Remove need for dirservers file: now, we note trusted dirservers in configuration options, and only need to remember addr:port and key digest for each one.

svn:r2479

doc/TODO

@@ -13,8 +13,8 @@ ARMA    - arma claims
 
       0.0.9pre2:
 R       . bandwidth buckets for write as well as read.
-N       - switch dirservers entries to config lines.
-N       - add three default dirplaces if we parse the whole torrc and
+        o switch dirservers entries to config lines.
+        o add three default dirplaces if we parse the whole torrc and
           no dirplaces are specified.
 N       - Handle rendezvousing with unverified nodes.
           - Specify: Stick rendezvous point's key in INTRODUCE cell.

src/config/Makefile.am

@@ -1,5 +1,5 @@
 confdir = $(sysconfdir)/tor
 
-EXTRA_DIST = dirservers
+EXTRA_DIST = 
 
-conf_DATA = dirservers torrc.sample
+conf_DATA = torrc.sample

src/config/torrc.sample.in

@@ -1,9 +1,5 @@
 # Configuration file for a typical tor user
 
-# List of routers. Tor nodes start out knowing about the directory
-# servers, and from them they get a list of currently up nodes.
-RouterFile @CONFDIR@/dirservers
-
 # Replace this with "SocksPort 0" if you don't want clients to connect.
 SocksPort 9050
 SocksBindAddress 127.0.0.1 # accept connections only from localhost
@@ -37,6 +33,14 @@ AllowUnverifiedNodes middle,rendezvous
 # Uncomment this to start the process in the background
 #RunAsDaemon 1
 
+# The three trusted directory servers on the current Tor network.  The entries
+# below are for moria1, moria2, and tor26 respectively.  Tor only trusts 
+# directories signed with one of these three keys, and uses the given addresses
+# to conntect to the trusted directory servers.
+DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
+DirServer 18.244.0.188:9032 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
+DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
+
 ##################### Below is just for servers #####################
 
 ## NOTE: If you enable these, you should consider mailing your

src/or/config.c

@@ -282,124 +282,6 @@ static int config_assign(or_options_t *options, struct config_line_t *list) {
   return 0;
 }
 
-const char default_dirservers_string[] =
-"router moria1 18.244.0.188 9001 9021 9031\n"
-"platform Tor 0.0.6rc1 on Linux moria.mit.edu i686\n"
-"published 2004-04-25 21:54:28\n"
-"bandwidth 800000 10000000\n"
-"onion-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBANoIvHieyHUTzIacbnWOnyTyzGrLOdXqbcjz2GGMxyHEd5K1bO1ZBNHP\n"
-"9i5qLQpN5viFk2K2rEGuG8tFgDEzSWZEtBqv3NVfUdiumdERWMBwlaQ0MVK4C+jf\n"
-"y5gZ8KI3o9ZictgPS1AQF+Kk932/vIHTuRIUKb4ILTnQilNvID0NAgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"signing-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBAMHa0ZC/jo2Q2DrwKYF/6ZbmZ27PFYG91u4gUzzmZ/VXLpZ8wNzEV3oW\n"
-"nt+I61048fBiC1frT1/DZ351n2bLSk9zJbB6jyGZJn0380FPRX3+cXyXS0Gq8Ril\n"
-"xkhMQf5XuNFUb8UmYPSOH4WErjvYjKvU+gfjbK/82Jo9SuHpYz+BAgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"reject 0.0.0.0/255.0.0.0:*\n"
-"reject 169.254.0.0/255.255.0.0:*\n"
-"reject 127.0.0.0/255.0.0.0:*\n"
-"reject 192.168.0.0/255.255.0.0:*\n"
-"reject 10.0.0.0/255.0.0.0:*\n"
-"reject 172.16.0.0/255.240.0.0:*\n"
-"accept *:20-22\n"
-"accept *:53\n"
-"accept *:79-80\n"
-"accept *:110\n"
-"accept *:143\n"
-"accept *:443\n"
-"accept *:873\n"
-"accept *:993\n"
-"accept *:995\n"
-"accept *:1024-65535\n"
-"reject *:*\n"
-"router-signature\n"
-"-----BEGIN SIGNATURE-----\n"
-"o1eAoRHDAEAXsnh5wN++vIwrupd+DbAJ2p3wxHDrmqxTpygzxxCnyQyhMfX03ua2\n"
-"4iplyNlwyFwzWcw0sk31otlO2HBYXT1V9G0YxGtKMOeOBMHjfGbUjGvEALHzWi4z\n"
-"8DXGJp13zgnUyP4ZA6xaGROwcT6oB5e7UlztvvpGxTg=\n"
-"-----END SIGNATURE-----\n"
-"\n"
-"router moria2 18.244.0.188 9002 9022 9032\n"
-"platform Tor 0.0.6rc1 on Linux moria.mit.edu i686\n"
-"published 2004-04-25 21:54:30\n"
-"bandwidth 800000 10000000\n"
-"onion-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBAM4Cc/npgYC54XrYLC+grVxJp7PDmNO2DRRJOxKttBBtvLpnR1UaueTi\n"
-"kyknT5kmlx+ihgZF/jmye//2dDUp2+kK/kSkpRV4xnDLXZmed+sNSQxqmm9TtZQ9\n"
-"/hjpxhp5J9HmUTYhntBs+4E4CUKokmrI6oRLoln4SA39AX9QLPcnAgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"signing-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBAOcrht/y5rkaahfX7sMe2qnpqoPibsjTSJaDvsUtaNP/Bq0MgNDGOR48\n"
-"rtwfqTRff275Edkp/UYw3G3vSgKCJr76/bqOHCmkiZrnPV1zxNfrK18gNw2Cxre0\n"
-"nTA+fD8JQqpPtb8b0SnG9kwy75eS//sRu7TErie2PzGMxrf9LH0LAgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"reject 0.0.0.0/255.0.0.0:*\n"
-"reject 169.254.0.0/255.255.0.0:*\n"
-"reject 127.0.0.0/255.0.0.0:*\n"
-"reject 192.168.0.0/255.255.0.0:*\n"
-"reject 10.0.0.0/255.0.0.0:*\n"
-"reject 172.16.0.0/255.240.0.0:*\n"
-"accept *:20-22\n"
-"accept *:53\n"
-"accept *:79-80\n"
-"accept *:110\n"
-"accept *:143\n"
-"accept *:443\n"
-"accept *:873\n"
-"accept *:993\n"
-"accept *:995\n"
-"accept *:1024-65535\n"
-"reject *:*\n"
-"router-signature\n"
-"-----BEGIN SIGNATURE-----\n"
-"RKROLwP1ExjTZeg6wuN0pzYqed9IJUd5lAe9hp4ritbnmJAgS6qfww6jgx61CfUR\n"
-"6SElhOLE7Q77jAdoL45Ji5pn/Y+Q+E+5lJm1E/ed9ha+YsOPaOc7z6GQ7E4mihCL\n"
-"gI1vsw92+P1Ty4RHj6fyD9DhbV19nh2Qs+pvGJOS2FY=\n"
-"-----END SIGNATURE-----\n"
-"\n"
-"router tor26 62.116.124.106 9001 9050 9030\n"
-"platform Tor 0.0.6 on Linux seppia i686\n"
-"published 2004-05-06 21:33:23\n"
-"bandwidth 500000 10000000\n"
-"onion-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBAMEHdDnpj3ik1AF1xe/VqjoguH2DbANifYqXXfempu0fS+tU9FGo6dU/\n"
-"fnVHAZwL9Ek9k2rMzumShi1RduK9p035R/Gk+PBBcLfvwYJ/Nat+ZO/L8jn/3bZe\n"
-"ieQd9CKj2LjNGKpRNry37vkwMGIOIlegwK+2us8aXJ7sIvlNts0TAgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"signing-key\n"
-"-----BEGIN RSA PUBLIC KEY-----\n"
-"MIGJAoGBAMQgV2gXLbXgesWgeAsj8P1Uvm/zibrFXqwDq27lLKNgWGYGX2ax3LyT\n"
-"3nzI1Y5oLs4kPKTsMM5ft9aokwf417lKoCRlZc9ptfRbgxDx90c9GtWVmkrmDvCK\n"
-"ae59TMoXIiGfZiwWT6KKq5Zm9/Fu2Il3B2vHGkKJYKixmiBJRKp/AgMBAAE=\n"
-"-----END RSA PUBLIC KEY-----\n"
-"accept 62.245.184.24:25\n"
-"accept 62.116.124.106:6666-6670\n"
-"accept *:48099\n"
-"reject *:*\n"
-"router-signature\n"
-"-----BEGIN SIGNATURE-----\n"
-"qh/xRoqfLNFzPaB8VdpbdMAwRyuk5qjx4LeLVQ2pDwTZ55PqmG99+VKUNte2WTTD\n"
-"7dZEA7um2rueohGe4nYmvbhJWr20/I0ZxmWDRDvFy0b5nwzDMGvLvDw95Zu/XJQ2\n"
-"md32NE3y9VZCfbCN+GlvETX3fdR3Svzcm8Kzesg2/s4=\n"
-"-----END SIGNATURE-----\n"
-;
-
-int config_assign_default_dirservers(void) {
-  if(router_load_routerlist_from_string(default_dirservers_string, 1) < 0) {
-    log_fn(LOG_WARN,"Bug: the default dirservers internal string is corrupt.");
-    return -1;
-  }
-
-  return 0;
-}
-
 static void add_default_trusted_dirservers(void) {
   /* moria1 */
   parse_dir_server_line("18.244.0.188:9031 "
@@ -894,7 +776,6 @@ int getconfig(int argc, char **argv, or_options_t *options) {
     }
   }
 
-  
   clear_trusted_dir_servers();
   if (!options->DirServers) {
     add_default_trusted_dirservers();

src/or/connection.c

@@ -738,7 +738,8 @@ int connection_handle_read(connection_t *conn) {
        /* it's a directory server and connecting failed: forget about this router */
        /* XXX I suspect pollerr may make Windows not get to this point. :( */
        router_mark_as_down(conn->identity_digest);
-       if(conn->purpose == DIR_PURPOSE_FETCH_DIR && !all_directory_servers_down()) {
+       if(conn->purpose == DIR_PURPOSE_FETCH_DIR && 
+          !all_trusted_directory_servers_down()) {
          log_fn(LOG_INFO,"Giving up on dirserver %s; trying another.", conn->address);
          directory_get_from_dirserver(DIR_PURPOSE_FETCH_DIR, NULL, 0);
        }

src/or/directory.c

@@ -105,20 +105,18 @@ directory_get_from_dirserver(uint8_t purpose, const char *payload,
   if (purpose == DIR_PURPOSE_FETCH_DIR) {
     if (advertised_server_mode()) {
       /* only ask authdirservers, and don't ask myself */
-      r = router_pick_directory_server(1, 1);
-      /* XXXX NM Enable this once we actually set keys for dirservers.
-       * ds = router_pick_trusteddirserver(1);
-       */
+      ds = router_pick_trusteddirserver(1);
     } else {
       /* anybody with a non-zero dirport will do */
-      r = router_pick_directory_server(0, 1);
+      r = router_pick_directory_server(1);
+      if (!r) {
+        log_fn(LOG_INFO, "No router found for directory; falling back to dirserver list");
+        ds = router_pick_trusteddirserver(1);
+      }
     }
   } else { // (purpose == DIR_PURPOSE_FETCH_RENDDESC)
     /* only ask authdirservers, any of them will do */
-    r = router_pick_directory_server(1, 0);
-    /* XXXX NM Enable this once we actually set keys for dirservers.
-     * ds = router_pick_trusteddirserver(0);
-     */
+    ds = router_pick_trusteddirserver(0);
   }
 
   if (r)
@@ -152,7 +150,7 @@ static void
 directory_initiate_command_trusted_dir(trusted_dir_server_t *dirserv,
                       uint8_t purpose, const char *payload, int payload_len)
 {
-  directory_initiate_command(dirserv->address, dirserv->addr, dirserv->dir_port,
+  directory_initiate_command(dirserv->address, dirserv->addr,dirserv->dir_port,
                         NULL, dirserv->digest, purpose, payload, payload_len);
 }
 
@@ -212,7 +210,8 @@ directory_initiate_command(const char *address, uint32_t addr,
     switch(connection_connect(conn, conn->address, conn->addr, conn->port)) {
       case -1:
         router_mark_as_down(conn->identity_digest); /* don't try him again */
-        if(purpose == DIR_PURPOSE_FETCH_DIR && !all_directory_servers_down()) {
+        if(purpose == DIR_PURPOSE_FETCH_DIR &&
+           !all_trusted_directory_servers_down()) {
           log_fn(LOG_INFO,"Giving up on dirserver %s; trying another.", conn->nickname);
           directory_get_from_dirserver(purpose, payload, payload_len);
         }

src/or/or.h

@@ -1411,9 +1411,9 @@ typedef struct trusted_dir_server_t {
 } trusted_dir_server_t;
 
 int router_reload_router_list(void);
-routerinfo_t *router_pick_directory_server(int requireauth, int requireothers);
+routerinfo_t *router_pick_directory_server(int requireothers);
 trusted_dir_server_t *router_pick_trusteddirserver(int requireothers);
-int all_directory_servers_down(void);
+int all_trusted_directory_servers_down(void);
 struct smartlist_t;
 void routerlist_add_friends(struct smartlist_t *sl, routerinfo_t *router);
 void add_nickname_list_to_smartlist(struct smartlist_t *sl, const char *list, int warn_if_down);

src/or/router.c

@@ -228,6 +228,7 @@ int init_keys(void) {
   char *cp;
   const char *tmp, *mydesc, *datadir;
   crypto_pk_env_t *prkey;
+  char digest[20];
 
   if (!key_lock)
     key_lock = tor_mutex_new();
@@ -345,6 +346,16 @@ int init_keys(void) {
     log_fn(LOG_ERR, "Error loading fingerprints");
     return -1;
   }
+  /* 6b. [authdirserver only] add own key to approved directories. */
+  crypto_pk_get_digest(get_identity_key(), digest);
+  if (!router_digest_is_trusted_dir(digest)) {
+    uint32_t addr;
+    if(resolve_my_address(options.Address, &addr) < 0) {
+      log_fn(LOG_WARN,"options.Address didn't resolve into an IP.");
+      return -1;
+    }
+    add_trusted_dir_server(addr, options.DirPort, digest);
+  }
   /* 7. [authdirserver only] load old directory, if it's there */
   sprintf(keydir,"%s/cached-directory", datadir);
   log_fn(LOG_INFO,"Loading cached directory from %s...",keydir);

src/or/routerlist.c

@@ -22,7 +22,7 @@ static smartlist_t *trusted_dir_servers = NULL;
 
 /* static function prototypes */
 static routerinfo_t *
-router_pick_directory_server_impl(int requireauth, int requireothers, int fascistfirewall);
+router_pick_directory_server_impl(int requireothers, int fascistfirewall);
 static trusted_dir_server_t *
 router_pick_trusteddirserver_impl(int requireother, int fascistfirewall);
 static void mark_all_trusteddirservers_up(void);
@@ -49,17 +49,6 @@ int router_reload_router_list(void)
 {
   char filename[512];
   routerlist_clear_trusted_directories();
-  if (options.RouterFile) {
-    log_fn(LOG_INFO, "Loading router list from %s", options.RouterFile);
-    if (router_load_routerlist_from_file(options.RouterFile, 1) < 0) {
-      log_fn(LOG_ERR,"Error loading router list '%s'.", options.RouterFile);
-      return -1;
-    }
-  } else {
-    log_fn(LOG_INFO, "Loading internal default router list.");
-    if (config_assign_default_dirservers() < 0)
-      return -1;
-  }
   if (get_data_directory(&options)) {
     char *s;
     snprintf(filename,sizeof(filename),"%s/cached-directory", get_data_directory(&options));
@@ -70,7 +59,7 @@ int router_reload_router_list(void)
       if (router_load_routerlist_from_directory(s, NULL, 0) < 0) {
         log_fn(LOG_WARN, "Cached directory '%s' was unparseable; ignoring.", filename);
       }
-      if(routerlist->published_on > time(NULL) - OLD_MIN_ONION_KEY_LIFETIME/2) {
+      if( routerlist && routerlist->published_on > time(NULL) - OLD_MIN_ONION_KEY_LIFETIME/2) {
         /* XXX use new onion key lifetime when 0.0.8 servers are obsolete */
         directory_has_arrived(); /* do things we've been waiting to do */
       }
@@ -84,22 +73,25 @@ int router_reload_router_list(void)
  * in our routerlist, set all the authoritative ones as running again,
  * and pick one. If there are no dirservers at all in our routerlist,
  * reload the routerlist and try one last time. */
-routerinfo_t *router_pick_directory_server(int requireauth, int requireothers) {
+routerinfo_t *router_pick_directory_server(int requireothers) {
   routerinfo_t *choice;
 
-  choice = router_pick_directory_server_impl(requireauth, requireothers, options.FascistFirewall);
+  if (!routerlist)
+    
+
+  choice = router_pick_directory_server_impl(requireothers, options.FascistFirewall);
   if(choice)
     return choice;
 
-  log_fn(LOG_INFO,"No dirservers are reachable. Trying them all again.");
+  log_fn(LOG_INFO,"No reachable router entries for dirservers. Trying them all again.");
   /* mark all authdirservers as up again */
   mark_all_trusteddirservers_up();
   /* try again */
-  choice = router_pick_directory_server_impl(requireauth, requireothers, 0);
+  choice = router_pick_directory_server_impl(requireothers, options.FascistFirewall);
   if(choice)
     return choice;
 
-  log_fn(LOG_WARN,"Still no dirservers %s. Reloading and trying again.",
+  log_fn(LOG_INFO,"Still no %s router entries. Reloading and trying again.",
          options.FascistFirewall ? "reachable" : "known");
   has_fetched_directory=0; /* reset it */
   routerlist_clear_trusted_directories();
@@ -107,7 +99,7 @@ routerinfo_t *router_pick_directory_server(int requireauth, int requireothers) {
     return NULL;
   }
   /* give it one last try */
-  choice = router_pick_directory_server_impl(requireauth, requireothers, 0);
+  choice = router_pick_directory_server_impl(requireothers, 0);
   return choice;
 }
 
@@ -143,7 +135,7 @@ trusted_dir_server_t *router_pick_trusteddirserver(int requireothers) {
  * it has to be a trusted server. If requireothers, it cannot be us.
  */
 static routerinfo_t *
-router_pick_directory_server_impl(int requireauth, int requireothers, int fascistfirewall)
+router_pick_directory_server_impl(int requireothers, int fascistfirewall)
 {
   int i;
   routerinfo_t *router;
@@ -159,8 +151,6 @@ router_pick_directory_server_impl(int requireauth, int requireothers, int fascis
     router = smartlist_get(routerlist->routers, i);
     if(!router->is_running || !router->dir_port)
       continue;
-    if(requireauth && !router->is_trusted_dir)
-      continue;
     if(requireothers && router_is_me(router))
       continue;
     if(fascistfirewall) {
@@ -224,24 +214,11 @@ static void mark_all_trusteddirservers_up(void) {
 /** Return 0 if \exists an authoritative dirserver that's currently
  * thought to be running, else return 1.
  */
-int all_directory_servers_down(void) {
-  int i;
-  routerinfo_t *router;
-  if(!routerlist)
-    return 1; /* if no dirservers, I guess they're all down */
-  for(i=0;i< smartlist_len(routerlist->routers); i++) {
-    router = smartlist_get(routerlist->routers, i);
-    if(router->is_running && router->is_trusted_dir) {
-      tor_assert(router->dir_port > 0);
-      return 0;
-    }
-  }
-  /* XXXX NM look at trusted_dir_servers instead.
+int all_trusted_directory_servers_down(void) {
   if (!trusted_dir_servers)
     return 1;
   SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, dir,
                     if (dir->is_running) return 0);
-  */
   return 1;
 }
 
@@ -680,15 +657,14 @@ int router_add_to_routerlist(routerinfo_t *router) {
    */
   for (i = 0; i < smartlist_len(routerlist->routers); ++i) {
     r = smartlist_get(routerlist->routers, i);
+
+    r->is_trusted_dir = router_digest_is_trusted_dir(r->identity_digest);
+
     if (!crypto_pk_cmp_keys(router->identity_pkey, r->identity_pkey)) {
       if (router->published_on > r->published_on) {
         log_fn(LOG_DEBUG, "Replacing entry for router '%s/%s' [%s]",
                router->nickname, r->nickname, hex_str(id_digest,DIGEST_LEN));
         /* Remember whether we trust this router as a dirserver. */
-        /*XXXXNM first test is redundant; second should move elsewhere */
-        if (r->is_trusted_dir ||
-            router_digest_is_trusted_dir(router->identity_digest))
-          router->is_trusted_dir = 1;
         /* If the address hasn't changed; no need to re-resolve. */
         if (!strcasecmp(r->address, router->address))
           router->addr = r->addr;
@@ -698,10 +674,6 @@ int router_add_to_routerlist(routerinfo_t *router) {
       } else {
         log_fn(LOG_DEBUG, "Skipping old entry for router '%s'",
                router->nickname);
-        /* If we now trust 'router', then we trust the one in the routerlist
-         * too. */
-        if (router->is_trusted_dir)
-          r->is_trusted_dir = 1;
         /* Update the is_running status to whatever we were told. */
         r->is_running = router->is_running;
         routerinfo_free(router);
@@ -803,7 +775,6 @@ void routerlist_clear_trusted_directories(void)
     SMARTLIST_FOREACH(routerlist->routers, routerinfo_t *, r,
                       r->is_trusted_dir = 0);
   }
-  clear_trusted_dir_servers();
 }
 
 /** Helper function: read routerinfo elements from s, and throw out the
@@ -1154,7 +1125,7 @@ void add_trusted_dir_server(const char *addr, uint16_t port, const char *digest)
 
   ent = tor_malloc(sizeof(trusted_dir_server_t));
   ent->address = tor_strdup(addr);
-  ent->addr = a;
+  ent->addr = ntohl(a);
   ent->dir_port = port;
   ent->is_running = 1;
   memcpy(ent->digest, digest, DIGEST_LEN);