aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/config/moria1-orrc2
-rw-r--r--src/config/moria2-orrc2
-rw-r--r--src/config/moria3-orrc2
-rw-r--r--src/or/config.c3
-rw-r--r--src/or/connection.c24
-rw-r--r--src/or/connection_ap.c4
-rw-r--r--src/or/connection_op.c6
-rw-r--r--src/or/connection_or.c22
-rw-r--r--src/or/directory.c15
-rw-r--r--src/or/main.c15
-rw-r--r--src/or/onion.c2
-rw-r--r--src/or/or.h22
-rw-r--r--src/or/routers.c4
13 files changed, 70 insertions, 53 deletions
diff --git a/src/config/moria1-orrc b/src/config/moria1-orrc
index 0750f1a54..e4a02f55b 100644
--- a/src/config/moria1-orrc
+++ b/src/config/moria1-orrc
@@ -3,6 +3,8 @@
# List of routers
RouterFile ../config/routers.or
+Role 63
+
# Private key
PrivateKeyFile moria1-private
diff --git a/src/config/moria2-orrc b/src/config/moria2-orrc
index 91199e250..d784a12ec 100644
--- a/src/config/moria2-orrc
+++ b/src/config/moria2-orrc
@@ -3,6 +3,8 @@
# List of routers
RouterFile ../config/routers.or
+Role 63
+
# Private key
PrivateKeyFile moria2-private
diff --git a/src/config/moria3-orrc b/src/config/moria3-orrc
index 9b94c5c48..f32aa2557 100644
--- a/src/config/moria3-orrc
+++ b/src/config/moria3-orrc
@@ -3,6 +3,8 @@
# List of routers
RouterFile ../config/routers.or
+Role 63
+
# Private key
PrivateKeyFile moria3-private
diff --git a/src/or/config.c b/src/or/config.c
index 3f6dcd26a..8bcb5bea1 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -123,8 +123,7 @@ RETURN VALUE: 0 on success, non-zero on error
options->DirRebuildPeriod = 600;
options->DirFetchPeriod = 6000;
// options->ReconnectPeriod = 6001;
- options->Role = ROLE_OR_LISTEN | ROLE_OR_CONNECT_ALL | ROLE_OP_LISTEN | ROLE_AP_LISTEN |
- ROLE_DIR_LISTEN | ROLE_DIR_SERVER;
+ options->Role = ROLE_OR_LISTEN | ROLE_OR_CONNECT_ALL | ROLE_OP_LISTEN | ROLE_AP_LISTEN;
code = poptGetNextOpt(optCon); /* first we handle command-line args */
if ( code == -1 )
diff --git a/src/or/connection.c b/src/or/connection.c
index 840301149..f4c3cb968 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -135,8 +135,6 @@ void connection_free(connection_t *conn) {
if (conn->pkey)
crypto_free_pk_env(conn->pkey);
- if (conn->prkey)
- crypto_free_pk_env(conn->prkey);
if(conn->s > 0) {
log(LOG_INFO,"connection_free(): closing fd %d.",conn->s);
@@ -145,7 +143,7 @@ void connection_free(connection_t *conn) {
free(conn);
}
-int connection_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local, int type) {
+int connection_create_listener(struct sockaddr_in *local, int type) {
connection_t *conn;
int s;
int one=1;
@@ -188,8 +186,6 @@ int connection_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local
/* remember things so you can tell the baby sockets */
memcpy(&conn->local,local,sizeof(struct sockaddr_in));
- if(prkey)
- conn->prkey = crypto_pk_dup_key(prkey);
log(LOG_DEBUG,"connection_create_listener(): Listening on local port %u.",ntohs(local->sin_port));
@@ -228,8 +224,6 @@ int connection_handle_listener_read(connection_t *conn, int new_type, int new_st
/* learn things from parent, so we can perform auth */
memcpy(&newconn->local,&conn->local,sizeof(struct sockaddr_in));
- if(conn->prkey)
- newconn->prkey = crypto_pk_dup_key(conn->prkey);
newconn->address = strdup(inet_ntoa(remote.sin_addr)); /* remember the remote address */
if(connection_add(newconn) < 0) { /* no space, forget it */
@@ -244,8 +238,8 @@ int connection_handle_listener_read(connection_t *conn, int new_type, int new_st
return 0;
}
-/* private function, to create the 'local' variable used below */
-static int learn_local(struct sockaddr_in *local) {
+/* create the 'local' variable used below */
+int learn_local(struct sockaddr_in *local) {
/* local host information */
char localhostname[512];
struct hostent *localhost;
@@ -269,7 +263,7 @@ static int learn_local(struct sockaddr_in *local) {
return 0;
}
-int retry_all_connections(int role, crypto_pk_env_t *prkey, uint16_t or_listenport,
+int retry_all_connections(int role, uint16_t or_listenport,
uint16_t op_listenport, uint16_t ap_listenport, uint16_t dir_listenport) {
/* start all connections that should be up but aren't */
@@ -282,33 +276,33 @@ int retry_all_connections(int role, crypto_pk_env_t *prkey, uint16_t or_listenpo
local.sin_port = htons(or_listenport);
if(role & ROLE_OR_CONNECT_ALL) {
- router_retry_connections(prkey, &local);
+ router_retry_connections(&local);
}
if(role & ROLE_OR_LISTEN) {
if(!connection_get_by_type(CONN_TYPE_OR_LISTENER)) {
- connection_or_create_listener(prkey, &local);
+ connection_or_create_listener(&local);
}
}
if(role & ROLE_OP_LISTEN) {
local.sin_port = htons(op_listenport);
if(!connection_get_by_type(CONN_TYPE_OP_LISTENER)) {
- connection_op_create_listener(prkey, &local);
+ connection_op_create_listener(&local);
}
}
if(role & ROLE_AP_LISTEN) {
local.sin_port = htons(ap_listenport);
if(!connection_get_by_type(CONN_TYPE_AP_LISTENER)) {
- connection_ap_create_listener(NULL, &local); /* no need to tell it the private key. */
+ connection_ap_create_listener(&local);
}
}
if(role & ROLE_DIR_LISTEN) {
local.sin_port = htons(dir_listenport);
if(!connection_get_by_type(CONN_TYPE_DIR_LISTENER)) {
- connection_dir_create_listener(NULL, &local); /* no need to tell it the private key. */
+ connection_dir_create_listener(&local);
}
}
diff --git a/src/or/connection_ap.c b/src/or/connection_ap.c
index a4f20a564..3751beae4 100644
--- a/src/or/connection_ap.c
+++ b/src/or/connection_ap.c
@@ -393,9 +393,9 @@ int connection_ap_finished_flushing(connection_t *conn) {
}
-int connection_ap_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+int connection_ap_create_listener(struct sockaddr_in *local) {
log(LOG_DEBUG,"connection_create_ap_listener starting");
- return connection_create_listener(prkey, local, CONN_TYPE_AP_LISTENER);
+ return connection_create_listener(local, CONN_TYPE_AP_LISTENER);
}
int connection_ap_handle_listener_read(connection_t *conn) {
diff --git a/src/or/connection_op.c b/src/or/connection_op.c
index 89204412e..4f705f59c 100644
--- a/src/or/connection_op.c
+++ b/src/or/connection_op.c
@@ -51,7 +51,7 @@ int op_handshake_process_keys(connection_t *conn) {
log(LOG_DEBUG,"op_handshake_process_keys() : Received auth.");
/* decrypt response */
- retval = crypto_pk_private_decrypt(conn->prkey, auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
+ retval = crypto_pk_private_decrypt(getprivatekey(), auth_cipher, 128, auth_plain,RSA_PKCS1_PADDING);
if (retval == -1)
{
log(LOG_ERR,"Decrypting keys from new OP failed.");
@@ -110,9 +110,9 @@ int connection_op_finished_flushing(connection_t *conn) {
}
-int connection_op_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+int connection_op_create_listener(struct sockaddr_in *local) {
log(LOG_DEBUG,"connection_create_op_listener starting");
- return connection_create_listener(prkey, local, CONN_TYPE_OP_LISTENER);
+ return connection_create_listener(local, CONN_TYPE_OP_LISTENER);
}
int connection_op_handle_listener_read(connection_t *conn) {
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 08423f13e..7c8b5304a 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -142,7 +142,7 @@ void conn_or_init_crypto(connection_t *conn) {
* *result to 1 if connect() returned before completing, or to 2
* if it completed, and returns the new conn.
*/
-connection_t *connection_or_connect(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local,
+connection_t *connection_or_connect(routerinfo_t *router, struct sockaddr_in *local,
uint16_t port, int *result) {
connection_t *conn;
struct sockaddr_in router_addr;
@@ -154,8 +154,6 @@ connection_t *connection_or_connect(routerinfo_t *router, crypto_pk_env_t *prkey
/* set up conn so it's got all the data we need to remember */
conn->addr = router->addr, conn->port = router->or_port; /* NOTE we store or_port here always */
- if(prkey)
- conn->prkey = crypto_pk_dup_key(prkey);
conn->bandwidth = router->bandwidth;
conn->pkey = crypto_pk_dup_key(router->pkey);
conn->address = strdup(router->address);
@@ -237,7 +235,7 @@ connection_t *connection_or_connect_as_op(routerinfo_t *router, struct sockaddr_
if(conn)
return conn;
- conn = connection_or_connect(router, NULL, local, router->op_port, &result);
+ conn = connection_or_connect(router, local, router->op_port, &result);
if(!conn)
return NULL;
@@ -342,11 +340,11 @@ int or_handshake_op_finished_sending_keys(connection_t *conn) {
*
*/
-connection_t *connection_or_connect_as_or(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+connection_t *connection_or_connect_as_or(routerinfo_t *router, struct sockaddr_in *local) {
connection_t *conn;
int result=0; /* so connection_or_connect() can tell us what happened */
- assert(router && prkey && local);
+ assert(router && local);
if(router->addr == local->sin_addr.s_addr && router->or_port == ntohs(local->sin_port)) {
/* this is me! don't connect to me. */
@@ -354,7 +352,7 @@ connection_t *connection_or_connect_as_or(routerinfo_t *router, crypto_pk_env_t
return NULL;
}
- conn = connection_or_connect(router, prkey, local, router->or_port, &result);
+ conn = connection_or_connect(router, local, router->or_port, &result);
if(!conn)
return NULL;
@@ -454,7 +452,7 @@ int or_handshake_client_process_auth(connection_t *conn) {
log(LOG_DEBUG,"or_handshake_client_process_auth() : Received auth.");
/* decrypt response */
- retval = crypto_pk_private_decrypt(conn->prkey, cipher, 128, buf, RSA_PKCS1_PADDING);
+ retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
if (retval == -1)
{
log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
@@ -562,7 +560,7 @@ int or_handshake_server_process_auth(connection_t *conn) {
log(LOG_DEBUG,"or_handshake_server_process_auth() : Received auth.");
/* decrypt response */
- retval = crypto_pk_private_decrypt(conn->prkey, cipher, 128, buf, RSA_PKCS1_PADDING);
+ retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
if (retval == -1)
{
log(LOG_ERR,"Public-key decryption failed processing auth message from new client.");
@@ -678,7 +676,7 @@ int or_handshake_server_process_nonce(connection_t *conn) {
log(LOG_DEBUG,"or_handshake_server_process_nonce() : Received auth.");
/* decrypt response */
- retval = crypto_pk_private_decrypt(conn->prkey, cipher, 128, buf,RSA_PKCS1_PADDING);
+ retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf,RSA_PKCS1_PADDING);
if (retval == -1)
{
log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
@@ -719,9 +717,9 @@ int or_handshake_server_process_nonce(connection_t *conn) {
/* ********************************** */
-int connection_or_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+int connection_or_create_listener(struct sockaddr_in *local) {
log(LOG_DEBUG,"connection_create_or_listener starting");
- return connection_create_listener(prkey, local, CONN_TYPE_OR_LISTENER);
+ return connection_create_listener(local, CONN_TYPE_OR_LISTENER);
}
int connection_or_handle_listener_read(connection_t *conn) {
diff --git a/src/or/directory.c b/src/or/directory.c
index 356d4ffd0..861d3163c 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -122,8 +122,8 @@ int connection_dir_process_inbuf(connection_t *conn) {
return -1;
}
/* eof reached, kill it, but first process the_directory and learn about new routers. */
- log(LOG_DEBUG,"connection_dir_process_inbuf(): conn reached eof. Processing directory.");
- log(LOG_DEBUG,"connection_dir_process_inbuf(): Received directory (size %d) '%s'", directorylen, the_directory);
+// log(LOG_DEBUG,"connection_dir_process_inbuf(): conn reached eof. Processing directory.");
+ log(LOG_DEBUG,"connection_dir_process_inbuf(): Received directory (size %d)\n%s", directorylen, the_directory);
if(directorylen == 0) {
log(LOG_DEBUG,"connection_dir_process_inbuf(): Empty directory. Ignoring.");
return -1;
@@ -131,6 +131,13 @@ int connection_dir_process_inbuf(connection_t *conn) {
if(router_get_list_from_string(the_directory, options.ORPort) < 0) {
log(LOG_DEBUG,"connection_dir_process_inbuf(): ...but parsing failed. Ignoring.");
}
+ if(options.Role & ROLE_OR_CONNECT_ALL) { /* connect to them all */
+ struct sockaddr_in local; /* local address */
+ if(learn_local(&local) < 0)
+ return -1;
+ local.sin_port = htons(options.ORPort);
+ router_retry_connections(&local);
+ }
return -1;
}
@@ -240,9 +247,9 @@ int connection_dir_finished_flushing(connection_t *conn) {
return 0;
}
-int connection_dir_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+int connection_dir_create_listener(struct sockaddr_in *local) {
log(LOG_DEBUG,"connection_create_dir_listener starting");
- return connection_create_listener(prkey, local, CONN_TYPE_DIR_LISTENER);
+ return connection_create_listener(local, CONN_TYPE_DIR_LISTENER);
}
int connection_dir_handle_listener_read(connection_t *conn) {
diff --git a/src/or/main.c b/src/or/main.c
index 83d22c360..47301cac0 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -19,12 +19,21 @@ static int nfds=0; /* number of connections currently active */
static int please_dumpstats=0; /* whether we should dump stats during the loop */
/* private key */
-static crypto_pk_env_t *prkey;
+static crypto_pk_env_t *privatekey;
routerinfo_t *my_routerinfo=NULL;
/********* END VARIABLES ************/
+void setprivatekey(crypto_pk_env_t *k) {
+ privatekey = k;
+}
+
+crypto_pk_env_t *getprivatekey(void) {
+ assert(privatekey);
+ return privatekey;
+}
+
/****************************************************************************
*
* This section contains accessors and other methods on the connection_array
@@ -398,6 +407,7 @@ int do_main_loop(void) {
int i;
int timeout;
int poll_result;
+ crypto_pk_env_t *prkey;
/* load the routers file */
if(router_get_list_from_file(options.RouterFile, options.ORPort) < 0) {
@@ -417,11 +427,12 @@ int do_main_loop(void) {
log(LOG_ERR,"Error loading private key.");
return -1;
}
+ setprivatekey(prkey);
}
/* start-up the necessary connections based on global_role. This is where we
* try to connect to all the other ORs, and start the listeners */
- retry_all_connections(options.Role, prkey, options.ORPort,
+ retry_all_connections(options.Role, options.ORPort,
options.OPPort, options.APPort, options.DirPort);
for(;;) {
diff --git a/src/or/onion.c b/src/or/onion.c
index f1b635759..0c680f35f 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -30,7 +30,7 @@ int decide_aci_type(uint32_t local_addr, uint16_t local_port,
int process_onion(circuit_t *circ, connection_t *conn) {
aci_t aci_type;
- if(!decrypt_onion((onion_layer_t *)circ->onion,circ->onionlen,conn->prkey)) {
+ if(!decrypt_onion((onion_layer_t *)circ->onion,circ->onionlen,getprivatekey())) {
log(LOG_DEBUG,"command_process_create_cell(): decrypt_onion() failed, closing circuit.");
return -1;
}
diff --git a/src/or/or.h b/src/or/or.h
index b06b0acec..eb6c1e4d8 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -230,7 +230,6 @@ typedef struct
/* used by OR, to keep state while connect()ing: Kludge. */
- crypto_pk_env_t *prkey;
struct sockaddr_in local;
#if 0 /* obsolete, we now use conn->bandwidth */
@@ -449,12 +448,13 @@ connection_t *connection_new(int type);
void connection_free(connection_t *conn);
-int connection_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local, int type);
+int connection_create_listener(struct sockaddr_in *local, int type);
int connection_handle_listener_read(connection_t *conn, int new_type, int new_state);
/* start all connections that should be up but aren't */
-int retry_all_connections(int role, crypto_pk_env_t *prkey, uint16_t or_listenport,
+int learn_local(struct sockaddr_in *local);
+int retry_all_connections(int role, uint16_t or_listenport,
uint16_t op_listenport, uint16_t ap_listenport, uint16_t dir_listenport);
connection_t *connection_connect_to_router_as_op(routerinfo_t *router, uint16_t local_or_port);
@@ -512,7 +512,7 @@ int connection_ap_process_data_cell(cell_t *cell, connection_t *conn);
int connection_ap_finished_flushing(connection_t *conn);
-int connection_ap_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local);
+int connection_ap_create_listener(struct sockaddr_in *local);
int connection_ap_handle_listener_read(connection_t *conn);
@@ -534,7 +534,7 @@ int connection_op_process_inbuf(connection_t *conn);
int connection_op_finished_flushing(connection_t *conn);
-int connection_op_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local);
+int connection_op_create_listener(struct sockaddr_in *local);
int connection_op_handle_listener_read(connection_t *conn);
@@ -554,11 +554,11 @@ int or_handshake_client_send_auth(connection_t *conn);
int or_handshake_server_process_auth(connection_t *conn);
int or_handshake_server_process_nonce(connection_t *conn);
-connection_t *connect_to_router_as_or(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local);
-connection_t *connection_or_connect_as_or(routerinfo_t *router, crypto_pk_env_t *prkey, struct sockaddr_in *local);
+connection_t *connect_to_router_as_or(routerinfo_t *router, struct sockaddr_in *local);
+connection_t *connection_or_connect_as_or(routerinfo_t *router, struct sockaddr_in *local);
connection_t *connection_or_connect_as_op(routerinfo_t *router, struct sockaddr_in *local);
-int connection_or_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local);
+int connection_or_create_listener(struct sockaddr_in *local);
int connection_or_handle_listener_read(connection_t *conn);
/********************************* directory.c ***************************/
@@ -570,11 +570,13 @@ int connection_dir_process_inbuf(connection_t *conn);
int directory_handle_command(connection_t *conn);
int directory_handle_reading(connection_t *conn);
int connection_dir_finished_flushing(connection_t *conn);
-int connection_dir_create_listener(crypto_pk_env_t *prkey, struct sockaddr_in *local);
+int connection_dir_create_listener(struct sockaddr_in *local);
int connection_dir_handle_listener_read(connection_t *conn);
/********************************* main.c ***************************/
+void setprivatekey(crypto_pk_env_t *k);
+crypto_pk_env_t *getprivatekey(void);
int connection_add(connection_t *conn);
int connection_remove(connection_t *conn);
void connection_set_poll_socket(connection_t *conn);
@@ -647,7 +649,7 @@ tracked_onion_t *id_tracked_onion(unsigned char *onion, uint32_t onionlen, track
/********************************* routers.c ***************************/
-void router_retry_connections(crypto_pk_env_t *prkey, struct sockaddr_in *local);
+void router_retry_connections(struct sockaddr_in *local);
routerinfo_t *router_pick_directory_server(void);
routerinfo_t *router_get_by_addr_port(uint32_t addr, uint16_t port);
unsigned int *router_new_route(int *routelen);
diff --git a/src/or/routers.c b/src/or/routers.c
index dd0ddf2f2..f40a5d889 100644
--- a/src/or/routers.c
+++ b/src/or/routers.c
@@ -35,7 +35,7 @@ static routerinfo_t *router_get_entry_from_string(char **s);
/****************************************************************************/
-void router_retry_connections(crypto_pk_env_t *prkey, struct sockaddr_in *local) {
+void router_retry_connections(struct sockaddr_in *local) {
int i;
routerinfo_t *router;
@@ -43,7 +43,7 @@ void router_retry_connections(crypto_pk_env_t *prkey, struct sockaddr_in *local)
router = router_array[i];
if(!connection_exact_get_by_addr_port(router->addr,router->or_port)) { /* not in the list */
log(LOG_DEBUG,"retry_all_connections(): connecting to OR %s:%u.",router->address,router->or_port);
- connection_or_connect_as_or(router, prkey, local);
+ connection_or_connect_as_or(router, local);
}
}
}
generated by cgit v1.2.3 (git 2.45.0) at 2024-11-25 04:31:50 +0000