[tor-commits] [tor/master] Remove options for configuring HS authorities.
nickm at torproject.org
nickm at torproject.org
Tue Feb 11 16:43:58 UTC 2014
commit c0483c7f851b2aa1933fb591eb0ca8f66b162022
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Feb 10 22:41:52 2014 -0500
Remove options for configuring HS authorities.
(There is no longer meaningfully any such thing as a HS authority,
since we stopped uploading or downloading v0 hs descriptors in
0.2.2.1-alpha.)
Implements #10881, and part of #10841.
---
changes/bug10881 | 7 +++++++
doc/tor.1.txt | 18 ++++--------------
src/or/config.c | 40 +++++++++++-----------------------------
src/or/directory.c | 44 --------------------------------------------
src/or/or.h | 5 -----
src/or/router.c | 3 +--
6 files changed, 23 insertions(+), 94 deletions(-)
diff --git a/changes/bug10881 b/changes/bug10881
new file mode 100644
index 0000000..3fcc90e
--- /dev/null
+++ b/changes/bug10881
@@ -0,0 +1,7 @@
+ o Removed code:
+
+ - Remove code for designating authorities as "Hidden service
+ authorities". There has been no use of hidden service authorities
+ since 0.2.2.1-alpha, when we stopped uploading or downloading v0
+ hidden service descriptors. Fixes bug 10881; part of a fix for bug
+ 10841.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index ee1e086..e66fad2 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -334,9 +334,7 @@ GENERAL OPTIONS
is. By default, every authority is authoritative for current ("v2")-style
directories, unless the "no-v2" flag is given. If the "v1" flags is
provided, Tor will use this server as an authority for old-style (v1)
- directories as well. (Only directory mirrors care about this.) Tor will
- use this server as an authority for hidden service information if the "hs"
- flag is set, or if the "v1" flag is set and the "no-hs" flag is **not** set.
+ directories as well. (Only directory mirrors care about this.)
Tor will use this authority as a bridge authoritative directory if the
"bridge" flag is set. If a flag "orport=**port**" is given, Tor will use the
given port when opening encrypted tunnels to the dirserver. If a flag
@@ -365,17 +363,14 @@ GENERAL OPTIONS
[[AlternateDirAuthority]] **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
-[[AlternateHSAuthority]] **AlternateHSAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
-
[[AlternateBridgeAuthority]] **AlternateBridgeAuthority** [__nickname__] [**flags**] __address__:__port__ __ fingerprint__::
These options behave as DirAuthority, but they replace fewer of the
default directory authorities. Using
AlternateDirAuthority replaces the default Tor directory authorities, but
- leaves the default hidden service authorities and bridge authorities in
- place. Similarly, AlternateHSAuthority replaces the default hidden
- service authorities, but not the directory or bridge authorities; and
+ leaves the default bridge authorities in
+ place. Similarly,
AlternateBridgeAuthority replaces the default bridge authority,
- but leaves the directory and hidden service authorities alone.
+ but leaves the directory authorities alone.
[[DisableAllSwap]] **DisableAllSwap** **0**|**1**::
If set to 1, Tor will attempt to lock all current and future memory pages,
@@ -1794,11 +1789,6 @@ if DirPort is non-zero):
accept or publish descriptors that contradict a registered binding. See
**approved-routers** in the **FILES** section below.
-[[HSAuthoritativeDir]] **HSAuthoritativeDir** **0**|**1**::
- When this option is set in addition to **AuthoritativeDirectory**, Tor also
- accepts and serves v0 hidden service descriptors,
- which are produced and used by Tor 0.2.1.x and older. (Default: 0)
-
[[HidServDirectoryV2]] **HidServDirectoryV2** **0**|**1**::
When this option is set, Tor accepts and serves v2 hidden service
descriptors. Setting DirPort is not required for this, because clients
diff --git a/src/or/config.c b/src/or/config.c
index e7847d5..d298177 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -137,7 +137,7 @@ static config_var_t option_vars_[] = {
V(AllowSingleHopExits, BOOL, "0"),
V(AlternateBridgeAuthority, LINELIST, NULL),
V(AlternateDirAuthority, LINELIST, NULL),
- V(AlternateHSAuthority, LINELIST, NULL),
+ OBSOLETE("AlternateHSAuthority"),
V(AssumeReachable, BOOL, "0"),
V(AuthDirBadDir, LINELIST, NULL),
V(AuthDirBadDirCCs, CSV, ""),
@@ -276,7 +276,7 @@ static config_var_t option_vars_[] = {
VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
V(HidServAuth, LINELIST, NULL),
- V(HSAuthoritativeDir, BOOL, "0"),
+ OBSOLETE("HSAuthoritativeDir"),
OBSOLETE("HSAuthorityRecordStats"),
V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
@@ -904,8 +904,7 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options)
config_line_t *cl;
if (options->DirAuthorities &&
- (options->AlternateDirAuthority || options->AlternateBridgeAuthority ||
- options->AlternateHSAuthority)) {
+ (options->AlternateDirAuthority || options->AlternateBridgeAuthority)) {
log_warn(LD_CONFIG,
"You cannot set both DirAuthority and Alternate*Authority.");
return -1;
@@ -941,9 +940,6 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options)
for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
return -1;
- for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
- if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
- return -1;
for (cl = options->FallbackDir; cl; cl = cl->next)
if (parse_dir_fallback_line(cl->value, 1)<0)
return -1;
@@ -966,9 +962,7 @@ consider_adding_dir_servers(const or_options_t *options,
!config_lines_eq(options->AlternateBridgeAuthority,
old_options->AlternateBridgeAuthority) ||
!config_lines_eq(options->AlternateDirAuthority,
- old_options->AlternateDirAuthority) ||
- !config_lines_eq(options->AlternateHSAuthority,
- old_options->AlternateHSAuthority);
+ old_options->AlternateDirAuthority);
if (!need_to_update)
return 0; /* all done */
@@ -984,8 +978,6 @@ consider_adding_dir_servers(const or_options_t *options,
if (!options->AlternateDirAuthority)
type |= V1_DIRINFO | V3_DIRINFO | EXTRAINFO_DIRINFO |
MICRODESC_DIRINFO;
- if (!options->AlternateHSAuthority)
- type |= HIDSERV_DIRINFO;
add_default_trusted_dir_authorities(type);
}
if (!options->FallbackDir)
@@ -1000,9 +992,6 @@ consider_adding_dir_servers(const or_options_t *options,
for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
return -1;
- for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
- if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
- return -1;
for (cl = options->FallbackDir; cl; cl = cl->next)
if (parse_dir_fallback_line(cl->value, 0)<0)
return -1;
@@ -2605,11 +2594,11 @@ options_validate(or_options_t *old_options, or_options_t *options,
"extra-info documents. Setting DownloadExtraInfo.");
options->DownloadExtraInfo = 1;
}
- if (!(options->BridgeAuthoritativeDir || options->HSAuthoritativeDir ||
+ if (!(options->BridgeAuthoritativeDir ||
options->V1AuthoritativeDir ||
options->V3AuthoritativeDir))
REJECT("AuthoritativeDir is set, but none of "
- "(Bridge/HS/V1/V3)AuthoritativeDir is set.");
+ "(Bridge/V1/V3)AuthoritativeDir is set.");
/* If we have a v3bandwidthsfile and it's broken, complain on startup */
if (options->V3BandwidthsFile && !old_options) {
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL);
@@ -2629,10 +2618,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
REJECT("FetchDirInfoExtraEarly requires that you also set "
"FetchDirInfoEarly");
- if (options->HSAuthoritativeDir && proxy_mode(options))
- REJECT("Running as authoritative v0 HS directory, but also configured "
- "as a client.");
-
if (options->ConnLimit <= 0) {
tor_asprintf(msg,
"ConnLimit must be greater than 0, but was set to %d",
@@ -5031,7 +5016,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
char digest[DIGEST_LEN];
char v3_digest[DIGEST_LEN];
dirinfo_type_t type = 0;
- int is_not_hidserv_authority = 0;
double weight = 1.0;
items = smartlist_new();
@@ -5052,11 +5036,11 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
if (TOR_ISDIGIT(flag[0]))
break;
if (!strcasecmp(flag, "v1")) {
- type |= (V1_DIRINFO | HIDSERV_DIRINFO);
- } else if (!strcasecmp(flag, "hs")) {
- type |= HIDSERV_DIRINFO;
- } else if (!strcasecmp(flag, "no-hs")) {
- is_not_hidserv_authority = 1;
+ type |= V1_DIRINFO;
+ } else if (!strcasecmp(flag, "hs") ||
+ !strcasecmp(flag, "no-hs")) {
+ log_warn(LD_CONFIG, "The DirAuthority options 'hs' and 'no-hs' are "
+ "obsolete; you don't need them any more.");
} else if (!strcasecmp(flag, "bridge")) {
type |= BRIDGE_DIRINFO;
} else if (!strcasecmp(flag, "no-v2")) {
@@ -5093,8 +5077,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
tor_free(flag);
smartlist_del_keeporder(items, 0);
}
- if (is_not_hidserv_authority)
- type &= ~HIDSERV_DIRINFO;
if (smartlist_len(items) < 2) {
log_warn(LD_CONFIG, "Too few arguments to DirAuthority line.");
diff --git a/src/or/directory.c b/src/or/directory.c
index ec1e776..c86f87e 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -155,8 +155,6 @@ authdir_type_to_string(dirinfo_type_t auth)
smartlist_add(lst, (void*)"V3");
if (auth & BRIDGE_DIRINFO)
smartlist_add(lst, (void*)"Bridge");
- if (auth & HIDSERV_DIRINFO)
- smartlist_add(lst, (void*)"Hidden service");
if (smartlist_len(lst)) {
result = smartlist_join_strings(lst, ", ", 0, NULL);
} else {
@@ -3172,32 +3170,6 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
goto done;
}
- if (options->HSAuthoritativeDir && !strcmpstart(url,"/tor/rendezvous/")) {
- /* rendezvous descriptor fetch */
- const char *descp;
- size_t desc_len;
- const char *query = url+strlen("/tor/rendezvous/");
-
- log_info(LD_REND, "Handling rendezvous descriptor get");
- switch (rend_cache_lookup_desc(query, 0, &descp, &desc_len)) {
- case 1: /* valid */
- write_http_response_header_impl(conn, desc_len,
- "application/octet-stream",
- NULL, NULL, 0);
- note_request("/tor/rendezvous?/", desc_len);
- /* need to send descp separately, because it may include NULs */
- connection_write_to_buf(descp, desc_len, TO_CONN(conn));
- break;
- case 0: /* well-formed but not present */
- write_http_status_line(conn, 404, "Not found");
- break;
- case -1: /* not well-formed */
- write_http_status_line(conn, 400, "Bad request");
- break;
- }
- goto done;
- }
-
if (options->BridgeAuthoritativeDir &&
options->BridgePassword_AuthDigest_ &&
connection_dir_is_encrypted(conn) &&
@@ -3397,22 +3369,6 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
goto done;
}
- if (options->HSAuthoritativeDir &&
- !strcmpstart(url,"/tor/rendezvous/publish")) {
- /* rendezvous descriptor post */
- log_info(LD_REND, "Handling rendezvous descriptor post.");
- if (rend_cache_store(body, body_len, 1, NULL) < 0) {
- log_fn(LOG_PROTOCOL_WARN, LD_DIRSERV,
- "Rejected rend descriptor (length %d) from %s.",
- (int)body_len, conn->base_.address);
- write_http_status_line(conn, 400,
- "Invalid v0 service descriptor rejected");
- } else {
- write_http_status_line(conn, 200, "Service descriptor (v0) stored");
- }
- goto done;
- }
-
if (authdir_mode_v3(options) &&
!strcmp(url,"/tor/post/vote")) { /* v3 networkstatus vote */
const char *msg = "OK";
diff --git a/src/or/or.h b/src/or/or.h
index b63b1ff..5d19587 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3542,8 +3542,6 @@ typedef struct {
* for version 1 directories? */
int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
* for version 3 directories? */
- int HSAuthoritativeDir; /**< Boolean: does this an authoritative directory
- * handle hidden service requests? */
int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory
* that's willing to bind names? */
int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
@@ -3747,9 +3745,6 @@ typedef struct {
/** If set, use these bridge authorities and not the default one. */
config_line_t *AlternateBridgeAuthority;
- /** If set, use these HS authorities and not the default ones. */
- config_line_t *AlternateHSAuthority;
-
char *MyFamily; /**< Declared family for this OR. */
config_line_t *NodeFamilies; /**< List of config lines for
* node families */
diff --git a/src/or/router.c b/src/or/router.c
index fd0df52..b964283 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -935,8 +935,7 @@ init_keys(void)
type = ((options->V1AuthoritativeDir ? V1_DIRINFO : NO_DIRINFO) |
(options->V3AuthoritativeDir ?
(V3_DIRINFO|MICRODESC_DIRINFO|EXTRAINFO_DIRINFO) : NO_DIRINFO) |
- (options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO) |
- (options->HSAuthoritativeDir ? HIDSERV_DIRINFO : NO_DIRINFO));
+ (options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO));
ds = router_get_trusteddirserver_by_digest(digest);
if (!ds) {
More information about the tor-commits
mailing list