diff options
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/config.c | 1 | ||||
| -rw-r--r-- | src/or/directory.c | 25 | ||||
| -rw-r--r-- | src/or/or.h | 4 | ||||
| -rw-r--r-- | src/or/router.c | 2 |
4 files changed, 14 insertions, 18 deletions
diff --git a/src/or/config.c b/src/or/config.c index f021fb9c1..8407367ee 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -172,6 +172,7 @@ static config_var_t _option_vars[] = { VAR("HiddenServiceNodes", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL), VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL), + VAR("HSAuthoritativeDir", BOOL, HSAuthoritativeDir, "0"), VAR("HttpProxy", STRING, HttpProxy, NULL), VAR("HttpProxyAuthenticator",STRING, HttpProxyAuthenticator,NULL), VAR("HttpsProxy", STRING, HttpsProxy, NULL), diff --git a/src/or/directory.c b/src/or/directory.c index 0de573286..d874e18f5 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -1433,6 +1433,7 @@ directory_handle_command_get(dir_connection_t *conn, char *headers, size_t dlen; const char *cp; char *url = NULL; + or_options_t *options = get_options(); /* We ignore the body of a GET request. */ (void)body; (void)body_len; @@ -1596,25 +1597,15 @@ directory_handle_command_get(dir_connection_t *conn, char *headers, return 0; } - if (!strcmpstart(url,"/tor/rendezvous/") || - !strcmpstart(url,"/tor/rendezvous1/")) { + if (options->HSAuthoritativeDir && + (!strcmpstart(url,"/tor/rendezvous/") || + !strcmpstart(url,"/tor/rendezvous1/"))) { /* rendezvous descriptor fetch */ const char *descp; size_t desc_len; int versioned = !strcmpstart(url,"/tor/rendezvous1/"); const char *query = url+strlen("/tor/rendezvous/")+(versioned?1:0); - if (!authdir_mode(get_options())) { - /* We don't hand out rend descs. In fact, it could be a security - * risk, since rend_cache_lookup_desc() below would provide it - * if we're gone to the site recently, and 404 if we haven't. - * - * Reject. */ - write_http_status_line(conn, 400, "Nonauthoritative directory does not " - "store rendezvous descriptors"); - tor_free(url); - return 0; - } switch (rend_cache_lookup_desc(query, versioned?-1:0, &descp, &desc_len)) { case 1: /* valid */ write_http_response_header(conn, desc_len, "application/octet-stream", @@ -1656,7 +1647,7 @@ directory_handle_command_get(dir_connection_t *conn, char *headers, if (!strcmp(url,"/tor/dir-all-weaselhack") && (conn->_base.addr == 0x7f000001ul) && - authdir_mode(get_options())) { + authdir_mode(options)) { /* XXX until weasel rewrites his scripts XXXX012 */ char *new_directory=NULL; @@ -1694,12 +1685,13 @@ directory_handle_command_post(dir_connection_t *conn, char *headers, char *body, size_t body_len) { char *url = NULL; + or_options_t *options = get_options(); log_debug(LD_DIRSERV,"Received POST command."); conn->_base.state = DIR_CONN_STATE_SERVER_WRITING; - if (!authdir_mode(get_options())) { + if (!authdir_mode(options)) { /* we just provide cached directories; we don't want to * receive anything. */ write_http_status_line(conn, 400, "Nonauthoritative directory does not " @@ -1736,7 +1728,8 @@ directory_handle_command_post(dir_connection_t *conn, char *headers, goto done; } - if (!strcmpstart(url,"/tor/rendezvous/publish")) { + if (options->HSAuthoritativeDir && + !strcmpstart(url,"/tor/rendezvous/publish")) { /* rendezvous descriptor post */ if (rend_cache_store(body, body_len) < 0) { // char tmp[1024*2+1]; diff --git a/src/or/or.h b/src/or/or.h index 4fe16012e..a73b284bd 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1442,8 +1442,10 @@ typedef struct { int DirPort; /**< Port to listen on for directory connections. */ int AssumeReachable; /**< Whether to publish our descriptor regardless. */ int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */ - int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory? + int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory * for version 1 directories? */ + int HSAuthoritativeDir; /**< Boolean: does this an authoritative directory + * handle hidden service requests? */ int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory * that's willing to bind names? */ int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative diff --git a/src/or/router.c b/src/or/router.c index e43a593c8..b139440f5 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -364,7 +364,7 @@ init_keys(void) (uint16_t)options->DirPort, digest, options->V1AuthoritativeDir, /* v1 authority */ 1, /* v2 authority */ - options->V1AuthoritativeDir /* hidserv authority */); + options->HSAuthoritativeDir /* hidserv authority */); } return 0; /* success */ } |