--- /dev/null
+ o Removed code:
+
+ - Remove code for designating authorities as "Hidden service
+ authorities". There has been no use of hidden service authorities
+ since 0.2.2.1-alpha, when we stopped uploading or downloading v0
+ hidden service descriptors. Fixes bug 10881; part of a fix for bug
+ 10841.
is. By default, every authority is authoritative for current ("v2")-style
directories, unless the "no-v2" flag is given. If the "v1" flags is
provided, Tor will use this server as an authority for old-style (v1)
- directories as well. (Only directory mirrors care about this.) Tor will
- use this server as an authority for hidden service information if the "hs"
- flag is set, or if the "v1" flag is set and the "no-hs" flag is **not** set.
+ directories as well. (Only directory mirrors care about this.)
Tor will use this authority as a bridge authoritative directory if the
"bridge" flag is set. If a flag "orport=**port**" is given, Tor will use the
given port when opening encrypted tunnels to the dirserver. If a flag
[[AlternateDirAuthority]] **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
-[[AlternateHSAuthority]] **AlternateHSAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
-
[[AlternateBridgeAuthority]] **AlternateBridgeAuthority** [__nickname__] [**flags**] __address__:__port__ __ fingerprint__::
These options behave as DirAuthority, but they replace fewer of the
default directory authorities. Using
AlternateDirAuthority replaces the default Tor directory authorities, but
- leaves the default hidden service authorities and bridge authorities in
- place. Similarly, AlternateHSAuthority replaces the default hidden
- service authorities, but not the directory or bridge authorities; and
+ leaves the default bridge authorities in
+ place. Similarly,
AlternateBridgeAuthority replaces the default bridge authority,
- but leaves the directory and hidden service authorities alone.
+ but leaves the directory authorities alone.
[[DisableAllSwap]] **DisableAllSwap** **0**|**1**::
If set to 1, Tor will attempt to lock all current and future memory pages,
accept or publish descriptors that contradict a registered binding. See
**approved-routers** in the **FILES** section below.
-[[HSAuthoritativeDir]] **HSAuthoritativeDir** **0**|**1**::
- When this option is set in addition to **AuthoritativeDirectory**, Tor also
- accepts and serves v0 hidden service descriptors,
- which are produced and used by Tor 0.2.1.x and older. (Default: 0)
-
[[HidServDirectoryV2]] **HidServDirectoryV2** **0**|**1**::
When this option is set, Tor accepts and serves v2 hidden service
descriptors. Setting DirPort is not required for this, because clients
V(AllowSingleHopExits, BOOL, "0"),
V(AlternateBridgeAuthority, LINELIST, NULL),
V(AlternateDirAuthority, LINELIST, NULL),
- V(AlternateHSAuthority, LINELIST, NULL),
+ OBSOLETE("AlternateHSAuthority"),
V(AssumeReachable, BOOL, "0"),
V(AuthDirBadDir, LINELIST, NULL),
V(AuthDirBadDirCCs, CSV, ""),
VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
V(HidServAuth, LINELIST, NULL),
- V(HSAuthoritativeDir, BOOL, "0"),
+ OBSOLETE("HSAuthoritativeDir"),
OBSOLETE("HSAuthorityRecordStats"),
V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
config_line_t *cl;
if (options->DirAuthorities &&
- (options->AlternateDirAuthority || options->AlternateBridgeAuthority ||
- options->AlternateHSAuthority)) {
+ (options->AlternateDirAuthority || options->AlternateBridgeAuthority)) {
log_warn(LD_CONFIG,
"You cannot set both DirAuthority and Alternate*Authority.");
return -1;
for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
return -1;
- for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
- if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
- return -1;
for (cl = options->FallbackDir; cl; cl = cl->next)
if (parse_dir_fallback_line(cl->value, 1)<0)
return -1;
!config_lines_eq(options->AlternateBridgeAuthority,
old_options->AlternateBridgeAuthority) ||
!config_lines_eq(options->AlternateDirAuthority,
- old_options->AlternateDirAuthority) ||
- !config_lines_eq(options->AlternateHSAuthority,
- old_options->AlternateHSAuthority);
+ old_options->AlternateDirAuthority);
if (!need_to_update)
return 0; /* all done */
if (!options->AlternateDirAuthority)
type |= V1_DIRINFO | V3_DIRINFO | EXTRAINFO_DIRINFO |
MICRODESC_DIRINFO;
- if (!options->AlternateHSAuthority)
- type |= HIDSERV_DIRINFO;
add_default_trusted_dir_authorities(type);
}
if (!options->FallbackDir)
for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
return -1;
- for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
- if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
- return -1;
for (cl = options->FallbackDir; cl; cl = cl->next)
if (parse_dir_fallback_line(cl->value, 0)<0)
return -1;
"extra-info documents. Setting DownloadExtraInfo.");
options->DownloadExtraInfo = 1;
}
- if (!(options->BridgeAuthoritativeDir || options->HSAuthoritativeDir ||
+ if (!(options->BridgeAuthoritativeDir ||
options->V1AuthoritativeDir ||
options->V3AuthoritativeDir))
REJECT("AuthoritativeDir is set, but none of "
- "(Bridge/HS/V1/V3)AuthoritativeDir is set.");
+ "(Bridge/V1/V3)AuthoritativeDir is set.");
/* If we have a v3bandwidthsfile and it's broken, complain on startup */
if (options->V3BandwidthsFile && !old_options) {
dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL);
REJECT("FetchDirInfoExtraEarly requires that you also set "
"FetchDirInfoEarly");
- if (options->HSAuthoritativeDir && proxy_mode(options))
- REJECT("Running as authoritative v0 HS directory, but also configured "
- "as a client.");
-
if (options->ConnLimit <= 0) {
tor_asprintf(msg,
"ConnLimit must be greater than 0, but was set to %d",
char digest[DIGEST_LEN];
char v3_digest[DIGEST_LEN];
dirinfo_type_t type = 0;
- int is_not_hidserv_authority = 0;
double weight = 1.0;
items = smartlist_new();
if (TOR_ISDIGIT(flag[0]))
break;
if (!strcasecmp(flag, "v1")) {
- type |= (V1_DIRINFO | HIDSERV_DIRINFO);
- } else if (!strcasecmp(flag, "hs")) {
- type |= HIDSERV_DIRINFO;
- } else if (!strcasecmp(flag, "no-hs")) {
- is_not_hidserv_authority = 1;
+ type |= V1_DIRINFO;
+ } else if (!strcasecmp(flag, "hs") ||
+ !strcasecmp(flag, "no-hs")) {
+ log_warn(LD_CONFIG, "The DirAuthority options 'hs' and 'no-hs' are "
+ "obsolete; you don't need them any more.");
} else if (!strcasecmp(flag, "bridge")) {
type |= BRIDGE_DIRINFO;
} else if (!strcasecmp(flag, "no-v2")) {
tor_free(flag);
smartlist_del_keeporder(items, 0);
}
- if (is_not_hidserv_authority)
- type &= ~HIDSERV_DIRINFO;
if (smartlist_len(items) < 2) {
log_warn(LD_CONFIG, "Too few arguments to DirAuthority line.");
smartlist_add(lst, (void*)"V3");
if (auth & BRIDGE_DIRINFO)
smartlist_add(lst, (void*)"Bridge");
- if (auth & HIDSERV_DIRINFO)
- smartlist_add(lst, (void*)"Hidden service");
if (smartlist_len(lst)) {
result = smartlist_join_strings(lst, ", ", 0, NULL);
} else {
goto done;
}
- if (options->HSAuthoritativeDir && !strcmpstart(url,"/tor/rendezvous/")) {
- /* rendezvous descriptor fetch */
- const char *descp;
- size_t desc_len;
- const char *query = url+strlen("/tor/rendezvous/");
-
- log_info(LD_REND, "Handling rendezvous descriptor get");
- switch (rend_cache_lookup_desc(query, 0, &descp, &desc_len)) {
- case 1: /* valid */
- write_http_response_header_impl(conn, desc_len,
- "application/octet-stream",
- NULL, NULL, 0);
- note_request("/tor/rendezvous?/", desc_len);
- /* need to send descp separately, because it may include NULs */
- connection_write_to_buf(descp, desc_len, TO_CONN(conn));
- break;
- case 0: /* well-formed but not present */
- write_http_status_line(conn, 404, "Not found");
- break;
- case -1: /* not well-formed */
- write_http_status_line(conn, 400, "Bad request");
- break;
- }
- goto done;
- }
-
if (options->BridgeAuthoritativeDir &&
options->BridgePassword_AuthDigest_ &&
connection_dir_is_encrypted(conn) &&
goto done;
}
- if (options->HSAuthoritativeDir &&
- !strcmpstart(url,"/tor/rendezvous/publish")) {
- /* rendezvous descriptor post */
- log_info(LD_REND, "Handling rendezvous descriptor post.");
- if (rend_cache_store(body, body_len, 1, NULL) < 0) {
- log_fn(LOG_PROTOCOL_WARN, LD_DIRSERV,
- "Rejected rend descriptor (length %d) from %s.",
- (int)body_len, conn->base_.address);
- write_http_status_line(conn, 400,
- "Invalid v0 service descriptor rejected");
- } else {
- write_http_status_line(conn, 200, "Service descriptor (v0) stored");
- }
- goto done;
- }
-
if (authdir_mode_v3(options) &&
!strcmp(url,"/tor/post/vote")) { /* v3 networkstatus vote */
const char *msg = "OK";
* for version 1 directories? */
int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
* for version 3 directories? */
- int HSAuthoritativeDir; /**< Boolean: does this an authoritative directory
- * handle hidden service requests? */
int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory
* that's willing to bind names? */
int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
/** If set, use these bridge authorities and not the default one. */
config_line_t *AlternateBridgeAuthority;
- /** If set, use these HS authorities and not the default ones. */
- config_line_t *AlternateHSAuthority;
-
char *MyFamily; /**< Declared family for this OR. */
config_line_t *NodeFamilies; /**< List of config lines for
* node families */
type = ((options->V1AuthoritativeDir ? V1_DIRINFO : NO_DIRINFO) |
(options->V3AuthoritativeDir ?
(V3_DIRINFO|MICRODESC_DIRINFO|EXTRAINFO_DIRINFO) : NO_DIRINFO) |
- (options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO) |
- (options->HSAuthoritativeDir ? HIDSERV_DIRINFO : NO_DIRINFO));
+ (options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO));
ds = router_get_trusteddirserver_by_digest(digest);
if (!ds) {
projects / thirdparty / tor.git / commitdiff
