config.c 205 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
6

Nick Mathewson's avatar
Nick Mathewson committed
7
/**
8
9
 * \file config.c
 * \brief Code to parse and interpret configuration files.
Nick Mathewson's avatar
Nick Mathewson committed
10
11
 **/

12
13
#define CONFIG_PRIVATE

Roger Dingledine's avatar
Roger Dingledine committed
14
#include "or.h"
15
#include "addressmap.h"
16
#include "channel.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
17
#include "circuitbuild.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
18
#include "circuitlist.h"
19
20
#include "circuitmux.h"
#include "circuitmux_ewma.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
21
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
23
#include "connection_edge.h"
24
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "control.h"
26
#include "confparse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "cpuworker.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "dirvote.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "dns.h"
31
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
35
#include "networkstatus.h"
36
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
42
#include "router.h"
43
#include "util.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
44
#include "routerlist.h"
45
#include "routerset.h"
46
#include "statefile.h"
47
#include "transports.h"
48
#ifdef _WIN32
49
50
#include <shlobj.h>
#endif
Roger Dingledine's avatar
Roger Dingledine committed
51

52
53
54
55
56
#include "procmon.h"

/* From main.c */
extern int quiet_level;

57
58
/** A list of abbreviations and aliases to map command-line options, obsolete
 * option names, or alternative option names, to their current values. */
59
static config_abbrev_t option_abbrevs_[] = {
60
61
62
63
  PLURAL(AuthDirBadDirCC),
  PLURAL(AuthDirBadExitCC),
  PLURAL(AuthDirInvalidCC),
  PLURAL(AuthDirRejectCC),
64
  PLURAL(ExitNode),
65
  PLURAL(EntryNode),
66
67
  PLURAL(ExcludeNode),
  PLURAL(FirewallPort),
68
  PLURAL(LongLivedPort),
69
70
  PLURAL(HiddenServiceNode),
  PLURAL(HiddenServiceExcludeNode),
71
  PLURAL(NumCPU),
72
73
  PLURAL(RendNode),
  PLURAL(RendExcludeNode),
74
75
  PLURAL(StrictEntryNode),
  PLURAL(StrictExitNode),
76
  PLURAL(StrictNode),
77
  { "l", "Log", 1, 0},
78
  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
79
80
  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
81
82
83
  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
84
  { "DirServer", "DirAuthority", 0, 0}, /* XXXX024 later, make this warn? */
85
  { "MaxConn", "ConnLimit", 0, 1},
86
87
88
  { "ORBindAddress", "ORListenAddress", 0, 0},
  { "DirBindAddress", "DirListenAddress", 0, 0},
  { "SocksBindAddress", "SocksListenAddress", 0, 0},
89
90
91
92
  { "UseHelperNodes", "UseEntryGuards", 0, 0},
  { "NumHelperNodes", "NumEntryGuards", 0, 0},
  { "UseEntryNodes", "UseEntryGuards", 0, 0},
  { "NumEntryNodes", "NumEntryGuards", 0, 0},
93
94
  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
95
  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
96
  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
97
  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
98
  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
99
100
  { "StrictEntryNodes", "StrictNodes", 0, 1},
  { "StrictExitNodes", "StrictNodes", 0, 1},
101
  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
102
  { "_UseFilteringSSLBufferevents", "UseFilteringSSLBufferevents", 0, 1},
103
104
  { NULL, NULL, 0, 0},
};
105

Nick Mathewson's avatar
Nick Mathewson committed
106
107
108
109
/** An entry for config_vars: "The option <b>name</b> has type
 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
 * or_options_t.<b>member</b>"
 */
110
111
#define VAR(name,conftype,member,initvalue)                             \
  { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
112
      initvalue }
113
114
115
/** As VAR, but the option name and member name are the same. */
#define V(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member, initvalue)
Nick Mathewson's avatar
Nick Mathewson committed
116
/** An entry for config_vars: "The option <b>name</b> is obsolete." */
117
#define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
118

119
120
121
#define VPORT(member,conftype,initvalue)                                    \
  VAR(#member, conftype, member ## _lines, initvalue)

Nick Mathewson's avatar
Nick Mathewson committed
122
123
124
125
/** Array of configuration options.  Until we disallow nonstandard
 * abbreviations, order is significant, since the first matching option will
 * be chosen first.
 */
126
static config_var_t option_vars_[] = {
127
  OBSOLETE("AccountingMaxKB"),
128
129
130
  V(AccountingMax,               MEMUNIT,  "0 bytes"),
  V(AccountingStart,             STRING,   NULL),
  V(Address,                     STRING,   NULL),
131
  V(AllowDotExit,                BOOL,     "0"),
132
133
  V(AllowInvalidNodes,           CSV,      "middle,rendezvous"),
  V(AllowNonRFC953Hostnames,     BOOL,     "0"),
134
135
  V(AllowSingleHopCircuits,      BOOL,     "0"),
  V(AllowSingleHopExits,         BOOL,     "0"),
136
137
138
  V(AlternateBridgeAuthority,    LINELIST, NULL),
  V(AlternateDirAuthority,       LINELIST, NULL),
  V(AlternateHSAuthority,        LINELIST, NULL),
139
  V(AssumeReachable,             BOOL,     "0"),
140
  V(AuthDirBadDir,               LINELIST, NULL),
141
  V(AuthDirBadDirCCs,            CSV,      ""),
142
  V(AuthDirBadExit,              LINELIST, NULL),
143
  V(AuthDirBadExitCCs,           CSV,      ""),
144
  V(AuthDirInvalid,              LINELIST, NULL),
145
  V(AuthDirInvalidCCs,           CSV,      ""),
146
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
147
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "250 KB"),
148
  V(AuthDirReject,               LINELIST, NULL),
149
  V(AuthDirRejectCCs,            CSV,      ""),
150
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
151
  V(AuthDirListBadDirs,          BOOL,     "0"),
152
  V(AuthDirListBadExits,         BOOL,     "0"),
153
154
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
155
  V(AuthDirHasIPv6Connectivity,  BOOL,     "0"),
156
157
158
159
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
  V(AvoidDiskWrites,             BOOL,     "0"),
160
161
  V(BandwidthBurst,              MEMUNIT,  "1 GB"),
  V(BandwidthRate,               MEMUNIT,  "1 GB"),
162
163
  V(BridgeAuthoritativeDir,      BOOL,     "0"),
  VAR("Bridge",                  LINELIST, Bridges,    NULL),
164
  V(BridgePassword,              STRING,   NULL),
165
  V(BridgeRecordUsageByCountry,  BOOL,     "1"),
166
  V(BridgeRelay,                 BOOL,     "0"),
167
  V(CellStatistics,              BOOL,     "0"),
168
  V(LearnCircuitBuildTimeout,    BOOL,     "1"),
169
  V(CircuitBuildTimeout,         INTERVAL, "0"),
170
  V(CircuitIdleTimeout,          INTERVAL, "1 hour"),
171
  V(CircuitStreamTimeout,        INTERVAL, "0"),
172
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
173
174
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
  V(ClientOnly,                  BOOL,     "0"),
175
  V(ClientPreferIPv6ORPort,      BOOL,     "0"),
176
  V(ClientRejectInternalAddresses, BOOL,   "1"),
177
  V(ClientTransportPlugin,       LINELIST, NULL),
178
  V(ClientUseIPv6,               BOOL,     "0"),
179
  V(ConsensusParams,             STRING,   NULL),
180
  V(ConnLimit,                   UINT,     "1000"),
181
  V(ConnDirectionStatistics,     BOOL,     "0"),
182
183
184
185
  V(ConstrainedSockets,          BOOL,     "0"),
  V(ConstrainedSockSize,         MEMUNIT,  "8192"),
  V(ContactInfo,                 STRING,   NULL),
  V(ControlListenAddress,        LINELIST, NULL),
186
  VPORT(ControlPort,                 LINELIST, NULL),
187
  V(ControlPortFileGroupReadable,BOOL,     "0"),
188
  V(ControlPortWriteToFile,      FILENAME, NULL),
189
  V(ControlSocket,               LINELIST, NULL),
190
  V(ControlSocketsGroupWritable, BOOL,     "0"),
191
192
193
  V(CookieAuthentication,        BOOL,     "0"),
  V(CookieAuthFileGroupReadable, BOOL,     "0"),
  V(CookieAuthFile,              STRING,   NULL),
194
  V(CountPrivateBandwidth,       BOOL,     "0"),
195
  V(DataDirectory,               FILENAME, NULL),
196
  OBSOLETE("DebugLogFile"),
197
  V(DisableNetwork,              BOOL,     "0"),
198
  V(DirAllowPrivateAddresses,    BOOL,     "0"),
199
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
200
  V(DirListenAddress,            LINELIST, NULL),
201
  OBSOLETE("DirFetchPeriod"),
202
  V(DirPolicy,                   LINELIST, NULL),
203
  VPORT(DirPort,                     LINELIST, NULL),
204
  V(DirPortFrontPage,            FILENAME, NULL),
205
  OBSOLETE("DirPostPeriod"),
206
207
208
209
  OBSOLETE("DirRecordUsageByCountry"),
  OBSOLETE("DirRecordUsageGranularity"),
  OBSOLETE("DirRecordUsageRetainIPs"),
  OBSOLETE("DirRecordUsageSaveInterval"),
210
  V(DirReqStatistics,            BOOL,     "1"),
211
  VAR("DirAuthority",            LINELIST, DirAuthorities, NULL),
212
  V(DirAuthorityFallbackRate,    DOUBLE,   "1.0"),
213
  V(DisableAllSwap,              BOOL,     "0"),
214
  V(DisableDebuggerAttachment,   BOOL,     "1"),
215
  V(DisableIOCP,                 BOOL,     "1"),
216
  V(DynamicDHGroups,             BOOL,     "0"),
217
  VPORT(DNSPort,                     LINELIST, NULL),
218
219
220
  V(DNSListenAddress,            LINELIST, NULL),
  V(DownloadExtraInfo,           BOOL,     "0"),
  V(EnforceDistinctSubnets,      BOOL,     "1"),
221
  V(EntryNodes,                  ROUTERSET,   NULL),
222
  V(EntryStatistics,             BOOL,     "0"),
223
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
224
225
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
226
  V(ExcludeSingleHopRelays,      BOOL,     "1"),
227
  V(ExitNodes,                   ROUTERSET, NULL),
228
229
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
230
  V(ExitPortStatistics,          BOOL,     "0"),
231
  V(ExtendAllowPrivateAddresses, BOOL,     "0"),
232
  V(ExtraInfoStatistics,         BOOL,     "1"),
233
  V(FallbackDir,                 LINELIST, NULL),
234

235
  OBSOLETE("FallbackNetworkstatusFile"),
236
237
238
  V(FascistFirewall,             BOOL,     "0"),
  V(FirewallPorts,               CSV,      ""),
  V(FastFirstHopPK,              BOOL,     "1"),
239
  V(FetchDirInfoEarly,           BOOL,     "0"),
240
  V(FetchDirInfoExtraEarly,      BOOL,     "0"),
241
242
243
  V(FetchServerDescriptors,      BOOL,     "1"),
  V(FetchHidServDescriptors,     BOOL,     "1"),
  V(FetchUselessDescriptors,     BOOL,     "0"),
244
  V(FetchV2Networkstatus,        BOOL,     "0"),
245
#ifdef _WIN32
246
  V(GeoIPFile,                   FILENAME, "<default>"),
nils's avatar
nils committed
247
  V(GeoIPv6File,                 FILENAME, "<default>"),
248
#else
249
250
  V(GeoIPFile,                   FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
nils's avatar
nils committed
251
252
  V(GeoIPv6File,                 FILENAME,
    SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
253
#endif
254
  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
255
  OBSOLETE("Group"),
256
  V(HardwareAccel,               BOOL,     "0"),
257
  V(HeartbeatPeriod,             INTERVAL, "6 hours"),
258
259
  V(AccelName,                   STRING,   NULL),
  V(AccelDir,                    FILENAME, NULL),
260
  V(HashedControlPassword,       LINELIST, NULL),
261
  V(HidServDirectoryV2,          BOOL,     "1"),
Nick Mathewson's avatar
Nick Mathewson committed
262
  VAR("HiddenServiceDir",    LINELIST_S, RendConfigLines,    NULL),
263
264
  OBSOLETE("HiddenServiceExcludeNodes"),
  OBSOLETE("HiddenServiceNodes"),
Nick Mathewson's avatar
Nick Mathewson committed
265
266
  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
  VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
267
  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines,    NULL),
268
  VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
269
  V(HidServAuth,                 LINELIST, NULL),
270
  V(HSAuthoritativeDir,          BOOL,     "0"),
271
  OBSOLETE("HSAuthorityRecordStats"),
272
  V(CloseHSClientCircuitsImmediatelyOnTimeout, BOOL, "0"),
273
  V(CloseHSServiceRendCircuitsImmediatelyOnTimeout, BOOL, "0"),
274
275
276
277
  V(HTTPProxy,                   STRING,   NULL),
  V(HTTPProxyAuthenticator,      STRING,   NULL),
  V(HTTPSProxy,                  STRING,   NULL),
  V(HTTPSProxyAuthenticator,     STRING,   NULL),
278
  V(IPv6Exit,                    BOOL,     "0"),
279
  VAR("ServerTransportPlugin",   LINELIST, ServerTransportPlugin,  NULL),
280
  V(ServerTransportListenAddr,   LINELIST, NULL),
281
282
283
284
  V(Socks4Proxy,                 STRING,   NULL),
  V(Socks5Proxy,                 STRING,   NULL),
  V(Socks5ProxyUsername,         STRING,   NULL),
  V(Socks5ProxyPassword,         STRING,   NULL),
285
  OBSOLETE("IgnoreVersion"),
286
287
  V(KeepalivePeriod,             INTERVAL, "5 minutes"),
  VAR("Log",                     LINELIST, Logs,             NULL),
288
  V(LogMessageDomains,           BOOL,     "0"),
289
  OBSOLETE("LinkPadding"),
290
291
  OBSOLETE("LogLevel"),
  OBSOLETE("LogFile"),
292
  V(LogTimeGranularity,          MSEC_INTERVAL, "1 second"),
293
  V(LongLivedPorts,              CSV,
Nick Mathewson's avatar
Nick Mathewson committed
294
        "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
295
296
297
  VAR("MapAddress",              LINELIST, AddressMap,           NULL),
  V(MaxAdvertisedBandwidth,      MEMUNIT,  "1 GB"),
  V(MaxCircuitDirtiness,         INTERVAL, "10 minutes"),
298
  V(MaxClientCircuitsPending,    UINT,     "32"),
299
  V(MaxOnionsPending,            UINT,     "100"),
300
  OBSOLETE("MonthlyAccountingStart"),
301
302
  V(MyFamily,                    STRING,   NULL),
  V(NewCircuitPeriod,            INTERVAL, "30 seconds"),
303
  VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
304
  V(NATDListenAddress,           LINELIST, NULL),
305
  VPORT(NATDPort,                    LINELIST, NULL),
306
  V(Nickname,                    STRING,   NULL),
307
  V(WarnUnsafeSocks,              BOOL,     "1"),
Sebastian Hahn's avatar
Sebastian Hahn committed
308
  OBSOLETE("NoPublish"),
309
  VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
310
  V(NumCPUs,                     UINT,     "0"),
311
  V(NumDirectoryGuards,          UINT,     "3"),
312
313
  V(NumEntryGuards,              UINT,     "3"),
  V(ORListenAddress,             LINELIST, NULL),
314
  VPORT(ORPort,                      LINELIST, NULL),
315
  V(OutboundBindAddress,         LINELIST,   NULL),
316

317
  OBSOLETE("PathBiasDisableRate"),
318
319
  V(PathBiasCircThreshold,       INT,      "-1"),
  V(PathBiasNoticeRate,          DOUBLE,   "-1"),
320
  V(PathBiasWarnRate,            DOUBLE,   "-1"),
321
  V(PathBiasExtremeRate,         DOUBLE,   "-1"),
322
323
  V(PathBiasScaleThreshold,      INT,      "-1"),
  V(PathBiasScaleFactor,         INT,      "-1"),
324
  V(PathBiasMultFactor,          INT,      "-1"),
325
326
  V(PathBiasDropGuards,          AUTOBOOL, "0"),
  V(PathBiasUseCloseCounts,      AUTOBOOL, "1"),
327

328
  OBSOLETE("PathlenCoinWeight"),
329
330
  V(PerConnBWBurst,              MEMUNIT,  "0"),
  V(PerConnBWRate,               MEMUNIT,  "0"),
331
  V(PidFile,                     STRING,   NULL),
332
  V(TestingTorNetwork,           BOOL,     "0"),
333
  V(OptimisticData,              AUTOBOOL, "auto"),
334
335
  V(PortForwarding,              BOOL,     "0"),
  V(PortForwardingHelper,        FILENAME, "tor-fw-helper"),
Roger Dingledine's avatar
Roger Dingledine committed
336
  V(PreferTunneledDirConns,      BOOL,     "1"),
337
  V(ProtocolWarnings,            BOOL,     "0"),
338
  V(PublishServerDescriptor,     CSV,      "1"),
339
340
341
342
343
344
345
  V(PublishHidServDescriptors,   BOOL,     "1"),
  V(ReachableAddresses,          LINELIST, NULL),
  V(ReachableDirAddresses,       LINELIST, NULL),
  V(ReachableORAddresses,        LINELIST, NULL),
  V(RecommendedVersions,         LINELIST, NULL),
  V(RecommendedClientVersions,   LINELIST, NULL),
  V(RecommendedServerVersions,   LINELIST, NULL),
346
  OBSOLETE("RedirectExit"),
347
  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
348
  V(RejectPlaintextPorts,        CSV,      ""),
349
350
  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  V(RelayBandwidthRate,          MEMUNIT,  "0"),
351
352
  OBSOLETE("RendExcludeNodes"),
  OBSOLETE("RendNodes"),
353
354
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
355
  OBSOLETE("RouterFile"),
356
  V(RunAsDaemon,                 BOOL,     "0"),
357
358
//  V(RunTesting,                  BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
359
  V(SafeLogging,                 STRING,   "1"),
360
  V(SafeSocks,                   BOOL,     "0"),
361
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
362
363
  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
  V(ServerDNSDetectHijacking,    BOOL,     "1"),
364
  V(ServerDNSRandomizeCase,      BOOL,     "1"),
365
366
367
  V(ServerDNSResolvConfFile,     STRING,   NULL),
  V(ServerDNSSearchDomains,      BOOL,     "0"),
  V(ServerDNSTestAddresses,      CSV,
368
      "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
369
370
371
  V(ShutdownWaitLength,          INTERVAL, "30 seconds"),
  V(SocksListenAddress,          LINELIST, NULL),
  V(SocksPolicy,                 LINELIST, NULL),
372
  VPORT(SocksPort,                   LINELIST, NULL),
373
  V(SocksTimeout,                INTERVAL, "2 minutes"),
374
  OBSOLETE("StatusFetchPeriod"),
375
  V(StrictNodes,                 BOOL,     "0"),
376
  OBSOLETE("SysLog"),
377
  V(TestSocks,                   BOOL,     "0"),
378
  OBSOLETE("TestVia"),
379
  V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
380
  V(Tor2webMode,                 BOOL,     "0"),
381
  V(TLSECGroup,                  STRING,   NULL),
382
383
  V(TrackHostExits,              CSV,      NULL),
  V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
384
  OBSOLETE("TrafficShaping"),
385
  V(TransListenAddress,          LINELIST, NULL),
386
  VPORT(TransPort,                   LINELIST, NULL),
Roger Dingledine's avatar
Roger Dingledine committed
387
  V(TunnelDirConns,              BOOL,     "1"),
388
  V(UpdateBridgesFromAuthority,  BOOL,     "0"),
389
  V(UseBridges,                  BOOL,     "0"),
390
  V(UseEntryGuards,              BOOL,     "1"),
391
  V(UseEntryGuardsAsDirGuards,   BOOL,     "1"),
392
  V(UseMicrodescriptors,         AUTOBOOL, "auto"),
393
  V(UseNTorHandshake,            AUTOBOOL, "auto"),
394
  V(User,                        STRING,   NULL),
395
  V(UserspaceIOCPBuffers,        BOOL,     "0"),
396
  VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir,   "0"),
397
  VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir,   "0"),
398
  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir,   "0"),
399
400
401
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
402
403
404
405
  V(V3AuthVotingInterval,        INTERVAL, "1 hour"),
  V(V3AuthVoteDelay,             INTERVAL, "5 minutes"),
  V(V3AuthDistDelay,             INTERVAL, "5 minutes"),
  V(V3AuthNIntervalsValid,       UINT,     "3"),
406
  V(V3AuthUseLegacyKey,          BOOL,     "0"),
407
  V(V3BandwidthsFile,            FILENAME, NULL),
408
  VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
409
410
  V(VirtualAddrNetworkIPv4,      STRING,   "127.192.0.0/10"),
  V(VirtualAddrNetworkIPv6,      STRING,   "[FE80::]/10"),
411
  V(WarnPlaintextPorts,          CSV,      "23,109,110,143"),
412
  V(UseFilteringSSLBufferevents, BOOL,    "0"),
413
  VAR("__ReloadTorrcOnSIGHUP",   BOOL,  ReloadTorrcOnSIGHUP,      "1"),
414
415
416
  VAR("__AllDirActionsPrivate",  BOOL,  AllDirActionsPrivate,     "0"),
  VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
  VAR("__LeaveStreamsUnattached",BOOL,  LeaveStreamsUnattached,   "0"),
417
418
  VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
      NULL),
419
  VAR("__OwningControllerProcess",STRING,OwningControllerProcess, NULL),
420
  V(MinUptimeHidServDirectoryV2, INTERVAL, "25 hours"),
421
  V(VoteOnHidServDirectoriesV2,  BOOL,     "1"),
422
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "0"),
423

424
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
425
};
426

427
428
/** Override default values with these if the user sets the TestingTorNetwork
 * option. */
429
static const config_var_t testing_tor_network_defaults[] = {
430
  V(ServerDNSAllowBrokenConfig,  BOOL,     "1"),
431
432
433
434
435
436
  V(DirAllowPrivateAddresses,    BOOL,     "1"),
  V(EnforceDistinctSubnets,      BOOL,     "0"),
  V(AssumeReachable,             BOOL,     "1"),
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
437
  V(ClientRejectInternalAddresses, BOOL,   "0"),
438
  V(CountPrivateBandwidth,       BOOL,     "1"),
439
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
440
  V(ExtendAllowPrivateAddresses, BOOL,     "1"),
441
442
443
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),
  V(V3AuthDistDelay,             INTERVAL, "20 seconds"),
444
445
446
447
448
  V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
  V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
  V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
  V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
449
  V(MinUptimeHidServDirectoryV2, INTERVAL, "0 minutes"),
450
  VAR("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_, "1"),
451

452
453
  { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
};
454

455
#undef VAR
456
#undef V
457
458
#undef OBSOLETE

459
#ifdef _WIN32
460
461
static char *get_windows_conf_root(void);
#endif
462
463
static int options_validate(or_options_t *old_options,
                            or_options_t *options,
464
                            int from_setconf, char **msg);
465
466
467
468
static int options_act_reversible(const or_options_t *old_options, char **msg);
static int options_act(const or_options_t *old_options);
static int options_transition_allowed(const or_options_t *old,
                                      const or_options_t *new,
469
                                      char **msg);
470
471
472
473
static int options_transition_affects_workers(
      const or_options_t *old_options, const or_options_t *new_options);
static int options_transition_affects_descriptor(
      const or_options_t *old_options, const or_options_t *new_options);
474
static int check_nickname_list(const char *lst, const char *name, char **msg);
475

476
static int parse_bridge_line(const char *line, int validate_only);
George Kadianakis's avatar
George Kadianakis committed
477
static int parse_client_transport_line(const char *line, int validate_only);
478
479

static int parse_server_transport_line(const char *line, int validate_only);
480
481
static char *get_bindaddr_from_transport_listen_line(const char *line,
                                                     const char *transport);
482
static int parse_dir_authority_line(const char *line,
483
                                 dirinfo_type_t required_type,
484
                                 int validate_only);
485
486
static int parse_dir_fallback_line(const char *line,
                                   int validate_only);
487
static void port_cfg_free(port_cfg_t *port);
488
static int parse_ports(or_options_t *options, int validate_only,
489
                              char **msg_out, int *n_ports_out);
490
491
492
static int check_server_ports(const smartlist_t *ports,
                              const or_options_t *options);

493
static int validate_data_directory(or_options_t *options);
494
495
static int write_configuration_file(const char *fname,
                                    const or_options_t *options);
496
static int options_init_logs(or_options_t *options, int validate_only);
497

498
static void init_libevent(const or_options_t *options);
499
static int opt_streq(const char *s1, const char *s2);
500
501
static int parse_outbound_addresses(or_options_t *options, int validate_only,
                                    char **msg);
Linus Nordberg's avatar
Linus Nordberg committed
502
503
static void config_maybe_load_geoip_files_(const or_options_t *options,
                                           const or_options_t *old_options);
504

505
/** Magic value for or_options_t. */
506
507
#define OR_OPTIONS_MAGIC 9090909

508
/** Configuration format for or_options_t. */
509
static config_format_t options_format = {
510
511
  sizeof(or_options_t),
  OR_OPTIONS_MAGIC,
512
513
514
  STRUCT_OFFSET(or_options_t, magic_),
  option_abbrevs_,
  option_vars_,
515
  (validate_fn_t)options_validate,
516
  NULL
517
518
};

519
520
521
522
523
/*
 * Functions to read and write the global options pointer.
 */

/** Command-line and config-file options. */
524
static or_options_t *global_options = NULL;
525
526
/** The fallback options_t object; this is where we look for options not
 * in torrc before we fall back to Tor's defaults. */
527
static or_options_t *global_default_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
528
/** Name of most recently read torrc file. */
529
static char *torrc_fname = NULL;
530
/** Name of the most recently read torrc-defaults file.*/
531
static char *torrc_defaults_fname;
532
533
/** Configuration Options set by command line. */
static config_line_t *global_cmdline_options = NULL;
Roger Dingledine's avatar
Roger Dingledine committed
534
/** Contents of most recently read DirPortFrontPage file. */
535
static char *global_dirfrontpagecontents = NULL;
536
537
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
538
539
540
541
542
543
544

/** Return the contents of our frontpage string, or NULL if not configured. */
const char *
get_dirportfrontpage(void)
{
  return global_dirfrontpagecontents;
}
545

546
547
/** Return the currently configured options. */
or_options_t *
548
get_options_mutable(void)
549
{
550
551
552
  tor_assert(global_options);
  return global_options;
}
553

554
555
556
557
558
559
560
/** Returns the currently configured options */
const or_options_t *
get_options(void)
{
  return get_options_mutable();
}

561
562
/** Change the current global options to contain <b>new_val</b> instead of
 * their current value; take action based on the new value; free the old value
563
 * as necessary.  Returns 0 on success, -1 on failure.
564
 */
565
int
566
set_options(or_options_t *new_val, char **msg)
567
{
568
569
570
  int i;
  smartlist_t *elements;
  config_line_t *line;
571
  or_options_t *old_options = global_options;
572
  global_options = new_val;
573
574
  /* Note that we pass the *old* options below, for comparison. It
   * pulls the new options directly out of global_options. */
575
576
  if (options_act_reversible(old_options, msg)<0) {
    tor_assert(*msg);
577
578
579
    global_options = old_options;
    return -1;
  }
580
  if (options_act(old_options) < 0) { /* acting on the options failed. die. */
581
    log_err(LD_BUG,
Roger Dingledine's avatar
Roger Dingledine committed
582
            "Acting on config options left us in a broken state. Dying.");
583
584
    exit(1);
  }
585
586
  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
   * just starting up then the old_options will be undefined. */
587
  if (old_options && old_options != global_options) {
588
    elements = smartlist_new();
589
    for (i=0; options_format.vars[i].name; ++i) {
590
591
      const config_var_t *var = &options_format.vars[i];
      const char *var_name = var->name;
592
593
594
595
      if (var->type == CONFIG_TYPE_LINELIST_S ||
          var->type == CONFIG_TYPE_OBSOLETE) {
        continue;
      }
596
597
598
      if (!config_is_same(&options_format, new_val, old_options, var_name)) {
        line = config_get_assigned_option(&options_format, new_val,
                                          var_name, 1);
599
600
601

        if (line) {
          for (; line; line = line->next) {
602
603
            smartlist_add(elements, line->key);
            smartlist_add(elements, line->value);
604
605
          }
        } else {
606
          smartlist_add(elements, (char*)options_format.vars[i].name);
607
          smartlist_add(elements, NULL);
608
609
610
        }
      }
    }
611
    control_event_conf_changed(elements);
612
613
    smartlist_free(elements);
  }
614
615
616

  if (old_options != global_options)
    config_free(&options_format, old_options);
617
618

  return 0;
619
620
}

621
extern const char tor_git_revision[]; /* from tor_main.c */
622

623
/** The version of this Tor process, as parsed. */
624
static char *the_tor_version = NULL;
Nick Mathewson's avatar
Nick Mathewson committed
625
626
/** A shorter version of this Tor process's version, for export in our router
 *  descriptor.  (Does not include the git version, if any.) */
627
static char *the_short_tor_version = NULL;
628

629
/** Return the current Tor version. */
630
631
632
const char *
get_version(void)
{
633
  if (the_tor_version == NULL) {
634
    if (strlen(tor_git_revision)) {
635
636
      tor_asprintf(&the_tor_version, "%s (git-%s)", get_short_version(),
                   tor_git_revision);
637
    } else {
638
      the_tor_version = tor_strdup(get_short_version());
639
640
    }
  }
641
  return the_tor_version;
642
643
}

644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
/** Return the current Tor version, without any git tag. */
const char *
get_short_version(void)
{

  if (the_short_tor_version == NULL) {
#ifdef TOR_BUILD_TAG
    tor_asprintf(&the_short_tor_version, "%s (%s)", VERSION, TOR_BUILD_TAG);
#else
    the_short_tor_version = tor_strdup(VERSION);
#endif
  }
  return the_short_tor_version;
}

659
660
661
662
663
/** Release additional memory allocated in options
 */
static void
or_options_free(or_options_t *options)
{
664
665
666
  if (!options)
    return;

667
  routerset_free(options->ExcludeExitNodesUnion_);
668
669
670
671
672
  if (options->NodeFamilySets) {
    SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
                      rs, routerset_free(rs));
    smartlist_free(options->NodeFamilySets);
  }
673
  tor_free(options->BridgePassword_AuthDigest_);
674
675
676
  config_free(&options_format, options);
}

677
678
/** Release all memory and resources held by global configuration structures.
 */
679
680
681
void
config_free_all(void)
{
682
683
  or_options_free(global_options);
  global_options = NULL;
684
685
  or_options_free(global_default_options);
  global_default_options = NULL;
686
687
688
689

  config_free_lines(global_cmdline_options);
  global_cmdline_options = NULL;

690
691
  if (configured_ports) {
    SMARTLIST_FOREACH(configured_ports,
692
                      port_cfg_t *, p, port_cfg_free(p));
693
694
    smartlist_free(configured_ports);
    configured_ports = NULL;
695
696
  }

697
  tor_free(torrc_fname);
698
  tor_free(torrc_defaults_fname);
699
  tor_free(the_tor_version);
700
  tor_free(global_dirfrontpagecontents);
701
702
703

  tor_free(the_short_tor_version);
  tor_free(the_tor_version);
704
705
}

706
707
708
709
710
/** Make <b>address</b> -- a piece of information related to our operation as
 * a client -- safe to log according to the settings in options->SafeLogging,
 * and return it.
 *
 * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
711
712
 */
const char *
713
safe_str_client(const char *address)
714
{
715
  tor_assert(address);
716
  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
717
718
719
720
721
    return "[scrubbed]";
  else
    return address;
}

722
723
724
725
726
727
/** Make <b>address</b> -- a piece of information of unspecified sensitivity
 * -- safe to log according to the settings in options->SafeLogging, and
 * return it.
 *
 * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
 * otherwise.)
728
729
 */
const char *
730
731
safe_str(const char *address)
{
732
  tor_assert(address);
733
  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
734
735
736
737
738
    return "[scrubbed]";
  else
    return address;
}

739
/** Equivalent to escaped(safe_str_client(address)).  See reentrancy note on
740
741
 * escaped(): don't use this outside the main thread, or twice in the same
 * log statement. */
742
const char *
743
escaped_safe_str_client(const char *address)