Commit c0483c7f authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Remove options for configuring HS authorities.

(There is no longer meaningfully any such thing as a HS authority,
since we stopped uploading or downloading v0 hs descriptors in
0.2.2.1-alpha.)

Implements #10881, and part of #10841.
parent dd3f2f63
o Removed code:
- Remove code for designating authorities as "Hidden service
authorities". There has been no use of hidden service authorities
since 0.2.2.1-alpha, when we stopped uploading or downloading v0
hidden service descriptors. Fixes bug 10881; part of a fix for bug
10841.
...@@ -334,9 +334,7 @@ GENERAL OPTIONS ...@@ -334,9 +334,7 @@ GENERAL OPTIONS
is. By default, every authority is authoritative for current ("v2")-style is. By default, every authority is authoritative for current ("v2")-style
directories, unless the "no-v2" flag is given. If the "v1" flags is directories, unless the "no-v2" flag is given. If the "v1" flags is
provided, Tor will use this server as an authority for old-style (v1) provided, Tor will use this server as an authority for old-style (v1)
directories as well. (Only directory mirrors care about this.) Tor will directories as well. (Only directory mirrors care about this.)
use this server as an authority for hidden service information if the "hs"
flag is set, or if the "v1" flag is set and the "no-hs" flag is **not** set.
Tor will use this authority as a bridge authoritative directory if the Tor will use this authority as a bridge authoritative directory if the
"bridge" flag is set. If a flag "orport=**port**" is given, Tor will use the "bridge" flag is set. If a flag "orport=**port**" is given, Tor will use the
given port when opening encrypted tunnels to the dirserver. If a flag given port when opening encrypted tunnels to the dirserver. If a flag
...@@ -365,17 +363,14 @@ GENERAL OPTIONS ...@@ -365,17 +363,14 @@ GENERAL OPTIONS
[[AlternateDirAuthority]] **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ + [[AlternateDirAuthority]] **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
[[AlternateHSAuthority]] **AlternateHSAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
[[AlternateBridgeAuthority]] **AlternateBridgeAuthority** [__nickname__] [**flags**] __address__:__port__ __ fingerprint__:: [[AlternateBridgeAuthority]] **AlternateBridgeAuthority** [__nickname__] [**flags**] __address__:__port__ __ fingerprint__::
These options behave as DirAuthority, but they replace fewer of the These options behave as DirAuthority, but they replace fewer of the
default directory authorities. Using default directory authorities. Using
AlternateDirAuthority replaces the default Tor directory authorities, but AlternateDirAuthority replaces the default Tor directory authorities, but
leaves the default hidden service authorities and bridge authorities in leaves the default bridge authorities in
place. Similarly, AlternateHSAuthority replaces the default hidden place. Similarly,
service authorities, but not the directory or bridge authorities; and
AlternateBridgeAuthority replaces the default bridge authority, AlternateBridgeAuthority replaces the default bridge authority,
but leaves the directory and hidden service authorities alone. but leaves the directory authorities alone.
[[DisableAllSwap]] **DisableAllSwap** **0**|**1**:: [[DisableAllSwap]] **DisableAllSwap** **0**|**1**::
If set to 1, Tor will attempt to lock all current and future memory pages, If set to 1, Tor will attempt to lock all current and future memory pages,
...@@ -1794,11 +1789,6 @@ if DirPort is non-zero): ...@@ -1794,11 +1789,6 @@ if DirPort is non-zero):
accept or publish descriptors that contradict a registered binding. See accept or publish descriptors that contradict a registered binding. See
**approved-routers** in the **FILES** section below. **approved-routers** in the **FILES** section below.
[[HSAuthoritativeDir]] **HSAuthoritativeDir** **0**|**1**::
When this option is set in addition to **AuthoritativeDirectory**, Tor also
accepts and serves v0 hidden service descriptors,
which are produced and used by Tor 0.2.1.x and older. (Default: 0)
[[HidServDirectoryV2]] **HidServDirectoryV2** **0**|**1**:: [[HidServDirectoryV2]] **HidServDirectoryV2** **0**|**1**::
When this option is set, Tor accepts and serves v2 hidden service When this option is set, Tor accepts and serves v2 hidden service
descriptors. Setting DirPort is not required for this, because clients descriptors. Setting DirPort is not required for this, because clients
......
...@@ -137,7 +137,7 @@ static config_var_t option_vars_[] = { ...@@ -137,7 +137,7 @@ static config_var_t option_vars_[] = {
V(AllowSingleHopExits, BOOL, "0"), V(AllowSingleHopExits, BOOL, "0"),
V(AlternateBridgeAuthority, LINELIST, NULL), V(AlternateBridgeAuthority, LINELIST, NULL),
V(AlternateDirAuthority, LINELIST, NULL), V(AlternateDirAuthority, LINELIST, NULL),
V(AlternateHSAuthority, LINELIST, NULL), OBSOLETE("AlternateHSAuthority"),
V(AssumeReachable, BOOL, "0"), V(AssumeReachable, BOOL, "0"),
V(AuthDirBadDir, LINELIST, NULL), V(AuthDirBadDir, LINELIST, NULL),
V(AuthDirBadDirCCs, CSV, ""), V(AuthDirBadDirCCs, CSV, ""),
...@@ -276,7 +276,7 @@ static config_var_t option_vars_[] = { ...@@ -276,7 +276,7 @@ static config_var_t option_vars_[] = {
VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL), VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
V(HidServAuth, LINELIST, NULL), V(HidServAuth, LINELIST, NULL),
V(HSAuthoritativeDir, BOOL, "0"), OBSOLETE("HSAuthoritativeDir"),
OBSOLETE("HSAuthorityRecordStats"), OBSOLETE("HSAuthorityRecordStats"),
V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"), V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"), V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
...@@ -904,8 +904,7 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options) ...@@ -904,8 +904,7 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options)
config_line_t *cl; config_line_t *cl;
if (options->DirAuthorities && if (options->DirAuthorities &&
(options->AlternateDirAuthority || options->AlternateBridgeAuthority || (options->AlternateDirAuthority || options->AlternateBridgeAuthority)) {
options->AlternateHSAuthority)) {
log_warn(LD_CONFIG, log_warn(LD_CONFIG,
"You cannot set both DirAuthority and Alternate*Authority."); "You cannot set both DirAuthority and Alternate*Authority.");
return -1; return -1;
...@@ -941,9 +940,6 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options) ...@@ -941,9 +940,6 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options)
for (cl = options->AlternateDirAuthority; cl; cl = cl->next) for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0) if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
return -1; return -1;
for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
return -1;
for (cl = options->FallbackDir; cl; cl = cl->next) for (cl = options->FallbackDir; cl; cl = cl->next)
if (parse_dir_fallback_line(cl->value, 1)<0) if (parse_dir_fallback_line(cl->value, 1)<0)
return -1; return -1;
...@@ -966,9 +962,7 @@ consider_adding_dir_servers(const or_options_t *options, ...@@ -966,9 +962,7 @@ consider_adding_dir_servers(const or_options_t *options,
!config_lines_eq(options->AlternateBridgeAuthority, !config_lines_eq(options->AlternateBridgeAuthority,
old_options->AlternateBridgeAuthority) || old_options->AlternateBridgeAuthority) ||
!config_lines_eq(options->AlternateDirAuthority, !config_lines_eq(options->AlternateDirAuthority,
old_options->AlternateDirAuthority) || old_options->AlternateDirAuthority);
!config_lines_eq(options->AlternateHSAuthority,
old_options->AlternateHSAuthority);
if (!need_to_update) if (!need_to_update)
return 0; /* all done */ return 0; /* all done */
...@@ -984,8 +978,6 @@ consider_adding_dir_servers(const or_options_t *options, ...@@ -984,8 +978,6 @@ consider_adding_dir_servers(const or_options_t *options,
if (!options->AlternateDirAuthority) if (!options->AlternateDirAuthority)
type |= V1_DIRINFO | V3_DIRINFO | EXTRAINFO_DIRINFO | type |= V1_DIRINFO | V3_DIRINFO | EXTRAINFO_DIRINFO |
MICRODESC_DIRINFO; MICRODESC_DIRINFO;
if (!options->AlternateHSAuthority)
type |= HIDSERV_DIRINFO;
add_default_trusted_dir_authorities(type); add_default_trusted_dir_authorities(type);
} }
if (!options->FallbackDir) if (!options->FallbackDir)
...@@ -1000,9 +992,6 @@ consider_adding_dir_servers(const or_options_t *options, ...@@ -1000,9 +992,6 @@ consider_adding_dir_servers(const or_options_t *options,
for (cl = options->AlternateDirAuthority; cl; cl = cl->next) for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0) if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
return -1; return -1;
for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
return -1;
for (cl = options->FallbackDir; cl; cl = cl->next) for (cl = options->FallbackDir; cl; cl = cl->next)
if (parse_dir_fallback_line(cl->value, 0)<0) if (parse_dir_fallback_line(cl->value, 0)<0)
return -1; return -1;
...@@ -2605,11 +2594,11 @@ options_validate(or_options_t *old_options, or_options_t *options, ...@@ -2605,11 +2594,11 @@ options_validate(or_options_t *old_options, or_options_t *options,
"extra-info documents. Setting DownloadExtraInfo."); "extra-info documents. Setting DownloadExtraInfo.");
options->DownloadExtraInfo = 1; options->DownloadExtraInfo = 1;
} }
if (!(options->BridgeAuthoritativeDir || options->HSAuthoritativeDir || if (!(options->BridgeAuthoritativeDir ||
options->V1AuthoritativeDir || options->V1AuthoritativeDir ||
options->V3AuthoritativeDir)) options->V3AuthoritativeDir))
REJECT("AuthoritativeDir is set, but none of " REJECT("AuthoritativeDir is set, but none of "
"(Bridge/HS/V1/V3)AuthoritativeDir is set."); "(Bridge/V1/V3)AuthoritativeDir is set.");
/* If we have a v3bandwidthsfile and it's broken, complain on startup */ /* If we have a v3bandwidthsfile and it's broken, complain on startup */
if (options->V3BandwidthsFile && !old_options) { if (options->V3BandwidthsFile && !old_options) {
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL); dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL);
...@@ -2629,10 +2618,6 @@ options_validate(or_options_t *old_options, or_options_t *options, ...@@ -2629,10 +2618,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
REJECT("FetchDirInfoExtraEarly requires that you also set " REJECT("FetchDirInfoExtraEarly requires that you also set "
"FetchDirInfoEarly"); "FetchDirInfoEarly");
if (options->HSAuthoritativeDir && proxy_mode(options))
REJECT("Running as authoritative v0 HS directory, but also configured "
"as a client.");
if (options->ConnLimit <= 0) { if (options->ConnLimit <= 0) {
tor_asprintf(msg, tor_asprintf(msg,
"ConnLimit must be greater than 0, but was set to %d", "ConnLimit must be greater than 0, but was set to %d",
...@@ -5031,7 +5016,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, ...@@ -5031,7 +5016,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
char digest[DIGEST_LEN]; char digest[DIGEST_LEN];
char v3_digest[DIGEST_LEN]; char v3_digest[DIGEST_LEN];
dirinfo_type_t type = 0; dirinfo_type_t type = 0;
int is_not_hidserv_authority = 0;
double weight = 1.0; double weight = 1.0;
items = smartlist_new(); items = smartlist_new();
...@@ -5052,11 +5036,11 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, ...@@ -5052,11 +5036,11 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
if (TOR_ISDIGIT(flag[0])) if (TOR_ISDIGIT(flag[0]))
break; break;
if (!strcasecmp(flag, "v1")) { if (!strcasecmp(flag, "v1")) {
type |= (V1_DIRINFO | HIDSERV_DIRINFO); type |= V1_DIRINFO;
} else if (!strcasecmp(flag, "hs")) { } else if (!strcasecmp(flag, "hs") ||
type |= HIDSERV_DIRINFO; !strcasecmp(flag, "no-hs")) {
} else if (!strcasecmp(flag, "no-hs")) { log_warn(LD_CONFIG, "The DirAuthority options 'hs' and 'no-hs' are "
is_not_hidserv_authority = 1; "obsolete; you don't need them any more.");
} else if (!strcasecmp(flag, "bridge")) { } else if (!strcasecmp(flag, "bridge")) {
type |= BRIDGE_DIRINFO; type |= BRIDGE_DIRINFO;
} else if (!strcasecmp(flag, "no-v2")) { } else if (!strcasecmp(flag, "no-v2")) {
...@@ -5093,8 +5077,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, ...@@ -5093,8 +5077,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
tor_free(flag); tor_free(flag);
smartlist_del_keeporder(items, 0); smartlist_del_keeporder(items, 0);
} }
if (is_not_hidserv_authority)
type &= ~HIDSERV_DIRINFO;
if (smartlist_len(items) < 2) { if (smartlist_len(items) < 2) {
log_warn(LD_CONFIG, "Too few arguments to DirAuthority line."); log_warn(LD_CONFIG, "Too few arguments to DirAuthority line.");
......
...@@ -155,8 +155,6 @@ authdir_type_to_string(dirinfo_type_t auth) ...@@ -155,8 +155,6 @@ authdir_type_to_string(dirinfo_type_t auth)
smartlist_add(lst, (void*)"V3"); smartlist_add(lst, (void*)"V3");
if (auth & BRIDGE_DIRINFO) if (auth & BRIDGE_DIRINFO)
smartlist_add(lst, (void*)"Bridge"); smartlist_add(lst, (void*)"Bridge");
if (auth & HIDSERV_DIRINFO)
smartlist_add(lst, (void*)"Hidden service");
if (smartlist_len(lst)) { if (smartlist_len(lst)) {
result = smartlist_join_strings(lst, ", ", 0, NULL); result = smartlist_join_strings(lst, ", ", 0, NULL);
} else { } else {
...@@ -3172,32 +3170,6 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers, ...@@ -3172,32 +3170,6 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
goto done; goto done;
} }
if (options->HSAuthoritativeDir && !strcmpstart(url,"/tor/rendezvous/")) {
/* rendezvous descriptor fetch */
const char *descp;
size_t desc_len;
const char *query = url+strlen("/tor/rendezvous/");
log_info(LD_REND, "Handling rendezvous descriptor get");
switch (rend_cache_lookup_desc(query, 0, &descp, &desc_len)) {
case 1: /* valid */
write_http_response_header_impl(conn, desc_len,
"application/octet-stream",
NULL, NULL, 0);
note_request("/tor/rendezvous?/", desc_len);
/* need to send descp separately, because it may include NULs */
connection_write_to_buf(descp, desc_len, TO_CONN(conn));
break;
case 0: /* well-formed but not present */
write_http_status_line(conn, 404, "Not found");
break;
case -1: /* not well-formed */
write_http_status_line(conn, 400, "Bad request");
break;
}
goto done;
}
if (options->BridgeAuthoritativeDir && if (options->BridgeAuthoritativeDir &&
options->BridgePassword_AuthDigest_ && options->BridgePassword_AuthDigest_ &&
connection_dir_is_encrypted(conn) && connection_dir_is_encrypted(conn) &&
...@@ -3397,22 +3369,6 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers, ...@@ -3397,22 +3369,6 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
goto done; goto done;
} }
if (options->HSAuthoritativeDir &&
!strcmpstart(url,"/tor/rendezvous/publish")) {
/* rendezvous descriptor post */
log_info(LD_REND, "Handling rendezvous descriptor post.");
if (rend_cache_store(body, body_len, 1, NULL) < 0) {
log_fn(LOG_PROTOCOL_WARN, LD_DIRSERV,
"Rejected rend descriptor (length %d) from %s.",
(int)body_len, conn->base_.address);
write_http_status_line(conn, 400,
"Invalid v0 service descriptor rejected");
} else {
write_http_status_line(conn, 200, "Service descriptor (v0) stored");
}
goto done;
}
if (authdir_mode_v3(options) && if (authdir_mode_v3(options) &&
!strcmp(url,"/tor/post/vote")) { /* v3 networkstatus vote */ !strcmp(url,"/tor/post/vote")) { /* v3 networkstatus vote */
const char *msg = "OK"; const char *msg = "OK";
......
...@@ -3542,8 +3542,6 @@ typedef struct { ...@@ -3542,8 +3542,6 @@ typedef struct {
* for version 1 directories? */ * for version 1 directories? */
int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
* for version 3 directories? */ * for version 3 directories? */
int HSAuthoritativeDir; /**< Boolean: does this an authoritative directory
* handle hidden service requests? */
int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory
* that's willing to bind names? */ * that's willing to bind names? */
int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
...@@ -3747,9 +3745,6 @@ typedef struct { ...@@ -3747,9 +3745,6 @@ typedef struct {
/** If set, use these bridge authorities and not the default one. */ /** If set, use these bridge authorities and not the default one. */
config_line_t *AlternateBridgeAuthority; config_line_t *AlternateBridgeAuthority;
/** If set, use these HS authorities and not the default ones. */
config_line_t *AlternateHSAuthority;
char *MyFamily; /**< Declared family for this OR. */ char *MyFamily; /**< Declared family for this OR. */
config_line_t *NodeFamilies; /**< List of config lines for config_line_t *NodeFamilies; /**< List of config lines for
* node families */ * node families */
......
...@@ -935,8 +935,7 @@ init_keys(void) ...@@ -935,8 +935,7 @@ init_keys(void)
type = ((options->V1AuthoritativeDir ? V1_DIRINFO : NO_DIRINFO) | type = ((options->V1AuthoritativeDir ? V1_DIRINFO : NO_DIRINFO) |
(options->V3AuthoritativeDir ? (options->V3AuthoritativeDir ?
(V3_DIRINFO|MICRODESC_DIRINFO|EXTRAINFO_DIRINFO) : NO_DIRINFO) | (V3_DIRINFO|MICRODESC_DIRINFO|EXTRAINFO_DIRINFO) : NO_DIRINFO) |
(options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO) | (options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO));
(options->HSAuthoritativeDir ? HIDSERV_DIRINFO : NO_DIRINFO));
ds = router_get_trusteddirserver_by_digest(digest); ds = router_get_trusteddirserver_by_digest(digest);
if (!ds) { if (!ds) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment