sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove options for configuring HS authorities. 

(There is no longer meaningfully any such thing as a HS authority,
since we stopped uploading or downloading v0 hs descriptors in
0.2.2.1-alpha.)

Implements #10881, and part of #10841.
This commit is contained in:
Nick Mathewson 2014-02-10 22:41:52 -05:00
parent dd3f2f6332
commit c0483c7f85
6 changed files with 23 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
changes/bug10881 Normal file
View File

@ -0,0 +1,7 @@
o Removed code:
- Remove code for designating authorities as "Hidden service
authorities". There has been no use of hidden service authorities
since 0.2.2.1-alpha, when we stopped uploading or downloading v0
hidden service descriptors. Fixes bug 10881; part of a fix for bug
10841.

18
doc/tor.1.txt
View File

@ -334,9 +334,7 @@ GENERAL OPTIONS
is. By default, every authority is authoritative for current ("v2")-style
directories, unless the "no-v2" flag is given. If the "v1" flags is
provided, Tor will use this server as an authority for old-style (v1)
directories as well. (Only directory mirrors care about this.) Tor will
use this server as an authority for hidden service information if the "hs"
flag is set, or if the "v1" flag is set and the "no-hs" flag is **not** set.
directories as well. (Only directory mirrors care about this.)
Tor will use this authority as a bridge authoritative directory if the
"bridge" flag is set. If a flag "orport=**port**" is given, Tor will use the
given port when opening encrypted tunnels to the dirserver. If a flag
@ -365,17 +363,14 @@ GENERAL OPTIONS
[[AlternateDirAuthority]] **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
[[AlternateHSAuthority]] **AlternateHSAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
[[AlternateBridgeAuthority]] **AlternateBridgeAuthority** [__nickname__] [**flags**] __address__:__port__ __ fingerprint__::
These options behave as DirAuthority, but they replace fewer of the
default directory authorities. Using
AlternateDirAuthority replaces the default Tor directory authorities, but
leaves the default hidden service authorities and bridge authorities in
place. Similarly, AlternateHSAuthority replaces the default hidden
service authorities, but not the directory or bridge authorities; and
leaves the default bridge authorities in
place. Similarly,
AlternateBridgeAuthority replaces the default bridge authority,
but leaves the directory and hidden service authorities alone.
but leaves the directory authorities alone.
[[DisableAllSwap]] **DisableAllSwap** **0**|**1**::
If set to 1, Tor will attempt to lock all current and future memory pages,
@ -1794,11 +1789,6 @@ if DirPort is non-zero):
accept or publish descriptors that contradict a registered binding. See
**approved-routers** in the **FILES** section below.
[[HSAuthoritativeDir]] **HSAuthoritativeDir** **0**|**1**::
When this option is set in addition to **AuthoritativeDirectory**, Tor also
accepts and serves v0 hidden service descriptors,
which are produced and used by Tor 0.2.1.x and older. (Default: 0)
[[HidServDirectoryV2]] **HidServDirectoryV2** **0**|**1**::
When this option is set, Tor accepts and serves v2 hidden service
descriptors. Setting DirPort is not required for this, because clients

40
src/or/config.c
View File

@ -137,7 +137,7 @@ static config_var_t option_vars_[] = {
V(AllowSingleHopExits, BOOL, "0"),
V(AlternateBridgeAuthority, LINELIST, NULL),
V(AlternateDirAuthority, LINELIST, NULL),
V(AlternateHSAuthority, LINELIST, NULL),
OBSOLETE("AlternateHSAuthority"),
V(AssumeReachable, BOOL, "0"),
V(AuthDirBadDir, LINELIST, NULL),
V(AuthDirBadDirCCs, CSV, ""),
@ -276,7 +276,7 @@ static config_var_t option_vars_[] = {
VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
V(HidServAuth, LINELIST, NULL),
V(HSAuthoritativeDir, BOOL, "0"),
OBSOLETE("HSAuthoritativeDir"),
OBSOLETE("HSAuthorityRecordStats"),
V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
@ -904,8 +904,7 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options)
config_line_t *cl;
if (options->DirAuthorities &&
(options->AlternateDirAuthority || options->AlternateBridgeAuthority ||
options->AlternateHSAuthority)) {
(options->AlternateDirAuthority || options->AlternateBridgeAuthority)) {
log_warn(LD_CONFIG,
"You cannot set both DirAuthority and Alternate*Authority.");
return -1;
@ -941,9 +940,6 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options)
for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
return -1;
for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
return -1;
for (cl = options->FallbackDir; cl; cl = cl->next)
if (parse_dir_fallback_line(cl->value, 1)<0)
return -1;
@ -966,9 +962,7 @@ consider_adding_dir_servers(const or_options_t *options,
!config_lines_eq(options->AlternateBridgeAuthority,
old_options->AlternateBridgeAuthority) ||
!config_lines_eq(options->AlternateDirAuthority,
old_options->AlternateDirAuthority) ||
!config_lines_eq(options->AlternateHSAuthority,
old_options->AlternateHSAuthority);
old_options->AlternateDirAuthority);
if (!need_to_update)
return 0; /* all done */
@ -984,8 +978,6 @@ consider_adding_dir_servers(const or_options_t *options,
if (!options->AlternateDirAuthority)
type |= V1_DIRINFO | V3_DIRINFO | EXTRAINFO_DIRINFO |
MICRODESC_DIRINFO;
if (!options->AlternateHSAuthority)
type |= HIDSERV_DIRINFO;
add_default_trusted_dir_authorities(type);
}
if (!options->FallbackDir)
@ -1000,9 +992,6 @@ consider_adding_dir_servers(const or_options_t *options,
for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
return -1;
for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
return -1;
for (cl = options->FallbackDir; cl; cl = cl->next)
if (parse_dir_fallback_line(cl->value, 0)<0)
return -1;
@ -2605,11 +2594,11 @@ options_validate(or_options_t *old_options, or_options_t *options,
"extra-info documents. Setting DownloadExtraInfo.");
options->DownloadExtraInfo = 1;
}
if (!(options->BridgeAuthoritativeDir || options->HSAuthoritativeDir ||
if (!(options->BridgeAuthoritativeDir ||
options->V1AuthoritativeDir ||
options->V3AuthoritativeDir))
REJECT("AuthoritativeDir is set, but none of "
"(Bridge/HS/V1/V3)AuthoritativeDir is set.");
"(Bridge/V1/V3)AuthoritativeDir is set.");
/* If we have a v3bandwidthsfile and it's broken, complain on startup */
if (options->V3BandwidthsFile && !old_options) {
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL);
@ -2629,10 +2618,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
REJECT("FetchDirInfoExtraEarly requires that you also set "
"FetchDirInfoEarly");
if (options->HSAuthoritativeDir && proxy_mode(options))
REJECT("Running as authoritative v0 HS directory, but also configured "
"as a client.");
if (options->ConnLimit <= 0) {
tor_asprintf(msg,
"ConnLimit must be greater than 0, but was set to %d",
@ -5031,7 +5016,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
char digest[DIGEST_LEN];
char v3_digest[DIGEST_LEN];
dirinfo_type_t type = 0;
int is_not_hidserv_authority = 0;
double weight = 1.0;
items = smartlist_new();
@ -5052,11 +5036,11 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
if (TOR_ISDIGIT(flag[0]))
break;
if (!strcasecmp(flag, "v1")) {
type |= (V1_DIRINFO | HIDSERV_DIRINFO);
} else if (!strcasecmp(flag, "hs")) {
type |= HIDSERV_DIRINFO;
} else if (!strcasecmp(flag, "no-hs")) {
is_not_hidserv_authority = 1;
type |= V1_DIRINFO;
} else if (!strcasecmp(flag, "hs") ||
!strcasecmp(flag, "no-hs")) {
log_warn(LD_CONFIG, "The DirAuthority options 'hs' and 'no-hs' are "
"obsolete; you don't need them any more.");
} else if (!strcasecmp(flag, "bridge")) {
type |= BRIDGE_DIRINFO;
} else if (!strcasecmp(flag, "no-v2")) {
@ -5093,8 +5077,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
tor_free(flag);
smartlist_del_keeporder(items, 0);
}
if (is_not_hidserv_authority)
type &= ~HIDSERV_DIRINFO;
if (smartlist_len(items) < 2) {
log_warn(LD_CONFIG, "Too few arguments to DirAuthority line.");

44
src/or/directory.c
View File

@ -155,8 +155,6 @@ authdir_type_to_string(dirinfo_type_t auth)
smartlist_add(lst, (void*)"V3");
if (auth & BRIDGE_DIRINFO)
smartlist_add(lst, (void*)"Bridge");
if (auth & HIDSERV_DIRINFO)
smartlist_add(lst, (void*)"Hidden service");
if (smartlist_len(lst)) {
result = smartlist_join_strings(lst, ", ", 0, NULL);
} else {
@ -3172,32 +3170,6 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
goto done;
}
if (options->HSAuthoritativeDir && !strcmpstart(url,"/tor/rendezvous/")) {
/* rendezvous descriptor fetch */
const char *descp;
size_t desc_len;
const char *query = url+strlen("/tor/rendezvous/");
log_info(LD_REND, "Handling rendezvous descriptor get");
switch (rend_cache_lookup_desc(query, 0, &descp, &desc_len)) {
case 1: /* valid */
write_http_response_header_impl(conn, desc_len,
"application/octet-stream",
NULL, NULL, 0);
note_request("/tor/rendezvous?/", desc_len);
/* need to send descp separately, because it may include NULs */
connection_write_to_buf(descp, desc_len, TO_CONN(conn));
break;
case 0: /* well-formed but not present */
write_http_status_line(conn, 404, "Not found");
break;
case -1: /* not well-formed */
write_http_status_line(conn, 400, "Bad request");
break;
}
goto done;
}
if (options->BridgeAuthoritativeDir &&
options->BridgePassword_AuthDigest_ &&
connection_dir_is_encrypted(conn) &&
@ -3397,22 +3369,6 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
goto done;
}
if (options->HSAuthoritativeDir &&
!strcmpstart(url,"/tor/rendezvous/publish")) {
/* rendezvous descriptor post */
log_info(LD_REND, "Handling rendezvous descriptor post.");
if (rend_cache_store(body, body_len, 1, NULL) < 0) {
log_fn(LOG_PROTOCOL_WARN, LD_DIRSERV,
"Rejected rend descriptor (length %d) from %s.",
(int)body_len, conn->base_.address);
write_http_status_line(conn, 400,
"Invalid v0 service descriptor rejected");
} else {
write_http_status_line(conn, 200, "Service descriptor (v0) stored");
}
goto done;
}
if (authdir_mode_v3(options) &&
!strcmp(url,"/tor/post/vote")) { /* v3 networkstatus vote */
const char *msg = "OK";

5
src/or/or.h
View File

@ -3542,8 +3542,6 @@ typedef struct {
* for version 1 directories? */
int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
* for version 3 directories? */
int HSAuthoritativeDir; /**< Boolean: does this an authoritative directory
* handle hidden service requests? */
int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory
* that's willing to bind names? */
int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
@ -3747,9 +3745,6 @@ typedef struct {
/** If set, use these bridge authorities and not the default one. */
config_line_t *AlternateBridgeAuthority;
/** If set, use these HS authorities and not the default ones. */
config_line_t *AlternateHSAuthority;
char *MyFamily; /**< Declared family for this OR. */
config_line_t *NodeFamilies; /**< List of config lines for
* node families */

3
src/or/router.c
View File

@ -935,8 +935,7 @@ init_keys(void)
type = ((options->V1AuthoritativeDir ? V1_DIRINFO : NO_DIRINFO) |
(options->V3AuthoritativeDir ?
(V3_DIRINFO|MICRODESC_DIRINFO|EXTRAINFO_DIRINFO) : NO_DIRINFO) |
(options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO) |
(options->HSAuthoritativeDir ? HIDSERV_DIRINFO : NO_DIRINFO));
(options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO));
ds = router_get_trusteddirserver_by_digest(digest);
if (!ds) {