Merge branch 'maint-0.2.2' into release-0.2.2
This commit is contained in:
commit
7cc2b9dc83
|
@ -0,0 +1,8 @@
|
|||
o Security fixes:
|
||||
- Don't attach new streams to old rendezvous circuits after SIGNAL
|
||||
NEWNYM. Previously, we would keep using an existing rendezvous
|
||||
circuit if it remained open (i.e. if it were kept open by a
|
||||
long-lived stream or if a new stream were attached to it before
|
||||
Tor could notice that it was old and no longer in use and close
|
||||
it). Bugfix on 0.1.1.15-rc; fixes bug 3375.
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
o Minor bugfixes:
|
||||
- Revert the UseBridges option to its behavior before 0.2.2.28-beta.
|
||||
When we changed the default behavior to "use bridges if any are
|
||||
listed in the torrc", we broke a number of users who had bridges
|
||||
in their torrc files but who didn't actually want to use them.
|
||||
Partial resolution for bug 3354.
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
o Minor bugfixes:
|
||||
- Make our crypto_rand_int() function check the value of its input
|
||||
correctly. Previously, it accepted values up to UINT_MAX, but
|
||||
could return a negative number if given a value above INT_MAX+1.
|
||||
Found by George Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14.
|
||||
|
||||
- Avoid a segfault when reading a malformed circuit build state
|
||||
with more than INT_MAX entries. Found by wanoskarnet. Bugfix on
|
||||
0.2.2.4-alpha.
|
|
@ -0,0 +1,4 @@
|
|||
o Minor bugfixes:
|
||||
- When asked about a DNS record type we don't support via a
|
||||
client DNSPort, reply with NOTIMPL rather than an empty
|
||||
reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha.
|
|
@ -0,0 +1,5 @@
|
|||
o Minor bugfixes:
|
||||
- Fix a bug when using ControlSocketsGroupWritable with User. The
|
||||
directory's group would be checked against the current group, not
|
||||
the configured group. Patch by Jérémy Bobbio. Fixes bug3393; bugfix
|
||||
on Tor 0.2.2.26-beta.
|
|
@ -0,0 +1,9 @@
|
|||
o Code simplifications and refactoring:
|
||||
- Remove some dead code as indicated by coverity.
|
||||
- Remove a few dead assignments during router parsing. Found by coverity.
|
||||
o Minor bugfixes:
|
||||
- Add some forgotten return value checks during unit tests. Found
|
||||
by coverity.
|
||||
- Don't use 1-bit wide signed bit fields. Found by coverity.
|
||||
- Fix a rare memory leak during stats writing. Found by coverity.
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
* Code simplifications and refactoring:
|
||||
|
||||
- Make connection_printf_to_buf's behaviour sane. Its callers
|
||||
expect it to emit a CRLF iff the format string ends with CRLF;
|
||||
it actually emits a CRLF iff (a) the format string ends with
|
||||
CRLF or (b) the resulting string is over 1023 characters long or
|
||||
(c) the format string does not end with CRLF ''and'' the
|
||||
resulting string is 1021 characters long or longer. Bugfix on
|
||||
0.1.1.9-alpha; fixes part of bug 3407.
|
||||
|
||||
- Make send_control_event_impl's behaviour sane. Its callers
|
||||
expect it to always emit a CRLF at the end of the string; it
|
||||
might emit extra control characters as well. Bugfix on
|
||||
0.1.1.9-alpha; fixes another part of bug 3407.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
o Minor features:
|
||||
- Update to the June 1 2011 Maxmind GeoLite Country database.
|
||||
|
|
@ -708,14 +708,10 @@ The following options are useful only for clients (that is, if
|
|||
from the configured bridge authorities when feasible. It will fall back to
|
||||
a direct request if the authority responds with a 404. (Default: 0)
|
||||
|
||||
**UseBridges** **0**|**1**|**auto**::
|
||||
Make Tor fetch descriptors for each bridge listed in the "Bridge"
|
||||
**UseBridges** **0**|**1**::
|
||||
When set, Tor will fetch descriptors for each bridge listed in the "Bridge"
|
||||
config lines, and use these relays as both entry guards and directory
|
||||
guards. If the option is 1, bridges must be used and if no bridges are
|
||||
configured Tor will not make any connections until a bridge is configured;
|
||||
if it's "auto", Tor will use bridges if any are configured, otherwise it
|
||||
will connect directly to the Tor network; if it's 0, bridges are not used
|
||||
at all. (Defaults to auto)
|
||||
guards. (Default: 0)
|
||||
|
||||
**UseEntryGuards** **0**|**1**::
|
||||
If this option is set to 1, we pick a few long-term entry servers, and try
|
||||
|
|
|
@ -2145,13 +2145,14 @@ crypto_rand(char *to, size_t n)
|
|||
}
|
||||
|
||||
/** Return a pseudorandom integer, chosen uniformly from the values
|
||||
* between 0 and <b>max</b>-1. */
|
||||
* between 0 and <b>max</b>-1 inclusive. <b>max</b> must be between 1 and
|
||||
* INT_MAX+1, inclusive. */
|
||||
int
|
||||
crypto_rand_int(unsigned int max)
|
||||
{
|
||||
unsigned int val;
|
||||
unsigned int cutoff;
|
||||
tor_assert(max < UINT_MAX);
|
||||
tor_assert(max <= ((unsigned int)INT_MAX)+1);
|
||||
tor_assert(max > 0); /* don't div by 0 */
|
||||
|
||||
/* We ignore any values that are >= 'cutoff,' to avoid biasing the
|
||||
|
|
|
@ -1677,15 +1677,20 @@ file_status(const char *fname)
|
|||
* is group-readable, but in all cases we create the directory mode 0700.
|
||||
* If CPD_CHECK_MODE_ONLY is set, then we don't alter the directory permissions
|
||||
* if they are too permissive: we just return -1.
|
||||
* When effective_user is not NULL, check permissions against the given user and
|
||||
* its primary group.
|
||||
*/
|
||||
int
|
||||
check_private_dir(const char *dirname, cpd_check_t check)
|
||||
check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
|
||||
{
|
||||
int r;
|
||||
struct stat st;
|
||||
char *f;
|
||||
#ifndef MS_WINDOWS
|
||||
int mask;
|
||||
struct passwd *pw = NULL;
|
||||
uid_t running_uid;
|
||||
gid_t running_gid;
|
||||
#endif
|
||||
|
||||
tor_assert(dirname);
|
||||
|
@ -1724,33 +1729,47 @@ check_private_dir(const char *dirname, cpd_check_t check)
|
|||
return -1;
|
||||
}
|
||||
#ifndef MS_WINDOWS
|
||||
if (st.st_uid != getuid()) {
|
||||
if (effective_user) {
|
||||
/* Lookup the user and group information, if we have a problem, bail out. */
|
||||
pw = getpwnam(effective_user);
|
||||
if (pw == NULL) {
|
||||
log_warn(LD_CONFIG, "Error setting configured user: %s not found", effective_user);
|
||||
return -1;
|
||||
}
|
||||
running_uid = pw->pw_uid;
|
||||
running_gid = pw->pw_gid;
|
||||
} else {
|
||||
running_uid = getuid();
|
||||
running_gid = getgid();
|
||||
}
|
||||
|
||||
if (st.st_uid != running_uid) {
|
||||
struct passwd *pw = NULL;
|
||||
char *process_ownername = NULL;
|
||||
|
||||
pw = getpwuid(getuid());
|
||||
pw = getpwuid(running_uid);
|
||||
process_ownername = pw ? tor_strdup(pw->pw_name) : tor_strdup("<unknown>");
|
||||
|
||||
pw = getpwuid(st.st_uid);
|
||||
|
||||
log_warn(LD_FS, "%s is not owned by this user (%s, %d) but by "
|
||||
"%s (%d). Perhaps you are running Tor as the wrong user?",
|
||||
dirname, process_ownername, (int)getuid(),
|
||||
dirname, process_ownername, (int)running_uid,
|
||||
pw ? pw->pw_name : "<unknown>", (int)st.st_uid);
|
||||
|
||||
tor_free(process_ownername);
|
||||
return -1;
|
||||
}
|
||||
if ((check & CPD_GROUP_OK) && st.st_gid != getgid()) {
|
||||
if ((check & CPD_GROUP_OK) && st.st_gid != running_gid) {
|
||||
struct group *gr;
|
||||
char *process_groupname = NULL;
|
||||
gr = getgrgid(getgid());
|
||||
gr = getgrgid(running_gid);
|
||||
process_groupname = gr ? tor_strdup(gr->gr_name) : tor_strdup("<unknown>");
|
||||
gr = getgrgid(st.st_gid);
|
||||
|
||||
log_warn(LD_FS, "%s is not owned by this group (%s, %d) but by group "
|
||||
"%s (%d). Are you running Tor as the wrong user?",
|
||||
dirname, process_groupname, (int)getgid(),
|
||||
dirname, process_groupname, (int)running_gid,
|
||||
gr ? gr->gr_name : "<unknown>", (int)st.st_gid);
|
||||
|
||||
tor_free(process_groupname);
|
||||
|
|
|
@ -292,7 +292,8 @@ typedef unsigned int cpd_check_t;
|
|||
#define CPD_CHECK 2
|
||||
#define CPD_GROUP_OK 4
|
||||
#define CPD_CHECK_MODE_ONLY 8
|
||||
int check_private_dir(const char *dirname, cpd_check_t check);
|
||||
int check_private_dir(const char *dirname, cpd_check_t check,
|
||||
const char *effective_user);
|
||||
#define OPEN_FLAGS_REPLACE (O_WRONLY|O_CREAT|O_TRUNC)
|
||||
#define OPEN_FLAGS_APPEND (O_WRONLY|O_CREAT|O_APPEND)
|
||||
typedef struct open_file_t open_file_t;
|
||||
|
|
5398
src/config/geoip
5398
src/config/geoip
File diff suppressed because it is too large
Load Diff
|
@ -678,7 +678,15 @@ circuit_build_times_shuffle_and_store_array(circuit_build_times_t *cbt,
|
|||
log_notice(LD_CIRC, "The number of circuit times that this Tor version "
|
||||
"uses to calculate build times is less than the number stored "
|
||||
"in your state file. Decreasing the circuit time history from "
|
||||
"%d to %d.", num_times, CBT_NCIRCUITS_TO_OBSERVE);
|
||||
"%lu to %d.", (unsigned long)num_times,
|
||||
CBT_NCIRCUITS_TO_OBSERVE);
|
||||
}
|
||||
|
||||
if (n > INT_MAX-1) {
|
||||
log_warn(LD_CIRC, "For some insane reasons, you had %lu circuit build "
|
||||
"observations in your state file. That's far too many; probably "
|
||||
"there's a bug here.", (unsigned long)n);
|
||||
n = INT_MAX-1;
|
||||
}
|
||||
|
||||
/* This code can only be run on a compact array */
|
||||
|
|
|
@ -775,8 +775,8 @@ circuit_get_by_circid_orconn_impl(circid_t circ_id, or_connection_t *conn)
|
|||
return found->circuit;
|
||||
|
||||
return NULL;
|
||||
|
||||
/* The rest of this checks for bugs. Disabled by default. */
|
||||
/* We comment it out because coverity complains otherwise.
|
||||
{
|
||||
circuit_t *circ;
|
||||
for (circ=global_circuitlist;circ;circ = circ->next) {
|
||||
|
@ -795,7 +795,7 @@ circuit_get_by_circid_orconn_impl(circid_t circ_id, or_connection_t *conn)
|
|||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
} */
|
||||
}
|
||||
|
||||
/** Return a circ such that:
|
||||
|
|
|
@ -73,7 +73,8 @@ circuit_is_acceptable(circuit_t *circ, edge_connection_t *conn,
|
|||
return 0;
|
||||
}
|
||||
|
||||
if (purpose == CIRCUIT_PURPOSE_C_GENERAL)
|
||||
if (purpose == CIRCUIT_PURPOSE_C_GENERAL ||
|
||||
purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
|
||||
if (circ->timestamp_dirty &&
|
||||
circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now)
|
||||
return 0;
|
||||
|
|
|
@ -376,7 +376,7 @@ static config_var_t _option_vars[] = {
|
|||
V(TransPort, PORT, "0"),
|
||||
V(TunnelDirConns, BOOL, "1"),
|
||||
V(UpdateBridgesFromAuthority, BOOL, "0"),
|
||||
VAR("UseBridges", STRING, UseBridges_, "auto"),
|
||||
V(UseBridges, BOOL, "0"),
|
||||
V(UseEntryGuards, BOOL, "1"),
|
||||
V(User, STRING, NULL),
|
||||
VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),
|
||||
|
@ -1025,7 +1025,8 @@ options_act_reversible(or_options_t *old_options, char **msg)
|
|||
|
||||
/* Ensure data directory is private; create if possible. */
|
||||
if (check_private_dir(options->DataDirectory,
|
||||
running_tor ? CPD_CREATE : CPD_CHECK)<0) {
|
||||
running_tor ? CPD_CREATE : CPD_CHECK,
|
||||
options->User)<0) {
|
||||
tor_asprintf(msg,
|
||||
"Couldn't access/create private data directory \"%s\"",
|
||||
options->DataDirectory);
|
||||
|
@ -1038,7 +1039,8 @@ options_act_reversible(or_options_t *old_options, char **msg)
|
|||
char *fn = tor_malloc(len);
|
||||
tor_snprintf(fn, len, "%s"PATH_SEPARATOR"cached-status",
|
||||
options->DataDirectory);
|
||||
if (check_private_dir(fn, running_tor ? CPD_CREATE : CPD_CHECK) < 0) {
|
||||
if (check_private_dir(fn, running_tor ? CPD_CREATE : CPD_CHECK,
|
||||
options->User) < 0) {
|
||||
tor_asprintf(msg,
|
||||
"Couldn't access/create private data directory \"%s\"", fn);
|
||||
tor_free(fn);
|
||||
|
@ -3232,19 +3234,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||
"of the Internet, so they must not set Reachable*Addresses "
|
||||
"or FascistFirewall.");
|
||||
|
||||
/* XXX023 use autobool instead. */
|
||||
if (!strcmp(options->UseBridges_, "auto")) {
|
||||
options->UseBridges = (options->Bridges &&
|
||||
!server_mode(options) &&
|
||||
!options->EntryNodes);
|
||||
} else if (!strcmp(options->UseBridges_, "0")) {
|
||||
options->UseBridges = 0;
|
||||
} else if (!strcmp(options->UseBridges_, "1")) {
|
||||
options->UseBridges = 1;
|
||||
} else {
|
||||
REJECT("UseBridges must be 0, 1, or auto");
|
||||
}
|
||||
|
||||
if (options->UseBridges &&
|
||||
server_mode(options))
|
||||
REJECT("Servers must be able to freely connect to the rest "
|
||||
|
@ -3579,8 +3568,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
|||
if (validate_dir_authorities(options, old_options) < 0)
|
||||
REJECT("Directory authority line did not parse. See logs for details.");
|
||||
|
||||
if (options->UseBridges && !options->Bridges)
|
||||
REJECT("If you set UseBridges, you must specify at least one bridge.");
|
||||
if (options->UseBridges && !options->TunnelDirConns)
|
||||
REJECT("TunnelDirConns set to 0 only works with UseBridges set to 0");
|
||||
REJECT("If you set UseBridges, you must set TunnelDirConns.");
|
||||
if (options->Bridges) {
|
||||
for (cl = options->Bridges; cl; cl = cl->next) {
|
||||
if (parse_bridge_line(cl->value, 1)<0)
|
||||
|
|
|
@ -867,7 +867,7 @@ check_location_for_unix_socket(or_options_t *options, const char *path)
|
|||
if (options->ControlSocketsGroupWritable)
|
||||
flags |= CPD_GROUP_OK;
|
||||
|
||||
if (check_private_dir(p, flags) < 0) {
|
||||
if (check_private_dir(p, flags, options->User) < 0) {
|
||||
char *escpath, *escdir;
|
||||
escpath = esc_for_log(path);
|
||||
escdir = esc_for_log(p);
|
||||
|
|
|
@ -929,13 +929,16 @@ connection_tls_continue_handshake(or_connection_t *conn)
|
|||
if (! tor_tls_used_v1_handshake(conn->tls)) {
|
||||
if (!tor_tls_is_server(conn->tls)) {
|
||||
if (conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING) {
|
||||
// log_notice(LD_OR,"Done. state was TLS_HANDSHAKING.");
|
||||
log_debug(LD_OR, "Done with initial SSL handshake (client-side). "
|
||||
"Requesting renegotiation.");
|
||||
conn->_base.state = OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING;
|
||||
goto again;
|
||||
}
|
||||
// log_notice(LD_OR,"Done. state was %d.", conn->_base.state);
|
||||
} else {
|
||||
/* improved handshake, but not a client. */
|
||||
log_debug(LD_OR, "Done with initial SSL handshake (server-side). "
|
||||
"Expecting renegotiation.");
|
||||
tor_tls_set_renegotiate_callback(conn->tls,
|
||||
connection_or_tls_renegotiated_cb,
|
||||
conn);
|
||||
|
|
|
@ -98,7 +98,7 @@ static int disable_log_messages = 0;
|
|||
static int authentication_cookie_is_set = 0;
|
||||
/** If authentication_cookie_is_set, a secret cookie that we've stored to disk
|
||||
* and which we're using to authenticate controllers. (If the controller can
|
||||
* read it off disk, it has permission to connect. */
|
||||
* read it off disk, it has permission to connect.) */
|
||||
static char authentication_cookie[AUTHENTICATION_COOKIE_LEN];
|
||||
|
||||
/** A sufficiently large size to record the last bootstrap phase string. */
|
||||
|
@ -481,33 +481,26 @@ decode_escaped_string(const char *start, size_t in_len_max,
|
|||
}
|
||||
|
||||
/** Acts like sprintf, but writes its formatted string to the end of
|
||||
* <b>conn</b>-\>outbuf. The message may be truncated if it is too long,
|
||||
* but it will always end with a CRLF sequence.
|
||||
*
|
||||
* Currently the length of the message is limited to 1024 (including the
|
||||
* ending CR LF NUL ("\\r\\n\\0"). */
|
||||
* <b>conn</b>-\>outbuf. */
|
||||
static void
|
||||
connection_printf_to_buf(control_connection_t *conn, const char *format, ...)
|
||||
{
|
||||
#define CONNECTION_PRINTF_TO_BUF_BUFFERSIZE 1024
|
||||
va_list ap;
|
||||
char buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE];
|
||||
int r;
|
||||
size_t len;
|
||||
char *buf = NULL;
|
||||
int len;
|
||||
|
||||
va_start(ap,format);
|
||||
r = tor_vsnprintf(buf, sizeof(buf), format, ap);
|
||||
len = tor_vasprintf(&buf, format, ap);
|
||||
va_end(ap);
|
||||
if (r<0) {
|
||||
|
||||
if (len < 0) {
|
||||
log_warn(LD_BUG, "Unable to format string for controller.");
|
||||
return;
|
||||
}
|
||||
len = strlen(buf);
|
||||
if (fast_memcmp("\r\n\0", buf+len-2, 3)) {
|
||||
buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-1] = '\0';
|
||||
buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-2] = '\n';
|
||||
buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-3] = '\r';
|
||||
}
|
||||
connection_write_to_buf(buf, len, TO_CONN(conn));
|
||||
|
||||
connection_write_to_buf(buf, (size_t)len, TO_CONN(conn));
|
||||
|
||||
tor_free(buf);
|
||||
}
|
||||
|
||||
/** Write all of the open control ports to ControlPortWriteToFile */
|
||||
|
@ -606,46 +599,31 @@ send_control_event_string(uint16_t event, event_format_t which,
|
|||
} SMARTLIST_FOREACH_END(conn);
|
||||
}
|
||||
|
||||
/** Helper for send_control1_event and send_control1_event_extended:
|
||||
/** Helper for send_control_event and control_event_status:
|
||||
* Send an event to all v1 controllers that are listening for code
|
||||
* <b>event</b>. The event's body is created by the printf-style format in
|
||||
* <b>format</b>, and other arguments as provided.
|
||||
*
|
||||
* Currently the length of the message is limited to 1024 (including the
|
||||
* ending \\r\\n\\0). */
|
||||
* <b>format</b>, and other arguments as provided. */
|
||||
static void
|
||||
send_control_event_impl(uint16_t event, event_format_t which,
|
||||
const char *format, va_list ap)
|
||||
{
|
||||
/* This is just a little longer than the longest allowed log message */
|
||||
#define SEND_CONTROL1_EVENT_BUFFERSIZE 10064
|
||||
int r;
|
||||
char buf[SEND_CONTROL1_EVENT_BUFFERSIZE];
|
||||
size_t len;
|
||||
char *buf = NULL;
|
||||
int len;
|
||||
|
||||
r = tor_vsnprintf(buf, sizeof(buf), format, ap);
|
||||
if (r<0) {
|
||||
len = tor_vasprintf(&buf, format, ap);
|
||||
if (len < 0) {
|
||||
log_warn(LD_BUG, "Unable to format event for controller.");
|
||||
return;
|
||||
}
|
||||
|
||||
len = strlen(buf);
|
||||
if (fast_memcmp("\r\n\0", buf+len-2, 3)) {
|
||||
/* if it is not properly terminated, do it now */
|
||||
buf[SEND_CONTROL1_EVENT_BUFFERSIZE-1] = '\0';
|
||||
buf[SEND_CONTROL1_EVENT_BUFFERSIZE-2] = '\n';
|
||||
buf[SEND_CONTROL1_EVENT_BUFFERSIZE-3] = '\r';
|
||||
}
|
||||
|
||||
send_control_event_string(event, which|ALL_FORMATS, buf);
|
||||
|
||||
tor_free(buf);
|
||||
}
|
||||
|
||||
/** Send an event to all v1 controllers that are listening for code
|
||||
* <b>event</b>. The event's body is created by the printf-style format in
|
||||
* <b>format</b>, and other arguments as provided.
|
||||
*
|
||||
* Currently the length of the message is limited to 1024 (including the
|
||||
* ending \\n\\r\\0. */
|
||||
* <b>format</b>, and other arguments as provided. */
|
||||
static void
|
||||
send_control_event(uint16_t event, event_format_t which,
|
||||
const char *format, ...)
|
||||
|
|
|
@ -95,8 +95,8 @@ evdns_server_callback(struct evdns_server_request *req, void *_data)
|
|||
}
|
||||
if (!q) {
|
||||
log_info(LD_APP, "None of the questions we got were ones we're willing "
|
||||
"to support. Sending NODATA.");
|
||||
evdns_server_request_respond(req, DNS_ERR_NONE);
|
||||
"to support. Sending NOTIMPL.");
|
||||
evdns_server_request_respond(req, DNS_ERR_NOTIMPL);
|
||||
return;
|
||||
}
|
||||
if (q->type != EVDNS_TYPE_A) {
|
||||
|
|
|
@ -970,7 +970,7 @@ geoip_dirreq_stats_write(time_t now)
|
|||
geoip_remove_old_clients(start_of_dirreq_stats_interval);
|
||||
|
||||
statsdir = get_datadir_fname("stats");
|
||||
if (check_private_dir(statsdir, CPD_CREATE) < 0)
|
||||
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0)
|
||||
goto done;
|
||||
filename = get_datadir_fname2("stats", "dirreq-stats");
|
||||
data_v2 = geoip_get_client_history(GEOIP_CLIENT_NETWORKSTATUS_V2);
|
||||
|
@ -1209,7 +1209,7 @@ geoip_bridge_stats_write(time_t now)
|
|||
|
||||
/* Write it to disk. */
|
||||
statsdir = get_datadir_fname("stats");
|
||||
if (check_private_dir(statsdir, CPD_CREATE) < 0)
|
||||
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0)
|
||||
goto done;
|
||||
filename = get_datadir_fname2("stats", "bridge-stats");
|
||||
|
||||
|
@ -1304,7 +1304,7 @@ geoip_entry_stats_write(time_t now)
|
|||
geoip_remove_old_clients(start_of_entry_stats_interval);
|
||||
|
||||
statsdir = get_datadir_fname("stats");
|
||||
if (check_private_dir(statsdir, CPD_CREATE) < 0)
|
||||
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0)
|
||||
goto done;
|
||||
filename = get_datadir_fname2("stats", "entry-stats");
|
||||
data = geoip_get_client_history(GEOIP_CLIENT_CONNECT);
|
||||
|
|
12
src/or/or.h
12
src/or/or.h
|
@ -2480,17 +2480,7 @@ typedef struct {
|
|||
* when doing so. */
|
||||
char *BridgePassword;
|
||||
|
||||
/** Whether we should start all circuits with a bridge. "1" means strictly
|
||||
* yes, "0" means strictly no, and "auto" means that we do iff any bridges
|
||||
* are configured, we are not running a server and have not specified a list
|
||||
* of entry nodes. */
|
||||
char *UseBridges_;
|
||||
/** Effective value of UseBridges. Will be set equally for UseBridges set to
|
||||
* 1 or 0, but for 'auto' it will be set to 1 iff any bridges are
|
||||
* configured, we are not running a server and have not specified a list of
|
||||
* entry nodes. */
|
||||
int UseBridges;
|
||||
|
||||
int UseBridges; /**< Boolean: should we start all circuits with a bridge? */
|
||||
config_line_t *Bridges; /**< List of bootstrap bridge addresses. */
|
||||
|
||||
int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make
|
||||
|
|
|
@ -45,7 +45,7 @@ typedef struct policy_summary_item_t {
|
|||
uint16_t prt_max; /**< Highest port number to accept/reject. */
|
||||
uint64_t reject_count; /**< Number of IP-Addresses that are rejected to
|
||||
this port range. */
|
||||
int accepted:1; /** Has this port already been accepted */
|
||||
unsigned int accepted:1; /** Has this port already been accepted */
|
||||
} policy_summary_item_t;
|
||||
|
||||
/** Private networks. This list is used in two places, once to expand the
|
||||
|
|
|
@ -569,7 +569,7 @@ rend_service_load_keys(void)
|
|||
s->directory);
|
||||
|
||||
/* Check/create directory */
|
||||
if (check_private_dir(s->directory, CPD_CREATE) < 0)
|
||||
if (check_private_dir(s->directory, CPD_CREATE, get_options()->User) < 0)
|
||||
return -1;
|
||||
|
||||
/* Load key */
|
||||
|
|
|
@ -2307,7 +2307,7 @@ rep_hist_exit_stats_write(time_t now)
|
|||
|
||||
/* Try to write to disk. */
|
||||
statsdir = get_datadir_fname("stats");
|
||||
if (check_private_dir(statsdir, CPD_CREATE) < 0) {
|
||||
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0) {
|
||||
log_warn(LD_HIST, "Unable to create stats/ directory!");
|
||||
goto done;
|
||||
}
|
||||
|
@ -2401,8 +2401,7 @@ rep_hist_buffer_stats_add_circ(circuit_t *circ, time_t end_of_interval)
|
|||
stat = tor_malloc_zero(sizeof(circ_buffer_stats_t));
|
||||
stat->processed_cells = orcirc->processed_cells;
|
||||
/* 1000.0 for s -> ms; 2.0 because of app-ward and exit-ward queues */
|
||||
stat->mean_num_cells_in_queue = interval_length == 0 ? 0.0 :
|
||||
(double) orcirc->total_cell_waiting_time /
|
||||
stat->mean_num_cells_in_queue = (double) orcirc->total_cell_waiting_time /
|
||||
(double) interval_length / 1000.0 / 2.0;
|
||||
stat->mean_time_cells_in_queue =
|
||||
(double) orcirc->total_cell_waiting_time /
|
||||
|
@ -2452,8 +2451,8 @@ rep_hist_buffer_stats_write(time_t now)
|
|||
int processed_cells[SHARES], circs_in_share[SHARES],
|
||||
number_of_circuits, i;
|
||||
double queued_cells[SHARES], time_in_queue[SHARES];
|
||||
smartlist_t *str_build = smartlist_create();
|
||||
char *str = NULL, *buf=NULL;
|
||||
smartlist_t *str_build = NULL;
|
||||
char *str = NULL, *buf = NULL;
|
||||
circuit_t *circ;
|
||||
|
||||
if (!start_of_buffer_stats_interval)
|
||||
|
@ -2461,6 +2460,8 @@ rep_hist_buffer_stats_write(time_t now)
|
|||
if (start_of_buffer_stats_interval + WRITE_STATS_INTERVAL > now)
|
||||
goto done; /* Not ready to write */
|
||||
|
||||
str_build = smartlist_create();
|
||||
|
||||
/* add current circuits to stats */
|
||||
for (circ = _circuit_get_global_list(); circ; circ = circ->next)
|
||||
rep_hist_buffer_stats_add_circ(circ, now);
|
||||
|
@ -2496,7 +2497,7 @@ rep_hist_buffer_stats_write(time_t now)
|
|||
smartlist_clear(circuits_for_buffer_stats);
|
||||
/* write to file */
|
||||
statsdir = get_datadir_fname("stats");
|
||||
if (check_private_dir(statsdir, CPD_CREATE) < 0)
|
||||
if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0)
|
||||
goto done;
|
||||
filename = get_datadir_fname2("stats", "buffer-stats");
|
||||
out = start_writing_to_stdio_file(filename, OPEN_FLAGS_APPEND,
|
||||
|
|
|
@ -533,12 +533,12 @@ init_keys(void)
|
|||
return 0;
|
||||
}
|
||||
/* Make sure DataDirectory exists, and is private. */
|
||||
if (check_private_dir(options->DataDirectory, CPD_CREATE)) {
|
||||
if (check_private_dir(options->DataDirectory, CPD_CREATE, options->User)) {
|
||||
return -1;
|
||||
}
|
||||
/* Check the key directory. */
|
||||
keydir = get_datadir_fname("keys");
|
||||
if (check_private_dir(keydir, CPD_CREATE)) {
|
||||
if (check_private_dir(keydir, CPD_CREATE, options->User)) {
|
||||
tor_free(keydir);
|
||||
return -1;
|
||||
}
|
||||
|
|
|
@ -1544,10 +1544,10 @@ router_parse_entry_from_string(const char *s, const char *end,
|
|||
}
|
||||
}
|
||||
|
||||
if ((tok = find_opt_by_keyword(tokens, K_CACHES_EXTRA_INFO)))
|
||||
if (find_opt_by_keyword(tokens, K_CACHES_EXTRA_INFO))
|
||||
router->caches_extra_info = 1;
|
||||
|
||||
if ((tok = find_opt_by_keyword(tokens, K_ALLOW_SINGLE_HOP_EXITS)))
|
||||
if (find_opt_by_keyword(tokens, K_ALLOW_SINGLE_HOP_EXITS))
|
||||
router->allow_single_hop_exits = 1;
|
||||
|
||||
if ((tok = find_opt_by_keyword(tokens, K_EXTRA_INFO_DIGEST))) {
|
||||
|
@ -1560,7 +1560,7 @@ router_parse_entry_from_string(const char *s, const char *end,
|
|||
}
|
||||
}
|
||||
|
||||
if ((tok = find_opt_by_keyword(tokens, K_HIDDEN_SERVICE_DIR))) {
|
||||
if (find_opt_by_keyword(tokens, K_HIDDEN_SERVICE_DIR)) {
|
||||
router->wants_to_be_hs_dir = 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -436,13 +436,16 @@ test_addr_ip6_helpers(void)
|
|||
/* test tor_addr_parse_mask_ports */
|
||||
test_addr_mask_ports_parse("[::f]/17:47-95", AF_INET6,
|
||||
0, 0, 0, 0x0000000f, 17, 47, 95);
|
||||
test_streq(p1, "::f");
|
||||
//test_addr_parse("[::fefe:4.1.1.7/120]:999-1000");
|
||||
//test_addr_parse_check("::fefe:401:107", 120, 999, 1000);
|
||||
test_addr_mask_ports_parse("[::ffff:4.1.1.7]/120:443", AF_INET6,
|
||||
0, 0, 0x0000ffff, 0x04010107, 120, 443, 443);
|
||||
test_streq(p1, "::ffff:4.1.1.7");
|
||||
test_addr_mask_ports_parse("[abcd:2::44a:0]:2-65000", AF_INET6,
|
||||
0xabcd0002, 0, 0, 0x044a0000, 128, 2, 65000);
|
||||
|
||||
test_streq(p1, "abcd:2::44a:0");
|
||||
r=tor_addr_parse_mask_ports("[fefef::]/112", &t1, NULL, NULL, NULL);
|
||||
test_assert(r == -1);
|
||||
r=tor_addr_parse_mask_ports("efef::/112", &t1, NULL, NULL, NULL);
|
||||
|
|
Loading…
Reference in New Issue