config.c 210 KB
Newer Older
1
 /* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
2
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
15
#include "addressmap.h"
16
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "circuitlist.h"
19
20
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "connection_edge.h"
24
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "control.h"
26
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "dns.h"
31
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "networkstatus.h"
36
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
42
#include "router.h"
43
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
44
#include "routerlist.h"
45
#include "routerset.h"
46
#include "statefile.h"
47
#include "transports.h"
48
#ifdef _WIN32
49
50
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
51

52
53
54
55
56
#include "procmon.h"

/* From main.c */
extern int quiet_level;

57
58
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
59
static config_abbrev_t option_abbrevs_[] = {
60
61
62
63
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
64
  PLURAL(ExitNode),
65
  PLURAL(EntryNode),
66
67
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
68
  PLURAL(LongLivedPort),
69
70
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
71
  PLURAL(NumCPU),
72
73
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
74
75
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
76
  PLURAL(StrictNode),
77
  { "l", "Log", 1, 0},
78
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
79
80
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
81
82
83
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
84
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
85
  { "MaxConn", "ConnLimit", 0, 1},
86
87
88
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
89
90
91
92
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
93
94
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
95
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
96
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
97
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
98
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
99
100
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
101
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
102
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
103
104
  { NULL, NULL, 0, 0},
};
105

Nick Mathewson's avatar
Nick Mathewson committed
106
107
108
109
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
110
111
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
112
      initvalue }
113
114
115
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
116
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
117
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
118

119
120
121
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
122
123
124
125
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
126
static config_var_t option_vars_[] = {
127
  OBSOLETE("AccountingMaxKB"),
128
129
130
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
131
  V(AllowDotExit,                BOOL,     "0"),
132
133
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
134
135
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
136
137
138
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
139
  V(AssumeReachable,             BOOL,     "0"),
140
  V(AuthDirBadDir,               LINELIST, NULL),
141
  V(AuthDirBadDirCCs,            CSV,      ""),
142
  V(AuthDirBadExit,              LINELIST, NULL),
143
  V(AuthDirBadExitCCs,           CSV,      ""),
144
  V(AuthDirInvalid,              LINELIST, NULL),
145
  V(AuthDirInvalidCCs,           CSV,      ""),
146
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
147
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
148
  V(AuthDirReject,               LINELIST, NULL),
149
  V(AuthDirRejectCCs,            CSV,      ""),
150
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
151
  V(AuthDirListBadDirs,          BOOL,     "0"),
152
  V(AuthDirListBadExits,         BOOL,     "0"),
153
154
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
155
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
156
157
158
159
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
160
161
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
162
163
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
164
  V(BridgePassword,              STRING,   NULL),
165
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
166
  V(BridgeRelay,                 BOOL,     "0"),
167
  V(CellStatistics,              BOOL,     "0"),
168
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
169
  V(CircuitBuildTimeout,         INTERVAL, "0"),
170
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
171
  V(CircuitStreamTimeout,        INTERVAL, "0"),
172
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
173
174
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
175
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
176
  V(ClientRejectInternalAddresses, BOOL,   "1"),
177
  V(ClientTransportPlugin,       LINELIST, NULL),
178
  V(ClientUseIPv6,               BOOL,     "0"),
179
  V(ConsensusParams,             STRING,   NULL),
180
  V(ConnLimit,                   UINT,     "1000"),
181
  V(ConnDirectionStatistics,     BOOL,     "0"),
182
183
184
185
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
186
  VPORT(ControlPort,                 LINELIST, NULL),
187
  V(ControlPortFileGroupReadable,BOOL,     "0"),
188
  V(ControlPortWriteToFile,      FILENAME, NULL),
189
  V(ControlSocket,               LINELIST, NULL),
190
  V(ControlSocketsGroupWritable, BOOL,     "0"),
191
192
193
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
194
  V(CountPrivateBandwidth,       BOOL,     "0"),
195
  V(DataDirectory,               FILENAME, NULL),
196
  OBSOLETE("DebugLogFile"),
197
  V(DisableNetwork,              BOOL,     "0"),
198
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
199
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
200
  V(DirListenAddress,            LINELIST, NULL),
201
  OBSOLETE("DirFetchPeriod"),
202
  V(DirPolicy,                   LINELIST, NULL),
203
  VPORT(DirPort,                     LINELIST, NULL),
204
  V(DirPortFrontPage,            FILENAME, NULL),
205
  OBSOLETE("DirPostPeriod"),
206
207
208
209
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
210
  V(DirReqStatistics,            BOOL,     "1"),
211
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
212
  V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
213
  V(DisableAllSwap,              BOOL,     "0"),
214
  V(DisableDebuggerAttachment,   BOOL,     "1"),
215
  V(DisableIOCP,                 BOOL,     "1"),
216
  V(DisableV2DirectoryInfo_,     BOOL,     "0"),
217
  V(DynamicDHGroups,             BOOL,     "0"),
218
  VPORT(DNSPort,                     LINELIST, NULL),
219
220
221
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
222
  V(EntryNodes,                  ROUTERSET,   NULL),
223
  V(EntryStatistics,             BOOL,     "0"),
224
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
225
226
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
227
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
228
  V(ExitNodes,                   ROUTERSET, NULL),
229
230
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
231
  V(ExitPortStatistics,          BOOL,     "0"),
232
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
233
  V(ExtraInfoStatistics,         BOOL,     "1"),
234
  V(FallbackDir,                 LINELIST, NULL),
235

236
  OBSOLETE("FallbackNetworkstatusFile"),
237
238
239
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
240
  V(FetchDirInfoEarly,           BOOL,     "0"),
241
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
242
243
244
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
245
  V(FetchV2Networkstatus,        BOOL,     "0"),
246
  V(GeoIPExcludeUnknown,         AUTOBOOL, "auto"),
247
#ifdef _WIN32
248
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
249
  V(GeoIPv6File,                 FILENAME, "<default>"),
250
#else
251
252
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
253
254
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
255
#endif
256
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
257
  OBSOLETE("Group"),
258
  V(GuardLifetime,               INTERVAL, "0 minutes"),
259
  V(HardwareAccel,               BOOL,     "0"),
260
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
261
262
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
263
  V(HashedControlPassword,       LINELIST, NULL),
264
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
265
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
266
267
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
268
269
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
270
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
271
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
272
  V(HidServAuth,                 LINELIST, NULL),
273
  V(HSAuthoritativeDir,          BOOL,     "0"),
274
  OBSOLETE("HSAuthorityRecordStats"),
275
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
276
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
277
278
279
280
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
281
  V(IPv6Exit,                    BOOL,     "0"),
282
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
283
  V(ServerTransportListenAddr,   LINELIST, NULL),
284
285
286
287
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
288
  OBSOLETE("IgnoreVersion"),
289
290
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
291
  V(LogMessageDomains,           BOOL,     "0"),
292
  OBSOLETE("LinkPadding"),
293
294
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
295
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
296
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
297
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
298
299
300
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
301
  V(MaxClientCircuitsPending,    UINT,     "32"),
302
303
  OBSOLETE("MaxOnionsPending"),
  V(MaxOnionQueueDelay,          MSEC_INTERVAL, "1750 msec"),
304
  V(MinMeasuredBWsForAuthToIgnoreAdvertised, INT, "500"),
305
  OBSOLETE("MonthlyAccountingStart"),
306
307
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
308
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
309
  V(NATDListenAddress,           LINELIST, NULL),
310
  VPORT(NATDPort,                    LINELIST, NULL),
311
  V(Nickname,                    STRING,   NULL),
312
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
313
  OBSOLETE("NoPublish"),
314
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
315
  V(NumCPUs,                     UINT,     "0"),
316
  V(NumDirectoryGuards,          UINT,     "3"),
317
318
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
319
  VPORT(ORPort,                      LINELIST, NULL),
320
  V(OutboundBindAddress,         LINELIST,   NULL),
321

322
  OBSOLETE("PathBiasDisableRate"),
323
324
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
325
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
326
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
327
  V(PathBiasScaleThreshold,      INT,      "-1"),
328
329
  OBSOLETE("PathBiasScaleFactor"),
  OBSOLETE("PathBiasMultFactor"),
330
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
331
332
333
334
335
336
  OBSOLETE("PathBiasUseCloseCounts"),

  V(PathBiasUseThreshold,       INT,      "-1"),
  V(PathBiasNoticeUseRate,          DOUBLE,   "-1"),
  V(PathBiasExtremeUseRate,         DOUBLE,   "-1"),
  V(PathBiasScaleUseThreshold,      INT,      "-1"),
337

338
  V(PathsNeededToBuildCircuits,  DOUBLE,   "-1"),
339
  OBSOLETE("PathlenCoinWeight"),
340
341
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
342
  V(PidFile,                     STRING,   NULL),
343
  V(TestingTorNetwork,           BOOL,     "0"),
344
  V(OptimisticData,              AUTOBOOL, "auto"),
345
346
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
347
  V(PreferTunneledDirConns,      BOOL,     "1"),
348
  V(ProtocolWarnings,            BOOL,     "0"),
349
  V(PublishServerDescriptor,     CSV,      "1"),
350
351
352
353
354
355
356
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
357
  OBSOLETE("RedirectExit"),
358
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
359
  V(RejectPlaintextPorts,        CSV,      ""),
360
361
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
362
363
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
364
365
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
366
  OBSOLETE("RouterFile"),
367
  V(RunAsDaemon,                 BOOL,     "0"),
368
369
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
370
  V(SafeLogging,                 STRING,   "1"),
371
  V(SafeSocks,                   BOOL,     "0"),
372
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
373
374
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
375
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
376
377
378
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
379
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
380
381
382
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
383
  VPORT(SocksPort,                   LINELIST, NULL),
384
  V(SocksTimeout,                INTERVAL, "2 minutes"),
385
  V(SSLKeyLifetime,              INTERVAL, "0"),
386
  OBSOLETE("StatusFetchPeriod"),
387
  V(StrictNodes,                 BOOL,     "0"),
388
  OBSOLETE("SysLog"),
389
  V(TestSocks,                   BOOL,     "0"),
390
  OBSOLETE("TestVia"),
391
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
392
  V(Tor2webMode,                 BOOL,     "0"),
393
  V(TLSECGroup,                  STRING,   NULL),
394
395
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
396
  OBSOLETE("TrafficShaping"),
397
  V(TransListenAddress,          LINELIST, NULL),
398
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
399
  V(TunnelDirConns,              BOOL,     "1"),
400
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
401
  V(UseBridges,                  BOOL,     "0"),
402
  V(UseEntryGuards,              BOOL,     "1"),
403
  V(UseEntryGuardsAsDirGuards,   BOOL,     "1"),
404
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
405
  V(UseNTorHandshake,            AUTOBOOL, "auto"),
406
  V(User,                        STRING,   NULL),
407
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
408
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
409
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
410
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
411
412
413
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
414
415
416
417
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
418
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
419
  V(V3BandwidthsFile,            FILENAME, NULL),
420
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
421
422
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
423
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
424
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
425
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
426
427
428
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
429
430
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
431
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
432
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
433
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
434
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
435

436
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
437
};
438

439
440
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
441
static const config_var_t testing_tor_network_defaults[] = {
442
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
443
444
445
446
447
448
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
449
  V(ClientRejectInternalAddresses, BOOL,   "0"),
450
  V(CountPrivateBandwidth,       BOOL,     "1"),
451
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
452
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
453
454
455
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
456
457
458
459
460
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
461
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
462
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
463

464
465
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
466

467
#undef VAR
468
#undef V
469
470
#undef OBSOLETE

471
#ifdef _WIN32
472
473
static char *get_windows_conf_root(void);
#endif
474
475
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
476
                            int from_setconf, char **msg);
477
478
479
480
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
481
                                      char **msg);
482
483
484
485
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
486
static int check_nickname_list(const char *lst, const char *name, char **msg);
487

488
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
489
static int parse_client_transport_line(const char *line, int validate_only);
490
491

static int parse_server_transport_line(const char *line, int validate_only);
492
493
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
494
static int parse_dir_authority_line(const char *line,
495
                                 dirinfo_type_t required_type,
496
                                 int validate_only);
497
498
static int parse_dir_fallback_line(const char *line,
                                   int validate_only);
499
static void port_cfg_free(port_cfg_t *port);
500
static int parse_ports(or_options_t *options, int validate_only,
501
                              char **msg_out, int *n_ports_out);
502
503
504
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

505
static int validate_data_directory(or_options_t *options);
506
507
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
508
static int options_init_logs(or_options_t *options, int validate_only);
509

510
static void init_libevent(const or_options_t *options);
511
static int opt_streq(const char *s1, const char *s2);
512
513
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
514
515
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);
516

517
/** Magic value for or_options_t. */
518
519
#define OR_OPTIONS_MAGIC 9090909

520
/** Configuration format for or_options_t. */
521
static config_format_t options_format = {
522
523
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
524
525
526
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
527
  (validate_fn_t)options_validate,
528
  NULL
529
530
};

531
532
533
534
535
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
536
static or_options_t *global_options = NULL;
537
538
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
539
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
540
/** Name of most recently read torrc file. */
541
static char *torrc_fname = NULL;
542
/** Name of the most recently read torrc-defaults file.*/
543
static char *torrc_defaults_fname;
544
545
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
546
/** Contents of most recently read DirPortFrontPage file. */
547
static char *global_dirfrontpagecontents = NULL;
548
549
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
550
551
552
553
554
555
556

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
557

558
559
/** Return the currently configured options. */
or_options_t *
560
get_options_mutable(void)
561
{
562
563
564
  tor_assert(global_options);
  return global_options;
}
565

566
567
568
569
570
571
572
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

573
574
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
575
 * as necessary.  Returns 0 on success, -1 on failure.
576
 */
577
int
578
set_options(or_options_t *new_val, char **msg)
579
{
580
581
582
  int i;
  smartlist_t *elements;
  config_line_t *line;
583
  or_options_t *old_options = global_options;
584
  global_options = new_val;
585
586
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
587
588
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
589
590
591
    global_options = old_options;
    return -1;
  }
592
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
593
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
594
            "Acting on config options left us in a broken state. Dying.");
595
596
    exit(1);
  }
597
598
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
599
  if (old_options && old_options != global_options) {
600
    elements = smartlist_new();
601
    for (i=0; options_format.vars[i].name; ++i) {
602
603
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
604
605
606
607
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
608
609
610
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
611
612

        if (line) {
Nick Mathewson's avatar
Nick Mathewson committed
613
614
615
          config_line_t *next;
          for (; line; line = next) {
            next = line->next;
616
617
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
Nick Mathewson's avatar
Nick Mathewson committed
618
            tor_free(line);
619
620
          }
        } else {
621
          smartlist_add(elements, (char*)options_format.vars[i].name);
622
          smartlist_add(elements, NULL);
623
624
625
        }
      }
    }
626
    control_event_conf_changed(elements);
627
628
    smartlist_free(elements);
  }
629
630
631

  if (old_options != global_options)
    config_free(&options_format, old_options);
632
633

  return 0;
634
635
}

636
extern const char tor_git_revision[]; /* from tor_main.c */
637

638
/** The version of this Tor process, as parsed. */
639
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
640
641
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
642
static char *the_short_tor_version = NULL;
643

644
/** Return the current Tor version. */
645
646
647
const char *
get_version(void)
{
648
  if (the_tor_version == NULL) {
649
    if (strlen(tor_git_revision)) {
650
651
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
652
    } else {
653
      the_tor_version = tor_strdup(get_short_version());
654
655
    }
  }
656
  return the_tor_version;
657
658
}

659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

674
675
676
677
678
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
679
680
681
  if (!options)
    return;

682
  routerset_free(options->ExcludeExitNodesUnion_);
683
684
685
686
687
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
688
  tor_free(options->BridgePassword_AuthDigest_);
689
690
691
  config_free(&options_format, options);
}

692
693
/** Release all memory and resources held by global configuration structures.
 */
694
695
696
void
config_free_all(void)
{
697
698
  or_options_free(global_options);
  global_options = NULL;
699
700
  or_options_free(global_default_options);
  global_default_options = NULL;
701
702
703
704

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

705
706
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
707
                      port_cfg_t *, p, port_cfg_free(p));
708
709
    smartlist_free(configured_ports);
    configured_ports = NULL;
710
711
  }

712
  tor_free(torrc_fname);
713
  tor_free(torrc_defaults_fname);
714
  tor_free(the_tor_version);
715
  tor_free(global_dirfrontpagecontents);
716
717
718

  tor_free(the_short_tor_version);
  tor_free(the_tor_version);
719
720
}

721
722
723
724
725
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
726
727
 */
const char *
728
safe_str_client(const char *address)
729
{
730
  tor_assert(address);
731
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
732
733
734
735
736
    return "[scrubbed]";
  else
    return address;
}

737