[or-cvs] r8573: - V1 authorities should set "HSAuthoritativeDir 1" to contin (in tor/trunk: . doc src/or)
arma at seul.org
arma at seul.org
Sun Oct 1 22:16:56 UTC 2006
Author: arma
Date: 2006-10-01 18:16:55 -0400 (Sun, 01 Oct 2006)
New Revision: 8573
Modified:
tor/trunk/ChangeLog
tor/trunk/doc/TODO
tor/trunk/doc/tor.1.in
tor/trunk/src/or/config.c
tor/trunk/src/or/directory.c
tor/trunk/src/or/or.h
tor/trunk/src/or/router.c
Log:
- V1 authorities should set "HSAuthoritativeDir 1" to continue being
hidden service authorities too.
- Just because your DirPort is open doesn't mean people should be
able to remotely teach you about hidden service descriptors. Now
only accept rendezvous posts if you've got HSAuthoritativeDir set.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2006-10-01 22:11:04 UTC (rev 8572)
+++ tor/trunk/ChangeLog 2006-10-01 22:16:55 UTC (rev 8573)
@@ -33,8 +33,9 @@
list if it stays that way for a long time.
- Allow directory authorities to be marked separately as authorities for
the v1 directory protocol, the v2 directory protocol, and as hidden
- service directories. This should make it easier to migrate trust away
- from one of the two authorities currently running on Moria.
+ service directories, to make it easier to retire old authorities.
+ V1 authorities should set "HSAuthoritativeDir 1" to continue being
+ hidden service authorities too.
- Reserve the nickname "Unnamed" for routers that can't pick a hostname;
any router can call itself Unnamed; directory servers will never
allocate Unnamed to any particular router; clients won't believe that
@@ -60,6 +61,9 @@
- Reject (most) attempts to use Tor as a one-hop proxy; if many people
start using Tor as a one-hop proxy, exit nodes become a more attractive
target for compromise. (Fixes bug 303.)
+ - Just because your DirPort is open doesn't mean people should be
+ able to remotely teach you about hidden service descriptors. Now
+ only accept rendezvous posts if you've got HSAuthoritativeDir set.
o Major bugfixes:
- Avoiding crashing on race condition in dns.c:
Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO 2006-10-01 22:11:04 UTC (rev 8572)
+++ tor/trunk/doc/TODO 2006-10-01 22:16:55 UTC (rev 8573)
@@ -176,7 +176,7 @@
- Critical but minor bugs, backport candidates.
d - Failed rend desc fetches sometimes don't get retried. True/false?
-R - non-v1 authorities should not accept rend descs.
+ o non-v1 authorities should not accept rend descs.
R - support dir 503s better
o clients don't log as loudly when they receive them
- they don't count toward the 3-strikes rule
Modified: tor/trunk/doc/tor.1.in
===================================================================
--- tor/trunk/doc/tor.1.in 2006-10-01 22:11:04 UTC (rev 8572)
+++ tor/trunk/doc/tor.1.in 2006-10-01 22:16:55 UTC (rev 8573)
@@ -716,6 +716,11 @@
section below.
.LP
.TP
+\fBHSAuthoritativeDir \fR\fB0\fR|\fB1\fR\fP
+When this option is set in addition to \fBAuthoritativeDirectory\fP, Tor also
+accepts and serves hidden service descriptors. (Default: 0)
+.LP
+.TP
\fBDirPort \fR\fIPORT\fP
Advertise the directory service on this port.
.LP
Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c 2006-10-01 22:11:04 UTC (rev 8572)
+++ tor/trunk/src/or/config.c 2006-10-01 22:16:55 UTC (rev 8573)
@@ -172,6 +172,7 @@
VAR("HiddenServiceNodes", LINELIST_S, RendConfigLines, NULL),
VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL),
+ VAR("HSAuthoritativeDir", BOOL, HSAuthoritativeDir, "0"),
VAR("HttpProxy", STRING, HttpProxy, NULL),
VAR("HttpProxyAuthenticator",STRING, HttpProxyAuthenticator,NULL),
VAR("HttpsProxy", STRING, HttpsProxy, NULL),
Modified: tor/trunk/src/or/directory.c
===================================================================
--- tor/trunk/src/or/directory.c 2006-10-01 22:11:04 UTC (rev 8572)
+++ tor/trunk/src/or/directory.c 2006-10-01 22:16:55 UTC (rev 8573)
@@ -1433,6 +1433,7 @@
size_t dlen;
const char *cp;
char *url = NULL;
+ or_options_t *options = get_options();
/* We ignore the body of a GET request. */
(void)body;
(void)body_len;
@@ -1596,25 +1597,15 @@
return 0;
}
- if (!strcmpstart(url,"/tor/rendezvous/") ||
- !strcmpstart(url,"/tor/rendezvous1/")) {
+ if (options->HSAuthoritativeDir &&
+ (!strcmpstart(url,"/tor/rendezvous/") ||
+ !strcmpstart(url,"/tor/rendezvous1/"))) {
/* rendezvous descriptor fetch */
const char *descp;
size_t desc_len;
int versioned = !strcmpstart(url,"/tor/rendezvous1/");
const char *query = url+strlen("/tor/rendezvous/")+(versioned?1:0);
- if (!authdir_mode(get_options())) {
- /* We don't hand out rend descs. In fact, it could be a security
- * risk, since rend_cache_lookup_desc() below would provide it
- * if we're gone to the site recently, and 404 if we haven't.
- *
- * Reject. */
- write_http_status_line(conn, 400, "Nonauthoritative directory does not "
- "store rendezvous descriptors");
- tor_free(url);
- return 0;
- }
switch (rend_cache_lookup_desc(query, versioned?-1:0, &descp, &desc_len)) {
case 1: /* valid */
write_http_response_header(conn, desc_len, "application/octet-stream",
@@ -1656,7 +1647,7 @@
if (!strcmp(url,"/tor/dir-all-weaselhack") &&
(conn->_base.addr == 0x7f000001ul) &&
- authdir_mode(get_options())) {
+ authdir_mode(options)) {
/* XXX until weasel rewrites his scripts XXXX012 */
char *new_directory=NULL;
@@ -1694,12 +1685,13 @@
char *body, size_t body_len)
{
char *url = NULL;
+ or_options_t *options = get_options();
log_debug(LD_DIRSERV,"Received POST command.");
conn->_base.state = DIR_CONN_STATE_SERVER_WRITING;
- if (!authdir_mode(get_options())) {
+ if (!authdir_mode(options)) {
/* we just provide cached directories; we don't want to
* receive anything. */
write_http_status_line(conn, 400, "Nonauthoritative directory does not "
@@ -1736,7 +1728,8 @@
goto done;
}
- if (!strcmpstart(url,"/tor/rendezvous/publish")) {
+ if (options->HSAuthoritativeDir &&
+ !strcmpstart(url,"/tor/rendezvous/publish")) {
/* rendezvous descriptor post */
if (rend_cache_store(body, body_len) < 0) {
// char tmp[1024*2+1];
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2006-10-01 22:11:04 UTC (rev 8572)
+++ tor/trunk/src/or/or.h 2006-10-01 22:16:55 UTC (rev 8573)
@@ -1442,8 +1442,10 @@
int DirPort; /**< Port to listen on for directory connections. */
int AssumeReachable; /**< Whether to publish our descriptor regardless. */
int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
- int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory?
+ int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory
* for version 1 directories? */
+ int HSAuthoritativeDir; /**< Boolean: does this an authoritative directory
+ * handle hidden service requests? */
int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory
* that's willing to bind names? */
int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
Modified: tor/trunk/src/or/router.c
===================================================================
--- tor/trunk/src/or/router.c 2006-10-01 22:11:04 UTC (rev 8572)
+++ tor/trunk/src/or/router.c 2006-10-01 22:16:55 UTC (rev 8573)
@@ -364,7 +364,7 @@
(uint16_t)options->DirPort, digest,
options->V1AuthoritativeDir, /* v1 authority */
1, /* v2 authority */
- options->V1AuthoritativeDir /* hidserv authority */);
+ options->HSAuthoritativeDir /* hidserv authority */);
}
return 0; /* success */
}
More information about the tor-commits
mailing list