mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-23 20:03:31 +01:00
hs: Render obsolete Tor2web
Remove support for Tor2web in the code and build system. At this commit, tor doesn't have Tor2web support anymore. Ref: https://lists.torproject.org/pipermail/tor-dev/2018-July/013295.html Close #26367 Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
f8766e8878
commit
4976eca826
5
changes/bug26367
Normal file
5
changes/bug26367
Normal file
@ -0,0 +1,5 @@
|
||||
o Removed features (hidden service, tor2web):
|
||||
- Remove Tor2web functionalities. The Tor2webMode and
|
||||
Tor2webRendezvousPoints options are now obsolete. Note that this feature
|
||||
was never shipped in vanilla Tor and it was only possible to use this
|
||||
feature by building the support at compile time. Closes ticket 26367.
|
@ -181,13 +181,6 @@ if test "$enable_local_appdata" = "yes"; then
|
||||
[Defined if we default to host local appdata paths on Windows])
|
||||
fi
|
||||
|
||||
# Tor2web mode flag
|
||||
AC_ARG_ENABLE(tor2web-mode,
|
||||
AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]),
|
||||
[if test "x$enableval" = "xyes"; then
|
||||
CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
|
||||
fi])
|
||||
|
||||
AC_ARG_ENABLE(tool-name-check,
|
||||
AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))
|
||||
|
||||
|
@ -1335,7 +1335,7 @@ The following options are useful only for clients (that is, if
|
||||
to stick with them. This is desirable because constantly changing servers
|
||||
increases the odds that an adversary who owns some servers will observe a
|
||||
fraction of your paths. Entry Guards can not be used by Directory
|
||||
Authorities, Single Onion Services, and Tor2web clients. In these cases,
|
||||
Authorities, and Single Onion Services. In these cases,
|
||||
the this option is ignored. (Default: 1)
|
||||
|
||||
[[GuardfractionFile]] **GuardfractionFile** __FILENAME__::
|
||||
@ -1525,32 +1525,6 @@ The following options are useful only for clients (that is, if
|
||||
Tor will look at the UseOptimisticData parameter in the networkstatus.
|
||||
(Default: auto)
|
||||
|
||||
[[Tor2webMode]] **Tor2webMode** **0**|**1**::
|
||||
When this option is set, Tor connects to hidden services
|
||||
**non-anonymously**. This option also disables client connections to
|
||||
non-hidden-service hostnames through Tor. It **must only** be used when
|
||||
running a tor2web Hidden Service web proxy.
|
||||
To enable this option the compile time flag --enable-tor2web-mode must be
|
||||
specified. Since Tor2webMode is non-anonymous, you can not run an
|
||||
anonymous Hidden Service on a tor version compiled with Tor2webMode.
|
||||
(Default: 0)
|
||||
|
||||
[[Tor2webRendezvousPoints]] **Tor2webRendezvousPoints** __node__,__node__,__...__::
|
||||
A list of identity fingerprints, nicknames, country codes and
|
||||
address patterns of nodes that are allowed to be used as RPs
|
||||
in HS circuits; any other nodes will not be used as RPs.
|
||||
(Example:
|
||||
Tor2webRendezvousPoints Fastyfasty, ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, \{cc}, 255.254.0.0/8) +
|
||||
+
|
||||
This feature can only be used if Tor2webMode is also enabled. +
|
||||
+
|
||||
ExcludeNodes have higher priority than Tor2webRendezvousPoints,
|
||||
which means that nodes specified in ExcludeNodes will not be
|
||||
picked as RPs. +
|
||||
+
|
||||
If no nodes in Tor2webRendezvousPoints are currently available for
|
||||
use, Tor will choose a random node when building HS circuits.
|
||||
|
||||
[[HSLayer2Nodes]] **HSLayer2Nodes** __node__,__node__,__...__::
|
||||
A list of identity fingerprints, nicknames, country codes, and
|
||||
address patterns of nodes that are allowed to be used as the
|
||||
|
@ -173,7 +173,6 @@ static config_abbrev_t option_abbrevs_[] = {
|
||||
PLURAL(AuthDirRejectCC),
|
||||
PLURAL(EntryNode),
|
||||
PLURAL(ExcludeNode),
|
||||
PLURAL(Tor2webRendezvousPoint),
|
||||
PLURAL(FirewallPort),
|
||||
PLURAL(LongLivedPort),
|
||||
PLURAL(HiddenServiceNode),
|
||||
@ -597,8 +596,8 @@ static config_var_t option_vars_[] = {
|
||||
OBSOLETE("Support022HiddenServices"),
|
||||
V(TestSocks, BOOL, "0"),
|
||||
V(TokenBucketRefillInterval, MSEC_INTERVAL, "100 msec"),
|
||||
V(Tor2webMode, BOOL, "0"),
|
||||
V(Tor2webRendezvousPoints, ROUTERSET, NULL),
|
||||
OBSOLETE("Tor2webMode"),
|
||||
OBSOLETE("Tor2webRendezvousPoints"),
|
||||
OBSOLETE("TLSECGroup"),
|
||||
V(TrackHostExits, CSV, NULL),
|
||||
V(TrackHostExitsExpire, INTERVAL, "30 minutes"),
|
||||
@ -1697,8 +1696,7 @@ options_need_geoip_info(const or_options_t *options, const char **reason_out)
|
||||
routerset_needs_geoip(options->ExcludeExitNodes) ||
|
||||
routerset_needs_geoip(options->ExcludeNodes) ||
|
||||
routerset_needs_geoip(options->HSLayer2Nodes) ||
|
||||
routerset_needs_geoip(options->HSLayer3Nodes) ||
|
||||
routerset_needs_geoip(options->Tor2webRendezvousPoints);
|
||||
routerset_needs_geoip(options->HSLayer3Nodes);
|
||||
|
||||
if (routerset_usage && reason_out) {
|
||||
*reason_out = "We've been configured to use (or avoid) nodes in certain "
|
||||
@ -1881,27 +1879,6 @@ options_act(const or_options_t *old_options)
|
||||
"in a non-anonymous mode. It will provide NO ANONYMITY.");
|
||||
}
|
||||
|
||||
#ifdef ENABLE_TOR2WEB_MODE
|
||||
/* LCOV_EXCL_START */
|
||||
// XXXX This should move into options_validate()
|
||||
if (!options->Tor2webMode) {
|
||||
log_err(LD_CONFIG, "This copy of Tor was compiled to run in "
|
||||
"'tor2web mode'. It can only be run with the Tor2webMode torrc "
|
||||
"option enabled.");
|
||||
return -1;
|
||||
}
|
||||
/* LCOV_EXCL_STOP */
|
||||
#else /* !(defined(ENABLE_TOR2WEB_MODE)) */
|
||||
// XXXX This should move into options_validate()
|
||||
if (options->Tor2webMode) {
|
||||
log_err(LD_CONFIG, "This copy of Tor was not compiled to run in "
|
||||
"'tor2web mode'. It cannot be run with the Tor2webMode torrc "
|
||||
"option enabled. To enable Tor2webMode recompile with the "
|
||||
"--enable-tor2web-mode option.");
|
||||
return -1;
|
||||
}
|
||||
#endif /* defined(ENABLE_TOR2WEB_MODE) */
|
||||
|
||||
/* If we are a bridge with a pluggable transport proxy but no
|
||||
Extended ORPort, inform the user that they are missing out. */
|
||||
if (server_mode(options) && options->ServerTransportPlugin &&
|
||||
@ -2163,8 +2140,6 @@ options_act(const or_options_t *old_options)
|
||||
options->HSLayer2Nodes) ||
|
||||
!routerset_equal(old_options->HSLayer3Nodes,
|
||||
options->HSLayer3Nodes) ||
|
||||
!routerset_equal(old_options->Tor2webRendezvousPoints,
|
||||
options->Tor2webRendezvousPoints) ||
|
||||
options->StrictNodes != old_options->StrictNodes) {
|
||||
log_info(LD_CIRC,
|
||||
"Changed to using entry guards or bridges, or changed "
|
||||
@ -3306,23 +3281,12 @@ options_validate_single_onion(or_options_t *options, char **msg)
|
||||
options->NATDPort_set ||
|
||||
options->DNSPort_set ||
|
||||
options->HTTPTunnelPort_set);
|
||||
if (rend_service_non_anonymous_mode_enabled(options) && client_port_set &&
|
||||
!options->Tor2webMode) {
|
||||
if (rend_service_non_anonymous_mode_enabled(options) && client_port_set) {
|
||||
REJECT("HiddenServiceNonAnonymousMode is incompatible with using Tor as "
|
||||
"an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
|
||||
"revert HiddenServiceNonAnonymousMode to 0.");
|
||||
}
|
||||
|
||||
/* If you run a hidden service in non-anonymous mode, the hidden service
|
||||
* loses anonymity, even if SOCKSPort / Tor2web mode isn't used. */
|
||||
if (!rend_service_non_anonymous_mode_enabled(options) &&
|
||||
options->RendConfigLines && options->Tor2webMode) {
|
||||
REJECT("Non-anonymous (Tor2web) mode is incompatible with using Tor as a "
|
||||
"hidden service. Please remove all HiddenServiceDir lines, or use "
|
||||
"a version of tor compiled without --enable-tor2web-mode, or use "
|
||||
"HiddenServiceNonAnonymousMode.");
|
||||
}
|
||||
|
||||
if (rend_service_allow_non_anonymous_connection(options)
|
||||
&& options->UseEntryGuards) {
|
||||
/* Single Onion services only use entry guards when uploading descriptors;
|
||||
@ -3807,26 +3771,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
REJECT("CircuitsAvailableTimeout is too large. Max is 24 hours.");
|
||||
}
|
||||
|
||||
#ifdef ENABLE_TOR2WEB_MODE
|
||||
if (options->Tor2webMode && options->UseEntryGuards) {
|
||||
/* tor2web mode clients do not (and should not) use entry guards
|
||||
* in any meaningful way. Further, tor2web mode causes the hidden
|
||||
* service client code to do things which break the path bias
|
||||
* detector, and it's far easier to turn off entry guards (and
|
||||
* thus the path bias detector with it) than to figure out how to
|
||||
* make a piece of code which cannot possibly help tor2web mode
|
||||
* users compatible with tor2web mode.
|
||||
*/
|
||||
log_notice(LD_CONFIG,
|
||||
"Tor2WebMode is enabled; disabling UseEntryGuards.");
|
||||
options->UseEntryGuards = 0;
|
||||
}
|
||||
#endif /* defined(ENABLE_TOR2WEB_MODE) */
|
||||
|
||||
if (options->Tor2webRendezvousPoints && !options->Tor2webMode) {
|
||||
REJECT("Tor2webRendezvousPoints cannot be set without Tor2webMode.");
|
||||
}
|
||||
|
||||
if (options->EntryNodes && !options->UseEntryGuards) {
|
||||
REJECT("If EntryNodes is set, UseEntryGuards must be enabled.");
|
||||
}
|
||||
|
@ -256,14 +256,6 @@ struct or_options_t {
|
||||
int AllDirActionsPrivate; /**< Should every directory action be sent
|
||||
* through a Tor circuit? */
|
||||
|
||||
/** Run in 'tor2web mode'? (I.e. only make client connections to hidden
|
||||
* services, and use a single hop for all hidden-service-related
|
||||
* circuits.) */
|
||||
int Tor2webMode;
|
||||
|
||||
/** A routerset that should be used when picking RPs for HS circuits. */
|
||||
routerset_t *Tor2webRendezvousPoints;
|
||||
|
||||
/** A routerset that should be used when picking middle nodes for HS
|
||||
* circuits. */
|
||||
routerset_t *HSLayer2Nodes;
|
||||
@ -537,9 +529,9 @@ struct or_options_t {
|
||||
* of fixed nodes? */
|
||||
int UseEntryGuards_option;
|
||||
/** Internal variable to remember whether we're actually acting on
|
||||
* UseEntryGuards_option -- when we're a non-anonymous Tor2web client or
|
||||
* Single Onion Service, it is always false, otherwise we use the value of
|
||||
* UseEntryGuards_option. */
|
||||
* UseEntryGuards_option -- when we're a non-anonymous Single Onion Service,
|
||||
* it is always false, otherwise we use the value of UseEntryGuards_option.
|
||||
* */
|
||||
int UseEntryGuards;
|
||||
|
||||
int NumEntryGuards; /**< How many entry guards do we try to establish? */
|
||||
|
@ -1882,13 +1882,6 @@ channel_do_open_actions(channel_t *chan)
|
||||
if (!get_options()->ConnectionPadding) {
|
||||
/* Disable if torrc disabled */
|
||||
channelpadding_disable_padding_on_channel(chan);
|
||||
} else if (get_options()->Tor2webMode &&
|
||||
!networkstatus_get_param(NULL,
|
||||
CHANNELPADDING_TOR2WEB_PARAM,
|
||||
CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1)) {
|
||||
/* Disable if we're using tor2web and the consensus disabled padding
|
||||
* for tor2web */
|
||||
channelpadding_disable_padding_on_channel(chan);
|
||||
} else if (rend_service_allow_non_anonymous_connection(get_options()) &&
|
||||
!networkstatus_get_param(NULL,
|
||||
CHANNELPADDING_SOS_PARAM,
|
||||
|
@ -52,8 +52,6 @@ static int consensus_nf_conntimeout_clients;
|
||||
static int consensus_nf_pad_before_usage;
|
||||
/** Should we pad relay-to-relay connections? */
|
||||
static int consensus_nf_pad_relays;
|
||||
/** Should we pad tor2web connections? */
|
||||
static int consensus_nf_pad_tor2web;
|
||||
/** Should we pad rosos connections? */
|
||||
static int consensus_nf_pad_single_onion;
|
||||
|
||||
@ -141,11 +139,6 @@ channelpadding_new_consensus_params(networkstatus_t *ns)
|
||||
consensus_nf_pad_relays =
|
||||
networkstatus_get_param(ns, "nf_pad_relays", 0, 0, 1);
|
||||
|
||||
consensus_nf_pad_tor2web =
|
||||
networkstatus_get_param(ns,
|
||||
CHANNELPADDING_TOR2WEB_PARAM,
|
||||
CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1);
|
||||
|
||||
consensus_nf_pad_single_onion =
|
||||
networkstatus_get_param(ns,
|
||||
CHANNELPADDING_SOS_PARAM,
|
||||
@ -740,15 +733,6 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
|
||||
return CHANNELPADDING_WONTPAD;
|
||||
}
|
||||
|
||||
if (options->Tor2webMode && !consensus_nf_pad_tor2web) {
|
||||
/* If the consensus just changed values, this channel may still
|
||||
* think padding is enabled. Negotiate it off. */
|
||||
if (chan->padding_enabled)
|
||||
channelpadding_disable_padding_on_channel(chan);
|
||||
|
||||
return CHANNELPADDING_WONTPAD;
|
||||
}
|
||||
|
||||
if (rend_service_allow_non_anonymous_connection(options) &&
|
||||
!consensus_nf_pad_single_onion) {
|
||||
/* If the consensus just changed values, this channel may still
|
||||
|
@ -13,8 +13,6 @@
|
||||
|
||||
#include "trunnel/channelpadding_negotiation.h"
|
||||
|
||||
#define CHANNELPADDING_TOR2WEB_PARAM "nf_pad_tor2web"
|
||||
#define CHANNELPADDING_TOR2WEB_DEFAULT 1
|
||||
#define CHANNELPADDING_SOS_PARAM "nf_pad_single_onion"
|
||||
#define CHANNELPADDING_SOS_DEFAULT 1
|
||||
|
||||
|
@ -408,10 +408,10 @@ onion_populate_cpath(origin_circuit_t *circ)
|
||||
* edge cases. */
|
||||
tor_assert(circuit_get_cpath_len(circ));
|
||||
if (circuit_can_use_tap(circ)) {
|
||||
/* Circuits from clients to intro points, and hidden services to
|
||||
* rend points do not support ntor, because the hidden service protocol
|
||||
* does not include ntor onion keys. This is also true for Tor2web clients
|
||||
* and Single Onion Services. */
|
||||
/* Circuits from clients to intro points, and hidden services to rend
|
||||
* points do not support ntor, because the hidden service protocol does
|
||||
* not include ntor onion keys. This is also true for Single Onion
|
||||
* Services. */
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -824,7 +824,6 @@ circuit_timeout_want_to_count_circ(const origin_circuit_t *circ)
|
||||
* accordingly.
|
||||
* Note that TAP handshakes in CREATE cells are only used for direct
|
||||
* connections:
|
||||
* - from Tor2web to intro points not in the client's consensus, and
|
||||
* - from Single Onions to rend points not in the service's consensus.
|
||||
* This is checked in onion_populate_cpath. */
|
||||
static void
|
||||
@ -1985,98 +1984,11 @@ choose_good_exit_server_general(router_crn_flags_t flags)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
|
||||
/* The config option Tor2webRendezvousPoints has been set and we need
|
||||
* to pick an RP out of that set. Make sure that the RP we choose is
|
||||
* alive, and return it. Return NULL if no usable RP could be found in
|
||||
* Tor2webRendezvousPoints. */
|
||||
STATIC const node_t *
|
||||
pick_tor2web_rendezvous_node(router_crn_flags_t flags,
|
||||
const or_options_t *options)
|
||||
{
|
||||
const node_t *rp_node = NULL;
|
||||
const int need_desc = (flags & CRN_NEED_DESC) != 0;
|
||||
const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
|
||||
const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
|
||||
|
||||
smartlist_t *whitelisted_live_rps = smartlist_new();
|
||||
smartlist_t *all_live_nodes = smartlist_new();
|
||||
|
||||
tor_assert(options->Tor2webRendezvousPoints);
|
||||
|
||||
/* Add all running nodes to all_live_nodes */
|
||||
router_add_running_nodes_to_smartlist(all_live_nodes,
|
||||
0, 0, 0,
|
||||
need_desc,
|
||||
pref_addr,
|
||||
direct_conn);
|
||||
|
||||
/* Filter all_live_nodes to only add live *and* whitelisted RPs to
|
||||
* the list whitelisted_live_rps. */
|
||||
SMARTLIST_FOREACH_BEGIN(all_live_nodes, node_t *, live_node) {
|
||||
if (routerset_contains_node(options->Tor2webRendezvousPoints, live_node)) {
|
||||
smartlist_add(whitelisted_live_rps, live_node);
|
||||
}
|
||||
} SMARTLIST_FOREACH_END(live_node);
|
||||
|
||||
/* Honor ExcludeNodes */
|
||||
if (options->ExcludeNodes) {
|
||||
routerset_subtract_nodes(whitelisted_live_rps, options->ExcludeNodes);
|
||||
}
|
||||
|
||||
/* Now pick randomly amongst the whitelisted RPs. No need to waste time
|
||||
doing bandwidth load balancing, for most use cases
|
||||
'whitelisted_live_rps' contains a single OR anyway. */
|
||||
rp_node = smartlist_choose(whitelisted_live_rps);
|
||||
|
||||
if (!rp_node) {
|
||||
log_warn(LD_REND, "Could not find a Rendezvous Point that suits "
|
||||
"the purposes of Tor2webRendezvousPoints. Choosing random one.");
|
||||
}
|
||||
|
||||
smartlist_free(whitelisted_live_rps);
|
||||
smartlist_free(all_live_nodes);
|
||||
|
||||
return rp_node;
|
||||
}
|
||||
#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
|
||||
|
||||
/* Pick a Rendezvous Point for our HS circuits according to <b>flags</b>. */
|
||||
static const node_t *
|
||||
pick_rendezvous_node(router_crn_flags_t flags)
|
||||
{
|
||||
const or_options_t *options = get_options();
|
||||
|
||||
#ifdef ENABLE_TOR2WEB_MODE
|
||||
/* We want to connect directly to the node if we can */
|
||||
router_crn_flags_t direct_flags = flags;
|
||||
direct_flags |= CRN_PREF_ADDR;
|
||||
direct_flags |= CRN_DIRECT_CONN;
|
||||
|
||||
/* The user wants us to pick specific RPs. */
|
||||
if (options->Tor2webRendezvousPoints) {
|
||||
const node_t *tor2web_rp = pick_tor2web_rendezvous_node(direct_flags,
|
||||
options);
|
||||
if (tor2web_rp) {
|
||||
return tor2web_rp;
|
||||
}
|
||||
}
|
||||
|
||||
/* Else, if no direct, preferred tor2web RP was found, fall back to choosing
|
||||
* a random direct node */
|
||||
const node_t *node = router_choose_random_node(NULL, options->ExcludeNodes,
|
||||
direct_flags);
|
||||
/* Return the direct node (if found), or log a message and fall back to an
|
||||
* indirect connection. */
|
||||
if (node) {
|
||||
return node;
|
||||
} else {
|
||||
log_info(LD_REND,
|
||||
"Unable to find a random rendezvous point that is reachable via "
|
||||
"a direct connection, falling back to a 3-hop path.");
|
||||
}
|
||||
#endif /* defined(ENABLE_TOR2WEB_MODE) */
|
||||
|
||||
return router_choose_random_node(NULL, options->ExcludeNodes, flags);
|
||||
}
|
||||
|
||||
|
@ -93,14 +93,10 @@ STATIC int
|
||||
onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei,
|
||||
int is_hs_v3_rp_circuit);
|
||||
|
||||
#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
|
||||
enum router_crn_flags_t;
|
||||
STATIC const node_t *pick_tor2web_rendezvous_node(
|
||||
enum router_crn_flags_t flags,
|
||||
const or_options_t *options);
|
||||
#if defined(TOR_UNIT_TESTS)
|
||||
unsigned int cpath_get_n_hops(crypt_path_t **head_ptr);
|
||||
|
||||
#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
|
||||
#endif /* defined(TOR_UNIT_TESTS) */
|
||||
|
||||
#endif /* defined(CIRCUITBUILD_PRIVATE) */
|
||||
|
||||
|
@ -113,8 +113,7 @@ get_circuit_build_timeout_ms(void)
|
||||
* 2. If the torrc option LearnCircuitBuildTimeout is false.
|
||||
* 3. If we are a directory authority
|
||||
* 4. If we fail to write circuit build time history to our state file.
|
||||
* 5. If we are compiled or configured in Tor2web mode
|
||||
* 6. If we are configured in Single Onion mode
|
||||
* 5. If we are configured in Single Onion mode
|
||||
*/
|
||||
int
|
||||
circuit_build_times_disabled(const or_options_t *options)
|
||||
@ -136,7 +135,7 @@ circuit_build_times_disabled_(const or_options_t *options,
|
||||
int config_disabled = !options->LearnCircuitBuildTimeout;
|
||||
int dirauth_disabled = authdir_mode(options);
|
||||
int state_disabled = did_last_state_file_write_fail() ? 1 : 0;
|
||||
/* LearnCircuitBuildTimeout and Tor2web/Single Onion Services are
|
||||
/* LearnCircuitBuildTimeout and Single Onion Services are
|
||||
* incompatible in two ways:
|
||||
*
|
||||
* - LearnCircuitBuildTimeout results in a low CBT, which
|
||||
@ -148,12 +147,11 @@ circuit_build_times_disabled_(const or_options_t *options,
|
||||
*
|
||||
* If we fix both of these issues someday, we should test
|
||||
* these modes with LearnCircuitBuildTimeout on again. */
|
||||
int tor2web_disabled = rend_client_allow_non_anonymous_connection(options);
|
||||
int single_onion_disabled = rend_service_allow_non_anonymous_connection(
|
||||
options);
|
||||
|
||||
if (consensus_disabled || config_disabled || dirauth_disabled ||
|
||||
state_disabled || tor2web_disabled || single_onion_disabled) {
|
||||
state_disabled || single_onion_disabled) {
|
||||
#if 0
|
||||
log_debug(LD_CIRC,
|
||||
"CircuitBuildTime learning is disabled. "
|
||||
|
@ -863,8 +863,7 @@ static time_t last_expired_clientside_circuits = 0;
|
||||
/**
|
||||
* As a diagnostic for bug 8387, log information about how many one-hop
|
||||
* circuits we have around that have been there for at least <b>age</b>
|
||||
* seconds. Log a few of them.
|
||||
* Ignores Single Onion Service intro and Tor2web redezvous circuits, they are
|
||||
* seconds. Log a few of them. Ignores Single Onion Service intro, it is
|
||||
* expected to be long-term one-hop circuits.
|
||||
*/
|
||||
void
|
||||
@ -889,10 +888,8 @@ circuit_log_ancient_one_hop_circuits(int age)
|
||||
(circ->purpose == CIRCUIT_PURPOSE_S_INTRO ||
|
||||
circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED))
|
||||
continue;
|
||||
/* Tor2web deliberately makes long term one-hop rend connections,
|
||||
* particularly when Tor2webRendezvousPoints is used. We only ignore
|
||||
* active rend point connections, if we take a long time to rendezvous,
|
||||
* that's worth logging. */
|
||||
/* We only ignore active rend point connections, if we take a long time
|
||||
* to rendezvous, that's worth logging. */
|
||||
if (rend_client_allow_non_anonymous_connection(options) &&
|
||||
circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
|
||||
continue;
|
||||
@ -1999,7 +1996,7 @@ circuit_should_use_vanguards(uint8_t purpose)
|
||||
* Return true for the set of conditions for which it is OK to use
|
||||
* a cannibalized circuit.
|
||||
*
|
||||
* Don't cannibalize for onehops, or tor2web, or certain purposes.
|
||||
* Don't cannibalize for onehops, or certain purposes.
|
||||
*/
|
||||
static int
|
||||
circuit_should_cannibalize_to_build(uint8_t purpose_to_build,
|
||||
@ -2008,8 +2005,7 @@ circuit_should_cannibalize_to_build(uint8_t purpose_to_build,
|
||||
int need_specific_rp)
|
||||
{
|
||||
|
||||
/* Do not try to cannibalize if this is a one hop circuit, or
|
||||
* is a tor2web/special rp. */
|
||||
/* Do not try to cannibalize if this is a one hop circuit. */
|
||||
if (onehop_tunnel || need_specific_rp) {
|
||||
return 0;
|
||||
}
|
||||
@ -2075,14 +2071,6 @@ circuit_launch_by_extend_info(uint8_t purpose,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* If Tor2webRendezvousPoints is enabled and we are dealing with an
|
||||
RP circuit, we want a specific RP node so we shouldn't canibalize
|
||||
an already existing circuit. */
|
||||
if (get_options()->Tor2webRendezvousPoints &&
|
||||
purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
|
||||
need_specific_rp = 1;
|
||||
}
|
||||
|
||||
/* If we can/should cannibalize another circuit to build this one,
|
||||
* then do so. */
|
||||
if (circuit_should_cannibalize_to_build(purpose,
|
||||
@ -2485,16 +2473,6 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
|
||||
else
|
||||
new_circ_purpose = desired_circuit_purpose;
|
||||
|
||||
#ifdef ENABLE_TOR2WEB_MODE
|
||||
/* If tor2Web is on, then hidden service requests should be one-hop.
|
||||
*/
|
||||
if (options->Tor2webMode &&
|
||||
(new_circ_purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND ||
|
||||
new_circ_purpose == CIRCUIT_PURPOSE_C_INTRODUCING)) {
|
||||
want_onehop = 1;
|
||||
}
|
||||
#endif /* defined(ENABLE_TOR2WEB_MODE) */
|
||||
|
||||
/* Determine what kind of a circuit to launch, and actually launch it. */
|
||||
{
|
||||
int flags = CIRCLAUNCH_NEED_CAPACITY;
|
||||
|
@ -1835,18 +1835,6 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef ENABLE_TOR2WEB_MODE
|
||||
/* If we're running in Tor2webMode, we don't allow anything BUT .onion
|
||||
* addresses. */
|
||||
if (options->Tor2webMode) {
|
||||
log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname "
|
||||
"or IP address %s because tor2web mode is enabled.",
|
||||
safe_str_client(socks->address));
|
||||
connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
|
||||
return -1;
|
||||
}
|
||||
#endif /* defined(ENABLE_TOR2WEB_MODE) */
|
||||
|
||||
/* socks->address is a non-onion hostname or IP address.
|
||||
* If we can't do any non-onion requests, refuse the connection.
|
||||
* If we have a hostname but can't do DNS, refuse the connection.
|
||||
|
@ -103,10 +103,6 @@ struct curve25519_public_key_t;
|
||||
#define cell_t tor_cell_t
|
||||
#endif
|
||||
|
||||
#ifdef ENABLE_TOR2WEB_MODE
|
||||
#define NON_ANONYMOUS_MODE_ENABLED 1
|
||||
#endif
|
||||
|
||||
/** Helper macro: Given a pointer to to.base_, of type from*, return &to. */
|
||||
#define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_))
|
||||
|
||||
|
@ -803,10 +803,8 @@ directory_choose_address_routerstatus(const routerstatus_t *status,
|
||||
* allowed by the firewall.
|
||||
*
|
||||
* (When Tor uploads and downloads a hidden service descriptor, it uses
|
||||
* DIRIND_ANONYMOUS, except for Tor2Web, which uses DIRIND_ONEHOP.
|
||||
* So this code will only modify the address for Tor2Web's HS descriptor
|
||||
* fetches. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS, to avoid
|
||||
* HSDirs denying service by rejecting descriptors.)
|
||||
* DIRIND_ANONYMOUS. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS,
|
||||
* to avoid HSDirs denying service by rejecting descriptors.)
|
||||
*/
|
||||
|
||||
/* Initialise the OR / Dir addresses */
|
||||
|
@ -449,12 +449,7 @@ directory_get_from_hs_dir(const char *desc_id,
|
||||
char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
|
||||
char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
|
||||
const rend_data_v2_t *rend_data;
|
||||
#ifdef ENABLE_TOR2WEB_MODE
|
||||
const int tor2web_mode = get_options()->Tor2webMode;
|
||||
const int how_to_fetch = tor2web_mode ? DIRIND_ONEHOP : DIRIND_ANONYMOUS;
|
||||
#else
|
||||
const int how_to_fetch = DIRIND_ANONYMOUS;
|
||||
#endif /* defined(ENABLE_TOR2WEB_MODE) */
|
||||
|
||||
tor_assert(desc_id);
|
||||
tor_assert(rend_query);
|
||||
@ -1226,15 +1221,12 @@ rend_parse_service_authorization(const or_options_t *options,
|
||||
|
||||
/* Can Tor client code make direct (non-anonymous) connections to introduction
|
||||
* or rendezvous points?
|
||||
* Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED, and is
|
||||
* configured in Tor2web mode. */
|
||||
* Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED. */
|
||||
int
|
||||
rend_client_allow_non_anonymous_connection(const or_options_t *options)
|
||||
{
|
||||
/* Tor2web support needs to be compiled in to a tor binary. */
|
||||
#ifdef NON_ANONYMOUS_MODE_ENABLED
|
||||
/* Tor2web */
|
||||
return options->Tor2webMode ? 1 : 0;
|
||||
return 1;
|
||||
#else
|
||||
(void)options;
|
||||
return 0;
|
||||
@ -1247,9 +1239,7 @@ int
|
||||
rend_client_non_anonymous_mode_enabled(const or_options_t *options)
|
||||
{
|
||||
(void)options;
|
||||
/* Tor2web support needs to be compiled in to a tor binary. */
|
||||
#ifdef NON_ANONYMOUS_MODE_ENABLED
|
||||
/* Tor2web */
|
||||
return 1;
|
||||
#else
|
||||
return 0;
|
||||
|
@ -983,7 +983,7 @@ rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out,
|
||||
* Onion services can be configured to start in this mode.
|
||||
* Prefer rend_client_allow_non_anonymous_connection() or
|
||||
* rend_service_allow_non_anonymous_connection() whenever possible, so that
|
||||
* checks are specific to Single Onion Services or Tor2web. */
|
||||
* checks are specific to Single Onion Services. */
|
||||
int
|
||||
rend_allow_non_anonymous_connection(const or_options_t* options)
|
||||
{
|
||||
@ -996,7 +996,7 @@ rend_allow_non_anonymous_connection(const or_options_t* options)
|
||||
* Onion services can be configured to start in this mode.
|
||||
* Prefer rend_client_non_anonymous_mode_enabled() or
|
||||
* rend_service_non_anonymous_mode_enabled() whenever possible, so that checks
|
||||
* are specific to Single Onion Services or Tor2web. */
|
||||
* are specific to Single Onion Services. */
|
||||
int
|
||||
rend_non_anonymous_mode_enabled(const or_options_t *options)
|
||||
{
|
||||
@ -1007,9 +1007,9 @@ rend_non_anonymous_mode_enabled(const or_options_t *options)
|
||||
/* Make sure that tor only builds one-hop circuits when they would not
|
||||
* compromise user anonymity.
|
||||
*
|
||||
* One-hop circuits are permitted in Tor2web or Single Onion modes.
|
||||
* One-hop circuits are permitted in Single Onion modes.
|
||||
*
|
||||
* Tor2web or Single Onion modes are also allowed to make multi-hop circuits.
|
||||
* Single Onion modes are also allowed to make multi-hop circuits.
|
||||
* For example, single onion HSDir circuits are 3-hop to prevent denial of
|
||||
* service.
|
||||
*/
|
||||
|
@ -237,7 +237,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
|
||||
}
|
||||
|
||||
/* Check if we are configured to accept established rendezvous cells from
|
||||
* client or in other words tor2web clients. */
|
||||
* client or in other words Tor2Web clients. */
|
||||
if (channel_is_client(circ->p_chan) &&
|
||||
dos_should_refuse_single_hop_client()) {
|
||||
/* Note it down for the heartbeat log purposes. */
|
||||
|
@ -406,81 +406,12 @@ test_channelpadding_killonehop(void *arg)
|
||||
setup_mock_consensus();
|
||||
setup_mock_network();
|
||||
|
||||
/* Do we disable padding if tor2webmode or rsos are enabled, and
|
||||
* the consensus says don't pad? */
|
||||
|
||||
/* Ensure we can kill tor2web and rsos padding if we want. */
|
||||
// First, test that padding works if either is enabled
|
||||
smartlist_clear(current_md_consensus->net_params);
|
||||
channelpadding_new_consensus_params(current_md_consensus);
|
||||
/* Do we disable padding if rsos is enabled, and the consensus says don't
|
||||
* pad? */
|
||||
|
||||
monotime_coarse_t now;
|
||||
monotime_coarse_get(&now);
|
||||
|
||||
tried_to_write_cell = 0;
|
||||
get_options_mutable()->Tor2webMode = 1;
|
||||
monotime_coarse_add_msec(&client_relay3->next_padding_time, &now, 100);
|
||||
decision = channelpadding_decide_to_pad_channel(client_relay3);
|
||||
tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
|
||||
tt_assert(client_relay3->pending_padding_callback);
|
||||
tt_int_op(tried_to_write_cell, OP_EQ, 0);
|
||||
|
||||
decision = channelpadding_decide_to_pad_channel(client_relay3);
|
||||
tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_ALREADY_SCHEDULED);
|
||||
|
||||
// Wait for the timer
|
||||
new_time += 101*NSEC_PER_MSEC;
|
||||
monotime_coarse_set_mock_time_nsec(new_time);
|
||||
monotime_set_mock_time_nsec(new_time);
|
||||
monotime_coarse_get(&now);
|
||||
timers_run_pending();
|
||||
tt_int_op(tried_to_write_cell, OP_EQ, 1);
|
||||
tt_assert(!client_relay3->pending_padding_callback);
|
||||
|
||||
// Then test disabling each via consensus param
|
||||
smartlist_add(current_md_consensus->net_params,
|
||||
(void*)"nf_pad_tor2web=0");
|
||||
channelpadding_new_consensus_params(current_md_consensus);
|
||||
|
||||
// Before the client tries to pad, the relay will still pad:
|
||||
tried_to_write_cell = 0;
|
||||
monotime_coarse_add_msec(&relay3_client->next_padding_time, &now, 100);
|
||||
get_options_mutable()->ORPort_set = 1;
|
||||
get_options_mutable()->Tor2webMode = 0;
|
||||
decision = channelpadding_decide_to_pad_channel(relay3_client);
|
||||
tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
|
||||
tt_assert(relay3_client->pending_padding_callback);
|
||||
|
||||
// Wait for the timer
|
||||
new_time += 101*NSEC_PER_MSEC;
|
||||
monotime_coarse_set_mock_time_nsec(new_time);
|
||||
monotime_set_mock_time_nsec(new_time);
|
||||
monotime_coarse_get(&now);
|
||||
timers_run_pending();
|
||||
tt_int_op(tried_to_write_cell, OP_EQ, 1);
|
||||
tt_assert(!client_relay3->pending_padding_callback);
|
||||
|
||||
// Test client side (it should stop immediately, but send a negotiate)
|
||||
tried_to_write_cell = 0;
|
||||
tt_assert(relay3_client->padding_enabled);
|
||||
tt_assert(client_relay3->padding_enabled);
|
||||
get_options_mutable()->Tor2webMode = 1;
|
||||
/* For the relay to receive the negotiate: */
|
||||
get_options_mutable()->ORPort_set = 1;
|
||||
decision = channelpadding_decide_to_pad_channel(client_relay3);
|
||||
tt_int_op(decision, OP_EQ, CHANNELPADDING_WONTPAD);
|
||||
tt_int_op(tried_to_write_cell, OP_EQ, 1);
|
||||
tt_assert(!client_relay3->pending_padding_callback);
|
||||
tt_assert(!relay3_client->padding_enabled);
|
||||
|
||||
// Test relay side (it should have gotten the negotiation to disable)
|
||||
get_options_mutable()->ORPort_set = 1;
|
||||
get_options_mutable()->Tor2webMode = 0;
|
||||
tt_int_op(channelpadding_decide_to_pad_channel(relay3_client), OP_EQ,
|
||||
CHANNELPADDING_WONTPAD);
|
||||
tt_assert(!relay3_client->padding_enabled);
|
||||
|
||||
/* Repeat for SOS */
|
||||
// First, test that padding works if either is enabled
|
||||
smartlist_clear(current_md_consensus->net_params);
|
||||
channelpadding_new_consensus_params(current_md_consensus);
|
||||
|
@ -354,76 +354,6 @@ test_hs_desc_event(void *arg)
|
||||
tor_free(received_msg);
|
||||
}
|
||||
|
||||
/* Make sure we always pick the right RP, given a well formatted
|
||||
* Tor2webRendezvousPoints value. */
|
||||
static void
|
||||
test_pick_tor2web_rendezvous_node(void *arg)
|
||||
{
|
||||
or_options_t *options = get_options_mutable();
|
||||
const node_t *chosen_rp = NULL;
|
||||
router_crn_flags_t flags = CRN_NEED_DESC;
|
||||
int retval, i;
|
||||
const char *tor2web_rendezvous_str = "test003r";
|
||||
|
||||
(void) arg;
|
||||
|
||||
/* Setup fake routerlist. */
|
||||
helper_setup_fake_routerlist();
|
||||
|
||||
/* Parse Tor2webRendezvousPoints as a routerset. */
|
||||
options->Tor2webRendezvousPoints = routerset_new();
|
||||
options->UseMicrodescriptors = 0;
|
||||
retval = routerset_parse(options->Tor2webRendezvousPoints,
|
||||
tor2web_rendezvous_str,
|
||||
"test_tor2web_rp");
|
||||
tt_int_op(retval, OP_GE, 0);
|
||||
|
||||
/* Pick rendezvous point. Make sure the correct one is
|
||||
picked. Repeat many times to make sure it works properly. */
|
||||
for (i = 0; i < 50 ; i++) {
|
||||
chosen_rp = pick_tor2web_rendezvous_node(flags, options);
|
||||
tt_assert(chosen_rp);
|
||||
tt_str_op(chosen_rp->ri->nickname, OP_EQ, tor2web_rendezvous_str);
|
||||
}
|
||||
|
||||
done:
|
||||
routerset_free(options->Tor2webRendezvousPoints);
|
||||
}
|
||||
|
||||
/* Make sure we never pick an RP if Tor2webRendezvousPoints doesn't
|
||||
* correspond to an actual node. */
|
||||
static void
|
||||
test_pick_bad_tor2web_rendezvous_node(void *arg)
|
||||
{
|
||||
or_options_t *options = get_options_mutable();
|
||||
const node_t *chosen_rp = NULL;
|
||||
router_crn_flags_t flags = CRN_NEED_DESC;
|
||||
int retval, i;
|
||||
const char *tor2web_rendezvous_str = "dummy";
|
||||
|
||||
(void) arg;
|
||||
|
||||
/* Setup fake routerlist. */
|
||||
helper_setup_fake_routerlist();
|
||||
|
||||
/* Parse Tor2webRendezvousPoints as a routerset. */
|
||||
options->Tor2webRendezvousPoints = routerset_new();
|
||||
retval = routerset_parse(options->Tor2webRendezvousPoints,
|
||||
tor2web_rendezvous_str,
|
||||
"test_tor2web_rp");
|
||||
tt_int_op(retval, OP_GE, 0);
|
||||
|
||||
/* Pick rendezvous point. Since Tor2webRendezvousPoints was set to a
|
||||
dummy value, we shouldn't find any eligible RPs. */
|
||||
for (i = 0; i < 50 ; i++) {
|
||||
chosen_rp = pick_tor2web_rendezvous_node(flags, options);
|
||||
tt_ptr_op(chosen_rp, OP_EQ, NULL);
|
||||
}
|
||||
|
||||
done:
|
||||
routerset_free(options->Tor2webRendezvousPoints);
|
||||
}
|
||||
|
||||
/* Make sure rend_data_t is valid at creation, destruction and when
|
||||
* duplicated. */
|
||||
static void
|
||||
@ -1046,11 +976,6 @@ struct testcase_t hs_tests[] = {
|
||||
NULL, NULL },
|
||||
{ "hs_desc_event", test_hs_desc_event, TT_FORK,
|
||||
NULL, NULL },
|
||||
{ "pick_tor2web_rendezvous_node", test_pick_tor2web_rendezvous_node, TT_FORK,
|
||||
NULL, NULL },
|
||||
{ "pick_bad_tor2web_rendezvous_node",
|
||||
test_pick_bad_tor2web_rendezvous_node, TT_FORK,
|
||||
NULL, NULL },
|
||||
{ "hs_auth_cookies", test_hs_auth_cookies, TT_FORK,
|
||||
NULL, NULL },
|
||||
{ "single_onion_poisoning_create_dir_none", test_single_onion_poisoning,
|
||||
|
@ -2423,36 +2423,6 @@ test_options_validate__circuits(void *ignored)
|
||||
tor_free(msg);
|
||||
}
|
||||
|
||||
static void
|
||||
test_options_validate__tor2web(void *ignored)
|
||||
{
|
||||
(void)ignored;
|
||||
int ret;
|
||||
char *msg;
|
||||
options_test_data_t *tdata = NULL;
|
||||
|
||||
free_options_test_data(tdata);
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"Tor2webRendezvousPoints 1\n");
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, -1);
|
||||
tt_str_op(msg, OP_EQ,
|
||||
"Tor2webRendezvousPoints cannot be set without Tor2webMode.");
|
||||
tor_free(msg);
|
||||
|
||||
free_options_test_data(tdata);
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"Tor2webRendezvousPoints 1\nTor2webMode 1\n");
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
tor_free(msg);
|
||||
|
||||
done:
|
||||
policies_free_all();
|
||||
free_options_test_data(tdata);
|
||||
tor_free(msg);
|
||||
}
|
||||
|
||||
static void
|
||||
test_options_validate__rend(void *ignored)
|
||||
{
|
||||
@ -2566,13 +2536,11 @@ test_options_validate__single_onion(void *ignored)
|
||||
tt_ptr_op(msg, OP_EQ, NULL);
|
||||
free_options_test_data(tdata);
|
||||
|
||||
/* Test that SOCKSPort must come with Tor2webMode if
|
||||
* HiddenServiceSingleHopMode is 1 */
|
||||
/* Test that SOCKSPort if HiddenServiceSingleHopMode is 1 */
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"SOCKSPort 5000\n"
|
||||
"HiddenServiceSingleHopMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
"Tor2webMode 0\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, -1);
|
||||
@ -2587,7 +2555,6 @@ test_options_validate__single_onion(void *ignored)
|
||||
"SOCKSPort 0\n"
|
||||
"HiddenServiceSingleHopMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
"Tor2webMode 0\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
@ -2597,27 +2564,13 @@ test_options_validate__single_onion(void *ignored)
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"SOCKSPort 5000\n"
|
||||
"HiddenServiceSingleHopMode 0\n"
|
||||
"Tor2webMode 0\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
tt_ptr_op(msg, OP_EQ, NULL);
|
||||
free_options_test_data(tdata);
|
||||
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"SOCKSPort 5000\n"
|
||||
"HiddenServiceSingleHopMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
"Tor2webMode 1\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
tt_ptr_op(msg, OP_EQ, NULL);
|
||||
free_options_test_data(tdata);
|
||||
|
||||
/* Test that a hidden service can't be run with Tor2web
|
||||
* Use HiddenServiceNonAnonymousMode instead of Tor2webMode, because
|
||||
* Tor2webMode requires a compilation #define */
|
||||
/* Test that a hidden service can't be run in non anonymous mode. */
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
"HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
|
||||
@ -4222,7 +4175,6 @@ struct testcase_t options_tests[] = {
|
||||
LOCAL_VALIDATE_TEST(path_bias),
|
||||
LOCAL_VALIDATE_TEST(bandwidth),
|
||||
LOCAL_VALIDATE_TEST(circuits),
|
||||
LOCAL_VALIDATE_TEST(tor2web),
|
||||
LOCAL_VALIDATE_TEST(rend),
|
||||
LOCAL_VALIDATE_TEST(single_onion),
|
||||
LOCAL_VALIDATE_TEST(accounting),
|
||||
|
Loading…
Reference in New Issue
Block a user