Repair the (deprecated, ugly) DROPGUARDS controller function.

This actually is much easier to write now that guard_selection_t is
first-class.

src/or/control.c

@@ -4064,17 +4064,20 @@ handle_control_dropguards(control_connection_t *conn,
   smartlist_split_string(args, body, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
 
-#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
+  static int have_warned = 0;
+  if (! have_warned) {
+    log_warn(LD_CONTROL, "DROPGUARDS is dangerous; make sure you understand "
+             "the risks before using it. It may be removed in a future "
+             "version of Tor.");
+    have_warned = 1;
+  }
+
   if (smartlist_len(args)) {
     connection_printf_to_buf(conn, "512 Too many arguments to DROPGUARDS\r\n");
   } else {
     remove_all_entry_guards();
     send_control_done(conn);
   }
-#else
-  // XXXX
-  connection_printf_to_buf(conn, "512 not supported\r\n");
-#endif
 
   SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
   smartlist_free(args);

src/or/entrynodes.c

@@ -3252,6 +3252,42 @@ guards_choose_guard(cpath_build_state_t *state,
   return r;
 }
 
+/** Remove all currently listed entry guards for a given guard selection
+ * context.  This frees and replaces <b>gs</b>, so don't use <b>gs</b>
+ * after calling this function. */
+void
+remove_all_entry_guards_for_guard_selection(guard_selection_t *gs)
+{
+  // This function shouldn't exist. XXXX
+  tor_assert(gs != NULL);
+  char *old_name = tor_strdup(gs->name);
+  guard_selection_type_t old_type = gs->type;
+
+  SMARTLIST_FOREACH(gs->sampled_entry_guards, entry_guard_t *, entry, {
+    control_event_guard(entry->nickname, entry->identity, "DROPPED");
+  });
+
+  if (gs == curr_guard_context) {
+    curr_guard_context = NULL;
+  }
+
+  smartlist_remove(guard_contexts, gs);
+  guard_selection_free(gs);
+
+  gs = get_guard_selection_by_name(old_name, old_type, 1);
+  entry_guards_changed_for_guard_selection(gs);
+  tor_free(old_name);
+}
+
+/** Remove all currently listed entry guards. So new ones will be chosen. */
+void
+remove_all_entry_guards(void)
+{
+  // XXXX prop271 this function shouldn't exist, in the new order.
+  // This function shouldn't exist.
+  remove_all_entry_guards_for_guard_selection(get_guard_selection_info());
+}
+
 /** Helper: pick a directory guard, with whatever algorithm is used. */
 const node_t *
 guards_choose_dirguard(circuit_guard_state_t **guard_state_out)

src/or/entrynodes.h

@@ -170,7 +170,8 @@ struct entry_guard_t {
    * we saw them in the state, even if we don't understand them. */
   char *extra_state_fields;
 
-  /** Backpointer to the guard selection that this guard belongs to. */
+  /** Backpointer to the guard selection that this guard belongs to.
+   * The entry_guard_t must never outlive its guard_selection. */
   guard_selection_t *in_selection;
   /**@}*/
 
@@ -548,6 +549,9 @@ STATIC int entry_guard_has_higher_priority(entry_guard_t *a, entry_guard_t *b);
 STATIC char *getinfo_helper_format_single_entry_guard(const entry_guard_t *e);
 #endif
 
+void remove_all_entry_guards_for_guard_selection(guard_selection_t *gs);
+void remove_all_entry_guards(void);
+
 struct bridge_info_t;
 void entry_guard_learned_bridge_identity(const tor_addr_port_t *addrport,
                                          const uint8_t *rsa_id_digest);