1 files changed, 53 insertions, 44 deletions

diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 0bfc1a1805..b0dcf52507 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -135,6 +135,7 @@ int
 rend_client_send_introduction(origin_circuit_t *introcirc,
                               origin_circuit_t *rendcirc)
 {
+  const or_options_t *options = get_options();
   size_t payload_len;
   int r, v3_shift = 0;
   char payload[RELAY_PAYLOAD_SIZE];
@@ -152,10 +153,8 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
   tor_assert(rendcirc->rend_data);
   tor_assert(!rend_cmp_service_ids(rend_data_get_address(introcirc->rend_data),
                                   rend_data_get_address(rendcirc->rend_data)));
-#ifndef NON_ANONYMOUS_MODE_ENABLED
-  tor_assert(!(introcirc->build_state->onehop_tunnel));
-  tor_assert(!(rendcirc->build_state->onehop_tunnel));
-#endif
+  assert_circ_anonymity_ok(introcirc, options);
+  assert_circ_anonymity_ok(rendcirc, options);
   onion_address = rend_data_get_address(introcirc->rend_data);
 
   r = rend_cache_lookup_entry(onion_address, -1, &entry);
@@ -388,6 +387,7 @@ int
 rend_client_introduction_acked(origin_circuit_t *circ,
                                const uint8_t *request, size_t request_len)
 {
+  const or_options_t *options = get_options();
   origin_circuit_t *rendcirc;
   (void) request; // XXXX Use this.
 
@@ -399,10 +399,9 @@ rend_client_introduction_acked(origin_circuit_t *circ,
     return -1;
   }
 
+  tor_assert(circ->build_state);
   tor_assert(circ->build_state->chosen_exit);
-#ifndef NON_ANONYMOUS_MODE_ENABLED
-  tor_assert(!(circ->build_state->onehop_tunnel));
-#endif
+  assert_circ_anonymity_ok(circ, options);
   tor_assert(circ->rend_data);
 
   /* For path bias: This circuit was used successfully. Valid
@@ -417,9 +416,7 @@ rend_client_introduction_acked(origin_circuit_t *circ,
     log_info(LD_REND,"Received ack. Telling rend circ...");
     rendcirc = circuit_get_ready_rend_circ_by_rend_data(circ->rend_data);
     if (rendcirc) { /* remember the ack */
-#ifndef NON_ANONYMOUS_MODE_ENABLED
-      tor_assert(!(rendcirc->build_state->onehop_tunnel));
-#endif
+      assert_circ_anonymity_ok(rendcirc, options);
       circuit_change_purpose(TO_CIRCUIT(rendcirc),
                              CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED);
       /* Set timestamp_dirty, because circuit_expire_building expects
@@ -1386,40 +1383,20 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry,
 
   i = crypto_rand_int(smartlist_len(usable_nodes));
   intro = smartlist_get(usable_nodes, i);
-  /* Do we need to look up the router or is the extend info complete? */
-  if (!intro->extend_info->onion_key) {
-    const node_t *node;
-    extend_info_t *new_extend_info;
-    if (tor_digest_is_zero(intro->extend_info->identity_digest))
-      node = node_get_by_hex_id(intro->extend_info->nickname);
-    else
-      node = node_get_by_id(intro->extend_info->identity_digest);
-    if (!node) {
-      log_info(LD_REND, "Unknown router with nickname '%s'; trying another.",
-               intro->extend_info->nickname);
-      smartlist_del(usable_nodes, i);
-      goto again;
-    }
-#ifdef ENABLE_TOR2WEB_MODE
-    new_extend_info = extend_info_from_node(node, options->Tor2webMode);
-#else
-    new_extend_info = extend_info_from_node(node, 0);
-#endif
-    if (!new_extend_info) {
-      const char *alternate_reason = "";
-#ifdef ENABLE_TOR2WEB_MODE
-      alternate_reason = ", or we cannot connect directly to it";
-#endif
-      log_info(LD_REND, "We don't have a descriptor for the intro-point relay "
-               "'%s'%s; trying another.",
-               extend_info_describe(intro->extend_info), alternate_reason);
-      smartlist_del(usable_nodes, i);
-      goto again;
-    } else {
-      extend_info_free(intro->extend_info);
-      intro->extend_info = new_extend_info;
-    }
-    tor_assert(intro->extend_info != NULL);
+  if (BUG(!intro->extend_info)) {
+    /* This should never happen, but it isn't fatal, just try another */
+    smartlist_del(usable_nodes, i);
+    goto again;
+  }
+  /* All version 2 HS descriptors come with a TAP onion key.
+   * Clients used to try to get the TAP onion key from the consensus, but this
+   * meant that hidden services could discover which consensus clients have. */
+  if (!extend_info_supports_tap(intro->extend_info)) {
+    log_info(LD_REND, "The HS descriptor is missing a TAP onion key for the "
+             "intro-point relay '%s'; trying another.",
+             safe_str_client(extend_info_describe(intro->extend_info)));
+    smartlist_del(usable_nodes, i);
+    goto again;
   }
   /* Check if we should refuse to talk to this router. */
   if (strict &&
@@ -1565,3 +1542,35 @@ rend_parse_service_authorization(const or_options_t *options,
   return res;
 }
 
+/* Can Tor client code make direct (non-anonymous) connections to introduction
+ * or rendezvous points?
+ * Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED, and is
+ * configured in Tor2web mode. */
+int
+rend_client_allow_non_anonymous_connection(const or_options_t *options)
+{
+  /* Tor2web support needs to be compiled in to a tor binary. */
+#ifdef NON_ANONYMOUS_MODE_ENABLED
+  /* Tor2web */
+  return options->Tor2webMode ? 1 : 0;
+#else
+  (void)options;
+  return 0;
+#endif
+}
+
+/* At compile-time, was non-anonymous mode enabled via
+ * NON_ANONYMOUS_MODE_ENABLED ? */
+int
+rend_client_non_anonymous_mode_enabled(const or_options_t *options)
+{
+  (void)options;
+  /* Tor2web support needs to be compiled in to a tor binary. */
+#ifdef NON_ANONYMOUS_MODE_ENABLED
+  /* Tor2web */
+  return 1;
+#else
+  return 0;
+#endif
+}
+