summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2016-08-25 11:52:29 -0400
committerDavid Goulet <dgoulet@torproject.org>2016-11-04 10:32:50 -0400
commit1517a8a2ebeb645669531b53bad52879d6da39d2 (patch)
tree4d77ab174e780286b5ea2e908ac158b812fee5bf
parentd795ed5871010b8ad6d216f5f4381e4191cb147c (diff)
downloadtor-1517a8a2ebeb645669531b53bad52879d6da39d2.tar.gz
tor-1517a8a2ebeb645669531b53bad52879d6da39d2.zip
Add EnableOnionServicesV3 consensus parameter
This parameter controls if onion services version 3 (first version of prop224) is enabled or not. If disabled, the tor daemon will not support the protocol for all components such as relay, directory, service and client. If the parameter is not found, it's enabled by default. Closes #19899 Signed-off-by: David Goulet <dgoulet@torproject.org> Signed-off-by: George Kadianakis <desnacked@riseup.net>
-rw-r--r--src/or/directory.c15
-rw-r--r--src/or/hs_common.c15
-rw-r--r--src/or/hs_common.h2
3 files changed, 32 insertions, 0 deletions
diff --git a/src/or/directory.c b/src/or/directory.c
index 29022fab4f..a3aa276df7 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -3404,6 +3404,13 @@ handle_get_hs_descriptor_v3(dir_connection_t *conn,
const char *pubkey_str = NULL;
const char *url = args->url;
+ /* Don't serve v3 descriptors if next gen onion service is disabled. */
+ if (!hs_v3_protocol_is_enabled()) {
+ /* 404 is used for an unrecognized URL so send back the same. */
+ write_http_status_line(conn, 404, "Not found");
+ goto done;
+ }
+
/* Reject unencrypted dir connections */
if (!connection_dir_is_encrypted(conn)) {
write_http_status_line(conn, 404, "Not found");
@@ -3620,6 +3627,14 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
* the prop224 be deployed and thus use. */
if (connection_dir_is_encrypted(conn) && !strcmpstart(url, "/tor/hs/")) {
const char *msg = "HS descriptor stored successfully.";
+ /* Don't accept v3 and onward publish request if next gen onion service is
+ * disabled. */
+ if (!hs_v3_protocol_is_enabled()) {
+ /* 404 is used for an unrecognized URL so send back the same. */
+ write_http_status_line(conn, 404, "Not found");
+ goto done;
+ }
+
/* We most probably have a publish request for an HS descriptor. */
int code = handle_post_hs_descriptor(url, body);
if (code != 200) {
diff --git a/src/or/hs_common.c b/src/or/hs_common.c
index c78af531a7..448bf5b800 100644
--- a/src/or/hs_common.c
+++ b/src/or/hs_common.c
@@ -11,6 +11,8 @@
#include "or.h"
+#include "config.h"
+#include "networkstatus.h"
#include "hs_common.h"
#include "rendcommon.h"
@@ -263,3 +265,16 @@ rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out)
}
}
+/* Return true iff the Onion Services protocol version 3 is enabled. This only
+ * considers the consensus parameter. If the parameter is not found, the
+ * default is that it's enabled. */
+int
+hs_v3_protocol_is_enabled(void)
+{
+ /* This consensus param controls if the the onion services version 3 is
+ * enabled or not which is the first version of the next generation
+ * (proposal 224). If this option is set to 0, the tor daemon won't support
+ * the protocol as either a relay, directory, service or client. By default,
+ * it's enabled if the parameter is not found. */
+ return networkstatus_get_param(NULL, "EnableOnionServicesV3", 1, 0, 1);
+}
diff --git a/src/or/hs_common.h b/src/or/hs_common.h
index 1d3a15df5a..2502f35ad4 100644
--- a/src/or/hs_common.h
+++ b/src/or/hs_common.h
@@ -33,5 +33,7 @@ const char *rend_data_get_desc_id(const rend_data_t *rend_data,
const uint8_t *rend_data_get_pk_digest(const rend_data_t *rend_data,
size_t *len_out);
+int hs_v3_protocol_is_enabled(void);
+
#endif /* TOR_HS_COMMON_H */