config.c 205 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
15
#include "addressmap.h"
16
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "circuitlist.h"
19
20
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "connection_edge.h"
24
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "control.h"
26
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "dns.h"
31
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "networkstatus.h"
36
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
42
#include "router.h"
43
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
44
#include "routerlist.h"
45
#include "routerset.h"
46
#include "statefile.h"
47
#include "transports.h"
48
#ifdef _WIN32
49
50
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
51

52
53
54
55
56
#include "procmon.h"

/* From main.c */
extern int quiet_level;

57
58
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
59
static config_abbrev_t option_abbrevs_[] = {
60
61
62
63
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
64
  PLURAL(ExitNode),
65
  PLURAL(EntryNode),
66
67
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
68
  PLURAL(LongLivedPort),
69
70
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
71
  PLURAL(NumCPU),
72
73
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
74
75
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
76
  PLURAL(StrictNode),
77
  { "l", "Log", 1, 0},
78
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
79
80
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
81
82
83
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
84
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
85
  { "MaxConn", "ConnLimit", 0, 1},
86
87
88
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
89
90
91
92
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
93
94
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
95
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
96
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
97
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
98
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
99
100
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
101
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
102
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
103
104
  { NULL, NULL, 0, 0},
};
105

Nick Mathewson's avatar
Nick Mathewson committed
106
107
108
109
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
110
111
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
112
      initvalue }
113
114
115
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
116
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
117
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
118

119
120
121
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
122
123
124
125
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
126
static config_var_t option_vars_[] = {
127
  OBSOLETE("AccountingMaxKB"),
128
129
130
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
131
  V(AllowDotExit,                BOOL,     "0"),
132
133
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
134
135
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
136
137
138
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
139
  V(AssumeReachable,             BOOL,     "0"),
140
  V(AuthDirBadDir,               LINELIST, NULL),
141
  V(AuthDirBadDirCCs,            CSV,      ""),
142
  V(AuthDirBadExit,              LINELIST, NULL),
143
  V(AuthDirBadExitCCs,           CSV,      ""),
144
  V(AuthDirInvalid,              LINELIST, NULL),
145
  V(AuthDirInvalidCCs,           CSV,      ""),
146
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
147
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
148
  V(AuthDirReject,               LINELIST, NULL),
149
  V(AuthDirRejectCCs,            CSV,      ""),
150
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
151
  V(AuthDirListBadDirs,          BOOL,     "0"),
152
  V(AuthDirListBadExits,         BOOL,     "0"),
153
154
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
155
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
156
157
158
159
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
160
161
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
162
163
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
164
  V(BridgePassword,              STRING,   NULL),
165
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
166
  V(BridgeRelay,                 BOOL,     "0"),
167
  V(CellStatistics,              BOOL,     "0"),
168
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
169
  V(CircuitBuildTimeout,         INTERVAL, "0"),
170
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
171
  V(CircuitStreamTimeout,        INTERVAL, "0"),
172
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
173
174
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
175
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
176
  V(ClientRejectInternalAddresses, BOOL,   "1"),
177
  V(ClientTransportPlugin,       LINELIST, NULL),
178
  V(ClientUseIPv6,               BOOL,     "0"),
179
  V(ConsensusParams,             STRING,   NULL),
180
  V(ConnLimit,                   UINT,     "1000"),
181
  V(ConnDirectionStatistics,     BOOL,     "0"),
182
183
184
185
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
186
  VPORT(ControlPort,                 LINELIST, NULL),
187
  V(ControlPortFileGroupReadable,BOOL,     "0"),
188
  V(ControlPortWriteToFile,      FILENAME, NULL),
189
  V(ControlSocket,               LINELIST, NULL),
190
  V(ControlSocketsGroupWritable, BOOL,     "0"),
191
192
193
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
194
  V(CountPrivateBandwidth,       BOOL,     "0"),
195
  V(DataDirectory,               FILENAME, NULL),
196
  OBSOLETE("DebugLogFile"),
197
  V(DisableNetwork,              BOOL,     "0"),
198
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
199
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
200
  V(DirListenAddress,            LINELIST, NULL),
201
  OBSOLETE("DirFetchPeriod"),
202
  V(DirPolicy,                   LINELIST, NULL),
203
  VPORT(DirPort,                     LINELIST, NULL),
204
  V(DirPortFrontPage,            FILENAME, NULL),
205
  OBSOLETE("DirPostPeriod"),
206
207
208
209
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
210
  V(DirReqStatistics,            BOOL,     "1"),
211
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
212
  V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
213
  V(DisableAllSwap,              BOOL,     "0"),
214
  V(DisableDebuggerAttachment,   BOOL,     "1"),
215
  V(DisableIOCP,                 BOOL,     "1"),
216
  V(DynamicDHGroups,             BOOL,     "0"),
217
  VPORT(DNSPort,                     LINELIST, NULL),
218
219
220
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
221
  V(EntryNodes,                  ROUTERSET,   NULL),
222
  V(EntryStatistics,             BOOL,     "0"),
223
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
224
225
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
226
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
227
  V(ExitNodes,                   ROUTERSET, NULL),
228
229
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
230
  V(ExitPortStatistics,          BOOL,     "0"),
231
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
232
  V(ExtraInfoStatistics,         BOOL,     "1"),
233
  V(FallbackDir,                 LINELIST, NULL),
234

235
  OBSOLETE("FallbackNetworkstatusFile"),
236
237
238
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
239
  V(FetchDirInfoEarly,           BOOL,     "0"),
240
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
241
242
243
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
244
  V(FetchV2Networkstatus,        BOOL,     "0"),
245
#ifdef _WIN32
246
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
247
  V(GeoIPv6File,                 FILENAME, "<default>"),
248
#else
249
250
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
251
252
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
253
#endif
254
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
255
  OBSOLETE("Group"),
256
  V(HardwareAccel,               BOOL,     "0"),
257
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
258
259
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
260
  V(HashedControlPassword,       LINELIST, NULL),
261
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
262
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
263
264
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
265
266
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
267
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
268
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
269
  V(HidServAuth,                 LINELIST, NULL),
270
  V(HSAuthoritativeDir,          BOOL,     "0"),
271
  OBSOLETE("HSAuthorityRecordStats"),
272
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
273
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
274
275
276
277
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
278
  V(IPv6Exit,                    BOOL,     "0"),
279
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
280
  V(ServerTransportListenAddr,   LINELIST, NULL),
281
282
283
284
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
285
  OBSOLETE("IgnoreVersion"),
286
287
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
288
  V(LogMessageDomains,           BOOL,     "0"),
289
  OBSOLETE("LinkPadding"),
290
291
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
292
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
293
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
294
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
295
296
297
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
298
  V(MaxClientCircuitsPending,    UINT,     "32"),
299
  V(MaxOnionsPending,            UINT,     "100"),
300
  OBSOLETE("MonthlyAccountingStart"),
301
302
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
303
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
304
  V(NATDListenAddress,           LINELIST, NULL),
305
  VPORT(NATDPort,                    LINELIST, NULL),
306
  V(Nickname,                    STRING,   NULL),
307
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
308
  OBSOLETE("NoPublish"),
309
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
310
  V(NumCPUs,                     UINT,     "0"),
311
312
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
313
  VPORT(ORPort,                      LINELIST, NULL),
314
  V(OutboundBindAddress,         LINELIST,   NULL),
315
316
317
318
319
320
321

  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
  V(PathBiasDisableRate,         DOUBLE,   "-1"),
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),

322
  OBSOLETE("PathlenCoinWeight"),
323
324
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
325
  V(PidFile,                     STRING,   NULL),
326
  V(TestingTorNetwork,           BOOL,     "0"),
327
  V(OptimisticData,              AUTOBOOL, "auto"),
328
329
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
330
  V(PreferTunneledDirConns,      BOOL,     "1"),
331
  V(ProtocolWarnings,            BOOL,     "0"),
332
  V(PublishServerDescriptor,     CSV,      "1"),
333
334
335
336
337
338
339
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
340
  OBSOLETE("RedirectExit"),
341
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
342
  V(RejectPlaintextPorts,        CSV,      ""),
343
344
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
345
346
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
347
348
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
349
  OBSOLETE("RouterFile"),
350
  V(RunAsDaemon,                 BOOL,     "0"),
351
352
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
353
  V(SafeLogging,                 STRING,   "1"),
354
  V(SafeSocks,                   BOOL,     "0"),
355
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
356
357
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
358
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
359
360
361
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
362
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
363
364
365
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
366
  VPORT(SocksPort,                   LINELIST, NULL),
367
  V(SocksTimeout,                INTERVAL, "2 minutes"),
368
  OBSOLETE("StatusFetchPeriod"),
369
  V(StrictNodes,                 BOOL,     "0"),
370
  OBSOLETE("SysLog"),
371
  V(TestSocks,                   BOOL,     "0"),
372
  OBSOLETE("TestVia"),
373
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
374
  V(Tor2webMode,                 BOOL,     "0"),
375
  V(TLSECGroup,                  STRING,   NULL),
376
377
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
378
  OBSOLETE("TrafficShaping"),
379
  V(TransListenAddress,          LINELIST, NULL),
380
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
381
  V(TunnelDirConns,              BOOL,     "1"),
382
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
383
  V(UseBridges,                  BOOL,     "0"),
384
  V(UseEntryGuards,              BOOL,     "1"),
385
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
386
  V(User,                        STRING,   NULL),
387
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
388
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
389
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
390
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
391
392
393
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
394
395
396
397
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
398
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
399
  V(V3BandwidthsFile,            FILENAME, NULL),
400
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
401
402
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
403
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
404
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
405
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
406
407
408
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
409
410
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
411
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
412
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
413
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
414
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
415

416
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
417
};
418

419
420
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
421
static const config_var_t testing_tor_network_defaults[] = {
422
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
423
424
425
426
427
428
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
429
  V(ClientRejectInternalAddresses, BOOL,   "0"),
430
  V(CountPrivateBandwidth,       BOOL,     "1"),
431
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
432
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
433
434
435
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
436
437
438
439
440
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
441
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
442
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
443

444
445
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
446

447
#undef VAR
448
#undef V
449
450
#undef OBSOLETE

451
#ifdef _WIN32
452
453
static char *get_windows_conf_root(void);
#endif
454
455
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
456
                            int from_setconf, char **msg);
457
458
459
460
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
461
                                      char **msg);
462
463
464
465
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
466
static int check_nickname_list(const char *lst, const char *name, char **msg);
467

468
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
469
static int parse_client_transport_line(const char *line, int validate_only);
470
471

static int parse_server_transport_line(const char *line, int validate_only);
472
473
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
474
static int parse_dir_authority_line(const char *line,
475
                                 dirinfo_type_t required_type,
476
                                 int validate_only);
477
478
static int parse_dir_fallback_line(const char *line,
                                   int validate_only);
479
static void port_cfg_free(port_cfg_t *port);
480
static int parse_ports(or_options_t *options, int validate_only,
481
                              char **msg_out, int *n_ports_out);
482
483
484
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

485
static int validate_data_directory(or_options_t *options);
486
487
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
488
static int options_init_logs(or_options_t *options, int validate_only);
489

490
static void init_libevent(const or_options_t *options);
491
static int opt_streq(const char *s1, const char *s2);
492
493
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
494
495
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);
496

497
/** Magic value for or_options_t. */
498
499
#define OR_OPTIONS_MAGIC 9090909

500
/** Configuration format for or_options_t. */
501
static config_format_t options_format = {
502
503
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
504
505
506
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
507
  (validate_fn_t)options_validate,
508
  NULL
509
510
};

511
512
513
514
515
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
516
static or_options_t *global_options = NULL;
517
518
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
519
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
520
/** Name of most recently read torrc file. */
521
static char *torrc_fname = NULL;
522
/** Name of the most recently read torrc-defaults file.*/
523
static char *torrc_defaults_fname;
524
525
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
526
/** Contents of most recently read DirPortFrontPage file. */
527
static char *global_dirfrontpagecontents = NULL;
528
529
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
530
531
532
533
534
535
536

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
537

538
539
/** Return the currently configured options. */
or_options_t *
540
get_options_mutable(void)
541
{
542
543
544
  tor_assert(global_options);
  return global_options;
}
545

546
547
548
549
550
551
552
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

553
554
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
555
 * as necessary.  Returns 0 on success, -1 on failure.
556
 */
557
int
558
set_options(or_options_t *new_val, char **msg)
559
{
560
561
562
  int i;
  smartlist_t *elements;
  config_line_t *line;
563
  or_options_t *old_options = global_options;
564
  global_options = new_val;
565
566
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
567
568
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
569
570
571
    global_options = old_options;
    return -1;
  }
572
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
573
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
574
            "Acting on config options left us in a broken state. Dying.");
575
576
    exit(1);
  }
577
578
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
579
  if (old_options && old_options != global_options) {
580
    elements = smartlist_new();
581
    for (i=0; options_format.vars[i].name; ++i) {
582
583
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
584
585
586
587
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
588
589
590
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
591
592
593

        if (line) {
          for (; line; line = line->next) {
594
595
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
596
597
          }
        } else {
598
          smartlist_add(elements, (char*)options_format.vars[i].name);
599
          smartlist_add(elements, NULL);
600
601
602
        }
      }
    }
603
    control_event_conf_changed(elements);
604
605
    smartlist_free(elements);
  }
606
607
608

  if (old_options != global_options)
    config_free(&options_format, old_options);
609
610

  return 0;
611
612
}

613
extern const char tor_git_revision[]; /* from tor_main.c */
614

615
/** The version of this Tor process, as parsed. */
616
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
617
618
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
619
static char *the_short_tor_version = NULL;
620

621
/** Return the current Tor version. */
622
623
624
const char *
get_version(void)
{
625
  if (the_tor_version == NULL) {
626
    if (strlen(tor_git_revision)) {
627
628
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
629
    } else {
630
      the_tor_version = tor_strdup(get_short_version());
631
632
    }
  }
633
  return the_tor_version;
634
635
}

636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

651
652
653
654
655
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
656
657
658
  if (!options)
    return;

659
  routerset_free(options->ExcludeExitNodesUnion_);
660
661
662
663
664
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
665
  tor_free(options->BridgePassword_AuthDigest_);
666
667
668
  config_free(&options_format, options);
}

669
670
/** Release all memory and resources held by global configuration structures.
 */
671
672
673
void
config_free_all(void)
{
674
675
  or_options_free(global_options);
  global_options = NULL;
676
677
  or_options_free(global_default_options);
  global_default_options = NULL;
678
679
680
681

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

682
683
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
684
                      port_cfg_t *, p, port_cfg_free(p));
685
686
    smartlist_free(configured_ports);
    configured_ports = NULL;
687
688
  }

689
  tor_free(torrc_fname);
690
  tor_free(torrc_defaults_fname);
691
  tor_free(the_tor_version);
692
  tor_free(global_dirfrontpagecontents);
693
694
695

  tor_free(the_short_tor_version);
  tor_free(the_tor_version);
696
697
}

698
699
700
701
702
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
703
704
 */
const char *
705
safe_str_client(const char *address)
706
{
707
  tor_assert(address);
708
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
709
710
711
712
713
    return "[scrubbed]";
  else
    return address;
}

714
715
716
717
718
719
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
720
721
 */
const char *
722
723
safe_str(const char *address)
{
724
  tor_assert(address);
725
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
726
727
728
729
730
    return "[scrubbed]";
  else
    return address;
}

731
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
732
733
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
734
const char *
735
escaped_safe_str_client(const char *address)
736
{
737
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
738
739
740
741
742
    return "[scrubbed]";
  else
    return escaped(address);
}

743
/** Equivalent to escaped(safe_str(address)).  See reentrancy note on
744
745
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
746
747
748
const char *
escaped_safe_str(const char *address)
{
749
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
750
751
752
753
754
    return "[scrubbed]";
  else
    return escaped(address);
}

755
756
/** Add the default directory authorities directly into the trusted dir list,
 * but only add them insofar as they share bits with <b>type</b>. */