1 /* Copyright 2001 Matej Pfajfar.
2 * Copyright 2001-2004 Roger Dingledine.
3 * Copyright 2004-2005 Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
6 const char routerparse_c_id
[] = "$Id$";
11 * \brief Code to parse and validate router descriptors and directories.
16 /****************************************************************************/
18 /** Enumeration of possible token types. The ones starting with K_
19 * correspond to directory 'keywords'. _UNRECOGNIZED is for an
20 * unrecognized keyword; _ERR is an error in the tokenizing process,
21 * _EOF is an end-of-file marker, and _NIL is used to encode
26 K_DIRECTORY_SIGNATURE
,
27 K_RECOMMENDED_SOFTWARE
,
56 /** Structure to hold a single directory token.
58 * We parse a directory by breaking it into "tokens", each consisting
59 * of a keyword, a line full of arguments, and a binary object. The
60 * arguments and object are both optional, depending on the keyword
63 typedef struct directory_token_t
{
64 directory_keyword tp
; /**< Type of the token. */
65 int n_args
; /**< Number of elements in args */
66 char **args
; /**< Array of arguments from keyword line. */
67 char *object_type
; /**< -----BEGIN [object_type]-----*/
68 size_t object_size
; /**< Bytes in object_body */
69 char *object_body
; /**< Contents of object, base64-decoded. */
70 crypto_pk_env_t
*key
; /**< For public keys only. */
71 const char *error
; /**< For _ERR tokens only. */
74 /* ********************************************************************** */
76 /** We use a table of rules to decide how to parse each token type. */
78 /** Rules for how many arguments a keyword can take. */
80 NO_ARGS
, /**< (1) no arguments, ever */
81 ARGS
, /**< (2) a list of arguments separated by spaces */
82 CONCAT_ARGS
, /**< or (3) the rest of the line, treated as a single argument. */
85 /** Rules for whether the keyword needs an object. */
87 NO_OBJ
, /**< (1) no object, ever */
88 NEED_OBJ
, /**< (2) object is required */
89 NEED_KEY
, /**< (3) object is required, and must be a public key. */
90 OBJ_OK
, /**< or (4) object is optional. */
93 /** Rules for where a keyword can appear. */
95 ANY
= 0, /**< Appears in router descriptor or in directory sections. */
96 DIR_ONLY
, /**< Appears only in directory. */
97 RTR_ONLY
, /**< Appears only in router descriptor or runningrouters */
100 /** Table mapping keywords to token value and to argument rules. */
102 const char *t
; int v
; arg_syntax s
; obj_syntax os
; where_syntax ws
;
104 { "accept", K_ACCEPT
, ARGS
, NO_OBJ
, RTR_ONLY
},
105 { "directory-signature", K_DIRECTORY_SIGNATURE
, ARGS
, NEED_OBJ
,DIR_ONLY
},
106 { "reject", K_REJECT
, ARGS
, NO_OBJ
, RTR_ONLY
},
107 { "router", K_ROUTER
, ARGS
, NO_OBJ
, RTR_ONLY
},
108 { "recommended-software",K_RECOMMENDED_SOFTWARE
,ARGS
, NO_OBJ
, DIR_ONLY
},
109 { "signed-directory", K_SIGNED_DIRECTORY
, NO_ARGS
, NO_OBJ
, DIR_ONLY
},
110 { "signing-key", K_SIGNING_KEY
, NO_ARGS
, NEED_KEY
,RTR_ONLY
},
111 { "onion-key", K_ONION_KEY
, NO_ARGS
, NEED_KEY
,RTR_ONLY
},
112 { "router-signature", K_ROUTER_SIGNATURE
, NO_ARGS
, NEED_OBJ
,RTR_ONLY
},
113 { "running-routers", K_RUNNING_ROUTERS
, ARGS
, NO_OBJ
, DIR_ONLY
},
114 { "router-status", K_ROUTER_STATUS
, ARGS
, NO_OBJ
, DIR_ONLY
},
115 { "ports", K_PORTS
, ARGS
, NO_OBJ
, RTR_ONLY
},
116 { "bandwidth", K_BANDWIDTH
, ARGS
, NO_OBJ
, RTR_ONLY
},
117 { "platform", K_PLATFORM
, CONCAT_ARGS
, NO_OBJ
, RTR_ONLY
},
118 { "published", K_PUBLISHED
, CONCAT_ARGS
, NO_OBJ
, ANY
},
119 { "opt", K_OPT
, CONCAT_ARGS
, OBJ_OK
, ANY
},
120 { "contact", K_CONTACT
, CONCAT_ARGS
, NO_OBJ
, ANY
},
121 { "network-status", K_NETWORK_STATUS
, NO_ARGS
, NO_OBJ
, DIR_ONLY
},
122 { "uptime", K_UPTIME
, ARGS
, NO_OBJ
, RTR_ONLY
},
123 { "dir-signing-key", K_DIR_SIGNING_KEY
, ARGS
, OBJ_OK
, DIR_ONLY
},
124 { "family", K_FAMILY
, ARGS
, NO_OBJ
, RTR_ONLY
},
125 { "fingerprint", K_FINGERPRINT
, ARGS
, NO_OBJ
, ANY
},
126 { "hibernating", K_HIBERNATING
, ARGS
, NO_OBJ
, RTR_ONLY
},
127 { "read-history", K_READ_HISTORY
, ARGS
, NO_OBJ
, RTR_ONLY
},
128 { "write-history", K_WRITE_HISTORY
, ARGS
, NO_OBJ
, RTR_ONLY
},
129 { NULL
, -1, NO_ARGS
, NO_OBJ
, ANY
}
132 /* static function prototypes */
133 static int router_add_exit_policy(routerinfo_t
*router
,directory_token_t
*tok
);
134 static addr_policy_t
*router_parse_addr_policy(directory_token_t
*tok
);
135 static int router_get_hash_impl(const char *s
, char *digest
,
136 const char *start_str
, const char *end_str
);
137 static void token_free(directory_token_t
*tok
);
138 static smartlist_t
*find_all_exitpolicy(smartlist_t
*s
);
139 static directory_token_t
*find_first_by_keyword(smartlist_t
*s
,
140 directory_keyword keyword
);
141 static int tokenize_string(const char *start
, const char *end
,
142 smartlist_t
*out
, int is_dir
);
143 static directory_token_t
*get_next_token(const char **s
, where_syntax where
);
144 static int check_directory_signature(const char *digest
,
145 directory_token_t
*tok
,
146 crypto_pk_env_t
*pkey
,
147 crypto_pk_env_t
*declared_key
);
148 static crypto_pk_env_t
*find_dir_signing_key(const char *str
);
149 /* static */ int is_obsolete_version(const char *myversion
,
150 const char *versionlist
);
151 static int tor_version_same_series(tor_version_t
*a
, tor_version_t
*b
);
153 /** Set <b>digest</b> to the SHA-1 digest of the hash of the directory in
154 * <b>s</b>. Return 0 on success, nonzero on failure.
156 int router_get_dir_hash(const char *s
, char *digest
)
158 return router_get_hash_impl(s
,digest
,
159 "signed-directory","\ndirectory-signature");
162 /** Set <b>digest</b> to the SHA-1 digest of the hash of the first router in
163 * <b>s</b>. Return 0 on success, nonzero on failure.
165 int router_get_router_hash(const char *s
, char *digest
)
167 return router_get_hash_impl(s
,digest
,
168 "router ","\nrouter-signature");
171 /** Set <b>digest</b> to the SHA-1 digest of the hash of the running-routers
172 * string in <b>s</b>. Return 0 on success, nonzero on failure.
174 int router_get_runningrouters_hash(const char *s
, char *digest
)
176 return router_get_hash_impl(s
,digest
,
177 "network-status","\ndirectory-signature");
181 * Find the first instance of "recommended-software ...\n" at the start of
182 * a line; return a newly allocated string containing the "..." portion.
183 * Return NULL if no such instance was found.
186 get_recommended_software_from_directory(const char *str
)
188 #define REC "recommended-software "
189 const char *cp
= str
, *eol
;
190 size_t len
= strlen(REC
);
192 if (strcmpstart(str
, REC
)==0) {
195 cp
= strstr(str
, "\n"REC
);
200 eol
= strchr(cp
, '\n');
203 return tor_strndup(cp
, eol
-cp
);
207 /** Return 1 if <b>myversion</b> is not in <b>versionlist</b>, and if at least
208 * one version of Tor on <b>versionlist</b> is newer than <b>myversion</b>.
210 * Return 1 if no version from the same series as <b>myversion</b> is
211 * in <b>versionlist</b> (and <b>myversion</b> is not the newest
212 * version), or if a newer version from the same series is in
213 * <b>versionlist</b>.
215 * Otherwise return 0.
216 * (versionlist is a comma-separated list of version strings,
217 * optionally prefixed with "Tor". Versions that can't be parsed are
219 /* static */ int is_obsolete_version(const char *myversion
,
220 const char *versionlist
) {
222 tor_version_t mine
, other
;
223 int found_newer
= 0, found_newer_in_series
= 0, found_any_in_series
= 0,
225 static int warned_too_new
=0;
226 smartlist_t
*version_sl
;
231 log_fn(LOG_DEBUG
,"Checking whether version '%s' is in '%s'", myversion
, versionlist
);
233 if (tor_version_parse(myversion
, &mine
)) {
234 log_fn(LOG_ERR
, "I couldn't parse my own version (%s)", myversion
);
237 version_sl
= smartlist_create();
238 smartlist_split_string(version_sl
, versionlist
, ",", SPLIT_SKIP_SPACE
, 0);
240 SMARTLIST_FOREACH(version_sl
, const char *, cp
, {
241 if (!strcmpstart(cp
, "Tor "))
244 if (tor_version_parse(cp
, &other
)) {
245 /* Couldn't parse other; it can't be a match. */
247 same
= tor_version_same_series(&mine
, &other
);
249 found_any_in_series
= 1;
250 r
= tor_version_compare(&mine
, &other
);
257 found_newer_in_series
= 1;
262 /* We didn't find the listed version. Is it new or old? */
264 if (found_any_in_series
) {
265 if (!found_newer_in_series
) {
266 /* We belong to a series with recommended members, and we are newer than
267 * any recommended member. We're probably okay. */
268 if (!warned_too_new
) {
269 log(LOG_WARN
, "This version of Tor (%s) is newer than any in the same series on the recommended list (%s)",
270 myversion
, versionlist
);
276 /* We found a newer one in the same series; we're obsolete. */
282 /* We belong to a series with no recommended members, and
283 * a newer series is recommended. We're obsolete. */
287 /* We belong to a series with no recommended members, and it's
288 * newer than any recommended series. We're probably okay. */
289 if (!warned_too_new
) {
290 log(LOG_WARN
, "This version of Tor (%s) is newer than any on the recommended list (%s)",
291 myversion
, versionlist
);
300 "Decided that %s is %sobsolete relative to %s: %d, %d, %d\n",
301 myversion, ret?"":"not ", versionlist, found_newer,
302 found_any_in_series, found_newer_in_series);
306 SMARTLIST_FOREACH(version_sl
, char *, version
, tor_free(version
));
307 smartlist_free(version_sl
);
311 /* Return 0 if myversion is supported; else log a message and return
312 * -1 (or exit if ignoreversions is false) */
313 int check_software_version_against_directory(const char *directory
,
317 v
= get_recommended_software_from_directory(directory
);
319 log_fn(LOG_WARN
, "No recommended-versions string found in directory");
322 if (!is_obsolete_version(VERSION
, v
)) {
326 log(ignoreversion
? LOG_WARN
: LOG_ERR
,
327 "You are running Tor version %s, which will not work with this network.\n"
329 VERSION
, strchr(v
,',') ? "one of " : "", v
);
333 log(LOG_WARN
, "IgnoreVersion is set. If it breaks, we told you so.");
339 return -1; /* never reached */
343 /** Parse a directory from <b>str</b> and, when done, store the
344 * resulting routerlist in *<b>dest</b>, freeing the old value if
347 * If <b>pkey</b> is provided, we check the directory signature with pkey.
349 * If <b>check_version</b> is non-zero, then examine the
350 * Recommended-versions * line in the directory, and warn or quit
353 * If <b>write_to_cache</b> is non-zero, then store this directory in
354 * memory and/or disk as well.
356 int /* Should be static; exposed for unit tests */
357 router_parse_routerlist_from_directory(const char *str
,
359 crypto_pk_env_t
*pkey
,
363 directory_token_t
*tok
;
364 char digest
[DIGEST_LEN
];
365 routerlist_t
*new_dir
= NULL
;
366 char *versions
= NULL
;
367 smartlist_t
*good_nickname_list
= NULL
;
370 const char *end
, *cp
;
371 smartlist_t
*tokens
= NULL
;
372 char dirnickname
[MAX_NICKNAME_LEN
+1];
373 crypto_pk_env_t
*declared_key
= NULL
;
375 if (router_get_dir_hash(str
, digest
)) {
376 log_fn(LOG_WARN
, "Unable to compute digest of directory");
379 log_fn(LOG_DEBUG
,"Received directory hashes to %s",hex_str(digest
,4));
381 /* Check signature first, before we try to tokenize. */
383 while (cp
&& (end
= strstr(cp
+1, "\ndirectory-signature")))
385 if (cp
== str
|| !cp
) {
386 log_fn(LOG_WARN
, "No signature found on directory."); goto err
;
389 tokens
= smartlist_create();
390 if (tokenize_string(cp
,strchr(cp
,'\0'),tokens
,1)) {
391 log_fn(LOG_WARN
, "Error tokenizing directory signature"); goto err
;
393 if (smartlist_len(tokens
) != 1) {
394 log_fn(LOG_WARN
, "Unexpected number of tokens in signature"); goto err
;
396 tok
=smartlist_get(tokens
,0);
397 if (tok
->tp
!= K_DIRECTORY_SIGNATURE
) {
398 log_fn(LOG_WARN
,"Expected a single directory signature"); goto err
;
400 declared_key
= find_dir_signing_key(str
);
401 if (check_directory_signature(digest
, tok
, pkey
, declared_key
)<0)
404 /* now we know tok->n_args == 1, so it's safe to access tok->args[0] */
405 if (!is_legal_nickname(tok
->args
[0])) {
406 log_fn(LOG_WARN
, "Directory nickname '%s' is misformed", tok
->args
[0]);
409 strlcpy(dirnickname
, tok
->args
[0], sizeof(dirnickname
));
411 SMARTLIST_FOREACH(tokens
, directory_token_t
*, tok
, token_free(tok
));
412 smartlist_free(tokens
);
415 /* Now that we know the signature is okay, check the version. */
417 check_software_version_against_directory(str
, get_options()->IgnoreVersion
);
419 /* Now try to parse the first part of the directory. */
420 if ((end
= strstr(str
,"\nrouter "))) {
422 } else if ((end
= strstr(str
, "\ndirectory-signature"))) {
425 end
= str
+ strlen(str
);
428 tokens
= smartlist_create();
429 if (tokenize_string(str
,end
,tokens
,1)) {
430 log_fn(LOG_WARN
, "Error tokenizing directory"); goto err
;
432 if (smartlist_len(tokens
) < 1) {
433 log_fn(LOG_WARN
, "Impossibly short directory header"); goto err
;
435 if ((tok
= find_first_by_keyword(tokens
, _UNRECOGNIZED
))) {
436 log_fn(LOG_WARN
, "Unrecognized keyword \"%s\" in directory header; can't parse directory.",
441 tok
= smartlist_get(tokens
,0);
442 if (tok
->tp
!= K_SIGNED_DIRECTORY
) {
443 log_fn(LOG_WARN
, "Directory doesn't start with signed-directory.");
447 if (!(tok
= find_first_by_keyword(tokens
, K_PUBLISHED
))) {
448 log_fn(LOG_WARN
, "Missing published time on directory.");
451 tor_assert(tok
->n_args
== 1);
453 if (parse_iso_time(tok
->args
[0], &published_on
) < 0) {
457 /* Now that we know the signature is okay, and we have a
458 * publication time, cache the directory. */
459 if (!get_options()->AuthoritativeDir
&& write_to_cache
)
460 dirserv_set_cached_directory(str
, published_on
, 0);
462 if (!(tok
= find_first_by_keyword(tokens
, K_RECOMMENDED_SOFTWARE
))) {
463 log_fn(LOG_WARN
, "Missing recommended-software line from directory.");
466 if (tok
->n_args
> 1) {
467 log_fn(LOG_WARN
, "Invalid recommended-software line");
470 versions
= tok
->n_args
? tor_strdup(tok
->args
[0]) : tor_strdup("");
472 /* Prefer router-status, then running-routers. */
473 if (!(tok
= find_first_by_keyword(tokens
, K_ROUTER_STATUS
))) {
475 "Missing router-status line from directory.");
479 good_nickname_list
= smartlist_create();
480 for (i
=0; i
<tok
->n_args
; ++i
) {
481 smartlist_add(good_nickname_list
, tok
->args
[i
]);
483 tok
->n_args
= 0; /* Don't free the strings in good_nickname_list yet. */
485 /* Read the router list from s, advancing s up past the end of the last
488 if (router_parse_list_from_string(&str
, &new_dir
,
490 tok
->tp
==K_RUNNING_ROUTERS
,
492 log_fn(LOG_WARN
, "Error reading routers from directory");
496 /* Determine if my routerinfo is considered verified. */
498 static int have_warned_about_unverified_status
= 0;
499 routerinfo_t
*me
= router_get_my_routerinfo();
501 if (router_update_status_from_smartlist(me
,
502 published_on
, good_nickname_list
)==1 &&
503 me
->is_verified
== 0 && !have_warned_about_unverified_status
) {
504 log_fn(LOG_WARN
,"Dirserver '%s' lists your server as unverified. Please consider sending your identity fingerprint to the tor-ops.", dirnickname
);
505 have_warned_about_unverified_status
= 1;
510 new_dir
->software_versions
= versions
; versions
= NULL
;
511 new_dir
->published_on
= published_on
;
512 new_dir
->running_routers
= tor_malloc_zero(sizeof(running_routers_t
));
513 new_dir
->running_routers
->published_on
= published_on
;
514 new_dir
->running_routers
->running_routers
= good_nickname_list
;
516 SMARTLIST_FOREACH(tokens
, directory_token_t
*, tok
, token_free(tok
));
517 smartlist_free(tokens
);
521 routerlist_free(*dest
);
529 routerlist_free(new_dir
);
531 if (good_nickname_list
) {
532 SMARTLIST_FOREACH(good_nickname_list
, char *, n
, tor_free(n
));
533 smartlist_free(good_nickname_list
);
536 if (declared_key
) crypto_free_pk_env(declared_key
);
538 SMARTLIST_FOREACH(tokens
, directory_token_t
*, tok
, token_free(tok
));
539 smartlist_free(tokens
);
544 /** Read a signed router status statement from <b>str</b>. On
545 * success, return it, and cache the original string if
546 * <b>write_to_cache</b> is set. Otherwise, return NULL. */
548 router_parse_runningrouters(const char *str
, int write_to_cache
)
550 char digest
[DIGEST_LEN
];
551 running_routers_t
*new_list
= NULL
;
552 directory_token_t
*tok
;
555 crypto_pk_env_t
*declared_key
= NULL
;
556 smartlist_t
*tokens
= NULL
;
558 if (router_get_runningrouters_hash(str
, digest
)) {
559 log_fn(LOG_WARN
, "Unable to compute digest of directory");
562 tokens
= smartlist_create();
563 if (tokenize_string(str
,str
+strlen(str
),tokens
,1)) {
564 log_fn(LOG_WARN
, "Error tokenizing directory"); goto err
;
566 if ((tok
= find_first_by_keyword(tokens
, _UNRECOGNIZED
))) {
567 log_fn(LOG_WARN
, "Unrecognized keyword '%s'; can't parse running-routers",
571 tok
= smartlist_get(tokens
,0);
572 if (tok
->tp
!= K_NETWORK_STATUS
) {
573 log_fn(LOG_WARN
, "Network-status starts with wrong token");
577 if (!(tok
= find_first_by_keyword(tokens
, K_PUBLISHED
))) {
578 log_fn(LOG_WARN
, "Missing published time on directory.");
581 tor_assert(tok
->n_args
== 1);
582 if (parse_iso_time(tok
->args
[0], &published_on
) < 0) {
586 /* Now that we know the signature is okay, and we have a
587 * publication time, cache the list. */
588 if (!get_options()->AuthoritativeDir
&& write_to_cache
)
589 dirserv_set_cached_directory(str
, published_on
, 1);
591 if (!(tok
= find_first_by_keyword(tokens
, K_ROUTER_STATUS
))) {
592 if (!(tok
= find_first_by_keyword(tokens
, K_RUNNING_ROUTERS
))) {
594 "Missing running-routers/router-status line from directory.");
599 new_list
= tor_malloc_zero(sizeof(running_routers_t
));
600 new_list
->published_on
= published_on
;
601 new_list
->running_routers
= smartlist_create();
602 for (i
=0;i
<tok
->n_args
;++i
) {
603 smartlist_add(new_list
->running_routers
, tok
->args
[i
]);
605 tok
->n_args
= 0; /* Don't free the elements of tok->args. */
607 if (!(tok
= find_first_by_keyword(tokens
, K_DIRECTORY_SIGNATURE
))) {
608 log_fn(LOG_WARN
, "Missing signature on running-routers");
611 declared_key
= find_dir_signing_key(str
);
612 if (check_directory_signature(digest
, tok
, NULL
, declared_key
) < 0)
618 running_routers_free(new_list
);
622 if (declared_key
) crypto_free_pk_env(declared_key
);
624 SMARTLIST_FOREACH(tokens
, directory_token_t
*, tok
, token_free(tok
));
625 smartlist_free(tokens
);
630 /** Given a directory or running-routers string in <b>str</b>, try to
631 * find the its dir-signing-key token (if any). If this token is
632 * present, extract and return the key. Return NULL on failure. */
633 static crypto_pk_env_t
*find_dir_signing_key(const char *str
)
636 directory_token_t
*tok
;
637 crypto_pk_env_t
*key
= NULL
;
639 /* Is there a dir-signing-key in the directory? */
640 cp
= strstr(str
, "\nopt dir-signing-key");
642 cp
= strstr(str
, "\ndir-signing-key");
645 ++cp
; /* Now cp points to the start of the token. */
647 tok
= get_next_token(&cp
, DIR_ONLY
);
649 log_fn(LOG_WARN
, "Unparseable dir-signing-key token");
652 if (tok
->tp
!= K_DIR_SIGNING_KEY
) {
653 log_fn(LOG_WARN
, "Dir-signing-key token did not parse as expected");
659 tok
->key
= NULL
; /* steal reference. */
660 } else if (tok
->n_args
>= 1) {
661 /** XXXX Once all the directories are running 0.1.0.6-rc or later, we
662 * can remove this logic. */
663 key
= crypto_pk_DER64_decode_public_key(tok
->args
[0]);
665 log_fn(LOG_WARN
, "Unparseable dir-signing-key argument");
669 log_fn(LOG_WARN
, "Dir-signing-key token contained no key");
677 /** Return true iff <b>key</b> is allowed to sign directories.
679 static int dir_signing_key_is_trusted(crypto_pk_env_t
*key
)
681 char digest
[DIGEST_LEN
];
683 if (crypto_pk_get_digest(key
, digest
) < 0) {
684 log_fn(LOG_WARN
, "Error computing dir-signing-key digest");
687 if (!router_digest_is_trusted_dir(digest
)) {
688 log_fn(LOG_WARN
, "Listed dir-signing-key is not trusted");
694 /** Check whether the K_DIRECTORY_SIGNATURE token in <b>tok</b> has a
695 * good signature for <b>digest</b>.
697 * If <b>declared_key</b> is set, the directory has declared what key
698 * was used to sign it, so we will use that key only if it is an
699 * authoritative directory signing key.
701 * Otherwise, if pkey is provided, try to use it.
703 * (New callers should always use <b>declared_key</b> when possible;
704 * <b>pkey is only for debugging.)
706 static int check_directory_signature(const char *digest
,
707 directory_token_t
*tok
,
708 crypto_pk_env_t
*pkey
,
709 crypto_pk_env_t
*declared_key
)
711 char signed_digest
[PK_BYTES
];
712 crypto_pk_env_t
*_pkey
= NULL
;
714 if (tok
->n_args
!= 1) {
715 log_fn(LOG_WARN
, "Too many or too few arguments to directory-signature");
720 if (dir_signing_key_is_trusted(declared_key
))
721 _pkey
= declared_key
;
723 if (!_pkey
&& pkey
) {
724 /* pkey provided for debugging purposes */
728 log_fn(LOG_WARN
, "Obsolete directory format (dir signing key not present) or signing key not trusted--rejecting.");
732 if (strcmp(tok
->object_type
, "SIGNATURE") || tok
->object_size
!= 128) {
733 log_fn(LOG_WARN
, "Bad object type or length on directory signature");
739 if (crypto_pk_public_checksig(_pkey
, signed_digest
, tok
->object_body
, 128)
741 log_fn(LOG_WARN
, "Error reading directory: invalid signature.");
744 log_fn(LOG_DEBUG
,"Signed directory hash starts %s", hex_str(signed_digest
,4));
745 if (memcmp(digest
, signed_digest
, 20)) {
746 log_fn(LOG_WARN
, "Error reading directory: signature does not match.");
752 /** Given a string *<b>s</b> containing a concatenated sequence of router
753 * descriptors, parses them and stores the result in *<b>dest</b>. If
754 * good_nickname_list is provided, then routers are marked as
755 * running/nonrunning and verified/unverified based on their status in the
756 * list. Otherwise, all routers are marked running and verified. Advances
757 * *s to a point immediately following the last router entry. Returns 0 on
758 * success and -1 on failure.
761 router_parse_list_from_string(const char **s
, routerlist_t
**dest
,
762 smartlist_t
*good_nickname_list
,
763 int rr_format
, time_t published_on
)
765 routerinfo_t
*router
;
766 smartlist_t
*routers
;
772 routers
= smartlist_create();
775 *s
= eat_whitespace(*s
);
776 /* Don't start parsing the rest of *s unless it contains a router. */
777 if (strcmpstart(*s
, "router ")!=0)
779 if ((end
= strstr(*s
+1, "\nrouter "))) {
781 } else if ((end
= strstr(*s
+1, "\ndirectory-signature"))) {
787 router
= router_parse_entry_from_string(*s
, end
);
790 log_fn(LOG_WARN
, "Error reading router; skipping");
794 if (!good_nickname_list
) {
795 router
->is_running
= 1; /* start out assuming all dirservers are up */
796 router
->is_verified
= 1;
797 router
->status_set_at
= time(NULL
);
799 smartlist_add(routers
, router
);
800 // log_fn(LOG_DEBUG,"just added router #%d.",smartlist_len(routers));
803 if (good_nickname_list
) {
804 SMARTLIST_FOREACH(good_nickname_list
, const char *, cp
,
805 routers_update_status_from_entry(routers
, published_on
, cp
));
809 routerlist_free(*dest
);
810 *dest
= tor_malloc_zero(sizeof(routerlist_t
));
811 (*dest
)->routers
= routers
;
816 /** Helper function: reads a single router entry from *<b>s</b> ...
817 * *<b>end</b>. Mallocs a new router and returns it if all goes well, else
820 routerinfo_t
*router_parse_entry_from_string(const char *s
,
822 routerinfo_t
*router
= NULL
;
823 char signed_digest
[128];
825 smartlist_t
*tokens
= NULL
, *exit_policy_tokens
= NULL
;
826 directory_token_t
*tok
;
828 int ports_set
, bw_set
;
834 if (router_get_router_hash(s
, digest
) < 0) {
835 log_fn(LOG_WARN
, "Couldn't compute router hash.");
838 tokens
= smartlist_create();
839 if (tokenize_string(s
,end
,tokens
,0)) {
840 log_fn(LOG_WARN
, "Error tokeninzing router descriptor.");
844 if (smartlist_len(tokens
) < 2) {
845 log_fn(LOG_WARN
, "Impossibly short router descriptor.");
848 if ((tok
= find_first_by_keyword(tokens
, _UNRECOGNIZED
))) {
849 log_fn(LOG_WARN
, "Unrecognized keyword '%s'; skipping descriptor.",
854 tok
= smartlist_get(tokens
,0);
855 if (tok
->tp
!= K_ROUTER
) {
856 log_fn(LOG_WARN
,"Entry does not start with \"router\"");
860 router
= tor_malloc_zero(sizeof(routerinfo_t
));
861 router
->signed_descriptor
= tor_strndup(s
, end
-s
);
862 ports_set
= bw_set
= 0;
864 if (tok
->n_args
== 2 || tok
->n_args
== 5 || tok
->n_args
== 6) {
865 router
->nickname
= tor_strdup(tok
->args
[0]);
866 if (!is_legal_nickname(router
->nickname
)) {
867 log_fn(LOG_WARN
,"Router nickname is invalid");
870 router
->address
= tor_strdup(tok
->args
[1]);
873 if (tok
->n_args
>= 5) {
874 router
->or_port
= (uint16_t) tor_parse_long(tok
->args
[2],10,0,65535,NULL
,NULL
);
875 router
->dir_port
= (uint16_t) tor_parse_long(tok
->args
[4],10,0,65535,NULL
,NULL
);
879 log_fn(LOG_WARN
,"Wrong # of arguments to \"router\" (%d)",tok
->n_args
);
883 tok
= find_first_by_keyword(tokens
, K_PORTS
);
884 if (tok
&& ports_set
) {
885 log_fn(LOG_WARN
,"Redundant ports line");
888 if (tok
->n_args
!= 3) {
889 log_fn(LOG_WARN
,"Wrong # of arguments to \"ports\"");
892 router
->or_port
= (uint16_t) tor_parse_long(tok
->args
[0],10,0,65535,NULL
,NULL
);
893 router
->dir_port
= (uint16_t) tor_parse_long(tok
->args
[2],10,0,65535,NULL
,NULL
);
897 tok
= find_first_by_keyword(tokens
, K_BANDWIDTH
);
899 log_fn(LOG_WARN
,"Redundant bandwidth line");
902 if (tok
->n_args
< 3) {
903 /* XXXX Once 0.0.7 is *really* dead, restore this warning to its old form*/
904 log_fn(LOG_WARN
,"Not enough arguments to \"bandwidth\": must be an obsolete server. Rejecting one server (nickname '%s').", router
->nickname
);
907 router
->bandwidthrate
= tor_parse_long(tok
->args
[0],10,0,INT_MAX
,NULL
,NULL
);
908 router
->bandwidthburst
= tor_parse_long(tok
->args
[1],10,0,INT_MAX
,NULL
,NULL
);
909 router
->bandwidthcapacity
= tor_parse_long(tok
->args
[2],10,0,INT_MAX
,NULL
,NULL
);
913 if ((tok
= find_first_by_keyword(tokens
, K_UPTIME
))) {
914 if (tok
->n_args
!= 1) {
915 log_fn(LOG_WARN
, "Unrecognized number of args on K_UPTIME; skipping.");
917 router
->uptime
= tor_parse_long(tok
->args
[0],10,0,LONG_MAX
,NULL
,NULL
);
921 if (!(tok
= find_first_by_keyword(tokens
, K_PUBLISHED
))) {
922 log_fn(LOG_WARN
, "Missing published time"); goto err
;
924 tor_assert(tok
->n_args
== 1);
925 if (parse_iso_time(tok
->args
[0], &router
->published_on
) < 0)
928 if (!(tok
= find_first_by_keyword(tokens
, K_ONION_KEY
))) {
929 log_fn(LOG_WARN
, "Missing onion key"); goto err
;
931 if (crypto_pk_keysize(tok
->key
) != PK_BYTES
) {
932 log_fn(LOG_WARN
, "Wrong size on onion key: %d bits!",
933 crypto_pk_keysize(tok
->key
)*8);
936 router
->onion_pkey
= tok
->key
;
937 tok
->key
= NULL
; /* Prevent free */
939 if (!(tok
= find_first_by_keyword(tokens
, K_SIGNING_KEY
))) {
940 log_fn(LOG_WARN
, "Missing identity key"); goto err
;
942 if (crypto_pk_keysize(tok
->key
) != PK_BYTES
) {
943 log_fn(LOG_WARN
, "Wrong size on identity key: %d bits!",
944 crypto_pk_keysize(tok
->key
)*8);
947 router
->identity_pkey
= tok
->key
;
948 tok
->key
= NULL
; /* Prevent free */
949 if (crypto_pk_get_digest(router
->identity_pkey
,router
->identity_digest
)) {
950 log_fn(LOG_WARN
, "Couldn't calculate key digest"); goto err
;
953 if ((tok
= find_first_by_keyword(tokens
, K_PLATFORM
))) {
954 router
->platform
= tor_strdup(tok
->args
[0]);
957 if ((tok
= find_first_by_keyword(tokens
, K_CONTACT
))) {
958 router
->contact_info
= tor_strdup(tok
->args
[0]);
961 exit_policy_tokens
= find_all_exitpolicy(tokens
);
962 SMARTLIST_FOREACH(exit_policy_tokens
, directory_token_t
*, t
,
963 if (router_add_exit_policy(router
,t
)<0) {
964 log_fn(LOG_WARN
,"Error in exit policy");
968 if ((tok
= find_first_by_keyword(tokens
, K_FAMILY
)) && tok
->n_args
) {
970 router
->declared_family
= smartlist_create();
971 for (i
=0;i
<tok
->n_args
;++i
) {
972 if (!is_legal_nickname_or_hexdigest(tok
->args
[i
])) {
973 log_fn(LOG_WARN
, "Illegal nickname '%s' in family line", tok
->args
[i
]);
976 smartlist_add(router
->declared_family
, tor_strdup(tok
->args
[i
]));
980 if (!(tok
= find_first_by_keyword(tokens
, K_ROUTER_SIGNATURE
))) {
981 log_fn(LOG_WARN
, "Missing router signature");
984 if (strcmp(tok
->object_type
, "SIGNATURE") || tok
->object_size
!= 128) {
985 log_fn(LOG_WARN
, "Bad object type or length on router signature");
988 if ((t
=crypto_pk_public_checksig(router
->identity_pkey
, signed_digest
,
989 tok
->object_body
, 128)) != 20) {
990 log_fn(LOG_WARN
, "Invalid signature %d",t
);
993 if (memcmp(digest
, signed_digest
, 20)) {
994 log_fn(LOG_WARN
, "Mismatched signature");
999 log_fn(LOG_WARN
,"No ports declared; failing.");
1003 log_fn(LOG_WARN
,"No bandwidth declared; failing.");
1006 if (!router
->or_port
) {
1007 log_fn(LOG_WARN
,"or_port unreadable or 0. Failing.");
1010 if (!router
->bandwidthrate
) {
1011 log_fn(LOG_WARN
,"bandwidthrate unreadable or 0. Failing.");
1014 if (!router
->platform
) {
1015 router
->platform
= tor_strdup("<unknown>");
1018 // log_fn(LOG_DEBUG,"or_port %d, dir_port %d, bandwidthrate %u, bandwidthburst %u.",
1019 // router->or_port, router->dir_port,
1020 // (unsigned) router->bandwidthrate, (unsigned) router->bandwidthburst);
1026 routerinfo_free(router
);
1030 SMARTLIST_FOREACH(tokens
, directory_token_t
*, tok
, token_free(tok
));
1031 smartlist_free(tokens
);
1033 if (exit_policy_tokens
) {
1034 smartlist_free(exit_policy_tokens
);
1039 /** Parse the exit policy in the string <b>s</b> and return it.
1042 router_parse_addr_policy_from_string(const char *s
)
1044 directory_token_t
*tok
= NULL
;
1050 /* *s might not end with \n, so we need to extend it with one. */
1052 cp
= tmp
= tor_malloc(len
+2);
1053 for (idx
= 0; idx
< len
; ++idx
) {
1054 tmp
[idx
] = tolower(s
[idx
]);
1058 tok
= get_next_token(&cp
, RTR_ONLY
);
1059 if (tok
->tp
== _ERR
) {
1060 log_fn(LOG_WARN
, "Error reading exit policy: %s", tok
->error
);
1063 if (tok
->tp
!= K_ACCEPT
&& tok
->tp
!= K_REJECT
) {
1064 log_fn(LOG_WARN
, "Expected 'accept' or 'reject'.");
1068 /* Now that we've gotten an exit policy, add it to the router. */
1069 r
= router_parse_addr_policy(tok
);
1080 router_add_exit_policy_from_string(routerinfo_t
*router
, const char *s
)
1082 addr_policy_t
*newe
, *tmpe
;
1083 newe
= router_parse_addr_policy_from_string(s
);
1086 for (tmpe
= router
->exit_policy
; tmpe
; tmpe
=tmpe
->next
)
1094 router_add_exit_policy(routerinfo_t
*router
,directory_token_t
*tok
)
1096 addr_policy_t
*newe
, **tmpe
;
1097 newe
= router_parse_addr_policy(tok
);
1100 for (tmpe
= &router
->exit_policy
; *tmpe
; tmpe
=&((*tmpe
)->next
))
1107 /** Given a K_ACCEPT or K_REJECT token and a router, create and return
1108 * a new exit_policy_t corresponding to the token. */
1109 static addr_policy_t
*
1110 router_parse_addr_policy(directory_token_t
*tok
) {
1112 addr_policy_t
*newe
;
1113 // struct in_addr in;
1116 // char buf[INET_NTOA_BUF_LEN];
1118 tor_assert(tok
->tp
== K_REJECT
|| tok
->tp
== K_ACCEPT
);
1120 if (tok
->n_args
!= 1)
1124 newe
= tor_malloc_zero(sizeof(addr_policy_t
));
1126 newe
->string
= tor_malloc(8+strlen(arg
));
1127 /* XXX eventually, use the code from router.c:727 to generate this */
1128 tor_snprintf(newe
->string
, 8+strlen(arg
), "%s %s",
1129 (tok
->tp
== K_REJECT
) ? "reject" : "accept", arg
);
1130 newe
->policy_type
= (tok
->tp
== K_REJECT
) ? ADDR_POLICY_REJECT
1131 : ADDR_POLICY_ACCEPT
;
1133 if (parse_addr_and_port_range(arg
, &newe
->addr
, &newe
->msk
,
1134 &newe
->prt_min
, &newe
->prt_max
))
1135 goto policy_read_failed
;
1137 // in.s_addr = htonl(newe->addr);
1138 // tor_inet_ntoa(&in, buf, sizeof(buf));
1139 // address = tor_strdup(buf);
1140 // in.s_addr = htonl(newe->msk);
1141 // log_fn(LOG_DEBUG,"%s %s/%s:%d-%d",
1142 // newe->policy_type == ADDR_POLICY_REJECT ? "reject" : "accept",
1143 // address, inet_ntoa(in), newe->prt_min, newe->prt_max);
1144 // tor_free(address);
1149 tor_assert(newe
->string
);
1150 log_fn(LOG_WARN
,"Couldn't parse line '%s'. Dropping", newe
->string
);
1151 tor_free(newe
->string
);
1157 assert_addr_policy_ok(addr_policy_t
*t
)
1161 tor_assert(t
->policy_type
== ADDR_POLICY_REJECT
||
1162 t
->policy_type
== ADDR_POLICY_ACCEPT
);
1163 tor_assert(t
->prt_min
<= t
->prt_max
);
1164 t2
= router_parse_addr_policy_from_string(t
->string
);
1166 tor_assert(t2
->policy_type
== t
->policy_type
);
1167 tor_assert(t2
->addr
== t
->addr
);
1168 tor_assert(t2
->msk
== t
->msk
);
1169 tor_assert(t2
->prt_min
== t
->prt_min
);
1170 tor_assert(t2
->prt_max
== t
->prt_max
);
1171 tor_assert(!strcmp(t2
->string
, t
->string
));
1172 tor_assert(t2
->next
== NULL
);
1173 addr_policy_free(t2
);
1181 * Low-level tokenizer for router descriptors and directories.
1184 /** Free all resources allocated for <b>tok</b> */
1186 token_free(directory_token_t
*tok
)
1191 for (i
= 0; i
< tok
->n_args
; ++i
) {
1192 tor_free(tok
->args
[i
]);
1194 tor_free(tok
->args
);
1196 tor_free(tok
->object_type
);
1197 tor_free(tok
->object_body
);
1199 crypto_free_pk_env(tok
->key
);
1203 /** Helper function: read the next token from *s, advance *s to the end
1204 * of the token, and return the parsed token. If 'where' is DIR_ONLY
1205 * or RTR_ONLY, reject all tokens of the wrong type.
1207 static directory_token_t
*
1208 get_next_token(const char **s
, where_syntax where
) {
1209 const char *next
, *obstart
;
1210 int i
, done
, allocated
, is_opt
;
1211 directory_token_t
*tok
;
1213 obj_syntax o_syn
= NO_OBJ
;
1215 #define RET_ERR(msg) \
1216 do { if (tok) token_free(tok); \
1217 tok = tor_malloc_zero(sizeof(directory_token_t));\
1220 goto done_tokenizing; } while (0)
1222 tok
= tor_malloc_zero(sizeof(directory_token_t
));
1225 *s
= eat_whitespace(*s
);
1230 next
= find_whitespace(*s
);
1232 tok
->error
= "Unexpected EOF"; return tok
;
1234 /* It's a keyword... but which one? */
1235 is_opt
= !strncmp("opt", *s
, next
-*s
);
1237 *s
= eat_whitespace(next
);
1240 next
= find_whitespace(*s
);
1241 if (!**s
|| !next
) {
1242 RET_ERR("opt without keyword");
1245 for (i
= 0; token_table
[i
].t
; ++i
) {
1246 if (!strncmp(token_table
[i
].t
, *s
, next
-*s
)) {
1247 /* We've found the keyword. */
1248 tok
->tp
= token_table
[i
].v
;
1249 a_syn
= token_table
[i
].s
;
1250 o_syn
= token_table
[i
].os
;
1251 if (token_table
[i
].ws
!= ANY
&& token_table
[i
].ws
!= where
) {
1252 if (where
== DIR_ONLY
) {
1253 RET_ERR("Found a router-only token in a directory section");
1255 RET_ERR("Found a directory-only token in a router descriptor");
1258 if (a_syn
== ARGS
) {
1259 /* This keyword takes multiple arguments. */
1261 done
= (*next
== '\n');
1263 tok
->args
= tor_malloc(sizeof(char*)*32);
1264 *s
= eat_whitespace_no_nl(next
);
1265 while (**s
!= '\n' && !done
) {
1266 next
= find_whitespace(*s
);
1269 if (i
== allocated
) {
1271 tok
->args
= tor_realloc(tok
->args
,sizeof(char*)*allocated
);
1273 tok
->args
[i
++] = tor_strndup(*s
,next
-*s
);
1274 *s
= eat_whitespace_no_nl(next
+1);
1277 } else if (a_syn
== CONCAT_ARGS
) {
1278 /* The keyword takes the line as a single argument */
1279 *s
= eat_whitespace_no_nl(next
);
1280 next
= strchr(*s
, '\n');
1282 RET_ERR("Unexpected EOF");
1283 tok
->args
= tor_malloc(sizeof(char*));
1284 tok
->args
[0] = tor_strndup(*s
,next
-*s
);
1286 *s
= eat_whitespace_no_nl(next
+1);
1288 /* The keyword takes no arguments. */
1289 tor_assert(a_syn
== NO_ARGS
);
1290 *s
= eat_whitespace_no_nl(next
);
1292 RET_ERR("Unexpected arguments");
1295 *s
= eat_whitespace_no_nl(*s
+1);
1300 if (tok
->tp
== _ERR
) {
1303 *s
= eat_whitespace_no_nl(next
);
1304 next
= strchr(*s
,'\n');
1306 RET_ERR("Unexpected EOF");
1307 tok
->args
= tor_malloc(sizeof(char*));
1308 tok
->args
[0] = tor_strndup(*s
,next
-*s
);
1310 *s
= eat_whitespace_no_nl(next
+1);
1313 tok
->tp
= _UNRECOGNIZED
;
1314 next
= strchr(*s
, '\n');
1316 RET_ERR("Unexpected EOF");
1318 tok
->args
= tor_malloc(sizeof(char*));
1319 tok
->args
[0] = tor_strndup(*s
,next
-*s
);
1325 *s
= eat_whitespace(*s
);
1326 if (strcmpstart(*s
, "-----BEGIN ")) {
1327 goto done_tokenizing
;
1330 *s
+= 11; /* length of "-----BEGIN ". */
1331 next
= strchr(*s
, '\n');
1332 if (next
-*s
< 6 || strcmpstart(next
-5, "-----\n")) {
1333 RET_ERR("Malformed object: bad begin line");
1335 tok
->object_type
= tor_strndup(*s
, next
-*s
-5);
1337 next
= strstr(*s
, "-----END ");
1339 RET_ERR("Malformed object: missing end line");
1341 if (!strcmp(tok
->object_type
, "RSA PUBLIC KEY")) {
1342 if (strcmpstart(next
, "-----END RSA PUBLIC KEY-----\n"))
1343 RET_ERR("Malformed object: mismatched end line");
1344 next
= strchr(next
,'\n')+1;
1345 tok
->key
= crypto_new_pk_env();
1346 if (crypto_pk_read_public_key_from_string(tok
->key
, obstart
, next
-obstart
))
1347 RET_ERR("Couldn't parse public key.");
1350 tok
->object_body
= tor_malloc(next
-*s
); /* really, this is too much RAM. */
1351 i
= base64_decode(tok
->object_body
, 256, *s
, next
-*s
);
1353 RET_ERR("Malformed object: bad base64-encoded data");
1355 tok
->object_size
= i
;
1356 *s
= next
+ 9; /* length of "-----END ". */
1357 i
= strlen(tok
->object_type
);
1358 if (strncmp(*s
, tok
->object_type
, i
) || strcmpstart(*s
+i
, "-----\n")) {
1359 RET_ERR("Malformed object: mismatched end tag");
1366 if (tok
->object_body
)
1367 RET_ERR("Unexpected object for keyword");
1369 RET_ERR("Unexpected public key for keyword");
1372 if (!tok
->object_body
)
1373 RET_ERR("Missing object for keyword");
1377 RET_ERR("Missing public key for keyword");
1386 for (i
= 0; token_table
[i
].t
; ++i
) {
1387 if (token_table
[i
].v
== tok
->tp
) {
1388 fputs(token_table
[i
].t
, stdout
);
1394 if (tok
->tp
== _UNRECOGNIZED
) fputs("UNRECOGNIZED", stdout
);
1395 if (tok
->tp
== _ERR
) fputs("ERR",stdout
);
1396 if (tok
->tp
== _EOF
) fputs("EOF",stdout
);
1397 if (tok
->tp
== _NIL
) fputs("_NIL",stdout
);
1399 for (i
= 0; i
< tok
->n_args
; ++i
) {
1400 fprintf(stdout
," \"%s\"", tok
->args
[i
]);
1402 if (tok
->error
) { fprintf(stdout
," *%s*", tok
->error
); }
1410 /** Read all tokens from a string between <b>start</b> and <b>end</b>, and add
1411 * them to <b>out</b>. If <b>is_dir</b> is true, reject all non-directory
1412 * tokens; else reject all non-routerdescriptor tokens.
1415 tokenize_string(const char *start
, const char *end
, smartlist_t
*out
,
1419 directory_token_t
*tok
= NULL
;
1420 where_syntax where
= is_dir
? DIR_ONLY
: RTR_ONLY
;
1422 while (*s
< end
&& (!tok
|| tok
->tp
!= _EOF
)) {
1423 tok
= get_next_token(s
, where
);
1424 if (tok
->tp
== _ERR
) {
1425 log_fn(LOG_WARN
, "parse error: %s", tok
->error
);
1428 smartlist_add(out
, tok
);
1429 *s
= eat_whitespace(*s
);
1435 /** Find the first token in <b>s</b> whose keyword is <b>keyword</b>; return
1436 * NULL if no such keyword is found.
1438 static directory_token_t
*
1439 find_first_by_keyword(smartlist_t
*s
, directory_keyword keyword
)
1441 SMARTLIST_FOREACH(s
, directory_token_t
*, t
, if (t
->tp
== keyword
) return t
);
1445 /** Return a newly allocated smartlist of all accept or reject tokens in
1448 static smartlist_t
*
1449 find_all_exitpolicy(smartlist_t
*s
)
1451 smartlist_t
*out
= smartlist_create();
1452 SMARTLIST_FOREACH(s
, directory_token_t
*, t
,
1453 if (t
->tp
== K_ACCEPT
|| t
->tp
== K_REJECT
)
1454 smartlist_add(out
,t
));
1458 /** Compute the SHA digest of the substring of <b>s</b> taken from the first
1459 * occurrence of <b>start_str</b> through the first newline after the first
1460 * subsequent occurrence of <b>end_str</b>; store the 20-byte result in
1461 * <b>digest</b>; return 0 on success.
1463 * If no such substring exists, return -1.
1465 static int router_get_hash_impl(const char *s
, char *digest
,
1466 const char *start_str
,
1467 const char *end_str
)
1470 start
= strstr(s
, start_str
);
1472 log_fn(LOG_WARN
,"couldn't find \"%s\"",start_str
);
1475 if (start
!= s
&& *(start
-1) != '\n') {
1476 log_fn(LOG_WARN
, "first occurrence of \"%s\" is not at the start of a line",
1480 end
= strstr(start
+strlen(start_str
), end_str
);
1482 log_fn(LOG_WARN
,"couldn't find \"%s\"",end_str
);
1485 end
= strchr(end
+strlen(end_str
), '\n');
1487 log_fn(LOG_WARN
,"couldn't find EOL");
1492 if (crypto_digest(digest
, start
, end
-start
)) {
1493 log_fn(LOG_WARN
,"couldn't compute digest");
1500 /** Parse the Tor version of the platform string <b>platform</b>,
1501 * and compare it to the version in <b>cutoff</b>. Return 1 if
1502 * the router is at least as new as the cutoff, else return 0.
1504 int tor_version_as_new_as(const char *platform
, const char *cutoff
) {
1505 tor_version_t cutoff_version
, router_version
;
1509 if (tor_version_parse(cutoff
, &cutoff_version
)<0) {
1510 log_fn(LOG_WARN
,"Bug: cutoff version '%s' unparseable.",cutoff
);
1513 if (strcmpstart(platform
,"Tor ")) /* nonstandard Tor; be safe and say yes */
1516 start
= (char *)eat_whitespace(platform
+3);
1517 if (!*start
) return 0;
1518 s
= (char *)find_whitespace(start
); /* also finds '\0', which is fine */
1519 if ((size_t)(s
-start
+1) >= sizeof(tmp
)) /* too big, no */
1521 strlcpy(tmp
, start
, s
-start
+1);
1523 if (tor_version_parse(tmp
, &router_version
)<0) {
1524 log_fn(LOG_INFO
,"Router version '%s' unparseable.",tmp
);
1525 return 1; /* be safe and say yes */
1528 return tor_version_compare(&router_version
, &cutoff_version
) >= 0;
1531 /** Parse a tor version from <b>s</b>, and store the result in <b>out</b>.
1532 * Return 0 on success, -1 on failure. */
1533 int tor_version_parse(const char *s
, tor_version_t
*out
)
1535 char *eos
=NULL
, *cp
=NULL
;
1537 * "Tor " ? NUM dot NUM dot NUM [ ( pre | rc | dot ) NUM [ -cvs ] ]
1542 memset(out
, 0, sizeof(tor_version_t
));
1544 if (!strcasecmpstart(s
, "Tor "))
1548 out
->major
= strtol(s
,&eos
,10);
1549 if (!eos
|| eos
==s
|| *eos
!= '.') return -1;
1553 out
->minor
= strtol(cp
,&eos
,10);
1554 if (!eos
|| eos
==cp
|| *eos
!= '.') return -1;
1558 out
->micro
= strtol(cp
,&eos
,10);
1559 if (!eos
|| eos
==cp
) return -1;
1561 out
->status
= VER_RELEASE
;
1562 out
->patchlevel
= 0;
1563 out
->cvs
= IS_NOT_CVS
;
1570 out
->status
= VER_RELEASE
;
1572 } else if (0==strncmp(cp
, "pre", 3)) {
1573 out
->status
= VER_PRE
;
1575 } else if (0==strncmp(cp
, "rc", 2)) {
1576 out
->status
= VER_RC
;
1582 /* Get patchlevel */
1583 out
->patchlevel
= strtol(cp
,&eos
,10);
1584 if (!eos
|| eos
==cp
) return -1;
1587 /* Get cvs status and status tag. */
1588 if (*cp
== '-' || *cp
== '.')
1590 strlcpy(out
->status_tag
, cp
, sizeof(out
->status_tag
));
1591 if (0==strcmp(cp
, "cvs")) {
1594 out
->cvs
= IS_NOT_CVS
;
1600 /** Compare two tor versions; Return <0 if a < b; 0 if a ==b, >0 if a >
1602 int tor_version_compare(tor_version_t
*a
, tor_version_t
*b
)
1607 if ((i
= a
->major
- b
->major
))
1609 else if ((i
= a
->minor
- b
->minor
))
1611 else if ((i
= a
->micro
- b
->micro
))
1613 else if ((i
= a
->status
- b
->status
))
1615 else if ((i
= a
->patchlevel
- b
->patchlevel
))
1618 if (a
->major
> 0 || a
->minor
> 0) {
1619 return strcmp(a
->status_tag
, b
->status_tag
);
1621 return (a
->cvs
- b
->cvs
);
1626 tor_version_same_series(tor_version_t
*a
, tor_version_t
*b
)
1630 return ((a
->major
== b
->major
) &&
1631 (a
->minor
== b
->minor
) &&
1632 (a
->micro
== b
->micro
));