Don't allow v0 HS auths to act as clients

A v0 HS authority stores v0 HS descriptors in the same descriptor
cache that its HS client functionality uses.  Thus, if the HS
authority operator clears its client HS descriptor cache, ALL v0
HS descriptors will be lost.  That would be bad.

diff --git a/changes/forget-rend-descs-on-newnym b/changes/forget-rend-descs-on-newnym
index ab2fd61f34d9f39da81af8f62b017b47e8680ea6..f8758c2d58e6ffb86cbc4f3fdb2907a215ea774e 100644 (file)
--- a/changes/forget-rend-descs-on-newnym
+++ b/changes/forget-rend-descs-on-newnym
@@ -2,6 +2,9 @@
     - Forget all hidden service descriptors cached as a client when
       processing a SIGNAL NEWNYM command.  Fixes bug 3000.  Bugfix on
       0.0.6.
+  o Minor bugfixes:
+    - Don't allow v0 hidden service authorities to act as clients.
+      Required by fix for bug 3000.
   o Code simplifications and refactoring:
     - Allow rend_client_send_introduction to fail without closing the
       AP connection permanently.

diff --git a/src/or/config.c b/src/or/config.c
index f003e4d296e397fbfcdd35a886ed00a7c83b6ba3..9384b3a68a9cced22d1888065256b640afa822ed 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3078,6 +3078,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
     REJECT("FetchDirInfoExtraEarly requires that you also set "
            "FetchDirInfoEarly");
 
+  if (options->HSAuthoritativeDir && proxy_mode(options))
+    REJECT("Running as authoritative v0 HS directory, but also configured "
+           "as a client.");
+
   if (options->ConnLimit <= 0) {
     tor_asprintf(msg,
         "ConnLimit must be greater than 0, but was set to %d",