config.c 192 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
15
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
16
#include "circuitlist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
19
#include "connection_edge.h"
20
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "control.h"
22
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
24
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
26
#include "dns.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "networkstatus.h"
31
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "router.h"
38
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "routerlist.h"
40
#include "routerset.h"
41
#include "statefile.h"
42
#include "transports.h"
43
#ifdef _WIN32
44
45
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
46

47
48
49
50
51
#include "procmon.h"

/* From main.c */
extern int quiet_level;

52
53
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
54
static config_abbrev_t _option_abbrevs[] = {
55
56
57
58
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
59
  PLURAL(ExitNode),
60
  PLURAL(EntryNode),
61
62
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
63
  PLURAL(LongLivedPort),
64
65
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
66
  PLURAL(NumCPU),
67
68
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
69
70
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
71
  PLURAL(StrictNode),
72
  { "l", "Log", 1, 0},
73
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
74
75
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
76
77
78
79
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
  { "MaxConn", "ConnLimit", 0, 1},
80
81
82
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
83
84
85
86
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
87
88
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
89
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
90
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
91
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
92
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
93
94
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
95
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
96
97
  { NULL, NULL, 0, 0},
};
98

Nick Mathewson's avatar
Nick Mathewson committed
99
100
101
102
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
103
104
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
105
      initvalue }
106
107
108
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
109
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
110
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
111

112
113
114
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
115
116
117
118
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
119
static config_var_t _option_vars[] = {
120
  OBSOLETE("AccountingMaxKB"),
121
122
123
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
124
  V(AllowDotExit,                BOOL,     "0"),
125
126
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
127
128
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
129
130
131
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
132
  V(AssumeReachable,             BOOL,     "0"),
133
  V(AuthDirBadDir,               LINELIST, NULL),
134
  V(AuthDirBadDirCCs,            CSV,      ""),
135
  V(AuthDirBadExit,              LINELIST, NULL),
136
  V(AuthDirBadExitCCs,           CSV,      ""),
137
  V(AuthDirInvalid,              LINELIST, NULL),
138
  V(AuthDirInvalidCCs,           CSV,      ""),
139
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
140
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
141
  V(AuthDirReject,               LINELIST, NULL),
142
  V(AuthDirRejectCCs,            CSV,      ""),
143
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
144
  V(AuthDirListBadDirs,          BOOL,     "0"),
145
  V(AuthDirListBadExits,         BOOL,     "0"),
146
147
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
148
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
149
150
151
152
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
153
154
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
155
156
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
157
  V(BridgePassword,              STRING,   NULL),
158
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
159
  V(BridgeRelay,                 BOOL,     "0"),
160
  V(CellStatistics,              BOOL,     "0"),
161
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
162
  V(CircuitBuildTimeout,         INTERVAL, "0"),
163
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
164
  V(CircuitStreamTimeout,        INTERVAL, "0"),
165
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
166
167
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
168
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
169
  V(ClientRejectInternalAddresses, BOOL,   "1"),
170
  V(ClientTransportPlugin,       LINELIST, NULL),
171
  V(ClientUseIPv6,               BOOL,     "0"),
172
  V(ConsensusParams,             STRING,   NULL),
173
  V(ConnLimit,                   UINT,     "1000"),
174
  V(ConnDirectionStatistics,     BOOL,     "0"),
175
176
177
178
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
179
  VPORT(ControlPort,                 LINELIST, NULL),
180
  V(ControlPortFileGroupReadable,BOOL,     "0"),
181
  V(ControlPortWriteToFile,      FILENAME, NULL),
182
  V(ControlSocket,               LINELIST, NULL),
183
  V(ControlSocketsGroupWritable, BOOL,     "0"),
184
185
186
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
187
  V(CountPrivateBandwidth,       BOOL,     "0"),
188
  V(DataDirectory,               FILENAME, NULL),
189
  OBSOLETE("DebugLogFile"),
190
  V(DisableNetwork,              BOOL,     "0"),
191
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
192
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
193
  V(DirListenAddress,            LINELIST, NULL),
194
  OBSOLETE("DirFetchPeriod"),
195
  V(DirPolicy,                   LINELIST, NULL),
196
  VPORT(DirPort,                     LINELIST, NULL),
197
  V(DirPortFrontPage,            FILENAME, NULL),
198
  OBSOLETE("DirPostPeriod"),
199
200
201
202
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
203
  V(DirReqStatistics,            BOOL,     "1"),
204
  VAR("DirServer",               LINELIST, DirServers, NULL),
205
  V(DisableAllSwap,              BOOL,     "0"),
206
  V(DisableDebuggerAttachment,   BOOL,     "1"),
207
  V(DisableIOCP,                 BOOL,     "1"),
208
  V(DynamicDHGroups,             BOOL,     "0"),
209
  VPORT(DNSPort,                     LINELIST, NULL),
210
211
212
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
213
  V(EntryNodes,                  ROUTERSET,   NULL),
214
  V(EntryStatistics,             BOOL,     "0"),
215
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
216
217
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
218
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
219
  V(ExitNodes,                   ROUTERSET, NULL),
220
221
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
222
  V(ExitPortStatistics,          BOOL,     "0"),
223
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
224
  V(ExtraInfoStatistics,         BOOL,     "1"),
225

valerino's avatar
valerino committed
226
227
228
#if defined (WINCE)
  V(FallbackNetworkstatusFile,   FILENAME, "fallback-consensus"),
#else
229
  V(FallbackNetworkstatusFile,   FILENAME,
230
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
valerino's avatar
valerino committed
231
#endif
232
233
234
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
235
  V(FetchDirInfoEarly,           BOOL,     "0"),
236
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
237
238
239
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
240
  V(FetchV2Networkstatus,        BOOL,     "0"),
241
#ifdef _WIN32
242
  V(GeoIPFile,                   FILENAME, "<default>"),
243
#else
244
245
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
246
#endif
247
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
248
  OBSOLETE("Group"),
249
  V(HardwareAccel,               BOOL,     "0"),
250
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
251
252
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
253
  V(HashedControlPassword,       LINELIST, NULL),
254
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
255
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
256
257
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
258
259
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
260
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
261
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
262
  V(HidServAuth,                 LINELIST, NULL),
263
  V(HSAuthoritativeDir,          BOOL,     "0"),
264
  OBSOLETE("HSAuthorityRecordStats"),
265
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
266
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
267
268
269
270
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
271
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
272
273
274
275
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
276
  OBSOLETE("IgnoreVersion"),
277
278
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
279
  V(LogMessageDomains,           BOOL,     "0"),
280
  OBSOLETE("LinkPadding"),
281
282
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
283
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
284
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
285
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
286
287
288
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
289
  V(MaxClientCircuitsPending,    UINT,     "32"),
290
  V(MaxOnionsPending,            UINT,     "100"),
291
  OBSOLETE("MonthlyAccountingStart"),
292
293
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
294
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
295
  V(NATDListenAddress,           LINELIST, NULL),
296
  VPORT(NATDPort,                    LINELIST, NULL),
297
  V(Nickname,                    STRING,   NULL),
298
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
299
  OBSOLETE("NoPublish"),
300
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
301
  V(NumCPUs,                     UINT,     "0"),
302
303
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
304
  VPORT(ORPort,                      LINELIST, NULL),
305
  V(OutboundBindAddress,         LINELIST,   NULL),
306
307
308
309
310
311
312

  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
  V(PathBiasDisableRate,         DOUBLE,   "-1"),
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),

313
  OBSOLETE("PathlenCoinWeight"),
314
315
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
316
  V(PidFile,                     STRING,   NULL),
317
  V(TestingTorNetwork,           BOOL,     "0"),
318
  V(OptimisticData,              AUTOBOOL, "auto"),
319
320
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
321
  V(PreferTunneledDirConns,      BOOL,     "1"),
322
  V(ProtocolWarnings,            BOOL,     "0"),
323
  V(PublishServerDescriptor,     CSV,      "1"),
324
325
326
327
328
329
330
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
331
  OBSOLETE("RedirectExit"),
332
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
333
  V(RejectPlaintextPorts,        CSV,      ""),
334
335
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
336
337
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
338
339
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
340
  OBSOLETE("RouterFile"),
341
  V(RunAsDaemon,                 BOOL,     "0"),
342
343
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
344
  V(SafeLogging,                 STRING,   "1"),
345
  V(SafeSocks,                   BOOL,     "0"),
346
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
347
348
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
349
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
350
351
352
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
353
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
354
355
356
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
357
  VPORT(SocksPort,                   LINELIST, NULL),
358
  V(SocksTimeout,                INTERVAL, "2 minutes"),
359
  OBSOLETE("StatusFetchPeriod"),
360
  V(StrictNodes,                 BOOL,     "0"),
361
  OBSOLETE("SysLog"),
362
  V(TestSocks,                   BOOL,     "0"),
363
  OBSOLETE("TestVia"),
364
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
365
  V(Tor2webMode,                 BOOL,     "0"),
366
367
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
368
  OBSOLETE("TrafficShaping"),
369
  V(TransListenAddress,          LINELIST, NULL),
370
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
371
  V(TunnelDirConns,              BOOL,     "1"),
372
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
373
  V(UseBridges,                  BOOL,     "0"),
374
  V(UseEntryGuards,              BOOL,     "1"),
375
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
376
  V(User,                        STRING,   NULL),
377
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
378
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
379
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
380
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
381
382
383
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
384
385
386
387
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
388
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
389
  V(V3BandwidthsFile,            FILENAME, NULL),
390
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
391
  V(VirtualAddrNetwork,          STRING,   "127.192.0.0/10"),
392
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
393
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
394
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
395
396
397
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
398
399
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
400
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
401
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
402
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
403
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "0"),
404

405
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
406
};
407

408
409
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
410
static const config_var_t testing_tor_network_defaults[] = {
411
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
412
413
414
415
416
417
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
418
  V(ClientRejectInternalAddresses, BOOL,   "0"),
419
  V(CountPrivateBandwidth,       BOOL,     "1"),
420
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
421
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
422
423
424
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
425
426
427
428
429
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
430
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
431
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "1"),
432

433
434
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
435

436
#undef VAR
437
#undef V
438
439
#undef OBSOLETE

440
#ifdef _WIN32
441
442
static char *get_windows_conf_root(void);
#endif
443
444
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
445
                            int from_setconf, char **msg);
446
447
448
449
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
450
                                      char **msg);
451
452
453
454
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
455
static int check_nickname_list(const char *lst, const char *name, char **msg);
456

457
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
458
static int parse_client_transport_line(const char *line, int validate_only);
459
460

static int parse_server_transport_line(const char *line, int validate_only);
461
static int parse_dir_server_line(const char *line,
462
                                 dirinfo_type_t required_type,
463
                                 int validate_only);
464
static void port_cfg_free(port_cfg_t *port);
465
static int parse_ports(or_options_t *options, int validate_only,
466
                              char **msg_out, int *n_ports_out);
467
468
469
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

470
static int validate_data_directory(or_options_t *options);
471
472
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
473
static int options_init_logs(or_options_t *options, int validate_only);
474

475
static void init_libevent(const or_options_t *options);
476
static int opt_streq(const char *s1, const char *s2);
477
478
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
479

480
/** Magic value for or_options_t. */
481
482
#define OR_OPTIONS_MAGIC 9090909

483
/** Configuration format for or_options_t. */
484
static config_format_t options_format = {
485
486
487
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
  STRUCT_OFFSET(or_options_t, _magic),
488
489
490
  _option_abbrevs,
  _option_vars,
  (validate_fn_t)options_validate,
491
  NULL
492
493
};

494
495
496
497
498
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
499
static or_options_t *global_options = NULL;
500
501
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
502
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
503
/** Name of most recently read torrc file. */
504
static char *torrc_fname = NULL;
505
/** Name of the most recently read torrc-defaults file.*/
506
static char *torrc_defaults_fname;
507
508
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
509
/** Contents of most recently read DirPortFrontPage file. */
510
static char *global_dirfrontpagecontents = NULL;
511
512
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
513
514
515
516
517
518
519

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
520

521
522
/** Return the currently configured options. */
or_options_t *
523
get_options_mutable(void)
524
{
525
526
527
  tor_assert(global_options);
  return global_options;
}
528

529
530
531
532
533
534
535
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

536
537
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
538
 * as necessary.  Returns 0 on success, -1 on failure.
539
 */
540
int
541
set_options(or_options_t *new_val, char **msg)
542
{
543
544
545
  int i;
  smartlist_t *elements;
  config_line_t *line;
546
  or_options_t *old_options = global_options;
547
  global_options = new_val;
548
549
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
550
551
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
552
553
554
    global_options = old_options;
    return -1;
  }
555
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
556
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
557
            "Acting on config options left us in a broken state. Dying.");
558
559
    exit(1);
  }
560
561
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
562
  if (old_options && old_options != global_options) {
563
    elements = smartlist_new();
564
    for (i=0; options_format.vars[i].name; ++i) {
565
566
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
567
568
569
570
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
571
572
573
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
574
575
576

        if (line) {
          for (; line; line = line->next) {
577
578
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
579
580
          }
        } else {
581
          smartlist_add(elements, (char*)options_format.vars[i].name);
582
          smartlist_add(elements, NULL);
583
584
585
        }
      }
    }
586
    control_event_conf_changed(elements);
587
588
    smartlist_free(elements);
  }
589
590
591

  if (old_options != global_options)
    config_free(&options_format, old_options);
592
593

  return 0;
594
595
}

596
extern const char tor_git_revision[]; /* from tor_main.c */
597

598
/** The version of this Tor process, as parsed. */
599
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
600
601
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
602
static char *the_short_tor_version = NULL;
603

604
/** Return the current Tor version. */
605
606
607
const char *
get_version(void)
{
608
  if (the_tor_version == NULL) {
609
    if (strlen(tor_git_revision)) {
610
611
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
612
    } else {
613
      the_tor_version = tor_strdup(get_short_version());
614
615
    }
  }
616
  return the_tor_version;
617
618
}

619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

634
635
636
637
638
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
639
640
641
  if (!options)
    return;

642
  routerset_free(options->_ExcludeExitNodesUnion);
643
644
645
646
647
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
648
  tor_free(options->_BridgePassword_AuthDigest);
649
650
651
  config_free(&options_format, options);
}

652
653
/** Release all memory and resources held by global configuration structures.
 */
654
655
656
void
config_free_all(void)
{
657
658
  or_options_free(global_options);
  global_options = NULL;
659
660
  or_options_free(global_default_options);
  global_default_options = NULL;
661
662
663
664

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

665
666
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
667
                      port_cfg_t *, p, tor_free(p));
668
669
    smartlist_free(configured_ports);
    configured_ports = NULL;
670
671
  }

672
  tor_free(torrc_fname);
673
  tor_free(torrc_defaults_fname);
674
  tor_free(the_tor_version);
675
  tor_free(global_dirfrontpagecontents);
676
677
}

678
679
680
681
682
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
683
684
 */
const char *
685
safe_str_client(const char *address)
686
{
687
  tor_assert(address);
688
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
689
690
691
692
693
    return "[scrubbed]";
  else
    return address;
}

694
695
696
697
698
699
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
700
701
 */
const char *
702
703
safe_str(const char *address)
{
704
  tor_assert(address);
705
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
706
707
708
709
710
    return "[scrubbed]";
  else
    return address;
}

711
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
712
713
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
714
const char *
715
escaped_safe_str_client(const char *address)
716
{
717
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
718
719
720
721
722
    return "[scrubbed]";
  else
    return escaped(address);
}

723
/** Equivalent to escaped(safe_str(address)).  See reentrancy note on
724
725
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
726
727
728
const char *
escaped_safe_str(const char *address)
{
729
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
730
731
732
733
734
    return "[scrubbed]";
  else
    return escaped(address);
}

735
736
/** Add the default directory authorities directly into the trusted dir list,
 * but only add them insofar as they share bits with <b>type</b>. */
737
static void
738
add_default_trusted_dir_authorities(dirinfo_type_t type)
739
{
740
  int i;
741
  const char *dirservers[] = {
742
743
744
    "moria1 orport=9101 no-v2 "
      "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
      "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
745
    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
Peter Palfrader's avatar
Peter Palfrader committed
746
      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
Roger Dingledine's avatar
Roger Dingledine committed
747
748
    "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
      "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
749
    "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
750
      "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
751
752
    "turtles orport=9090 no-v2 "
      "v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
753
      "76.73.17.194:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
754
    "gabelmoo orport=443 no-v2 "
755
      "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
756
      "212.112.245.170:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
757
758
    "dannenberg orport=443 no-v2 "
      "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
Roger Dingledine's avatar