commit 330aec798b9a880b1f0abd65a6b7a180f7929992 Author: David Goulet dgoulet@torproject.org Date: Tue Feb 16 10:08:58 2021 -0500
man: Cleanup of v2 options and config
Signed-off-by: David Goulet dgoulet@torproject.org --- doc/man/tor.1.txt | 40 +++------------------------------------- src/app/config/config.c | 5 +++-- src/feature/hs/hs_options.inc | 1 - src/test/test_hs_config.c | 16 ---------------- 4 files changed, 6 insertions(+), 56 deletions(-)
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt index 0cfda9482b..3538d94b8e 100644 --- a/doc/man/tor.1.txt +++ b/doc/man/tor.1.txt @@ -1241,16 +1241,6 @@ The following options are useful only for clients (that is, if **FascistFirewall** is set. This option is deprecated; use ReachableAddresses instead. (Default: 80, 443)
-[[HidServAuth]] **HidServAuth** __onion-address__ __auth-cookie__ [__service-name__]:: - Client authorization for a v2 hidden service. Valid onion addresses contain 16 - characters in a-z2-7 plus ".onion", and valid auth cookies contain 22 - characters in A-Za-z0-9+/. The service name is only used for internal - purposes, e.g., for Tor controllers. This option may be used multiple times - for different hidden services. If a hidden service uses authorization and - this option is not set, the hidden service is not accessible. Hidden - services can be configured to require authorization using the - **HiddenServiceAuthorizeClient** option. - [[HTTPTunnelPort]] **HTTPTunnelPort** ['address'**:**]{empty}__port__|**auto** [_isolation flags_]:: Open this port to listen for proxy connections using the "HTTP CONNECT" protocol instead of SOCKS. Set this to @@ -3215,20 +3205,6 @@ The next section describes the per service options that can only be set not an authorization mechanism; it is instead meant to be a mild inconvenience to port-scanners.) (Default: 0)
-[[HiddenServiceAuthorizeClient]] **HiddenServiceAuthorizeClient** __auth-type__ __client-name__,__client-name__,__...__:: - If configured, the v2 hidden service is accessible for authorized clients - only. The auth-type can either be 'basic' for a general-purpose - authorization protocol or 'stealth' for a less scalable protocol that also - hides service activity from unauthorized clients. Only clients that are - listed here are authorized to access the hidden service. Valid client names - are 1 to 16 characters long and only use characters in A-Za-z0-9+-_ (no - spaces). If this option is set, the hidden service is not accessible for - clients without authorization any more. Generated authorization data can be - found in the hostname file. Clients need to put this authorization data in - their configuration file using **HidServAuth**. This option is only for v2 - services; v3 services configure client authentication in a subdirectory of - HiddenServiceDir instead (see <<client-authorization,CLIENT AUTHORIZATION>>). - [[HiddenServiceDir]] **HiddenServiceDir** __DIRECTORY__:: Store data files for a hidden service in DIRECTORY. Every hidden service must have a separate directory. You may use this option multiple times to @@ -3323,7 +3299,7 @@ The next section describes the per service options that can only be set
[[HiddenServiceNumIntroductionPoints]] **HiddenServiceNumIntroductionPoints** __NUM__:: Number of introduction points the hidden service will have. You can't - have more than 10 for v2 service and 20 for v3. (Default: 3) + have more than 20. (Default: 3)
[[HiddenServicePort]] **HiddenServicePort** __VIRTPORT__ [__TARGET__]:: Configure a virtual port VIRTPORT for a hidden service. You may use this @@ -3337,17 +3313,9 @@ The next section describes the per service options that can only be set connects to that VIRTPORT, one of the TARGETs from those lines will be chosen at random. Note that address-port pairs have to be comma-separated.
-[[HiddenServiceVersion]] **HiddenServiceVersion** **2**|**3**:: +[[HiddenServiceVersion]] **HiddenServiceVersion** **3**:: A list of rendezvous service descriptor versions to publish for the hidden - service. Currently, versions 2 and 3 are supported. (Default: 3) - -[[RendPostPeriod]] **RendPostPeriod** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: - Every time the specified period elapses, Tor uploads any rendezvous - service descriptors to the directory servers. This information is also - uploaded whenever it changes. Minimum value allowed is 10 minutes and - maximum is 3.5 days. This option is only for v2 services. - (Default: 1 hour) - + service. Currently, only version 3 is supported. (Default: 3)
**PER INSTANCE OPTIONS:** @@ -3396,8 +3364,6 @@ The next section describes the per service options that can only be set [[client-authorization]] == CLIENT AUTHORIZATION
-(Version 3 only) - Service side:
To configure client authorization on the service side, the diff --git a/src/app/config/config.c b/src/app/config/config.c index abb408767c..1ac460bac0 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -483,12 +483,13 @@ static const config_var_t option_vars_[] = { V(MainloopStats, BOOL, "0"), V(HashedControlPassword, LINELIST, NULL), OBSOLETE("HidServDirectoryV2"), + OBSOLETE("HiddenServiceAuthorizeClient"), + OBSOLETE("HidServAuth"), VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceDirGroupReadable", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL), VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL), - VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL), VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL), @@ -616,7 +617,7 @@ static const config_var_t option_vars_[] = { V(RejectPlaintextPorts, CSV, ""), V(RelayBandwidthBurst, MEMUNIT, "0"), V(RelayBandwidthRate, MEMUNIT, "0"), - V(RendPostPeriod, INTERVAL, "1 hour"), + V(RendPostPeriod, INTERVAL, "1 hour"), /* Used internally. */ V(RephistTrackTime, INTERVAL, "24 hours"), V_IMMUTABLE(RunAsDaemon, BOOL, "0"), V(ReducedExitPolicy, BOOL, "0"), diff --git a/src/feature/hs/hs_options.inc b/src/feature/hs/hs_options.inc index 1a1444fd05..d3ca688b46 100644 --- a/src/feature/hs/hs_options.inc +++ b/src/feature/hs/hs_options.inc @@ -22,7 +22,6 @@ CONF_VAR(HiddenServiceDirGroupReadable, BOOL, 0, "0") CONF_VAR(HiddenServicePort, LINELIST, 0, NULL) // "-1" means "auto" here. CONF_VAR(HiddenServiceVersion, INT, 0, "-1") -CONF_VAR(HiddenServiceAuthorizeClient, STRING, 0, NULL) CONF_VAR(HiddenServiceAllowUnknownPorts, BOOL, 0, "0") CONF_VAR(HiddenServiceMaxStreams, POSINT, 0, "0") CONF_VAR(HiddenServiceMaxStreamsCloseCircuit, BOOL, 0, "0") diff --git a/src/test/test_hs_config.c b/src/test/test_hs_config.c index 104e5effbb..66aa956ca7 100644 --- a/src/test/test_hs_config.c +++ b/src/test/test_hs_config.c @@ -243,22 +243,6 @@ test_invalid_service_v3(void *arg) teardown_capture_of_logs(); }
- /* v2-specific HiddenServiceAuthorizeClient set. */ - { - const char *conf = - "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n" - "HiddenServiceVersion 3\n" - "HiddenServiceAuthorizeClient stealth client1\n"; - setup_full_capture_of_logs(LOG_WARN); - ret = helper_config_service(conf, validate_only); - tt_int_op(ret, OP_EQ, -1); - expect_log_msg_containing("Hidden service option " - "HiddenServiceAuthorizeClient is incompatible " - "with version 3 of service in " - "/tmp/tor-test-hs-RANDOM/hs1"); - teardown_capture_of_logs(); - } - done: ; }
tor-commits@lists.torproject.org