[tor-commits] [doctor/master] Check that authorities run recommended versions.
karsten at torproject.org
karsten at torproject.org
Mon Feb 11 16:40:23 UTC 2013
commit 091551f78899de8cc2e5b1d656df27e31e383a14
Author: Karsten Loesing <karsten.loesing at gmx.net>
Date: Mon Feb 11 17:38:21 2013 +0100
Check that authorities run recommended versions.
Implements #7725.
---
.gitignore | 2 +
src/org/torproject/doctor/Checker.java | 51 ++++++++++++++++++++++-
src/org/torproject/doctor/StatusFileReport.java | 7 +++-
src/org/torproject/doctor/Warning.java | 5 ++-
4 files changed, 61 insertions(+), 4 deletions(-)
diff --git a/.gitignore b/.gitignore
index 14a8cb2..db27b77 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
+.classpath
+.project
classes/
lib/
out/
diff --git a/src/org/torproject/doctor/Checker.java b/src/org/torproject/doctor/Checker.java
index 2fbdcaf..3adc678 100644
--- a/src/org/torproject/doctor/Checker.java
+++ b/src/org/torproject/doctor/Checker.java
@@ -2,7 +2,6 @@
* See LICENSE for licensing information */
package org.torproject.doctor;
-import java.io.*;
import java.text.*;
import java.util.*;
import org.torproject.descriptor.*;
@@ -45,6 +44,7 @@ public class Checker {
this.checkBandwidthScanners();
this.checkMissingAuthorities();
this.checkAuthorityRelayIdentityKeys();
+ this.checkAuthorityVersions();
}
} else {
this.warnings.put(Warning.NoConsensusKnown, new TreeSet<String>());
@@ -364,7 +364,6 @@ public class Checker {
private void warnAboutExpiringCertificates(Warning warningType,
SortedMap<String, String> expiringCertificates) {
SortedSet<String> details = new TreeSet<String>();
- StringBuilder sb = new StringBuilder();
for (Map.Entry<String, String> e :
expiringCertificates.entrySet()) {
String dir = e.getKey();
@@ -472,5 +471,53 @@ public class Checker {
unexpectedFingerprints);
}
}
+
+ private void checkAuthorityVersions() {
+ if (downloadedConsensus.getRecommendedServerVersions() == null) {
+ return;
+ }
+ Set<String> recommendedVersions = new HashSet<String>();
+ for (String version :
+ downloadedConsensus.getRecommendedServerVersions()) {
+ recommendedVersions.add(version.split("-", 2)[0]);
+ }
+ SortedMap<String, String> authorities = new TreeMap<String, String>();
+ authorities.put("f2044413dac2e02e3d6bcf4735a19bca1de97281",
+ "gabelmoo");
+ authorities.put("847b1f850344d7876491a54892f904934e4eb85d", "tor26");
+ authorities.put("f397038adc51336135e7b80bd99ca3844360292b",
+ "turtles");
+ authorities.put("bd6a829255cb08e66fbe7d3748363586e46b3810",
+ "maatuska");
+ authorities.put("7be683e65d48141321c5ed92f075c55364ac7123",
+ "dannenberg");
+ authorities.put("0ad3fa884d18f89eea2d89c019379e0e7fd94417", "urras");
+ authorities.put("9695dfc35ffeb861329b9f1ab04c46397020ce31", "moria1");
+ authorities.put("7ea6ead6fd83083c538f44038bbfa077587dd755", "dizum");
+ authorities.put("cf6d0aafb385be71b8e111fc5cff4b47923733bc",
+ "Faravahar");
+ authorities.put("4a0ccd2ddc7995083d73f5d667100c8a5831f16d", "Tonga");
+ SortedSet<String> unrecommendedVersions = new TreeSet<String>();
+ for (Map.Entry<String, String> e : authorities.entrySet()) {
+ String fingerprint = e.getKey().toUpperCase();
+ String nickname = e.getValue();
+ if (this.downloadedConsensus.getStatusEntries().containsKey(
+ fingerprint)) {
+ String authorityVersion = this.downloadedConsensus.getStatusEntry(
+ fingerprint).getVersion();
+ if (authorityVersion.startsWith("Tor ")) {
+ authorityVersion = authorityVersion.substring("Tor ".length());
+ }
+ if (!recommendedVersions.contains(
+ authorityVersion.split("-", 2)[0])) {
+ unrecommendedVersions.add(nickname + "=" + authorityVersion);
+ }
+ }
+ }
+ if (!unrecommendedVersions.isEmpty()) {
+ this.warnings.put(Warning.UnrecommendedVersions,
+ unrecommendedVersions);
+ }
+ }
}
diff --git a/src/org/torproject/doctor/StatusFileReport.java b/src/org/torproject/doctor/StatusFileReport.java
index 7ea29bb..1e23639 100644
--- a/src/org/torproject/doctor/StatusFileReport.java
+++ b/src/org/torproject/doctor/StatusFileReport.java
@@ -42,7 +42,6 @@ public class StatusFileReport {
/* Read when we last emitted a warning to rate-limit some of them. */
private File lastWarnedFile = new File("out/state/last-warned");
private void readLastWarned() {
- long now = System.currentTimeMillis();
try {
if (this.lastWarnedFile.exists()) {
BufferedReader br = new BufferedReader(new FileReader(
@@ -60,6 +59,7 @@ public class StatusFileReport {
String message = line.substring(line.indexOf(": ") + 2);
lastWarned.put(message, warnedMillis);
}
+ br.close();
}
} catch (IOException e) {
System.err.println("Could not read file '"
@@ -174,6 +174,11 @@ public class StatusFileReport {
+ "different relay identity keys than expected: "
+ detailsString, 150L * 60L * 1000L);
break;
+ case UnrecommendedVersions:
+ warningStrings.put("WARNING: The following authorities are "
+ + "running unrecommended Tor versions: "
+ + detailsString, 150L * 60L * 1000L);
+ break;
}
}
long now = System.currentTimeMillis();
diff --git a/src/org/torproject/doctor/Warning.java b/src/org/torproject/doctor/Warning.java
index 2fe87f0..fc7de0e 100644
--- a/src/org/torproject/doctor/Warning.java
+++ b/src/org/torproject/doctor/Warning.java
@@ -70,6 +70,9 @@ public enum Warning {
/* One or more relays running on the IP addresses and dir ports of the
* authorities are using a different relay identity key than
* expected. */
- UnexpectedFingerprints
+ UnexpectedFingerprints,
+
+ /* One or more authorities are running an unrecommended Tor version. */
+ UnrecommendedVersions
}
More information about the tor-commits
mailing list