Make "HashedControlPassword" an alias for "__HashedControlSessionPassword"
[tor.git] / src / or / config.c
blob0e21c596c1aa6b867e296af6d22d7a1aefbd709b
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2008, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 /* $Id$ */
7 const char config_c_id[] = \
8 "$Id$";
10 /**
11 * \file config.c
12 * \brief Code to parse and interpret configuration files.
13 **/
15 #define CONFIG_PRIVATE
17 #include "or.h"
18 #ifdef MS_WINDOWS
19 #include <shlobj.h>
20 #endif
22 /** Enumeration of types which option values can take */
23 typedef enum config_type_t {
24 CONFIG_TYPE_STRING = 0, /**< An arbitrary string. */
25 CONFIG_TYPE_UINT, /**< A non-negative integer less than MAX_INT */
26 CONFIG_TYPE_INTERVAL, /**< A number of seconds, with optional units*/
27 CONFIG_TYPE_MEMUNIT, /**< A number of bytes, with optional units*/
28 CONFIG_TYPE_DOUBLE, /**< A floating-point value */
29 CONFIG_TYPE_BOOL, /**< A boolean value, expressed as 0 or 1. */
30 CONFIG_TYPE_ISOTIME, /**< An ISO-formated time relative to GMT. */
31 CONFIG_TYPE_CSV, /**< A list of strings, separated by commas and
32 * optional whitespace. */
33 CONFIG_TYPE_LINELIST, /**< Uninterpreted config lines */
34 CONFIG_TYPE_LINELIST_S, /**< Uninterpreted, context-sensitive config lines,
35 * mixed with other keywords. */
36 CONFIG_TYPE_LINELIST_V, /**< Catch-all "virtual" option to summarize
37 * context-sensitive config lines when fetching.
39 CONFIG_TYPE_OBSOLETE, /**< Obsolete (ignored) option. */
40 } config_type_t;
42 /** An abbreviation for a configuration option allowed on the command line. */
43 typedef struct config_abbrev_t {
44 const char *abbreviated;
45 const char *full;
46 int commandline_only;
47 int warn;
48 } config_abbrev_t;
50 /* Handy macro for declaring "In the config file or on the command line,
51 * you can abbreviate <b>tok</b>s as <b>tok</b>". */
52 #define PLURAL(tok) { #tok, #tok "s", 0, 0 }
54 /* A list of command-line abbreviations. */
55 static config_abbrev_t _option_abbrevs[] = {
56 PLURAL(ExitNode),
57 PLURAL(EntryNode),
58 PLURAL(ExcludeNode),
59 PLURAL(FirewallPort),
60 PLURAL(LongLivedPort),
61 PLURAL(HiddenServiceNode),
62 PLURAL(HiddenServiceExcludeNode),
63 PLURAL(NumCpu),
64 PLURAL(RendNode),
65 PLURAL(RendExcludeNode),
66 PLURAL(StrictEntryNode),
67 PLURAL(StrictExitNode),
68 { "l", "Log", 1, 0},
69 { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
70 { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
71 { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
72 { "BandwidthRateBytes", "BandwidthRate", 0, 0},
73 { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
74 { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
75 { "MaxConn", "ConnLimit", 0, 1},
76 { "ORBindAddress", "ORListenAddress", 0, 0},
77 { "DirBindAddress", "DirListenAddress", 0, 0},
78 { "SocksBindAddress", "SocksListenAddress", 0, 0},
79 { "UseHelperNodes", "UseEntryGuards", 0, 0},
80 { "NumHelperNodes", "NumEntryGuards", 0, 0},
81 { "UseEntryNodes", "UseEntryGuards", 0, 0},
82 { "NumEntryNodes", "NumEntryGuards", 0, 0},
83 { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
84 { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
85 { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
86 { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
87 { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
88 { NULL, NULL, 0, 0},
90 /* A list of state-file abbreviations, for compatibility. */
91 static config_abbrev_t _state_abbrevs[] = {
92 { "AccountingBytesReadInterval", "AccountingBytesReadInInterval", 0, 0 },
93 { "HelperNode", "EntryGuard", 0, 0 },
94 { "HelperNodeDownSince", "EntryGuardDownSince", 0, 0 },
95 { "HelperNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
96 { "EntryNode", "EntryGuard", 0, 0 },
97 { "EntryNodeDownSince", "EntryGuardDownSince", 0, 0 },
98 { "EntryNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
99 { NULL, NULL, 0, 0},
101 #undef PLURAL
103 /** A variable allowed in the configuration file or on the command line. */
104 typedef struct config_var_t {
105 const char *name; /**< The full keyword (case insensitive). */
106 config_type_t type; /**< How to interpret the type and turn it into a
107 * value. */
108 off_t var_offset; /**< Offset of the corresponding member of or_options_t. */
109 const char *initvalue; /**< String (or null) describing initial value. */
110 } config_var_t;
112 /** An entry for config_vars: "The option <b>name</b> has type
113 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
114 * or_options_t.<b>member</b>"
116 #define VAR(name,conftype,member,initvalue) \
117 { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
118 initvalue }
119 /** As VAR, but the option name and member name are the same. */
120 #define V(member,conftype,initvalue) \
121 VAR(#member, conftype, member, initvalue)
122 /** An entry for config_vars: "The option <b>name</b> is obsolete." */
123 #define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
125 /** Array of configuration options. Until we disallow nonstandard
126 * abbreviations, order is significant, since the first matching option will
127 * be chosen first.
129 static config_var_t _option_vars[] = {
130 OBSOLETE("AccountingMaxKB"),
131 V(AccountingMax, MEMUNIT, "0 bytes"),
132 V(AccountingStart, STRING, NULL),
133 V(Address, STRING, NULL),
134 V(AllowInvalidNodes, CSV, "middle,rendezvous"),
135 V(AllowNonRFC953Hostnames, BOOL, "0"),
136 V(AlternateBridgeAuthority, LINELIST, NULL),
137 V(AlternateDirAuthority, LINELIST, NULL),
138 V(AlternateHSAuthority, LINELIST, NULL),
139 V(AssumeReachable, BOOL, "0"),
140 V(AuthDirBadDir, LINELIST, NULL),
141 V(AuthDirBadExit, LINELIST, NULL),
142 V(AuthDirInvalid, LINELIST, NULL),
143 V(AuthDirReject, LINELIST, NULL),
144 V(AuthDirRejectUnlisted, BOOL, "0"),
145 V(AuthDirListBadDirs, BOOL, "0"),
146 V(AuthDirListBadExits, BOOL, "0"),
147 V(AuthDirMaxServersPerAddr, UINT, "2"),
148 V(AuthDirMaxServersPerAuthAddr,UINT, "5"),
149 VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
150 V(AutomapHostsOnResolve, BOOL, "0"),
151 V(AutomapHostsSuffixes, CSV, ".onion,.exit"),
152 V(AvoidDiskWrites, BOOL, "0"),
153 V(BandwidthBurst, MEMUNIT, "10 MB"),
154 V(BandwidthRate, MEMUNIT, "5 MB"),
155 V(BridgeAuthoritativeDir, BOOL, "0"),
156 VAR("Bridge", LINELIST, Bridges, NULL),
157 V(BridgePassword, STRING, NULL),
158 V(BridgeRecordUsageByCountry, BOOL, "1"),
159 V(BridgeRelay, BOOL, "0"),
160 V(CircuitBuildTimeout, INTERVAL, "1 minute"),
161 V(CircuitIdleTimeout, INTERVAL, "1 hour"),
162 V(ClientDNSRejectInternalAddresses, BOOL,"1"),
163 V(ClientOnly, BOOL, "0"),
164 V(ConnLimit, UINT, "1000"),
165 V(ConstrainedSockets, BOOL, "0"),
166 V(ConstrainedSockSize, MEMUNIT, "8192"),
167 V(ContactInfo, STRING, NULL),
168 V(ControlListenAddress, LINELIST, NULL),
169 V(ControlPort, UINT, "0"),
170 V(ControlSocket, LINELIST, NULL),
171 V(CookieAuthentication, BOOL, "0"),
172 V(CookieAuthFileGroupReadable, BOOL, "0"),
173 V(CookieAuthFile, STRING, NULL),
174 V(DataDirectory, STRING, NULL),
175 OBSOLETE("DebugLogFile"),
176 V(DirAllowPrivateAddresses, BOOL, NULL),
177 V(DirListenAddress, LINELIST, NULL),
178 OBSOLETE("DirFetchPeriod"),
179 V(DirPolicy, LINELIST, NULL),
180 V(DirPort, UINT, "0"),
181 OBSOLETE("DirPostPeriod"),
182 VAR("DirServer", LINELIST, DirServers, NULL),
183 V(DNSPort, UINT, "0"),
184 V(DNSListenAddress, LINELIST, NULL),
185 V(DownloadExtraInfo, BOOL, "0"),
186 V(EnforceDistinctSubnets, BOOL, "1"),
187 V(EntryNodes, STRING, NULL),
188 V(ExcludeNodes, STRING, NULL),
189 V(ExitNodes, STRING, NULL),
190 V(ExitPolicy, LINELIST, NULL),
191 V(ExitPolicyRejectPrivate, BOOL, "1"),
192 V(FallbackNetworkstatusFile, STRING,
193 SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
194 V(FascistFirewall, BOOL, "0"),
195 V(FirewallPorts, CSV, ""),
196 V(FastFirstHopPK, BOOL, "1"),
197 V(FetchDirInfoEarly, BOOL, "0"),
198 V(FetchServerDescriptors, BOOL, "1"),
199 V(FetchHidServDescriptors, BOOL, "1"),
200 V(FetchUselessDescriptors, BOOL, "0"),
201 V(GeoIPFile, STRING, NULL),
202 V(Group, STRING, NULL),
203 V(HardwareAccel, BOOL, "0"),
204 V(HashedControlPassword, LINELIST, NULL),
205 V(HidServDirectoryV2, BOOL, "0"),
206 VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL),
207 VAR("HiddenServiceExcludeNodes", LINELIST_S, RendConfigLines, NULL),
208 VAR("HiddenServiceNodes", LINELIST_S, RendConfigLines, NULL),
209 VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
210 VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL),
211 VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
212 V(HSAuthoritativeDir, BOOL, "0"),
213 V(HSAuthorityRecordStats, BOOL, "0"),
214 V(HttpProxy, STRING, NULL),
215 V(HttpProxyAuthenticator, STRING, NULL),
216 V(HttpsProxy, STRING, NULL),
217 V(HttpsProxyAuthenticator, STRING, NULL),
218 OBSOLETE("IgnoreVersion"),
219 V(KeepalivePeriod, INTERVAL, "5 minutes"),
220 VAR("Log", LINELIST, Logs, NULL),
221 OBSOLETE("LinkPadding"),
222 OBSOLETE("LogLevel"),
223 OBSOLETE("LogFile"),
224 V(LongLivedPorts, CSV,
225 "21,22,706,1863,5050,5190,5222,5223,6667,6697,8300"),
226 VAR("MapAddress", LINELIST, AddressMap, NULL),
227 V(MaxAdvertisedBandwidth, MEMUNIT, "1 GB"),
228 V(MaxCircuitDirtiness, INTERVAL, "10 minutes"),
229 V(MaxOnionsPending, UINT, "100"),
230 OBSOLETE("MonthlyAccountingStart"),
231 V(MyFamily, STRING, NULL),
232 V(NewCircuitPeriod, INTERVAL, "30 seconds"),
233 VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
234 V(NatdListenAddress, LINELIST, NULL),
235 V(NatdPort, UINT, "0"),
236 V(Nickname, STRING, NULL),
237 V(NoPublish, BOOL, "0"),
238 VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
239 V(NumCpus, UINT, "1"),
240 V(NumEntryGuards, UINT, "3"),
241 V(ORListenAddress, LINELIST, NULL),
242 V(ORPort, UINT, "0"),
243 V(OutboundBindAddress, STRING, NULL),
244 OBSOLETE("PathlenCoinWeight"),
245 V(PidFile, STRING, NULL),
246 V(PreferTunneledDirConns, BOOL, "0"),
247 V(ProtocolWarnings, BOOL, "0"),
248 V(PublishServerDescriptor, CSV, "1"),
249 V(PublishHidServDescriptors, BOOL, "1"),
250 V(ReachableAddresses, LINELIST, NULL),
251 V(ReachableDirAddresses, LINELIST, NULL),
252 V(ReachableORAddresses, LINELIST, NULL),
253 V(RecommendedVersions, LINELIST, NULL),
254 V(RecommendedClientVersions, LINELIST, NULL),
255 V(RecommendedServerVersions, LINELIST, NULL),
256 V(RedirectExit, LINELIST, NULL),
257 V(RejectPlaintextPorts, CSV, ""),
258 V(RelayBandwidthBurst, MEMUNIT, "0"),
259 V(RelayBandwidthRate, MEMUNIT, "0"),
260 V(RendExcludeNodes, STRING, NULL),
261 V(RendNodes, STRING, NULL),
262 V(RendPostPeriod, INTERVAL, "1 hour"),
263 V(RephistTrackTime, INTERVAL, "24 hours"),
264 OBSOLETE("RouterFile"),
265 V(RunAsDaemon, BOOL, "0"),
266 V(RunTesting, BOOL, "0"),
267 V(SafeLogging, BOOL, "1"),
268 V(SafeSocks, BOOL, "0"),
269 V(ServerDNSAllowBrokenResolvConf, BOOL, "0"),
270 V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
271 V(ServerDNSDetectHijacking, BOOL, "1"),
272 V(ServerDNSResolvConfFile, STRING, NULL),
273 V(ServerDNSSearchDomains, BOOL, "0"),
274 V(ServerDNSTestAddresses, CSV,
275 "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
276 V(ShutdownWaitLength, INTERVAL, "30 seconds"),
277 V(SocksListenAddress, LINELIST, NULL),
278 V(SocksPolicy, LINELIST, NULL),
279 V(SocksPort, UINT, "9050"),
280 V(SocksTimeout, INTERVAL, "2 minutes"),
281 OBSOLETE("StatusFetchPeriod"),
282 V(StrictEntryNodes, BOOL, "0"),
283 V(StrictExitNodes, BOOL, "0"),
284 OBSOLETE("SysLog"),
285 V(TestSocks, BOOL, "0"),
286 V(TestVia, STRING, NULL),
287 V(TrackHostExits, CSV, NULL),
288 V(TrackHostExitsExpire, INTERVAL, "30 minutes"),
289 OBSOLETE("TrafficShaping"),
290 V(TransListenAddress, LINELIST, NULL),
291 V(TransPort, UINT, "0"),
292 V(TunnelDirConns, BOOL, "0"),
293 V(UpdateBridgesFromAuthority, BOOL, "0"),
294 V(UseBridges, BOOL, "0"),
295 V(UseEntryGuards, BOOL, "1"),
296 V(User, STRING, NULL),
297 VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),
298 VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir, "0"),
299 VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"),
300 V(V3AuthVotingInterval, INTERVAL, "1 hour"),
301 V(V3AuthVoteDelay, INTERVAL, "5 minutes"),
302 V(V3AuthDistDelay, INTERVAL, "5 minutes"),
303 V(V3AuthNIntervalsValid, UINT, "3"),
304 VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
305 V(VirtualAddrNetwork, STRING, "127.192.0.0/10"),
306 V(WarnPlaintextPorts, CSV, "23,109,110,143"),
307 VAR("__AllDirActionsPrivate", BOOL, AllDirActionsPrivate, "0"),
308 VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
309 VAR("__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached, "0"),
310 VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
311 NULL),
312 V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"),
313 { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
315 #undef VAR
317 #define VAR(name,conftype,member,initvalue) \
318 { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_state_t, member), \
319 initvalue }
320 static config_var_t _state_vars[] = {
321 V(AccountingBytesReadInInterval, MEMUNIT, NULL),
322 V(AccountingBytesWrittenInInterval, MEMUNIT, NULL),
323 V(AccountingExpectedUsage, MEMUNIT, NULL),
324 V(AccountingIntervalStart, ISOTIME, NULL),
325 V(AccountingSecondsActive, INTERVAL, NULL),
327 VAR("EntryGuard", LINELIST_S, EntryGuards, NULL),
328 VAR("EntryGuardDownSince", LINELIST_S, EntryGuards, NULL),
329 VAR("EntryGuardUnlistedSince", LINELIST_S, EntryGuards, NULL),
330 VAR("EntryGuardAddedBy", LINELIST_S, EntryGuards, NULL),
331 V(EntryGuards, LINELIST_V, NULL),
333 V(BWHistoryReadEnds, ISOTIME, NULL),
334 V(BWHistoryReadInterval, UINT, "900"),
335 V(BWHistoryReadValues, CSV, ""),
336 V(BWHistoryWriteEnds, ISOTIME, NULL),
337 V(BWHistoryWriteInterval, UINT, "900"),
338 V(BWHistoryWriteValues, CSV, ""),
340 V(TorVersion, STRING, NULL),
342 V(LastRotatedOnionKey, ISOTIME, NULL),
343 V(LastWritten, ISOTIME, NULL),
345 { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
348 #undef VAR
349 #undef V
350 #undef OBSOLETE
352 /** Represents an English description of a configuration variable; used when
353 * generating configuration file comments. */
354 typedef struct config_var_description_t {
355 const char *name;
356 const char *description;
357 } config_var_description_t;
359 static config_var_description_t options_description[] = {
360 /* ==== general options */
361 { "AvoidDiskWrites", "If non-zero, try to write to disk less frequently than"
362 " we would otherwise." },
363 { "BandwidthRate", "A token bucket limits the average incoming bandwidth on "
364 "this node to the specified number of bytes per second." },
365 { "BandwidthBurst", "Limit the maximum token buffer size (also known as "
366 "burst) to the given number of bytes." },
367 { "ConnLimit", "Minimum number of simultaneous sockets we must have." },
368 { "ConstrainedSockets", "Shrink tx and rx buffers for sockets to avoid "
369 "system limits on vservers and related environments. See man page for "
370 "more information regarding this option." },
371 { "ConstrainedSockSize", "Limit socket buffers to this size when "
372 "ConstrainedSockets is enabled." },
373 /* ControlListenAddress */
374 { "ControlPort", "If set, Tor will accept connections from the same machine "
375 "(localhost only) on this port, and allow those connections to control "
376 "the Tor process using the Tor Control Protocol (described in"
377 "control-spec.txt).", },
378 { "CookieAuthentication", "If this option is set to 1, don't allow any "
379 "connections to the control port except when the connecting process "
380 "can read a file that Tor creates in its data directory." },
381 { "DataDirectory", "Store working data, state, keys, and caches here." },
382 { "DirServer", "Tor only trusts directories signed with one of these "
383 "servers' keys. Used to override the standard list of directory "
384 "authorities." },
385 /* { "FastFirstHopPK", "" }, */
386 /* FetchServerDescriptors, FetchHidServDescriptors,
387 * FetchUselessDescriptors */
388 { "Group", "On startup, setgid to this group." },
389 { "HardwareAccel", "If set, Tor tries to use hardware crypto accelerators "
390 "when it can." },
391 /* HashedControlPassword */
392 { "HTTPProxy", "Force Tor to make all HTTP directory requests through this "
393 "host:port (or host:80 if port is not set)." },
394 { "HTTPProxyAuthenticator", "A username:password pair to be used with "
395 "HTTPProxy." },
396 { "HTTPSProxy", "Force Tor to make all TLS (SSL) connectinos through this "
397 "host:port (or host:80 if port is not set)." },
398 { "HTTPSProxyAuthenticator", "A username:password pair to be used with "
399 "HTTPSProxy." },
400 { "KeepalivePeriod", "Send a padding cell every N seconds to keep firewalls "
401 "from closing our connections while Tor is not in use." },
402 { "Log", "Where to send logging messages. Format is "
403 "minSeverity[-maxSeverity] (stderr|stdout|syslog|file FILENAME)." },
404 { "OutboundBindAddress", "Make all outbound connections originate from the "
405 "provided IP address (only useful for multiple network interfaces)." },
406 { "PIDFile", "On startup, write our PID to this file. On clean shutdown, "
407 "remove the file." },
408 { "PreferTunneledDirConns", "If non-zero, avoid directory servers that "
409 "don't support tunneled connections." },
410 /* PreferTunneledDirConns */
411 /* ProtocolWarnings */
412 /* RephistTrackTime */
413 { "RunAsDaemon", "If set, Tor forks and daemonizes to the background when "
414 "started. Unix only." },
415 { "SafeLogging", "If set to 0, Tor logs potentially sensitive strings "
416 "rather than replacing them with the string [scrubbed]." },
417 { "TunnelDirConns", "If non-zero, when a directory server we contact "
418 "supports it, we will build a one-hop circuit and make an encrypted "
419 "connection via its ORPort." },
420 { "User", "On startup, setuid to this user" },
422 /* ==== client options */
423 { "AllowInvalidNodes", "Where on our circuits should Tor allow servers "
424 "that the directory authorities haven't called \"valid\"?" },
425 { "AllowNonRFC953Hostnames", "If set to 1, we don't automatically reject "
426 "hostnames for having invalid characters." },
427 /* CircuitBuildTimeout, CircuitIdleTimeout */
428 { "ClientOnly", "If set to 1, Tor will under no circumstances run as a "
429 "server, even if ORPort is enabled." },
430 { "EntryNodes", "A list of preferred entry nodes to use for the first hop "
431 "in circuits, when possible." },
432 /* { "EnforceDistinctSubnets" , "" }, */
433 { "ExitNodes", "A list of preferred nodes to use for the last hop in "
434 "circuits, when possible." },
435 { "ExcludeNodes", "A list of nodes never to use when building a circuit." },
436 { "FascistFirewall", "If set, Tor will only create outgoing connections to "
437 "servers running on the ports listed in FirewallPorts." },
438 { "FirewallPorts", "A list of ports that we can connect to. Only used "
439 "when FascistFirewall is set." },
440 { "LongLivedPorts", "A list of ports for services that tend to require "
441 "high-uptime connections." },
442 { "MapAddress", "Force Tor to treat all requests for one address as if "
443 "they were for another." },
444 { "NewCircuitPeriod", "Force Tor to consider whether to build a new circuit "
445 "every NUM seconds." },
446 { "MaxCircuitDirtiness", "Do not attach new streams to a circuit that has "
447 "been used more than this many seconds ago." },
448 /* NatdPort, NatdListenAddress */
449 { "NodeFamily", "A list of servers that constitute a 'family' and should "
450 "never be used in the same circuit." },
451 { "NumEntryGuards", "How many entry guards should we keep at a time?" },
452 /* PathlenCoinWeight */
453 { "ReachableAddresses", "Addresses we can connect to, as IP/bits:port-port. "
454 "By default, we assume all addresses are reachable." },
455 /* reachablediraddresses, reachableoraddresses. */
456 { "RendNodes", "A list of preferred nodes to use for a rendezvous point, "
457 "when possible." },
458 { "RendExcludenodes", "A list of nodes never to use as rendezvous points." },
459 /* SafeSOCKS */
460 { "SOCKSPort", "The port where we listen for SOCKS connections from "
461 "applications." },
462 { "SOCKSListenAddress", "Bind to this address to listen to connections from "
463 "SOCKS-speaking applications." },
464 { "SOCKSPolicy", "Set an entry policy to limit which addresses can connect "
465 "to the SOCKSPort." },
466 /* SocksTimeout */
467 { "StrictExitNodes", "If set, Tor will fail to operate when none of the "
468 "configured ExitNodes can be used." },
469 { "StrictEntryNodes", "If set, Tor will fail to operate when none of the "
470 "configured EntryNodes can be used." },
471 /* TestSocks */
472 { "TrackHostsExit", "Hosts and domains which should, if possible, be "
473 "accessed from the same exit node each time we connect to them." },
474 { "TrackHostsExitExpire", "Time after which we forget which exit we were "
475 "using to connect to hosts in TrackHostsExit." },
476 /* "TransPort", "TransListenAddress */
477 { "UseEntryGuards", "Set to 0 if we want to pick from the whole set of "
478 "servers for the first position in each circuit, rather than picking a "
479 "set of 'Guards' to prevent profiling attacks." },
481 /* === server options */
482 { "Address", "The advertised (external) address we should use." },
483 /* Accounting* options. */
484 /* AssumeReachable */
485 { "ContactInfo", "Administrative contact information to advertise for this "
486 "server." },
487 { "ExitPolicy", "Address/port ranges for which to accept or reject outgoing "
488 "connections on behalf of Tor users." },
489 /* { "ExitPolicyRejectPrivate, "" }, */
490 { "MaxAdvertisedBandwidth", "If set, we will not advertise more than this "
491 "amount of bandwidth for our bandwidth rate, regardless of how much "
492 "bandwidth we actually detect." },
493 { "MaxOnionsPending", "Reject new attempts to extend circuits when we "
494 "already have this many pending." },
495 { "MyFamily", "Declare a list of other servers as belonging to the same "
496 "family as this one, so that clients will not use two from the same "
497 "family in the same circuit." },
498 { "Nickname", "Set the server nickname." },
499 { "NoPublish", "{DEPRECATED}" },
500 { "NumCPUs", "How many processes to use at once for public-key crypto." },
501 { "ORPort", "Advertise this port to listen for connections from Tor clients "
502 "and servers." },
503 { "ORListenAddress", "Bind to this address to listen for connections from "
504 "clients and servers, instead of the default 0.0.0.0:ORPort." },
505 { "PublishServerDescriptor", "Set to 0 to keep the server from "
506 "uploading info to the directory authorities." },
507 /*{ "RedirectExit", "When an outgoing connection tries to connect to a "
508 *"given address, redirect it to another address instead." },
510 /* ServerDNS: DetectHijacking, ResolvConfFile, SearchDomains */
511 { "ShutdownWaitLength", "Wait this long for clients to finish when "
512 "shutting down because of a SIGINT." },
513 /* { "TestVia", } */
515 /* === directory cache options */
516 { "DirPort", "Serve directory information from this port, and act as a "
517 "directory cache." },
518 { "DirListenAddress", "Bind to this address to listen for connections from "
519 "clients and servers, instead of the default 0.0.0.0:DirPort." },
520 { "DirPolicy", "Set a policy to limit who can connect to the directory "
521 "port" },
523 /* Authority options: AuthDirBadExit, AuthDirInvalid, AuthDirReject,
524 * AuthDirRejectUnlisted, AuthDirListBadExits, AuthoritativeDirectory,
525 * DirAllowPrivateAddresses, HSAuthoritativeDir,
526 * NamingAuthoritativeDirectory, RecommendedVersions,
527 * RecommendedClientVersions, RecommendedServerVersions, RendPostPeriod,
528 * RunTesting, V1AuthoritativeDirectory, VersioningAuthoritativeDirectory, */
530 /* Hidden service options: HiddenService: dir,excludenodes, nodes,
531 * options, port. PublishHidServDescriptor */
533 /* Nonpersistent options: __LeaveStreamsUnattached, __AllDirActionsPrivate */
534 { NULL, NULL },
537 static config_var_description_t state_description[] = {
538 { "AccountingBytesReadInInterval",
539 "How many bytes have we read in this accounting period?" },
540 { "AccountingBytesWrittenInInterval",
541 "How many bytes have we written in this accounting period?" },
542 { "AccountingExpectedUsage",
543 "How many bytes did we expect to use per minute? (0 for no estimate.)" },
544 { "AccountingIntervalStart", "When did this accounting period begin?" },
545 { "AccountingSecondsActive", "How long have we been awake in this period?" },
547 { "BWHistoryReadEnds", "When does the last-recorded read-interval end?" },
548 { "BWHistoryReadInterval", "How long is each read-interval (in seconds)?" },
549 { "BWHistoryReadValues", "Number of bytes read in each interval." },
550 { "BWHistoryWriteEnds", "When does the last-recorded write-interval end?" },
551 { "BWHistoryWriteInterval", "How long is each write-interval (in seconds)?"},
552 { "BWHistoryWriteValues", "Number of bytes written in each interval." },
554 { "EntryGuard", "One of the nodes we have chosen as a fixed entry" },
555 { "EntryGuardDownSince",
556 "The last entry guard has been unreachable since this time." },
557 { "EntryGuardUnlistedSince",
558 "The last entry guard has been unusable since this time." },
560 { "LastRotatedOnionKey",
561 "The last time at which we changed the medium-term private key used for "
562 "building circuits." },
563 { "LastWritten", "When was this state file last regenerated?" },
565 { "TorVersion", "Which version of Tor generated this state file?" },
566 { NULL, NULL },
569 /** Type of a callback to validate whether a given configuration is
570 * well-formed and consistent. See options_trial_assign() for documentation
571 * of arguments. */
572 typedef int (*validate_fn_t)(void*,void*,int,char**);
574 /** Information on the keys, value types, key-to-struct-member mappings,
575 * variable descriptions, validation functions, and abbreviations for a
576 * configuration or storage format. */
577 typedef struct {
578 size_t size; /**< Size of the struct that everything gets parsed into. */
579 uint32_t magic; /**< Required 'magic value' to make sure we have a struct
580 * of the right type. */
581 off_t magic_offset; /**< Offset of the magic value within the struct. */
582 config_abbrev_t *abbrevs; /**< List of abbreviations that we expand when
583 * parsing this format. */
584 config_var_t *vars; /**< List of variables we recognize, their default
585 * values, and where we stick them in the structure. */
586 validate_fn_t validate_fn; /**< Function to validate config. */
587 /** Documentation for configuration variables. */
588 config_var_description_t *descriptions;
589 /** If present, extra is a LINELIST variable for unrecognized
590 * lines. Otherwise, unrecognized lines are an error. */
591 config_var_t *extra;
592 } config_format_t;
594 /** Macro: assert that <b>cfg</b> has the right magic field for format
595 * <b>fmt</b>. */
596 #define CHECK(fmt, cfg) STMT_BEGIN \
597 tor_assert(fmt && cfg); \
598 tor_assert((fmt)->magic == \
599 *(uint32_t*)STRUCT_VAR_P(cfg,fmt->magic_offset)); \
600 STMT_END
602 static void config_line_append(config_line_t **lst,
603 const char *key, const char *val);
604 static void option_clear(config_format_t *fmt, or_options_t *options,
605 config_var_t *var);
606 static void option_reset(config_format_t *fmt, or_options_t *options,
607 config_var_t *var, int use_defaults);
608 static void config_free(config_format_t *fmt, void *options);
609 static int config_lines_eq(config_line_t *a, config_line_t *b);
610 static int option_is_same(config_format_t *fmt,
611 or_options_t *o1, or_options_t *o2,
612 const char *name);
613 static or_options_t *options_dup(config_format_t *fmt, or_options_t *old);
614 static int options_validate(or_options_t *old_options, or_options_t *options,
615 int from_setconf, char **msg);
616 static int options_act_reversible(or_options_t *old_options, char **msg);
617 static int options_act(or_options_t *old_options);
618 static int options_transition_allowed(or_options_t *old, or_options_t *new,
619 char **msg);
620 static int options_transition_affects_workers(or_options_t *old_options,
621 or_options_t *new_options);
622 static int options_transition_affects_descriptor(or_options_t *old_options,
623 or_options_t *new_options);
624 static int check_nickname_list(const char *lst, const char *name, char **msg);
625 static void config_register_addressmaps(or_options_t *options);
627 static int parse_bridge_line(const char *line, int validate_only);
628 static int parse_dir_server_line(const char *line,
629 authority_type_t required_type,
630 int validate_only);
631 static int parse_redirect_line(smartlist_t *result,
632 config_line_t *line, char **msg);
633 static int parse_log_severity_range(const char *range, int *min_out,
634 int *max_out);
635 static int validate_data_directory(or_options_t *options);
636 static int write_configuration_file(const char *fname, or_options_t *options);
637 static config_line_t *get_assigned_option(config_format_t *fmt,
638 or_options_t *options, const char *key,
639 int escape_val);
640 static void config_init(config_format_t *fmt, void *options);
641 static int or_state_validate(or_state_t *old_options, or_state_t *options,
642 int from_setconf, char **msg);
643 static int or_state_load(void);
644 static int options_init_logs(or_options_t *options, int validate_only);
646 static uint64_t config_parse_memunit(const char *s, int *ok);
647 static int config_parse_interval(const char *s, int *ok);
648 static void print_svn_version(void);
649 static void init_libevent(void);
650 static int opt_streq(const char *s1, const char *s2);
651 /** Versions of libevent. */
652 typedef enum {
653 /* Note: we compare these, so it's important that "old" precede everything,
654 * and that "other" come last. */
655 LE_OLD=0, LE_10C, LE_10D, LE_10E, LE_11, LE_11A, LE_11B, LE_12, LE_12A,
656 LE_13, LE_13A, LE_13B, LE_13C, LE_13D,
657 LE_OTHER
658 } le_version_t;
659 static le_version_t decode_libevent_version(void);
660 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
661 static void check_libevent_version(const char *m, int server);
662 #endif
664 /** Magic value for or_options_t. */
665 #define OR_OPTIONS_MAGIC 9090909
667 /** Configuration format for or_options_t. */
668 static config_format_t options_format = {
669 sizeof(or_options_t),
670 OR_OPTIONS_MAGIC,
671 STRUCT_OFFSET(or_options_t, _magic),
672 _option_abbrevs,
673 _option_vars,
674 (validate_fn_t)options_validate,
675 options_description,
676 NULL
679 /** Magic value for or_state_t. */
680 #define OR_STATE_MAGIC 0x57A73f57
682 /** "Extra" variable in the state that receives lines we can't parse. This
683 * lets us preserve options from versions of Tor newer than us. */
684 static config_var_t state_extra_var = {
685 "__extra", CONFIG_TYPE_LINELIST, STRUCT_OFFSET(or_state_t, ExtraLines), NULL
688 /** Configuration format for or_state_t. */
689 static config_format_t state_format = {
690 sizeof(or_state_t),
691 OR_STATE_MAGIC,
692 STRUCT_OFFSET(or_state_t, _magic),
693 _state_abbrevs,
694 _state_vars,
695 (validate_fn_t)or_state_validate,
696 state_description,
697 &state_extra_var,
701 * Functions to read and write the global options pointer.
704 /** Command-line and config-file options. */
705 static or_options_t *global_options = NULL;
706 /** Name of most recently read torrc file. */
707 static char *torrc_fname = NULL;
708 /** Persistent serialized state. */
709 static or_state_t *global_state = NULL;
711 /** Allocate an empty configuration object of a given format type. */
712 static void *
713 config_alloc(config_format_t *fmt)
715 void *opts = tor_malloc_zero(fmt->size);
716 *(uint32_t*)STRUCT_VAR_P(opts, fmt->magic_offset) = fmt->magic;
717 CHECK(fmt, opts);
718 return opts;
721 /** Return the currently configured options. */
722 or_options_t *
723 get_options(void)
725 tor_assert(global_options);
726 return global_options;
729 /** Change the current global options to contain <b>new_val</b> instead of
730 * their current value; take action based on the new value; free the old value
731 * as necessary.
734 set_options(or_options_t *new_val, char **msg)
736 or_options_t *old_options = global_options;
737 global_options = new_val;
738 /* Note that we pass the *old* options below, for comparison. It
739 * pulls the new options directly out of global_options. */
740 if (options_act_reversible(old_options, msg)<0) {
741 tor_assert(*msg);
742 global_options = old_options;
743 return -1;
745 if (options_act(old_options) < 0) { /* acting on the options failed. die. */
746 log_err(LD_BUG,
747 "Acting on config options left us in a broken state. Dying.");
748 exit(1);
750 if (old_options)
751 config_free(&options_format, old_options);
753 return 0;
756 extern const char tor_svn_revision[]; /* from tor_main.c */
758 static char *_version = NULL;
760 /** Return the current Tor version, possibly */
761 const char *
762 get_version(void)
764 if (_version == NULL) {
765 if (strlen(tor_svn_revision)) {
766 size_t len = strlen(VERSION)+strlen(tor_svn_revision)+8;
767 _version = tor_malloc(len);
768 tor_snprintf(_version, len, "%s (r%s)", VERSION, tor_svn_revision);
769 } else {
770 _version = tor_strdup(VERSION);
773 return _version;
776 /** Release all memory and resources held by global configuration structures.
778 void
779 config_free_all(void)
781 if (global_options) {
782 config_free(&options_format, global_options);
783 global_options = NULL;
785 if (global_state) {
786 config_free(&state_format, global_state);
787 global_state = NULL;
789 tor_free(torrc_fname);
790 tor_free(_version);
793 /** If options->SafeLogging is on, return a not very useful string,
794 * else return address.
796 const char *
797 safe_str(const char *address)
799 tor_assert(address);
800 if (get_options()->SafeLogging)
801 return "[scrubbed]";
802 else
803 return address;
806 /** Equivalent to escaped(safe_str(address)). See reentrancy note on
807 * escaped(): don't use this outside the main thread, or twice in the same
808 * log statement. */
809 const char *
810 escaped_safe_str(const char *address)
812 if (get_options()->SafeLogging)
813 return "[scrubbed]";
814 else
815 return escaped(address);
818 /** Add the default directory authorities directly into the trusted dir list,
819 * but only add them insofar as they share bits with <b>type</b>. */
820 static void
821 add_default_trusted_dir_authorities(authority_type_t type)
823 int i;
824 const char *dirservers[] = {
825 "moria1 v1 orport=9001 v3ident=5420FD8EA46BD4290F1D07A1883C9D85ECC486C4 "
826 "128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
827 "moria2 v1 orport=9002 128.31.0.34:9032 "
828 "719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
829 "tor26 v1 orport=443 v3ident=A9AC67E64B200BBF2FA26DF194AC0469E2A948C6 "
830 "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
831 "lefkada orport=443 v3ident=0D95B91896E6089AB9A3C6CB56E724CAF898C43F "
832 "140.247.60.64:80 38D4 F5FC F7B1 0232 28B8 95EA 56ED E7D5 CCDC AF32",
833 "dizum 194.109.206.212:80 "
834 "7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
835 "Tonga orport=443 bridge no-v2 82.94.251.206:80 "
836 "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
837 "ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
838 "216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
839 "gabelmoo orport=443 no-v2 "
840 "v3ident=EAA879B5C75032E462CB018630D2D0DF46EBA606 "
841 "88.198.7.215:80 6833 3D07 61BC F397 A587 A0C0 B963 E4A9 E99E C4D3",
842 "dannenberg orport=443 no-v2 "
843 "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
844 "213.73.91.31:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
845 NULL
847 for (i=0; dirservers[i]; i++) {
848 if (parse_dir_server_line(dirservers[i], type, 0)<0) {
849 log_err(LD_BUG, "Couldn't parse internal dirserver line %s",
850 dirservers[i]);
855 /** Look at all the config options for using alternate directory
856 * authorities, and make sure none of them are broken. Also, warn the
857 * user if we changed any dangerous ones.
859 static int
860 validate_dir_authorities(or_options_t *options, or_options_t *old_options)
862 config_line_t *cl;
864 if (options->DirServers &&
865 (options->AlternateDirAuthority || options->AlternateBridgeAuthority ||
866 options->AlternateHSAuthority)) {
867 log_warn(LD_CONFIG,
868 "You cannot set both DirServers and Alternate*Authority.");
869 return -1;
872 /* do we want to complain to the user about being partitionable? */
873 if ((options->DirServers &&
874 (!old_options ||
875 !config_lines_eq(options->DirServers, old_options->DirServers))) ||
876 (options->AlternateDirAuthority &&
877 (!old_options ||
878 !config_lines_eq(options->AlternateDirAuthority,
879 old_options->AlternateDirAuthority)))) {
880 log_warn(LD_CONFIG,
881 "You have used DirServer or AlternateDirAuthority to "
882 "specify alternate directory authorities in "
883 "your configuration. This is potentially dangerous: it can "
884 "make you look different from all other Tor users, and hurt "
885 "your anonymity. Even if you've specified the same "
886 "authorities as Tor uses by default, the defaults could "
887 "change in the future. Be sure you know what you're doing.");
890 /* Now go through the four ways you can configure an alternate
891 * set of directory authorities, and make sure none are broken. */
892 for (cl = options->DirServers; cl; cl = cl->next)
893 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
894 return -1;
895 for (cl = options->AlternateBridgeAuthority; cl; cl = cl->next)
896 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
897 return -1;
898 for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
899 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
900 return -1;
901 for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
902 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
903 return -1;
904 return 0;
907 /** Look at all the config options and assign new dir authorities
908 * as appropriate.
910 static int
911 consider_adding_dir_authorities(or_options_t *options,
912 or_options_t *old_options)
914 config_line_t *cl;
915 int need_to_update =
916 !smartlist_len(router_get_trusted_dir_servers()) || !old_options ||
917 !config_lines_eq(options->DirServers, old_options->DirServers) ||
918 !config_lines_eq(options->AlternateBridgeAuthority,
919 old_options->AlternateBridgeAuthority) ||
920 !config_lines_eq(options->AlternateDirAuthority,
921 old_options->AlternateDirAuthority) ||
922 !config_lines_eq(options->AlternateHSAuthority,
923 old_options->AlternateHSAuthority);
925 if (!need_to_update)
926 return 0; /* all done */
928 /* Start from a clean slate. */
929 clear_trusted_dir_servers();
931 if (!options->DirServers) {
932 /* then we may want some of the defaults */
933 authority_type_t type = NO_AUTHORITY;
934 if (!options->AlternateBridgeAuthority)
935 type |= BRIDGE_AUTHORITY;
936 if (!options->AlternateDirAuthority)
937 type |= V1_AUTHORITY | V2_AUTHORITY | V3_AUTHORITY;
938 if (!options->AlternateHSAuthority)
939 type |= HIDSERV_AUTHORITY;
940 add_default_trusted_dir_authorities(type);
943 for (cl = options->DirServers; cl; cl = cl->next)
944 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
945 return -1;
946 for (cl = options->AlternateBridgeAuthority; cl; cl = cl->next)
947 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
948 return -1;
949 for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
950 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
951 return -1;
952 for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
953 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
954 return -1;
955 return 0;
958 /** Fetch the active option list, and take actions based on it. All of the
959 * things we do should survive being done repeatedly. If present,
960 * <b>old_options</b> contains the previous value of the options.
962 * Return 0 if all goes well, return -1 if things went badly.
964 static int
965 options_act_reversible(or_options_t *old_options, char **msg)
967 smartlist_t *new_listeners = smartlist_create();
968 smartlist_t *replaced_listeners = smartlist_create();
969 static int libevent_initialized = 0;
970 or_options_t *options = get_options();
971 int running_tor = options->command == CMD_RUN_TOR;
972 int set_conn_limit = 0;
973 int r = -1;
974 int logs_marked = 0;
976 /* Daemonize _first_, since we only want to open most of this stuff in
977 * the subprocess. Libevent bases can't be reliably inherited across
978 * processes. */
979 if (running_tor && options->RunAsDaemon) {
980 /* No need to roll back, since you can't change the value. */
981 start_daemon();
984 #ifndef HAVE_SYS_UN_H
985 if (options->ControlSocket) {
986 *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported"
987 " on this OS/with this build.");
988 goto rollback;
990 #endif
992 if (running_tor) {
993 /* We need to set the connection limit before we can open the listeners. */
994 if (set_max_file_descriptors((unsigned)options->ConnLimit,
995 &options->_ConnLimit) < 0) {
996 *msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
997 goto rollback;
999 set_conn_limit = 1;
1001 /* Set up libevent. (We need to do this before we can register the
1002 * listeners as listeners.) */
1003 if (running_tor && !libevent_initialized) {
1004 init_libevent();
1005 libevent_initialized = 1;
1008 /* Launch the listeners. (We do this before we setuid, so we can bind to
1009 * ports under 1024.) */
1010 if (retry_all_listeners(replaced_listeners, new_listeners) < 0) {
1011 *msg = tor_strdup("Failed to bind one of the listener ports.");
1012 goto rollback;
1016 /* Setuid/setgid as appropriate */
1017 if (options->User || options->Group) {
1018 /* XXXX021 We should only do this the first time through, not on
1019 * every setconf. */
1020 if (switch_id(options->User, options->Group) != 0) {
1021 /* No need to roll back, since you can't change the value. */
1022 *msg = tor_strdup("Problem with User or Group value. "
1023 "See logs for details.");
1024 goto done;
1028 /* Ensure data directory is private; create if possible. */
1029 if (check_private_dir(options->DataDirectory,
1030 running_tor ? CPD_CREATE : CPD_CHECK)<0) {
1031 char buf[1024];
1032 int tmp = tor_snprintf(buf, sizeof(buf),
1033 "Couldn't access/create private data directory \"%s\"",
1034 options->DataDirectory);
1035 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
1036 goto done;
1037 /* No need to roll back, since you can't change the value. */
1040 /* Bail out at this point if we're not going to be a client or server:
1041 * we don't run Tor itself. */
1042 if (!running_tor)
1043 goto commit;
1045 mark_logs_temp(); /* Close current logs once new logs are open. */
1046 logs_marked = 1;
1047 if (options_init_logs(options, 0)<0) { /* Configure the log(s) */
1048 *msg = tor_strdup("Failed to init Log options. See logs for details.");
1049 goto rollback;
1052 commit:
1053 r = 0;
1054 if (logs_marked) {
1055 close_temp_logs();
1056 add_callback_log(LOG_ERR, LOG_ERR, control_event_logmsg);
1057 control_adjust_event_log_severity();
1059 SMARTLIST_FOREACH(replaced_listeners, connection_t *, conn,
1061 log_notice(LD_NET, "Closing old %s on %s:%d",
1062 conn_type_to_string(conn->type), conn->address, conn->port);
1063 connection_close_immediate(conn);
1064 connection_mark_for_close(conn);
1066 goto done;
1068 rollback:
1069 r = -1;
1070 tor_assert(*msg);
1072 if (logs_marked) {
1073 rollback_log_changes();
1074 control_adjust_event_log_severity();
1077 if (set_conn_limit && old_options)
1078 set_max_file_descriptors((unsigned)old_options->ConnLimit,
1079 &options->_ConnLimit);
1081 SMARTLIST_FOREACH(new_listeners, connection_t *, conn,
1083 log_notice(LD_NET, "Closing partially-constructed listener %s on %s:%d",
1084 conn_type_to_string(conn->type), conn->address, conn->port);
1085 connection_close_immediate(conn);
1086 connection_mark_for_close(conn);
1089 done:
1090 smartlist_free(new_listeners);
1091 smartlist_free(replaced_listeners);
1092 return r;
1095 /** Fetch the active option list, and take actions based on it. All of the
1096 * things we do should survive being done repeatedly. If present,
1097 * <b>old_options</b> contains the previous value of the options.
1099 * Return 0 if all goes well, return -1 if it's time to die.
1101 * Note: We haven't moved all the "act on new configuration" logic
1102 * here yet. Some is still in do_hup() and other places.
1104 static int
1105 options_act(or_options_t *old_options)
1107 config_line_t *cl;
1108 char *fn;
1109 size_t len;
1110 or_options_t *options = get_options();
1111 int running_tor = options->command == CMD_RUN_TOR;
1112 char *msg;
1114 if (consider_adding_dir_authorities(options, old_options) < 0)
1115 return -1;
1117 if (options->Bridges) {
1118 clear_bridge_list();
1119 for (cl = options->Bridges; cl; cl = cl->next) {
1120 if (parse_bridge_line(cl->value, 0)<0) {
1121 log_warn(LD_BUG,
1122 "Previously validated Bridge line could not be added!");
1123 return -1;
1128 if (running_tor && rend_config_services(options, 0)<0) {
1129 log_warn(LD_BUG,
1130 "Previously validated hidden services line could not be added!");
1131 return -1;
1134 if (running_tor && directory_caches_v2_dir_info(options)) {
1135 len = strlen(options->DataDirectory)+32;
1136 fn = tor_malloc(len);
1137 tor_snprintf(fn, len, "%s"PATH_SEPARATOR"cached-status",
1138 options->DataDirectory);
1139 if (check_private_dir(fn, CPD_CREATE) != 0) {
1140 log_warn(LD_CONFIG,
1141 "Couldn't access/create private data directory \"%s\"", fn);
1142 tor_free(fn);
1143 return -1;
1145 tor_free(fn);
1148 /* Load state */
1149 if (! global_state && options->command == CMD_RUN_TOR) {
1150 if (or_state_load())
1151 return -1;
1152 rep_hist_load_mtbf_data(time(NULL));
1155 /* Bail out at this point if we're not going to be a client or server:
1156 * we want to not fork, and to log stuff to stderr. */
1157 if (!running_tor)
1158 return 0;
1161 smartlist_t *sl = smartlist_create();
1162 char *errmsg = NULL;
1163 for (cl = options->RedirectExit; cl; cl = cl->next) {
1164 if (parse_redirect_line(sl, cl, &errmsg)<0) {
1165 log_warn(LD_CONFIG, "%s", errmsg);
1166 tor_free(errmsg);
1167 SMARTLIST_FOREACH(sl, exit_redirect_t *, er, tor_free(er));
1168 smartlist_free(sl);
1169 return -1;
1172 set_exit_redirects(sl);
1175 /* Finish backgrounding the process */
1176 if (running_tor && options->RunAsDaemon) {
1177 /* We may be calling this for the n'th time (on SIGHUP), but it's safe. */
1178 finish_daemon(options->DataDirectory);
1181 /* Write our pid to the pid file. If we do not have write permissions we
1182 * will log a warning */
1183 if (running_tor && options->PidFile)
1184 write_pidfile(options->PidFile);
1186 /* Register addressmap directives */
1187 config_register_addressmaps(options);
1188 parse_virtual_addr_network(options->VirtualAddrNetwork, 0, &msg);
1190 /* Update address policies. */
1191 if (policies_parse_from_options(options) < 0) {
1192 /* This should be impossible, but let's be sure. */
1193 log_warn(LD_BUG,"Error parsing already-validated policy options.");
1194 return -1;
1197 if (init_cookie_authentication(options->CookieAuthentication) < 0) {
1198 log_warn(LD_CONFIG,"Error creating cookie authentication file.");
1199 return -1;
1202 /* reload keys as needed for rendezvous services. */
1203 if (rend_service_load_keys()<0) {
1204 log_warn(LD_GENERAL,"Error loading rendezvous service keys");
1205 return -1;
1208 /* Set up accounting */
1209 if (accounting_parse_options(options, 0)<0) {
1210 log_warn(LD_CONFIG,"Error in accounting options");
1211 return -1;
1213 if (accounting_is_enabled(options))
1214 configure_accounting(time(NULL));
1216 /* Check for transitions that need action. */
1217 if (old_options) {
1218 if (options->UseEntryGuards && !old_options->UseEntryGuards) {
1219 log_info(LD_CIRC,
1220 "Switching to entry guards; abandoning previous circuits");
1221 circuit_mark_all_unused_circs();
1222 circuit_expire_all_dirty_circs();
1225 if (options_transition_affects_workers(old_options, options)) {
1226 log_info(LD_GENERAL,
1227 "Worker-related options changed. Rotating workers.");
1228 if (server_mode(options) && !server_mode(old_options)) {
1229 if (init_keys() < 0) {
1230 log_warn(LD_BUG,"Error initializing keys; exiting");
1231 return -1;
1233 ip_address_changed(0);
1234 if (has_completed_circuit || !any_predicted_circuits(time(NULL)))
1235 inform_testing_reachability();
1237 cpuworkers_rotate();
1238 if (dns_reset())
1239 return -1;
1240 } else {
1241 if (dns_reset())
1242 return -1;
1245 if (options->V3AuthoritativeDir && !old_options->V3AuthoritativeDir)
1246 init_keys();
1249 /* Maybe load geoip file */
1250 if (options->GeoIPFile &&
1251 ((!old_options || !opt_streq(old_options->GeoIPFile, options->GeoIPFile))
1252 || !geoip_is_loaded())) {
1253 geoip_load_file(options->GeoIPFile);
1255 /* Check if we need to parse and add the EntryNodes config option. */
1256 if (options->EntryNodes &&
1257 (!old_options ||
1258 !opt_streq(old_options->EntryNodes, options->EntryNodes)))
1259 entry_nodes_should_be_added();
1261 /* Since our options changed, we might need to regenerate and upload our
1262 * server descriptor.
1264 if (!old_options ||
1265 options_transition_affects_descriptor(old_options, options))
1266 mark_my_descriptor_dirty();
1268 /* We may need to reschedule some directory stuff if our status changed. */
1269 if (old_options) {
1270 if (authdir_mode_v3(options) && !authdir_mode_v3(old_options))
1271 dirvote_recalculate_timing(options, time(NULL));
1272 if (!bool_eq(directory_fetches_dir_info_early(options),
1273 directory_fetches_dir_info_early(old_options)) ||
1274 !bool_eq(directory_fetches_dir_info_later(options),
1275 directory_fetches_dir_info_later(old_options))) {
1276 /* Make sure update_router_have_min_dir_info gets called. */
1277 router_dir_info_changed();
1278 /* We might need to download a new consensus status later or sooner than
1279 * we had expected. */
1280 update_consensus_networkstatus_fetch_time(time(NULL));
1284 return 0;
1288 * Functions to parse config options
1291 /** If <b>option</b> is an official abbreviation for a longer option,
1292 * return the longer option. Otherwise return <b>option</b>.
1293 * If <b>command_line</b> is set, apply all abbreviations. Otherwise, only
1294 * apply abbreviations that work for the config file and the command line.
1295 * If <b>warn_obsolete</b> is set, warn about deprecated names. */
1296 static const char *
1297 expand_abbrev(config_format_t *fmt, const char *option, int command_line,
1298 int warn_obsolete)
1300 int i;
1301 if (! fmt->abbrevs)
1302 return option;
1303 for (i=0; fmt->abbrevs[i].abbreviated; ++i) {
1304 /* Abbreviations are casei. */
1305 if (!strcasecmp(option,fmt->abbrevs[i].abbreviated) &&
1306 (command_line || !fmt->abbrevs[i].commandline_only)) {
1307 if (warn_obsolete && fmt->abbrevs[i].warn) {
1308 log_warn(LD_CONFIG,
1309 "The configuration option '%s' is deprecated; "
1310 "use '%s' instead.",
1311 fmt->abbrevs[i].abbreviated,
1312 fmt->abbrevs[i].full);
1314 return fmt->abbrevs[i].full;
1317 return option;
1320 /** Helper: Read a list of configuration options from the command line.
1321 * If successful, put them in *<b>result</b> and return 0, and return
1322 * -1 and leave *<b>result</b> alone. */
1323 static int
1324 config_get_commandlines(int argc, char **argv, config_line_t **result)
1326 config_line_t *front = NULL;
1327 config_line_t **new = &front;
1328 char *s;
1329 int i = 1;
1331 while (i < argc) {
1332 if (!strcmp(argv[i],"-f") ||
1333 !strcmp(argv[i],"--hash-password")) {
1334 i += 2; /* command-line option with argument. ignore them. */
1335 continue;
1336 } else if (!strcmp(argv[i],"--list-fingerprint") ||
1337 !strcmp(argv[i],"--verify-config") ||
1338 !strcmp(argv[i],"--ignore-missing-torrc") ||
1339 !strcmp(argv[i],"--quiet")) {
1340 i += 1; /* command-line option. ignore it. */
1341 continue;
1342 } else if (!strcmp(argv[i],"--nt-service") ||
1343 !strcmp(argv[i],"-nt-service")) {
1344 i += 1;
1345 continue;
1348 if (i == argc-1) {
1349 log_warn(LD_CONFIG,"Command-line option '%s' with no value. Failing.",
1350 argv[i]);
1351 config_free_lines(front);
1352 return -1;
1355 *new = tor_malloc_zero(sizeof(config_line_t));
1356 s = argv[i];
1358 while (*s == '-')
1359 s++;
1361 (*new)->key = tor_strdup(expand_abbrev(&options_format, s, 1, 1));
1362 (*new)->value = tor_strdup(argv[i+1]);
1363 (*new)->next = NULL;
1364 log(LOG_DEBUG, LD_CONFIG, "Commandline: parsed keyword '%s', value '%s'",
1365 (*new)->key, (*new)->value);
1367 new = &((*new)->next);
1368 i += 2;
1370 *result = front;
1371 return 0;
1374 /** Helper: allocate a new configuration option mapping 'key' to 'val',
1375 * append it to *<b>lst</b>. */
1376 static void
1377 config_line_append(config_line_t **lst,
1378 const char *key,
1379 const char *val)
1381 config_line_t *newline;
1383 newline = tor_malloc(sizeof(config_line_t));
1384 newline->key = tor_strdup(key);
1385 newline->value = tor_strdup(val);
1386 newline->next = NULL;
1387 while (*lst)
1388 lst = &((*lst)->next);
1390 (*lst) = newline;
1393 /** Helper: parse the config string and strdup into key/value
1394 * strings. Set *result to the list, or NULL if parsing the string
1395 * failed. Return 0 on success, -1 on failure. Warn and ignore any
1396 * misformatted lines. */
1398 config_get_lines(const char *string, config_line_t **result)
1400 config_line_t *list = NULL, **next;
1401 char *k, *v;
1403 next = &list;
1404 do {
1405 string = parse_config_line_from_str(string, &k, &v);
1406 if (!string) {
1407 config_free_lines(list);
1408 return -1;
1410 if (k && v) {
1411 /* This list can get long, so we keep a pointer to the end of it
1412 * rather than using config_line_append over and over and getting
1413 * n^2 performance. */
1414 *next = tor_malloc(sizeof(config_line_t));
1415 (*next)->key = k;
1416 (*next)->value = v;
1417 (*next)->next = NULL;
1418 next = &((*next)->next);
1419 } else {
1420 tor_free(k);
1421 tor_free(v);
1423 } while (*string);
1425 *result = list;
1426 return 0;
1430 * Free all the configuration lines on the linked list <b>front</b>.
1432 void
1433 config_free_lines(config_line_t *front)
1435 config_line_t *tmp;
1437 while (front) {
1438 tmp = front;
1439 front = tmp->next;
1441 tor_free(tmp->key);
1442 tor_free(tmp->value);
1443 tor_free(tmp);
1447 /** Return the description for a given configuration variable, or NULL if no
1448 * description exists. */
1449 static const char *
1450 config_find_description(config_format_t *fmt, const char *name)
1452 int i;
1453 for (i=0; fmt->descriptions[i].name; ++i) {
1454 if (!strcasecmp(name, fmt->descriptions[i].name))
1455 return fmt->descriptions[i].description;
1457 return NULL;
1460 /** If <b>key</b> is a configuration option, return the corresponding
1461 * config_var_t. Otherwise, if <b>key</b> is a non-standard abbreviation,
1462 * warn, and return the corresponding config_var_t. Otherwise return NULL.
1464 static config_var_t *
1465 config_find_option(config_format_t *fmt, const char *key)
1467 int i;
1468 size_t keylen = strlen(key);
1469 if (!keylen)
1470 return NULL; /* if they say "--" on the commandline, it's not an option */
1471 /* First, check for an exact (case-insensitive) match */
1472 for (i=0; fmt->vars[i].name; ++i) {
1473 if (!strcasecmp(key, fmt->vars[i].name)) {
1474 return &fmt->vars[i];
1477 /* If none, check for an abbreviated match */
1478 for (i=0; fmt->vars[i].name; ++i) {
1479 if (!strncasecmp(key, fmt->vars[i].name, keylen)) {
1480 log_warn(LD_CONFIG, "The abbreviation '%s' is deprecated. "
1481 "Please use '%s' instead",
1482 key, fmt->vars[i].name);
1483 return &fmt->vars[i];
1486 /* Okay, unrecognized option */
1487 return NULL;
1491 * Functions to assign config options.
1494 /** <b>c</b>-\>key is known to be a real key. Update <b>options</b>
1495 * with <b>c</b>-\>value and return 0, or return -1 if bad value.
1497 * Called from config_assign_line() and option_reset().
1499 static int
1500 config_assign_value(config_format_t *fmt, or_options_t *options,
1501 config_line_t *c, char **msg)
1503 int i, r, ok;
1504 char buf[1024];
1505 config_var_t *var;
1506 void *lvalue;
1508 CHECK(fmt, options);
1510 var = config_find_option(fmt, c->key);
1511 tor_assert(var);
1513 lvalue = STRUCT_VAR_P(options, var->var_offset);
1515 switch (var->type) {
1517 case CONFIG_TYPE_UINT:
1518 i = (int)tor_parse_long(c->value, 10, 0, INT_MAX, &ok, NULL);
1519 if (!ok) {
1520 r = tor_snprintf(buf, sizeof(buf),
1521 "Int keyword '%s %s' is malformed or out of bounds.",
1522 c->key, c->value);
1523 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1524 return -1;
1526 *(int *)lvalue = i;
1527 break;
1529 case CONFIG_TYPE_INTERVAL: {
1530 i = config_parse_interval(c->value, &ok);
1531 if (!ok) {
1532 r = tor_snprintf(buf, sizeof(buf),
1533 "Interval '%s %s' is malformed or out of bounds.",
1534 c->key, c->value);
1535 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1536 return -1;
1538 *(int *)lvalue = i;
1539 break;
1542 case CONFIG_TYPE_MEMUNIT: {
1543 uint64_t u64 = config_parse_memunit(c->value, &ok);
1544 if (!ok) {
1545 r = tor_snprintf(buf, sizeof(buf),
1546 "Value '%s %s' is malformed or out of bounds.",
1547 c->key, c->value);
1548 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1549 return -1;
1551 *(uint64_t *)lvalue = u64;
1552 break;
1555 case CONFIG_TYPE_BOOL:
1556 i = (int)tor_parse_long(c->value, 10, 0, 1, &ok, NULL);
1557 if (!ok) {
1558 r = tor_snprintf(buf, sizeof(buf),
1559 "Boolean '%s %s' expects 0 or 1.",
1560 c->key, c->value);
1561 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1562 return -1;
1564 *(int *)lvalue = i;
1565 break;
1567 case CONFIG_TYPE_STRING:
1568 tor_free(*(char **)lvalue);
1569 *(char **)lvalue = tor_strdup(c->value);
1570 break;
1572 case CONFIG_TYPE_DOUBLE:
1573 *(double *)lvalue = atof(c->value);
1574 break;
1576 case CONFIG_TYPE_ISOTIME:
1577 if (parse_iso_time(c->value, (time_t *)lvalue)) {
1578 r = tor_snprintf(buf, sizeof(buf),
1579 "Invalid time '%s' for keyword '%s'", c->value, c->key);
1580 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1581 return -1;
1583 break;
1585 case CONFIG_TYPE_CSV:
1586 if (*(smartlist_t**)lvalue) {
1587 SMARTLIST_FOREACH(*(smartlist_t**)lvalue, char *, cp, tor_free(cp));
1588 smartlist_clear(*(smartlist_t**)lvalue);
1589 } else {
1590 *(smartlist_t**)lvalue = smartlist_create();
1593 smartlist_split_string(*(smartlist_t**)lvalue, c->value, ",",
1594 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1595 break;
1597 case CONFIG_TYPE_LINELIST:
1598 case CONFIG_TYPE_LINELIST_S:
1599 config_line_append((config_line_t**)lvalue, c->key, c->value);
1600 break;
1602 case CONFIG_TYPE_OBSOLETE:
1603 log_warn(LD_CONFIG, "Skipping obsolete configuration option '%s'", c->key);
1604 break;
1605 case CONFIG_TYPE_LINELIST_V:
1606 r = tor_snprintf(buf, sizeof(buf),
1607 "You may not provide a value for virtual option '%s'", c->key);
1608 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1609 return -1;
1610 default:
1611 tor_assert(0);
1612 break;
1614 return 0;
1617 /** If <b>c</b> is a syntactically valid configuration line, update
1618 * <b>options</b> with its value and return 0. Otherwise return -1 for bad
1619 * key, -2 for bad value.
1621 * If <b>clear_first</b> is set, clear the value first. Then if
1622 * <b>use_defaults</b> is set, set the value to the default.
1624 * Called from config_assign().
1626 static int
1627 config_assign_line(config_format_t *fmt, or_options_t *options,
1628 config_line_t *c, int use_defaults,
1629 int clear_first, char **msg)
1631 config_var_t *var;
1633 CHECK(fmt, options);
1635 var = config_find_option(fmt, c->key);
1636 if (!var) {
1637 if (fmt->extra) {
1638 void *lvalue = STRUCT_VAR_P(options, fmt->extra->var_offset);
1639 log_info(LD_CONFIG,
1640 "Found unrecognized option '%s'; saving it.", c->key);
1641 config_line_append((config_line_t**)lvalue, c->key, c->value);
1642 return 0;
1643 } else {
1644 char buf[1024];
1645 int tmp = tor_snprintf(buf, sizeof(buf),
1646 "Unknown option '%s'. Failing.", c->key);
1647 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
1648 return -1;
1651 /* Put keyword into canonical case. */
1652 if (strcmp(var->name, c->key)) {
1653 tor_free(c->key);
1654 c->key = tor_strdup(var->name);
1657 if (!strlen(c->value)) {
1658 /* reset or clear it, then return */
1659 if (!clear_first) {
1660 if (var->type == CONFIG_TYPE_LINELIST ||
1661 var->type == CONFIG_TYPE_LINELIST_S) {
1662 /* We got an empty linelist from the torrc or commandline.
1663 As a special case, call this an error. Warn and ignore. */
1664 log_warn(LD_CONFIG,
1665 "Linelist option '%s' has no value. Skipping.", c->key);
1666 } else { /* not already cleared */
1667 option_reset(fmt, options, var, use_defaults);
1670 return 0;
1673 if (config_assign_value(fmt, options, c, msg) < 0)
1674 return -2;
1675 return 0;
1678 /** Restore the option named <b>key</b> in options to its default value.
1679 * Called from config_assign(). */
1680 static void
1681 config_reset_line(config_format_t *fmt, or_options_t *options,
1682 const char *key, int use_defaults)
1684 config_var_t *var;
1686 CHECK(fmt, options);
1688 var = config_find_option(fmt, key);
1689 if (!var)
1690 return; /* give error on next pass. */
1692 option_reset(fmt, options, var, use_defaults);
1695 /** Return true iff key is a valid configuration option. */
1697 option_is_recognized(const char *key)
1699 config_var_t *var = config_find_option(&options_format, key);
1700 return (var != NULL);
1703 /** Return the canonical name of a configuration option, or NULL
1704 * if no such option exists. */
1705 const char *
1706 option_get_canonical_name(const char *key)
1708 config_var_t *var = config_find_option(&options_format, key);
1709 return var ? var->name : NULL;
1712 /** Return a canonicalized list of the options assigned for key.
1714 config_line_t *
1715 option_get_assignment(or_options_t *options, const char *key)
1717 return get_assigned_option(&options_format, options, key, 1);
1720 /** Return true iff value needs to be quoted and escaped to be used in
1721 * a configuration file. */
1722 static int
1723 config_value_needs_escape(const char *value)
1725 if (*value == '\"')
1726 return 1;
1727 while (*value) {
1728 switch (*value)
1730 case '\r':
1731 case '\n':
1732 case '#':
1733 /* Note: quotes and backspaces need special handling when we are using
1734 * quotes, not otherwise, so they don't trigger escaping on their
1735 * own. */
1736 return 1;
1737 default:
1738 if (!TOR_ISPRINT(*value))
1739 return 1;
1741 ++value;
1743 return 0;
1746 /** Return a newly allocated deep copy of the lines in <b>inp</b>. */
1747 static config_line_t *
1748 config_lines_dup(const config_line_t *inp)
1750 config_line_t *result = NULL;
1751 config_line_t **next_out = &result;
1752 while (inp) {
1753 *next_out = tor_malloc(sizeof(config_line_t));
1754 (*next_out)->key = tor_strdup(inp->key);
1755 (*next_out)->value = tor_strdup(inp->value);
1756 inp = inp->next;
1757 next_out = &((*next_out)->next);
1759 (*next_out) = NULL;
1760 return result;
1763 /** Return newly allocated line or lines corresponding to <b>key</b> in the
1764 * configuration <b>options</b>. If <b>escape_val</b> is true and a
1765 * value needs to be quoted before it's put in a config file, quote and
1766 * escape that value. Return NULL if no such key exists. */
1767 static config_line_t *
1768 get_assigned_option(config_format_t *fmt, or_options_t *options,
1769 const char *key, int escape_val)
1770 /* XXXX argument is options, but fmt is provided. Inconsistent. */
1772 config_var_t *var;
1773 const void *value;
1774 char buf[32];
1775 config_line_t *result;
1776 tor_assert(options && key);
1778 CHECK(fmt, options);
1780 var = config_find_option(fmt, key);
1781 if (!var) {
1782 log_warn(LD_CONFIG, "Unknown option '%s'. Failing.", key);
1783 return NULL;
1785 value = STRUCT_VAR_P(options, var->var_offset);
1787 result = tor_malloc_zero(sizeof(config_line_t));
1788 result->key = tor_strdup(var->name);
1789 switch (var->type)
1791 case CONFIG_TYPE_STRING:
1792 if (*(char**)value) {
1793 result->value = tor_strdup(*(char**)value);
1794 } else {
1795 tor_free(result->key);
1796 tor_free(result);
1797 return NULL;
1799 break;
1800 case CONFIG_TYPE_ISOTIME:
1801 if (*(time_t*)value) {
1802 result->value = tor_malloc(ISO_TIME_LEN+1);
1803 format_iso_time(result->value, *(time_t*)value);
1804 } else {
1805 tor_free(result->key);
1806 tor_free(result);
1808 escape_val = 0; /* Can't need escape. */
1809 break;
1810 case CONFIG_TYPE_INTERVAL:
1811 case CONFIG_TYPE_UINT:
1812 /* This means every or_options_t uint or bool element
1813 * needs to be an int. Not, say, a uint16_t or char. */
1814 tor_snprintf(buf, sizeof(buf), "%d", *(int*)value);
1815 result->value = tor_strdup(buf);
1816 escape_val = 0; /* Can't need escape. */
1817 break;
1818 case CONFIG_TYPE_MEMUNIT:
1819 tor_snprintf(buf, sizeof(buf), U64_FORMAT,
1820 U64_PRINTF_ARG(*(uint64_t*)value));
1821 result->value = tor_strdup(buf);
1822 escape_val = 0; /* Can't need escape. */
1823 break;
1824 case CONFIG_TYPE_DOUBLE:
1825 tor_snprintf(buf, sizeof(buf), "%f", *(double*)value);
1826 result->value = tor_strdup(buf);
1827 escape_val = 0; /* Can't need escape. */
1828 break;
1829 case CONFIG_TYPE_BOOL:
1830 result->value = tor_strdup(*(int*)value ? "1" : "0");
1831 escape_val = 0; /* Can't need escape. */
1832 break;
1833 case CONFIG_TYPE_CSV:
1834 if (*(smartlist_t**)value)
1835 result->value =
1836 smartlist_join_strings(*(smartlist_t**)value, ",", 0, NULL);
1837 else
1838 result->value = tor_strdup("");
1839 break;
1840 case CONFIG_TYPE_OBSOLETE:
1841 log_warn(LD_CONFIG,
1842 "You asked me for the value of an obsolete config option '%s'.",
1843 key);
1844 tor_free(result->key);
1845 tor_free(result);
1846 return NULL;
1847 case CONFIG_TYPE_LINELIST_S:
1848 log_warn(LD_CONFIG,
1849 "Can't return context-sensitive '%s' on its own", key);
1850 tor_free(result->key);
1851 tor_free(result);
1852 return NULL;
1853 case CONFIG_TYPE_LINELIST:
1854 case CONFIG_TYPE_LINELIST_V:
1855 tor_free(result->key);
1856 tor_free(result);
1857 result = config_lines_dup(*(const config_line_t**)value);
1858 break;
1859 default:
1860 tor_free(result->key);
1861 tor_free(result);
1862 log_warn(LD_BUG,"Unknown type %d for known key '%s'",
1863 var->type, key);
1864 return NULL;
1867 if (escape_val) {
1868 config_line_t *line;
1869 for (line = result; line; line = line->next) {
1870 if (line->value && config_value_needs_escape(line->value)) {
1871 char *newval = esc_for_log(line->value);
1872 tor_free(line->value);
1873 line->value = newval;
1878 return result;
1881 /** Iterate through the linked list of requested options <b>list</b>.
1882 * For each item, convert as appropriate and assign to <b>options</b>.
1883 * If an item is unrecognized, set *msg and return -1 immediately,
1884 * else return 0 for success.
1886 * If <b>clear_first</b>, interpret config options as replacing (not
1887 * extending) their previous values. If <b>clear_first</b> is set,
1888 * then <b>use_defaults</b> to decide if you set to defaults after
1889 * clearing, or make the value 0 or NULL.
1891 * Here are the use cases:
1892 * 1. A non-empty AllowInvalid line in your torrc. Appends to current
1893 * if linelist, replaces current if csv.
1894 * 2. An empty AllowInvalid line in your torrc. Should clear it.
1895 * 3. "RESETCONF AllowInvalid" sets it to default.
1896 * 4. "SETCONF AllowInvalid" makes it NULL.
1897 * 5. "SETCONF AllowInvalid=foo" clears it and sets it to "foo".
1899 * Use_defaults Clear_first
1900 * 0 0 "append"
1901 * 1 0 undefined, don't use
1902 * 0 1 "set to null first"
1903 * 1 1 "set to defaults first"
1904 * Return 0 on success, -1 on bad key, -2 on bad value.
1906 * As an additional special case, if a LINELIST config option has
1907 * no value and clear_first is 0, then warn and ignore it.
1911 There are three call cases for config_assign() currently.
1913 Case one: Torrc entry
1914 options_init_from_torrc() calls config_assign(0, 0)
1915 calls config_assign_line(0, 0).
1916 if value is empty, calls option_reset(0) and returns.
1917 calls config_assign_value(), appends.
1919 Case two: setconf
1920 options_trial_assign() calls config_assign(0, 1)
1921 calls config_reset_line(0)
1922 calls option_reset(0)
1923 calls option_clear().
1924 calls config_assign_line(0, 1).
1925 if value is empty, returns.
1926 calls config_assign_value(), appends.
1928 Case three: resetconf
1929 options_trial_assign() calls config_assign(1, 1)
1930 calls config_reset_line(1)
1931 calls option_reset(1)
1932 calls option_clear().
1933 calls config_assign_value(default)
1934 calls config_assign_line(1, 1).
1935 returns.
1937 static int
1938 config_assign(config_format_t *fmt, void *options, config_line_t *list,
1939 int use_defaults, int clear_first, char **msg)
1941 config_line_t *p;
1943 CHECK(fmt, options);
1945 /* pass 1: normalize keys */
1946 for (p = list; p; p = p->next) {
1947 const char *full = expand_abbrev(fmt, p->key, 0, 1);
1948 if (strcmp(full,p->key)) {
1949 tor_free(p->key);
1950 p->key = tor_strdup(full);
1954 /* pass 2: if we're reading from a resetting source, clear all
1955 * mentioned config options, and maybe set to their defaults. */
1956 if (clear_first) {
1957 for (p = list; p; p = p->next)
1958 config_reset_line(fmt, options, p->key, use_defaults);
1961 /* pass 3: assign. */
1962 while (list) {
1963 int r;
1964 if ((r=config_assign_line(fmt, options, list, use_defaults,
1965 clear_first, msg)))
1966 return r;
1967 list = list->next;
1969 return 0;
1972 /** Try assigning <b>list</b> to the global options. You do this by duping
1973 * options, assigning list to the new one, then validating it. If it's
1974 * ok, then throw out the old one and stick with the new one. Else,
1975 * revert to old and return failure. Return 0 on success, -1 on bad
1976 * keys, -2 on bad values, -3 on bad transition, and -4 on failed-to-set.
1978 * If not success, point *<b>msg</b> to a newly allocated string describing
1979 * what went wrong.
1982 options_trial_assign(config_line_t *list, int use_defaults,
1983 int clear_first, char **msg)
1985 int r;
1986 or_options_t *trial_options = options_dup(&options_format, get_options());
1988 if ((r=config_assign(&options_format, trial_options,
1989 list, use_defaults, clear_first, msg)) < 0) {
1990 config_free(&options_format, trial_options);
1991 return r;
1994 if (options_validate(get_options(), trial_options, 1, msg) < 0) {
1995 config_free(&options_format, trial_options);
1996 return -2;
1999 if (options_transition_allowed(get_options(), trial_options, msg) < 0) {
2000 config_free(&options_format, trial_options);
2001 return -3;
2004 if (set_options(trial_options, msg)<0) {
2005 config_free(&options_format, trial_options);
2006 return -4;
2009 /* we liked it. put it in place. */
2010 return 0;
2013 /** Reset config option <b>var</b> to 0, 0.0, NULL, or the equivalent.
2014 * Called from option_reset() and config_free(). */
2015 static void
2016 option_clear(config_format_t *fmt, or_options_t *options, config_var_t *var)
2018 void *lvalue = STRUCT_VAR_P(options, var->var_offset);
2019 (void)fmt; /* unused */
2020 switch (var->type) {
2021 case CONFIG_TYPE_STRING:
2022 tor_free(*(char**)lvalue);
2023 break;
2024 case CONFIG_TYPE_DOUBLE:
2025 *(double*)lvalue = 0.0;
2026 break;
2027 case CONFIG_TYPE_ISOTIME:
2028 *(time_t*)lvalue = 0;
2029 case CONFIG_TYPE_INTERVAL:
2030 case CONFIG_TYPE_UINT:
2031 case CONFIG_TYPE_BOOL:
2032 *(int*)lvalue = 0;
2033 break;
2034 case CONFIG_TYPE_MEMUNIT:
2035 *(uint64_t*)lvalue = 0;
2036 break;
2037 case CONFIG_TYPE_CSV:
2038 if (*(smartlist_t**)lvalue) {
2039 SMARTLIST_FOREACH(*(smartlist_t **)lvalue, char *, cp, tor_free(cp));
2040 smartlist_free(*(smartlist_t **)lvalue);
2041 *(smartlist_t **)lvalue = NULL;
2043 break;
2044 case CONFIG_TYPE_LINELIST:
2045 case CONFIG_TYPE_LINELIST_S:
2046 config_free_lines(*(config_line_t **)lvalue);
2047 *(config_line_t **)lvalue = NULL;
2048 break;
2049 case CONFIG_TYPE_LINELIST_V:
2050 /* handled by linelist_s. */
2051 break;
2052 case CONFIG_TYPE_OBSOLETE:
2053 break;
2057 /** Clear the option indexed by <b>var</b> in <b>options</b>. Then if
2058 * <b>use_defaults</b>, set it to its default value.
2059 * Called by config_init() and option_reset_line() and option_assign_line(). */
2060 static void
2061 option_reset(config_format_t *fmt, or_options_t *options,
2062 config_var_t *var, int use_defaults)
2064 config_line_t *c;
2065 char *msg = NULL;
2066 CHECK(fmt, options);
2067 option_clear(fmt, options, var); /* clear it first */
2068 if (!use_defaults)
2069 return; /* all done */
2070 if (var->initvalue) {
2071 c = tor_malloc_zero(sizeof(config_line_t));
2072 c->key = tor_strdup(var->name);
2073 c->value = tor_strdup(var->initvalue);
2074 if (config_assign_value(fmt, options, c, &msg) < 0) {
2075 log_warn(LD_BUG, "Failed to assign default: %s", msg);
2076 tor_free(msg); /* if this happens it's a bug */
2078 config_free_lines(c);
2082 /** Print a usage message for tor. */
2083 static void
2084 print_usage(void)
2086 printf(
2087 "Copyright (c) 2001-2004, Roger Dingledine\n"
2088 "Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n"
2089 "Copyright (c) 2007-2008, The Tor Project, Inc.\n\n"
2090 "tor -f <torrc> [args]\n"
2091 "See man page for options, or https://www.torproject.org/ for "
2092 "documentation.\n");
2095 /** Print all non-obsolete torrc options. */
2096 static void
2097 list_torrc_options(void)
2099 int i;
2100 smartlist_t *lines = smartlist_create();
2101 for (i = 0; _option_vars[i].name; ++i) {
2102 config_var_t *var = &_option_vars[i];
2103 const char *desc;
2104 if (var->type == CONFIG_TYPE_OBSOLETE ||
2105 var->type == CONFIG_TYPE_LINELIST_V)
2106 continue;
2107 desc = config_find_description(&options_format, var->name);
2108 printf("%s\n", var->name);
2109 if (desc) {
2110 wrap_string(lines, desc, 76, " ", " ");
2111 SMARTLIST_FOREACH(lines, char *, cp, {
2112 printf("%s", cp);
2113 tor_free(cp);
2115 smartlist_clear(lines);
2118 smartlist_free(lines);
2121 /** Last value actually set by resolve_my_address. */
2122 static uint32_t last_resolved_addr = 0;
2124 * Based on <b>options-\>Address</b>, guess our public IP address and put it
2125 * (in host order) into *<b>addr_out</b>. If <b>hostname_out</b> is provided,
2126 * set *<b>hostname_out</b> to a new string holding the hostname we used to
2127 * get the address. Return 0 if all is well, or -1 if we can't find a suitable
2128 * public IP address.
2131 resolve_my_address(int warn_severity, or_options_t *options,
2132 uint32_t *addr_out, char **hostname_out)
2134 struct in_addr in;
2135 struct hostent *rent;
2136 char hostname[256];
2137 int explicit_ip=1;
2138 int explicit_hostname=1;
2139 int from_interface=0;
2140 char tmpbuf[INET_NTOA_BUF_LEN];
2141 const char *address = options->Address;
2142 int notice_severity = warn_severity <= LOG_NOTICE ?
2143 LOG_NOTICE : warn_severity;
2145 tor_assert(addr_out);
2147 if (address && *address) {
2148 strlcpy(hostname, address, sizeof(hostname));
2149 } else { /* then we need to guess our address */
2150 explicit_ip = 0; /* it's implicit */
2151 explicit_hostname = 0; /* it's implicit */
2153 if (gethostname(hostname, sizeof(hostname)) < 0) {
2154 log_fn(warn_severity, LD_NET,"Error obtaining local hostname");
2155 return -1;
2157 log_debug(LD_CONFIG,"Guessed local host name as '%s'",hostname);
2160 /* now we know hostname. resolve it and keep only the IP address */
2162 if (tor_inet_aton(hostname, &in) == 0) {
2163 /* then we have to resolve it */
2164 explicit_ip = 0;
2165 rent = (struct hostent *)gethostbyname(hostname);
2166 if (!rent) {
2167 uint32_t interface_ip;
2169 if (explicit_hostname) {
2170 log_fn(warn_severity, LD_CONFIG,
2171 "Could not resolve local Address '%s'. Failing.", hostname);
2172 return -1;
2174 log_fn(notice_severity, LD_CONFIG,
2175 "Could not resolve guessed local hostname '%s'. "
2176 "Trying something else.", hostname);
2177 if (get_interface_address(warn_severity, &interface_ip)) {
2178 log_fn(warn_severity, LD_CONFIG,
2179 "Could not get local interface IP address. Failing.");
2180 return -1;
2182 from_interface = 1;
2183 in.s_addr = htonl(interface_ip);
2184 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2185 log_fn(notice_severity, LD_CONFIG, "Learned IP address '%s' for "
2186 "local interface. Using that.", tmpbuf);
2187 strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname));
2188 } else {
2189 tor_assert(rent->h_length == 4);
2190 memcpy(&in.s_addr, rent->h_addr, rent->h_length);
2192 if (!explicit_hostname &&
2193 is_internal_IP(ntohl(in.s_addr), 0)) {
2194 uint32_t interface_ip;
2196 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2197 log_fn(notice_severity, LD_CONFIG, "Guessed local hostname '%s' "
2198 "resolves to a private IP address (%s). Trying something "
2199 "else.", hostname, tmpbuf);
2201 if (get_interface_address(warn_severity, &interface_ip)) {
2202 log_fn(warn_severity, LD_CONFIG,
2203 "Could not get local interface IP address. Too bad.");
2204 } else if (is_internal_IP(interface_ip, 0)) {
2205 struct in_addr in2;
2206 in2.s_addr = htonl(interface_ip);
2207 tor_inet_ntoa(&in2,tmpbuf,sizeof(tmpbuf));
2208 log_fn(notice_severity, LD_CONFIG,
2209 "Interface IP address '%s' is a private address too. "
2210 "Ignoring.", tmpbuf);
2211 } else {
2212 from_interface = 1;
2213 in.s_addr = htonl(interface_ip);
2214 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2215 log_fn(notice_severity, LD_CONFIG,
2216 "Learned IP address '%s' for local interface."
2217 " Using that.", tmpbuf);
2218 strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname));
2224 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2225 if (is_internal_IP(ntohl(in.s_addr), 0) &&
2226 options->_PublishServerDescriptor) {
2227 /* make sure we're ok with publishing an internal IP */
2228 if (!options->DirServers && !options->AlternateDirAuthority) {
2229 /* if they are using the default dirservers, disallow internal IPs
2230 * always. */
2231 log_fn(warn_severity, LD_CONFIG,
2232 "Address '%s' resolves to private IP address '%s'. "
2233 "Tor servers that use the default DirServers must have public "
2234 "IP addresses.", hostname, tmpbuf);
2235 return -1;
2237 if (!explicit_ip) {
2238 /* even if they've set their own dirservers, require an explicit IP if
2239 * they're using an internal address. */
2240 log_fn(warn_severity, LD_CONFIG, "Address '%s' resolves to private "
2241 "IP address '%s'. Please set the Address config option to be "
2242 "the IP address you want to use.", hostname, tmpbuf);
2243 return -1;
2247 log_debug(LD_CONFIG, "Resolved Address to '%s'.", tmpbuf);
2248 *addr_out = ntohl(in.s_addr);
2249 if (last_resolved_addr && last_resolved_addr != *addr_out) {
2250 /* Leave this as a notice, regardless of the requested severity,
2251 * at least until dynamic IP address support becomes bulletproof. */
2252 log_notice(LD_NET,
2253 "Your IP address seems to have changed to %s. Updating.",
2254 tmpbuf);
2255 ip_address_changed(0);
2257 if (last_resolved_addr != *addr_out) {
2258 const char *method;
2259 const char *h = hostname;
2260 if (explicit_ip) {
2261 method = "CONFIGURED";
2262 h = NULL;
2263 } else if (explicit_hostname) {
2264 method = "RESOLVED";
2265 } else if (from_interface) {
2266 method = "INTERFACE";
2267 h = NULL;
2268 } else {
2269 method = "GETHOSTNAME";
2271 control_event_server_status(LOG_NOTICE,
2272 "EXTERNAL_ADDRESS ADDRESS=%s METHOD=%s %s%s",
2273 tmpbuf, method, h?"HOSTNAME=":"", h);
2275 last_resolved_addr = *addr_out;
2276 if (hostname_out)
2277 *hostname_out = tor_strdup(hostname);
2278 return 0;
2281 /** Return true iff <b>ip</b> (in host order) is judged to be on the
2282 * same network as us, or on a private network.
2285 is_local_IP(uint32_t ip)
2287 if (is_internal_IP(ip, 0))
2288 return 1;
2289 /* Check whether ip is on the same /24 as we are. */
2290 if (get_options()->EnforceDistinctSubnets == 0)
2291 return 0;
2292 /* It's possible that this next check will hit before the first time
2293 * resolve_my_address actually succeeds. (For clients, it is likely that
2294 * resolve_my_address will never be called at all). In those cases,
2295 * last_resolved_addr will be 0, and so checking to see whether ip is on the
2296 * same /24 as last_resolved_addr will be the same as checking whether it
2297 * was on net 0, which is already done by is_internal_IP.
2299 if ((last_resolved_addr & 0xffffff00ul) == (ip & 0xffffff00ul))
2300 return 1;
2301 return 0;
2304 /** Called when we don't have a nickname set. Try to guess a good nickname
2305 * based on the hostname, and return it in a newly allocated string. If we
2306 * can't, return NULL and let the caller warn if it wants to. */
2307 static char *
2308 get_default_nickname(void)
2310 static const char * const bad_default_nicknames[] = {
2311 "localhost",
2312 NULL,
2314 char localhostname[256];
2315 char *cp, *out, *outp;
2316 int i;
2318 if (gethostname(localhostname, sizeof(localhostname)) < 0)
2319 return NULL;
2321 /* Put it in lowercase; stop at the first dot. */
2322 if ((cp = strchr(localhostname, '.')))
2323 *cp = '\0';
2324 tor_strlower(localhostname);
2326 /* Strip invalid characters. */
2327 cp = localhostname;
2328 out = outp = tor_malloc(strlen(localhostname) + 1);
2329 while (*cp) {
2330 if (strchr(LEGAL_NICKNAME_CHARACTERS, *cp))
2331 *outp++ = *cp++;
2332 else
2333 cp++;
2335 *outp = '\0';
2337 /* Enforce length. */
2338 if (strlen(out) > MAX_NICKNAME_LEN)
2339 out[MAX_NICKNAME_LEN]='\0';
2341 /* Check for dumb names. */
2342 for (i = 0; bad_default_nicknames[i]; ++i) {
2343 if (!strcmp(out, bad_default_nicknames[i])) {
2344 tor_free(out);
2345 return NULL;
2349 return out;
2352 /** Release storage held by <b>options</b>. */
2353 static void
2354 config_free(config_format_t *fmt, void *options)
2356 int i;
2358 tor_assert(options);
2360 for (i=0; fmt->vars[i].name; ++i)
2361 option_clear(fmt, options, &(fmt->vars[i]));
2362 if (fmt->extra) {
2363 config_line_t **linep = STRUCT_VAR_P(options, fmt->extra->var_offset);
2364 config_free_lines(*linep);
2365 *linep = NULL;
2367 tor_free(options);
2370 /** Return true iff a and b contain identical keys and values in identical
2371 * order. */
2372 static int
2373 config_lines_eq(config_line_t *a, config_line_t *b)
2375 while (a && b) {
2376 if (strcasecmp(a->key, b->key) || strcmp(a->value, b->value))
2377 return 0;
2378 a = a->next;
2379 b = b->next;
2381 if (a || b)
2382 return 0;
2383 return 1;
2386 /** Return true iff the option <b>name</b> has the same value in <b>o1</b>
2387 * and <b>o2</b>. Must not be called for LINELIST_S or OBSOLETE options.
2389 static int
2390 option_is_same(config_format_t *fmt,
2391 or_options_t *o1, or_options_t *o2, const char *name)
2393 config_line_t *c1, *c2;
2394 int r = 1;
2395 CHECK(fmt, o1);
2396 CHECK(fmt, o2);
2398 c1 = get_assigned_option(fmt, o1, name, 0);
2399 c2 = get_assigned_option(fmt, o2, name, 0);
2400 r = config_lines_eq(c1, c2);
2401 config_free_lines(c1);
2402 config_free_lines(c2);
2403 return r;
2406 /** Copy storage held by <b>old</b> into a new or_options_t and return it. */
2407 static or_options_t *
2408 options_dup(config_format_t *fmt, or_options_t *old)
2410 or_options_t *newopts;
2411 int i;
2412 config_line_t *line;
2414 newopts = config_alloc(fmt);
2415 for (i=0; fmt->vars[i].name; ++i) {
2416 if (fmt->vars[i].type == CONFIG_TYPE_LINELIST_S)
2417 continue;
2418 if (fmt->vars[i].type == CONFIG_TYPE_OBSOLETE)
2419 continue;
2420 line = get_assigned_option(fmt, old, fmt->vars[i].name, 0);
2421 if (line) {
2422 char *msg = NULL;
2423 if (config_assign(fmt, newopts, line, 0, 0, &msg) < 0) {
2424 log_err(LD_BUG, "Config_get_assigned_option() generated "
2425 "something we couldn't config_assign(): %s", msg);
2426 tor_free(msg);
2427 tor_assert(0);
2430 config_free_lines(line);
2432 return newopts;
2435 /** Return a new empty or_options_t. Used for testing. */
2436 or_options_t *
2437 options_new(void)
2439 return config_alloc(&options_format);
2442 /** Set <b>options</b> to hold reasonable defaults for most options.
2443 * Each option defaults to zero. */
2444 void
2445 options_init(or_options_t *options)
2447 config_init(&options_format, options);
2450 /** Set all vars in the configuration object <b>options</b> to their default
2451 * values. */
2452 static void
2453 config_init(config_format_t *fmt, void *options)
2455 int i;
2456 config_var_t *var;
2457 CHECK(fmt, options);
2459 for (i=0; fmt->vars[i].name; ++i) {
2460 var = &fmt->vars[i];
2461 if (!var->initvalue)
2462 continue; /* defaults to NULL or 0 */
2463 option_reset(fmt, options, var, 1);
2467 /** Allocate and return a new string holding the written-out values of the vars
2468 * in 'options'. If 'minimal', do not write out any default-valued vars.
2469 * Else, if comment_defaults, write default values as comments.
2471 static char *
2472 config_dump(config_format_t *fmt, void *options, int minimal,
2473 int comment_defaults)
2475 smartlist_t *elements;
2476 or_options_t *defaults;
2477 config_line_t *line, *assigned;
2478 char *result;
2479 int i;
2480 const char *desc;
2481 char *msg = NULL;
2483 defaults = config_alloc(fmt);
2484 config_init(fmt, defaults);
2486 /* XXX use a 1 here so we don't add a new log line while dumping */
2487 if (fmt->validate_fn(NULL,defaults, 1, &msg) < 0) {
2488 log_err(LD_BUG, "Failed to validate default config.");
2489 tor_free(msg);
2490 tor_assert(0);
2493 elements = smartlist_create();
2494 for (i=0; fmt->vars[i].name; ++i) {
2495 int comment_option = 0;
2496 if (fmt->vars[i].type == CONFIG_TYPE_OBSOLETE ||
2497 fmt->vars[i].type == CONFIG_TYPE_LINELIST_S)
2498 continue;
2499 /* Don't save 'hidden' control variables. */
2500 if (!strcmpstart(fmt->vars[i].name, "__"))
2501 continue;
2502 if (minimal && option_is_same(fmt, options, defaults, fmt->vars[i].name))
2503 continue;
2504 else if (comment_defaults &&
2505 option_is_same(fmt, options, defaults, fmt->vars[i].name))
2506 comment_option = 1;
2508 desc = config_find_description(fmt, fmt->vars[i].name);
2509 line = assigned = get_assigned_option(fmt, options, fmt->vars[i].name, 1);
2511 if (line && desc) {
2512 /* Only dump the description if there's something to describe. */
2513 wrap_string(elements, desc, 78, "# ", "# ");
2516 for (; line; line = line->next) {
2517 size_t len = strlen(line->key) + strlen(line->value) + 5;
2518 char *tmp;
2519 tmp = tor_malloc(len);
2520 if (tor_snprintf(tmp, len, "%s%s %s\n",
2521 comment_option ? "# " : "",
2522 line->key, line->value)<0) {
2523 log_err(LD_BUG,"Internal error writing option value");
2524 tor_assert(0);
2526 smartlist_add(elements, tmp);
2528 config_free_lines(assigned);
2531 if (fmt->extra) {
2532 line = *(config_line_t**)STRUCT_VAR_P(options, fmt->extra->var_offset);
2533 for (; line; line = line->next) {
2534 size_t len = strlen(line->key) + strlen(line->value) + 3;
2535 char *tmp;
2536 tmp = tor_malloc(len);
2537 if (tor_snprintf(tmp, len, "%s %s\n", line->key, line->value)<0) {
2538 log_err(LD_BUG,"Internal error writing option value");
2539 tor_assert(0);
2541 smartlist_add(elements, tmp);
2545 result = smartlist_join_strings(elements, "", 0, NULL);
2546 SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2547 smartlist_free(elements);
2548 config_free(fmt, defaults);
2549 return result;
2552 /** Return a string containing a possible configuration file that would give
2553 * the configuration in <b>options</b>. If <b>minimal</b> is true, do not
2554 * include options that are the same as Tor's defaults.
2556 static char *
2557 options_dump(or_options_t *options, int minimal)
2559 return config_dump(&options_format, options, minimal, 0);
2562 /** Return 0 if every element of sl is a string holding a decimal
2563 * representation of a port number, or if sl is NULL.
2564 * Otherwise set *msg and return -1. */
2565 static int
2566 validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
2568 int i;
2569 char buf[1024];
2570 tor_assert(name);
2572 if (!sl)
2573 return 0;
2575 SMARTLIST_FOREACH(sl, const char *, cp,
2577 i = atoi(cp);
2578 if (i < 1 || i > 65535) {
2579 int r = tor_snprintf(buf, sizeof(buf),
2580 "Port '%s' out of range in %s", cp, name);
2581 *msg = tor_strdup(r >= 0 ? buf : "internal error");
2582 return -1;
2585 return 0;
2588 /** If <b>value</b> exceeds ROUTER_MAX_DECLARED_BANDWIDTH, write
2589 * a complaint into *<b>msg</b> using string <b>desc</b>, and return -1.
2590 * Else return 0.
2592 static int
2593 ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
2595 int r;
2596 char buf[1024];
2597 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2598 /* This handles an understandable special case where somebody says "2gb"
2599 * whereas our actual maximum is 2gb-1 (INT_MAX) */
2600 --*value;
2602 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2603 r = tor_snprintf(buf, sizeof(buf), "%s ("U64_FORMAT") must be at most %d",
2604 desc, U64_PRINTF_ARG(*value),
2605 ROUTER_MAX_DECLARED_BANDWIDTH);
2606 *msg = tor_strdup(r >= 0 ? buf : "internal error");
2607 return -1;
2609 return 0;
2612 /** Parse an authority type from <b>options</b>-\>PublishServerDescriptor
2613 * and write it to <b>options</b>-\>_PublishServerDescriptor. Treat "1"
2614 * as "v2,v3" unless BridgeRelay is 1, in which case treat it as "bridge".
2615 * Treat "0" as "".
2616 * Return 0 on success or -1 if not a recognized authority type (in which
2617 * case the value of _PublishServerDescriptor is undefined). */
2618 static int
2619 compute_publishserverdescriptor(or_options_t *options)
2621 smartlist_t *list = options->PublishServerDescriptor;
2622 authority_type_t *auth = &options->_PublishServerDescriptor;
2623 *auth = NO_AUTHORITY;
2624 if (!list) /* empty list, answer is none */
2625 return 0;
2626 SMARTLIST_FOREACH(list, const char *, string, {
2627 if (!strcasecmp(string, "v1"))
2628 *auth |= V1_AUTHORITY;
2629 else if (!strcmp(string, "1"))
2630 if (options->BridgeRelay)
2631 *auth |= BRIDGE_AUTHORITY;
2632 else
2633 *auth |= V2_AUTHORITY | V3_AUTHORITY;
2634 else if (!strcasecmp(string, "v2"))
2635 *auth |= V2_AUTHORITY;
2636 else if (!strcasecmp(string, "v3"))
2637 *auth |= V3_AUTHORITY;
2638 else if (!strcasecmp(string, "bridge"))
2639 *auth |= BRIDGE_AUTHORITY;
2640 else if (!strcasecmp(string, "hidserv"))
2641 *auth |= HIDSERV_AUTHORITY;
2642 else if (!strcasecmp(string, "") || !strcmp(string, "0"))
2643 /* no authority */;
2644 else
2645 return -1;
2647 return 0;
2650 /** Lowest allowable value for RendPostPeriod; if this is too low, hidden
2651 * services can overload the directory system. */
2652 #define MIN_REND_POST_PERIOD (10*60)
2654 /** Highest allowable value for RendPostPeriod. */
2655 #define MAX_DIR_PERIOD (MIN_ONION_KEY_LIFETIME/2)
2657 /** Return 0 if every setting in <b>options</b> is reasonable, and a
2658 * permissible transition from <b>old_options</b>. Else return -1.
2659 * Should have no side effects, except for normalizing the contents of
2660 * <b>options</b>.
2662 * On error, tor_strdup an error explanation into *<b>msg</b>.
2664 * XXX
2665 * If <b>from_setconf</b>, we were called by the controller, and our
2666 * Log line should stay empty. If it's 0, then give us a default log
2667 * if there are no logs defined.
2669 static int
2670 options_validate(or_options_t *old_options, or_options_t *options,
2671 int from_setconf, char **msg)
2673 int i, r;
2674 config_line_t *cl;
2675 const char *uname = get_uname();
2676 char buf[1024];
2677 #define REJECT(arg) \
2678 STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
2679 #define COMPLAIN(arg) STMT_BEGIN log(LOG_WARN, LD_CONFIG, arg); STMT_END
2681 tor_assert(msg);
2682 *msg = NULL;
2684 if (options->ORPort < 0 || options->ORPort > 65535)
2685 REJECT("ORPort option out of bounds.");
2687 if (server_mode(options) &&
2688 (!strcmpstart(uname, "Windows 95") ||
2689 !strcmpstart(uname, "Windows 98") ||
2690 !strcmpstart(uname, "Windows Me"))) {
2691 log(LOG_WARN, LD_CONFIG, "Tor is running as a server, but you are "
2692 "running %s; this probably won't work. See "
2693 "http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerOS "
2694 "for details.", uname);
2697 if (options->ORPort == 0 && options->ORListenAddress != NULL)
2698 REJECT("ORPort must be defined if ORListenAddress is defined.");
2700 if (options->DirPort == 0 && options->DirListenAddress != NULL)
2701 REJECT("DirPort must be defined if DirListenAddress is defined.");
2703 if (options->DNSPort == 0 && options->DNSListenAddress != NULL)
2704 REJECT("DNSPort must be defined if DNSListenAddress is defined.");
2706 if (options->ControlPort == 0 && options->ControlListenAddress != NULL)
2707 REJECT("ControlPort must be defined if ControlListenAddress is defined.");
2709 if (options->TransPort == 0 && options->TransListenAddress != NULL)
2710 REJECT("TransPort must be defined if TransListenAddress is defined.");
2712 if (options->NatdPort == 0 && options->NatdListenAddress != NULL)
2713 REJECT("NatdPort must be defined if NatdListenAddress is defined.");
2715 /* Don't gripe about SocksPort 0 with SocksListenAddress set; a standard
2716 * configuration does this. */
2718 for (i = 0; i < 3; ++i) {
2719 int is_socks = i==0;
2720 int is_trans = i==1;
2721 config_line_t *line, *opt, *old;
2722 const char *tp;
2723 if (is_socks) {
2724 opt = options->SocksListenAddress;
2725 old = old_options ? old_options->SocksListenAddress : NULL;
2726 tp = "SOCKS proxy";
2727 } else if (is_trans) {
2728 opt = options->TransListenAddress;
2729 old = old_options ? old_options->TransListenAddress : NULL;
2730 tp = "transparent proxy";
2731 } else {
2732 opt = options->NatdListenAddress;
2733 old = old_options ? old_options->NatdListenAddress : NULL;
2734 tp = "natd proxy";
2737 for (line = opt; line; line = line->next) {
2738 char *address = NULL;
2739 uint16_t port;
2740 uint32_t addr;
2741 if (parse_addr_port(LOG_WARN, line->value, &address, &addr, &port)<0)
2742 continue; /* We'll warn about this later. */
2743 if (!is_internal_IP(addr, 1) &&
2744 (!old_options || !config_lines_eq(old, opt))) {
2745 log_warn(LD_CONFIG,
2746 "You specified a public address '%s' for a %s. Other "
2747 "people on the Internet might find your computer and use it as "
2748 "an open %s. Please don't allow this unless you have "
2749 "a good reason.", address, tp, tp);
2751 tor_free(address);
2755 if (validate_data_directory(options)<0)
2756 REJECT("Invalid DataDirectory");
2758 if (options->Nickname == NULL) {
2759 if (server_mode(options)) {
2760 if (!(options->Nickname = get_default_nickname())) {
2761 log_notice(LD_CONFIG, "Couldn't pick a nickname based on "
2762 "our hostname; using %s instead.", UNNAMED_ROUTER_NICKNAME);
2763 options->Nickname = tor_strdup(UNNAMED_ROUTER_NICKNAME);
2764 } else {
2765 log_notice(LD_CONFIG, "Choosing default nickname '%s'",
2766 options->Nickname);
2769 } else {
2770 if (!is_legal_nickname(options->Nickname)) {
2771 r = tor_snprintf(buf, sizeof(buf),
2772 "Nickname '%s' is wrong length or contains illegal characters.",
2773 options->Nickname);
2774 *msg = tor_strdup(r >= 0 ? buf : "internal error");
2775 return -1;
2779 if (server_mode(options) && !options->ContactInfo)
2780 log(LOG_NOTICE, LD_CONFIG, "Your ContactInfo config option is not set. "
2781 "Please consider setting it, so we can contact you if your server is "
2782 "misconfigured or something else goes wrong.");
2784 /* Special case on first boot if no Log options are given. */
2785 if (!options->Logs && !options->RunAsDaemon && !from_setconf)
2786 config_line_append(&options->Logs, "Log", "notice stdout");
2788 if (options_init_logs(options, 1)<0) /* Validate the log(s) */
2789 REJECT("Failed to validate Log options. See logs for details.");
2791 if (options->NoPublish) {
2792 log(LOG_WARN, LD_CONFIG,
2793 "NoPublish is obsolete. Use PublishServerDescriptor instead.");
2794 SMARTLIST_FOREACH(options->PublishServerDescriptor, char *, s,
2795 tor_free(s));
2796 smartlist_clear(options->PublishServerDescriptor);
2799 if (authdir_mode(options)) {
2800 /* confirm that our address isn't broken, so we can complain now */
2801 uint32_t tmp;
2802 if (resolve_my_address(LOG_WARN, options, &tmp, NULL) < 0)
2803 REJECT("Failed to resolve/guess local address. See logs for details.");
2806 #ifndef MS_WINDOWS
2807 if (options->RunAsDaemon && torrc_fname && path_is_relative(torrc_fname))
2808 REJECT("Can't use a relative path to torrc when RunAsDaemon is set.");
2809 #endif
2811 if (options->SocksPort < 0 || options->SocksPort > 65535)
2812 REJECT("SocksPort option out of bounds.");
2814 if (options->DNSPort < 0 || options->DNSPort > 65535)
2815 REJECT("DNSPort option out of bounds.");
2817 if (options->TransPort < 0 || options->TransPort > 65535)
2818 REJECT("TransPort option out of bounds.");
2820 if (options->NatdPort < 0 || options->NatdPort > 65535)
2821 REJECT("NatdPort option out of bounds.");
2823 if (options->SocksPort == 0 && options->TransPort == 0 &&
2824 options->NatdPort == 0 && options->ORPort == 0 &&
2825 options->DNSPort == 0 && !options->RendConfigLines)
2826 log(LOG_WARN, LD_CONFIG,
2827 "SocksPort, TransPort, NatdPort, DNSPort, and ORPort are all "
2828 "undefined, and there aren't any hidden services configured. "
2829 "Tor will still run, but probably won't do anything.");
2831 if (options->ControlPort < 0 || options->ControlPort > 65535)
2832 REJECT("ControlPort option out of bounds.");
2834 if (options->DirPort < 0 || options->DirPort > 65535)
2835 REJECT("DirPort option out of bounds.");
2837 #ifndef USE_TRANSPARENT
2838 if (options->TransPort || options->TransListenAddress)
2839 REJECT("TransPort and TransListenAddress are disabled in this build.");
2840 #endif
2842 if (options->StrictExitNodes &&
2843 (!options->ExitNodes || !strlen(options->ExitNodes)) &&
2844 (!old_options ||
2845 (old_options->StrictExitNodes != options->StrictExitNodes) ||
2846 (!opt_streq(old_options->ExitNodes, options->ExitNodes))))
2847 COMPLAIN("StrictExitNodes set, but no ExitNodes listed.");
2849 if (options->StrictEntryNodes &&
2850 (!options->EntryNodes || !strlen(options->EntryNodes)) &&
2851 (!old_options ||
2852 (old_options->StrictEntryNodes != options->StrictEntryNodes) ||
2853 (!opt_streq(old_options->EntryNodes, options->EntryNodes))))
2854 COMPLAIN("StrictEntryNodes set, but no EntryNodes listed.");
2856 if (options->AuthoritativeDir) {
2857 if (!options->ContactInfo)
2858 REJECT("Authoritative directory servers must set ContactInfo");
2859 if (options->V1AuthoritativeDir && !options->RecommendedVersions)
2860 REJECT("V1 auth dir servers must set RecommendedVersions.");
2861 if (!options->RecommendedClientVersions)
2862 options->RecommendedClientVersions =
2863 config_lines_dup(options->RecommendedVersions);
2864 if (!options->RecommendedServerVersions)
2865 options->RecommendedServerVersions =
2866 config_lines_dup(options->RecommendedVersions);
2867 if (options->VersioningAuthoritativeDir &&
2868 (!options->RecommendedClientVersions ||
2869 !options->RecommendedServerVersions))
2870 REJECT("Versioning auth dir servers must set Recommended*Versions.");
2871 if (options->UseEntryGuards) {
2872 log_info(LD_CONFIG, "Authoritative directory servers can't set "
2873 "UseEntryGuards. Disabling.");
2874 options->UseEntryGuards = 0;
2876 if (!options->DownloadExtraInfo && authdir_mode_any_main(options)) {
2877 log_info(LD_CONFIG, "Authoritative directories always try to download "
2878 "extra-info documents. Setting DownloadExtraInfo.");
2879 options->DownloadExtraInfo = 1;
2881 if (!(options->BridgeAuthoritativeDir || options->HSAuthoritativeDir ||
2882 options->V1AuthoritativeDir || options->V2AuthoritativeDir ||
2883 options->V3AuthoritativeDir))
2884 REJECT("AuthoritativeDir is set, but none of "
2885 "(Bridge/HS/V1/V2/V3)AuthoritativeDir is set.");
2888 if (options->AuthoritativeDir && !options->DirPort)
2889 REJECT("Running as authoritative directory, but no DirPort set.");
2891 if (options->AuthoritativeDir && !options->ORPort)
2892 REJECT("Running as authoritative directory, but no ORPort set.");
2894 if (options->AuthoritativeDir && options->ClientOnly)
2895 REJECT("Running as authoritative directory, but ClientOnly also set.");
2897 if (options->HSAuthorityRecordStats && !options->HSAuthoritativeDir)
2898 REJECT("HSAuthorityRecordStats is set but we're not running as "
2899 "a hidden service authority.");
2901 if (options->HidServDirectoryV2 && !options->DirPort)
2902 REJECT("Running as hidden service directory, but no DirPort set.");
2904 if (options->ConnLimit <= 0) {
2905 r = tor_snprintf(buf, sizeof(buf),
2906 "ConnLimit must be greater than 0, but was set to %d",
2907 options->ConnLimit);
2908 *msg = tor_strdup(r >= 0 ? buf : "internal error");
2909 return -1;
2912 if (validate_ports_csv(options->FirewallPorts, "FirewallPorts", msg) < 0)
2913 return -1;
2915 if (validate_ports_csv(options->LongLivedPorts, "LongLivedPorts", msg) < 0)
2916 return -1;
2918 if (validate_ports_csv(options->RejectPlaintextPorts,
2919 "RejectPlaintextPorts", msg) < 0)
2920 return -1;
2922 if (validate_ports_csv(options->WarnPlaintextPorts,
2923 "WarnPlaintextPorts", msg) < 0)
2924 return -1;
2926 if (options->FascistFirewall && !options->ReachableAddresses) {
2927 if (options->FirewallPorts && smartlist_len(options->FirewallPorts)) {
2928 /* We already have firewall ports set, so migrate them to
2929 * ReachableAddresses, which will set ReachableORAddresses and
2930 * ReachableDirAddresses if they aren't set explicitly. */
2931 smartlist_t *instead = smartlist_create();
2932 config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
2933 new_line->key = tor_strdup("ReachableAddresses");
2934 /* If we're configured with the old format, we need to prepend some
2935 * open ports. */
2936 SMARTLIST_FOREACH(options->FirewallPorts, const char *, portno,
2938 int p = atoi(portno);
2939 char *s;
2940 if (p<0) continue;
2941 s = tor_malloc(16);
2942 tor_snprintf(s, 16, "*:%d", p);
2943 smartlist_add(instead, s);
2945 new_line->value = smartlist_join_strings(instead,",",0,NULL);
2946 /* These have been deprecated since 0.1.1.5-alpha-cvs */
2947 log(LOG_NOTICE, LD_CONFIG,
2948 "Converting FascistFirewall and FirewallPorts "
2949 "config options to new format: \"ReachableAddresses %s\"",
2950 new_line->value);
2951 options->ReachableAddresses = new_line;
2952 SMARTLIST_FOREACH(instead, char *, cp, tor_free(cp));
2953 smartlist_free(instead);
2954 } else {
2955 /* We do not have FirewallPorts set, so add 80 to
2956 * ReachableDirAddresses, and 443 to ReachableORAddresses. */
2957 if (!options->ReachableDirAddresses) {
2958 config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
2959 new_line->key = tor_strdup("ReachableDirAddresses");
2960 new_line->value = tor_strdup("*:80");
2961 options->ReachableDirAddresses = new_line;
2962 log(LOG_NOTICE, LD_CONFIG, "Converting FascistFirewall config option "
2963 "to new format: \"ReachableDirAddresses *:80\"");
2965 if (!options->ReachableORAddresses) {
2966 config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
2967 new_line->key = tor_strdup("ReachableORAddresses");
2968 new_line->value = tor_strdup("*:443");
2969 options->ReachableORAddresses = new_line;
2970 log(LOG_NOTICE, LD_CONFIG, "Converting FascistFirewall config option "
2971 "to new format: \"ReachableORAddresses *:443\"");
2976 for (i=0; i<3; i++) {
2977 config_line_t **linep =
2978 (i==0) ? &options->ReachableAddresses :
2979 (i==1) ? &options->ReachableORAddresses :
2980 &options->ReachableDirAddresses;
2981 if (!*linep)
2982 continue;
2983 /* We need to end with a reject *:*, not an implicit accept *:* */
2984 for (;;) {
2985 if (!strcmp((*linep)->value, "reject *:*")) /* already there */
2986 break;
2987 linep = &((*linep)->next);
2988 if (!*linep) {
2989 *linep = tor_malloc_zero(sizeof(config_line_t));
2990 (*linep)->key = tor_strdup(
2991 (i==0) ? "ReachableAddresses" :
2992 (i==1) ? "ReachableORAddresses" :
2993 "ReachableDirAddresses");
2994 (*linep)->value = tor_strdup("reject *:*");
2995 break;
3000 if ((options->ReachableAddresses ||
3001 options->ReachableORAddresses ||
3002 options->ReachableDirAddresses) &&
3003 server_mode(options))
3004 REJECT("Servers must be able to freely connect to the rest "
3005 "of the Internet, so they must not set Reachable*Addresses "
3006 "or FascistFirewall.");
3008 if (options->UseBridges &&
3009 server_mode(options))
3010 REJECT("Servers must be able to freely connect to the rest "
3011 "of the Internet, so they must not set UseBridges.");
3013 options->_AllowInvalid = 0;
3014 if (options->AllowInvalidNodes) {
3015 SMARTLIST_FOREACH(options->AllowInvalidNodes, const char *, cp, {
3016 if (!strcasecmp(cp, "entry"))
3017 options->_AllowInvalid |= ALLOW_INVALID_ENTRY;
3018 else if (!strcasecmp(cp, "exit"))
3019 options->_AllowInvalid |= ALLOW_INVALID_EXIT;
3020 else if (!strcasecmp(cp, "middle"))
3021 options->_AllowInvalid |= ALLOW_INVALID_MIDDLE;
3022 else if (!strcasecmp(cp, "introduction"))
3023 options->_AllowInvalid |= ALLOW_INVALID_INTRODUCTION;
3024 else if (!strcasecmp(cp, "rendezvous"))
3025 options->_AllowInvalid |= ALLOW_INVALID_RENDEZVOUS;
3026 else {
3027 r = tor_snprintf(buf, sizeof(buf),
3028 "Unrecognized value '%s' in AllowInvalidNodes", cp);
3029 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3030 return -1;
3035 if (compute_publishserverdescriptor(options) < 0) {
3036 r = tor_snprintf(buf, sizeof(buf),
3037 "Unrecognized value in PublishServerDescriptor");
3038 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3039 return -1;
3042 if (options->MinUptimeHidServDirectoryV2 < 0) {
3043 log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at "
3044 "least 0 seconds. Changing to 0.");
3045 options->MinUptimeHidServDirectoryV2 = 0;
3048 if (options->RendPostPeriod < MIN_REND_POST_PERIOD) {
3049 log(LOG_WARN,LD_CONFIG,"RendPostPeriod option must be at least %d seconds."
3050 " Clipping.", MIN_REND_POST_PERIOD);
3051 options->RendPostPeriod = MIN_REND_POST_PERIOD;
3054 if (options->RendPostPeriod > MAX_DIR_PERIOD) {
3055 log(LOG_WARN, LD_CONFIG, "RendPostPeriod is too large; clipping to %ds.",
3056 MAX_DIR_PERIOD);
3057 options->RendPostPeriod = MAX_DIR_PERIOD;
3060 if (options->KeepalivePeriod < 1)
3061 REJECT("KeepalivePeriod option must be positive.");
3063 if (ensure_bandwidth_cap(&options->BandwidthRate,
3064 "BandwidthRate", msg) < 0)
3065 return -1;
3066 if (ensure_bandwidth_cap(&options->BandwidthBurst,
3067 "BandwidthBurst", msg) < 0)
3068 return -1;
3069 if (ensure_bandwidth_cap(&options->MaxAdvertisedBandwidth,
3070 "MaxAdvertisedBandwidth", msg) < 0)
3071 return -1;
3072 if (ensure_bandwidth_cap(&options->RelayBandwidthRate,
3073 "RelayBandwidthRate", msg) < 0)
3074 return -1;
3075 if (ensure_bandwidth_cap(&options->RelayBandwidthBurst,
3076 "RelayBandwidthBurst", msg) < 0)
3077 return -1;
3079 if (server_mode(options)) {
3080 if (options->BandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH*2) {
3081 r = tor_snprintf(buf, sizeof(buf),
3082 "BandwidthRate is set to %d bytes/second. "
3083 "For servers, it must be at least %d.",
3084 (int)options->BandwidthRate,
3085 ROUTER_REQUIRED_MIN_BANDWIDTH*2);
3086 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3087 return -1;
3088 } else if (options->MaxAdvertisedBandwidth <
3089 ROUTER_REQUIRED_MIN_BANDWIDTH) {
3090 r = tor_snprintf(buf, sizeof(buf),
3091 "MaxAdvertisedBandwidth is set to %d bytes/second. "
3092 "For servers, it must be at least %d.",
3093 (int)options->MaxAdvertisedBandwidth,
3094 ROUTER_REQUIRED_MIN_BANDWIDTH);
3095 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3096 return -1;
3098 if (options->RelayBandwidthRate &&
3099 options->RelayBandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
3100 r = tor_snprintf(buf, sizeof(buf),
3101 "RelayBandwidthRate is set to %d bytes/second. "
3102 "For servers, it must be at least %d.",
3103 (int)options->RelayBandwidthRate,
3104 ROUTER_REQUIRED_MIN_BANDWIDTH);
3105 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3106 return -1;
3110 if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
3111 options->RelayBandwidthBurst = options->RelayBandwidthRate;
3113 if (options->RelayBandwidthRate > options->RelayBandwidthBurst)
3114 REJECT("RelayBandwidthBurst must be at least equal "
3115 "to RelayBandwidthRate.");
3117 if (options->BandwidthRate > options->BandwidthBurst)
3118 REJECT("BandwidthBurst must be at least equal to BandwidthRate.");
3120 if (accounting_parse_options(options, 1)<0)
3121 REJECT("Failed to parse accounting options. See logs for details.");
3123 if (options->HttpProxy) { /* parse it now */
3124 if (parse_addr_port(LOG_WARN, options->HttpProxy, NULL,
3125 &options->HttpProxyAddr, &options->HttpProxyPort) < 0)
3126 REJECT("HttpProxy failed to parse or resolve. Please fix.");
3127 if (options->HttpProxyPort == 0) { /* give it a default */
3128 options->HttpProxyPort = 80;
3132 if (options->HttpProxyAuthenticator) {
3133 if (strlen(options->HttpProxyAuthenticator) >= 48)
3134 REJECT("HttpProxyAuthenticator is too long (>= 48 chars).");
3137 if (options->HttpsProxy) { /* parse it now */
3138 if (parse_addr_port(LOG_WARN, options->HttpsProxy, NULL,
3139 &options->HttpsProxyAddr, &options->HttpsProxyPort) <0)
3140 REJECT("HttpsProxy failed to parse or resolve. Please fix.");
3141 if (options->HttpsProxyPort == 0) { /* give it a default */
3142 options->HttpsProxyPort = 443;
3146 if (options->HttpsProxyAuthenticator) {
3147 if (strlen(options->HttpsProxyAuthenticator) >= 48)
3148 REJECT("HttpsProxyAuthenticator is too long (>= 48 chars).");
3151 if (options->HashedControlPassword) {
3152 smartlist_t *sl = decode_hashed_passwords(options->HashedControlPassword);
3153 if (!sl) {
3154 REJECT("Bad HashedControlPassword: wrong length or bad encoding");
3155 } else {
3156 SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
3157 smartlist_free(sl);
3161 if (options->HashedControlSessionPassword) {
3162 smartlist_t *sl = decode_hashed_passwords(
3163 options->HashedControlSessionPassword);
3164 if (!sl) {
3165 REJECT("Bad HashedControlSessionPassword: wrong length or bad encoding");
3166 } else {
3167 SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
3168 smartlist_free(sl);
3172 if (options->ControlListenAddress) {
3173 int all_are_local = 1;
3174 config_line_t *ln;
3175 for (ln = options->ControlListenAddress; ln; ln = ln->next) {
3176 if (strcmpstart(ln->value, "127."))
3177 all_are_local = 0;
3179 if (!all_are_local) {
3180 if (!options->HashedControlPassword &&
3181 !options->HashedControlSessionPassword &&
3182 !options->CookieAuthentication) {
3183 log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
3184 "connections from a non-local address. This means that "
3185 "any program on the internet can reconfigure your Tor. "
3186 "That's so bad that I'm closing your ControlPort for you.");
3187 options->ControlPort = 0;
3188 } else {
3189 log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
3190 "connections from a non-local address. This means that "
3191 "programs not running on your computer can reconfigure your "
3192 "Tor. That's pretty bad!");
3197 if (options->ControlPort && !options->HashedControlPassword &&
3198 !options->HashedControlSessionPassword &&
3199 !options->CookieAuthentication) {
3200 log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
3201 "has been configured. This means that any program on your "
3202 "computer can reconfigure your Tor. That's bad! You should "
3203 "upgrade your Tor controller as soon as possible.");
3206 if (options->UseEntryGuards && ! options->NumEntryGuards)
3207 REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0");
3209 if (check_nickname_list(options->ExitNodes, "ExitNodes", msg))
3210 return -1;
3211 if (check_nickname_list(options->EntryNodes, "EntryNodes", msg))
3212 return -1;
3213 if (check_nickname_list(options->ExcludeNodes, "ExcludeNodes", msg))
3214 return -1;
3215 if (check_nickname_list(options->RendNodes, "RendNodes", msg))
3216 return -1;
3217 if (check_nickname_list(options->RendNodes, "RendExcludeNodes", msg))
3218 return -1;
3219 if (check_nickname_list(options->TestVia, "TestVia", msg))
3220 return -1;
3221 if (check_nickname_list(options->MyFamily, "MyFamily", msg))
3222 return -1;
3223 for (cl = options->NodeFamilies; cl; cl = cl->next) {
3224 if (check_nickname_list(cl->value, "NodeFamily", msg))
3225 return -1;
3228 if (validate_addr_policies(options, msg) < 0)
3229 return -1;
3231 for (cl = options->RedirectExit; cl; cl = cl->next) {
3232 if (parse_redirect_line(NULL, cl, msg)<0)
3233 return -1;
3236 if (validate_dir_authorities(options, old_options) < 0)
3237 REJECT("Directory authority line did not parse. See logs for details.");
3239 if (options->UseBridges && !options->Bridges)
3240 REJECT("If you set UseBridges, you must specify at least one bridge.");
3241 if (options->UseBridges && !options->TunnelDirConns)
3242 REJECT("If you set UseBridges, you must set TunnelDirConns.");
3243 if (options->Bridges) {
3244 for (cl = options->Bridges; cl; cl = cl->next) {
3245 if (parse_bridge_line(cl->value, 1)<0)
3246 REJECT("Bridge line did not parse. See logs for details.");
3250 if (options->ConstrainedSockets) {
3251 /* If the user wants to constrain socket buffer use, make sure the desired
3252 * limit is between MIN|MAX_TCPSOCK_BUFFER in k increments. */
3253 if (options->ConstrainedSockSize < MIN_CONSTRAINED_TCP_BUFFER ||
3254 options->ConstrainedSockSize > MAX_CONSTRAINED_TCP_BUFFER ||
3255 options->ConstrainedSockSize % 1024) {
3256 r = tor_snprintf(buf, sizeof(buf),
3257 "ConstrainedSockSize is invalid. Must be a value between %d and %d "
3258 "in 1024 byte increments.",
3259 MIN_CONSTRAINED_TCP_BUFFER, MAX_CONSTRAINED_TCP_BUFFER);
3260 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3261 return -1;
3263 if (options->DirPort) {
3264 /* Providing cached directory entries while system TCP buffers are scarce
3265 * will exacerbate the socket errors. Suggest that this be disabled. */
3266 COMPLAIN("You have requested constrained socket buffers while also "
3267 "serving directory entries via DirPort. It is strongly "
3268 "suggested that you disable serving directory requests when "
3269 "system TCP buffer resources are scarce.");
3273 if (options->V3AuthVoteDelay + options->V3AuthDistDelay >=
3274 options->V3AuthVotingInterval/2) {
3275 REJECT("V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3276 "V3AuthVotingInterval");
3278 if (options->V3AuthVoteDelay < MIN_VOTE_SECONDS)
3279 REJECT("V3AuthVoteDelay is way too low.");
3280 if (options->V3AuthDistDelay < MIN_DIST_SECONDS)
3281 REJECT("V3AuthDistDelay is way too low.");
3283 if (options->V3AuthNIntervalsValid < 2)
3284 REJECT("V3AuthNIntervalsValid must be at least 2.");
3286 if (options->V3AuthVotingInterval < MIN_VOTE_INTERVAL) {
3287 REJECT("V3AuthVotingInterval is insanely low.");
3288 } else if (options->V3AuthVotingInterval > 24*60*60) {
3289 REJECT("V3AuthVotingInterval is insanely high.");
3290 } else if (((24*60*60) % options->V3AuthVotingInterval) != 0) {
3291 COMPLAIN("V3AuthVotingInterval does not divide evenly into 24 hours.");
3294 if (rend_config_services(options, 1) < 0)
3295 REJECT("Failed to configure rendezvous options. See logs for details.");
3297 if (parse_virtual_addr_network(options->VirtualAddrNetwork, 1, NULL)<0)
3298 return -1;
3300 if (options->PreferTunneledDirConns && !options->TunnelDirConns)
3301 REJECT("Must set TunnelDirConns if PreferTunneledDirConns is set.");
3303 if (options->AutomapHostsSuffixes) {
3304 SMARTLIST_FOREACH(options->AutomapHostsSuffixes, char *, suf,
3306 size_t len = strlen(suf);
3307 if (len && suf[len-1] == '.')
3308 suf[len-1] = '\0';
3312 return 0;
3313 #undef REJECT
3314 #undef COMPLAIN
3317 /** Helper: return true iff s1 and s2 are both NULL, or both non-NULL
3318 * equal strings. */
3319 static int
3320 opt_streq(const char *s1, const char *s2)
3322 if (!s1 && !s2)
3323 return 1;
3324 else if (s1 && s2 && !strcmp(s1,s2))
3325 return 1;
3326 else
3327 return 0;
3330 /** Check if any of the previous options have changed but aren't allowed to. */
3331 static int
3332 options_transition_allowed(or_options_t *old, or_options_t *new_val,
3333 char **msg)
3335 if (!old)
3336 return 0;
3338 if (!opt_streq(old->PidFile, new_val->PidFile)) {
3339 *msg = tor_strdup("PidFile is not allowed to change.");
3340 return -1;
3343 if (old->RunAsDaemon != new_val->RunAsDaemon) {
3344 *msg = tor_strdup("While Tor is running, changing RunAsDaemon "
3345 "is not allowed.");
3346 return -1;
3349 if (strcmp(old->DataDirectory,new_val->DataDirectory)!=0) {
3350 char buf[1024];
3351 int r = tor_snprintf(buf, sizeof(buf),
3352 "While Tor is running, changing DataDirectory "
3353 "(\"%s\"->\"%s\") is not allowed.",
3354 old->DataDirectory, new_val->DataDirectory);
3355 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3356 return -1;
3359 if (!opt_streq(old->User, new_val->User)) {
3360 *msg = tor_strdup("While Tor is running, changing User is not allowed.");
3361 return -1;
3364 if (!opt_streq(old->Group, new_val->Group)) {
3365 *msg = tor_strdup("While Tor is running, changing Group is not allowed.");
3366 return -1;
3369 if (old->HardwareAccel != new_val->HardwareAccel) {
3370 *msg = tor_strdup("While Tor is running, changing HardwareAccel is "
3371 "not allowed.");
3372 return -1;
3375 return 0;
3378 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
3379 * will require us to rotate the cpu and dns workers; else return 0. */
3380 static int
3381 options_transition_affects_workers(or_options_t *old_options,
3382 or_options_t *new_options)
3384 if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
3385 old_options->NumCpus != new_options->NumCpus ||
3386 old_options->ORPort != new_options->ORPort ||
3387 old_options->ServerDNSSearchDomains !=
3388 new_options->ServerDNSSearchDomains ||
3389 old_options->SafeLogging != new_options->SafeLogging ||
3390 old_options->ClientOnly != new_options->ClientOnly ||
3391 !config_lines_eq(old_options->Logs, new_options->Logs))
3392 return 1;
3394 /* Check whether log options match. */
3396 /* Nothing that changed matters. */
3397 return 0;
3400 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
3401 * will require us to generate a new descriptor; else return 0. */
3402 static int
3403 options_transition_affects_descriptor(or_options_t *old_options,
3404 or_options_t *new_options)
3406 if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
3407 !opt_streq(old_options->Nickname,new_options->Nickname) ||
3408 !opt_streq(old_options->Address,new_options->Address) ||
3409 !config_lines_eq(old_options->ExitPolicy,new_options->ExitPolicy) ||
3410 old_options->ExitPolicyRejectPrivate !=
3411 new_options->ExitPolicyRejectPrivate ||
3412 old_options->ORPort != new_options->ORPort ||
3413 old_options->DirPort != new_options->DirPort ||
3414 old_options->ClientOnly != new_options->ClientOnly ||
3415 old_options->NoPublish != new_options->NoPublish ||
3416 old_options->_PublishServerDescriptor !=
3417 new_options->_PublishServerDescriptor ||
3418 old_options->BandwidthRate != new_options->BandwidthRate ||
3419 old_options->BandwidthBurst != new_options->BandwidthBurst ||
3420 !opt_streq(old_options->ContactInfo, new_options->ContactInfo) ||
3421 !opt_streq(old_options->MyFamily, new_options->MyFamily) ||
3422 !opt_streq(old_options->AccountingStart, new_options->AccountingStart) ||
3423 old_options->AccountingMax != new_options->AccountingMax)
3424 return 1;
3426 return 0;
3429 #ifdef MS_WINDOWS
3430 /** Return the directory on windows where we expect to find our application
3431 * data. */
3432 static char *
3433 get_windows_conf_root(void)
3435 static int is_set = 0;
3436 static char path[MAX_PATH+1];
3438 LPITEMIDLIST idl;
3439 IMalloc *m;
3440 HRESULT result;
3442 if (is_set)
3443 return path;
3445 /* Find X:\documents and settings\username\application data\ .
3446 * We would use SHGetSpecialFolder path, but that wasn't added until IE4.
3448 if (!SUCCEEDED(SHGetSpecialFolderLocation(NULL, CSIDL_APPDATA,
3449 &idl))) {
3450 GetCurrentDirectory(MAX_PATH, path);
3451 is_set = 1;
3452 log_warn(LD_CONFIG,
3453 "I couldn't find your application data folder: are you "
3454 "running an ancient version of Windows 95? Defaulting to \"%s\"",
3455 path);
3456 return path;
3458 /* Convert the path from an "ID List" (whatever that is!) to a path. */
3459 result = SHGetPathFromIDList(idl, path);
3460 /* Now we need to free the */
3461 SHGetMalloc(&m);
3462 if (m) {
3463 m->lpVtbl->Free(m, idl);
3464 m->lpVtbl->Release(m);
3466 if (!SUCCEEDED(result)) {
3467 return NULL;
3469 strlcat(path,"\\tor",MAX_PATH);
3470 is_set = 1;
3471 return path;
3473 #endif
3475 /** Return the default location for our torrc file. */
3476 static const char *
3477 get_default_conf_file(void)
3479 #ifdef MS_WINDOWS
3480 static char path[MAX_PATH+1];
3481 strlcpy(path, get_windows_conf_root(), MAX_PATH);
3482 strlcat(path,"\\torrc",MAX_PATH);
3483 return path;
3484 #else
3485 return (CONFDIR "/torrc");
3486 #endif
3489 /** Verify whether lst is a string containing valid-looking space-separated
3490 * nicknames, or NULL. Return 0 on success. Warn and return -1 on failure.
3492 static int
3493 check_nickname_list(const char *lst, const char *name, char **msg)
3495 int r = 0;
3496 smartlist_t *sl;
3498 if (!lst)
3499 return 0;
3500 sl = smartlist_create();
3501 smartlist_split_string(sl, lst, ",", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
3502 SMARTLIST_FOREACH(sl, const char *, s,
3504 if (!is_legal_nickname_or_hexdigest(s)) {
3505 char buf[1024];
3506 int tmp = tor_snprintf(buf, sizeof(buf),
3507 "Invalid nickname '%s' in %s line", s, name);
3508 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
3509 r = -1;
3510 break;
3513 SMARTLIST_FOREACH(sl, char *, s, tor_free(s));
3514 smartlist_free(sl);
3515 return r;
3518 /** Read a configuration file into <b>options</b>, finding the configuration
3519 * file location based on the command line. After loading the options,
3520 * validate them for consistency, then take actions based on them.
3521 * Return 0 if success, -1 if failure. */
3523 options_init_from_torrc(int argc, char **argv)
3525 or_options_t *oldoptions, *newoptions;
3526 config_line_t *cl;
3527 char *cf=NULL, *fname=NULL, *errmsg=NULL;
3528 int i, retval;
3529 int using_default_torrc;
3530 int ignore_missing_torrc;
3531 static char **backup_argv;
3532 static int backup_argc;
3534 if (argv) { /* first time we're called. save commandline args */
3535 backup_argv = argv;
3536 backup_argc = argc;
3537 oldoptions = NULL;
3538 } else { /* we're reloading. need to clean up old options first. */
3539 argv = backup_argv;
3540 argc = backup_argc;
3541 oldoptions = get_options();
3543 if (argc > 1 && (!strcmp(argv[1], "-h") || !strcmp(argv[1],"--help"))) {
3544 print_usage();
3545 exit(0);
3547 if (argc > 1 && !strcmp(argv[1], "--list-torrc-options")) {
3548 /* For documenting validating whether we've documented everything. */
3549 list_torrc_options();
3550 exit(0);
3553 if (argc > 1 && (!strcmp(argv[1],"--version"))) {
3554 printf("Tor version %s.\n",get_version());
3555 if (argc > 2 && (!strcmp(argv[2],"--version"))) {
3556 print_svn_version();
3558 exit(0);
3561 newoptions = tor_malloc_zero(sizeof(or_options_t));
3562 newoptions->_magic = OR_OPTIONS_MAGIC;
3563 options_init(newoptions);
3565 /* learn config file name */
3566 fname = NULL;
3567 using_default_torrc = 1;
3568 ignore_missing_torrc = 0;
3569 newoptions->command = CMD_RUN_TOR;
3570 for (i = 1; i < argc; ++i) {
3571 if (i < argc-1 && !strcmp(argv[i],"-f")) {
3572 if (fname) {
3573 log(LOG_WARN, LD_CONFIG, "Duplicate -f options on command line.");
3574 tor_free(fname);
3576 #ifdef MS_WINDOWS
3577 /* XXX one day we might want to extend expand_filename to work
3578 * under Windows as well. */
3579 fname = tor_strdup(argv[i+1]);
3580 #else
3581 fname = expand_filename(argv[i+1]);
3582 #endif
3583 using_default_torrc = 0;
3584 ++i;
3585 } else if (!strcmp(argv[i],"--ignore-missing-torrc")) {
3586 ignore_missing_torrc = 1;
3587 } else if (!strcmp(argv[i],"--list-fingerprint")) {
3588 newoptions->command = CMD_LIST_FINGERPRINT;
3589 } else if (!strcmp(argv[i],"--hash-password")) {
3590 newoptions->command = CMD_HASH_PASSWORD;
3591 newoptions->command_arg = tor_strdup( (i < argc-1) ? argv[i+1] : "");
3592 ++i;
3593 } else if (!strcmp(argv[i],"--verify-config")) {
3594 newoptions->command = CMD_VERIFY_CONFIG;
3597 if (using_default_torrc) {
3598 /* didn't find one, try CONFDIR */
3599 const char *dflt = get_default_conf_file();
3600 if (dflt && file_status(dflt) == FN_FILE) {
3601 fname = tor_strdup(dflt);
3602 } else {
3603 #ifndef MS_WINDOWS
3604 char *fn;
3605 fn = expand_filename("~/.torrc");
3606 if (fn && file_status(fn) == FN_FILE) {
3607 fname = fn;
3608 } else {
3609 tor_free(fn);
3610 fname = tor_strdup(dflt);
3612 #else
3613 fname = tor_strdup(dflt);
3614 #endif
3617 tor_assert(fname);
3618 log(LOG_DEBUG, LD_CONFIG, "Opening config file \"%s\"", fname);
3620 tor_free(torrc_fname);
3621 torrc_fname = fname;
3623 /* get config lines, assign them */
3624 if (file_status(fname) != FN_FILE ||
3625 !(cf = read_file_to_str(fname,0,NULL))) {
3626 if (using_default_torrc == 1 || ignore_missing_torrc ) {
3627 log(LOG_NOTICE, LD_CONFIG, "Configuration file \"%s\" not present, "
3628 "using reasonable defaults.", fname);
3629 tor_free(fname); /* sets fname to NULL */
3630 torrc_fname = NULL;
3631 } else {
3632 log(LOG_WARN, LD_CONFIG,
3633 "Unable to open configuration file \"%s\".", fname);
3634 goto err;
3636 } else { /* it opened successfully. use it. */
3637 retval = config_get_lines(cf, &cl);
3638 tor_free(cf);
3639 if (retval < 0)
3640 goto err;
3641 retval = config_assign(&options_format, newoptions, cl, 0, 0, &errmsg);
3642 config_free_lines(cl);
3643 if (retval < 0)
3644 goto err;
3647 /* Go through command-line variables too */
3648 if (config_get_commandlines(argc, argv, &cl) < 0)
3649 goto err;
3650 retval = config_assign(&options_format, newoptions, cl, 0, 0, &errmsg);
3651 config_free_lines(cl);
3652 if (retval < 0)
3653 goto err;
3655 /* Validate newoptions */
3656 if (options_validate(oldoptions, newoptions, 0, &errmsg) < 0)
3657 goto err;
3659 if (options_transition_allowed(oldoptions, newoptions, &errmsg) < 0)
3660 goto err;
3662 if (set_options(newoptions, &errmsg))
3663 goto err; /* frees and replaces old options */
3665 return 0;
3666 err:
3667 tor_free(fname);
3668 torrc_fname = NULL;
3669 config_free(&options_format, newoptions);
3670 if (errmsg) {
3671 log(LOG_WARN,LD_CONFIG,"Failed to parse/validate config: %s", errmsg);
3672 tor_free(errmsg);
3674 return -1;
3677 /** Return the location for our configuration file.
3679 const char *
3680 get_torrc_fname(void)
3682 if (torrc_fname)
3683 return torrc_fname;
3684 else
3685 return get_default_conf_file();
3688 /** Adjust the address map mased on the MapAddress elements in the
3689 * configuration <b>options</b>
3691 static void
3692 config_register_addressmaps(or_options_t *options)
3694 smartlist_t *elts;
3695 config_line_t *opt;
3696 char *from, *to;
3698 addressmap_clear_configured();
3699 elts = smartlist_create();
3700 for (opt = options->AddressMap; opt; opt = opt->next) {
3701 smartlist_split_string(elts, opt->value, NULL,
3702 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
3703 if (smartlist_len(elts) >= 2) {
3704 from = smartlist_get(elts,0);
3705 to = smartlist_get(elts,1);
3706 if (address_is_invalid_destination(to, 1)) {
3707 log_warn(LD_CONFIG,
3708 "Skipping invalid argument '%s' to MapAddress", to);
3709 } else {
3710 addressmap_register(from, tor_strdup(to), 0, ADDRMAPSRC_TORRC);
3711 if (smartlist_len(elts)>2) {
3712 log_warn(LD_CONFIG,"Ignoring extra arguments to MapAddress.");
3715 } else {
3716 log_warn(LD_CONFIG,"MapAddress '%s' has too few arguments. Ignoring.",
3717 opt->value);
3719 SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
3720 smartlist_clear(elts);
3722 smartlist_free(elts);
3725 /** If <b>range</b> is of the form MIN-MAX, for MIN and MAX both
3726 * recognized log severity levels, set *<b>min_out</b> to MIN and
3727 * *<b>max_out</b> to MAX and return 0. Else, if <b>range</b> is of
3728 * the form MIN, act as if MIN-err had been specified. Else, warn and
3729 * return -1.
3731 static int
3732 parse_log_severity_range(const char *range, int *min_out, int *max_out)
3734 int levelMin, levelMax;
3735 const char *cp;
3736 cp = strchr(range, '-');
3737 if (cp) {
3738 if (cp == range) {
3739 levelMin = LOG_DEBUG;
3740 } else {
3741 char *tmp_sev = tor_strndup(range, cp - range);
3742 levelMin = parse_log_level(tmp_sev);
3743 if (levelMin < 0) {
3744 log_warn(LD_CONFIG, "Unrecognized minimum log severity '%s': must be "
3745 "one of err|warn|notice|info|debug", tmp_sev);
3746 tor_free(tmp_sev);
3747 return -1;
3749 tor_free(tmp_sev);
3751 if (!*(cp+1)) {
3752 levelMax = LOG_ERR;
3753 } else {
3754 levelMax = parse_log_level(cp+1);
3755 if (levelMax < 0) {
3756 log_warn(LD_CONFIG, "Unrecognized maximum log severity '%s': must be "
3757 "one of err|warn|notice|info|debug", cp+1);
3758 return -1;
3761 } else {
3762 levelMin = parse_log_level(range);
3763 if (levelMin < 0) {
3764 log_warn(LD_CONFIG, "Unrecognized log severity '%s': must be one of "
3765 "err|warn|notice|info|debug", range);
3766 return -1;
3768 levelMax = LOG_ERR;
3771 *min_out = levelMin;
3772 *max_out = levelMax;
3774 return 0;
3778 * Initialize the logs based on the configuration file.
3780 static int
3781 options_init_logs(or_options_t *options, int validate_only)
3783 config_line_t *opt;
3784 int ok;
3785 smartlist_t *elts;
3786 int daemon =
3787 #ifdef MS_WINDOWS
3789 #else
3790 options->RunAsDaemon;
3791 #endif
3793 ok = 1;
3794 elts = smartlist_create();
3796 for (opt = options->Logs; opt; opt = opt->next) {
3797 int levelMin=LOG_DEBUG, levelMax=LOG_ERR;
3798 smartlist_split_string(elts, opt->value, NULL,
3799 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3);
3800 if (smartlist_len(elts) == 0) {
3801 log_warn(LD_CONFIG, "No arguments to Log option 'Log %s'", opt->value);
3802 ok = 0; goto cleanup;
3804 if (parse_log_severity_range(smartlist_get(elts,0), &levelMin,
3805 &levelMax)) {
3806 ok = 0; goto cleanup;
3808 if (smartlist_len(elts) < 2) { /* only loglevels were provided */
3809 if (!validate_only) {
3810 if (daemon) {
3811 log_warn(LD_CONFIG,
3812 "Can't log to stdout with RunAsDaemon set; skipping stdout");
3813 } else {
3814 add_stream_log(levelMin, levelMax, "<stdout>", stdout);
3817 goto cleanup;
3819 if (!strcasecmp(smartlist_get(elts,1), "file")) {
3820 if (smartlist_len(elts) != 3) {
3821 log_warn(LD_CONFIG, "Bad syntax on file Log option 'Log %s'",
3822 opt->value);
3823 ok = 0; goto cleanup;
3825 if (!validate_only) {
3826 if (add_file_log(levelMin, levelMax, smartlist_get(elts, 2)) < 0) {
3827 log_warn(LD_CONFIG, "Couldn't open file for 'Log %s'", opt->value);
3828 ok = 0;
3831 goto cleanup;
3833 if (smartlist_len(elts) != 2) {
3834 log_warn(LD_CONFIG, "Wrong number of arguments on Log option 'Log %s'",
3835 opt->value);
3836 ok = 0; goto cleanup;
3838 if (!strcasecmp(smartlist_get(elts,1), "stdout")) {
3839 if (daemon) {
3840 log_warn(LD_CONFIG, "Can't log to stdout with RunAsDaemon set.");
3841 ok = 0; goto cleanup;
3843 if (!validate_only) {
3844 add_stream_log(levelMin, levelMax, "<stdout>", stdout);
3846 } else if (!strcasecmp(smartlist_get(elts,1), "stderr")) {
3847 if (daemon) {
3848 log_warn(LD_CONFIG, "Can't log to stderr with RunAsDaemon set.");
3849 ok = 0; goto cleanup;
3851 if (!validate_only) {
3852 add_stream_log(levelMin, levelMax, "<stderr>", stderr);
3854 } else if (!strcasecmp(smartlist_get(elts,1), "syslog")) {
3855 #ifdef HAVE_SYSLOG_H
3856 if (!validate_only)
3857 add_syslog_log(levelMin, levelMax);
3858 #else
3859 log_warn(LD_CONFIG, "Syslog is not supported on this system. Sorry.");
3860 #endif
3861 } else {
3862 log_warn(LD_CONFIG, "Unrecognized log type %s",
3863 (const char*)smartlist_get(elts,1));
3864 if (strchr(smartlist_get(elts,1), '/') ||
3865 strchr(smartlist_get(elts,1), '\\')) {
3866 log_warn(LD_CONFIG, "Did you mean to say 'Log %s file %s' ?",
3867 (const char *)smartlist_get(elts,0),
3868 (const char *)smartlist_get(elts,1));
3870 ok = 0; goto cleanup;
3872 cleanup:
3873 SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
3874 smartlist_clear(elts);
3876 smartlist_free(elts);
3878 return ok?0:-1;
3881 /** Parse a single RedirectExit line's contents from <b>line</b>. If
3882 * they are valid, and <b>result</b> is not NULL, add an element to
3883 * <b>result</b> and return 0. Else if they are valid, return 0.
3884 * Else set *msg and return -1. */
3885 static int
3886 parse_redirect_line(smartlist_t *result, config_line_t *line, char **msg)
3888 smartlist_t *elements = NULL;
3889 exit_redirect_t *r;
3891 tor_assert(line);
3893 r = tor_malloc_zero(sizeof(exit_redirect_t));
3894 elements = smartlist_create();
3895 smartlist_split_string(elements, line->value, NULL,
3896 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
3897 if (smartlist_len(elements) != 2) {
3898 *msg = tor_strdup("Wrong number of elements in RedirectExit line");
3899 goto err;
3901 if (parse_addr_and_port_range(smartlist_get(elements,0),&r->addr,
3902 &r->maskbits,&r->port_min,&r->port_max)) {
3903 *msg = tor_strdup("Error parsing source address in RedirectExit line");
3904 goto err;
3906 if (0==strcasecmp(smartlist_get(elements,1), "pass")) {
3907 r->is_redirect = 0;
3908 } else {
3909 if (parse_addr_port(LOG_WARN, smartlist_get(elements,1),NULL,
3910 &r->addr_dest, &r->port_dest)) {
3911 *msg = tor_strdup("Error parsing dest address in RedirectExit line");
3912 goto err;
3914 r->is_redirect = 1;
3917 goto done;
3918 err:
3919 tor_free(r);
3920 done:
3921 SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
3922 smartlist_free(elements);
3923 if (r) {
3924 if (result)
3925 smartlist_add(result, r);
3926 else
3927 tor_free(r);
3928 return 0;
3929 } else {
3930 tor_assert(*msg);
3931 return -1;
3935 /** Read the contents of a Bridge line from <b>line</b>. Return 0
3936 * if the line is well-formed, and -1 if it isn't. If
3937 * <b>validate_only</b> is 0, and the line is well-formed, then add
3938 * the bridge described in the line to our internal bridge list. */
3939 static int
3940 parse_bridge_line(const char *line, int validate_only)
3942 smartlist_t *items = NULL;
3943 int r;
3944 char *addrport=NULL, *address=NULL, *fingerprint=NULL;
3945 uint32_t addr = 0;
3946 uint16_t port = 0;
3947 char digest[DIGEST_LEN];
3949 items = smartlist_create();
3950 smartlist_split_string(items, line, NULL,
3951 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
3952 if (smartlist_len(items) < 1) {
3953 log_warn(LD_CONFIG, "Too few arguments to Bridge line.");
3954 goto err;
3956 addrport = smartlist_get(items, 0);
3957 smartlist_del_keeporder(items, 0);
3958 if (parse_addr_port(LOG_WARN, addrport, &address, &addr, &port)<0) {
3959 log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport);
3960 goto err;
3962 if (!port) {
3963 log_warn(LD_CONFIG, "Missing port in Bridge address '%s'",addrport);
3964 goto err;
3967 if (smartlist_len(items)) {
3968 fingerprint = smartlist_join_strings(items, "", 0, NULL);
3969 if (strlen(fingerprint) != HEX_DIGEST_LEN) {
3970 log_warn(LD_CONFIG, "Key digest for Bridge is wrong length.");
3971 goto err;
3973 if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
3974 log_warn(LD_CONFIG, "Unable to decode Bridge key digest.");
3975 goto err;
3979 if (!validate_only) {
3980 log_debug(LD_DIR, "Bridge at %s:%d (%s)", address,
3981 (int)port,
3982 fingerprint ? fingerprint : "no key listed");
3983 bridge_add_from_config(addr, port, fingerprint ? digest : NULL);
3986 r = 0;
3987 goto done;
3989 err:
3990 r = -1;
3992 done:
3993 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
3994 smartlist_free(items);
3995 tor_free(addrport);
3996 tor_free(address);
3997 tor_free(fingerprint);
3998 return r;
4001 /** Read the contents of a DirServer line from <b>line</b>. If
4002 * <b>validate_only</b> is 0, and the line is well-formed, and it
4003 * shares any bits with <b>required_type</b> or <b>required_type</b>
4004 * is 0, then add the dirserver described in the line (minus whatever
4005 * bits it's missing) as a valid authority. Return 0 on success,
4006 * or -1 if the line isn't well-formed or if we can't add it. */
4007 static int
4008 parse_dir_server_line(const char *line, authority_type_t required_type,
4009 int validate_only)
4011 smartlist_t *items = NULL;
4012 int r;
4013 char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL;
4014 uint16_t dir_port = 0, or_port = 0;
4015 char digest[DIGEST_LEN];
4016 char v3_digest[DIGEST_LEN];
4017 authority_type_t type = V2_AUTHORITY;
4018 int is_not_hidserv_authority = 0, is_not_v2_authority = 0;
4020 items = smartlist_create();
4021 smartlist_split_string(items, line, NULL,
4022 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
4023 if (smartlist_len(items) < 1) {
4024 log_warn(LD_CONFIG, "No arguments on DirServer line.");
4025 goto err;
4028 if (is_legal_nickname(smartlist_get(items, 0))) {
4029 nickname = smartlist_get(items, 0);
4030 smartlist_del_keeporder(items, 0);
4033 while (smartlist_len(items)) {
4034 char *flag = smartlist_get(items, 0);
4035 if (TOR_ISDIGIT(flag[0]))
4036 break;
4037 if (!strcasecmp(flag, "v1")) {
4038 type |= (V1_AUTHORITY | HIDSERV_AUTHORITY);
4039 } else if (!strcasecmp(flag, "hs")) {
4040 type |= HIDSERV_AUTHORITY;
4041 } else if (!strcasecmp(flag, "no-hs")) {
4042 is_not_hidserv_authority = 1;
4043 } else if (!strcasecmp(flag, "bridge")) {
4044 type |= BRIDGE_AUTHORITY;
4045 } else if (!strcasecmp(flag, "no-v2")) {
4046 is_not_v2_authority = 1;
4047 } else if (!strcasecmpstart(flag, "orport=")) {
4048 int ok;
4049 char *portstring = flag + strlen("orport=");
4050 or_port = (uint16_t) tor_parse_long(portstring, 10, 1, 65535, &ok, NULL);
4051 if (!ok)
4052 log_warn(LD_CONFIG, "Invalid orport '%s' on DirServer line.",
4053 portstring);
4054 } else if (!strcasecmpstart(flag, "v3ident=")) {
4055 char *idstr = flag + strlen("v3ident=");
4056 if (strlen(idstr) != HEX_DIGEST_LEN ||
4057 base16_decode(v3_digest, DIGEST_LEN, idstr, HEX_DIGEST_LEN)<0) {
4058 log_warn(LD_CONFIG, "Bad v3 identity digest '%s' on DirServer line",
4059 flag);
4060 } else {
4061 type |= V3_AUTHORITY;
4063 } else {
4064 log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirServer line",
4065 flag);
4067 tor_free(flag);
4068 smartlist_del_keeporder(items, 0);
4070 if (is_not_hidserv_authority)
4071 type &= ~HIDSERV_AUTHORITY;
4072 if (is_not_v2_authority)
4073 type &= ~V2_AUTHORITY;
4075 if (smartlist_len(items) < 2) {
4076 log_warn(LD_CONFIG, "Too few arguments to DirServer line.");
4077 goto err;
4079 addrport = smartlist_get(items, 0);
4080 smartlist_del_keeporder(items, 0);
4081 if (parse_addr_port(LOG_WARN, addrport, &address, NULL, &dir_port)<0) {
4082 log_warn(LD_CONFIG, "Error parsing DirServer address '%s'", addrport);
4083 goto err;
4085 if (!dir_port) {
4086 log_warn(LD_CONFIG, "Missing port in DirServer address '%s'",addrport);
4087 goto err;
4090 fingerprint = smartlist_join_strings(items, "", 0, NULL);
4091 if (strlen(fingerprint) != HEX_DIGEST_LEN) {
4092 log_warn(LD_CONFIG, "Key digest for DirServer is wrong length %d.",
4093 (int)strlen(fingerprint));
4094 goto err;
4096 if (!strcmp(fingerprint, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) {
4097 /* a known bad fingerprint. refuse to use it. We can remove this
4098 * clause once Tor 0.1.2.17 is obsolete. */
4099 log_warn(LD_CONFIG, "Dangerous dirserver line. To correct, erase your "
4100 "torrc file (%s), or reinstall Tor and use the default torrc.",
4101 get_torrc_fname());
4102 goto err;
4104 if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
4105 log_warn(LD_CONFIG, "Unable to decode DirServer key digest.");
4106 goto err;
4109 if (!validate_only && (!required_type || required_type & type)) {
4110 if (required_type)
4111 type &= required_type; /* pare down what we think of them as an
4112 * authority for. */
4113 log_debug(LD_DIR, "Trusted %d dirserver at %s:%d (%s)", (int)type,
4114 address, (int)dir_port, (char*)smartlist_get(items,0));
4115 if (!add_trusted_dir_server(nickname, address, dir_port, or_port,
4116 digest, v3_digest, type))
4117 goto err;
4120 r = 0;
4121 goto done;
4123 err:
4124 r = -1;
4126 done:
4127 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
4128 smartlist_free(items);
4129 tor_free(addrport);
4130 tor_free(address);
4131 tor_free(nickname);
4132 tor_free(fingerprint);
4133 return r;
4136 /** Adjust the value of options->DataDirectory, or fill it in if it's
4137 * absent. Return 0 on success, -1 on failure. */
4138 static int
4139 normalize_data_directory(or_options_t *options)
4141 #ifdef MS_WINDOWS
4142 char *p;
4143 if (options->DataDirectory)
4144 return 0; /* all set */
4145 p = tor_malloc(MAX_PATH);
4146 strlcpy(p,get_windows_conf_root(),MAX_PATH);
4147 options->DataDirectory = p;
4148 return 0;
4149 #else
4150 const char *d = options->DataDirectory;
4151 if (!d)
4152 d = "~/.tor";
4154 if (strncmp(d,"~/",2) == 0) {
4155 char *fn = expand_filename(d);
4156 if (!fn) {
4157 log_warn(LD_CONFIG,"Failed to expand filename \"%s\".", d);
4158 return -1;
4160 if (!options->DataDirectory && !strcmp(fn,"/.tor")) {
4161 /* If our homedir is /, we probably don't want to use it. */
4162 /* Default to LOCALSTATEDIR/tor which is probably closer to what we
4163 * want. */
4164 log_warn(LD_CONFIG,
4165 "Default DataDirectory is \"~/.tor\". This expands to "
4166 "\"%s\", which is probably not what you want. Using "
4167 "\"%s"PATH_SEPARATOR"tor\" instead", fn, LOCALSTATEDIR);
4168 tor_free(fn);
4169 fn = tor_strdup(LOCALSTATEDIR PATH_SEPARATOR "tor");
4171 tor_free(options->DataDirectory);
4172 options->DataDirectory = fn;
4174 return 0;
4175 #endif
4178 /** Check and normalize the value of options->DataDirectory; return 0 if it
4179 * sane, -1 otherwise. */
4180 static int
4181 validate_data_directory(or_options_t *options)
4183 if (normalize_data_directory(options) < 0)
4184 return -1;
4185 tor_assert(options->DataDirectory);
4186 if (strlen(options->DataDirectory) > (512-128)) {
4187 log_warn(LD_CONFIG, "DataDirectory is too long.");
4188 return -1;
4190 return 0;
4193 /** This string must remain the same forevermore. It is how we
4194 * recognize that the torrc file doesn't need to be backed up. */
4195 #define GENERATED_FILE_PREFIX "# This file was generated by Tor; " \
4196 "if you edit it, comments will not be preserved"
4197 /** This string can change; it tries to give the reader an idea
4198 * that editing this file by hand is not a good plan. */
4199 #define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
4200 "to torrc.orig.1 or similar, and Tor will ignore it"
4202 /** Save a configuration file for the configuration in <b>options</b>
4203 * into the file <b>fname</b>. If the file already exists, and
4204 * doesn't begin with GENERATED_FILE_PREFIX, rename it. Otherwise
4205 * replace it. Return 0 on success, -1 on failure. */
4206 static int
4207 write_configuration_file(const char *fname, or_options_t *options)
4209 char *old_val=NULL, *new_val=NULL, *new_conf=NULL;
4210 int rename_old = 0, r;
4211 size_t len;
4213 if (fname) {
4214 switch (file_status(fname)) {
4215 case FN_FILE:
4216 old_val = read_file_to_str(fname, 0, NULL);
4217 if (strcmpstart(old_val, GENERATED_FILE_PREFIX)) {
4218 rename_old = 1;
4220 tor_free(old_val);
4221 break;
4222 case FN_NOENT:
4223 break;
4224 case FN_ERROR:
4225 case FN_DIR:
4226 default:
4227 log_warn(LD_CONFIG,
4228 "Config file \"%s\" is not a file? Failing.", fname);
4229 return -1;
4233 if (!(new_conf = options_dump(options, 1))) {
4234 log_warn(LD_BUG, "Couldn't get configuration string");
4235 goto err;
4238 len = strlen(new_conf)+256;
4239 new_val = tor_malloc(len);
4240 tor_snprintf(new_val, len, "%s\n%s\n\n%s",
4241 GENERATED_FILE_PREFIX, GENERATED_FILE_COMMENT, new_conf);
4243 if (rename_old) {
4244 int i = 1;
4245 size_t fn_tmp_len = strlen(fname)+32;
4246 char *fn_tmp;
4247 tor_assert(fn_tmp_len > strlen(fname)); /*check for overflow*/
4248 fn_tmp = tor_malloc(fn_tmp_len);
4249 while (1) {
4250 if (tor_snprintf(fn_tmp, fn_tmp_len, "%s.orig.%d", fname, i)<0) {
4251 log_warn(LD_BUG, "tor_snprintf failed inexplicably");
4252 tor_free(fn_tmp);
4253 goto err;
4255 if (file_status(fn_tmp) == FN_NOENT)
4256 break;
4257 ++i;
4259 log_notice(LD_CONFIG, "Renaming old configuration file to \"%s\"", fn_tmp);
4260 if (rename(fname, fn_tmp) < 0) {
4261 log_warn(LD_FS,
4262 "Couldn't rename configuration file \"%s\" to \"%s\": %s",
4263 fname, fn_tmp, strerror(errno));
4264 tor_free(fn_tmp);
4265 goto err;
4267 tor_free(fn_tmp);
4270 if (write_str_to_file(fname, new_val, 0) < 0)
4271 goto err;
4273 r = 0;
4274 goto done;
4275 err:
4276 r = -1;
4277 done:
4278 tor_free(new_val);
4279 tor_free(new_conf);
4280 return r;
4284 * Save the current configuration file value to disk. Return 0 on
4285 * success, -1 on failure.
4288 options_save_current(void)
4290 if (torrc_fname) {
4291 /* This fails if we can't write to our configuration file.
4293 * If we try falling back to datadirectory or something, we have a better
4294 * chance of saving the configuration, but a better chance of doing
4295 * something the user never expected. Let's just warn instead. */
4296 return write_configuration_file(torrc_fname, get_options());
4298 return write_configuration_file(get_default_conf_file(), get_options());
4301 /** Mapping from a unit name to a multiplier for converting that unit into a
4302 * base unit. */
4303 struct unit_table_t {
4304 const char *unit;
4305 uint64_t multiplier;
4308 static struct unit_table_t memory_units[] = {
4309 { "", 1 },
4310 { "b", 1<< 0 },
4311 { "byte", 1<< 0 },
4312 { "bytes", 1<< 0 },
4313 { "kb", 1<<10 },
4314 { "kbyte", 1<<10 },
4315 { "kbytes", 1<<10 },
4316 { "kilobyte", 1<<10 },
4317 { "kilobytes", 1<<10 },
4318 { "m", 1<<20 },
4319 { "mb", 1<<20 },
4320 { "mbyte", 1<<20 },
4321 { "mbytes", 1<<20 },
4322 { "megabyte", 1<<20 },
4323 { "megabytes", 1<<20 },
4324 { "gb", 1<<30 },
4325 { "gbyte", 1<<30 },
4326 { "gbytes", 1<<30 },
4327 { "gigabyte", 1<<30 },
4328 { "gigabytes", 1<<30 },
4329 { "tb", U64_LITERAL(1)<<40 },
4330 { "terabyte", U64_LITERAL(1)<<40 },
4331 { "terabytes", U64_LITERAL(1)<<40 },
4332 { NULL, 0 },
4335 static struct unit_table_t time_units[] = {
4336 { "", 1 },
4337 { "second", 1 },
4338 { "seconds", 1 },
4339 { "minute", 60 },
4340 { "minutes", 60 },
4341 { "hour", 60*60 },
4342 { "hours", 60*60 },
4343 { "day", 24*60*60 },
4344 { "days", 24*60*60 },
4345 { "week", 7*24*60*60 },
4346 { "weeks", 7*24*60*60 },
4347 { NULL, 0 },
4350 /** Parse a string <b>val</b> containing a number, zero or more
4351 * spaces, and an optional unit string. If the unit appears in the
4352 * table <b>u</b>, then multiply the number by the unit multiplier.
4353 * On success, set *<b>ok</b> to 1 and return this product.
4354 * Otherwise, set *<b>ok</b> to 0.
4356 static uint64_t
4357 config_parse_units(const char *val, struct unit_table_t *u, int *ok)
4359 uint64_t v;
4360 char *cp;
4362 tor_assert(ok);
4364 v = tor_parse_uint64(val, 10, 0, UINT64_MAX, ok, &cp);
4365 if (!*ok)
4366 return 0;
4367 if (!cp) {
4368 *ok = 1;
4369 return v;
4371 while (TOR_ISSPACE(*cp))
4372 ++cp;
4373 for ( ;u->unit;++u) {
4374 if (!strcasecmp(u->unit, cp)) {
4375 v *= u->multiplier;
4376 *ok = 1;
4377 return v;
4380 log_warn(LD_CONFIG, "Unknown unit '%s'.", cp);
4381 *ok = 0;
4382 return 0;
4385 /** Parse a string in the format "number unit", where unit is a unit of
4386 * information (byte, KB, M, etc). On success, set *<b>ok</b> to true
4387 * and return the number of bytes specified. Otherwise, set
4388 * *<b>ok</b> to false and return 0. */
4389 static uint64_t
4390 config_parse_memunit(const char *s, int *ok)
4392 return config_parse_units(s, memory_units, ok);
4395 /** Parse a string in the format "number unit", where unit is a unit of time.
4396 * On success, set *<b>ok</b> to true and return the number of seconds in
4397 * the provided interval. Otherwise, set *<b>ok</b> to 0 and return -1.
4399 static int
4400 config_parse_interval(const char *s, int *ok)
4402 uint64_t r;
4403 r = config_parse_units(s, time_units, ok);
4404 if (!ok)
4405 return -1;
4406 if (r > INT_MAX) {
4407 log_warn(LD_CONFIG, "Interval '%s' is too long", s);
4408 *ok = 0;
4409 return -1;
4411 return (int)r;
4415 * Initialize the libevent library.
4417 static void
4418 init_libevent(void)
4420 configure_libevent_logging();
4421 /* If the kernel complains that some method (say, epoll) doesn't
4422 * exist, we don't care about it, since libevent will cope.
4424 suppress_libevent_log_msg("Function not implemented");
4425 #ifdef __APPLE__
4426 if (decode_libevent_version() < LE_11B) {
4427 setenv("EVENT_NOKQUEUE","1",1);
4429 #endif
4430 event_init();
4431 suppress_libevent_log_msg(NULL);
4432 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
4433 /* Making this a NOTICE for now so we can link bugs to a libevent versions
4434 * or methods better. */
4435 log(LOG_NOTICE, LD_GENERAL,
4436 "Initialized libevent version %s using method %s. Good.",
4437 event_get_version(), event_get_method());
4438 check_libevent_version(event_get_method(), get_options()->ORPort != 0);
4439 #else
4440 log(LOG_NOTICE, LD_GENERAL,
4441 "Initialized old libevent (version 1.0b or earlier).");
4442 log(LOG_WARN, LD_GENERAL,
4443 "You have a *VERY* old version of libevent. It is likely to be buggy; "
4444 "please build Tor with a more recent version.");
4445 #endif
4448 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
4449 /** Table mapping return value of event_get_version() to le_version_t. */
4450 static const struct {
4451 const char *name; le_version_t version;
4452 } le_version_table[] = {
4453 /* earlier versions don't have get_version. */
4454 { "1.0c", LE_10C },
4455 { "1.0d", LE_10D },
4456 { "1.0e", LE_10E },
4457 { "1.1", LE_11 },
4458 { "1.1a", LE_11A },
4459 { "1.1b", LE_11B },
4460 { "1.2", LE_12 },
4461 { "1.2a", LE_12A },
4462 { "1.3", LE_13 },
4463 { "1.3a", LE_13A },
4464 { "1.3b", LE_13B },
4465 { "1.3c", LE_13C },
4466 { "1.3d", LE_13D },
4467 { NULL, LE_OTHER }
4470 /** Return the le_version_t for the current version of libevent. If the
4471 * version is very new, return LE_OTHER. If the version is so old that it
4472 * doesn't support event_get_version(), return LE_OLD. */
4473 static le_version_t
4474 decode_libevent_version(void)
4476 const char *v = event_get_version();
4477 int i;
4478 for (i=0; le_version_table[i].name; ++i) {
4479 if (!strcmp(le_version_table[i].name, v)) {
4480 return le_version_table[i].version;
4483 return LE_OTHER;
4487 * Compare the given libevent method and version to a list of versions
4488 * which are known not to work. Warn the user as appropriate.
4490 static void
4491 check_libevent_version(const char *m, int server)
4493 int buggy = 0, iffy = 0, slow = 0, thread_unsafe = 0;
4494 le_version_t version;
4495 const char *v = event_get_version();
4496 const char *badness = NULL;
4497 const char *sad_os = "";
4499 version = decode_libevent_version();
4501 /* XXX Would it be worthwhile disabling the methods that we know
4502 * are buggy, rather than just warning about them and then proceeding
4503 * to use them? If so, we should probably not wrap this whole thing
4504 * in HAVE_EVENT_GET_VERSION and HAVE_EVENT_GET_METHOD. -RD */
4505 /* XXXX The problem is that it's not trivial to get libevent to change it's
4506 * method once it's initialized, and it's not trivial to tell what method it
4507 * will use without initializing it. I guess we could preemptively disable
4508 * buggy libevent modes based on the version _before_ initializing it,
4509 * though, but then there's no good way (afaict) to warn "I would have used
4510 * kqueue, but instead I'm using select." -NM */
4511 if (!strcmp(m, "kqueue")) {
4512 if (version < LE_11B)
4513 buggy = 1;
4514 } else if (!strcmp(m, "epoll")) {
4515 if (version < LE_11)
4516 iffy = 1;
4517 } else if (!strcmp(m, "poll")) {
4518 if (version < LE_10E)
4519 buggy = 1;
4520 else if (version < LE_11)
4521 slow = 1;
4522 } else if (!strcmp(m, "select")) {
4523 if (version < LE_11)
4524 slow = 1;
4525 } else if (!strcmp(m, "win32")) {
4526 if (version < LE_11B)
4527 buggy = 1;
4530 /* Libevent versions before 1.3b do very badly on operating systems with
4531 * user-space threading implementations. */
4532 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__)
4533 if (server && version < LE_13B) {
4534 thread_unsafe = 1;
4535 sad_os = "BSD variants";
4537 #elif defined(__APPLE__) || defined(__darwin__)
4538 if (server && version < LE_13B) {
4539 thread_unsafe = 1;
4540 sad_os = "Mac OS X";
4542 #endif
4544 if (thread_unsafe) {
4545 log(LOG_WARN, LD_GENERAL,
4546 "Libevent version %s often crashes when running a Tor server with %s. "
4547 "Please use the latest version of libevent (1.3b or later)",v,sad_os);
4548 badness = "BROKEN";
4549 } else if (buggy) {
4550 log(LOG_WARN, LD_GENERAL,
4551 "There are serious bugs in using %s with libevent %s. "
4552 "Please use the latest version of libevent.", m, v);
4553 badness = "BROKEN";
4554 } else if (iffy) {
4555 log(LOG_WARN, LD_GENERAL,
4556 "There are minor bugs in using %s with libevent %s. "
4557 "You may want to use the latest version of libevent.", m, v);
4558 badness = "BUGGY";
4559 } else if (slow && server) {
4560 log(LOG_WARN, LD_GENERAL,
4561 "libevent %s can be very slow with %s. "
4562 "When running a server, please use the latest version of libevent.",
4563 v,m);
4564 badness = "SLOW";
4566 if (badness) {
4567 control_event_general_status(LOG_WARN,
4568 "BAD_LIBEVENT VERSION=%s METHOD=%s BADNESS=%s RECOVERED=NO",
4569 v, m, badness);
4573 #else
4574 static le_version_t
4575 decode_libevent_version(void)
4577 return LE_OLD;
4579 #endif
4581 /** Return the persistent state struct for this Tor. */
4582 or_state_t *
4583 get_or_state(void)
4585 tor_assert(global_state);
4586 return global_state;
4589 /** Return a newly allocated string holding a filename relative to the data
4590 * directory. If <b>sub1</b> is present, it is the first path component after
4591 * the data directory. If <b>sub2</b> is also present, it is the second path
4592 * component after the data directory. If <b>suffix</b> is present, it
4593 * is appended to the filename.
4595 * Examples:
4596 * get_datadir_fname2_suffix("a", NULL, NULL) -> $DATADIR/a
4597 * get_datadir_fname2_suffix("a", NULL, ".tmp") -> $DATADIR/a.tmp
4598 * get_datadir_fname2_suffix("a", "b", ".tmp") -> $DATADIR/a/b/.tmp
4599 * get_datadir_fname2_suffix("a", "b", NULL) -> $DATADIR/a/b
4601 * Note: Consider using the get_datadir_fname* macros in or.h.
4603 char *
4604 get_datadir_fname2_suffix(const char *sub1, const char *sub2,
4605 const char *suffix)
4607 or_options_t *options = get_options();
4608 char *fname = NULL;
4609 size_t len;
4610 tor_assert(options);
4611 tor_assert(options->DataDirectory);
4612 tor_assert(sub1 || !sub2); /* If sub2 is present, sub1 must be present. */
4613 len = strlen(options->DataDirectory);
4614 if (sub1) {
4615 len += strlen(sub1)+1;
4616 if (sub2)
4617 len += strlen(sub2)+1;
4619 if (suffix)
4620 len += strlen(suffix);
4621 len++;
4622 fname = tor_malloc(len);
4623 if (sub1) {
4624 if (sub2) {
4625 tor_snprintf(fname, len, "%s"PATH_SEPARATOR"%s"PATH_SEPARATOR"%s",
4626 options->DataDirectory, sub1, sub2);
4627 } else {
4628 tor_snprintf(fname, len, "%s"PATH_SEPARATOR"%s",
4629 options->DataDirectory, sub1);
4631 } else {
4632 strlcpy(fname, options->DataDirectory, len);
4634 if (suffix)
4635 strlcat(fname, suffix, len);
4636 return fname;
4639 /** Return 0 if every setting in <b>state</b> is reasonable, and a
4640 * permissible transition from <b>old_state</b>. Else warn and return -1.
4641 * Should have no side effects, except for normalizing the contents of
4642 * <b>state</b>.
4644 /* XXX from_setconf is here because of bug 238 */
4645 static int
4646 or_state_validate(or_state_t *old_state, or_state_t *state,
4647 int from_setconf, char **msg)
4649 /* We don't use these; only options do. Still, we need to match that
4650 * signature. */
4651 (void) from_setconf;
4652 (void) old_state;
4654 if (entry_guards_parse_state(state, 0, msg)<0)
4655 return -1;
4657 return 0;
4660 /** Replace the current persistent state with <b>new_state</b> */
4661 static void
4662 or_state_set(or_state_t *new_state)
4664 char *err = NULL;
4665 tor_assert(new_state);
4666 if (global_state)
4667 config_free(&state_format, global_state);
4668 global_state = new_state;
4669 if (entry_guards_parse_state(global_state, 1, &err)<0) {
4670 log_warn(LD_GENERAL,"%s",err);
4671 tor_free(err);
4673 if (rep_hist_load_state(global_state, &err)<0) {
4674 log_warn(LD_GENERAL,"Unparseable bandwidth history state: %s",err);
4675 tor_free(err);
4679 /** Reload the persistent state from disk, generating a new state as needed.
4680 * Return 0 on success, less than 0 on failure.
4682 static int
4683 or_state_load(void)
4685 or_state_t *new_state = NULL;
4686 char *contents = NULL, *fname;
4687 char *errmsg = NULL;
4688 int r = -1, badstate = 0;
4690 fname = get_datadir_fname("state");
4691 switch (file_status(fname)) {
4692 case FN_FILE:
4693 if (!(contents = read_file_to_str(fname, 0, NULL))) {
4694 log_warn(LD_FS, "Unable to read state file \"%s\"", fname);
4695 goto done;
4697 break;
4698 case FN_NOENT:
4699 break;
4700 case FN_ERROR:
4701 case FN_DIR:
4702 default:
4703 log_warn(LD_GENERAL,"State file \"%s\" is not a file? Failing.", fname);
4704 goto done;
4706 new_state = tor_malloc_zero(sizeof(or_state_t));
4707 new_state->_magic = OR_STATE_MAGIC;
4708 config_init(&state_format, new_state);
4709 if (contents) {
4710 config_line_t *lines=NULL;
4711 int assign_retval;
4712 if (config_get_lines(contents, &lines)<0)
4713 goto done;
4714 assign_retval = config_assign(&state_format, new_state,
4715 lines, 0, 0, &errmsg);
4716 config_free_lines(lines);
4717 if (assign_retval<0)
4718 badstate = 1;
4719 if (errmsg) {
4720 log_warn(LD_GENERAL, "%s", errmsg);
4721 tor_free(errmsg);
4725 if (!badstate && or_state_validate(NULL, new_state, 1, &errmsg) < 0)
4726 badstate = 1;
4728 if (errmsg) {
4729 log_warn(LD_GENERAL, "%s", errmsg);
4730 tor_free(errmsg);
4733 if (badstate && !contents) {
4734 log_warn(LD_BUG, "Uh oh. We couldn't even validate our own default state."
4735 " This is a bug in Tor.");
4736 goto done;
4737 } else if (badstate && contents) {
4738 int i;
4739 file_status_t status;
4740 size_t len = strlen(fname)+16;
4741 char *fname2 = tor_malloc(len);
4742 for (i = 0; i < 100; ++i) {
4743 tor_snprintf(fname2, len, "%s.%d", fname, i);
4744 status = file_status(fname2);
4745 if (status == FN_NOENT)
4746 break;
4748 if (i == 100) {
4749 log_warn(LD_BUG, "Unable to parse state in \"%s\"; too many saved bad "
4750 "state files to move aside. Discarding the old state file.",
4751 fname);
4752 unlink(fname);
4753 } else {
4754 log_warn(LD_BUG, "Unable to parse state in \"%s\". Moving it aside "
4755 "to \"%s\". This could be a bug in Tor; please tell "
4756 "the developers.", fname, fname2);
4757 if (rename(fname, fname2) < 0) {
4758 log_warn(LD_BUG, "Weirdly, I couldn't even move the state aside. The "
4759 "OS gave an error of %s", strerror(errno));
4762 tor_free(fname2);
4763 tor_free(contents);
4764 config_free(&state_format, new_state);
4766 new_state = tor_malloc_zero(sizeof(or_state_t));
4767 new_state->_magic = OR_STATE_MAGIC;
4768 config_init(&state_format, new_state);
4769 } else if (contents) {
4770 log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
4771 } else {
4772 log_info(LD_GENERAL, "Initialized state");
4774 or_state_set(new_state);
4775 new_state = NULL;
4776 if (!contents) {
4777 global_state->next_write = 0;
4778 or_state_save(time(NULL));
4780 r = 0;
4782 done:
4783 tor_free(fname);
4784 tor_free(contents);
4785 if (new_state)
4786 config_free(&state_format, new_state);
4788 return r;
4791 /** Write the persistent state to disk. Return 0 for success, <0 on failure. */
4793 or_state_save(time_t now)
4795 char *state, *contents;
4796 char tbuf[ISO_TIME_LEN+1];
4797 size_t len;
4798 char *fname;
4800 tor_assert(global_state);
4802 if (global_state->next_write > now)
4803 return 0;
4805 /* Call everything else that might dirty the state even more, in order
4806 * to avoid redundant writes. */
4807 entry_guards_update_state(global_state);
4808 rep_hist_update_state(global_state);
4809 if (accounting_is_enabled(get_options()))
4810 accounting_run_housekeeping(now);
4812 global_state->LastWritten = time(NULL);
4813 tor_free(global_state->TorVersion);
4814 len = strlen(get_version())+8;
4815 global_state->TorVersion = tor_malloc(len);
4816 tor_snprintf(global_state->TorVersion, len, "Tor %s", get_version());
4818 state = config_dump(&state_format, global_state, 1, 0);
4819 len = strlen(state)+256;
4820 contents = tor_malloc(len);
4821 format_local_iso_time(tbuf, time(NULL));
4822 tor_snprintf(contents, len,
4823 "# Tor state file last generated on %s local time\n"
4824 "# Other times below are in GMT\n"
4825 "# You *do not* need to edit this file.\n\n%s",
4826 tbuf, state);
4827 tor_free(state);
4828 fname = get_datadir_fname("state");
4829 if (write_str_to_file(fname, contents, 0)<0) {
4830 log_warn(LD_FS, "Unable to write state to file \"%s\"", fname);
4831 tor_free(fname);
4832 tor_free(contents);
4833 return -1;
4835 log_info(LD_GENERAL, "Saved state to \"%s\"", fname);
4836 tor_free(fname);
4837 tor_free(contents);
4839 global_state->next_write = TIME_MAX;
4840 return 0;
4843 /** Given a file name check to see whether the file exists but has not been
4844 * modified for a very long time. If so, remove it. */
4845 void
4846 remove_file_if_very_old(const char *fname, time_t now)
4848 #define VERY_OLD_FILE_AGE (28*24*60*60)
4849 struct stat st;
4851 if (stat(fname, &st)==0 && st.st_mtime < now-VERY_OLD_FILE_AGE) {
4852 char buf[ISO_TIME_LEN+1];
4853 format_local_iso_time(buf, st.st_mtime);
4854 log_notice(LD_GENERAL, "Obsolete file %s hasn't been modified since %s. "
4855 "Removing it.", fname, buf);
4856 unlink(fname);
4860 /** Helper to implement GETINFO functions about configuration variables (not
4861 * their values). Given a "config/names" question, set *<b>answer</b> to a
4862 * new string describing the supported configuration variables and their
4863 * types. */
4865 getinfo_helper_config(control_connection_t *conn,
4866 const char *question, char **answer)
4868 (void) conn;
4869 if (!strcmp(question, "config/names")) {
4870 smartlist_t *sl = smartlist_create();
4871 int i;
4872 for (i = 0; _option_vars[i].name; ++i) {
4873 config_var_t *var = &_option_vars[i];
4874 const char *type, *desc;
4875 char *line;
4876 size_t len;
4877 desc = config_find_description(&options_format, var->name);
4878 switch (var->type) {
4879 case CONFIG_TYPE_STRING: type = "String"; break;
4880 case CONFIG_TYPE_UINT: type = "Integer"; break;
4881 case CONFIG_TYPE_INTERVAL: type = "TimeInterval"; break;
4882 case CONFIG_TYPE_MEMUNIT: type = "DataSize"; break;
4883 case CONFIG_TYPE_DOUBLE: type = "Float"; break;
4884 case CONFIG_TYPE_BOOL: type = "Boolean"; break;
4885 case CONFIG_TYPE_ISOTIME: type = "Time"; break;
4886 case CONFIG_TYPE_CSV: type = "CommaList"; break;
4887 case CONFIG_TYPE_LINELIST: type = "LineList"; break;
4888 case CONFIG_TYPE_LINELIST_S: type = "Dependant"; break;
4889 case CONFIG_TYPE_LINELIST_V: type = "Virtual"; break;
4890 default:
4891 case CONFIG_TYPE_OBSOLETE:
4892 type = NULL; break;
4894 if (!type)
4895 continue;
4896 len = strlen(var->name)+strlen(type)+16;
4897 if (desc)
4898 len += strlen(desc);
4899 line = tor_malloc(len);
4900 if (desc)
4901 tor_snprintf(line, len, "%s %s %s\n",var->name,type,desc);
4902 else
4903 tor_snprintf(line, len, "%s %s\n",var->name,type);
4904 smartlist_add(sl, line);
4906 *answer = smartlist_join_strings(sl, "", 0, NULL);
4907 SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
4908 smartlist_free(sl);
4910 return 0;
4913 #include "aes.h"
4914 #include "ht.h"
4915 #include "test.h"
4917 extern const char aes_c_id[];
4918 extern const char compat_c_id[];
4919 extern const char container_c_id[];
4920 extern const char crypto_c_id[];
4921 extern const char log_c_id[];
4922 extern const char torgzip_c_id[];
4923 extern const char tortls_c_id[];
4924 extern const char util_c_id[];
4926 extern const char buffers_c_id[];
4927 extern const char circuitbuild_c_id[];
4928 extern const char circuitlist_c_id[];
4929 extern const char circuituse_c_id[];
4930 extern const char command_c_id[];
4931 // extern const char config_c_id[];
4932 extern const char connection_c_id[];
4933 extern const char connection_edge_c_id[];
4934 extern const char connection_or_c_id[];
4935 extern const char control_c_id[];
4936 extern const char cpuworker_c_id[];
4937 extern const char directory_c_id[];
4938 extern const char dirserv_c_id[];
4939 extern const char dns_c_id[];
4940 extern const char hibernate_c_id[];
4941 extern const char main_c_id[];
4942 #ifdef NT_SERVICE
4943 extern const char ntmain_c_id[];
4944 #endif
4945 extern const char onion_c_id[];
4946 extern const char policies_c_id[];
4947 extern const char relay_c_id[];
4948 extern const char rendclient_c_id[];
4949 extern const char rendcommon_c_id[];
4950 extern const char rendmid_c_id[];
4951 extern const char rendservice_c_id[];
4952 extern const char rephist_c_id[];
4953 extern const char router_c_id[];
4954 extern const char routerlist_c_id[];
4955 extern const char routerparse_c_id[];
4957 /** Dump the version of every file to the log. */
4958 static void
4959 print_svn_version(void)
4961 puts(AES_H_ID);
4962 puts(COMPAT_H_ID);
4963 puts(CONTAINER_H_ID);
4964 puts(CRYPTO_H_ID);
4965 puts(HT_H_ID);
4966 puts(TEST_H_ID);
4967 puts(LOG_H_ID);
4968 puts(TORGZIP_H_ID);
4969 puts(TORINT_H_ID);
4970 puts(TORTLS_H_ID);
4971 puts(UTIL_H_ID);
4972 puts(aes_c_id);
4973 puts(compat_c_id);
4974 puts(container_c_id);
4975 puts(crypto_c_id);
4976 puts(log_c_id);
4977 puts(torgzip_c_id);
4978 puts(tortls_c_id);
4979 puts(util_c_id);
4981 puts(OR_H_ID);
4982 puts(buffers_c_id);
4983 puts(circuitbuild_c_id);
4984 puts(circuitlist_c_id);
4985 puts(circuituse_c_id);
4986 puts(command_c_id);
4987 puts(config_c_id);
4988 puts(connection_c_id);
4989 puts(connection_edge_c_id);
4990 puts(connection_or_c_id);
4991 puts(control_c_id);
4992 puts(cpuworker_c_id);
4993 puts(directory_c_id);
4994 puts(dirserv_c_id);
4995 puts(dns_c_id);
4996 puts(hibernate_c_id);
4997 puts(main_c_id);
4998 #ifdef NT_SERVICE
4999 puts(ntmain_c_id);
5000 #endif
5001 puts(onion_c_id);
5002 puts(policies_c_id);
5003 puts(relay_c_id);
5004 puts(rendclient_c_id);
5005 puts(rendcommon_c_id);
5006 puts(rendmid_c_id);
5007 puts(rendservice_c_id);
5008 puts(rephist_c_id);
5009 puts(router_c_id);
5010 puts(routerlist_c_id);
5011 puts(routerparse_c_id);