From 89eded7b175dc541a4c140587d48b01cc0e914eb Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 15 Dec 2005 21:39:38 +0000 Subject: Add "panic" option to reject all servers not in fingerprint list. svn:r5601 --- src/or/config.c | 1 + src/or/dirserv.c | 3 ++- src/or/or.h | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) (limited to 'src/or') diff --git a/src/or/config.c b/src/or/config.c index 4d53f20e23..27478b1e08 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -112,6 +112,7 @@ static config_var_t _option_vars[] = { VAR("AssumeReachable", BOOL, AssumeReachable, "0"), VAR("AuthDirInvalid", LINELIST, AuthDirInvalid, NULL), VAR("AuthDirReject", LINELIST, AuthDirReject, NULL), + VAR("AuthDirRejectUnlisted",BOOL, AuthDirRejectUnlisted,"0"), VAR("AuthoritativeDirectory",BOOL, AuthoritativeDir, "0"), VAR("BandwidthBurst", MEMUNIT, BandwidthBurst, "5 MB"), VAR("BandwidthRate", MEMUNIT, BandwidthRate, "2 MB"), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 7fe5bcab3d..a787f919bf 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -280,6 +280,7 @@ dirserv_get_status_impl(const char *fp, const char *nickname, const char **msg, int should_log) { fingerprint_entry_t *nn_ent = NULL, *fp_ent = NULL; + int reject_unlisted = get_options()->AuthDirRejectUnlisted; if (!fingerprint_list) fingerprint_list = smartlist_create(); @@ -327,7 +328,7 @@ dirserv_get_status_impl(const char *fp, const char *nickname, return FP_INVALID; } if (!platform || tor_version_as_new_as(platform,"0.1.0.2-rc")) - return FP_VALID; + return reject_unlisted ? FP_REJECT : FP_VALID; else return FP_INVALID; if (should_log) diff --git a/src/or/or.h b/src/or/or.h index 7250265c8a..75a2d66af1 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1315,6 +1315,8 @@ typedef struct { * reject. */ config_line_t *AuthDirInvalid; /**< Address policy for descriptors to * never mark as valid. */ + int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that + * aren't named in our fingprint file? */ char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting -- cgit v1.2.3-54-g00ecf