config.c 193 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
15
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
16
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitlist.h"
18
19
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
20
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection_edge.h"
23
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
24
#include "control.h"
25
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
26
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dns.h"
30
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
31
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "networkstatus.h"
35
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "router.h"
42
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
43
#include "routerlist.h"
44
#include "routerset.h"
45
#include "statefile.h"
46
#include "transports.h"
47
#ifdef _WIN32
48
49
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
50

51
52
53
54
55
#include "procmon.h"

/* From main.c */
extern int quiet_level;

56
57
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
58
static config_abbrev_t option_abbrevs_[] = {
59
60
61
62
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
63
  PLURAL(ExitNode),
64
  PLURAL(EntryNode),
65
66
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
67
  PLURAL(LongLivedPort),
68
69
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
70
  PLURAL(NumCPU),
71
72
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
73
74
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
75
  PLURAL(StrictNode),
76
  { "l", "Log", 1, 0},
77
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
78
79
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
80
81
82
83
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
  { "MaxConn", "ConnLimit", 0, 1},
84
85
86
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
87
88
89
90
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
91
92
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
93
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
94
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
95
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
96
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
97
98
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
99
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
100
101
  { NULL, NULL, 0, 0},
};
102

Nick Mathewson's avatar
Nick Mathewson committed
103
104
105
106
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
107
108
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
109
      initvalue }
110
111
112
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
113
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
114
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
115

116
117
118
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
119
120
121
122
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
123
static config_var_t option_vars_[] = {
124
  OBSOLETE("AccountingMaxKB"),
125
126
127
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
128
  V(AllowDotExit,                BOOL,     "0"),
129
130
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
131
132
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
133
134
135
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
136
  V(AssumeReachable,             BOOL,     "0"),
137
  V(AuthDirBadDir,               LINELIST, NULL),
138
  V(AuthDirBadDirCCs,            CSV,      ""),
139
  V(AuthDirBadExit,              LINELIST, NULL),
140
  V(AuthDirBadExitCCs,           CSV,      ""),
141
  V(AuthDirInvalid,              LINELIST, NULL),
142
  V(AuthDirInvalidCCs,           CSV,      ""),
143
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
144
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
145
  V(AuthDirReject,               LINELIST, NULL),
146
  V(AuthDirRejectCCs,            CSV,      ""),
147
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
148
  V(AuthDirListBadDirs,          BOOL,     "0"),
149
  V(AuthDirListBadExits,         BOOL,     "0"),
150
151
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
152
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
153
154
155
156
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
157
158
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
159
160
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
161
  V(BridgePassword,              STRING,   NULL),
162
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
163
  V(BridgeRelay,                 BOOL,     "0"),
164
  V(CellStatistics,              BOOL,     "0"),
165
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
166
  V(CircuitBuildTimeout,         INTERVAL, "0"),
167
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
168
  V(CircuitStreamTimeout,        INTERVAL, "0"),
169
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
170
171
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
172
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
173
  V(ClientRejectInternalAddresses, BOOL,   "1"),
174
  V(ClientTransportPlugin,       LINELIST, NULL),
175
  V(ClientUseIPv6,               BOOL,     "0"),
176
  V(ConsensusParams,             STRING,   NULL),
177
  V(ConnLimit,                   UINT,     "1000"),
178
  V(ConnDirectionStatistics,     BOOL,     "0"),
179
180
181
182
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
183
  VPORT(ControlPort,                 LINELIST, NULL),
184
  V(ControlPortFileGroupReadable,BOOL,     "0"),
185
  V(ControlPortWriteToFile,      FILENAME, NULL),
186
  V(ControlSocket,               LINELIST, NULL),
187
  V(ControlSocketsGroupWritable, BOOL,     "0"),
188
189
190
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
191
  V(CountPrivateBandwidth,       BOOL,     "0"),
192
  V(DataDirectory,               FILENAME, NULL),
193
  OBSOLETE("DebugLogFile"),
194
  V(DisableNetwork,              BOOL,     "0"),
195
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
196
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
197
  V(DirListenAddress,            LINELIST, NULL),
198
  OBSOLETE("DirFetchPeriod"),
199
  V(DirPolicy,                   LINELIST, NULL),
200
  VPORT(DirPort,                     LINELIST, NULL),
201
  V(DirPortFrontPage,            FILENAME, NULL),
202
  OBSOLETE("DirPostPeriod"),
203
204
205
206
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
207
  V(DirReqStatistics,            BOOL,     "1"),
208
  VAR("DirServer",               LINELIST, DirServers, NULL),
209
  V(DisableAllSwap,              BOOL,     "0"),
210
  V(DisableDebuggerAttachment,   BOOL,     "1"),
211
  V(DisableIOCP,                 BOOL,     "1"),
212
  V(DynamicDHGroups,             BOOL,     "0"),
213
  VPORT(DNSPort,                     LINELIST, NULL),
214
215
216
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
217
  V(EntryNodes,                  ROUTERSET,   NULL),
218
  V(EntryStatistics,             BOOL,     "0"),
219
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
220
221
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
222
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
223
  V(ExitNodes,                   ROUTERSET, NULL),
224
225
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
226
  V(ExitPortStatistics,          BOOL,     "0"),
227
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
228
  V(ExtraInfoStatistics,         BOOL,     "1"),
229

valerino's avatar
valerino committed
230
231
232
#if defined (WINCE)
  V(FallbackNetworkstatusFile,   FILENAME, "fallback-consensus"),
#else
233
  V(FallbackNetworkstatusFile,   FILENAME,
234
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
valerino's avatar
valerino committed
235
#endif
236
237
238
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
239
  V(FetchDirInfoEarly,           BOOL,     "0"),
240
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
241
242
243
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
244
  V(FetchV2Networkstatus,        BOOL,     "0"),
245
#ifdef _WIN32
246
  V(GeoIPFile,                   FILENAME, "<default>"),
247
#else
248
249
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
250
#endif
251
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
252
  OBSOLETE("Group"),
253
  V(HardwareAccel,               BOOL,     "0"),
254
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
255
256
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
257
  V(HashedControlPassword,       LINELIST, NULL),
258
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
259
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
260
261
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
262
263
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
264
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
265
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
266
  V(HidServAuth,                 LINELIST, NULL),
267
  V(HSAuthoritativeDir,          BOOL,     "0"),
268
  OBSOLETE("HSAuthorityRecordStats"),
269
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
270
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
271
272
273
274
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
275
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
276
277
278
279
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
280
  OBSOLETE("IgnoreVersion"),
281
282
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
283
  V(LogMessageDomains,           BOOL,     "0"),
284
  OBSOLETE("LinkPadding"),
285
286
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
287
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
288
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
289
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
290
291
292
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
293
  V(MaxClientCircuitsPending,    UINT,     "32"),
294
  V(MaxOnionsPending,            UINT,     "100"),
295
  OBSOLETE("MonthlyAccountingStart"),
296
297
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
298
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
299
  V(NATDListenAddress,           LINELIST, NULL),
300
  VPORT(NATDPort,                    LINELIST, NULL),
301
  V(Nickname,                    STRING,   NULL),
302
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
303
  OBSOLETE("NoPublish"),
304
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
305
  V(NumCPUs,                     UINT,     "0"),
306
307
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
308
  VPORT(ORPort,                      LINELIST, NULL),
309
  V(OutboundBindAddress,         LINELIST,   NULL),
310
311
312
313
314
315
316

  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
  V(PathBiasDisableRate,         DOUBLE,   "-1"),
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),

317
  OBSOLETE("PathlenCoinWeight"),
318
319
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
320
  V(PidFile,                     STRING,   NULL),
321
  V(TestingTorNetwork,           BOOL,     "0"),
322
  V(OptimisticData,              AUTOBOOL, "auto"),
323
324
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
325
  V(PreferTunneledDirConns,      BOOL,     "1"),
326
  V(ProtocolWarnings,            BOOL,     "0"),
327
  V(PublishServerDescriptor,     CSV,      "1"),
328
329
330
331
332
333
334
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
335
  OBSOLETE("RedirectExit"),
336
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
337
  V(RejectPlaintextPorts,        CSV,      ""),
338
339
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
340
341
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
342
343
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
344
  OBSOLETE("RouterFile"),
345
  V(RunAsDaemon,                 BOOL,     "0"),
346
347
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
348
  V(SafeLogging,                 STRING,   "1"),
349
  V(SafeSocks,                   BOOL,     "0"),
350
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
351
352
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
353
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
354
355
356
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
357
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
358
359
360
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
361
  VPORT(SocksPort,                   LINELIST, NULL),
362
  V(SocksTimeout,                INTERVAL, "2 minutes"),
363
  OBSOLETE("StatusFetchPeriod"),
364
  V(StrictNodes,                 BOOL,     "0"),
365
  OBSOLETE("SysLog"),
366
  V(TestSocks,                   BOOL,     "0"),
367
  OBSOLETE("TestVia"),
368
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
369
  V(Tor2webMode,                 BOOL,     "0"),
370
371
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
372
  OBSOLETE("TrafficShaping"),
373
  V(TransListenAddress,          LINELIST, NULL),
374
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
375
  V(TunnelDirConns,              BOOL,     "1"),
376
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
377
  V(UseBridges,                  BOOL,     "0"),
378
  V(UseEntryGuards,              BOOL,     "1"),
379
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
380
  V(User,                        STRING,   NULL),
381
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
382
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
383
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
384
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
385
386
387
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
388
389
390
391
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
392
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
393
  V(V3BandwidthsFile,            FILENAME, NULL),
394
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
395
  V(VirtualAddrNetwork,          STRING,   "127.192.0.0/10"),
396
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
397
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
398
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
399
400
401
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
402
403
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
404
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
405
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
406
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
407
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
408

409
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
410
};
411

412
413
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
414
static const config_var_t testing_tor_network_defaults[] = {
415
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
416
417
418
419
420
421
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
422
  V(ClientRejectInternalAddresses, BOOL,   "0"),
423
  V(CountPrivateBandwidth,       BOOL,     "1"),
424
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
425
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
426
427
428
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
429
430
431
432
433
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
434
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
435
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
436

437
438
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
439

440
#undef VAR
441
#undef V
442
443
#undef OBSOLETE

444
#ifdef _WIN32
445
446
static char *get_windows_conf_root(void);
#endif
447
448
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
449
                            int from_setconf, char **msg);
450
451
452
453
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
454
                                      char **msg);
455
456
457
458
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
459
static int check_nickname_list(const char *lst, const char *name, char **msg);
460

461
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
462
static int parse_client_transport_line(const char *line, int validate_only);
463
464

static int parse_server_transport_line(const char *line, int validate_only);
465
static int parse_dir_server_line(const char *line,
466
                                 dirinfo_type_t required_type,
467
                                 int validate_only);
468
static void port_cfg_free(port_cfg_t *port);
469
static int parse_ports(or_options_t *options, int validate_only,
470
                              char **msg_out, int *n_ports_out);
471
472
473
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

474
static int validate_data_directory(or_options_t *options);
475
476
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
477
static int options_init_logs(or_options_t *options, int validate_only);
478

479
static void init_libevent(const or_options_t *options);
480
static int opt_streq(const char *s1, const char *s2);
481
482
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
483

484
/** Magic value for or_options_t. */
485
486
#define OR_OPTIONS_MAGIC 9090909

487
/** Configuration format for or_options_t. */
488
static config_format_t options_format = {
489
490
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
491
492
493
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
494
  (validate_fn_t)options_validate,
495
  NULL
496
497
};

498
499
500
501
502
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
503
static or_options_t *global_options = NULL;
504
505
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
506
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
507
/** Name of most recently read torrc file. */
508
static char *torrc_fname = NULL;
509
/** Name of the most recently read torrc-defaults file.*/
510
static char *torrc_defaults_fname;
511
512
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
513
/** Contents of most recently read DirPortFrontPage file. */
514
static char *global_dirfrontpagecontents = NULL;
515
516
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
517
518
519
520
521
522
523

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
524

525
526
/** Return the currently configured options. */
or_options_t *
527
get_options_mutable(void)
528
{
529
530
531
  tor_assert(global_options);
  return global_options;
}
532

533
534
535
536
537
538
539
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

540
541
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
542
 * as necessary.  Returns 0 on success, -1 on failure.
543
 */
544
int
545
set_options(or_options_t *new_val, char **msg)
546
{
547
548
549
  int i;
  smartlist_t *elements;
  config_line_t *line;
550
  or_options_t *old_options = global_options;
551
  global_options = new_val;
552
553
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
554
555
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
556
557
558
    global_options = old_options;
    return -1;
  }
559
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
560
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
561
            "Acting on config options left us in a broken state. Dying.");
562
563
    exit(1);
  }
564
565
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
566
  if (old_options && old_options != global_options) {
567
    elements = smartlist_new();
568
    for (i=0; options_format.vars[i].name; ++i) {
569
570
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
571
572
573
574
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
575
576
577
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
578
579
580

        if (line) {
          for (; line; line = line->next) {
581
582
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
583
584
          }
        } else {
585
          smartlist_add(elements, (char*)options_format.vars[i].name);
586
          smartlist_add(elements, NULL);
587
588
589
        }
      }
    }
590
    control_event_conf_changed(elements);
591
592
    smartlist_free(elements);
  }
593
594
595

  if (old_options != global_options)
    config_free(&options_format, old_options);
596
597

  return 0;
598
599
}

600
extern const char tor_git_revision[]; /* from tor_main.c */
601

602
/** The version of this Tor process, as parsed. */
603
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
604
605
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
606
static char *the_short_tor_version = NULL;
607

608
/** Return the current Tor version. */
609
610
611
const char *
get_version(void)
{
612
  if (the_tor_version == NULL) {
613
    if (strlen(tor_git_revision)) {
614
615
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
616
    } else {
617
      the_tor_version = tor_strdup(get_short_version());
618
619
    }
  }
620
  return the_tor_version;
621
622
}

623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

638
639
640
641
642
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
643
644
645
  if (!options)
    return;

646
  routerset_free(options->ExcludeExitNodesUnion_);
647
648
649
650
651
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
652
  tor_free(options->BridgePassword_AuthDigest_);
653
654
655
  config_free(&options_format, options);
}

656
657
/** Release all memory and resources held by global configuration structures.
 */
658
659
660
void
config_free_all(void)
{
661
662
  or_options_free(global_options);
  global_options = NULL;
663
664
  or_options_free(global_default_options);
  global_default_options = NULL;
665
666
667
668

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

669
670
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
671
                      port_cfg_t *, p, tor_free(p));
672
673
    smartlist_free(configured_ports);
    configured_ports = NULL;
674
675
  }

676
  tor_free(torrc_fname);
677
  tor_free(torrc_defaults_fname);
678
  tor_free(the_tor_version);
679
  tor_free(global_dirfrontpagecontents);
680
681
682

  tor_free(the_short_tor_version);
  tor_free(the_tor_version);
683
684
}

685
686
687
688
689
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
690
691
 */
const char *
692
safe_str_client(const char *address)
693
{
694
  tor_assert(address);
695
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
696
697
698
699
700
    return "[scrubbed]";
  else
    return address;
}

701
702
703
704
705
706
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
707
708
 */
const char *
709
710
safe_str(const char *address)
{
711
  tor_assert(address);
712
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
713
714
715
716
717
    return "[scrubbed]";
  else
    return address;
}

718
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
719
720
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
721
const char *
722
escaped_safe_str_client(const char *address)
723
{
724
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
725
726
727
728
729
    return "[scrubbed]";
  else
    return escaped(address);
}

730
/** Equivalent to escaped(safe_str(address)).  See reentrancy note on
731
732
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
733
734
735
const char *
escaped_safe_str(const char *address)
{
736
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
737
738
739
740
741
    return "[scrubbed]";
  else
    return escaped(address);
}

742
743
/** Add the default directory authorities directly into the trusted dir list,
 * but only add them insofar as they share bits with <b>type</b>. */
744
static void
745
add_default_trusted_dir_authorities(dirinfo_type_t type)
746
{
747
  int i;
748
  const char *dirservers[] = {
749
750
751
    "moria1 orport=9101 no-v2 "
      "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
      "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
752
    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
Peter Palfrader's avatar
Peter Palfrader committed
753
      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
Roger Dingledine's avatar
Roger Dingledine committed
754
755
    "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
      "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
756
    "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
757
      "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
758
759
    "turtles orport=9090 no-v2 "
      "v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "