Merge branch 'bug26367_035_01'

9 files changed, 15 insertions, 180 deletions

diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index 476f31d5b4..0c204ddfb6 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -1882,13 +1882,6 @@ channel_do_open_actions(channel_t *chan)
     if (!get_options()->ConnectionPadding) {
       /* Disable if torrc disabled */
       channelpadding_disable_padding_on_channel(chan);
-    } else if (get_options()->Tor2webMode &&
-            !networkstatus_get_param(NULL,
-                                     CHANNELPADDING_TOR2WEB_PARAM,
-                                     CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1)) {
-      /* Disable if we're using tor2web and the consensus disabled padding
-       * for tor2web */
-      channelpadding_disable_padding_on_channel(chan);
     } else if (rend_service_allow_non_anonymous_connection(get_options()) &&
                !networkstatus_get_param(NULL,
                                         CHANNELPADDING_SOS_PARAM,
diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c
index b8cfd33d50..1a8f8209d0 100644
--- a/src/core/or/channelpadding.c
+++ b/src/core/or/channelpadding.c
@@ -52,8 +52,6 @@ static int consensus_nf_conntimeout_clients;
 static int consensus_nf_pad_before_usage;
 /** Should we pad relay-to-relay connections? */
 static int consensus_nf_pad_relays;
-/** Should we pad tor2web connections? */
-static int consensus_nf_pad_tor2web;
 /** Should we pad rosos connections? */
 static int consensus_nf_pad_single_onion;
 
@@ -141,11 +139,6 @@ channelpadding_new_consensus_params(networkstatus_t *ns)
   consensus_nf_pad_relays =
     networkstatus_get_param(ns, "nf_pad_relays", 0, 0, 1);
 
-  consensus_nf_pad_tor2web =
-    networkstatus_get_param(ns,
-                            CHANNELPADDING_TOR2WEB_PARAM,
-                            CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1);
-
   consensus_nf_pad_single_onion =
     networkstatus_get_param(ns,
                             CHANNELPADDING_SOS_PARAM,
@@ -740,15 +733,6 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
     return CHANNELPADDING_WONTPAD;
   }
 
-  if (options->Tor2webMode && !consensus_nf_pad_tor2web) {
-    /* If the consensus just changed values, this channel may still
-     * think padding is enabled. Negotiate it off. */
-    if (chan->padding_enabled)
-      channelpadding_disable_padding_on_channel(chan);
-
-    return CHANNELPADDING_WONTPAD;
-  }
-
   if (rend_service_allow_non_anonymous_connection(options) &&
       !consensus_nf_pad_single_onion) {
     /* If the consensus just changed values, this channel may still
diff --git a/src/core/or/channelpadding.h b/src/core/or/channelpadding.h
index 7eddbdbe2d..7f8cfd4cc7 100644
--- a/src/core/or/channelpadding.h
+++ b/src/core/or/channelpadding.h
@@ -13,8 +13,6 @@
 
 #include "trunnel/channelpadding_negotiation.h"
 
-#define CHANNELPADDING_TOR2WEB_PARAM  "nf_pad_tor2web"
-#define CHANNELPADDING_TOR2WEB_DEFAULT 1
 #define CHANNELPADDING_SOS_PARAM  "nf_pad_single_onion"
 #define CHANNELPADDING_SOS_DEFAULT 1
 
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index e22ddabde3..5c3d209448 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -408,10 +408,10 @@ onion_populate_cpath(origin_circuit_t *circ)
    * edge cases. */
   tor_assert(circuit_get_cpath_len(circ));
   if (circuit_can_use_tap(circ)) {
-    /* Circuits from clients to intro points, and hidden services to
-     * rend points do not support ntor, because the hidden service protocol
-     * does not include ntor onion keys. This is also true for Tor2web clients
-     * and Single Onion Services. */
+    /* Circuits from clients to intro points, and hidden services to rend
+     * points do not support ntor, because the hidden service protocol does
+     * not include ntor onion keys. This is also true for Single Onion
+     * Services. */
     return 0;
   }
 
@@ -824,7 +824,6 @@ circuit_timeout_want_to_count_circ(const origin_circuit_t *circ)
  * accordingly.
  * Note that TAP handshakes in CREATE cells are only used for direct
  * connections:
- *  - from Tor2web to intro points not in the client's consensus, and
  *  - from Single Onions to rend points not in the service's consensus.
  * This is checked in onion_populate_cpath. */
 static void
@@ -1985,98 +1984,11 @@ choose_good_exit_server_general(router_crn_flags_t flags)
   return NULL;
 }
 
-#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
-/* The config option Tor2webRendezvousPoints has been set and we need
- * to pick an RP out of that set. Make sure that the RP we choose is
- * alive, and return it. Return NULL if no usable RP could be found in
- * Tor2webRendezvousPoints. */
-STATIC const node_t *
-pick_tor2web_rendezvous_node(router_crn_flags_t flags,
-                             const or_options_t *options)
-{
-  const node_t *rp_node = NULL;
-  const int need_desc = (flags & CRN_NEED_DESC) != 0;
-  const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
-  const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
-
-  smartlist_t *whitelisted_live_rps = smartlist_new();
-  smartlist_t *all_live_nodes = smartlist_new();
-
-  tor_assert(options->Tor2webRendezvousPoints);
-
-  /* Add all running nodes to all_live_nodes */
-  router_add_running_nodes_to_smartlist(all_live_nodes,
-                                        0, 0, 0,
-                                        need_desc,
-                                        pref_addr,
-                                        direct_conn);
-
-  /* Filter all_live_nodes to only add live *and* whitelisted RPs to
-   * the list whitelisted_live_rps. */
-  SMARTLIST_FOREACH_BEGIN(all_live_nodes, node_t *, live_node) {
-    if (routerset_contains_node(options->Tor2webRendezvousPoints, live_node)) {
-      smartlist_add(whitelisted_live_rps, live_node);
-    }
-  } SMARTLIST_FOREACH_END(live_node);
-
-  /* Honor ExcludeNodes */
-  if (options->ExcludeNodes) {
-    routerset_subtract_nodes(whitelisted_live_rps, options->ExcludeNodes);
-  }
-
-  /* Now pick randomly amongst the whitelisted RPs. No need to waste time
-     doing bandwidth load balancing, for most use cases
-     'whitelisted_live_rps' contains a single OR anyway. */
-  rp_node = smartlist_choose(whitelisted_live_rps);
-
-  if (!rp_node) {
-    log_warn(LD_REND, "Could not find a Rendezvous Point that suits "
-             "the purposes of Tor2webRendezvousPoints. Choosing random one.");
-  }
-
-  smartlist_free(whitelisted_live_rps);
-  smartlist_free(all_live_nodes);
-
-  return rp_node;
-}
-#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
-
 /* Pick a Rendezvous Point for our HS circuits according to <b>flags</b>. */
 static const node_t *
 pick_rendezvous_node(router_crn_flags_t flags)
 {
   const or_options_t *options = get_options();
-
-#ifdef ENABLE_TOR2WEB_MODE
-  /* We want to connect directly to the node if we can */
-  router_crn_flags_t direct_flags = flags;
-  direct_flags |= CRN_PREF_ADDR;
-  direct_flags |= CRN_DIRECT_CONN;
-
-  /* The user wants us to pick specific RPs. */
-  if (options->Tor2webRendezvousPoints) {
-    const node_t *tor2web_rp = pick_tor2web_rendezvous_node(direct_flags,
-                                                            options);
-    if (tor2web_rp) {
-      return tor2web_rp;
-    }
-  }
-
-  /* Else, if no direct, preferred tor2web RP was found, fall back to choosing
-   * a random direct node */
-  const node_t *node = router_choose_random_node(NULL, options->ExcludeNodes,
-                                                 direct_flags);
-  /* Return the direct node (if found), or log a message and fall back to an
-   * indirect connection. */
-  if (node) {
-    return node;
-  } else {
-    log_info(LD_REND,
-             "Unable to find a random rendezvous point that is reachable via "
-             "a direct connection, falling back to a 3-hop path.");
-  }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
   return router_choose_random_node(NULL, options->ExcludeNodes, flags);
 }
 
diff --git a/src/core/or/circuitbuild.h b/src/core/or/circuitbuild.h
index 9f5d99c2a5..0c6f2f6ce5 100644
--- a/src/core/or/circuitbuild.h
+++ b/src/core/or/circuitbuild.h
@@ -93,14 +93,10 @@ STATIC int
 onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei,
                       int is_hs_v3_rp_circuit);
 
-#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
-enum router_crn_flags_t;
-STATIC const node_t *pick_tor2web_rendezvous_node(
-                                     enum router_crn_flags_t flags,
-                                     const or_options_t *options);
+#if defined(TOR_UNIT_TESTS)
 unsigned int cpath_get_n_hops(crypt_path_t **head_ptr);
 
-#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
+#endif /* defined(TOR_UNIT_TESTS) */
 
 #endif /* defined(CIRCUITBUILD_PRIVATE) */
 
diff --git a/src/core/or/circuitstats.c b/src/core/or/circuitstats.c
index 63cd21540d..9ebf618b45 100644
--- a/src/core/or/circuitstats.c
+++ b/src/core/or/circuitstats.c
@@ -113,8 +113,7 @@ get_circuit_build_timeout_ms(void)
  *  2. If the torrc option LearnCircuitBuildTimeout is false.
  *  3. If we are a directory authority
  *  4. If we fail to write circuit build time history to our state file.
- *  5. If we are compiled or configured in Tor2web mode
- *  6. If we are configured in Single Onion mode
+ *  5. If we are configured in Single Onion mode
  */
 int
 circuit_build_times_disabled(const or_options_t *options)
@@ -136,7 +135,7 @@ circuit_build_times_disabled_(const or_options_t *options,
     int config_disabled = !options->LearnCircuitBuildTimeout;
     int dirauth_disabled = authdir_mode(options);
     int state_disabled = did_last_state_file_write_fail() ? 1 : 0;
-    /* LearnCircuitBuildTimeout and Tor2web/Single Onion Services are
+    /* LearnCircuitBuildTimeout and Single Onion Services are
      * incompatible in two ways:
      *
      * - LearnCircuitBuildTimeout results in a low CBT, which
@@ -148,12 +147,11 @@ circuit_build_times_disabled_(const or_options_t *options,
      *
      * If we fix both of these issues someday, we should test
      * these modes with LearnCircuitBuildTimeout on again. */
-    int tor2web_disabled = rend_client_allow_non_anonymous_connection(options);
     int single_onion_disabled = rend_service_allow_non_anonymous_connection(
                                                                       options);
 
     if (consensus_disabled || config_disabled || dirauth_disabled ||
-        state_disabled || tor2web_disabled || single_onion_disabled) {
+        state_disabled || single_onion_disabled) {
 #if 0
       log_debug(LD_CIRC,
                "CircuitBuildTime learning is disabled. "
diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c
index a3b9eb1713..0f2b1ede32 100644
--- a/src/core/or/circuituse.c
+++ b/src/core/or/circuituse.c
@@ -863,8 +863,7 @@ static time_t last_expired_clientside_circuits = 0;
 /**
  * As a diagnostic for bug 8387, log information about how many one-hop
  * circuits we have around that have been there for at least <b>age</b>
- * seconds. Log a few of them.
- * Ignores Single Onion Service intro and Tor2web redezvous circuits, they are
+ * seconds. Log a few of them. Ignores Single Onion Service intro, it is
  * expected to be long-term one-hop circuits.
  */
 void
@@ -889,13 +888,6 @@ circuit_log_ancient_one_hop_circuits(int age)
         (circ->purpose == CIRCUIT_PURPOSE_S_INTRO ||
          circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED))
       continue;
-    /* Tor2web deliberately makes long term one-hop rend connections,
-     * particularly when Tor2webRendezvousPoints is used. We only ignore
-     * active rend point connections, if we take a long time to rendezvous,
-     * that's worth logging. */
-    if (rend_client_allow_non_anonymous_connection(options) &&
-        circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
-      continue;
     ocirc = CONST_TO_ORIGIN_CIRCUIT(circ);
 
     if (ocirc->build_state && ocirc->build_state->onehop_tunnel) {
@@ -1999,18 +1991,16 @@ circuit_should_use_vanguards(uint8_t purpose)
  * Return true for the set of conditions for which it is OK to use
  * a cannibalized circuit.
  *
- * Don't cannibalize for onehops, or tor2web, or certain purposes.
+ * Don't cannibalize for onehops, or certain purposes.
  */
 static int
 circuit_should_cannibalize_to_build(uint8_t purpose_to_build,
                                     int has_extend_info,
-                                    int onehop_tunnel,
-                                    int need_specific_rp)
+                                    int onehop_tunnel)
 {
 
-  /* Do not try to cannibalize if this is a one hop circuit, or
-   * is a tor2web/special rp. */
-  if (onehop_tunnel || need_specific_rp) {
+  /* Do not try to cannibalize if this is a one hop circuit. */
+  if (onehop_tunnel) {
     return 0;
   }
 
@@ -2059,7 +2049,6 @@ circuit_launch_by_extend_info(uint8_t purpose,
   origin_circuit_t *circ;
   int onehop_tunnel = (flags & CIRCLAUNCH_ONEHOP_TUNNEL) != 0;
   int have_path = have_enough_path_info(! (flags & CIRCLAUNCH_IS_INTERNAL) );
-  int need_specific_rp = 0;
 
   /* Keep some stats about our attempts to launch HS rendezvous circuits */
   if (purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
@@ -2075,20 +2064,11 @@ circuit_launch_by_extend_info(uint8_t purpose,
     return NULL;
   }
 
-  /* If Tor2webRendezvousPoints is enabled and we are dealing with an
-     RP circuit, we want a specific RP node so we shouldn't canibalize
-     an already existing circuit. */
-  if (get_options()->Tor2webRendezvousPoints &&
-      purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
-    need_specific_rp = 1;
-  }
-
   /* If we can/should cannibalize another circuit to build this one,
    * then do so. */
   if (circuit_should_cannibalize_to_build(purpose,
                                           extend_info != NULL,
-                                          onehop_tunnel,
-                                          need_specific_rp)) {
+                                          onehop_tunnel)) {
     /* see if there are appropriate circs available to cannibalize. */
     /* XXX if we're planning to add a hop, perhaps we want to look for
      * internal circs rather than exit circs? -RD */
@@ -2485,16 +2465,6 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
     else
       new_circ_purpose = desired_circuit_purpose;
 
-#ifdef ENABLE_TOR2WEB_MODE
-    /* If tor2Web is on, then hidden service requests should be one-hop.
-     */
-    if (options->Tor2webMode &&
-        (new_circ_purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND ||
-         new_circ_purpose == CIRCUIT_PURPOSE_C_INTRODUCING)) {
-      want_onehop = 1;
-    }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
     /* Determine what kind of a circuit to launch, and actually launch it. */
     {
       int flags = CIRCLAUNCH_NEED_CAPACITY;
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index c51e428000..ab3c14d2c3 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -1842,18 +1842,6 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       return -1;
     }
 
-#ifdef ENABLE_TOR2WEB_MODE
-    /* If we're running in Tor2webMode, we don't allow anything BUT .onion
-     * addresses. */
-    if (options->Tor2webMode) {
-      log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname "
-               "or IP address %s because tor2web mode is enabled.",
-               safe_str_client(socks->address));
-      connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
-      return -1;
-    }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
     /* socks->address is a non-onion hostname or IP address.
      * If we can't do any non-onion requests, refuse the connection.
      * If we have a hostname but can't do DNS, refuse the connection.
diff --git a/src/core/or/or.h b/src/core/or/or.h
index 9aca030c74..f0cef06011 100644
--- a/src/core/or/or.h
+++ b/src/core/or/or.h
@@ -101,10 +101,6 @@ struct curve25519_public_key_t;
 #define cell_t tor_cell_t
 #endif
 
-#ifdef ENABLE_TOR2WEB_MODE
-#define NON_ANONYMOUS_MODE_ENABLED 1
-#endif
-
 /** Helper macro: Given a pointer to to.base_, of type from*, return &to. */
 #define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_))