config.c 204 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
15
#include "addressmap.h"
16
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "circuitlist.h"
19
20
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "connection_edge.h"
24
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "control.h"
26
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "dns.h"
31
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "networkstatus.h"
36
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
42
#include "router.h"
43
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
44
#include "routerlist.h"
45
#include "routerset.h"
46
#include "statefile.h"
47
#include "transports.h"
48
#ifdef _WIN32
49
50
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
51

52
53
54
55
56
#include "procmon.h"

/* From main.c */
extern int quiet_level;

57
58
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
59
static config_abbrev_t option_abbrevs_[] = {
60
61
62
63
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
64
  PLURAL(ExitNode),
65
  PLURAL(EntryNode),
66
67
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
68
  PLURAL(LongLivedPort),
69
70
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
71
  PLURAL(NumCPU),
72
73
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
74
75
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
76
  PLURAL(StrictNode),
77
  { "l", "Log", 1, 0},
78
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
79
80
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
81
82
83
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
84
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
85
  { "MaxConn", "ConnLimit", 0, 1},
86
87
88
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
89
90
91
92
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
93
94
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
95
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
96
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
97
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
98
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
99
100
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
101
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
102
103
  { NULL, NULL, 0, 0},
};
104

Nick Mathewson's avatar
Nick Mathewson committed
105
106
107
108
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
109
110
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
111
      initvalue }
112
113
114
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
115
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
116
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
117

118
119
120
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
121
122
123
124
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
125
static config_var_t option_vars_[] = {
126
  OBSOLETE("AccountingMaxKB"),
127
128
129
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
130
  V(AllowDotExit,                BOOL,     "0"),
131
132
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
133
134
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
135
136
137
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
138
  V(AssumeReachable,             BOOL,     "0"),
139
  V(AuthDirBadDir,               LINELIST, NULL),
140
  V(AuthDirBadDirCCs,            CSV,      ""),
141
  V(AuthDirBadExit,              LINELIST, NULL),
142
  V(AuthDirBadExitCCs,           CSV,      ""),
143
  V(AuthDirInvalid,              LINELIST, NULL),
144
  V(AuthDirInvalidCCs,           CSV,      ""),
145
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
146
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
147
  V(AuthDirReject,               LINELIST, NULL),
148
  V(AuthDirRejectCCs,            CSV,      ""),
149
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
150
  V(AuthDirListBadDirs,          BOOL,     "0"),
151
  V(AuthDirListBadExits,         BOOL,     "0"),
152
153
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
154
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
155
156
157
158
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
159
160
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
161
162
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
163
  V(BridgePassword,              STRING,   NULL),
164
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
165
  V(BridgeRelay,                 BOOL,     "0"),
166
  V(CellStatistics,              BOOL,     "0"),
167
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
168
  V(CircuitBuildTimeout,         INTERVAL, "0"),
169
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
170
  V(CircuitStreamTimeout,        INTERVAL, "0"),
171
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
172
173
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
174
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
175
  V(ClientRejectInternalAddresses, BOOL,   "1"),
176
  V(ClientTransportPlugin,       LINELIST, NULL),
177
  V(ClientUseIPv6,               BOOL,     "0"),
178
  V(ConsensusParams,             STRING,   NULL),
179
  V(ConnLimit,                   UINT,     "1000"),
180
  V(ConnDirectionStatistics,     BOOL,     "0"),
181
182
183
184
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
185
  VPORT(ControlPort,                 LINELIST, NULL),
186
  V(ControlPortFileGroupReadable,BOOL,     "0"),
187
  V(ControlPortWriteToFile,      FILENAME, NULL),
188
  V(ControlSocket,               LINELIST, NULL),
189
  V(ControlSocketsGroupWritable, BOOL,     "0"),
190
191
192
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
193
  V(CountPrivateBandwidth,       BOOL,     "0"),
194
  V(DataDirectory,               FILENAME, NULL),
195
  OBSOLETE("DebugLogFile"),
196
  V(DisableNetwork,              BOOL,     "0"),
197
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
198
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
199
  V(DirListenAddress,            LINELIST, NULL),
200
  OBSOLETE("DirFetchPeriod"),
201
  V(DirPolicy,                   LINELIST, NULL),
202
  VPORT(DirPort,                     LINELIST, NULL),
203
  V(DirPortFrontPage,            FILENAME, NULL),
204
  OBSOLETE("DirPostPeriod"),
205
206
207
208
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
209
  V(DirReqStatistics,            BOOL,     "1"),
210
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
211
  V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
212
  V(DisableAllSwap,              BOOL,     "0"),
213
  V(DisableDebuggerAttachment,   BOOL,     "1"),
214
  V(DisableIOCP,                 BOOL,     "1"),
215
  V(DynamicDHGroups,             BOOL,     "0"),
216
  VPORT(DNSPort,                     LINELIST, NULL),
217
218
219
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
220
  V(EntryNodes,                  ROUTERSET,   NULL),
221
  V(EntryStatistics,             BOOL,     "0"),
222
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
223
224
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
225
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
226
  V(ExitNodes,                   ROUTERSET, NULL),
227
228
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
229
  V(ExitPortStatistics,          BOOL,     "0"),
230
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
231
  V(ExtraInfoStatistics,         BOOL,     "1"),
232
  V(FallbackDir,                 LINELIST, NULL),
233

234
  OBSOLETE("FallbackNetworkstatusFile"),
235
236
237
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
238
  V(FetchDirInfoEarly,           BOOL,     "0"),
239
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
240
241
242
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
243
  V(FetchV2Networkstatus,        BOOL,     "0"),
244
#ifdef _WIN32
245
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
246
  V(GeoIPv6File,                 FILENAME, "<default>"),
247
#else
248
249
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
250
251
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
252
#endif
253
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
254
  OBSOLETE("Group"),
255
  V(HardwareAccel,               BOOL,     "0"),
256
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
257
258
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
259
  V(HashedControlPassword,       LINELIST, NULL),
260
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
261
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
262
263
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
264
265
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
266
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
267
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
268
  V(HidServAuth,                 LINELIST, NULL),
269
  V(HSAuthoritativeDir,          BOOL,     "0"),
270
  OBSOLETE("HSAuthorityRecordStats"),
271
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
272
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
273
274
275
276
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
277
  V(IPv6Exit,                    BOOL,     "0"),
278
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
279
  V(ServerTransportListenAddr,   LINELIST, NULL),
280
281
282
283
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
284
  OBSOLETE("IgnoreVersion"),
285
286
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
287
  V(LogMessageDomains,           BOOL,     "0"),
288
  OBSOLETE("LinkPadding"),
289
290
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
291
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
292
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
293
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
294
295
296
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
297
  V(MaxClientCircuitsPending,    UINT,     "32"),
298
  V(MaxOnionsPending,            UINT,     "100"),
299
  OBSOLETE("MonthlyAccountingStart"),
300
301
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
302
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
303
  V(NATDListenAddress,           LINELIST, NULL),
304
  VPORT(NATDPort,                    LINELIST, NULL),
305
  V(Nickname,                    STRING,   NULL),
306
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
307
  OBSOLETE("NoPublish"),
308
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
309
  V(NumCPUs,                     UINT,     "0"),
310
311
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
312
  VPORT(ORPort,                      LINELIST, NULL),
313
  V(OutboundBindAddress,         LINELIST,   NULL),
314
315
316
317
318
319
320

  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
  V(PathBiasDisableRate,         DOUBLE,   "-1"),
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),

321
  OBSOLETE("PathlenCoinWeight"),
322
323
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
324
  V(PidFile,                     STRING,   NULL),
325
  V(TestingTorNetwork,           BOOL,     "0"),
326
  V(OptimisticData,              AUTOBOOL, "auto"),
327
328
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
329
  V(PreferTunneledDirConns,      BOOL,     "1"),
330
  V(ProtocolWarnings,            BOOL,     "0"),
331
  V(PublishServerDescriptor,     CSV,      "1"),
332
333
334
335
336
337
338
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
339
  OBSOLETE("RedirectExit"),
340
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
341
  V(RejectPlaintextPorts,        CSV,      ""),
342
343
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
344
345
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
346
347
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
348
  OBSOLETE("RouterFile"),
349
  V(RunAsDaemon,                 BOOL,     "0"),
350
351
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
352
  V(SafeLogging,                 STRING,   "1"),
353
  V(SafeSocks,                   BOOL,     "0"),
354
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
355
356
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
357
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
358
359
360
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
361
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
362
363
364
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
365
  VPORT(SocksPort,                   LINELIST, NULL),
366
  V(SocksTimeout,                INTERVAL, "2 minutes"),
367
  OBSOLETE("StatusFetchPeriod"),
368
  V(StrictNodes,                 BOOL,     "0"),
369
  OBSOLETE("SysLog"),
370
  V(TestSocks,                   BOOL,     "0"),
371
  OBSOLETE("TestVia"),
372
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
373
  V(Tor2webMode,                 BOOL,     "0"),
374
375
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
376
  OBSOLETE("TrafficShaping"),
377
  V(TransListenAddress,          LINELIST, NULL),
378
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
379
  V(TunnelDirConns,              BOOL,     "1"),
380
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
381
  V(UseBridges,                  BOOL,     "0"),
382
  V(UseEntryGuards,              BOOL,     "1"),
383
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
384
  V(User,                        STRING,   NULL),
385
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
386
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
387
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
388
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
389
390
391
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
392
393
394
395
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
396
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
397
  V(V3BandwidthsFile,            FILENAME, NULL),
398
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
399
  V(VirtualAddrNetwork,          STRING,   "127.192.0.0/10"),
400
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
401
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
402
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
403
404
405
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
406
407
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
408
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
409
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
410
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
411
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
412

413
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
414
};
415

416
417
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
418
static const config_var_t testing_tor_network_defaults[] = {
419
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
420
421
422
423
424
425
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
426
  V(ClientRejectInternalAddresses, BOOL,   "0"),
427
  V(CountPrivateBandwidth,       BOOL,     "1"),
428
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
429
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
430
431
432
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
433
434
435
436
437
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
438
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
439
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
440

441
442
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
443

444
#undef VAR
445
#undef V
446
447
#undef OBSOLETE

448
#ifdef _WIN32
449
450
static char *get_windows_conf_root(void);
#endif
451
452
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
453
                            int from_setconf, char **msg);
454
455
456
457
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
458
                                      char **msg);
459
460
461
462
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
463
static int check_nickname_list(const char *lst, const char *name, char **msg);
464

465
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
466
static int parse_client_transport_line(const char *line, int validate_only);
467
468

static int parse_server_transport_line(const char *line, int validate_only);
469
470
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
471
static int parse_dir_authority_line(const char *line,
472
                                 dirinfo_type_t required_type,
473
                                 int validate_only);
474
475
static int parse_dir_fallback_line(const char *line,
                                   int validate_only);
476
static void port_cfg_free(port_cfg_t *port);
477
static int parse_ports(or_options_t *options, int validate_only,
478
                              char **msg_out, int *n_ports_out);
479
480
481
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

482
static int validate_data_directory(or_options_t *options);
483
484
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
485
static int options_init_logs(or_options_t *options, int validate_only);
486

487
static void init_libevent(const or_options_t *options);
488
static int opt_streq(const char *s1, const char *s2);
489
490
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
491
492
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);
493

494
/** Magic value for or_options_t. */
495
496
#define OR_OPTIONS_MAGIC 9090909

497
/** Configuration format for or_options_t. */
498
static config_format_t options_format = {
499
500
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
501
502
503
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
504
  (validate_fn_t)options_validate,
505
  NULL
506
507
};

508
509
510
511
512
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
513
static or_options_t *global_options = NULL;
514
515
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
516
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
517
/** Name of most recently read torrc file. */
518
static char *torrc_fname = NULL;
519
/** Name of the most recently read torrc-defaults file.*/
520
static char *torrc_defaults_fname;
521
522
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
523
/** Contents of most recently read DirPortFrontPage file. */
524
static char *global_dirfrontpagecontents = NULL;
525
526
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
527
528
529
530
531
532
533

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
534

535
536
/** Return the currently configured options. */
or_options_t *
537
get_options_mutable(void)
538
{
539
540
541
  tor_assert(global_options);
  return global_options;
}
542

543
544
545
546
547
548
549
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

550
551
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
552
 * as necessary.  Returns 0 on success, -1 on failure.
553
 */
554
int
555
set_options(or_options_t *new_val, char **msg)
556
{
557
558
559
  int i;
  smartlist_t *elements;
  config_line_t *line;
560
  or_options_t *old_options = global_options;
561
  global_options = new_val;
562
563
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
564
565
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
566
567
568
    global_options = old_options;
    return -1;
  }
569
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
570
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
571
            "Acting on config options left us in a broken state. Dying.");
572
573
    exit(1);
  }
574
575
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
576
  if (old_options && old_options != global_options) {
577
    elements = smartlist_new();
578
    for (i=0; options_format.vars[i].name; ++i) {
579
580
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
581
582
583
584
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
585
586
587
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
588
589
590

        if (line) {
          for (; line; line = line->next) {
591
592
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
593
594
          }
        } else {
595
          smartlist_add(elements, (char*)options_format.vars[i].name);
596
          smartlist_add(elements, NULL);
597
598
599
        }
      }
    }
600
    control_event_conf_changed(elements);
601
602
    smartlist_free(elements);
  }
603
604
605

  if (old_options != global_options)
    config_free(&options_format, old_options);
606
607

  return 0;
608
609
}

610
extern const char tor_git_revision[]; /* from tor_main.c */
611

612
/** The version of this Tor process, as parsed. */
613
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
614
615
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
616
static char *the_short_tor_version = NULL;
617

618
/** Return the current Tor version. */
619
620
621
const char *
get_version(void)
{
622
  if (the_tor_version == NULL) {
623
    if (strlen(tor_git_revision)) {
624
625
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
626
    } else {
627
      the_tor_version = tor_strdup(get_short_version());
628
629
    }
  }
630
  return the_tor_version;
631
632
}

633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

648
649
650
651
652
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
653
654
655
  if (!options)
    return;

656
  routerset_free(options->ExcludeExitNodesUnion_);
657
658
659
660
661
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
662
  tor_free(options->BridgePassword_AuthDigest_);
663
664
665
  config_free(&options_format, options);
}

666
667
/** Release all memory and resources held by global configuration structures.
 */
668
669
670
void
config_free_all(void)
{
671
672
  or_options_free(global_options);
  global_options = NULL;
673
674
  or_options_free(global_default_options);
  global_default_options = NULL;
675
676
677
678

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

679
680
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
681
                      port_cfg_t *, p, port_cfg_free(p));
682
683
    smartlist_free(configured_ports);
    configured_ports = NULL;
684
685
  }

686
  tor_free(torrc_fname);
687
  tor_free(torrc_defaults_fname);
688
  tor_free(the_tor_version);
689
  tor_free(global_dirfrontpagecontents);
690
691
692

  tor_free(the_short_tor_version);
  tor_free(the_tor_version);
693
694
}

695
696
697
698
699
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
700
701
 */
const char *
702
safe_str_client(const char *address)
703
{
704
  tor_assert(address);
705
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
706
707
708
709
710
    return "[scrubbed]";
  else
    return address;
}

711
712
713
714
715
716
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
717
718
 */
const char *
719
720
safe_str(const char *address)
{
721
  tor_assert(address);
722
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
723
724
725
726
727
    return "[scrubbed]";
  else
    return address;
}

728
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
729
730
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
731
const char *
732
escaped_safe_str_client(const char *address)
733
{
734
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
735
736
737
738
739
    return "[scrubbed]";
  else
    return escaped(address);
}

740
/** Equivalent to escaped(safe_str(address)).  See reentrancy note on
741
742
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
743
744
745
const char *
escaped_safe_str(const char *address)
{
746
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
747
748
749
750
751
    return "[scrubbed]";
  else
    return escaped(address);
}

752
753
/** Add the default directory authorities directly into the trusted dir list,
 * but only add them insofar as they share bits with <b>type</b>. */
754
static void
755
add_default_trusted_dir_authorities(dirinfo_type_t type)
756
{