diff options
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/circuitlist.c | 4 | ||||
| -rw-r--r-- | src/or/circuitlist.h | 2 | ||||
| -rw-r--r-- | src/or/circuituse.c | 2 | ||||
| -rw-r--r-- | src/or/config.c | 4 | ||||
| -rw-r--r-- | src/or/config.h | 4 | ||||
| -rw-r--r-- | src/or/hibernate.c | 12 | ||||
| -rw-r--r-- | src/or/hibernate.h | 8 | ||||
| -rw-r--r-- | src/or/main.c | 12 | ||||
| -rw-r--r-- | src/or/main.h | 7 | ||||
| -rw-r--r-- | src/or/networkstatus.c | 11 | ||||
| -rw-r--r-- | src/or/nodelist.c | 4 | ||||
| -rw-r--r-- | src/or/nodelist.h | 2 | ||||
| -rw-r--r-- | src/or/rephist.c | 4 | ||||
| -rwxr-xr-x | src/or/router.c | 12 | ||||
| -rw-r--r-- | src/or/router.h | 6 | ||||
| -rw-r--r-- | src/or/routerlist.c | 36 | ||||
| -rw-r--r-- | src/or/routerlist.h | 1 | ||||
| -rw-r--r-- | src/or/routerparse.c | 8 | ||||
| -rw-r--r-- | src/or/status.c | 8 | ||||
| -rw-r--r-- | src/or/status.h | 8 |
20 files changed, 112 insertions, 43 deletions
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 87270037c..b71dc3c13 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -438,8 +438,8 @@ circuit_close_all_marked(void) } /** Return the head of the global linked list of circuits. */ -struct global_circuitlist_s * -circuit_get_global_list(void) +MOCK_IMPL(struct global_circuitlist_s *, +circuit_get_global_list,(void)) { return &global_circuitlist; } diff --git a/src/or/circuitlist.h b/src/or/circuitlist.h index 2bbd20b83..916afba21 100644 --- a/src/or/circuitlist.h +++ b/src/or/circuitlist.h @@ -16,7 +16,7 @@ TOR_LIST_HEAD(global_circuitlist_s, circuit_t); -struct global_circuitlist_s* circuit_get_global_list(void); +MOCK_DECL(struct global_circuitlist_s*, circuit_get_global_list, (void)); const char *circuit_state_to_string(int state); const char *circuit_purpose_to_controller_string(uint8_t purpose); const char *circuit_purpose_to_controller_hs_state_string(uint8_t purpose); diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 8b82de0f9..75a10ba0c 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1515,7 +1515,7 @@ circuit_launch_by_extend_info(uint8_t purpose, circ = circuit_find_to_cannibalize(purpose, extend_info, flags); if (circ) { uint8_t old_purpose = circ->base_.purpose; - struct timeval old_timestamp_began; + struct timeval old_timestamp_began = circ->base_.timestamp_began; log_info(LD_CIRC,"Cannibalizing circ '%s' for purpose %d (%s)", build_state_get_exit_nickname(circ->build_state), purpose, diff --git a/src/or/config.c b/src/or/config.c index dbf643c53..ca99d014f 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -620,8 +620,8 @@ get_options_mutable(void) } /** Returns the currently configured options */ -const or_options_t * -get_options(void) +MOCK_IMPL(const or_options_t *, +get_options,(void)) { return get_options_mutable(); } diff --git a/src/or/config.h b/src/or/config.h index 8ee2a4572..bf386134b 100644 --- a/src/or/config.h +++ b/src/or/config.h @@ -12,8 +12,10 @@ #ifndef TOR_CONFIG_H #define TOR_CONFIG_H +#include "testsupport.h" + const char *get_dirportfrontpage(void); -const or_options_t *get_options(void); +MOCK_DECL(const or_options_t *,get_options,(void)); or_options_t *get_options_mutable(void); int set_options(or_options_t *new_val, char **msg); void config_free_all(void); diff --git a/src/or/hibernate.c b/src/or/hibernate.c index bbda8424f..c433ac1be 100644 --- a/src/or/hibernate.c +++ b/src/or/hibernate.c @@ -239,8 +239,8 @@ accounting_parse_options(const or_options_t *options, int validate_only) /** If we want to manage the accounting system and potentially * hibernate, return 1, else return 0. */ -int -accounting_is_enabled(const or_options_t *options) +MOCK_IMPL(int, +accounting_is_enabled,(const or_options_t *options)) { if (options->AccountingMax) return 1; @@ -256,8 +256,8 @@ accounting_get_interval_length(void) } /** Return the time at which the current accounting interval will end. */ -time_t -accounting_get_end_time(void) +MOCK_IMPL(time_t, +accounting_get_end_time,(void)) { return interval_end_time; } @@ -823,8 +823,8 @@ hibernate_begin_shutdown(void) } /** Return true iff we are currently hibernating. */ -int -we_are_hibernating(void) +MOCK_IMPL(int, +we_are_hibernating,(void)) { return hibernate_state != HIBERNATE_STATE_LIVE; } diff --git a/src/or/hibernate.h b/src/or/hibernate.h index 4f7331ce8..38ecb7512 100644 --- a/src/or/hibernate.h +++ b/src/or/hibernate.h @@ -12,16 +12,18 @@ #ifndef TOR_HIBERNATE_H #define TOR_HIBERNATE_H +#include "testsupport.h" + int accounting_parse_options(const or_options_t *options, int validate_only); -int accounting_is_enabled(const or_options_t *options); +MOCK_DECL(int, accounting_is_enabled, (const or_options_t *options)); int accounting_get_interval_length(void); -time_t accounting_get_end_time(void); +MOCK_DECL(time_t, accounting_get_end_time, (void)); void configure_accounting(time_t now); void accounting_run_housekeeping(time_t now); void accounting_add_bytes(size_t n_read, size_t n_written, int seconds); int accounting_record_bandwidth_usage(time_t now, or_state_t *state); void hibernate_begin_shutdown(void); -int we_are_hibernating(void); +MOCK_DECL(int, we_are_hibernating, (void)); void consider_hibernation(time_t now); int getinfo_helper_accounting(control_connection_t *conn, const char *question, char **answer, diff --git a/src/or/main.c b/src/or/main.c index c6619fe7a..0264064ed 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -469,15 +469,15 @@ get_connection_array(void) /** Provides the traffic read and written over the life of the process. */ -uint64_t -get_bytes_read(void) +MOCK_IMPL(uint64_t, +get_bytes_read,(void)) { return stats_n_bytes_read; } /* DOCDOC get_bytes_written */ -uint64_t -get_bytes_written(void) +MOCK_IMPL(uint64_t, +get_bytes_written,(void)) { return stats_n_bytes_written; } @@ -2121,8 +2121,8 @@ process_signal(uintptr_t sig) } /** Returns Tor's uptime. */ -long -get_uptime(void) +MOCK_IMPL(long, +get_uptime,(void)) { return stats_n_seconds_working; } diff --git a/src/or/main.h b/src/or/main.h index a2f03d954..a3bce3486 100644 --- a/src/or/main.h +++ b/src/or/main.h @@ -24,8 +24,8 @@ void add_connection_to_closeable_list(connection_t *conn); int connection_is_on_closeable_list(connection_t *conn); smartlist_t *get_connection_array(void); -uint64_t get_bytes_read(void); -uint64_t get_bytes_written(void); +MOCK_DECL(uint64_t,get_bytes_read,(void)); +MOCK_DECL(uint64_t,get_bytes_written,(void)); /** Bitmask for events that we can turn on and off with * connection_watch_events. */ @@ -52,7 +52,8 @@ void ip_address_changed(int at_interface); void dns_servers_relaunch_checks(void); void reschedule_descriptor_update_check(void); -long get_uptime(void); +MOCK_DECL(long,get_uptime,(void)); + unsigned get_signewnym_epoch(void); void handle_signals(int is_parent); diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 74c4ca45a..b8ac2e05f 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -322,6 +322,17 @@ networkstatus_check_document_signature(const networkstatus_t *consensus, DIGEST_LEN)) return -1; + if (authority_cert_is_blacklisted(cert)) { + /* We implement blacklisting for authority signing keys by treating + * all their signatures as always bad. That way we don't get into + * crazy loops of dropping and re-fetching signatures. */ + log_warn(LD_DIR, "Ignoring a consensus signature made with deprecated" + " signing key %s", + hex_str(cert->signing_key_digest, DIGEST_LEN)); + sig->bad_signature = 1; + return 0; + } + signed_digest_len = crypto_pk_keysize(cert->signing_key); signed_digest = tor_malloc(signed_digest_len); if (crypto_pk_public_checksig(cert->signing_key, diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 52c92661c..a38a6d499 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -85,8 +85,8 @@ node_get_mutable_by_id(const char *identity_digest) /** Return the node_t whose identity is <b>identity_digest</b>, or NULL * if no such node exists. */ -const node_t * -node_get_by_id(const char *identity_digest) +MOCK_IMPL(const node_t *, +node_get_by_id,(const char *identity_digest)) { return node_get_mutable_by_id(identity_digest); } diff --git a/src/or/nodelist.h b/src/or/nodelist.h index 95d0c2328..8e719e012 100644 --- a/src/or/nodelist.h +++ b/src/or/nodelist.h @@ -17,7 +17,7 @@ } STMT_END node_t *node_get_mutable_by_id(const char *identity_digest); -const node_t *node_get_by_id(const char *identity_digest); +MOCK_DECL(const node_t *, node_get_by_id, (const char *identity_digest)); const node_t *node_get_by_hex_id(const char *identity_digest); node_t *nodelist_set_routerinfo(routerinfo_t *ri, routerinfo_t **ri_old_out); node_t *nodelist_add_microdesc(microdesc_t *md); diff --git a/src/or/rephist.c b/src/or/rephist.c index 87f930a28..70be39e23 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -2995,8 +2995,8 @@ rep_hist_conn_stats_write(time_t now) * handshake we've received, and how many we've assigned to cpuworkers. * Useful for seeing trends in cpu load. * @{ */ -static int onion_handshakes_requested[MAX_ONION_HANDSHAKE_TYPE+1] = {0}; -static int onion_handshakes_assigned[MAX_ONION_HANDSHAKE_TYPE+1] = {0}; +STATIC int onion_handshakes_requested[MAX_ONION_HANDSHAKE_TYPE+1] = {0}; +STATIC int onion_handshakes_assigned[MAX_ONION_HANDSHAKE_TYPE+1] = {0}; /**@}*/ /** A new onionskin (using the <b>type</b> handshake) has arrived. */ diff --git a/src/or/router.c b/src/or/router.c index 389120be0..86cefc9a6 100755 --- a/src/or/router.c +++ b/src/or/router.c @@ -1348,8 +1348,8 @@ authdir_mode_bridge(const or_options_t *options) /** Return true iff we are trying to be a server. */ -int -server_mode(const or_options_t *options) +MOCK_IMPL(int, +server_mode,(const or_options_t *options)) { if (options->ClientOnly) return 0; /* XXXX024 I believe we can kill off ORListenAddress here.*/ @@ -1358,8 +1358,8 @@ server_mode(const or_options_t *options) /** Return true iff we are trying to be a non-bridge server. */ -int -public_server_mode(const or_options_t *options) +MOCK_IMPL(int, +public_server_mode,(const or_options_t *options)) { if (!server_mode(options)) return 0; return (!options->BridgeRelay); @@ -1689,8 +1689,8 @@ router_is_me(const routerinfo_t *router) /** Return a routerinfo for this OR, rebuilding a fresh one if * necessary. Return NULL on error, or if called on an OP. */ -const routerinfo_t * -router_get_my_routerinfo(void) +MOCK_IMPL(const routerinfo_t *, +router_get_my_routerinfo,(void)) { if (!server_mode(get_options())) return NULL; diff --git a/src/or/router.h b/src/or/router.h index 28e1ed6e6..d18ff065e 100644 --- a/src/or/router.h +++ b/src/or/router.h @@ -66,8 +66,8 @@ uint16_t router_get_advertised_or_port_by_af(const or_options_t *options, uint16_t router_get_advertised_dir_port(const or_options_t *options, uint16_t dirport); -int server_mode(const or_options_t *options); -int public_server_mode(const or_options_t *options); +MOCK_DECL(int, server_mode, (const or_options_t *options)); +MOCK_DECL(int, public_server_mode, (const or_options_t *options)); int advertised_server_mode(void); int proxy_mode(const or_options_t *options); void consider_publishable_server(int force); @@ -82,7 +82,7 @@ void router_new_address_suggestion(const char *suggestion, const dir_connection_t *d_conn); int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port); int router_my_exit_policy_is_reject_star(void); -const routerinfo_t *router_get_my_routerinfo(void); +MOCK_DECL(const routerinfo_t *, router_get_my_routerinfo, (void)); extrainfo_t *router_get_my_extrainfo(void); const char *router_get_my_descriptor(void); const char *router_get_descriptor_gen_reason(void); diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 0993e5674..f0197357e 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -98,7 +98,8 @@ static smartlist_t *trusted_dir_servers = NULL; * and all fallback directory servers. */ static smartlist_t *fallback_dir_servers = NULL; -/** List of [XXX what?] for a given authority, and download status for latest certificate. +/** List of certificates for a single authority, and download status for + * latest certificate. */ struct cert_list_t { /* @@ -621,6 +622,39 @@ authority_cert_dl_failed(const char *id_digest, } } +static const char *BAD_SIGNING_KEYS[] = { + "09CD84F751FD6E955E0F8ADB497D5401470D697E", // Expires 2015-01-11 16:26:31 +// dizum still needs to rotate as of 2014-04-14 +//"0E7E9C07F0969D0468AD741E172A6109DC289F3C", // Expires 2014-08-12 10:18:26 +// dannenberg still needs to rotate as of 2014-04-14 +//"57B85409891D3FB32137F642FDEDF8B7F8CDFDCD", // Expires 2015-02-11 17:19:09 + "87326329007AF781F587AF5B594E540B2B6C7630", // Expires 2014-07-17 11:10:09 + "98CC82342DE8D298CF99D3F1A396475901E0D38E", // Expires 2014-11-10 13:18:56 + "9904B52336713A5ADCB13E4FB14DC919E0D45571", // Expires 2014-04-20 20:01:01 + "9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227", // Expires 2015-01-16 03:52:30 + "A61682F34B9BB9694AC98491FE1ABBFE61923941", // Expires 2014-06-11 09:25:09 + "B59F6E99C575113650C99F1C425BA7B20A8C071D", // Expires 2014-07-31 13:22:10 + "D27178388FA75B96D37FA36E0B015227DDDBDA51", // Expires 2014-08-04 04:01:57 + NULL, +}; + +/** DOCDOC */ +int +authority_cert_is_blacklisted(const authority_cert_t *cert) +{ + char hex_digest[HEX_DIGEST_LEN+1]; + int i; + base16_encode(hex_digest, sizeof(hex_digest), + cert->signing_key_digest, sizeof(cert->signing_key_digest)); + + for (i = 0; BAD_SIGNING_KEYS[i]; ++i) { + if (!strcasecmp(hex_digest, BAD_SIGNING_KEYS[i])) { + return 1; + } + } + return 0; +} + /** Return true iff when we've been getting enough failures when trying to * download the certificate with ID digest <b>id_digest</b> that we're willing * to start bugging the user about it. */ diff --git a/src/or/routerlist.h b/src/or/routerlist.h index cfa868386..6e2f2eaea 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -43,6 +43,7 @@ int router_reload_router_list(void); int authority_cert_dl_looks_uncertain(const char *id_digest); const smartlist_t *router_get_trusted_dir_servers(void); const smartlist_t *router_get_fallback_dir_servers(void); +int authority_cert_is_blacklisted(const authority_cert_t *cert); const routerstatus_t *router_pick_directory_server(dirinfo_type_t type, int flags); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 7bf9a4d8e..14f800e7b 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -2687,6 +2687,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, log_warn(LD_DIR,"Mismatch between identities in certificate and vote"); goto err; } + if (ns->type != NS_TYPE_CONSENSUS) { + if (authority_cert_is_blacklisted(ns->cert)) { + log_warn(LD_DIR, "Rejecting vote signature made with blacklisted " + "signing key %s", + hex_str(ns->cert->signing_key_digest, DIGEST_LEN)); + goto err; + } + } voter->address = tor_strdup(tok->args[2]); if (!tor_inet_aton(tok->args[3], &in)) { log_warn(LD_DIR, "Error decoding IP address %s in network-status.", diff --git a/src/or/status.c b/src/or/status.c index e1820c888..7e2afbce8 100644 --- a/src/or/status.c +++ b/src/or/status.c @@ -6,6 +6,8 @@ * \brief Keep status information and log the heartbeat messages. **/ +#define STATUS_PRIVATE + #include "or.h" #include "config.h" #include "status.h" @@ -22,7 +24,7 @@ static void log_accounting(const time_t now, const or_options_t *options); /** Return the total number of circuits. */ -static int +STATIC int count_circuits(void) { circuit_t *circ; @@ -36,7 +38,7 @@ count_circuits(void) /** Take seconds <b>secs</b> and return a newly allocated human-readable * uptime string */ -static char * +STATIC char * secs_to_uptime(long secs) { long int days = secs / 86400; @@ -63,7 +65,7 @@ secs_to_uptime(long secs) /** Take <b>bytes</b> and returns a newly allocated human-readable usage * string. */ -static char * +STATIC char * bytes_to_usage(uint64_t bytes) { char *bw_string = NULL; diff --git a/src/or/status.h b/src/or/status.h index 7c3b969c8..13458ea47 100644 --- a/src/or/status.h +++ b/src/or/status.h @@ -4,7 +4,15 @@ #ifndef TOR_STATUS_H #define TOR_STATUS_H +#include "testsupport.h" + int log_heartbeat(time_t now); +#ifdef STATUS_PRIVATE +STATIC int count_circuits(void); +STATIC char *secs_to_uptime(long secs); +STATIC char *bytes_to_usage(uint64_t bytes); +#endif + #endif |