Tor  0.4.7.0-alpha-dev
Macros | Functions | Variables
process_descs.c File Reference

Make decisions about uploaded descriptors. More...

#include "core/or/or.h"
#include "feature/dirauth/process_descs.h"
#include "app/config/config.h"
#include "core/or/policies.h"
#include "core/or/versions.h"
#include "feature/dirauth/dirauth_sys.h"
#include "feature/dirauth/keypin.h"
#include "feature/dirauth/reachability.h"
#include "feature/dirclient/dlstatus.h"
#include "feature/dircommon/directory.h"
#include "feature/nodelist/describe.h"
#include "feature/nodelist/microdesc.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerinfo.h"
#include "feature/nodelist/routerlist.h"
#include "feature/dirparse/routerparse.h"
#include "feature/nodelist/torcert.h"
#include "feature/relay/router.h"
#include "core/or/tor_version_st.h"
#include "feature/dirauth/dirauth_options_st.h"
#include "feature/nodelist/extrainfo_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/microdesc_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerstatus_st.h"
#include "feature/nodelist/vote_routerstatus_st.h"
#include "lib/encoding/confline.h"
#include "lib/crypt_ops/crypto_format.h"

Go to the source code of this file.

Macros

#define PROCESS_DESCS_PRIVATE
 
#define ROUTER_ALLOW_SKEW   (60*60*12)
 
#define DISABLE_DISABLING_ED25519
 

Functions

static void directory_remove_invalid (void)
 
static was_router_added_t dirserv_add_extrainfo (extrainfo_t *ei, const char **msg)
 
static uint32_t dirserv_get_status_impl (const char *id_digest, const ed25519_public_key_t *ed25519_public_key, const char *nickname, const tor_addr_t *ipv4_addr, uint16_t ipv4_orport, const char *platform, const char **msg, int severity)
 
static authdir_config_tauthdir_config_new (void)
 
int add_rsa_fingerprint_to_dir (const char *fp, authdir_config_t *list, rtr_flags_t add_status)
 
int add_ed25519_to_dir (const ed25519_public_key_t *edkey, authdir_config_t *list, rtr_flags_t add_status)
 
int dirserv_add_own_fingerprint (crypto_pk_t *pk, const ed25519_public_key_t *edkey)
 
int dirserv_load_fingerprint_file (void)
 
uint32_t dirserv_router_get_status (const routerinfo_t *router, const char **msg, int severity)
 
int dirserv_would_reject_router (const routerstatus_t *rs, const vote_routerstatus_t *vrs)
 
STATIC bool dirserv_rejects_tor_version (const char *platform, const char **msg)
 
void dirserv_free_fingerprint_list (void)
 
STATIC int dirserv_router_has_valid_address (routerinfo_t *ri)
 
int authdir_wants_to_reject_router (routerinfo_t *ri, const char **msg, int complain, int *valid_out)
 
void dirserv_set_node_flags_from_authoritative_status (node_t *node, uint32_t authstatus)
 
static int WRA_MORE_SEVERE (was_router_added_t a, was_router_added_t b)
 
was_router_added_t dirserv_add_multiple_descriptors (const char *desc, size_t desclen, uint8_t purpose, const char *source, const char **msg)
 
was_router_added_t dirserv_add_descriptor (routerinfo_t *ri, const char **msg, const char *source)
 

Variables

static authdir_config_tfingerprint_list = NULL
 

Detailed Description

Make decisions about uploaded descriptors.

Authorities use the code in this module to decide what to do with just- uploaded descriptors, and to manage the fingerprint file that helps them make those decisions.

Definition in file process_descs.c.

Macro Definition Documentation

◆ ROUTER_ALLOW_SKEW

#define ROUTER_ALLOW_SKEW   (60*60*12)

How far in the future do we allow a router to get? (seconds)

Definition at line 51 of file process_descs.c.

Function Documentation

◆ add_ed25519_to_dir()

int add_ed25519_to_dir ( const ed25519_public_key_t edkey,
authdir_config_t list,
rtr_flags_t  add_status 
)

Add the ed25519 key edkey to the smartlist of fingerprint_entry_t's list, or-ing the currently set status flags with add_status. Return -1 if we were unable to decode the key, else return 0.

Definition at line 135 of file process_descs.c.

◆ add_rsa_fingerprint_to_dir()

int add_rsa_fingerprint_to_dir ( const char *  fp,
authdir_config_t list,
rtr_flags_t  add_status 
)

Add the fingerprint fp to the smartlist of fingerprint_entry_t's list, or-ing the currently set status flags with add_status.

Definition at line 100 of file process_descs.c.

◆ authdir_config_new()

static authdir_config_t* authdir_config_new ( void  )
static

Allocate and return a new, empty, authdir_config_t.

Definition at line 68 of file process_descs.c.

Referenced by dirserv_get_status_impl().

◆ authdir_wants_to_reject_router()

int authdir_wants_to_reject_router ( routerinfo_t ri,
const char **  msg,
int  complain,
int *  valid_out 
)

Check whether we, as a directory server, want to accept ri. If so, set its is_valid,running fields and return 0. Otherwise, return -1.

If the router is rejected, set *msg to a string constant explining why.

If complain then explain at log-level 'notice' why we refused a descriptor; else explain at log-level 'info'.

Definition at line 575 of file process_descs.c.

◆ directory_remove_invalid()

static void directory_remove_invalid ( void  )
static

Remove all descriptors whose nicknames or fingerprints no longer are allowed by our fingerprint list. (Descriptors that used to be good can become bad when we reload the fingerprint list.)

Definition at line 935 of file process_descs.c.

◆ dirserv_add_descriptor()

was_router_added_t dirserv_add_descriptor ( routerinfo_t ri,
const char **  msg,
const char *  source 
)

Examine the parsed server descriptor in ri and maybe insert it into the list of server descriptors. Set *msg to a message that should be passed back to the origin of this descriptor, or NULL if there is no such message. Use source to produce better log messages.

If ri is not added to the list of server descriptors, free it. That means the caller must not access ri after this function returns, since it might have been freed.

Return the status of the operation, and set *msg to a string constant describing the status.

This function is only called when fresh descriptors are posted, not when we re-load the cache.

Definition at line 742 of file process_descs.c.

◆ dirserv_add_extrainfo()

static was_router_added_t dirserv_add_extrainfo ( extrainfo_t ei,
const char **  msg 
)
static

As dirserv_add_descriptor, but for an extrainfo_t ei.

Definition at line 874 of file process_descs.c.

◆ dirserv_add_multiple_descriptors()

was_router_added_t dirserv_add_multiple_descriptors ( const char *  desc,
size_t  desclen,
uint8_t  purpose,
const char *  source,
const char **  msg 
)

As for dirserv_add_descriptor(), but accepts multiple documents, and returns the most severe error that occurred for any one of them.

Definition at line 645 of file process_descs.c.

◆ dirserv_add_own_fingerprint()

int dirserv_add_own_fingerprint ( crypto_pk_t pk,
const ed25519_public_key_t edkey 
)

Add the fingerprint for this OR to the global list of recognized identity key fingerprints.

Definition at line 161 of file process_descs.c.

◆ dirserv_free_fingerprint_list()

void dirserv_free_fingerprint_list ( void  )

Clear the current fingerprint list.

Definition at line 521 of file process_descs.c.

◆ dirserv_get_status_impl()

static uint32_t dirserv_get_status_impl ( const char *  id_digest,
const ed25519_public_key_t ed25519_public_key,
const char *  nickname,
const tor_addr_t ipv4_addr,
uint16_t  ipv4_orport,
const char *  platform,
const char **  msg,
int  severity 
)
static

Helper: As dirserv_router_get_status, but takes the router fingerprint (hex, no spaces), ed25519 key, nickname, address (used for logging only), IP address, OR port and platform (logging only) as arguments.

Log messages at 'severity'. (There's not much point in logging that we're rejecting servers we'll not download.)

Definition at line 437 of file process_descs.c.

Referenced by dirserv_would_reject_router().

◆ dirserv_load_fingerprint_file()

int dirserv_load_fingerprint_file ( void  )

Load the nickname->fingerprint mappings stored in the approved-routers file. The file format is line-based, with each non-blank holding one nickname, some space, and a fingerprint for that nickname. On success, replace the current fingerprint list with the new list and return 0. On failure, leave the current fingerprint list untouched, and return -1.

Definition at line 187 of file process_descs.c.

◆ dirserv_rejects_tor_version()

STATIC bool dirserv_rejects_tor_version ( const char *  platform,
const char **  msg 
)

Check whether the platform string in platform describes a platform that, as a directory authority, we want to reject. If it does, return true, and set *msg (if present) to a rejection message. Otherwise return false.

Definition at line 396 of file process_descs.c.

◆ dirserv_router_get_status()

uint32_t dirserv_router_get_status ( const routerinfo_t router,
const char **  msg,
int  severity 
)

Check whether router has:

  • a nickname/identity key combination that we recognize from the fingerprint list,
  • an IP we automatically act on according to our configuration,
  • an appropriate version, and
  • matching pinned keys.

Return the appropriate router status.

If the status is 'RTR_REJECT' and msg is provided, set *msg to a string constant explaining why.

Definition at line 291 of file process_descs.c.

Referenced by directory_remove_invalid().

◆ dirserv_router_has_valid_address()

STATIC int dirserv_router_has_valid_address ( routerinfo_t ri)

Return -1 if ri has a private or otherwise bad address, unless we're configured to not care. Return 0 if all ok.

Definition at line 539 of file process_descs.c.

◆ dirserv_set_node_flags_from_authoritative_status()

void dirserv_set_node_flags_from_authoritative_status ( node_t node,
uint32_t  authstatus 
)

Update the relevant flags of node based on our opinion as a directory authority in authstatus, as returned by dirserv_router_get_status or equivalent.

Definition at line 628 of file process_descs.c.

◆ dirserv_would_reject_router()

int dirserv_would_reject_router ( const routerstatus_t rs,
const vote_routerstatus_t vrs 
)

Return true if there is no point in downloading the router described by rs because this directory would reject it.

Definition at line 375 of file process_descs.c.

◆ WRA_MORE_SEVERE()

static int WRA_MORE_SEVERE ( was_router_added_t  a,
was_router_added_t  b 
)
static

True iff a is more severe than b.

Definition at line 637 of file process_descs.c.

Variable Documentation

◆ fingerprint_list

authdir_config_t* fingerprint_list = NULL
static

Should be static; exposed for testing.

Definition at line 64 of file process_descs.c.

Referenced by dirserv_free_fingerprint_list(), and dirserv_get_status_impl().