config.c 192 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
15
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
16
#include "circuitlist.h"
17
18
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
19
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
20
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "connection_edge.h"
22
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "control.h"
24
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
26
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dns.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
31
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "networkstatus.h"
33
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "router.h"
40
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "routerlist.h"
42
#include "routerset.h"
43
#include "statefile.h"
44
#include "transports.h"
45
#ifdef _WIN32
46
47
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
48

49
50
51
52
53
#include "procmon.h"

/* From main.c */
extern int quiet_level;

54
55
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
56
static config_abbrev_t _option_abbrevs[] = {
57
58
59
60
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
61
  PLURAL(ExitNode),
62
  PLURAL(EntryNode),
63
64
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
65
  PLURAL(LongLivedPort),
66
67
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
68
  PLURAL(NumCPU),
69
70
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
71
72
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
73
  PLURAL(StrictNode),
74
  { "l", "Log", 1, 0},
75
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
76
77
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
78
79
80
81
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
  { "MaxConn", "ConnLimit", 0, 1},
82
83
84
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
85
86
87
88
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
89
90
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
91
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
92
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
93
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
94
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
95
96
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
97
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
98
99
  { NULL, NULL, 0, 0},
};
100

Nick Mathewson's avatar
Nick Mathewson committed
101
102
103
104
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
105
106
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
107
      initvalue }
108
109
110
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
111
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
112
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
113

114
115
116
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
117
118
119
120
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
121
static config_var_t _option_vars[] = {
122
  OBSOLETE("AccountingMaxKB"),
123
124
125
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
126
  V(AllowDotExit,                BOOL,     "0"),
127
128
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
129
130
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
131
132
133
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
134
  V(AssumeReachable,             BOOL,     "0"),
135
  V(AuthDirBadDir,               LINELIST, NULL),
136
  V(AuthDirBadDirCCs,            CSV,      ""),
137
  V(AuthDirBadExit,              LINELIST, NULL),
138
  V(AuthDirBadExitCCs,           CSV,      ""),
139
  V(AuthDirInvalid,              LINELIST, NULL),
140
  V(AuthDirInvalidCCs,           CSV,      ""),
141
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
142
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
143
  V(AuthDirReject,               LINELIST, NULL),
144
  V(AuthDirRejectCCs,            CSV,      ""),
145
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
146
  V(AuthDirListBadDirs,          BOOL,     "0"),
147
  V(AuthDirListBadExits,         BOOL,     "0"),
148
149
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
150
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
151
152
153
154
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
155
156
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
157
158
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
159
  V(BridgePassword,              STRING,   NULL),
160
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
161
  V(BridgeRelay,                 BOOL,     "0"),
162
  V(CellStatistics,              BOOL,     "0"),
163
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
164
  V(CircuitBuildTimeout,         INTERVAL, "0"),
165
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
166
  V(CircuitStreamTimeout,        INTERVAL, "0"),
167
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
168
169
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
170
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
171
  V(ClientRejectInternalAddresses, BOOL,   "1"),
172
  V(ClientTransportPlugin,       LINELIST, NULL),
173
  V(ClientUseIPv6,               BOOL,     "0"),
174
  V(ConsensusParams,             STRING,   NULL),
175
  V(ConnLimit,                   UINT,     "1000"),
176
  V(ConnDirectionStatistics,     BOOL,     "0"),
177
178
179
180
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
181
  VPORT(ControlPort,                 LINELIST, NULL),
182
  V(ControlPortFileGroupReadable,BOOL,     "0"),
183
  V(ControlPortWriteToFile,      FILENAME, NULL),
184
  V(ControlSocket,               LINELIST, NULL),
185
  V(ControlSocketsGroupWritable, BOOL,     "0"),
186
187
188
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
189
  V(CountPrivateBandwidth,       BOOL,     "0"),
190
  V(DataDirectory,               FILENAME, NULL),
191
  OBSOLETE("DebugLogFile"),
192
  V(DisableNetwork,              BOOL,     "0"),
193
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
194
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
195
  V(DirListenAddress,            LINELIST, NULL),
196
  OBSOLETE("DirFetchPeriod"),
197
  V(DirPolicy,                   LINELIST, NULL),
198
  VPORT(DirPort,                     LINELIST, NULL),
199
  V(DirPortFrontPage,            FILENAME, NULL),
200
  OBSOLETE("DirPostPeriod"),
201
202
203
204
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
205
  V(DirReqStatistics,            BOOL,     "1"),
206
  VAR("DirServer",               LINELIST, DirServers, NULL),
207
  V(DisableAllSwap,              BOOL,     "0"),
208
  V(DisableDebuggerAttachment,   BOOL,     "1"),
209
  V(DisableIOCP,                 BOOL,     "1"),
210
  V(DynamicDHGroups,             BOOL,     "0"),
211
  VPORT(DNSPort,                     LINELIST, NULL),
212
213
214
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
215
  V(EntryNodes,                  ROUTERSET,   NULL),
216
  V(EntryStatistics,             BOOL,     "0"),
217
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
218
219
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
220
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
221
  V(ExitNodes,                   ROUTERSET, NULL),
222
223
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
224
  V(ExitPortStatistics,          BOOL,     "0"),
225
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
226
  V(ExtraInfoStatistics,         BOOL,     "1"),
227

valerino's avatar
valerino committed
228
229
230
#if defined (WINCE)
  V(FallbackNetworkstatusFile,   FILENAME, "fallback-consensus"),
#else
231
  V(FallbackNetworkstatusFile,   FILENAME,
232
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
valerino's avatar
valerino committed
233
#endif
234
235
236
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
237
  V(FetchDirInfoEarly,           BOOL,     "0"),
238
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
239
240
241
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
242
  V(FetchV2Networkstatus,        BOOL,     "0"),
243
#ifdef _WIN32
244
  V(GeoIPFile,                   FILENAME, "<default>"),
245
#else
246
247
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
248
#endif
249
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
250
  OBSOLETE("Group"),
251
  V(HardwareAccel,               BOOL,     "0"),
252
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
253
254
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
255
  V(HashedControlPassword,       LINELIST, NULL),
256
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
257
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
258
259
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
260
261
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
262
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
263
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
264
  V(HidServAuth,                 LINELIST, NULL),
265
  V(HSAuthoritativeDir,          BOOL,     "0"),
266
  OBSOLETE("HSAuthorityRecordStats"),
267
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
268
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
269
270
271
272
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
273
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
274
275
276
277
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
278
  OBSOLETE("IgnoreVersion"),
279
280
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
281
  V(LogMessageDomains,           BOOL,     "0"),
282
  OBSOLETE("LinkPadding"),
283
284
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
285
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
286
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
287
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
288
289
290
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
291
  V(MaxClientCircuitsPending,    UINT,     "32"),
292
  V(MaxOnionsPending,            UINT,     "100"),
293
  OBSOLETE("MonthlyAccountingStart"),
294
295
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
296
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
297
  V(NATDListenAddress,           LINELIST, NULL),
298
  VPORT(NATDPort,                    LINELIST, NULL),
299
  V(Nickname,                    STRING,   NULL),
300
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
301
  OBSOLETE("NoPublish"),
302
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
303
  V(NumCPUs,                     UINT,     "0"),
304
305
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
306
  VPORT(ORPort,                      LINELIST, NULL),
307
  V(OutboundBindAddress,         LINELIST,   NULL),
308
309
310
311
312
313
314

  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
  V(PathBiasDisableRate,         DOUBLE,   "-1"),
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),

315
  OBSOLETE("PathlenCoinWeight"),
316
317
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
318
  V(PidFile,                     STRING,   NULL),
319
  V(TestingTorNetwork,           BOOL,     "0"),
320
  V(OptimisticData,              AUTOBOOL, "auto"),
321
322
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
323
  V(PreferTunneledDirConns,      BOOL,     "1"),
324
  V(ProtocolWarnings,            BOOL,     "0"),
325
  V(PublishServerDescriptor,     CSV,      "1"),
326
327
328
329
330
331
332
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
333
  OBSOLETE("RedirectExit"),
334
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
335
  V(RejectPlaintextPorts,        CSV,      ""),
336
337
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
338
339
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
340
341
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
342
  OBSOLETE("RouterFile"),
343
  V(RunAsDaemon,                 BOOL,     "0"),
344
345
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
346
  V(SafeLogging,                 STRING,   "1"),
347
  V(SafeSocks,                   BOOL,     "0"),
348
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
349
350
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
351
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
352
353
354
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
355
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
356
357
358
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
359
  VPORT(SocksPort,                   LINELIST, NULL),
360
  V(SocksTimeout,                INTERVAL, "2 minutes"),
361
  OBSOLETE("StatusFetchPeriod"),
362
  V(StrictNodes,                 BOOL,     "0"),
363
  OBSOLETE("SysLog"),
364
  V(TestSocks,                   BOOL,     "0"),
365
  OBSOLETE("TestVia"),
366
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
367
  V(Tor2webMode,                 BOOL,     "0"),
368
369
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
370
  OBSOLETE("TrafficShaping"),
371
  V(TransListenAddress,          LINELIST, NULL),
372
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
373
  V(TunnelDirConns,              BOOL,     "1"),
374
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
375
  V(UseBridges,                  BOOL,     "0"),
376
  V(UseEntryGuards,              BOOL,     "1"),
377
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
378
  V(User,                        STRING,   NULL),
379
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
380
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
381
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
382
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
383
384
385
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
386
387
388
389
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
390
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
391
  V(V3BandwidthsFile,            FILENAME, NULL),
392
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
393
  V(VirtualAddrNetwork,          STRING,   "127.192.0.0/10"),
394
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
395
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
396
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
397
398
399
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
400
401
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
402
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
403
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
404
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
405
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "0"),
406

407
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
408
};
409

410
411
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
412
static const config_var_t testing_tor_network_defaults[] = {
413
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
414
415
416
417
418
419
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
420
  V(ClientRejectInternalAddresses, BOOL,   "0"),
421
  V(CountPrivateBandwidth,       BOOL,     "1"),
422
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
423
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
424
425
426
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
427
428
429
430
431
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
432
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
433
  VAR("___UsingTestNetworkDefaults", BOOL, _UsingTestNetworkDefaults, "1"),
434

435
436
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
437

438
#undef VAR
439
#undef V
440
441
#undef OBSOLETE

442
#ifdef _WIN32
443
444
static char *get_windows_conf_root(void);
#endif
445
446
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
447
                            int from_setconf, char **msg);
448
449
450
451
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
452
                                      char **msg);
453
454
455
456
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
457
static int check_nickname_list(const char *lst, const char *name, char **msg);
458

459
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
460
static int parse_client_transport_line(const char *line, int validate_only);
461
462

static int parse_server_transport_line(const char *line, int validate_only);
463
static int parse_dir_server_line(const char *line,
464
                                 dirinfo_type_t required_type,
465
                                 int validate_only);
466
static void port_cfg_free(port_cfg_t *port);
467
static int parse_ports(or_options_t *options, int validate_only,
468
                              char **msg_out, int *n_ports_out);
469
470
471
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

472
static int validate_data_directory(or_options_t *options);
473
474
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
475
static int options_init_logs(or_options_t *options, int validate_only);
476

477
static void init_libevent(const or_options_t *options);
478
static int opt_streq(const char *s1, const char *s2);
479
480
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
481

482
/** Magic value for or_options_t. */
483
484
#define OR_OPTIONS_MAGIC 9090909

485
/** Configuration format for or_options_t. */
486
static config_format_t options_format = {
487
488
489
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
  STRUCT_OFFSET(or_options_t, _magic),
490
491
492
  _option_abbrevs,
  _option_vars,
  (validate_fn_t)options_validate,
493
  NULL
494
495
};

496
497
498
499
500
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
501
static or_options_t *global_options = NULL;
502
503
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
504
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
505
/** Name of most recently read torrc file. */
506
static char *torrc_fname = NULL;
507
/** Name of the most recently read torrc-defaults file.*/
508
static char *torrc_defaults_fname;
509
510
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
511
/** Contents of most recently read DirPortFrontPage file. */
512
static char *global_dirfrontpagecontents = NULL;
513
514
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
515
516
517
518
519
520
521

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
522

523
524
/** Return the currently configured options. */
or_options_t *
525
get_options_mutable(void)
526
{
527
528
529
  tor_assert(global_options);
  return global_options;
}
530

531
532
533
534
535
536
537
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

538
539
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
540
 * as necessary.  Returns 0 on success, -1 on failure.
541
 */
542
int
543
set_options(or_options_t *new_val, char **msg)
544
{
545
546
547
  int i;
  smartlist_t *elements;
  config_line_t *line;
548
  or_options_t *old_options = global_options;
549
  global_options = new_val;
550
551
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
552
553
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
554
555
556
    global_options = old_options;
    return -1;
  }
557
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
558
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
559
            "Acting on config options left us in a broken state. Dying.");
560
561
    exit(1);
  }
562
563
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
564
  if (old_options && old_options != global_options) {
565
    elements = smartlist_new();
566
    for (i=0; options_format.vars[i].name; ++i) {
567
568
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
569
570
571
572
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
573
574
575
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
576
577
578

        if (line) {
          for (; line; line = line->next) {
579
580
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
581
582
          }
        } else {
583
          smartlist_add(elements, (char*)options_format.vars[i].name);
584
          smartlist_add(elements, NULL);
585
586
587
        }
      }
    }
588
    control_event_conf_changed(elements);
589
590
    smartlist_free(elements);
  }
591
592
593

  if (old_options != global_options)
    config_free(&options_format, old_options);
594
595

  return 0;
596
597
}

598
extern const char tor_git_revision[]; /* from tor_main.c */
599

600
/** The version of this Tor process, as parsed. */
601
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
602
603
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
604
static char *the_short_tor_version = NULL;
605

606
/** Return the current Tor version. */
607
608
609
const char *
get_version(void)
{
610
  if (the_tor_version == NULL) {
611
    if (strlen(tor_git_revision)) {
612
613
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
614
    } else {
615
      the_tor_version = tor_strdup(get_short_version());
616
617
    }
  }
618
  return the_tor_version;
619
620
}

621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

636
637
638
639
640
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
641
642
643
  if (!options)
    return;

644
  routerset_free(options->_ExcludeExitNodesUnion);
645
646
647
648
649
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
650
  tor_free(options->_BridgePassword_AuthDigest);
651
652
653
  config_free(&options_format, options);
}

654
655
/** Release all memory and resources held by global configuration structures.
 */
656
657
658
void
config_free_all(void)
{
659
660
  or_options_free(global_options);
  global_options = NULL;
661
662
  or_options_free(global_default_options);
  global_default_options = NULL;
663
664
665
666

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

667
668
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
669
                      port_cfg_t *, p, tor_free(p));
670
671
    smartlist_free(configured_ports);
    configured_ports = NULL;
672
673
  }

674
  tor_free(torrc_fname);
675
  tor_free(torrc_defaults_fname);
676
  tor_free(the_tor_version);
677
  tor_free(global_dirfrontpagecontents);
678
679
}

680
681
682
683
684
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
685
686
 */
const char *
687
safe_str_client(const char *address)
688
{
689
  tor_assert(address);
690
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
691
692
693
694
695
    return "[scrubbed]";
  else
    return address;
}

696
697
698
699
700
701
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
702
703
 */
const char *
704
705
safe_str(const char *address)
{
706
  tor_assert(address);
707
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
708
709
710
711
712
    return "[scrubbed]";
  else
    return address;
}

713
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
714
715
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
716
const char *
717
escaped_safe_str_client(const char *address)
718
{
719
  if (get_options()->_SafeLogging == SAFELOG_SCRUB_ALL)
720
721
722
723
724
    return "[scrubbed]";
  else
    return escaped(address);
}

725
/** Equivalent to escaped(safe_str(address)).  See reentrancy note on
726
727
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
728
729
730
const char *
escaped_safe_str(const char *address)
{
731
  if (get_options()->_SafeLogging != SAFELOG_SCRUB_NONE)
732
733
734
735
736
    return "[scrubbed]";
  else
    return escaped(address);
}

737
738
/** Add the default directory authorities directly into the trusted dir list,
 * but only add them insofar as they share bits with <b>type</b>. */
739
static void
740
add_default_trusted_dir_authorities(dirinfo_type_t type)
741
{
742
  int i;
743
  const char *dirservers[] = {
744
745
746
    "moria1 orport=9101 no-v2 "
      "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
      "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
747
    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
Peter Palfrader's avatar
Peter Palfrader committed
748
      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
Roger Dingledine's avatar
Roger Dingledine committed
749
750
    "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
      "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
751
    "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
752
      "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
753
754
    "turtles orport=9090 no-v2 "
      "v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
755
      "76.73.17.194:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
756
    "gabelmoo orport=443 no-v2 "
757
      "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
758
      "212.112.245.170:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
Roger Dingledine's avatar