mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 02:09:24 +01:00
Replace OnionService* with HiddenService* in option names
And make consequential line-length adjustments.
This commit is contained in:
teor
Nick Mathewson
parent
365ca3ca0f
commit
f311c9ffa2
@ -1,6 +1,6 @@
|
||||
o Major features (onion services):
|
||||
- Add experimental OnionServiceSingleHopMode and
|
||||
OnionServiceNonAnonymousMode options. When both are set to 1, every
|
||||
- Add experimental HiddenServiceSingleHopMode and
|
||||
HiddenServiceNonAnonymousMode options. When both are set to 1, every
|
||||
hidden service on a tor instance becomes a non-anonymous Single Onion
|
||||
Service. Single Onions make one-hop (direct) connections to their
|
||||
introduction and renzedvous points. One-hop circuits make Single Onion
|
||||
|
||||
@ -2379,9 +2379,9 @@ The following options are used to configure a hidden service.
|
||||
Number of introduction points the hidden service will have. You can't
|
||||
have more than 10. (Default: 3)
|
||||
|
||||
[[OnionServiceSingleHopMode]] **OnionServiceSingleHopMode** **0**|**1**::
|
||||
[[HiddenServiceSingleHopMode]] **HiddenServiceSingleHopMode** **0**|**1**::
|
||||
**Experimental - Non Anonymous** Hidden Services on a tor instance in
|
||||
OnionServiceSingleHopMode make one-hop (direct) circuits between the onion
|
||||
HiddenServiceSingleHopMode make one-hop (direct) circuits between the onion
|
||||
service server, and the introduction and rendezvous points. (Onion service
|
||||
descriptors are still posted using 3-hop paths, to avoid onion service
|
||||
directories blocking the service.)
|
||||
@ -2392,21 +2392,21 @@ The following options are used to configure a hidden service.
|
||||
statistically distinguishable.
|
||||
|
||||
**WARNING:** Once a hidden service directory has been used by a tor
|
||||
instance in OnionServiceSingleHopMode, it can **NEVER** be used again for
|
||||
instance in HiddenServiceSingleHopMode, it can **NEVER** be used again for
|
||||
a hidden service. It is best practice to create a new hidden service
|
||||
directory, key, and address for each new Single Onion Service and Hidden
|
||||
Service. It is not possible to run Single Onion Services and Hidden
|
||||
Services from the same tor instance: they should be run on different
|
||||
servers with different IP addresses.
|
||||
|
||||
OnionServiceSingleHopMode requires OnionServiceNonAnonymousMode to be set
|
||||
HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be set
|
||||
to 1. Since a Single Onion is non-anonymous, you can not to run an
|
||||
anonymous SOCKSPort on the same tor instance as a Single Onion service.
|
||||
(Default: 0)
|
||||
|
||||
[[OnionServiceNonAnonymousMode]] **OnionServiceNonAnonymousMode** **0**|**1**::
|
||||
[[HiddenServiceNonAnonymousMode]] **HiddenServiceNonAnonymousMode** **0**|**1**::
|
||||
Makes hidden services non-anonymous on this tor instance. Allows the
|
||||
non-anonymous OnionServiceSingleHopMode. Enables direct connections in the
|
||||
non-anonymous HiddenServiceSingleHopMode. Enables direct connections in the
|
||||
server-side hidden service protocol.
|
||||
(Default: 0)
|
||||
|
||||
|
||||
@ -298,8 +298,8 @@ static config_var_t option_vars_[] = {
|
||||
V(HidServAuth, LINELIST, NULL),
|
||||
V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
|
||||
V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
|
||||
V(OnionServiceSingleHopMode, BOOL, "0"),
|
||||
V(OnionServiceNonAnonymousMode,BOOL, "0"),
|
||||
V(HiddenServiceSingleHopMode, BOOL, "0"),
|
||||
V(HiddenServiceNonAnonymousMode,BOOL, "0"),
|
||||
V(HTTPProxy, STRING, NULL),
|
||||
V(HTTPProxyAuthenticator, STRING, NULL),
|
||||
V(HTTPSProxy, STRING, NULL),
|
||||
@ -2826,15 +2826,15 @@ STATIC int
|
||||
options_validate_single_onion(or_options_t *options, char **msg)
|
||||
{
|
||||
/* The two single onion service options must have matching values. */
|
||||
if (options->OnionServiceSingleHopMode &&
|
||||
!options->OnionServiceNonAnonymousMode) {
|
||||
REJECT("OnionServiceSingleHopMode does not provide any server anonymity. "
|
||||
"It must be used with OnionServiceNonAnonymousMode set to 1.");
|
||||
if (options->HiddenServiceSingleHopMode &&
|
||||
!options->HiddenServiceNonAnonymousMode) {
|
||||
REJECT("HiddenServiceSingleHopMode does not provide any server anonymity. "
|
||||
"It must be used with HiddenServiceNonAnonymousMode set to 1.");
|
||||
}
|
||||
if (options->OnionServiceNonAnonymousMode &&
|
||||
!options->OnionServiceSingleHopMode) {
|
||||
REJECT("OnionServiceNonAnonymousMode does not provide any server "
|
||||
"anonymity. It must be used with OnionServiceSingleHopMode set to "
|
||||
if (options->HiddenServiceNonAnonymousMode &&
|
||||
!options->HiddenServiceSingleHopMode) {
|
||||
REJECT("HiddenServiceNonAnonymousMode does not provide any server "
|
||||
"anonymity. It must be used with HiddenServiceSingleHopMode set to "
|
||||
"1.");
|
||||
}
|
||||
|
||||
@ -2849,9 +2849,9 @@ options_validate_single_onion(or_options_t *options, char **msg)
|
||||
options->DNSPort_set);
|
||||
if (rend_service_non_anonymous_mode_enabled(options) && client_port_set &&
|
||||
!options->Tor2webMode) {
|
||||
REJECT("OnionServiceNonAnonymousMode is incompatible with using Tor as an "
|
||||
"anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
|
||||
"OnionServiceNonAnonymousMode to 0, or use the non-anonymous "
|
||||
REJECT("HiddenServiceNonAnonymousMode is incompatible with using Tor as "
|
||||
"an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
|
||||
"HiddenServiceNonAnonymousMode to 0, or use the non-anonymous "
|
||||
"Tor2webMode.");
|
||||
}
|
||||
|
||||
@ -2862,7 +2862,7 @@ options_validate_single_onion(or_options_t *options, char **msg)
|
||||
REJECT("Non-anonymous (Tor2web) mode is incompatible with using Tor as a "
|
||||
"hidden service. Please remove all HiddenServiceDir lines, or use "
|
||||
"a version of tor compiled without --enable-tor2web-mode, or use "
|
||||
" OnionServiceNonAnonymousMode.");
|
||||
" HiddenServiceNonAnonymousMode.");
|
||||
}
|
||||
|
||||
if (rend_service_allow_non_anonymous_connection(options)
|
||||
@ -2875,7 +2875,7 @@ options_validate_single_onion(or_options_t *options, char **msg)
|
||||
* make path bias compatible with single onions.
|
||||
*/
|
||||
log_notice(LD_CONFIG,
|
||||
"OnionServiceSingleHopMode is enabled; disabling "
|
||||
"HiddenServiceSingleHopMode is enabled; disabling "
|
||||
"UseEntryGuards.");
|
||||
options->UseEntryGuards = 0;
|
||||
}
|
||||
@ -2885,9 +2885,9 @@ options_validate_single_onion(or_options_t *options, char **msg)
|
||||
* have. We'll poison new keys in options_act() just before we create them.
|
||||
*/
|
||||
if (rend_service_list_verify_single_onion_poison(NULL, options) < 0) {
|
||||
log_warn(LD_GENERAL, "We are configured with OnionServiceNonAnonymousMode "
|
||||
"%d, but one or more hidden service keys were created in %s "
|
||||
"mode. This is not allowed.",
|
||||
log_warn(LD_GENERAL, "We are configured with "
|
||||
"HiddenServiceNonAnonymousMode %d, but one or more hidden "
|
||||
"service keys were created in %s mode. This is not allowed.",
|
||||
rend_service_non_anonymous_mode_enabled(options) ? 1 : 0,
|
||||
rend_service_non_anonymous_mode_enabled(options) ?
|
||||
"an anonymous" : "a non-anonymous"
|
||||
@ -3451,9 +3451,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
/* Single Onion Services: non-anonymous hidden services */
|
||||
if (rend_service_non_anonymous_mode_enabled(options)) {
|
||||
log_warn(LD_CONFIG,
|
||||
"OnionServiceNonAnonymousNode is set. Every hidden service on "
|
||||
"HiddenServiceNonAnonymousMode is set. Every hidden service on "
|
||||
"this tor instance is NON-ANONYMOUS. If "
|
||||
"the OnionServiceNonAnonymousMode option is changed, Tor will "
|
||||
"the HiddenServiceNonAnonymousMode option is changed, Tor will "
|
||||
"refuse to launch hidden services from the same directories, to "
|
||||
"protect your anonymity against config errors. This setting is "
|
||||
"for experimental use only.");
|
||||
@ -4408,16 +4408,16 @@ options_transition_allowed(const or_options_t *old,
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (old->OnionServiceSingleHopMode != new_val->OnionServiceSingleHopMode) {
|
||||
if (old->HiddenServiceSingleHopMode != new_val->HiddenServiceSingleHopMode) {
|
||||
*msg = tor_strdup("While Tor is running, changing "
|
||||
"OnionServiceSingleHopMode is not allowed.");
|
||||
"HiddenServiceSingleHopMode is not allowed.");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (old->OnionServiceNonAnonymousMode !=
|
||||
new_val->OnionServiceNonAnonymousMode) {
|
||||
if (old->HiddenServiceNonAnonymousMode !=
|
||||
new_val->HiddenServiceNonAnonymousMode) {
|
||||
*msg = tor_strdup("While Tor is running, changing "
|
||||
"OnionServiceNonAnonymousMode is not allowed.");
|
||||
"HiddenServiceNonAnonymousMode is not allowed.");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
12
src/or/or.h
12
src/or/or.h
@ -3701,25 +3701,25 @@ typedef struct {
|
||||
* they reach the normal circuit-build timeout. */
|
||||
int CloseHSServiceRendCircuitsImmediatelyOnTimeout;
|
||||
|
||||
/** Onion Services in OnionServiceSingleHopMode make one-hop (direct)
|
||||
/** Onion Services in HiddenServiceSingleHopMode make one-hop (direct)
|
||||
* circuits between the onion service server, and the introduction and
|
||||
* rendezvous points. (Onion service descriptors are still posted using
|
||||
* 3-hop paths, to avoid onion service directories blocking the service.)
|
||||
* This option makes every hidden service instance hosted by
|
||||
* this tor instance a Single Onion Service.
|
||||
* OnionServiceSingleHopMode requires OnionServiceNonAnonymousMode to be set
|
||||
* to 1.
|
||||
* HiddenServiceSingleHopMode requires HiddenServiceNonAnonymousMode to be
|
||||
* set to 1.
|
||||
* Use rend_service_allow_non_anonymous_connection() or
|
||||
* rend_service_reveal_startup_time() instead of using this option directly.
|
||||
*/
|
||||
int OnionServiceSingleHopMode;
|
||||
int HiddenServiceSingleHopMode;
|
||||
/* Makes hidden service clients and servers non-anonymous on this tor
|
||||
* instance. Allows the non-anonymous OnionServiceSingleHopMode. Enables
|
||||
* instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables
|
||||
* non-anonymous behaviour in the hidden service protocol.
|
||||
* Use rend_service_non_anonymous_mode_enabled() instead of using this option
|
||||
* directly.
|
||||
*/
|
||||
int OnionServiceNonAnonymousMode;
|
||||
int HiddenServiceNonAnonymousMode;
|
||||
|
||||
int ConnLimit; /**< Demanded minimum number of simultaneous connections. */
|
||||
int ConnLimit_; /**< Maximum allowed number of simultaneous connections. */
|
||||
|
||||
@ -4179,26 +4179,26 @@ rend_service_set_connection_addr_port(edge_connection_t *conn,
|
||||
return -2;
|
||||
}
|
||||
|
||||
/* Are OnionServiceSingleHopMode and OnionServiceNonAnonymousMode consistent?
|
||||
/* Are HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode consistent?
|
||||
*/
|
||||
static int
|
||||
rend_service_non_anonymous_mode_consistent(const or_options_t *options)
|
||||
{
|
||||
/* !! is used to make these options boolean */
|
||||
return (!! options->OnionServiceSingleHopMode ==
|
||||
!! options->OnionServiceNonAnonymousMode);
|
||||
return (!! options->HiddenServiceSingleHopMode ==
|
||||
!! options->HiddenServiceNonAnonymousMode);
|
||||
}
|
||||
|
||||
/* Do the options allow onion services to make direct (non-anonymous)
|
||||
* connections to introduction or rendezvous points?
|
||||
* Must only be called after options_validate_single_onion() has successfully
|
||||
* checked onion service option consistency.
|
||||
* Returns true if tor is in OnionServiceSingleHopMode. */
|
||||
* Returns true if tor is in HiddenServiceSingleHopMode. */
|
||||
int
|
||||
rend_service_allow_non_anonymous_connection(const or_options_t *options)
|
||||
{
|
||||
tor_assert(rend_service_non_anonymous_mode_consistent(options));
|
||||
return options->OnionServiceSingleHopMode ? 1 : 0;
|
||||
return options->HiddenServiceSingleHopMode ? 1 : 0;
|
||||
}
|
||||
|
||||
/* Do the options allow us to reveal the exact startup time of the onion
|
||||
@ -4215,7 +4215,7 @@ rend_service_reveal_startup_time(const or_options_t *options)
|
||||
return rend_service_non_anonymous_mode_enabled(options);
|
||||
}
|
||||
|
||||
/* Is non-anonymous mode enabled using the OnionServiceNonAnonymousMode
|
||||
/* Is non-anonymous mode enabled using the HiddenServiceNonAnonymousMode
|
||||
* config option?
|
||||
* Must only be called after options_validate_single_onion() has successfully
|
||||
* checked onion service option consistency.
|
||||
@ -4224,5 +4224,5 @@ int
|
||||
rend_service_non_anonymous_mode_enabled(const or_options_t *options)
|
||||
{
|
||||
tor_assert(rend_service_non_anonymous_mode_consistent(options));
|
||||
return options->OnionServiceNonAnonymousMode ? 1 : 0;
|
||||
return options->HiddenServiceNonAnonymousMode ? 1 : 0;
|
||||
}
|
||||
|
||||
@ -538,14 +538,14 @@ test_single_onion_poisoning(void *arg)
|
||||
(void) arg;
|
||||
|
||||
/* No services, no problem! */
|
||||
mock_options->OnionServiceSingleHopMode = 0;
|
||||
mock_options->OnionServiceNonAnonymousMode = 0;
|
||||
mock_options->HiddenServiceSingleHopMode = 0;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 0;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret == 0);
|
||||
|
||||
/* Either way, no problem. */
|
||||
mock_options->OnionServiceSingleHopMode = 1;
|
||||
mock_options->OnionServiceNonAnonymousMode = 1;
|
||||
mock_options->HiddenServiceSingleHopMode = 1;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 1;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret == 0);
|
||||
|
||||
@ -572,21 +572,21 @@ test_single_onion_poisoning(void *arg)
|
||||
/* But don't add the second service yet. */
|
||||
|
||||
/* Service directories, but no previous keys, no problem! */
|
||||
mock_options->OnionServiceSingleHopMode = 0;
|
||||
mock_options->OnionServiceNonAnonymousMode = 0;
|
||||
mock_options->HiddenServiceSingleHopMode = 0;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 0;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret == 0);
|
||||
|
||||
/* Either way, no problem. */
|
||||
mock_options->OnionServiceSingleHopMode = 1;
|
||||
mock_options->OnionServiceNonAnonymousMode = 1;
|
||||
mock_options->HiddenServiceSingleHopMode = 1;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 1;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret == 0);
|
||||
|
||||
/* Poison! Poison! Poison!
|
||||
* This can only be done in OnionServiceSingleHopMode. */
|
||||
mock_options->OnionServiceSingleHopMode = 1;
|
||||
mock_options->OnionServiceNonAnonymousMode = 1;
|
||||
* This can only be done in HiddenServiceSingleHopMode. */
|
||||
mock_options->HiddenServiceSingleHopMode = 1;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 1;
|
||||
ret = rend_service_poison_new_single_onion_dirs(services);
|
||||
tt_assert(ret == 0);
|
||||
/* Poisoning twice is a no-op. */
|
||||
@ -594,14 +594,14 @@ test_single_onion_poisoning(void *arg)
|
||||
tt_assert(ret == 0);
|
||||
|
||||
/* Poisoned service directories, but no previous keys, no problem! */
|
||||
mock_options->OnionServiceSingleHopMode = 0;
|
||||
mock_options->OnionServiceNonAnonymousMode = 0;
|
||||
mock_options->HiddenServiceSingleHopMode = 0;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 0;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret == 0);
|
||||
|
||||
/* Either way, no problem. */
|
||||
mock_options->OnionServiceSingleHopMode = 1;
|
||||
mock_options->OnionServiceNonAnonymousMode = 1;
|
||||
mock_options->HiddenServiceSingleHopMode = 1;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 1;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret == 0);
|
||||
|
||||
@ -610,21 +610,21 @@ test_single_onion_poisoning(void *arg)
|
||||
tt_assert(ret == 0);
|
||||
|
||||
/* Poisoned service directories with previous keys are not allowed. */
|
||||
mock_options->OnionServiceSingleHopMode = 0;
|
||||
mock_options->OnionServiceNonAnonymousMode = 0;
|
||||
mock_options->HiddenServiceSingleHopMode = 0;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 0;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret < 0);
|
||||
|
||||
/* But they are allowed if we're in non-anonymous mode. */
|
||||
mock_options->OnionServiceSingleHopMode = 1;
|
||||
mock_options->OnionServiceNonAnonymousMode = 1;
|
||||
mock_options->HiddenServiceSingleHopMode = 1;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 1;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret == 0);
|
||||
|
||||
/* Re-poisoning directories with existing keys is a no-op, because
|
||||
* directories with existing keys are ignored. */
|
||||
mock_options->OnionServiceSingleHopMode = 1;
|
||||
mock_options->OnionServiceNonAnonymousMode = 1;
|
||||
mock_options->HiddenServiceSingleHopMode = 1;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 1;
|
||||
ret = rend_service_poison_new_single_onion_dirs(services);
|
||||
tt_assert(ret == 0);
|
||||
/* And it keeps the poison. */
|
||||
@ -635,14 +635,14 @@ test_single_onion_poisoning(void *arg)
|
||||
smartlist_add(services, service_2);
|
||||
|
||||
/* A new service, and an existing poisoned service. Not ok. */
|
||||
mock_options->OnionServiceSingleHopMode = 0;
|
||||
mock_options->OnionServiceNonAnonymousMode = 0;
|
||||
mock_options->HiddenServiceSingleHopMode = 0;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 0;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret < 0);
|
||||
|
||||
/* But ok to add in non-anonymous mode. */
|
||||
mock_options->OnionServiceSingleHopMode = 1;
|
||||
mock_options->OnionServiceNonAnonymousMode = 1;
|
||||
mock_options->HiddenServiceSingleHopMode = 1;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 1;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret == 0);
|
||||
|
||||
@ -655,22 +655,22 @@ test_single_onion_poisoning(void *arg)
|
||||
|
||||
/* Unpoisoned service directories with previous keys are ok, as are empty
|
||||
* directories. */
|
||||
mock_options->OnionServiceSingleHopMode = 0;
|
||||
mock_options->OnionServiceNonAnonymousMode = 0;
|
||||
mock_options->HiddenServiceSingleHopMode = 0;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 0;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret == 0);
|
||||
|
||||
/* But the existing unpoisoned key is not ok in non-anonymous mode, even if
|
||||
* there is an empty service. */
|
||||
mock_options->OnionServiceSingleHopMode = 1;
|
||||
mock_options->OnionServiceNonAnonymousMode = 1;
|
||||
mock_options->HiddenServiceSingleHopMode = 1;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 1;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret < 0);
|
||||
|
||||
/* Poisoning directories with existing keys is a no-op, because directories
|
||||
* with existing keys are ignored. But the new directory should poison. */
|
||||
mock_options->OnionServiceSingleHopMode = 1;
|
||||
mock_options->OnionServiceNonAnonymousMode = 1;
|
||||
mock_options->HiddenServiceSingleHopMode = 1;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 1;
|
||||
ret = rend_service_poison_new_single_onion_dirs(services);
|
||||
tt_assert(ret == 0);
|
||||
/* And the old directory remains unpoisoned. */
|
||||
@ -678,14 +678,14 @@ test_single_onion_poisoning(void *arg)
|
||||
tt_assert(ret < 0);
|
||||
|
||||
/* And the new directory should be ignored, because it has no key. */
|
||||
mock_options->OnionServiceSingleHopMode = 0;
|
||||
mock_options->OnionServiceNonAnonymousMode = 0;
|
||||
mock_options->HiddenServiceSingleHopMode = 0;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 0;
|
||||
ret = rend_service_list_verify_single_onion_poison(services, mock_options);
|
||||
tt_assert(ret == 0);
|
||||
|
||||
/* Re-poisoning directories without existing keys is a no-op. */
|
||||
mock_options->OnionServiceSingleHopMode = 1;
|
||||
mock_options->OnionServiceNonAnonymousMode = 1;
|
||||
mock_options->HiddenServiceSingleHopMode = 1;
|
||||
mock_options->HiddenServiceNonAnonymousMode = 1;
|
||||
ret = rend_service_poison_new_single_onion_dirs(services);
|
||||
tt_assert(ret == 0);
|
||||
/* And the old directory remains unpoisoned. */
|
||||
|
||||
@ -2766,37 +2766,37 @@ test_options_validate__single_onion(void *ignored)
|
||||
options_test_data_t *tdata = NULL;
|
||||
int previous_log = setup_capture_of_logs(LOG_WARN);
|
||||
|
||||
/* Test that OnionServiceSingleHopMode must come with
|
||||
* OnionServiceNonAnonymousMode */
|
||||
/* Test that HiddenServiceSingleHopMode must come with
|
||||
* HiddenServiceNonAnonymousMode */
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"SOCKSPort 0\n"
|
||||
"OnionServiceSingleHopMode 1\n"
|
||||
"HiddenServiceSingleHopMode 1\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, -1);
|
||||
tt_str_op(msg, OP_EQ, "OnionServiceSingleHopMode does not provide any "
|
||||
tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any "
|
||||
"server anonymity. It must be used with "
|
||||
"OnionServiceNonAnonymousMode set to 1.");
|
||||
"HiddenServiceNonAnonymousMode set to 1.");
|
||||
tor_free(msg);
|
||||
free_options_test_data(tdata);
|
||||
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"SOCKSPort 0\n"
|
||||
"OnionServiceSingleHopMode 1\n"
|
||||
"OnionServiceNonAnonymousMode 0\n"
|
||||
"HiddenServiceSingleHopMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 0\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, -1);
|
||||
tt_str_op(msg, OP_EQ, "OnionServiceSingleHopMode does not provide any "
|
||||
tt_str_op(msg, OP_EQ, "HiddenServiceSingleHopMode does not provide any "
|
||||
"server anonymity. It must be used with "
|
||||
"OnionServiceNonAnonymousMode set to 1.");
|
||||
"HiddenServiceNonAnonymousMode set to 1.");
|
||||
tor_free(msg);
|
||||
free_options_test_data(tdata);
|
||||
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"SOCKSPort 0\n"
|
||||
"OnionServiceSingleHopMode 1\n"
|
||||
"OnionServiceNonAnonymousMode 1\n"
|
||||
"HiddenServiceSingleHopMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
@ -2804,26 +2804,26 @@ test_options_validate__single_onion(void *ignored)
|
||||
free_options_test_data(tdata);
|
||||
|
||||
/* Test that SOCKSPort must come with Tor2webMode if
|
||||
* OnionServiceSingleHopMode is 1 */
|
||||
* HiddenServiceSingleHopMode is 1 */
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"SOCKSPort 5000\n"
|
||||
"OnionServiceSingleHopMode 1\n"
|
||||
"OnionServiceNonAnonymousMode 1\n"
|
||||
"HiddenServiceSingleHopMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
"Tor2webMode 0\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, -1);
|
||||
tt_str_op(msg, OP_EQ, "OnionServiceNonAnonymousMode is incompatible with "
|
||||
tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode is incompatible with "
|
||||
"using Tor as an anonymous client. Please set "
|
||||
"Socks/Trans/NATD/DNSPort to 0, or OnionServiceNonAnonymousMode "
|
||||
"Socks/Trans/NATD/DNSPort to 0, or HiddenServiceNonAnonymousMode "
|
||||
"to 0, or use the non-anonymous Tor2webMode.");
|
||||
tor_free(msg);
|
||||
free_options_test_data(tdata);
|
||||
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"SOCKSPort 0\n"
|
||||
"OnionServiceSingleHopMode 1\n"
|
||||
"OnionServiceNonAnonymousMode 1\n"
|
||||
"HiddenServiceSingleHopMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
"Tor2webMode 0\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
@ -2833,7 +2833,7 @@ test_options_validate__single_onion(void *ignored)
|
||||
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"SOCKSPort 5000\n"
|
||||
"OnionServiceSingleHopMode 0\n"
|
||||
"HiddenServiceSingleHopMode 0\n"
|
||||
"Tor2webMode 0\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
@ -2843,8 +2843,8 @@ test_options_validate__single_onion(void *ignored)
|
||||
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"SOCKSPort 5000\n"
|
||||
"OnionServiceSingleHopMode 1\n"
|
||||
"OnionServiceNonAnonymousMode 1\n"
|
||||
"HiddenServiceSingleHopMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
"Tor2webMode 1\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
@ -2853,29 +2853,29 @@ test_options_validate__single_onion(void *ignored)
|
||||
free_options_test_data(tdata);
|
||||
|
||||
/* Test that a hidden service can't be run with Tor2web
|
||||
* Use OnionServiceNonAnonymousMode instead of Tor2webMode, because
|
||||
* Use HiddenServiceNonAnonymousMode instead of Tor2webMode, because
|
||||
* Tor2webMode requires a compilation #define */
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"OnionServiceNonAnonymousMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
"HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
|
||||
"HiddenServicePort 80 127.0.0.1:8080\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, -1);
|
||||
tt_str_op(msg, OP_EQ, "OnionServiceNonAnonymousMode does not provide any "
|
||||
"server anonymity. It must be used with OnionServiceSingleHopMode "
|
||||
"set to 1.");
|
||||
tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any "
|
||||
"server anonymity. It must be used with "
|
||||
"HiddenServiceSingleHopMode set to 1.");
|
||||
tor_free(msg);
|
||||
free_options_test_data(tdata);
|
||||
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"OnionServiceNonAnonymousMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, -1);
|
||||
tt_str_op(msg, OP_EQ, "OnionServiceNonAnonymousMode does not provide any "
|
||||
"server anonymity. It must be used with OnionServiceSingleHopMode "
|
||||
"set to 1.");
|
||||
tt_str_op(msg, OP_EQ, "HiddenServiceNonAnonymousMode does not provide any "
|
||||
"server anonymity. It must be used with "
|
||||
"HiddenServiceSingleHopMode set to 1.");
|
||||
free_options_test_data(tdata);
|
||||
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
@ -2888,10 +2888,10 @@ test_options_validate__single_onion(void *ignored)
|
||||
free_options_test_data(tdata);
|
||||
|
||||
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
|
||||
"OnionServiceNonAnonymousMode 1\n"
|
||||
"HiddenServiceNonAnonymousMode 1\n"
|
||||
"HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
|
||||
"HiddenServicePort 80 127.0.0.1:8080\n"
|
||||
"OnionServiceSingleHopMode 1\n"
|
||||
"HiddenServiceSingleHopMode 1\n"
|
||||
"SOCKSPort 0\n"
|
||||
);
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user