From 4976eca8261015dd2a214c4f4722dcdbcfed9c64 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Mon, 9 Jul 2018 16:11:39 -0400 Subject: hs: Render obsolete Tor2web Remove support for Tor2web in the code and build system. At this commit, tor doesn't have Tor2web support anymore. Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html Close #26367 Signed-off-by: David Goulet --- src/feature/rend/rendclient.c | 14 ++------------ src/feature/rend/rendcommon.c | 8 ++++---- src/feature/rend/rendmid.c | 2 +- 3 files changed, 7 insertions(+), 17 deletions(-) (limited to 'src/feature/rend') diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c index 9f62156eb9..0b7d602d98 100644 --- a/src/feature/rend/rendclient.c +++ b/src/feature/rend/rendclient.c @@ -449,12 +449,7 @@ directory_get_from_hs_dir(const char *desc_id, char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64]; const rend_data_v2_t *rend_data; -#ifdef ENABLE_TOR2WEB_MODE - const int tor2web_mode = get_options()->Tor2webMode; - const int how_to_fetch = tor2web_mode ? DIRIND_ONEHOP : DIRIND_ANONYMOUS; -#else const int how_to_fetch = DIRIND_ANONYMOUS; -#endif /* defined(ENABLE_TOR2WEB_MODE) */ tor_assert(desc_id); tor_assert(rend_query); @@ -1226,15 +1221,12 @@ rend_parse_service_authorization(const or_options_t *options, /* Can Tor client code make direct (non-anonymous) connections to introduction * or rendezvous points? - * Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED, and is - * configured in Tor2web mode. */ + * Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED. */ int rend_client_allow_non_anonymous_connection(const or_options_t *options) { - /* Tor2web support needs to be compiled in to a tor binary. */ #ifdef NON_ANONYMOUS_MODE_ENABLED - /* Tor2web */ - return options->Tor2webMode ? 1 : 0; + return 1; #else (void)options; return 0; @@ -1247,9 +1239,7 @@ int rend_client_non_anonymous_mode_enabled(const or_options_t *options) { (void)options; - /* Tor2web support needs to be compiled in to a tor binary. */ #ifdef NON_ANONYMOUS_MODE_ENABLED - /* Tor2web */ return 1; #else return 0; diff --git a/src/feature/rend/rendcommon.c b/src/feature/rend/rendcommon.c index 5bf9477446..567cc5c1e4 100644 --- a/src/feature/rend/rendcommon.c +++ b/src/feature/rend/rendcommon.c @@ -983,7 +983,7 @@ rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out, * Onion services can be configured to start in this mode. * Prefer rend_client_allow_non_anonymous_connection() or * rend_service_allow_non_anonymous_connection() whenever possible, so that - * checks are specific to Single Onion Services or Tor2web. */ + * checks are specific to Single Onion Services. */ int rend_allow_non_anonymous_connection(const or_options_t* options) { @@ -996,7 +996,7 @@ rend_allow_non_anonymous_connection(const or_options_t* options) * Onion services can be configured to start in this mode. * Prefer rend_client_non_anonymous_mode_enabled() or * rend_service_non_anonymous_mode_enabled() whenever possible, so that checks - * are specific to Single Onion Services or Tor2web. */ + * are specific to Single Onion Services. */ int rend_non_anonymous_mode_enabled(const or_options_t *options) { @@ -1007,9 +1007,9 @@ rend_non_anonymous_mode_enabled(const or_options_t *options) /* Make sure that tor only builds one-hop circuits when they would not * compromise user anonymity. * - * One-hop circuits are permitted in Tor2web or Single Onion modes. + * One-hop circuits are permitted in Single Onion modes. * - * Tor2web or Single Onion modes are also allowed to make multi-hop circuits. + * Single Onion modes are also allowed to make multi-hop circuits. * For example, single onion HSDir circuits are 3-hop to prevent denial of * service. */ diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c index 22cd6c3435..0fd6516eaa 100644 --- a/src/feature/rend/rendmid.c +++ b/src/feature/rend/rendmid.c @@ -237,7 +237,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, } /* Check if we are configured to accept established rendezvous cells from - * client or in other words tor2web clients. */ + * client or in other words Tor2Web clients. */ if (channel_is_client(circ->p_chan) && dos_should_refuse_single_hop_client()) { /* Note it down for the heartbeat log purposes. */ -- cgit v1.2.3-54-g00ecf From f661d856fd83cb978320bf55ba5dfdee55a666b8 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Thu, 12 Jul 2018 09:21:52 -0400 Subject: hs: Remove rend_client_allow_non_anonymous_connection By removing Tor2Web, there is no way a client can be non anonymous so we remove that function and the callsites. Signed-off-by: David Goulet --- src/core/or/circuituse.c | 5 ----- src/feature/rend/rendclient.c | 14 -------------- src/feature/rend/rendclient.h | 1 - src/feature/rend/rendcommon.c | 9 ++------- 4 files changed, 2 insertions(+), 27 deletions(-) (limited to 'src/feature/rend') diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c index a10791f3a9..0f2b1ede32 100644 --- a/src/core/or/circuituse.c +++ b/src/core/or/circuituse.c @@ -888,11 +888,6 @@ circuit_log_ancient_one_hop_circuits(int age) (circ->purpose == CIRCUIT_PURPOSE_S_INTRO || circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED)) continue; - /* We only ignore active rend point connections, if we take a long time - * to rendezvous, that's worth logging. */ - if (rend_client_allow_non_anonymous_connection(options) && - circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) - continue; ocirc = CONST_TO_ORIGIN_CIRCUIT(circ); if (ocirc->build_state && ocirc->build_state->onehop_tunnel) { diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c index 0b7d602d98..485ffa8be3 100644 --- a/src/feature/rend/rendclient.c +++ b/src/feature/rend/rendclient.c @@ -1219,20 +1219,6 @@ rend_parse_service_authorization(const or_options_t *options, return res; } -/* Can Tor client code make direct (non-anonymous) connections to introduction - * or rendezvous points? - * Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED. */ -int -rend_client_allow_non_anonymous_connection(const or_options_t *options) -{ -#ifdef NON_ANONYMOUS_MODE_ENABLED - return 1; -#else - (void)options; - return 0; -#endif /* defined(NON_ANONYMOUS_MODE_ENABLED) */ -} - /* At compile-time, was non-anonymous mode enabled via * NON_ANONYMOUS_MODE_ENABLED ? */ int diff --git a/src/feature/rend/rendclient.h b/src/feature/rend/rendclient.h index e41faa4932..2e7d7aeca9 100644 --- a/src/feature/rend/rendclient.h +++ b/src/feature/rend/rendclient.h @@ -47,7 +47,6 @@ rend_service_authorization_t *rend_client_lookup_service_authorization( const char *onion_address); void rend_service_authorization_free_all(void); -int rend_client_allow_non_anonymous_connection(const or_options_t *options); int rend_client_non_anonymous_mode_enabled(const or_options_t *options); #endif /* !defined(TOR_RENDCLIENT_H) */ diff --git a/src/feature/rend/rendcommon.c b/src/feature/rend/rendcommon.c index 567cc5c1e4..6e19d56b30 100644 --- a/src/feature/rend/rendcommon.c +++ b/src/feature/rend/rendcommon.c @@ -979,16 +979,11 @@ rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out, /* Is this a rend client or server that allows direct (non-anonymous) * connections? - * Clients must be specifically compiled and configured in this mode. - * Onion services can be configured to start in this mode. - * Prefer rend_client_allow_non_anonymous_connection() or - * rend_service_allow_non_anonymous_connection() whenever possible, so that - * checks are specific to Single Onion Services. */ + * Onion services can be configured to start in this mode for single onion. */ int rend_allow_non_anonymous_connection(const or_options_t* options) { - return (rend_client_allow_non_anonymous_connection(options) - || rend_service_allow_non_anonymous_connection(options)); + return rend_service_allow_non_anonymous_connection(options); } /* Is this a rend client or server in non-anonymous mode? -- cgit v1.2.3-54-g00ecf From 8f13c3d3ed842d8db13bcf9ca6393dbe8e5781e3 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Thu, 12 Jul 2018 09:23:57 -0400 Subject: hs: Remove rend_client_non_anonymous_mode_enabled The removal of Tor2Web made this function useless. Signed-off-by: David Goulet --- src/feature/rend/rendclient.c | 13 ------------- src/feature/rend/rendclient.h | 2 -- src/feature/rend/rendcommon.c | 9 ++------- 3 files changed, 2 insertions(+), 22 deletions(-) (limited to 'src/feature/rend') diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c index 485ffa8be3..2c4cec65b1 100644 --- a/src/feature/rend/rendclient.c +++ b/src/feature/rend/rendclient.c @@ -1218,16 +1218,3 @@ rend_parse_service_authorization(const or_options_t *options, } return res; } - -/* At compile-time, was non-anonymous mode enabled via - * NON_ANONYMOUS_MODE_ENABLED ? */ -int -rend_client_non_anonymous_mode_enabled(const or_options_t *options) -{ - (void)options; -#ifdef NON_ANONYMOUS_MODE_ENABLED - return 1; -#else - return 0; -#endif /* defined(NON_ANONYMOUS_MODE_ENABLED) */ -} diff --git a/src/feature/rend/rendclient.h b/src/feature/rend/rendclient.h index 2e7d7aeca9..0d27d63e65 100644 --- a/src/feature/rend/rendclient.h +++ b/src/feature/rend/rendclient.h @@ -47,7 +47,5 @@ rend_service_authorization_t *rend_client_lookup_service_authorization( const char *onion_address); void rend_service_authorization_free_all(void); -int rend_client_non_anonymous_mode_enabled(const or_options_t *options); - #endif /* !defined(TOR_RENDCLIENT_H) */ diff --git a/src/feature/rend/rendcommon.c b/src/feature/rend/rendcommon.c index 6e19d56b30..8cb5fd91e6 100644 --- a/src/feature/rend/rendcommon.c +++ b/src/feature/rend/rendcommon.c @@ -987,16 +987,11 @@ rend_allow_non_anonymous_connection(const or_options_t* options) } /* Is this a rend client or server in non-anonymous mode? - * Clients must be specifically compiled in this mode. - * Onion services can be configured to start in this mode. - * Prefer rend_client_non_anonymous_mode_enabled() or - * rend_service_non_anonymous_mode_enabled() whenever possible, so that checks - * are specific to Single Onion Services. */ + * Onion services can be configured to start in this mode for single onion. */ int rend_non_anonymous_mode_enabled(const or_options_t *options) { - return (rend_client_non_anonymous_mode_enabled(options) - || rend_service_non_anonymous_mode_enabled(options)); + return rend_service_non_anonymous_mode_enabled(options); } /* Make sure that tor only builds one-hop circuits when they would not -- cgit v1.2.3-54-g00ecf