aboutsummaryrefslogtreecommitdiff
path: root/contrib/dirauth-tools
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-04-28 11:34:53 -0400
committerNick Mathewson <nickm@torproject.org>2014-04-28 11:34:53 -0400
commit9230bc7c65cec68c66fa9c75751d6c6bd600e9fc (patch)
treeb9c2fe09bca52107a1595be0099bbc580dd39b19 /contrib/dirauth-tools
parent78b431d3e30def3641f25707197c55a1c7200269 (diff)
downloadtor-9230bc7c65cec68c66fa9c75751d6c6bd600e9fc.tar
tor-9230bc7c65cec68c66fa9c75751d6c6bd600e9fc.tar.gz
Clean the contrib directory with torch and machete.
We've accumulated a lot of cruft in this directory over the years: so much, that it passed the point of being so disorganized that we no longer browsed through it to see how bad it had gotten. This patch (based on changes by rl1987) tries to remove the most useless items, and split the others into reasonable directories. It creates a new scripts/ directory for maint and test scripts. This patch was generated with the script below. No other changes are made in this patch. ############# # new directories mkdir -p contrib/test-tools mkdir -p contrib/or-tools mkdir -p contrib/dirauth-tools mkdir -p contrib/operator-tools mkdir -p contrib/client-tools mkdir -p contrib/test-tools mkdir -p contrib/dist mkdir -p contrib/dist/suse mkdir -p contrib/win32build mkdir -p scripts/maint mkdir -p scripts/test ############ # Deleted -- nobody who wants this is going to be looking for it here any # longer. Also, nobody wants it. git rm contrib/auto-naming/README # Deleted: We no longer do polipo. git rm contrib/polipo/Makefile.mingw git rm contrib/polipo/README git rm contrib/polipo/polipo-mingw.nsi # We haven't even tried to run this for ages. It is a relic of a bygone era git rm contrib/mdd.py # contrib/dir-tools/directory-archive/ # Tools for running a directory archive. No longer used - deleting them. git rm contrib/directory-archive/crontab.sample git rm contrib/directory-archive/fetch-all git rm contrib/directory-archive/fetch-all-v3 git rm contrib/directory-archive/tar-them-up git rm contrib/directory-archive/fetch-all-functions git rm contrib/directory-archive/sort-into-month-folder # This appears to be related to very old windows packaging stuff. git rm contrib/bundle.nsi git rm contrib/package_nsis-weasel.sh git rm contrib/package_nsis.sh git rm contrib/netinst.nsi git rm contrib/torinst32.ico git rm contrib/xenobite.ico # This should not be needed for cross-compilation any more, should it? git rm contrib/cross.sh # I don't think anyone ever used this. git rm contrib/make-signature.sh # These are attempts to send tor controller commands from the command-line. # They don't support modern authentication. git rm contrib/tor-ctrl.sh # this is for fetching about a tor server from a dirauth. But it # doesn't authenticate the dirauth: yuck. git rm contrib/sd # wow, such unused, very perl4. git rm contrib/tor-stress ####### contrib/dirauth-tools/ # Tools for running a directory authority git mv contrib/add-tor contrib/dirauth-tools/ git mv contrib/nagios-check-tor-authority-cert contrib/dirauth-tools/ ####### # contrib/or-tools/ # Tools for examining relays git mv contrib/check-tor contrib/or-tools/check-tor git mv contrib/checksocks.pl contrib/or-tools/checksocks.pl git mv contrib/exitlist contrib/or-tools/exitlist ####### # contrib/operator-tools # Tools for running a relay. git mv contrib/linux-tor-prio.sh contrib/operator-tools/linux-tor-prio.sh git mv contrib/tor-exit-notice.html contrib/operator-tools/tor-exit-notice.html git mv contrib/tor.logrotate.in contrib/operator-tools/ ###### # contrib/dist git mv contrib/rc.subr contrib/dist/ git mv contrib/tor.sh.in contrib/dist/ git mv contrib/torctl.in contrib/dist/ git mv contrib/suse/* contrib/dist/suse/ ###### # client-tools git mv contrib/torify contrib/client-tools/torify git mv contrib/tor-resolve.py contrib/client-tools/ ###### # win32build git mv contrib/package_nsis-mingw.sh contrib/win32build/ git mv contrib/tor.nsi.in contrib/win32build/ # Erinn didn't ask for this... git mv contrib/tor-mingw.nsi.in contrib/win32build/ git mv contrib/tor.ico contrib/win32build/ ###### # scripts/test git mv contrib/cov-blame scripts/test/cov-blame git mv contrib/cov-diff scripts/test/cov-diff git mv contrib/coverage scripts/test/coverage git mv contrib/scan-build.sh scripts/test/ ######## scripts/maint # Maintainance scripts # # These are scripts for developers to use when hacking on Tor. They mostly # look at the Tor source in one way or another. git mv contrib/findMergedChanges.pl scripts/maint/findMergedChanges.pl git mv contrib/checkOptionDocs.pl scripts/maint/checkOptionDocs.pl git mv contrib/checkSpace.pl scripts/maint/checkSpace.pl git mv contrib/redox.py scripts/maint/redox.py git mv contrib/updateVersions.pl scripts/maint/updateVersions.pl git mv contrib/checkLogs.pl scripts/maint/checkLogs.pl git mv contrib/format_changelog.py scripts/maint/
Diffstat (limited to 'contrib/dirauth-tools')
-rwxr-xr-xcontrib/dirauth-tools/add-tor115
-rwxr-xr-xcontrib/dirauth-tools/nagios-check-tor-authority-cert86
2 files changed, 201 insertions, 0 deletions
diff --git a/contrib/dirauth-tools/add-tor b/contrib/dirauth-tools/add-tor
new file mode 100755
index 000000000..5a12abca8
--- /dev/null
+++ b/contrib/dirauth-tools/add-tor
@@ -0,0 +1,115 @@
+#!/usr/bin/ruby
+
+# add-tor - Add a tor fingerprint line to the approved-routers file
+#
+# Tor's approved-routers file is expected to be versioned using RCS.
+# This script checks for uncommitted changes, does a checkout of the
+# file, adds the new fingerprint with a comment stating the server's
+# operator, and commits the file to RCS again (using -u so that the
+# working copy is not removed.
+#
+# Operator and fingerprint line are read from stdin.
+#
+# Before adding a fingerprint line, approved-routers is checked for
+# rough syntactical correctness. This script also checks that the
+# nickname and fingerprint to be added do not already exist in the
+# binding list.
+
+
+# Copyright (c) 2006 by Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+BINDING = '/etc/tor/approved-routers'
+
+def mysys(cmd)
+ unless system(cmd)
+ STDERR.puts "ERROR: #{cmd} failed"
+ exit 1
+ end
+end
+
+def check_nick(n)
+ n =~ /^[a-zA-Z0-9]+$/
+end
+
+def check_fpr(fpr)
+ fpr =~ /^([0-9A-F]{4} ){9}[0-9A-F]{4}$/
+end
+
+def parse_fprline(fprline)
+ n = fprline[0 ... fprline.index(' ')]
+ f = fprline[fprline.index(' ') + 1 .. -1 ]
+ unless check_nick(n) and check_fpr(f)
+ STDERR.puts "Invalid fpr syntax '#{fprline}'"
+ exit 1
+ end
+ [n, f]
+end
+
+
+
+unless system("rcsdiff -q -u #{BINDING}")
+ STDERR.puts "Uncommitted changes in #{BINDING}. Aborting."
+ exit 1
+end
+
+puts "Checking out #{BINDING}..."
+mysys("co -l #{BINDING}")
+
+print "Operator: "
+@operator = readline.chop
+unless @operator.index('@')
+ STDERR.puts "ERROR: No @ found"
+ exit 1
+end
+
+print "FPR Line: "
+@fprline = readline.chop
+(@nickname, @fpr) = parse_fprline(@fprline)
+
+binding = File.new(BINDING, "r+")
+binding.readlines.each do |line|
+ line.chop!
+ next if line[0..0] == "#"
+ (n,f) = parse_fprline(line)
+ if (n == @nickname)
+ STDERR.puts
+ STDERR.puts "ERROR: Nickname #{n} already exists in #{BINDING} (fpr: #{f})"
+ exit 1
+ end
+ if (f == @fpr)
+ STDERR.puts
+ STDERR.puts "ERROR: Fpr #{f} already exists in #{BINDING} (nickname: #{n})"
+ exit 1
+ end
+end
+
+puts
+puts '| # ' + @operator
+puts '| ' + @fprline
+puts
+
+binding.puts '# '+@operator
+binding.puts @fprline
+binding.close
+
+puts "Committing #{BINDING}..."
+mysys("ci -u -m'Add #{@nickname}' #{BINDING}")
diff --git a/contrib/dirauth-tools/nagios-check-tor-authority-cert b/contrib/dirauth-tools/nagios-check-tor-authority-cert
new file mode 100755
index 000000000..46dc7284b
--- /dev/null
+++ b/contrib/dirauth-tools/nagios-check-tor-authority-cert
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+# nagios-check-tor-authority-cert - check certificate expiry time
+
+# A nagios check for Tor v3 directory authorities:
+# - Checks the current certificate expiry time
+#
+# Usage: nagios-check-tor-authority-cert <authority identity fingerprint>
+# e.g.: nagios-check-tor-authority-cert A9AC67E64B200BBF2FA26DF194AC0469E2A948C6
+
+# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+set -e
+set -u
+
+if [ -z "${1:-}" ]; then
+ echo "Usage: $0 <authority identity fingerprint>" 2>&1
+ exit 3
+fi
+
+identity="$1"
+
+DIRSERVERS=""
+DIRSERVERS="$DIRSERVERS 86.59.21.38:80" # tor26
+DIRSERVERS="$DIRSERVERS 128.31.0.34:9031" # moria1
+DIRSERVERS="$DIRSERVERS 216.224.124.114:9030" # ides
+DIRSERVERS="$DIRSERVERS 80.190.246.100:80" # gabelmoo
+#DIRSERVERS="$DIRSERVERS 140.247.60.64:80" # lefkada
+DIRSERVERS="$DIRSERVERS 194.109.206.212:80" # dizum
+DIRSERVERS="$DIRSERVERS 213.73.91.31:80" # dannenberg
+
+TMPFILE="`tempfile`"
+trap 'rm -f "$TMPFILE"' 0
+
+for dirserver in $DIRSERVERS; do
+ wget -q -O "$TMPFILE" "http://$dirserver/tor/keys/fp/$identity"
+ if [ "$?" = 0 ]; then
+ break
+ else
+ cat /dev/null > "$TMPFILE"
+ continue
+ fi
+done
+
+if ! [ -s "$TMPFILE" ] ; then
+ echo "UNKNOWN: Downloading certificate for $identity failed."
+ exit 3
+fi
+
+expirydate="$(awk '$1=="dir-key-expires" {printf "%s %s", $2, $3}' < "$TMPFILE")"
+expiryunix=$(TZ=UTC date -d "$expirydate" +%s)
+now=$(date +%s)
+
+if [ "$now" -ge "$expiryunix" ]; then
+ echo "CRITICAL: Certificate expired $expirydate (authority $identity)."
+ exit 2
+elif [ "$(( $now + 7*24*60*60 ))" -ge "$expiryunix" ]; then
+ echo "CRITICAL: Certificate expires $expirydate (authority $identity)."
+ exit 2
+elif [ "$(( $now + 30*24*60*60 ))" -ge "$expiryunix" ]; then
+ echo "WARNING: Certificate expires $expirydate (authority $identity)."
+ exit 1
+else
+ echo "OK: Certificate expires $expirydate (authority $identity)."
+ exit 0
+fi