Tor
0.4.7.0-alpha-dev
|
Make decisions about uploaded descriptors. More...
#include "core/or/or.h"
#include "feature/dirauth/process_descs.h"
#include "app/config/config.h"
#include "core/or/policies.h"
#include "core/or/versions.h"
#include "feature/dirauth/dirauth_sys.h"
#include "feature/dirauth/keypin.h"
#include "feature/dirauth/reachability.h"
#include "feature/dirclient/dlstatus.h"
#include "feature/dircommon/directory.h"
#include "feature/nodelist/describe.h"
#include "feature/nodelist/microdesc.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerinfo.h"
#include "feature/nodelist/routerlist.h"
#include "feature/dirparse/routerparse.h"
#include "feature/nodelist/torcert.h"
#include "feature/relay/router.h"
#include "core/or/tor_version_st.h"
#include "feature/dirauth/dirauth_options_st.h"
#include "feature/nodelist/extrainfo_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/microdesc_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerstatus_st.h"
#include "feature/nodelist/vote_routerstatus_st.h"
#include "lib/encoding/confline.h"
#include "lib/crypt_ops/crypto_format.h"
Go to the source code of this file.
Macros | |
#define | PROCESS_DESCS_PRIVATE |
#define | ROUTER_ALLOW_SKEW (60*60*12) |
#define | DISABLE_DISABLING_ED25519 |
Variables | |
static authdir_config_t * | fingerprint_list = NULL |
Make decisions about uploaded descriptors.
Authorities use the code in this module to decide what to do with just- uploaded descriptors, and to manage the fingerprint file that helps them make those decisions.
Definition in file process_descs.c.
#define ROUTER_ALLOW_SKEW (60*60*12) |
How far in the future do we allow a router to get? (seconds)
Definition at line 51 of file process_descs.c.
int add_ed25519_to_dir | ( | const ed25519_public_key_t * | edkey, |
authdir_config_t * | list, | ||
rtr_flags_t | add_status | ||
) |
Add the ed25519 key edkey to the smartlist of fingerprint_entry_t's list, or-ing the currently set status flags with add_status. Return -1 if we were unable to decode the key, else return 0.
Definition at line 135 of file process_descs.c.
int add_rsa_fingerprint_to_dir | ( | const char * | fp, |
authdir_config_t * | list, | ||
rtr_flags_t | add_status | ||
) |
Add the fingerprint fp to the smartlist of fingerprint_entry_t's list, or-ing the currently set status flags with add_status.
Definition at line 100 of file process_descs.c.
|
static |
Allocate and return a new, empty, authdir_config_t.
Definition at line 68 of file process_descs.c.
Referenced by dirserv_get_status_impl().
int authdir_wants_to_reject_router | ( | routerinfo_t * | ri, |
const char ** | msg, | ||
int | complain, | ||
int * | valid_out | ||
) |
Check whether we, as a directory server, want to accept ri. If so, set its is_valid,running fields and return 0. Otherwise, return -1.
If the router is rejected, set *msg to a string constant explining why.
If complain then explain at log-level 'notice' why we refused a descriptor; else explain at log-level 'info'.
Definition at line 575 of file process_descs.c.
|
static |
Remove all descriptors whose nicknames or fingerprints no longer are allowed by our fingerprint list. (Descriptors that used to be good can become bad when we reload the fingerprint list.)
Definition at line 935 of file process_descs.c.
was_router_added_t dirserv_add_descriptor | ( | routerinfo_t * | ri, |
const char ** | msg, | ||
const char * | source | ||
) |
Examine the parsed server descriptor in ri and maybe insert it into the list of server descriptors. Set *msg to a message that should be passed back to the origin of this descriptor, or NULL if there is no such message. Use source to produce better log messages.
If ri is not added to the list of server descriptors, free it. That means the caller must not access ri after this function returns, since it might have been freed.
Return the status of the operation, and set *msg to a string constant describing the status.
This function is only called when fresh descriptors are posted, not when we re-load the cache.
Definition at line 742 of file process_descs.c.
|
static |
As dirserv_add_descriptor, but for an extrainfo_t ei.
Definition at line 874 of file process_descs.c.
was_router_added_t dirserv_add_multiple_descriptors | ( | const char * | desc, |
size_t | desclen, | ||
uint8_t | purpose, | ||
const char * | source, | ||
const char ** | msg | ||
) |
As for dirserv_add_descriptor(), but accepts multiple documents, and returns the most severe error that occurred for any one of them.
Definition at line 645 of file process_descs.c.
int dirserv_add_own_fingerprint | ( | crypto_pk_t * | pk, |
const ed25519_public_key_t * | edkey | ||
) |
Add the fingerprint for this OR to the global list of recognized identity key fingerprints.
Definition at line 161 of file process_descs.c.
void dirserv_free_fingerprint_list | ( | void | ) |
Clear the current fingerprint list.
Definition at line 521 of file process_descs.c.
|
static |
Helper: As dirserv_router_get_status, but takes the router fingerprint (hex, no spaces), ed25519 key, nickname, address (used for logging only), IP address, OR port and platform (logging only) as arguments.
Log messages at 'severity'. (There's not much point in logging that we're rejecting servers we'll not download.)
Definition at line 437 of file process_descs.c.
Referenced by dirserv_would_reject_router().
int dirserv_load_fingerprint_file | ( | void | ) |
Load the nickname->fingerprint mappings stored in the approved-routers file. The file format is line-based, with each non-blank holding one nickname, some space, and a fingerprint for that nickname. On success, replace the current fingerprint list with the new list and return 0. On failure, leave the current fingerprint list untouched, and return -1.
Definition at line 187 of file process_descs.c.
STATIC bool dirserv_rejects_tor_version | ( | const char * | platform, |
const char ** | msg | ||
) |
Check whether the platform string in platform describes a platform that, as a directory authority, we want to reject. If it does, return true, and set *msg (if present) to a rejection message. Otherwise return false.
Definition at line 396 of file process_descs.c.
uint32_t dirserv_router_get_status | ( | const routerinfo_t * | router, |
const char ** | msg, | ||
int | severity | ||
) |
Check whether router has:
Return the appropriate router status.
If the status is 'RTR_REJECT' and msg is provided, set *msg to a string constant explaining why.
Definition at line 291 of file process_descs.c.
Referenced by directory_remove_invalid().
STATIC int dirserv_router_has_valid_address | ( | routerinfo_t * | ri | ) |
Return -1 if ri has a private or otherwise bad address, unless we're configured to not care. Return 0 if all ok.
Definition at line 539 of file process_descs.c.
void dirserv_set_node_flags_from_authoritative_status | ( | node_t * | node, |
uint32_t | authstatus | ||
) |
Update the relevant flags of node based on our opinion as a directory authority in authstatus, as returned by dirserv_router_get_status or equivalent.
Definition at line 628 of file process_descs.c.
int dirserv_would_reject_router | ( | const routerstatus_t * | rs, |
const vote_routerstatus_t * | vrs | ||
) |
Return true if there is no point in downloading the router described by rs because this directory would reject it.
Definition at line 375 of file process_descs.c.
|
static |
True iff a is more severe than b.
Definition at line 637 of file process_descs.c.
|
static |
Should be static; exposed for testing.
Definition at line 64 of file process_descs.c.
Referenced by dirserv_free_fingerprint_list(), and dirserv_get_status_impl().