nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

- V1 authorities should set "HSAuthoritativeDir 1" to continue being

Browse Source 
hidden service authorities too.
- Just because your DirPort is open doesn't mean people should be
  able to remotely teach you about hidden service descriptors. Now
  only accept rendezvous posts if you've got HSAuthoritativeDir set.


svn:r8573
This commit is contained in:
Roger Dingledine 2006-10-01 22:16:55 +00:00
parent a23ba84702
commit a3efc8e3d1
7 changed files with 26 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -33,8 +33,9 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
list if it stays that way for a long time. list if it stays that way for a long time.
- Allow directory authorities to be marked separately as authorities for - Allow directory authorities to be marked separately as authorities for
the v1 directory protocol, the v2 directory protocol, and as hidden the v1 directory protocol, the v2 directory protocol, and as hidden
service directories. This should make it easier to migrate trust away service directories, to make it easier to retire old authorities.
from one of the two authorities currently running on Moria. V1 authorities should set "HSAuthoritativeDir 1" to continue being
hidden service authorities too.
- Reserve the nickname "Unnamed" for routers that can't pick a hostname; - Reserve the nickname "Unnamed" for routers that can't pick a hostname;
any router can call itself Unnamed; directory servers will never any router can call itself Unnamed; directory servers will never
allocate Unnamed to any particular router; clients won't believe that allocate Unnamed to any particular router; clients won't believe that
@ -60,6 +61,9 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
- Reject (most) attempts to use Tor as a one-hop proxy; if many people - Reject (most) attempts to use Tor as a one-hop proxy; if many people
start using Tor as a one-hop proxy, exit nodes become a more attractive start using Tor as a one-hop proxy, exit nodes become a more attractive
target for compromise. (Fixes bug 303.) target for compromise. (Fixes bug 303.)
- Just because your DirPort is open doesn't mean people should be
able to remotely teach you about hidden service descriptors. Now
only accept rendezvous posts if you've got HSAuthoritativeDir set.
o Major bugfixes: o Major bugfixes:
- Avoiding crashing on race condition in dns.c: - Avoiding crashing on race condition in dns.c:

2
doc/TODO
View File

@ -176,7 +176,7 @@ N - Later, servers will stop generating new descriptors simply
- Critical but minor bugs, backport candidates. - Critical but minor bugs, backport candidates.
d - Failed rend desc fetches sometimes don't get retried. True/false? d - Failed rend desc fetches sometimes don't get retried. True/false?
R - non-v1 authorities should not accept rend descs. o non-v1 authorities should not accept rend descs.
R - support dir 503s better R - support dir 503s better
o clients don't log as loudly when they receive them o clients don't log as loudly when they receive them
- they don't count toward the 3-strikes rule - they don't count toward the 3-strikes rule

5
doc/tor.1.in
View File

@ -716,6 +716,11 @@ registered binding. See \fBapproved-routers\fP in the \fBFILES\fP
section below. section below.
.LP .LP
.TP .TP
\fBHSAuthoritativeDir \fR\fB0\fR|\fB1\fR\fP
When this option is set in addition to \fBAuthoritativeDirectory\fP, Tor also
accepts and serves hidden service descriptors. (Default: 0)
.LP
.TP
\fBDirPort \fR\fIPORT\fP \fBDirPort \fR\fIPORT\fP
Advertise the directory service on this port. Advertise the directory service on this port.
.LP .LP

1
src/or/config.c
View File

@ -172,6 +172,7 @@ static config_var_t _option_vars[] = {
VAR("HiddenServiceNodes", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceNodes", LINELIST_S, RendConfigLines, NULL),
VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL), VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL),
VAR("HSAuthoritativeDir", BOOL, HSAuthoritativeDir, "0"),
VAR("HttpProxy", STRING, HttpProxy, NULL), VAR("HttpProxy", STRING, HttpProxy, NULL),
VAR("HttpProxyAuthenticator",STRING, HttpProxyAuthenticator,NULL), VAR("HttpProxyAuthenticator",STRING, HttpProxyAuthenticator,NULL),
VAR("HttpsProxy", STRING, HttpsProxy, NULL), VAR("HttpsProxy", STRING, HttpsProxy, NULL),

25
src/or/directory.c
View File

@ -1433,6 +1433,7 @@ directory_handle_command_get(dir_connection_t *conn, char *headers,
size_t dlen; size_t dlen;
const char *cp; const char *cp;
char *url = NULL; char *url = NULL;
or_options_t *options = get_options();
/* We ignore the body of a GET request. */ /* We ignore the body of a GET request. */
(void)body; (void)body;
(void)body_len; (void)body_len;
@ -1596,25 +1597,15 @@ directory_handle_command_get(dir_connection_t *conn, char *headers,
return 0; return 0;
} }
if (!strcmpstart(url,"/tor/rendezvous/") || if (options->HSAuthoritativeDir &&
!strcmpstart(url,"/tor/rendezvous1/")) { (!strcmpstart(url,"/tor/rendezvous/") ||
!strcmpstart(url,"/tor/rendezvous1/"))) {
/* rendezvous descriptor fetch */ /* rendezvous descriptor fetch */
const char *descp; const char *descp;
size_t desc_len; size_t desc_len;
int versioned = !strcmpstart(url,"/tor/rendezvous1/"); int versioned = !strcmpstart(url,"/tor/rendezvous1/");
const char *query = url+strlen("/tor/rendezvous/")+(versioned?1:0); const char *query = url+strlen("/tor/rendezvous/")+(versioned?1:0);
if (!authdir_mode(get_options())) {
/* We don't hand out rend descs. In fact, it could be a security
* risk, since rend_cache_lookup_desc() below would provide it
* if we're gone to the site recently, and 404 if we haven't.
*
* Reject. */
write_http_status_line(conn, 400, "Nonauthoritative directory does not "
"store rendezvous descriptors");
tor_free(url);
return 0;
}
switch (rend_cache_lookup_desc(query, versioned?-1:0, &descp, &desc_len)) { switch (rend_cache_lookup_desc(query, versioned?-1:0, &descp, &desc_len)) {
case 1: /* valid */ case 1: /* valid */
write_http_response_header(conn, desc_len, "application/octet-stream", write_http_response_header(conn, desc_len, "application/octet-stream",
@ -1656,7 +1647,7 @@ directory_handle_command_get(dir_connection_t *conn, char *headers,
if (!strcmp(url,"/tor/dir-all-weaselhack") && if (!strcmp(url,"/tor/dir-all-weaselhack") &&
(conn->_base.addr == 0x7f000001ul) && (conn->_base.addr == 0x7f000001ul) &&
authdir_mode(get_options())) { authdir_mode(options)) {
/* XXX until weasel rewrites his scripts XXXX012 */ /* XXX until weasel rewrites his scripts XXXX012 */
char *new_directory=NULL; char *new_directory=NULL;
@ -1694,12 +1685,13 @@ directory_handle_command_post(dir_connection_t *conn, char *headers,
char *body, size_t body_len) char *body, size_t body_len)
{ {
char *url = NULL; char *url = NULL;
or_options_t *options = get_options();
log_debug(LD_DIRSERV,"Received POST command."); log_debug(LD_DIRSERV,"Received POST command.");
conn->_base.state = DIR_CONN_STATE_SERVER_WRITING; conn->_base.state = DIR_CONN_STATE_SERVER_WRITING;
if (!authdir_mode(get_options())) { if (!authdir_mode(options)) {
/* we just provide cached directories; we don't want to /* we just provide cached directories; we don't want to
* receive anything. */ * receive anything. */
write_http_status_line(conn, 400, "Nonauthoritative directory does not " write_http_status_line(conn, 400, "Nonauthoritative directory does not "
@ -1736,7 +1728,8 @@ directory_handle_command_post(dir_connection_t *conn, char *headers,
goto done; goto done;
} }
if (!strcmpstart(url,"/tor/rendezvous/publish")) { if (options->HSAuthoritativeDir &&
!strcmpstart(url,"/tor/rendezvous/publish")) {
/* rendezvous descriptor post */ /* rendezvous descriptor post */
if (rend_cache_store(body, body_len) < 0) { if (rend_cache_store(body, body_len) < 0) {
// char tmp[1024*2+1]; // char tmp[1024*2+1];

4
src/or/or.h
View File

@ -1442,8 +1442,10 @@ typedef struct {
int DirPort; /**< Port to listen on for directory connections. */ int DirPort; /**< Port to listen on for directory connections. */
int AssumeReachable; /**< Whether to publish our descriptor regardless. */ int AssumeReachable; /**< Whether to publish our descriptor regardless. */
int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */ int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory? int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory
* for version 1 directories? */ * for version 1 directories? */
int HSAuthoritativeDir; /**< Boolean: does this an authoritative directory
* handle hidden service requests? */
int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory
* that's willing to bind names? */ * that's willing to bind names? */
int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative

2
src/or/router.c
View File

@ -364,7 +364,7 @@ init_keys(void)
(uint16_t)options->DirPort, digest, (uint16_t)options->DirPort, digest,
options->V1AuthoritativeDir, /* v1 authority */ options->V1AuthoritativeDir, /* v1 authority */
1, /* v2 authority */ 1, /* v2 authority */
options->V1AuthoritativeDir /* hidserv authority */); options->HSAuthoritativeDir /* hidserv authority */);
} }
return 0; /* success */ return 0; /* success */
} }