Tor  0.4.5.0-alpha-dev
process_descs.c
Go to the documentation of this file.
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3  * Copyright (c) 2007-2020, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5 
6 /**
7  * \file process_descs.c
8  * \brief Make decisions about uploaded descriptors
9  *
10  * Authorities use the code in this module to decide what to do with just-
11  * uploaded descriptors, and to manage the fingerprint file that helps
12  * them make those decisions.
13  **/
14 
15 #define PROCESS_DESCS_PRIVATE
16 
17 #include "core/or/or.h"
19 
20 #include "app/config/config.h"
21 #include "core/or/policies.h"
22 #include "core/or/versions.h"
24 #include "feature/dirauth/keypin.h"
36 #include "feature/relay/router.h"
37 
38 #include "core/or/tor_version_st.h"
46 
47 #include "lib/encoding/confline.h"
49 
50 /** How far in the future do we allow a router to get? (seconds) */
51 #define ROUTER_ALLOW_SKEW (60*60*12)
52 
53 static void directory_remove_invalid(void);
55  const char **msg);
56 static uint32_t
57 dirserv_get_status_impl(const char *id_digest,
58  const ed25519_public_key_t *ed25519_public_key,
59  const char *nickname, const tor_addr_t *ipv4_addr,
60  uint16_t ipv4_orport, const char *platform,
61  const char **msg, int severity);
62 
63 /** Should be static; exposed for testing. */
65 
66 /** Allocate and return a new, empty, authdir_config_t. */
67 static authdir_config_t *
69 {
70  authdir_config_t *list = tor_malloc_zero(sizeof(authdir_config_t));
71  list->fp_by_name = strmap_new();
72  list->status_by_digest = digestmap_new();
73  list->status_by_digest256 = digest256map_new();
74  return list;
75 }
76 
77 #ifdef TOR_UNIT_TESTS
78 
79 /** Initialize fingerprint_list to a new authdir_config_t. Used for tests. */
80 void
81 authdir_init_fingerprint_list(void)
82 {
84 }
85 
86 /* Return the current fingerprint_list. Used for tests. */
88 authdir_return_fingerprint_list(void)
89 {
90  return fingerprint_list;
91 }
92 
93 #endif /* defined(TOR_UNIT_TESTS) */
94 
95 /** Add the fingerprint <b>fp</b> to the smartlist of fingerprint_entry_t's
96  * <b>list</b>, or-ing the currently set status flags with
97  * <b>add_status</b>.
98  */
99 int
101  rtr_flags_t add_status)
102 {
103  char *fingerprint;
104  char d[DIGEST_LEN];
105  rtr_flags_t *status;
106  tor_assert(fp);
107  tor_assert(list);
108 
109  fingerprint = tor_strdup(fp);
110  tor_strstrip(fingerprint, " ");
111  if (base16_decode(d, DIGEST_LEN,
112  fingerprint, strlen(fingerprint)) != DIGEST_LEN) {
113  log_warn(LD_DIRSERV, "Couldn't decode fingerprint \"%s\"",
114  escaped(fp));
115  tor_free(fingerprint);
116  return -1;
117  }
118 
119  status = digestmap_get(list->status_by_digest, d);
120  if (!status) {
121  status = tor_malloc_zero(sizeof(rtr_flags_t));
122  digestmap_set(list->status_by_digest, d, status);
123  }
124 
125  tor_free(fingerprint);
126  *status |= add_status;
127  return 0;
128 }
129 
130 /** Add the ed25519 key <b>edkey</b> to the smartlist of fingerprint_entry_t's
131  * <b>list</b>, or-ing the currently set status flags with <b>add_status</b>.
132  * Return -1 if we were unable to decode the key, else return 0.
133  */
134 int
136  rtr_flags_t add_status)
137 {
138  rtr_flags_t *status;
139 
140  tor_assert(edkey);
141  tor_assert(list);
142 
143  if (ed25519_validate_pubkey(edkey) < 0) {
144  log_warn(LD_DIRSERV, "Invalid ed25519 key \"%s\"", ed25519_fmt(edkey));
145  return -1;
146  }
147 
148  status = digest256map_get(list->status_by_digest256, edkey->pubkey);
149  if (!status) {
150  status = tor_malloc_zero(sizeof(rtr_flags_t));
151  digest256map_set(list->status_by_digest256, edkey->pubkey, status);
152  }
153 
154  *status |= add_status;
155  return 0;
156 }
157 
158 /** Add the fingerprint for this OR to the global list of recognized
159  * identity key fingerprints. */
160 int
162 {
163  char fp[FINGERPRINT_LEN+1];
164  if (crypto_pk_get_fingerprint(pk, fp, 0)<0) {
165  log_err(LD_BUG, "Error computing fingerprint");
166  return -1;
167  }
168  if (!fingerprint_list)
171  log_err(LD_BUG, "Error adding RSA fingerprint");
172  return -1;
173  }
174  if (add_ed25519_to_dir(edkey, fingerprint_list, 0) < 0) {
175  log_err(LD_BUG, "Error adding ed25519 key");
176  return -1;
177  }
178  return 0;
179 }
180 
181 /** Load the nickname->fingerprint mappings stored in the approved-routers
182  * file. The file format is line-based, with each non-blank holding one
183  * nickname, some space, and a fingerprint for that nickname. On success,
184  * replace the current fingerprint list with the new list and return 0. On
185  * failure, leave the current fingerprint list untouched, and return -1. */
186 int
188 {
189  char *fname;
190  char *cf;
191  char *nickname, *fingerprint;
192  authdir_config_t *fingerprint_list_new;
193  int result;
194  config_line_t *front=NULL, *list;
195 
196  fname = get_datadir_fname("approved-routers");
197  log_info(LD_GENERAL,
198  "Reloading approved fingerprints from \"%s\"...", fname);
199 
200  cf = read_file_to_str(fname, RFTS_IGNORE_MISSING, NULL);
201  if (!cf) {
202  log_warn(LD_FS, "Cannot open fingerprint file '%s'. That's ok.", fname);
203  tor_free(fname);
204  return 0;
205  }
206  tor_free(fname);
207 
208  result = config_get_lines(cf, &front, 0);
209  tor_free(cf);
210  if (result < 0) {
211  log_warn(LD_CONFIG, "Error reading from fingerprint file");
212  return -1;
213  }
214 
215  fingerprint_list_new = authdir_config_new();
216 
217  for (list=front; list; list=list->next) {
218  rtr_flags_t add_status = 0;
219  nickname = list->key; fingerprint = list->value;
220  tor_strstrip(fingerprint, " "); /* remove spaces */
221 
222  /* Determine what we should do with the relay with the nickname field. */
223  if (!strcasecmp(nickname, "!reject")) {
224  add_status = RTR_REJECT;
225  } else if (!strcasecmp(nickname, "!badexit")) {
226  add_status = RTR_BADEXIT;
227  } else if (!strcasecmp(nickname, "!invalid")) {
228  add_status = RTR_INVALID;
229  }
230 
231  /* Check if fingerprint is RSA or ed25519 by verifying it. */
232  int ed25519_not_ok = -1, rsa_not_ok = -1;
233 
234  /* Attempt to add the RSA key. */
235  if (strlen(fingerprint) == HEX_DIGEST_LEN) {
236  rsa_not_ok = add_rsa_fingerprint_to_dir(fingerprint,
237  fingerprint_list_new,
238  add_status);
239  }
240 
241  /* Check ed25519 key. We check the size to prevent buffer overflows.
242  * If valid, attempt to add it, */
243  ed25519_public_key_t ed25519_pubkey_tmp;
244  if (strlen(fingerprint) == BASE64_DIGEST256_LEN) {
245  if (!digest256_from_base64((char *) ed25519_pubkey_tmp.pubkey,
246  fingerprint)) {
247  ed25519_not_ok = add_ed25519_to_dir(&ed25519_pubkey_tmp,
248  fingerprint_list_new, add_status);
249  }
250  }
251 
252  /* If both keys are invalid (or missing), log and skip. */
253  if (ed25519_not_ok && rsa_not_ok) {
254  log_warn(LD_CONFIG, "Invalid fingerprint (nickname '%s', "
255  "fingerprint %s). Skipping.", nickname, fingerprint);
256  continue;
257  }
258  }
259 
260  config_free_lines(front);
262  fingerprint_list = fingerprint_list_new;
263  /* Delete any routers whose fingerprints we no longer recognize */
265  return 0;
266 }
267 
268 /* If this is set, then we don't allow routers that have advertised an Ed25519
269  * identity to stop doing so. This is going to be essential for good identity
270  * security: otherwise anybody who can attack RSA-1024 but not Ed25519 could
271  * just sign fake descriptors missing the Ed25519 key. But we won't actually
272  * be able to prevent that kind of thing until we're confident that there isn't
273  * actually a legit reason to downgrade to 0.2.5. Now we are not recommending
274  * 0.2.5 anymore so there is no reason to keep the #undef.
275  */
276 
277 #define DISABLE_DISABLING_ED25519
278 
279 /** Check whether <b>router</b> has:
280  * - a nickname/identity key combination that we recognize from the fingerprint
281  * list,
282  * - an IP we automatically act on according to our configuration,
283  * - an appropriate version, and
284  * - matching pinned keys.
285  *
286  * Return the appropriate router status.
287  *
288  * If the status is 'RTR_REJECT' and <b>msg</b> is provided, set
289  * *<b>msg</b> to a string constant explaining why. */
290 uint32_t
291 dirserv_router_get_status(const routerinfo_t *router, const char **msg,
292  int severity)
293 {
294  char d[DIGEST_LEN];
295  const int key_pinning = dirauth_get_options()->AuthDirPinKeys;
296  uint32_t r;
297  ed25519_public_key_t *signing_key = NULL;
298 
299  if (crypto_pk_get_digest(router->identity_pkey, d)) {
300  log_warn(LD_BUG,"Error computing fingerprint");
301  if (msg)
302  *msg = "Bug: Error computing fingerprint";
303  return RTR_REJECT;
304  }
305 
306  /* First, check for the more common reasons to reject a router. */
307  if (router->cache_info.signing_key_cert) {
308  /* This has an ed25519 identity key. */
309  signing_key = &router->cache_info.signing_key_cert->signing_key;
310  }
311  r = dirserv_get_status_impl(d, signing_key, router->nickname,
312  &router->ipv4_addr, router->ipv4_orport,
313  router->platform, msg, severity);
314 
315  if (r)
316  return r;
317 
318  /* dirserv_get_status_impl already rejects versions older than 0.2.4.18-rc,
319  * and onion_curve25519_pkey was introduced in 0.2.4.8-alpha.
320  * But just in case a relay doesn't provide or lies about its version, or
321  * doesn't include an ntor key in its descriptor, check that it exists,
322  * and is non-zero (clients check that it's non-zero before using it). */
323  if (!routerinfo_has_curve25519_onion_key(router)) {
324  log_fn(severity, LD_DIR,
325  "Descriptor from router %s is missing an ntor curve25519 onion "
326  "key.", router_describe(router));
327  if (msg)
328  *msg = "Missing ntor curve25519 onion key. Please upgrade!";
329  return RTR_REJECT;
330  }
331 
332  if (router->cache_info.signing_key_cert) {
333  /* This has an ed25519 identity key. */
334  if (KEYPIN_MISMATCH ==
335  keypin_check((const uint8_t*)router->cache_info.identity_digest,
336  router->cache_info.signing_key_cert->signing_key.pubkey)) {
337  log_fn(severity, LD_DIR,
338  "Descriptor from router %s has an Ed25519 key, "
339  "but the <rsa,ed25519> keys don't match what they were before.",
340  router_describe(router));
341  if (key_pinning) {
342  if (msg) {
343  *msg = "Ed25519 identity key or RSA identity key has changed.";
344  }
345  return RTR_REJECT;
346  }
347  }
348  } else {
349  /* No ed25519 key */
350  if (KEYPIN_MISMATCH == keypin_check_lone_rsa(
351  (const uint8_t*)router->cache_info.identity_digest)) {
352  log_fn(severity, LD_DIR,
353  "Descriptor from router %s has no Ed25519 key, "
354  "when we previously knew an Ed25519 for it. Ignoring for now, "
355  "since Ed25519 keys are fairly new.",
356  router_describe(router));
357 #ifdef DISABLE_DISABLING_ED25519
358  if (key_pinning) {
359  if (msg) {
360  *msg = "Ed25519 identity key has disappeared.";
361  }
362  return RTR_REJECT;
363  }
364 #endif /* defined(DISABLE_DISABLING_ED25519) */
365  }
366  }
367 
368  return 0;
369 }
370 
371 /** Return true if there is no point in downloading the router described by
372  * <b>rs</b> because this directory would reject it. */
373 int
375  const vote_routerstatus_t *vrs)
376 {
377  uint32_t res;
378  struct ed25519_public_key_t pk;
379  memcpy(&pk.pubkey, vrs->ed25519_id, ED25519_PUBKEY_LEN);
380 
382  &rs->ipv4_addr, rs->ipv4_orport, NULL, NULL,
383  LOG_DEBUG);
384 
385  return (res & RTR_REJECT) != 0;
386 }
387 
388 /**
389  * Check whether the platform string in <b>platform</b> describes a platform
390  * that, as a directory authority, we want to reject. If it does, return
391  * true, and set *<b>msg</b> (if present) to a rejection message. Otherwise
392  * return false.
393  */
394 STATIC bool
395 dirserv_rejects_tor_version(const char *platform,
396  const char **msg)
397 {
398  if (!platform)
399  return false;
400 
401  static const char please_upgrade_string[] =
402  "Tor version is insecure or unsupported. Please upgrade!";
403 
404  /* Versions before Tor 0.3.5 are unsupported.
405  *
406  * Also, reject unstable versions of 0.3.5, since (as of this writing)
407  * they are almost none of the network. */
408  if (!tor_version_as_new_as(platform,"0.3.5.7")) {
409  if (msg)
410  *msg = please_upgrade_string;
411  return true;
412  }
413 
414  /* Series between Tor 0.3.6 and 0.4.1 inclusive are unsupported. Reject
415  * them. 0.3.6.0-alpha-dev only existed for a short time, before it was
416  * renamed to 0.4.0.0-alpha-dev. */
417  if (tor_version_as_new_as(platform,"0.3.6.0-alpha-dev") &&
418  !tor_version_as_new_as(platform,"0.4.2.1-alpha")) {
419  if (msg) {
420  *msg = please_upgrade_string;
421  }
422  return true;
423  }
424 
425  return false;
426 }
427 
428 /** Helper: As dirserv_router_get_status, but takes the router fingerprint
429  * (hex, no spaces), ed25519 key, nickname, address (used for logging only),
430  * IP address, OR port and platform (logging only) as arguments.
431  *
432  * Log messages at 'severity'. (There's not much point in
433  * logging that we're rejecting servers we'll not download.)
434  */
435 static uint32_t
436 dirserv_get_status_impl(const char *id_digest,
437  const ed25519_public_key_t *ed25519_public_key,
438  const char *nickname, const tor_addr_t *ipv4_addr,
439  uint16_t ipv4_orport, const char *platform,
440  const char **msg, int severity)
441 {
442  uint32_t result = 0;
443  rtr_flags_t *status_by_digest;
444 
445  if (!fingerprint_list)
447 
448  log_debug(LD_DIRSERV, "%d fingerprints, %d digests known.",
449  strmap_size(fingerprint_list->fp_by_name),
450  digestmap_size(fingerprint_list->status_by_digest));
451 
452  if (platform) {
453  tor_version_t ver_tmp;
454  if (tor_version_parse_platform(platform, &ver_tmp, 1) < 0) {
455  if (msg) {
456  *msg = "Malformed platform string.";
457  }
458  return RTR_REJECT;
459  }
460  }
461 
462  /* Check whether the version is obsolete, broken, insecure, etc... */
463  if (platform && dirserv_rejects_tor_version(platform, msg)) {
464  return RTR_REJECT;
465  }
466 
467  status_by_digest = digestmap_get(fingerprint_list->status_by_digest,
468  id_digest);
469  if (status_by_digest)
470  result |= *status_by_digest;
471 
472  if (ed25519_public_key) {
473  status_by_digest = digest256map_get(fingerprint_list->status_by_digest256,
474  ed25519_public_key->pubkey);
475  if (status_by_digest)
476  result |= *status_by_digest;
477  }
478 
479  if (result & RTR_REJECT) {
480  if (msg)
481  *msg = "Fingerprint and/or ed25519 identity is marked rejected -- if "
482  "you think this is a mistake please set a valid email address "
483  "in ContactInfo and send an email to "
484  "bad-relays@lists.torproject.org mentioning your fingerprint(s)?";
485  return RTR_REJECT;
486  } else if (result & RTR_INVALID) {
487  if (msg)
488  *msg = "Fingerprint and/or ed25519 identity is marked invalid";
489  }
490 
491  if (authdir_policy_badexit_address(ipv4_addr, ipv4_orport)) {
492  log_fn(severity, LD_DIRSERV,
493  "Marking '%s' as bad exit because of address '%s'",
494  nickname, fmt_addr(ipv4_addr));
495  result |= RTR_BADEXIT;
496  }
497 
498  if (!authdir_policy_permits_address(ipv4_addr, ipv4_orport)) {
499  log_fn(severity, LD_DIRSERV, "Rejecting '%s' because of address '%s'",
500  nickname, fmt_addr(ipv4_addr));
501  if (msg)
502  *msg = "Suspicious relay address range -- if you think this is a "
503  "mistake please set a valid email address in ContactInfo and "
504  "send an email to bad-relays@lists.torproject.org mentioning "
505  "your address(es) and fingerprint(s)?";
506  return RTR_REJECT;
507  }
508  if (!authdir_policy_valid_address(ipv4_addr, ipv4_orport)) {
509  log_fn(severity, LD_DIRSERV,
510  "Not marking '%s' valid because of address '%s'",
511  nickname, fmt_addr(ipv4_addr));
512  result |= RTR_INVALID;
513  }
514 
515  return result;
516 }
517 
518 /** Clear the current fingerprint list. */
519 void
521 {
522  if (!fingerprint_list)
523  return;
524 
525  strmap_free(fingerprint_list->fp_by_name, tor_free_);
526  digestmap_free(fingerprint_list->status_by_digest, tor_free_);
527  digest256map_free(fingerprint_list->status_by_digest256, tor_free_);
529 }
530 
531 /*
532  * Descriptor list
533  */
534 
535 /** Return -1 if <b>ri</b> has a private or otherwise bad address,
536  * unless we're configured to not care. Return 0 if all ok. */
537 STATIC int
539 {
540  if (get_options()->DirAllowPrivateAddresses)
541  return 0; /* whatever it is, we're fine with it */
542 
543  if (tor_addr_is_null(&ri->ipv4_addr) ||
544  tor_addr_is_internal(&ri->ipv4_addr, 0)) {
545  log_info(LD_DIRSERV,
546  "Router %s published internal IPv4 address. Refusing.",
547  router_describe(ri));
548  return -1; /* it's a private IP, we should reject it */
549  }
550 
551  /* We only check internal v6 on non-null addresses because we do not require
552  * IPv6 and null IPv6 is normal. */
553  if (!tor_addr_is_null(&ri->ipv6_addr) &&
554  tor_addr_is_internal(&ri->ipv6_addr, 0)) {
555  log_info(LD_DIRSERV,
556  "Router %s published internal IPv6 address. Refusing.",
557  router_describe(ri));
558  return -1; /* it's a private IP, we should reject it */
559  }
560 
561  return 0;
562 }
563 
564 /** Check whether we, as a directory server, want to accept <b>ri</b>. If so,
565  * set its is_valid,running fields and return 0. Otherwise, return -1.
566  *
567  * If the router is rejected, set *<b>msg</b> to a string constant explining
568  * why.
569  *
570  * If <b>complain</b> then explain at log-level 'notice' why we refused
571  * a descriptor; else explain at log-level 'info'.
572  */
573 int
575  int complain, int *valid_out)
576 {
577  /* Okay. Now check whether the fingerprint is recognized. */
578  time_t now;
579  int severity = (complain && ri->contact_info) ? LOG_NOTICE : LOG_INFO;
580  uint32_t status = dirserv_router_get_status(ri, msg, severity);
581  tor_assert(msg);
582  if (status & RTR_REJECT)
583  return -1; /* msg is already set. */
584 
585  /* Is there too much clock skew? */
586  now = time(NULL);
587  if (ri->cache_info.published_on > now+ROUTER_ALLOW_SKEW) {
588  log_fn(severity, LD_DIRSERV, "Publication time for %s is too "
589  "far (%d minutes) in the future; possible clock skew. Not adding "
590  "(%s)",
591  router_describe(ri),
592  (int)((ri->cache_info.published_on-now)/60),
593  esc_router_info(ri));
594  *msg = "Rejected: Your clock is set too far in the future, or your "
595  "timezone is not correct.";
596  return -1;
597  }
598  if (ri->cache_info.published_on < now-ROUTER_MAX_AGE_TO_PUBLISH) {
599  log_fn(severity, LD_DIRSERV,
600  "Publication time for %s is too far "
601  "(%d minutes) in the past. Not adding (%s)",
602  router_describe(ri),
603  (int)((now-ri->cache_info.published_on)/60),
604  esc_router_info(ri));
605  *msg = "Rejected: Server is expired, or your clock is too far in the past,"
606  " or your timezone is not correct.";
607  return -1;
608  }
609  if (dirserv_router_has_valid_address(ri) < 0) {
610  log_fn(severity, LD_DIRSERV,
611  "Router %s has invalid address. Not adding (%s).",
612  router_describe(ri),
613  esc_router_info(ri));
614  *msg = "Rejected: Address is a private address.";
615  return -1;
616  }
617 
618  *valid_out = ! (status & RTR_INVALID);
619 
620  return 0;
621 }
622 
623 /** Update the relevant flags of <b>node</b> based on our opinion as a
624  * directory authority in <b>authstatus</b>, as returned by
625  * dirserv_router_get_status or equivalent. */
626 void
628  uint32_t authstatus)
629 {
630  node->is_valid = (authstatus & RTR_INVALID) ? 0 : 1;
631  node->is_bad_exit = (authstatus & RTR_BADEXIT) ? 1 : 0;
632 }
633 
634 /** True iff <b>a</b> is more severe than <b>b</b>. */
635 static int
637 {
638  return a < b;
639 }
640 
641 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
642  * returns the most severe error that occurred for any one of them. */
644 dirserv_add_multiple_descriptors(const char *desc, size_t desclen,
645  uint8_t purpose,
646  const char *source,
647  const char **msg)
648 {
649  was_router_added_t r, r_tmp;
650  const char *msg_out;
651  smartlist_t *list;
652  const char *s;
653  int n_parsed = 0;
654  time_t now = time(NULL);
655  char annotation_buf[ROUTER_ANNOTATION_BUF_LEN];
656  char time_buf[ISO_TIME_LEN+1];
657  int general = purpose == ROUTER_PURPOSE_GENERAL;
658  tor_assert(msg);
659 
660  r=ROUTER_ADDED_SUCCESSFULLY; /* Least severe return value. */
661 
662  if (!string_is_utf8_no_bom(desc, desclen)) {
663  *msg = "descriptor(s) or extrainfo(s) not valid UTF-8 or had BOM.";
664  return ROUTER_AUTHDIR_REJECTS;
665  }
666 
667  format_iso_time(time_buf, now);
668  if (tor_snprintf(annotation_buf, sizeof(annotation_buf),
669  "@uploaded-at %s\n"
670  "@source %s\n"
671  "%s%s%s", time_buf, escaped(source),
672  !general ? "@purpose " : "",
673  !general ? router_purpose_to_string(purpose) : "",
674  !general ? "\n" : "")<0) {
675  *msg = "Couldn't format annotations";
676  return ROUTER_AUTHDIR_BUG_ANNOTATIONS;
677  }
678 
679  s = desc;
680  list = smartlist_new();
681  if (!router_parse_list_from_string(&s, s+desclen, list, SAVED_NOWHERE, 0, 0,
682  annotation_buf, NULL)) {
683  SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
684  msg_out = NULL;
685  tor_assert(ri->purpose == purpose);
686  r_tmp = dirserv_add_descriptor(ri, &msg_out, source);
687  if (WRA_MORE_SEVERE(r_tmp, r)) {
688  r = r_tmp;
689  *msg = msg_out;
690  }
691  });
692  }
693  n_parsed += smartlist_len(list);
694  smartlist_clear(list);
695 
696  s = desc;
697  if (!router_parse_list_from_string(&s, s+desclen, list, SAVED_NOWHERE, 1, 0,
698  NULL, NULL)) {
699  SMARTLIST_FOREACH(list, extrainfo_t *, ei, {
700  msg_out = NULL;
701 
702  r_tmp = dirserv_add_extrainfo(ei, &msg_out);
703  if (WRA_MORE_SEVERE(r_tmp, r)) {
704  r = r_tmp;
705  *msg = msg_out;
706  }
707  });
708  }
709  n_parsed += smartlist_len(list);
710  smartlist_free(list);
711 
712  if (! *msg) {
713  if (!n_parsed) {
714  *msg = "No descriptors found in your POST.";
715  if (WRA_WAS_ADDED(r))
716  r = ROUTER_IS_ALREADY_KNOWN;
717  } else {
718  *msg = "(no message)";
719  }
720  }
721 
722  return r;
723 }
724 
725 /** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
726  * the list of server descriptors. Set *<b>msg</b> to a message that should be
727  * passed back to the origin of this descriptor, or NULL if there is no such
728  * message. Use <b>source</b> to produce better log messages.
729  *
730  * If <b>ri</b> is not added to the list of server descriptors, free it.
731  * That means the caller must not access <b>ri</b> after this function
732  * returns, since it might have been freed.
733  *
734  * Return the status of the operation, and set *<b>msg</b> to a string
735  * constant describing the status.
736  *
737  * This function is only called when fresh descriptors are posted, not when
738  * we re-load the cache.
739  */
741 dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
742 {
744  routerinfo_t *ri_old;
745  char *desc, *nickname;
746  const size_t desclen = ri->cache_info.signed_descriptor_len +
747  ri->cache_info.annotations_len;
748  const int key_pinning = dirauth_get_options()->AuthDirPinKeys;
749  *msg = NULL;
750 
751  /* If it's too big, refuse it now. Otherwise we'll cache it all over the
752  * network and it'll clog everything up. */
753  if (ri->cache_info.signed_descriptor_len > MAX_DESCRIPTOR_UPLOAD_SIZE) {
754  log_notice(LD_DIR, "Somebody attempted to publish a router descriptor '%s'"
755  " (source: %s) with size %d. Either this is an attack, or the "
756  "MAX_DESCRIPTOR_UPLOAD_SIZE (%d) constant is too low.",
757  ri->nickname, source, (int)ri->cache_info.signed_descriptor_len,
759  *msg = "Router descriptor was too large.";
760  r = ROUTER_AUTHDIR_REJECTS;
761  goto fail;
762  }
763 
764  /* Check whether this descriptor is semantically identical to the last one
765  * from this server. (We do this here and not in router_add_to_routerlist
766  * because we want to be able to accept the newest router descriptor that
767  * another authority has, so we all converge on the same one.) */
768  ri_old = router_get_mutable_by_digest(ri->cache_info.identity_digest);
769  if (ri_old && ri_old->cache_info.published_on < ri->cache_info.published_on
770  && router_differences_are_cosmetic(ri_old, ri)
771  && !router_is_me(ri)) {
772  log_info(LD_DIRSERV,
773  "Not replacing descriptor from %s (source: %s); "
774  "differences are cosmetic.",
775  router_describe(ri), source);
776  *msg = "Not replacing router descriptor; no information has changed since "
777  "the last one with this identity.";
778  r = ROUTER_IS_ALREADY_KNOWN;
779  goto fail;
780  }
781 
782  /* Do keypinning again ... this time, to add the pin if appropriate */
783  int keypin_status;
784  if (ri->cache_info.signing_key_cert) {
785  ed25519_public_key_t *pkey = &ri->cache_info.signing_key_cert->signing_key;
786  /* First let's validate this pubkey before pinning it */
787  if (ed25519_validate_pubkey(pkey) < 0) {
788  log_warn(LD_DIRSERV, "Received bad key from %s (source %s)",
789  router_describe(ri), source);
790  routerinfo_free(ri);
791  return ROUTER_AUTHDIR_REJECTS;
792  }
793 
794  /* Now pin it! */
795  keypin_status = keypin_check_and_add(
796  (const uint8_t*)ri->cache_info.identity_digest,
797  pkey->pubkey, ! key_pinning);
798  } else {
799  keypin_status = keypin_check_lone_rsa(
800  (const uint8_t*)ri->cache_info.identity_digest);
801 #ifndef DISABLE_DISABLING_ED25519
802  if (keypin_status == KEYPIN_MISMATCH)
803  keypin_status = KEYPIN_NOT_FOUND;
804 #endif
805  }
806  if (keypin_status == KEYPIN_MISMATCH && key_pinning) {
807  log_info(LD_DIRSERV, "Dropping descriptor from %s (source: %s) because "
808  "its key did not match an older RSA/Ed25519 keypair",
809  router_describe(ri), source);
810  *msg = "Looks like your keypair has changed? This authority previously "
811  "recorded a different RSA identity for this Ed25519 identity (or vice "
812  "versa.) Did you replace or copy some of your key files, but not "
813  "the others? You should either restore the expected keypair, or "
814  "delete your keys and restart Tor to start your relay with a new "
815  "identity.";
816  r = ROUTER_AUTHDIR_REJECTS;
817  goto fail;
818  }
819 
820  /* Make a copy of desc, since router_add_to_routerlist might free
821  * ri and its associated signed_descriptor_t. */
822  desc = tor_strndup(ri->cache_info.signed_descriptor_body, desclen);
823  nickname = tor_strdup(ri->nickname);
824 
825  /* Tell if we're about to need to launch a test if we add this. */
828 
829  r = router_add_to_routerlist(ri, msg, 0, 0);
830  if (!WRA_WAS_ADDED(r)) {
831  /* unless the routerinfo was fine, just out-of-date */
832  log_info(LD_DIRSERV,
833  "Did not add descriptor from '%s' (source: %s): %s.",
834  nickname, source, *msg ? *msg : "(no message)");
835  } else {
836  smartlist_t *changed;
837 
838  changed = smartlist_new();
839  smartlist_add(changed, ri);
840  routerlist_descriptors_added(changed, 0);
841  smartlist_free(changed);
842  if (!*msg) {
843  *msg = "Descriptor accepted";
844  }
845  log_info(LD_DIRSERV,
846  "Added descriptor from '%s' (source: %s): %s.",
847  nickname, source, *msg);
848  }
849  tor_free(desc);
850  tor_free(nickname);
851  return r;
852  fail:
853  {
854  const char *desc_digest = ri->cache_info.signed_descriptor_digest;
855  download_status_t *dls =
857  if (dls) {
858  log_info(LD_GENERAL, "Marking router with descriptor %s as rejected, "
859  "and therefore undownloadable",
860  hex_str(desc_digest, DIGEST_LEN));
862  }
863  routerinfo_free(ri);
864  }
865  return r;
866 }
867 
868 /** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
869 static was_router_added_t
870 dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
871 {
872  routerinfo_t *ri;
873  int r;
875  tor_assert(msg);
876  *msg = NULL;
877 
878  /* Needs to be mutable so routerinfo_incompatible_with_extrainfo
879  * can mess with some of the flags in ri->cache_info. */
880  ri = router_get_mutable_by_digest(ei->cache_info.identity_digest);
881  if (!ri) {
882  *msg = "No corresponding router descriptor for extra-info descriptor";
883  rv = ROUTER_BAD_EI;
884  goto fail;
885  }
886 
887  /* If it's too big, refuse it now. Otherwise we'll cache it all over the
888  * network and it'll clog everything up. */
889  if (ei->cache_info.signed_descriptor_len > MAX_EXTRAINFO_UPLOAD_SIZE) {
890  log_notice(LD_DIR, "Somebody attempted to publish an extrainfo "
891  "with size %d. Either this is an attack, or the "
892  "MAX_EXTRAINFO_UPLOAD_SIZE (%d) constant is too low.",
893  (int)ei->cache_info.signed_descriptor_len,
895  *msg = "Extrainfo document was too large";
896  rv = ROUTER_BAD_EI;
897  goto fail;
898  }
899 
901  &ri->cache_info, msg))) {
902  if (r<0) {
903  extrainfo_free(ei);
904  return ROUTER_IS_ALREADY_KNOWN;
905  }
906  rv = ROUTER_BAD_EI;
907  goto fail;
908  }
909  router_add_extrainfo_to_routerlist(ei, msg, 0, 0);
910  return ROUTER_ADDED_SUCCESSFULLY;
911  fail:
912  {
913  const char *d = ei->cache_info.signed_descriptor_digest;
915  if (sd) {
916  log_info(LD_GENERAL, "Marking extrainfo with descriptor %s as "
917  "rejected, and therefore undownloadable",
918  hex_str((char*)d,DIGEST_LEN));
920  }
921  extrainfo_free(ei);
922  }
923  return rv;
924 }
925 
926 /** Remove all descriptors whose nicknames or fingerprints no longer
927  * are allowed by our fingerprint list. (Descriptors that used to be
928  * good can become bad when we reload the fingerprint list.)
929  */
930 static void
932 {
934  smartlist_t *nodes = smartlist_new();
936 
937  SMARTLIST_FOREACH_BEGIN(nodes, node_t *, node) {
938  const char *msg = NULL;
939  const char *description;
940  routerinfo_t *ent = node->ri;
941  uint32_t r;
942  if (!ent)
943  continue;
944  r = dirserv_router_get_status(ent, &msg, LOG_INFO);
945  description = router_describe(ent);
946  if (r & RTR_REJECT) {
947  log_info(LD_DIRSERV, "Router %s is now rejected: %s",
948  description, msg?msg:"");
949  routerlist_remove(rl, ent, 0, time(NULL));
950  continue;
951  }
952  if (bool_neq((r & RTR_INVALID), !node->is_valid)) {
953  log_info(LD_DIRSERV, "Router '%s' is now %svalid.", description,
954  (r&RTR_INVALID) ? "in" : "");
955  node->is_valid = (r&RTR_INVALID)?0:1;
956  }
957  if (bool_neq((r & RTR_BADEXIT), node->is_bad_exit)) {
958  log_info(LD_DIRSERV, "Router '%s' is now a %s exit", description,
959  (r & RTR_BADEXIT) ? "bad" : "good");
960  node->is_bad_exit = (r&RTR_BADEXIT) ? 1: 0;
961  }
962  } SMARTLIST_FOREACH_END(node);
963 
965  smartlist_free(nodes);
966 }
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283
directory_remove_invalid
static void directory_remove_invalid(void)
Definition: process_descs.c:931
tor_free
#define tor_free(p)
Definition: malloc.h:52
routerinfo_t
Definition: routerinfo_st.h:20
versions.h
Header file for versions.c.
LOG_DEBUG
#define LOG_DEBUG
Definition: log.h:42
tor_free_
void tor_free_(void *mem)
Definition: malloc.c:227
router_add_extrainfo_to_routerlist
was_router_added_t router_add_extrainfo_to_routerlist(extrainfo_t *ei, const char **msg, int from_cache, int from_fetch)
Definition: routerlist.c:1748
hex_str
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
authdir_policy_permits_address
int authdir_policy_permits_address(const tor_addr_t *addr, uint16_t port)
Definition: policies.c:1082
routerinfo.h
Header file for routerinfo.c.
download_status_mark_impossible
void download_status_mark_impossible(download_status_t *dl)
Definition: dlstatus.c:393
authdir_config_t::status_by_digest256
digest256map_t * status_by_digest256
Definition: process_descs.h:37
authdir_config_new
static authdir_config_t * authdir_config_new(void)
Definition: process_descs.c:68
routerinfo_t::needs_retest_if_added
unsigned int needs_retest_if_added
Definition: routerinfo_st.h:81
tor_addr_t
Definition: address.h:69
extrainfo_t
Definition: extrainfo_st.h:18
router_differences_are_cosmetic
int router_differences_are_cosmetic(const routerinfo_t *r1, const routerinfo_t *r2)
Definition: routerlist.c:2970
LOG_NOTICE
#define LOG_NOTICE
Definition: log.h:50
ed25519_validate_pubkey
int ed25519_validate_pubkey(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:796
BASE64_DIGEST256_LEN
#define BASE64_DIGEST256_LEN
Definition: crypto_digest.h:29
tor_version_as_new_as
int tor_version_as_new_as(const char *platform, const char *cutoff)
Definition: versions.c:171
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
bool_neq
#define bool_neq(a, b)
Definition: logic.h:18
microdesc.h
Header file for microdesc.c.
LD_BUG
#define LD_BUG
Definition: log.h:86
router.h
Header file for router.c.
format_iso_time
void format_iso_time(char *buf, time_t t)
Definition: time_fmt.c:295
fingerprint_list
static authdir_config_t * fingerprint_list
Definition: process_descs.c:64
LD_GENERAL
#define LD_GENERAL
Definition: log.h:62
authdir_config_t::fp_by_name
strmap_t * fp_by_name
Definition: process_descs.h:35
routerinfo_t::identity_pkey
crypto_pk_t * identity_pkey
Definition: routerinfo_st.h:41
describe.h
Header file for describe.c.
smartlist_add_all
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
Definition: smartlist_core.c:125
signed_descriptor_t::annotations_len
size_t annotations_len
Definition: signed_descriptor_st.h:24
reachability.h
Header file for reachability.c.
dirserv_set_node_flags_from_authoritative_status
void dirserv_set_node_flags_from_authoritative_status(node_t *node, uint32_t authstatus)
Definition: process_descs.c:627
process_descs.h
Header file for process_descs.c.
smartlist_add
void smartlist_add(smartlist_t *sl, void *element)
Definition: smartlist_core.c:117
routerstatus_t
Definition: routerstatus_st.h:19
authdir_config_t
Definition: process_descs.h:34
routerstatus_t::nickname
char nickname[MAX_NICKNAME_LEN+1]
Definition: routerstatus_st.h:25
tor_version_t
Definition: tor_version_st.h:21
rtr_flags_t
uint32_t rtr_flags_t
Definition: process_descs.h:20
ED25519_PUBKEY_LEN
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
ROUTER_ALLOW_SKEW
#define ROUTER_ALLOW_SKEW
Definition: process_descs.c:51
authdir_config_t::status_by_digest
digestmap_t * status_by_digest
Definition: process_descs.h:36
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
router_purpose_to_string
const char * router_purpose_to_string(uint8_t p)
Definition: routerinfo.c:82
tor_snprintf
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
routerinfo_t::ipv6_addr
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:30
SMARTLIST_FOREACH
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: smartlist_foreach.h:112
add_rsa_fingerprint_to_dir
int add_rsa_fingerprint_to_dir(const char *fp, authdir_config_t *list, rtr_flags_t add_status)
Definition: process_descs.c:100
routerinfo_t::platform
char * platform
Definition: routerinfo_st.h:48
networkstatus.h
Header file for networkstatus.c.
string_is_utf8_no_bom
int string_is_utf8_no_bom(const char *str, size_t len)
Definition: util_string.c:557
signed_descriptor_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: signed_descriptor_st.h:31
ed25519_fmt
const char * ed25519_fmt(const ed25519_public_key_t *pkey)
Definition: crypto_format.c:193
base16_decode
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:506
tor_strstrip
void tor_strstrip(char *s, const char *strip)
Definition: util_string.c:111
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
keypin_check_lone_rsa
int keypin_check_lone_rsa(const uint8_t *rsa_id_digest)
Definition: keypin.c:282
add_ed25519_to_dir
int add_ed25519_to_dir(const ed25519_public_key_t *edkey, authdir_config_t *list, rtr_flags_t add_status)
Definition: process_descs.c:135
dirserv_router_get_status
uint32_t dirserv_router_get_status(const routerinfo_t *router, const char **msg, int severity)
Definition: process_descs.c:291
crypto_format.h
Header for crypto_format.c.
dirserv_get_status_impl
static uint32_t dirserv_get_status_impl(const char *id_digest, const ed25519_public_key_t *ed25519_public_key, const char *nickname, const tor_addr_t *ipv4_addr, uint16_t ipv4_orport, const char *platform, const char **msg, int severity)
Definition: process_descs.c:436
dirserv_add_multiple_descriptors
was_router_added_t dirserv_add_multiple_descriptors(const char *desc, size_t desclen, uint8_t purpose, const char *source, const char **msg)
Definition: process_descs.c:644
dirserv_would_reject_router
int dirserv_would_reject_router(const routerstatus_t *rs, const vote_routerstatus_t *vrs)
Definition: process_descs.c:374
routerlist_t
Definition: routerlist_st.h:18
routerinfo_t::ipv4_addr
tor_addr_t ipv4_addr
Definition: routerinfo_st.h:25
LD_FS
#define LD_FS
Definition: log.h:70
routerstatus_t::ipv4_orport
uint16_t ipv4_orport
Definition: routerstatus_st.h:33
authdir_wants_to_reject_router
int authdir_wants_to_reject_router(routerinfo_t *ri, const char **msg, int complain, int *valid_out)
Definition: process_descs.c:574
node_t
Definition: node_st.h:34
RFTS_IGNORE_MISSING
#define RFTS_IGNORE_MISSING
Definition: files.h:101
vote_routerstatus_st.h
Routerstatus (vote entry) structure.
dirauth_options_st.h
Structure dirauth_options_t to hold directory authority options.
torcert.h
Header for torcert.c.
vote_routerstatus_t::ed25519_id
uint8_t ed25519_id[ED25519_PUBKEY_LEN]
Definition: vote_routerstatus_st.h:42
vote_routerstatus_t
Definition: vote_routerstatus_st.h:18
router_get_dl_status_by_descriptor_digest
download_status_t * router_get_dl_status_by_descriptor_digest(const char *d)
Definition: networkstatus.c:816
directory.h
Header file for directory.c.
crypto_pk_get_digest
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
Definition: crypto_rsa.c:356
ed25519_public_key_t
Definition: crypto_ed25519.h:23
signed_descriptor_t::signed_descriptor_digest
char signed_descriptor_digest[DIGEST_LEN]
Definition: signed_descriptor_st.h:29
escaped
const char * escaped(const char *s)
Definition: escape.c:126
microdesc_st.h
Microdescriptor structure.
keypin.h
Header for keypin.c.
download_status_t
Definition: download_status_st.h:41
node_t::is_bad_exit
unsigned int is_bad_exit
Definition: node_st.h:71
nodelist.h
Header file for nodelist.c.
routerlist.h
Header file for routerlist.c.
MAX_DESCRIPTOR_UPLOAD_SIZE
#define MAX_DESCRIPTOR_UPLOAD_SIZE
Definition: or.h:127
dirauth_options_t::AuthDirPinKeys
BOOL AuthDirPinKeys
Definition: dirauth_options.inc:34
dirserv_router_has_valid_address
STATIC int dirserv_router_has_valid_address(routerinfo_t *ri)
Definition: process_descs.c:538
routerinfo_st.h
Router descriptor structure.
ROUTER_MAX_AGE_TO_PUBLISH
#define ROUTER_MAX_AGE_TO_PUBLISH
Definition: or.h:161
LD_CONFIG
#define LD_CONFIG
Definition: log.h:68
routerinfo_t::contact_info
char * contact_info
Definition: routerinfo_st.h:67
routerlist_descriptors_added
void routerlist_descriptors_added(smartlist_t *sl, int from_cache)
Definition: routerlist.c:2017
WRA_WAS_ADDED
static int WRA_WAS_ADDED(was_router_added_t s)
Definition: routerlist.h:106
digest256_from_base64
int digest256_from_base64(char *digest, const char *d64)
Definition: crypto_format.c:320
dirserv_load_fingerprint_file
int dirserv_load_fingerprint_file(void)
Definition: process_descs.c:187
WRA_MORE_SEVERE
static int WRA_MORE_SEVERE(was_router_added_t a, was_router_added_t b)
Definition: process_descs.c:636
router_get_by_extrainfo_digest
signed_descriptor_t * router_get_by_extrainfo_digest(const char *digest)
Definition: routerlist.c:796
LOG_INFO
#define LOG_INFO
Definition: log.h:45
signed_descriptor_t::ei_dl_status
download_status_t ei_dl_status
Definition: signed_descriptor_st.h:42
fmt_addr
#define fmt_addr(a)
Definition: address.h:239
keypin_check
int keypin_check(const uint8_t *rsa_id_digest, const uint8_t *ed25519_id_key)
Definition: keypin.c:155
get_options
const or_options_t * get_options(void)
Definition: config.c:929
dirserv_add_descriptor
was_router_added_t dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
Definition: process_descs.c:741
tor_version_st.h
Parsed Tor version structure.
routerinfo_incompatible_with_extrainfo
int routerinfo_incompatible_with_extrainfo(const crypto_pk_t *identity_pkey, extrainfo_t *ei, signed_descriptor_t *sd, const char **msg)
Definition: routerlist.c:3066
smartlist_clear
void smartlist_clear(smartlist_t *sl)
Definition: smartlist_core.c:50
routerstatus_st.h
Routerstatus (consensus entry) structure.
signed_descriptor_t::signing_key_cert
struct tor_cert_st * signing_key_cert
Definition: signed_descriptor_st.h:39
authdir_policy_valid_address
int authdir_policy_valid_address(const tor_addr_t *addr, uint16_t port)
Definition: policies.c:1093
keypin_check_and_add
int keypin_check_and_add(const uint8_t *rsa_id_digest, const uint8_t *ed25519_id_key, const int replace_existing_entry)
Definition: keypin.c:142
nodelist_get_list
const smartlist_t * nodelist_get_list(void)
Definition: nodelist.c:966
MAX_EXTRAINFO_UPLOAD_SIZE
#define MAX_EXTRAINFO_UPLOAD_SIZE
Definition: or.h:130
router_parse_list_from_string
int router_parse_list_from_string(const char **s, const char *eos, smartlist_t *dest, saved_location_t saved_location, int want_extrainfo, int allow_annotations, const char *prepend_annotations, smartlist_t *invalid_digests_out)
Definition: routerparse.c:249
confline.h
Header for confline.c.
extrainfo_st.h
A relay's extra-info structure.
tor_addr_is_null
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
crypto_pk_get_fingerprint
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out, int add_space)
Definition: crypto_rsa.c:229
dirserv_add_own_fingerprint
int dirserv_add_own_fingerprint(crypto_pk_t *pk, const ed25519_public_key_t *edkey)
Definition: process_descs.c:161
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
dlstatus.h
Header file for dlstatus.c.
crypto_pk_t
Definition: crypto_rsa_nss.c:37
router_get_routerlist
routerlist_t * router_get_routerlist(void)
Definition: routerlist.c:894
HEX_DIGEST_LEN
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
node_st.h
Node information structure.
was_router_added_t
was_router_added_t
Definition: routerlist.h:17
router_describe
const char * router_describe(const routerinfo_t *ri)
Definition: describe.c:122
policies.h
Header file for policies.c.
tor_version_parse_platform
int tor_version_parse_platform(const char *platform, tor_version_t *router_version, int strict)
Definition: versions.c:127
ROUTER_ANNOTATION_BUF_LEN
#define ROUTER_ANNOTATION_BUF_LEN
Definition: or.h:804
config_line_t
Definition: confline.h:29
dirserv_add_extrainfo
static was_router_added_t dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
Definition: process_descs.c:870
config.h
Header file for config.c.
dirserv_rejects_tor_version
STATIC bool dirserv_rejects_tor_version(const char *platform, const char **msg)
Definition: process_descs.c:395
router_is_me
int router_is_me(const routerinfo_t *router)
Definition: router.c:1727
LD_DIRSERV
#define LD_DIRSERV
Definition: log.h:90
dirauth_sys.h
Header for dirauth_sys.c.
routerlist_assert_ok
void routerlist_assert_ok(const routerlist_t *rl)
Definition: routerlist.c:3203
authdir_policy_badexit_address
int authdir_policy_badexit_address(const tor_addr_t *addr, uint16_t port)
Definition: policies.c:1104
node_t::is_valid
unsigned int is_valid
Definition: node_st.h:65
signed_descriptor_t::published_on
time_t published_on
Definition: signed_descriptor_st.h:33
router_get_mutable_by_digest
routerinfo_t * router_get_mutable_by_digest(const char *digest)
Definition: routerlist.c:761
config_get_lines
int config_get_lines(const char *string, config_line_t **result, int extended)
Definition: confline.c:200
ROUTER_PURPOSE_GENERAL
#define ROUTER_PURPOSE_GENERAL
Definition: routerinfo_st.h:98
signed_descriptor_t
Definition: signed_descriptor_st.h:18
STATIC
#define STATIC
Definition: testsupport.h:32
dirserv_free_fingerprint_list
void dirserv_free_fingerprint_list(void)
Definition: process_descs.c:520
dirserv_should_launch_reachability_test
int dirserv_should_launch_reachability_test(const routerinfo_t *ri, const routerinfo_t *ri_old)
Definition: reachability.c:103
signed_descriptor_t::signed_descriptor_body
char * signed_descriptor_body
Definition: signed_descriptor_st.h:22
signed_descriptor_t::signed_descriptor_len
size_t signed_descriptor_len
Definition: signed_descriptor_st.h:26
routerparse.h
Header file for routerparse.c.
routerinfo_t::nickname
char * nickname
Definition: routerinfo_st.h:22
LD_DIR
#define LD_DIR
Definition: log.h:88
FINGERPRINT_LEN
#define FINGERPRINT_LEN
Definition: crypto_rsa.h:34
routerstatus_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: routerstatus_st.h:27
SAVED_NOWHERE
@ SAVED_NOWHERE
Definition: or.h:750
esc_router_info
const char * esc_router_info(const routerinfo_t *router)
Definition: routerlist.c:3291
smartlist_t
Definition: smartlist_core.h:26
routerlist_remove
void routerlist_remove(routerlist_t *rl, routerinfo_t *ri, int make_old, time_t now)
Definition: routerlist.c:1274
router_add_to_routerlist
was_router_added_t router_add_to_routerlist(routerinfo_t *router, const char **msg, int from_cache, int from_fetch)
Definition: routerlist.c:1572
or.h
Master header file for Tor-specific functionality.