diff options
author | David Goulet <dgoulet@torproject.org> | 2016-08-25 11:52:29 -0400 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2016-11-04 10:32:50 -0400 |
commit | 1517a8a2ebeb645669531b53bad52879d6da39d2 (patch) | |
tree | 4d77ab174e780286b5ea2e908ac158b812fee5bf | |
parent | d795ed5871010b8ad6d216f5f4381e4191cb147c (diff) | |
download | tor-1517a8a2ebeb645669531b53bad52879d6da39d2.tar.gz tor-1517a8a2ebeb645669531b53bad52879d6da39d2.zip |
Add EnableOnionServicesV3 consensus parameter
This parameter controls if onion services version 3 (first version of prop224)
is enabled or not. If disabled, the tor daemon will not support the protocol
for all components such as relay, directory, service and client. If the
parameter is not found, it's enabled by default.
Closes #19899
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
-rw-r--r-- | src/or/directory.c | 15 | ||||
-rw-r--r-- | src/or/hs_common.c | 15 | ||||
-rw-r--r-- | src/or/hs_common.h | 2 |
3 files changed, 32 insertions, 0 deletions
diff --git a/src/or/directory.c b/src/or/directory.c index 29022fab4f..a3aa276df7 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -3404,6 +3404,13 @@ handle_get_hs_descriptor_v3(dir_connection_t *conn, const char *pubkey_str = NULL; const char *url = args->url; + /* Don't serve v3 descriptors if next gen onion service is disabled. */ + if (!hs_v3_protocol_is_enabled()) { + /* 404 is used for an unrecognized URL so send back the same. */ + write_http_status_line(conn, 404, "Not found"); + goto done; + } + /* Reject unencrypted dir connections */ if (!connection_dir_is_encrypted(conn)) { write_http_status_line(conn, 404, "Not found"); @@ -3620,6 +3627,14 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers, * the prop224 be deployed and thus use. */ if (connection_dir_is_encrypted(conn) && !strcmpstart(url, "/tor/hs/")) { const char *msg = "HS descriptor stored successfully."; + /* Don't accept v3 and onward publish request if next gen onion service is + * disabled. */ + if (!hs_v3_protocol_is_enabled()) { + /* 404 is used for an unrecognized URL so send back the same. */ + write_http_status_line(conn, 404, "Not found"); + goto done; + } + /* We most probably have a publish request for an HS descriptor. */ int code = handle_post_hs_descriptor(url, body); if (code != 200) { diff --git a/src/or/hs_common.c b/src/or/hs_common.c index c78af531a7..448bf5b800 100644 --- a/src/or/hs_common.c +++ b/src/or/hs_common.c @@ -11,6 +11,8 @@ #include "or.h" +#include "config.h" +#include "networkstatus.h" #include "hs_common.h" #include "rendcommon.h" @@ -263,3 +265,16 @@ rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out) } } +/* Return true iff the Onion Services protocol version 3 is enabled. This only + * considers the consensus parameter. If the parameter is not found, the + * default is that it's enabled. */ +int +hs_v3_protocol_is_enabled(void) +{ + /* This consensus param controls if the the onion services version 3 is + * enabled or not which is the first version of the next generation + * (proposal 224). If this option is set to 0, the tor daemon won't support + * the protocol as either a relay, directory, service or client. By default, + * it's enabled if the parameter is not found. */ + return networkstatus_get_param(NULL, "EnableOnionServicesV3", 1, 0, 1); +} diff --git a/src/or/hs_common.h b/src/or/hs_common.h index 1d3a15df5a..2502f35ad4 100644 --- a/src/or/hs_common.h +++ b/src/or/hs_common.h @@ -33,5 +33,7 @@ const char *rend_data_get_desc_id(const rend_data_t *rend_data, const uint8_t *rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out); +int hs_v3_protocol_is_enabled(void); + #endif /* TOR_HS_COMMON_H */ |