Inicio Explorar Ayuda
Iniciar sesión
piros
/
tor
3
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: 9e5cafc395
Ramas Etiquetas
tor
/
src
/
or
/
routers.c

routers.c 28 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067 
  1. /* Copyright 2001,2002 Roger Dingledine, Matej Pfajfar. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. /* $Id$ */
    4. 

  4. 

  5. #define OR_PUBLICKEY_BEGIN_TAG "-----BEGIN RSA PUBLIC KEY-----\n"
    6. 

  6. #define OR_PUBLICKEY_END_TAG "-----END RSA PUBLIC KEY-----\n"
    7. 

  7. #define OR_SIGNATURE_BEGIN_TAG "-----BEGIN SIGNATURE-----\n"
    8. 

  8. #define OR_SIGNATURE_END_TAG "-----END SIGNATURE-----\n"
    9. 

  9. 

  10. #include "or.h"
    11. 

  11. 

  12. /****************************************************************************/
    13. 

  13. 

  14. /* router array */
    15. 

  15. static directory_t *directory = NULL;
    16. 

  16. 

  17. extern or_options_t options; /* command-line and config-file options */
    18. 

  18. extern routerinfo_t *my_routerinfo; /* from main.c */
    19. 

  19. 

  20. /****************************************************************************/
    21. 

  21. 

  22. struct directory_token;
    23. 

  23. typedef struct directory_token directory_token_t;
    24. 

  24. 

  25. /* static function prototypes */
    26. 

  26. void routerlist_free(routerinfo_t *list);
    27. 

  27. static char *eat_whitespace(char *s);
    28. 

  28. static char *eat_whitespace_no_nl(char *s);
    29. 

  29. static char *find_whitespace(char *s);
    30. 

  30. static void router_free_exit_policy(routerinfo_t *router);
    31. 

  31. static int router_add_exit_policy(routerinfo_t *router, 
    32. 

  32.                                   directory_token_t *tok);
    33. 

  33. static int 
    34. 

  34. router_resolve_directory(directory_t *dir);
    35. 

  35. 

  36. /****************************************************************************/
    37. 

  37. 

  38. int learn_my_address(struct sockaddr_in *me) {
    39. 

  39.   /* local host information */
    40. 

  40.   char localhostname[256];
    41. 

  41.   struct hostent *localhost;
    42. 

  42.   static struct sockaddr_in answer;
    43. 

  43.   static int already_learned=0;
    44. 

  44. 

  45.   if(!already_learned) {
    46. 

  46.     /* obtain local host information */
    47. 

  47.     if(gethostname(localhostname,sizeof(localhostname)) < 0) {
    48. 

  48.       log_fn(LOG_WARNING,"Error obtaining local hostname");
    49. 

  49.       return -1;
    50. 

  50.     }
    51. 

  51.     log_fn(LOG_DEBUG,"localhostname is '%s'.",localhostname);
    52. 

  52.     localhost = gethostbyname(localhostname);
    53. 

  53.     if (!localhost) {
    54. 

  54.       log_fn(LOG_WARNING,"Error obtaining local host info.");
    55. 

  55.       /* XXX maybe this is worse than warning? bad things happen when we don't know ourselves */
    56. 

  56.       return -1;
    57. 

  57.     }
    58. 

  58.     memset(&answer,0,sizeof(struct sockaddr_in));
    59. 

  59.     answer.sin_family = AF_INET;
    60. 

  60.     memcpy((void *)&answer.sin_addr,(void *)localhost->h_addr,sizeof(struct in_addr));
    61. 

  61.     answer.sin_port = htons((uint16_t) options.ORPort);
    62. 

  62.     log_fn(LOG_DEBUG,"chose address as '%s'.",inet_ntoa(answer.sin_addr));
    63. 

  63.     if (!strncmp("127.",inet_ntoa(answer.sin_addr), 4) &&
    64. 

  64.         strcasecmp(localhostname, "localhost")) {
    65. 

  65.       /* We're a loopback IP but we're not called localhost.  Uh oh! */
    66. 

  66.       log_fn(LOG_WARNING, "Got a loopback address: /etc/hosts may be wrong");
    67. 

  67.     }
    68. 

  68.     already_learned = 1;
    69. 

  69.   }
    70. 

  70.   memcpy(me,&answer,sizeof(struct sockaddr_in));
    71. 

  71.   return 0;
    72. 

  72. }
    73. 

  73. 

  74. void router_retry_connections(void) {
    75. 

  75.   int i;
    76. 

  76.   routerinfo_t *router;
    77. 

  77. 

  78.   for (i=0;i<directory->n_routers;i++) {
    79. 

  79.     router = directory->routers[i];
    80. 

  80.     if(!connection_exact_get_by_addr_port(router->addr,router->or_port)) { /* not in the list */
    81. 

  81.       log_fn(LOG_DEBUG,"connecting to OR %s:%u.",router->address,router->or_port);
    82. 

  82.       connection_or_connect(router);
    83. 

  83.     }
    84. 

  84.   }
    85. 

  85. }
    86. 

  86. 

  87. routerinfo_t *router_pick_directory_server(void) {
    88. 

  88.   /* currently, pick the first router with a positive dir_port */
    89. 

  89.   int i;
    90. 

  90.   routerinfo_t *router;
    91. 

  91.   
    92. 

  92.   if(!directory)
    93. 

  93.     return NULL;
    94. 

  94. 

  95.   for(i=0;i<directory->n_routers;i++) {
    96. 

  96.     router = directory->routers[i];
    97. 

  97.     if(router->dir_port > 0)
    98. 

  98.       return router;
    99. 

  99.   }
    100. 

  100. 

  101.   return NULL;
    102. 

  102. }
    103. 

  103. 

  104. void router_upload_desc_to_dirservers(void) {
    105. 

  105.   int i;
    106. 

  106.   routerinfo_t *router;
    107. 

  107. 

  108.   if(!directory)
    109. 

  109.     return;
    110. 

  110. 

  111.   for(i=0;i<directory->n_routers;i++) {
    112. 

  112.     router = directory->routers[i];
    113. 

  113.     if(router->dir_port > 0)
    114. 

  114.       directory_initiate_command(router, DIR_CONN_STATE_CONNECTING_UPLOAD);
    115. 

  115.   }
    116. 

  116. }
    117. 

  117. 

  118. routerinfo_t *router_get_by_addr_port(uint32_t addr, uint16_t port) {
    119. 

  119.   int i;
    120. 

  120.   routerinfo_t *router;
    121. 

  121. 

  122.   assert(directory);
    123. 

  123. 

  124.   for(i=0;i<directory->n_routers;i++) {
    125. 

  125.     router = directory->routers[i];
    126. 

  126.     if ((router->addr == addr) && (router->or_port == port))
    127. 

  127.       return router;
    128. 

  128.   }
    129. 

  129. 

  130.   return NULL;
    131. 

  131. }
    132. 

  132. 

  133. routerinfo_t *router_get_by_link_pk(crypto_pk_env_t *pk) 
    134. 

  134. {
    135. 

  135.   int i;
    136. 

  136.   routerinfo_t *router;
    137. 

  137. 

  138.   assert(directory);
    139. 

  139. 

  140.   for(i=0;i<directory->n_routers;i++) {
    141. 

  141.     router = directory->routers[i];
    142. 

  142.     if (0 == crypto_pk_cmp_keys(router->link_pkey, pk))
    143. 

  143.       return router;
    144. 

  144.   }
    145. 

  145.   
    146. 

  146.   return NULL;
    147. 

  147. }
    148. 

  148. 

  149. #if 0 
    150. 

  150. routerinfo_t *router_get_by_identity_pk(crypto_pk_env_t *pk) 
    151. 

  151. {
    152. 

  152.   int i;
    153. 

  153.   routerinfo_t *router;
    154. 

  154. 

  155.   assert(directory);
    156. 

  156. 

  157.   for(i=0;i<directory->n_routers;i++) {
    158. 

  158.     router = directory->routers[i];
    159. 

  159.     /* XXX Should this really be a separate link key? */
    160. 

  160.     if (0 == crypto_pk_cmp_keys(router->identity_pkey, pk))
    161. 

  161.       return router;
    162. 

  162.   }
    163. 

  163.   
    164. 

  164.   return NULL;
    165. 

  165. }
    166. 

  166. #endif
    167. 

  167.  
    168. 

  168. 

  169. void router_get_directory(directory_t **pdirectory) {
    170. 

  170.   *pdirectory = directory;
    171. 

  171. }
    172. 

  172. 

  173. /* return 1 if addr and port corresponds to my addr and my or_listenport. else 0,
    174. 

  174.  * or -1 for failure.
    175. 

  175.  */
    176. 

  176. int router_is_me(uint32_t addr, uint16_t port)
    177. 

  177. {
    178. 

  178.   /* XXXX Should this check the key too? */
    179. 

  179.   struct sockaddr_in me; /* my router identity */
    180. 

  180. 

  181.   if(!options.OnionRouter) {
    182. 

  182.     /* we're not an OR. This obviously isn't us. */
    183. 

  183.     return 0;
    184. 

  184.   }
    185. 

  185.  
    186. 

  186.   if(learn_my_address(&me) < 0)
    187. 

  187.     return -1;
    188. 

  188.     /* XXX people call this function like a boolean. that's bad news: -1 is true. */
    189. 

  189. 

  190.   if(ntohl(me.sin_addr.s_addr) == addr && ntohs(me.sin_port) == port)
    191. 

  191.     return 1;
    192. 

  192. 

  193.   return 0;
    194. 

  194. 

  195. }
    196. 

  196. 

  197. /* delete a list of routers from memory */
    198. 

  198. void routerinfo_free(routerinfo_t *router)
    199. 

  199. {
    200. 

  200.   struct exit_policy_t *e = NULL, *etmp = NULL;
    201. 

  201.   
    202. 

  202.   if (!router)
    203. 

  203.     return;
    204. 

  204. 

  205.   if (router->address)
    206. 

  206.     free(router->address);
    207. 

  207.   if (router->onion_pkey)
    208. 

  208.     crypto_free_pk_env(router->onion_pkey);
    209. 

  209.   if (router->link_pkey)
    210. 

  210.     crypto_free_pk_env(router->link_pkey);
    211. 

  211.   if (router->identity_pkey)
    212. 

  212.     crypto_free_pk_env(router->identity_pkey);
    213. 

  213.   e = router->exit_policy;
    214. 

  214.   while (e) {
    215. 

  215.     etmp = e->next;
    216. 

  216.     if (e->string) free(e->string);
    217. 

  217.     if (e->address) free(e->address);
    218. 

  218.     if (e->port) free(e->port);
    219. 

  219.     free(e);
    220. 

  220.     e = etmp;
    221. 

  221.   }
    222. 

  222.   free(router);
    223. 

  223. }
    224. 

  224. 

  225. void directory_free(directory_t *directory)
    226. 

  226. {
    227. 

  227.   int i;
    228. 

  228.   for (i = 0; i < directory->n_routers; ++i)
    229. 

  229.     routerinfo_free(directory->routers[i]);
    230. 

  230.   if (directory->routers)
    231. 

  231.     free(directory->routers);
    232. 

  232.   if(directory->software_versions)
    233. 

  233.     free(directory->software_versions);
    234. 

  234.   free(directory);
    235. 

  235. }
    236. 

  236. 

  237. void router_forget_router(uint32_t addr, uint16_t port) {
    238. 

  238.   int i;
    239. 

  239.   routerinfo_t *router;
    240. 

  240. 

  241.   router = router_get_by_addr_port(addr,port);
    242. 

  242.   if(!router) /* we don't seem to know about him in the first place */
    243. 

  243.     return;
    244. 

  244. 

  245.   /* now walk down router_array until we get to router */
    246. 

  246.   for(i=0;i<directory->n_routers;i++)
    247. 

  247.     if(directory->routers[i] == router)
    248. 

  248.       break;
    249. 

  249. 

  250.   assert(i != directory->n_routers); /* if so then router_get_by_addr_port should have returned null */
    251. 

  251. 

  252. //  free(router); /* don't actually free; we'll free it when we free the whole thing */
    253. 

  253. 

  254. //  log(LOG_DEBUG,"router_forget_router(): Forgot about router %d:%d",addr,port);
    255. 

  255.   for(; i<directory->n_routers-1;i++)
    256. 

  256.     directory->routers[i] = directory->routers[i+1];
    257. 

  257.   /* XXX bug, we're not decrementing n_routers here? needs more attention. -RD */
    258. 

  258. }
    259. 

  259. 

  260. /* load the router list */
    261. 

  261. int router_get_list_from_file(char *routerfile)
    262. 

  262. {
    263. 

  263.   int fd; /* router file */
    264. 

  264.   struct stat statbuf;
    265. 

  265.   char *string;
    266. 

  266. 

  267.   assert(routerfile);
    268. 

  268.   
    269. 

  269.   if (strcspn(routerfile,CONFIG_LEGAL_FILENAME_CHARACTERS) != 0) {
    270. 

  270.     log_fn(LOG_WARNING,"Filename %s contains illegal characters.",routerfile);
    271. 

  271.     return -1;
    272. 

  272.   }
    273. 

  273.   
    274. 

  274.   if(stat(routerfile, &statbuf) < 0) {
    275. 

  275.     log_fn(LOG_WARNING,"Could not stat %s.",routerfile);
    276. 

  276.     return -1;
    277. 

  277.   }
    278. 

  278. 

  279.   /* open the router list */
    280. 

  280.   fd = open(routerfile,O_RDONLY,0);
    281. 

  281.   if (fd<0) {
    282. 

  282.     log_fn(LOG_WARNING,"Could not open %s.",routerfile);
    283. 

  283.     return -1;
    284. 

  284.   }
    285. 

  285. 

  286.   string = tor_malloc(statbuf.st_size+1);
    287. 

  287. 

  288.   if(read(fd,string,statbuf.st_size) != statbuf.st_size) {
    289. 

  289.     log_fn(LOG_WARNING,"Couldn't read all %ld bytes of file '%s'.",
    290. 

  290.            (long)statbuf.st_size,routerfile);
    291. 

  291.     free(string);
    292. 

  292.     close(fd);
    293. 

  293.     return -1;
    294. 

  294.   }
    295. 

  295.   close(fd);
    296. 

  296.   
    297. 

  297.   string[statbuf.st_size] = 0; /* null terminate it */
    298. 

  298. 

  299.   if(router_get_list_from_string(string) < 0) {
    300. 

  300.     log_fn(LOG_WARNING,"The routerfile itself was corrupt.");
    301. 

  301.     free(string);
    302. 

  302.     return -1;
    303. 

  303.   }
    304. 

  304. 

  305.   free(string);
    306. 

  306.   return 0;
    307. 

  307. } 
    308. 

  308. 

  309. 

  310. typedef enum {
    311. 

  311.   K_ACCEPT,
    312. 

  312.   K_DIRECTORY_SIGNATURE,
    313. 

  313.   K_RECOMMENDED_SOFTWARE,
    314. 

  314.   K_REJECT, 
    315. 

  315.   K_ROUTER, 
    316. 

  316.   K_SIGNED_DIRECTORY,
    317. 

  317.   K_SIGNING_KEY,
    318. 

  318.   K_ONION_KEY,
    319. 

  319.   K_LINK_KEY,
    320. 

  320.   K_ROUTER_SIGNATURE,
    321. 

  321.   _SIGNATURE, 
    322. 

  322.   _PUBLIC_KEY, 
    323. 

  323.   _ERR, 
    324. 

  324.   _EOF 
    325. 

  325. } directory_keyword;
    326. 

  326. 

  327. struct token_table_ent { char *t; int v; };
    328. 

  328. 

  329. static struct token_table_ent token_table[] = {
    330. 

  330.   { "accept", K_ACCEPT },
    331. 

  331.   { "directory-signature", K_DIRECTORY_SIGNATURE },
    332. 

  332.   { "reject", K_REJECT },
    333. 

  333.   { "router", K_ROUTER },
    334. 

  334.   { "recommended-software", K_RECOMMENDED_SOFTWARE },
    335. 

  335.   { "signed-directory", K_SIGNED_DIRECTORY },
    336. 

  336.   { "signing-key", K_SIGNING_KEY },
    337. 

  337.   { "onion-key", K_ONION_KEY },
    338. 

  338.   { "link-key", K_LINK_KEY },
    339. 

  339.   { "router-signature", K_ROUTER_SIGNATURE },
    340. 

  340.   { NULL, -1 }
    341. 

  341. };
    342. 

  342. 

  343. #define MAX_ARGS 8
    344. 

  344. struct directory_token {
    345. 

  345.   directory_keyword tp;
    346. 

  346.   union {
    347. 

  347.     struct {
    348. 

  348.       char *args[MAX_ARGS+1]; 
    349. 

  349.       int n_args;
    350. 

  350.     } cmd;
    351. 

  351.     char *signature;
    352. 

  352.     char *error;
    353. 

  353.     crypto_pk_env_t *public_key;
    354. 

  354.   } val;
    355. 

  355. };
    356. 

  356. 

  357. /* Free any malloced resources allocated for a token.  Don't call this if
    358. 

  358.    you inherit the reference to those resources.
    359. 

  359.  */
    360. 

  360. static void
    361. 

  361. router_release_token(directory_token_t *tok)
    362. 

  362. {
    363. 

  363.   switch (tok->tp) 
    364. 

  364.     {
    365. 

  365.     case _SIGNATURE:
    366. 

  366.       free(tok->val.signature);
    367. 

  367.       break;
    368. 

  368.     case _PUBLIC_KEY:
    369. 

  369.       crypto_free_pk_env(tok->val.public_key);
    370. 

  370.       break;
    371. 

  371.     default:
    372. 

  372.       break;
    373. 

  373.     }
    374. 

  374. }
    375. 

  375. 

  376. static int
    377. 

  377. _router_get_next_token(char **s, directory_token_t *tok) {
    378. 

  378.   char *next;
    379. 

  379.   crypto_pk_env_t *pkey = NULL;
    380. 

  380.   char *signature = NULL;
    381. 

  381.   int i, done;
    382. 

  382. 

  383.   tok->tp = _ERR;
    384. 

  384.   tok->val.error = "";
    385. 

  385. 

  386.   *s = eat_whitespace(*s);
    387. 

  387.   if (!**s) {
    388. 

  388.     tok->tp = _EOF;
    389. 

  389.     return 0;
    390. 

  390.   } else if (**s == '-') {
    391. 

  391.     next = strchr(*s, '\n');
    392. 

  392.     if (! next) { tok->val.error = "No newline at EOF"; return -1; }
    393. 

  393.     ++next;
    394. 

  394.     if (! strncmp(*s, OR_PUBLICKEY_BEGIN_TAG, next-*s)) {
    395. 

  395.       next = strstr(*s, OR_PUBLICKEY_END_TAG);
    396. 

  396.       if (!next) { tok->val.error = "No public key end tag found"; return -1; }
    397. 

  397.       next = strchr(next, '\n'); /* Part of OR_PUBLICKEY_END_TAG; can't fail.*/
    398. 

  398.       ++next;
    399. 

  399.       if (!(pkey = crypto_new_pk_env(CRYPTO_PK_RSA))) 
    400. 

  400.         return -1;
    401. 

  401.       if (crypto_pk_read_public_key_from_string(pkey, *s, next-*s)) {
    402. 

  402.         crypto_free_pk_env(pkey);
    403. 

  403.         tok->val.error = "Couldn't parse public key.";
    404. 

  404.         return -1;
    405. 

  405.       }
    406. 

  406.       tok->tp = _PUBLIC_KEY;
    407. 

  407.       tok->val.public_key = pkey;
    408. 

  408.       *s = next;
    409. 

  409.       return 0;
    410. 

  410.     } else if (! strncmp(*s, OR_SIGNATURE_BEGIN_TAG, next-*s)) {
    411. 

  411.       /* Advance past newline; can't fail. */
    412. 

  412.       *s = strchr(*s, '\n'); 
    413. 

  413.       ++*s;
    414. 

  414.       /* Find end of base64'd data */
    415. 

  415.       next = strstr(*s, OR_SIGNATURE_END_TAG);
    416. 

  416.       if (!next) { tok->val.error = "No signature end tag found"; return -1; }
    417. 

  417.       
    418. 

  418.       signature = tor_malloc(256);
    419. 

  419.       i = base64_decode(signature, 256, *s, next-*s);
    420. 

  420.       if (i<0) {
    421. 

  421.         free(signature);
    422. 

  422.         tok->val.error = "Error decoding signature."; return -1;
    423. 

  423.       } else if (i != 128) {
    424. 

  424.         free(signature);
    425. 

  425.         tok->val.error = "Bad length on decoded signature."; return -1;
    426. 

  426.       }
    427. 

  427.       tok->tp = _SIGNATURE;
    428. 

  428.       tok->val.signature = signature;
    429. 

  429. 

  430.       next = strchr(next, '\n'); /* Part of OR_SIGNATURE_END_TAG; can't fail.*/
    431. 

  431.       *s = next+1;
    432. 

  432.       return 0;
    433. 

  433.     } else {
    434. 

  434.       tok->val.error = "Unrecognized begin line"; return -1;
    435. 

  435.     }
    436. 

  436.   } else {
    437. 

  437.     next = find_whitespace(*s);
    438. 

  438.     if (!next) {
    439. 

  439.       tok->val.error = "Unexpected EOF"; return -1;
    440. 

  440.     }
    441. 

  441.     for (i = 0 ; token_table[i].t ; ++i) {
    442. 

  442.       if (!strncmp(token_table[i].t, *s, next-*s)) {
    443. 

  443.         tok->tp = token_table[i].v;
    444. 

  444.         i = 0;
    445. 

  445.         done = (*next == '\n');
    446. 

  446.         *s = eat_whitespace_no_nl(next);
    447. 

  447.         while (**s != '\n' && i <= MAX_ARGS && !done) {
    448. 

  448.           next = find_whitespace(*s);
    449. 

  449.           if (*next == '\n')
    450. 

  450.             done = 1;
    451. 

  451.           *next = 0;
    452. 

  452.           tok->val.cmd.args[i++] = *s;
    453. 

  453.           *s = eat_whitespace_no_nl(next+1);
    454. 

  454.         };
    455. 

  455.         tok->val.cmd.n_args = i;
    456. 

  456.         if (i > MAX_ARGS) {
    457. 

  457.           tok->tp = _ERR;
    458. 

  458.           tok->val.error = "Too many arguments"; return -1;
    459. 

  459.         }
    460. 

  460.         return 0;
    461. 

  461.       }
    462. 

  462.     }
    463. 

  463.     tok->val.error = "Unrecognized command"; return -1;
    464. 

  464.   }
    465. 

  465. }
    466. 

  466. 

  467. #ifdef DEBUG_ROUTER_TOKENS
    468. 

  468. static void 
    469. 

  469. router_dump_token(directory_token_t *tok) {
    470. 

  470.   int i;
    471. 

  471.   switch(tok->tp) 
    472. 

  472.     {
    473. 

  473.     case _SIGNATURE:
    474. 

  474.       puts("(signature)");
    475. 

  475.       return;
    476. 

  476.     case _PUBLIC_KEY:
    477. 

  477.       puts("(public key)");
    478. 

  478.       return;
    479. 

  479.     case _ERR:
    480. 

  480.       printf("(Error: %s\n)", tok->val.error);
    481. 

  481.       return;
    482. 

  482.     case _EOF:
    483. 

  483.       puts("EOF");
    484. 

  484.       return;
    485. 

  485.     case K_ACCEPT: printf("Accept"); break;
    486. 

  486.     case K_DIRECTORY_SIGNATURE: printf("Directory-Signature"); break;
    487. 

  487.     case K_REJECT: printf("Reject"); break;
    488. 

  488.     case K_RECOMMENDED_SOFTWARE: printf("Server-Software"); break;
    489. 

  489.     case K_ROUTER: printf("Router"); break;
    490. 

  490.     case K_SIGNED_DIRECTORY: printf("Signed-Directory"); break;
    491. 

  491.     case K_SIGNING_KEY: printf("Signing-Key"); break;
    492. 

  492.     case K_ONION_KEY: printf("Onion-key"); break;
    493. 

  493.     case K_LINK_KEY: printf("Link-key"); break;
    494. 

  494.     case K_ROUTER_SIGNATURE: printf("Router-signature"); break;
    495. 

  495.     default:
    496. 

  496.       printf("?????? %d\n", tok->tp); return;
    497. 

  497.     }
    498. 

  498.   for (i = 0; i < tok->val.cmd.n_args; ++i) {
    499. 

  499.     printf(" \"%s\"", tok->val.cmd.args[i]);
    500. 

  500.   }
    501. 

  501.   printf("\n");
    502. 

  502.   return;
    503. 

  503. }
    504. 

  504. static int
    505. 

  505. router_get_next_token(char **s, directory_token_t *tok) {
    506. 

  506.   int i;
    507. 

  507.   i = _router_get_next_token(s, tok);
    508. 

  508.   router_dump_token(tok);
    509. 

  509.   return i;
    510. 

  510. }
    511. 

  511. #else
    512. 

  512. #define router_get_next_token _router_get_next_token
    513. 

  513. #endif
    514. 

  514. 

  515. 

  516. 

  517. /* return the first char of s that is not whitespace and not a comment */
    518. 

  518. static char *eat_whitespace(char *s) {
    519. 

  519.   assert(s);
    520. 

  520. 

  521.   while(isspace(*s) || *s == '#') {
    522. 

  522.     while(isspace(*s))
    523. 

  523.       s++;
    524. 

  524.     if(*s == '#') { /* read to a \n or \0 */
    525. 

  525.       while(*s && *s != '\n')
    526. 

  526.         s++;
    527. 

  527.       if(!*s)
    528. 

  528.         return s;
    529. 

  529.     }
    530. 

  530.   }
    531. 

  531.   return s;
    532. 

  532. }
    533. 

  533. 

  534. static char *eat_whitespace_no_nl(char *s) {
    535. 

  535.   while(*s == ' ' || *s == '\t') 
    536. 

  536.     ++s;
    537. 

  537.   return s;
    538. 

  538. }
    539. 

  539. 

  540. /* return the first char of s that is whitespace or '#' or '\0 */
    541. 

  541. static char *find_whitespace(char *s) {
    542. 

  542.   assert(s);
    543. 

  543. 

  544.   while(*s && !isspace(*s) && *s != '#')
    545. 

  545.     s++;
    546. 

  546. 

  547.   return s;
    548. 

  548. }
    549. 

  549. 

  550. int router_get_list_from_string(char *s) 
    551. 

  551. {
    552. 

  552.   if (router_get_list_from_string_impl(&s, &directory)) {
    553. 

  553.     log(LOG_WARNING, "Error parsing router file");
    554. 

  554.     return -1;
    555. 

  555.   }
    556. 

  556.   if (router_resolve_directory(directory)) {
    557. 

  557.     log(LOG_WARNING, "Error resolving directory");
    558. 

  558.     return -1;
    559. 

  559.   }
    560. 

  560.   return 0;
    561. 

  561. }
    562. 

  562. 

  563. static int router_get_hash_impl(char *s, char *digest, const char *start_str,
    564. 

  564.                                 const char *end_str) 
    565. 

  565. {
    566. 

  566.   char *start, *end;
    567. 

  567.   start = strstr(s, start_str);
    568. 

  568.   if (!start) {
    569. 

  569.     log_fn(LOG_WARNING,"couldn't find \"%s\"",start_str);
    570. 

  570.     return -1;
    571. 

  571.   }
    572. 

  572.   end = strstr(start+strlen(start_str), end_str);
    573. 

  573.   if (!end) {
    574. 

  574.     log_fn(LOG_WARNING,"couldn't find \"%s\"",end_str);
    575. 

  575.     return -1;
    576. 

  576.   }
    577. 

  577.   end = strchr(end, '\n');
    578. 

  578.   if (!end) {
    579. 

  579.     log_fn(LOG_WARNING,"couldn't find EOL");
    580. 

  580.     return -1;
    581. 

  581.   }
    582. 

  582.   ++end;
    583. 

  583.   
    584. 

  584.   if (crypto_SHA_digest(start, end-start, digest)) {
    585. 

  585.     log_fn(LOG_WARNING,"couldn't compute digest");
    586. 

  586.     return -1;
    587. 

  587.   }
    588. 

  588. 

  589.   return 0;
    590. 

  590. }
    591. 

  591. 

  592. static int router_get_dir_hash(char *s, char *digest)
    593. 

  593. {
    594. 

  594.   return router_get_hash_impl(s,digest,
    595. 

  595.                               "signed-directory","directory-signature");
    596. 

  596. }
    597. 

  597. int router_get_router_hash(char *s, char *digest)
    598. 

  598. {
    599. 

  599.   return router_get_hash_impl(s,digest,
    600. 

  600.                               "router ","router-signature");
    601. 

  601. }
    602. 

  602. 

  603. /* return 0 if myversion is in start. Else return -1. */
    604. 

  604. int compare_recommended_versions(char *myversion, char *start) {
    605. 

  605.   int len_myversion = strlen(myversion);
    606. 

  606.   char *comma;
    607. 

  607.   char *end = start + strlen(start);
    608. 

  608. 

  609.   log_fn(LOG_DEBUG,"checking '%s' in '%s'.", myversion, start);
    610. 

  610.   
    611. 

  611.   for(;;) {
    612. 

  612.     comma = strchr(start, ',');
    613. 

  613.     if( ((comma ? comma : end) - start == len_myversion) &&
    614. 

  614.        !strncmp(start, myversion, len_myversion)) /* only do strncmp if the length matches */
    615. 

  615.         return 0; /* success, it's there */
    616. 

  616.     if(!comma)
    617. 

  617.       return -1; /* nope */
    618. 

  618.     start = comma+1;
    619. 

  619.   }
    620. 

  620. }
    621. 

  621. 

  622. int router_get_dir_from_string(char *s, crypto_pk_env_t *pkey)
    623. 

  623. {
    624. 

  624.   if (router_get_dir_from_string_impl(s, &directory, pkey)) {
    625. 

  625.     log_fn(LOG_WARNING, "Couldn't parse directory.");
    626. 

  626.     return -1;
    627. 

  627.   }
    628. 

  628.   if (router_resolve_directory(directory)) {
    629. 

  629.     log_fn(LOG_WARNING, "Error resolving directory");
    630. 

  630.     return -1;
    631. 

  631.   }
    632. 

  632.   if (compare_recommended_versions(VERSION, directory->software_versions) < 0) {
    633. 

  633.     log(LOG_WARNING, "You are running tor version %s, which is no longer supported.\nPlease upgrade to one of %s.", VERSION, RECOMMENDED_SOFTWARE_VERSIONS);
    634. 

  634.     if(options.IgnoreVersion) {
    635. 

  635.       log(LOG_WARNING, "IgnoreVersion is set. If it breaks, we told you so.");
    636. 

  636.     } else {
    637. 

  637.       log(LOG_ERR,"Set IgnoreVersion config variable if you want to proceed.");
    638. 

  638.       fflush(0);
    639. 

  639.       exit(0);
    640. 

  640.     }
    641. 

  641.   }
    642. 

  642. 

  643.   return 0;
    644. 

  644. }
    645. 

  645. 

  646. int router_get_dir_from_string_impl(char *s, directory_t **dest,
    647. 

  647.                                     crypto_pk_env_t *pkey)
    648. 

  648. {
    649. 

  649.   directory_token_t tok;
    650. 

  650.   char digest[20];
    651. 

  651.   char signed_digest[128];
    652. 

  652.   directory_t *new_dir = NULL;
    653. 

  653.   char *versions;
    654. 

  654.   
    655. 

  655. #define NEXT_TOK()                                                      \
    656. 

  656.   do {                                                                  \
    657. 

  657.     if (router_get_next_token(&s, &tok)) {                              \
    658. 

  658.       log_fn(LOG_WARNING, "Error reading directory: %s", tok.val.error);\
    659. 

  659.       return -1;                                                        \
    660. 

  660.     } } while (0)
    661. 

  661. #define TOK_IS(type,name)                                               \
    662. 

  662.   do {                                                                  \
    663. 

  663.     if (tok.tp != type) {                                               \
    664. 

  664.       router_release_token(&tok);                                       \
    665. 

  665.       log_fn(LOG_WARNING, "Error reading directory: expected %s", name);\
    666. 

  666.       return -1;                                                        \
    667. 

  667.     } } while(0)
    668. 

  668. 

  669.   if (router_get_dir_hash(s, digest)) {
    670. 

  670.     log_fn(LOG_WARNING, "Unable to compute digest of directory");
    671. 

  671.     goto err;
    672. 

  672.   }
    673. 

  673.   NEXT_TOK();
    674. 

  674.   TOK_IS(K_SIGNED_DIRECTORY, "signed-directory");
    675. 

  675. 

  676.   NEXT_TOK();
    677. 

  677.   TOK_IS(K_RECOMMENDED_SOFTWARE, "recommended-software");
    678. 

  678.   if (tok.val.cmd.n_args != 1) {
    679. 

  679.     log_fn(LOG_WARNING, "Invalid recommded-software line");
    680. 

  680.     goto err;
    681. 

  681.   }
    682. 

  682.   versions = strdup(tok.val.cmd.args[0]);
    683. 

  683.   
    684. 

  684.   if (router_get_list_from_string_impl(&s, &new_dir)) {
    685. 

  685.     log_fn(LOG_WARNING, "Error reading routers from directory");
    686. 

  686.     goto err;
    687. 

  687.   }
    688. 

  688.   new_dir->software_versions = versions;
    689. 

  689. 

  690.   NEXT_TOK();
    691. 

  691.   TOK_IS(K_DIRECTORY_SIGNATURE, "directory-signature");
    692. 

  692.   NEXT_TOK();
    693. 

  693.   TOK_IS(_SIGNATURE, "signature");
    694. 

  694.   if (pkey) {
    695. 

  695.     if (crypto_pk_public_checksig(pkey, tok.val.signature, 128, signed_digest)
    696. 

  696.         != 20) {
    697. 

  697.       log_fn(LOG_WARNING, "Error reading directory: invalid signature.");
    698. 

  698.       free(tok.val.signature);
    699. 

  699.       goto err;
    700. 

  700.     }
    701. 

  701.     if (memcmp(digest, signed_digest, 20)) {
    702. 

  702.       log_fn(LOG_WARNING, "Error reading directory: signature does not match.");
    703. 

  703.       free(tok.val.signature);
    704. 

  704.       goto err;
    705. 

  705.     }
    706. 

  706.   }
    707. 

  707.   free(tok.val.signature);
    708. 

  708. 

  709.   NEXT_TOK();
    710. 

  710.   TOK_IS(_EOF, "end of directory");
    711. 

  711. 

  712.   if (*dest) 
    713. 

  713.     directory_free(*dest);
    714. 

  714.   *dest = new_dir;
    715. 

  715. 

  716.   return 0;
    717. 

  717. 

  718.  err:
    719. 

  719.   if (new_dir)
    720. 

  720.     directory_free(new_dir);
    721. 

  721.   return -1;
    722. 

  722. #undef NEXT_TOK
    723. 

  723. #undef TOK_IS
    724. 

  724. }
    725. 

  725. 

  726. int router_get_list_from_string_impl(char **s, directory_t **dest)
    727. 

  727. {
    728. 

  728.   routerinfo_t *router;
    729. 

  729.   routerinfo_t **rarray;
    730. 

  730.   int rarray_len = 0;
    731. 

  731. 

  732.   assert(s);
    733. 

  733. 

  734.   rarray = (routerinfo_t **)tor_malloc((sizeof(routerinfo_t *))*MAX_ROUTERS_IN_DIR);
    735. 

  735. 

  736.   while (1) {
    737. 

  737.     *s = eat_whitespace(*s);
    738. 

  738.     if (strncmp(*s, "router ", 7)!=0)
    739. 

  739.       break;
    740. 

  740.     router = router_get_entry_from_string(s);
    741. 

  741.     if (!router) {
    742. 

  742.       log_fn(LOG_WARNING, "Error reading router");
    743. 

  743.       return -1;
    744. 

  744.     }
    745. 

  745.     if (rarray_len >= MAX_ROUTERS_IN_DIR) {
    746. 

  746.       log_fn(LOG_WARNING, "too many routers");
    747. 

  747.       routerinfo_free(router);
    748. 

  748.       continue;
    749. 

  749.     } 
    750. 

  750.     rarray[rarray_len++] = router;
    751. 

  751.   }
    752. 

  752.  
    753. 

  753.   if (*dest) 
    754. 

  754.     directory_free(*dest);
    755. 

  755.   *dest = (directory_t *)tor_malloc(sizeof(directory_t));
    756. 

  756.   (*dest)->routers = rarray;
    757. 

  757.   (*dest)->n_routers = rarray_len;
    758. 

  758.   (*dest)->software_versions = NULL;
    759. 

  759.   return 0;
    760. 

  760. }
    761. 

  761. 

  762. static int 
    763. 

  763. router_resolve(routerinfo_t *router)
    764. 

  764. {
    765. 

  765.   struct hostent *rent;
    766. 

  766. 

  767.   rent = (struct hostent *)gethostbyname(router->address);
    768. 

  768.   if (!rent) {
    769. 

  769.     log_fn(LOG_WARNING,"Could not get address for router %s.",router->address);
    770. 

  770.     return -1; 
    771. 

  771.   }
    772. 

  772.   assert(rent->h_length == 4);
    773. 

  773.   memcpy(&router->addr, rent->h_addr,rent->h_length);
    774. 

  774.   router->addr = ntohl(router->addr); /* get it back into host order */
    775. 

  775. 

  776.   return 0;
    777. 

  777. }
    778. 

  778. 

  779. static int 
    780. 

  780. router_resolve_directory(directory_t *dir)
    781. 

  781. {
    782. 

  782.   int i, max, remove;
    783. 

  783.   if (!dir)
    784. 

  784.     dir = directory;
    785. 

  785. 

  786.   max = dir->n_routers;
    787. 

  787.   for (i = 0; i < max; ++i) {
    788. 

  788.     remove = 0;
    789. 

  789.     if (router_resolve(dir->routers[i])) {
    790. 

  790.       log_fn(LOG_WARNING, "Couldn't resolve router %s; removing",
    791. 

  791.              dir->routers[i]->address);
    792. 

  792.       remove = 1;
    793. 

  793.       routerinfo_free(dir->routers[i]);
    794. 

  794.     } else if (router_is_me(dir->routers[i]->addr, dir->routers[i]->or_port)) {
    795. 

  795.       my_routerinfo = dir->routers[i];
    796. 

  796.       remove = 1;
    797. 

  797.     }
    798. 

  798.     if (remove) {
    799. 

  799.       dir->routers[i] = dir->routers[--max];
    800. 

  800.       --dir->n_routers;
    801. 

  801.       --i;
    802. 

  802.     }
    803. 

  803.   }
    804. 

  804.   
    805. 

  805.   return 0;
    806. 

  806. }
    807. 

  807. 

  808. /* reads a single router entry from s.
    809. 

  809.  * updates s so it points to after the router it just read.
    810. 

  810.  * mallocs a new router, returns it if all goes well, else returns NULL.
    811. 

  811.  */
    812. 

  812. routerinfo_t *router_get_entry_from_string(char**s) {
    813. 

  813.   routerinfo_t *router = NULL;
    814. 

  814. #if 0
    815. 

  815.   char signed_digest[128];
    816. 

  816. #endif
    817. 

  817.   char digest[128];
    818. 

  818.   directory_token_t _tok;
    819. 

  819.   directory_token_t *tok = &_tok;
    820. 

  820. 

  821. #define NEXT_TOKEN()                                                     \
    822. 

  822.   do { if (router_get_next_token(s, tok)) {                              \
    823. 

  823.       log_fn(LOG_WARNING, "Error reading directory: %s", tok->val.error);\
    824. 

  824.       goto err;                                                          \
    825. 

  825.     } } while(0)
    826. 

  826. 

  827. #define ARGS tok->val.cmd.args
    828. 

  828. 

  829.   if (router_get_router_hash(*s, digest) < 0)
    830. 

  830.     return NULL;
    831. 

  831. 

  832.   NEXT_TOKEN();
    833. 

  833. 

  834.   if (tok->tp != K_ROUTER) {
    835. 

  835.     router_release_token(tok);
    836. 

  836.     log_fn(LOG_WARNING,"Entry does not start with \"router\"");
    837. 

  837.     return NULL;
    838. 

  838.   }
    839. 

  839. 

  840.   router = tor_malloc(sizeof(routerinfo_t));
    841. 

  841.   memset(router,0,sizeof(routerinfo_t)); /* zero it out first */
    842. 

  842.   /* C doesn't guarantee that NULL is represented by 0 bytes.  You'll
    843. 

  843.      thank me for this someday. */
    844. 

  844.   router->onion_pkey = router->identity_pkey = router->link_pkey = NULL; 
    845. 

  845. 

  846.   if (tok->val.cmd.n_args != 5) {
    847. 

  847.     log_fn(LOG_WARNING,"Wrong # of arguments to \"router\"");
    848. 

  848.     goto err;
    849. 

  849.   }
    850. 

  850. 

  851.   /* read router.address */
    852. 

  852.   if (!(router->address = strdup(ARGS[0])))
    853. 

  853.     goto err;
    854. 

  854.   router->addr = 0;
    855. 

  855. 

  856.   /* Read router->or_port */
    857. 

  857.   router->or_port = atoi(ARGS[1]);
    858. 

  858.   if(!router->or_port) {
    859. 

  859.     log_fn(LOG_WARNING,"or_port unreadable or 0. Failing.");
    860. 

  860.     goto err;
    861. 

  861.   }
    862. 

  862.   
    863. 

  863.   /* Router->ap_port */
    864. 

  864.   router->ap_port = atoi(ARGS[2]);
    865. 

  865.   
    866. 

  866.   /* Router->dir_port */
    867. 

  867.   router->dir_port = atoi(ARGS[3]);
    868. 

  868. 

  869.   /* Router->bandwidth */
    870. 

  870.   router->bandwidth = atoi(ARGS[4]);
    871. 

  871.   if (!router->bandwidth) {
    872. 

  872.     log_fn(LOG_WARNING,"bandwidth unreadable or 0. Failing.");
    873. 

  873.   }
    874. 

  874.   
    875. 

  875.   log_fn(LOG_DEBUG,"or_port %d, ap_port %d, dir_port %d, bandwidth %d.",
    876. 

  876.     router->or_port, router->ap_port, router->dir_port, router->bandwidth);
    877. 

  877. 

  878.   NEXT_TOKEN();
    879. 

  879.   if (tok->tp != K_ONION_KEY) {
    880. 

  880.     log_fn(LOG_WARNING, "Missing onion-key"); goto err;
    881. 

  881.   }
    882. 

  882.   NEXT_TOKEN();
    883. 

  883.   if (tok->tp != _PUBLIC_KEY) {
    884. 

  884.     log_fn(LOG_WARNING, "Missing onion key"); goto err;
    885. 

  885.   } /* XXX Check key length */
    886. 

  886.   router->onion_pkey = tok->val.public_key;
    887. 

  887. 

  888.   NEXT_TOKEN();
    889. 

  889.   if (tok->tp != K_LINK_KEY) {
    890. 

  890.     log_fn(LOG_WARNING, "Missing link-key");  goto err;
    891. 

  891.   }
    892. 

  892.   NEXT_TOKEN();
    893. 

  893.   if (tok->tp != _PUBLIC_KEY) {
    894. 

  894.     log_fn(LOG_WARNING, "Missing link key"); goto err;
    895. 

  895.   } /* XXX Check key length */
    896. 

  896.   router->link_pkey = tok->val.public_key;
    897. 

  897. 

  898.   NEXT_TOKEN();
    899. 

  899.   if (tok->tp != K_SIGNING_KEY) {
    900. 

  900.     log_fn(LOG_WARNING, "Missing signing-key"); goto err;
    901. 

  901.   }
    902. 

  902.   NEXT_TOKEN();
    903. 

  903.   if (tok->tp != _PUBLIC_KEY) {
    904. 

  904.     log_fn(LOG_WARNING, "Missing signing key"); goto err;
    905. 

  905.   }
    906. 

  906.   router->identity_pkey = tok->val.public_key;
    907. 

  907. 

  908.   NEXT_TOKEN();
    909. 

  909.   while (tok->tp == K_ACCEPT || tok->tp == K_REJECT) {
    910. 

  910.     router_add_exit_policy(router, tok);
    911. 

  911.     NEXT_TOKEN();
    912. 

  912.   }
    913. 

  913.   
    914. 

  914.   if (tok->tp != K_ROUTER_SIGNATURE) {
    915. 

  915.     log_fn(LOG_WARNING,"Missing router signature");
    916. 

  916.     goto err;
    917. 

  917.   }
    918. 

  918.   NEXT_TOKEN();
    919. 

  919.   if (tok->tp != _SIGNATURE) {
    920. 

  920.     log_fn(LOG_WARNING,"Missing router signature");
    921. 

  921.     goto err;
    922. 

  922.   }
    923. 

  923.   assert (router->identity_pkey);
    924. 

  924. #if 0
    925. 

  925.   /* XXX This should get re-enabled, once directory servers properly
    926. 

  926.    * XXX relay signed router blocks. */
    927. 

  927.   if (crypto_pk_public_checksig(router->identity_pkey, tok->val.signature,
    928. 

  928.                                 128, signed_digest) != 20) {
    929. 

  929.     log_fn(LOG_WARNING, "Invalid signature");
    930. 

  930.     goto err;
    931. 

  931.   }
    932. 

  932.   if (memcmp(digest, signed_digest, 20)) {
    933. 

  933.     log_fn(LOG_WARNING, "Mismatched signature");
    934. 

  934.     goto err;
    935. 

  935.   }
    936. 

  936. #endif
    937. 

  937.   
    938. 

  938.   return router;
    939. 

  939. 

  940.  err:
    941. 

  941.   router_release_token(tok); 
    942. 

  942.   if(router->address)
    943. 

  943.     free(router->address);
    944. 

  944.   if(router->link_pkey)
    945. 

  945.     crypto_free_pk_env(router->link_pkey);
    946. 

  946.   if(router->onion_pkey)
    947. 

  947.     crypto_free_pk_env(router->onion_pkey);
    948. 

  948.   if(router->identity_pkey)
    949. 

  949.     crypto_free_pk_env(router->identity_pkey);
    950. 

  950.   router_free_exit_policy(router);
    951. 

  951.   free(router);
    952. 

  952.   return NULL;
    953. 

  953. #undef ARGS
    954. 

  954. #undef NEXT_TOKEN
    955. 

  955. }
    956. 

  956. 

  957. static void router_free_exit_policy(routerinfo_t *router) {
    958. 

  958.   struct exit_policy_t *tmpe;
    959. 

  959. 

  960.   while(router->exit_policy) {
    961. 

  961.     tmpe = router->exit_policy;
    962. 

  962.     router->exit_policy = tmpe->next;
    963. 

  963.     free(tmpe->string);
    964. 

  964.     free(tmpe->address);
    965. 

  965.     free(tmpe->port);
    966. 

  966.     free(tmpe);
    967. 

  967.   }
    968. 

  968. }
    969. 

  969. 

  970. static int router_add_exit_policy(routerinfo_t *router, 
    971. 

  971.                                   directory_token_t *tok) {
    972. 

  972.   struct exit_policy_t *tmpe, *newe;
    973. 

  973.   char *arg, *colon;
    974. 

  974. 

  975.   if (tok->val.cmd.n_args != 1)
    976. 

  976.     return -1;
    977. 

  977.   arg = tok->val.cmd.args[0];
    978. 

  978. 

  979.   newe = tor_malloc(sizeof(struct exit_policy_t));
    980. 

  980.   memset(newe,0,sizeof(struct exit_policy_t));
    981. 

  981.   
    982. 

  982.   newe->string = tor_malloc(8+strlen(arg));
    983. 

  983.   if (tok->tp == K_REJECT) {
    984. 

  984.     strcpy(newe->string, "reject ");
    985. 

  985.     newe->policy_type = EXIT_POLICY_REJECT;
    986. 

  986.   } else {
    987. 

  987.     assert(tok->tp == K_ACCEPT);
    988. 

  988.     strcpy(newe->string, "accept ");
    989. 

  989.     newe->policy_type = EXIT_POLICY_ACCEPT;
    990. 

  990.   }
    991. 

  991.   strcat(newe->string, arg);
    992. 

  992.   
    993. 

  993.   colon = strchr(arg,':');
    994. 

  994.   if(!colon)
    995. 

  995.     goto policy_read_failed;
    996. 

  996.   *colon = 0;
    997. 

  997.   newe->address = strdup(arg);
    998. 

  998.   newe->port = strdup(colon+1);
    999. 

  999. 

  1000.   log_fn(LOG_DEBUG,"%s %s:%s",
    1001. 

  1001.       newe->policy_type == EXIT_POLICY_REJECT ? "reject" : "accept",
    1002. 

  1002.       newe->address, newe->port);
    1003. 

  1003. 

  1004.   /* now link newe onto the end of exit_policy */
    1005. 

  1005. 

  1006.   if(!router->exit_policy) {
    1007. 

  1007.     router->exit_policy = newe;
    1008. 

  1008.     return 0;
    1009. 

  1009.   }
    1010. 

  1010. 

  1011.   for(tmpe=router->exit_policy; tmpe->next; tmpe=tmpe->next) ;
    1012. 

  1012.   tmpe->next = newe;
    1013. 

  1013. 

  1014.   return 0;
    1015. 

  1015. 

  1016. policy_read_failed:
    1017. 

  1017.   assert(newe->string);
    1018. 

  1018.   log_fn(LOG_WARNING,"Couldn't parse line '%s'. Dropping", newe->string);
    1019. 

  1019.   if(newe->string)
    1020. 

  1020.     free(newe->string);
    1021. 

  1021.   if(newe->address)
    1022. 

  1022.     free(newe->address);
    1023. 

  1023.   if(newe->port)
    1024. 

  1024.     free(newe->port);
    1025. 

  1025.   free(newe);
    1026. 

  1026.   return -1;
    1027. 

  1027. }
    1028. 

  1028. 

  1029. /* Return 0 if my exit policy says to allow connection to conn.
    1030. 

  1030.  * Else return -1.
    1031. 

  1031.  */
    1032. 

  1032. int router_compare_to_exit_policy(connection_t *conn) {
    1033. 

  1033.   struct exit_policy_t *tmpe;
    1034. 

  1034. 

  1035.   if(!my_routerinfo) {
    1036. 

  1036.     log_fn(LOG_WARNING, "my_routerinfo undefined! Rejected.");
    1037. 

  1037.     return -1;
    1038. 

  1038.   }
    1039. 

  1039. 

  1040.   for(tmpe=my_routerinfo->exit_policy; tmpe; tmpe=tmpe->next) {
    1041. 

  1041.     assert(tmpe->address);
    1042. 

  1042.     assert(tmpe->port);
    1043. 

  1043. 

  1044.     /* Totally ignore the address field of the exit policy, for now. */
    1045. 

  1045. 

  1046.     if(!strcmp(tmpe->port,"*") || atoi(tmpe->port) == conn->port) {
    1047. 

  1047.       log_fn(LOG_INFO,"Port '%s' matches '%d'. %s.",
    1048. 

  1048.           tmpe->port, conn->port,
    1049. 

  1049.           tmpe->policy_type == EXIT_POLICY_ACCEPT ? "Accepting" : "Rejecting");
    1050. 

  1050.       if(tmpe->policy_type == EXIT_POLICY_ACCEPT)
    1051. 

  1051.         return 0;
    1052. 

  1052.       else
    1053. 

  1053.         return -1;
    1054. 

  1054.     }
    1055. 

  1055.   }
    1056. 

  1056. 

  1057.   return 0; /* accept all by default. */
    1058. 

  1058. }
    1059. 

  1059. 

  1060. /*
    1061. 

  1061.   Local Variables:
    1062. 

  1062.   mode:c
    1063. 

  1063.   indent-tabs-mode:nil
    1064. 

  1064.   c-basic-offset:2
    1065. 

  1065.   End:
    1066. 

  1066. */
    1067. 

  1067.