Commit 4976eca8 authored by David Goulet's avatar David Goulet 🔆 Committed by Nick Mathewson
Browse files

hs: Render obsolete Tor2web

Remove support for Tor2web in the code and build system. At this commit, tor
doesn't have Tor2web support anymore.

Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html



Close #26367
Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
parent f8766e88
o Removed features (hidden service, tor2web):
- Remove Tor2web functionalities. The Tor2webMode and
Tor2webRendezvousPoints options are now obsolete. Note that this feature
was never shipped in vanilla Tor and it was only possible to use this
feature by building the support at compile time. Closes ticket 26367.
......@@ -181,13 +181,6 @@ if test "$enable_local_appdata" = "yes"; then
[Defined if we default to host local appdata paths on Windows])
fi
# Tor2web mode flag
AC_ARG_ENABLE(tor2web-mode,
AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]),
[if test "x$enableval" = "xyes"; then
CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
fi])
AC_ARG_ENABLE(tool-name-check,
AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))
......
......@@ -1335,7 +1335,7 @@ The following options are useful only for clients (that is, if
to stick with them. This is desirable because constantly changing servers
increases the odds that an adversary who owns some servers will observe a
fraction of your paths. Entry Guards can not be used by Directory
Authorities, Single Onion Services, and Tor2web clients. In these cases,
Authorities, and Single Onion Services. In these cases,
the this option is ignored. (Default: 1)
[[GuardfractionFile]] **GuardfractionFile** __FILENAME__::
......@@ -1525,32 +1525,6 @@ The following options are useful only for clients (that is, if
Tor will look at the UseOptimisticData parameter in the networkstatus.
(Default: auto)
[[Tor2webMode]] **Tor2webMode** **0**|**1**::
When this option is set, Tor connects to hidden services
**non-anonymously**. This option also disables client connections to
non-hidden-service hostnames through Tor. It **must only** be used when
running a tor2web Hidden Service web proxy.
To enable this option the compile time flag --enable-tor2web-mode must be
specified. Since Tor2webMode is non-anonymous, you can not run an
anonymous Hidden Service on a tor version compiled with Tor2webMode.
(Default: 0)
[[Tor2webRendezvousPoints]] **Tor2webRendezvousPoints** __node__,__node__,__...__::
A list of identity fingerprints, nicknames, country codes and
address patterns of nodes that are allowed to be used as RPs
in HS circuits; any other nodes will not be used as RPs.
(Example:
Tor2webRendezvousPoints Fastyfasty, ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, \{cc}, 255.254.0.0/8) +
+
This feature can only be used if Tor2webMode is also enabled. +
+
ExcludeNodes have higher priority than Tor2webRendezvousPoints,
which means that nodes specified in ExcludeNodes will not be
picked as RPs. +
+
If no nodes in Tor2webRendezvousPoints are currently available for
use, Tor will choose a random node when building HS circuits.
[[HSLayer2Nodes]] **HSLayer2Nodes** __node__,__node__,__...__::
A list of identity fingerprints, nicknames, country codes, and
address patterns of nodes that are allowed to be used as the
......
......@@ -173,7 +173,6 @@ static config_abbrev_t option_abbrevs_[] = {
PLURAL(AuthDirRejectCC),
PLURAL(EntryNode),
PLURAL(ExcludeNode),
PLURAL(Tor2webRendezvousPoint),
PLURAL(FirewallPort),
PLURAL(LongLivedPort),
PLURAL(HiddenServiceNode),
......@@ -597,8 +596,8 @@ static config_var_t option_vars_[] = {
OBSOLETE("Support022HiddenServices"),
V(TestSocks, BOOL, "0"),
V(TokenBucketRefillInterval, MSEC_INTERVAL, "100 msec"),
V(Tor2webMode, BOOL, "0"),
V(Tor2webRendezvousPoints, ROUTERSET, NULL),
OBSOLETE("Tor2webMode"),
OBSOLETE("Tor2webRendezvousPoints"),
OBSOLETE("TLSECGroup"),
V(TrackHostExits, CSV, NULL),
V(TrackHostExitsExpire, INTERVAL, "30 minutes"),
......@@ -1697,8 +1696,7 @@ options_need_geoip_info(const or_options_t *options, const char **reason_out)
routerset_needs_geoip(options->ExcludeExitNodes) ||
routerset_needs_geoip(options->ExcludeNodes) ||
routerset_needs_geoip(options->HSLayer2Nodes) ||
routerset_needs_geoip(options->HSLayer3Nodes) ||
routerset_needs_geoip(options->Tor2webRendezvousPoints);
routerset_needs_geoip(options->HSLayer3Nodes);
if (routerset_usage && reason_out) {
*reason_out = "We've been configured to use (or avoid) nodes in certain "
......@@ -1881,27 +1879,6 @@ options_act(const or_options_t *old_options)
"in a non-anonymous mode. It will provide NO ANONYMITY.");
}
#ifdef ENABLE_TOR2WEB_MODE
/* LCOV_EXCL_START */
// XXXX This should move into options_validate()
if (!options->Tor2webMode) {
log_err(LD_CONFIG, "This copy of Tor was compiled to run in "
"'tor2web mode'. It can only be run with the Tor2webMode torrc "
"option enabled.");
return -1;
}
/* LCOV_EXCL_STOP */
#else /* !(defined(ENABLE_TOR2WEB_MODE)) */
// XXXX This should move into options_validate()
if (options->Tor2webMode) {
log_err(LD_CONFIG, "This copy of Tor was not compiled to run in "
"'tor2web mode'. It cannot be run with the Tor2webMode torrc "
"option enabled. To enable Tor2webMode recompile with the "
"--enable-tor2web-mode option.");
return -1;
}
#endif /* defined(ENABLE_TOR2WEB_MODE) */
/* If we are a bridge with a pluggable transport proxy but no
Extended ORPort, inform the user that they are missing out. */
if (server_mode(options) && options->ServerTransportPlugin &&
......@@ -2163,8 +2140,6 @@ options_act(const or_options_t *old_options)
options->HSLayer2Nodes) ||
!routerset_equal(old_options->HSLayer3Nodes,
options->HSLayer3Nodes) ||
!routerset_equal(old_options->Tor2webRendezvousPoints,
options->Tor2webRendezvousPoints) ||
options->StrictNodes != old_options->StrictNodes) {
log_info(LD_CIRC,
"Changed to using entry guards or bridges, or changed "
......@@ -3306,23 +3281,12 @@ options_validate_single_onion(or_options_t *options, char **msg)
options->NATDPort_set ||
options->DNSPort_set ||
options->HTTPTunnelPort_set);
if (rend_service_non_anonymous_mode_enabled(options) && client_port_set &&
!options->Tor2webMode) {
if (rend_service_non_anonymous_mode_enabled(options) && client_port_set) {
REJECT("HiddenServiceNonAnonymousMode is incompatible with using Tor as "
"an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
"revert HiddenServiceNonAnonymousMode to 0.");
}
/* If you run a hidden service in non-anonymous mode, the hidden service
* loses anonymity, even if SOCKSPort / Tor2web mode isn't used. */
if (!rend_service_non_anonymous_mode_enabled(options) &&
options->RendConfigLines && options->Tor2webMode) {
REJECT("Non-anonymous (Tor2web) mode is incompatible with using Tor as a "
"hidden service. Please remove all HiddenServiceDir lines, or use "
"a version of tor compiled without --enable-tor2web-mode, or use "
"HiddenServiceNonAnonymousMode.");
}
if (rend_service_allow_non_anonymous_connection(options)
&& options->UseEntryGuards) {
/* Single Onion services only use entry guards when uploading descriptors;
......@@ -3807,26 +3771,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
REJECT("CircuitsAvailableTimeout is too large. Max is 24 hours.");
}
#ifdef ENABLE_TOR2WEB_MODE
if (options->Tor2webMode && options->UseEntryGuards) {
/* tor2web mode clients do not (and should not) use entry guards
* in any meaningful way. Further, tor2web mode causes the hidden
* service client code to do things which break the path bias
* detector, and it's far easier to turn off entry guards (and
* thus the path bias detector with it) than to figure out how to
* make a piece of code which cannot possibly help tor2web mode
* users compatible with tor2web mode.
*/
log_notice(LD_CONFIG,
"Tor2WebMode is enabled; disabling UseEntryGuards.");
options->UseEntryGuards = 0;
}
#endif /* defined(ENABLE_TOR2WEB_MODE) */
if (options->Tor2webRendezvousPoints && !options->Tor2webMode) {
REJECT("Tor2webRendezvousPoints cannot be set without Tor2webMode.");
}
if (options->EntryNodes && !options->UseEntryGuards) {
REJECT("If EntryNodes is set, UseEntryGuards must be enabled.");
}
......
......@@ -256,14 +256,6 @@ struct or_options_t {
int AllDirActionsPrivate; /**< Should every directory action be sent
* through a Tor circuit? */
/** Run in 'tor2web mode'? (I.e. only make client connections to hidden
* services, and use a single hop for all hidden-service-related
* circuits.) */
int Tor2webMode;
/** A routerset that should be used when picking RPs for HS circuits. */
routerset_t *Tor2webRendezvousPoints;
/** A routerset that should be used when picking middle nodes for HS
* circuits. */
routerset_t *HSLayer2Nodes;
......@@ -537,9 +529,9 @@ struct or_options_t {
* of fixed nodes? */
int UseEntryGuards_option;
/** Internal variable to remember whether we're actually acting on
* UseEntryGuards_option -- when we're a non-anonymous Tor2web client or
* Single Onion Service, it is always false, otherwise we use the value of
* UseEntryGuards_option. */
* UseEntryGuards_option -- when we're a non-anonymous Single Onion Service,
* it is always false, otherwise we use the value of UseEntryGuards_option.
* */
int UseEntryGuards;
int NumEntryGuards; /**< How many entry guards do we try to establish? */
......
......@@ -1882,13 +1882,6 @@ channel_do_open_actions(channel_t *chan)
if (!get_options()->ConnectionPadding) {
/* Disable if torrc disabled */
channelpadding_disable_padding_on_channel(chan);
} else if (get_options()->Tor2webMode &&
!networkstatus_get_param(NULL,
CHANNELPADDING_TOR2WEB_PARAM,
CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1)) {
/* Disable if we're using tor2web and the consensus disabled padding
* for tor2web */
channelpadding_disable_padding_on_channel(chan);
} else if (rend_service_allow_non_anonymous_connection(get_options()) &&
!networkstatus_get_param(NULL,
CHANNELPADDING_SOS_PARAM,
......
......@@ -52,8 +52,6 @@ static int consensus_nf_conntimeout_clients;
static int consensus_nf_pad_before_usage;
/** Should we pad relay-to-relay connections? */
static int consensus_nf_pad_relays;
/** Should we pad tor2web connections? */
static int consensus_nf_pad_tor2web;
/** Should we pad rosos connections? */
static int consensus_nf_pad_single_onion;
......@@ -141,11 +139,6 @@ channelpadding_new_consensus_params(networkstatus_t *ns)
consensus_nf_pad_relays =
networkstatus_get_param(ns, "nf_pad_relays", 0, 0, 1);
consensus_nf_pad_tor2web =
networkstatus_get_param(ns,
CHANNELPADDING_TOR2WEB_PARAM,
CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1);
consensus_nf_pad_single_onion =
networkstatus_get_param(ns,
CHANNELPADDING_SOS_PARAM,
......@@ -740,15 +733,6 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
return CHANNELPADDING_WONTPAD;
}
if (options->Tor2webMode && !consensus_nf_pad_tor2web) {
/* If the consensus just changed values, this channel may still
* think padding is enabled. Negotiate it off. */
if (chan->padding_enabled)
channelpadding_disable_padding_on_channel(chan);
return CHANNELPADDING_WONTPAD;
}
if (rend_service_allow_non_anonymous_connection(options) &&
!consensus_nf_pad_single_onion) {
/* If the consensus just changed values, this channel may still
......
......@@ -13,8 +13,6 @@
#include "trunnel/channelpadding_negotiation.h"
#define CHANNELPADDING_TOR2WEB_PARAM "nf_pad_tor2web"
#define CHANNELPADDING_TOR2WEB_DEFAULT 1
#define CHANNELPADDING_SOS_PARAM "nf_pad_single_onion"
#define CHANNELPADDING_SOS_DEFAULT 1
......
......@@ -408,10 +408,10 @@ onion_populate_cpath(origin_circuit_t *circ)
* edge cases. */
tor_assert(circuit_get_cpath_len(circ));
if (circuit_can_use_tap(circ)) {
/* Circuits from clients to intro points, and hidden services to
* rend points do not support ntor, because the hidden service protocol
* does not include ntor onion keys. This is also true for Tor2web clients
* and Single Onion Services. */
/* Circuits from clients to intro points, and hidden services to rend
* points do not support ntor, because the hidden service protocol does
* not include ntor onion keys. This is also true for Single Onion
* Services. */
return 0;
}
......@@ -824,7 +824,6 @@ circuit_timeout_want_to_count_circ(const origin_circuit_t *circ)
* accordingly.
* Note that TAP handshakes in CREATE cells are only used for direct
* connections:
* - from Tor2web to intro points not in the client's consensus, and
* - from Single Onions to rend points not in the service's consensus.
* This is checked in onion_populate_cpath. */
static void
......@@ -1985,98 +1984,11 @@ choose_good_exit_server_general(router_crn_flags_t flags)
return NULL;
}
#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
/* The config option Tor2webRendezvousPoints has been set and we need
* to pick an RP out of that set. Make sure that the RP we choose is
* alive, and return it. Return NULL if no usable RP could be found in
* Tor2webRendezvousPoints. */
STATIC const node_t *
pick_tor2web_rendezvous_node(router_crn_flags_t flags,
const or_options_t *options)
{
const node_t *rp_node = NULL;
const int need_desc = (flags & CRN_NEED_DESC) != 0;
const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
smartlist_t *whitelisted_live_rps = smartlist_new();
smartlist_t *all_live_nodes = smartlist_new();
tor_assert(options->Tor2webRendezvousPoints);
/* Add all running nodes to all_live_nodes */
router_add_running_nodes_to_smartlist(all_live_nodes,
0, 0, 0,
need_desc,
pref_addr,
direct_conn);
/* Filter all_live_nodes to only add live *and* whitelisted RPs to
* the list whitelisted_live_rps. */
SMARTLIST_FOREACH_BEGIN(all_live_nodes, node_t *, live_node) {
if (routerset_contains_node(options->Tor2webRendezvousPoints, live_node)) {
smartlist_add(whitelisted_live_rps, live_node);
}
} SMARTLIST_FOREACH_END(live_node);
/* Honor ExcludeNodes */
if (options->ExcludeNodes) {
routerset_subtract_nodes(whitelisted_live_rps, options->ExcludeNodes);
}
/* Now pick randomly amongst the whitelisted RPs. No need to waste time
doing bandwidth load balancing, for most use cases
'whitelisted_live_rps' contains a single OR anyway. */
rp_node = smartlist_choose(whitelisted_live_rps);
if (!rp_node) {
log_warn(LD_REND, "Could not find a Rendezvous Point that suits "
"the purposes of Tor2webRendezvousPoints. Choosing random one.");
}
smartlist_free(whitelisted_live_rps);
smartlist_free(all_live_nodes);
return rp_node;
}
#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
/* Pick a Rendezvous Point for our HS circuits according to <b>flags</b>. */
static const node_t *
pick_rendezvous_node(router_crn_flags_t flags)
{
const or_options_t *options = get_options();
#ifdef ENABLE_TOR2WEB_MODE
/* We want to connect directly to the node if we can */
router_crn_flags_t direct_flags = flags;
direct_flags |= CRN_PREF_ADDR;
direct_flags |= CRN_DIRECT_CONN;
/* The user wants us to pick specific RPs. */
if (options->Tor2webRendezvousPoints) {
const node_t *tor2web_rp = pick_tor2web_rendezvous_node(direct_flags,
options);
if (tor2web_rp) {
return tor2web_rp;
}
}
/* Else, if no direct, preferred tor2web RP was found, fall back to choosing
* a random direct node */
const node_t *node = router_choose_random_node(NULL, options->ExcludeNodes,
direct_flags);
/* Return the direct node (if found), or log a message and fall back to an
* indirect connection. */
if (node) {
return node;
} else {
log_info(LD_REND,
"Unable to find a random rendezvous point that is reachable via "
"a direct connection, falling back to a 3-hop path.");
}
#endif /* defined(ENABLE_TOR2WEB_MODE) */
return router_choose_random_node(NULL, options->ExcludeNodes, flags);
}
......
......@@ -93,14 +93,10 @@ STATIC int
onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei,
int is_hs_v3_rp_circuit);
#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
enum router_crn_flags_t;
STATIC const node_t *pick_tor2web_rendezvous_node(
enum router_crn_flags_t flags,
const or_options_t *options);
#if defined(TOR_UNIT_TESTS)
unsigned int cpath_get_n_hops(crypt_path_t **head_ptr);
#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
#endif /* defined(TOR_UNIT_TESTS) */
#endif /* defined(CIRCUITBUILD_PRIVATE) */
......
......@@ -113,8 +113,7 @@ get_circuit_build_timeout_ms(void)
* 2. If the torrc option LearnCircuitBuildTimeout is false.
* 3. If we are a directory authority
* 4. If we fail to write circuit build time history to our state file.
* 5. If we are compiled or configured in Tor2web mode
* 6. If we are configured in Single Onion mode
* 5. If we are configured in Single Onion mode
*/
int
circuit_build_times_disabled(const or_options_t *options)
......@@ -136,7 +135,7 @@ circuit_build_times_disabled_(const or_options_t *options,
int config_disabled = !options->LearnCircuitBuildTimeout;
int dirauth_disabled = authdir_mode(options);
int state_disabled = did_last_state_file_write_fail() ? 1 : 0;
/* LearnCircuitBuildTimeout and Tor2web/Single Onion Services are
/* LearnCircuitBuildTimeout and Single Onion Services are
* incompatible in two ways:
*
* - LearnCircuitBuildTimeout results in a low CBT, which
......@@ -148,12 +147,11 @@ circuit_build_times_disabled_(const or_options_t *options,
*
* If we fix both of these issues someday, we should test
* these modes with LearnCircuitBuildTimeout on again. */
int tor2web_disabled = rend_client_allow_non_anonymous_connection(options);
int single_onion_disabled = rend_service_allow_non_anonymous_connection(
options);
if (consensus_disabled || config_disabled || dirauth_disabled ||
state_disabled || tor2web_disabled || single_onion_disabled) {
state_disabled || single_onion_disabled) {
#if 0
log_debug(LD_CIRC,
"CircuitBuildTime learning is disabled. "
......
......@@ -863,8 +863,7 @@ static time_t last_expired_clientside_circuits = 0;
/**
* As a diagnostic for bug 8387, log information about how many one-hop
* circuits we have around that have been there for at least <b>age</b>
* seconds. Log a few of them.
* Ignores Single Onion Service intro and Tor2web redezvous circuits, they are
* seconds. Log a few of them. Ignores Single Onion Service intro, it is
* expected to be long-term one-hop circuits.
*/
void
......@@ -889,10 +888,8 @@ circuit_log_ancient_one_hop_circuits(int age)
(circ->purpose == CIRCUIT_PURPOSE_S_INTRO ||
circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED))
continue;
/* Tor2web deliberately makes long term one-hop rend connections,
* particularly when Tor2webRendezvousPoints is used. We only ignore
* active rend point connections, if we take a long time to rendezvous,
* that's worth logging. */
/* We only ignore active rend point connections, if we take a long time
* to rendezvous, that's worth logging. */
if (rend_client_allow_non_anonymous_connection(options) &&
circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
continue;
......@@ -1999,7 +1996,7 @@ circuit_should_use_vanguards(uint8_t purpose)
* Return true for the set of conditions for which it is OK to use
* a cannibalized circuit.
*
* Don't cannibalize for onehops, or tor2web, or certain purposes.
* Don't cannibalize for onehops, or certain purposes.
*/
static int
circuit_should_cannibalize_to_build(uint8_t purpose_to_build,
......@@ -2008,8 +2005,7 @@ circuit_should_cannibalize_to_build(uint8_t purpose_to_build,
int need_specific_rp)
{
/* Do not try to cannibalize if this is a one hop circuit, or
* is a tor2web/special rp. */
/* Do not try to cannibalize if this is a one hop circuit. */
if (onehop_tunnel || need_specific_rp) {
return 0;
}
......@@ -2075,14 +2071,6 @@ circuit_launch_by_extend_info(uint8_t purpose,
return NULL;
}
/* If Tor2webRendezvousPoints is enabled and we are dealing with an
RP circuit, we want a specific RP node so we shouldn't canibalize
an already existing circuit. */
if (get_options()->Tor2webRendezvousPoints &&
purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
need_specific_rp = 1;
}
/* If we can/should cannibalize another circuit to build this one,
* then do so. */
if (circuit_should_cannibalize_to_build(purpose,
......@@ -2485,16 +2473,6 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
else
new_circ_purpose = desired_circuit_purpose;
#ifdef ENABLE_TOR2WEB_MODE
/* If tor2Web is on, then hidden service requests should be one-hop.
*/
if (options->Tor2webMode &&
(new_circ_purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND ||
new_circ_purpose == CIRCUIT_PURPOSE_C_INTRODUCING)) {
want_onehop = 1;
}
#endif /* defined(ENABLE_TOR2WEB_MODE) */
/* Determine what kind of a circuit to launch, and actually launch it. */
{
int flags = CIRCLAUNCH_NEED_CAPACITY;
......
......@@ -1835,18 +1835,6 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
return -1;
}
#ifdef ENABLE_TOR2WEB_MODE
/* If we're running in Tor2webMode, we don't allow anything BUT .onion
* addresses. */
if (options->Tor2webMode) {
log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname "
"or IP address %s because tor2web mode is enabled.",
safe_str_client(socks->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
return -1;
}
#endif /* defined(ENABLE_TOR2WEB_MODE) */
/* socks->address is a non-onion hostname or IP address.
* If we can't do any non-onion requests, refuse the connection.
* If we have a hostname but can't do DNS, refuse the connection.
......
......@@ -103,10 +103,6 @@ struct curve25519_public_key_t;
#define cell_t tor_cell_t
#endif
#ifdef ENABLE_TOR2WEB_MODE
#define NON_ANONYMOUS_MODE_ENABLED 1
#endif
/** Helper macro: Given a pointer to to.base_, of type from*, return &to. */
#define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_))
......
......@@ -803,10 +803,8 @@ directory_choose_address_routerstatus(const routerstatus_t *status,
* allowed by the firewall.
*
* (When Tor uploads and downloads a hidden service descriptor, it uses
* DIRIND_ANONYMOUS, except for Tor2Web, which uses DIRIND_ONEHOP.
* So this code will only modify the address for Tor2Web's HS descriptor
* fetches. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS, to avoid
* HSDirs denying service by rejecting descriptors.)
* DIRIND_ANONYMOUS. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS,
* to avoid HSDirs denying service by rejecting descriptors.)
*/
/* Initialise the OR / Dir addresses */
......
......@@ -449,12 +449,7 @@ directory_get_from_hs_dir(const char *desc_id,
char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
const rend_data_v2_t *rend_data;
#ifdef ENABLE_TOR2WEB_MODE
const int tor2web_mode = get_options()->Tor2webMode;
const int how_to_fetch = tor2web_mode ? DIRIND_ONEHOP : DIRIND_ANONYMOUS;
#else
const int how_to_fetch = DIRIND_ANONYMOUS;
#endif /* defined(ENABLE_TOR2WEB_MODE) */
tor_assert(desc_id);
tor_assert(rend_query);
......@@ -1226,15 +1221,12 @@ rend_parse_service_authorization(const or_options_t *options,
/* Can Tor client code make direct (non-anonymous) connections to introduction
* or rendezvous points?
* Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED, and is
* configured in Tor2web mode. */
* Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED. */
int
rend_client_allow_non_anonymous_connection(const or_options_t *options)
{
/* Tor2web support needs to be compiled in to a tor binary. */
#ifdef NON_ANONYMOUS_MODE_ENABLED
/* Tor2web */
return options->Tor2webMode ? 1 : 0;
return 1;
#else
(void)options;
return 0;
......@@ -1247,9 +1239,7 @@ int
rend_client_non_anonymous_mode_enabled(const or_options_t *options)
{
(void)options;
/* Tor2web support needs to be compiled in to a tor binary. */
#ifdef NON_ANONYMOUS_MODE_ENABLED
/* Tor2web */
return 1;
#else
return 0;
......
......@@ -983,7 +983,7 @@ rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out,
* Onion services can be configured to start in this mode.
* Prefer rend_client_allow_non_anonymous_connection() or
* rend_service_allow_non_anonymous_connection() whenever possible, so that
* checks are specific to Single Onion Services or Tor2web. */
* checks are specific to Single Onion Services. */
int
rend_allow_non_anonymous_connection(const or_options_t* options)
{
......@@ -996,7 +996,7 @@ rend_allow_non_anonymous_connection(const or_options_t* options)
* Onion services can be configured to start in this mode.
* Prefer rend_client_non_anonymous_mode_enabled() or
* rend_service_non_anonymous_mode_enabled() whenever possible, so that checks
* are specific to Single Onion Services or Tor2web. */
* are specific to Single Onion Services. */
int
rend_non_anonymous_mode_enabled(const or_options_t *options)
{
......@@ -1007,9 +1007,9 @@ rend_non_anonymous_mode_enabled(const or_options_t *options)
/* Make sure that tor only builds one-hop circuits when they would not
* compromise user anonymity.
*
* One-hop circuits are permitted in Tor2web or Single Onion modes.
* One-hop circuits are permitted in Single Onion modes.
*