config.c 189 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
15
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
16
#include "circuitlist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
19
#include "connection_edge.h"
20
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "control.h"
22
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
24
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
26
#include "dns.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "networkstatus.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
31
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "router.h"
37
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "routerlist.h"
39
#include "statefile.h"
40
#include "transports.h"
41
#ifdef _WIN32
42
43
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
44

45
46
47
48
49
#include "procmon.h"

/* From main.c */
extern int quiet_level;

50
51
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
52
static config_abbrev_t _option_abbrevs[] = {
53
54
55
56
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
57
  PLURAL(ExitNode),
58
  PLURAL(EntryNode),
59
60
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
61
  PLURAL(LongLivedPort),
62
63
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
64
  PLURAL(NumCPU),
65
66
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
67
68
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
69
  PLURAL(StrictNode),
70
  { "l", "Log", 1, 0},
71
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
72
73
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
74
75
76
77
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
  { "MaxConn", "ConnLimit", 0, 1},
78
79
80
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
81
82
83
84
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
85
86
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
87
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
88
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
89
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
90
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
91
92
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
93
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
94
95
  { NULL, NULL, 0, 0},
};
96

Nick Mathewson's avatar
Nick Mathewson committed
97
98
99
100
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
101
102
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
103
      initvalue }
104
105
106
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
107
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
108
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
109

110
111
112
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
113
114
115
116
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
117
static config_var_t _option_vars[] = {
118
  OBSOLETE("AccountingMaxKB"),
119
120
121
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
122
  V(AllowDotExit,                BOOL,     "0"),
123
124
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
125
126
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
127
128
129
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
130
  V(AssumeReachable,             BOOL,     "0"),
131
  V(AuthDirBadDir,               LINELIST, NULL),
132
  V(AuthDirBadDirCCs,            CSV,      ""),
133
  V(AuthDirBadExit,              LINELIST, NULL),
134
  V(AuthDirBadExitCCs,           CSV,      ""),
135
  V(AuthDirInvalid,              LINELIST, NULL),
136
  V(AuthDirInvalidCCs,           CSV,      ""),
137
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
138
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
139
  V(AuthDirReject,               LINELIST, NULL),
140
  V(AuthDirRejectCCs,            CSV,      ""),
141
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
142
  V(AuthDirListBadDirs,          BOOL,     "0"),
143
  V(AuthDirListBadExits,         BOOL,     "0"),
144
145
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
146
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
147
148
149
150
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
151
152
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
153
154
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
155
  V(BridgePassword,              STRING,   NULL),
156
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
157
  V(BridgeRelay,                 BOOL,     "0"),
158
  V(CellStatistics,              BOOL,     "0"),
159
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
160
  V(CircuitBuildTimeout,         INTERVAL, "0"),
161
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
162
  V(CircuitStreamTimeout,        INTERVAL, "0"),
163
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
164
165
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
166
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
167
  V(ClientRejectInternalAddresses, BOOL,   "1"),
168
  V(ClientTransportPlugin,       LINELIST, NULL),
169
  V(ClientUseIPv6,               BOOL,     "0"),
170
  V(ConsensusParams,             STRING,   NULL),
171
  V(ConnLimit,                   UINT,     "1000"),
172
  V(ConnDirectionStatistics,     BOOL,     "0"),
173
174
175
176
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
177
  VPORT(ControlPort,                 LINELIST, NULL),
178
  V(ControlPortFileGroupReadable,BOOL,     "0"),
179
  V(ControlPortWriteToFile,      FILENAME, NULL),
180
  V(ControlSocket,               LINELIST, NULL),
181
  V(ControlSocketsGroupWritable, BOOL,     "0"),
182
183
184
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
185
  V(CountPrivateBandwidth,       BOOL,     "0"),
186
  V(DataDirectory,               FILENAME, NULL),
187
  OBSOLETE("DebugLogFile"),
188
  V(DisableNetwork,              BOOL,     "0"),
189
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
190
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
191
  V(DirListenAddress,            LINELIST, NULL),
192
  OBSOLETE("DirFetchPeriod"),
193
  V(DirPolicy,                   LINELIST, NULL),
194
  VPORT(DirPort,                     LINELIST, NULL),
195
  V(DirPortFrontPage,            FILENAME, NULL),
196
  OBSOLETE("DirPostPeriod"),
197
198
199
200
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
201
  V(DirReqStatistics,            BOOL,     "1"),
202
  VAR("DirServer",               LINELIST, DirServers, NULL),
203
  V(DisableAllSwap,              BOOL,     "0"),
204
  V(DisableDebuggerAttachment,   BOOL,     "1"),
205
  V(DisableIOCP,                 BOOL,     "1"),
206
  V(DynamicDHGroups,             BOOL,     "0"),
207
  VPORT(DNSPort,                     LINELIST, NULL),
208
209
210
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
211
  V(EntryNodes,                  ROUTERSET,   NULL),
212
  V(EntryStatistics,             BOOL,     "0"),
213
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
214
215
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
216
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
217
  V(ExitNodes,                   ROUTERSET, NULL),
218
219
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
220
  V(ExitPortStatistics,          BOOL,     "0"),
221
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
222
  V(ExtraInfoStatistics,         BOOL,     "1"),
223

valerino's avatar
valerino committed
224
225
226
#if defined (WINCE)
  V(FallbackNetworkstatusFile,   FILENAME, "fallback-consensus"),
#else
227
  V(FallbackNetworkstatusFile,   FILENAME,
228
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
valerino's avatar
valerino committed
229
#endif
230
231
232
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
233
  V(FetchDirInfoEarly,           BOOL,     "0"),
234
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
235
236
237
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
238
  V(FetchV2Networkstatus,        BOOL,     "0"),
239
#ifdef _WIN32
240
  V(GeoIPFile,                   FILENAME, "<default>"),
241
#else
242
243
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
244
#endif
245
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
246
  OBSOLETE("Group"),
247
  V(HardwareAccel,               BOOL,     "0"),
248
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
249
250
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
251
  V(HashedControlPassword,       LINELIST, NULL),
252
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
253
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
254
255
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
256
257
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
258
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
259
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
260
  V(HidServAuth,                 LINELIST, NULL),
261
  V(HSAuthoritativeDir,          BOOL,     "0"),
262
  OBSOLETE("HSAuthorityRecordStats"),
263
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
264
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
265
266
267
268
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
269
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
270
271
272
273
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
274
  OBSOLETE("IgnoreVersion"),
275
276
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
277
  V(LogMessageDomains,           BOOL,     "0"),
278
  OBSOLETE("LinkPadding"),
279
280
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
281
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
282
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
283
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
284
285
286
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
287
  V(MaxClientCircuitsPending,    UINT,     "32"),
288
  V(MaxOnionsPending,            UINT,     "100"),
289
  OBSOLETE("MonthlyAccountingStart"),
290
291
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
292
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
293
  V(NATDListenAddress,           LINELIST, NULL),
294
  VPORT(NATDPort,                    LINELIST, NULL),
295
  V(Nickname,                    STRING,   NULL),
296
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
297
  OBSOLETE("NoPublish"),
298
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
299
  V(NumCPUs,                     UINT,     "0"),
300
301
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
302
  VPORT(ORPort,                      LINELIST, NULL),
303
  V(OutboundBindAddress,         STRING,   NULL),
304
305
306
307
308
309
310

  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
  V(PathBiasDisableRate,         DOUBLE,   "-1"),
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),

311
  OBSOLETE("PathlenCoinWeight"),
312
313
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
314
  V(PidFile,                     STRING,   NULL),
315
  V(TestingTorNetwork,           BOOL,     "0"),
316
  V(OptimisticData,              AUTOBOOL, "auto"),
317
318
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
319
  V(PreferTunneledDirConns,      BOOL,     "1"),
320
  V(ProtocolWarnings,            BOOL,     "0"),
321
  V(PublishServerDescriptor,     CSV,      "1"),
322
323
324
325
326
327
328
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
329
  OBSOLETE("RedirectExit"),
330
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
331
  V(RejectPlaintextPorts,        CSV,      ""),
332
333
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
334
335
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
336
337
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
338
  OBSOLETE("RouterFile"),
339
  V(RunAsDaemon,                 BOOL,     "0"),
340
341
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
342
  V(SafeLogging,                 STRING,   "1"),
343
  V(SafeSocks,                   BOOL,     "0"),
344
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
345
346
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
347
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
348
349
350
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
351
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
352
353
354
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
355
  VPORT(SocksPort,                   LINELIST, NULL),
356
  V(SocksTimeout,                INTERVAL, "2 minutes"),
357
  OBSOLETE("StatusFetchPeriod"),
358
  V(StrictNodes,                 BOOL,     "0"),
359
  OBSOLETE("SysLog"),
360
  V(TestSocks,                   BOOL,     "0"),
361
  OBSOLETE("TestVia"),
362
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
363
  V(Tor2webMode,                 BOOL,     "0"),
364
365
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
366
  OBSOLETE("TrafficShaping"),
367
  V(TransListenAddress,          LINELIST, NULL),
368
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
369
  V(TunnelDirConns,              BOOL,     "1"),
370
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
371
  V(UseBridges,                  BOOL,     "0"),
372
  V(UseEntryGuards,              BOOL,     "1"),
373
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
374
  V(User,                        STRING,   NULL),
375
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
376
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
377
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
378
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
379
380
381
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
382
383
384
385
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
386
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
387
  V(V3BandwidthsFile,            FILENAME, NULL),
388
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
389
  V(VirtualAddrNetwork,          STRING,   "127.192.0.0/10"),
390
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
391
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
392
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
393
394
395
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
396
397
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
398
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
399
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
400
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
401
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "0"),
402

403
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
404
};
405

406
407
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
408
static const config_var_t testing_tor_network_defaults[] = {
409
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
410
411
412
413
414
415
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
416
  V(ClientRejectInternalAddresses, BOOL,   "0"),
417
  V(CountPrivateBandwidth,       BOOL,     "1"),
418
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
419
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
420
421
422
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
423
424
425
426
427
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
428
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
429
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "1"),
430

431
432
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
433

434
#undef VAR
435
#undef V
436
437
#undef OBSOLETE

438
#ifdef _WIN32
439
440
static char *get_windows_conf_root(void);
#endif
441
442
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
443
                            int from_setconf, char **msg);
444
445
446
447
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
448
                                      char **msg);
449
450
451
452
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
453
static int check_nickname_list(const char *lst, const char *name, char **msg);
454

455
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
456
static int parse_client_transport_line(const char *line, int validate_only);
457
458

static int parse_server_transport_line(const char *line, int validate_only);
459
static int parse_dir_server_line(const char *line,
460
                                 dirinfo_type_t required_type,
461
                                 int validate_only);
462
static void port_cfg_free(port_cfg_t *port);
463
static int parse_ports(or_options_t *options, int validate_only,
464
                              char **msg_out, int *n_ports_out);
465
466
467
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

468
static int validate_data_directory(or_options_t *options);
469
470
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
471
static int options_init_logs(or_options_t *options, int validate_only);
472

473
static void init_libevent(const or_options_t *options);
474
static int opt_streq(const char *s1, const char *s2);
475

476
/** Magic value for or_options_t. */
477
478
#define OR_OPTIONS_MAGIC 9090909

479
/** Configuration format for or_options_t. */
480
static config_format_t options_format = {
481
482
483
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
  STRUCT_OFFSET(or_options_t, _magic),
484
485
486
  _option_abbrevs,
  _option_vars,
  (validate_fn_t)options_validate,
487
  NULL
488
489
};

490
491
492
493
494
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
495
static or_options_t *global_options = NULL;
496
497
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
498
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
499
/** Name of most recently read torrc file. */
500
static char *torrc_fname = NULL;
501
/** Name of the most recently read torrc-defaults file.*/
502
static char *torrc_defaults_fname;
503
504
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
505
/** Contents of most recently read DirPortFrontPage file. */
506
static char *global_dirfrontpagecontents = NULL;
507
508
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
509
510
511
512
513
514
515

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
516

517
518
/** Return the currently configured options. */
or_options_t *
519
get_options_mutable(void)
520
{
521
522
523
  tor_assert(global_options);
  return global_options;
}
524

525
526
527
528
529
530
531
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

532
533
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
534
 * as necessary.  Returns 0 on success, -1 on failure.
535
 */
536
int
537
set_options(or_options_t *new_val, char **msg)
538
{
539
540
541
  int i;
  smartlist_t *elements;
  config_line_t *line;
542
  or_options_t *old_options = global_options;
543
  global_options = new_val;
544
545
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
546
547
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
548
549
550
    global_options = old_options;
    return -1;
  }
551
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
552
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
553
            "Acting on config options left us in a broken state. Dying.");
554
555
    exit(1);
  }
556
557
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
558
  if (old_options && old_options != global_options) {
559
    elements = smartlist_new();
560
    for (i=0; options_format.vars[i].name; ++i) {
561
562
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
563
564
565
566
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
567
568
569
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
570
571
572

        if (line) {
          for (; line; line = line->next) {
573
574
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
575
576
          }
        } else {
577
          smartlist_add(elements, (char*)options_format.vars[i].name);
578
          smartlist_add(elements, NULL);
579
580
581
        }
      }
    }
582
    control_event_conf_changed(elements);
583
584
    smartlist_free(elements);
  }
585
586
587

  if (old_options != global_options)
    config_free(&options_format, old_options);
588
589

  return 0;
590
591
}

592
extern const char tor_git_revision[]; /* from tor_main.c */
593

594
/** The version of this Tor process, as parsed. */
595
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
596
597
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
598
static char *the_short_tor_version = NULL;
599

600
/** Return the current Tor version. */
601
602
603
const char *
get_version(void)
{
604
  if (the_tor_version == NULL) {
605
    if (strlen(tor_git_revision)) {
606
607
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
608
    } else {
609
      the_tor_version = tor_strdup(get_short_version());
610
611
    }
  }
612
  return the_tor_version;
613
614
}

615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

630
631
632
633
634
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
635
636
637
  if (!options)
    return;

638
  routerset_free(options->_ExcludeExitNodesUnion);
639
640
641
642
643
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
644
  tor_free(options->_BridgePassword_AuthDigest);
645
646
647
  config_free(&options_format, options);
}

648
649
/** Release all memory and resources held by global configuration structures.
 */
650
651
652
void
config_free_all(void)
{
653
654
  or_options_free(global_options);
  global_options = NULL;
655
656
  or_options_free(global_default_options);
  global_default_options = NULL;
657
658
659
660

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

661
662
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
663
                      port_cfg_t *, p, tor_free(p));
664
665
    smartlist_free(configured_ports);
    configured_ports = NULL;
666
667
  }

668
  tor_free(torrc_fname);
669
  tor_free(torrc_defaults_fname);
670
  tor_free(the_tor_version);
671
  tor_free(global_dirfrontpagecontents);
672
673
}

674
675
676
677
678
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
679
680
 */
const char *
681
safe_str_client(const char *address)
682
{
683
  tor_assert(address);
684
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
685
686
687
688
689
    return "[scrubbed]";
  else
    return address;
}

690
691
692
693
694
695
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
696
697
 */
const char *
698
699
safe_str(const char *address)
{
700
  tor_assert(address);
701
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
702
703
704
705
706
    return "[scrubbed]";
  else
    return address;
}

707
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
708
709
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
710
const char *
711
escaped_safe_str_client(const char *address)
712
{
713
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
714
715
716
717
718
    return "[scrubbed]";
  else
    return escaped(address);
}

719
/** Equivalent to escaped(safe_str(address)).  See reentrancy note on
720
721
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
722
723
724
const char *
escaped_safe_str(const char *address)
{
725
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
726
727
728
729
730
    return "[scrubbed]";
  else
    return escaped(address);
}

731
732
/** Add the default directory authorities directly into the trusted dir list,
 * but only add them insofar as they share bits with <b>type</b>. */
733
static void
734
add_default_trusted_dir_authorities(dirinfo_type_t type)
735
{
736
  int i;
737
  const char *dirservers[] = {
738
739
740
    "moria1 orport=9101 no-v2 "
      "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
      "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
741
    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
Peter Palfrader's avatar
Peter Palfrader committed
742
      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
Roger Dingledine's avatar
Roger Dingledine committed
743
744
    "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
      "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
745
    "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
746
      "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
747
748
    "turtles orport=9090 no-v2 "
      "v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
749
      "76.73.17.194:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
750
    "gabelmoo orport=443 no-v2 "
751
      "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
752
      "212.112.245.170:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
753
754
    "dannenberg orport=443 no-v2 "
      "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
755
      "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
756
757
    "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
      "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
758
759
    "maatuska orport=80 no-v2 "
      "v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
Roger Dingledine's avatar