caching dirservers don't handle posts, running-routers, or rend descs

svn:r2080

src/or/directory.c

@@ -524,6 +524,11 @@ directory_handle_command_get(connection_t *conn, char *headers,
   }
 
   if(!strcmp(url,"/running-routers")) { /* running-routers fetch */
+    if(!authdir_mode()) {
+      /* XXX008 for now, we don't cache running-routers. Reject. */
+      connection_write_to_buf(answer400, strlen(answer400), conn);
+      return 0;
+    }
     dlen = dirserv_get_runningrouters(&cp);
     if(dlen < 0) { /* we failed to create cp */
       connection_write_to_buf(answer503, strlen(answer503), conn);
@@ -542,6 +547,15 @@ directory_handle_command_get(connection_t *conn, char *headers,
     const char *descp;
     int desc_len;
 
+    if(!authdir_mode()) {
+      /* We don't hand out rend descs. In fact, it could be a security
+       * risk, since rend_cache_lookup_desc() below would provide it
+       * if we're gone to the site recently, and 404 if we haven't.
+       *
+       * Reject. */
+      connection_write_to_buf(answer400, strlen(answer400), conn);
+      return 0;
+    }
     switch(rend_cache_lookup_desc(url+strlen(rend_fetch_url), &descp, &desc_len)) {
       case 1: /* valid */
         snprintf(tmp, sizeof(tmp), "HTTP/1.0 200 OK\r\nContent-Length: %d\r\nContent-Type: application/octet-stream\r\n\r\n",
@@ -580,6 +594,13 @@ directory_handle_command_post(connection_t *conn, char *headers,
 
   conn->state = DIR_CONN_STATE_SERVER_WRITING;
 
+  if(!authdir_mode()) {
+    /* we just provide cached directories; we don't want to
+     * receive anything. */
+    connection_write_to_buf(answer400, strlen(answer400), conn);
+    return 0;
+  }
+
   if (parse_http_url(headers, &url) < 0) {
     connection_write_to_buf(answer400, strlen(answer400), conn);
     return 0;