tor

dirlist.c (19065B)

---

/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */

/**
* \file dirlist.c
* \brief Code to maintain our lists of directory authorities and
*    fallback directories.
*
* For the directory authorities, we have a list containing the public
* identity key, and contact points, for each authority.  The
* authorities receive descriptors from relays, and publish consensuses,
* descriptors, and microdescriptors.  This list is pre-configured.
*
* Fallback directories are well-known, stable, but untrusted directory
* caches that clients which have not yet bootstrapped can use to get
* their first networkstatus consensus, in order to find out where the
* Tor network really is.  This list is pre-configured in
* fallback_dirs.inc.  Every authority also serves as a fallback.
*
* Both fallback directories and directory authorities are are
* represented by a dir_server_t.
*/

#include "core/or/or.h"

#include "app/config/config.h"
#include "app/config/resolve_addr.h"
#include "core/or/policies.h"
#include "feature/control/control_events.h"
#include "feature/dirauth/authmode.h"
#include "feature/dircommon/directory.h"
#include "feature/nodelist/dirlist.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "feature/nodelist/routerlist.h"
#include "feature/nodelist/routerset.h"
#include "feature/relay/router.h"
#include "lib/net/resolve.h"

#include "feature/dirclient/dir_server_st.h"
#include "feature/nodelist/node_st.h"

/** Information about an (HTTP) dirport for a directory authority. */
struct auth_dirport_t {
 /** What is the intended usage for this dirport? One of AUTH_USAGE_* */
 auth_dirport_usage_t usage;
 /** What is the correct address/port ? */
 tor_addr_port_t dirport;
};

/** Global list of a dir_server_t object for each directory
* authority. */
static smartlist_t *trusted_dir_servers = NULL;
/** Global list of dir_server_t objects for all directory authorities
* and all fallback directory servers. */
static smartlist_t *fallback_dir_servers = NULL;

/** Helper: From a given trusted directory entry, add the v4 or/and v6 address
* to the nodelist address set. */
static void
add_trusted_dir_to_nodelist_addr_set(const dir_server_t *dir)
{
 tor_assert(dir);
 tor_assert(dir->is_authority);

 /* Add IPv4 and then IPv6 if applicable. For authorities, we add the ORPort
  * and DirPort so re-entry into the network back to them is not possible. */
 nodelist_add_addr_to_address_set(&dir->ipv4_addr, dir->ipv4_orport,
                                  dir->ipv4_dirport);
 if (!tor_addr_is_null(&dir->ipv6_addr)) {
   /* IPv6 DirPort is not a thing yet for authorities. */
   nodelist_add_addr_to_address_set(&dir->ipv6_addr, dir->ipv6_orport, 0);
 }
 if (dir->auth_dirports) {
   SMARTLIST_FOREACH_BEGIN(dir->auth_dirports, const auth_dirport_t *, p) {
     nodelist_add_addr_to_address_set(&p->dirport.addr, 0, p->dirport.port);
   } SMARTLIST_FOREACH_END(p);
 }
}

/** Go over the trusted directory server list and add their address(es) to the
* nodelist address set. This is called every time a new consensus is set. */
MOCK_IMPL(void,
dirlist_add_trusted_dir_addresses, (void))
{
 if (!trusted_dir_servers) {
   return;
 }

 SMARTLIST_FOREACH_BEGIN(trusted_dir_servers, const dir_server_t *, ent) {
   if (ent->is_authority) {
     add_trusted_dir_to_nodelist_addr_set(ent);
   }
 } SMARTLIST_FOREACH_END(ent);
}

/** Return the number of directory authorities whose type matches some bit set
* in <b>type</b>  */
int
get_n_authorities(dirinfo_type_t type)
{
 int n = 0;
 if (!trusted_dir_servers)
   return 0;
 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
                   if (ds->type & type)
                     ++n);
 return n;
}

/** Return a smartlist containing a list of dir_server_t * for all
* known trusted dirservers.  Callers must not modify the list or its
* contents.
*/
smartlist_t *
router_get_trusted_dir_servers_mutable(void)
{
 if (!trusted_dir_servers)
   trusted_dir_servers = smartlist_new();

 return trusted_dir_servers;
}

smartlist_t *
router_get_fallback_dir_servers_mutable(void)
{
 if (!fallback_dir_servers)
   fallback_dir_servers = smartlist_new();

 return fallback_dir_servers;
}

const smartlist_t *
router_get_trusted_dir_servers(void)
{
 return router_get_trusted_dir_servers_mutable();
}

const smartlist_t *
router_get_fallback_dir_servers(void)
{
 return router_get_fallback_dir_servers_mutable();
}

/** Reset all internal variables used to count failed downloads of network
* status objects. */
void
router_reset_status_download_failures(void)
{
 mark_all_dirservers_up(fallback_dir_servers);
}

/** Return the dir_server_t for the directory authority whose identity
* key hashes to <b>digest</b>, or NULL if no such authority is known.
*/
dir_server_t *
router_get_trusteddirserver_by_digest(const char *digest)
{
 if (!trusted_dir_servers)
   return NULL;

 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
    {
      if (tor_memeq(ds->digest, digest, DIGEST_LEN))
        return ds;
    });

 return NULL;
}

/** Return the dir_server_t for the fallback dirserver whose identity
* key hashes to <b>digest</b>, or NULL if no such fallback is in the list of
* fallback_dir_servers. (fallback_dir_servers is affected by the FallbackDir
* and UseDefaultFallbackDirs torrc options.)
* The list of fallback directories includes the list of authorities.
*/
dir_server_t *
router_get_fallback_dirserver_by_digest(const char *digest)
{
 if (!fallback_dir_servers)
   return NULL;

 if (!digest)
   return NULL;

 SMARTLIST_FOREACH(fallback_dir_servers, dir_server_t *, ds,
    {
      if (tor_memeq(ds->digest, digest, DIGEST_LEN))
        return ds;
    });

 return NULL;
}

/** Return 1 if any fallback dirserver's identity key hashes to <b>digest</b>,
* or 0 if no such fallback is in the list of fallback_dir_servers.
* (fallback_dir_servers is affected by the FallbackDir and
* UseDefaultFallbackDirs torrc options.)
* The list of fallback directories includes the list of authorities.
*/
int
router_digest_is_fallback_dir(const char *digest)
{
 return (router_get_fallback_dirserver_by_digest(digest) != NULL);
}

/** Return the dir_server_t for the directory authority whose
* v3 identity key hashes to <b>digest</b>, or NULL if no such authority
* is known.
*/
MOCK_IMPL(dir_server_t *,
trusteddirserver_get_by_v3_auth_digest, (const char *digest))
{
 if (!trusted_dir_servers)
   return NULL;

 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ds,
    {
      if (tor_memeq(ds->v3_identity_digest, digest, DIGEST_LEN) &&
          (ds->type & V3_DIRINFO))
        return ds;
    });

 return NULL;
}

/** Mark as running every dir_server_t in <b>server_list</b>. */
void
mark_all_dirservers_up(smartlist_t *server_list)
{
 if (server_list) {
   SMARTLIST_FOREACH_BEGIN(server_list, dir_server_t *, dir) {
     routerstatus_t *rs;
     node_t *node;
     dir->is_running = 1;
     node = node_get_mutable_by_id(dir->digest);
     if (node)
       node->is_running = 1;
     rs = router_get_mutable_consensus_status_by_id(dir->digest);
     if (rs) {
       rs->last_dir_503_at = 0;
       control_event_networkstatus_changed_single(rs);
     }
   } SMARTLIST_FOREACH_END(dir);
 }
 router_dir_info_changed();
}

/** Return true iff <b>digest</b> is the digest of the identity key of a
* trusted directory matching at least one bit of <b>type</b>.  If <b>type</b>
* is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
MOCK_IMPL(int, router_digest_is_trusted_dir_type,
       (const char *digest, dirinfo_type_t type))
{
 if (!trusted_dir_servers)
   return 0;
 if (authdir_mode(get_options()) && router_digest_is_me(digest))
   return 1;
 SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ent,
   if (tor_memeq(digest, ent->digest, DIGEST_LEN)) {
     return (!type) || ((type & ent->type) != 0);
   });
 return 0;
}

/** Return true iff the given address matches a trusted directory that matches
* at least one bit of type.
*
* If type is NO_DIRINFO or ALL_DIRINFO, any authority is matched.
*
* Only ORPorts' addresses are considered.
*/
bool
router_addr_is_trusted_dir_type(const tor_addr_t *addr, dirinfo_type_t type)
{
 int family = tor_addr_family(addr);

 if (!trusted_dir_servers) {
   return false;
 }

 SMARTLIST_FOREACH_BEGIN(trusted_dir_servers, dir_server_t *, ent) {
   /* Ignore entries that don't match the given type. */
   if (type != NO_DIRINFO && (type & ent->type) == 0) {
     continue;
   }
   /* Match IPv4 or IPv6 address. */
   if ((family == AF_INET && tor_addr_eq(addr, &ent->ipv4_addr)) ||
       (family == AF_INET6 && tor_addr_eq(addr, &ent->ipv6_addr))) {
     return true;
   }
 } SMARTLIST_FOREACH_END(ent);

 return false;
}

/** Return an appropriate usage value describing which authdir port to use
* for a given directory connection purpose.
*/
auth_dirport_usage_t
auth_dirport_usage_for_purpose(int purpose)
{
 switch (purpose) {
   case DIR_PURPOSE_FETCH_SERVERDESC:
   case DIR_PURPOSE_FETCH_EXTRAINFO:
   case DIR_PURPOSE_FETCH_CONSENSUS:
   case DIR_PURPOSE_FETCH_CERTIFICATE:
   case DIR_PURPOSE_FETCH_MICRODESC:
     return AUTH_USAGE_DOWNLOAD;

   case DIR_PURPOSE_UPLOAD_DIR:
     return AUTH_USAGE_UPLOAD;

   case DIR_PURPOSE_UPLOAD_VOTE:
   case DIR_PURPOSE_UPLOAD_SIGNATURES:
   case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES:
   case DIR_PURPOSE_FETCH_STATUS_VOTE:
     return AUTH_USAGE_VOTING;

   case DIR_PURPOSE_SERVER:
   case DIR_PURPOSE_UPLOAD_HSDESC:
   case DIR_PURPOSE_FETCH_HSDESC:
   case DIR_PURPOSE_HAS_FETCHED_HSDESC:
   default:
     tor_assert_nonfatal_unreached();
     return AUTH_USAGE_LEGACY;
 }
}

/** Create a directory server at <b>address</b>:<b>port</b>, with OR identity
* key <b>digest</b> which has DIGEST_LEN bytes.  If <b>address</b> is NULL,
* add ourself.  If <b>is_authority</b>, this is a directory authority.  Return
* the new directory server entry on success or NULL on failure. */
static dir_server_t *
dir_server_new(int is_authority,
              const char *nickname,
              const tor_addr_t *ipv4_addr,
              const char *hostname,
              uint16_t ipv4_dirport, uint16_t ipv4_orport,
              const tor_addr_port_t *addrport_ipv6,
              const char *digest, const char *v3_auth_digest,
              dirinfo_type_t type,
              double weight)
{
 dir_server_t *ent;
 char *hostname_ = NULL;

 tor_assert(digest);

 if (weight < 0)
   return NULL;

 if (!ipv4_addr) {
   return NULL;
 }

 if (!hostname)
   hostname_ = tor_addr_to_str_dup(ipv4_addr);
 else
   hostname_ = tor_strdup(hostname);

 ent = tor_malloc_zero(sizeof(dir_server_t));
 ent->nickname = nickname ? tor_strdup(nickname) : NULL;
 ent->address = hostname_;
 tor_addr_copy(&ent->ipv4_addr, ipv4_addr);
 ent->ipv4_dirport = ipv4_dirport;
 ent->ipv4_orport = ipv4_orport;
 ent->is_running = 1;
 ent->is_authority = is_authority;
 ent->type = type;
 ent->weight = weight;
 if (addrport_ipv6 && tor_addr_port_is_valid_ap(addrport_ipv6, 0)) {
   if (tor_addr_family(&addrport_ipv6->addr) != AF_INET6) {
     log_warn(LD_BUG, "Hey, I got a non-ipv6 addr as addrport_ipv6.");
     tor_addr_make_unspec(&ent->ipv6_addr);
   } else {
     tor_addr_copy(&ent->ipv6_addr, &addrport_ipv6->addr);
     ent->ipv6_orport = addrport_ipv6->port;
   }
 } else {
   tor_addr_make_unspec(&ent->ipv6_addr);
 }

 memcpy(ent->digest, digest, DIGEST_LEN);
 if (v3_auth_digest && (type & V3_DIRINFO))
   memcpy(ent->v3_identity_digest, v3_auth_digest, DIGEST_LEN);

 if (nickname)
   tor_asprintf(&ent->description, "directory server \"%s\" at %s:%" PRIu16,
                nickname, hostname_, ipv4_dirport);
 else
   tor_asprintf(&ent->description, "directory server at %s:%" PRIu16,
                hostname_, ipv4_dirport);

 tor_addr_copy(&ent->fake_status.ipv4_addr, &ent->ipv4_addr);
 tor_addr_copy(&ent->fake_status.ipv6_addr, &ent->ipv6_addr);
 memcpy(ent->fake_status.identity_digest, digest, DIGEST_LEN);
 if (nickname)
   strlcpy(ent->fake_status.nickname, nickname,
           sizeof(ent->fake_status.nickname));
 else
   ent->fake_status.nickname[0] = '\0';
 ent->fake_status.ipv4_dirport = ent->ipv4_dirport;
 ent->fake_status.ipv4_orport = ent->ipv4_orport;
 ent->fake_status.ipv6_orport = ent->ipv6_orport;
 ent->fake_status.is_authority = !! is_authority;

 return ent;
}

/** Create an authoritative directory server at <b>address</b>:<b>port</b>,
* with identity key <b>digest</b>.  If <b>ipv4_addr_str</b> is NULL, add
* ourself.  Return the new trusted directory server entry on success or NULL
* if we couldn't add it. */
dir_server_t *
trusted_dir_server_new(const char *nickname, const char *address,
                      uint16_t ipv4_dirport, uint16_t ipv4_orport,
                      const tor_addr_port_t *ipv6_addrport,
                      const char *digest, const char *v3_auth_digest,
                      dirinfo_type_t type, double weight)
{
 tor_addr_t ipv4_addr;
 char *hostname=NULL;
 dir_server_t *result;

 if (!address) { /* The address is us; we should guess. */
   if (!find_my_address(get_options(), AF_INET, LOG_WARN, &ipv4_addr,
                        NULL, &hostname)) {
     log_warn(LD_CONFIG,
              "Couldn't find a suitable address when adding ourself as a "
              "trusted directory server.");
     return NULL;
   }
   if (!hostname)
     hostname = tor_addr_to_str_dup(&ipv4_addr);

   if (!hostname)
     return NULL;
 } else {
   if (tor_addr_lookup(address, AF_INET, &ipv4_addr)) {
     log_warn(LD_CONFIG,
              "Unable to lookup address for directory server at '%s'",
              address);
     return NULL;
   }
   hostname = tor_strdup(address);
 }

 result = dir_server_new(1, nickname, &ipv4_addr, hostname,
                         ipv4_dirport, ipv4_orport,
                         ipv6_addrport,
                         digest,
                         v3_auth_digest, type, weight);

 if (ipv4_dirport) {
   tor_addr_port_t p;
   memset(&p, 0, sizeof(p));
   tor_addr_copy(&p.addr, &ipv4_addr);
   p.port = ipv4_dirport;
   trusted_dir_server_add_dirport(result, AUTH_USAGE_LEGACY, &p);
 }
 tor_free(hostname);
 return result;
}

/**
* Add @a dirport as an HTTP DirPort contact point for the directory authority
* @a ds, for use when contacting that authority for the given @a usage.
*
* Multiple ports of the same usage are allowed; if present, then only
* the first one of each address family is currently used.
*/
void
trusted_dir_server_add_dirport(dir_server_t *ds,
                              auth_dirport_usage_t usage,
                              const tor_addr_port_t *dirport)
{
 tor_assert(ds);
 tor_assert(dirport);

 if (BUG(! ds->is_authority)) {
   return;
 }

 if (ds->auth_dirports == NULL) {
   ds->auth_dirports = smartlist_new();
 }

 auth_dirport_t *port = tor_malloc_zero(sizeof(auth_dirport_t));
 port->usage = usage;
 tor_addr_port_copy(&port->dirport, dirport);
 smartlist_add(ds->auth_dirports, port);
}

/**
* Helper for trusted_dir_server_get_dirport: only return the exact requested
* usage type.
*/
const tor_addr_port_t *
trusted_dir_server_get_dirport_exact(const dir_server_t *ds,
                                    auth_dirport_usage_t usage,
                                    int addr_family)
{
 tor_assert(ds);
 tor_assert_nonfatal(addr_family == AF_INET || addr_family == AF_INET6);
 if (ds->auth_dirports == NULL)
   return NULL;

 SMARTLIST_FOREACH_BEGIN(ds->auth_dirports, const auth_dirport_t *, port) {
   if (port->usage == usage &&
       tor_addr_family(&port->dirport.addr) == addr_family) {
     return &port->dirport;
   }
 } SMARTLIST_FOREACH_END(port);

 return NULL;
}

/**
* Return the DirPort of the authority @a ds for with the usage type
* @a usage and address family @a addr_family.  If none is found, try
* again with an AUTH_USAGE_LEGACY dirport, if there is one.  Return NULL
* if no port can be found.
*/
const tor_addr_port_t *
trusted_dir_server_get_dirport(const dir_server_t *ds,
                              auth_dirport_usage_t usage,
                              int addr_family)
{
 const tor_addr_port_t *port;

 while (1) {
   port = trusted_dir_server_get_dirport_exact(ds, usage, addr_family);
   if (port)
     return port;

   // If we tried LEGACY, there is no fallback from this point.
   if (usage == AUTH_USAGE_LEGACY)
     return NULL;

   // Try again with LEGACY.
   usage = AUTH_USAGE_LEGACY;
 }
}

/** Return a new dir_server_t for a fallback directory server at
* <b>addr</b>:<b>or_port</b>/<b>dir_port</b>, with identity key digest
* <b>id_digest</b> */
dir_server_t *
fallback_dir_server_new(const tor_addr_t *ipv4_addr,
                       uint16_t ipv4_dirport, uint16_t ipv4_orport,
                       const tor_addr_port_t *addrport_ipv6,
                       const char *id_digest, double weight)
{
 return dir_server_new(0, NULL, ipv4_addr, NULL, ipv4_dirport, ipv4_orport,
                       addrport_ipv6, id_digest, NULL, ALL_DIRINFO, weight);
}

/** Add a directory server to the global list(s). */
void
dir_server_add(dir_server_t *ent)
{
 if (!trusted_dir_servers)
   trusted_dir_servers = smartlist_new();
 if (!fallback_dir_servers)
   fallback_dir_servers = smartlist_new();

 if (ent->is_authority)
   smartlist_add(trusted_dir_servers, ent);

 smartlist_add(fallback_dir_servers, ent);
 router_dir_info_changed();
}

#define dir_server_free(val) \
 FREE_AND_NULL(dir_server_t, dir_server_free_, (val))

/** Free storage held in <b>ds</b>. */
static void
dir_server_free_(dir_server_t *ds)
{
 if (!ds)
   return;

 if (ds->auth_dirports) {
   SMARTLIST_FOREACH(ds->auth_dirports, auth_dirport_t *, p, tor_free(p));
   smartlist_free(ds->auth_dirports);
 }
 tor_free(ds->nickname);
 tor_free(ds->description);
 tor_free(ds->address);
 tor_free(ds);
}

/** Remove all members from the list of dir servers. */
void
clear_dir_servers(void)
{
 if (fallback_dir_servers) {
   SMARTLIST_FOREACH(fallback_dir_servers, dir_server_t *, ent,
                     dir_server_free(ent));
   smartlist_clear(fallback_dir_servers);
 } else {
   fallback_dir_servers = smartlist_new();
 }
 if (trusted_dir_servers) {
   smartlist_clear(trusted_dir_servers);
 } else {
   trusted_dir_servers = smartlist_new();
 }
 router_dir_info_changed();
}

void
dirlist_free_all(void)
{
 clear_dir_servers();
 smartlist_free(trusted_dir_servers);
 smartlist_free(fallback_dir_servers);
 trusted_dir_servers = fallback_dir_servers = NULL;
}