config.c 203 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
15
#include "addressmap.h"
16
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "circuitlist.h"
19
20
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "connection_edge.h"
24
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "control.h"
26
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "dns.h"
31
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "networkstatus.h"
36
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
42
#include "router.h"
43
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
44
#include "routerlist.h"
45
#include "routerset.h"
46
#include "statefile.h"
47
#include "transports.h"
48
#ifdef _WIN32
49
50
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
51

52
53
54
55
56
#include "procmon.h"

/* From main.c */
extern int quiet_level;

57
58
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
59
static config_abbrev_t option_abbrevs_[] = {
60
61
62
63
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
64
  PLURAL(ExitNode),
65
  PLURAL(EntryNode),
66
67
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
68
  PLURAL(LongLivedPort),
69
70
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
71
  PLURAL(NumCPU),
72
73
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
74
75
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
76
  PLURAL(StrictNode),
77
  { "l", "Log", 1, 0},
78
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
79
80
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
81
82
83
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
84
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
85
  { "MaxConn", "ConnLimit", 0, 1},
86
87
88
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
89
90
91
92
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
93
94
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
95
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
96
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
97
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
98
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
99
100
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
101
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
102
103
  { NULL, NULL, 0, 0},
};
104

Nick Mathewson's avatar
Nick Mathewson committed
105
106
107
108
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
109
110
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
111
      initvalue }
112
113
114
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
115
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
116
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
117

118
119
120
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
121
122
123
124
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
125
static config_var_t option_vars_[] = {
126
  OBSOLETE("AccountingMaxKB"),
127
128
129
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
130
  V(AllowDotExit,                BOOL,     "0"),
131
132
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
133
134
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
135
136
137
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
138
  V(AssumeReachable,             BOOL,     "0"),
139
  V(AuthDirBadDir,               LINELIST, NULL),
140
  V(AuthDirBadDirCCs,            CSV,      ""),
141
  V(AuthDirBadExit,              LINELIST, NULL),
142
  V(AuthDirBadExitCCs,           CSV,      ""),
143
  V(AuthDirInvalid,              LINELIST, NULL),
144
  V(AuthDirInvalidCCs,           CSV,      ""),
145
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
146
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
147
  V(AuthDirReject,               LINELIST, NULL),
148
  V(AuthDirRejectCCs,            CSV,      ""),
149
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
150
  V(AuthDirListBadDirs,          BOOL,     "0"),
151
  V(AuthDirListBadExits,         BOOL,     "0"),
152
153
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
154
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
155
156
157
158
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
159
160
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
161
162
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
163
  V(BridgePassword,              STRING,   NULL),
164
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
165
  V(BridgeRelay,                 BOOL,     "0"),
166
  V(CellStatistics,              BOOL,     "0"),
167
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
168
  V(CircuitBuildTimeout,         INTERVAL, "0"),
169
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
170
  V(CircuitStreamTimeout,        INTERVAL, "0"),
171
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
172
173
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
174
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
175
  V(ClientRejectInternalAddresses, BOOL,   "1"),
176
  V(ClientTransportPlugin,       LINELIST, NULL),
177
  V(ClientUseIPv6,               BOOL,     "0"),
178
  V(ConsensusParams,             STRING,   NULL),
179
  V(ConnLimit,                   UINT,     "1000"),
180
  V(ConnDirectionStatistics,     BOOL,     "0"),
181
182
183
184
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
185
  VPORT(ControlPort,                 LINELIST, NULL),
186
  V(ControlPortFileGroupReadable,BOOL,     "0"),
187
  V(ControlPortWriteToFile,      FILENAME, NULL),
188
  V(ControlSocket,               LINELIST, NULL),
189
  V(ControlSocketsGroupWritable, BOOL,     "0"),
190
191
192
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
193
  V(CountPrivateBandwidth,       BOOL,     "0"),
194
  V(DataDirectory,               FILENAME, NULL),
195
  OBSOLETE("DebugLogFile"),
196
  V(DisableNetwork,              BOOL,     "0"),
197
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
198
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
199
  V(DirListenAddress,            LINELIST, NULL),
200
  OBSOLETE("DirFetchPeriod"),
201
  V(DirPolicy,                   LINELIST, NULL),
202
  VPORT(DirPort,                     LINELIST, NULL),
203
  V(DirPortFrontPage,            FILENAME, NULL),
204
  OBSOLETE("DirPostPeriod"),
205
206
207
208
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
209
  V(DirReqStatistics,            BOOL,     "1"),
210
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
211
  V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
212
  V(DisableAllSwap,              BOOL,     "0"),
213
  V(DisableDebuggerAttachment,   BOOL,     "1"),
214
  V(DisableIOCP,                 BOOL,     "1"),
215
  V(DynamicDHGroups,             BOOL,     "0"),
216
  VPORT(DNSPort,                     LINELIST, NULL),
217
218
219
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
220
  V(EntryNodes,                  ROUTERSET,   NULL),
221
  V(EntryStatistics,             BOOL,     "0"),
222
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
223
224
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
225
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
226
  V(ExitNodes,                   ROUTERSET, NULL),
227
228
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
229
  V(ExitPortStatistics,          BOOL,     "0"),
230
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
231
  V(ExtraInfoStatistics,         BOOL,     "1"),
232
  V(FallbackDir,                 LINELIST, NULL),
233

valerino's avatar
valerino committed
234
235
236
#if defined (WINCE)
  V(FallbackNetworkstatusFile,   FILENAME, "fallback-consensus"),
#else
237
  V(FallbackNetworkstatusFile,   FILENAME,
238
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
valerino's avatar
valerino committed
239
#endif
240
241
242
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
243
  V(FetchDirInfoEarly,           BOOL,     "0"),
244
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
245
246
247
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
248
  V(FetchV2Networkstatus,        BOOL,     "0"),
249
#ifdef _WIN32
250
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
251
  V(GeoIPv6File,                 FILENAME, "<default>"),
252
#else
253
254
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
255
256
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
257
#endif
258
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
259
  OBSOLETE("Group"),
260
  V(HardwareAccel,               BOOL,     "0"),
261
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
262
263
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
264
  V(HashedControlPassword,       LINELIST, NULL),
265
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
266
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
267
268
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
269
270
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
271
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
272
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
273
  V(HidServAuth,                 LINELIST, NULL),
274
  V(HSAuthoritativeDir,          BOOL,     "0"),
275
  OBSOLETE("HSAuthorityRecordStats"),
276
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
277
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
278
279
280
281
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
282
  V(IPv6Exit,                    BOOL,     "0"),
283
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
284
  V(ServerTransportListenAddr,   LINELIST, NULL),
285
286
287
288
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
289
  OBSOLETE("IgnoreVersion"),
290
291
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
292
  V(LogMessageDomains,           BOOL,     "0"),
293
  OBSOLETE("LinkPadding"),
294
295
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
296
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
297
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
298
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
299
300
301
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
302
  V(MaxClientCircuitsPending,    UINT,     "32"),
303
  V(MaxOnionsPending,            UINT,     "100"),
304
  OBSOLETE("MonthlyAccountingStart"),
305
306
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
307
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
308
  V(NATDListenAddress,           LINELIST, NULL),
309
  VPORT(NATDPort,                    LINELIST, NULL),
310
  V(Nickname,                    STRING,   NULL),
311
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
312
  OBSOLETE("NoPublish"),
313
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
314
  V(NumCPUs,                     UINT,     "0"),
315
316
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
317
  VPORT(ORPort,                      LINELIST, NULL),
318
  V(OutboundBindAddress,         LINELIST,   NULL),
319
320
321
322
323
324
325

  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
  V(PathBiasDisableRate,         DOUBLE,   "-1"),
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),

326
  OBSOLETE("PathlenCoinWeight"),
327
328
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
329
  V(PidFile,                     STRING,   NULL),
330
  V(TestingTorNetwork,           BOOL,     "0"),
331
  V(OptimisticData,              AUTOBOOL, "auto"),
332
333
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
334
  V(PreferTunneledDirConns,      BOOL,     "1"),
335
  V(ProtocolWarnings,            BOOL,     "0"),
336
  V(PublishServerDescriptor,     CSV,      "1"),
337
338
339
340
341
342
343
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
344
  OBSOLETE("RedirectExit"),
345
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
346
  V(RejectPlaintextPorts,        CSV,      ""),
347
348
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
349
350
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
351
352
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
353
  OBSOLETE("RouterFile"),
354
  V(RunAsDaemon,                 BOOL,     "0"),
355
356
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
357
  V(SafeLogging,                 STRING,   "1"),
358
  V(SafeSocks,                   BOOL,     "0"),
359
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
360
361
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
362
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
363
364
365
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
366
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
367
368
369
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
370
  VPORT(SocksPort,                   LINELIST, NULL),
371
  V(SocksTimeout,                INTERVAL, "2 minutes"),
372
  OBSOLETE("StatusFetchPeriod"),
373
  V(StrictNodes,                 BOOL,     "0"),
374
  OBSOLETE("SysLog"),
375
  V(TestSocks,                   BOOL,     "0"),
376
  OBSOLETE("TestVia"),
377
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
378
  V(Tor2webMode,                 BOOL,     "0"),
379
380
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
381
  OBSOLETE("TrafficShaping"),
382
  V(TransListenAddress,          LINELIST, NULL),
383
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
384
  V(TunnelDirConns,              BOOL,     "1"),
385
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
386
  V(UseBridges,                  BOOL,     "0"),
387
  V(UseEntryGuards,              BOOL,     "1"),
388
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
389
  V(User,                        STRING,   NULL),
390
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
391
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
392
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
393
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
394
395
396
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
397
398
399
400
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
401
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
402
  V(V3BandwidthsFile,            FILENAME, NULL),
403
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
404
  V(VirtualAddrNetwork,          STRING,   "127.192.0.0/10"),
405
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
406
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
407
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
408
409
410
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
411
412
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
413
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
414
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
415
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
416
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
417

418
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
419
};
420

421
422
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
423
static const config_var_t testing_tor_network_defaults[] = {
424
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
425
426
427
428
429
430
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
431
  V(ClientRejectInternalAddresses, BOOL,   "0"),
432
  V(CountPrivateBandwidth,       BOOL,     "1"),
433
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
434
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
435
436
437
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
438
439
440
441
442
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
443
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
444
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
445

446
447
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
448

449
#undef VAR
450
#undef V
451
452
#undef OBSOLETE

453
#ifdef _WIN32
454
455
static char *get_windows_conf_root(void);
#endif
456
457
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
458
                            int from_setconf, char **msg);
459
460
461
462
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
463
                                      char **msg);
464
465
466
467
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
468
static int check_nickname_list(const char *lst, const char *name, char **msg);
469

470
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
471
static int parse_client_transport_line(const char *line, int validate_only);
472
473

static int parse_server_transport_line(const char *line, int validate_only);
474
475
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
476
static int parse_dir_authority_line(const char *line,
477
                                 dirinfo_type_t required_type,
478
                                 int validate_only);
479
480
static int parse_dir_fallback_line(const char *line,
                                   int validate_only);
481
static void port_cfg_free(port_cfg_t *port);
482
static int parse_ports(or_options_t *options, int validate_only,
483
                              char **msg_out, int *n_ports_out);
484
485
486
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

487
static int validate_data_directory(or_options_t *options);
488
489
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
490
static int options_init_logs(or_options_t *options, int validate_only);
491

492
static void init_libevent(const or_options_t *options);
493
static int opt_streq(const char *s1, const char *s2);
494
495
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
496
497
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);
498

499
/** Magic value for or_options_t. */
500
501
#define OR_OPTIONS_MAGIC 9090909

502
/** Configuration format for or_options_t. */
503
static config_format_t options_format = {
504
505
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
506
507
508
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
509
  (validate_fn_t)options_validate,
510
  NULL
511
512
};

513
514
515
516
517
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
518
static or_options_t *global_options = NULL;
519
520
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
521
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
522
/** Name of most recently read torrc file. */
523
static char *torrc_fname = NULL;
524
/** Name of the most recently read torrc-defaults file.*/
525
static char *torrc_defaults_fname;
526
527
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
528
/** Contents of most recently read DirPortFrontPage file. */
529
static char *global_dirfrontpagecontents = NULL;
530
531
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
532
533
534
535
536
537
538

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
539

540
541
/** Return the currently configured options. */
or_options_t *
542
get_options_mutable(void)
543
{
544
545
546
  tor_assert(global_options);
  return global_options;
}
547

548
549
550
551
552
553
554
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

555
556
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
557
 * as necessary.  Returns 0 on success, -1 on failure.
558
 */
559
int
560
set_options(or_options_t *new_val, char **msg)
561
{
562
563
564
  int i;
  smartlist_t *elements;
  config_line_t *line;
565
  or_options_t *old_options = global_options;
566
  global_options = new_val;
567
568
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
569
570
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
571
572
573
    global_options = old_options;
    return -1;
  }
574
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
575
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
576
            "Acting on config options left us in a broken state. Dying.");
577
578
    exit(1);
  }
579
580
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
581
  if (old_options && old_options != global_options) {
582
    elements = smartlist_new();
583
    for (i=0; options_format.vars[i].name; ++i) {
584
585
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
586
587
588
589
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
590
591
592
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
593
594
595

        if (line) {
          for (; line; line = line->next) {
596
597
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
598
599
          }
        } else {
600
          smartlist_add(elements, (char*)options_format.vars[i].name);
601
          smartlist_add(elements, NULL);
602
603
604
        }
      }
    }
605
    control_event_conf_changed(elements);
606
607
    smartlist_free(elements);
  }
608
609
610

  if (old_options != global_options)
    config_free(&options_format, old_options);
611
612

  return 0;
613
614
}

615
extern const char tor_git_revision[]; /* from tor_main.c */
616

617
/** The version of this Tor process, as parsed. */
618
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
619
620
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
621
static char *the_short_tor_version = NULL;
622

623
/** Return the current Tor version. */
624
625
626
const char *
get_version(void)
{
627
  if (the_tor_version == NULL) {
628
    if (strlen(tor_git_revision)) {
629
630
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
631
    } else {
632
      the_tor_version = tor_strdup(get_short_version());
633
634
    }
  }
635
  return the_tor_version;
636
637
}

638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

653
654
655
656
657
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
658
659
660
  if (!options)
    return;

661
  routerset_free(options->ExcludeExitNodesUnion_);
662
663
664
665
666
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
667
  tor_free(options->BridgePassword_AuthDigest_);
668
669
670
  config_free(&options_format, options);
}

671
672
/** Release all memory and resources held by global configuration structures.
 */
673
674
675
void
config_free_all(void)
{
676
677
  or_options_free(global_options);
  global_options = NULL;
678
679
  or_options_free(global_default_options);
  global_default_options = NULL;
680
681
682
683

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

684
685
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
686
                      port_cfg_t *, p, tor_free(p));
687
688
    smartlist_free(configured_ports);
    configured_ports = NULL;
689
690
  }

691
  tor_free(torrc_fname);
692
  tor_free(torrc_defaults_fname);
693
  tor_free(the_tor_version);
694
  tor_free(global_dirfrontpagecontents);
695
696
697

  tor_free(the_short_tor_version);
  tor_free(the_tor_version);
698
699
}

700
701
702
703
704
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
705
706
 */
const char *
707
safe_str_client(const char *address)
708
{
709
  tor_assert(address);
710
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
711
712
713
714
715
    return "[scrubbed]";
  else
    return address;
}

716
717
718
719
720
721
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
722
723
 */
const char *
724
725
safe_str(const char *address)
{
726
  tor_assert(address);
727
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
728
729
730
731
732
    return "[scrubbed]";
  else
    return address;
}

733
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
734
735
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
736
const char *
737
escaped_safe_str_client(const char *address)
738
{
739
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
740
741
742
743
744
    return "[scrubbed]";
  else
    return escaped(address);
}

745
/** Equivalent to escaped(safe_str(address)).  See reentrancy note on
746
747
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
748
749
750
const char *
escaped_safe_str(const char *address)
{
751
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
752
753
754
755
756
    return "[scrubbed]";
  else
    return escaped(address);
}