From ef5925237d4712c40fb6d69b8de882ab39e6798f Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 21 Sep 2010 01:03:29 -0400
Subject: First cut of code to enable RefuseUnknownExits

The RefuseUnknownExits config option is now a tristate, with "1"
meaning "enable it no matter what the consensus says", "0" meaning
"disable it no matter what the consensus says", and "auto" meaning "do
what the consensus says".  If the consensus is silent, we enable
RefuseUnknownExits.

This patch also changes the dirserv logic so that refuseunknownexits
won't make us cache unless we're an exit.
---
 src/or/config.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'src/or/config.c')

diff --git a/src/or/config.c b/src/or/config.c
index 6b3bcf6da8..30a4d0f297 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -327,7 +327,7 @@ static config_var_t _option_vars[] = {
   V(RecommendedClientVersions,   LINELIST, NULL),
   V(RecommendedServerVersions,   LINELIST, NULL),
   OBSOLETE("RedirectExit"),
-  V(RefuseUnknownExits,          BOOL,     "0"),
+  V(RefuseUnknownExits,          STRING,   "auto"),
   V(RejectPlaintextPorts,        CSV,      ""),
   V(RelayBandwidthBurst,         MEMUNIT,  "0"),
   V(RelayBandwidthRate,          MEMUNIT,  "0"),
@@ -1228,6 +1228,19 @@ options_act(or_options_t *old_options)
   if (accounting_is_enabled(options))
     configure_accounting(time(NULL));
 
+  /* parse RefuseUnknownExits tristate */
+  if (!strcmp(options->RefuseUnknownExits, "0"))
+    options->RefuseUnknownExits_ = 0;
+  else if (!strcmp(options->RefuseUnknownExits, "1"))
+    options->RefuseUnknownExits_ = 1;
+  else if (!strcmp(options->RefuseUnknownExits, "auto"))
+    options->RefuseUnknownExits_ = -1;
+  else {
+    /* Should have caught this in options_validate */
+    return -1;
+  }
+
+
   /* Change the cell EWMA settings */
   cell_ewma_set_scale_factor(options, networkstatus_get_latest_consensus());
 
@@ -2994,6 +3007,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
       REJECT("Failed to resolve/guess local address. See logs for details.");
   }
 
+  if (strcmp(options->RefuseUnknownExits, "0") &&
+      strcmp(options->RefuseUnknownExits, "1") &&
+      strcmp(options->RefuseUnknownExits, "auto")) {
+    REJECT("RefuseUnknownExits must be 0, 1, or auto");
+  }
+
 #ifndef MS_WINDOWS
   if (options->RunAsDaemon && torrc_fname && path_is_relative(torrc_fname))
     REJECT("Can't use a relative path to torrc when RunAsDaemon is set.");
-- 
cgit v1.2.3-54-g00ecf


From 6c5b9ba6258c8e79be9f96a3ec377600d0066356 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 27 Sep 2010 17:07:22 -0400
Subject: Change bug1751 enabling code based on comments from arma

---
 src/or/config.c          | 1 -
 src/or/connection_edge.c | 9 +++++----
 src/or/dirserv.c         | 2 +-
 src/or/or.h              | 5 +++--
 src/or/router.c          | 5 +----
 5 files changed, 10 insertions(+), 12 deletions(-)

(limited to 'src/or/config.c')

diff --git a/src/or/config.c b/src/or/config.c
index 30a4d0f297..b509fb8621 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1240,7 +1240,6 @@ options_act(or_options_t *old_options)
     return -1;
   }
 
-
   /* Change the cell EWMA settings */
   cell_ewma_set_scale_factor(options, networkstatus_get_latest_consensus());
 
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 63595151d2..361f910172 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2488,6 +2488,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
   char *address=NULL;
   uint16_t port;
   or_circuit_t *or_circ = NULL;
+  or_options_t *options = get_options();
 
   assert_circuit_ok(circ);
   if (!CIRCUIT_IS_ORIGIN(circ))
@@ -2500,7 +2501,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
    * that we have a stream connected to a circuit, and we don't connect to a
    * circuit until we have a pending/successful resolve. */
 
-  if (!server_mode(get_options()) &&
+  if (!server_mode(options) &&
       circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
            "Relay begin cell at non-server. Closing.");
@@ -2533,11 +2534,11 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
       tor_free(address);
       return 0;
     }
-    if (or_circ && or_circ->p_conn && !get_options()->AllowSingleHopExits &&
+    if (or_circ && or_circ->p_conn && !options->AllowSingleHopExits &&
         (or_circ->is_first_hop ||
          (!connection_or_digest_is_known_relay(
                                        or_circ->p_conn->identity_digest) &&
-          should_refuse_unknown_exits(get_options())))) {
+          should_refuse_unknown_exits(options)))) {
       /* Don't let clients use us as a single-hop proxy, unless the user
        * has explicitly allowed that in the config. It attracts attackers
        * and users who'd be better off with, well, single-hop proxies.
@@ -2557,7 +2558,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
       return 0;
     }
   } else if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
-    if (!directory_permits_begindir_requests(get_options()) ||
+    if (!directory_permits_begindir_requests(options) ||
         circ->purpose != CIRCUIT_PURPOSE_OR) {
       relay_send_end_cell_from_edge(rh.stream_id, circ,
                                     END_STREAM_REASON_NOTDIRECTORY, NULL);
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 6dca0d100f..8ae03424a2 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1212,7 +1212,7 @@ directory_caches_dir_info(or_options_t *options)
   if (!server_mode(options) || !advertised_server_mode())
     return 0;
   /* We need an up-to-date view of network info if we're going to try to
-   * block unknown exits. */
+   * block exit attempts from unknown relays. */
   return router_my_exit_policy_is_reject_star() &&
     should_refuse_unknown_exits(options);
 }
diff --git a/src/or/or.h b/src/or/or.h
index 6c1c8efb8d..2e532c9ef3 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2470,8 +2470,9 @@ typedef struct {
 
   /** Whether we should drop exit streams from Tors that we don't know are
    * relays.  One of "0" (never refuse), "1" (always refuse), or "auto" (do
-   * what the consensus says). -RD */
-  const char *RefuseUnknownExits;
+   * what the consensus says, defaulting to 'refuse' if the consensus says
+   * nothing). */
+  char *RefuseUnknownExits;
   /** Parsed version of RefuseUnknownExits. -1 for auto. */
   int RefuseUnknownExits_;
 
diff --git a/src/or/router.c b/src/or/router.c
index 6ae2ed0db0..d30eb1bfa9 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -982,13 +982,10 @@ server_mode(or_options_t *options)
 int
 should_refuse_unknown_exits(or_options_t *options)
 {
-  networkstatus_t *consensus;
   if (options->RefuseUnknownExits_ != -1) {
     return options->RefuseUnknownExits_;
-  } else if ((consensus = networkstatus_get_latest_consensus()) != NULL) {
-    return networkstatus_get_param(consensus, "refuseunknownexits", 1);
   } else {
-    return 1;
+    return networkstatus_get_param(NULL, "refuseunknownexits", 1);
   }
 }
 
-- 
cgit v1.2.3-54-g00ecf