From 3bc0d22f691eb1ec5534ade3852a12c00e52bd77 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 6 Jun 2021 17:41:48 +0200 Subject: [PATCH] Add --allow-odoh-post --- src/config.rs | 7 +++++++ src/libdoh/src/globals.rs | 1 + src/libdoh/src/lib.rs | 10 ++++++---- src/main.rs | 1 + 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/src/config.rs b/src/config.rs index 34b7f9a..ebe4eb4 100644 --- a/src/config.rs +++ b/src/config.rs @@ -128,6 +128,12 @@ pub fn parse_opts(globals: &mut Globals) { .short("P") .long("disable-post") .help("Disable POST queries"), + ) + .arg( + Arg::with_name("allow_odoh_post") + .short("O") + .long("allow-odoh-post") + .help("Allow POST queries over ODoH even with they have been disabed for DoH"), ); #[cfg(feature = "tls")] @@ -183,6 +189,7 @@ pub fn parse_opts(globals: &mut Globals) { globals.err_ttl = matches.value_of("err_ttl").unwrap().parse().unwrap(); globals.keepalive = !matches.is_present("disable_keepalive"); globals.disable_post = matches.is_present("disable_post"); + globals.allow_odoh_post = matches.is_present("allow_odoh_post"); #[cfg(feature = "tls")] { diff --git a/src/libdoh/src/globals.rs b/src/libdoh/src/globals.rs index 2e8f002..df32cbd 100644 --- a/src/libdoh/src/globals.rs +++ b/src/libdoh/src/globals.rs @@ -29,6 +29,7 @@ pub struct Globals { pub err_ttl: u32, pub keepalive: bool, pub disable_post: bool, + pub allow_odoh_post: bool, pub odoh_configs_path: String, pub odoh_rotator: Arc, diff --git a/src/libdoh/src/lib.rs b/src/libdoh/src/lib.rs index 5c1483c..10e92e8 100644 --- a/src/libdoh/src/lib.rs +++ b/src/libdoh/src/lib.rs @@ -122,10 +122,6 @@ impl DoH { } async fn serve_post(&self, req: Request) -> Result, http::Error> { - if self.globals.disable_post { - return http_error(StatusCode::METHOD_NOT_ALLOWED); - } - match Self::parse_content_type(&req) { Ok(DoHType::Standard) => self.serve_doh_post(req).await, Ok(DoHType::Oblivious) => self.serve_odoh_post(req).await, @@ -178,6 +174,9 @@ impl DoH { } async fn serve_doh_post(&self, req: Request) -> Result, http::Error> { + if self.globals.disable_post { + return http_error(StatusCode::METHOD_NOT_ALLOWED); + } let query = match self.read_body(req.into_body()).await { Ok(q) => q, Err(e) => return http_error(StatusCode::from(e)), @@ -221,6 +220,9 @@ impl DoH { } async fn serve_odoh_post(&self, req: Request) -> Result, http::Error> { + if self.globals.disable_post && !self.globals.allow_odoh_post { + return http_error(StatusCode::METHOD_NOT_ALLOWED); + } let encrypted_query = match self.read_body(req.into_body()).await { Ok(q) => q, Err(e) => return http_error(StatusCode::from(e)), diff --git a/src/main.rs b/src/main.rs index 86ecfe0..582724c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -49,6 +49,7 @@ fn main() { err_ttl: ERR_TTL, keepalive: true, disable_post: false, + allow_odoh_post: false, odoh_configs_path: ODOH_CONFIGS_PATH.to_string(), odoh_rotator: Arc::new(rotator),