aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/TODO1
-rw-r--r--doc/tor-spec.txt6
-rw-r--r--src/common/util.c28
-rw-r--r--src/common/util.h2
-rw-r--r--src/or/routers.c62
-rw-r--r--src/or/test.c33
6 files changed, 95 insertions, 37 deletions
diff --git a/doc/TODO b/doc/TODO
index 0e657c260..108da0565 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -44,7 +44,6 @@ ARMA . find an application that uses half-open connections: openssh
NICK - instruments ORs to report stats
- average cell fullness
- average bandwidth used
- - others?
. integrate rep_ok functions, see what breaks
ARMA - configure log files. separate log file, separate severities.
ARMA - what assumptions break if we fclose(0) when we daemonize?
diff --git a/doc/tor-spec.txt b/doc/tor-spec.txt
index 9f6e0fdfe..850440e06 100644
--- a/doc/tor-spec.txt
+++ b/doc/tor-spec.txt
@@ -441,7 +441,7 @@ which reveals the downstream node.
(Unless otherwise noted, tokens on the same line are space-separated.)
Router ::= Router-Line Date-Line Onion-Key Link-Key Signing-Key Exit-Policy Router-Signature NL
-Router-Line ::= "router" address ORPort APPort DirPort bandwidth NL
+Router-Line ::= "router" nickname address ORPort APPort DirPort bandwidth NL
Date-Line ::= "published" YYYY-MM-DD HH:MM:SS NL
Onion-key ::= "onion-key" NL a public key in PEM format NL
Link-key ::= "link-key" NL a public key in PEM format NL
@@ -457,9 +457,11 @@ APPort ::= where the router listens for applications (speaking socks)
DirPort ::= where the router listens for directory download requests
bandwidth ::= maximum bandwidth, in bytes/s
+nickname ::= between 1 and 32 alphanumeric characters. case-insensitive.
Example:
-router moria.mit.edu 9001 9021 9031 100000
+router moria1 moria.mit.edu 9001 9021 9031 100000
+published 2003-09-24 19:36:05
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAMBBuk1sYxEg5jLAJy86U3GGJ7EGMSV7yoA6mmcsEVU3pwTUrpbpCmwS
7BvovoY3z4zk63NZVBErgKQUDkn3pp8n83xZgEf4GI27gdWIIwaBjEimuJlEY+7K
diff --git a/src/common/util.c b/src/common/util.c
index 5cb2eb6de..8c3c6eab6 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -12,6 +12,9 @@
#include "util.h"
#include "log.h"
+#ifdef HAVE_UNAME
+#include <sys/utsname.h>
+#endif
/*
* Memory
@@ -480,3 +483,28 @@ try_next_line:
return 1;
}
+static char uname_result[256];
+static int uname_result_is_set = 0;
+
+const char *
+get_uname(void)
+{
+#ifdef HAVE_UNAME
+ struct utsname u;
+#endif
+ if (!uname_result_is_set) {
+#ifdef HAVE_UNAME
+ if (!uname((&u))) {
+ snprintf(uname_result, 255, "%s %s %s %s %s",
+ u.sysname, u.nodename, u.release, u.version, u.machine);
+ uname_result[255] = '\0';
+ } else
+#endif
+ {
+ strcpy(uname_result, "Unknown platform");
+ }
+ uname_result_is_set = 1;
+ }
+ return uname_result;
+}
+
diff --git a/src/common/util.h b/src/common/util.h
index 0f7ac3b4d..d1127260c 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -72,6 +72,8 @@ void spawn_exit();
int tor_socketpair(int family, int type, int protocol, int fd[2]);
+const char *get_uname(void);
+
/* For stupid historical reasons, windows sockets have an independent set of
* errnos which they use as the fancy strikes them.
*/
diff --git a/src/or/routers.c b/src/or/routers.c
index 23e86af03..e687321ef 100644
--- a/src/or/routers.c
+++ b/src/or/routers.c
@@ -13,9 +13,6 @@
*/
#include "or.h"
-#ifdef HAVE_UNAME
-#include <sys/utsname.h>
-#endif
/****************************************************************************/
@@ -771,6 +768,8 @@ routerinfo_t *router_get_entry_from_string(char**s) {
directory_token_t *tok = &_tok;
struct tm published;
+ int t;
+
#define NEXT_TOKEN() \
do { if (router_get_next_token(s, tok)) { \
log_fn(LOG_WARNING, "Error reading directory: %s", tok->val.error);\
@@ -779,8 +778,10 @@ routerinfo_t *router_get_entry_from_string(char**s) {
#define ARGS tok->val.cmd.args
- if (router_get_router_hash(*s, digest) < 0)
+ if (router_get_router_hash(*s, digest) < 0) {
+ log_fn(LOG_WARNING, "Couldn't compute router hash.");
return NULL;
+ }
NEXT_TOKEN();
@@ -802,11 +803,15 @@ routerinfo_t *router_get_entry_from_string(char**s) {
}
if (!(router->nickname = strdup(ARGS[0])))
goto err;
- if (strlen(router->nickname) > MAX_NICKNAME_LEN)
+ if (strlen(router->nickname) > MAX_NICKNAME_LEN) {
+ log_fn(LOG_WARNING,"Router nickname too long.");
goto err;
+ }
if (strspn(router->nickname, LEGAL_NICKNAME_CHARACTERS) !=
- strlen(router->nickname))
+ strlen(router->nickname)) {
+ log_fn(LOG_WARNING, "Router nickname contains illegal characters.");
goto err;
+ }
/* read router.address */
if (!(router->address = strdup(ARGS[1])))
@@ -830,6 +835,7 @@ routerinfo_t *router_get_entry_from_string(char**s) {
router->bandwidth = atoi(ARGS[5]);
if (!router->bandwidth) {
log_fn(LOG_WARNING,"bandwidth unreadable or 0. Failing.");
+ goto err;
}
log_fn(LOG_DEBUG,"or_port %d, ap_port %d, dir_port %d, bandwidth %d.",
@@ -900,9 +906,9 @@ routerinfo_t *router_get_entry_from_string(char**s) {
}
assert (router->identity_pkey);
- if (crypto_pk_public_checksig(router->identity_pkey, tok->val.signature,
- 128, signed_digest) != 20) {
- log_fn(LOG_WARNING, "Invalid signature");
+ if ((t=crypto_pk_public_checksig(router->identity_pkey, tok->val.signature,
+ 128, signed_digest)) != 20) {
+ log_fn(LOG_WARNING, "Invalid signature %d",t);
goto err;
}
if (memcmp(digest, signed_digest, 20)) {
@@ -1082,20 +1088,12 @@ int router_rebuild_descriptor(void) {
static void get_platform_str(char *platform, int len)
{
-#ifdef HAVE_UNAME
- struct utsname u;
- if (!uname(&u)) {
- snprintf(platform, len-1, "Tor %s on %s %s %s %s %s",
- VERSION, u.sysname, u.nodename, u.release, u.version, u.machine);
- platform[len-1] = '\0';
- return;
- } else
-#endif
- {
- snprintf(platform, len-1, "Tor %s", VERSION);
- }
+ snprintf(platform, len-1, "Tor %s on %s", VERSION, get_uname());
+ platform[len-1] = '\0';
+ return;
}
+#define DEBUG_ROUTER_DUMP_ROUTER_TO_STRING
int router_dump_router_to_string(char *s, int maxlen, routerinfo_t *router,
crypto_pk_env_t *ident_key) {
char *onion_pkey;
@@ -1109,9 +1107,18 @@ int router_dump_router_to_string(char *s, int maxlen, routerinfo_t *router,
int written;
int result=0;
struct exit_policy_t *tmpe;
+#ifdef DEBUG_ROUTER_DUMP_ROUTER_TO_STRING
+ char *s_tmp, *s_dup;
+ routerinfo_t *ri_tmp;
+#endif
get_platform_str(platform, sizeof(platform));
+ if (crypto_pk_cmp_keys(ident_key, router->identity_pkey)) {
+ log_fn(LOG_WARNING,"Tried to sign a router with a private key that didn't match router's public key!");
+ return -1;
+ }
+
if(crypto_pk_write_public_key_to_string(router->onion_pkey,
&onion_pkey,&onion_pkeylen)<0) {
log_fn(LOG_WARNING,"write onion_pkey to string failed!");
@@ -1196,6 +1203,19 @@ int router_dump_router_to_string(char *s, int maxlen, routerinfo_t *router,
/* include a last '\n' */
s[written] = '\n';
s[written+1] = 0;
+
+#ifdef DEBUG_ROUTER_DUMP_ROUTER_TO_STRING
+ s_tmp = s_dup = strdup(s);
+ ri_tmp = router_get_entry_from_string(&s_tmp);
+ if (!ri_tmp) {
+ log_fn(LOG_ERR, "We just generated a router descriptor we can't parse: <<%s>>",
+ s);
+ return -1;
+ }
+ free(s_dup);
+ routerinfo_free(ri_tmp);
+#endif
+
return written+1;
}
diff --git a/src/or/test.c b/src/or/test.c
index 5680166e3..3b6ff4650 100644
--- a/src/or/test.c
+++ b/src/or/test.c
@@ -490,11 +490,6 @@ test_onion_handshake() {
crypto_free_pk_env(pk);
}
-/* from main.c */
-int dump_router_to_string(char *s, int maxlen, routerinfo_t *router,
- crypto_pk_env_t *ident_key);
-void dump_directory_to_string(char *s, int maxlen);
-
/* from routers.c */
int compare_recommended_versions(char *myversion, char *start);
@@ -528,6 +523,7 @@ test_dir_format()
r1.link_pkey = pk3;
r1.bandwidth = 1000;
r1.exit_policy = NULL;
+ r1.nickname = "Magri";
ex1.policy_type = EXIT_POLICY_ACCEPT;
ex1.string = NULL;
@@ -556,8 +552,15 @@ test_dir_format()
&pk2_str_len));
test_assert(!crypto_pk_write_public_key_to_string(pk3 , &pk3_str,
&pk3_str_len));
+
+ memset(buf, 0, 2048);
+ log_set_severity(LOG_WARNING);
+ test_assert(router_dump_router_to_string(buf, 2048, &r1, pk2)>0);
- strcpy(buf2, "router testaddr1.foo.bar 9000 9002 9003 1000\n"
+ strcpy(buf2, "router Magri testaddr1.foo.bar 9000 9002 9003 1000\n"
+ "platform Tor "VERSION" on ");
+ strcat(buf2, get_uname());
+ strcat(buf2, "\n"
"published 1970-01-01 00:00:00\n"
"onion-key\n");
strcat(buf2, pk1_str);
@@ -566,13 +569,11 @@ test_dir_format()
strcat(buf2, "signing-key\n");
strcat(buf2, pk2_str);
strcat(buf2, "router-signature\n");
+ buf[strlen(buf2)] = '\0'; /* Don't compare the sig; it's never the same twice*/
- memset(buf, 0, 2048);
- test_assert(dump_router_to_string(buf, 2048, &r1, pk1)>0);
- buf[strlen(buf2)] = '\0'; /* Don't compare the sig; it's never the same 2ce*/
test_streq(buf, buf2);
- test_assert(dump_router_to_string(buf, 2048, &r1, pk1)>0);
+ test_assert(router_dump_router_to_string(buf, 2048, &r1, pk2)>0);
cp = buf;
rp1 = router_get_entry_from_string(&cp);
test_assert(rp1);
@@ -586,13 +587,14 @@ test_dir_format()
test_assert(crypto_pk_cmp_keys(rp1->identity_pkey, pk2) == 0);
test_assert(rp1->exit_policy == NULL);
-#if 0
+#if 0
+ /* XXX Once we have exit policies, test this again. XXX */
strcpy(buf2, "router tor.tor.tor 9005 0 0 3000\n");
strcat(buf2, pk2_str);
strcat(buf2, "signing-key\n");
strcat(buf2, pk1_str);
strcat(buf2, "accept *:80\nreject 18.*:24\n\n");
- test_assert(dump_router_to_string(buf, 2048, &r2, pk2)>0);
+ test_assert(router_dump_router_to_string(buf, 2048, &r2, pk2)>0);
test_streq(buf, buf2);
cp = buf;
@@ -616,6 +618,10 @@ test_dir_format()
test_assert(rp2->exit_policy->next->next == NULL);
#endif
+#if 0
+ /* XXX To re-enable this test, we need to separate directory generation
+ * XXX from the directory backend again. Do this the next time we have
+ * XXX directory trouble. */
/* Okay, now for the directories. */
dir1 = (directory_t*) tor_malloc(sizeof(directory_t));
dir1->n_routers = 2;
@@ -627,7 +633,8 @@ test_dir_format()
test_assert(! router_get_dir_from_string_impl(buf, &dir2, pk1));
test_eq(2, dir2->n_routers);
-
+#endif
+
if (pk1_str) free(pk1_str);
if (pk2_str) free(pk2_str);
if (pk1) crypto_free_pk_env(pk1);