config.c 209 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
15
#include "addressmap.h"
16
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "circuitlist.h"
19
20
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "connection_edge.h"
24
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "control.h"
26
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "dns.h"
31
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "networkstatus.h"
36
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
42
#include "router.h"
43
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
44
#include "routerlist.h"
45
#include "routerset.h"
46
#include "statefile.h"
47
#include "transports.h"
48
#ifdef _WIN32
49
50
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
51

52
53
54
55
56
#include "procmon.h"

/* From main.c */
extern int quiet_level;

57
58
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
59
static config_abbrev_t option_abbrevs_[] = {
60
61
62
63
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
64
  PLURAL(ExitNode),
65
  PLURAL(EntryNode),
66
67
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
68
  PLURAL(LongLivedPort),
69
70
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
71
  PLURAL(NumCPU),
72
73
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
74
75
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
76
  PLURAL(StrictNode),
77
  { "l", "Log", 1, 0},
78
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
79
80
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
81
82
83
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
84
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
85
  { "MaxConn", "ConnLimit", 0, 1},
86
87
88
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
89
90
91
92
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
93
94
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
95
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
96
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
97
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
98
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
99
100
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
101
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
102
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
103
104
  { NULL, NULL, 0, 0},
};
105

Nick Mathewson's avatar
Nick Mathewson committed
106
107
108
109
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
110
111
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
112
      initvalue }
113
114
115
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
116
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
117
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
118

119
120
121
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
122
123
124
125
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
126
static config_var_t option_vars_[] = {
127
  OBSOLETE("AccountingMaxKB"),
128
129
130
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
131
  V(AllowDotExit,                BOOL,     "0"),
132
133
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
134
135
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
136
137
138
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
139
  V(AssumeReachable,             BOOL,     "0"),
140
  V(AuthDirBadDir,               LINELIST, NULL),
141
  V(AuthDirBadDirCCs,            CSV,      ""),
142
  V(AuthDirBadExit,              LINELIST, NULL),
143
  V(AuthDirBadExitCCs,           CSV,      ""),
144
  V(AuthDirInvalid,              LINELIST, NULL),
145
  V(AuthDirInvalidCCs,           CSV,      ""),
146
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
147
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
148
  V(AuthDirReject,               LINELIST, NULL),
149
  V(AuthDirRejectCCs,            CSV,      ""),
150
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
151
  V(AuthDirListBadDirs,          BOOL,     "0"),
152
  V(AuthDirListBadExits,         BOOL,     "0"),
153
154
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
155
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
156
157
158
159
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
160
161
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
162
163
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
164
  V(BridgePassword,              STRING,   NULL),
165
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
166
  V(BridgeRelay,                 BOOL,     "0"),
167
  V(CellStatistics,              BOOL,     "0"),
168
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
169
  V(CircuitBuildTimeout,         INTERVAL, "0"),
170
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
171
  V(CircuitStreamTimeout,        INTERVAL, "0"),
172
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
173
174
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
175
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
176
  V(ClientRejectInternalAddresses, BOOL,   "1"),
177
  V(ClientTransportPlugin,       LINELIST, NULL),
178
  V(ClientUseIPv6,               BOOL,     "0"),
179
  V(ConsensusParams,             STRING,   NULL),
180
  V(ConnLimit,                   UINT,     "1000"),
181
  V(ConnDirectionStatistics,     BOOL,     "0"),
182
183
184
185
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
186
  VPORT(ControlPort,                 LINELIST, NULL),
187
  V(ControlPortFileGroupReadable,BOOL,     "0"),
188
  V(ControlPortWriteToFile,      FILENAME, NULL),
189
  V(ControlSocket,               LINELIST, NULL),
190
  V(ControlSocketsGroupWritable, BOOL,     "0"),
191
192
193
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
194
  V(CountPrivateBandwidth,       BOOL,     "0"),
195
  V(DataDirectory,               FILENAME, NULL),
196
  OBSOLETE("DebugLogFile"),
197
  V(DisableNetwork,              BOOL,     "0"),
198
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
199
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
200
  V(DirListenAddress,            LINELIST, NULL),
201
  OBSOLETE("DirFetchPeriod"),
202
  V(DirPolicy,                   LINELIST, NULL),
203
  VPORT(DirPort,                     LINELIST, NULL),
204
  V(DirPortFrontPage,            FILENAME, NULL),
205
  OBSOLETE("DirPostPeriod"),
206
207
208
209
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
210
  V(DirReqStatistics,            BOOL,     "1"),
211
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
212
  V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
213
  V(DisableAllSwap,              BOOL,     "0"),
214
  V(DisableDebuggerAttachment,   BOOL,     "1"),
215
  V(DisableIOCP,                 BOOL,     "1"),
216
  V(DisableV2DirectoryInfo_,     BOOL,     "0"),
217
  V(DynamicDHGroups,             BOOL,     "0"),
218
  VPORT(DNSPort,                     LINELIST, NULL),
219
220
221
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
222
  V(EntryNodes,                  ROUTERSET,   NULL),
223
  V(EntryStatistics,             BOOL,     "0"),
224
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
225
226
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
227
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
228
  V(ExitNodes,                   ROUTERSET, NULL),
229
230
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
231
  V(ExitPortStatistics,          BOOL,     "0"),
232
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
233
  V(ExtraInfoStatistics,         BOOL,     "1"),
234
  V(FallbackDir,                 LINELIST, NULL),
235

236
  OBSOLETE("FallbackNetworkstatusFile"),
237
238
239
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
240
  V(FetchDirInfoEarly,           BOOL,     "0"),
241
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
242
243
244
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
245
  V(FetchV2Networkstatus,        BOOL,     "0"),
246
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
247
#ifdef _WIN32
248
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
249
  V(GeoIPv6File,                 FILENAME, "<default>"),
250
#else
251
252
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
253
254
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
255
#endif
256
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
257
  OBSOLETE("Group"),
258
  V(HardwareAccel,               BOOL,     "0"),
259
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
260
261
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
262
  V(HashedControlPassword,       LINELIST, NULL),
263
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
264
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
265
266
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
267
268
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
269
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
270
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
271
  V(HidServAuth,                 LINELIST, NULL),
272
  V(HSAuthoritativeDir,          BOOL,     "0"),
273
  OBSOLETE("HSAuthorityRecordStats"),
274
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
275
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
276
277
278
279
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
280
  V(IPv6Exit,                    BOOL,     "0"),
281
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
282
  V(ServerTransportListenAddr,   LINELIST, NULL),
283
284
285
286
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
287
  OBSOLETE("IgnoreVersion"),
288
289
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
290
  V(LogMessageDomains,           BOOL,     "0"),
291
  OBSOLETE("LinkPadding"),
292
293
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
294
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
295
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
296
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
297
298
299
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
300
  V(MaxClientCircuitsPending,    UINT,     "32"),
301
302
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
303
  OBSOLETE("MonthlyAccountingStart"),
304
305
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
306
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
307
  V(NATDListenAddress,           LINELIST, NULL),
308
  VPORT(NATDPort,                    LINELIST, NULL),
309
  V(Nickname,                    STRING,   NULL),
310
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
311
  OBSOLETE("NoPublish"),
312
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
313
  V(NumCPUs,                     UINT,     "0"),
314
  V(NumDirectoryGuards,          UINT,     "3"),
315
316
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
317
  VPORT(ORPort,                      LINELIST, NULL),
318
  V(OutboundBindAddress,         LINELIST,   NULL),
319

320
  OBSOLETE("PathBiasDisableRate"),
321
322
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
323
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
324
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
325
  V(PathBiasScaleThreshold,      INT,      "-1"),
326
327
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
328
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
329
330
331
332
333
334
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
335

336
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
337
  OBSOLETE("PathlenCoinWeight"),
338
339
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
340
  V(PidFile,                     STRING,   NULL),
341
  V(TestingTorNetwork,           BOOL,     "0"),
342
  V(OptimisticData,              AUTOBOOL, "auto"),
343
344
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
345
  V(PreferTunneledDirConns,      BOOL,     "1"),
346
  V(ProtocolWarnings,            BOOL,     "0"),
347
  V(PublishServerDescriptor,     CSV,      "1"),
348
349
350
351
352
353
354
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
355
  OBSOLETE("RedirectExit"),
356
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
357
  V(RejectPlaintextPorts,        CSV,      ""),
358
359
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
360
361
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
362
363
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
364
  OBSOLETE("RouterFile"),
365
  V(RunAsDaemon,                 BOOL,     "0"),
366
367
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
368
  V(SafeLogging,                 STRING,   "1"),
369
  V(SafeSocks,                   BOOL,     "0"),
370
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
371
372
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
373
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
374
375
376
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
377
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
378
379
380
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
381
  VPORT(SocksPort,                   LINELIST, NULL),
382
  V(SocksTimeout,                INTERVAL, "2 minutes"),
Roger Dingledine's avatar
Roger Dingledine committed
383
  V(SSLKeyLifetime,              INTERVAL, "365 days"),
384
  OBSOLETE("StatusFetchPeriod"),
385
  V(StrictNodes,                 BOOL,     "0"),
386
  OBSOLETE("SysLog"),
387
  V(TestSocks,                   BOOL,     "0"),
388
  OBSOLETE("TestVia"),
389
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
390
  V(Tor2webMode,                 BOOL,     "0"),
391
  V(TLSECGroup,                  STRING,   NULL),
392
393
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
394
  OBSOLETE("TrafficShaping"),
395
  V(TransListenAddress,          LINELIST, NULL),
396
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
397
  V(TunnelDirConns,              BOOL,     "1"),
398
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
399
  V(UseBridges,                  BOOL,     "0"),
400
  V(UseEntryGuards,              BOOL,     "1"),
401
  V(UseEntryGuardsAsDirGuards,   BOOL,     "1"),
402
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
403
  V(UseNTorHandshake,            AUTOBOOL, "auto"),
404
  V(User,                        STRING,   NULL),
405
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
406
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
407
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
408
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
409
410
411
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
412
413
414
415
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
416
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
417
  V(V3BandwidthsFile,            FILENAME, NULL),
418
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
419
420
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
421
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
422
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
423
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
424
425
426
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
427
428
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
429
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
430
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
431
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
432
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
433

434
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
435
};
436

437
438
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
439
static const config_var_t testing_tor_network_defaults[] = {
440
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
441
442
443
444
445
446
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
447
  V(ClientRejectInternalAddresses, BOOL,   "0"),
448
  V(CountPrivateBandwidth,       BOOL,     "1"),
449
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
450
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
451
452
453
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
454
455
456
457
458
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
459
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
460
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
461

462
463
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
464

465
#undef VAR
466
#undef V
467
468
#undef OBSOLETE

469
#ifdef _WIN32
470
471
static char *get_windows_conf_root(void);
#endif
472
473
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
474
                            int from_setconf, char **msg);
475
476
477
478
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
479
                                      char **msg);
480
481
482
483
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
484
static int check_nickname_list(const char *lst, const char *name, char **msg);
485

486
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
487
static int parse_client_transport_line(const char *line, int validate_only);
488
489

static int parse_server_transport_line(const char *line, int validate_only);
490
491
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
492
static int parse_dir_authority_line(const char *line,
493
                                 dirinfo_type_t required_type,
494
                                 int validate_only);
495
496
static int parse_dir_fallback_line(const char *line,
                                   int validate_only);
497
static void port_cfg_free(port_cfg_t *port);
498
static int parse_ports(or_options_t *options, int validate_only,
499
                              char **msg_out, int *n_ports_out);
500
501
502
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

503
static int validate_data_directory(or_options_t *options);
504
505
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
506
static int options_init_logs(or_options_t *options, int validate_only);
507

508
static void init_libevent(const or_options_t *options);
509
static int opt_streq(const char *s1, const char *s2);
510
511
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
512
513
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);
514

515
/** Magic value for or_options_t. */
516
517
#define OR_OPTIONS_MAGIC 9090909

518
/** Configuration format for or_options_t. */
519
static config_format_t options_format = {
520
521
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
522
523
524
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
525
  (validate_fn_t)options_validate,
526
  NULL
527
528
};

529
530
531
532
533
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
534
static or_options_t *global_options = NULL;
535
536
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
537
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
538
/** Name of most recently read torrc file. */
539
static char *torrc_fname = NULL;
540
/** Name of the most recently read torrc-defaults file.*/
541
static char *torrc_defaults_fname;
542
543
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
544
/** Contents of most recently read DirPortFrontPage file. */
545
static char *global_dirfrontpagecontents = NULL;
546
547
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
548
549
550
551
552
553
554

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
555

556
557
/** Return the currently configured options. */
or_options_t *
558
get_options_mutable(void)
559
{
560
561
562
  tor_assert(global_options);
  return global_options;
}
563

564
565
566
567
568
569
570
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

571
572
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
573
 * as necessary.  Returns 0 on success, -1 on failure.
574
 */
575
int
576
set_options(or_options_t *new_val, char **msg)
577
{
578
579
580
  int i;
  smartlist_t *elements;
  config_line_t *line;
581
  or_options_t *old_options = global_options;
582
  global_options = new_val;
583
584
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
585
586
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
587
588
589
    global_options = old_options;
    return -1;
  }
590
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
591
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
592
            "Acting on config options left us in a broken state. Dying.");
593
594
    exit(1);
  }
595
596
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
597
  if (old_options && old_options != global_options) {
598
    elements = smartlist_new();
599
    for (i=0; options_format.vars[i].name; ++i) {
600
601
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
602
603
604
605
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
606
607
608
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
609
610

        if (line) {
Nick Mathewson's avatar
Nick Mathewson committed
611
612
613
          config_line_t *next;
          for (; line; line = next) {
            next = line->next;
614
615
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
Nick Mathewson's avatar
Nick Mathewson committed
616
            tor_free(line);
617
618
          }
        } else {
619
          smartlist_add(elements, (char*)options_format.vars[i].name);
620
          smartlist_add(elements, NULL);
621
622
623
        }
      }
    }
624
    control_event_conf_changed(elements);
625
626
    smartlist_free(elements);
  }
627
628
629

  if (old_options != global_options)
    config_free(&options_format, old_options);
630
631

  return 0;
632
633
}

634
extern const char tor_git_revision[]; /* from tor_main.c */
635

636
/** The version of this Tor process, as parsed. */
637
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
638
639
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
640
static char *the_short_tor_version = NULL;
641

642
/** Return the current Tor version. */
643
644
645
const char *
get_version(void)
{
646
  if (the_tor_version == NULL) {
647
    if (strlen(tor_git_revision)) {
648
649
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
650
    } else {
651
      the_tor_version = tor_strdup(get_short_version());
652
653
    }
  }
654
  return the_tor_version;
655
656
}

657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

672
673
674
675
676
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
677
678
679
  if (!options)
    return;

680
  routerset_free(options->ExcludeExitNodesUnion_);
681
682
683
684
685
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
686
  tor_free(options->BridgePassword_AuthDigest_);
687
688
689
  config_free(&options_format, options);
}

690
691
/** Release all memory and resources held by global configuration structures.
 */
692
693
694
void
config_free_all(void)
{
695
696
  or_options_free(global_options);
  global_options = NULL;
697
698
  or_options_free(global_default_options);
  global_default_options = NULL;
699
700
701
702

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

703
704
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
705
                      port_cfg_t *, p, port_cfg_free(p));
706
707
    smartlist_free(configured_ports);
    configured_ports = NULL;
708
709
  }

710
  tor_free(torrc_fname);
711
  tor_free(torrc_defaults_fname);
712
  tor_free(the_tor_version);
713
  tor_free(global_dirfrontpagecontents);
714
715
716

  tor_free(the_short_tor_version);
  tor_free(the_tor_version);
717
718
}

719
720
721
722
723
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
724
725
 */
const char *
726
safe_str_client(const char *address)
727
{
728
  tor_assert(address);
729
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
730
731
732
733
734
    return "[scrubbed]";
  else
    return address;
}

735
736
737
738
739
740
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
741
742
 */
const char *
743
744
safe_str(const char *address)
{
745
  tor_assert(address);
746
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)