From da49c4d78dee04aa493ebce2a60169034a48b464 Mon Sep 17 00:00:00 2001
From: teor <teor@torproject.org>
Date: Tue, 29 Oct 2019 00:29:00 +1000
Subject: [PATCH] dirauth: Disable dirauth config when the module is disabled

Part of 32213.
---
 src/core/include.am                           |  2 +-
 src/feature/dirauth/dirauth_config.c          |  9 +---
 src/feature/dirauth/dirauth_config.h          | 46 +++++++++++++++++--
 .../bridgeauth_1/error_no_dirauth             |  1 +
 .../bridgeauth_1/error_no_dirauth_relay       |  1 +
 .../bridgeauth_1/expected_no_dirauth          |  7 ---
 .../bridgeauth_1/expected_no_dirauth_relay    |  6 ---
 .../conf_examples/dirauth_1/error_no_dirauth  |  1 +
 .../dirauth_1/error_no_dirauth_relay          |  1 +
 .../dirauth_1/expected_no_dirauth             |  7 ---
 .../dirauth_1/expected_no_dirauth_relay       |  6 ---
 11 files changed, 49 insertions(+), 38 deletions(-)
 create mode 100644 src/test/conf_examples/bridgeauth_1/error_no_dirauth
 create mode 100644 src/test/conf_examples/bridgeauth_1/error_no_dirauth_relay
 delete mode 100644 src/test/conf_examples/bridgeauth_1/expected_no_dirauth
 delete mode 100644 src/test/conf_examples/bridgeauth_1/expected_no_dirauth_relay
 create mode 100644 src/test/conf_examples/dirauth_1/error_no_dirauth
 create mode 100644 src/test/conf_examples/dirauth_1/error_no_dirauth_relay
 delete mode 100644 src/test/conf_examples/dirauth_1/expected_no_dirauth
 delete mode 100644 src/test/conf_examples/dirauth_1/expected_no_dirauth_relay

diff --git a/src/core/include.am b/src/core/include.am
index 222bd44df5..fb467cf819 100644
--- a/src/core/include.am
+++ b/src/core/include.am
@@ -89,7 +89,6 @@ LIBTOR_APP_A_SOURCES = 				\
 	src/feature/control/control_proto.c	\
 	src/feature/control/fmt_serverstatus.c  \
 	src/feature/control/getinfo_geoip.c	\
-	src/feature/dirauth/dirauth_config.c	\
 	src/feature/dircache/conscache.c	\
 	src/feature/dircache/consdiffmgr.c	\
 	src/feature/dircache/dircache.c		\
@@ -180,6 +179,7 @@ MODULE_DIRAUTH_SOURCES = 					\
 	src/feature/dirauth/authmode.c				\
 	src/feature/dirauth/bridgeauth.c			\
 	src/feature/dirauth/bwauth.c				\
+	src/feature/dirauth/dirauth_config.c			\
 	src/feature/dirauth/dirauth_periodic.c			\
 	src/feature/dirauth/dirauth_sys.c			\
 	src/feature/dirauth/dircollate.c			\
diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c
index 03d6af6092..3334213ab4 100644
--- a/src/feature/dirauth/dirauth_config.c
+++ b/src/feature/dirauth/dirauth_config.c
@@ -75,14 +75,12 @@ options_validate_dirauth_mode(const or_options_t *old_options,
       REJECT("Versioning authoritative dir servers must set "
              "Recommended*Versions.");
 
-#ifdef HAVE_MODULE_DIRAUTH
     char *t;
     /* Call these functions to produce warnings only. */
     t = format_recommended_version_list(options->RecommendedClientVersions, 1);
     tor_free(t);
     t = format_recommended_version_list(options->RecommendedServerVersions, 1);
     tor_free(t);
-#endif /* defined(HAVE_MODULE_DIRAUTH) */
 
     if (options->UseEntryGuards) {
       log_info(LD_CONFIG, "Authoritative directory servers can't set "
@@ -98,7 +96,7 @@ options_validate_dirauth_mode(const or_options_t *old_options,
           options->V3AuthoritativeDir))
       REJECT("AuthoritativeDir is set, but none of "
              "(Bridge/V3)AuthoritativeDir is set.");
-#ifdef HAVE_MODULE_DIRAUTH
+
     /* If we have a v3bandwidthsfile and it's broken, complain on startup */
     if (options->V3BandwidthsFile && !old_options) {
       dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL, NULL,
@@ -108,9 +106,6 @@ options_validate_dirauth_mode(const or_options_t *old_options,
     if (options->GuardfractionFile && !old_options) {
       dirserv_read_guardfraction_file(options->GuardfractionFile, NULL);
     }
-#else
-    (void)old_options;
-#endif /* defined(HAVE_MODULE_DIRAUTH) */
   }
 
   if (options->AuthoritativeDir && !options->DirPort_set)
@@ -283,7 +278,7 @@ options_validate_dirauth_testing(const or_options_t *old_options,
  * Return true if changing the configuration from <b>old</b> to <b>new</b>
  * affects the timing of the voting subsystem
  */
-int
+static int
 options_transition_affects_dirauth_timing(const or_options_t *old_options,
                                           const or_options_t *new_options)
 {
diff --git a/src/feature/dirauth/dirauth_config.h b/src/feature/dirauth/dirauth_config.h
index 21437ba248..95aef3de95 100644
--- a/src/feature/dirauth/dirauth_config.h
+++ b/src/feature/dirauth/dirauth_config.h
@@ -14,6 +14,8 @@
 
 typedef struct or_options_t or_options_t;
 
+#ifdef HAVE_MODULE_DIRAUTH
+
 int options_validate_dirauth_mode(const or_options_t *old_options,
                                   or_options_t *options,
                                   char **msg);
@@ -26,10 +28,46 @@ int options_validate_dirauth_testing(const or_options_t *old_options,
                                      or_options_t *options,
                                      char **msg);
 
-int options_transition_affects_dirauth_timing(
-                             const or_options_t *old_options,
-                             const or_options_t *new_options);
-
 int options_act_dirauth(const or_options_t *old_options);
 
+#else
+
+/** When tor is compiled with the dirauth module disabled, it can't be
+ * configured as a directory authority.
+ *
+ * Returns -1 and sets msg to a newly allocated string, if AuthoritativeDir
+ * is set in options. Otherwise returns 0. */
+static inline int
+options_validate_dirauth_mode(const or_options_t *old_options,
+                              or_options_t *options,
+                              char **msg)
+{
+  (void)old_options;
+
+  /* Only check the primary option for now, #29211 will disable more
+   * options. */
+  if (options->AuthoritativeDir) {
+    /* REJECT() this configuration */
+    *msg = tor_strdup("This tor was built with dirauth mode disabled. "
+                      "It can not be configured with AuthoritativeDir 1.");
+    return -1;
+  }
+
+  return 0;
+}
+
+#define options_validate_dirauth_schedule(old_options, options, msg) \
+  (((void)(old_options)),((void)(options)),((void)(msg)),0)
+
+#define options_validate_dirauth_testing(old_options, options, msg) \
+  (((void)(old_options)),((void)(options)),((void)(msg)),0)
+
+#define options_validate_dirauth_testing(old_options, options, msg) \
+  (((void)(old_options)),((void)(options)),((void)(msg)),0)
+
+#define options_act_dirauth(old_options) \
+  (((void)(old_options)),0)
+
+#endif /* defined(HAVE_MODULE_DIRAUTH) */
+
 #endif /* !defined(TOR_FEATURE_DIRAUTH_DIRAUTH_CONFIG_H) */
diff --git a/src/test/conf_examples/bridgeauth_1/error_no_dirauth b/src/test/conf_examples/bridgeauth_1/error_no_dirauth
new file mode 100644
index 0000000000..e6bd5db69c
--- /dev/null
+++ b/src/test/conf_examples/bridgeauth_1/error_no_dirauth
@@ -0,0 +1 @@
+This tor was built with dirauth mode disabled.
diff --git a/src/test/conf_examples/bridgeauth_1/error_no_dirauth_relay b/src/test/conf_examples/bridgeauth_1/error_no_dirauth_relay
new file mode 100644
index 0000000000..e6bd5db69c
--- /dev/null
+++ b/src/test/conf_examples/bridgeauth_1/error_no_dirauth_relay
@@ -0,0 +1 @@
+This tor was built with dirauth mode disabled.
diff --git a/src/test/conf_examples/bridgeauth_1/expected_no_dirauth b/src/test/conf_examples/bridgeauth_1/expected_no_dirauth
deleted file mode 100644
index d43aaf2c8b..0000000000
--- a/src/test/conf_examples/bridgeauth_1/expected_no_dirauth
+++ /dev/null
@@ -1,7 +0,0 @@
-Address 198.51.100.123
-AuthoritativeDirectory 1
-BridgeAuthoritativeDir 1
-ContactInfo tor_parse_test@example.com
-DirPort 80
-Nickname Unnamed
-ORPort 443
diff --git a/src/test/conf_examples/bridgeauth_1/expected_no_dirauth_relay b/src/test/conf_examples/bridgeauth_1/expected_no_dirauth_relay
deleted file mode 100644
index e059d79971..0000000000
--- a/src/test/conf_examples/bridgeauth_1/expected_no_dirauth_relay
+++ /dev/null
@@ -1,6 +0,0 @@
-Address 198.51.100.123
-AuthoritativeDirectory 1
-BridgeAuthoritativeDir 1
-ContactInfo tor_parse_test@example.com
-DirPort 80
-ORPort 443
diff --git a/src/test/conf_examples/dirauth_1/error_no_dirauth b/src/test/conf_examples/dirauth_1/error_no_dirauth
new file mode 100644
index 0000000000..e6bd5db69c
--- /dev/null
+++ b/src/test/conf_examples/dirauth_1/error_no_dirauth
@@ -0,0 +1 @@
+This tor was built with dirauth mode disabled.
diff --git a/src/test/conf_examples/dirauth_1/error_no_dirauth_relay b/src/test/conf_examples/dirauth_1/error_no_dirauth_relay
new file mode 100644
index 0000000000..e6bd5db69c
--- /dev/null
+++ b/src/test/conf_examples/dirauth_1/error_no_dirauth_relay
@@ -0,0 +1 @@
+This tor was built with dirauth mode disabled.
diff --git a/src/test/conf_examples/dirauth_1/expected_no_dirauth b/src/test/conf_examples/dirauth_1/expected_no_dirauth
deleted file mode 100644
index f006c6f8f2..0000000000
--- a/src/test/conf_examples/dirauth_1/expected_no_dirauth
+++ /dev/null
@@ -1,7 +0,0 @@
-Address 192.0.2.1
-AuthoritativeDirectory 1
-ContactInfo tor_parse_test@example.net
-DirPort 9030
-Nickname Unnamed
-ORPort 9001
-V3AuthoritativeDirectory 1
diff --git a/src/test/conf_examples/dirauth_1/expected_no_dirauth_relay b/src/test/conf_examples/dirauth_1/expected_no_dirauth_relay
deleted file mode 100644
index 4b9ad49bb2..0000000000
--- a/src/test/conf_examples/dirauth_1/expected_no_dirauth_relay
+++ /dev/null
@@ -1,6 +0,0 @@
-Address 192.0.2.1
-AuthoritativeDirectory 1
-ContactInfo tor_parse_test@example.net
-DirPort 9030
-ORPort 9001
-V3AuthoritativeDirectory 1