search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add maatuska as eighth v3 directory authority.
[tor/rransom.git] / src / or / config.c
blob79665570634377fd4137681454389765f8550634
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2010, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file config.c
9 * \brief Code to parse and interpret configuration files.
10 **/
11
12 #define CONFIG_PRIVATE
13
14 #include "or.h"
15 #ifdef MS_WINDOWS
16 #include <shlobj.h>
17 #endif
18
19 /** Enumeration of types which option values can take */
20 typedef enum config_type_t {
21 CONFIG_TYPE_STRING = 0, /**< An arbitrary string. */
22 CONFIG_TYPE_FILENAME, /**< A filename: some prefixes get expanded. */
23 CONFIG_TYPE_UINT, /**< A non-negative integer less than MAX_INT */
24 CONFIG_TYPE_INTERVAL, /**< A number of seconds, with optional units*/
25 CONFIG_TYPE_MEMUNIT, /**< A number of bytes, with optional units*/
26 CONFIG_TYPE_DOUBLE, /**< A floating-point value */
27 CONFIG_TYPE_BOOL, /**< A boolean value, expressed as 0 or 1. */
28 CONFIG_TYPE_ISOTIME, /**< An ISO-formatted time relative to GMT. */
29 CONFIG_TYPE_CSV, /**< A list of strings, separated by commas and
30 * optional whitespace. */
31 CONFIG_TYPE_LINELIST, /**< Uninterpreted config lines */
32 CONFIG_TYPE_LINELIST_S, /**< Uninterpreted, context-sensitive config lines,
33 * mixed with other keywords. */
34 CONFIG_TYPE_LINELIST_V, /**< Catch-all "virtual" option to summarize
35 * context-sensitive config lines when fetching.
36 */
37 CONFIG_TYPE_ROUTERSET, /**< A list of router names, addrs, and fps,
38 * parsed into a routerset_t. */
39 CONFIG_TYPE_OBSOLETE, /**< Obsolete (ignored) option. */
40 } config_type_t;
41
42 /** An abbreviation for a configuration option allowed on the command line. */
43 typedef struct config_abbrev_t {
44 const char *abbreviated;
45 const char *full;
46 int commandline_only;
47 int warn;
48 } config_abbrev_t;
49
50 /* Handy macro for declaring "In the config file or on the command line,
51 * you can abbreviate <b>tok</b>s as <b>tok</b>". */
52 #define PLURAL(tok) { #tok, #tok "s", 0, 0 }
53
54 /** A list of abbreviations and aliases to map command-line options, obsolete
55 * option names, or alternative option names, to their current values. */
56 static config_abbrev_t _option_abbrevs[] = {
57 PLURAL(ExitNode),
58 PLURAL(EntryNode),
59 PLURAL(ExcludeNode),
60 PLURAL(FirewallPort),
61 PLURAL(LongLivedPort),
62 PLURAL(HiddenServiceNode),
63 PLURAL(HiddenServiceExcludeNode),
64 PLURAL(NumCpu),
65 PLURAL(RendNode),
66 PLURAL(RendExcludeNode),
67 PLURAL(StrictEntryNode),
68 PLURAL(StrictExitNode),
69 { "l", "Log", 1, 0},
70 { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
71 { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
72 { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
73 { "BandwidthRateBytes", "BandwidthRate", 0, 0},
74 { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
75 { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
76 { "MaxConn", "ConnLimit", 0, 1},
77 { "ORBindAddress", "ORListenAddress", 0, 0},
78 { "DirBindAddress", "DirListenAddress", 0, 0},
79 { "SocksBindAddress", "SocksListenAddress", 0, 0},
80 { "UseHelperNodes", "UseEntryGuards", 0, 0},
81 { "NumHelperNodes", "NumEntryGuards", 0, 0},
82 { "UseEntryNodes", "UseEntryGuards", 0, 0},
83 { "NumEntryNodes", "NumEntryGuards", 0, 0},
84 { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
85 { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
86 { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0 },
87 { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
88 { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
89 { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
90 { NULL, NULL, 0, 0},
91 };
92
93 /** A list of state-file "abbreviations," for compatibility. */
94 static config_abbrev_t _state_abbrevs[] = {
95 { "AccountingBytesReadInterval", "AccountingBytesReadInInterval", 0, 0 },
96 { "HelperNode", "EntryGuard", 0, 0 },
97 { "HelperNodeDownSince", "EntryGuardDownSince", 0, 0 },
98 { "HelperNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
99 { "EntryNode", "EntryGuard", 0, 0 },
100 { "EntryNodeDownSince", "EntryGuardDownSince", 0, 0 },
101 { "EntryNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
102 { NULL, NULL, 0, 0},
103 };
104 #undef PLURAL
105
106 /** A variable allowed in the configuration file or on the command line. */
107 typedef struct config_var_t {
108 const char *name; /**< The full keyword (case insensitive). */
109 config_type_t type; /**< How to interpret the type and turn it into a
110 * value. */
111 off_t var_offset; /**< Offset of the corresponding member of or_options_t. */
112 const char *initvalue; /**< String (or null) describing initial value. */
113 } config_var_t;
114
115 /** An entry for config_vars: "The option <b>name</b> has type
116 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
117 * or_options_t.<b>member</b>"
118 */
119 #define VAR(name,conftype,member,initvalue) \
120 { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
121 initvalue }
122 /** As VAR, but the option name and member name are the same. */
123 #define V(member,conftype,initvalue) \
124 VAR(#member, conftype, member, initvalue)
125 /** An entry for config_vars: "The option <b>name</b> is obsolete." */
126 #define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
127
128 /** Array of configuration options. Until we disallow nonstandard
129 * abbreviations, order is significant, since the first matching option will
130 * be chosen first.
131 */
132 static config_var_t _option_vars[] = {
133 OBSOLETE("AccountingMaxKB"),
134 V(AccountingMax, MEMUNIT, "0 bytes"),
135 V(AccountingStart, STRING, NULL),
136 V(Address, STRING, NULL),
137 V(AllowInvalidNodes, CSV, "middle,rendezvous"),
138 V(AllowNonRFC953Hostnames, BOOL, "0"),
139 V(AllowSingleHopCircuits, BOOL, "0"),
140 V(AllowSingleHopExits, BOOL, "0"),
141 V(AlternateBridgeAuthority, LINELIST, NULL),
142 V(AlternateDirAuthority, LINELIST, NULL),
143 V(AlternateHSAuthority, LINELIST, NULL),
144 V(AssumeReachable, BOOL, "0"),
145 V(AuthDirBadDir, LINELIST, NULL),
146 V(AuthDirBadExit, LINELIST, NULL),
147 V(AuthDirInvalid, LINELIST, NULL),
148 V(AuthDirReject, LINELIST, NULL),
149 V(AuthDirRejectUnlisted, BOOL, "0"),
150 V(AuthDirListBadDirs, BOOL, "0"),
151 V(AuthDirListBadExits, BOOL, "0"),
152 V(AuthDirMaxServersPerAddr, UINT, "2"),
153 V(AuthDirMaxServersPerAuthAddr,UINT, "5"),
154 VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
155 V(AutomapHostsOnResolve, BOOL, "0"),
156 V(AutomapHostsSuffixes, CSV, ".onion,.exit"),
157 V(AvoidDiskWrites, BOOL, "0"),
158 V(BandwidthBurst, MEMUNIT, "10 MB"),
159 V(BandwidthRate, MEMUNIT, "5 MB"),
160 V(BridgeAuthoritativeDir, BOOL, "0"),
161 VAR("Bridge", LINELIST, Bridges, NULL),
162 V(BridgePassword, STRING, NULL),
163 V(BridgeRecordUsageByCountry, BOOL, "1"),
164 V(BridgeRelay, BOOL, "0"),
165 V(CircuitBuildTimeout, INTERVAL, "1 minute"),
166 V(CircuitIdleTimeout, INTERVAL, "1 hour"),
167 V(ClientDNSRejectInternalAddresses, BOOL,"1"),
168 V(ClientOnly, BOOL, "0"),
169 V(ConnLimit, UINT, "1000"),
170 V(ConstrainedSockets, BOOL, "0"),
171 V(ConstrainedSockSize, MEMUNIT, "8192"),
172 V(ContactInfo, STRING, NULL),
173 V(ControlListenAddress, LINELIST, NULL),
174 V(ControlPort, UINT, "0"),
175 V(ControlSocket, LINELIST, NULL),
176 V(CookieAuthentication, BOOL, "0"),
177 V(CookieAuthFileGroupReadable, BOOL, "0"),
178 V(CookieAuthFile, STRING, NULL),
179 V(DataDirectory, FILENAME, NULL),
180 OBSOLETE("DebugLogFile"),
181 V(DirAllowPrivateAddresses, BOOL, NULL),
182 V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
183 V(DirListenAddress, LINELIST, NULL),
184 OBSOLETE("DirFetchPeriod"),
185 V(DirPolicy, LINELIST, NULL),
186 V(DirPort, UINT, "0"),
187 V(DirPortFrontPage, FILENAME, NULL),
188 OBSOLETE("DirPostPeriod"),
189 #ifdef ENABLE_GEOIP_STATS
190 V(DirRecordUsageByCountry, BOOL, "0"),
191 V(DirRecordUsageGranularity, UINT, "4"),
192 V(DirRecordUsageRetainIPs, INTERVAL, "14 days"),
193 V(DirRecordUsageSaveInterval, INTERVAL, "6 hours"),
194 #endif
195 VAR("DirServer", LINELIST, DirServers, NULL),
196 V(DNSPort, UINT, "0"),
197 V(DNSListenAddress, LINELIST, NULL),
198 V(DownloadExtraInfo, BOOL, "0"),
199 V(EnforceDistinctSubnets, BOOL, "1"),
200 V(EntryNodes, ROUTERSET, NULL),
201 V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
202 V(ExcludeNodes, ROUTERSET, NULL),
203 V(ExcludeExitNodes, ROUTERSET, NULL),
204 V(ExcludeSingleHopRelays, BOOL, "1"),
205 V(ExitNodes, ROUTERSET, NULL),
206 V(ExitPolicy, LINELIST, NULL),
207 V(ExitPolicyRejectPrivate, BOOL, "1"),
208 V(FallbackNetworkstatusFile, FILENAME,
209 SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
210 V(FascistFirewall, BOOL, "0"),
211 V(FirewallPorts, CSV, ""),
212 V(FastFirstHopPK, BOOL, "1"),
213 V(FetchDirInfoEarly, BOOL, "0"),
214 V(FetchServerDescriptors, BOOL, "1"),
215 V(FetchHidServDescriptors, BOOL, "1"),
216 V(FetchUselessDescriptors, BOOL, "0"),
217 #ifdef WIN32
218 V(GeoIPFile, FILENAME, "<default>"),
219 #else
220 V(GeoIPFile, FILENAME,
221 SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
222 #endif
223 OBSOLETE("Group"),
224 V(HardwareAccel, BOOL, "0"),
225 V(HashedControlPassword, LINELIST, NULL),
226 V(HidServDirectoryV2, BOOL, "1"),
227 VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL),
228 OBSOLETE("HiddenServiceExcludeNodes"),
229 OBSOLETE("HiddenServiceNodes"),
230 VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
231 VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL),
232 VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
233 VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
234 V(HidServAuth, LINELIST, NULL),
235 V(HSAuthoritativeDir, BOOL, "0"),
236 V(HSAuthorityRecordStats, BOOL, "0"),
237 V(HttpProxy, STRING, NULL),
238 V(HttpProxyAuthenticator, STRING, NULL),
239 V(HttpsProxy, STRING, NULL),
240 V(HttpsProxyAuthenticator, STRING, NULL),
241 OBSOLETE("IgnoreVersion"),
242 V(KeepalivePeriod, INTERVAL, "5 minutes"),
243 VAR("Log", LINELIST, Logs, NULL),
244 OBSOLETE("LinkPadding"),
245 OBSOLETE("LogLevel"),
246 OBSOLETE("LogFile"),
247 V(LongLivedPorts, CSV,
248 "21,22,706,1863,5050,5190,5222,5223,6667,6697,8300"),
249 VAR("MapAddress", LINELIST, AddressMap, NULL),
250 V(MaxAdvertisedBandwidth, MEMUNIT, "1 GB"),
251 V(MaxCircuitDirtiness, INTERVAL, "10 minutes"),
252 V(MaxOnionsPending, UINT, "100"),
253 OBSOLETE("MonthlyAccountingStart"),
254 V(MyFamily, STRING, NULL),
255 V(NewCircuitPeriod, INTERVAL, "30 seconds"),
256 VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
257 V(NatdListenAddress, LINELIST, NULL),
258 V(NatdPort, UINT, "0"),
259 V(Nickname, STRING, NULL),
260 V(NoPublish, BOOL, "0"),
261 VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
262 V(NumCpus, UINT, "1"),
263 V(NumEntryGuards, UINT, "3"),
264 V(ORListenAddress, LINELIST, NULL),
265 V(ORPort, UINT, "0"),
266 V(OutboundBindAddress, STRING, NULL),
267 OBSOLETE("PathlenCoinWeight"),
268 V(PidFile, STRING, NULL),
269 V(TestingTorNetwork, BOOL, "0"),
270 V(PreferTunneledDirConns, BOOL, "1"),
271 V(ProtocolWarnings, BOOL, "0"),
272 V(PublishServerDescriptor, CSV, "1"),
273 V(PublishHidServDescriptors, BOOL, "1"),
274 V(ReachableAddresses, LINELIST, NULL),
275 V(ReachableDirAddresses, LINELIST, NULL),
276 V(ReachableORAddresses, LINELIST, NULL),
277 V(RecommendedVersions, LINELIST, NULL),
278 V(RecommendedClientVersions, LINELIST, NULL),
279 V(RecommendedServerVersions, LINELIST, NULL),
280 OBSOLETE("RedirectExit"),
281 V(RejectPlaintextPorts, CSV, ""),
282 V(RelayBandwidthBurst, MEMUNIT, "0"),
283 V(RelayBandwidthRate, MEMUNIT, "0"),
284 OBSOLETE("RendExcludeNodes"),
285 OBSOLETE("RendNodes"),
286 V(RendPostPeriod, INTERVAL, "1 hour"),
287 V(RephistTrackTime, INTERVAL, "24 hours"),
288 OBSOLETE("RouterFile"),
289 V(RunAsDaemon, BOOL, "0"),
290 V(RunTesting, BOOL, "0"),
291 V(SafeLogging, BOOL, "1"),
292 V(SafeSocks, BOOL, "0"),
293 V(ServerDNSAllowBrokenConfig, BOOL, "1"),
294 V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
295 V(ServerDNSDetectHijacking, BOOL, "1"),
296 V(ServerDNSRandomizeCase, BOOL, "1"),
297 V(ServerDNSResolvConfFile, STRING, NULL),
298 V(ServerDNSSearchDomains, BOOL, "0"),
299 V(ServerDNSTestAddresses, CSV,
300 "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
301 V(ShutdownWaitLength, INTERVAL, "30 seconds"),
302 V(SocksListenAddress, LINELIST, NULL),
303 V(SocksPolicy, LINELIST, NULL),
304 V(SocksPort, UINT, "9050"),
305 V(SocksTimeout, INTERVAL, "2 minutes"),
306 OBSOLETE("StatusFetchPeriod"),
307 V(StrictEntryNodes, BOOL, "0"),
308 V(StrictExitNodes, BOOL, "0"),
309 OBSOLETE("SysLog"),
310 V(TestSocks, BOOL, "0"),
311 OBSOLETE("TestVia"),
312 V(TrackHostExits, CSV, NULL),
313 V(TrackHostExitsExpire, INTERVAL, "30 minutes"),
314 OBSOLETE("TrafficShaping"),
315 V(TransListenAddress, LINELIST, NULL),
316 V(TransPort, UINT, "0"),
317 V(TunnelDirConns, BOOL, "1"),
318 V(UpdateBridgesFromAuthority, BOOL, "0"),
319 V(UseBridges, BOOL, "0"),
320 V(UseEntryGuards, BOOL, "1"),
321 V(User, STRING, NULL),
322 VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),
323 VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir, "0"),
324 VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"),
325 V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
326 V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
327 V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
328 V(V3AuthVotingInterval, INTERVAL, "1 hour"),
329 V(V3AuthVoteDelay, INTERVAL, "5 minutes"),
330 V(V3AuthDistDelay, INTERVAL, "5 minutes"),
331 V(V3AuthNIntervalsValid, UINT, "3"),
332 V(V3AuthUseLegacyKey, BOOL, "0"),
333 VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
334 V(VirtualAddrNetwork, STRING, "127.192.0.0/10"),
335 V(WarnPlaintextPorts, CSV, "23,109,110,143"),
336 VAR("__ReloadTorrcOnSIGHUP", BOOL, ReloadTorrcOnSIGHUP, "1"),
337 VAR("__AllDirActionsPrivate", BOOL, AllDirActionsPrivate, "0"),
338 VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
339 VAR("__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached, "0"),
340 VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
341 NULL),
342 V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"),
343 { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
344 };
345
346 /** Override default values with these if the user sets the TestingTorNetwork
347 * option. */
348 static config_var_t testing_tor_network_defaults[] = {
349 V(ServerDNSAllowBrokenConfig, BOOL, "1"),
350 V(DirAllowPrivateAddresses, BOOL, "1"),
351 V(EnforceDistinctSubnets, BOOL, "0"),
352 V(AssumeReachable, BOOL, "1"),
353 V(AuthDirMaxServersPerAddr, UINT, "0"),
354 V(AuthDirMaxServersPerAuthAddr,UINT, "0"),
355 V(ClientDNSRejectInternalAddresses, BOOL,"0"),
356 V(ExitPolicyRejectPrivate, BOOL, "0"),
357 V(V3AuthVotingInterval, INTERVAL, "5 minutes"),
358 V(V3AuthVoteDelay, INTERVAL, "20 seconds"),
359 V(V3AuthDistDelay, INTERVAL, "20 seconds"),
360 V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
361 V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
362 V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
363 V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
364 V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
365 { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
366 };
367 #undef VAR
368
369 #define VAR(name,conftype,member,initvalue) \
370 { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_state_t, member), \
371 initvalue }
372
373 /** Array of "state" variables saved to the ~/.tor/state file. */
374 static config_var_t _state_vars[] = {
375 V(AccountingBytesReadInInterval, MEMUNIT, NULL),
376 V(AccountingBytesWrittenInInterval, MEMUNIT, NULL),
377 V(AccountingExpectedUsage, MEMUNIT, NULL),
378 V(AccountingIntervalStart, ISOTIME, NULL),
379 V(AccountingSecondsActive, INTERVAL, NULL),
380
381 VAR("EntryGuard", LINELIST_S, EntryGuards, NULL),
382 VAR("EntryGuardDownSince", LINELIST_S, EntryGuards, NULL),
383 VAR("EntryGuardUnlistedSince", LINELIST_S, EntryGuards, NULL),
384 VAR("EntryGuardAddedBy", LINELIST_S, EntryGuards, NULL),
385 V(EntryGuards, LINELIST_V, NULL),
386
387 V(BWHistoryReadEnds, ISOTIME, NULL),
388 V(BWHistoryReadInterval, UINT, "900"),
389 V(BWHistoryReadValues, CSV, ""),
390 V(BWHistoryWriteEnds, ISOTIME, NULL),
391 V(BWHistoryWriteInterval, UINT, "900"),
392 V(BWHistoryWriteValues, CSV, ""),
393
394 V(TorVersion, STRING, NULL),
395
396 V(LastRotatedOnionKey, ISOTIME, NULL),
397 V(LastWritten, ISOTIME, NULL),
398
399 { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
400 };
401
402 #undef VAR
403 #undef V
404 #undef OBSOLETE
405
406 /** Represents an English description of a configuration variable; used when
407 * generating configuration file comments. */
408 typedef struct config_var_description_t {
409 const char *name;
410 const char *description;
411 } config_var_description_t;
412
413 /** Descriptions of the configuration options, to be displayed by online
414 * option browsers */
415 /* XXXX022 did anybody want this? at all? If not, kill it.*/
416 static config_var_description_t options_description[] = {
417 /* ==== general options */
418 { "AvoidDiskWrites", "If non-zero, try to write to disk less frequently than"
419 " we would otherwise." },
420 { "BandwidthRate", "A token bucket limits the average incoming bandwidth on "
421 "this node to the specified number of bytes per second." },
422 { "BandwidthBurst", "Limit the maximum token buffer size (also known as "
423 "burst) to the given number of bytes." },
424 { "ConnLimit", "Minimum number of simultaneous sockets we must have." },
425 { "ConstrainedSockets", "Shrink tx and rx buffers for sockets to avoid "
426 "system limits on vservers and related environments. See man page for "
427 "more information regarding this option." },
428 { "ConstrainedSockSize", "Limit socket buffers to this size when "
429 "ConstrainedSockets is enabled." },
430 /* ControlListenAddress */
431 { "ControlPort", "If set, Tor will accept connections from the same machine "
432 "(localhost only) on this port, and allow those connections to control "
433 "the Tor process using the Tor Control Protocol (described in "
434 "control-spec.txt).", },
435 { "CookieAuthentication", "If this option is set to 1, don't allow any "
436 "connections to the control port except when the connecting process "
437 "can read a file that Tor creates in its data directory." },
438 { "DataDirectory", "Store working data, state, keys, and caches here." },
439 { "DirServer", "Tor only trusts directories signed with one of these "
440 "servers' keys. Used to override the standard list of directory "
441 "authorities." },
442 /* { "FastFirstHopPK", "" }, */
443 /* FetchServerDescriptors, FetchHidServDescriptors,
444 * FetchUselessDescriptors */
445 { "HardwareAccel", "If set, Tor tries to use hardware crypto accelerators "
446 "when it can." },
447 /* HashedControlPassword */
448 { "HTTPProxy", "Force Tor to make all HTTP directory requests through this "
449 "host:port (or host:80 if port is not set)." },
450 { "HTTPProxyAuthenticator", "A username:password pair to be used with "
451 "HTTPProxy." },
452 { "HTTPSProxy", "Force Tor to make all TLS (SSL) connections through this "
453 "host:port (or host:80 if port is not set)." },
454 { "HTTPSProxyAuthenticator", "A username:password pair to be used with "
455 "HTTPSProxy." },
456 { "KeepalivePeriod", "Send a padding cell every N seconds to keep firewalls "
457 "from closing our connections while Tor is not in use." },
458 { "Log", "Where to send logging messages. Format is "
459 "minSeverity[-maxSeverity] (stderr|stdout|syslog|file FILENAME)." },
460 { "OutboundBindAddress", "Make all outbound connections originate from the "
461 "provided IP address (only useful for multiple network interfaces)." },
462 { "PIDFile", "On startup, write our PID to this file. On clean shutdown, "
463 "remove the file." },
464 { "PreferTunneledDirConns", "If non-zero, avoid directory servers that "
465 "don't support tunneled connections." },
466 /* PreferTunneledDirConns */
467 /* ProtocolWarnings */
468 /* RephistTrackTime */
469 { "RunAsDaemon", "If set, Tor forks and daemonizes to the background when "
470 "started. Unix only." },
471 { "SafeLogging", "If set to 0, Tor logs potentially sensitive strings "
472 "rather than replacing them with the string [scrubbed]." },
473 { "TunnelDirConns", "If non-zero, when a directory server we contact "
474 "supports it, we will build a one-hop circuit and make an encrypted "
475 "connection via its ORPort." },
476 { "User", "On startup, setuid to this user." },
477
478 /* ==== client options */
479 { "AllowInvalidNodes", "Where on our circuits should Tor allow servers "
480 "that the directory authorities haven't called \"valid\"?" },
481 { "AllowNonRFC953Hostnames", "If set to 1, we don't automatically reject "
482 "hostnames for having invalid characters." },
483 /* CircuitBuildTimeout, CircuitIdleTimeout */
484 { "ClientOnly", "If set to 1, Tor will under no circumstances run as a "
485 "server, even if ORPort is enabled." },
486 { "EntryNodes", "A list of preferred entry nodes to use for the first hop "
487 "in circuits, when possible." },
488 /* { "EnforceDistinctSubnets" , "" }, */
489 { "ExitNodes", "A list of preferred nodes to use for the last hop in "
490 "circuits, when possible." },
491 { "ExcludeNodes", "A list of nodes never to use when building a circuit." },
492 { "FascistFirewall", "If set, Tor will only create outgoing connections to "
493 "servers running on the ports listed in FirewallPorts." },
494 { "FirewallPorts", "A list of ports that we can connect to. Only used "
495 "when FascistFirewall is set." },
496 { "LongLivedPorts", "A list of ports for services that tend to require "
497 "high-uptime connections." },
498 { "MapAddress", "Force Tor to treat all requests for one address as if "
499 "they were for another." },
500 { "NewCircuitPeriod", "Force Tor to consider whether to build a new circuit "
501 "every NUM seconds." },
502 { "MaxCircuitDirtiness", "Do not attach new streams to a circuit that has "
503 "been used more than this many seconds ago." },
504 /* NatdPort, NatdListenAddress */
505 { "NodeFamily", "A list of servers that constitute a 'family' and should "
506 "never be used in the same circuit." },
507 { "NumEntryGuards", "How many entry guards should we keep at a time?" },
508 /* PathlenCoinWeight */
509 { "ReachableAddresses", "Addresses we can connect to, as IP/bits:port-port. "
510 "By default, we assume all addresses are reachable." },
511 /* reachablediraddresses, reachableoraddresses. */
512 /* SafeSOCKS */
513 { "SOCKSPort", "The port where we listen for SOCKS connections from "
514 "applications." },
515 { "SOCKSListenAddress", "Bind to this address to listen to connections from "
516 "SOCKS-speaking applications." },
517 { "SOCKSPolicy", "Set an entry policy to limit which addresses can connect "
518 "to the SOCKSPort." },
519 /* SocksTimeout */
520 { "StrictExitNodes", "If set, Tor will fail to operate when none of the "
521 "configured ExitNodes can be used." },
522 { "StrictEntryNodes", "If set, Tor will fail to operate when none of the "
523 "configured EntryNodes can be used." },
524 /* TestSocks */
525 { "TrackHostsExit", "Hosts and domains which should, if possible, be "
526 "accessed from the same exit node each time we connect to them." },
527 { "TrackHostsExitExpire", "Time after which we forget which exit we were "
528 "using to connect to hosts in TrackHostsExit." },
529 /* "TransPort", "TransListenAddress */
530 { "UseEntryGuards", "Set to 0 if we want to pick from the whole set of "
531 "servers for the first position in each circuit, rather than picking a "
532 "set of 'Guards' to prevent profiling attacks." },
533
534 /* === server options */
535 { "Address", "The advertised (external) address we should use." },
536 /* Accounting* options. */
537 /* AssumeReachable */
538 { "ContactInfo", "Administrative contact information to advertise for this "
539 "server." },
540 { "ExitPolicy", "Address/port ranges for which to accept or reject outgoing "
541 "connections on behalf of Tor users." },
542 /* { "ExitPolicyRejectPrivate, "" }, */
543 { "MaxAdvertisedBandwidth", "If set, we will not advertise more than this "
544 "amount of bandwidth for our bandwidth rate, regardless of how much "
545 "bandwidth we actually detect." },
546 { "MaxOnionsPending", "Reject new attempts to extend circuits when we "
547 "already have this many pending." },
548 { "MyFamily", "Declare a list of other servers as belonging to the same "
549 "family as this one, so that clients will not use two from the same "
550 "family in the same circuit." },
551 { "Nickname", "Set the server nickname." },
552 { "NoPublish", "{DEPRECATED}" },
553 { "NumCPUs", "How many processes to use at once for public-key crypto." },
554 { "ORPort", "Advertise this port to listen for connections from Tor clients "
555 "and servers." },
556 { "ORListenAddress", "Bind to this address to listen for connections from "
557 "clients and servers, instead of the default 0.0.0.0:ORPort." },
558 { "PublishServerDescriptor", "Set to 0 to keep the server from "
559 "uploading info to the directory authorities." },
560 /* ServerDNS: DetectHijacking, ResolvConfFile, SearchDomains */
561 { "ShutdownWaitLength", "Wait this long for clients to finish when "
562 "shutting down because of a SIGINT." },
563
564 /* === directory cache options */
565 { "DirPort", "Serve directory information from this port, and act as a "
566 "directory cache." },
567 { "DirPortFrontPage", "Serve a static html disclaimer on DirPort." },
568 { "DirListenAddress", "Bind to this address to listen for connections from "
569 "clients and servers, instead of the default 0.0.0.0:DirPort." },
570 { "DirPolicy", "Set a policy to limit who can connect to the directory "
571 "port." },
572
573 /* Authority options: AuthDirBadExit, AuthDirInvalid, AuthDirReject,
574 * AuthDirRejectUnlisted, AuthDirListBadExits, AuthoritativeDirectory,
575 * DirAllowPrivateAddresses, HSAuthoritativeDir,
576 * NamingAuthoritativeDirectory, RecommendedVersions,
577 * RecommendedClientVersions, RecommendedServerVersions, RendPostPeriod,
578 * RunTesting, V1AuthoritativeDirectory, VersioningAuthoritativeDirectory, */
579
580 /* Hidden service options: HiddenService: dir,excludenodes, nodes,
581 * options, port. PublishHidServDescriptor */
582
583 /* Nonpersistent options: __LeaveStreamsUnattached, __AllDirActionsPrivate */
584 { NULL, NULL },
585 };
586
587 /** Online description of state variables. */
588 static config_var_description_t state_description[] = {
589 { "AccountingBytesReadInInterval",
590 "How many bytes have we read in this accounting period?" },
591 { "AccountingBytesWrittenInInterval",
592 "How many bytes have we written in this accounting period?" },
593 { "AccountingExpectedUsage",
594 "How many bytes did we expect to use per minute? (0 for no estimate.)" },
595 { "AccountingIntervalStart", "When did this accounting period begin?" },
596 { "AccountingSecondsActive", "How long have we been awake in this period?" },
597
598 { "BWHistoryReadEnds", "When does the last-recorded read-interval end?" },
599 { "BWHistoryReadInterval", "How long is each read-interval (in seconds)?" },
600 { "BWHistoryReadValues", "Number of bytes read in each interval." },
601 { "BWHistoryWriteEnds", "When does the last-recorded write-interval end?" },
602 { "BWHistoryWriteInterval", "How long is each write-interval (in seconds)?"},
603 { "BWHistoryWriteValues", "Number of bytes written in each interval." },
604
605 { "EntryGuard", "One of the nodes we have chosen as a fixed entry" },
606 { "EntryGuardDownSince",
607 "The last entry guard has been unreachable since this time." },
608 { "EntryGuardUnlistedSince",
609 "The last entry guard has been unusable since this time." },
610
611 { "LastRotatedOnionKey",
612 "The last time at which we changed the medium-term private key used for "
613 "building circuits." },
614 { "LastWritten", "When was this state file last regenerated?" },
615
616 { "TorVersion", "Which version of Tor generated this state file?" },
617 { NULL, NULL },
618 };
619
620 /** Type of a callback to validate whether a given configuration is
621 * well-formed and consistent. See options_trial_assign() for documentation
622 * of arguments. */
623 typedef int (*validate_fn_t)(void*,void*,int,char**);
624
625 /** Information on the keys, value types, key-to-struct-member mappings,
626 * variable descriptions, validation functions, and abbreviations for a
627 * configuration or storage format. */
628 typedef struct {
629 size_t size; /**< Size of the struct that everything gets parsed into. */
630 uint32_t magic; /**< Required 'magic value' to make sure we have a struct
631 * of the right type. */
632 off_t magic_offset; /**< Offset of the magic value within the struct. */
633 config_abbrev_t *abbrevs; /**< List of abbreviations that we expand when
634 * parsing this format. */
635 config_var_t *vars; /**< List of variables we recognize, their default
636 * values, and where we stick them in the structure. */
637 validate_fn_t validate_fn; /**< Function to validate config. */
638 /** Documentation for configuration variables. */
639 config_var_description_t *descriptions;
640 /** If present, extra is a LINELIST variable for unrecognized
641 * lines. Otherwise, unrecognized lines are an error. */
642 config_var_t *extra;
643 } config_format_t;
644
645 /** Macro: assert that <b>cfg</b> has the right magic field for format
646 * <b>fmt</b>. */
647 #define CHECK(fmt, cfg) STMT_BEGIN \
648 tor_assert(fmt && cfg); \
649 tor_assert((fmt)->magic == \
650 *(uint32_t*)STRUCT_VAR_P(cfg,fmt->magic_offset)); \
651 STMT_END
652
653 #ifdef MS_WINDOWS
654 static char *get_windows_conf_root(void);
655 #endif
656 static void config_line_append(config_line_t **lst,
657 const char *key, const char *val);
658 static void option_clear(config_format_t *fmt, or_options_t *options,
659 config_var_t *var);
660 static void option_reset(config_format_t *fmt, or_options_t *options,
661 config_var_t *var, int use_defaults);
662 static void config_free(config_format_t *fmt, void *options);
663 static int config_lines_eq(config_line_t *a, config_line_t *b);
664 static int option_is_same(config_format_t *fmt,
665 or_options_t *o1, or_options_t *o2,
666 const char *name);
667 static or_options_t *options_dup(config_format_t *fmt, or_options_t *old);
668 static int options_validate(or_options_t *old_options, or_options_t *options,
669 int from_setconf, char **msg);
670 static int options_act_reversible(or_options_t *old_options, char **msg);
671 static int options_act(or_options_t *old_options);
672 static int options_transition_allowed(or_options_t *old, or_options_t *new,
673 char **msg);
674 static int options_transition_affects_workers(or_options_t *old_options,
675 or_options_t *new_options);
676 static int options_transition_affects_descriptor(or_options_t *old_options,
677 or_options_t *new_options);
678 static int check_nickname_list(const char *lst, const char *name, char **msg);
679 static void config_register_addressmaps(or_options_t *options);
680
681 static int parse_bridge_line(const char *line, int validate_only);
682 static int parse_dir_server_line(const char *line,
683 authority_type_t required_type,
684 int validate_only);
685 static int validate_data_directory(or_options_t *options);
686 static int write_configuration_file(const char *fname, or_options_t *options);
687 static config_line_t *get_assigned_option(config_format_t *fmt,
688 void *options, const char *key,
689 int escape_val);
690 static void config_init(config_format_t *fmt, void *options);
691 static int or_state_validate(or_state_t *old_options, or_state_t *options,
692 int from_setconf, char **msg);
693 static int or_state_load(void);
694 static int options_init_logs(or_options_t *options, int validate_only);
695
696 static int is_listening_on_low_port(uint16_t port_option,
697 const config_line_t *listen_options);
698
699 static uint64_t config_parse_memunit(const char *s, int *ok);
700 static int config_parse_interval(const char *s, int *ok);
701 static void init_libevent(void);
702 static int opt_streq(const char *s1, const char *s2);
703 /** Versions of libevent. */
704 typedef enum {
705 /* Note: we compare these, so it's important that "old" precede everything,
706 * and that "other" come last. */
707 LE_OLD=0, LE_10C, LE_10D, LE_10E, LE_11, LE_11A, LE_11B, LE_12, LE_12A,
708 LE_13, LE_13A, LE_13B, LE_13C, LE_13D, LE_13E,
709 LE_140, LE_141, LE_142, LE_143, LE_144, LE_145, LE_146, LE_147, LE_148,
710 LE_1499,
711 LE_OTHER
712 } le_version_t;
713 static le_version_t decode_libevent_version(const char *v, int *bincompat_out);
714 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
715 static void check_libevent_version(const char *m, int server);
716 #endif
717
718 /** Magic value for or_options_t. */
719 #define OR_OPTIONS_MAGIC 9090909
720
721 /** Configuration format for or_options_t. */
722 static config_format_t options_format = {
723 sizeof(or_options_t),
724 OR_OPTIONS_MAGIC,
725 STRUCT_OFFSET(or_options_t, _magic),
726 _option_abbrevs,
727 _option_vars,
728 (validate_fn_t)options_validate,
729 options_description,
730 NULL
731 };
732
733 /** Magic value for or_state_t. */
734 #define OR_STATE_MAGIC 0x57A73f57
735
736 /** "Extra" variable in the state that receives lines we can't parse. This
737 * lets us preserve options from versions of Tor newer than us. */
738 static config_var_t state_extra_var = {
739 "__extra", CONFIG_TYPE_LINELIST, STRUCT_OFFSET(or_state_t, ExtraLines), NULL
740 };
741
742 /** Configuration format for or_state_t. */
743 static config_format_t state_format = {
744 sizeof(or_state_t),
745 OR_STATE_MAGIC,
746 STRUCT_OFFSET(or_state_t, _magic),
747 _state_abbrevs,
748 _state_vars,
749 (validate_fn_t)or_state_validate,
750 state_description,
751 &state_extra_var,
752 };
753
754 /*
755 * Functions to read and write the global options pointer.
756 */
757
758 /** Command-line and config-file options. */
759 static or_options_t *global_options = NULL;
760 /** Name of most recently read torrc file. */
761 static char *torrc_fname = NULL;
762 /** Persistent serialized state. */
763 static or_state_t *global_state = NULL;
764 /** Configuration Options set by command line. */
765 static config_line_t *global_cmdline_options = NULL;
766 /** Contents of most recently read DirPortFrontPage file. */
767 static char *global_dirfrontpagecontents = NULL;
768
769 /** Return the contents of our frontpage string, or NULL if not configured. */
770 const char *
771 get_dirportfrontpage(void)
772 {
773 return global_dirfrontpagecontents;
774 }
775
776 /** Allocate an empty configuration object of a given format type. */
777 static void *
778 config_alloc(config_format_t *fmt)
779 {
780 void *opts = tor_malloc_zero(fmt->size);
781 *(uint32_t*)STRUCT_VAR_P(opts, fmt->magic_offset) = fmt->magic;
782 CHECK(fmt, opts);
783 return opts;
784 }
785
786 /** Return the currently configured options. */
787 or_options_t *
788 get_options(void)
789 {
790 tor_assert(global_options);
791 return global_options;
792 }
793
794 /** Change the current global options to contain <b>new_val</b> instead of
795 * their current value; take action based on the new value; free the old value
796 * as necessary. Returns 0 on success, -1 on failure.
797 */
798 int
799 set_options(or_options_t *new_val, char **msg)
800 {
801 or_options_t *old_options = global_options;
802 global_options = new_val;
803 /* Note that we pass the *old* options below, for comparison. It
804 * pulls the new options directly out of global_options. */
805 if (options_act_reversible(old_options, msg)<0) {
806 tor_assert(*msg);
807 global_options = old_options;
808 return -1;
809 }
810 if (options_act(old_options) < 0) { /* acting on the options failed. die. */
811 log_err(LD_BUG,
812 "Acting on config options left us in a broken state. Dying.");
813 exit(1);
814 }
815 if (old_options)
816 config_free(&options_format, old_options);
817
818 return 0;
819 }
820
821 extern const char tor_svn_revision[]; /* from tor_main.c */
822
823 /** The version of this Tor process, as parsed. */
824 static char *_version = NULL;
825
826 /** Return the current Tor version. */
827 const char *
828 get_version(void)
829 {
830 if (_version == NULL) {
831 if (strlen(tor_svn_revision)) {
832 size_t len = strlen(VERSION)+strlen(tor_svn_revision)+8;
833 _version = tor_malloc(len);
834 tor_snprintf(_version, len, "%s (r%s)", VERSION, tor_svn_revision);
835 } else {
836 _version = tor_strdup(VERSION);
837 }
838 }
839 return _version;
840 }
841
842 /** Release additional memory allocated in options
843 */
844 static void
845 or_options_free(or_options_t *options)
846 {
847 if (options->_ExcludeExitNodesUnion)
848 routerset_free(options->_ExcludeExitNodesUnion);
849 config_free(&options_format, options);
850 }
851
852 /** Release all memory and resources held by global configuration structures.
853 */
854 void
855 config_free_all(void)
856 {
857 if (global_options) {
858 or_options_free(global_options);
859 global_options = NULL;
860 }
861 if (global_state) {
862 config_free(&state_format, global_state);
863 global_state = NULL;
864 }
865 if (global_cmdline_options) {
866 config_free_lines(global_cmdline_options);
867 global_cmdline_options = NULL;
868 }
869 tor_free(torrc_fname);
870 tor_free(_version);
871 tor_free(global_dirfrontpagecontents);
872 }
873
874 /** If options->SafeLogging is on, return a not very useful string,
875 * else return address.
876 */
877 const char *
878 safe_str(const char *address)
879 {
880 tor_assert(address);
881 if (get_options()->SafeLogging)
882 return "[scrubbed]";
883 else
884 return address;
885 }
886
887 /** Equivalent to escaped(safe_str(address)). See reentrancy note on
888 * escaped(): don't use this outside the main thread, or twice in the same
889 * log statement. */
890 const char *
891 escaped_safe_str(const char *address)
892 {
893 if (get_options()->SafeLogging)
894 return "[scrubbed]";
895 else
896 return escaped(address);
897 }
898
899 /** Add the default directory authorities directly into the trusted dir list,
900 * but only add them insofar as they share bits with <b>type</b>. */
901 static void
902 add_default_trusted_dir_authorities(authority_type_t type)
903 {
904 int i;
905 const char *dirservers[] = {
906 "moria1 orport=9101 no-v2 "
907 "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
908 "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
909 "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
910 "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
911 "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
912 "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
913 "Tonga orport=443 bridge no-v2 82.94.251.203:80 "
914 "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
915 "ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
916 "216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
917 "gabelmoo orport=8080 no-v2 "
918 "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
919 "80.190.246.100:8180 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
920 "dannenberg orport=443 no-v2 "
921 "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
922 "193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
923 "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
924 "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
925 "maatuska orport=80 no-v2 "
926 "v3ident=49015F787433103580E3B66A1707A00E60F2D15B "
927 "213.115.239.118:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
928 NULL
929 };
930 for (i=0; dirservers[i]; i++) {
931 if (parse_dir_server_line(dirservers[i], type, 0)<0) {
932 log_err(LD_BUG, "Couldn't parse internal dirserver line %s",
933 dirservers[i]);
934 }
935 }
936 }
937
938 /** Look at all the config options for using alternate directory
939 * authorities, and make sure none of them are broken. Also, warn the
940 * user if we changed any dangerous ones.
941 */
942 static int
943 validate_dir_authorities(or_options_t *options, or_options_t *old_options)
944 {
945 config_line_t *cl;
946
947 if (options->DirServers &&
948 (options->AlternateDirAuthority || options->AlternateBridgeAuthority ||
949 options->AlternateHSAuthority)) {
950 log_warn(LD_CONFIG,
951 "You cannot set both DirServers and Alternate*Authority.");
952 return -1;
953 }
954
955 /* do we want to complain to the user about being partitionable? */
956 if ((options->DirServers &&
957 (!old_options ||
958 !config_lines_eq(options->DirServers, old_options->DirServers))) ||
959 (options->AlternateDirAuthority &&
960 (!old_options ||
961 !config_lines_eq(options->AlternateDirAuthority,
962 old_options->AlternateDirAuthority)))) {
963 log_warn(LD_CONFIG,
964 "You have used DirServer or AlternateDirAuthority to "
965 "specify alternate directory authorities in "
966 "your configuration. This is potentially dangerous: it can "
967 "make you look different from all other Tor users, and hurt "
968 "your anonymity. Even if you've specified the same "
969 "authorities as Tor uses by default, the defaults could "
970 "change in the future. Be sure you know what you're doing.");
971 }
972
973 /* Now go through the four ways you can configure an alternate
974 * set of directory authorities, and make sure none are broken. */
975 for (cl = options->DirServers; cl; cl = cl->next)
976 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
977 return -1;
978 for (cl = options->AlternateBridgeAuthority; cl; cl = cl->next)
979 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
980 return -1;
981 for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
982 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
983 return -1;
984 for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
985 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
986 return -1;
987 return 0;
988 }
989
990 /** Look at all the config options and assign new dir authorities
991 * as appropriate.
992 */
993 static int
994 consider_adding_dir_authorities(or_options_t *options,
995 or_options_t *old_options)
996 {
997 config_line_t *cl;
998 int need_to_update =
999 !smartlist_len(router_get_trusted_dir_servers()) || !old_options ||
1000 !config_lines_eq(options->DirServers, old_options->DirServers) ||
1001 !config_lines_eq(options->AlternateBridgeAuthority,
1002 old_options->AlternateBridgeAuthority) ||
1003 !config_lines_eq(options->AlternateDirAuthority,
1004 old_options->AlternateDirAuthority) ||
1005 !config_lines_eq(options->AlternateHSAuthority,
1006 old_options->AlternateHSAuthority);
1007
1008 if (!need_to_update)
1009 return 0; /* all done */
1010
1011 /* Start from a clean slate. */
1012 clear_trusted_dir_servers();
1013
1014 if (!options->DirServers) {
1015 /* then we may want some of the defaults */
1016 authority_type_t type = NO_AUTHORITY;
1017 if (!options->AlternateBridgeAuthority)
1018 type |= BRIDGE_AUTHORITY;
1019 if (!options->AlternateDirAuthority)
1020 type |= V1_AUTHORITY | V2_AUTHORITY | V3_AUTHORITY;
1021 if (!options->AlternateHSAuthority)
1022 type |= HIDSERV_AUTHORITY;
1023 add_default_trusted_dir_authorities(type);
1024 }
1025
1026 for (cl = options->DirServers; cl; cl = cl->next)
1027 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
1028 return -1;
1029 for (cl = options->AlternateBridgeAuthority; cl; cl = cl->next)
1030 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
1031 return -1;
1032 for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
1033 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
1034 return -1;
1035 for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
1036 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
1037 return -1;
1038 return 0;
1039 }
1040
1041 /** Fetch the active option list, and take actions based on it. All of the
1042 * things we do should survive being done repeatedly. If present,
1043 * <b>old_options</b> contains the previous value of the options.
1044 *
1045 * Return 0 if all goes well, return -1 if things went badly.
1046 */
1047 static int
1048 options_act_reversible(or_options_t *old_options, char **msg)
1049 {
1050 smartlist_t *new_listeners = smartlist_create();
1051 smartlist_t *replaced_listeners = smartlist_create();
1052 static int libevent_initialized = 0;
1053 or_options_t *options = get_options();
1054 int running_tor = options->command == CMD_RUN_TOR;
1055 int set_conn_limit = 0;
1056 int r = -1;
1057 int logs_marked = 0;
1058
1059 /* Daemonize _first_, since we only want to open most of this stuff in
1060 * the subprocess. Libevent bases can't be reliably inherited across
1061 * processes. */
1062 if (running_tor && options->RunAsDaemon) {
1063 /* No need to roll back, since you can't change the value. */
1064 start_daemon();
1065 }
1066
1067 #ifndef HAVE_SYS_UN_H
1068 if (options->ControlSocket) {
1069 *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported"
1070 " on this OS/with this build.");
1071 goto rollback;
1072 }
1073 #endif
1074
1075 if (running_tor) {
1076 /* We need to set the connection limit before we can open the listeners. */
1077 if (set_max_file_descriptors((unsigned)options->ConnLimit,
1078 &options->_ConnLimit) < 0) {
1079 *msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
1080 goto rollback;
1081 }
1082 set_conn_limit = 1;
1083
1084 /* Set up libevent. (We need to do this before we can register the
1085 * listeners as listeners.) */
1086 if (running_tor && !libevent_initialized) {
1087 init_libevent();
1088 libevent_initialized = 1;
1089 }
1090
1091 /* Launch the listeners. (We do this before we setuid, so we can bind to
1092 * ports under 1024.) */
1093 if (retry_all_listeners(replaced_listeners, new_listeners) < 0) {
1094 *msg = tor_strdup("Failed to bind one of the listener ports.");
1095 goto rollback;
1096 }
1097 }
1098
1099 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
1100 /* Open /dev/pf before dropping privileges. */
1101 if (options->TransPort) {
1102 if (get_pf_socket() < 0) {
1103 *msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
1104 goto rollback;
1105 }
1106 }
1107 #endif
1108
1109 /* Setuid/setgid as appropriate */
1110 if (options->User) {
1111 if (switch_id(options->User) != 0) {
1112 /* No need to roll back, since you can't change the value. */
1113 *msg = tor_strdup("Problem with User value. See logs for details.");
1114 goto done;
1115 }
1116 }
1117
1118 /* Ensure data directory is private; create if possible. */
1119 if (check_private_dir(options->DataDirectory,
1120 running_tor ? CPD_CREATE : CPD_CHECK)<0) {
1121 char buf[1024];
1122 int tmp = tor_snprintf(buf, sizeof(buf),
1123 "Couldn't access/create private data directory \"%s\"",
1124 options->DataDirectory);
1125 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
1126 goto done;
1127 /* No need to roll back, since you can't change the value. */
1128 }
1129
1130 if (directory_caches_v2_dir_info(options)) {
1131 size_t len = strlen(options->DataDirectory)+32;
1132 char *fn = tor_malloc(len);
1133 tor_snprintf(fn, len, "%s"PATH_SEPARATOR"cached-status",
1134 options->DataDirectory);
1135 if (check_private_dir(fn, running_tor ? CPD_CREATE : CPD_CHECK) < 0) {
1136 char buf[1024];
1137 int tmp = tor_snprintf(buf, sizeof(buf),
1138 "Couldn't access/create private data directory \"%s\"", fn);
1139 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
1140 tor_free(fn);
1141 goto done;
1142 }
1143 tor_free(fn);
1144 }
1145
1146 /* Bail out at this point if we're not going to be a client or server:
1147 * we don't run Tor itself. */
1148 if (!running_tor)
1149 goto commit;
1150
1151 mark_logs_temp(); /* Close current logs once new logs are open. */
1152 logs_marked = 1;
1153 if (options_init_logs(options, 0)<0) { /* Configure the log(s) */
1154 *msg = tor_strdup("Failed to init Log options. See logs for details.");
1155 goto rollback;
1156 }
1157
1158 commit:
1159 r = 0;
1160 if (logs_marked) {
1161 log_severity_list_t *severity =
1162 tor_malloc_zero(sizeof(log_severity_list_t));
1163 close_temp_logs();
1164 add_callback_log(severity, control_event_logmsg);
1165 control_adjust_event_log_severity();
1166 tor_free(severity);
1167 }
1168 SMARTLIST_FOREACH(replaced_listeners, connection_t *, conn,
1169 {
1170 log_notice(LD_NET, "Closing old %s on %s:%d",
1171 conn_type_to_string(conn->type), conn->address, conn->port);
1172 connection_close_immediate(conn);
1173 connection_mark_for_close(conn);
1174 });
1175 goto done;
1176
1177 rollback:
1178 r = -1;
1179 tor_assert(*msg);
1180
1181 if (logs_marked) {
1182 rollback_log_changes();
1183 control_adjust_event_log_severity();
1184 }
1185
1186 if (set_conn_limit && old_options)
1187 set_max_file_descriptors((unsigned)old_options->ConnLimit,
1188 &options->_ConnLimit);
1189
1190 SMARTLIST_FOREACH(new_listeners, connection_t *, conn,
1191 {
1192 log_notice(LD_NET, "Closing partially-constructed listener %s on %s:%d",
1193 conn_type_to_string(conn->type), conn->address, conn->port);
1194 connection_close_immediate(conn);
1195 connection_mark_for_close(conn);
1196 });
1197
1198 done:
1199 smartlist_free(new_listeners);
1200 smartlist_free(replaced_listeners);
1201 return r;
1202 }
1203
1204 /** If we need to have a GEOIP ip-to-country map to run with our configured
1205 * options, return 1 and set *<b>reason_out</b> to a description of why. */
1206 int
1207 options_need_geoip_info(or_options_t *options, const char **reason_out)
1208 {
1209 int bridge_usage =
1210 options->BridgeRelay && options->BridgeRecordUsageByCountry;
1211 int routerset_usage =
1212 routerset_needs_geoip(options->EntryNodes) ||
1213 routerset_needs_geoip(options->ExitNodes) ||
1214 routerset_needs_geoip(options->ExcludeExitNodes) ||
1215 routerset_needs_geoip(options->ExcludeNodes);
1216
1217 if (routerset_usage && reason_out) {
1218 *reason_out = "We've been configured to use (or avoid) nodes in certain "
1219 "countries, and we need GEOIP information to figure out which ones they "
1220 "are.";
1221 } else if (bridge_usage && reason_out) {
1222 *reason_out = "We've been configured to see which countries can access "
1223 "us as a bridge, and we need GEOIP information to tell which countries "
1224 "clients are in.";
1225 }
1226 return bridge_usage || routerset_usage;
1227 }
1228
1229 /** Return the bandwidthrate that we are going to report to the authorities
1230 * based on the config options. */
1231 uint32_t
1232 get_effective_bwrate(or_options_t *options)
1233 {
1234 uint64_t bw = options->BandwidthRate;
1235 if (bw > options->MaxAdvertisedBandwidth)
1236 bw = options->MaxAdvertisedBandwidth;
1237 if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate)
1238 bw = options->RelayBandwidthRate;
1239
1240 /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
1241 return (uint32_t)bw;
1242 }
1243
1244 /** Return the bandwidthburst that we are going to report to the authorities
1245 * based on the config options. */
1246 uint32_t
1247 get_effective_bwburst(or_options_t *options)
1248 {
1249 uint64_t bw = options->BandwidthBurst;
1250 if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst)
1251 bw = options->RelayBandwidthBurst;
1252 /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
1253 return (uint32_t)bw;
1254 }
1255
1256 /** Fetch the active option list, and take actions based on it. All of the
1257 * things we do should survive being done repeatedly. If present,
1258 * <b>old_options</b> contains the previous value of the options.
1259 *
1260 * Return 0 if all goes well, return -1 if it's time to die.
1261 *
1262 * Note: We haven't moved all the "act on new configuration" logic
1263 * here yet. Some is still in do_hup() and other places.
1264 */
1265 static int
1266 options_act(or_options_t *old_options)
1267 {
1268 config_line_t *cl;
1269 or_options_t *options = get_options();
1270 int running_tor = options->command == CMD_RUN_TOR;
1271 char *msg;
1272
1273 if (running_tor && !have_lockfile()) {
1274 if (try_locking(options, 1) < 0)
1275 return -1;
1276 }
1277
1278 if (consider_adding_dir_authorities(options, old_options) < 0)
1279 return -1;
1280
1281 if (options->Bridges) {
1282 clear_bridge_list();
1283 for (cl = options->Bridges; cl; cl = cl->next) {
1284 if (parse_bridge_line(cl->value, 0)<0) {
1285 log_warn(LD_BUG,
1286 "Previously validated Bridge line could not be added!");
1287 return -1;
1288 }
1289 }
1290 }
1291
1292 if (running_tor && rend_config_services(options, 0)<0) {
1293 log_warn(LD_BUG,
1294 "Previously validated hidden services line could not be added!");
1295 return -1;
1296 }
1297
1298 if (running_tor && rend_parse_service_authorization(options, 0) < 0) {
1299 log_warn(LD_BUG, "Previously validated client authorization for "
1300 "hidden services could not be added!");
1301 return -1;
1302 }
1303
1304 /* Load state */
1305 if (! global_state && running_tor) {
1306 if (or_state_load())
1307 return -1;
1308 rep_hist_load_mtbf_data(time(NULL));
1309 }
1310
1311 /* Bail out at this point if we're not going to be a client or server:
1312 * we want to not fork, and to log stuff to stderr. */
1313 if (!running_tor)
1314 return 0;
1315
1316 /* Finish backgrounding the process */
1317 if (running_tor && options->RunAsDaemon) {
1318 /* We may be calling this for the n'th time (on SIGHUP), but it's safe. */
1319 finish_daemon(options->DataDirectory);
1320 }
1321
1322 /* Write our PID to the PID file. If we do not have write permissions we
1323 * will log a warning */
1324 if (running_tor && options->PidFile)
1325 write_pidfile(options->PidFile);
1326
1327 /* Register addressmap directives */
1328 config_register_addressmaps(options);
1329 parse_virtual_addr_network(options->VirtualAddrNetwork, 0, &msg);
1330
1331 /* Update address policies. */
1332 if (policies_parse_from_options(options) < 0) {
1333 /* This should be impossible, but let's be sure. */
1334 log_warn(LD_BUG,"Error parsing already-validated policy options.");
1335 return -1;
1336 }
1337
1338 if (init_cookie_authentication(options->CookieAuthentication) < 0) {
1339 log_warn(LD_CONFIG,"Error creating cookie authentication file.");
1340 return -1;
1341 }
1342
1343 /* reload keys as needed for rendezvous services. */
1344 if (rend_service_load_keys()<0) {
1345 log_warn(LD_GENERAL,"Error loading rendezvous service keys");
1346 return -1;
1347 }
1348
1349 /* Set up accounting */
1350 if (accounting_parse_options(options, 0)<0) {
1351 log_warn(LD_CONFIG,"Error in accounting options");
1352 return -1;
1353 }
1354 if (accounting_is_enabled(options))
1355 configure_accounting(time(NULL));
1356
1357 /* Check for transitions that need action. */
1358 if (old_options) {
1359 if (options->UseEntryGuards && !old_options->UseEntryGuards) {
1360 log_info(LD_CIRC,
1361 "Switching to entry guards; abandoning previous circuits");
1362 circuit_mark_all_unused_circs();
1363 circuit_expire_all_dirty_circs();
1364 }
1365
1366 if (! bool_eq(options->BridgeRelay, old_options->BridgeRelay)) {
1367 log_info(LD_GENERAL, "Bridge status changed. Forgetting GeoIP stats.");
1368 geoip_remove_old_clients(time(NULL)+(2*60*60));
1369 }
1370
1371 if (options_transition_affects_workers(old_options, options)) {
1372 log_info(LD_GENERAL,
1373 "Worker-related options changed. Rotating workers.");
1374 if (server_mode(options) && !server_mode(old_options)) {
1375 if (init_keys() < 0) {
1376 log_warn(LD_BUG,"Error initializing keys; exiting");
1377 return -1;
1378 }
1379 ip_address_changed(0);
1380 if (has_completed_circuit || !any_predicted_circuits(time(NULL)))
1381 inform_testing_reachability();
1382 }
1383 cpuworkers_rotate();
1384 if (dns_reset())
1385 return -1;
1386 } else {
1387 if (dns_reset())
1388 return -1;
1389 }
1390
1391 if (options->V3AuthoritativeDir && !old_options->V3AuthoritativeDir)
1392 init_keys();
1393 }
1394
1395 /* Maybe load geoip file */
1396 if (options->GeoIPFile &&
1397 ((!old_options || !opt_streq(old_options->GeoIPFile, options->GeoIPFile))
1398 || !geoip_is_loaded())) {
1399 /* XXXX Don't use this "<default>" junk; make our filename options
1400 * understand prefixes somehow. -NM */
1401 /* XXXX021 Reload GeoIPFile on SIGHUP. -NM */
1402 char *actual_fname = tor_strdup(options->GeoIPFile);
1403 #ifdef WIN32
1404 if (!strcmp(actual_fname, "<default>")) {
1405 const char *conf_root = get_windows_conf_root();
1406 size_t len = strlen(conf_root)+16;
1407 tor_free(actual_fname);
1408 actual_fname = tor_malloc(len+1);
1409 tor_snprintf(actual_fname, len, "%s\\geoip", conf_root);
1410 }
1411 #endif
1412 geoip_load_file(actual_fname, options);
1413 tor_free(actual_fname);
1414 }
1415 #ifdef ENABLE_GEOIP_STATS
1416 log_warn(LD_CONFIG, "We are configured to measure GeoIP statistics, but "
1417 "the way these statistics are measured has changed "
1418 "significantly in later versions of Tor. The results may not be "
1419 "as expected if you are used to later versions. Be sure you "
1420 "know what you are doing.");
1421 #endif
1422 /* Check if we need to parse and add the EntryNodes config option. */
1423 if (options->EntryNodes &&
1424 (!old_options ||
1425 (!routerset_equal(old_options->EntryNodes,options->EntryNodes))))
1426 entry_nodes_should_be_added();
1427
1428 /* Since our options changed, we might need to regenerate and upload our
1429 * server descriptor.
1430 */
1431 if (!old_options ||
1432 options_transition_affects_descriptor(old_options, options))
1433 mark_my_descriptor_dirty();
1434
1435 /* We may need to reschedule some directory stuff if our status changed. */
1436 if (old_options) {
1437 if (authdir_mode_v3(options) && !authdir_mode_v3(old_options))
1438 dirvote_recalculate_timing(options, time(NULL));
1439 if (!bool_eq(directory_fetches_dir_info_early(options),
1440 directory_fetches_dir_info_early(old_options)) ||
1441 !bool_eq(directory_fetches_dir_info_later(options),
1442 directory_fetches_dir_info_later(old_options))) {
1443 /* Make sure update_router_have_min_dir_info gets called. */
1444 router_dir_info_changed();
1445 /* We might need to download a new consensus status later or sooner than
1446 * we had expected. */
1447 update_consensus_networkstatus_fetch_time(time(NULL));
1448 }
1449 }
1450
1451 /* Load the webpage we're going to serve every time someone asks for '/' on
1452 our DirPort. */
1453 tor_free(global_dirfrontpagecontents);
1454 if (options->DirPortFrontPage) {
1455 global_dirfrontpagecontents =
1456 read_file_to_str(options->DirPortFrontPage, 0, NULL);
1457 if (!global_dirfrontpagecontents) {
1458 log_warn(LD_CONFIG,
1459 "DirPortFrontPage file '%s' not found. Continuing anyway.",
1460 options->DirPortFrontPage);
1461 }
1462 }
1463
1464 return 0;
1465 }
1466
1467 /*
1468 * Functions to parse config options
1469 */
1470
1471 /** If <b>option</b> is an official abbreviation for a longer option,
1472 * return the longer option. Otherwise return <b>option</b>.
1473 * If <b>command_line</b> is set, apply all abbreviations. Otherwise, only
1474 * apply abbreviations that work for the config file and the command line.
1475 * If <b>warn_obsolete</b> is set, warn about deprecated names. */
1476 static const char *
1477 expand_abbrev(config_format_t *fmt, const char *option, int command_line,
1478 int warn_obsolete)
1479 {
1480 int i;
1481 if (! fmt->abbrevs)
1482 return option;
1483 for (i=0; fmt->abbrevs[i].abbreviated; ++i) {
1484 /* Abbreviations are case insensitive. */
1485 if (!strcasecmp(option,fmt->abbrevs[i].abbreviated) &&
1486 (command_line || !fmt->abbrevs[i].commandline_only)) {
1487 if (warn_obsolete && fmt->abbrevs[i].warn) {
1488 log_warn(LD_CONFIG,
1489 "The configuration option '%s' is deprecated; "
1490 "use '%s' instead.",
1491 fmt->abbrevs[i].abbreviated,
1492 fmt->abbrevs[i].full);
1493 }
1494 return fmt->abbrevs[i].full;
1495 }
1496 }
1497 return option;
1498 }
1499
1500 /** Helper: Read a list of configuration options from the command line.
1501 * If successful, put them in *<b>result</b> and return 0, and return
1502 * -1 and leave *<b>result</b> alone. */
1503 static int
1504 config_get_commandlines(int argc, char **argv, config_line_t **result)
1505 {
1506 config_line_t *front = NULL;
1507 config_line_t **new = &front;
1508 char *s;
1509 int i = 1;
1510
1511 while (i < argc) {
1512 if (!strcmp(argv[i],"-f") ||
1513 !strcmp(argv[i],"--hash-password")) {
1514 i += 2; /* command-line option with argument. ignore them. */
1515 continue;
1516 } else if (!strcmp(argv[i],"--list-fingerprint") ||
1517 !strcmp(argv[i],"--verify-config") ||
1518 !strcmp(argv[i],"--ignore-missing-torrc") ||
1519 !strcmp(argv[i],"--quiet") ||
1520 !strcmp(argv[i],"--hush")) {
1521 i += 1; /* command-line option. ignore it. */
1522 continue;
1523 } else if (!strcmp(argv[i],"--nt-service") ||
1524 !strcmp(argv[i],"-nt-service")) {
1525 i += 1;
1526 continue;
1527 }
1528
1529 if (i == argc-1) {
1530 log_warn(LD_CONFIG,"Command-line option '%s' with no value. Failing.",
1531 argv[i]);
1532 config_free_lines(front);
1533 return -1;
1534 }
1535
1536 *new = tor_malloc_zero(sizeof(config_line_t));
1537 s = argv[i];
1538
1539 while (*s == '-')
1540 s++;
1541
1542 (*new)->key = tor_strdup(expand_abbrev(&options_format, s, 1, 1));
1543 (*new)->value = tor_strdup(argv[i+1]);
1544 (*new)->next = NULL;
1545 log(LOG_DEBUG, LD_CONFIG, "command line: parsed keyword '%s', value '%s'",
1546 (*new)->key, (*new)->value);
1547
1548 new = &((*new)->next);
1549 i += 2;
1550 }
1551 *result = front;
1552 return 0;
1553 }
1554
1555 /** Helper: allocate a new configuration option mapping 'key' to 'val',
1556 * append it to *<b>lst</b>. */
1557 static void
1558 config_line_append(config_line_t **lst,
1559 const char *key,
1560 const char *val)
1561 {
1562 config_line_t *newline;
1563
1564 newline = tor_malloc(sizeof(config_line_t));
1565 newline->key = tor_strdup(key);
1566 newline->value = tor_strdup(val);
1567 newline->next = NULL;
1568 while (*lst)
1569 lst = &((*lst)->next);
1570
1571 (*lst) = newline;
1572 }
1573
1574 /** Helper: parse the config string and strdup into key/value
1575 * strings. Set *result to the list, or NULL if parsing the string
1576 * failed. Return 0 on success, -1 on failure. Warn and ignore any
1577 * misformatted lines. */
1578 int
1579 config_get_lines(const char *string, config_line_t **result)
1580 {
1581 config_line_t *list = NULL, **next;
1582 char *k, *v;
1583
1584 next = &list;
1585 do {
1586 k = v = NULL;
1587 string = parse_config_line_from_str(string, &k, &v);
1588 if (!string) {
1589 config_free_lines(list);
1590 tor_free(k);
1591 tor_free(v);
1592 return -1;
1593 }
1594 if (k && v) {
1595 /* This list can get long, so we keep a pointer to the end of it
1596 * rather than using config_line_append over and over and getting
1597 * n^2 performance. */
1598 *next = tor_malloc(sizeof(config_line_t));
1599 (*next)->key = k;
1600 (*next)->value = v;
1601 (*next)->next = NULL;
1602 next = &((*next)->next);
1603 } else {
1604 tor_free(k);
1605 tor_free(v);
1606 }
1607 } while (*string);
1608
1609 *result = list;
1610 return 0;
1611 }
1612
1613 /**
1614 * Free all the configuration lines on the linked list <b>front</b>.
1615 */
1616 void
1617 config_free_lines(config_line_t *front)
1618 {
1619 config_line_t *tmp;
1620
1621 while (front) {
1622 tmp = front;
1623 front = tmp->next;
1624
1625 tor_free(tmp->key);
1626 tor_free(tmp->value);
1627 tor_free(tmp);
1628 }
1629 }
1630
1631 /** Return the description for a given configuration variable, or NULL if no
1632 * description exists. */
1633 static const char *
1634 config_find_description(config_format_t *fmt, const char *name)
1635 {
1636 int i;
1637 for (i=0; fmt->descriptions[i].name; ++i) {
1638 if (!strcasecmp(name, fmt->descriptions[i].name))
1639 return fmt->descriptions[i].description;
1640 }
1641 return NULL;
1642 }
1643
1644 /** If <b>key</b> is a configuration option, return the corresponding
1645 * config_var_t. Otherwise, if <b>key</b> is a non-standard abbreviation,
1646 * warn, and return the corresponding config_var_t. Otherwise return NULL.
1647 */
1648 static config_var_t *
1649 config_find_option(config_format_t *fmt, const char *key)
1650 {
1651 int i;
1652 size_t keylen = strlen(key);
1653 if (!keylen)
1654 return NULL; /* if they say "--" on the command line, it's not an option */
1655 /* First, check for an exact (case-insensitive) match */
1656 for (i=0; fmt->vars[i].name; ++i) {
1657 if (!strcasecmp(key, fmt->vars[i].name)) {
1658 return &fmt->vars[i];
1659 }
1660 }
1661 /* If none, check for an abbreviated match */
1662 for (i=0; fmt->vars[i].name; ++i) {
1663 if (!strncasecmp(key, fmt->vars[i].name, keylen)) {
1664 log_warn(LD_CONFIG, "The abbreviation '%s' is deprecated. "
1665 "Please use '%s' instead",
1666 key, fmt->vars[i].name);
1667 return &fmt->vars[i];
1668 }
1669 }
1670 /* Okay, unrecognized option */
1671 return NULL;
1672 }
1673
1674 /*
1675 * Functions to assign config options.
1676 */
1677
1678 /** <b>c</b>-\>key is known to be a real key. Update <b>options</b>
1679 * with <b>c</b>-\>value and return 0, or return -1 if bad value.
1680 *
1681 * Called from config_assign_line() and option_reset().
1682 */
1683 static int
1684 config_assign_value(config_format_t *fmt, or_options_t *options,
1685 config_line_t *c, char **msg)
1686 {
1687 int i, r, ok;
1688 char buf[1024];
1689 config_var_t *var;
1690 void *lvalue;
1691
1692 CHECK(fmt, options);
1693
1694 var = config_find_option(fmt, c->key);
1695 tor_assert(var);
1696
1697 lvalue = STRUCT_VAR_P(options, var->var_offset);
1698
1699 switch (var->type) {
1700
1701 case CONFIG_TYPE_UINT:
1702 i = (int)tor_parse_long(c->value, 10, 0, INT_MAX, &ok, NULL);
1703 if (!ok) {
1704 r = tor_snprintf(buf, sizeof(buf),
1705 "Int keyword '%s %s' is malformed or out of bounds.",
1706 c->key, c->value);
1707 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1708 return -1;
1709 }
1710 *(int *)lvalue = i;
1711 break;
1712
1713 case CONFIG_TYPE_INTERVAL: {
1714 i = config_parse_interval(c->value, &ok);
1715 if (!ok) {
1716 r = tor_snprintf(buf, sizeof(buf),
1717 "Interval '%s %s' is malformed or out of bounds.",
1718 c->key, c->value);
1719 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1720 return -1;
1721 }
1722 *(int *)lvalue = i;
1723 break;
1724 }
1725
1726 case CONFIG_TYPE_MEMUNIT: {
1727 uint64_t u64 = config_parse_memunit(c->value, &ok);
1728 if (!ok) {
1729 r = tor_snprintf(buf, sizeof(buf),
1730 "Value '%s %s' is malformed or out of bounds.",
1731 c->key, c->value);
1732 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1733 return -1;
1734 }
1735 *(uint64_t *)lvalue = u64;
1736 break;
1737 }
1738
1739 case CONFIG_TYPE_BOOL:
1740 i = (int)tor_parse_long(c->value, 10, 0, 1, &ok, NULL);
1741 if (!ok) {
1742 r = tor_snprintf(buf, sizeof(buf),
1743 "Boolean '%s %s' expects 0 or 1.",
1744 c->key, c->value);
1745 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1746 return -1;
1747 }
1748 *(int *)lvalue = i;
1749 break;
1750
1751 case CONFIG_TYPE_STRING:
1752 case CONFIG_TYPE_FILENAME:
1753 tor_free(*(char **)lvalue);
1754 *(char **)lvalue = tor_strdup(c->value);
1755 break;
1756
1757 case CONFIG_TYPE_DOUBLE:
1758 *(double *)lvalue = atof(c->value);
1759 break;
1760
1761 case CONFIG_TYPE_ISOTIME:
1762 if (parse_iso_time(c->value, (time_t *)lvalue)) {
1763 r = tor_snprintf(buf, sizeof(buf),
1764 "Invalid time '%s' for keyword '%s'", c->value, c->key);
1765 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1766 return -1;
1767 }
1768 break;
1769
1770 case CONFIG_TYPE_ROUTERSET:
1771 if (*(routerset_t**)lvalue) {
1772 routerset_free(*(routerset_t**)lvalue);
1773 }
1774 *(routerset_t**)lvalue = routerset_new();
1775 if (routerset_parse(*(routerset_t**)lvalue, c->value, c->key)<0) {
1776 tor_snprintf(buf, sizeof(buf), "Invalid exit list '%s' for option '%s'",
1777 c->value, c->key);
1778 *msg = tor_strdup(buf);
1779 return -1;
1780 }
1781 break;
1782
1783 case CONFIG_TYPE_CSV:
1784 if (*(smartlist_t**)lvalue) {
1785 SMARTLIST_FOREACH(*(smartlist_t**)lvalue, char *, cp, tor_free(cp));
1786 smartlist_clear(*(smartlist_t**)lvalue);
1787 } else {
1788 *(smartlist_t**)lvalue = smartlist_create();
1789 }
1790
1791 smartlist_split_string(*(smartlist_t**)lvalue, c->value, ",",
1792 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1793 break;
1794
1795 case CONFIG_TYPE_LINELIST:
1796 case CONFIG_TYPE_LINELIST_S:
1797 config_line_append((config_line_t**)lvalue, c->key, c->value);
1798 break;
1799 case CONFIG_TYPE_OBSOLETE:
1800 log_warn(LD_CONFIG, "Skipping obsolete configuration option '%s'", c->key);
1801 break;
1802 case CONFIG_TYPE_LINELIST_V:
1803 r = tor_snprintf(buf, sizeof(buf),
1804 "You may not provide a value for virtual option '%s'", c->key);
1805 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1806 return -1;
1807 default:
1808 tor_assert(0);
1809 break;
1810 }
1811 return 0;
1812 }
1813
1814 /** If <b>c</b> is a syntactically valid configuration line, update
1815 * <b>options</b> with its value and return 0. Otherwise return -1 for bad
1816 * key, -2 for bad value.
1817 *
1818 * If <b>clear_first</b> is set, clear the value first. Then if
1819 * <b>use_defaults</b> is set, set the value to the default.
1820 *
1821 * Called from config_assign().
1822 */
1823 static int
1824 config_assign_line(config_format_t *fmt, or_options_t *options,
1825 config_line_t *c, int use_defaults,
1826 int clear_first, char **msg)
1827 {
1828 config_var_t *var;
1829
1830 CHECK(fmt, options);
1831
1832 var = config_find_option(fmt, c->key);
1833 if (!var) {
1834 if (fmt->extra) {
1835 void *lvalue = STRUCT_VAR_P(options, fmt->extra->var_offset);
1836 log_info(LD_CONFIG,
1837 "Found unrecognized option '%s'; saving it.", c->key);
1838 config_line_append((config_line_t**)lvalue, c->key, c->value);
1839 return 0;
1840 } else {
1841 char buf[1024];
1842 int tmp = tor_snprintf(buf, sizeof(buf),
1843 "Unknown option '%s'. Failing.", c->key);
1844 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
1845 return -1;
1846 }
1847 }
1848 /* Put keyword into canonical case. */
1849 if (strcmp(var->name, c->key)) {
1850 tor_free(c->key);
1851 c->key = tor_strdup(var->name);
1852 }
1853
1854 if (!strlen(c->value)) {
1855 /* reset or clear it, then return */
1856 if (!clear_first) {
1857 if (var->type == CONFIG_TYPE_LINELIST ||
1858 var->type == CONFIG_TYPE_LINELIST_S) {
1859 /* We got an empty linelist from the torrc or command line.
1860 As a special case, call this an error. Warn and ignore. */
1861 log_warn(LD_CONFIG,
1862 "Linelist option '%s' has no value. Skipping.", c->key);
1863 } else { /* not already cleared */
1864 option_reset(fmt, options, var, use_defaults);
1865 }
1866 }
1867 return 0;
1868 }
1869
1870 if (config_assign_value(fmt, options, c, msg) < 0)
1871 return -2;
1872 return 0;
1873 }
1874
1875 /** Restore the option named <b>key</b> in options to its default value.
1876 * Called from config_assign(). */
1877 static void
1878 config_reset_line(config_format_t *fmt, or_options_t *options,
1879 const char *key, int use_defaults)
1880 {
1881 config_var_t *var;
1882
1883 CHECK(fmt, options);
1884
1885 var = config_find_option(fmt, key);
1886 if (!var)
1887 return; /* give error on next pass. */
1888
1889 option_reset(fmt, options, var, use_defaults);
1890 }
1891
1892 /** Return true iff key is a valid configuration option. */
1893 int
1894 option_is_recognized(const char *key)
1895 {
1896 config_var_t *var = config_find_option(&options_format, key);
1897 return (var != NULL);
1898 }
1899
1900 /** Return the canonical name of a configuration option, or NULL
1901 * if no such option exists. */
1902 const char *
1903 option_get_canonical_name(const char *key)
1904 {
1905 config_var_t *var = config_find_option(&options_format, key);
1906 return var ? var->name : NULL;
1907 }
1908
1909 /** Return a canonical list of the options assigned for key.
1910 */
1911 config_line_t *
1912 option_get_assignment(or_options_t *options, const char *key)
1913 {
1914 return get_assigned_option(&options_format, options, key, 1);
1915 }
1916
1917 /** Return true iff value needs to be quoted and escaped to be used in
1918 * a configuration file. */
1919 static int
1920 config_value_needs_escape(const char *value)
1921 {
1922 if (*value == '\"')
1923 return 1;
1924 while (*value) {
1925 switch (*value)
1926 {
1927 case '\r':
1928 case '\n':
1929 case '#':
1930 /* Note: quotes and backspaces need special handling when we are using
1931 * quotes, not otherwise, so they don't trigger escaping on their
1932 * own. */
1933 return 1;
1934 default:
1935 if (!TOR_ISPRINT(*value))
1936 return 1;
1937 }
1938 ++value;
1939 }
1940 return 0;
1941 }
1942
1943 /** Return a newly allocated deep copy of the lines in <b>inp</b>. */
1944 static config_line_t *
1945 config_lines_dup(const config_line_t *inp)
1946 {
1947 config_line_t *result = NULL;
1948 config_line_t **next_out = &result;
1949 while (inp) {
1950 *next_out = tor_malloc(sizeof(config_line_t));
1951 (*next_out)->key = tor_strdup(inp->key);
1952 (*next_out)->value = tor_strdup(inp->value);
1953 inp = inp->next;
1954 next_out = &((*next_out)->next);
1955 }
1956 (*next_out) = NULL;
1957 return result;
1958 }
1959
1960 /** Return newly allocated line or lines corresponding to <b>key</b> in the
1961 * configuration <b>options</b>. If <b>escape_val</b> is true and a
1962 * value needs to be quoted before it's put in a config file, quote and
1963 * escape that value. Return NULL if no such key exists. */
1964 static config_line_t *
1965 get_assigned_option(config_format_t *fmt, void *options,
1966 const char *key, int escape_val)
1967 {
1968 config_var_t *var;
1969 const void *value;
1970 char buf[32];
1971 config_line_t *result;
1972 tor_assert(options && key);
1973
1974 CHECK(fmt, options);
1975
1976 var = config_find_option(fmt, key);
1977 if (!var) {
1978 log_warn(LD_CONFIG, "Unknown option '%s'. Failing.", key);
1979 return NULL;
1980 }
1981 value = STRUCT_VAR_P(options, var->var_offset);
1982
1983 result = tor_malloc_zero(sizeof(config_line_t));
1984 result->key = tor_strdup(var->name);
1985 switch (var->type)
1986 {
1987 case CONFIG_TYPE_STRING:
1988 case CONFIG_TYPE_FILENAME:
1989 if (*(char**)value) {
1990 result->value = tor_strdup(*(char**)value);
1991 } else {
1992 tor_free(result->key);
1993 tor_free(result);
1994 return NULL;
1995 }
1996 break;
1997 case CONFIG_TYPE_ISOTIME:
1998 if (*(time_t*)value) {
1999 result->value = tor_malloc(ISO_TIME_LEN+1);
2000 format_iso_time(result->value, *(time_t*)value);
2001 } else {
2002 tor_free(result->key);
2003 tor_free(result);
2004 }
2005 escape_val = 0; /* Can't need escape. */
2006 break;
2007 case CONFIG_TYPE_INTERVAL:
2008 case CONFIG_TYPE_UINT:
2009 /* This means every or_options_t uint or bool element
2010 * needs to be an int. Not, say, a uint16_t or char. */
2011 tor_snprintf(buf, sizeof(buf), "%d", *(int*)value);
2012 result->value = tor_strdup(buf);
2013 escape_val = 0; /* Can't need escape. */
2014 break;
2015 case CONFIG_TYPE_MEMUNIT:
2016 tor_snprintf(buf, sizeof(buf), U64_FORMAT,
2017 U64_PRINTF_ARG(*(uint64_t*)value));
2018 result->value = tor_strdup(buf);
2019 escape_val = 0; /* Can't need escape. */
2020 break;
2021 case CONFIG_TYPE_DOUBLE:
2022 tor_snprintf(buf, sizeof(buf), "%f", *(double*)value);
2023 result->value = tor_strdup(buf);
2024 escape_val = 0; /* Can't need escape. */
2025 break;
2026 case CONFIG_TYPE_BOOL:
2027 result->value = tor_strdup(*(int*)value ? "1" : "0");
2028 escape_val = 0; /* Can't need escape. */
2029 break;
2030 case CONFIG_TYPE_ROUTERSET:
2031 result->value = routerset_to_string(*(routerset_t**)value);
2032 break;
2033 case CONFIG_TYPE_CSV:
2034 if (*(smartlist_t**)value)
2035 result->value =
2036 smartlist_join_strings(*(smartlist_t**)value, ",", 0, NULL);
2037 else
2038 result->value = tor_strdup("");
2039 break;
2040 case CONFIG_TYPE_OBSOLETE:
2041 log_fn(LOG_PROTOCOL_WARN, LD_CONFIG,
2042 "You asked me for the value of an obsolete config option '%s'.",
2043 key);
2044 tor_free(result->key);
2045 tor_free(result);
2046 return NULL;
2047 case CONFIG_TYPE_LINELIST_S:
2048 log_warn(LD_CONFIG,
2049 "Can't return context-sensitive '%s' on its own", key);
2050 tor_free(result->key);
2051 tor_free(result);
2052 return NULL;
2053 case CONFIG_TYPE_LINELIST:
2054 case CONFIG_TYPE_LINELIST_V:
2055 tor_free(result->key);
2056 tor_free(result);
2057 result = config_lines_dup(*(const config_line_t**)value);
2058 break;
2059 default:
2060 tor_free(result->key);
2061 tor_free(result);
2062 log_warn(LD_BUG,"Unknown type %d for known key '%s'",
2063 var->type, key);
2064 return NULL;
2065 }
2066
2067 if (escape_val) {
2068 config_line_t *line;
2069 for (line = result; line; line = line->next) {
2070 if (line->value && config_value_needs_escape(line->value)) {
2071 char *newval = esc_for_log(line->value);
2072 tor_free(line->value);
2073 line->value = newval;
2074 }
2075 }
2076 }
2077
2078 return result;
2079 }
2080
2081 /** Iterate through the linked list of requested options <b>list</b>.
2082 * For each item, convert as appropriate and assign to <b>options</b>.
2083 * If an item is unrecognized, set *msg and return -1 immediately,
2084 * else return 0 for success.
2085 *
2086 * If <b>clear_first</b>, interpret config options as replacing (not
2087 * extending) their previous values. If <b>clear_first</b> is set,
2088 * then <b>use_defaults</b> to decide if you set to defaults after
2089 * clearing, or make the value 0 or NULL.
2090 *
2091 * Here are the use cases:
2092 * 1. A non-empty AllowInvalid line in your torrc. Appends to current
2093 * if linelist, replaces current if csv.
2094 * 2. An empty AllowInvalid line in your torrc. Should clear it.
2095 * 3. "RESETCONF AllowInvalid" sets it to default.
2096 * 4. "SETCONF AllowInvalid" makes it NULL.
2097 * 5. "SETCONF AllowInvalid=foo" clears it and sets it to "foo".
2098 *
2099 * Use_defaults Clear_first
2100 * 0 0 "append"
2101 * 1 0 undefined, don't use
2102 * 0 1 "set to null first"
2103 * 1 1 "set to defaults first"
2104 * Return 0 on success, -1 on bad key, -2 on bad value.
2105 *
2106 * As an additional special case, if a LINELIST config option has
2107 * no value and clear_first is 0, then warn and ignore it.
2108 */
2109
2110 /*
2111 There are three call cases for config_assign() currently.
2112
2113 Case one: Torrc entry
2114 options_init_from_torrc() calls config_assign(0, 0)
2115 calls config_assign_line(0, 0).
2116 if value is empty, calls option_reset(0) and returns.
2117 calls config_assign_value(), appends.
2118
2119 Case two: setconf
2120 options_trial_assign() calls config_assign(0, 1)
2121 calls config_reset_line(0)
2122 calls option_reset(0)
2123 calls option_clear().
2124 calls config_assign_line(0, 1).
2125 if value is empty, returns.
2126 calls config_assign_value(), appends.
2127
2128 Case three: resetconf
2129 options_trial_assign() calls config_assign(1, 1)
2130 calls config_reset_line(1)
2131 calls option_reset(1)
2132 calls option_clear().
2133 calls config_assign_value(default)
2134 calls config_assign_line(1, 1).
2135 returns.
2136 */
2137 static int
2138 config_assign(config_format_t *fmt, void *options, config_line_t *list,
2139 int use_defaults, int clear_first, char **msg)
2140 {
2141 config_line_t *p;
2142
2143 CHECK(fmt, options);
2144
2145 /* pass 1: normalize keys */
2146 for (p = list; p; p = p->next) {
2147 const char *full = expand_abbrev(fmt, p->key, 0, 1);
2148 if (strcmp(full,p->key)) {
2149 tor_free(p->key);
2150 p->key = tor_strdup(full);
2151 }
2152 }
2153
2154 /* pass 2: if we're reading from a resetting source, clear all
2155 * mentioned config options, and maybe set to their defaults. */
2156 if (clear_first) {
2157 for (p = list; p; p = p->next)
2158 config_reset_line(fmt, options, p->key, use_defaults);
2159 }
2160
2161 /* pass 3: assign. */
2162 while (list) {
2163 int r;
2164 if ((r=config_assign_line(fmt, options, list, use_defaults,
2165 clear_first, msg)))
2166 return r;
2167 list = list->next;
2168 }
2169 return 0;
2170 }
2171
2172 /** Try assigning <b>list</b> to the global options. You do this by duping
2173 * options, assigning list to the new one, then validating it. If it's
2174 * ok, then throw out the old one and stick with the new one. Else,
2175 * revert to old and return failure. Return SETOPT_OK on success, or
2176 * a setopt_err_t on failure.
2177 *
2178 * If not success, point *<b>msg</b> to a newly allocated string describing
2179 * what went wrong.
2180 */
2181 setopt_err_t
2182 options_trial_assign(config_line_t *list, int use_defaults,
2183 int clear_first, char **msg)
2184 {
2185 int r;
2186 or_options_t *trial_options = options_dup(&options_format, get_options());
2187
2188 if ((r=config_assign(&options_format, trial_options,
2189 list, use_defaults, clear_first, msg)) < 0) {
2190 config_free(&options_format, trial_options);
2191 return r;
2192 }
2193
2194 if (options_validate(get_options(), trial_options, 1, msg) < 0) {
2195 config_free(&options_format, trial_options);
2196 return SETOPT_ERR_PARSE; /*XXX make this a separate return value. */
2197 }
2198
2199 if (options_transition_allowed(get_options(), trial_options, msg) < 0) {
2200 config_free(&options_format, trial_options);
2201 return SETOPT_ERR_TRANSITION;
2202 }
2203
2204 if (set_options(trial_options, msg)<0) {
2205 config_free(&options_format, trial_options);
2206 return SETOPT_ERR_SETTING;
2207 }
2208
2209 /* we liked it. put it in place. */
2210 return SETOPT_OK;
2211 }
2212
2213 /** Reset config option <b>var</b> to 0, 0.0, NULL, or the equivalent.
2214 * Called from option_reset() and config_free(). */
2215 static void
2216 option_clear(config_format_t *fmt, or_options_t *options, config_var_t *var)
2217 {
2218 void *lvalue = STRUCT_VAR_P(options, var->var_offset);
2219 (void)fmt; /* unused */
2220 switch (var->type) {
2221 case CONFIG_TYPE_STRING:
2222 case CONFIG_TYPE_FILENAME:
2223 tor_free(*(char**)lvalue);
2224 break;
2225 case CONFIG_TYPE_DOUBLE:
2226 *(double*)lvalue = 0.0;
2227 break;
2228 case CONFIG_TYPE_ISOTIME:
2229 *(time_t*)lvalue = 0;
2230 break;
2231 case CONFIG_TYPE_INTERVAL:
2232 case CONFIG_TYPE_UINT:
2233 case CONFIG_TYPE_BOOL:
2234 *(int*)lvalue = 0;
2235 break;
2236 case CONFIG_TYPE_MEMUNIT:
2237 *(uint64_t*)lvalue = 0;
2238 break;
2239 case CONFIG_TYPE_ROUTERSET:
2240 if (*(routerset_t**)lvalue) {
2241 routerset_free(*(routerset_t**)lvalue);
2242 *(routerset_t**)lvalue = NULL;
2243 }
2244 break;
2245 case CONFIG_TYPE_CSV:
2246 if (*(smartlist_t**)lvalue) {
2247 SMARTLIST_FOREACH(*(smartlist_t **)lvalue, char *, cp, tor_free(cp));
2248 smartlist_free(*(smartlist_t **)lvalue);
2249 *(smartlist_t **)lvalue = NULL;
2250 }
2251 break;
2252 case CONFIG_TYPE_LINELIST:
2253 case CONFIG_TYPE_LINELIST_S:
2254 config_free_lines(*(config_line_t **)lvalue);
2255 *(config_line_t **)lvalue = NULL;
2256 break;
2257 case CONFIG_TYPE_LINELIST_V:
2258 /* handled by linelist_s. */
2259 break;
2260 case CONFIG_TYPE_OBSOLETE:
2261 break;
2262 }
2263 }
2264
2265 /** Clear the option indexed by <b>var</b> in <b>options</b>. Then if
2266 * <b>use_defaults</b>, set it to its default value.
2267 * Called by config_init() and option_reset_line() and option_assign_line(). */
2268 static void
2269 option_reset(config_format_t *fmt, or_options_t *options,
2270 config_var_t *var, int use_defaults)
2271 {
2272 config_line_t *c;
2273 char *msg = NULL;
2274 CHECK(fmt, options);
2275 option_clear(fmt, options, var); /* clear it first */
2276 if (!use_defaults)
2277 return; /* all done */
2278 if (var->initvalue) {
2279 c = tor_malloc_zero(sizeof(config_line_t));
2280 c->key = tor_strdup(var->name);
2281 c->value = tor_strdup(var->initvalue);
2282 if (config_assign_value(fmt, options, c, &msg) < 0) {
2283 log_warn(LD_BUG, "Failed to assign default: %s", msg);
2284 tor_free(msg); /* if this happens it's a bug */
2285 }
2286 config_free_lines(c);
2287 }
2288 }
2289
2290 /** Print a usage message for tor. */
2291 static void
2292 print_usage(void)
2293 {
2294 printf(
2295 "Copyright (c) 2001-2004, Roger Dingledine\n"
2296 "Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n"
2297 "Copyright (c) 2007-2010, The Tor Project, Inc.\n\n"
2298 "tor -f <torrc> [args]\n"
2299 "See man page for options, or https://www.torproject.org/ for "
2300 "documentation.\n");
2301 }
2302
2303 /** Print all non-obsolete torrc options. */
2304 static void
2305 list_torrc_options(void)
2306 {
2307 int i;
2308 smartlist_t *lines = smartlist_create();
2309 for (i = 0; _option_vars[i].name; ++i) {
2310 config_var_t *var = &_option_vars[i];
2311 const char *desc;
2312 if (var->type == CONFIG_TYPE_OBSOLETE ||
2313 var->type == CONFIG_TYPE_LINELIST_V)
2314 continue;
2315 desc = config_find_description(&options_format, var->name);
2316 printf("%s\n", var->name);
2317 if (desc) {
2318 wrap_string(lines, desc, 76, " ", " ");
2319 SMARTLIST_FOREACH(lines, char *, cp, {
2320 printf("%s", cp);
2321 tor_free(cp);
2322 });
2323 smartlist_clear(lines);
2324 }
2325 }
2326 smartlist_free(lines);
2327 }
2328
2329 /** Last value actually set by resolve_my_address. */
2330 static uint32_t last_resolved_addr = 0;
2331 /**
2332 * Based on <b>options-\>Address</b>, guess our public IP address and put it
2333 * (in host order) into *<b>addr_out</b>. If <b>hostname_out</b> is provided,
2334 * set *<b>hostname_out</b> to a new string holding the hostname we used to
2335 * get the address. Return 0 if all is well, or -1 if we can't find a suitable
2336 * public IP address.
2337 */
2338 int
2339 resolve_my_address(int warn_severity, or_options_t *options,
2340 uint32_t *addr_out, char **hostname_out)
2341 {
2342 struct in_addr in;
2343 uint32_t addr;
2344 char hostname[256];
2345 int explicit_ip=1;
2346 int explicit_hostname=1;
2347 int from_interface=0;
2348 char tmpbuf[INET_NTOA_BUF_LEN];
2349 const char *address = options->Address;
2350 int notice_severity = warn_severity <= LOG_NOTICE ?
2351 LOG_NOTICE : warn_severity;
2352
2353 tor_assert(addr_out);
2354
2355 if (address && *address) {
2356 strlcpy(hostname, address, sizeof(hostname));
2357 } else { /* then we need to guess our address */
2358 explicit_ip = 0; /* it's implicit */
2359 explicit_hostname = 0; /* it's implicit */
2360
2361 if (gethostname(hostname, sizeof(hostname)) < 0) {
2362 log_fn(warn_severity, LD_NET,"Error obtaining local hostname");
2363 return -1;
2364 }
2365 log_debug(LD_CONFIG,"Guessed local host name as '%s'",hostname);
2366 }
2367
2368 /* now we know hostname. resolve it and keep only the IP address */
2369
2370 if (tor_inet_aton(hostname, &in) == 0) {
2371 /* then we have to resolve it */
2372 explicit_ip = 0;
2373 if (tor_lookup_hostname(hostname, &addr)) {
2374 uint32_t interface_ip;
2375
2376 if (explicit_hostname) {
2377 log_fn(warn_severity, LD_CONFIG,
2378 "Could not resolve local Address '%s'. Failing.", hostname);
2379 return -1;
2380 }
2381 log_fn(notice_severity, LD_CONFIG,
2382 "Could not resolve guessed local hostname '%s'. "
2383 "Trying something else.", hostname);
2384 if (get_interface_address(warn_severity, &interface_ip)) {
2385 log_fn(warn_severity, LD_CONFIG,
2386 "Could not get local interface IP address. Failing.");
2387 return -1;
2388 }
2389 from_interface = 1;
2390 in.s_addr = htonl(interface_ip);
2391 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2392 log_fn(notice_severity, LD_CONFIG, "Learned IP address '%s' for "
2393 "local interface. Using that.", tmpbuf);
2394 strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname));
2395 } else {
2396 in.s_addr = htonl(addr);
2397
2398 if (!explicit_hostname &&
2399 is_internal_IP(ntohl(in.s_addr), 0)) {
2400 uint32_t interface_ip;
2401
2402 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2403 log_fn(notice_severity, LD_CONFIG, "Guessed local hostname '%s' "
2404 "resolves to a private IP address (%s). Trying something "
2405 "else.", hostname, tmpbuf);
2406
2407 if (get_interface_address(warn_severity, &interface_ip)) {
2408 log_fn(warn_severity, LD_CONFIG,
2409 "Could not get local interface IP address. Too bad.");
2410 } else if (is_internal_IP(interface_ip, 0)) {
2411 struct in_addr in2;
2412 in2.s_addr = htonl(interface_ip);
2413 tor_inet_ntoa(&in2,tmpbuf,sizeof(tmpbuf));
2414 log_fn(notice_severity, LD_CONFIG,
2415 "Interface IP address '%s' is a private address too. "
2416 "Ignoring.", tmpbuf);
2417 } else {
2418 from_interface = 1;
2419 in.s_addr = htonl(interface_ip);
2420 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2421 log_fn(notice_severity, LD_CONFIG,
2422 "Learned IP address '%s' for local interface."
2423 " Using that.", tmpbuf);
2424 strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname));
2425 }
2426 }
2427 }
2428 }
2429
2430 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2431 if (is_internal_IP(ntohl(in.s_addr), 0) &&
2432 options->_PublishServerDescriptor) {
2433 /* make sure we're ok with publishing an internal IP */
2434 if (!options->DirServers && !options->AlternateDirAuthority) {
2435 /* if they are using the default dirservers, disallow internal IPs
2436 * always. */
2437 log_fn(warn_severity, LD_CONFIG,
2438 "Address '%s' resolves to private IP address '%s'. "
2439 "Tor servers that use the default DirServers must have public "
2440 "IP addresses.", hostname, tmpbuf);
2441 return -1;
2442 }
2443 if (!explicit_ip) {
2444 /* even if they've set their own dirservers, require an explicit IP if
2445 * they're using an internal address. */
2446 log_fn(warn_severity, LD_CONFIG, "Address '%s' resolves to private "
2447 "IP address '%s'. Please set the Address config option to be "
2448 "the IP address you want to use.", hostname, tmpbuf);
2449 return -1;
2450 }
2451 }
2452
2453 log_debug(LD_CONFIG, "Resolved Address to '%s'.", tmpbuf);
2454 *addr_out = ntohl(in.s_addr);
2455 if (last_resolved_addr && last_resolved_addr != *addr_out) {
2456 /* Leave this as a notice, regardless of the requested severity,
2457 * at least until dynamic IP address support becomes bulletproof. */
2458 log_notice(LD_NET,
2459 "Your IP address seems to have changed to %s. Updating.",
2460 tmpbuf);
2461 ip_address_changed(0);
2462 }
2463 if (last_resolved_addr != *addr_out) {
2464 const char *method;
2465 const char *h = hostname;
2466 if (explicit_ip) {
2467 method = "CONFIGURED";
2468 h = NULL;
2469 } else if (explicit_hostname) {
2470 method = "RESOLVED";
2471 } else if (from_interface) {
2472 method = "INTERFACE";
2473 h = NULL;
2474 } else {
2475 method = "GETHOSTNAME";
2476 }
2477 control_event_server_status(LOG_NOTICE,
2478 "EXTERNAL_ADDRESS ADDRESS=%s METHOD=%s %s%s",
2479 tmpbuf, method, h?"HOSTNAME=":"", h);
2480 }
2481 last_resolved_addr = *addr_out;
2482 if (hostname_out)
2483 *hostname_out = tor_strdup(hostname);
2484 return 0;
2485 }
2486
2487 /** Return true iff <b>addr</b> is judged to be on the same network as us, or
2488 * on a private network.
2489 */
2490 int
2491 is_local_addr(const tor_addr_t *addr)
2492 {
2493 if (tor_addr_is_internal(addr, 0))
2494 return 1;
2495 /* Check whether ip is on the same /24 as we are. */
2496 if (get_options()->EnforceDistinctSubnets == 0)
2497 return 0;
2498 if (tor_addr_family(addr) == AF_INET) {
2499 /*XXXX022 IP6 what corresponds to an /24? */
2500 uint32_t ip = tor_addr_to_ipv4h(addr);
2501
2502 /* It's possible that this next check will hit before the first time
2503 * resolve_my_address actually succeeds. (For clients, it is likely that
2504 * resolve_my_address will never be called at all). In those cases,
2505 * last_resolved_addr will be 0, and so checking to see whether ip is on
2506 * the same /24 as last_resolved_addr will be the same as checking whether
2507 * it was on net 0, which is already done by is_internal_IP.
2508 */
2509 if ((last_resolved_addr & (uint32_t)0xffffff00ul)
2510 == (ip & (uint32_t)0xffffff00ul))
2511 return 1;
2512 }
2513 return 0;
2514 }
2515
2516 /** Called when we don't have a nickname set. Try to guess a good nickname
2517 * based on the hostname, and return it in a newly allocated string. If we
2518 * can't, return NULL and let the caller warn if it wants to. */
2519 static char *
2520 get_default_nickname(void)
2521 {
2522 static const char * const bad_default_nicknames[] = {
2523 "localhost",
2524 NULL,
2525 };
2526 char localhostname[256];
2527 char *cp, *out, *outp;
2528 int i;
2529
2530 if (gethostname(localhostname, sizeof(localhostname)) < 0)
2531 return NULL;
2532
2533 /* Put it in lowercase; stop at the first dot. */
2534 if ((cp = strchr(localhostname, '.')))
2535 *cp = '\0';
2536 tor_strlower(localhostname);
2537
2538 /* Strip invalid characters. */
2539 cp = localhostname;
2540 out = outp = tor_malloc(strlen(localhostname) + 1);
2541 while (*cp) {
2542 if (strchr(LEGAL_NICKNAME_CHARACTERS, *cp))
2543 *outp++ = *cp++;
2544 else
2545 cp++;
2546 }
2547 *outp = '\0';
2548
2549 /* Enforce length. */
2550 if (strlen(out) > MAX_NICKNAME_LEN)
2551 out[MAX_NICKNAME_LEN]='\0';
2552
2553 /* Check for dumb names. */
2554 for (i = 0; bad_default_nicknames[i]; ++i) {
2555 if (!strcmp(out, bad_default_nicknames[i])) {
2556 tor_free(out);
2557 return NULL;
2558 }
2559 }
2560
2561 return out;
2562 }
2563
2564 /** Release storage held by <b>options</b>. */
2565 static void
2566 config_free(config_format_t *fmt, void *options)
2567 {
2568 int i;
2569
2570 tor_assert(options);
2571
2572 for (i=0; fmt->vars[i].name; ++i)
2573 option_clear(fmt, options, &(fmt->vars[i]));
2574 if (fmt->extra) {
2575 config_line_t **linep = STRUCT_VAR_P(options, fmt->extra->var_offset);
2576 config_free_lines(*linep);
2577 *linep = NULL;
2578 }
2579 tor_free(options);
2580 }
2581
2582 /** Return true iff a and b contain identical keys and values in identical
2583 * order. */
2584 static int
2585 config_lines_eq(config_line_t *a, config_line_t *b)
2586 {
2587 while (a && b) {
2588 if (strcasecmp(a->key, b->key) || strcmp(a->value, b->value))
2589 return 0;
2590 a = a->next;
2591 b = b->next;
2592 }
2593 if (a || b)
2594 return 0;
2595 return 1;
2596 }
2597
2598 /** Return true iff the option <b>name</b> has the same value in <b>o1</b>
2599 * and <b>o2</b>. Must not be called for LINELIST_S or OBSOLETE options.
2600 */
2601 static int
2602 option_is_same(config_format_t *fmt,
2603 or_options_t *o1, or_options_t *o2, const char *name)
2604 {
2605 config_line_t *c1, *c2;
2606 int r = 1;
2607 CHECK(fmt, o1);
2608 CHECK(fmt, o2);
2609
2610 c1 = get_assigned_option(fmt, o1, name, 0);
2611 c2 = get_assigned_option(fmt, o2, name, 0);
2612 r = config_lines_eq(c1, c2);
2613 config_free_lines(c1);
2614 config_free_lines(c2);
2615 return r;
2616 }
2617
2618 /** Copy storage held by <b>old</b> into a new or_options_t and return it. */
2619 static or_options_t *
2620 options_dup(config_format_t *fmt, or_options_t *old)
2621 {
2622 or_options_t *newopts;
2623 int i;
2624 config_line_t *line;
2625
2626 newopts = config_alloc(fmt);
2627 for (i=0; fmt->vars[i].name; ++i) {
2628 if (fmt->vars[i].type == CONFIG_TYPE_LINELIST_S)
2629 continue;
2630 if (fmt->vars[i].type == CONFIG_TYPE_OBSOLETE)
2631 continue;
2632 line = get_assigned_option(fmt, old, fmt->vars[i].name, 0);
2633 if (line) {
2634 char *msg = NULL;
2635 if (config_assign(fmt, newopts, line, 0, 0, &msg) < 0) {
2636 log_err(LD_BUG, "Config_get_assigned_option() generated "
2637 "something we couldn't config_assign(): %s", msg);
2638 tor_free(msg);
2639 tor_assert(0);
2640 }
2641 }
2642 config_free_lines(line);
2643 }
2644 return newopts;
2645 }
2646
2647 /** Return a new empty or_options_t. Used for testing. */
2648 or_options_t *
2649 options_new(void)
2650 {
2651 return config_alloc(&options_format);
2652 }
2653
2654 /** Set <b>options</b> to hold reasonable defaults for most options.
2655 * Each option defaults to zero. */
2656 void
2657 options_init(or_options_t *options)
2658 {
2659 config_init(&options_format, options);
2660 }
2661
2662 /* Check if the port number given in <b>port_option</b> in combination with
2663 * the specified port in <b>listen_options</b> will result in Tor actually
2664 * opening a low port (meaning a port lower than 1024). Return 1 if
2665 * it is, or 0 if it isn't or the concept of a low port isn't applicable for
2666 * the platform we're on. */
2667 static int
2668 is_listening_on_low_port(uint16_t port_option,
2669 const config_line_t *listen_options)
2670 {
2671 #ifdef MS_WINDOWS
2672 return 0; /* No port is too low for windows. */
2673 #else
2674 const config_line_t *l;
2675 uint16_t p;
2676 if (port_option == 0)
2677 return 0; /* We're not listening */
2678 if (listen_options == NULL)
2679 return (port_option < 1024);
2680
2681 for (l = listen_options; l; l = l->next) {
2682 parse_addr_port(LOG_WARN, l->value, NULL, NULL, &p);
2683 if (p<1024) {
2684 return 1;
2685 }
2686 }
2687 return 0;
2688 #endif
2689 }
2690
2691 /** Set all vars in the configuration object <b>options</b> to their default
2692 * values. */
2693 static void
2694 config_init(config_format_t *fmt, void *options)
2695 {
2696 int i;
2697 config_var_t *var;
2698 CHECK(fmt, options);
2699
2700 for (i=0; fmt->vars[i].name; ++i) {
2701 var = &fmt->vars[i];
2702 if (!var->initvalue)
2703 continue; /* defaults to NULL or 0 */
2704 option_reset(fmt, options, var, 1);
2705 }
2706 }
2707
2708 /** Allocate and return a new string holding the written-out values of the vars
2709 * in 'options'. If 'minimal', do not write out any default-valued vars.
2710 * Else, if comment_defaults, write default values as comments.
2711 */
2712 static char *
2713 config_dump(config_format_t *fmt, void *options, int minimal,
2714 int comment_defaults)
2715 {
2716 smartlist_t *elements;
2717 or_options_t *defaults;
2718 config_line_t *line, *assigned;
2719 char *result;
2720 int i;
2721 const char *desc;
2722 char *msg = NULL;
2723
2724 defaults = config_alloc(fmt);
2725 config_init(fmt, defaults);
2726
2727 /* XXX use a 1 here so we don't add a new log line while dumping */
2728 if (fmt->validate_fn(NULL,defaults, 1, &msg) < 0) {
2729 log_err(LD_BUG, "Failed to validate default config.");
2730 tor_free(msg);
2731 tor_assert(0);
2732 }
2733
2734 elements = smartlist_create();
2735 for (i=0; fmt->vars[i].name; ++i) {
2736 int comment_option = 0;
2737 if (fmt->vars[i].type == CONFIG_TYPE_OBSOLETE ||
2738 fmt->vars[i].type == CONFIG_TYPE_LINELIST_S)
2739 continue;
2740 /* Don't save 'hidden' control variables. */
2741 if (!strcmpstart(fmt->vars[i].name, "__"))
2742 continue;
2743 if (minimal && option_is_same(fmt, options, defaults, fmt->vars[i].name))
2744 continue;
2745 else if (comment_defaults &&
2746 option_is_same(fmt, options, defaults, fmt->vars[i].name))
2747 comment_option = 1;
2748
2749 desc = config_find_description(fmt, fmt->vars[i].name);
2750 line = assigned = get_assigned_option(fmt, options, fmt->vars[i].name, 1);
2751
2752 if (line && desc) {
2753 /* Only dump the description if there's something to describe. */
2754 wrap_string(elements, desc, 78, "# ", "# ");
2755 }
2756
2757 for (; line; line = line->next) {
2758 size_t len = strlen(line->key) + strlen(line->value) + 5;
2759 char *tmp;
2760 tmp = tor_malloc(len);
2761 if (tor_snprintf(tmp, len, "%s%s %s\n",
2762 comment_option ? "# " : "",
2763 line->key, line->value)<0) {
2764 log_err(LD_BUG,"Internal error writing option value");
2765 tor_assert(0);
2766 }
2767 smartlist_add(elements, tmp);
2768 }
2769 config_free_lines(assigned);
2770 }
2771
2772 if (fmt->extra) {
2773 line = *(config_line_t**)STRUCT_VAR_P(options, fmt->extra->var_offset);
2774 for (; line; line = line->next) {
2775 size_t len = strlen(line->key) + strlen(line->value) + 3;
2776 char *tmp;
2777 tmp = tor_malloc(len);
2778 if (tor_snprintf(tmp, len, "%s %s\n", line->key, line->value)<0) {
2779 log_err(LD_BUG,"Internal error writing option value");
2780 tor_assert(0);
2781 }
2782 smartlist_add(elements, tmp);
2783 }
2784 }
2785
2786 result = smartlist_join_strings(elements, "", 0, NULL);
2787 SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2788 smartlist_free(elements);
2789 config_free(fmt, defaults);
2790 return result;
2791 }
2792
2793 /** Return a string containing a possible configuration file that would give
2794 * the configuration in <b>options</b>. If <b>minimal</b> is true, do not
2795 * include options that are the same as Tor's defaults.
2796 */
2797 static char *
2798 options_dump(or_options_t *options, int minimal)
2799 {
2800 return config_dump(&options_format, options, minimal, 0);
2801 }
2802
2803 /** Return 0 if every element of sl is a string holding a decimal
2804 * representation of a port number, or if sl is NULL.
2805 * Otherwise set *msg and return -1. */
2806 static int
2807 validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
2808 {
2809 int i;
2810 char buf[1024];
2811 tor_assert(name);
2812
2813 if (!sl)
2814 return 0;
2815
2816 SMARTLIST_FOREACH(sl, const char *, cp,
2817 {
2818 i = atoi(cp);
2819 if (i < 1 || i > 65535) {
2820 int r = tor_snprintf(buf, sizeof(buf),
2821 "Port '%s' out of range in %s", cp, name);
2822 *msg = tor_strdup(r >= 0 ? buf : "internal error");
2823 return -1;
2824 }
2825 });
2826 return 0;
2827 }
2828
2829 /** If <b>value</b> exceeds ROUTER_MAX_DECLARED_BANDWIDTH, write
2830 * a complaint into *<b>msg</b> using string <b>desc</b>, and return -1.
2831 * Else return 0.
2832 */
2833 static int
2834 ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
2835 {
2836 int r;
2837 char buf[1024];
2838 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2839 /* This handles an understandable special case where somebody says "2gb"
2840 * whereas our actual maximum is 2gb-1 (INT_MAX) */
2841 --*value;
2842 }
2843 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2844 r = tor_snprintf(buf, sizeof(buf), "%s ("U64_FORMAT") must be at most %d",
2845 desc, U64_PRINTF_ARG(*value),
2846 ROUTER_MAX_DECLARED_BANDWIDTH);
2847 *msg = tor_strdup(r >= 0 ? buf : "internal error");
2848 return -1;
2849 }
2850 return 0;
2851 }
2852
2853 /** Parse an authority type from <b>options</b>-\>PublishServerDescriptor
2854 * and write it to <b>options</b>-\>_PublishServerDescriptor. Treat "1"
2855 * as "v2,v3" unless BridgeRelay is 1, in which case treat it as "bridge".
2856 * Treat "0" as "".
2857 * Return 0 on success or -1 if not a recognized authority type (in which
2858 * case the value of _PublishServerDescriptor is undefined). */
2859 static int
2860 compute_publishserverdescriptor(or_options_t *options)
2861 {
2862 smartlist_t *list = options->PublishServerDescriptor;
2863 authority_type_t *auth = &options->_PublishServerDescriptor;
2864 *auth = NO_AUTHORITY;
2865 if (!list) /* empty list, answer is none */
2866 return 0;
2867 SMARTLIST_FOREACH(list, const char *, string, {
2868 if (!strcasecmp(string, "v1"))
2869 *auth |= V1_AUTHORITY;
2870 else if (!strcmp(string, "1"))
2871 if (options->BridgeRelay)
2872 *auth |= BRIDGE_AUTHORITY;
2873 else
2874 *auth |= V2_AUTHORITY | V3_AUTHORITY;
2875 else if (!strcasecmp(string, "v2"))
2876 *auth |= V2_AUTHORITY;
2877 else if (!strcasecmp(string, "v3"))
2878 *auth |= V3_AUTHORITY;
2879 else if (!strcasecmp(string, "bridge"))
2880 *auth |= BRIDGE_AUTHORITY;
2881 else if (!strcasecmp(string, "hidserv"))
2882 *auth |= HIDSERV_AUTHORITY;
2883 else if (!strcasecmp(string, "") || !strcmp(string, "0"))
2884 /* no authority */;
2885 else
2886 return -1;
2887 });
2888 return 0;
2889 }
2890
2891 /** Lowest allowable value for RendPostPeriod; if this is too low, hidden
2892 * services can overload the directory system. */
2893 #define MIN_REND_POST_PERIOD (10*60)
2894
2895 /** Highest allowable value for RendPostPeriod. */
2896 #define MAX_DIR_PERIOD (MIN_ONION_KEY_LIFETIME/2)
2897
2898 /** Lowest allowable value for CircuitBuildTimeout; values too low will
2899 * increase network load because of failing connections being retried, and
2900 * might prevent users from connecting to the network at all. */
2901 #define MIN_CIRCUIT_BUILD_TIMEOUT 30
2902
2903 /** Lowest allowable value for MaxCircuitDirtiness; if this is too low, Tor
2904 * will generate too many circuits and potentially overload the network. */
2905 #define MIN_MAX_CIRCUIT_DIRTINESS 10
2906
2907 /** Return 0 if every setting in <b>options</b> is reasonable, and a
2908 * permissible transition from <b>old_options</b>. Else return -1.
2909 * Should have no side effects, except for normalizing the contents of
2910 * <b>options</b>.
2911 *
2912 * On error, tor_strdup an error explanation into *<b>msg</b>.
2913 *
2914 * XXX
2915 * If <b>from_setconf</b>, we were called by the controller, and our
2916 * Log line should stay empty. If it's 0, then give us a default log
2917 * if there are no logs defined.
2918 */
2919 static int
2920 options_validate(or_options_t *old_options, or_options_t *options,
2921 int from_setconf, char **msg)
2922 {
2923 int i, r;
2924 config_line_t *cl;
2925 const char *uname = get_uname();
2926 char buf[1024];
2927 #define REJECT(arg) \
2928 STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
2929 #define COMPLAIN(arg) STMT_BEGIN log(LOG_WARN, LD_CONFIG, arg); STMT_END
2930
2931 tor_assert(msg);
2932 *msg = NULL;
2933
2934 if (options->ORPort < 0 || options->ORPort > 65535)
2935 REJECT("ORPort option out of bounds.");
2936
2937 if (server_mode(options) &&
2938 (!strcmpstart(uname, "Windows 95") ||
2939 !strcmpstart(uname, "Windows 98") ||
2940 !strcmpstart(uname, "Windows Me"))) {
2941 log(LOG_WARN, LD_CONFIG, "Tor is running as a server, but you are "
2942 "running %s; this probably won't work. See "
2943 "http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerOS "
2944 "for details.", uname);
2945 }
2946
2947 if (options->ORPort == 0 && options->ORListenAddress != NULL)
2948 REJECT("ORPort must be defined if ORListenAddress is defined.");
2949
2950 if (options->DirPort == 0 && options->DirListenAddress != NULL)
2951 REJECT("DirPort must be defined if DirListenAddress is defined.");
2952
2953 if (options->DNSPort == 0 && options->DNSListenAddress != NULL)
2954 REJECT("DNSPort must be defined if DNSListenAddress is defined.");
2955
2956 if (options->ControlPort == 0 && options->ControlListenAddress != NULL)
2957 REJECT("ControlPort must be defined if ControlListenAddress is defined.");
2958
2959 if (options->TransPort == 0 && options->TransListenAddress != NULL)
2960 REJECT("TransPort must be defined if TransListenAddress is defined.");
2961
2962 if (options->NatdPort == 0 && options->NatdListenAddress != NULL)
2963 REJECT("NatdPort must be defined if NatdListenAddress is defined.");
2964
2965 /* Don't gripe about SocksPort 0 with SocksListenAddress set; a standard
2966 * configuration does this. */
2967
2968 for (i = 0; i < 3; ++i) {
2969 int is_socks = i==0;
2970 int is_trans = i==1;
2971 config_line_t *line, *opt, *old;
2972 const char *tp;
2973 if (is_socks) {
2974 opt = options->SocksListenAddress;
2975 old = old_options ? old_options->SocksListenAddress : NULL;
2976 tp = "SOCKS proxy";
2977 } else if (is_trans) {
2978 opt = options->TransListenAddress;
2979 old = old_options ? old_options->TransListenAddress : NULL;
2980 tp = "transparent proxy";
2981 } else {
2982 opt = options->NatdListenAddress;
2983 old = old_options ? old_options->NatdListenAddress : NULL;
2984 tp = "natd proxy";
2985 }
2986
2987 for (line = opt; line; line = line->next) {
2988 char *address = NULL;
2989 uint16_t port;
2990 uint32_t addr;
2991 if (parse_addr_port(LOG_WARN, line->value, &address, &addr, &port)<0)
2992 continue; /* We'll warn about this later. */
2993 if (!is_internal_IP(addr, 1) &&
2994 (!old_options || !config_lines_eq(old, opt))) {
2995 log_warn(LD_CONFIG,
2996 "You specified a public address '%s' for a %s. Other "
2997 "people on the Internet might find your computer and use it as "
2998 "an open %s. Please don't allow this unless you have "
2999 "a good reason.", address, tp, tp);
3000 }
3001 tor_free(address);
3002 }
3003 }
3004
3005 if (validate_data_directory(options)<0)
3006 REJECT("Invalid DataDirectory");
3007
3008 if (options->Nickname == NULL) {
3009 if (server_mode(options)) {
3010 if (!(options->Nickname = get_default_nickname())) {
3011 log_notice(LD_CONFIG, "Couldn't pick a nickname based on "
3012 "our hostname; using %s instead.", UNNAMED_ROUTER_NICKNAME);
3013 options->Nickname = tor_strdup(UNNAMED_ROUTER_NICKNAME);
3014 } else {
3015 log_notice(LD_CONFIG, "Choosing default nickname '%s'",
3016 options->Nickname);
3017 }
3018 }
3019 } else {
3020 if (!is_legal_nickname(options->Nickname)) {
3021 r = tor_snprintf(buf, sizeof(buf),
3022 "Nickname '%s' is wrong length or contains illegal characters.",
3023 options->Nickname);
3024 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3025 return -1;
3026 }
3027 }
3028
3029 if (server_mode(options) && !options->ContactInfo)
3030 log(LOG_NOTICE, LD_CONFIG, "Your ContactInfo config option is not set. "
3031 "Please consider setting it, so we can contact you if your server is "
3032 "misconfigured or something else goes wrong.");
3033
3034 /* Special case on first boot if no Log options are given. */
3035 if (!options->Logs && !options->RunAsDaemon && !from_setconf)
3036 config_line_append(&options->Logs, "Log", "notice stdout");
3037
3038 if (options_init_logs(options, 1)<0) /* Validate the log(s) */
3039 REJECT("Failed to validate Log options. See logs for details.");
3040
3041 if (options->NoPublish) {
3042 log(LOG_WARN, LD_CONFIG,
3043 "NoPublish is obsolete. Use PublishServerDescriptor instead.");
3044 SMARTLIST_FOREACH(options->PublishServerDescriptor, char *, s,
3045 tor_free(s));
3046 smartlist_clear(options->PublishServerDescriptor);
3047 }
3048
3049 if (authdir_mode(options)) {
3050 /* confirm that our address isn't broken, so we can complain now */
3051 uint32_t tmp;
3052 if (resolve_my_address(LOG_WARN, options, &tmp, NULL) < 0)
3053 REJECT("Failed to resolve/guess local address. See logs for details.");
3054 }
3055
3056 #ifndef MS_WINDOWS
3057 if (options->RunAsDaemon && torrc_fname && path_is_relative(torrc_fname))
3058 REJECT("Can't use a relative path to torrc when RunAsDaemon is set.");
3059 #endif
3060
3061 if (options->SocksPort < 0 || options->SocksPort > 65535)
3062 REJECT("SocksPort option out of bounds.");
3063
3064 if (options->DNSPort < 0 || options->DNSPort > 65535)
3065 REJECT("DNSPort option out of bounds.");
3066
3067 if (options->TransPort < 0 || options->TransPort > 65535)
3068 REJECT("TransPort option out of bounds.");
3069
3070 if (options->NatdPort < 0 || options->NatdPort > 65535)
3071 REJECT("NatdPort option out of bounds.");
3072
3073 if (options->SocksPort == 0 && options->TransPort == 0 &&
3074 options->NatdPort == 0 && options->ORPort == 0 &&
3075 options->DNSPort == 0 && !options->RendConfigLines)
3076 log(LOG_WARN, LD_CONFIG,
3077 "SocksPort, TransPort, NatdPort, DNSPort, and ORPort are all "
3078 "undefined, and there aren't any hidden services configured. "
3079 "Tor will still run, but probably won't do anything.");
3080
3081 if (options->ControlPort < 0 || options->ControlPort > 65535)
3082 REJECT("ControlPort option out of bounds.");
3083
3084 if (options->DirPort < 0 || options->DirPort > 65535)
3085 REJECT("DirPort option out of bounds.");
3086
3087 #ifndef USE_TRANSPARENT
3088 if (options->TransPort || options->TransListenAddress)
3089 REJECT("TransPort and TransListenAddress are disabled in this build.");
3090 #endif
3091
3092 if (options->AccountingMax &&
3093 (is_listening_on_low_port(options->ORPort, options->ORListenAddress) ||
3094 is_listening_on_low_port(options->DirPort, options->DirListenAddress)))
3095 {
3096 log(LOG_WARN, LD_CONFIG,
3097 "You have set AccountingMax to use hibernation. You have also "
3098 "chosen a low DirPort or OrPort. This combination can make Tor stop "
3099 "working when it tries to re-attach the port after a period of "
3100 "hibernation. Please choose a different port or turn off "
3101 "hibernation unless you know this combination will work on your "
3102 "platform.");
3103 }
3104
3105 if (options->ExcludeExitNodes || options->ExcludeNodes) {
3106 options->_ExcludeExitNodesUnion = routerset_new();
3107 routerset_union(options->_ExcludeExitNodesUnion,options->ExcludeExitNodes);
3108 routerset_union(options->_ExcludeExitNodesUnion,options->ExcludeNodes);
3109 }
3110
3111 if (options->StrictExitNodes &&
3112 (!options->ExitNodes) &&
3113 (!old_options ||
3114 (old_options->StrictExitNodes != options->StrictExitNodes) ||
3115 (!routerset_equal(old_options->ExitNodes,options->ExitNodes))))
3116 COMPLAIN("StrictExitNodes set, but no ExitNodes listed.");
3117
3118 if (options->StrictEntryNodes &&
3119 (!options->EntryNodes) &&
3120 (!old_options ||
3121 (old_options->StrictEntryNodes != options->StrictEntryNodes) ||
3122 (!routerset_equal(old_options->EntryNodes,options->EntryNodes))))
3123 COMPLAIN("StrictEntryNodes set, but no EntryNodes listed.");
3124
3125 if (options->EntryNodes && !routerset_is_list(options->EntryNodes)) {
3126 /* XXXX fix this; see entry_guards_prepend_from_config(). */
3127 REJECT("IPs or countries are not yet supported in EntryNodes.");
3128 }
3129
3130 if (options->AuthoritativeDir) {
3131 if (!options->ContactInfo && !options->TestingTorNetwork)
3132 REJECT("Authoritative directory servers must set ContactInfo");
3133 if (options->V1AuthoritativeDir && !options->RecommendedVersions)
3134 REJECT("V1 authoritative dir servers must set RecommendedVersions.");
3135 if (!options->RecommendedClientVersions)
3136 options->RecommendedClientVersions =
3137 config_lines_dup(options->RecommendedVersions);
3138 if (!options->RecommendedServerVersions)
3139 options->RecommendedServerVersions =
3140 config_lines_dup(options->RecommendedVersions);
3141 if (options->VersioningAuthoritativeDir &&
3142 (!options->RecommendedClientVersions ||
3143 !options->RecommendedServerVersions))
3144 REJECT("Versioning authoritative dir servers must set "
3145 "Recommended*Versions.");
3146 if (options->UseEntryGuards) {
3147 log_info(LD_CONFIG, "Authoritative directory servers can't set "
3148 "UseEntryGuards. Disabling.");
3149 options->UseEntryGuards = 0;
3150 }
3151 if (!options->DownloadExtraInfo && authdir_mode_any_main(options)) {
3152 log_info(LD_CONFIG, "Authoritative directories always try to download "
3153 "extra-info documents. Setting DownloadExtraInfo.");
3154 options->DownloadExtraInfo = 1;
3155 }
3156 if (!(options->BridgeAuthoritativeDir || options->HSAuthoritativeDir ||
3157 options->V1AuthoritativeDir || options->V2AuthoritativeDir ||
3158 options->V3AuthoritativeDir))
3159 REJECT("AuthoritativeDir is set, but none of "
3160 "(Bridge/HS/V1/V2/V3)AuthoritativeDir is set.");
3161 }
3162
3163 if (options->AuthoritativeDir && !options->DirPort)
3164 REJECT("Running as authoritative directory, but no DirPort set.");
3165
3166 if (options->AuthoritativeDir && !options->ORPort)
3167 REJECT("Running as authoritative directory, but no ORPort set.");
3168
3169 if (options->AuthoritativeDir && options->ClientOnly)
3170 REJECT("Running as authoritative directory, but ClientOnly also set.");
3171
3172 if (options->HSAuthorityRecordStats && !options->HSAuthoritativeDir)
3173 REJECT("HSAuthorityRecordStats is set but we're not running as "
3174 "a hidden service authority.");
3175
3176 if (options->ConnLimit <= 0) {
3177 r = tor_snprintf(buf, sizeof(buf),
3178 "ConnLimit must be greater than 0, but was set to %d",
3179 options->ConnLimit);
3180 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3181 return -1;
3182 }
3183
3184 if (validate_ports_csv(options->FirewallPorts, "FirewallPorts", msg) < 0)
3185 return -1;
3186
3187 if (validate_ports_csv(options->LongLivedPorts, "LongLivedPorts", msg) < 0)
3188 return -1;
3189
3190 if (validate_ports_csv(options->RejectPlaintextPorts,
3191 "RejectPlaintextPorts", msg) < 0)
3192 return -1;
3193
3194 if (validate_ports_csv(options->WarnPlaintextPorts,
3195 "WarnPlaintextPorts", msg) < 0)
3196 return -1;
3197
3198 if (options->FascistFirewall && !options->ReachableAddresses) {
3199 if (options->FirewallPorts && smartlist_len(options->FirewallPorts)) {
3200 /* We already have firewall ports set, so migrate them to
3201 * ReachableAddresses, which will set ReachableORAddresses and
3202 * ReachableDirAddresses if they aren't set explicitly. */
3203 smartlist_t *instead = smartlist_create();
3204 config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
3205 new_line->key = tor_strdup("ReachableAddresses");
3206 /* If we're configured with the old format, we need to prepend some
3207 * open ports. */
3208 SMARTLIST_FOREACH(options->FirewallPorts, const char *, portno,
3209 {
3210 int p = atoi(portno);
3211 char *s;
3212 if (p<0) continue;
3213 s = tor_malloc(16);
3214 tor_snprintf(s, 16, "*:%d", p);
3215 smartlist_add(instead, s);
3216 });
3217 new_line->value = smartlist_join_strings(instead,",",0,NULL);
3218 /* These have been deprecated since 0.1.1.5-alpha-cvs */
3219 log(LOG_NOTICE, LD_CONFIG,
3220 "Converting FascistFirewall and FirewallPorts "
3221 "config options to new format: \"ReachableAddresses %s\"",
3222 new_line->value);
3223 options->ReachableAddresses = new_line;
3224 SMARTLIST_FOREACH(instead, char *, cp, tor_free(cp));
3225 smartlist_free(instead);
3226 } else {
3227 /* We do not have FirewallPorts set, so add 80 to
3228 * ReachableDirAddresses, and 443 to ReachableORAddresses. */
3229 if (!options->ReachableDirAddresses) {
3230 config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
3231 new_line->key = tor_strdup("ReachableDirAddresses");
3232 new_line->value = tor_strdup("*:80");
3233 options->ReachableDirAddresses = new_line;
3234 log(LOG_NOTICE, LD_CONFIG, "Converting FascistFirewall config option "
3235 "to new format: \"ReachableDirAddresses *:80\"");
3236 }
3237 if (!options->ReachableORAddresses) {
3238 config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
3239 new_line->key = tor_strdup("ReachableORAddresses");
3240 new_line->value = tor_strdup("*:443");
3241 options->ReachableORAddresses = new_line;
3242 log(LOG_NOTICE, LD_CONFIG, "Converting FascistFirewall config option "
3243 "to new format: \"ReachableORAddresses *:443\"");
3244 }
3245 }
3246 }
3247
3248 for (i=0; i<3; i++) {
3249 config_line_t **linep =
3250 (i==0) ? &options->ReachableAddresses :
3251 (i==1) ? &options->ReachableORAddresses :
3252 &options->ReachableDirAddresses;
3253 if (!*linep)
3254 continue;
3255 /* We need to end with a reject *:*, not an implicit accept *:* */
3256 for (;;) {
3257 if (!strcmp((*linep)->value, "reject *:*")) /* already there */
3258 break;
3259 linep = &((*linep)->next);
3260 if (!*linep) {
3261 *linep = tor_malloc_zero(sizeof(config_line_t));
3262 (*linep)->key = tor_strdup(
3263 (i==0) ? "ReachableAddresses" :
3264 (i==1) ? "ReachableORAddresses" :
3265 "ReachableDirAddresses");
3266 (*linep)->value = tor_strdup("reject *:*");
3267 break;
3268 }
3269 }
3270 }
3271
3272 if ((options->ReachableAddresses ||
3273 options->ReachableORAddresses ||
3274 options->ReachableDirAddresses) &&
3275 server_mode(options))
3276 REJECT("Servers must be able to freely connect to the rest "
3277 "of the Internet, so they must not set Reachable*Addresses "
3278 "or FascistFirewall.");
3279
3280 if (options->UseBridges &&
3281 server_mode(options))
3282 REJECT("Servers must be able to freely connect to the rest "
3283 "of the Internet, so they must not set UseBridges.");
3284
3285 options->_AllowInvalid = 0;
3286 if (options->AllowInvalidNodes) {
3287 SMARTLIST_FOREACH(options->AllowInvalidNodes, const char *, cp, {
3288 if (!strcasecmp(cp, "entry"))
3289 options->_AllowInvalid |= ALLOW_INVALID_ENTRY;
3290 else if (!strcasecmp(cp, "exit"))
3291 options->_AllowInvalid |= ALLOW_INVALID_EXIT;
3292 else if (!strcasecmp(cp, "middle"))
3293 options->_AllowInvalid |= ALLOW_INVALID_MIDDLE;
3294 else if (!strcasecmp(cp, "introduction"))
3295 options->_AllowInvalid |= ALLOW_INVALID_INTRODUCTION;
3296 else if (!strcasecmp(cp, "rendezvous"))
3297 options->_AllowInvalid |= ALLOW_INVALID_RENDEZVOUS;
3298 else {
3299 r = tor_snprintf(buf, sizeof(buf),
3300 "Unrecognized value '%s' in AllowInvalidNodes", cp);
3301 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3302 return -1;
3303 }
3304 });
3305 }
3306
3307 if (compute_publishserverdescriptor(options) < 0) {
3308 r = tor_snprintf(buf, sizeof(buf),
3309 "Unrecognized value in PublishServerDescriptor");
3310 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3311 return -1;
3312 }
3313
3314 if ((options->BridgeRelay
3315 || options->_PublishServerDescriptor & BRIDGE_AUTHORITY)
3316 && (options->_PublishServerDescriptor
3317 & (V1_AUTHORITY|V2_AUTHORITY|V3_AUTHORITY))) {
3318 REJECT("Bridges are not supposed to publish router descriptors to the "
3319 "directory authorities. Please correct your "
3320 "PublishServerDescriptor line.");
3321 }
3322
3323 if (options->MinUptimeHidServDirectoryV2 < 0) {
3324 log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at "
3325 "least 0 seconds. Changing to 0.");
3326 options->MinUptimeHidServDirectoryV2 = 0;
3327 }
3328
3329 if (options->RendPostPeriod < MIN_REND_POST_PERIOD) {
3330 log(LOG_WARN,LD_CONFIG,"RendPostPeriod option is too short; "
3331 "raising to %d seconds.", MIN_REND_POST_PERIOD);
3332 options->RendPostPeriod = MIN_REND_POST_PERIOD;
3333 }
3334
3335 if (options->RendPostPeriod > MAX_DIR_PERIOD) {
3336 log(LOG_WARN, LD_CONFIG, "RendPostPeriod is too large; clipping to %ds.",
3337 MAX_DIR_PERIOD);
3338 options->RendPostPeriod = MAX_DIR_PERIOD;
3339 }
3340
3341 if (options->CircuitBuildTimeout < MIN_CIRCUIT_BUILD_TIMEOUT) {
3342 log(LOG_WARN, LD_CONFIG, "CircuitBuildTimeout option is too short; "
3343 "raising to %d seconds.", MIN_CIRCUIT_BUILD_TIMEOUT);
3344 options->CircuitBuildTimeout = MIN_CIRCUIT_BUILD_TIMEOUT;
3345 }
3346
3347 if (options->MaxCircuitDirtiness < MIN_MAX_CIRCUIT_DIRTINESS) {
3348 log(LOG_WARN, LD_CONFIG, "MaxCircuitDirtiness option is too short; "
3349 "raising to %d seconds.", MIN_MAX_CIRCUIT_DIRTINESS);
3350 options->MaxCircuitDirtiness = MIN_MAX_CIRCUIT_DIRTINESS;
3351 }
3352
3353 if (options->KeepalivePeriod < 1)
3354 REJECT("KeepalivePeriod option must be positive.");
3355
3356 if (ensure_bandwidth_cap(&options->BandwidthRate,
3357 "BandwidthRate", msg) < 0)
3358 return -1;
3359 if (ensure_bandwidth_cap(&options->BandwidthBurst,
3360 "BandwidthBurst", msg) < 0)
3361 return -1;
3362 if (ensure_bandwidth_cap(&options->MaxAdvertisedBandwidth,
3363 "MaxAdvertisedBandwidth", msg) < 0)
3364 return -1;
3365 if (ensure_bandwidth_cap(&options->RelayBandwidthRate,
3366 "RelayBandwidthRate", msg) < 0)
3367 return -1;
3368 if (ensure_bandwidth_cap(&options->RelayBandwidthBurst,
3369 "RelayBandwidthBurst", msg) < 0)
3370 return -1;
3371
3372 if (server_mode(options)) {
3373 if (options->BandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
3374 r = tor_snprintf(buf, sizeof(buf),
3375 "BandwidthRate is set to %d bytes/second. "
3376 "For servers, it must be at least %d.",
3377 (int)options->BandwidthRate,
3378 ROUTER_REQUIRED_MIN_BANDWIDTH);
3379 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3380 return -1;
3381 } else if (options->MaxAdvertisedBandwidth <
3382 ROUTER_REQUIRED_MIN_BANDWIDTH/2) {
3383 r = tor_snprintf(buf, sizeof(buf),
3384 "MaxAdvertisedBandwidth is set to %d bytes/second. "
3385 "For servers, it must be at least %d.",
3386 (int)options->MaxAdvertisedBandwidth,
3387 ROUTER_REQUIRED_MIN_BANDWIDTH/2);
3388 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3389 return -1;
3390 }
3391 if (options->RelayBandwidthRate &&
3392 options->RelayBandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
3393 r = tor_snprintf(buf, sizeof(buf),
3394 "RelayBandwidthRate is set to %d bytes/second. "
3395 "For servers, it must be at least %d.",
3396 (int)options->RelayBandwidthRate,
3397 ROUTER_REQUIRED_MIN_BANDWIDTH);
3398 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3399 return -1;
3400 }
3401 }
3402
3403 if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
3404 options->RelayBandwidthBurst = options->RelayBandwidthRate;
3405
3406 if (options->RelayBandwidthRate > options->RelayBandwidthBurst)
3407 REJECT("RelayBandwidthBurst must be at least equal "
3408 "to RelayBandwidthRate.");
3409
3410 if (options->BandwidthRate > options->BandwidthBurst)
3411 REJECT("BandwidthBurst must be at least equal to BandwidthRate.");
3412
3413 /* if they set relaybandwidth* really high but left bandwidth*
3414 * at the default, raise the defaults. */
3415 if (options->RelayBandwidthRate > options->BandwidthRate)
3416 options->BandwidthRate = options->RelayBandwidthRate;
3417 if (options->RelayBandwidthBurst > options->BandwidthBurst)
3418 options->BandwidthBurst = options->RelayBandwidthBurst;
3419
3420 if (accounting_parse_options(options, 1)<0)
3421 REJECT("Failed to parse accounting options. See logs for details.");
3422
3423 if (options->HttpProxy) { /* parse it now */
3424 if (parse_addr_port(LOG_WARN, options->HttpProxy, NULL,
3425 &options->HttpProxyAddr, &options->HttpProxyPort) < 0)
3426 REJECT("HttpProxy failed to parse or resolve. Please fix.");
3427 if (options->HttpProxyPort == 0) { /* give it a default */
3428 options->HttpProxyPort = 80;
3429 }
3430 }
3431
3432 if (options->HttpProxyAuthenticator) {
3433 if (strlen(options->HttpProxyAuthenticator) >= 48)
3434 REJECT("HttpProxyAuthenticator is too long (>= 48 chars).");
3435 }
3436
3437 if (options->HttpsProxy) { /* parse it now */
3438 if (parse_addr_port(LOG_WARN, options->HttpsProxy, NULL,
3439 &options->HttpsProxyAddr, &options->HttpsProxyPort) <0)
3440 REJECT("HttpsProxy failed to parse or resolve. Please fix.");
3441 if (options->HttpsProxyPort == 0) { /* give it a default */
3442 options->HttpsProxyPort = 443;
3443 }
3444 }
3445
3446 if (options->HttpsProxyAuthenticator) {
3447 if (strlen(options->HttpsProxyAuthenticator) >= 48)
3448 REJECT("HttpsProxyAuthenticator is too long (>= 48 chars).");
3449 }
3450
3451 if (options->HashedControlPassword) {
3452 smartlist_t *sl = decode_hashed_passwords(options->HashedControlPassword);
3453 if (!sl) {
3454 REJECT("Bad HashedControlPassword: wrong length or bad encoding");
3455 } else {
3456 SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
3457 smartlist_free(sl);
3458 }
3459 }
3460
3461 if (options->HashedControlSessionPassword) {
3462 smartlist_t *sl = decode_hashed_passwords(
3463 options->HashedControlSessionPassword);
3464 if (!sl) {
3465 REJECT("Bad HashedControlSessionPassword: wrong length or bad encoding");
3466 } else {
3467 SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
3468 smartlist_free(sl);
3469 }
3470 }
3471
3472 if (options->ControlListenAddress) {
3473 int all_are_local = 1;
3474 config_line_t *ln;
3475 for (ln = options->ControlListenAddress; ln; ln = ln->next) {
3476 if (strcmpstart(ln->value, "127."))
3477 all_are_local = 0;
3478 }
3479 if (!all_are_local) {
3480 if (!options->HashedControlPassword &&
3481 !options->HashedControlSessionPassword &&
3482 !options->CookieAuthentication) {
3483 log_warn(LD_CONFIG,
3484 "You have a ControlListenAddress set to accept "
3485 "unauthenticated connections from a non-local address. "
3486 "This means that programs not running on your computer "
3487 "can reconfigure your Tor, without even having to guess a "
3488 "password. That's so bad that I'm closing your ControlPort "
3489 "for you. If you need to control your Tor remotely, try "
3490 "enabling authentication and using a tool like stunnel or "
3491 "ssh to encrypt remote access.");
3492 options->ControlPort = 0;
3493 } else {
3494 log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
3495 "connections from a non-local address. This means that "
3496 "programs not running on your computer can reconfigure your "
3497 "Tor. That's pretty bad, since the controller "
3498 "protocol isn't encrypted! Maybe you should just listen on "
3499 "127.0.0.1 and use a tool like stunnel or ssh to encrypt "
3500 "remote connections to your control port.");
3501 }
3502 }
3503 }
3504
3505 if (options->ControlPort && !options->HashedControlPassword &&
3506 !options->HashedControlSessionPassword &&
3507 !options->CookieAuthentication) {
3508 log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
3509 "has been configured. This means that any program on your "
3510 "computer can reconfigure your Tor. That's bad! You should "
3511 "upgrade your Tor controller as soon as possible.");
3512 }
3513
3514 if (options->UseEntryGuards && ! options->NumEntryGuards)
3515 REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0");
3516
3517 if (check_nickname_list(options->MyFamily, "MyFamily", msg))
3518 return -1;
3519 for (cl = options->NodeFamilies; cl; cl = cl->next) {
3520 if (check_nickname_list(cl->value, "NodeFamily", msg))
3521 return -1;
3522 }
3523
3524 if (validate_addr_policies(options, msg) < 0)
3525 return -1;
3526
3527 if (validate_dir_authorities(options, old_options) < 0)
3528 REJECT("Directory authority line did not parse. See logs for details.");
3529
3530 if (options->UseBridges && !options->Bridges)
3531 REJECT("If you set UseBridges, you must specify at least one bridge.");
3532 if (options->UseBridges && !options->TunnelDirConns)
3533 REJECT("If you set UseBridges, you must set TunnelDirConns.");
3534 if (options->Bridges) {
3535 for (cl = options->Bridges; cl; cl = cl->next) {
3536 if (parse_bridge_line(cl->value, 1)<0)
3537 REJECT("Bridge line did not parse. See logs for details.");
3538 }
3539 }
3540
3541 if (options->ConstrainedSockets) {
3542 /* If the user wants to constrain socket buffer use, make sure the desired
3543 * limit is between MIN|MAX_TCPSOCK_BUFFER in k increments. */
3544 if (options->ConstrainedSockSize < MIN_CONSTRAINED_TCP_BUFFER ||
3545 options->ConstrainedSockSize > MAX_CONSTRAINED_TCP_BUFFER ||
3546 options->ConstrainedSockSize % 1024) {
3547 r = tor_snprintf(buf, sizeof(buf),
3548 "ConstrainedSockSize is invalid. Must be a value between %d and %d "
3549 "in 1024 byte increments.",
3550 MIN_CONSTRAINED_TCP_BUFFER, MAX_CONSTRAINED_TCP_BUFFER);
3551 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3552 return -1;
3553 }
3554 if (options->DirPort) {
3555 /* Providing cached directory entries while system TCP buffers are scarce
3556 * will exacerbate the socket errors. Suggest that this be disabled. */
3557 COMPLAIN("You have requested constrained socket buffers while also "
3558 "serving directory entries via DirPort. It is strongly "
3559 "suggested that you disable serving directory requests when "
3560 "system TCP buffer resources are scarce.");
3561 }
3562 }
3563
3564 if (options->V3AuthVoteDelay + options->V3AuthDistDelay >=
3565 options->V3AuthVotingInterval/2) {
3566 REJECT("V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3567 "V3AuthVotingInterval");
3568 }
3569 if (options->V3AuthVoteDelay < MIN_VOTE_SECONDS)
3570 REJECT("V3AuthVoteDelay is way too low.");
3571 if (options->V3AuthDistDelay < MIN_DIST_SECONDS)
3572 REJECT("V3AuthDistDelay is way too low.");
3573
3574 if (options->V3AuthNIntervalsValid < 2)
3575 REJECT("V3AuthNIntervalsValid must be at least 2.");
3576
3577 if (options->V3AuthVotingInterval < MIN_VOTE_INTERVAL) {
3578 REJECT("V3AuthVotingInterval is insanely low.");
3579 } else if (options->V3AuthVotingInterval > 24*60*60) {
3580 REJECT("V3AuthVotingInterval is insanely high.");
3581 } else if (((24*60*60) % options->V3AuthVotingInterval) != 0) {
3582 COMPLAIN("V3AuthVotingInterval does not divide evenly into 24 hours.");
3583 }
3584
3585 if (rend_config_services(options, 1) < 0)
3586 REJECT("Failed to configure rendezvous options. See logs for details.");
3587
3588 /* Parse client-side authorization for hidden services. */
3589 if (rend_parse_service_authorization(options, 1) < 0)
3590 REJECT("Failed to configure client authorization for hidden services. "
3591 "See logs for details.");
3592
3593 if (parse_virtual_addr_network(options->VirtualAddrNetwork, 1, NULL)<0)
3594 return -1;
3595
3596 if (options->PreferTunneledDirConns && !options->TunnelDirConns)
3597 REJECT("Must set TunnelDirConns if PreferTunneledDirConns is set.");
3598
3599 if (options->AutomapHostsSuffixes) {
3600 SMARTLIST_FOREACH(options->AutomapHostsSuffixes, char *, suf,
3601 {
3602 size_t len = strlen(suf);
3603 if (len && suf[len-1] == '.')
3604 suf[len-1] = '\0';
3605 });
3606 }
3607
3608 if (options->TestingTorNetwork && !options->DirServers) {
3609 REJECT("TestingTorNetwork may only be configured in combination with "
3610 "a non-default set of DirServers.");
3611 }
3612
3613 /*XXXX022 checking for defaults manually like this is a bit fragile.*/
3614
3615 /* Keep changes to hard-coded values synchronous to man page and default
3616 * values table. */
3617 if (options->TestingV3AuthInitialVotingInterval != 30*60 &&
3618 !options->TestingTorNetwork) {
3619 REJECT("TestingV3AuthInitialVotingInterval may only be changed in testing "
3620 "Tor networks!");
3621 } else if (options->TestingV3AuthInitialVotingInterval < MIN_VOTE_INTERVAL) {
3622 REJECT("TestingV3AuthInitialVotingInterval is insanely low.");
3623 } else if (((30*60) % options->TestingV3AuthInitialVotingInterval) != 0) {
3624 REJECT("TestingV3AuthInitialVotingInterval does not divide evenly into "
3625 "30 minutes.");
3626 }
3627
3628 if (options->TestingV3AuthInitialVoteDelay != 5*60 &&
3629 !options->TestingTorNetwork) {
3630 REJECT("TestingV3AuthInitialVoteDelay may only be changed in testing "
3631 "Tor networks!");
3632 } else if (options->TestingV3AuthInitialVoteDelay < MIN_VOTE_SECONDS) {
3633 REJECT("TestingV3AuthInitialVoteDelay is way too low.");
3634 }
3635
3636 if (options->TestingV3AuthInitialDistDelay != 5*60 &&
3637 !options->TestingTorNetwork) {
3638 REJECT("TestingV3AuthInitialDistDelay may only be changed in testing "
3639 "Tor networks!");
3640 } else if (options->TestingV3AuthInitialDistDelay < MIN_DIST_SECONDS) {
3641 REJECT("TestingV3AuthInitialDistDelay is way too low.");
3642 }
3643
3644 if (options->TestingV3AuthInitialVoteDelay +
3645 options->TestingV3AuthInitialDistDelay >=
3646 options->TestingV3AuthInitialVotingInterval/2) {
3647 REJECT("TestingV3AuthInitialVoteDelay plus TestingV3AuthInitialDistDelay "
3648 "must be less than half TestingV3AuthInitialVotingInterval");
3649 }
3650
3651 if (options->TestingAuthDirTimeToLearnReachability != 30*60 &&
3652 !options->TestingTorNetwork) {
3653 REJECT("TestingAuthDirTimeToLearnReachability may only be changed in "
3654 "testing Tor networks!");
3655 } else if (options->TestingAuthDirTimeToLearnReachability < 0) {
3656 REJECT("TestingAuthDirTimeToLearnReachability must be non-negative.");
3657 } else if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) {
3658 COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high.");
3659 }
3660
3661 if (options->TestingEstimatedDescriptorPropagationTime != 10*60 &&
3662 !options->TestingTorNetwork) {
3663 REJECT("TestingEstimatedDescriptorPropagationTime may only be changed in "
3664 "testing Tor networks!");
3665 } else if (options->TestingEstimatedDescriptorPropagationTime < 0) {
3666 REJECT("TestingEstimatedDescriptorPropagationTime must be non-negative.");
3667 } else if (options->TestingEstimatedDescriptorPropagationTime > 60*60) {
3668 COMPLAIN("TestingEstimatedDescriptorPropagationTime is insanely high.");
3669 }
3670
3671 if (options->TestingTorNetwork) {
3672 log_warn(LD_CONFIG, "TestingTorNetwork is set. This will make your node "
3673 "almost unusable in the public Tor network, and is "
3674 "therefore only advised if you are building a "
3675 "testing Tor network!");
3676 }
3677
3678 return 0;
3679 #undef REJECT
3680 #undef COMPLAIN
3681 }
3682
3683 /** Helper: return true iff s1 and s2 are both NULL, or both non-NULL
3684 * equal strings. */
3685 static int
3686 opt_streq(const char *s1, const char *s2)
3687 {
3688 if (!s1 && !s2)
3689 return 1;
3690 else if (s1 && s2 && !strcmp(s1,s2))
3691 return 1;
3692 else
3693 return 0;
3694 }
3695
3696 /** Check if any of the previous options have changed but aren't allowed to. */
3697 static int
3698 options_transition_allowed(or_options_t *old, or_options_t *new_val,
3699 char **msg)
3700 {
3701 if (!old)
3702 return 0;
3703
3704 if (!opt_streq(old->PidFile, new_val->PidFile)) {
3705 *msg = tor_strdup("PidFile is not allowed to change.");
3706 return -1;
3707 }
3708
3709 if (old->RunAsDaemon != new_val->RunAsDaemon) {
3710 *msg = tor_strdup("While Tor is running, changing RunAsDaemon "
3711 "is not allowed.");
3712 return -1;
3713 }
3714
3715 if (strcmp(old->DataDirectory,new_val->DataDirectory)!=0) {
3716 char buf[1024];
3717 int r = tor_snprintf(buf, sizeof(buf),
3718 "While Tor is running, changing DataDirectory "
3719 "(\"%s\"->\"%s\") is not allowed.",
3720 old->DataDirectory, new_val->DataDirectory);
3721 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3722 return -1;
3723 }
3724
3725 if (!opt_streq(old->User, new_val->User)) {
3726 *msg = tor_strdup("While Tor is running, changing User is not allowed.");
3727 return -1;
3728 }
3729
3730 if (!opt_streq(old->Group, new_val->Group)) {
3731 *msg = tor_strdup("While Tor is running, changing Group is not allowed.");
3732 return -1;
3733 }
3734
3735 if (old->HardwareAccel != new_val->HardwareAccel) {
3736 *msg = tor_strdup("While Tor is running, changing HardwareAccel is "
3737 "not allowed.");
3738 return -1;
3739 }
3740
3741 if (old->TestingTorNetwork != new_val->TestingTorNetwork) {
3742 *msg = tor_strdup("While Tor is running, changing TestingTorNetwork "
3743 "is not allowed.");
3744 return -1;
3745 }
3746
3747 return 0;
3748 }
3749
3750 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
3751 * will require us to rotate the CPU and DNS workers; else return 0. */
3752 static int
3753 options_transition_affects_workers(or_options_t *old_options,
3754 or_options_t *new_options)
3755 {
3756 if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
3757 old_options->NumCpus != new_options->NumCpus ||
3758 old_options->ORPort != new_options->ORPort ||
3759 old_options->ServerDNSSearchDomains !=
3760 new_options->ServerDNSSearchDomains ||
3761 old_options->SafeLogging != new_options->SafeLogging ||
3762 old_options->ClientOnly != new_options->ClientOnly ||
3763 !config_lines_eq(old_options->Logs, new_options->Logs))
3764 return 1;
3765
3766 /* Check whether log options match. */
3767
3768 /* Nothing that changed matters. */
3769 return 0;
3770 }
3771
3772 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
3773 * will require us to generate a new descriptor; else return 0. */
3774 static int
3775 options_transition_affects_descriptor(or_options_t *old_options,
3776 or_options_t *new_options)
3777 {
3778 /* XXX We can be smarter here. If your DirPort isn't being
3779 * published and you just turned it off, no need to republish. Etc. */
3780 if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
3781 !opt_streq(old_options->Nickname,new_options->Nickname) ||
3782 !opt_streq(old_options->Address,new_options->Address) ||
3783 !config_lines_eq(old_options->ExitPolicy,new_options->ExitPolicy) ||
3784 old_options->ExitPolicyRejectPrivate !=
3785 new_options->ExitPolicyRejectPrivate ||
3786 old_options->ORPort != new_options->ORPort ||
3787 old_options->DirPort != new_options->DirPort ||
3788 old_options->ClientOnly != new_options->ClientOnly ||
3789 old_options->NoPublish != new_options->NoPublish ||
3790 old_options->_PublishServerDescriptor !=
3791 new_options->_PublishServerDescriptor ||
3792 get_effective_bwrate(old_options) != get_effective_bwrate(new_options) ||
3793 get_effective_bwburst(old_options) !=
3794 get_effective_bwburst(new_options) ||
3795 !opt_streq(old_options->ContactInfo, new_options->ContactInfo) ||
3796 !opt_streq(old_options->MyFamily, new_options->MyFamily) ||
3797 !opt_streq(old_options->AccountingStart, new_options->AccountingStart) ||
3798 old_options->AccountingMax != new_options->AccountingMax)
3799 return 1;
3800
3801 return 0;
3802 }
3803
3804 #ifdef MS_WINDOWS
3805 /** Return the directory on windows where we expect to find our application
3806 * data. */
3807 static char *
3808 get_windows_conf_root(void)
3809 {
3810 static int is_set = 0;
3811 static char path[MAX_PATH+1];
3812
3813 LPITEMIDLIST idl;
3814 IMalloc *m;
3815 HRESULT result;
3816
3817 if (is_set)
3818 return path;
3819
3820 /* Find X:\documents and settings\username\application data\ .
3821 * We would use SHGetSpecialFolder path, but that wasn't added until IE4.
3822 */
3823 #ifdef ENABLE_LOCAL_APPDATA
3824 #define APPDATA_PATH CSIDL_LOCAL_APPDATA
3825 #else
3826 #define APPDATA_PATH CSIDL_APPDATA
3827 #endif
3828 if (!SUCCEEDED(SHGetSpecialFolderLocation(NULL, APPDATA_PATH, &idl))) {
3829 GetCurrentDirectory(MAX_PATH, path);
3830 is_set = 1;
3831 log_warn(LD_CONFIG,
3832 "I couldn't find your application data folder: are you "
3833 "running an ancient version of Windows 95? Defaulting to \"%s\"",
3834 path);
3835 return path;
3836 }
3837 /* Convert the path from an "ID List" (whatever that is!) to a path. */
3838 result = SHGetPathFromIDList(idl, path);
3839 /* Now we need to free the */
3840 SHGetMalloc(&m);
3841 if (m) {
3842 m->lpVtbl->Free(m, idl);
3843 m->lpVtbl->Release(m);
3844 }
3845 if (!SUCCEEDED(result)) {
3846 return NULL;
3847 }
3848 strlcat(path,"\\tor",MAX_PATH);
3849 is_set = 1;
3850 return path;
3851 }
3852 #endif
3853
3854 /** Return the default location for our torrc file. */
3855 static const char *
3856 get_default_conf_file(void)
3857 {
3858 #ifdef MS_WINDOWS
3859 static char path[MAX_PATH+1];
3860 strlcpy(path, get_windows_conf_root(), MAX_PATH);
3861 strlcat(path,"\\torrc",MAX_PATH);
3862 return path;
3863 #else
3864 return (CONFDIR "/torrc");
3865 #endif
3866 }
3867
3868 /** Verify whether lst is a string containing valid-looking comma-separated
3869 * nicknames, or NULL. Return 0 on success. Warn and return -1 on failure.
3870 */
3871 static int
3872 check_nickname_list(const char *lst, const char *name, char **msg)
3873 {
3874 int r = 0;
3875 smartlist_t *sl;
3876
3877 if (!lst)
3878 return 0;
3879 sl = smartlist_create();
3880
3881 smartlist_split_string(sl, lst, ",",
3882 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK|SPLIT_STRIP_SPACE, 0);
3883
3884 SMARTLIST_FOREACH(sl, const char *, s,
3885 {
3886 if (!is_legal_nickname_or_hexdigest(s)) {
3887 char buf[1024];
3888 int tmp = tor_snprintf(buf, sizeof(buf),
3889 "Invalid nickname '%s' in %s line", s, name);
3890 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
3891 r = -1;
3892 break;
3893 }
3894 });
3895 SMARTLIST_FOREACH(sl, char *, s, tor_free(s));
3896 smartlist_free(sl);
3897 return r;
3898 }
3899
3900 /** Learn config file name from command line arguments, or use the default */
3901 static char *
3902 find_torrc_filename(int argc, char **argv,
3903 int *using_default_torrc, int *ignore_missing_torrc)
3904 {
3905 char *fname=NULL;
3906 int i;
3907
3908 for (i = 1; i < argc; ++i) {
3909 if (i < argc-1 && !strcmp(argv[i],"-f")) {
3910 if (fname) {
3911 log(LOG_WARN, LD_CONFIG, "Duplicate -f options on command line.");
3912 tor_free(fname);
3913 }
3914 #ifdef MS_WINDOWS
3915 /* XXX one day we might want to extend expand_filename to work
3916 * under Windows as well. */
3917 fname = tor_strdup(argv[i+1]);
3918 #else
3919 fname = expand_filename(argv[i+1]);
3920 #endif
3921 *using_default_torrc = 0;
3922 ++i;
3923 } else if (!strcmp(argv[i],"--ignore-missing-torrc")) {
3924 *ignore_missing_torrc = 1;
3925 }
3926 }
3927
3928 if (*using_default_torrc) {
3929 /* didn't find one, try CONFDIR */
3930 const char *dflt = get_default_conf_file();
3931 if (dflt && file_status(dflt) == FN_FILE) {
3932 fname = tor_strdup(dflt);
3933 } else {
3934 #ifndef MS_WINDOWS
3935 char *fn;
3936 fn = expand_filename("~/.torrc");
3937 if (fn && file_status(fn) == FN_FILE) {
3938 fname = fn;
3939 } else {
3940 tor_free(fn);
3941 fname = tor_strdup(dflt);
3942 }
3943 #else
3944 fname = tor_strdup(dflt);
3945 #endif
3946 }
3947 }
3948 return fname;
3949 }
3950
3951 /** Load torrc from disk, setting torrc_fname if successful */
3952 static char *
3953 load_torrc_from_disk(int argc, char **argv)
3954 {
3955 char *fname=NULL;
3956 char *cf = NULL;
3957 int using_default_torrc = 1;
3958 int ignore_missing_torrc = 0;
3959
3960 fname = find_torrc_filename(argc, argv,
3961 &using_default_torrc, &ignore_missing_torrc);
3962 tor_assert(fname);
3963 log(LOG_DEBUG, LD_CONFIG, "Opening config file \"%s\"", fname);
3964
3965 tor_free(torrc_fname);
3966 torrc_fname = fname;
3967
3968 /* Open config file */
3969 if (file_status(fname) != FN_FILE ||
3970 !(cf = read_file_to_str(fname,0,NULL))) {
3971 if (using_default_torrc == 1 || ignore_missing_torrc ) {
3972 log(LOG_NOTICE, LD_CONFIG, "Configuration file \"%s\" not present, "
3973 "using reasonable defaults.", fname);
3974 tor_free(fname); /* sets fname to NULL */
3975 torrc_fname = NULL;
3976 cf = tor_strdup("");
3977 } else {
3978 log(LOG_WARN, LD_CONFIG,
3979 "Unable to open configuration file \"%s\".", fname);
3980 goto err;
3981 }
3982 }
3983
3984 return cf;
3985 err:
3986 tor_free(fname);
3987 torrc_fname = NULL;
3988 return NULL;
3989 }
3990
3991 /** Read a configuration file into <b>options</b>, finding the configuration
3992 * file location based on the command line. After loading the file
3993 * call options_init_from_string() to load the config.
3994 * Return 0 if success, -1 if failure. */
3995 int
3996 options_init_from_torrc(int argc, char **argv)
3997 {
3998 char *cf=NULL;
3999 int i, retval, command;
4000 static char **backup_argv;
4001 static int backup_argc;
4002 char *command_arg = NULL;
4003 char *errmsg=NULL;
4004
4005 if (argv) { /* first time we're called. save command line args */
4006 backup_argv = argv;
4007 backup_argc = argc;
4008 } else { /* we're reloading. need to clean up old options first. */
4009 argv = backup_argv;
4010 argc = backup_argc;
4011 }
4012 if (argc > 1 && (!strcmp(argv[1], "-h") || !strcmp(argv[1],"--help"))) {
4013 print_usage();
4014 exit(0);
4015 }
4016 if (argc > 1 && !strcmp(argv[1], "--list-torrc-options")) {
4017 /* For documenting validating whether we've documented everything. */
4018 list_torrc_options();
4019 exit(0);
4020 }
4021
4022 if (argc > 1 && (!strcmp(argv[1],"--version"))) {
4023 printf("Tor version %s.\n",get_version());
4024 exit(0);
4025 }
4026
4027 /* Go through command-line variables */
4028 if (!global_cmdline_options) {
4029 /* Or we could redo the list every time we pass this place.
4030 * It does not really matter */
4031 if (config_get_commandlines(argc, argv, &global_cmdline_options) < 0) {
4032 goto err;
4033 }
4034 }
4035
4036 command = CMD_RUN_TOR;
4037 for (i = 1; i < argc; ++i) {
4038 if (!strcmp(argv[i],"--list-fingerprint")) {
4039 command = CMD_LIST_FINGERPRINT;
4040 } else if (!strcmp(argv[i],"--hash-password")) {
4041 command = CMD_HASH_PASSWORD;
4042 command_arg = tor_strdup( (i < argc-1) ? argv[i+1] : "");
4043 ++i;
4044 } else if (!strcmp(argv[i],"--verify-config")) {
4045 command = CMD_VERIFY_CONFIG;
4046 }
4047 }
4048
4049 if (command == CMD_HASH_PASSWORD) {
4050 cf = tor_strdup("");
4051 } else {
4052 cf = load_torrc_from_disk(argc, argv);
4053 if (!cf)
4054 goto err;
4055 }
4056
4057 retval = options_init_from_string(cf, command, command_arg, &errmsg);
4058 tor_free(cf);
4059 if (retval < 0)
4060 goto err;
4061
4062 return 0;
4063
4064 err:
4065 if (errmsg) {
4066 log(LOG_WARN,LD_CONFIG,"%s", errmsg);
4067 tor_free(errmsg);
4068 }
4069 return -1;
4070 }
4071
4072 /** Load the options from the configuration in <b>cf</b>, validate
4073 * them for consistency and take actions based on them.
4074 *
4075 * Return 0 if success, negative on error:
4076 * * -1 for general errors.
4077 * * -2 for failure to parse/validate,
4078 * * -3 for transition not allowed
4079 * * -4 for error while setting the new options
4080 */
4081 setopt_err_t
4082 options_init_from_string(const char *cf,
4083 int command, const char *command_arg,
4084 char **msg)
4085 {
4086 or_options_t *oldoptions, *newoptions;
4087 config_line_t *cl;
4088 int retval;
4089 setopt_err_t err = SETOPT_ERR_MISC;
4090 tor_assert(msg);
4091
4092 oldoptions = global_options; /* get_options unfortunately asserts if
4093 this is the first time we run*/
4094
4095 newoptions = tor_malloc_zero(sizeof(or_options_t));
4096 newoptions->_magic = OR_OPTIONS_MAGIC;
4097 options_init(newoptions);
4098 newoptions->command = command;
4099 newoptions->command_arg = command_arg;
4100
4101 /* get config lines, assign them */
4102 retval = config_get_lines(cf, &cl);
4103 if (retval < 0) {
4104 err = SETOPT_ERR_PARSE;
4105 goto err;
4106 }
4107 retval = config_assign(&options_format, newoptions, cl, 0, 0, msg);
4108 config_free_lines(cl);
4109 if (retval < 0) {
4110 err = SETOPT_ERR_PARSE;
4111 goto err;
4112 }
4113
4114 /* Go through command-line variables too */
4115 retval = config_assign(&options_format, newoptions,
4116 global_cmdline_options, 0, 0, msg);
4117 if (retval < 0) {
4118 err = SETOPT_ERR_PARSE;
4119 goto err;
4120 }
4121
4122 /* If this is a testing network configuration, change defaults
4123 * for a list of dependent config options, re-initialize newoptions
4124 * with the new defaults, and assign all options to it second time. */
4125 if (newoptions->TestingTorNetwork) {
4126 /* XXXX this is a bit of a kludge. perhaps there's a better way to do
4127 * this? We could, for example, make the parsing algorithm do two passes
4128 * over the configuration. If it finds any "suite" options like
4129 * TestingTorNetwork, it could change the defaults before its second pass.
4130 * Not urgent so long as this seems to work, but at any sign of trouble,
4131 * let's clean it up. -NM */
4132
4133 /* Change defaults. */
4134 int i;
4135 for (i = 0; testing_tor_network_defaults[i].name; ++i) {
4136 config_var_t *new_var = &testing_tor_network_defaults[i];
4137 config_var_t *old_var =
4138 config_find_option(&options_format, new_var->name);
4139 tor_assert(new_var);
4140 tor_assert(old_var);
4141 old_var->initvalue = new_var->initvalue;
4142 }
4143
4144 /* Clear newoptions and re-initialize them with new defaults. */
4145 config_free(&options_format, newoptions);
4146 newoptions = tor_malloc_zero(sizeof(or_options_t));
4147 newoptions->_magic = OR_OPTIONS_MAGIC;
4148 options_init(newoptions);
4149 newoptions->command = command;
4150 newoptions->command_arg = command_arg;
4151
4152 /* Assign all options a second time. */
4153 retval = config_get_lines(cf, &cl);
4154 if (retval < 0) {
4155 err = SETOPT_ERR_PARSE;
4156 goto err;
4157 }
4158 retval = config_assign(&options_format, newoptions, cl, 0, 0, msg);
4159 config_free_lines(cl);
4160 if (retval < 0) {
4161 err = SETOPT_ERR_PARSE;
4162 goto err;
4163 }
4164 retval = config_assign(&options_format, newoptions,
4165 global_cmdline_options, 0, 0, msg);
4166 if (retval < 0) {
4167 err = SETOPT_ERR_PARSE;
4168 goto err;
4169 }
4170 }
4171
4172 /* Validate newoptions */
4173 if (options_validate(oldoptions, newoptions, 0, msg) < 0) {
4174 err = SETOPT_ERR_PARSE; /*XXX make this a separate return value.*/
4175 goto err;
4176 }
4177
4178 if (options_transition_allowed(oldoptions, newoptions, msg) < 0) {
4179 err = SETOPT_ERR_TRANSITION;
4180 goto err;
4181 }
4182
4183 if (set_options(newoptions, msg)) {
4184 err = SETOPT_ERR_SETTING;
4185 goto err; /* frees and replaces old options */
4186 }
4187
4188 return SETOPT_OK;
4189
4190 err:
4191 config_free(&options_format, newoptions);
4192 if (*msg) {
4193 int len = (int)strlen(*msg)+256;
4194 char *newmsg = tor_malloc(len);
4195
4196 tor_snprintf(newmsg, len, "Failed to parse/validate config: %s", *msg);
4197 tor_free(*msg);
4198 *msg = newmsg;
4199 }
4200 return err;
4201 }
4202
4203 /** Return the location for our configuration file.
4204 */
4205 const char *
4206 get_torrc_fname(void)
4207 {
4208 if (torrc_fname)
4209 return torrc_fname;
4210 else
4211 return get_default_conf_file();
4212 }
4213
4214 /** Adjust the address map based on the MapAddress elements in the
4215 * configuration <b>options</b>
4216 */
4217 static void
4218 config_register_addressmaps(or_options_t *options)
4219 {
4220 smartlist_t *elts;
4221 config_line_t *opt;
4222 char *from, *to;
4223
4224 addressmap_clear_configured();
4225 elts = smartlist_create();
4226 for (opt = options->AddressMap; opt; opt = opt->next) {
4227 smartlist_split_string(elts, opt->value, NULL,
4228 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4229 if (smartlist_len(elts) >= 2) {
4230 from = smartlist_get(elts,0);
4231 to = smartlist_get(elts,1);
4232 if (address_is_invalid_destination(to, 1)) {
4233 log_warn(LD_CONFIG,
4234 "Skipping invalid argument '%s' to MapAddress", to);
4235 } else {
4236 addressmap_register(from, tor_strdup(to), 0, ADDRMAPSRC_TORRC);
4237 if (smartlist_len(elts)>2) {
4238 log_warn(LD_CONFIG,"Ignoring extra arguments to MapAddress.");
4239 }
4240 }
4241 } else {
4242 log_warn(LD_CONFIG,"MapAddress '%s' has too few arguments. Ignoring.",
4243 opt->value);
4244 }
4245 SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
4246 smartlist_clear(elts);
4247 }
4248 smartlist_free(elts);
4249 }
4250
4251 /**
4252 * Initialize the logs based on the configuration file.
4253 */
4254 static int
4255 options_init_logs(or_options_t *options, int validate_only)
4256 {
4257 config_line_t *opt;
4258 int ok;
4259 smartlist_t *elts;
4260 int daemon =
4261 #ifdef MS_WINDOWS
4262 0;
4263 #else
4264 options->RunAsDaemon;
4265 #endif
4266
4267 ok = 1;
4268 elts = smartlist_create();
4269
4270 for (opt = options->Logs; opt; opt = opt->next) {
4271 log_severity_list_t *severity;
4272 const char *cfg = opt->value;
4273 severity = tor_malloc_zero(sizeof(log_severity_list_t));
4274 if (parse_log_severity_config(&cfg, severity) < 0) {
4275 log_warn(LD_CONFIG, "Couldn't parse log levels in Log option 'Log %s'",
4276 opt->value);
4277 ok = 0; goto cleanup;
4278 }
4279
4280 smartlist_split_string(elts, cfg, NULL,
4281 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4282
4283 if (smartlist_len(elts) == 0)
4284 smartlist_add(elts, tor_strdup("stdout"));
4285
4286 if (smartlist_len(elts) == 1 &&
4287 (!strcasecmp(smartlist_get(elts,0), "stdout") ||
4288 !strcasecmp(smartlist_get(elts,0), "stderr"))) {
4289 int err = smartlist_len(elts) &&
4290 !strcasecmp(smartlist_get(elts,0), "stderr");
4291 if (!validate_only) {
4292 if (daemon) {
4293 log_warn(LD_CONFIG,
4294 "Can't log to %s with RunAsDaemon set; skipping stdout",
4295 err?"stderr":"stdout");
4296 } else {
4297 add_stream_log(severity, err?"<stderr>":"<stdout>",
4298 fileno(err?stderr:stdout));
4299 }
4300 }
4301 goto cleanup;
4302 }
4303 if (smartlist_len(elts) == 1 &&
4304 !strcasecmp(smartlist_get(elts,0), "syslog")) {
4305 #ifdef HAVE_SYSLOG_H
4306 if (!validate_only) {
4307 add_syslog_log(severity);
4308 }
4309 #else
4310 log_warn(LD_CONFIG, "Syslog is not supported on this system. Sorry.");
4311 #endif
4312 goto cleanup;
4313 }
4314
4315 if (smartlist_len(elts) == 2 &&
4316 !strcasecmp(smartlist_get(elts,0), "file")) {
4317 if (!validate_only) {
4318 if (add_file_log(severity, smartlist_get(elts, 1)) < 0) {
4319 log_warn(LD_CONFIG, "Couldn't open file for 'Log %s': %s",
4320 opt->value, strerror(errno));
4321 ok = 0;
4322 }
4323 }
4324 goto cleanup;
4325 }
4326
4327 log_warn(LD_CONFIG, "Bad syntax on file Log option 'Log %s'",
4328 opt->value);
4329 ok = 0; goto cleanup;
4330
4331 cleanup:
4332 SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
4333 smartlist_clear(elts);
4334 tor_free(severity);
4335 }
4336 smartlist_free(elts);
4337
4338 return ok?0:-1;
4339 }
4340
4341 /** Read the contents of a Bridge line from <b>line</b>. Return 0
4342 * if the line is well-formed, and -1 if it isn't. If
4343 * <b>validate_only</b> is 0, and the line is well-formed, then add
4344 * the bridge described in the line to our internal bridge list. */
4345 static int
4346 parse_bridge_line(const char *line, int validate_only)
4347 {
4348 smartlist_t *items = NULL;
4349 int r;
4350 char *addrport=NULL, *fingerprint=NULL;
4351 tor_addr_t addr;
4352 uint16_t port = 0;
4353 char digest[DIGEST_LEN];
4354
4355 items = smartlist_create();
4356 smartlist_split_string(items, line, NULL,
4357 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
4358 if (smartlist_len(items) < 1) {
4359 log_warn(LD_CONFIG, "Too few arguments to Bridge line.");
4360 goto err;
4361 }
4362 addrport = smartlist_get(items, 0);
4363 smartlist_del_keeporder(items, 0);
4364 if (tor_addr_port_parse(addrport, &addr, &port)<0) {
4365 log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport);
4366 goto err;
4367 }
4368 if (!port) {
4369 log_info(LD_CONFIG,
4370 "Bridge address '%s' has no port; using default port 443.",
4371 addrport);
4372 port = 443;
4373 }
4374
4375 if (smartlist_len(items)) {
4376 fingerprint = smartlist_join_strings(items, "", 0, NULL);
4377 if (strlen(fingerprint) != HEX_DIGEST_LEN) {
4378 log_warn(LD_CONFIG, "Key digest for Bridge is wrong length.");
4379 goto err;
4380 }
4381 if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
4382 log_warn(LD_CONFIG, "Unable to decode Bridge key digest.");
4383 goto err;
4384 }
4385 }
4386
4387 if (!validate_only) {
4388 log_debug(LD_DIR, "Bridge at %s:%d (%s)", fmt_addr(&addr),
4389 (int)port,
4390 fingerprint ? fingerprint : "no key listed");
4391 bridge_add_from_config(&addr, port, fingerprint ? digest : NULL);
4392 }
4393
4394 r = 0;
4395 goto done;
4396
4397 err:
4398 r = -1;
4399
4400 done:
4401 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
4402 smartlist_free(items);
4403 tor_free(addrport);
4404 tor_free(fingerprint);
4405 return r;
4406 }
4407
4408 /** Read the contents of a DirServer line from <b>line</b>. If
4409 * <b>validate_only</b> is 0, and the line is well-formed, and it
4410 * shares any bits with <b>required_type</b> or <b>required_type</b>
4411 * is 0, then add the dirserver described in the line (minus whatever
4412 * bits it's missing) as a valid authority. Return 0 on success,
4413 * or -1 if the line isn't well-formed or if we can't add it. */
4414 static int
4415 parse_dir_server_line(const char *line, authority_type_t required_type,
4416 int validate_only)
4417 {
4418 smartlist_t *items = NULL;
4419 int r;
4420 char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL;
4421 uint16_t dir_port = 0, or_port = 0;
4422 char digest[DIGEST_LEN];
4423 char v3_digest[DIGEST_LEN];
4424 authority_type_t type = V2_AUTHORITY;
4425 int is_not_hidserv_authority = 0, is_not_v2_authority = 0;
4426
4427 items = smartlist_create();
4428 smartlist_split_string(items, line, NULL,
4429 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
4430 if (smartlist_len(items) < 1) {
4431 log_warn(LD_CONFIG, "No arguments on DirServer line.");
4432 goto err;
4433 }
4434
4435 if (is_legal_nickname(smartlist_get(items, 0))) {
4436 nickname = smartlist_get(items, 0);
4437 smartlist_del_keeporder(items, 0);
4438 }
4439
4440 while (smartlist_len(items)) {
4441 char *flag = smartlist_get(items, 0);
4442 if (TOR_ISDIGIT(flag[0]))
4443 break;
4444 if (!strcasecmp(flag, "v1")) {
4445 type |= (V1_AUTHORITY | HIDSERV_AUTHORITY);
4446 } else if (!strcasecmp(flag, "hs")) {
4447 type |= HIDSERV_AUTHORITY;
4448 } else if (!strcasecmp(flag, "no-hs")) {
4449 is_not_hidserv_authority = 1;
4450 } else if (!strcasecmp(flag, "bridge")) {
4451 type |= BRIDGE_AUTHORITY;
4452 } else if (!strcasecmp(flag, "no-v2")) {
4453 is_not_v2_authority = 1;
4454 } else if (!strcasecmpstart(flag, "orport=")) {
4455 int ok;
4456 char *portstring = flag + strlen("orport=");
4457 or_port = (uint16_t) tor_parse_long(portstring, 10, 1, 65535, &ok, NULL);
4458 if (!ok)
4459 log_warn(LD_CONFIG, "Invalid orport '%s' on DirServer line.",
4460 portstring);
4461 } else if (!strcasecmpstart(flag, "v3ident=")) {
4462 char *idstr = flag + strlen("v3ident=");
4463 if (strlen(idstr) != HEX_DIGEST_LEN ||
4464 base16_decode(v3_digest, DIGEST_LEN, idstr, HEX_DIGEST_LEN)<0) {
4465 log_warn(LD_CONFIG, "Bad v3 identity digest '%s' on DirServer line",
4466 flag);
4467 } else {
4468 type |= V3_AUTHORITY;
4469 }
4470 } else {
4471 log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirServer line",
4472 flag);
4473 }
4474 tor_free(flag);
4475 smartlist_del_keeporder(items, 0);
4476 }
4477 if (is_not_hidserv_authority)
4478 type &= ~HIDSERV_AUTHORITY;
4479 if (is_not_v2_authority)
4480 type &= ~V2_AUTHORITY;
4481
4482 if (smartlist_len(items) < 2) {
4483 log_warn(LD_CONFIG, "Too few arguments to DirServer line.");
4484 goto err;
4485 }
4486 addrport = smartlist_get(items, 0);
4487 smartlist_del_keeporder(items, 0);
4488 if (parse_addr_port(LOG_WARN, addrport, &address, NULL, &dir_port)<0) {
4489 log_warn(LD_CONFIG, "Error parsing DirServer address '%s'", addrport);
4490 goto err;
4491 }
4492 if (!dir_port) {
4493 log_warn(LD_CONFIG, "Missing port in DirServer address '%s'",addrport);
4494 goto err;
4495 }
4496
4497 fingerprint = smartlist_join_strings(items, "", 0, NULL);
4498 if (strlen(fingerprint) != HEX_DIGEST_LEN) {
4499 log_warn(LD_CONFIG, "Key digest for DirServer is wrong length %d.",
4500 (int)strlen(fingerprint));
4501 goto err;
4502 }
4503 if (!strcmp(fingerprint, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) {
4504 /* a known bad fingerprint. refuse to use it. We can remove this
4505 * clause once Tor 0.1.2.17 is obsolete. */
4506 log_warn(LD_CONFIG, "Dangerous dirserver line. To correct, erase your "
4507 "torrc file (%s), or reinstall Tor and use the default torrc.",
4508 get_torrc_fname());
4509 goto err;
4510 }
4511 if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
4512 log_warn(LD_CONFIG, "Unable to decode DirServer key digest.");
4513 goto err;
4514 }
4515
4516 if (!validate_only && (!required_type || required_type & type)) {
4517 if (required_type)
4518 type &= required_type; /* pare down what we think of them as an
4519 * authority for. */
4520 log_debug(LD_DIR, "Trusted %d dirserver at %s:%d (%s)", (int)type,
4521 address, (int)dir_port, (char*)smartlist_get(items,0));
4522 if (!add_trusted_dir_server(nickname, address, dir_port, or_port,
4523 digest, v3_digest, type))
4524 goto err;
4525 }
4526
4527 r = 0;
4528 goto done;
4529
4530 err:
4531 r = -1;
4532
4533 done:
4534 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
4535 smartlist_free(items);
4536 tor_free(addrport);
4537 tor_free(address);
4538 tor_free(nickname);
4539 tor_free(fingerprint);
4540 return r;
4541 }
4542
4543 /** Adjust the value of options->DataDirectory, or fill it in if it's
4544 * absent. Return 0 on success, -1 on failure. */
4545 static int
4546 normalize_data_directory(or_options_t *options)
4547 {
4548 #ifdef MS_WINDOWS
4549 char *p;
4550 if (options->DataDirectory)
4551 return 0; /* all set */
4552 p = tor_malloc(MAX_PATH);
4553 strlcpy(p,get_windows_conf_root(),MAX_PATH);
4554 options->DataDirectory = p;
4555 return 0;
4556 #else
4557 const char *d = options->DataDirectory;
4558 if (!d)
4559 d = "~/.tor";
4560
4561 if (strncmp(d,"~/",2) == 0) {
4562 char *fn = expand_filename(d);
4563 if (!fn) {
4564 log_warn(LD_CONFIG,"Failed to expand filename \"%s\".", d);
4565 return -1;
4566 }
4567 if (!options->DataDirectory && !strcmp(fn,"/.tor")) {
4568 /* If our homedir is /, we probably don't want to use it. */
4569 /* Default to LOCALSTATEDIR/tor which is probably closer to what we
4570 * want. */
4571 log_warn(LD_CONFIG,
4572 "Default DataDirectory is \"~/.tor\". This expands to "
4573 "\"%s\", which is probably not what you want. Using "
4574 "\"%s"PATH_SEPARATOR"tor\" instead", fn, LOCALSTATEDIR);
4575 tor_free(fn);
4576 fn = tor_strdup(LOCALSTATEDIR PATH_SEPARATOR "tor");
4577 }
4578 tor_free(options->DataDirectory);
4579 options->DataDirectory = fn;
4580 }
4581 return 0;
4582 #endif
4583 }
4584
4585 /** Check and normalize the value of options->DataDirectory; return 0 if it
4586 * sane, -1 otherwise. */
4587 static int
4588 validate_data_directory(or_options_t *options)
4589 {
4590 if (normalize_data_directory(options) < 0)
4591 return -1;
4592 tor_assert(options->DataDirectory);
4593 if (strlen(options->DataDirectory) > (512-128)) {
4594 log_warn(LD_CONFIG, "DataDirectory is too long.");
4595 return -1;
4596 }
4597 return 0;
4598 }
4599
4600 /** This string must remain the same forevermore. It is how we
4601 * recognize that the torrc file doesn't need to be backed up. */
4602 #define GENERATED_FILE_PREFIX "# This file was generated by Tor; " \
4603 "if you edit it, comments will not be preserved"
4604 /** This string can change; it tries to give the reader an idea
4605 * that editing this file by hand is not a good plan. */
4606 #define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
4607 "to torrc.orig.1 or similar, and Tor will ignore it"
4608
4609 /** Save a configuration file for the configuration in <b>options</b>
4610 * into the file <b>fname</b>. If the file already exists, and
4611 * doesn't begin with GENERATED_FILE_PREFIX, rename it. Otherwise
4612 * replace it. Return 0 on success, -1 on failure. */
4613 static int
4614 write_configuration_file(const char *fname, or_options_t *options)
4615 {
4616 char *old_val=NULL, *new_val=NULL, *new_conf=NULL;
4617 int rename_old = 0, r;
4618 size_t len;
4619
4620 tor_assert(fname);
4621
4622 switch (file_status(fname)) {
4623 case FN_FILE:
4624 old_val = read_file_to_str(fname, 0, NULL);
4625 if (strcmpstart(old_val, GENERATED_FILE_PREFIX)) {
4626 rename_old = 1;
4627 }
4628 tor_free(old_val);
4629 break;
4630 case FN_NOENT:
4631 break;
4632 case FN_ERROR:
4633 case FN_DIR:
4634 default:
4635 log_warn(LD_CONFIG,
4636 "Config file \"%s\" is not a file? Failing.", fname);
4637 return -1;
4638 }
4639
4640 if (!(new_conf = options_dump(options, 1))) {
4641 log_warn(LD_BUG, "Couldn't get configuration string");
4642 goto err;
4643 }
4644
4645 len = strlen(new_conf)+256;
4646 new_val = tor_malloc(len);
4647 tor_snprintf(new_val, len, "%s\n%s\n\n%s",
4648 GENERATED_FILE_PREFIX, GENERATED_FILE_COMMENT, new_conf);
4649
4650 if (rename_old) {
4651 int i = 1;
4652 size_t fn_tmp_len = strlen(fname)+32;
4653 char *fn_tmp;
4654 tor_assert(fn_tmp_len > strlen(fname)); /*check for overflow*/
4655 fn_tmp = tor_malloc(fn_tmp_len);
4656 while (1) {
4657 if (tor_snprintf(fn_tmp, fn_tmp_len, "%s.orig.%d", fname, i)<0) {
4658 log_warn(LD_BUG, "tor_snprintf failed inexplicably");
4659 tor_free(fn_tmp);
4660 goto err;
4661 }
4662 if (file_status(fn_tmp) == FN_NOENT)
4663 break;
4664 ++i;
4665 }
4666 log_notice(LD_CONFIG, "Renaming old configuration file to \"%s\"", fn_tmp);
4667 if (rename(fname, fn_tmp) < 0) {
4668 log_warn(LD_FS,
4669 "Couldn't rename configuration file \"%s\" to \"%s\": %s",
4670 fname, fn_tmp, strerror(errno));
4671 tor_free(fn_tmp);
4672 goto err;
4673 }
4674 tor_free(fn_tmp);
4675 }
4676
4677 if (write_str_to_file(fname, new_val, 0) < 0)
4678 goto err;
4679
4680 r = 0;
4681 goto done;
4682 err:
4683 r = -1;
4684 done:
4685 tor_free(new_val);
4686 tor_free(new_conf);
4687 return r;
4688 }
4689
4690 /**
4691 * Save the current configuration file value to disk. Return 0 on
4692 * success, -1 on failure.
4693 **/
4694 int
4695 options_save_current(void)
4696 {
4697 if (torrc_fname) {
4698 /* This fails if we can't write to our configuration file.
4699 *
4700 * If we try falling back to datadirectory or something, we have a better
4701 * chance of saving the configuration, but a better chance of doing
4702 * something the user never expected. Let's just warn instead. */
4703 return write_configuration_file(torrc_fname, get_options());
4704 }
4705 return write_configuration_file(get_default_conf_file(), get_options());
4706 }
4707
4708 /** Mapping from a unit name to a multiplier for converting that unit into a
4709 * base unit. */
4710 struct unit_table_t {
4711 const char *unit;
4712 uint64_t multiplier;
4713 };
4714
4715 /** Table to map the names of memory units to the number of bytes they
4716 * contain. */
4717 static struct unit_table_t memory_units[] = {
4718 { "", 1 },
4719 { "b", 1<< 0 },
4720 { "byte", 1<< 0 },
4721 { "bytes", 1<< 0 },
4722 { "kb", 1<<10 },
4723 { "kbyte", 1<<10 },
4724 { "kbytes", 1<<10 },
4725 { "kilobyte", 1<<10 },
4726 { "kilobytes", 1<<10 },
4727 { "m", 1<<20 },
4728 { "mb", 1<<20 },
4729 { "mbyte", 1<<20 },
4730 { "mbytes", 1<<20 },
4731 { "megabyte", 1<<20 },
4732 { "megabytes", 1<<20 },
4733 { "gb", 1<<30 },
4734 { "gbyte", 1<<30 },
4735 { "gbytes", 1<<30 },
4736 { "gigabyte", 1<<30 },
4737 { "gigabytes", 1<<30 },
4738 { "tb", U64_LITERAL(1)<<40 },
4739 { "terabyte", U64_LITERAL(1)<<40 },
4740 { "terabytes", U64_LITERAL(1)<<40 },
4741 { NULL, 0 },
4742 };
4743
4744 /** Table to map the names of time units to the number of seconds they
4745 * contain. */
4746 static struct unit_table_t time_units[] = {
4747 { "", 1 },
4748 { "second", 1 },
4749 { "seconds", 1 },
4750 { "minute", 60 },
4751 { "minutes", 60 },
4752 { "hour", 60*60 },
4753 { "hours", 60*60 },
4754 { "day", 24*60*60 },
4755 { "days", 24*60*60 },
4756 { "week", 7*24*60*60 },
4757 { "weeks", 7*24*60*60 },
4758 { NULL, 0 },
4759 };
4760
4761 /** Parse a string <b>val</b> containing a number, zero or more
4762 * spaces, and an optional unit string. If the unit appears in the
4763 * table <b>u</b>, then multiply the number by the unit multiplier.
4764 * On success, set *<b>ok</b> to 1 and return this product.
4765 * Otherwise, set *<b>ok</b> to 0.
4766 */
4767 static uint64_t
4768 config_parse_units(const char *val, struct unit_table_t *u, int *ok)
4769 {
4770 uint64_t v;
4771 char *cp;
4772
4773 tor_assert(ok);
4774
4775 v = tor_parse_uint64(val, 10, 0, UINT64_MAX, ok, &cp);
4776 if (!*ok)
4777 return 0;
4778 if (!cp) {
4779 *ok = 1;
4780 return v;
4781 }
4782 while (TOR_ISSPACE(*cp))
4783 ++cp;
4784 for ( ;u->unit;++u) {
4785 if (!strcasecmp(u->unit, cp)) {
4786 v *= u->multiplier;
4787 *ok = 1;
4788 return v;
4789 }
4790 }
4791 log_warn(LD_CONFIG, "Unknown unit '%s'.", cp);
4792 *ok = 0;
4793 return 0;
4794 }
4795
4796 /** Parse a string in the format "number unit", where unit is a unit of
4797 * information (byte, KB, M, etc). On success, set *<b>ok</b> to true
4798 * and return the number of bytes specified. Otherwise, set
4799 * *<b>ok</b> to false and return 0. */
4800 static uint64_t
4801 config_parse_memunit(const char *s, int *ok)
4802 {
4803 return config_parse_units(s, memory_units, ok);
4804 }
4805
4806 /** Parse a string in the format "number unit", where unit is a unit of time.
4807 * On success, set *<b>ok</b> to true and return the number of seconds in
4808 * the provided interval. Otherwise, set *<b>ok</b> to 0 and return -1.
4809 */
4810 static int
4811 config_parse_interval(const char *s, int *ok)
4812 {
4813 uint64_t r;
4814 r = config_parse_units(s, time_units, ok);
4815 if (!ok)
4816 return -1;
4817 if (r > INT_MAX) {
4818 log_warn(LD_CONFIG, "Interval '%s' is too long", s);
4819 *ok = 0;
4820 return -1;
4821 }
4822 return (int)r;
4823 }
4824
4825 /* This is what passes for version detection on OSX. We set
4826 * MACOSX_KQUEUE_IS_BROKEN to true iff we're on a version of OSX before
4827 * 10.4.0 (aka 1040). */
4828 #ifdef __APPLE__
4829 #ifdef __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__
4830 #define MACOSX_KQUEUE_IS_BROKEN \
4831 (__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 1040)
4832 #else
4833 #define MACOSX_KQUEUE_IS_BROKEN 0
4834 #endif
4835 #endif
4836
4837 /**
4838 * Initialize the libevent library.
4839 */
4840 static void
4841 init_libevent(void)
4842 {
4843 configure_libevent_logging();
4844 /* If the kernel complains that some method (say, epoll) doesn't
4845 * exist, we don't care about it, since libevent will cope.
4846 */
4847 suppress_libevent_log_msg("Function not implemented");
4848 #ifdef __APPLE__
4849 if (MACOSX_KQUEUE_IS_BROKEN ||
4850 decode_libevent_version(event_get_version(), NULL) < LE_11B) {
4851 setenv("EVENT_NOKQUEUE","1",1);
4852 }
4853 #endif
4854
4855 /* In libevent versions before 2.0, it's hard to keep binary compatibility
4856 * between upgrades, and unpleasant to detect when the version we compiled
4857 * against is unlike the version we have linked against. Here's how. */
4858 #if defined(_EVENT_VERSION) && defined(HAVE_EVENT_GET_VERSION)
4859 /* We have a header-file version and a function-call version. Easy. */
4860 if (strcmp(_EVENT_VERSION, event_get_version())) {
4861 int compat1 = -1, compat2 = -1;
4862 int verybad, prettybad ;
4863 decode_libevent_version(_EVENT_VERSION, &compat1);
4864 decode_libevent_version(event_get_version(), &compat2);
4865 verybad = compat1 != compat2;
4866 prettybad = (compat1 == -1 || compat2 == -1) && compat1 != compat2;
4867
4868 log(verybad ? LOG_WARN : (prettybad ? LOG_NOTICE : LOG_INFO),
4869 LD_GENERAL, "We were compiled with headers from version %s "
4870 "of Libevent, but we're using a Libevent library that says it's "
4871 "version %s.", _EVENT_VERSION, event_get_version());
4872 if (verybad)
4873 log_warn(LD_GENERAL, "This will almost certainly make Tor crash.");
4874 else if (prettybad)
4875 log_notice(LD_GENERAL, "If Tor crashes, this might be why.");
4876 else
4877 log_info(LD_GENERAL, "I think these versions are binary-compatible.");
4878 }
4879 #elif defined(HAVE_EVENT_GET_VERSION)
4880 /* event_get_version but no _EVENT_VERSION. We might be in 1.4.0-beta or
4881 earlier, where that's normal. To see whether we were compiled with an
4882 earlier version, let's see whether the struct event defines MIN_HEAP_IDX.
4883 */
4884 #ifdef HAVE_STRUCT_EVENT_MIN_HEAP_IDX
4885 /* The header files are 1.4.0-beta or later. If the version is not
4886 * 1.4.0-beta, we are incompatible. */
4887 {
4888 if (strcmp(event_get_version(), "1.4.0-beta")) {
4889 log_warn(LD_GENERAL, "It's a little hard to tell, but you seem to have "
4890 "Libevent 1.4.0-beta header files, whereas you have linked "
4891 "against Libevent %s. This will probably make Tor crash.",
4892 event_get_version());
4893 }
4894 }
4895 #else
4896 /* Our headers are 1.3e or earlier. If the library version is not 1.4.x or
4897 later, we're probably fine. */
4898 {
4899 const char *v = event_get_version();
4900 if ((v[0] == '1' && v[2] == '.' && v[3] > '3') || v[0] > '1') {
4901 log_warn(LD_GENERAL, "It's a little hard to tell, but you seem to have "
4902 "Libevent header file from 1.3e or earlier, whereas you have "
4903 "linked against Libevent %s. This will probably make Tor "
4904 "crash.", event_get_version());
4905 }
4906 }
4907 #endif
4908
4909 #elif defined(_EVENT_VERSION)
4910 #warn "_EVENT_VERSION is defined but not get_event_version(): Libevent is odd."
4911 #else
4912 /* Your libevent is ancient. */
4913 #endif
4914
4915 event_init();
4916 suppress_libevent_log_msg(NULL);
4917 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
4918 /* Making this a NOTICE for now so we can link bugs to a libevent versions
4919 * or methods better. */
4920 log(LOG_NOTICE, LD_GENERAL,
4921 "Initialized libevent version %s using method %s. Good.",
4922 event_get_version(), event_get_method());
4923 check_libevent_version(event_get_method(), get_options()->ORPort != 0);
4924 #else
4925 log(LOG_NOTICE, LD_GENERAL,
4926 "Initialized old libevent (version 1.0b or earlier).");
4927 log(LOG_WARN, LD_GENERAL,
4928 "You have a *VERY* old version of libevent. It is likely to be buggy; "
4929 "please build Tor with a more recent version.");
4930 #endif
4931 }
4932
4933 /** Table mapping return value of event_get_version() to le_version_t. */
4934 static const struct {
4935 const char *name; le_version_t version; int bincompat;
4936 } le_version_table[] = {
4937 /* earlier versions don't have get_version. */
4938 { "1.0c", LE_10C, 1},
4939 { "1.0d", LE_10D, 1},
4940 { "1.0e", LE_10E, 1},
4941 { "1.1", LE_11, 1 },
4942 { "1.1a", LE_11A, 1 },
4943 { "1.1b", LE_11B, 1 },
4944 { "1.2", LE_12, 1 },
4945 { "1.2a", LE_12A, 1 },
4946 { "1.3", LE_13, 1 },
4947 { "1.3a", LE_13A, 1 },
4948 { "1.3b", LE_13B, 1 },
4949 { "1.3c", LE_13C, 1 },
4950 { "1.3d", LE_13D, 1 },
4951 { "1.3e", LE_13E, 1 },
4952 { "1.4.0-beta", LE_140, 2 },
4953 { "1.4.1-beta", LE_141, 2 },
4954 { "1.4.2-rc", LE_142, 2 },
4955 { "1.4.3-stable", LE_143, 2 },
4956 { "1.4.4-stable", LE_144, 2 },
4957 { "1.4.5-stable", LE_145, 2 },
4958 { "1.4.6-stable", LE_146, 2 },
4959 { "1.4.7-stable", LE_147, 2 },
4960 { "1.4.8-stable", LE_148, 2 },
4961 { "1.4.99-trunk", LE_1499, 3 },
4962 { NULL, LE_OTHER, 0 }
4963 };
4964
4965 /** Return the le_version_t for the current version of libevent. If the
4966 * version is very new, return LE_OTHER. If the version is so old that it
4967 * doesn't support event_get_version(), return LE_OLD. */
4968 static le_version_t
4969 decode_libevent_version(const char *v, int *bincompat_out)
4970 {
4971 int i;
4972 for (i=0; le_version_table[i].name; ++i) {
4973 if (!strcmp(le_version_table[i].name, v)) {
4974 if (bincompat_out)
4975 *bincompat_out = le_version_table[i].bincompat;
4976 return le_version_table[i].version;
4977 }
4978 }
4979 if (v[0] != '1' && bincompat_out)
4980 *bincompat_out = 100;
4981 else if (!strcmpstart(v, "1.4") && bincompat_out)
4982 *bincompat_out = 2;
4983 return LE_OTHER;
4984 }
4985
4986 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
4987 /**
4988 * Compare the given libevent method and version to a list of versions
4989 * which are known not to work. Warn the user as appropriate.
4990 */
4991 static void
4992 check_libevent_version(const char *m, int server)
4993 {
4994 int buggy = 0, iffy = 0, slow = 0, thread_unsafe = 0;
4995 le_version_t version;
4996 const char *v = event_get_version();
4997 const char *badness = NULL;
4998 const char *sad_os = "";
4999
5000 version = decode_libevent_version(v, NULL);
5001
5002 /* XXX Would it be worthwhile disabling the methods that we know
5003 * are buggy, rather than just warning about them and then proceeding
5004 * to use them? If so, we should probably not wrap this whole thing
5005 * in HAVE_EVENT_GET_VERSION and HAVE_EVENT_GET_METHOD. -RD */
5006 /* XXXX The problem is that it's not trivial to get libevent to change it's
5007 * method once it's initialized, and it's not trivial to tell what method it
5008 * will use without initializing it. I guess we could preemptively disable
5009 * buggy libevent modes based on the version _before_ initializing it,
5010 * though, but then there's no good way (afaict) to warn "I would have used
5011 * kqueue, but instead I'm using select." -NM */
5012 if (!strcmp(m, "kqueue")) {
5013 if (version < LE_11B)
5014 buggy = 1;
5015 } else if (!strcmp(m, "epoll")) {
5016 if (version < LE_11)
5017 iffy = 1;
5018 } else if (!strcmp(m, "poll")) {
5019 if (version < LE_10E)
5020 buggy = 1;
5021 else if (version < LE_11)
5022 slow = 1;
5023 } else if (!strcmp(m, "select")) {
5024 if (version < LE_11)
5025 slow = 1;
5026 } else if (!strcmp(m, "win32")) {
5027 if (version < LE_11B)
5028 buggy = 1;
5029 }
5030
5031 /* Libevent versions before 1.3b do very badly on operating systems with
5032 * user-space threading implementations. */
5033 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__)
5034 if (server && version < LE_13B) {
5035 thread_unsafe = 1;
5036 sad_os = "BSD variants";
5037 }
5038 #elif defined(__APPLE__) || defined(__darwin__)
5039 if (server && version < LE_13B) {
5040 thread_unsafe = 1;
5041 sad_os = "Mac OS X";
5042 }
5043 #endif
5044
5045 if (thread_unsafe) {
5046 log(LOG_WARN, LD_GENERAL,
5047 "Libevent version %s often crashes when running a Tor server with %s. "
5048 "Please use the latest version of libevent (1.3b or later)",v,sad_os);
5049 badness = "BROKEN";
5050 } else if (buggy) {
5051 log(LOG_WARN, LD_GENERAL,
5052 "There are serious bugs in using %s with libevent %s. "
5053 "Please use the latest version of libevent.", m, v);
5054 badness = "BROKEN";
5055 } else if (iffy) {
5056 log(LOG_WARN, LD_GENERAL,
5057 "There are minor bugs in using %s with libevent %s. "
5058 "You may want to use the latest version of libevent.", m, v);
5059 badness = "BUGGY";
5060 } else if (slow && server) {
5061 log(LOG_WARN, LD_GENERAL,
5062 "libevent %s can be very slow with %s. "
5063 "When running a server, please use the latest version of libevent.",
5064 v,m);
5065 badness = "SLOW";
5066 }
5067 if (badness) {
5068 control_event_general_status(LOG_WARN,
5069 "BAD_LIBEVENT VERSION=%s METHOD=%s BADNESS=%s RECOVERED=NO",
5070 v, m, badness);
5071 }
5072
5073 }
5074 #endif
5075
5076 /** Return the persistent state struct for this Tor. */
5077 or_state_t *
5078 get_or_state(void)
5079 {
5080 tor_assert(global_state);
5081 return global_state;
5082 }
5083
5084 /** Return a newly allocated string holding a filename relative to the data
5085 * directory. If <b>sub1</b> is present, it is the first path component after
5086 * the data directory. If <b>sub2</b> is also present, it is the second path
5087 * component after the data directory. If <b>suffix</b> is present, it
5088 * is appended to the filename.
5089 *
5090 * Examples:
5091 * get_datadir_fname2_suffix("a", NULL, NULL) -> $DATADIR/a
5092 * get_datadir_fname2_suffix("a", NULL, ".tmp") -> $DATADIR/a.tmp
5093 * get_datadir_fname2_suffix("a", "b", ".tmp") -> $DATADIR/a/b/.tmp
5094 * get_datadir_fname2_suffix("a", "b", NULL) -> $DATADIR/a/b
5095 *
5096 * Note: Consider using the get_datadir_fname* macros in or.h.
5097 */
5098 char *
5099 options_get_datadir_fname2_suffix(or_options_t *options,
5100 const char *sub1, const char *sub2,
5101 const char *suffix)
5102 {
5103 char *fname = NULL;
5104 size_t len;
5105 tor_assert(options);
5106 tor_assert(options->DataDirectory);
5107 tor_assert(sub1 || !sub2); /* If sub2 is present, sub1 must be present. */
5108 len = strlen(options->DataDirectory);
5109 if (sub1) {
5110 len += strlen(sub1)+1;
5111 if (sub2)
5112 len += strlen(sub2)+1;
5113 }
5114 if (suffix)
5115 len += strlen(suffix);
5116 len++;
5117 fname = tor_malloc(len);
5118 if (sub1) {
5119 if (sub2) {
5120 tor_snprintf(fname, len, "%s"PATH_SEPARATOR"%s"PATH_SEPARATOR"%s",
5121 options->DataDirectory, sub1, sub2);
5122 } else {
5123 tor_snprintf(fname, len, "%s"PATH_SEPARATOR"%s",
5124 options->DataDirectory, sub1);
5125 }
5126 } else {
5127 strlcpy(fname, options->DataDirectory, len);
5128 }
5129 if (suffix)
5130 strlcat(fname, suffix, len);
5131 return fname;
5132 }
5133
5134 /** Return 0 if every setting in <b>state</b> is reasonable, and a
5135 * permissible transition from <b>old_state</b>. Else warn and return -1.
5136 * Should have no side effects, except for normalizing the contents of
5137 * <b>state</b>.
5138 */
5139 /* XXX from_setconf is here because of bug 238 */
5140 static int
5141 or_state_validate(or_state_t *old_state, or_state_t *state,
5142 int from_setconf, char **msg)
5143 {
5144 /* We don't use these; only options do. Still, we need to match that
5145 * signature. */
5146 (void) from_setconf;
5147 (void) old_state;
5148
5149 if (entry_guards_parse_state(state, 0, msg)<0)
5150 return -1;
5151
5152 return 0;
5153 }
5154
5155 /** Replace the current persistent state with <b>new_state</b> */
5156 static void
5157 or_state_set(or_state_t *new_state)
5158 {
5159 char *err = NULL;
5160 tor_assert(new_state);
5161 if (global_state)
5162 config_free(&state_format, global_state);
5163 global_state = new_state;
5164 if (entry_guards_parse_state(global_state, 1, &err)<0) {
5165 log_warn(LD_GENERAL,"%s",err);
5166 tor_free(err);
5167 }
5168 if (rep_hist_load_state(global_state, &err)<0) {
5169 log_warn(LD_GENERAL,"Unparseable bandwidth history state: %s",err);
5170 tor_free(err);
5171 }
5172 }
5173
5174 /** Reload the persistent state from disk, generating a new state as needed.
5175 * Return 0 on success, less than 0 on failure.
5176 */
5177 static int
5178 or_state_load(void)
5179 {
5180 or_state_t *new_state = NULL;
5181 char *contents = NULL, *fname;
5182 char *errmsg = NULL;
5183 int r = -1, badstate = 0;
5184
5185 fname = get_datadir_fname("state");
5186 switch (file_status(fname)) {
5187 case FN_FILE:
5188 if (!(contents = read_file_to_str(fname, 0, NULL))) {
5189 log_warn(LD_FS, "Unable to read state file \"%s\"", fname);
5190 goto done;
5191 }
5192 break;
5193 case FN_NOENT:
5194 break;
5195 case FN_ERROR:
5196 case FN_DIR:
5197 default:
5198 log_warn(LD_GENERAL,"State file \"%s\" is not a file? Failing.", fname);
5199 goto done;
5200 }
5201 new_state = tor_malloc_zero(sizeof(or_state_t));
5202 new_state->_magic = OR_STATE_MAGIC;
5203 config_init(&state_format, new_state);
5204 if (contents) {
5205 config_line_t *lines=NULL;
5206 int assign_retval;
5207 if (config_get_lines(contents, &lines)<0)
5208 goto done;
5209 assign_retval = config_assign(&state_format, new_state,
5210 lines, 0, 0, &errmsg);
5211 config_free_lines(lines);
5212 if (assign_retval<0)
5213 badstate = 1;
5214 if (errmsg) {
5215 log_warn(LD_GENERAL, "%s", errmsg);
5216 tor_free(errmsg);
5217 }
5218 }
5219
5220 if (!badstate && or_state_validate(NULL, new_state, 1, &errmsg) < 0)
5221 badstate = 1;
5222
5223 if (errmsg) {
5224 log_warn(LD_GENERAL, "%s", errmsg);
5225 tor_free(errmsg);
5226 }
5227
5228 if (badstate && !contents) {
5229 log_warn(LD_BUG, "Uh oh. We couldn't even validate our own default state."
5230 " This is a bug in Tor.");
5231 goto done;
5232 } else if (badstate && contents) {
5233 int i;
5234 file_status_t status;
5235 size_t len = strlen(fname)+16;
5236 char *fname2 = tor_malloc(len);
5237 for (i = 0; i < 100; ++i) {
5238 tor_snprintf(fname2, len, "%s.%d", fname, i);
5239 status = file_status(fname2);
5240 if (status == FN_NOENT)
5241 break;
5242 }
5243 if (i == 100) {
5244 log_warn(LD_BUG, "Unable to parse state in \"%s\"; too many saved bad "
5245 "state files to move aside. Discarding the old state file.",
5246 fname);
5247 unlink(fname);
5248 } else {
5249 log_warn(LD_BUG, "Unable to parse state in \"%s\". Moving it aside "
5250 "to \"%s\". This could be a bug in Tor; please tell "
5251 "the developers.", fname, fname2);
5252 if (rename(fname, fname2) < 0) {
5253 log_warn(LD_BUG, "Weirdly, I couldn't even move the state aside. The "
5254 "OS gave an error of %s", strerror(errno));
5255 }
5256 }
5257 tor_free(fname2);
5258 tor_free(contents);
5259 config_free(&state_format, new_state);
5260
5261 new_state = tor_malloc_zero(sizeof(or_state_t));
5262 new_state->_magic = OR_STATE_MAGIC;
5263 config_init(&state_format, new_state);
5264 } else if (contents) {
5265 log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
5266 } else {
5267 log_info(LD_GENERAL, "Initialized state");
5268 }
5269 or_state_set(new_state);
5270 new_state = NULL;
5271 if (!contents) {
5272 global_state->next_write = 0;
5273 or_state_save(time(NULL));
5274 }
5275 r = 0;
5276
5277 done:
5278 tor_free(fname);
5279 tor_free(contents);
5280 if (new_state)
5281 config_free(&state_format, new_state);
5282
5283 return r;
5284 }
5285
5286 /** Write the persistent state to disk. Return 0 for success, <0 on failure. */
5287 int
5288 or_state_save(time_t now)
5289 {
5290 char *state, *contents;
5291 char tbuf[ISO_TIME_LEN+1];
5292 size_t len;
5293 char *fname;
5294
5295 tor_assert(global_state);
5296
5297 if (global_state->next_write > now)
5298 return 0;
5299
5300 /* Call everything else that might dirty the state even more, in order
5301 * to avoid redundant writes. */
5302 entry_guards_update_state(global_state);
5303 rep_hist_update_state(global_state);
5304 if (accounting_is_enabled(get_options()))
5305 accounting_run_housekeeping(now);
5306
5307 global_state->LastWritten = time(NULL);
5308 tor_free(global_state->TorVersion);
5309 len = strlen(get_version())+8;
5310 global_state->TorVersion = tor_malloc(len);
5311 tor_snprintf(global_state->TorVersion, len, "Tor %s", get_version());
5312
5313 state = config_dump(&state_format, global_state, 1, 0);
5314 len = strlen(state)+256;
5315 contents = tor_malloc(len);
5316 format_local_iso_time(tbuf, time(NULL));
5317 tor_snprintf(contents, len,
5318 "# Tor state file last generated on %s local time\n"
5319 "# Other times below are in GMT\n"
5320 "# You *do not* need to edit this file.\n\n%s",
5321 tbuf, state);
5322 tor_free(state);
5323 fname = get_datadir_fname("state");
5324 if (write_str_to_file(fname, contents, 0)<0) {
5325 log_warn(LD_FS, "Unable to write state to file \"%s\"", fname);
5326 tor_free(fname);
5327 tor_free(contents);
5328 return -1;
5329 }
5330 log_info(LD_GENERAL, "Saved state to \"%s\"", fname);
5331 tor_free(fname);
5332 tor_free(contents);
5333
5334 global_state->next_write = TIME_MAX;
5335 return 0;
5336 }
5337
5338 /** Given a file name check to see whether the file exists but has not been
5339 * modified for a very long time. If so, remove it. */
5340 void
5341 remove_file_if_very_old(const char *fname, time_t now)
5342 {
5343 #define VERY_OLD_FILE_AGE (28*24*60*60)
5344 struct stat st;
5345
5346 if (stat(fname, &st)==0 && st.st_mtime < now-VERY_OLD_FILE_AGE) {
5347 char buf[ISO_TIME_LEN+1];
5348 format_local_iso_time(buf, st.st_mtime);
5349 log_notice(LD_GENERAL, "Obsolete file %s hasn't been modified since %s. "
5350 "Removing it.", fname, buf);
5351 unlink(fname);
5352 }
5353 }
5354
5355 /** Helper to implement GETINFO functions about configuration variables (not
5356 * their values). Given a "config/names" question, set *<b>answer</b> to a
5357 * new string describing the supported configuration variables and their
5358 * types. */
5359 int
5360 getinfo_helper_config(control_connection_t *conn,
5361 const char *question, char **answer)
5362 {
5363 (void) conn;
5364 if (!strcmp(question, "config/names")) {
5365 smartlist_t *sl = smartlist_create();
5366 int i;
5367 for (i = 0; _option_vars[i].name; ++i) {
5368 config_var_t *var = &_option_vars[i];
5369 const char *type, *desc;
5370 char *line;
5371 size_t len;
5372 desc = config_find_description(&options_format, var->name);
5373 switch (var->type) {
5374 case CONFIG_TYPE_STRING: type = "String"; break;
5375 case CONFIG_TYPE_FILENAME: type = "Filename"; break;
5376 case CONFIG_TYPE_UINT: type = "Integer"; break;
5377 case CONFIG_TYPE_INTERVAL: type = "TimeInterval"; break;
5378 case CONFIG_TYPE_MEMUNIT: type = "DataSize"; break;
5379 case CONFIG_TYPE_DOUBLE: type = "Float"; break;
5380 case CONFIG_TYPE_BOOL: type = "Boolean"; break;
5381 case CONFIG_TYPE_ISOTIME: type = "Time"; break;
5382 case CONFIG_TYPE_ROUTERSET: type = "RouterList"; break;
5383 case CONFIG_TYPE_CSV: type = "CommaList"; break;
5384 case CONFIG_TYPE_LINELIST: type = "LineList"; break;
5385 case CONFIG_TYPE_LINELIST_S: type = "Dependant"; break;
5386 case CONFIG_TYPE_LINELIST_V: type = "Virtual"; break;
5387 default:
5388 case CONFIG_TYPE_OBSOLETE:
5389 type = NULL; break;
5390 }
5391 if (!type)
5392 continue;
5393 len = strlen(var->name)+strlen(type)+16;
5394 if (desc)
5395 len += strlen(desc);
5396 line = tor_malloc(len);
5397 if (desc)
5398 tor_snprintf(line, len, "%s %s %s\n",var->name,type,desc);
5399 else
5400 tor_snprintf(line, len, "%s %s\n",var->name,type);
5401 smartlist_add(sl, line);
5402 }
5403 *answer = smartlist_join_strings(sl, "", 0, NULL);
5404 SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
5405 smartlist_free(sl);
5406 }
5407 return 0;
5408 }
5409