Add "panic" option to reject all servers not in fingerprint list.

svn:r5601

src/or/config.c

@@ -112,6 +112,7 @@ static config_var_t _option_vars[] = {
   VAR("AssumeReachable",     BOOL,     AssumeReachable,      "0"),
   VAR("AuthDirInvalid",      LINELIST, AuthDirInvalid,       NULL),
   VAR("AuthDirReject",       LINELIST, AuthDirReject,        NULL),
+  VAR("AuthDirRejectUnlisted",BOOL,    AuthDirRejectUnlisted,"0"),
   VAR("AuthoritativeDirectory",BOOL,   AuthoritativeDir,     "0"),
   VAR("BandwidthBurst",      MEMUNIT,  BandwidthBurst,       "5 MB"),
   VAR("BandwidthRate",       MEMUNIT,  BandwidthRate,        "2 MB"),

src/or/dirserv.c

@@ -280,6 +280,7 @@ dirserv_get_status_impl(const char *fp, const char *nickname,
                         const char **msg, int should_log)
 {
   fingerprint_entry_t *nn_ent = NULL, *fp_ent = NULL;
+  int reject_unlisted = get_options()->AuthDirRejectUnlisted;
   if (!fingerprint_list)
     fingerprint_list = smartlist_create();
 
@@ -327,7 +328,7 @@ dirserv_get_status_impl(const char *fp, const char *nickname,
       return FP_INVALID;
     }
     if (!platform || tor_version_as_new_as(platform,"0.1.0.2-rc"))
-      return FP_VALID;
+      return reject_unlisted ? FP_REJECT : FP_VALID;
     else
       return FP_INVALID;
     if (should_log)

src/or/or.h

@@ -1315,6 +1315,8 @@ typedef struct {
                                  * reject. */
   config_line_t *AuthDirInvalid; /**< Address policy for descriptors to
                                   * never mark as valid. */
+  int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that
+                              * aren't named in our fingprint file? */
   char *AccountingStart; /**< How long is the accounting interval, and when
                           * does it start? */
   uint64_t AccountingMax; /**< How many bytes do we allow per accounting