config: Remove AllowSingleHopExits option

Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans up the code associated with it. Partially fixes #22060 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-25 13:44:06 -04:00 · 2017-04-25 13:44:06 -04:00 · d52a1e2faa
parent fea72571df
commit d52a1e2faa
7 changed files with 11 additions and 74 deletions
--- a/changes/bug22060
+++ b/changes/bug22060
@ -3,3 +3,5 @@
      rendered obsolete. Code has been removed and feature no longer exists.
    - AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has been
      rendered obsolete. Code has been removed and feature no longer exists.
+    - AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been
+      rendered obsolete. Code has been removed and feature no longer exists.
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@ -1660,13 +1660,6 @@ is non-zero):
    Tor client binds to.  To bind to a different address, use the
    *ListenAddress and OutboundBindAddress options.

-[[AllowSingleHopExits]] **AllowSingleHopExits** **0**|**1**::
-    This option controls whether clients can use this server as a single hop
-    proxy. If set to 1, clients can use this server as an exit even if it is
-    the only hop in the circuit.  Note that most clients will refuse to use
-    servers that set this option, since most clients have
-    ExcludeSingleHopRelays set.  (Default: 0)
-
 [[AssumeReachable]] **AssumeReachable** **0**|**1**::
    This option is used when bootstrapping a new Tor network. If set to 1,
    don't do self-reachability testing; just upload your server descriptor
--- a/src/or/config.c
+++ b/src/or/config.c
@ -208,7 +208,7 @@ static config_var_t option_vars_[] = {
  OBSOLETE("AllowInvalidNodes"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
  OBSOLETE("AllowSingleHopCircuits"),
-  V(AllowSingleHopExits,         BOOL,     "0"),
+  OBSOLETE("AllowSingleHopExits"),
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  OBSOLETE("AlternateHSAuthority"),
@ -662,8 +662,6 @@ static const config_deprecation_t option_deprecation_notes_[] = {
  /* Deprecated since 0.2.9.2-alpha... */
  { "AllowDotExit", "Unrestricted use of the .exit notation can be used for "
    "a wide variety of application-level attacks." },
-  { "AllowSingleHopExits", "Turning this on will make your relay easier "
-    "to abuse." },
  { "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
    "easier to fingerprint, and may open you to esoteric attacks." },
  { "ExcludeSingleHopRelays", "Turning it on makes your client easier to "
@ -4056,13 +4054,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
           "AlternateDirAuthority and AlternateBridgeAuthority configured.");
  }

-  if (options->AllowSingleHopExits && !options->DirAuthorities) {
-    COMPLAIN("You have set AllowSingleHopExits; now your relay will allow "
-             "others to make one-hop exits. However, since by default most "
-             "clients avoid relays that set this option, most clients will "
-             "ignore you.");
-  }
-
 #define CHECK_DEFAULT(arg)                                              \
  STMT_BEGIN                                                            \
    if (!options->TestingTorNetwork &&                                  \
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@ -3133,15 +3133,13 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
    port = bcell.port;

    if (or_circ && or_circ->p_chan) {
-      if (!options->AllowSingleHopExits &&
-           (or_circ->is_first_hop ||
-            (!connection_or_digest_is_known_relay(
+      if ((or_circ->is_first_hop ||
+           (!connection_or_digest_is_known_relay(
                or_circ->p_chan->identity_digest) &&
          should_refuse_unknown_exits(options)))) {
-        /* Don't let clients use us as a single-hop proxy, unless the user
-         * has explicitly allowed that in the config. It attracts attackers
-         * and users who'd be better off with, well, single-hop proxies.
-         */
+        /* Don't let clients use us as a single-hop proxy. It attracts
+         * attackers and users who'd be better off with, well, single-hop
+         * proxies. */
        log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
               "Attempt by %s to open a stream %s. Closing.",
               safe_str(channel_get_canonical_remote_descr(or_circ->p_chan)),
--- a/src/or/or.h
+++ b/src/or/or.h
@ -4114,10 +4114,7 @@ typedef struct {
   * if we are a cache).  For authorities, this is always true. */
  int DownloadExtraInfo;

-  /** If true, and we are acting as a relay, allow exit circuits even when
-   * we are the first hop of a circuit. */
-  int AllowSingleHopExits;
-  /** If true, don't allow relays with AllowSingleHopExits=1 to be used in
+  /** If true, don't allow relays with allow-single-hop-exits to be used in
   * circuits that we build. */
  int ExcludeSingleHopRelays;

--- a/src/or/router.c
+++ b/src/or/router.c
@ -2932,7 +2932,7 @@ router_dump_router_to_string(routerinfo_t *router,
                    "onion-key\n%s"
                    "signing-key\n%s"
                    "%s%s"
-                    "%s%s%s%s",
+                    "%s%s%s",
    router->nickname,
    address,
    router->or_port,
@ -2955,8 +2955,7 @@ router_dump_router_to_string(routerinfo_t *router,
    ntor_cc_line ? ntor_cc_line : "",
    family_line,
    we_are_hibernating() ? "hibernating 1\n" : "",
-    "hidden-service-dir\n",
-    options->AllowSingleHopExits ? "allow-single-hop-exits\n" : "");
+    "hidden-service-dir\n");

  if (options->ContactInfo && strlen(options->ContactInfo)) {
    const char *ci = options->ContactInfo;
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@ -4189,48 +4189,6 @@ test_options_validate__virtual_addr(void *ignored)
  tor_free(msg);
 }

-static void
-test_options_validate__exits(void *ignored)
-{
-  (void)ignored;
-  int ret;
-  char *msg;
-  options_test_data_t *tdata = NULL;
-  setup_capture_of_logs(LOG_WARN);
-
-  free_options_test_data(tdata);
-  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
-                                "AllowSingleHopExits 1"
-                                );
-  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
-  tt_int_op(ret, OP_EQ, 0);
-  expect_log_msg("You have set AllowSingleHopExits; "
-            "now your relay will allow others to make one-hop exits. However,"
-            " since by default most clients avoid relays that set this option,"
-            " most clients will ignore you.\n");
-  tor_free(msg);
-
-  free_options_test_data(tdata);
-  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
-                                "AllowSingleHopExits 1\n"
-                                VALID_DIR_AUTH
-                                );
-  mock_clean_saved_logs();
-  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
-  tt_int_op(ret, OP_EQ, 0);
-  expect_no_log_msg("You have set AllowSingleHopExits; "
-            "now your relay will allow others to make one-hop exits. However,"
-            " since by default most clients avoid relays that set this option,"
-            " most clients will ignore you.\n");
-  tor_free(msg);
-
- done:
-  policies_free_all();
-  teardown_capture_of_logs();
-  free_options_test_data(tdata);
-  tor_free(msg);
-}
-
 static void
 test_options_validate__testing_options(void *ignored)
 {
@ -4502,7 +4460,6 @@ struct testcase_t options_tests[] = {
  LOCAL_VALIDATE_TEST(constrained_sockets),
  LOCAL_VALIDATE_TEST(v3_auth),
  LOCAL_VALIDATE_TEST(virtual_addr),
-  LOCAL_VALIDATE_TEST(exits),
  LOCAL_VALIDATE_TEST(testing_options),
  LOCAL_VALIDATE_TEST(accel),
  END_OF_TESTCASES              /*  */