Bridges now refuse "rendezvous2" publish attempts

Suggested during review of ticket 18332.

changes/ticket18332

@@ -4,3 +4,7 @@
       check whether they are one of the relays in the network that is
       "supposed" to handle that descriptor. Implements ticket 18332.
 
+  o Minor bugfixes:
+    - Bridges now refuse "rendezvous2" (hidden service descriptor)
+      publish attempts. Suggested by ticket 18332.
+

src/or/directory.c

@@ -3412,6 +3412,13 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
 
   conn->base_.state = DIR_CONN_STATE_SERVER_WRITING;
 
+  if (!public_server_mode(options)) {
+    log_info(LD_DIR, "Rejected dir post request from %s "
+             "since we're not a public relay.", conn->base_.address);
+    write_http_status_line(conn, 503, "Not acting as a public relay");
+    goto done;
+  }
+
   if (parse_http_url(headers, &url) < 0) {
     write_http_status_line(conn, 400, "Bad request");
     return 0;

src/or/rendcache.c

@@ -623,6 +623,8 @@ rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
  * If we have an older descriptor with the same ID, replace it.
  *
  * Return 0 on success, or -1 if we couldn't parse any of them.
+ *
+ * We should only call this function for public (e.g. non bridge) relays.
  */
 int
 rend_cache_store_v2_desc_as_dir(const char *desc)