Remove SocksSocket; it's now spelled differently thanks to 14451

Also, revise bug12585 changes file to mention new syntax

changes/bug12585

   o Major features (security)
-    - Implementation of SocksSocket option - SocksSocket implements a SOCKS
+    - Implementation of an AF_UNIX socket  option to implement a SOCKS
       proxy reachable by Unix Domain Socket. This allows client applications to
       communicate with Tor without having the ability to create AF_INET or
       AF_INET6 family sockets. If an application has permission to create a socket
       with AF_UNIX, it may directly communicate with Tor as if it were an other
       SOCKS proxy. This should allow high risk applications to be entirely prevented
       from connecting directly with TCP/IP, they will be able to only connect to the
-      internet through AF_UNIX and only through Tor.  Closes ticket 12585.
+      internet through AF_UNIX and only through Tor.
+      To create a socket of this type, use the syntax "unix:/path/to/socket".
+      Closes ticket 12585.
+

doc/tor.1.txt

@@ -483,10 +483,6 @@ GENERAL OPTIONS
     in accordance to RFC 1929. Both username and password must be between 1 and
     255 characters.
 
-[[SocksSocket]] **SocksSocket** __Path__ [_flags_] [_isolation flags_]::
-    Like SocksPort, but listens on a Unix domain socket, rather than a TCP
-    socket.  '0' disables SocksSocket (Unix and Unix-like systems only.)
-
 [[SocksSocketsGroupWritable]] **SocksSocketsGroupWritable** **0**|**1**::
     If this option is set to 0, don't allow the filesystem group to read and
     write unix sockets (e.g. SocksSocket). If the option is set to 1, make

src/or/config.c

@@ -69,7 +69,7 @@
 extern int quiet_level;
 
 /* Prefix used to indicate a Unix socket in a FooPort configuration. */
-static const char *unix_socket_prefix = "unix:";
+static const char unix_socket_prefix[] = "unix:";
 
 /** A list of abbreviations and aliases to map command-line options, obsolete
  * option names, or alternative option names, to their current values. */
@@ -203,7 +203,6 @@ static config_var_t option_vars_[] = {
   V(ControlPortWriteToFile,      FILENAME, NULL),
   V(ControlSocket,               LINELIST, NULL),
   V(ControlSocketsGroupWritable, BOOL,     "0"),
-  V(SocksSocket,                 LINELIST, NULL),
   V(SocksSocketsGroupWritable,   BOOL,     "0"),
   V(CookieAuthentication,        BOOL,     "0"),
   V(CookieAuthFileGroupReadable, BOOL,     "0"),
@@ -1053,20 +1052,6 @@ options_act_reversible(const or_options_t *old_options, char **msg)
   }
 #endif
 
-#ifndef HAVE_SYS_UN_H
-  if (options->SocksSocket || options->SocksSocketsGroupWritable) {
-    *msg = tor_strdup("Unix domain sockets (SocksSocket) not supported "
-                      "on this OS/with this build.");
-    goto rollback;
-  }
-#else
-  if (options->SocksSocketsGroupWritable && !options->SocksSocket) {
-    *msg = tor_strdup("Setting SocksSocketGroupWritable without setting"
-                      "a SocksSocket makes no sense.");
-    goto rollback;
-  }
-#endif
-
   if (running_tor) {
     int n_ports=0;
     /* We need to set the connection limit before we can open the listeners. */
@@ -5656,6 +5641,14 @@ config_parse_unix_port(const char *addrport, char **path_out)
 int
 config_parse_unix_port(const char *addrport, char **path_out)
 {
+  tor_assert(path_out);
+  tor_assert(addrport);
+
+  if (strcmpstart(addrport, unix_socket_prefix)) {
+    /* Not a Unix socket path. */
+    return -ENOENT;
+  }
+
   log_warn(LD_CONFIG,
            "Port configuration %s is for an AF_UNIX socket, but we have no"
            "support available on this platform",
@@ -6218,13 +6211,6 @@ parse_ports(or_options_t *options, int validate_only,
       *msg = tor_strdup("Invalid ControlSocket configuration");
       goto err;
     }
-    if (parse_port_config(ports, options->SocksSocket, NULL,
-                          "SocksSocket",
-                          CONN_TYPE_AP_LISTENER, NULL, 0,
-                          CL_PORT_IS_UNIXSOCKET) < 0) {
-      *msg = tor_strdup("Invalid SocksSocket configuration");
-      goto err;
-    }
   }
   if (! options->ClientOnly) {
     if (parse_port_config(ports,
@@ -6268,8 +6254,6 @@ parse_ports(or_options_t *options, int validate_only,
     !! count_real_listeners(ports, CONN_TYPE_OR_LISTENER);
   options->SocksPort_set =
     !! count_real_listeners(ports, CONN_TYPE_AP_LISTENER);
-  options->SocksSocket_set =
-    !! count_real_listeners(ports, CONN_TYPE_AP_LISTENER);
   options->TransPort_set =
     !! count_real_listeners(ports, CONN_TYPE_AP_TRANS_LISTENER);
   options->NATDPort_set =

src/or/connection.c

@@ -1496,7 +1496,7 @@ connection_handle_listener_read(connection_t *conn, int new_type)
     if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
       newconn->port = 0;
       newconn->address = tor_strdup(conn->address);
-      log_info(LD_NET, "New SOCKS SocksSocket connection opened");
+      log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
     }
     if (new_type == CONN_TYPE_CONTROL) {
       log_notice(LD_CONTROL, "New control connection opened from %s.",

src/or/or.h

@@ -3463,9 +3463,6 @@ typedef struct {
                                  * for control connections. */
 
   int ControlSocketsGroupWritable; /**< Boolean: Are control sockets g+rw? */
-  config_line_t *SocksSocket; /**< List of Unix Domain Sockets to listen on
-                                 * for SOCKS connections. */
-
   int SocksSocketsGroupWritable; /**< Boolean: Are SOCKS sockets g+rw? */
   /** Ports to listen on for directory connections. */
   config_line_t *DirPort_lines;
@@ -3489,7 +3486,6 @@ typedef struct {
    */
   unsigned int ORPort_set : 1;
   unsigned int SocksPort_set : 1;
-  unsigned int SocksSocket_set : 1;
   unsigned int TransPort_set : 1;
   unsigned int NATDPort_set : 1;
   unsigned int ControlPort_set : 1;