config.c 193 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
15
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
16
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitlist.h"
18
19
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
20
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection_edge.h"
23
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
24
#include "control.h"
25
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
26
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dns.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
31
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "networkstatus.h"
34
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "router.h"
41
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
42
#include "routerlist.h"
43
#include "routerset.h"
44
#include "statefile.h"
45
#include "transports.h"
46
#ifdef _WIN32
47
48
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
49

50
51
52
53
54
#include "procmon.h"

/* From main.c */
extern int quiet_level;

55
56
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
57
static config_abbrev_t _option_abbrevs[] = {
58
59
60
61
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
62
  PLURAL(ExitNode),
63
  PLURAL(EntryNode),
64
65
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
66
  PLURAL(LongLivedPort),
67
68
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
69
  PLURAL(NumCPU),
70
71
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
72
73
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
74
  PLURAL(StrictNode),
75
  { "l", "Log", 1, 0},
76
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
77
78
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
79
80
81
82
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
  { "MaxConn", "ConnLimit", 0, 1},
83
84
85
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
86
87
88
89
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
90
91
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
92
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
93
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
94
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
95
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
96
97
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
98
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
99
100
  { NULL, NULL, 0, 0},
};
101

Nick Mathewson's avatar
Nick Mathewson committed
102
103
104
105
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
106
107
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
108
      initvalue }
109
110
111
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
112
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
113
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
114

115
116
117
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
118
119
120
121
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
122
static config_var_t _option_vars[] = {
123
  OBSOLETE("AccountingMaxKB"),
124
125
126
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
127
  V(AllowDotExit,                BOOL,     "0"),
128
129
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
130
131
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
132
133
134
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
135
  V(AssumeReachable,             BOOL,     "0"),
136
  V(AuthDirBadDir,               LINELIST, NULL),
137
  V(AuthDirBadDirCCs,            CSV,      ""),
138
  V(AuthDirBadExit,              LINELIST, NULL),
139
  V(AuthDirBadExitCCs,           CSV,      ""),
140
  V(AuthDirInvalid,              LINELIST, NULL),
141
  V(AuthDirInvalidCCs,           CSV,      ""),
142
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
143
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
144
  V(AuthDirReject,               LINELIST, NULL),
145
  V(AuthDirRejectCCs,            CSV,      ""),
146
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
147
  V(AuthDirListBadDirs,          BOOL,     "0"),
148
  V(AuthDirListBadExits,         BOOL,     "0"),
149
150
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
151
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
152
153
154
155
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
156
157
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
158
159
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
160
  V(BridgePassword,              STRING,   NULL),
161
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
162
  V(BridgeRelay,                 BOOL,     "0"),
163
  V(CellStatistics,              BOOL,     "0"),
164
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
165
  V(CircuitBuildTimeout,         INTERVAL, "0"),
166
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
167
  V(CircuitStreamTimeout,        INTERVAL, "0"),
168
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
169
170
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
171
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
172
  V(ClientRejectInternalAddresses, BOOL,   "1"),
173
  V(ClientTransportPlugin,       LINELIST, NULL),
174
  V(ClientUseIPv6,               BOOL,     "0"),
175
  V(ConsensusParams,             STRING,   NULL),
176
  V(ConnLimit,                   UINT,     "1000"),
177
  V(ConnDirectionStatistics,     BOOL,     "0"),
178
179
180
181
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
182
  VPORT(ControlPort,                 LINELIST, NULL),
183
  V(ControlPortFileGroupReadable,BOOL,     "0"),
184
  V(ControlPortWriteToFile,      FILENAME, NULL),
185
  V(ControlSocket,               LINELIST, NULL),
186
  V(ControlSocketsGroupWritable, BOOL,     "0"),
187
188
189
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
190
  V(CountPrivateBandwidth,       BOOL,     "0"),
191
  V(DataDirectory,               FILENAME, NULL),
192
  OBSOLETE("DebugLogFile"),
193
  V(DisableNetwork,              BOOL,     "0"),
194
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
195
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
196
  V(DirListenAddress,            LINELIST, NULL),
197
  OBSOLETE("DirFetchPeriod"),
198
  V(DirPolicy,                   LINELIST, NULL),
199
  VPORT(DirPort,                     LINELIST, NULL),
200
  V(DirPortFrontPage,            FILENAME, NULL),
201
  OBSOLETE("DirPostPeriod"),
202
203
204
205
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
206
  V(DirReqStatistics,            BOOL,     "1"),
207
  VAR("DirServer",               LINELIST, DirServers, NULL),
208
  V(DisableAllSwap,              BOOL,     "0"),
209
  V(DisableDebuggerAttachment,   BOOL,     "1"),
210
  V(DisableIOCP,                 BOOL,     "1"),
211
  V(DynamicDHGroups,             BOOL,     "0"),
212
  VPORT(DNSPort,                     LINELIST, NULL),
213
214
215
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
216
  V(EntryNodes,                  ROUTERSET,   NULL),
217
  V(EntryStatistics,             BOOL,     "0"),
218
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
219
220
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
221
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
222
  V(ExitNodes,                   ROUTERSET, NULL),
223
224
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
225
  V(ExitPortStatistics,          BOOL,     "0"),
226
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
227
  V(ExtraInfoStatistics,         BOOL,     "1"),
228

valerino's avatar
valerino committed
229
230
231
#if defined (WINCE)
  V(FallbackNetworkstatusFile,   FILENAME, "fallback-consensus"),
#else
232
  V(FallbackNetworkstatusFile,   FILENAME,
233
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
valerino's avatar
valerino committed
234
#endif
235
236
237
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
238
  V(FetchDirInfoEarly,           BOOL,     "0"),
239
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
240
241
242
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
243
  V(FetchV2Networkstatus,        BOOL,     "0"),
244
#ifdef _WIN32
245
  V(GeoIPFile,                   FILENAME, "<default>"),
246
#else
247
248
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
249
#endif
250
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
251
  OBSOLETE("Group"),
252
  V(HardwareAccel,               BOOL,     "0"),
253
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
254
255
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
256
  V(HashedControlPassword,       LINELIST, NULL),
257
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
258
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
259
260
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
261
262
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
263
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
264
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
265
  V(HidServAuth,                 LINELIST, NULL),
266
  V(HSAuthoritativeDir,          BOOL,     "0"),
267
  OBSOLETE("HSAuthorityRecordStats"),
268
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
269
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
270
271
272
273
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
274
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
275
276
277
278
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
279
  OBSOLETE("IgnoreVersion"),
280
281
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
282
  V(LogMessageDomains,           BOOL,     "0"),
283
  OBSOLETE("LinkPadding"),
284
285
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
286
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
287
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
288
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
289
290
291
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
292
  V(MaxClientCircuitsPending,    UINT,     "32"),
293
  V(MaxOnionsPending,            UINT,     "100"),
294
  OBSOLETE("MonthlyAccountingStart"),
295
296
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
297
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
298
  V(NATDListenAddress,           LINELIST, NULL),
299
  VPORT(NATDPort,                    LINELIST, NULL),
300
  V(Nickname,                    STRING,   NULL),
301
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
302
  OBSOLETE("NoPublish"),
303
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
304
  V(NumCPUs,                     UINT,     "0"),
305
306
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
307
  VPORT(ORPort,                      LINELIST, NULL),
308
  V(OutboundBindAddress,         LINELIST,   NULL),
309
310
311
312
313
314
315

  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
  V(PathBiasDisableRate,         DOUBLE,   "-1"),
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),

316
  OBSOLETE("PathlenCoinWeight"),
317
318
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
319
  V(PidFile,                     STRING,   NULL),
320
  V(TestingTorNetwork,           BOOL,     "0"),
321
  V(OptimisticData,              AUTOBOOL, "auto"),
322
323
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
324
  V(PreferTunneledDirConns,      BOOL,     "1"),
325
  V(ProtocolWarnings,            BOOL,     "0"),
326
  V(PublishServerDescriptor,     CSV,      "1"),
327
328
329
330
331
332
333
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
334
  OBSOLETE("RedirectExit"),
335
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
336
  V(RejectPlaintextPorts,        CSV,      ""),
337
338
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
339
340
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
341
342
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
343
  OBSOLETE("RouterFile"),
344
  V(RunAsDaemon,                 BOOL,     "0"),
345
346
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
347
  V(SafeLogging,                 STRING,   "1"),
348
  V(SafeSocks,                   BOOL,     "0"),
349
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
350
351
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
352
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
353
354
355
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
356
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
357
358
359
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
360
  VPORT(SocksPort,                   LINELIST, NULL),
361
  V(SocksTimeout,                INTERVAL, "2 minutes"),
362
  OBSOLETE("StatusFetchPeriod"),
363
  V(StrictNodes,                 BOOL,     "0"),
364
  OBSOLETE("SysLog"),
365
  V(TestSocks,                   BOOL,     "0"),
366
  OBSOLETE("TestVia"),
367
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
368
  V(Tor2webMode,                 BOOL,     "0"),
369
370
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
371
  OBSOLETE("TrafficShaping"),
372
  V(TransListenAddress,          LINELIST, NULL),
373
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
374
  V(TunnelDirConns,              BOOL,     "1"),
375
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
376
  V(UseBridges,                  BOOL,     "0"),
377
  V(UseEntryGuards,              BOOL,     "1"),
378
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
379
  V(User,                        STRING,   NULL),
380
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
381
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
382
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
383
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
384
385
386
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
387
388
389
390
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
391
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
392
  V(V3BandwidthsFile,            FILENAME, NULL),
393
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
394
  V(VirtualAddrNetwork,          STRING,   "127.192.0.0/10"),
395
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
396
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
397
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
398
399
400
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
401
402
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
403
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
404
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
405
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
406
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "0"),
407

408
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
409
};
410

411
412
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
413
static const config_var_t testing_tor_network_defaults[] = {
414
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
415
416
417
418
419
420
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
421
  V(ClientRejectInternalAddresses, BOOL,   "0"),
422
  V(CountPrivateBandwidth,       BOOL,     "1"),
423
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
424
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
425
426
427
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
428
429
430
431
432
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
433
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
434
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "1"),
435

436
437
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
438

439
#undef VAR
440
#undef V
441
442
#undef OBSOLETE

443
#ifdef _WIN32
444
445
static char *get_windows_conf_root(void);
#endif
446
447
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
448
                            int from_setconf, char **msg);
449
450
451
452
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
453
                                      char **msg);
454
455
456
457
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
458
static int check_nickname_list(const char *lst, const char *name, char **msg);
459

460
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
461
static int parse_client_transport_line(const char *line, int validate_only);
462
463

static int parse_server_transport_line(const char *line, int validate_only);
464
static int parse_dir_server_line(const char *line,
465
                                 dirinfo_type_t required_type,
466
                                 int validate_only);
467
static void port_cfg_free(port_cfg_t *port);
468
static int parse_ports(or_options_t *options, int validate_only,
469
                              char **msg_out, int *n_ports_out);
470
471
472
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

473
static int validate_data_directory(or_options_t *options);
474
475
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
476
static int options_init_logs(or_options_t *options, int validate_only);
477

478
static void init_libevent(const or_options_t *options);
479
static int opt_streq(const char *s1, const char *s2);
480
481
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
482

483
/** Magic value for or_options_t. */
484
485
#define OR_OPTIONS_MAGIC 9090909

486
/** Configuration format for or_options_t. */
487
static config_format_t options_format = {
488
489
490
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
  STRUCT_OFFSET(or_options_t, _magic),
491
492
493
  _option_abbrevs,
  _option_vars,
  (validate_fn_t)options_validate,
494
  NULL
495
496
};

497
498
499
500
501
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
502
static or_options_t *global_options = NULL;
503
504
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
505
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
506
/** Name of most recently read torrc file. */
507
static char *torrc_fname = NULL;
508
/** Name of the most recently read torrc-defaults file.*/
509
static char *torrc_defaults_fname;
510
511
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
512
/** Contents of most recently read DirPortFrontPage file. */
513
static char *global_dirfrontpagecontents = NULL;
514
515
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
516
517
518
519
520
521
522

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
523

524
525
/** Return the currently configured options. */
or_options_t *
526
get_options_mutable(void)
527
{
528
529
530
  tor_assert(global_options);
  return global_options;
}
531

532
533
534
535
536
537
538
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

539
540
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
541
 * as necessary.  Returns 0 on success, -1 on failure.
542
 */
543
int
544
set_options(or_options_t *new_val, char **msg)
545
{
546
547
548
  int i;
  smartlist_t *elements;
  config_line_t *line;
549
  or_options_t *old_options = global_options;
550
  global_options = new_val;
551
552
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
553
554
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
555
556
557
    global_options = old_options;
    return -1;
  }
558
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
559
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
560
            "Acting on config options left us in a broken state. Dying.");
561
562
    exit(1);
  }
563
564
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
565
  if (old_options && old_options != global_options) {
566
    elements = smartlist_new();
567
    for (i=0; options_format.vars[i].name; ++i) {
568
569
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
570
571
572
573
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
574
575
576
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
577
578
579

        if (line) {
          for (; line; line = line->next) {
580
581
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
582
583
          }
        } else {
584
          smartlist_add(elements, (char*)options_format.vars[i].name);
585
          smartlist_add(elements, NULL);
586
587
588
        }
      }
    }
589
    control_event_conf_changed(elements);
590
591
    smartlist_free(elements);
  }
592
593
594

  if (old_options != global_options)
    config_free(&options_format, old_options);
595
596

  return 0;
597
598
}

599
extern const char tor_git_revision[]; /* from tor_main.c */
600

601
/** The version of this Tor process, as parsed. */
602
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
603
604
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
605
static char *the_short_tor_version = NULL;
606

607
/** Return the current Tor version. */
608
609
610
const char *
get_version(void)
{
611
  if (the_tor_version == NULL) {
612
    if (strlen(tor_git_revision)) {
613
614
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
615
    } else {
616
      the_tor_version = tor_strdup(get_short_version());
617
618
    }
  }
619
  return the_tor_version;
620
621
}

622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

637
638
639
640
641
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
642
643
644
  if (!options)
    return;

645
  routerset_free(options->_ExcludeExitNodesUnion);
646
647
648
649
650
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
651
  tor_free(options->_BridgePassword_AuthDigest);
652
653
654
  config_free(&options_format, options);
}

655
656
/** Release all memory and resources held by global configuration structures.
 */
657
658
659
void
config_free_all(void)
{
660
661
  or_options_free(global_options);
  global_options = NULL;
662
663
  or_options_free(global_default_options);
  global_default_options = NULL;
664
665
666
667

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

668
669
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
670
                      port_cfg_t *, p, tor_free(p));
671
672
    smartlist_free(configured_ports);
    configured_ports = NULL;
673
674
  }

675
  tor_free(torrc_fname);
676
  tor_free(torrc_defaults_fname);
677
  tor_free(the_tor_version);
678
  tor_free(global_dirfrontpagecontents);
679
680
}

681
682
683
684
685
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
686
687
 */
const char *
688
safe_str_client(const char *address)
689
{
690
  tor_assert(address);
691
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
692
693
694
695
696
    return "[scrubbed]";
  else
    return address;
}

697
698
699
700
701
702
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
703
704
 */
const char *
705
706
safe_str(const char *address)
{
707
  tor_assert(address);
708
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
709
710
711
712
713
    return "[scrubbed]";
  else
    return address;
}

714
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
715
716
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
717
const char *
718
escaped_safe_str_client(const char *address)
719
{
720
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
721
722
723
724
725
    return "[scrubbed]";
  else
    return escaped(address);
}

726
/** Equivalent to escaped(safe_str(address)).  See reentrancy note on
727
728
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
729
730
731
const char *
escaped_safe_str(const char *address)
{
732
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
733
734
735
736
737
    return "[scrubbed]";
  else
    return escaped(address);
}

738
739
/** Add the default directory authorities directly into the trusted dir list,
 * but only add them insofar as they share bits with <b>type</b>. */
740
static void
741
add_default_trusted_dir_authorities(dirinfo_type_t type)
742
{
743
  int i;
744
  const char *dirservers[] = {
745
746
747
    "moria1 orport=9101 no-v2 "
      "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
      "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
748
    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
Peter Palfrader's avatar
Peter Palfrader committed
749
      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
Roger Dingledine's avatar
Roger Dingledine committed
750
751
    "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
      "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
752
    "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
753
      "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
754
755
    "turtles orport=9090 no-v2 "
      "v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
756
      "76.73.17.194:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
757
    "gabelmoo orport=443 no-v2 "
758
      "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
759
      "212.112.245.170:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
760
761
    "dannenberg orport=443 no-v2 "
      "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
Roger Dingledine's avatar