Merge branch 'bug10881'

changes/bug10881

@@ -0,0 +1,7 @@
+  o Removed code:
+
+    - Remove code for designating authorities as "Hidden service
+      authorities". There has been no use of hidden service authorities
+      since 0.2.2.1-alpha, when we stopped uploading or downloading v0
+      hidden service descriptors. Fixes bug 10881; part of a fix for bug
+      10841.

doc/tor.1.txt

@@ -331,12 +331,10 @@ GENERAL OPTIONS
     and port, with the specified key fingerprint. This option can be repeated
     many times, for multiple authoritative directory servers. Flags are
     separated by spaces, and determine what kind of an authority this directory
-    is. By default, every authority is authoritative for current ("v2")-style
-    directories, unless the "no-v2" flag is given. If the "v1" flags is
+    is. By default, an authority is not authoritative any directory style
+    or version, unless an appropriate flag is given. If the "v1" flag is
     provided, Tor will use this server as an authority for old-style (v1)
-    directories as well. (Only directory mirrors care about this.) Tor will
-    use this server as an authority for hidden service information if the "hs"
-    flag is set, or if the "v1" flag is set and the "no-hs" flag is **not** set.
+    directories as well. (Only directory mirrors care about this.)
     Tor will use this authority as a bridge authoritative directory if the
     "bridge" flag is set. If a flag "orport=**port**" is given, Tor will use the
     given port when opening encrypted tunnels to the dirserver. If a flag
@@ -365,17 +363,14 @@ GENERAL OPTIONS
 
 [[AlternateDirAuthority]] **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
 
-[[AlternateHSAuthority]] **AlternateHSAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
-
 [[AlternateBridgeAuthority]] **AlternateBridgeAuthority** [__nickname__] [**flags**] __address__:__port__ __ fingerprint__::
     These options behave as DirAuthority, but they replace fewer of the
     default directory authorities. Using
     AlternateDirAuthority replaces the default Tor directory authorities, but
-    leaves the default hidden service authorities and bridge authorities in
-    place.  Similarly, AlternateHSAuthority replaces the default hidden
-    service authorities, but not the directory or bridge authorities; and
+    leaves the default bridge authorities in
+    place.  Similarly,
     AlternateBridgeAuthority replaces the default bridge authority,
-    but leaves the directory and hidden service authorities alone.
+    but leaves the directory authorities alone.
 
 [[DisableAllSwap]] **DisableAllSwap** **0**|**1**::
     If set to 1, Tor will attempt to lock all current and future memory pages,
@@ -1794,11 +1789,6 @@ if DirPort is non-zero):
     accept or publish descriptors that contradict a registered binding. See
     **approved-routers** in the **FILES** section below.
 
-[[HSAuthoritativeDir]] **HSAuthoritativeDir** **0**|**1**::
-    When this option is set in addition to **AuthoritativeDirectory**, Tor also
-    accepts and serves v0 hidden service descriptors,
-    which are produced and used by Tor 0.2.1.x and older. (Default: 0)
-
 [[HidServDirectoryV2]] **HidServDirectoryV2** **0**|**1**::
     When this option is set, Tor accepts and serves v2 hidden service
     descriptors. Setting DirPort is not required for this, because clients

src/or/config.c

@@ -137,7 +137,7 @@ static config_var_t option_vars_[] = {
   V(AllowSingleHopExits,         BOOL,     "0"),
   V(AlternateBridgeAuthority,    LINELIST, NULL),
   V(AlternateDirAuthority,       LINELIST, NULL),
-  V(AlternateHSAuthority,        LINELIST, NULL),
+  OBSOLETE("AlternateHSAuthority"),
   V(AssumeReachable,             BOOL,     "0"),
   V(AuthDirBadDir,               LINELIST, NULL),
   V(AuthDirBadDirCCs,            CSV,      ""),
@@ -276,7 +276,7 @@ static config_var_t option_vars_[] = {
   VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
   VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
   V(HidServAuth,                 LINELIST, NULL),
-  V(HSAuthoritativeDir,          BOOL,     "0"),
+  OBSOLETE("HSAuthoritativeDir"),
   OBSOLETE("HSAuthorityRecordStats"),
   V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
   V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
@@ -904,8 +904,7 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options)
   config_line_t *cl;
 
   if (options->DirAuthorities &&
-      (options->AlternateDirAuthority || options->AlternateBridgeAuthority ||
-       options->AlternateHSAuthority)) {
+      (options->AlternateDirAuthority || options->AlternateBridgeAuthority)) {
     log_warn(LD_CONFIG,
              "You cannot set both DirAuthority and Alternate*Authority.");
     return -1;
@@ -941,9 +940,6 @@ validate_dir_servers(or_options_t *options, or_options_t *old_options)
   for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
     if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
       return -1;
-  for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
-    if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
-      return -1;
   for (cl = options->FallbackDir; cl; cl = cl->next)
     if (parse_dir_fallback_line(cl->value, 1)<0)
       return -1;
@@ -966,9 +962,7 @@ consider_adding_dir_servers(const or_options_t *options,
     !config_lines_eq(options->AlternateBridgeAuthority,
                      old_options->AlternateBridgeAuthority) ||
     !config_lines_eq(options->AlternateDirAuthority,
-                     old_options->AlternateDirAuthority) ||
-    !config_lines_eq(options->AlternateHSAuthority,
-                     old_options->AlternateHSAuthority);
+                     old_options->AlternateDirAuthority);
 
   if (!need_to_update)
     return 0; /* all done */
@@ -984,8 +978,6 @@ consider_adding_dir_servers(const or_options_t *options,
     if (!options->AlternateDirAuthority)
       type |= V1_DIRINFO | V3_DIRINFO | EXTRAINFO_DIRINFO |
         MICRODESC_DIRINFO;
-    if (!options->AlternateHSAuthority)
-      type |= HIDSERV_DIRINFO;
     add_default_trusted_dir_authorities(type);
   }
   if (!options->FallbackDir)
@@ -1000,9 +992,6 @@ consider_adding_dir_servers(const or_options_t *options,
   for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
     if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
       return -1;
-  for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
-    if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
-      return -1;
   for (cl = options->FallbackDir; cl; cl = cl->next)
     if (parse_dir_fallback_line(cl->value, 0)<0)
       return -1;
@@ -2605,11 +2594,11 @@ options_validate(or_options_t *old_options, or_options_t *options,
                "extra-info documents. Setting DownloadExtraInfo.");
       options->DownloadExtraInfo = 1;
     }
-    if (!(options->BridgeAuthoritativeDir || options->HSAuthoritativeDir ||
+    if (!(options->BridgeAuthoritativeDir ||
           options->V1AuthoritativeDir ||
           options->V3AuthoritativeDir))
       REJECT("AuthoritativeDir is set, but none of "
-             "(Bridge/HS/V1/V3)AuthoritativeDir is set.");
+             "(Bridge/V1/V3)AuthoritativeDir is set.");
     /* If we have a v3bandwidthsfile and it's broken, complain on startup */
     if (options->V3BandwidthsFile && !old_options) {
       dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL);
@@ -2629,10 +2618,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
     REJECT("FetchDirInfoExtraEarly requires that you also set "
            "FetchDirInfoEarly");
 
-  if (options->HSAuthoritativeDir && proxy_mode(options))
-    REJECT("Running as authoritative v0 HS directory, but also configured "
-           "as a client.");
-
   if (options->ConnLimit <= 0) {
     tor_asprintf(msg,
         "ConnLimit must be greater than 0, but was set to %d",
@@ -5031,7 +5016,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
   char digest[DIGEST_LEN];
   char v3_digest[DIGEST_LEN];
   dirinfo_type_t type = 0;
-  int is_not_hidserv_authority = 0;
   double weight = 1.0;
 
   items = smartlist_new();
@@ -5052,11 +5036,11 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
     if (TOR_ISDIGIT(flag[0]))
       break;
     if (!strcasecmp(flag, "v1")) {
-      type |= (V1_DIRINFO | HIDSERV_DIRINFO);
-    } else if (!strcasecmp(flag, "hs")) {
-      type |= HIDSERV_DIRINFO;
-    } else if (!strcasecmp(flag, "no-hs")) {
-      is_not_hidserv_authority = 1;
+      type |= V1_DIRINFO;
+    } else if (!strcasecmp(flag, "hs") ||
+               !strcasecmp(flag, "no-hs")) {
+      log_warn(LD_CONFIG, "The DirAuthority options 'hs' and 'no-hs' are "
+               "obsolete; you don't need them any more.");
     } else if (!strcasecmp(flag, "bridge")) {
       type |= BRIDGE_DIRINFO;
     } else if (!strcasecmp(flag, "no-v2")) {
@@ -5093,8 +5077,6 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
     tor_free(flag);
     smartlist_del_keeporder(items, 0);
   }
-  if (is_not_hidserv_authority)
-    type &= ~HIDSERV_DIRINFO;
 
   if (smartlist_len(items) < 2) {
     log_warn(LD_CONFIG, "Too few arguments to DirAuthority line.");

src/or/directory.c

@@ -155,8 +155,6 @@ authdir_type_to_string(dirinfo_type_t auth)
     smartlist_add(lst, (void*)"V3");
   if (auth & BRIDGE_DIRINFO)
     smartlist_add(lst, (void*)"Bridge");
-  if (auth & HIDSERV_DIRINFO)
-    smartlist_add(lst, (void*)"Hidden service");
   if (smartlist_len(lst)) {
     result = smartlist_join_strings(lst, ", ", 0, NULL);
   } else {
@@ -3176,32 +3174,6 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
     goto done;
   }
 
-  if (options->HSAuthoritativeDir && !strcmpstart(url,"/tor/rendezvous/")) {
-    /* rendezvous descriptor fetch */
-    const char *descp;
-    size_t desc_len;
-    const char *query = url+strlen("/tor/rendezvous/");
-
-    log_info(LD_REND, "Handling rendezvous descriptor get");
-    switch (rend_cache_lookup_desc(query, 0, &descp, &desc_len)) {
-      case 1: /* valid */
-        write_http_response_header_impl(conn, desc_len,
-                                        "application/octet-stream",
-                                        NULL, NULL, 0);
-        note_request("/tor/rendezvous?/", desc_len);
-        /* need to send descp separately, because it may include NULs */
-        connection_write_to_buf(descp, desc_len, TO_CONN(conn));
-        break;
-      case 0: /* well-formed but not present */
-        write_http_status_line(conn, 404, "Not found");
-        break;
-      case -1: /* not well-formed */
-        write_http_status_line(conn, 400, "Bad request");
-        break;
-    }
-    goto done;
-  }
-
   if (options->BridgeAuthoritativeDir &&
       options->BridgePassword_AuthDigest_ &&
       connection_dir_is_encrypted(conn) &&
@@ -3401,22 +3373,6 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
     goto done;
   }
 
-  if (options->HSAuthoritativeDir &&
-      !strcmpstart(url,"/tor/rendezvous/publish")) {
-    /* rendezvous descriptor post */
-    log_info(LD_REND, "Handling rendezvous descriptor post.");
-    if (rend_cache_store(body, body_len, 1, NULL) < 0) {
-      log_fn(LOG_PROTOCOL_WARN, LD_DIRSERV,
-             "Rejected rend descriptor (length %d) from %s.",
-             (int)body_len, conn->base_.address);
-      write_http_status_line(conn, 400,
-                             "Invalid v0 service descriptor rejected");
-    } else {
-      write_http_status_line(conn, 200, "Service descriptor (v0) stored");
-    }
-    goto done;
-  }
-
   if (authdir_mode_v3(options) &&
       !strcmp(url,"/tor/post/vote")) { /* v3 networkstatus vote */
     const char *msg = "OK";

src/or/or.h

@@ -3542,8 +3542,6 @@ typedef struct {
                            * for version 1 directories? */
   int V3AuthoritativeDir; /**< Boolean: is this an authoritative directory
                            * for version 3 directories? */
-  int HSAuthoritativeDir; /**< Boolean: does this an authoritative directory
-                           * handle hidden service requests? */
   int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory
                                * that's willing to bind names? */
   int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
@@ -3747,9 +3745,6 @@ typedef struct {
   /** If set, use these bridge authorities and not the default one. */
   config_line_t *AlternateBridgeAuthority;
 
-  /** If set, use these HS authorities and not the default ones. */
-  config_line_t *AlternateHSAuthority;
-
   char *MyFamily; /**< Declared family for this OR. */
   config_line_t *NodeFamilies; /**< List of config lines for
                                 * node families */

src/or/router.c

@@ -935,8 +935,7 @@ init_keys(void)
   type = ((options->V1AuthoritativeDir ? V1_DIRINFO : NO_DIRINFO) |
           (options->V3AuthoritativeDir ?
                (V3_DIRINFO|MICRODESC_DIRINFO|EXTRAINFO_DIRINFO) : NO_DIRINFO) |
-          (options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO) |
-          (options->HSAuthoritativeDir ? HIDSERV_DIRINFO : NO_DIRINFO));
+          (options->BridgeAuthoritativeDir ? BRIDGE_DIRINFO : NO_DIRINFO));
 
   ds = router_get_trusteddirserver_by_digest(digest);
   if (!ds) {