diff options
| -rw-r--r-- | src/config/moria1-orrc | 2 | ||||
| -rw-r--r-- | src/config/moria2-orrc | 2 | ||||
| -rw-r--r-- | src/config/moria3-orrc | 2 | ||||
| -rw-r--r-- | src/or/config.c | 3 | ||||
| -rw-r--r-- | src/or/connection.c | 24 | ||||
| -rw-r--r-- | src/or/connection_ap.c | 4 | ||||
| -rw-r--r-- | src/or/connection_op.c | 6 | ||||
| -rw-r--r-- | src/or/connection_or.c | 22 | ||||
| -rw-r--r-- | src/or/directory.c | 15 | ||||
| -rw-r--r-- | src/or/main.c | 15 | ||||
| -rw-r--r-- | src/or/onion.c | 2 | ||||
| -rw-r--r-- | src/or/or.h | 22 | ||||
| -rw-r--r-- | src/or/routers.c | 4 |
13 files changed, 70 insertions, 53 deletions
diff --git a/src/config/moria1-orrc b/src/config/moria1-orrc index 0750f1a54..e4a02f55b 100644 --- a/src/config/moria1-orrc +++ b/src/config/moria1-orrc @@ -3,6 +3,8 @@ # List of routers RouterFile ../config/routers.or +Role 63 + # Private key PrivateKeyFile moria1-private diff --git a/src/config/moria2-orrc b/src/config/moria2-orrc index 91199e250..d784a12ec 100644 --- a/src/config/moria2-orrc +++ b/src/config/moria2-orrc @@ -3,6 +3,8 @@ # List of routers RouterFile ../config/routers.or +Role 63 + # Private key PrivateKeyFile moria2-private diff --git a/src/config/moria3-orrc b/src/config/moria3-orrc index 9b94c5c48..f32aa2557 100644 --- a/src/config/moria3-orrc +++ b/src/config/moria3-orrc @@ -3,6 +3,8 @@ # List of routers RouterFile ../config/routers.or +Role 63 + # Private key PrivateKeyFile moria3-private diff --git a/src/or/config.c b/src/or/config.c index 3f6dcd26a..8bcb5bea1 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -123,8 +123,7 @@ RETURN VALUE: 0 on success, non-zero on error options->DirRebuildPeriod = 600; options->DirFetchPeriod = 6000; // options->ReconnectPeriod = 6001; - options->Role = ROLE_OR_LISTEN | ROLE_OR_CONNECT_ALL | ROLE_OP_LISTEN | ROLE_AP_LISTEN | - ROLE_DIR_LISTEN | ROLE_DIR_SERVER; + options->Role = ROLE_OR_LISTEN | ROLE_OR_CONNECT_ALL | ROLE_OP_LISTEN | ROLE_AP_LISTEN; code = poptGetNextOpt(optCon); /* first we handle command-line args */ if ( code == -1 ) diff --git a/src/or/connection.c b/src/or/connection.c index 840301149..f4c3cb968 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -135,8 +135,6 @@ void connection_free(connection_t *conn) { if (conn->pkey) crypto_free_pk_env(conn->pkey); - if (conn->prkey) - crypto_free_pk_env(conn->prkey); if(conn->s > 0) { log(LOG_INFO,"connection_free(): closing fd %d.",conn->s); @@ -145,7 +143,7 @@ void connection_free(connection_t *conn) { free(conn); } -int connection_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local, int type) { +int connection_create_listener(struct sockaddr_in *local, int type) { connection_t *conn; int s; int one=1; @@ -188,8 +186,6 @@ int connection_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local /* remember things so you can tell the baby sockets */ memcpy(&conn->local,local,sizeof(struct sockaddr_in)); - if(prkey) - conn->prkey = crypto_pk_dup_key(prkey); log(LOG_DEBUG,"connection_create_listener(): Listening on local port %u.",ntohs(local->sin_port)); @@ -228,8 +224,6 @@ int connection_handle_listener_read(connection_t *conn, int new_type, int new_st /* learn things from parent, so we can perform auth */ memcpy(&newconn->local,&conn->local,sizeof(struct sockaddr_in)); - if(conn->prkey) - newconn->prkey = crypto_pk_dup_key(conn->prkey); newconn->address = strdup(inet_ntoa(remote.sin_addr)); /* remember the remote address */ if(connection_add(newconn) < 0) { /* no space, forget it */ @@ -244,8 +238,8 @@ int connection_handle_listener_read(connection_t *conn, int new_type, int new_st return 0; } -/* private function, to create the 'local' variable used below */ -static int learn_local(struct sockaddr_in *local) { +/* create the 'local' variable used below */ +int learn_local(struct sockaddr_in *local) { /* local host information */ char localhostname[512]; struct hostent *localhost; @@ -269,7 +263,7 @@ static int learn_local(struct sockaddr_in *local) { return 0; } -int retry_all_connections(int role, crypto_pk_env_t *prkey, uint16_t or_listenport, +int retry_all_connections(int role, uint16_t or_listenport, uint16_t op_listenport, uint16_t ap_listenport, uint16_t dir_listenport) { /* start all connections that should be up but aren't */ @@ -282,33 +276,33 @@ int retry_all_connections(int role, crypto_pk_env_t *prkey, uint16_t or_listenpo local.sin_port = htons(or_listenport); if(role & ROLE_OR_CONNECT_ALL) { - router_retry_connections(prkey, &local); + router_retry_connections(&local); } if(role & ROLE_OR_LISTEN) { if(!connection_get_by_type(CONN_TYPE_OR_LISTENER)) { - connection_or_create_listener(prkey, &local); + connection_or_create_listener(&local); } } if(role & ROLE_OP_LISTEN) { local.sin_port = htons(op_listenport); if(!connection_get_by_type(CONN_TYPE_OP_LISTENER)) { - connection_op_create_listener(prkey, &local); + connection_op_create_listener(&local); } } if(role & ROLE_AP_LISTEN) { local.sin_port = htons(ap_listenport); if(!connection_get_by_type(CONN_TYPE_AP_LISTENER)) { - connection_ap_create_listener(NULL, &local); /* no need to tell it the private key. */ + connection_ap_create_listener(&local); } } if(role & ROLE_DIR_LISTEN) { local.sin_port = htons(dir_listenport); if(!connection_get_by_type(CONN_TYPE_DIR_LISTENER)) { - connection_dir_create_listener(NULL, &local); /* no need to tell it the private key. */ + connection_dir_create_listener(&local); } } diff --git a/src/or/connection_ap.c b/src/or/connection_ap.c index a4f20a564..3751beae4 100644 --- a/src/or/connection_ap.c +++ b/src/or/connection_ap.c @@ -393,9 +393,9 @@ int connection_ap_finished_flushing(connection_t *conn) { } -int connection_ap_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) { +int connection_ap_create_listener(struct sockaddr_in *local) { log(LOG_DEBUG,"connection_create_ap_listener starting"); - return connection_create_listener(prkey, local, CONN_TYPE_AP_LISTENER); + return connection_create_listener(local, CONN_TYPE_AP_LISTENER); } int connection_ap_handle_listener_read(connection_t *conn) { diff --git a/src/or/connection_op.c b/src/or/connection_op.c index 89204412e..4f705f59c 100644 --- a/src/or/connection_op.c +++ b/src/or/connection_op.c @@ -51,7 +51,7 @@ int op_handshake_process_keys(connection_t *conn) { log(LOG_DEBUG,"op_handshake_process_keys() : Received auth."); /* decrypt response */ - retval = crypto_pk_private_decrypt(conn->prkey, auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING); + retval = crypto_pk_private_decrypt(getprivatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING); if (retval == -1) { log(LOG_ERR,"Decrypting keys from new OP failed."); @@ -110,9 +110,9 @@ int connection_op_finished_flushing(connection_t *conn) { } -int connection_op_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) { +int connection_op_create_listener(struct sockaddr_in *local) { log(LOG_DEBUG,"connection_create_op_listener starting"); - return connection_create_listener(prkey, local, CONN_TYPE_OP_LISTENER); + return connection_create_listener(local, CONN_TYPE_OP_LISTENER); } int connection_op_handle_listener_read(connection_t *conn) { diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 08423f13e..7c8b5304a 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -142,7 +142,7 @@ void conn_or_init_crypto(connection_t *conn) { * *result to 1 if connect() returned before completing, or to 2 * if it completed, and returns the new conn. */ -connection_t *connection_or_connect(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local, +connection_t *connection_or_connect(routerinfo_t *router, struct sockaddr_in *local, uint16_t port, int *result) { connection_t *conn; struct sockaddr_in router_addr; @@ -154,8 +154,6 @@ connection_t *connection_or_connect(routerinfo_t *router, crypto_pk_env_t *prkey /* set up conn so it's got all the data we need to remember */ conn->addr = router->addr, conn->port = router->or_port; /* NOTE we store or_port here always */ - if(prkey) - conn->prkey = crypto_pk_dup_key(prkey); conn->bandwidth = router->bandwidth; conn->pkey = crypto_pk_dup_key(router->pkey); conn->address = strdup(router->address); @@ -237,7 +235,7 @@ connection_t *connection_or_connect_as_op(routerinfo_t *router, struct sockaddr_ if(conn) return conn; - conn = connection_or_connect(router, NULL, local, router->op_port, &result); + conn = connection_or_connect(router, local, router->op_port, &result); if(!conn) return NULL; @@ -342,11 +340,11 @@ int or_handshake_op_finished_sending_keys(connection_t *conn) { * */ -connection_t *connection_or_connect_as_or(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local) { +connection_t *connection_or_connect_as_or(routerinfo_t *router, struct sockaddr_in *local) { connection_t *conn; int result=0; /* so connection_or_connect() can tell us what happened */ - assert(router && prkey && local); + assert(router && local); if(router->addr == local->sin_addr.s_addr && router->or_port == ntohs(local->sin_port)) { /* this is me! don't connect to me. */ @@ -354,7 +352,7 @@ connection_t *connection_or_connect_as_or(routerinfo_t *router, crypto_pk_env_t return NULL; } - conn = connection_or_connect(router, prkey, local, router->or_port, &result); + conn = connection_or_connect(router, local, router->or_port, &result); if(!conn) return NULL; @@ -454,7 +452,7 @@ int or_handshake_client_process_auth(connection_t *conn) { log(LOG_DEBUG,"or_handshake_client_process_auth() : Received auth."); /* decrypt response */ - retval = crypto_pk_private_decrypt(conn->prkey, cipher, 128, buf, RSA_PKCS1_PADDING); + retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING); if (retval == -1) { log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.", @@ -562,7 +560,7 @@ int or_handshake_server_process_auth(connection_t *conn) { log(LOG_DEBUG,"or_handshake_server_process_auth() : Received auth."); /* decrypt response */ - retval = crypto_pk_private_decrypt(conn->prkey, cipher, 128, buf, RSA_PKCS1_PADDING); + retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING); if (retval == -1) { log(LOG_ERR,"Public-key decryption failed processing auth message from new client."); @@ -678,7 +676,7 @@ int or_handshake_server_process_nonce(connection_t *conn) { log(LOG_DEBUG,"or_handshake_server_process_nonce() : Received auth."); /* decrypt response */ - retval = crypto_pk_private_decrypt(conn->prkey, cipher, 128, buf,RSA_PKCS1_PADDING); + retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf,RSA_PKCS1_PADDING); if (retval == -1) { log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.", @@ -719,9 +717,9 @@ int or_handshake_server_process_nonce(connection_t *conn) { /* ********************************** */ -int connection_or_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) { +int connection_or_create_listener(struct sockaddr_in *local) { log(LOG_DEBUG,"connection_create_or_listener starting"); - return connection_create_listener(prkey, local, CONN_TYPE_OR_LISTENER); + return connection_create_listener(local, CONN_TYPE_OR_LISTENER); } int connection_or_handle_listener_read(connection_t *conn) { diff --git a/src/or/directory.c b/src/or/directory.c index 356d4ffd0..861d3163c 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -122,8 +122,8 @@ int connection_dir_process_inbuf(connection_t *conn) { return -1; } /* eof reached, kill it, but first process the_directory and learn about new routers. */ - log(LOG_DEBUG,"connection_dir_process_inbuf(): conn reached eof. Processing directory."); - log(LOG_DEBUG,"connection_dir_process_inbuf(): Received directory (size %d) '%s'", directorylen, the_directory); +// log(LOG_DEBUG,"connection_dir_process_inbuf(): conn reached eof. Processing directory."); + log(LOG_DEBUG,"connection_dir_process_inbuf(): Received directory (size %d)\n%s", directorylen, the_directory); if(directorylen == 0) { log(LOG_DEBUG,"connection_dir_process_inbuf(): Empty directory. Ignoring."); return -1; @@ -131,6 +131,13 @@ int connection_dir_process_inbuf(connection_t *conn) { if(router_get_list_from_string(the_directory, options.ORPort) < 0) { log(LOG_DEBUG,"connection_dir_process_inbuf(): ...but parsing failed. Ignoring."); } + if(options.Role & ROLE_OR_CONNECT_ALL) { /* connect to them all */ + struct sockaddr_in local; /* local address */ + if(learn_local(&local) < 0) + return -1; + local.sin_port = htons(options.ORPort); + router_retry_connections(&local); + } return -1; } @@ -240,9 +247,9 @@ int connection_dir_finished_flushing(connection_t *conn) { return 0; } -int connection_dir_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) { +int connection_dir_create_listener(struct sockaddr_in *local) { log(LOG_DEBUG,"connection_create_dir_listener starting"); - return connection_create_listener(prkey, local, CONN_TYPE_DIR_LISTENER); + return connection_create_listener(local, CONN_TYPE_DIR_LISTENER); } int connection_dir_handle_listener_read(connection_t *conn) { diff --git a/src/or/main.c b/src/or/main.c index 83d22c360..47301cac0 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -19,12 +19,21 @@ static int nfds=0; /* number of connections currently active */ static int please_dumpstats=0; /* whether we should dump stats during the loop */ /* private key */ -static crypto_pk_env_t *prkey; +static crypto_pk_env_t *privatekey; routerinfo_t *my_routerinfo=NULL; /********* END VARIABLES ************/ +void setprivatekey(crypto_pk_env_t *k) { + privatekey = k; +} + +crypto_pk_env_t *getprivatekey(void) { + assert(privatekey); + return privatekey; +} + /**************************************************************************** * * This section contains accessors and other methods on the connection_array @@ -398,6 +407,7 @@ int do_main_loop(void) { int i; int timeout; int poll_result; + crypto_pk_env_t *prkey; /* load the routers file */ if(router_get_list_from_file(options.RouterFile, options.ORPort) < 0) { @@ -417,11 +427,12 @@ int do_main_loop(void) { log(LOG_ERR,"Error loading private key."); return -1; } + setprivatekey(prkey); } /* start-up the necessary connections based on global_role. This is where we * try to connect to all the other ORs, and start the listeners */ - retry_all_connections(options.Role, prkey, options.ORPort, + retry_all_connections(options.Role, options.ORPort, options.OPPort, options.APPort, options.DirPort); for(;;) { diff --git a/src/or/onion.c b/src/or/onion.c index f1b635759..0c680f35f 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -30,7 +30,7 @@ int decide_aci_type(uint32_t local_addr, uint16_t local_port, int process_onion(circuit_t *circ, connection_t *conn) { aci_t aci_type; - if(!decrypt_onion((onion_layer_t *)circ->onion,circ->onionlen,conn->prkey)) { + if(!decrypt_onion((onion_layer_t *)circ->onion,circ->onionlen,getprivatekey())) { log(LOG_DEBUG,"command_process_create_cell(): decrypt_onion() failed, closing circuit."); return -1; } diff --git a/src/or/or.h b/src/or/or.h index b06b0acec..eb6c1e4d8 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -230,7 +230,6 @@ typedef struct /* used by OR, to keep state while connect()ing: Kludge. */ - crypto_pk_env_t *prkey; struct sockaddr_in local; #if 0 /* obsolete, we now use conn->bandwidth */ @@ -449,12 +448,13 @@ connection_t *connection_new(int type); void connection_free(connection_t *conn); -int connection_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local, int type); +int connection_create_listener(struct sockaddr_in *local, int type); int connection_handle_listener_read(connection_t *conn, int new_type, int new_state); /* start all connections that should be up but aren't */ -int retry_all_connections(int role, crypto_pk_env_t *prkey, uint16_t or_listenport, +int learn_local(struct sockaddr_in *local); +int retry_all_connections(int role, uint16_t or_listenport, uint16_t op_listenport, uint16_t ap_listenport, uint16_t dir_listenport); connection_t *connection_connect_to_router_as_op(routerinfo_t *router, uint16_t local_or_port); @@ -512,7 +512,7 @@ int connection_ap_process_data_cell(cell_t *cell, connection_t *conn); int connection_ap_finished_flushing(connection_t *conn); -int connection_ap_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local); +int connection_ap_create_listener(struct sockaddr_in *local); int connection_ap_handle_listener_read(connection_t *conn); @@ -534,7 +534,7 @@ int connection_op_process_inbuf(connection_t *conn); int connection_op_finished_flushing(connection_t *conn); -int connection_op_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local); +int connection_op_create_listener(struct sockaddr_in *local); int connection_op_handle_listener_read(connection_t *conn); @@ -554,11 +554,11 @@ int or_handshake_client_send_auth(connection_t *conn); int or_handshake_server_process_auth(connection_t *conn); int or_handshake_server_process_nonce(connection_t *conn); -connection_t *connect_to_router_as_or(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local); -connection_t *connection_or_connect_as_or(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local); +connection_t *connect_to_router_as_or(routerinfo_t *router, struct sockaddr_in *local); +connection_t *connection_or_connect_as_or(routerinfo_t *router, struct sockaddr_in *local); connection_t *connection_or_connect_as_op(routerinfo_t *router, struct sockaddr_in *local); -int connection_or_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local); +int connection_or_create_listener(struct sockaddr_in *local); int connection_or_handle_listener_read(connection_t *conn); /********************************* directory.c ***************************/ @@ -570,11 +570,13 @@ int connection_dir_process_inbuf(connection_t *conn); int directory_handle_command(connection_t *conn); int directory_handle_reading(connection_t *conn); int connection_dir_finished_flushing(connection_t *conn); -int connection_dir_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local); +int connection_dir_create_listener(struct sockaddr_in *local); int connection_dir_handle_listener_read(connection_t *conn); /********************************* main.c ***************************/ +void setprivatekey(crypto_pk_env_t *k); +crypto_pk_env_t *getprivatekey(void); int connection_add(connection_t *conn); int connection_remove(connection_t *conn); void connection_set_poll_socket(connection_t *conn); @@ -647,7 +649,7 @@ tracked_onion_t *id_tracked_onion(unsigned char *onion, uint32_t onionlen, track /********************************* routers.c ***************************/ -void router_retry_connections(crypto_pk_env_t *prkey, struct sockaddr_in *local); +void router_retry_connections(struct sockaddr_in *local); routerinfo_t *router_pick_directory_server(void); routerinfo_t *router_get_by_addr_port(uint32_t addr, uint16_t port); unsigned int *router_new_route(int *routelen); diff --git a/src/or/routers.c b/src/or/routers.c index dd0ddf2f2..f40a5d889 100644 --- a/src/or/routers.c +++ b/src/or/routers.c @@ -35,7 +35,7 @@ static routerinfo_t *router_get_entry_from_string(char **s); /****************************************************************************/ -void router_retry_connections(crypto_pk_env_t *prkey, struct sockaddr_in *local) { +void router_retry_connections(struct sockaddr_in *local) { int i; routerinfo_t *router; @@ -43,7 +43,7 @@ void router_retry_connections(crypto_pk_env_t *prkey, struct sockaddr_in *local) router = router_array[i]; if(!connection_exact_get_by_addr_port(router->addr,router->or_port)) { /* not in the list */ log(LOG_DEBUG,"retry_all_connections(): connecting to OR %s:%u.",router->address,router->or_port); - connection_or_connect_as_or(router, prkey, local); + connection_or_connect_as_or(router, local); } } } |