July 2015 - tor-commits - lists.torproject.org

[tor/master] Merge branches 'feature_16582' and 'feature_16581'
by nickm＠torproject.org 15 Jul '15

15 Jul '15

commit 7bd5212ddccf12fbb0ee2ea50b73604886b499f5 Merge: a65e835 c4ab8f7 3fcb74e Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Jul 15 11:05:33 2015 -0400 Merge branches 'feature_16582' and 'feature_16581' src/common/crypto_curve25519.c | 21 ++++++-- src/common/crypto_ed25519.c | 18 ++++--- src/common/util.c | 14 ++++- src/or/routerkeys.c | 111 ++++++++++++++++++++++++++++++++++------ src/or/routerkeys.h | 1 + src/or/torcert.c | 9 ++-- 6 files changed, 142 insertions(+), 32 deletions(-) diff --cc src/or/routerkeys.c index d075c67,c9afad9,d38b5a3..955cb9c --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@@@ -178,10 -191,15 -187,13 +191,17 @@@@ ed_key_init_from_file(const char *fname char *encrypted_secret_fname = NULL; char *public_fname = NULL; char *cert_fname = NULL; ++ const char *loaded_secret_fname = NULL; int created_pk = 0, created_sk = 0, created_cert = 0; const int try_to_load = ! (flags & INIT_ED_KEY_REPLACE); -- const int encrypt_key = (flags & INIT_ED_KEY_TRY_ENCRYPTED); - const int norepair = (flags & INIT_ED_KEY_NO_REPAIR); ++ const int encrypt_key = !! (flags & INIT_ED_KEY_TRY_ENCRYPTED); ++ const int norepair = !! (flags & INIT_ED_KEY_NO_REPAIR); ++ const int split = !! (flags & INIT_ED_KEY_SPLIT); + + + /* we don't support setting both of these flags at once. */ + + tor_assert((flags & (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)) != + + (INIT_ED_KEY_NO_REPAIR|INIT_ED_KEY_NEEDCERT)); + char tag[8]; tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type); @@@@ -195,10 -213,21 -207,22 +215,22 @@@@ tor_asprintf(&cert_fname, "%s_cert", fname); /* Try to read the secret key. */ - int have_secret = try_to_load && - !(flags & INIT_ED_KEY_OMIT_SECRET) && - ed25519_seckey_read_from_file(&keypair->seckey, - &got_tag, secret_fname) == 0; + int have_secret = 0; + if (try_to_load && + !(flags & INIT_ED_KEY_OMIT_SECRET)) { + int rv = ed25519_seckey_read_from_file(&keypair->seckey, + &got_tag, secret_fname); + if (rv == 0) { + have_secret = 1; ++ loaded_secret_fname = secret_fname; + } else { + if (errno != ENOENT && norepair) { + tor_log(severity, LD_OR, "Unable to read %s: %s", secret_fname, + strerror(errno)); + goto err; + } + } + } /* Should we try for an encrypted key? */ if (!have_secret && try_to_load && encrypt_key) { @@@@ -207,6 -236,10 -231,11 +239,11 @@@@ if (r > 0) { have_secret = 1; got_tag = tor_strdup(tag); ++ loaded_secret_fname = encrypted_secret_fname; + } else if (errno != ENOENT && norepair) { + tor_log(severity, LD_OR, "Unable to read %s: %s", encrypted_secret_fname, + strerror(errno)); + goto err; } } @@@@ -222,12 -255,17 -252,19 +260,19 @@@@ } } -- /* If it's absent and that's okay, try to read the pubkey. */ ++ /* If it's absent and that's okay, or if we do split keys here, try to re ++ * the pubkey. */ int found_public = 0; -- if (!have_secret && try_to_load) { ++ if ((!have_secret && try_to_load) || (have_secret && split)) { ++ ed25519_public_key_t pubkey_tmp; tor_free(got_tag); -- found_public = ed25519_pubkey_read_from_file(&keypair->pubkey, ++ found_public = ed25519_pubkey_read_from_file(&pubkey_tmp, &got_tag, public_fname) == 0; + if (!found_public && errno != ENOENT && norepair) { + tor_log(severity, LD_OR, "Unable to read %s: %s", public_fname, + strerror(errno)); + goto err; + } if (found_public && strcmp(got_tag, tag)) { tor_log(severity, LD_OR, "%s has wrong tag", public_fname); goto err;

1 0

[tor/master] Make file-reading and key-reading preserve errno
by nickm＠torproject.org 15 Jul '15

15 Jul '15

commit b566cb9e84b095289a1c662e953218c9a7d1f77d Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jul 14 10:18:52 2015 -0400 Make file-reading and key-reading preserve errno This is an important part of #16582. --- src/common/crypto_curve25519.c | 21 ++++++++++++++++----- src/common/util.c | 5 +++++ 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c index 80b0d88..113ac89 100644 --- a/src/common/crypto_curve25519.c +++ b/src/common/crypto_curve25519.c @@ -201,7 +201,7 @@ crypto_write_tagged_contents_to_file(const char *fname, * <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the * typestring matches <b>typestring</b>; store the tag into a newly allocated * string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of - * data on success. */ + * data on success. Preserves the errno from reading the file. */ ssize_t crypto_read_tagged_contents_from_file(const char *fname, const char *typestring, @@ -214,27 +214,36 @@ crypto_read_tagged_contents_from_file(const char *fname, struct stat st; ssize_t r = -1; size_t st_size = 0; + int saved_errno = 0; *tag_out = NULL; st.st_size = 0; content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st); - if (! content) + if (! content) { + saved_errno = errno; goto end; - if (st.st_size < 32 || st.st_size > 32 + data_out_len) + } + if (st.st_size < 32 || st.st_size > 32 + data_out_len) { + saved_errno = EINVAL; goto end; + } st_size = (size_t)st.st_size; memcpy(prefix, content, 32); prefix[32] = 0; /* Check type, extract tag. */ if (strcmpstart(prefix, "== ") || strcmpend(prefix, " ==") || - ! tor_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix))) + ! tor_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix))) { + saved_errno = EINVAL; goto end; + } if (strcmpstart(prefix+3, typestring) || 3+strlen(typestring) >= 32 || - strcmpstart(prefix+3+strlen(typestring), ": ")) + strcmpstart(prefix+3+strlen(typestring), ": ")) { + saved_errno = EINVAL; goto end; + } *tag_out = tor_strndup(prefix+5+strlen(typestring), strlen(prefix)-8-strlen(typestring)); @@ -246,6 +255,8 @@ crypto_read_tagged_contents_from_file(const char *fname, if (content) memwipe(content, 0, st_size); tor_free(content); + if (saved_errno) + errno = saved_errno; return r; } diff --git a/src/common/util.c b/src/common/util.c index 4490150..a140057 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -2571,7 +2571,9 @@ read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out) string = tor_realloc(string, string_max); r = read(fd, string + pos, string_max - pos - 1); if (r < 0) { + int save_errno = errno; tor_free(string); + errno = save_errno; return NULL; } @@ -2639,11 +2641,14 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out) if (S_ISFIFO(statbuf.st_mode)) { size_t sz = 0; string = read_file_to_str_until_eof(fd, FIFO_READ_MAX, &sz); + int save_errno = errno; if (string && stat_out) { statbuf.st_size = sz; memcpy(stat_out, &statbuf, sizeof(struct stat)); } close(fd); + if (!string) + errno = save_errno; return string; } #endif

1 0

[tor/master] Preserve errno when loading encrypted ed25519 keys.
by nickm＠torproject.org 15 Jul '15

15 Jul '15

commit 0a6997d78bdbf485f42acfa95558a91db3381d70 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jul 14 10:23:07 2015 -0400 Preserve errno when loading encrypted ed25519 keys. --- src/or/routerkeys.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index d075c67..97a586d 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -21,6 +21,7 @@ read_encrypted_secret_key(ed25519_secret_key_t *out, char pwbuf[256]; uint8_t encrypted_key[256]; char *tag = NULL; + int saved_errno = 0; ssize_t encrypted_len = crypto_read_tagged_contents_from_file(fname, ENC_KEY_HEADER, @@ -28,6 +29,7 @@ read_encrypted_secret_key(ed25519_secret_key_t *out, encrypted_key, sizeof(encrypted_key)); if (encrypted_len < 0) { + saved_errno = errno; log_info(LD_OR, "%s is missing", fname); r = 0; goto done; @@ -46,6 +48,7 @@ read_encrypted_secret_key(ed25519_secret_key_t *out, pwbuf, pwlen); if (r == UNPWBOX_CORRUPTED) { log_err(LD_OR, "%s is corrupted.", fname); + saved_errno = EINVAL; goto done; } else if (r == UNPWBOX_OKAY) { break; @@ -57,6 +60,7 @@ read_encrypted_secret_key(ed25519_secret_key_t *out, if (secret_len != ED25519_SECKEY_LEN) { log_err(LD_OR, "%s is corrupted.", fname); + saved_errno = EINVAL; goto done; } memcpy(out->seckey, secret, ED25519_SECKEY_LEN); @@ -70,6 +74,8 @@ read_encrypted_secret_key(ed25519_secret_key_t *out, memwipe(secret, 0, secret_len); tor_free(secret); } + if (saved_errno) + errno = saved_errno; return r; }

1 0

[tor/master] If loading an ed25519 master key fails with errno != ENOENT, give up.
by nickm＠torproject.org 15 Jul '15

15 Jul '15

commit 5e8edba3d80bf53e5e5c09c8a87e06d0c69e00b7 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jul 14 10:36:39 2015 -0400 If loading an ed25519 master key fails with errno != ENOENT, give up. This implements feature 16582: if we get EMFILE or something when loading our master key, we should not at that point attempt to overwrite it. --- src/or/routerkeys.c | 36 ++++++++++++++++++++++++++++++------ src/or/routerkeys.h | 1 + 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 97a586d..946c48b 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -166,10 +166,13 @@ write_secret_key(const ed25519_secret_key_t *key, int encrypted, * public key file but no secret key file, return successfully anyway. * * If INIT_ED_KEY_OMIT_SECRET is set in <b>flags</b>, do not even try to - * load or return a secret key (but create and save on if needed). + * load or return a secret key (but create and save one if needed). * * If INIT_ED_KEY_TRY_ENCRYPTED is set, we look for an encrypted secret key * and consider encrypting any new secret key. + * + * If INIT_ED_KEY_NO_REPAIR is set, and there is any issue loading the keys + * from disk _other than their absence_, we do not try to replace them. */ ed25519_keypair_t * ed_key_init_from_file(const char *fname, uint32_t flags, @@ -187,6 +190,7 @@ ed_key_init_from_file(const char *fname, uint32_t flags, int created_pk = 0, created_sk = 0, created_cert = 0; const int try_to_load = ! (flags & INIT_ED_KEY_REPLACE); const int encrypt_key = (flags & INIT_ED_KEY_TRY_ENCRYPTED); + const int norepair = (flags & INIT_ED_KEY_NO_REPAIR); char tag[8]; tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type); @@ -201,10 +205,21 @@ ed_key_init_from_file(const char *fname, uint32_t flags, tor_asprintf(&cert_fname, "%s_cert", fname); /* Try to read the secret key. */ - int have_secret = try_to_load && - !(flags & INIT_ED_KEY_OMIT_SECRET) && - ed25519_seckey_read_from_file(&keypair->seckey, - &got_tag, secret_fname) == 0; + int have_secret = 0; + if (try_to_load && + !(flags & INIT_ED_KEY_OMIT_SECRET)) { + int rv = ed25519_seckey_read_from_file(&keypair->seckey, + &got_tag, secret_fname); + if (rv == 0) { + have_secret = 1; + } else { + if (errno != ENOENT && norepair) { + tor_log(severity, LD_OR, "Unable to read %s: %s", secret_fname, + strerror(errno)); + goto err; + } + } + } /* Should we try for an encrypted key? */ if (!have_secret && try_to_load && encrypt_key) { @@ -213,6 +228,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags, if (r > 0) { have_secret = 1; got_tag = tor_strdup(tag); + } else if (errno != ENOENT && norepair) { + tor_log(severity, LD_OR, "Unable to read %s: %s", encrypted_secret_fname, + strerror(errno)); + goto err; } } @@ -234,6 +253,11 @@ ed_key_init_from_file(const char *fname, uint32_t flags, tor_free(got_tag); found_public = ed25519_pubkey_read_from_file(&keypair->pubkey, &got_tag, public_fname) == 0; + if (!found_public && errno != ENOENT && norepair) { + tor_log(severity, LD_OR, "Unable to read %s: %s", public_fname, + strerror(errno)); + goto err; + } if (found_public && strcmp(got_tag, tag)) { tor_log(severity, LD_OR, "%s has wrong tag", public_fname); goto err; @@ -486,7 +510,7 @@ load_ed_keys(const or_options_t *options, time_t now) { uint32_t flags = (INIT_ED_KEY_CREATE|INIT_ED_KEY_SPLIT| - INIT_ED_KEY_EXTRA_STRONG); + INIT_ED_KEY_EXTRA_STRONG|INIT_ED_KEY_NO_REPAIR); if (! need_new_signing_key) flags |= INIT_ED_KEY_MISSING_SECRET_OK; if (! want_new_signing_key) diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h index 1e0199e..9b93358 100644 --- a/src/or/routerkeys.h +++ b/src/or/routerkeys.h @@ -15,6 +15,7 @@ #define INIT_ED_KEY_INCLUDE_SIGNING_KEY_IN_CERT (1u<<6) #define INIT_ED_KEY_OMIT_SECRET (1u<<7) #define INIT_ED_KEY_TRY_ENCRYPTED (1u<<8) +#define INIT_ED_KEY_NO_REPAIR (1u<<9) struct tor_cert_st; ed25519_keypair_t *ed_key_init_from_file(const char *fname, uint32_t flags,

1 0

[tor/master] Do more consistency checks in ed_key_init_from_file()
by nickm＠torproject.org 15 Jul '15

15 Jul '15

commit 13603265888d1e34b7a1ab8d83a361c0e9c34684 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Jul 14 11:10:13 2015 -0400 Do more consistency checks in ed_key_init_from_file() When there is a signing key and the certificate lists a key, make sure that the certificate lists the same signing key. When there are public key and secret key stored in separate files, make sure they match. Use the right file name when we load an encrypted secret key and then find a problem with it. This is part of 16581. --- src/or/routerkeys.c | 40 ++++++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c index 946c48b..81fa115 100644 --- a/src/or/routerkeys.c +++ b/src/or/routerkeys.c @@ -187,10 +187,12 @@ ed_key_init_from_file(const char *fname, uint32_t flags, char *encrypted_secret_fname = NULL; char *public_fname = NULL; char *cert_fname = NULL; + const char *loaded_secret_fname = NULL; int created_pk = 0, created_sk = 0, created_cert = 0; const int try_to_load = ! (flags & INIT_ED_KEY_REPLACE); - const int encrypt_key = (flags & INIT_ED_KEY_TRY_ENCRYPTED); - const int norepair = (flags & INIT_ED_KEY_NO_REPAIR); + const int encrypt_key = !! (flags & INIT_ED_KEY_TRY_ENCRYPTED); + const int norepair = !! (flags & INIT_ED_KEY_NO_REPAIR); + const int split = !! (flags & INIT_ED_KEY_SPLIT); char tag[8]; tor_snprintf(tag, sizeof(tag), "type%d", (int)cert_type); @@ -212,6 +214,7 @@ ed_key_init_from_file(const char *fname, uint32_t flags, &got_tag, secret_fname); if (rv == 0) { have_secret = 1; + loaded_secret_fname = secret_fname; } else { if (errno != ENOENT && norepair) { tor_log(severity, LD_OR, "Unable to read %s: %s", secret_fname, @@ -228,6 +231,7 @@ ed_key_init_from_file(const char *fname, uint32_t flags, if (r > 0) { have_secret = 1; got_tag = tor_strdup(tag); + loaded_secret_fname = encrypted_secret_fname; } else if (errno != ENOENT && norepair) { tor_log(severity, LD_OR, "Unable to read %s: %s", encrypted_secret_fname, strerror(errno)); @@ -237,21 +241,24 @@ ed_key_init_from_file(const char *fname, uint32_t flags, if (have_secret) { if (strcmp(got_tag, tag)) { - tor_log(severity, LD_OR, "%s has wrong tag", secret_fname); + tor_log(severity, LD_OR, "%s has wrong tag", loaded_secret_fname); goto err; } /* Derive the public key */ if (ed25519_public_key_generate(&keypair->pubkey, &keypair->seckey)<0) { - tor_log(severity, LD_OR, "%s can't produce a public key", secret_fname); + tor_log(severity, LD_OR, "%s can't produce a public key", + loaded_secret_fname); goto err; } } - /* If it's absent and that's okay, try to read the pubkey. */ + /* If it's absent and that's okay, or if we do split keys here, try to re + * the pubkey. */ int found_public = 0; - if (!have_secret && try_to_load) { + if ((!have_secret && try_to_load) || (have_secret && split)) { + ed25519_public_key_t pubkey_tmp; tor_free(got_tag); - found_public = ed25519_pubkey_read_from_file(&keypair->pubkey, + found_public = ed25519_pubkey_read_from_file(&pubkey_tmp, &got_tag, public_fname) == 0; if (!found_public && errno != ENOENT && norepair) { tor_log(severity, LD_OR, "Unable to read %s: %s", public_fname, @@ -262,6 +269,20 @@ ed_key_init_from_file(const char *fname, uint32_t flags, tor_log(severity, LD_OR, "%s has wrong tag", public_fname); goto err; } + if (found_public) { + if (have_secret) { + /* If we have a secret key and we're reloading the public key, + * the key must match! */ + if (! ed25519_pubkey_eq(&keypair->pubkey, &pubkey_tmp)) { + tor_log(severity, LD_OR, "%s does not match %s!", + public_fname, loaded_secret_fname); + goto err; + } + } else { + tor_assert(split); + memcpy(&keypair->pubkey, &pubkey_tmp, sizeof(pubkey_tmp)); + } + } } /* If the secret key is absent and it's not allowed to be, fail. */ @@ -274,7 +295,6 @@ ed_key_init_from_file(const char *fname, uint32_t flags, /* if it's absent, make a new keypair and save it. */ if (!have_secret && !found_public) { - const int split = !! (flags & INIT_ED_KEY_SPLIT); tor_free(keypair); keypair = ed_key_new(signing_key, flags, now, lifetime, cert_type, &cert); @@ -328,6 +348,10 @@ ed_key_init_from_file(const char *fname, uint32_t flags, (signing_key || cert->cert_expired)) { tor_log(severity, LD_OR, "Can't check certificate"); bad_cert = 1; + } else if (signing_key && cert->signing_key_included && + ! ed25519_pubkey_eq(&signing_key->pubkey, &cert->signing_key)) { + tor_log(severity, LD_OR, "Certificate signed by unexpectd key!"); + bad_cert = 1; } if (bad_cert) {

1 0

[exonerator/master] Always display IPv6 addresses with brackets.
by karsten＠torproject.org 15 Jul '15

15 Jul '15

commit 3e394aab0fb108ea8d4336efbb9ed5ef349241df Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Wed Jul 15 10:07:46 2015 +0200 Always display IPv6 addresses with brackets. --- .../torproject/exonerator/ExoneraTorServlet.java | 42 +++++++++++++++----- 1 file changed, 31 insertions(+), 11 deletions(-) diff --git a/src/org/torproject/exonerator/ExoneraTorServlet.java b/src/org/torproject/exonerator/ExoneraTorServlet.java index 0232cf8..a8698ae 100644 --- a/src/org/torproject/exonerator/ExoneraTorServlet.java +++ b/src/org/torproject/exonerator/ExoneraTorServlet.java @@ -536,6 +536,14 @@ public class ExoneraTorServlet extends HttpServlet { private void writeForm(PrintWriter out, ResourceBundle rb, String relayIP, boolean relayIPHasError, String timestampStr, boolean timestampHasError) throws IOException { + String ipValue = ""; + if (relayIP != null && relayIP.length() > 0) { + if (relayIP.contains(":")) { + ipValue = String.format(" value=\"[%s]\"", relayIP); + } else { + ipValue = String.format(" value=\"%s\"", relayIP); + } + } out.printf("<div class=\"row\">\n" + "<div class=\"col-xs-12\">\n" + "<div class=\"text-center\">\n" @@ -560,8 +568,7 @@ public class ExoneraTorServlet extends HttpServlet { + "</div>\n", relayIPHasError ? " has-error" : "", rb.getString("form.ip.label"), - relayIP != null && relayIP.length() > 0 ? - " value=\"" + relayIP + "\"" : "", + ipValue, timestampHasError ? " has-error" : "", rb.getString("form.timestamp.label"), timestampStr != null && timestampStr.length() > 0 ? @@ -664,12 +671,17 @@ public class ExoneraTorServlet extends HttpServlet { Object[][] panelItems = new Object[addressesInSameNetwork.size()][]; for (int i = 0; i < addressesInSameNetwork.size(); i++) { String addressInSameNetwork = addressesInSameNetwork.get(i); - String link = String.format("/?ip=%s&timestamp=%s", - addressInSameNetwork.contains(":") - ? "[" + addressInSameNetwork.replaceAll(":", "%3A") + "]" - : addressInSameNetwork, - timestampStr); - panelItems[i] = new Object[] { link, addressInSameNetwork }; + String link, address; + if (addressInSameNetwork.contains(":")) { + link = String.format("/?ip=[%s]&timestamp=%s", + addressInSameNetwork.replaceAll(":", "%3A"), timestampStr); + address = "[" + addressInSameNetwork + "]"; + } else { + link = String.format("/?ip=%s&timestamp=%s", + addressInSameNetwork, timestampStr); + address = addressInSameNetwork; + } + panelItems[i] = new Object[] { link, address }; } this.writeSummary(out, rb.getString("summary.heading"), "panel-warning", @@ -680,16 +692,22 @@ public class ExoneraTorServlet extends HttpServlet { private void writeSummaryPositive(PrintWriter out, ResourceBundle rb, String relayIP, String timestampStr) throws IOException { + String formattedRelayIP = relayIP.contains(":") ? + "[" + relayIP + "]" : relayIP; this.writeSummary(out, rb.getString("summary.heading"), "panel-success", rb.getString("summary.positive.title"), null, - rb.getString("summary.positive.body"), relayIP, timestampStr); + rb.getString("summary.positive.body"), formattedRelayIP, + timestampStr); } private void writeSummaryNegative(PrintWriter out, ResourceBundle rb, String relayIP, String timestampStr) throws IOException { + String formattedRelayIP = relayIP.contains(":") ? + "[" + relayIP + "]" : relayIP; this.writeSummary(out, rb.getString("summary.heading"), "panel-warning", rb.getString("summary.negative.title"), null, - rb.getString("summary.negative.body"), relayIP, timestampStr); + rb.getString("summary.negative.body"), formattedRelayIP, + timestampStr); } private void writeSummary(PrintWriter out, String heading, @@ -722,6 +740,8 @@ public class ExoneraTorServlet extends HttpServlet { private void writeTechnicalDetails(PrintWriter out, ResourceBundle rb, String relayIP, String timestampStr, List<String[]> tableRows) throws IOException { + String formattedRelayIP = relayIP.contains(":") ? + "[" + relayIP + "]" : relayIP; out.printf("<div class=\"row\">\n" + "<div class=\"col-xs-12\">\n" + "<h2>%s</h2>\n" @@ -739,7 +759,7 @@ public class ExoneraTorServlet extends HttpServlet { + "<tbody>\n", rb.getString("technicaldetails.heading"), String.format(rb.getString("technicaldetails.pre"), - relayIP, timestampStr), + formattedRelayIP, timestampStr), rb.getString("technicaldetails.colheader.timestamp"), rb.getString("technicaldetails.colheader.ip"), rb.getString("technicaldetails.colheader.fingerprint"),

1 0

[exonerator/master] Avoid duplicating summary-writing code.
by karsten＠torproject.org 15 Jul '15

15 Jul '15

commit 1f059e3671a7db1e671a7d1e2196a0a3f6d98070 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Wed Jul 15 09:50:48 2015 +0200 Avoid duplicating summary-writing code. --- .../torproject/exonerator/ExoneraTorServlet.java | 278 ++++++-------------- 1 file changed, 85 insertions(+), 193 deletions(-) diff --git a/src/org/torproject/exonerator/ExoneraTorServlet.java b/src/org/torproject/exonerator/ExoneraTorServlet.java index e7e29fe..0232cf8 100644 --- a/src/org/torproject/exonerator/ExoneraTorServlet.java +++ b/src/org/torproject/exonerator/ExoneraTorServlet.java @@ -571,113 +571,53 @@ public class ExoneraTorServlet extends HttpServlet { private void writeSummaryUnableToConnectToDatabase(PrintWriter out, ResourceBundle rb) throws IOException { - out.printf("<div class=\"row\">\n" - + "<div class=\"col-xs-12\">\n" - + "<h2>%s</h2>\n" - + "<div class=\"panel panel-danger\">\n" - + "<div class=\"panel-heading\">\n" - + "<h3 class=\"panel-title\">%s</h3>\n" - + "</div>\n" - + "<div class=\"panel-body\">\n" - + "%s\n" - + "</div>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n", - rb.getString("summary.heading"), - rb.getString("summary.serverproblem.dbnoconnect.title"), - String.format( - rb.getString("summary.serverproblem.dbnoconnect.body.text"), - "<a href=\"https://www.torproject.org/about/contact\">" - + rb.getString("summary.serverproblem.dbnoconnect.body.link") - + "</a>")); + String contactLink = + "<a href=\"https://www.torproject.org/about/contact\">" + + rb.getString("summary.serverproblem.dbempty.body.link") + + "</a>"; + this.writeSummary(out, rb.getString("summary.heading"), + "panel-danger", + rb.getString("summary.serverproblem.dbnoconnect.title"), null, + rb.getString("summary.serverproblem.dbnoconnect.body.text"), + contactLink); } private void writeSummaryNoData(PrintWriter out, ResourceBundle rb) throws IOException { - out.printf("<div class=\"row\">\n" - + "<div class=\"col-xs-12\">\n" - + "<h2>%s</h2>\n" - + "<div class=\"panel panel-danger\">\n" - + "<div class=\"panel-heading\">\n" - + "<h3 class=\"panel-title\">%s</h3>\n" - + "</div>\n" - + "<div class=\"panel-body\">\n" - + "%s\n" - + "</div>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n", - rb.getString("summary.heading"), - rb.getString("summary.serverproblem.dbempty.title"), - String.format( - rb.getString("summary.serverproblem.dbempty.body.text"), - "<a href=\"https://www.torproject.org/about/contact\">" - + rb.getString("summary.serverproblem.dbempty.body.link") - + "</a>")); + String contactLink = + "<a href=\"https://www.torproject.org/about/contact\">" + + rb.getString("summary.serverproblem.dbempty.body.link") + + "</a>"; + this.writeSummary(out, rb.getString("summary.heading"), + "panel-danger", + rb.getString("summary.serverproblem.dbempty.title"), null, + rb.getString("summary.serverproblem.dbempty.body.text"), + contactLink); } private void writeSummaryNoTimestamp(PrintWriter out, ResourceBundle rb) throws IOException { - out.printf("<div class=\"row\">\n" - + "<div class=\"col-xs-12\">\n" - + "<h2>%s</h2>\n" - + "<div class=\"panel panel-danger\">\n" - + "<div class=\"panel-heading\">\n" - + "<h3 class=\"panel-title\">%s</h3>\n" - + "</div>\n" - + "<div class=\"panel-body\">\n" - + "%s\n" - + "</div>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n", - rb.getString("summary.heading"), - rb.getString("summary.invalidparams.notimestamp.title"), + this.writeSummary(out, rb.getString("summary.heading"), + "panel-danger", + rb.getString("summary.invalidparams.notimestamp.title"), null, rb.getString("summary.invalidparams.notimestamp.body")); } private void writeSummaryNoIp(PrintWriter out, ResourceBundle rb) throws IOException { - out.printf("<div class=\"row\">\n" - + "<div class=\"col-xs-12\">\n" - + "<h2>%s</h2>\n" - + "<div class=\"panel panel-danger\">\n" - + "<div class=\"panel-heading\">\n" - + "<h3 class=\"panel-title\">%s</h3>\n" - + "</div>\n" - + "<div class=\"panel-body\">\n" - + "%s\n" - + "</div>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n", - rb.getString("summary.heading"), - rb.getString("summary.invalidparams.noip.title"), - rb.getString("summary.invalidparams.noip.body")); + this.writeSummary(out, rb.getString("summary.heading"), + "panel-danger", rb.getString("summary.invalidparams.noip.title"), + null, rb.getString("summary.invalidparams.noip.body")); } private void writeSummaryTimestampOutsideRange(PrintWriter out, ResourceBundle rb, String timestampStr, String firstDate, String lastDate) throws IOException { - out.printf("<div class=\"row\">\n" - + "<div class=\"col-xs-12\">\n" - + "<h2>%s</h2>\n" - + "<div class=\"panel panel-danger\">\n" - + "<div class=\"panel-heading\">\n" - + "<h3 class=\"panel-title\">%s</h3>\n" - + "</div>\n" - + "<div class=\"panel-body\">\n" - + "%s\n" - + "</div>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n", - rb.getString("summary.heading"), - rb.getString("summary.invalidparams.timestamprange.title"), - String.format( - rb.getString("summary.invalidparams.timestamprange.body"), - timestampStr, firstDate, lastDate)); + this.writeSummary(out, rb.getString("summary.heading"), + "panel-danger", + rb.getString("summary.invalidparams.timestamprange.title"), null, + rb.getString("summary.invalidparams.timestamprange.body"), + timestampStr, firstDate, lastDate); } private void writeSummaryInvalidIp(PrintWriter out, ResourceBundle rb, @@ -685,24 +625,11 @@ public class ExoneraTorServlet extends HttpServlet { String escapedIpParameter = ipParameter.length() > 40 ? StringEscapeUtils.escapeHtml(ipParameter.substring(0, 40)) + "[...]" : StringEscapeUtils.escapeHtml(ipParameter); - out.printf("<div class=\"row\">\n" - + "<div class=\"col-xs-12\">\n" - + "<h2>%s</h2>\n" - + "<div class=\"panel panel-danger\">\n" - + "<div class=\"panel-heading\">\n" - + "<h3 class=\"panel-title\">%s</h3>\n" - + "</div>\n" - + "<div class=\"panel-body\">\n" - + "%s\n" - + "</div>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n", - rb.getString("summary.heading"), - rb.getString("summary.invalidparams.invalidip.title"), - String.format( - rb.getString("summary.invalidparams.invalidip.body"), - escapedIpParameter, "\"a.b.c.d\"", "\"[a:b:c:d:e:f:g:h]\"")); + this.writeSummary(out, rb.getString("summary.heading"), + "panel-danger", + rb.getString("summary.invalidparams.invalidip.title"), null, + rb.getString("summary.invalidparams.invalidip.body"), + escapedIpParameter, "\"a.b.c.d\"", "\"[a:b:c:d:e:f:g:h]\""); } private void writeSummaryInvalidTimestamp(PrintWriter out, @@ -711,120 +638,85 @@ public class ExoneraTorServlet extends HttpServlet { StringEscapeUtils.escapeHtml(timestampParameter. substring(0, 20)) + "[...]" : StringEscapeUtils.escapeHtml(timestampParameter); - out.printf("<div class=\"row\">\n" - + "<div class=\"col-xs-12\">\n" - + "<h2>%s</h2>\n" - + "<div class=\"panel panel-danger\">\n" - + "<div class=\"panel-heading\">\n" - + "<h3 class=\"panel-title\">%s</h3>\n" - + "</div>\n" - + "<div class=\"panel-body\">\n" - + "%s\n" - + "</div>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n", - rb.getString("summary.heading"), + this.writeSummary(out, rb.getString("summary.heading"), + "panel-danger", rb.getString("summary.invalidparams.invalidtimestamp.title"), - String.format( - rb.getString("summary.invalidparams.invalidtimestamp.body"), - escapedTimestampParameter, "\"YYYY-MM-DD\"")); + null, rb.getString("summary.invalidparams.invalidtimestamp.body"), + escapedTimestampParameter, "\"YYYY-MM-DD\""); } private void writeSummaryNoDataForThisInterval(PrintWriter out, ResourceBundle rb) throws IOException { - out.printf("<div class=\"row\">\n" - + "<div class=\"col-xs-12\">\n" - + "<h2>%s</h2>\n" - + "<div class=\"panel panel-danger\">\n" - + "<div class=\"panel-heading\">\n" - + "<h3 class=\"panel-title\">%s</h3>\n" - + "</div>\n" - + "<div class=\"panel-body\">\n" - + "%s\n" - + "</div>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n", - rb.getString("summary.heading"), - rb.getString("summary.serverproblem.nodata.title"), - String.format( - rb.getString("summary.serverproblem.nodata.body.text"), - "<a href=\"https://www.torproject.org/about/contact\">" - + rb.getString("summary.serverproblem.nodata.body.link") - + "</a>")); + String contactLink = + "<a href=\"https://www.torproject.org/about/contact\">" + + rb.getString("summary.serverproblem.dbempty.body.link") + + "</a>"; + this.writeSummary(out, rb.getString("summary.heading"), + "panel-danger", + rb.getString("summary.serverproblem.nodata.title"), null, + rb.getString("summary.serverproblem.nodata.body.text"), + contactLink); } private void writeSummaryAddressesInSameNetwork(PrintWriter out, ResourceBundle rb, String relayIP, String timestampStr, List<String> addressesInSameNetwork) throws IOException { - out.printf("<div class=\"row\">\n" - + "<div class=\"col-xs-12\">\n" - + "<h2>%s</h2>\n" - + "<div class=\"panel panel-warning\">\n" - + "<div class=\"panel-heading\">\n" - + "<h3 class=\"panel-title\">%s</h3>\n" - + "</div>\n" - + "<div class=\"panel-body\">\n" - + "<p>%s</p>\n" - + "<ul>\n", - rb.getString("summary.heading"), - rb.getString("summary.negativesamenetwork.title"), - String.format( - rb.getString("summary.negativesamenetwork.body"), - relayIP, timestampStr, relayIP.contains(":") ? 48 : 24)); - for (String s : addressesInSameNetwork) { - out.printf("<li><a href=\"/?ip=%s&timestamp=%s\">%s</a></li>\n", - s.contains(":") ? "[" + s.replaceAll(":", "%3A") + "]" : s, - timestampStr, s); + Object[][] panelItems = new Object[addressesInSameNetwork.size()][]; + for (int i = 0; i < addressesInSameNetwork.size(); i++) { + String addressInSameNetwork = addressesInSameNetwork.get(i); + String link = String.format("/?ip=%s&timestamp=%s", + addressInSameNetwork.contains(":") + ? "[" + addressInSameNetwork.replaceAll(":", "%3A") + "]" + : addressInSameNetwork, + timestampStr); + panelItems[i] = new Object[] { link, addressInSameNetwork }; } - out.print("</ul>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n"); + this.writeSummary(out, rb.getString("summary.heading"), + "panel-warning", + rb.getString("summary.negativesamenetwork.title"), panelItems, + rb.getString("summary.negativesamenetwork.body"), + relayIP, timestampStr, relayIP.contains(":") ? 48 : 24); } private void writeSummaryPositive(PrintWriter out, ResourceBundle rb, String relayIP, String timestampStr) throws IOException { - out.printf("<div class=\"row\">\n" - + "<div class=\"col-xs-12\">\n" - + "<h2>%s</h2>\n" - + "<div class=\"panel panel-success\">\n" - + "<div class=\"panel-heading\">\n" - + "<h3 class=\"panel-title\">%s</h3>\n" - + "</div>\n" - + "<div class=\"panel-body\">\n" - + "%s\n" - + "</div>\n" - + "</div>\n" - + "</div>\n" - + "</div>\n", - rb.getString("summary.heading"), - rb.getString("summary.positive.title"), - String.format(rb.getString("summary.positive.body"), - relayIP, timestampStr)); + this.writeSummary(out, rb.getString("summary.heading"), + "panel-success", rb.getString("summary.positive.title"), null, + rb.getString("summary.positive.body"), relayIP, timestampStr); } private void writeSummaryNegative(PrintWriter out, ResourceBundle rb, String relayIP, String timestampStr) throws IOException { + this.writeSummary(out, rb.getString("summary.heading"), + "panel-warning", rb.getString("summary.negative.title"), null, + rb.getString("summary.negative.body"), relayIP, timestampStr); + } + + private void writeSummary(PrintWriter out, String heading, + String panelContext, String panelTitle, Object[][] panelItems, + String panelBodyTemplate, Object... panelBodyArgs) + throws IOException { out.printf("<div class=\"row\">\n" + "<div class=\"col-xs-12\">\n" + "<h2>%s</h2>\n" - + "<div class=\"panel panel-warning\">\n" + + "<div class=\"panel %s\">\n" + "<div class=\"panel-heading\">\n" + "<h3 class=\"panel-title\">%s</h3>\n" + "</div>\n" + "<div class=\"panel-body\">\n" - + "%s\n" - + "</div>\n" + + "<p>%s</p>\n", heading, panelContext, panelTitle, + String.format(panelBodyTemplate, panelBodyArgs)); + if (panelItems != null) { + out.print("<ul>\n"); + for (Object[] panelItem : panelItems) { + out.printf("<li><a href=\"%s\">%s</a></li>\n", panelItem); + } + out.print("</ul>\n"); + } + out.print("</div>\n" + "</div>\n" + "</div>\n" - + "</div>\n", - rb.getString("summary.heading"), - rb.getString("summary.negative.title"), - String.format(rb.getString("summary.negative.body"), - relayIP, timestampStr)); + + "</div>\n"); } private void writeTechnicalDetails(PrintWriter out, ResourceBundle rb,

1 0

[exonerator/master] Allow fingerprints to be wrapped.
by karsten＠torproject.org 15 Jul '15

15 Jul '15

commit 68c45492155eedb21125dce85fea6b1528ec8327 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Wed Jul 15 10:15:10 2015 +0200 Allow fingerprints to be wrapped. --- src/org/torproject/exonerator/ExoneraTorServlet.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/org/torproject/exonerator/ExoneraTorServlet.java b/src/org/torproject/exonerator/ExoneraTorServlet.java index a8698ae..7d87fd6 100644 --- a/src/org/torproject/exonerator/ExoneraTorServlet.java +++ b/src/org/torproject/exonerator/ExoneraTorServlet.java @@ -769,7 +769,10 @@ public class ExoneraTorServlet extends HttpServlet { out.print("<tr>"); for (int i = 0; i < tableRow.length; i++) { String content = tableRow[i]; - if (i == 3 && content == null) { + if (i == 2) { + content = content.substring(0, 20) + "" + + content.substring(20, 40); + } else if (i == 3 && content == null) { content = "(" + rb.getString("technicaldetails.nickname.unknown") + ")"; } else if (i == 4) {

1 0

[tor-messenger-build/master] Update registration form UI
by sukhbir＠torproject.org 15 Jul '15

15 Jul '15

commit e6b9533859e63fd47dcf89ca324c82f0e55b8d92 Author: Sukhbir Singh <sukhbir(a)torproject.org> Date: Wed Jul 15 04:58:43 2015 -0400 Update registration form UI --- projects/instantbird/xmpp-inband-registration.patch | 2 +- projects/instantbird/xmppRegister.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/instantbird/xmpp-inband-registration.patch b/projects/instantbird/xmpp-inband-registration.patch index f1b57ae..11f26ce 100644 --- a/projects/instantbird/xmpp-inband-registration.patch +++ b/projects/instantbird/xmpp-inband-registration.patch @@ -124,7 +124,7 @@ diff --git a/chat/protocols/xmpp/xmpp-session.jsm b/chat/protocols/xmpp/xmpp-ses + let ww = Cc["@mozilla.org/embedcomp/window-watcher;1"] + .getService(Ci.nsIWindowWatcher); + let win = ww.openWindow(null, registerWindow, "", -+ "centerscreen,chrome,modal,resizable=yes,minimizable=no", registerStanza); ++ "centerscreen,chrome,modal,minimizable=no", registerStanza); + } else { + this.onError(null, _("connection.error.noRegistrationSupport")); + return; diff --git a/projects/instantbird/xmppRegister.js b/projects/instantbird/xmppRegister.js index 003c45b..3b43ffb 100644 --- a/projects/instantbird/xmppRegister.js +++ b/projects/instantbird/xmppRegister.js @@ -103,7 +103,7 @@ let registerAccount = { this.rows.appendChild(ocrRow); let ocrBox = document.createElement("hbox"); - ocrBox.setAttribute("align", "center"); + ocrBox.setAttribute("flex", "1"); let spacer = document.createElement("spacer"); spacer.setAttribute("flex", "1");

1 0

[exonerator/master] Make changes suggested by Geoff Down and Jens Kubieziel.
by karsten＠torproject.org 15 Jul '15

15 Jul '15

commit e2685311489fdc46c941cef2a24cdcc4407e2ca3 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Wed Jul 15 08:16:06 2015 +0200 Make changes suggested by Geoff Down and Jens Kubieziel. --- res/ExoneraTor_de.properties | 4 ++-- src/org/torproject/exonerator/ExoneraTorServlet.java | 18 ++++++++++++------ 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/res/ExoneraTor_de.properties b/res/ExoneraTor_de.properties index ee9e362..4247ddd 100644 --- a/res/ExoneraTor_de.properties +++ b/res/ExoneraTor_de.properties @@ -22,11 +22,11 @@ summary.serverproblem.nodata.title=Server-Problem summary.serverproblem.nodata.body.text=Die Datenbank enthält keine Daten für das angegebene Datum. Bitte versuchen Sie es später noch einmal. Sollte dieses Problem weiterhin bestehen %s. summary.serverproblem.nodata.body.link=lassen Sie es uns bitte wissen summary.negativesamenetwork.title=Keine Übereinstimmungen gefunden -summary.negativesamenetwork.body=Es wurde kein Tor-Relay mit IP-Adresse %s am %s bzw. am Tag vorher oder nachher gefunden. Es wurden jedoch benachbarte IP-Adressen im selben /%d-Netzwerk an diesen Tagen gefunden: +summary.negativesamenetwork.body=Es wurde kein Tor-Relay mit der IP-Adresse %s am %s bzw. am Tag vorher oder nachher gefunden. Es wurden jedoch benachbarte IP-Adressen im selben /%d-Netzwerk an diesen Tagen gefunden: summary.positive.title=Übereinstimmungen gefunden summary.positive.body=Es wurde ein oder mehrere Tor-Relays mit IP-Adresse %s am %s bzw. am Tag vorher oder nachher gefunden, die den Tor-Clients bekannt waren. summary.negative.title=Keine Übereinstimmungen gefunden -summary.negative.body=Es wurde kein Tor-Relay mit IP-Adresse %s am %s bzw. am Tag vorher oder nachher gefunden. +summary.negative.body=Es wurde kein Tor-Relay mit der IP-Adresse %s am %s bzw. am Tag vorher oder nachher gefunden. technicaldetails.heading=Technische Details technicaldetails.pre=Es wird nach Tor-Relays mit IP-Adresse %s am %s bzw. am Tag vorher oder nachher gesucht. Tor-Clients konnten diese Tor-Relays verwenden, um Verbindungen aufzubauen. technicaldetails.colheader.timestamp=Datum/Uhrzeit (UTC) diff --git a/src/org/torproject/exonerator/ExoneraTorServlet.java b/src/org/torproject/exonerator/ExoneraTorServlet.java index a959bc8..e7e29fe 100644 --- a/src/org/torproject/exonerator/ExoneraTorServlet.java +++ b/src/org/torproject/exonerator/ExoneraTorServlet.java @@ -260,9 +260,10 @@ public class ExoneraTorServlet extends HttpServlet { /* Helper methods for handling the request. */ - private String parseIpParameter(String ipParameter) { + private String parseIpParameter(String passedIpParameter) { String relayIP = null; - if (ipParameter != null && ipParameter.length() > 0) { + if (passedIpParameter != null && passedIpParameter.length() > 0) { + String ipParameter = passedIpParameter.trim(); Pattern ipv4AddressPattern = Pattern.compile( "^([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\." + "([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\." + @@ -314,12 +315,15 @@ public class ExoneraTorServlet extends HttpServlet { return relayIP; } - private String parseTimestampParameter(String timestampParameter) { + private String parseTimestampParameter( + String passedTimestampParameter) { String timestampStr = ""; SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd"); dateFormat.setTimeZone(TimeZone.getTimeZone("UTC")); dateFormat.setLenient(false); - if (timestampParameter != null && timestampParameter.length() > 0) { + if (passedTimestampParameter != null && + passedTimestampParameter.length() > 0) { + String timestampParameter = passedTimestampParameter.trim(); try { long timestamp = dateFormat.parse(timestampParameter).getTime(); timestampStr = dateFormat.format(timestamp); @@ -696,7 +700,8 @@ public class ExoneraTorServlet extends HttpServlet { + "</div>\n", rb.getString("summary.heading"), rb.getString("summary.invalidparams.invalidip.title"), - String.format("summary.invalidparams.invalidip.body", + String.format( + rb.getString("summary.invalidparams.invalidip.body"), escapedIpParameter, "\"a.b.c.d\"", "\"[a:b:c:d:e:f:g:h]\"")); } @@ -721,7 +726,8 @@ public class ExoneraTorServlet extends HttpServlet { + "</div>\n", rb.getString("summary.heading"), rb.getString("summary.invalidparams.invalidtimestamp.title"), - String.format("summary.invalidparams.invalidtimestamp.body", + String.format( + rb.getString("summary.invalidparams.invalidtimestamp.body"), escapedTimestampParameter, "\"YYYY-MM-DD\"")); }

1 0