LISTEN | ROLE_DIR_SERVER;
+   options->Role = ROLE_OR_LISTEN | ROLE_OR_CONNECT_ALL | ROLE_OP_LISTEN | ROLE_AP_LISTEN;

   code = poptGetNextOpt(optCon);         /* first we handle command-line args */
   if ( code == -1 )

--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -135,8 +135,6 @@ void connection_free(connection_t *conn) {

  if (conn->pkey)
    crypto_free_pk_env(conn->pkey);
-  if (conn->prkey)
-    crypto_free_pk_env(conn->prkey);

  if(conn->s > 0) {
    log(LOG_INFO,"connection_free(): closing fd %d.",conn->s);
@@ -145,7 +143,7 @@ void connection_free(connection_t *conn) {
  free(conn);
 }

-int connection_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local, int type) {
+int connection_create_listener(struct sockaddr_in *local, int type) {
  connection_t *conn;
  int s;
  int one=1;
@@ -188,8 +186,6 @@ int connection_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local

  /* remember things so you can tell the baby sockets */
  memcpy(&conn->local,local,sizeof(struct sockaddr_in));
-  if(prkey)
-    conn->prkey = crypto_pk_dup_key(prkey);

  log(LOG_DEBUG,"connection_create_listener(): Listening on local port %u.",ntohs(local->sin_port));

@@ -228,8 +224,6 @@ int connection_handle_listener_read(connection_t *conn, int new_type, int new_st

  /* learn things from parent, so we can perform auth */
  memcpy(&newconn->local,&conn->local,sizeof(struct sockaddr_in));
-  if(conn->prkey)
-    newconn->prkey = crypto_pk_dup_key(conn->prkey);
  newconn->address = strdup(inet_ntoa(remote.sin_addr)); /* remember the remote address */

  if(connection_add(newconn) < 0) { /* no space, forget it */
@@ -244,8 +238,8 @@ int connection_handle_listener_read(connection_t *conn, int new_type, int new_st
  return 0;
 }

-/* private function, to create the 'local' variable used below */
-static int learn_local(struct sockaddr_in *local) {
+/* create the 'local' variable used below */
+int learn_local(struct sockaddr_in *local) {
  /* local host information */
  char localhostname[512];
  struct hostent *localhost;
@@ -269,7 +263,7 @@ static int learn_local(struct sockaddr_in *local) {
  return 0;
 }

-int retry_all_connections(int role, crypto_pk_env_t *prkey, uint16_t or_listenport,
+int retry_all_connections(int role, uint16_t or_listenport,
  uint16_t op_listenport, uint16_t ap_listenport, uint16_t dir_listenport) {

  /* start all connections that should be up but aren't */
@@ -282,33 +276,33 @@ int retry_all_connections(int role, crypto_pk_env_t *prkey, uint16_t or_listenpo
  local.sin_port = htons(or_listenport);

  if(role & ROLE_OR_CONNECT_ALL) {
-    router_retry_connections(prkey, &local);
+    router_retry_connections(&local);
  }

  if(role & ROLE_OR_LISTEN) {
    if(!connection_get_by_type(CONN_TYPE_OR_LISTENER)) {
-      connection_or_create_listener(prkey, &local);
+      connection_or_create_listener(&local);
    }
  }
      
  if(role & ROLE_OP_LISTEN) {
    local.sin_port = htons(op_listenport);
    if(!connection_get_by_type(CONN_TYPE_OP_LISTENER)) {
-      connection_op_create_listener(prkey, &local);
+      connection_op_create_listener(&local);
    }
  }

  if(role & ROLE_AP_LISTEN) {
    local.sin_port = htons(ap_listenport);
    if(!connection_get_by_type(CONN_TYPE_AP_LISTENER)) {
-      connection_ap_create_listener(NULL, &local); /* no need to tell it the private key. */
+      connection_ap_create_listener(&local);
    }
  }

  if(role & ROLE_DIR_LISTEN) {
    local.sin_port = htons(dir_listenport);
    if(!connection_get_by_type(CONN_TYPE_DIR_LISTENER)) {
-      connection_dir_create_listener(NULL, &local); /* no need to tell it the private key. */
+      connection_dir_create_listener(&local);
    }
  }
 

--- a/src/or/connection_ap.c
+++ b/src/or/connection_ap.c
@@ -393,9 +393,9 @@ int connection_ap_finished_flushing(connection_t *conn) {

 }

-int connection_ap_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+int connection_ap_create_listener(struct sockaddr_in *local) {
  log(LOG_DEBUG,"connection_create_ap_listener starting");
-  return connection_create_listener(prkey, local, CONN_TYPE_AP_LISTENER);
+  return connection_create_listener(local, CONN_TYPE_AP_LISTENER);
 }

 int connection_ap_handle_listener_read(connection_t *conn) {

--- a/src/or/connection_op.c
+++ b/src/or/connection_op.c
@@ -51,7 +51,7 @@ int op_handshake_process_keys(connection_t *conn) {
  log(LOG_DEBUG,"op_handshake_process_keys() : Received auth.");

  /* decrypt response */
-  retval = crypto_pk_private_decrypt(conn->prkey, auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
+  retval = crypto_pk_private_decrypt(getprivatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
  if (retval == -1)
  { 
    log(LOG_ERR,"Decrypting keys from new OP failed.");
@@ -110,9 +110,9 @@ int connection_op_finished_flushing(connection_t *conn) {

 }

-int connection_op_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+int connection_op_create_listener(struct sockaddr_in *local) {
  log(LOG_DEBUG,"connection_create_op_listener starting");
-  return connection_create_listener(prkey, local, CONN_TYPE_OP_LISTENER);
+  return connection_create_listener(local, CONN_TYPE_OP_LISTENER);
 }

 int connection_op_handle_listener_read(connection_t *conn) {

--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -142,7 +142,7 @@ void conn_or_init_crypto(connection_t *conn) {
 * *result to 1 if connect() returned before completing, or to 2
 * if it completed, and returns the new conn.
 */
-connection_t *connection_or_connect(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local, 
+connection_t *connection_or_connect(routerinfo_t *router, struct sockaddr_in *local, 
                                    uint16_t port, int *result) {
  connection_t *conn;
  struct sockaddr_in router_addr;
@@ -154,8 +154,6 @@ connection_t *connection_or_connect(routerinfo_t *router, crypto_pk_env_t *prkey

  /* set up conn so it's got all the data we need to remember */
  conn->addr = router->addr, conn->port = router->or_port; /* NOTE we store or_port here always */
-  if(prkey)
-    conn->prkey = crypto_pk_dup_key(prkey);
  conn->bandwidth = router->bandwidth;
  conn->pkey = crypto_pk_dup_key(router->pkey);
  conn->address = strdup(router->address);
@@ -237,7 +235,7 @@ connection_t *connection_or_connect_as_op(routerinfo_t *router, struct sockaddr_
  if(conn)
    return conn;

-  conn = connection_or_connect(router, NULL, local, router->op_port, &result);
+  conn = connection_or_connect(router, local, router->op_port, &result);
  if(!conn)
    return NULL;

@@ -342,11 +340,11 @@ int or_handshake_op_finished_sending_keys(connection_t *conn) {
 *
 */

-connection_t *connection_or_connect_as_or(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+connection_t *connection_or_connect_as_or(routerinfo_t *router, struct sockaddr_in *local) {
  connection_t *conn;
  int result=0; /* so connection_or_connect() can tell us what happened */

-  assert(router && prkey && local);
+  assert(router && local);

  if(router->addr == local->sin_addr.s_addr && router->or_port == ntohs(local->sin_port)) {
    /* this is me! don't connect to me. */
@@ -354,7 +352,7 @@ connection_t *connection_or_connect_as_or(routerinfo_t *router, crypto_pk_env_t
    return NULL;
  }

-  conn = connection_or_connect(router, prkey, local, router->or_port, &result);
+  conn = connection_or_connect(router, local, router->or_port, &result);
  if(!conn)
    return NULL;

@@ -454,7 +452,7 @@ int or_handshake_client_process_auth(connection_t *conn) {
  log(LOG_DEBUG,"or_handshake_client_process_auth() : Received auth.");

  /* decrypt response */
-  retval = crypto_pk_private_decrypt(conn->prkey, cipher, 128, buf, RSA_PKCS1_PADDING);
+  retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
  if (retval == -1)
  { 
    log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
@@ -562,7 +560,7 @@ int or_handshake_server_process_auth(connection_t *conn) {
  log(LOG_DEBUG,"or_handshake_server_process_auth() : Received auth.");

  /* decrypt response */
-  retval = crypto_pk_private_decrypt(conn->prkey, cipher, 128, buf, RSA_PKCS1_PADDING);
+  retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
  if (retval == -1)
  { 
    log(LOG_ERR,"Public-key decryption failed processing auth message from new client.");
@@ -678,7 +676,7 @@ int or_handshake_server_process_nonce(connection_t *conn) {
  log(LOG_DEBUG,"or_handshake_server_process_nonce() : Received auth.");

  /* decrypt response */
-  retval = crypto_pk_private_decrypt(conn->prkey, cipher, 128, buf,RSA_PKCS1_PADDING);
+  retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf,RSA_PKCS1_PADDING);
  if (retval == -1)
  {
    log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
@@ -719,9 +717,9 @@ int or_handshake_server_process_nonce(connection_t *conn) {
 /* ********************************** */


-int connection_or_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+int connection_or_create_listener(struct sockaddr_in *local) {
  log(LOG_DEBUG,"connection_create_or_listener starting");
-  return connection_create_listener(prkey, local, CONN_TYPE_OR_LISTENER);
+  return connection_create_listener(local, CONN_TYPE_OR_LISTENER);
 }

 int connection_or_handle_listener_read(connection_t *conn) {

--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -122,8 +122,8 @@ int connection_dir_process_inbuf(connection_t *conn) {
      return -1;
    }
    /* eof reached, kill it, but first process the_directory and learn about new routers. */
-    log(LOG_DEBUG,"connection_dir_process_inbuf(): conn reached eof. Processing directory.");
-    log(LOG_DEBUG,"connection_dir_process_inbuf(): Received directory (size %d) '%s'", directorylen, the_directory);
+//    log(LOG_DEBUG,"connection_dir_process_inbuf(): conn reached eof. Processing directory.");
+    log(LOG_DEBUG,"connection_dir_process_inbuf(): Received directory (size %d)\n%s", directorylen, the_directory);
    if(directorylen == 0) {
      log(LOG_DEBUG,"connection_dir_process_inbuf(): Empty directory. Ignoring.");
      return -1;
@@ -131,6 +131,13 @@ int connection_dir_process_inbuf(connection_t *conn) {
    if(router_get_list_from_string(the_directory, options.ORPort) < 0) {
      log(LOG_DEBUG,"connection_dir_process_inbuf(): ...but parsing failed. Ignoring.");
    }
+    if(options.Role & ROLE_OR_CONNECT_ALL) { /* connect to them all */
+      struct sockaddr_in local; /* local address */
+      if(learn_local(&local) < 0)
+        return -1;
+      local.sin_port = htons(options.ORPort);
+      router_retry_connections(&local);
+    }
    return -1;
  }

@@ -240,9 +247,9 @@ int connection_dir_finished_flushing(connection_t *conn) {
  return 0;
 }

-int connection_dir_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+int connection_dir_create_listener(struct sockaddr_in *local) {
  log(LOG_DEBUG,"connection_create_dir_listener starting");
-  return connection_create_listener(prkey, local, CONN_TYPE_DIR_LISTENER);
+  return connection_create_listener(local, CONN_TYPE_DIR_LISTENER);
 }

 int connection_dir_handle_listener_read(connection_t *conn) {

--- a/src/or/main.c
+++ b/src/or/main.c
@@ -19,12 +19,21 @@ static int nfds=0; /* number of connections currently active */
 static int please_dumpstats=0; /* whether we should dump stats during the loop */

 /* private key */
-static crypto_pk_env_t *prkey;
+static crypto_pk_env_t *privatekey;

 routerinfo_t *my_routerinfo=NULL;

 /********* END VARIABLES ************/

+void setprivatekey(crypto_pk_env_t *k) {
+  privatekey = k;
+}
+
+crypto_pk_env_t *getprivatekey(void) {
+  assert(privatekey);
+  return privatekey;
+}
+
 /****************************************************************************
 *
 * This section contains accessors and other methods on the connection_array
@@ -398,6 +407,7 @@ int do_main_loop(void) {
  int i;
  int timeout;
  int poll_result;
+  crypto_pk_env_t *prkey;

  /* load the routers file */
  if(router_get_list_from_file(options.RouterFile, options.ORPort) < 0) {
@@ -417,11 +427,12 @@ int do_main_loop(void) {
      log(LOG_ERR,"Error loading private key.");
      return -1;
    }
+    setprivatekey(prkey);
  }

  /* start-up the necessary connections based on global_role. This is where we
   * try to connect to all the other ORs, and start the listeners */
-  retry_all_connections(options.Role, prkey, options.ORPort,
+  retry_all_connections(options.Role, options.ORPort,
                        options.OPPort, options.APPort, options.DirPort);

  for(;;) {

--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -30,7 +30,7 @@ int decide_aci_type(uint32_t local_addr, uint16_t local_port,
 int process_onion(circuit_t *circ, connection_t *conn) {
  aci_t aci_type;

-  if(!decrypt_onion((onion_layer_t *)circ->onion,circ->onionlen,conn->prkey)) {
+  if(!decrypt_onion((onion_layer_t *)circ->onion,circ->onionlen,getprivatekey())) {
    log(LOG_DEBUG,"command_process_create_cell(): decrypt_onion() failed, closing circuit.");
    return -1;
  }

--- a/src/or/or.h
+++ b/src/or/or.h
@@ -230,7 +230,6 @@ typedef struct
  
 /* used by OR, to keep state while connect()ing: Kludge. */

-  crypto_pk_env_t *prkey;
  struct sockaddr_in local;

 #if 0 /* obsolete, we now use conn->bandwidth */
@@ -449,12 +448,13 @@ connection_t *connection_new(int type);

 void connection_free(connection_t *conn);

-int connection_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local, int type);
+int connection_create_listener(struct sockaddr_in *local, int type);

 int connection_handle_listener_read(connection_t *conn, int new_type, int new_state);

 /* start all connections that should be up but aren't */
-int retry_all_connections(int role, crypto_pk_env_t *prkey, uint16_t or_listenport, 
+int learn_local(struct sockaddr_in *local);
+int retry_all_connections(int role, uint16_t or_listenport, 
  uint16_t op_listenport, uint16_t ap_listenport, uint16_t dir_listenport);
 connection_t *connection_connect_to_router_as_op(routerinfo_t *router, uint16_t local_or_port);

@@ -512,7 +512,7 @@ int connection_ap_process_data_cell(cell_t *cell, connection_t *conn);

 int connection_ap_finished_flushing(connection_t *conn);

-int connection_ap_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local);
+int connection_ap_create_listener(struct sockaddr_in *local);

 int connection_ap_handle_listener_read(connection_t *conn);

@@ -534,7 +534,7 @@ int connection_op_process_inbuf(connection_t *conn);

 int connection_op_finished_flushing(connection_t *conn);

-int connection_op_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local);
+int connection_op_create_listener(struct sockaddr_in *local);

 int connection_op_handle_listener_read(connection_t *conn);

@@ -554,11 +554,11 @@ int or_handshake_client_send_auth(connection_t *conn);
 int or_handshake_server_process_auth(connection_t *conn);
 int or_handshake_server_process_nonce(connection_t *conn);

-connection_t *connect_to_router_as_or(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local);
-connection_t *connection_or_connect_as_or(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local);
+connection_t *connect_to_router_as_or(routerinfo_t *router, struct sockaddr_in *local);
+connection_t *connection_or_connect_as_or(routerinfo_t *router, struct sockaddr_in *local);
 connection_t *connection_or_connect_as_op(routerinfo_t *router, struct sockaddr_in *local);

-int connection_or_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local);
+int connection_or_create_listener(struct sockaddr_in *local);
 int connection_or_handle_listener_read(connection_t *conn);

 /********************************* directory.c ***************************/
@@ -570,11 +570,13 @@ int connection_dir_process_inbuf(connection_t *conn);
 int directory_handle_command(connection_t *conn);
 int directory_handle_reading(connection_t *conn);
 int connection_dir_finished_flushing(connection_t *conn);
-int connection_dir_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local);
+int connection_dir_create_listener(struct sockaddr_in *local);
 int connection_dir_handle_listener_read(connection_t *conn);

 /********************************* main.c ***************************/

+void setprivatekey(crypto_pk_env_t *k);
+crypto_pk_env_t *getprivatekey(void);
 int connection_add(connection_t *conn);
 int connection_remove(connection_t *conn);
 void connection_set_poll_socket(connection_t *conn);
@@ -647,7 +649,7 @@ tracked_onion_t *id_tracked_onion(unsigned char *onion, uint32_t onionlen, track

 /********************************* routers.c ***************************/

-void router_retry_connections(crypto_pk_env_t *prkey, struct sockaddr_in *local);
+void router_retry_connections(struct sockaddr_in *local);
 routerinfo_t *router_pick_directory_server(void);
 routerinfo_t *router_get_by_addr_port(uint32_t addr, uint16_t port);
 unsigned int *router_new_route(int *routelen);

--- a/src/or/routers.c
+++ b/src/or/routers.c
@@ -35,7 +35,7 @@ static routerinfo_t *router_get_entry_from_string(char **s);

 /****************************************************************************/

-void router_retry_connections(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+void router_retry_connections(struct sockaddr_in *local) {
  int i;
  routerinfo_t *router;

@@ -43,7 +43,7 @@ void router_retry_connections(crypto_pk_env_t *prkey, struct sockaddr_in *local)
    router = router_array[i];
    if(!connection_exact_get_by_addr_port(router->addr,router->or_port)) { /* not in the list */
      log(LOG_DEBUG,"retry_all_connections(): connecting to OR %s:%u.",router->address,router->or_port);
-      connection_or_connect_as_or(router, prkey, local);
+      connection_or_connect_as_or(router, local);
    }
  }
 }