Provide dire warnings to any users who set DirServer; move it out of torrc.sample and into torrc.complete.

svn:r5132

doc/TODO

@@ -163,7 +163,8 @@ N     . Routerdesc download changes
         o Reset failure count every 60 minutes
         o Drop fallback to download-all.  Also, always split download.
         - Only use a routerdesc if you recognize its hash.
-          - Must defer till dirservers are upgraded to latest.
+          - (Must defer till dirservers are upgraded to latest code, which
+            actually generates these hashes.)
           - Of course, authdirservers must not do this.
           - Should directory mirrors do something else entirely?
         - Use has_fetched_directory sanely, whatever that means.
@@ -177,7 +178,7 @@ N     . Routerdesc download changes
       - Call dirport_is_reachable from somewhere else.
       o Networkstatus should list who's an authority.
       - Add nickname element to dirserver line.  Log this along with IP:Port.
-      - Warn when using non-default directory servers.
+      o Warn when using non-default directory servers.
       - When giving up on a non-finished dir request, log how many bytes
         dropped, to see whether it's worthwhile to use partial info.
     - Security

doc/tor.1.in

@@ -83,12 +83,17 @@ their current liveness status. A value of "0 seconds" tells Tor to choose an
 appropriate default. (Default: 1 hour for clients, 20 minutes for servers)
 .LP
 .TP
-\fBDirServer \fR\fIaddress:port fingerprint\fP
+\fBDirServer \fR[v1] \fIaddress:port fingerprint\fP
 Use a nonstandard authoritative directory server at the provided
 address and port, with the specified key fingerprint.  This option can
 be repeated many times, for multiple authoritative directory
-servers. If no \fBdirserver\fP line is given, Tor will use the default
-directory servers: moria1, moria2, and tor26.
+servers.  If the "v1" option is provided, Tor will use this server as an
+authority for old-style (v1) directories as well.  (Only directory mirrors
+care about this.) If no \fBdirserver\fP line is given, Tor will use the default
+directory servers: moria1, moria2, and tor26.  NOTE: this option is intended
+for setting up a private Tor network with its own directory authorities.  If
+you use it, you will be distinguishable from other users, because you won't
+believe the same authorities they do.
 .LP
 .TP
 \fBGroup \fR\fIGID\fP

src/config/torrc.complete.in

@@ -66,12 +66,20 @@
 ## (Default: 1 hour for clients, 20 minutes for servers)
 #DirFetchPeriod N seconds|minutes|hours|days|weeks
 
-## Use a nonstandard authoritative directory server at the pro-
-## vided address and port, with the specified key fingerprint.
-## This option can be repeated many times, for multiple authorita-
-## tive directory servers. If no dirserver line is given, Tor will
-## use the default directory servers: moria1, moria2, and tor26.
-#DirServer address:port fingerprint
+## Tor only trusts directories signed with one of these keys, and
+## uses the given addresses to connect to the trusted directory
+## servers. If no DirServer lines are specified, Tor uses the built-in
+## defaults (moria1, moria2, tor26), so you can leave this alone unless
+## you need to change it.
+##
+## WARNING! Changing these options will make your Tor behave
+## differently from everyone else's, and hurt your anonymity.  Even
+## uncommenting these lines is a bad idea.  They are the defaults now,
+## but the defaults may change in the future, leaving you behind.
+##
+#DirServer v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
+#DirServer v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
+#DirServer v1 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
 
 ## On startup, setgid to this user.
 #Group GID

src/config/torrc.sample.in

@@ -54,15 +54,6 @@ AllowUnverifiedNodes middle,rendezvous
 ## see the FAQ entry if you want Tor to run as an NT service.
 #RunAsDaemon 1
 
-## Tor only trusts directories signed with one of these keys, and
-## uses the given addresses to connect to the trusted directory
-## servers. If no DirServer lines are specified, Tor uses the built-in
-## defaults (moria1, moria2, tor26), so you can leave this alone unless
-## you need to change it.
-#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
-#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
-#DirServer 86.59.5.130:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
-
 ## The directory for keeping all the keys/etc. By default, we store
 ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
 #DataDirectory @LOCALSTATEDIR@/lib/tor

src/or/config.c

@@ -2101,6 +2101,7 @@ options_validate(or_options_t *options)
   if (!options->DirServers) {
     add_default_trusted_dirservers(options);
   } else {
+    log_fn(LOG_WARN, "You have used DirServer to specify directory authorities in your configuration.  This is potentially dangerous: it can make you look different from all other Tor users, and hurt your anonymity.  Even if you've specified the same authorities as Tor uses by default, the defaults could change in the future.  Be sure you know what you're doing.");
     for (cl = options->DirServers; cl; cl = cl->next) {
       if (parse_dir_server_line(cl->value, 1)<0)
         result = -1;