Remove the AuthDirRejectUnlisted config option

This is in preparation for a big patch series removing the entire Naming system from Tor. In its wake, the approved-routers file is being deprecated, and a replacement option to allow only pre-approved routers is not being implemented.
2025-02-24 14:51:11 +01:00 · 2014-09-04 06:25:38 +02:00 · 2014-09-04 06:25:38 +02:00 · 10fe5bad9a
commit 10fe5bad9a
parent 54348201f7
5 changed files with 5 additions and 15 deletions
--- a/changes/bug12899
+++ b/changes/bug12899
@ -0,0 +1,4 @@
+  o Removed features:
+    - The "AuthDirRejectUnlisted" option no longer has any effect, as
+      the fingerprints file (approved-routers) has been deprecated.
+
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@ -1943,12 +1943,6 @@ on the public Tor network.
    1 unless you plan to list non-functioning exits as bad; otherwise, you are
    effectively voting in favor of every declared exit as an exit.)

-[[AuthDirRejectUnlisted]] **AuthDirRejectUnlisted** **0**|**1**::
-    Authoritative directories only. If set to 1, the directory server rejects
-    all uploaded server descriptors that aren't explicitly listed in the
-    fingerprints file. This acts as a "panic button" if we get hit with a Sybil
-    attack. (Default: 0)
-
 [[AuthDirMaxServersPerAddr]] **AuthDirMaxServersPerAddr** __NUM__::
    Authoritative directories only. The maximum number of servers that we will
    list as acceptable on a single IP address. Set this to "0" for "no limit".
--- a/src/or/config.c
+++ b/src/or/config.c
@ -150,7 +150,7 @@ static config_var_t option_vars_[] = {
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
  V(AuthDirReject,               LINELIST, NULL),
  V(AuthDirRejectCCs,            CSV,      ""),
-  V(AuthDirRejectUnlisted,       BOOL,     "0"),
+  OBSOLETE("AuthDirRejectUnlisted"),
  V(AuthDirListBadDirs,          BOOL,     "0"),
  V(AuthDirListBadExits,         BOOL,     "0"),
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@ -362,7 +362,6 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
                        const char *platform, const char *contact,
                        const char **msg, int should_log)
 {
-  int reject_unlisted = get_options()->AuthDirRejectUnlisted;
  uint32_t result;
  router_status_t *status_by_digest;

@ -458,11 +457,6 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
                 nickname, fmt_addr32(addr));
      result |= FP_INVALID;
    }
-    if (reject_unlisted) {
-      if (msg)
-        *msg = "Authdir rejects unknown routers.";
-      return FP_REJECT;
-    }
  }

  return result;
--- a/src/or/or.h
+++ b/src/or/or.h
@ -3768,8 +3768,6 @@ typedef struct {
                           * and vote for all other dir mirrors as good. */
  int AuthDirListBadExits; /**< True iff we should list bad exits,
                            * and vote for all other exits as good. */
-  int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that
-                              * aren't named in our fingerprint file? */
  int AuthDirMaxServersPerAddr; /**< Do not permit more than this
                                 * number of servers per IP address. */
  int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this