config.c 189 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
15
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
16
#include "circuitlist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
19
#include "connection_edge.h"
20
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "control.h"
22
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
24
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
26
#include "dns.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "networkstatus.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
31
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "router.h"
37
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "routerlist.h"
39
#include "routerset.h"
40
#include "statefile.h"
41
#include "transports.h"
42
#ifdef _WIN32
43
44
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
45

46
47
48
49
50
#include "procmon.h"

/* From main.c */
extern int quiet_level;

51
52
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
53
static config_abbrev_t _option_abbrevs[] = {
54
55
56
57
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
58
  PLURAL(ExitNode),
59
  PLURAL(EntryNode),
60
61
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
62
  PLURAL(LongLivedPort),
63
64
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
65
  PLURAL(NumCPU),
66
67
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
68
69
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
70
  PLURAL(StrictNode),
71
  { "l", "Log", 1, 0},
72
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
73
74
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
75
76
77
78
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
  { "MaxConn", "ConnLimit", 0, 1},
79
80
81
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
82
83
84
85
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
86
87
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
88
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
89
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
90
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
91
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
92
93
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
94
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
95
96
  { NULL, NULL, 0, 0},
};
97

Nick Mathewson's avatar
Nick Mathewson committed
98
99
100
101
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
102
103
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
104
      initvalue }
105
106
107
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
108
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
109
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
110

111
112
113
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
114
115
116
117
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
118
static config_var_t _option_vars[] = {
119
  OBSOLETE("AccountingMaxKB"),
120
121
122
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
123
  V(AllowDotExit,                BOOL,     "0"),
124
125
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
126
127
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
128
129
130
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
131
  V(AssumeReachable,             BOOL,     "0"),
132
  V(AuthDirBadDir,               LINELIST, NULL),
133
  V(AuthDirBadDirCCs,            CSV,      ""),
134
  V(AuthDirBadExit,              LINELIST, NULL),
135
  V(AuthDirBadExitCCs,           CSV,      ""),
136
  V(AuthDirInvalid,              LINELIST, NULL),
137
  V(AuthDirInvalidCCs,           CSV,      ""),
138
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
139
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
140
  V(AuthDirReject,               LINELIST, NULL),
141
  V(AuthDirRejectCCs,            CSV,      ""),
142
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
143
  V(AuthDirListBadDirs,          BOOL,     "0"),
144
  V(AuthDirListBadExits,         BOOL,     "0"),
145
146
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
147
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
148
149
150
151
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
152
153
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
154
155
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
156
  V(BridgePassword,              STRING,   NULL),
157
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
158
  V(BridgeRelay,                 BOOL,     "0"),
159
  V(CellStatistics,              BOOL,     "0"),
160
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
161
  V(CircuitBuildTimeout,         INTERVAL, "0"),
162
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
163
  V(CircuitStreamTimeout,        INTERVAL, "0"),
164
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
165
166
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
167
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
168
  V(ClientRejectInternalAddresses, BOOL,   "1"),
169
  V(ClientTransportPlugin,       LINELIST, NULL),
170
  V(ClientUseIPv6,               BOOL,     "0"),
171
  V(ConsensusParams,             STRING,   NULL),
172
  V(ConnLimit,                   UINT,     "1000"),
173
  V(ConnDirectionStatistics,     BOOL,     "0"),
174
175
176
177
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
178
  VPORT(ControlPort,                 LINELIST, NULL),
179
  V(ControlPortFileGroupReadable,BOOL,     "0"),
180
  V(ControlPortWriteToFile,      FILENAME, NULL),
181
  V(ControlSocket,               LINELIST, NULL),
182
  V(ControlSocketsGroupWritable, BOOL,     "0"),
183
184
185
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
186
  V(CountPrivateBandwidth,       BOOL,     "0"),
187
  V(DataDirectory,               FILENAME, NULL),
188
  OBSOLETE("DebugLogFile"),
189
  V(DisableNetwork,              BOOL,     "0"),
190
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
191
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
192
  V(DirListenAddress,            LINELIST, NULL),
193
  OBSOLETE("DirFetchPeriod"),
194
  V(DirPolicy,                   LINELIST, NULL),
195
  VPORT(DirPort,                     LINELIST, NULL),
196
  V(DirPortFrontPage,            FILENAME, NULL),
197
  OBSOLETE("DirPostPeriod"),
198
199
200
201
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
202
  V(DirReqStatistics,            BOOL,     "1"),
203
  VAR("DirServer",               LINELIST, DirServers, NULL),
204
  V(DisableAllSwap,              BOOL,     "0"),
205
  V(DisableDebuggerAttachment,   BOOL,     "1"),
206
  V(DisableIOCP,                 BOOL,     "1"),
207
  V(DynamicDHGroups,             BOOL,     "0"),
208
  VPORT(DNSPort,                     LINELIST, NULL),
209
210
211
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
212
  V(EntryNodes,                  ROUTERSET,   NULL),
213
  V(EntryStatistics,             BOOL,     "0"),
214
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
215
216
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
217
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
218
  V(ExitNodes,                   ROUTERSET, NULL),
219
220
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
221
  V(ExitPortStatistics,          BOOL,     "0"),
222
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
223
  V(ExtraInfoStatistics,         BOOL,     "1"),
224

valerino's avatar
valerino committed
225
226
227
#if defined (WINCE)
  V(FallbackNetworkstatusFile,   FILENAME, "fallback-consensus"),
#else
228
  V(FallbackNetworkstatusFile,   FILENAME,
229
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
valerino's avatar
valerino committed
230
#endif
231
232
233
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
234
  V(FetchDirInfoEarly,           BOOL,     "0"),
235
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
236
237
238
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
239
  V(FetchV2Networkstatus,        BOOL,     "0"),
240
#ifdef _WIN32
241
  V(GeoIPFile,                   FILENAME, "<default>"),
242
#else
243
244
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
245
#endif
246
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
247
  OBSOLETE("Group"),
248
  V(HardwareAccel,               BOOL,     "0"),
249
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
250
251
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
252
  V(HashedControlPassword,       LINELIST, NULL),
253
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
254
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
255
256
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
257
258
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
259
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
260
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
261
  V(HidServAuth,                 LINELIST, NULL),
262
  V(HSAuthoritativeDir,          BOOL,     "0"),
263
  OBSOLETE("HSAuthorityRecordStats"),
264
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
265
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
266
267
268
269
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
270
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
271
272
273
274
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
275
  OBSOLETE("IgnoreVersion"),
276
277
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
278
  V(LogMessageDomains,           BOOL,     "0"),
279
  OBSOLETE("LinkPadding"),
280
281
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
282
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
283
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
284
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
285
286
287
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
288
  V(MaxClientCircuitsPending,    UINT,     "32"),
289
  V(MaxOnionsPending,            UINT,     "100"),
290
  OBSOLETE("MonthlyAccountingStart"),
291
292
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
293
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
294
  V(NATDListenAddress,           LINELIST, NULL),
295
  VPORT(NATDPort,                    LINELIST, NULL),
296
  V(Nickname,                    STRING,   NULL),
297
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
298
  OBSOLETE("NoPublish"),
299
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
300
  V(NumCPUs,                     UINT,     "0"),
301
302
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
303
  VPORT(ORPort,                      LINELIST, NULL),
304
  V(OutboundBindAddress,         STRING,   NULL),
305
306
307
308
309
310
311

  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
  V(PathBiasDisableRate,         DOUBLE,   "-1"),
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),

312
  OBSOLETE("PathlenCoinWeight"),
313
314
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
315
  V(PidFile,                     STRING,   NULL),
316
  V(TestingTorNetwork,           BOOL,     "0"),
317
  V(OptimisticData,              AUTOBOOL, "auto"),
318
319
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
320
  V(PreferTunneledDirConns,      BOOL,     "1"),
321
  V(ProtocolWarnings,            BOOL,     "0"),
322
  V(PublishServerDescriptor,     CSV,      "1"),
323
324
325
326
327
328
329
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
330
  OBSOLETE("RedirectExit"),
331
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
332
  V(RejectPlaintextPorts,        CSV,      ""),
333
334
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
335
336
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
337
338
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
339
  OBSOLETE("RouterFile"),
340
  V(RunAsDaemon,                 BOOL,     "0"),
341
342
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
343
  V(SafeLogging,                 STRING,   "1"),
344
  V(SafeSocks,                   BOOL,     "0"),
345
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
346
347
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
348
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
349
350
351
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
352
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
353
354
355
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
356
  VPORT(SocksPort,                   LINELIST, NULL),
357
  V(SocksTimeout,                INTERVAL, "2 minutes"),
358
  OBSOLETE("StatusFetchPeriod"),
359
  V(StrictNodes,                 BOOL,     "0"),
360
  OBSOLETE("SysLog"),
361
  V(TestSocks,                   BOOL,     "0"),
362
  OBSOLETE("TestVia"),
363
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
364
  V(Tor2webMode,                 BOOL,     "0"),
365
366
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
367
  OBSOLETE("TrafficShaping"),
368
  V(TransListenAddress,          LINELIST, NULL),
369
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
370
  V(TunnelDirConns,              BOOL,     "1"),
371
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
372
  V(UseBridges,                  BOOL,     "0"),
373
  V(UseEntryGuards,              BOOL,     "1"),
374
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
375
  V(User,                        STRING,   NULL),
376
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
377
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
378
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
379
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
380
381
382
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
383
384
385
386
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
387
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
388
  V(V3BandwidthsFile,            FILENAME, NULL),
389
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
390
  V(VirtualAddrNetwork,          STRING,   "127.192.0.0/10"),
391
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
392
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
393
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
394
395
396
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
397
398
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
399
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
400
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
401
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
402
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "0"),
403

404
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
405
};
406

407
408
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
409
static const config_var_t testing_tor_network_defaults[] = {
410
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
411
412
413
414
415
416
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
417
  V(ClientRejectInternalAddresses, BOOL,   "0"),
418
  V(CountPrivateBandwidth,       BOOL,     "1"),
419
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
420
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
421
422
423
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
424
425
426
427
428
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
429
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
430
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "1"),
431

432
433
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
434

435
#undef VAR
436
#undef V
437
438
#undef OBSOLETE

439
#ifdef _WIN32
440
441
static char *get_windows_conf_root(void);
#endif
442
443
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
444
                            int from_setconf, char **msg);
445
446
447
448
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
449
                                      char **msg);
450
451
452
453
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
454
static int check_nickname_list(const char *lst, const char *name, char **msg);
455

456
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
457
static int parse_client_transport_line(const char *line, int validate_only);
458
459

static int parse_server_transport_line(const char *line, int validate_only);
460
static int parse_dir_server_line(const char *line,
461
                                 dirinfo_type_t required_type,
462
                                 int validate_only);
463
static void port_cfg_free(port_cfg_t *port);
464
static int parse_ports(or_options_t *options, int validate_only,
465
                              char **msg_out, int *n_ports_out);
466
467
468
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

469
static int validate_data_directory(or_options_t *options);
470
471
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
472
static int options_init_logs(or_options_t *options, int validate_only);
473

474
static void init_libevent(const or_options_t *options);
475
static int opt_streq(const char *s1, const char *s2);
476

477
/** Magic value for or_options_t. */
478
479
#define OR_OPTIONS_MAGIC 9090909

480
/** Configuration format for or_options_t. */
481
static config_format_t options_format = {
482
483
484
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
  STRUCT_OFFSET(or_options_t, _magic),
485
486
487
  _option_abbrevs,
  _option_vars,
  (validate_fn_t)options_validate,
488
  NULL
489
490
};

491
492
493
494
495
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
496
static or_options_t *global_options = NULL;
497
498
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
499
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
500
/** Name of most recently read torrc file. */
501
static char *torrc_fname = NULL;
502
/** Name of the most recently read torrc-defaults file.*/
503
static char *torrc_defaults_fname;
504
505
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
506
/** Contents of most recently read DirPortFrontPage file. */
507
static char *global_dirfrontpagecontents = NULL;
508
509
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
510
511
512
513
514
515
516

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
517

518
519
/** Return the currently configured options. */
or_options_t *
520
get_options_mutable(void)
521
{
522
523
524
  tor_assert(global_options);
  return global_options;
}
525

526
527
528
529
530
531
532
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

533
534
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
535
 * as necessary.  Returns 0 on success, -1 on failure.
536
 */
537
int
538
set_options(or_options_t *new_val, char **msg)
539
{
540
541
542
  int i;
  smartlist_t *elements;
  config_line_t *line;
543
  or_options_t *old_options = global_options;
544
  global_options = new_val;
545
546
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
547
548
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
549
550
551
    global_options = old_options;
    return -1;
  }
552
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
553
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
554
            "Acting on config options left us in a broken state. Dying.");
555
556
    exit(1);
  }
557
558
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
559
  if (old_options && old_options != global_options) {
560
    elements = smartlist_new();
561
    for (i=0; options_format.vars[i].name; ++i) {
562
563
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
564
565
566
567
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
568
569
570
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
571
572
573

        if (line) {
          for (; line; line = line->next) {
574
575
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
576
577
          }
        } else {
578
          smartlist_add(elements, (char*)options_format.vars[i].name);
579
          smartlist_add(elements, NULL);
580
581
582
        }
      }
    }
583
    control_event_conf_changed(elements);
584
585
    smartlist_free(elements);
  }
586
587
588

  if (old_options != global_options)
    config_free(&options_format, old_options);
589
590

  return 0;
591
592
}

593
extern const char tor_git_revision[]; /* from tor_main.c */
594

595
/** The version of this Tor process, as parsed. */
596
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
597
598
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
599
static char *the_short_tor_version = NULL;
600

601
/** Return the current Tor version. */
602
603
604
const char *
get_version(void)
{
605
  if (the_tor_version == NULL) {
606
    if (strlen(tor_git_revision)) {
607
608
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
609
    } else {
610
      the_tor_version = tor_strdup(get_short_version());
611
612
    }
  }
613
  return the_tor_version;
614
615
}

616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

631
632
633
634
635
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
636
637
638
  if (!options)
    return;

639
  routerset_free(options->_ExcludeExitNodesUnion);
640
641
642
643
644
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
645
  tor_free(options->_BridgePassword_AuthDigest);
646
647
648
  config_free(&options_format, options);
}

649
650
/** Release all memory and resources held by global configuration structures.
 */
651
652
653
void
config_free_all(void)
{
654
655
  or_options_free(global_options);
  global_options = NULL;
656
657
  or_options_free(global_default_options);
  global_default_options = NULL;
658
659
660
661

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

662
663
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
664
                      port_cfg_t *, p, tor_free(p));
665
666
    smartlist_free(configured_ports);
    configured_ports = NULL;
667
668
  }

669
  tor_free(torrc_fname);
670
  tor_free(torrc_defaults_fname);
671
  tor_free(the_tor_version);
672
  tor_free(global_dirfrontpagecontents);
673
674
}

675
676
677
678
679
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
680
681
 */
const char *
682
safe_str_client(const char *address)
683
{
684
  tor_assert(address);
685
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
686
687
688
689
690
    return "[scrubbed]";
  else
    return address;
}

691
692
693
694
695
696
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
697
698
 */
const char *
699
700
safe_str(const char *address)
{
701
  tor_assert(address);
702
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
703
704
705
706
707
    return "[scrubbed]";
  else
    return address;
}

708
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
709
710
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
711
const char *
712
escaped_safe_str_client(const char *address)
713
{
714
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
715
716
717
718
719
    return "[scrubbed]";
  else
    return escaped(address);
}

720
/** Equivalent to escaped(safe_str(address)).  See reentrancy note on
721
722
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
723
724
725
const char *
escaped_safe_str(const char *address)
{
726
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
727
728
729
730
731
    return "[scrubbed]";
  else
    return escaped(address);
}

732
733
/** Add the default directory authorities directly into the trusted dir list,
 * but only add them insofar as they share bits with <b>type</b>. */
734
static void
735
add_default_trusted_dir_authorities(dirinfo_type_t type)
736
{
737
  int i;
738
  const char *dirservers[] = {
739
740
741
    "moria1 orport=9101 no-v2 "
      "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
      "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
742
    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
Peter Palfrader's avatar
Peter Palfrader committed
743
      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
Roger Dingledine's avatar
Roger Dingledine committed
744
745
    "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
      "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
746
    "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
747
      "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
748
749
    "turtles orport=9090 no-v2 "
      "v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
750
      "76.73.17.194:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
751
    "gabelmoo orport=443 no-v2 "
752
      "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
753
      "212.112.245.170:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
754
755
    "dannenberg orport=443 no-v2 "
      "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
756
      "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
757
758
    "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
      "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",