config.c 209 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
15
#include "addressmap.h"
16
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "circuitlist.h"
19
20
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "connection_edge.h"
24
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "control.h"
26
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "dns.h"
31
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "networkstatus.h"
36
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
42
#include "router.h"
43
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
44
#include "routerlist.h"
45
#include "routerset.h"
46
#include "statefile.h"
47
#include "transports.h"
48
#ifdef _WIN32
49
50
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
51

52
53
54
55
56
#include "procmon.h"

/* From main.c */
extern int quiet_level;

57
58
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
59
static config_abbrev_t option_abbrevs_[] = {
60
61
62
63
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
64
  PLURAL(ExitNode),
65
  PLURAL(EntryNode),
66
67
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
68
  PLURAL(LongLivedPort),
69
70
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
71
  PLURAL(NumCPU),
72
73
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
74
75
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
76
  PLURAL(StrictNode),
77
  { "l", "Log", 1, 0},
78
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
79
80
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
81
82
83
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
84
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
85
  { "MaxConn", "ConnLimit", 0, 1},
86
87
88
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
89
90
91
92
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
93
94
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
95
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
96
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
97
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
98
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
99
100
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
101
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
102
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
103
104
  { NULL, NULL, 0, 0},
};
105

Nick Mathewson's avatar
Nick Mathewson committed
106
107
108
109
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
110
111
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
112
      initvalue }
113
114
115
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
116
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
117
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
118

119
120
121
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
122
123
124
125
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
126
static config_var_t option_vars_[] = {
127
  OBSOLETE("AccountingMaxKB"),
128
129
130
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
131
  V(AllowDotExit,                BOOL,     "0"),
132
133
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
134
135
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
136
137
138
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
139
  V(AssumeReachable,             BOOL,     "0"),
140
  V(AuthDirBadDir,               LINELIST, NULL),
141
  V(AuthDirBadDirCCs,            CSV,      ""),
142
  V(AuthDirBadExit,              LINELIST, NULL),
143
  V(AuthDirBadExitCCs,           CSV,      ""),
144
  V(AuthDirInvalid,              LINELIST, NULL),
145
  V(AuthDirInvalidCCs,           CSV,      ""),
146
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
147
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
148
  V(AuthDirReject,               LINELIST, NULL),
149
  V(AuthDirRejectCCs,            CSV,      ""),
150
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
151
  V(AuthDirListBadDirs,          BOOL,     "0"),
152
  V(AuthDirListBadExits,         BOOL,     "0"),
153
154
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
155
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
156
157
158
159
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
160
161
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
162
163
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
164
  V(BridgePassword,              STRING,   NULL),
165
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
166
  V(BridgeRelay,                 BOOL,     "0"),
167
  V(CellStatistics,              BOOL,     "0"),
168
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
169
  V(CircuitBuildTimeout,         INTERVAL, "0"),
170
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
171
  V(CircuitStreamTimeout,        INTERVAL, "0"),
172
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
173
174
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
175
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
176
  V(ClientRejectInternalAddresses, BOOL,   "1"),
177
  V(ClientTransportPlugin,       LINELIST, NULL),
178
  V(ClientUseIPv6,               BOOL,     "0"),
179
  V(ConsensusParams,             STRING,   NULL),
180
  V(ConnLimit,                   UINT,     "1000"),
181
  V(ConnDirectionStatistics,     BOOL,     "0"),
182
183
184
185
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
186
  VPORT(ControlPort,                 LINELIST, NULL),
187
  V(ControlPortFileGroupReadable,BOOL,     "0"),
188
  V(ControlPortWriteToFile,      FILENAME, NULL),
189
  V(ControlSocket,               LINELIST, NULL),
190
  V(ControlSocketsGroupWritable, BOOL,     "0"),
191
192
193
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
194
  V(CountPrivateBandwidth,       BOOL,     "0"),
195
  V(DataDirectory,               FILENAME, NULL),
196
  OBSOLETE("DebugLogFile"),
197
  V(DisableNetwork,              BOOL,     "0"),
198
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
199
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
200
  V(DirListenAddress,            LINELIST, NULL),
201
  OBSOLETE("DirFetchPeriod"),
202
  V(DirPolicy,                   LINELIST, NULL),
203
  VPORT(DirPort,                     LINELIST, NULL),
204
  V(DirPortFrontPage,            FILENAME, NULL),
205
  OBSOLETE("DirPostPeriod"),
206
207
208
209
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
210
  V(DirReqStatistics,            BOOL,     "1"),
211
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
212
  V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
213
  V(DisableAllSwap,              BOOL,     "0"),
214
  V(DisableDebuggerAttachment,   BOOL,     "1"),
215
  V(DisableIOCP,                 BOOL,     "1"),
216
  V(DynamicDHGroups,             BOOL,     "0"),
217
  VPORT(DNSPort,                     LINELIST, NULL),
218
219
220
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
221
  V(EntryNodes,                  ROUTERSET,   NULL),
222
  V(EntryStatistics,             BOOL,     "0"),
223
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
224
225
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
226
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
227
  V(ExitNodes,                   ROUTERSET, NULL),
228
229
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
230
  V(ExitPortStatistics,          BOOL,     "0"),
231
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
232
  V(ExtraInfoStatistics,         BOOL,     "1"),
233
  V(FallbackDir,                 LINELIST, NULL),
234

235
  OBSOLETE("FallbackNetworkstatusFile"),
236
237
238
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
239
  V(FetchDirInfoEarly,           BOOL,     "0"),
240
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
241
242
243
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
244
  V(FetchV2Networkstatus,        BOOL,     "0"),
245
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
246
#ifdef _WIN32
247
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
248
  V(GeoIPv6File,                 FILENAME, "<default>"),
249
#else
250
251
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
252
253
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
254
#endif
255
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
256
  OBSOLETE("Group"),
257
  V(HardwareAccel,               BOOL,     "0"),
258
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
259
260
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
261
  V(HashedControlPassword,       LINELIST, NULL),
262
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
263
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
264
265
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
266
267
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
268
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
269
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
270
  V(HidServAuth,                 LINELIST, NULL),
271
  V(HSAuthoritativeDir,          BOOL,     "0"),
272
  OBSOLETE("HSAuthorityRecordStats"),
273
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
274
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
275
276
277
278
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
279
  V(IPv6Exit,                    BOOL,     "0"),
280
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
281
  V(ServerTransportListenAddr,   LINELIST, NULL),
282
283
284
285
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
286
  OBSOLETE("IgnoreVersion"),
287
288
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
289
  V(LogMessageDomains,           BOOL,     "0"),
290
  OBSOLETE("LinkPadding"),
291
292
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
293
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
294
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
295
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
296
297
298
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
299
  V(MaxClientCircuitsPending,    UINT,     "32"),
300
301
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
302
  OBSOLETE("MonthlyAccountingStart"),
303
304
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
305
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
306
  V(NATDListenAddress,           LINELIST, NULL),
307
  VPORT(NATDPort,                    LINELIST, NULL),
308
  V(Nickname,                    STRING,   NULL),
309
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
310
  OBSOLETE("NoPublish"),
311
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
312
  V(NumCPUs,                     UINT,     "0"),
313
  V(NumDirectoryGuards,          UINT,     "3"),
314
315
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
316
  VPORT(ORPort,                      LINELIST, NULL),
317
  V(OutboundBindAddress,         LINELIST,   NULL),
318

319
  OBSOLETE("PathBiasDisableRate"),
320
321
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
322
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
323
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
324
  V(PathBiasScaleThreshold,      INT,      "-1"),
325
326
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
327
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
328
329
330
331
332
333
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
334

335
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
336
  OBSOLETE("PathlenCoinWeight"),
337
338
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
339
  V(PidFile,                     STRING,   NULL),
340
  V(TestingTorNetwork,           BOOL,     "0"),
341
  V(OptimisticData,              AUTOBOOL, "auto"),
342
343
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
344
  V(PreferTunneledDirConns,      BOOL,     "1"),
345
  V(ProtocolWarnings,            BOOL,     "0"),
346
  V(PublishServerDescriptor,     CSV,      "1"),
347
348
349
350
351
352
353
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
354
  OBSOLETE("RedirectExit"),
355
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
356
  V(RejectPlaintextPorts,        CSV,      ""),
357
358
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
359
360
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
361
362
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
363
  OBSOLETE("RouterFile"),
364
  V(RunAsDaemon,                 BOOL,     "0"),
365
366
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
367
  V(SafeLogging,                 STRING,   "1"),
368
  V(SafeSocks,                   BOOL,     "0"),
369
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
370
371
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
372
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
373
374
375
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
376
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
377
378
379
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
380
  VPORT(SocksPort,                   LINELIST, NULL),
381
  V(SocksTimeout,                INTERVAL, "2 minutes"),
382
  OBSOLETE("StatusFetchPeriod"),
383
  V(StrictNodes,                 BOOL,     "0"),
384
  OBSOLETE("SysLog"),
385
  V(TestSocks,                   BOOL,     "0"),
386
  OBSOLETE("TestVia"),
387
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
388
  V(Tor2webMode,                 BOOL,     "0"),
389
  V(TLSECGroup,                  STRING,   NULL),
390
391
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
392
  OBSOLETE("TrafficShaping"),
393
  V(TransListenAddress,          LINELIST, NULL),
394
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
395
  V(TunnelDirConns,              BOOL,     "1"),
396
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
397
  V(UseBridges,                  BOOL,     "0"),
398
  V(UseEntryGuards,              BOOL,     "1"),
399
  V(UseEntryGuardsAsDirGuards,   BOOL,     "1"),
400
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
401
  V(UseNTorHandshake,            AUTOBOOL, "auto"),
402
  V(User,                        STRING,   NULL),
403
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
404
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
405
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
406
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
407
408
409
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
410
411
412
413
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
414
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
415
  V(V3BandwidthsFile,            FILENAME, NULL),
416
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
417
418
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
419
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
420
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
421
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
422
423
424
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
425
426
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
427
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
428
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
429
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
430
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
431

432
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
433
};
434

435
436
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
437
static const config_var_t testing_tor_network_defaults[] = {
438
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
439
440
441
442
443
444
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
445
  V(ClientRejectInternalAddresses, BOOL,   "0"),
446
  V(CountPrivateBandwidth,       BOOL,     "1"),
447
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
448
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
449
450
451
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
452
453
454
455
456
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
457
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
458
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
459

460
461
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
462

463
#undef VAR
464
#undef V
465
466
#undef OBSOLETE

467
#ifdef _WIN32
468
469
static char *get_windows_conf_root(void);
#endif
470
471
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
472
                            int from_setconf, char **msg);
473
474
475
476
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
477
                                      char **msg);
478
479
480
481
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
482
static int check_nickname_list(const char *lst, const char *name, char **msg);
483

484
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
485
static int parse_client_transport_line(const char *line, int validate_only);
486
487

static int parse_server_transport_line(const char *line, int validate_only);
488
489
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
490
static int parse_dir_authority_line(const char *line,
491
                                 dirinfo_type_t required_type,
492
                                 int validate_only);
493
494
static int parse_dir_fallback_line(const char *line,
                                   int validate_only);
495
static void port_cfg_free(port_cfg_t *port);
496
static int parse_ports(or_options_t *options, int validate_only,
497
                              char **msg_out, int *n_ports_out);
498
499
500
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

501
static int validate_data_directory(or_options_t *options);
502
503
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
504
static int options_init_logs(or_options_t *options, int validate_only);
505

506
static void init_libevent(const or_options_t *options);
507
static int opt_streq(const char *s1, const char *s2);
508
509
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
510
511
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);
512

513
/** Magic value for or_options_t. */
514
515
#define OR_OPTIONS_MAGIC 9090909

516
/** Configuration format for or_options_t. */
517
static config_format_t options_format = {
518
519
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
520
521
522
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
523
  (validate_fn_t)options_validate,
524
  NULL
525
526
};

527
528
529
530
531
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
532
static or_options_t *global_options = NULL;
533
534
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
535
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
536
/** Name of most recently read torrc file. */
537
static char *torrc_fname = NULL;
538
/** Name of the most recently read torrc-defaults file.*/
539
static char *torrc_defaults_fname;
540
541
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
542
/** Contents of most recently read DirPortFrontPage file. */
543
static char *global_dirfrontpagecontents = NULL;
544
545
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
546
547
548
549
550
551
552

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
553

554
555
/** Return the currently configured options. */
or_options_t *
556
get_options_mutable(void)
557
{
558
559
560
  tor_assert(global_options);
  return global_options;
}
561

562
563
564
565
566
567
568
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

569
570
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
571
 * as necessary.  Returns 0 on success, -1 on failure.
572
 */
573
int
574
set_options(or_options_t *new_val, char **msg)
575
{
576
577
578
  int i;
  smartlist_t *elements;
  config_line_t *line;
579
  or_options_t *old_options = global_options;
580
  global_options = new_val;
581
582
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
583
584
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
585
586
587
    global_options = old_options;
    return -1;
  }
588
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
589
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
590
            "Acting on config options left us in a broken state. Dying.");
591
592
    exit(1);
  }
593
594
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
595
  if (old_options && old_options != global_options) {
596
    elements = smartlist_new();
597
    for (i=0; options_format.vars[i].name; ++i) {
598
599
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
600
601
602
603
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
604
605
606
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
607
608

        if (line) {
Nick Mathewson's avatar
Nick Mathewson committed
609
610
611
          config_line_t *next;
          for (; line; line = next) {
            next = line->next;
612
613
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
Nick Mathewson's avatar
Nick Mathewson committed
614
            tor_free(line);
615
616
          }
        } else {
617
          smartlist_add(elements, (char*)options_format.vars[i].name);
618
          smartlist_add(elements, NULL);
619
620
621
        }
      }
    }
622
    control_event_conf_changed(elements);
623
624
    smartlist_free(elements);
  }
625
626
627

  if (old_options != global_options)
    config_free(&options_format, old_options);
628
629

  return 0;
630
631
}

632
extern const char tor_git_revision[]; /* from tor_main.c */
633

634
/** The version of this Tor process, as parsed. */
635
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
636
637
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
638
static char *the_short_tor_version = NULL;
639

640
/** Return the current Tor version. */
641
642
643
const char *
get_version(void)
{
644
  if (the_tor_version == NULL) {
645
    if (strlen(tor_git_revision)) {
646
647
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
648
    } else {
649
      the_tor_version = tor_strdup(get_short_version());
650
651
    }
  }
652
  return the_tor_version;
653
654
}

655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

670
671
672
673
674
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
675
676
677
  if (!options)
    return;

678
  routerset_free(options->ExcludeExitNodesUnion_);
679
680
681
682
683
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
684
  tor_free(options->BridgePassword_AuthDigest_);
685
686
687
  config_free(&options_format, options);
}

688
689
/** Release all memory and resources held by global configuration structures.
 */
690
691
692
void
config_free_all(void)
{
693
694
  or_options_free(global_options);
  global_options = NULL;
695
696
  or_options_free(global_default_options);
  global_default_options = NULL;
697
698
699
700

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

701
702
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
703
                      port_cfg_t *, p, port_cfg_free(p));
704
705
    smartlist_free(configured_ports);
    configured_ports = NULL;
706
707
  }

708
  tor_free(torrc_fname);
709
  tor_free(torrc_defaults_fname);
710
  tor_free(the_tor_version);
711
  tor_free(global_dirfrontpagecontents);
712
713
714

  tor_free(the_short_tor_version);
  tor_free(the_tor_version);
715
716
}

717
718
719
720
721
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
722
723
 */
const char *
724
safe_str_client(const char *address)
725
{
726
  tor_assert(address);
727
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
728
729
730
731
732
    return "[scrubbed]";
  else
    return address;
}

733
734
735
736
737
738
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
739
740
 */
const char *
741
742
safe_str(const char *address)
{
743
  tor_assert(address);
744
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
745
746
747
748
749
    return "[scrubbed]";
  else
    return address;
}