config.c 194 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
15
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
16
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitlist.h"
18
19
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
20
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection_edge.h"
23
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
24
#include "control.h"
25
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
26
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dns.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
31
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "networkstatus.h"
34
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "router.h"
41
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
42
#include "routerlist.h"
43
#include "routerset.h"
44
#include "statefile.h"
45
#include "transports.h"
46
#ifdef _WIN32
47
48
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
49

50
51
52
53
54
#include "procmon.h"

/* From main.c */
extern int quiet_level;

55
56
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
57
static config_abbrev_t _option_abbrevs[] = {
58
59
60
61
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
62
  PLURAL(ExitNode),
63
  PLURAL(EntryNode),
64
65
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
66
  PLURAL(LongLivedPort),
67
68
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
69
  PLURAL(NumCPU),
70
71
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
72
73
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
74
  PLURAL(StrictNode),
75
  { "l", "Log", 1, 0},
76
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
77
78
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
79
80
81
82
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
  { "MaxConn", "ConnLimit", 0, 1},
83
84
85
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
86
87
88
89
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
90
91
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
92
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
93
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
94
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
95
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
96
97
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
98
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
99
100
  { NULL, NULL, 0, 0},
};
101

Nick Mathewson's avatar
Nick Mathewson committed
102
103
104
105
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
106
107
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
108
      initvalue }
109
110
111
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
112
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
113
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
114

115
116
117
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
118
119
120
121
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
122
static config_var_t _option_vars[] = {
123
  OBSOLETE("AccountingMaxKB"),
124
125
126
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
127
  V(AllowDotExit,                BOOL,     "0"),
128
129
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
130
131
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
132
133
134
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
135
  V(AssumeReachable,             BOOL,     "0"),
136
  V(AuthDirBadDir,               LINELIST, NULL),
137
  V(AuthDirBadDirCCs,            CSV,      ""),
138
  V(AuthDirBadExit,              LINELIST, NULL),
139
  V(AuthDirBadExitCCs,           CSV,      ""),
140
  V(AuthDirInvalid,              LINELIST, NULL),
141
  V(AuthDirInvalidCCs,           CSV,      ""),
142
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
143
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
144
  V(AuthDirReject,               LINELIST, NULL),
145
  V(AuthDirRejectCCs,            CSV,      ""),
146
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
147
  V(AuthDirListBadDirs,          BOOL,     "0"),
148
  V(AuthDirListBadExits,         BOOL,     "0"),
149
150
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
151
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
152
153
154
155
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
156
157
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
158
159
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
160
  V(BridgePassword,              STRING,   NULL),
161
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
162
  V(BridgeRelay,                 BOOL,     "0"),
163
  V(CellStatistics,              BOOL,     "0"),
164
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
165
  V(CircuitBuildTimeout,         INTERVAL, "0"),
166
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
167
  V(CircuitStreamTimeout,        INTERVAL, "0"),
168
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
169
170
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
171
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
172
  V(ClientRejectInternalAddresses, BOOL,   "1"),
173
  V(ClientTransportPlugin,       LINELIST, NULL),
174
  V(ClientUseIPv6,               BOOL,     "0"),
175
  V(ConsensusParams,             STRING,   NULL),
176
  V(ConnLimit,                   UINT,     "1000"),
177
  V(ConnDirectionStatistics,     BOOL,     "0"),
178
179
180
181
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
182
  VPORT(ControlPort,                 LINELIST, NULL),
183
  V(ControlPortFileGroupReadable,BOOL,     "0"),
184
  V(ControlPortWriteToFile,      FILENAME, NULL),
185
  V(ControlSocket,               LINELIST, NULL),
186
  V(ControlSocketsGroupWritable, BOOL,     "0"),
187
188
189
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
190
  V(CountPrivateBandwidth,       BOOL,     "0"),
191
  V(DataDirectory,               FILENAME, NULL),
192
  OBSOLETE("DebugLogFile"),
193
  V(DisableNetwork,              BOOL,     "0"),
194
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
195
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
196
  V(DirListenAddress,            LINELIST, NULL),
197
  OBSOLETE("DirFetchPeriod"),
198
  V(DirPolicy,                   LINELIST, NULL),
199
  VPORT(DirPort,                     LINELIST, NULL),
200
  V(DirPortFrontPage,            FILENAME, NULL),
201
  OBSOLETE("DirPostPeriod"),
202
203
204
205
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
206
  V(DirReqStatistics,            BOOL,     "1"),
207
  VAR("DirServer",               LINELIST, DirServers, NULL),
208
  V(DisableAllSwap,              BOOL,     "0"),
209
  V(DisableDebuggerAttachment,   BOOL,     "1"),
210
  V(DisableIOCP,                 BOOL,     "1"),
211
  V(DynamicDHGroups,             BOOL,     "0"),
212
  VPORT(DNSPort,                     LINELIST, NULL),
213
214
215
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
216
  V(EntryNodes,                  ROUTERSET,   NULL),
217
  V(EntryStatistics,             BOOL,     "0"),
218
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
219
220
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
221
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
222
  V(ExitNodes,                   ROUTERSET, NULL),
223
224
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
225
  V(ExitPortStatistics,          BOOL,     "0"),
226
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
227
  V(ExtraInfoStatistics,         BOOL,     "1"),
228

valerino's avatar
valerino committed
229
230
231
#if defined (WINCE)
  V(FallbackNetworkstatusFile,   FILENAME, "fallback-consensus"),
#else
232
  V(FallbackNetworkstatusFile,   FILENAME,
233
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
valerino's avatar
valerino committed
234
#endif
235
236
237
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
238
  V(FetchDirInfoEarly,           BOOL,     "0"),
239
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
240
241
242
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
243
  V(FetchV2Networkstatus,        BOOL,     "0"),
244
#ifdef _WIN32
245
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
246
  V(GeoIPv6File,                 FILENAME, "<default>"),
247
#else
248
249
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
250
251
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
252
#endif
253
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
254
  OBSOLETE("Group"),
255
  V(HardwareAccel,               BOOL,     "0"),
256
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
257
258
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
259
  V(HashedControlPassword,       LINELIST, NULL),
260
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
261
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
262
263
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
264
265
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
266
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
267
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
268
  V(HidServAuth,                 LINELIST, NULL),
269
  V(HSAuthoritativeDir,          BOOL,     "0"),
270
  OBSOLETE("HSAuthorityRecordStats"),
271
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
272
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
273
274
275
276
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
277
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
278
279
280
281
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
282
  OBSOLETE("IgnoreVersion"),
283
284
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
285
  V(LogMessageDomains,           BOOL,     "0"),
286
  OBSOLETE("LinkPadding"),
287
288
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
289
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
290
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
291
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
292
293
294
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
295
  V(MaxClientCircuitsPending,    UINT,     "32"),
296
  V(MaxOnionsPending,            UINT,     "100"),
297
  OBSOLETE("MonthlyAccountingStart"),
298
299
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
300
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
301
  V(NATDListenAddress,           LINELIST, NULL),
302
  VPORT(NATDPort,                    LINELIST, NULL),
303
  V(Nickname,                    STRING,   NULL),
304
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
305
  OBSOLETE("NoPublish"),
306
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
307
  V(NumCPUs,                     UINT,     "0"),
308
309
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
310
  VPORT(ORPort,                      LINELIST, NULL),
311
  V(OutboundBindAddress,         LINELIST,   NULL),
312
313
314
315
316
317
318

  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
  V(PathBiasDisableRate,         DOUBLE,   "-1"),
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),

319
  OBSOLETE("PathlenCoinWeight"),
320
321
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
322
  V(PidFile,                     STRING,   NULL),
323
  V(TestingTorNetwork,           BOOL,     "0"),
324
  V(OptimisticData,              AUTOBOOL, "auto"),
325
326
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
327
  V(PreferTunneledDirConns,      BOOL,     "1"),
328
  V(ProtocolWarnings,            BOOL,     "0"),
329
  V(PublishServerDescriptor,     CSV,      "1"),
330
331
332
333
334
335
336
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
337
  OBSOLETE("RedirectExit"),
338
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
339
  V(RejectPlaintextPorts,        CSV,      ""),
340
341
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
342
343
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
344
345
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
346
  OBSOLETE("RouterFile"),
347
  V(RunAsDaemon,                 BOOL,     "0"),
348
349
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
350
  V(SafeLogging,                 STRING,   "1"),
351
  V(SafeSocks,                   BOOL,     "0"),
352
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
353
354
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
355
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
356
357
358
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
359
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
360
361
362
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
363
  VPORT(SocksPort,                   LINELIST, NULL),
364
  V(SocksTimeout,                INTERVAL, "2 minutes"),
365
  OBSOLETE("StatusFetchPeriod"),
366
  V(StrictNodes,                 BOOL,     "0"),
367
  OBSOLETE("SysLog"),
368
  V(TestSocks,                   BOOL,     "0"),
369
  OBSOLETE("TestVia"),
370
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
371
  V(Tor2webMode,                 BOOL,     "0"),
372
373
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
374
  OBSOLETE("TrafficShaping"),
375
  V(TransListenAddress,          LINELIST, NULL),
376
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
377
  V(TunnelDirConns,              BOOL,     "1"),
378
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
379
  V(UseBridges,                  BOOL,     "0"),
380
  V(UseEntryGuards,              BOOL,     "1"),
381
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
382
  V(User,                        STRING,   NULL),
383
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
384
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
385
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
386
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
387
388
389
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
390
391
392
393
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
394
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
395
  V(V3BandwidthsFile,            FILENAME, NULL),
396
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
397
  V(VirtualAddrNetwork,          STRING,   "127.192.0.0/10"),
398
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
399
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
400
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
401
402
403
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
404
405
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
406
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
407
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
408
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
409
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "0"),
410

411
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
412
};
413

414
415
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
416
static const config_var_t testing_tor_network_defaults[] = {
417
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
418
419
420
421
422
423
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
424
  V(ClientRejectInternalAddresses, BOOL,   "0"),
425
  V(CountPrivateBandwidth,       BOOL,     "1"),
426
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
427
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
428
429
430
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
431
432
433
434
435
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
436
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
437
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "1"),
438

439
440
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
441

442
#undef VAR
443
#undef V
444
445
#undef OBSOLETE

446
#ifdef _WIN32
447
448
static char *get_windows_conf_root(void);
#endif
449
450
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
451
                            int from_setconf, char **msg);
452
453
454
455
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
456
                                      char **msg);
457
458
459
460
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
461
static int check_nickname_list(const char *lst, const char *name, char **msg);
462

463
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
464
static int parse_client_transport_line(const char *line, int validate_only);
465
466

static int parse_server_transport_line(const char *line, int validate_only);
467
static int parse_dir_server_line(const char *line,
468
                                 dirinfo_type_t required_type,
469
                                 int validate_only);
470
static void port_cfg_free(port_cfg_t *port);
471
static int parse_ports(or_options_t *options, int validate_only,
472
                              char **msg_out, int *n_ports_out);
473
474
475
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

476
static int validate_data_directory(or_options_t *options);
477
478
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
479
static int options_init_logs(or_options_t *options, int validate_only);
480

481
static void init_libevent(const or_options_t *options);
482
static int opt_streq(const char *s1, const char *s2);
483
484
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
485

486
/** Magic value for or_options_t. */
487
488
#define OR_OPTIONS_MAGIC 9090909

489
/** Configuration format for or_options_t. */
490
static config_format_t options_format = {
491
492
493
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
  STRUCT_OFFSET(or_options_t, _magic),
494
495
496
  _option_abbrevs,
  _option_vars,
  (validate_fn_t)options_validate,
497
  NULL
498
499
};

500
501
502
503
504
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
505
static or_options_t *global_options = NULL;
506
507
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
508
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
509
/** Name of most recently read torrc file. */
510
static char *torrc_fname = NULL;
511
/** Name of the most recently read torrc-defaults file.*/
512
static char *torrc_defaults_fname;
513
514
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
515
/** Contents of most recently read DirPortFrontPage file. */
516
static char *global_dirfrontpagecontents = NULL;
517
518
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
519
520
521
522
523
524
525

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
526

527
528
/** Return the currently configured options. */
or_options_t *
529
get_options_mutable(void)
530
{
531
532
533
  tor_assert(global_options);
  return global_options;
}
534

535
536
537
538
539
540
541
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

542
543
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
544
 * as necessary.  Returns 0 on success, -1 on failure.
545
 */
546
int
547
set_options(or_options_t *new_val, char **msg)
548
{
549
550
551
  int i;
  smartlist_t *elements;
  config_line_t *line;
552
  or_options_t *old_options = global_options;
553
  global_options = new_val;
554
555
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
556
557
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
558
559
560
    global_options = old_options;
    return -1;
  }
561
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
562
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
563
            "Acting on config options left us in a broken state. Dying.");
564
565
    exit(1);
  }
566
567
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
568
  if (old_options && old_options != global_options) {
569
    elements = smartlist_new();
570
    for (i=0; options_format.vars[i].name; ++i) {
571
572
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
573
574
575
576
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
577
578
579
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
580
581
582

        if (line) {
          for (; line; line = line->next) {
583
584
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
585
586
          }
        } else {
587
          smartlist_add(elements, (char*)options_format.vars[i].name);
588
          smartlist_add(elements, NULL);
589
590
591
        }
      }
    }
592
    control_event_conf_changed(elements);
593
594
    smartlist_free(elements);
  }
595
596
597

  if (old_options != global_options)
    config_free(&options_format, old_options);
598
599

  return 0;
600
601
}

602
extern const char tor_git_revision[]; /* from tor_main.c */
603

604
/** The version of this Tor process, as parsed. */
605
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
606
607
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
608
static char *the_short_tor_version = NULL;
609

610
/** Return the current Tor version. */
611
612
613
const char *
get_version(void)
{
614
  if (the_tor_version == NULL) {
615
    if (strlen(tor_git_revision)) {
616
617
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
618
    } else {
619
      the_tor_version = tor_strdup(get_short_version());
620
621
    }
  }
622
  return the_tor_version;
623
624
}

625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

640
641
642
643
644
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
645
646
647
  if (!options)
    return;

648
  routerset_free(options->_ExcludeExitNodesUnion);
649
650
651
652
653
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
654
  tor_free(options->_BridgePassword_AuthDigest);
655
656
657
  config_free(&options_format, options);
}

658
659
/** Release all memory and resources held by global configuration structures.
 */
660
661
662
void
config_free_all(void)
{
663
664
  or_options_free(global_options);
  global_options = NULL;
665
666
  or_options_free(global_default_options);
  global_default_options = NULL;
667
668
669
670

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

671
672
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
673
                      port_cfg_t *, p, tor_free(p));
674
675
    smartlist_free(configured_ports);
    configured_ports = NULL;
676
677
  }

678
  tor_free(torrc_fname);
679
  tor_free(torrc_defaults_fname);
680
  tor_free(the_tor_version);
681
  tor_free(global_dirfrontpagecontents);
682
683
684

  tor_free(the_short_tor_version);
  tor_free(the_tor_version);
685
686
}

687
688
689
690
691
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
692
693
 */
const char *
694
safe_str_client(const char *address)
695
{
696
  tor_assert(address);
697
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
698
699
700
701
702
    return "[scrubbed]";
  else
    return address;
}

703
704
705
706
707
708
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
709
710
 */
const char *
711
712
safe_str(const char *address)
{
713
  tor_assert(address);
714
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
715
716
717
718
719
    return "[scrubbed]";
  else
    return address;
}

720
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
721
722
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
723
const char *
724
escaped_safe_str_client(const char *address)
725
{
726
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
727
728
729
730
731
    return "[scrubbed]";
  else
    return escaped(address);
}

732
/** Equivalent to escaped(safe_str(address)).  See reentrancy note on
733
734
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
735
736
737
const char *
escaped_safe_str(const char *address)
{
738
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
739
740
741
742
743
    return "[scrubbed]";
  else
    return escaped(address);
}

744
745
/** Add the default directory authorities directly into the trusted dir list,
 * but only add them insofar as they share bits with <b>type</b>. */
746
static void
747
add_default_trusted_dir_authorities(dirinfo_type_t type)
748
{
749
  int i;
750
  const char *dirservers[] = {
751
752
753
    "moria1 orport=9101 no-v2 "
      "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
      "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
754
    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
Peter Palfrader's avatar
Peter Palfrader committed
755
      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
Roger Dingledine's avatar
Roger Dingledine committed
756
757
    "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
      "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
758
    "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
759
      "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",