search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix compile warnings on Snow Leopard
[tor/rransom.git] / src / or / config.c
blob8fd70bec9f00c8aee8e423ab59bbdfca02612092
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2009, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file config.c
9 * \brief Code to parse and interpret configuration files.
10 **/
11
12 #define CONFIG_PRIVATE
13
14 #include "or.h"
15 #ifdef MS_WINDOWS
16 #include <shlobj.h>
17 #endif
18
19 /** Enumeration of types which option values can take */
20 typedef enum config_type_t {
21 CONFIG_TYPE_STRING = 0, /**< An arbitrary string. */
22 CONFIG_TYPE_FILENAME, /**< A filename: some prefixes get expanded. */
23 CONFIG_TYPE_UINT, /**< A non-negative integer less than MAX_INT */
24 CONFIG_TYPE_INTERVAL, /**< A number of seconds, with optional units*/
25 CONFIG_TYPE_MEMUNIT, /**< A number of bytes, with optional units*/
26 CONFIG_TYPE_DOUBLE, /**< A floating-point value */
27 CONFIG_TYPE_BOOL, /**< A boolean value, expressed as 0 or 1. */
28 CONFIG_TYPE_ISOTIME, /**< An ISO-formatted time relative to GMT. */
29 CONFIG_TYPE_CSV, /**< A list of strings, separated by commas and
30 * optional whitespace. */
31 CONFIG_TYPE_LINELIST, /**< Uninterpreted config lines */
32 CONFIG_TYPE_LINELIST_S, /**< Uninterpreted, context-sensitive config lines,
33 * mixed with other keywords. */
34 CONFIG_TYPE_LINELIST_V, /**< Catch-all "virtual" option to summarize
35 * context-sensitive config lines when fetching.
36 */
37 CONFIG_TYPE_ROUTERSET, /**< A list of router names, addrs, and fps,
38 * parsed into a routerset_t. */
39 CONFIG_TYPE_OBSOLETE, /**< Obsolete (ignored) option. */
40 } config_type_t;
41
42 /** An abbreviation for a configuration option allowed on the command line. */
43 typedef struct config_abbrev_t {
44 const char *abbreviated;
45 const char *full;
46 int commandline_only;
47 int warn;
48 } config_abbrev_t;
49
50 /* Handy macro for declaring "In the config file or on the command line,
51 * you can abbreviate <b>tok</b>s as <b>tok</b>". */
52 #define PLURAL(tok) { #tok, #tok "s", 0, 0 }
53
54 /** A list of abbreviations and aliases to map command-line options, obsolete
55 * option names, or alternative option names, to their current values. */
56 static config_abbrev_t _option_abbrevs[] = {
57 PLURAL(ExitNode),
58 PLURAL(EntryNode),
59 PLURAL(ExcludeNode),
60 PLURAL(FirewallPort),
61 PLURAL(LongLivedPort),
62 PLURAL(HiddenServiceNode),
63 PLURAL(HiddenServiceExcludeNode),
64 PLURAL(NumCpu),
65 PLURAL(RendNode),
66 PLURAL(RendExcludeNode),
67 PLURAL(StrictEntryNode),
68 PLURAL(StrictExitNode),
69 { "l", "Log", 1, 0},
70 { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
71 { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
72 { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
73 { "BandwidthRateBytes", "BandwidthRate", 0, 0},
74 { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
75 { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
76 { "MaxConn", "ConnLimit", 0, 1},
77 { "ORBindAddress", "ORListenAddress", 0, 0},
78 { "DirBindAddress", "DirListenAddress", 0, 0},
79 { "SocksBindAddress", "SocksListenAddress", 0, 0},
80 { "UseHelperNodes", "UseEntryGuards", 0, 0},
81 { "NumHelperNodes", "NumEntryGuards", 0, 0},
82 { "UseEntryNodes", "UseEntryGuards", 0, 0},
83 { "NumEntryNodes", "NumEntryGuards", 0, 0},
84 { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
85 { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
86 { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0 },
87 { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
88 { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
89 { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
90 { NULL, NULL, 0, 0},
91 };
92
93 /** A list of state-file "abbreviations," for compatibility. */
94 static config_abbrev_t _state_abbrevs[] = {
95 { "AccountingBytesReadInterval", "AccountingBytesReadInInterval", 0, 0 },
96 { "HelperNode", "EntryGuard", 0, 0 },
97 { "HelperNodeDownSince", "EntryGuardDownSince", 0, 0 },
98 { "HelperNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
99 { "EntryNode", "EntryGuard", 0, 0 },
100 { "EntryNodeDownSince", "EntryGuardDownSince", 0, 0 },
101 { "EntryNodeUnlistedSince", "EntryGuardUnlistedSince", 0, 0 },
102 { NULL, NULL, 0, 0},
103 };
104 #undef PLURAL
105
106 /** A variable allowed in the configuration file or on the command line. */
107 typedef struct config_var_t {
108 const char *name; /**< The full keyword (case insensitive). */
109 config_type_t type; /**< How to interpret the type and turn it into a
110 * value. */
111 off_t var_offset; /**< Offset of the corresponding member of or_options_t. */
112 const char *initvalue; /**< String (or null) describing initial value. */
113 } config_var_t;
114
115 /** An entry for config_vars: "The option <b>name</b> has type
116 * CONFIG_TYPE_<b>conftype</b>, and corresponds to
117 * or_options_t.<b>member</b>"
118 */
119 #define VAR(name,conftype,member,initvalue) \
120 { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_options_t, member), \
121 initvalue }
122 /** As VAR, but the option name and member name are the same. */
123 #define V(member,conftype,initvalue) \
124 VAR(#member, conftype, member, initvalue)
125 /** An entry for config_vars: "The option <b>name</b> is obsolete." */
126 #define OBSOLETE(name) { name, CONFIG_TYPE_OBSOLETE, 0, NULL }
127
128 /** Array of configuration options. Until we disallow nonstandard
129 * abbreviations, order is significant, since the first matching option will
130 * be chosen first.
131 */
132 static config_var_t _option_vars[] = {
133 OBSOLETE("AccountingMaxKB"),
134 V(AccountingMax, MEMUNIT, "0 bytes"),
135 V(AccountingStart, STRING, NULL),
136 V(Address, STRING, NULL),
137 V(AllowInvalidNodes, CSV, "middle,rendezvous"),
138 V(AllowNonRFC953Hostnames, BOOL, "0"),
139 V(AllowSingleHopCircuits, BOOL, "0"),
140 V(AllowSingleHopExits, BOOL, "0"),
141 V(AlternateBridgeAuthority, LINELIST, NULL),
142 V(AlternateDirAuthority, LINELIST, NULL),
143 V(AlternateHSAuthority, LINELIST, NULL),
144 V(AssumeReachable, BOOL, "0"),
145 V(AuthDirBadDir, LINELIST, NULL),
146 V(AuthDirBadExit, LINELIST, NULL),
147 V(AuthDirInvalid, LINELIST, NULL),
148 V(AuthDirReject, LINELIST, NULL),
149 V(AuthDirRejectUnlisted, BOOL, "0"),
150 V(AuthDirListBadDirs, BOOL, "0"),
151 V(AuthDirListBadExits, BOOL, "0"),
152 V(AuthDirMaxServersPerAddr, UINT, "2"),
153 V(AuthDirMaxServersPerAuthAddr,UINT, "5"),
154 VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
155 V(AutomapHostsOnResolve, BOOL, "0"),
156 V(AutomapHostsSuffixes, CSV, ".onion,.exit"),
157 V(AvoidDiskWrites, BOOL, "0"),
158 V(BandwidthBurst, MEMUNIT, "10 MB"),
159 V(BandwidthRate, MEMUNIT, "5 MB"),
160 V(BridgeAuthoritativeDir, BOOL, "0"),
161 VAR("Bridge", LINELIST, Bridges, NULL),
162 V(BridgePassword, STRING, NULL),
163 V(BridgeRecordUsageByCountry, BOOL, "1"),
164 V(BridgeRelay, BOOL, "0"),
165 V(CircuitBuildTimeout, INTERVAL, "1 minute"),
166 V(CircuitIdleTimeout, INTERVAL, "1 hour"),
167 V(ClientDNSRejectInternalAddresses, BOOL,"1"),
168 V(ClientOnly, BOOL, "0"),
169 V(ConnLimit, UINT, "1000"),
170 V(ConstrainedSockets, BOOL, "0"),
171 V(ConstrainedSockSize, MEMUNIT, "8192"),
172 V(ContactInfo, STRING, NULL),
173 V(ControlListenAddress, LINELIST, NULL),
174 V(ControlPort, UINT, "0"),
175 V(ControlSocket, LINELIST, NULL),
176 V(CookieAuthentication, BOOL, "0"),
177 V(CookieAuthFileGroupReadable, BOOL, "0"),
178 V(CookieAuthFile, STRING, NULL),
179 V(DataDirectory, FILENAME, NULL),
180 OBSOLETE("DebugLogFile"),
181 V(DirAllowPrivateAddresses, BOOL, NULL),
182 V(TestingAuthDirTimeToLearnReachability, INTERVAL, "30 minutes"),
183 V(DirListenAddress, LINELIST, NULL),
184 OBSOLETE("DirFetchPeriod"),
185 V(DirPolicy, LINELIST, NULL),
186 V(DirPort, UINT, "0"),
187 V(DirPortFrontPage, FILENAME, NULL),
188 OBSOLETE("DirPostPeriod"),
189 #ifdef ENABLE_GEOIP_STATS
190 V(DirRecordUsageByCountry, BOOL, "0"),
191 V(DirRecordUsageGranularity, UINT, "4"),
192 V(DirRecordUsageRetainIPs, INTERVAL, "14 days"),
193 V(DirRecordUsageSaveInterval, INTERVAL, "6 hours"),
194 #endif
195 VAR("DirServer", LINELIST, DirServers, NULL),
196 V(DNSPort, UINT, "0"),
197 V(DNSListenAddress, LINELIST, NULL),
198 V(DownloadExtraInfo, BOOL, "0"),
199 V(EnforceDistinctSubnets, BOOL, "1"),
200 V(EntryNodes, ROUTERSET, NULL),
201 V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
202 V(ExcludeNodes, ROUTERSET, NULL),
203 V(ExcludeExitNodes, ROUTERSET, NULL),
204 V(ExcludeSingleHopRelays, BOOL, "1"),
205 V(ExitNodes, ROUTERSET, NULL),
206 V(ExitPolicy, LINELIST, NULL),
207 V(ExitPolicyRejectPrivate, BOOL, "1"),
208 V(FallbackNetworkstatusFile, FILENAME,
209 SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "fallback-consensus"),
210 V(FascistFirewall, BOOL, "0"),
211 V(FirewallPorts, CSV, ""),
212 V(FastFirstHopPK, BOOL, "1"),
213 V(FetchDirInfoEarly, BOOL, "0"),
214 V(FetchServerDescriptors, BOOL, "1"),
215 V(FetchHidServDescriptors, BOOL, "1"),
216 V(FetchUselessDescriptors, BOOL, "0"),
217 #ifdef WIN32
218 V(GeoIPFile, FILENAME, "<default>"),
219 #else
220 V(GeoIPFile, FILENAME,
221 SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
222 #endif
223 OBSOLETE("Group"),
224 V(HardwareAccel, BOOL, "0"),
225 V(HashedControlPassword, LINELIST, NULL),
226 V(HidServDirectoryV2, BOOL, "1"),
227 VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL),
228 OBSOLETE("HiddenServiceExcludeNodes"),
229 OBSOLETE("HiddenServiceNodes"),
230 VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
231 VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL),
232 VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
233 VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL),
234 V(HidServAuth, LINELIST, NULL),
235 V(HSAuthoritativeDir, BOOL, "0"),
236 V(HSAuthorityRecordStats, BOOL, "0"),
237 V(HttpProxy, STRING, NULL),
238 V(HttpProxyAuthenticator, STRING, NULL),
239 V(HttpsProxy, STRING, NULL),
240 V(HttpsProxyAuthenticator, STRING, NULL),
241 OBSOLETE("IgnoreVersion"),
242 V(KeepalivePeriod, INTERVAL, "5 minutes"),
243 VAR("Log", LINELIST, Logs, NULL),
244 OBSOLETE("LinkPadding"),
245 OBSOLETE("LogLevel"),
246 OBSOLETE("LogFile"),
247 V(LongLivedPorts, CSV,
248 "21,22,706,1863,5050,5190,5222,5223,6667,6697,8300"),
249 VAR("MapAddress", LINELIST, AddressMap, NULL),
250 V(MaxAdvertisedBandwidth, MEMUNIT, "1 GB"),
251 V(MaxCircuitDirtiness, INTERVAL, "10 minutes"),
252 V(MaxOnionsPending, UINT, "100"),
253 OBSOLETE("MonthlyAccountingStart"),
254 V(MyFamily, STRING, NULL),
255 V(NewCircuitPeriod, INTERVAL, "30 seconds"),
256 VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
257 V(NatdListenAddress, LINELIST, NULL),
258 V(NatdPort, UINT, "0"),
259 V(Nickname, STRING, NULL),
260 V(NoPublish, BOOL, "0"),
261 VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
262 V(NumCpus, UINT, "1"),
263 V(NumEntryGuards, UINT, "3"),
264 V(ORListenAddress, LINELIST, NULL),
265 V(ORPort, UINT, "0"),
266 V(OutboundBindAddress, STRING, NULL),
267 OBSOLETE("PathlenCoinWeight"),
268 V(PidFile, STRING, NULL),
269 V(TestingTorNetwork, BOOL, "0"),
270 V(PreferTunneledDirConns, BOOL, "1"),
271 V(ProtocolWarnings, BOOL, "0"),
272 V(PublishServerDescriptor, CSV, "1"),
273 V(PublishHidServDescriptors, BOOL, "1"),
274 V(ReachableAddresses, LINELIST, NULL),
275 V(ReachableDirAddresses, LINELIST, NULL),
276 V(ReachableORAddresses, LINELIST, NULL),
277 V(RecommendedVersions, LINELIST, NULL),
278 V(RecommendedClientVersions, LINELIST, NULL),
279 V(RecommendedServerVersions, LINELIST, NULL),
280 OBSOLETE("RedirectExit"),
281 V(RejectPlaintextPorts, CSV, ""),
282 V(RelayBandwidthBurst, MEMUNIT, "0"),
283 V(RelayBandwidthRate, MEMUNIT, "0"),
284 OBSOLETE("RendExcludeNodes"),
285 OBSOLETE("RendNodes"),
286 V(RendPostPeriod, INTERVAL, "1 hour"),
287 V(RephistTrackTime, INTERVAL, "24 hours"),
288 OBSOLETE("RouterFile"),
289 V(RunAsDaemon, BOOL, "0"),
290 V(RunTesting, BOOL, "0"),
291 V(SafeLogging, BOOL, "1"),
292 V(SafeSocks, BOOL, "0"),
293 V(ServerDNSAllowBrokenConfig, BOOL, "1"),
294 V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
295 V(ServerDNSDetectHijacking, BOOL, "1"),
296 V(ServerDNSRandomizeCase, BOOL, "1"),
297 V(ServerDNSResolvConfFile, STRING, NULL),
298 V(ServerDNSSearchDomains, BOOL, "0"),
299 V(ServerDNSTestAddresses, CSV,
300 "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
301 V(ShutdownWaitLength, INTERVAL, "30 seconds"),
302 V(SocksListenAddress, LINELIST, NULL),
303 V(SocksPolicy, LINELIST, NULL),
304 V(SocksPort, UINT, "9050"),
305 V(SocksTimeout, INTERVAL, "2 minutes"),
306 OBSOLETE("StatusFetchPeriod"),
307 V(StrictEntryNodes, BOOL, "0"),
308 V(StrictExitNodes, BOOL, "0"),
309 OBSOLETE("SysLog"),
310 V(TestSocks, BOOL, "0"),
311 OBSOLETE("TestVia"),
312 V(TrackHostExits, CSV, NULL),
313 V(TrackHostExitsExpire, INTERVAL, "30 minutes"),
314 OBSOLETE("TrafficShaping"),
315 V(TransListenAddress, LINELIST, NULL),
316 V(TransPort, UINT, "0"),
317 V(TunnelDirConns, BOOL, "1"),
318 V(UpdateBridgesFromAuthority, BOOL, "0"),
319 V(UseBridges, BOOL, "0"),
320 V(UseEntryGuards, BOOL, "1"),
321 V(User, STRING, NULL),
322 VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),
323 VAR("V2AuthoritativeDirectory",BOOL, V2AuthoritativeDir, "0"),
324 VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"),
325 V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
326 V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
327 V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
328 V(V3AuthVotingInterval, INTERVAL, "1 hour"),
329 V(V3AuthVoteDelay, INTERVAL, "5 minutes"),
330 V(V3AuthDistDelay, INTERVAL, "5 minutes"),
331 V(V3AuthNIntervalsValid, UINT, "3"),
332 V(V3AuthUseLegacyKey, BOOL, "0"),
333 VAR("VersioningAuthoritativeDirectory",BOOL,VersioningAuthoritativeDir, "0"),
334 V(VirtualAddrNetwork, STRING, "127.192.0.0/10"),
335 V(WarnPlaintextPorts, CSV, "23,109,110,143"),
336 VAR("__ReloadTorrcOnSIGHUP", BOOL, ReloadTorrcOnSIGHUP, "1"),
337 VAR("__AllDirActionsPrivate", BOOL, AllDirActionsPrivate, "0"),
338 VAR("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
339 VAR("__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached, "0"),
340 VAR("__HashedControlSessionPassword", LINELIST, HashedControlSessionPassword,
341 NULL),
342 V(MinUptimeHidServDirectoryV2, INTERVAL, "24 hours"),
343 { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
344 };
345
346 /** Override default values with these if the user sets the TestingTorNetwork
347 * option. */
348 static config_var_t testing_tor_network_defaults[] = {
349 V(ServerDNSAllowBrokenConfig, BOOL, "1"),
350 V(DirAllowPrivateAddresses, BOOL, "1"),
351 V(EnforceDistinctSubnets, BOOL, "0"),
352 V(AssumeReachable, BOOL, "1"),
353 V(AuthDirMaxServersPerAddr, UINT, "0"),
354 V(AuthDirMaxServersPerAuthAddr,UINT, "0"),
355 V(ClientDNSRejectInternalAddresses, BOOL,"0"),
356 V(ExitPolicyRejectPrivate, BOOL, "0"),
357 V(V3AuthVotingInterval, INTERVAL, "5 minutes"),
358 V(V3AuthVoteDelay, INTERVAL, "20 seconds"),
359 V(V3AuthDistDelay, INTERVAL, "20 seconds"),
360 V(TestingV3AuthInitialVotingInterval, INTERVAL, "5 minutes"),
361 V(TestingV3AuthInitialVoteDelay, INTERVAL, "20 seconds"),
362 V(TestingV3AuthInitialDistDelay, INTERVAL, "20 seconds"),
363 V(TestingAuthDirTimeToLearnReachability, INTERVAL, "0 minutes"),
364 V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "0 minutes"),
365 { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
366 };
367 #undef VAR
368
369 #define VAR(name,conftype,member,initvalue) \
370 { name, CONFIG_TYPE_ ## conftype, STRUCT_OFFSET(or_state_t, member), \
371 initvalue }
372
373 /** Array of "state" variables saved to the ~/.tor/state file. */
374 static config_var_t _state_vars[] = {
375 V(AccountingBytesReadInInterval, MEMUNIT, NULL),
376 V(AccountingBytesWrittenInInterval, MEMUNIT, NULL),
377 V(AccountingExpectedUsage, MEMUNIT, NULL),
378 V(AccountingIntervalStart, ISOTIME, NULL),
379 V(AccountingSecondsActive, INTERVAL, NULL),
380
381 VAR("EntryGuard", LINELIST_S, EntryGuards, NULL),
382 VAR("EntryGuardDownSince", LINELIST_S, EntryGuards, NULL),
383 VAR("EntryGuardUnlistedSince", LINELIST_S, EntryGuards, NULL),
384 VAR("EntryGuardAddedBy", LINELIST_S, EntryGuards, NULL),
385 V(EntryGuards, LINELIST_V, NULL),
386
387 V(BWHistoryReadEnds, ISOTIME, NULL),
388 V(BWHistoryReadInterval, UINT, "900"),
389 V(BWHistoryReadValues, CSV, ""),
390 V(BWHistoryWriteEnds, ISOTIME, NULL),
391 V(BWHistoryWriteInterval, UINT, "900"),
392 V(BWHistoryWriteValues, CSV, ""),
393
394 V(TorVersion, STRING, NULL),
395
396 V(LastRotatedOnionKey, ISOTIME, NULL),
397 V(LastWritten, ISOTIME, NULL),
398
399 { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL }
400 };
401
402 #undef VAR
403 #undef V
404 #undef OBSOLETE
405
406 /** Represents an English description of a configuration variable; used when
407 * generating configuration file comments. */
408 typedef struct config_var_description_t {
409 const char *name;
410 const char *description;
411 } config_var_description_t;
412
413 /** Descriptions of the configuration options, to be displayed by online
414 * option browsers */
415 /* XXXX022 did anybody want this? at all? If not, kill it.*/
416 static config_var_description_t options_description[] = {
417 /* ==== general options */
418 { "AvoidDiskWrites", "If non-zero, try to write to disk less frequently than"
419 " we would otherwise." },
420 { "BandwidthRate", "A token bucket limits the average incoming bandwidth on "
421 "this node to the specified number of bytes per second." },
422 { "BandwidthBurst", "Limit the maximum token buffer size (also known as "
423 "burst) to the given number of bytes." },
424 { "ConnLimit", "Minimum number of simultaneous sockets we must have." },
425 { "ConstrainedSockets", "Shrink tx and rx buffers for sockets to avoid "
426 "system limits on vservers and related environments. See man page for "
427 "more information regarding this option." },
428 { "ConstrainedSockSize", "Limit socket buffers to this size when "
429 "ConstrainedSockets is enabled." },
430 /* ControlListenAddress */
431 { "ControlPort", "If set, Tor will accept connections from the same machine "
432 "(localhost only) on this port, and allow those connections to control "
433 "the Tor process using the Tor Control Protocol (described in "
434 "control-spec.txt).", },
435 { "CookieAuthentication", "If this option is set to 1, don't allow any "
436 "connections to the control port except when the connecting process "
437 "can read a file that Tor creates in its data directory." },
438 { "DataDirectory", "Store working data, state, keys, and caches here." },
439 { "DirServer", "Tor only trusts directories signed with one of these "
440 "servers' keys. Used to override the standard list of directory "
441 "authorities." },
442 /* { "FastFirstHopPK", "" }, */
443 /* FetchServerDescriptors, FetchHidServDescriptors,
444 * FetchUselessDescriptors */
445 { "HardwareAccel", "If set, Tor tries to use hardware crypto accelerators "
446 "when it can." },
447 /* HashedControlPassword */
448 { "HTTPProxy", "Force Tor to make all HTTP directory requests through this "
449 "host:port (or host:80 if port is not set)." },
450 { "HTTPProxyAuthenticator", "A username:password pair to be used with "
451 "HTTPProxy." },
452 { "HTTPSProxy", "Force Tor to make all TLS (SSL) connections through this "
453 "host:port (or host:80 if port is not set)." },
454 { "HTTPSProxyAuthenticator", "A username:password pair to be used with "
455 "HTTPSProxy." },
456 { "KeepalivePeriod", "Send a padding cell every N seconds to keep firewalls "
457 "from closing our connections while Tor is not in use." },
458 { "Log", "Where to send logging messages. Format is "
459 "minSeverity[-maxSeverity] (stderr|stdout|syslog|file FILENAME)." },
460 { "OutboundBindAddress", "Make all outbound connections originate from the "
461 "provided IP address (only useful for multiple network interfaces)." },
462 { "PIDFile", "On startup, write our PID to this file. On clean shutdown, "
463 "remove the file." },
464 { "PreferTunneledDirConns", "If non-zero, avoid directory servers that "
465 "don't support tunneled connections." },
466 /* PreferTunneledDirConns */
467 /* ProtocolWarnings */
468 /* RephistTrackTime */
469 { "RunAsDaemon", "If set, Tor forks and daemonizes to the background when "
470 "started. Unix only." },
471 { "SafeLogging", "If set to 0, Tor logs potentially sensitive strings "
472 "rather than replacing them with the string [scrubbed]." },
473 { "TunnelDirConns", "If non-zero, when a directory server we contact "
474 "supports it, we will build a one-hop circuit and make an encrypted "
475 "connection via its ORPort." },
476 { "User", "On startup, setuid to this user." },
477
478 /* ==== client options */
479 { "AllowInvalidNodes", "Where on our circuits should Tor allow servers "
480 "that the directory authorities haven't called \"valid\"?" },
481 { "AllowNonRFC953Hostnames", "If set to 1, we don't automatically reject "
482 "hostnames for having invalid characters." },
483 /* CircuitBuildTimeout, CircuitIdleTimeout */
484 { "ClientOnly", "If set to 1, Tor will under no circumstances run as a "
485 "server, even if ORPort is enabled." },
486 { "EntryNodes", "A list of preferred entry nodes to use for the first hop "
487 "in circuits, when possible." },
488 /* { "EnforceDistinctSubnets" , "" }, */
489 { "ExitNodes", "A list of preferred nodes to use for the last hop in "
490 "circuits, when possible." },
491 { "ExcludeNodes", "A list of nodes never to use when building a circuit." },
492 { "FascistFirewall", "If set, Tor will only create outgoing connections to "
493 "servers running on the ports listed in FirewallPorts." },
494 { "FirewallPorts", "A list of ports that we can connect to. Only used "
495 "when FascistFirewall is set." },
496 { "LongLivedPorts", "A list of ports for services that tend to require "
497 "high-uptime connections." },
498 { "MapAddress", "Force Tor to treat all requests for one address as if "
499 "they were for another." },
500 { "NewCircuitPeriod", "Force Tor to consider whether to build a new circuit "
501 "every NUM seconds." },
502 { "MaxCircuitDirtiness", "Do not attach new streams to a circuit that has "
503 "been used more than this many seconds ago." },
504 /* NatdPort, NatdListenAddress */
505 { "NodeFamily", "A list of servers that constitute a 'family' and should "
506 "never be used in the same circuit." },
507 { "NumEntryGuards", "How many entry guards should we keep at a time?" },
508 /* PathlenCoinWeight */
509 { "ReachableAddresses", "Addresses we can connect to, as IP/bits:port-port. "
510 "By default, we assume all addresses are reachable." },
511 /* reachablediraddresses, reachableoraddresses. */
512 /* SafeSOCKS */
513 { "SOCKSPort", "The port where we listen for SOCKS connections from "
514 "applications." },
515 { "SOCKSListenAddress", "Bind to this address to listen to connections from "
516 "SOCKS-speaking applications." },
517 { "SOCKSPolicy", "Set an entry policy to limit which addresses can connect "
518 "to the SOCKSPort." },
519 /* SocksTimeout */
520 { "StrictExitNodes", "If set, Tor will fail to operate when none of the "
521 "configured ExitNodes can be used." },
522 { "StrictEntryNodes", "If set, Tor will fail to operate when none of the "
523 "configured EntryNodes can be used." },
524 /* TestSocks */
525 { "TrackHostsExit", "Hosts and domains which should, if possible, be "
526 "accessed from the same exit node each time we connect to them." },
527 { "TrackHostsExitExpire", "Time after which we forget which exit we were "
528 "using to connect to hosts in TrackHostsExit." },
529 /* "TransPort", "TransListenAddress */
530 { "UseEntryGuards", "Set to 0 if we want to pick from the whole set of "
531 "servers for the first position in each circuit, rather than picking a "
532 "set of 'Guards' to prevent profiling attacks." },
533
534 /* === server options */
535 { "Address", "The advertised (external) address we should use." },
536 /* Accounting* options. */
537 /* AssumeReachable */
538 { "ContactInfo", "Administrative contact information to advertise for this "
539 "server." },
540 { "ExitPolicy", "Address/port ranges for which to accept or reject outgoing "
541 "connections on behalf of Tor users." },
542 /* { "ExitPolicyRejectPrivate, "" }, */
543 { "MaxAdvertisedBandwidth", "If set, we will not advertise more than this "
544 "amount of bandwidth for our bandwidth rate, regardless of how much "
545 "bandwidth we actually detect." },
546 { "MaxOnionsPending", "Reject new attempts to extend circuits when we "
547 "already have this many pending." },
548 { "MyFamily", "Declare a list of other servers as belonging to the same "
549 "family as this one, so that clients will not use two from the same "
550 "family in the same circuit." },
551 { "Nickname", "Set the server nickname." },
552 { "NoPublish", "{DEPRECATED}" },
553 { "NumCPUs", "How many processes to use at once for public-key crypto." },
554 { "ORPort", "Advertise this port to listen for connections from Tor clients "
555 "and servers." },
556 { "ORListenAddress", "Bind to this address to listen for connections from "
557 "clients and servers, instead of the default 0.0.0.0:ORPort." },
558 { "PublishServerDescriptor", "Set to 0 to keep the server from "
559 "uploading info to the directory authorities." },
560 /* ServerDNS: DetectHijacking, ResolvConfFile, SearchDomains */
561 { "ShutdownWaitLength", "Wait this long for clients to finish when "
562 "shutting down because of a SIGINT." },
563
564 /* === directory cache options */
565 { "DirPort", "Serve directory information from this port, and act as a "
566 "directory cache." },
567 { "DirPortFrontPage", "Serve a static html disclaimer on DirPort." },
568 { "DirListenAddress", "Bind to this address to listen for connections from "
569 "clients and servers, instead of the default 0.0.0.0:DirPort." },
570 { "DirPolicy", "Set a policy to limit who can connect to the directory "
571 "port." },
572
573 /* Authority options: AuthDirBadExit, AuthDirInvalid, AuthDirReject,
574 * AuthDirRejectUnlisted, AuthDirListBadExits, AuthoritativeDirectory,
575 * DirAllowPrivateAddresses, HSAuthoritativeDir,
576 * NamingAuthoritativeDirectory, RecommendedVersions,
577 * RecommendedClientVersions, RecommendedServerVersions, RendPostPeriod,
578 * RunTesting, V1AuthoritativeDirectory, VersioningAuthoritativeDirectory, */
579
580 /* Hidden service options: HiddenService: dir,excludenodes, nodes,
581 * options, port. PublishHidServDescriptor */
582
583 /* Nonpersistent options: __LeaveStreamsUnattached, __AllDirActionsPrivate */
584 { NULL, NULL },
585 };
586
587 /** Online description of state variables. */
588 static config_var_description_t state_description[] = {
589 { "AccountingBytesReadInInterval",
590 "How many bytes have we read in this accounting period?" },
591 { "AccountingBytesWrittenInInterval",
592 "How many bytes have we written in this accounting period?" },
593 { "AccountingExpectedUsage",
594 "How many bytes did we expect to use per minute? (0 for no estimate.)" },
595 { "AccountingIntervalStart", "When did this accounting period begin?" },
596 { "AccountingSecondsActive", "How long have we been awake in this period?" },
597
598 { "BWHistoryReadEnds", "When does the last-recorded read-interval end?" },
599 { "BWHistoryReadInterval", "How long is each read-interval (in seconds)?" },
600 { "BWHistoryReadValues", "Number of bytes read in each interval." },
601 { "BWHistoryWriteEnds", "When does the last-recorded write-interval end?" },
602 { "BWHistoryWriteInterval", "How long is each write-interval (in seconds)?"},
603 { "BWHistoryWriteValues", "Number of bytes written in each interval." },
604
605 { "EntryGuard", "One of the nodes we have chosen as a fixed entry" },
606 { "EntryGuardDownSince",
607 "The last entry guard has been unreachable since this time." },
608 { "EntryGuardUnlistedSince",
609 "The last entry guard has been unusable since this time." },
610
611 { "LastRotatedOnionKey",
612 "The last time at which we changed the medium-term private key used for "
613 "building circuits." },
614 { "LastWritten", "When was this state file last regenerated?" },
615
616 { "TorVersion", "Which version of Tor generated this state file?" },
617 { NULL, NULL },
618 };
619
620 /** Type of a callback to validate whether a given configuration is
621 * well-formed and consistent. See options_trial_assign() for documentation
622 * of arguments. */
623 typedef int (*validate_fn_t)(void*,void*,int,char**);
624
625 /** Information on the keys, value types, key-to-struct-member mappings,
626 * variable descriptions, validation functions, and abbreviations for a
627 * configuration or storage format. */
628 typedef struct {
629 size_t size; /**< Size of the struct that everything gets parsed into. */
630 uint32_t magic; /**< Required 'magic value' to make sure we have a struct
631 * of the right type. */
632 off_t magic_offset; /**< Offset of the magic value within the struct. */
633 config_abbrev_t *abbrevs; /**< List of abbreviations that we expand when
634 * parsing this format. */
635 config_var_t *vars; /**< List of variables we recognize, their default
636 * values, and where we stick them in the structure. */
637 validate_fn_t validate_fn; /**< Function to validate config. */
638 /** Documentation for configuration variables. */
639 config_var_description_t *descriptions;
640 /** If present, extra is a LINELIST variable for unrecognized
641 * lines. Otherwise, unrecognized lines are an error. */
642 config_var_t *extra;
643 } config_format_t;
644
645 /** Macro: assert that <b>cfg</b> has the right magic field for format
646 * <b>fmt</b>. */
647 #define CHECK(fmt, cfg) STMT_BEGIN \
648 tor_assert(fmt && cfg); \
649 tor_assert((fmt)->magic == \
650 *(uint32_t*)STRUCT_VAR_P(cfg,fmt->magic_offset)); \
651 STMT_END
652
653 #ifdef MS_WINDOWS
654 static char *get_windows_conf_root(void);
655 #endif
656 static void config_line_append(config_line_t **lst,
657 const char *key, const char *val);
658 static void option_clear(config_format_t *fmt, or_options_t *options,
659 config_var_t *var);
660 static void option_reset(config_format_t *fmt, or_options_t *options,
661 config_var_t *var, int use_defaults);
662 static void config_free(config_format_t *fmt, void *options);
663 static int config_lines_eq(config_line_t *a, config_line_t *b);
664 static int option_is_same(config_format_t *fmt,
665 or_options_t *o1, or_options_t *o2,
666 const char *name);
667 static or_options_t *options_dup(config_format_t *fmt, or_options_t *old);
668 static int options_validate(or_options_t *old_options, or_options_t *options,
669 int from_setconf, char **msg);
670 static int options_act_reversible(or_options_t *old_options, char **msg);
671 static int options_act(or_options_t *old_options);
672 static int options_transition_allowed(or_options_t *old, or_options_t *new,
673 char **msg);
674 static int options_transition_affects_workers(or_options_t *old_options,
675 or_options_t *new_options);
676 static int options_transition_affects_descriptor(or_options_t *old_options,
677 or_options_t *new_options);
678 static int check_nickname_list(const char *lst, const char *name, char **msg);
679 static void config_register_addressmaps(or_options_t *options);
680
681 static int parse_bridge_line(const char *line, int validate_only);
682 static int parse_dir_server_line(const char *line,
683 authority_type_t required_type,
684 int validate_only);
685 static int validate_data_directory(or_options_t *options);
686 static int write_configuration_file(const char *fname, or_options_t *options);
687 static config_line_t *get_assigned_option(config_format_t *fmt,
688 void *options, const char *key,
689 int escape_val);
690 static void config_init(config_format_t *fmt, void *options);
691 static int or_state_validate(or_state_t *old_options, or_state_t *options,
692 int from_setconf, char **msg);
693 static int or_state_load(void);
694 static int options_init_logs(or_options_t *options, int validate_only);
695
696 static int is_listening_on_low_port(uint16_t port_option,
697 const config_line_t *listen_options);
698
699 static uint64_t config_parse_memunit(const char *s, int *ok);
700 static int config_parse_interval(const char *s, int *ok);
701 static void init_libevent(void);
702 static int opt_streq(const char *s1, const char *s2);
703 /** Versions of libevent. */
704 typedef enum {
705 /* Note: we compare these, so it's important that "old" precede everything,
706 * and that "other" come last. */
707 LE_OLD=0, LE_10C, LE_10D, LE_10E, LE_11, LE_11A, LE_11B, LE_12, LE_12A,
708 LE_13, LE_13A, LE_13B, LE_13C, LE_13D, LE_13E,
709 LE_140, LE_141, LE_142, LE_143, LE_144, LE_145, LE_146, LE_147, LE_148,
710 LE_1499,
711 LE_OTHER
712 } le_version_t;
713 static le_version_t decode_libevent_version(const char *v, int *bincompat_out);
714 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
715 static void check_libevent_version(const char *m, int server);
716 #endif
717
718 /** Magic value for or_options_t. */
719 #define OR_OPTIONS_MAGIC 9090909
720
721 /** Configuration format for or_options_t. */
722 static config_format_t options_format = {
723 sizeof(or_options_t),
724 OR_OPTIONS_MAGIC,
725 STRUCT_OFFSET(or_options_t, _magic),
726 _option_abbrevs,
727 _option_vars,
728 (validate_fn_t)options_validate,
729 options_description,
730 NULL
731 };
732
733 /** Magic value for or_state_t. */
734 #define OR_STATE_MAGIC 0x57A73f57
735
736 /** "Extra" variable in the state that receives lines we can't parse. This
737 * lets us preserve options from versions of Tor newer than us. */
738 static config_var_t state_extra_var = {
739 "__extra", CONFIG_TYPE_LINELIST, STRUCT_OFFSET(or_state_t, ExtraLines), NULL
740 };
741
742 /** Configuration format for or_state_t. */
743 static config_format_t state_format = {
744 sizeof(or_state_t),
745 OR_STATE_MAGIC,
746 STRUCT_OFFSET(or_state_t, _magic),
747 _state_abbrevs,
748 _state_vars,
749 (validate_fn_t)or_state_validate,
750 state_description,
751 &state_extra_var,
752 };
753
754 /*
755 * Functions to read and write the global options pointer.
756 */
757
758 /** Command-line and config-file options. */
759 static or_options_t *global_options = NULL;
760 /** Name of most recently read torrc file. */
761 static char *torrc_fname = NULL;
762 /** Persistent serialized state. */
763 static or_state_t *global_state = NULL;
764 /** Configuration Options set by command line. */
765 static config_line_t *global_cmdline_options = NULL;
766 /** Contents of most recently read DirPortFrontPage file. */
767 static char *global_dirfrontpagecontents = NULL;
768
769 /** Return the contents of our frontpage string, or NULL if not configured. */
770 const char *
771 get_dirportfrontpage(void)
772 {
773 return global_dirfrontpagecontents;
774 }
775
776 /** Allocate an empty configuration object of a given format type. */
777 static void *
778 config_alloc(config_format_t *fmt)
779 {
780 void *opts = tor_malloc_zero(fmt->size);
781 *(uint32_t*)STRUCT_VAR_P(opts, fmt->magic_offset) = fmt->magic;
782 CHECK(fmt, opts);
783 return opts;
784 }
785
786 /** Return the currently configured options. */
787 or_options_t *
788 get_options(void)
789 {
790 tor_assert(global_options);
791 return global_options;
792 }
793
794 /** Change the current global options to contain <b>new_val</b> instead of
795 * their current value; take action based on the new value; free the old value
796 * as necessary. Returns 0 on success, -1 on failure.
797 */
798 int
799 set_options(or_options_t *new_val, char **msg)
800 {
801 or_options_t *old_options = global_options;
802 global_options = new_val;
803 /* Note that we pass the *old* options below, for comparison. It
804 * pulls the new options directly out of global_options. */
805 if (options_act_reversible(old_options, msg)<0) {
806 tor_assert(*msg);
807 global_options = old_options;
808 return -1;
809 }
810 if (options_act(old_options) < 0) { /* acting on the options failed. die. */
811 log_err(LD_BUG,
812 "Acting on config options left us in a broken state. Dying.");
813 exit(1);
814 }
815 if (old_options)
816 config_free(&options_format, old_options);
817
818 return 0;
819 }
820
821 extern const char tor_svn_revision[]; /* from tor_main.c */
822
823 /** The version of this Tor process, as parsed. */
824 static char *_version = NULL;
825
826 /** Return the current Tor version. */
827 const char *
828 get_version(void)
829 {
830 if (_version == NULL) {
831 if (strlen(tor_svn_revision)) {
832 size_t len = strlen(VERSION)+strlen(tor_svn_revision)+8;
833 _version = tor_malloc(len);
834 tor_snprintf(_version, len, "%s (r%s)", VERSION, tor_svn_revision);
835 } else {
836 _version = tor_strdup(VERSION);
837 }
838 }
839 return _version;
840 }
841
842 /** Release additional memory allocated in options
843 */
844 static void
845 or_options_free(or_options_t *options)
846 {
847 if (options->_ExcludeExitNodesUnion)
848 routerset_free(options->_ExcludeExitNodesUnion);
849 config_free(&options_format, options);
850 }
851
852 /** Release all memory and resources held by global configuration structures.
853 */
854 void
855 config_free_all(void)
856 {
857 if (global_options) {
858 or_options_free(global_options);
859 global_options = NULL;
860 }
861 if (global_state) {
862 config_free(&state_format, global_state);
863 global_state = NULL;
864 }
865 if (global_cmdline_options) {
866 config_free_lines(global_cmdline_options);
867 global_cmdline_options = NULL;
868 }
869 tor_free(torrc_fname);
870 tor_free(_version);
871 tor_free(global_dirfrontpagecontents);
872 }
873
874 /** If options->SafeLogging is on, return a not very useful string,
875 * else return address.
876 */
877 const char *
878 safe_str(const char *address)
879 {
880 tor_assert(address);
881 if (get_options()->SafeLogging)
882 return "[scrubbed]";
883 else
884 return address;
885 }
886
887 /** Equivalent to escaped(safe_str(address)). See reentrancy note on
888 * escaped(): don't use this outside the main thread, or twice in the same
889 * log statement. */
890 const char *
891 escaped_safe_str(const char *address)
892 {
893 if (get_options()->SafeLogging)
894 return "[scrubbed]";
895 else
896 return escaped(address);
897 }
898
899 /** Add the default directory authorities directly into the trusted dir list,
900 * but only add them insofar as they share bits with <b>type</b>. */
901 static void
902 add_default_trusted_dir_authorities(authority_type_t type)
903 {
904 int i;
905 const char *dirservers[] = {
906 "moria1 v1 orport=9001 v3ident=E2A2AF570166665D738736D0DD58169CC61D8A8B "
907 "128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
908 "moria2 v1 orport=9002 128.31.0.34:9032 "
909 "719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
910 "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
911 "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
912 "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
913 "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
914 "Tonga orport=443 bridge no-v2 82.94.251.206:80 "
915 "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
916 "ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
917 "216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
918 "gabelmoo orport=443 no-v2 "
919 "v3ident=81349FC1F2DBA2C2C11B45CB9706637D480AB913 "
920 "80.190.246.100:80 6833 3D07 61BC F397 A587 A0C0 B963 E4A9 E99E C4D3",
921 "dannenberg orport=443 no-v2 "
922 "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
923 "213.73.91.31:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
924 "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
925 "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
926 NULL
927 };
928 for (i=0; dirservers[i]; i++) {
929 if (parse_dir_server_line(dirservers[i], type, 0)<0) {
930 log_err(LD_BUG, "Couldn't parse internal dirserver line %s",
931 dirservers[i]);
932 }
933 }
934 }
935
936 /** Look at all the config options for using alternate directory
937 * authorities, and make sure none of them are broken. Also, warn the
938 * user if we changed any dangerous ones.
939 */
940 static int
941 validate_dir_authorities(or_options_t *options, or_options_t *old_options)
942 {
943 config_line_t *cl;
944
945 if (options->DirServers &&
946 (options->AlternateDirAuthority || options->AlternateBridgeAuthority ||
947 options->AlternateHSAuthority)) {
948 log_warn(LD_CONFIG,
949 "You cannot set both DirServers and Alternate*Authority.");
950 return -1;
951 }
952
953 /* do we want to complain to the user about being partitionable? */
954 if ((options->DirServers &&
955 (!old_options ||
956 !config_lines_eq(options->DirServers, old_options->DirServers))) ||
957 (options->AlternateDirAuthority &&
958 (!old_options ||
959 !config_lines_eq(options->AlternateDirAuthority,
960 old_options->AlternateDirAuthority)))) {
961 log_warn(LD_CONFIG,
962 "You have used DirServer or AlternateDirAuthority to "
963 "specify alternate directory authorities in "
964 "your configuration. This is potentially dangerous: it can "
965 "make you look different from all other Tor users, and hurt "
966 "your anonymity. Even if you've specified the same "
967 "authorities as Tor uses by default, the defaults could "
968 "change in the future. Be sure you know what you're doing.");
969 }
970
971 /* Now go through the four ways you can configure an alternate
972 * set of directory authorities, and make sure none are broken. */
973 for (cl = options->DirServers; cl; cl = cl->next)
974 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
975 return -1;
976 for (cl = options->AlternateBridgeAuthority; cl; cl = cl->next)
977 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
978 return -1;
979 for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
980 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
981 return -1;
982 for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
983 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 1)<0)
984 return -1;
985 return 0;
986 }
987
988 /** Look at all the config options and assign new dir authorities
989 * as appropriate.
990 */
991 static int
992 consider_adding_dir_authorities(or_options_t *options,
993 or_options_t *old_options)
994 {
995 config_line_t *cl;
996 int need_to_update =
997 !smartlist_len(router_get_trusted_dir_servers()) || !old_options ||
998 !config_lines_eq(options->DirServers, old_options->DirServers) ||
999 !config_lines_eq(options->AlternateBridgeAuthority,
1000 old_options->AlternateBridgeAuthority) ||
1001 !config_lines_eq(options->AlternateDirAuthority,
1002 old_options->AlternateDirAuthority) ||
1003 !config_lines_eq(options->AlternateHSAuthority,
1004 old_options->AlternateHSAuthority);
1005
1006 if (!need_to_update)
1007 return 0; /* all done */
1008
1009 /* Start from a clean slate. */
1010 clear_trusted_dir_servers();
1011
1012 if (!options->DirServers) {
1013 /* then we may want some of the defaults */
1014 authority_type_t type = NO_AUTHORITY;
1015 if (!options->AlternateBridgeAuthority)
1016 type |= BRIDGE_AUTHORITY;
1017 if (!options->AlternateDirAuthority)
1018 type |= V1_AUTHORITY | V2_AUTHORITY | V3_AUTHORITY;
1019 if (!options->AlternateHSAuthority)
1020 type |= HIDSERV_AUTHORITY;
1021 add_default_trusted_dir_authorities(type);
1022 }
1023
1024 for (cl = options->DirServers; cl; cl = cl->next)
1025 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
1026 return -1;
1027 for (cl = options->AlternateBridgeAuthority; cl; cl = cl->next)
1028 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
1029 return -1;
1030 for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
1031 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
1032 return -1;
1033 for (cl = options->AlternateHSAuthority; cl; cl = cl->next)
1034 if (parse_dir_server_line(cl->value, NO_AUTHORITY, 0)<0)
1035 return -1;
1036 return 0;
1037 }
1038
1039 /** Fetch the active option list, and take actions based on it. All of the
1040 * things we do should survive being done repeatedly. If present,
1041 * <b>old_options</b> contains the previous value of the options.
1042 *
1043 * Return 0 if all goes well, return -1 if things went badly.
1044 */
1045 static int
1046 options_act_reversible(or_options_t *old_options, char **msg)
1047 {
1048 smartlist_t *new_listeners = smartlist_create();
1049 smartlist_t *replaced_listeners = smartlist_create();
1050 static int libevent_initialized = 0;
1051 or_options_t *options = get_options();
1052 int running_tor = options->command == CMD_RUN_TOR;
1053 int set_conn_limit = 0;
1054 int r = -1;
1055 int logs_marked = 0;
1056
1057 /* Daemonize _first_, since we only want to open most of this stuff in
1058 * the subprocess. Libevent bases can't be reliably inherited across
1059 * processes. */
1060 if (running_tor && options->RunAsDaemon) {
1061 /* No need to roll back, since you can't change the value. */
1062 start_daemon();
1063 }
1064
1065 #ifndef HAVE_SYS_UN_H
1066 if (options->ControlSocket) {
1067 *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported"
1068 " on this OS/with this build.");
1069 goto rollback;
1070 }
1071 #endif
1072
1073 if (running_tor) {
1074 /* We need to set the connection limit before we can open the listeners. */
1075 if (set_max_file_descriptors((unsigned)options->ConnLimit,
1076 &options->_ConnLimit) < 0) {
1077 *msg = tor_strdup("Problem with ConnLimit value. See logs for details.");
1078 goto rollback;
1079 }
1080 set_conn_limit = 1;
1081
1082 /* Set up libevent. (We need to do this before we can register the
1083 * listeners as listeners.) */
1084 if (running_tor && !libevent_initialized) {
1085 init_libevent();
1086 libevent_initialized = 1;
1087 }
1088
1089 /* Launch the listeners. (We do this before we setuid, so we can bind to
1090 * ports under 1024.) */
1091 if (retry_all_listeners(replaced_listeners, new_listeners) < 0) {
1092 *msg = tor_strdup("Failed to bind one of the listener ports.");
1093 goto rollback;
1094 }
1095 }
1096
1097 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
1098 /* Open /dev/pf before dropping privileges. */
1099 if (options->TransPort) {
1100 if (get_pf_socket() < 0) {
1101 *msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
1102 goto rollback;
1103 }
1104 }
1105 #endif
1106
1107 /* Setuid/setgid as appropriate */
1108 if (options->User) {
1109 if (switch_id(options->User) != 0) {
1110 /* No need to roll back, since you can't change the value. */
1111 *msg = tor_strdup("Problem with User value. See logs for details.");
1112 goto done;
1113 }
1114 }
1115
1116 /* Ensure data directory is private; create if possible. */
1117 if (check_private_dir(options->DataDirectory,
1118 running_tor ? CPD_CREATE : CPD_CHECK)<0) {
1119 char buf[1024];
1120 int tmp = tor_snprintf(buf, sizeof(buf),
1121 "Couldn't access/create private data directory \"%s\"",
1122 options->DataDirectory);
1123 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
1124 goto done;
1125 /* No need to roll back, since you can't change the value. */
1126 }
1127
1128 if (directory_caches_v2_dir_info(options)) {
1129 size_t len = strlen(options->DataDirectory)+32;
1130 char *fn = tor_malloc(len);
1131 tor_snprintf(fn, len, "%s"PATH_SEPARATOR"cached-status",
1132 options->DataDirectory);
1133 if (check_private_dir(fn, running_tor ? CPD_CREATE : CPD_CHECK) < 0) {
1134 char buf[1024];
1135 int tmp = tor_snprintf(buf, sizeof(buf),
1136 "Couldn't access/create private data directory \"%s\"", fn);
1137 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
1138 tor_free(fn);
1139 goto done;
1140 }
1141 tor_free(fn);
1142 }
1143
1144 /* Bail out at this point if we're not going to be a client or server:
1145 * we don't run Tor itself. */
1146 if (!running_tor)
1147 goto commit;
1148
1149 mark_logs_temp(); /* Close current logs once new logs are open. */
1150 logs_marked = 1;
1151 if (options_init_logs(options, 0)<0) { /* Configure the log(s) */
1152 *msg = tor_strdup("Failed to init Log options. See logs for details.");
1153 goto rollback;
1154 }
1155
1156 commit:
1157 r = 0;
1158 if (logs_marked) {
1159 log_severity_list_t *severity =
1160 tor_malloc_zero(sizeof(log_severity_list_t));
1161 close_temp_logs();
1162 add_callback_log(severity, control_event_logmsg);
1163 control_adjust_event_log_severity();
1164 tor_free(severity);
1165 }
1166 SMARTLIST_FOREACH(replaced_listeners, connection_t *, conn,
1167 {
1168 log_notice(LD_NET, "Closing old %s on %s:%d",
1169 conn_type_to_string(conn->type), conn->address, conn->port);
1170 connection_close_immediate(conn);
1171 connection_mark_for_close(conn);
1172 });
1173 goto done;
1174
1175 rollback:
1176 r = -1;
1177 tor_assert(*msg);
1178
1179 if (logs_marked) {
1180 rollback_log_changes();
1181 control_adjust_event_log_severity();
1182 }
1183
1184 if (set_conn_limit && old_options)
1185 set_max_file_descriptors((unsigned)old_options->ConnLimit,
1186 &options->_ConnLimit);
1187
1188 SMARTLIST_FOREACH(new_listeners, connection_t *, conn,
1189 {
1190 log_notice(LD_NET, "Closing partially-constructed listener %s on %s:%d",
1191 conn_type_to_string(conn->type), conn->address, conn->port);
1192 connection_close_immediate(conn);
1193 connection_mark_for_close(conn);
1194 });
1195
1196 done:
1197 smartlist_free(new_listeners);
1198 smartlist_free(replaced_listeners);
1199 return r;
1200 }
1201
1202 /** If we need to have a GEOIP ip-to-country map to run with our configured
1203 * options, return 1 and set *<b>reason_out</b> to a description of why. */
1204 int
1205 options_need_geoip_info(or_options_t *options, const char **reason_out)
1206 {
1207 int bridge_usage =
1208 options->BridgeRelay && options->BridgeRecordUsageByCountry;
1209 int routerset_usage =
1210 routerset_needs_geoip(options->EntryNodes) ||
1211 routerset_needs_geoip(options->ExitNodes) ||
1212 routerset_needs_geoip(options->ExcludeExitNodes) ||
1213 routerset_needs_geoip(options->ExcludeNodes);
1214
1215 if (routerset_usage && reason_out) {
1216 *reason_out = "We've been configured to use (or avoid) nodes in certain "
1217 "countries, and we need GEOIP information to figure out which ones they "
1218 "are.";
1219 } else if (bridge_usage && reason_out) {
1220 *reason_out = "We've been configured to see which countries can access "
1221 "us as a bridge, and we need GEOIP information to tell which countries "
1222 "clients are in.";
1223 }
1224 return bridge_usage || routerset_usage;
1225 }
1226
1227 /** Return the bandwidthrate that we are going to report to the authorities
1228 * based on the config options. */
1229 uint32_t
1230 get_effective_bwrate(or_options_t *options)
1231 {
1232 uint64_t bw = options->BandwidthRate;
1233 if (bw > options->MaxAdvertisedBandwidth)
1234 bw = options->MaxAdvertisedBandwidth;
1235 if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate)
1236 bw = options->RelayBandwidthRate;
1237
1238 /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
1239 return (uint32_t)bw;
1240 }
1241
1242 /** Return the bandwidthburst that we are going to report to the authorities
1243 * based on the config options. */
1244 uint32_t
1245 get_effective_bwburst(or_options_t *options)
1246 {
1247 uint64_t bw = options->BandwidthBurst;
1248 if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst)
1249 bw = options->RelayBandwidthBurst;
1250 /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
1251 return (uint32_t)bw;
1252 }
1253
1254 /** Fetch the active option list, and take actions based on it. All of the
1255 * things we do should survive being done repeatedly. If present,
1256 * <b>old_options</b> contains the previous value of the options.
1257 *
1258 * Return 0 if all goes well, return -1 if it's time to die.
1259 *
1260 * Note: We haven't moved all the "act on new configuration" logic
1261 * here yet. Some is still in do_hup() and other places.
1262 */
1263 static int
1264 options_act(or_options_t *old_options)
1265 {
1266 config_line_t *cl;
1267 or_options_t *options = get_options();
1268 int running_tor = options->command == CMD_RUN_TOR;
1269 char *msg;
1270
1271 if (running_tor && !have_lockfile()) {
1272 if (try_locking(options, 1) < 0)
1273 return -1;
1274 }
1275
1276 if (consider_adding_dir_authorities(options, old_options) < 0)
1277 return -1;
1278
1279 if (options->Bridges) {
1280 clear_bridge_list();
1281 for (cl = options->Bridges; cl; cl = cl->next) {
1282 if (parse_bridge_line(cl->value, 0)<0) {
1283 log_warn(LD_BUG,
1284 "Previously validated Bridge line could not be added!");
1285 return -1;
1286 }
1287 }
1288 }
1289
1290 if (running_tor && rend_config_services(options, 0)<0) {
1291 log_warn(LD_BUG,
1292 "Previously validated hidden services line could not be added!");
1293 return -1;
1294 }
1295
1296 if (running_tor && rend_parse_service_authorization(options, 0) < 0) {
1297 log_warn(LD_BUG, "Previously validated client authorization for "
1298 "hidden services could not be added!");
1299 return -1;
1300 }
1301
1302 /* Load state */
1303 if (! global_state && running_tor) {
1304 if (or_state_load())
1305 return -1;
1306 rep_hist_load_mtbf_data(time(NULL));
1307 }
1308
1309 /* Bail out at this point if we're not going to be a client or server:
1310 * we want to not fork, and to log stuff to stderr. */
1311 if (!running_tor)
1312 return 0;
1313
1314 /* Finish backgrounding the process */
1315 if (running_tor && options->RunAsDaemon) {
1316 /* We may be calling this for the n'th time (on SIGHUP), but it's safe. */
1317 finish_daemon(options->DataDirectory);
1318 }
1319
1320 /* Write our PID to the PID file. If we do not have write permissions we
1321 * will log a warning */
1322 if (running_tor && options->PidFile)
1323 write_pidfile(options->PidFile);
1324
1325 /* Register addressmap directives */
1326 config_register_addressmaps(options);
1327 parse_virtual_addr_network(options->VirtualAddrNetwork, 0, &msg);
1328
1329 /* Update address policies. */
1330 if (policies_parse_from_options(options) < 0) {
1331 /* This should be impossible, but let's be sure. */
1332 log_warn(LD_BUG,"Error parsing already-validated policy options.");
1333 return -1;
1334 }
1335
1336 if (init_cookie_authentication(options->CookieAuthentication) < 0) {
1337 log_warn(LD_CONFIG,"Error creating cookie authentication file.");
1338 return -1;
1339 }
1340
1341 /* reload keys as needed for rendezvous services. */
1342 if (rend_service_load_keys()<0) {
1343 log_warn(LD_GENERAL,"Error loading rendezvous service keys");
1344 return -1;
1345 }
1346
1347 /* Set up accounting */
1348 if (accounting_parse_options(options, 0)<0) {
1349 log_warn(LD_CONFIG,"Error in accounting options");
1350 return -1;
1351 }
1352 if (accounting_is_enabled(options))
1353 configure_accounting(time(NULL));
1354
1355 /* Check for transitions that need action. */
1356 if (old_options) {
1357 if (options->UseEntryGuards && !old_options->UseEntryGuards) {
1358 log_info(LD_CIRC,
1359 "Switching to entry guards; abandoning previous circuits");
1360 circuit_mark_all_unused_circs();
1361 circuit_expire_all_dirty_circs();
1362 }
1363
1364 if (! bool_eq(options->BridgeRelay, old_options->BridgeRelay)) {
1365 log_info(LD_GENERAL, "Bridge status changed. Forgetting GeoIP stats.");
1366 geoip_remove_old_clients(time(NULL)+(2*60*60));
1367 }
1368
1369 if (options_transition_affects_workers(old_options, options)) {
1370 log_info(LD_GENERAL,
1371 "Worker-related options changed. Rotating workers.");
1372 if (server_mode(options) && !server_mode(old_options)) {
1373 if (init_keys() < 0) {
1374 log_warn(LD_BUG,"Error initializing keys; exiting");
1375 return -1;
1376 }
1377 ip_address_changed(0);
1378 if (has_completed_circuit || !any_predicted_circuits(time(NULL)))
1379 inform_testing_reachability();
1380 }
1381 cpuworkers_rotate();
1382 if (dns_reset())
1383 return -1;
1384 } else {
1385 if (dns_reset())
1386 return -1;
1387 }
1388
1389 if (options->V3AuthoritativeDir && !old_options->V3AuthoritativeDir)
1390 init_keys();
1391 }
1392
1393 /* Maybe load geoip file */
1394 if (options->GeoIPFile &&
1395 ((!old_options || !opt_streq(old_options->GeoIPFile, options->GeoIPFile))
1396 || !geoip_is_loaded())) {
1397 /* XXXX Don't use this "<default>" junk; make our filename options
1398 * understand prefixes somehow. -NM */
1399 /* XXXX021 Reload GeoIPFile on SIGHUP. -NM */
1400 char *actual_fname = tor_strdup(options->GeoIPFile);
1401 #ifdef WIN32
1402 if (!strcmp(actual_fname, "<default>")) {
1403 const char *conf_root = get_windows_conf_root();
1404 size_t len = strlen(conf_root)+16;
1405 tor_free(actual_fname);
1406 actual_fname = tor_malloc(len+1);
1407 tor_snprintf(actual_fname, len, "%s\\geoip", conf_root);
1408 }
1409 #endif
1410 geoip_load_file(actual_fname, options);
1411 tor_free(actual_fname);
1412 }
1413 #ifdef ENABLE_GEOIP_STATS
1414 log_warn(LD_CONFIG, "We are configured to measure GeoIP statistics, but "
1415 "the way these statistics are measured has changed "
1416 "significantly in later versions of Tor. The results may not be "
1417 "as expected if you are used to later versions. Be sure you "
1418 "know what you are doing.");
1419 #endif
1420 /* Check if we need to parse and add the EntryNodes config option. */
1421 if (options->EntryNodes &&
1422 (!old_options ||
1423 (!routerset_equal(old_options->EntryNodes,options->EntryNodes))))
1424 entry_nodes_should_be_added();
1425
1426 /* Since our options changed, we might need to regenerate and upload our
1427 * server descriptor.
1428 */
1429 if (!old_options ||
1430 options_transition_affects_descriptor(old_options, options))
1431 mark_my_descriptor_dirty();
1432
1433 /* We may need to reschedule some directory stuff if our status changed. */
1434 if (old_options) {
1435 if (authdir_mode_v3(options) && !authdir_mode_v3(old_options))
1436 dirvote_recalculate_timing(options, time(NULL));
1437 if (!bool_eq(directory_fetches_dir_info_early(options),
1438 directory_fetches_dir_info_early(old_options)) ||
1439 !bool_eq(directory_fetches_dir_info_later(options),
1440 directory_fetches_dir_info_later(old_options))) {
1441 /* Make sure update_router_have_min_dir_info gets called. */
1442 router_dir_info_changed();
1443 /* We might need to download a new consensus status later or sooner than
1444 * we had expected. */
1445 update_consensus_networkstatus_fetch_time(time(NULL));
1446 }
1447 }
1448
1449 /* Load the webpage we're going to serve every time someone asks for '/' on
1450 our DirPort. */
1451 tor_free(global_dirfrontpagecontents);
1452 if (options->DirPortFrontPage) {
1453 global_dirfrontpagecontents =
1454 read_file_to_str(options->DirPortFrontPage, 0, NULL);
1455 if (!global_dirfrontpagecontents) {
1456 log_warn(LD_CONFIG,
1457 "DirPortFrontPage file '%s' not found. Continuing anyway.",
1458 options->DirPortFrontPage);
1459 }
1460 }
1461
1462 return 0;
1463 }
1464
1465 /*
1466 * Functions to parse config options
1467 */
1468
1469 /** If <b>option</b> is an official abbreviation for a longer option,
1470 * return the longer option. Otherwise return <b>option</b>.
1471 * If <b>command_line</b> is set, apply all abbreviations. Otherwise, only
1472 * apply abbreviations that work for the config file and the command line.
1473 * If <b>warn_obsolete</b> is set, warn about deprecated names. */
1474 static const char *
1475 expand_abbrev(config_format_t *fmt, const char *option, int command_line,
1476 int warn_obsolete)
1477 {
1478 int i;
1479 if (! fmt->abbrevs)
1480 return option;
1481 for (i=0; fmt->abbrevs[i].abbreviated; ++i) {
1482 /* Abbreviations are case insensitive. */
1483 if (!strcasecmp(option,fmt->abbrevs[i].abbreviated) &&
1484 (command_line || !fmt->abbrevs[i].commandline_only)) {
1485 if (warn_obsolete && fmt->abbrevs[i].warn) {
1486 log_warn(LD_CONFIG,
1487 "The configuration option '%s' is deprecated; "
1488 "use '%s' instead.",
1489 fmt->abbrevs[i].abbreviated,
1490 fmt->abbrevs[i].full);
1491 }
1492 return fmt->abbrevs[i].full;
1493 }
1494 }
1495 return option;
1496 }
1497
1498 /** Helper: Read a list of configuration options from the command line.
1499 * If successful, put them in *<b>result</b> and return 0, and return
1500 * -1 and leave *<b>result</b> alone. */
1501 static int
1502 config_get_commandlines(int argc, char **argv, config_line_t **result)
1503 {
1504 config_line_t *front = NULL;
1505 config_line_t **new = &front;
1506 char *s;
1507 int i = 1;
1508
1509 while (i < argc) {
1510 if (!strcmp(argv[i],"-f") ||
1511 !strcmp(argv[i],"--hash-password")) {
1512 i += 2; /* command-line option with argument. ignore them. */
1513 continue;
1514 } else if (!strcmp(argv[i],"--list-fingerprint") ||
1515 !strcmp(argv[i],"--verify-config") ||
1516 !strcmp(argv[i],"--ignore-missing-torrc") ||
1517 !strcmp(argv[i],"--quiet") ||
1518 !strcmp(argv[i],"--hush")) {
1519 i += 1; /* command-line option. ignore it. */
1520 continue;
1521 } else if (!strcmp(argv[i],"--nt-service") ||
1522 !strcmp(argv[i],"-nt-service")) {
1523 i += 1;
1524 continue;
1525 }
1526
1527 if (i == argc-1) {
1528 log_warn(LD_CONFIG,"Command-line option '%s' with no value. Failing.",
1529 argv[i]);
1530 config_free_lines(front);
1531 return -1;
1532 }
1533
1534 *new = tor_malloc_zero(sizeof(config_line_t));
1535 s = argv[i];
1536
1537 while (*s == '-')
1538 s++;
1539
1540 (*new)->key = tor_strdup(expand_abbrev(&options_format, s, 1, 1));
1541 (*new)->value = tor_strdup(argv[i+1]);
1542 (*new)->next = NULL;
1543 log(LOG_DEBUG, LD_CONFIG, "command line: parsed keyword '%s', value '%s'",
1544 (*new)->key, (*new)->value);
1545
1546 new = &((*new)->next);
1547 i += 2;
1548 }
1549 *result = front;
1550 return 0;
1551 }
1552
1553 /** Helper: allocate a new configuration option mapping 'key' to 'val',
1554 * append it to *<b>lst</b>. */
1555 static void
1556 config_line_append(config_line_t **lst,
1557 const char *key,
1558 const char *val)
1559 {
1560 config_line_t *newline;
1561
1562 newline = tor_malloc(sizeof(config_line_t));
1563 newline->key = tor_strdup(key);
1564 newline->value = tor_strdup(val);
1565 newline->next = NULL;
1566 while (*lst)
1567 lst = &((*lst)->next);
1568
1569 (*lst) = newline;
1570 }
1571
1572 /** Helper: parse the config string and strdup into key/value
1573 * strings. Set *result to the list, or NULL if parsing the string
1574 * failed. Return 0 on success, -1 on failure. Warn and ignore any
1575 * misformatted lines. */
1576 int
1577 config_get_lines(const char *string, config_line_t **result)
1578 {
1579 config_line_t *list = NULL, **next;
1580 char *k, *v;
1581
1582 next = &list;
1583 do {
1584 k = v = NULL;
1585 string = parse_config_line_from_str(string, &k, &v);
1586 if (!string) {
1587 config_free_lines(list);
1588 tor_free(k);
1589 tor_free(v);
1590 return -1;
1591 }
1592 if (k && v) {
1593 /* This list can get long, so we keep a pointer to the end of it
1594 * rather than using config_line_append over and over and getting
1595 * n^2 performance. */
1596 *next = tor_malloc(sizeof(config_line_t));
1597 (*next)->key = k;
1598 (*next)->value = v;
1599 (*next)->next = NULL;
1600 next = &((*next)->next);
1601 } else {
1602 tor_free(k);
1603 tor_free(v);
1604 }
1605 } while (*string);
1606
1607 *result = list;
1608 return 0;
1609 }
1610
1611 /**
1612 * Free all the configuration lines on the linked list <b>front</b>.
1613 */
1614 void
1615 config_free_lines(config_line_t *front)
1616 {
1617 config_line_t *tmp;
1618
1619 while (front) {
1620 tmp = front;
1621 front = tmp->next;
1622
1623 tor_free(tmp->key);
1624 tor_free(tmp->value);
1625 tor_free(tmp);
1626 }
1627 }
1628
1629 /** Return the description for a given configuration variable, or NULL if no
1630 * description exists. */
1631 static const char *
1632 config_find_description(config_format_t *fmt, const char *name)
1633 {
1634 int i;
1635 for (i=0; fmt->descriptions[i].name; ++i) {
1636 if (!strcasecmp(name, fmt->descriptions[i].name))
1637 return fmt->descriptions[i].description;
1638 }
1639 return NULL;
1640 }
1641
1642 /** If <b>key</b> is a configuration option, return the corresponding
1643 * config_var_t. Otherwise, if <b>key</b> is a non-standard abbreviation,
1644 * warn, and return the corresponding config_var_t. Otherwise return NULL.
1645 */
1646 static config_var_t *
1647 config_find_option(config_format_t *fmt, const char *key)
1648 {
1649 int i;
1650 size_t keylen = strlen(key);
1651 if (!keylen)
1652 return NULL; /* if they say "--" on the command line, it's not an option */
1653 /* First, check for an exact (case-insensitive) match */
1654 for (i=0; fmt->vars[i].name; ++i) {
1655 if (!strcasecmp(key, fmt->vars[i].name)) {
1656 return &fmt->vars[i];
1657 }
1658 }
1659 /* If none, check for an abbreviated match */
1660 for (i=0; fmt->vars[i].name; ++i) {
1661 if (!strncasecmp(key, fmt->vars[i].name, keylen)) {
1662 log_warn(LD_CONFIG, "The abbreviation '%s' is deprecated. "
1663 "Please use '%s' instead",
1664 key, fmt->vars[i].name);
1665 return &fmt->vars[i];
1666 }
1667 }
1668 /* Okay, unrecognized option */
1669 return NULL;
1670 }
1671
1672 /*
1673 * Functions to assign config options.
1674 */
1675
1676 /** <b>c</b>-\>key is known to be a real key. Update <b>options</b>
1677 * with <b>c</b>-\>value and return 0, or return -1 if bad value.
1678 *
1679 * Called from config_assign_line() and option_reset().
1680 */
1681 static int
1682 config_assign_value(config_format_t *fmt, or_options_t *options,
1683 config_line_t *c, char **msg)
1684 {
1685 int i, r, ok;
1686 char buf[1024];
1687 config_var_t *var;
1688 void *lvalue;
1689
1690 CHECK(fmt, options);
1691
1692 var = config_find_option(fmt, c->key);
1693 tor_assert(var);
1694
1695 lvalue = STRUCT_VAR_P(options, var->var_offset);
1696
1697 switch (var->type) {
1698
1699 case CONFIG_TYPE_UINT:
1700 i = (int)tor_parse_long(c->value, 10, 0, INT_MAX, &ok, NULL);
1701 if (!ok) {
1702 r = tor_snprintf(buf, sizeof(buf),
1703 "Int keyword '%s %s' is malformed or out of bounds.",
1704 c->key, c->value);
1705 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1706 return -1;
1707 }
1708 *(int *)lvalue = i;
1709 break;
1710
1711 case CONFIG_TYPE_INTERVAL: {
1712 i = config_parse_interval(c->value, &ok);
1713 if (!ok) {
1714 r = tor_snprintf(buf, sizeof(buf),
1715 "Interval '%s %s' is malformed or out of bounds.",
1716 c->key, c->value);
1717 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1718 return -1;
1719 }
1720 *(int *)lvalue = i;
1721 break;
1722 }
1723
1724 case CONFIG_TYPE_MEMUNIT: {
1725 uint64_t u64 = config_parse_memunit(c->value, &ok);
1726 if (!ok) {
1727 r = tor_snprintf(buf, sizeof(buf),
1728 "Value '%s %s' is malformed or out of bounds.",
1729 c->key, c->value);
1730 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1731 return -1;
1732 }
1733 *(uint64_t *)lvalue = u64;
1734 break;
1735 }
1736
1737 case CONFIG_TYPE_BOOL:
1738 i = (int)tor_parse_long(c->value, 10, 0, 1, &ok, NULL);
1739 if (!ok) {
1740 r = tor_snprintf(buf, sizeof(buf),
1741 "Boolean '%s %s' expects 0 or 1.",
1742 c->key, c->value);
1743 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1744 return -1;
1745 }
1746 *(int *)lvalue = i;
1747 break;
1748
1749 case CONFIG_TYPE_STRING:
1750 case CONFIG_TYPE_FILENAME:
1751 tor_free(*(char **)lvalue);
1752 *(char **)lvalue = tor_strdup(c->value);
1753 break;
1754
1755 case CONFIG_TYPE_DOUBLE:
1756 *(double *)lvalue = atof(c->value);
1757 break;
1758
1759 case CONFIG_TYPE_ISOTIME:
1760 if (parse_iso_time(c->value, (time_t *)lvalue)) {
1761 r = tor_snprintf(buf, sizeof(buf),
1762 "Invalid time '%s' for keyword '%s'", c->value, c->key);
1763 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1764 return -1;
1765 }
1766 break;
1767
1768 case CONFIG_TYPE_ROUTERSET:
1769 if (*(routerset_t**)lvalue) {
1770 routerset_free(*(routerset_t**)lvalue);
1771 }
1772 *(routerset_t**)lvalue = routerset_new();
1773 if (routerset_parse(*(routerset_t**)lvalue, c->value, c->key)<0) {
1774 tor_snprintf(buf, sizeof(buf), "Invalid exit list '%s' for option '%s'",
1775 c->value, c->key);
1776 *msg = tor_strdup(buf);
1777 return -1;
1778 }
1779 break;
1780
1781 case CONFIG_TYPE_CSV:
1782 if (*(smartlist_t**)lvalue) {
1783 SMARTLIST_FOREACH(*(smartlist_t**)lvalue, char *, cp, tor_free(cp));
1784 smartlist_clear(*(smartlist_t**)lvalue);
1785 } else {
1786 *(smartlist_t**)lvalue = smartlist_create();
1787 }
1788
1789 smartlist_split_string(*(smartlist_t**)lvalue, c->value, ",",
1790 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
1791 break;
1792
1793 case CONFIG_TYPE_LINELIST:
1794 case CONFIG_TYPE_LINELIST_S:
1795 config_line_append((config_line_t**)lvalue, c->key, c->value);
1796 break;
1797 case CONFIG_TYPE_OBSOLETE:
1798 log_warn(LD_CONFIG, "Skipping obsolete configuration option '%s'", c->key);
1799 break;
1800 case CONFIG_TYPE_LINELIST_V:
1801 r = tor_snprintf(buf, sizeof(buf),
1802 "You may not provide a value for virtual option '%s'", c->key);
1803 *msg = tor_strdup(r >= 0 ? buf : "internal error");
1804 return -1;
1805 default:
1806 tor_assert(0);
1807 break;
1808 }
1809 return 0;
1810 }
1811
1812 /** If <b>c</b> is a syntactically valid configuration line, update
1813 * <b>options</b> with its value and return 0. Otherwise return -1 for bad
1814 * key, -2 for bad value.
1815 *
1816 * If <b>clear_first</b> is set, clear the value first. Then if
1817 * <b>use_defaults</b> is set, set the value to the default.
1818 *
1819 * Called from config_assign().
1820 */
1821 static int
1822 config_assign_line(config_format_t *fmt, or_options_t *options,
1823 config_line_t *c, int use_defaults,
1824 int clear_first, char **msg)
1825 {
1826 config_var_t *var;
1827
1828 CHECK(fmt, options);
1829
1830 var = config_find_option(fmt, c->key);
1831 if (!var) {
1832 if (fmt->extra) {
1833 void *lvalue = STRUCT_VAR_P(options, fmt->extra->var_offset);
1834 log_info(LD_CONFIG,
1835 "Found unrecognized option '%s'; saving it.", c->key);
1836 config_line_append((config_line_t**)lvalue, c->key, c->value);
1837 return 0;
1838 } else {
1839 char buf[1024];
1840 int tmp = tor_snprintf(buf, sizeof(buf),
1841 "Unknown option '%s'. Failing.", c->key);
1842 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
1843 return -1;
1844 }
1845 }
1846 /* Put keyword into canonical case. */
1847 if (strcmp(var->name, c->key)) {
1848 tor_free(c->key);
1849 c->key = tor_strdup(var->name);
1850 }
1851
1852 if (!strlen(c->value)) {
1853 /* reset or clear it, then return */
1854 if (!clear_first) {
1855 if (var->type == CONFIG_TYPE_LINELIST ||
1856 var->type == CONFIG_TYPE_LINELIST_S) {
1857 /* We got an empty linelist from the torrc or command line.
1858 As a special case, call this an error. Warn and ignore. */
1859 log_warn(LD_CONFIG,
1860 "Linelist option '%s' has no value. Skipping.", c->key);
1861 } else { /* not already cleared */
1862 option_reset(fmt, options, var, use_defaults);
1863 }
1864 }
1865 return 0;
1866 }
1867
1868 if (config_assign_value(fmt, options, c, msg) < 0)
1869 return -2;
1870 return 0;
1871 }
1872
1873 /** Restore the option named <b>key</b> in options to its default value.
1874 * Called from config_assign(). */
1875 static void
1876 config_reset_line(config_format_t *fmt, or_options_t *options,
1877 const char *key, int use_defaults)
1878 {
1879 config_var_t *var;
1880
1881 CHECK(fmt, options);
1882
1883 var = config_find_option(fmt, key);
1884 if (!var)
1885 return; /* give error on next pass. */
1886
1887 option_reset(fmt, options, var, use_defaults);
1888 }
1889
1890 /** Return true iff key is a valid configuration option. */
1891 int
1892 option_is_recognized(const char *key)
1893 {
1894 config_var_t *var = config_find_option(&options_format, key);
1895 return (var != NULL);
1896 }
1897
1898 /** Return the canonical name of a configuration option, or NULL
1899 * if no such option exists. */
1900 const char *
1901 option_get_canonical_name(const char *key)
1902 {
1903 config_var_t *var = config_find_option(&options_format, key);
1904 return var ? var->name : NULL;
1905 }
1906
1907 /** Return a canonical list of the options assigned for key.
1908 */
1909 config_line_t *
1910 option_get_assignment(or_options_t *options, const char *key)
1911 {
1912 return get_assigned_option(&options_format, options, key, 1);
1913 }
1914
1915 /** Return true iff value needs to be quoted and escaped to be used in
1916 * a configuration file. */
1917 static int
1918 config_value_needs_escape(const char *value)
1919 {
1920 if (*value == '\"')
1921 return 1;
1922 while (*value) {
1923 switch (*value)
1924 {
1925 case '\r':
1926 case '\n':
1927 case '#':
1928 /* Note: quotes and backspaces need special handling when we are using
1929 * quotes, not otherwise, so they don't trigger escaping on their
1930 * own. */
1931 return 1;
1932 default:
1933 if (!TOR_ISPRINT(*value))
1934 return 1;
1935 }
1936 ++value;
1937 }
1938 return 0;
1939 }
1940
1941 /** Return a newly allocated deep copy of the lines in <b>inp</b>. */
1942 static config_line_t *
1943 config_lines_dup(const config_line_t *inp)
1944 {
1945 config_line_t *result = NULL;
1946 config_line_t **next_out = &result;
1947 while (inp) {
1948 *next_out = tor_malloc(sizeof(config_line_t));
1949 (*next_out)->key = tor_strdup(inp->key);
1950 (*next_out)->value = tor_strdup(inp->value);
1951 inp = inp->next;
1952 next_out = &((*next_out)->next);
1953 }
1954 (*next_out) = NULL;
1955 return result;
1956 }
1957
1958 /** Return newly allocated line or lines corresponding to <b>key</b> in the
1959 * configuration <b>options</b>. If <b>escape_val</b> is true and a
1960 * value needs to be quoted before it's put in a config file, quote and
1961 * escape that value. Return NULL if no such key exists. */
1962 static config_line_t *
1963 get_assigned_option(config_format_t *fmt, void *options,
1964 const char *key, int escape_val)
1965 {
1966 config_var_t *var;
1967 const void *value;
1968 char buf[32];
1969 config_line_t *result;
1970 tor_assert(options && key);
1971
1972 CHECK(fmt, options);
1973
1974 var = config_find_option(fmt, key);
1975 if (!var) {
1976 log_warn(LD_CONFIG, "Unknown option '%s'. Failing.", key);
1977 return NULL;
1978 }
1979 value = STRUCT_VAR_P(options, var->var_offset);
1980
1981 result = tor_malloc_zero(sizeof(config_line_t));
1982 result->key = tor_strdup(var->name);
1983 switch (var->type)
1984 {
1985 case CONFIG_TYPE_STRING:
1986 case CONFIG_TYPE_FILENAME:
1987 if (*(char**)value) {
1988 result->value = tor_strdup(*(char**)value);
1989 } else {
1990 tor_free(result->key);
1991 tor_free(result);
1992 return NULL;
1993 }
1994 break;
1995 case CONFIG_TYPE_ISOTIME:
1996 if (*(time_t*)value) {
1997 result->value = tor_malloc(ISO_TIME_LEN+1);
1998 format_iso_time(result->value, *(time_t*)value);
1999 } else {
2000 tor_free(result->key);
2001 tor_free(result);
2002 }
2003 escape_val = 0; /* Can't need escape. */
2004 break;
2005 case CONFIG_TYPE_INTERVAL:
2006 case CONFIG_TYPE_UINT:
2007 /* This means every or_options_t uint or bool element
2008 * needs to be an int. Not, say, a uint16_t or char. */
2009 tor_snprintf(buf, sizeof(buf), "%d", *(int*)value);
2010 result->value = tor_strdup(buf);
2011 escape_val = 0; /* Can't need escape. */
2012 break;
2013 case CONFIG_TYPE_MEMUNIT:
2014 tor_snprintf(buf, sizeof(buf), U64_FORMAT,
2015 U64_PRINTF_ARG(*(uint64_t*)value));
2016 result->value = tor_strdup(buf);
2017 escape_val = 0; /* Can't need escape. */
2018 break;
2019 case CONFIG_TYPE_DOUBLE:
2020 tor_snprintf(buf, sizeof(buf), "%f", *(double*)value);
2021 result->value = tor_strdup(buf);
2022 escape_val = 0; /* Can't need escape. */
2023 break;
2024 case CONFIG_TYPE_BOOL:
2025 result->value = tor_strdup(*(int*)value ? "1" : "0");
2026 escape_val = 0; /* Can't need escape. */
2027 break;
2028 case CONFIG_TYPE_ROUTERSET:
2029 result->value = routerset_to_string(*(routerset_t**)value);
2030 break;
2031 case CONFIG_TYPE_CSV:
2032 if (*(smartlist_t**)value)
2033 result->value =
2034 smartlist_join_strings(*(smartlist_t**)value, ",", 0, NULL);
2035 else
2036 result->value = tor_strdup("");
2037 break;
2038 case CONFIG_TYPE_OBSOLETE:
2039 log_fn(LOG_PROTOCOL_WARN, LD_CONFIG,
2040 "You asked me for the value of an obsolete config option '%s'.",
2041 key);
2042 tor_free(result->key);
2043 tor_free(result);
2044 return NULL;
2045 case CONFIG_TYPE_LINELIST_S:
2046 log_warn(LD_CONFIG,
2047 "Can't return context-sensitive '%s' on its own", key);
2048 tor_free(result->key);
2049 tor_free(result);
2050 return NULL;
2051 case CONFIG_TYPE_LINELIST:
2052 case CONFIG_TYPE_LINELIST_V:
2053 tor_free(result->key);
2054 tor_free(result);
2055 result = config_lines_dup(*(const config_line_t**)value);
2056 break;
2057 default:
2058 tor_free(result->key);
2059 tor_free(result);
2060 log_warn(LD_BUG,"Unknown type %d for known key '%s'",
2061 var->type, key);
2062 return NULL;
2063 }
2064
2065 if (escape_val) {
2066 config_line_t *line;
2067 for (line = result; line; line = line->next) {
2068 if (line->value && config_value_needs_escape(line->value)) {
2069 char *newval = esc_for_log(line->value);
2070 tor_free(line->value);
2071 line->value = newval;
2072 }
2073 }
2074 }
2075
2076 return result;
2077 }
2078
2079 /** Iterate through the linked list of requested options <b>list</b>.
2080 * For each item, convert as appropriate and assign to <b>options</b>.
2081 * If an item is unrecognized, set *msg and return -1 immediately,
2082 * else return 0 for success.
2083 *
2084 * If <b>clear_first</b>, interpret config options as replacing (not
2085 * extending) their previous values. If <b>clear_first</b> is set,
2086 * then <b>use_defaults</b> to decide if you set to defaults after
2087 * clearing, or make the value 0 or NULL.
2088 *
2089 * Here are the use cases:
2090 * 1. A non-empty AllowInvalid line in your torrc. Appends to current
2091 * if linelist, replaces current if csv.
2092 * 2. An empty AllowInvalid line in your torrc. Should clear it.
2093 * 3. "RESETCONF AllowInvalid" sets it to default.
2094 * 4. "SETCONF AllowInvalid" makes it NULL.
2095 * 5. "SETCONF AllowInvalid=foo" clears it and sets it to "foo".
2096 *
2097 * Use_defaults Clear_first
2098 * 0 0 "append"
2099 * 1 0 undefined, don't use
2100 * 0 1 "set to null first"
2101 * 1 1 "set to defaults first"
2102 * Return 0 on success, -1 on bad key, -2 on bad value.
2103 *
2104 * As an additional special case, if a LINELIST config option has
2105 * no value and clear_first is 0, then warn and ignore it.
2106 */
2107
2108 /*
2109 There are three call cases for config_assign() currently.
2110
2111 Case one: Torrc entry
2112 options_init_from_torrc() calls config_assign(0, 0)
2113 calls config_assign_line(0, 0).
2114 if value is empty, calls option_reset(0) and returns.
2115 calls config_assign_value(), appends.
2116
2117 Case two: setconf
2118 options_trial_assign() calls config_assign(0, 1)
2119 calls config_reset_line(0)
2120 calls option_reset(0)
2121 calls option_clear().
2122 calls config_assign_line(0, 1).
2123 if value is empty, returns.
2124 calls config_assign_value(), appends.
2125
2126 Case three: resetconf
2127 options_trial_assign() calls config_assign(1, 1)
2128 calls config_reset_line(1)
2129 calls option_reset(1)
2130 calls option_clear().
2131 calls config_assign_value(default)
2132 calls config_assign_line(1, 1).
2133 returns.
2134 */
2135 static int
2136 config_assign(config_format_t *fmt, void *options, config_line_t *list,
2137 int use_defaults, int clear_first, char **msg)
2138 {
2139 config_line_t *p;
2140
2141 CHECK(fmt, options);
2142
2143 /* pass 1: normalize keys */
2144 for (p = list; p; p = p->next) {
2145 const char *full = expand_abbrev(fmt, p->key, 0, 1);
2146 if (strcmp(full,p->key)) {
2147 tor_free(p->key);
2148 p->key = tor_strdup(full);
2149 }
2150 }
2151
2152 /* pass 2: if we're reading from a resetting source, clear all
2153 * mentioned config options, and maybe set to their defaults. */
2154 if (clear_first) {
2155 for (p = list; p; p = p->next)
2156 config_reset_line(fmt, options, p->key, use_defaults);
2157 }
2158
2159 /* pass 3: assign. */
2160 while (list) {
2161 int r;
2162 if ((r=config_assign_line(fmt, options, list, use_defaults,
2163 clear_first, msg)))
2164 return r;
2165 list = list->next;
2166 }
2167 return 0;
2168 }
2169
2170 /** Try assigning <b>list</b> to the global options. You do this by duping
2171 * options, assigning list to the new one, then validating it. If it's
2172 * ok, then throw out the old one and stick with the new one. Else,
2173 * revert to old and return failure. Return SETOPT_OK on success, or
2174 * a setopt_err_t on failure.
2175 *
2176 * If not success, point *<b>msg</b> to a newly allocated string describing
2177 * what went wrong.
2178 */
2179 setopt_err_t
2180 options_trial_assign(config_line_t *list, int use_defaults,
2181 int clear_first, char **msg)
2182 {
2183 int r;
2184 or_options_t *trial_options = options_dup(&options_format, get_options());
2185
2186 if ((r=config_assign(&options_format, trial_options,
2187 list, use_defaults, clear_first, msg)) < 0) {
2188 config_free(&options_format, trial_options);
2189 return r;
2190 }
2191
2192 if (options_validate(get_options(), trial_options, 1, msg) < 0) {
2193 config_free(&options_format, trial_options);
2194 return SETOPT_ERR_PARSE; /*XXX make this a separate return value. */
2195 }
2196
2197 if (options_transition_allowed(get_options(), trial_options, msg) < 0) {
2198 config_free(&options_format, trial_options);
2199 return SETOPT_ERR_TRANSITION;
2200 }
2201
2202 if (set_options(trial_options, msg)<0) {
2203 config_free(&options_format, trial_options);
2204 return SETOPT_ERR_SETTING;
2205 }
2206
2207 /* we liked it. put it in place. */
2208 return SETOPT_OK;
2209 }
2210
2211 /** Reset config option <b>var</b> to 0, 0.0, NULL, or the equivalent.
2212 * Called from option_reset() and config_free(). */
2213 static void
2214 option_clear(config_format_t *fmt, or_options_t *options, config_var_t *var)
2215 {
2216 void *lvalue = STRUCT_VAR_P(options, var->var_offset);
2217 (void)fmt; /* unused */
2218 switch (var->type) {
2219 case CONFIG_TYPE_STRING:
2220 case CONFIG_TYPE_FILENAME:
2221 tor_free(*(char**)lvalue);
2222 break;
2223 case CONFIG_TYPE_DOUBLE:
2224 *(double*)lvalue = 0.0;
2225 break;
2226 case CONFIG_TYPE_ISOTIME:
2227 *(time_t*)lvalue = 0;
2228 case CONFIG_TYPE_INTERVAL:
2229 case CONFIG_TYPE_UINT:
2230 case CONFIG_TYPE_BOOL:
2231 *(int*)lvalue = 0;
2232 break;
2233 case CONFIG_TYPE_MEMUNIT:
2234 *(uint64_t*)lvalue = 0;
2235 break;
2236 case CONFIG_TYPE_ROUTERSET:
2237 if (*(routerset_t**)lvalue) {
2238 routerset_free(*(routerset_t**)lvalue);
2239 *(routerset_t**)lvalue = NULL;
2240 }
2241 case CONFIG_TYPE_CSV:
2242 if (*(smartlist_t**)lvalue) {
2243 SMARTLIST_FOREACH(*(smartlist_t **)lvalue, char *, cp, tor_free(cp));
2244 smartlist_free(*(smartlist_t **)lvalue);
2245 *(smartlist_t **)lvalue = NULL;
2246 }
2247 break;
2248 case CONFIG_TYPE_LINELIST:
2249 case CONFIG_TYPE_LINELIST_S:
2250 config_free_lines(*(config_line_t **)lvalue);
2251 *(config_line_t **)lvalue = NULL;
2252 break;
2253 case CONFIG_TYPE_LINELIST_V:
2254 /* handled by linelist_s. */
2255 break;
2256 case CONFIG_TYPE_OBSOLETE:
2257 break;
2258 }
2259 }
2260
2261 /** Clear the option indexed by <b>var</b> in <b>options</b>. Then if
2262 * <b>use_defaults</b>, set it to its default value.
2263 * Called by config_init() and option_reset_line() and option_assign_line(). */
2264 static void
2265 option_reset(config_format_t *fmt, or_options_t *options,
2266 config_var_t *var, int use_defaults)
2267 {
2268 config_line_t *c;
2269 char *msg = NULL;
2270 CHECK(fmt, options);
2271 option_clear(fmt, options, var); /* clear it first */
2272 if (!use_defaults)
2273 return; /* all done */
2274 if (var->initvalue) {
2275 c = tor_malloc_zero(sizeof(config_line_t));
2276 c->key = tor_strdup(var->name);
2277 c->value = tor_strdup(var->initvalue);
2278 if (config_assign_value(fmt, options, c, &msg) < 0) {
2279 log_warn(LD_BUG, "Failed to assign default: %s", msg);
2280 tor_free(msg); /* if this happens it's a bug */
2281 }
2282 config_free_lines(c);
2283 }
2284 }
2285
2286 /** Print a usage message for tor. */
2287 static void
2288 print_usage(void)
2289 {
2290 printf(
2291 "Copyright (c) 2001-2004, Roger Dingledine\n"
2292 "Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n"
2293 "Copyright (c) 2007-2009, The Tor Project, Inc.\n\n"
2294 "tor -f <torrc> [args]\n"
2295 "See man page for options, or https://www.torproject.org/ for "
2296 "documentation.\n");
2297 }
2298
2299 /** Print all non-obsolete torrc options. */
2300 static void
2301 list_torrc_options(void)
2302 {
2303 int i;
2304 smartlist_t *lines = smartlist_create();
2305 for (i = 0; _option_vars[i].name; ++i) {
2306 config_var_t *var = &_option_vars[i];
2307 const char *desc;
2308 if (var->type == CONFIG_TYPE_OBSOLETE ||
2309 var->type == CONFIG_TYPE_LINELIST_V)
2310 continue;
2311 desc = config_find_description(&options_format, var->name);
2312 printf("%s\n", var->name);
2313 if (desc) {
2314 wrap_string(lines, desc, 76, " ", " ");
2315 SMARTLIST_FOREACH(lines, char *, cp, {
2316 printf("%s", cp);
2317 tor_free(cp);
2318 });
2319 smartlist_clear(lines);
2320 }
2321 }
2322 smartlist_free(lines);
2323 }
2324
2325 /** Last value actually set by resolve_my_address. */
2326 static uint32_t last_resolved_addr = 0;
2327 /**
2328 * Based on <b>options-\>Address</b>, guess our public IP address and put it
2329 * (in host order) into *<b>addr_out</b>. If <b>hostname_out</b> is provided,
2330 * set *<b>hostname_out</b> to a new string holding the hostname we used to
2331 * get the address. Return 0 if all is well, or -1 if we can't find a suitable
2332 * public IP address.
2333 */
2334 int
2335 resolve_my_address(int warn_severity, or_options_t *options,
2336 uint32_t *addr_out, char **hostname_out)
2337 {
2338 struct in_addr in;
2339 struct hostent *rent;
2340 char hostname[256];
2341 int explicit_ip=1;
2342 int explicit_hostname=1;
2343 int from_interface=0;
2344 char tmpbuf[INET_NTOA_BUF_LEN];
2345 const char *address = options->Address;
2346 int notice_severity = warn_severity <= LOG_NOTICE ?
2347 LOG_NOTICE : warn_severity;
2348
2349 tor_assert(addr_out);
2350
2351 if (address && *address) {
2352 strlcpy(hostname, address, sizeof(hostname));
2353 } else { /* then we need to guess our address */
2354 explicit_ip = 0; /* it's implicit */
2355 explicit_hostname = 0; /* it's implicit */
2356
2357 if (gethostname(hostname, sizeof(hostname)) < 0) {
2358 log_fn(warn_severity, LD_NET,"Error obtaining local hostname");
2359 return -1;
2360 }
2361 log_debug(LD_CONFIG,"Guessed local host name as '%s'",hostname);
2362 }
2363
2364 /* now we know hostname. resolve it and keep only the IP address */
2365
2366 if (tor_inet_aton(hostname, &in) == 0) {
2367 /* then we have to resolve it */
2368 explicit_ip = 0;
2369 rent = (struct hostent *)gethostbyname(hostname);
2370 if (!rent) {
2371 uint32_t interface_ip;
2372
2373 if (explicit_hostname) {
2374 log_fn(warn_severity, LD_CONFIG,
2375 "Could not resolve local Address '%s'. Failing.", hostname);
2376 return -1;
2377 }
2378 log_fn(notice_severity, LD_CONFIG,
2379 "Could not resolve guessed local hostname '%s'. "
2380 "Trying something else.", hostname);
2381 if (get_interface_address(warn_severity, &interface_ip)) {
2382 log_fn(warn_severity, LD_CONFIG,
2383 "Could not get local interface IP address. Failing.");
2384 return -1;
2385 }
2386 from_interface = 1;
2387 in.s_addr = htonl(interface_ip);
2388 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2389 log_fn(notice_severity, LD_CONFIG, "Learned IP address '%s' for "
2390 "local interface. Using that.", tmpbuf);
2391 strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname));
2392 } else {
2393 tor_assert(rent->h_length == 4);
2394 memcpy(&in.s_addr, rent->h_addr, rent->h_length);
2395
2396 if (!explicit_hostname &&
2397 is_internal_IP(ntohl(in.s_addr), 0)) {
2398 uint32_t interface_ip;
2399
2400 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2401 log_fn(notice_severity, LD_CONFIG, "Guessed local hostname '%s' "
2402 "resolves to a private IP address (%s). Trying something "
2403 "else.", hostname, tmpbuf);
2404
2405 if (get_interface_address(warn_severity, &interface_ip)) {
2406 log_fn(warn_severity, LD_CONFIG,
2407 "Could not get local interface IP address. Too bad.");
2408 } else if (is_internal_IP(interface_ip, 0)) {
2409 struct in_addr in2;
2410 in2.s_addr = htonl(interface_ip);
2411 tor_inet_ntoa(&in2,tmpbuf,sizeof(tmpbuf));
2412 log_fn(notice_severity, LD_CONFIG,
2413 "Interface IP address '%s' is a private address too. "
2414 "Ignoring.", tmpbuf);
2415 } else {
2416 from_interface = 1;
2417 in.s_addr = htonl(interface_ip);
2418 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2419 log_fn(notice_severity, LD_CONFIG,
2420 "Learned IP address '%s' for local interface."
2421 " Using that.", tmpbuf);
2422 strlcpy(hostname, "<guessed from interfaces>", sizeof(hostname));
2423 }
2424 }
2425 }
2426 }
2427
2428 tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
2429 if (is_internal_IP(ntohl(in.s_addr), 0) &&
2430 options->_PublishServerDescriptor) {
2431 /* make sure we're ok with publishing an internal IP */
2432 if (!options->DirServers && !options->AlternateDirAuthority) {
2433 /* if they are using the default dirservers, disallow internal IPs
2434 * always. */
2435 log_fn(warn_severity, LD_CONFIG,
2436 "Address '%s' resolves to private IP address '%s'. "
2437 "Tor servers that use the default DirServers must have public "
2438 "IP addresses.", hostname, tmpbuf);
2439 return -1;
2440 }
2441 if (!explicit_ip) {
2442 /* even if they've set their own dirservers, require an explicit IP if
2443 * they're using an internal address. */
2444 log_fn(warn_severity, LD_CONFIG, "Address '%s' resolves to private "
2445 "IP address '%s'. Please set the Address config option to be "
2446 "the IP address you want to use.", hostname, tmpbuf);
2447 return -1;
2448 }
2449 }
2450
2451 log_debug(LD_CONFIG, "Resolved Address to '%s'.", tmpbuf);
2452 *addr_out = ntohl(in.s_addr);
2453 if (last_resolved_addr && last_resolved_addr != *addr_out) {
2454 /* Leave this as a notice, regardless of the requested severity,
2455 * at least until dynamic IP address support becomes bulletproof. */
2456 log_notice(LD_NET,
2457 "Your IP address seems to have changed to %s. Updating.",
2458 tmpbuf);
2459 ip_address_changed(0);
2460 }
2461 if (last_resolved_addr != *addr_out) {
2462 const char *method;
2463 const char *h = hostname;
2464 if (explicit_ip) {
2465 method = "CONFIGURED";
2466 h = NULL;
2467 } else if (explicit_hostname) {
2468 method = "RESOLVED";
2469 } else if (from_interface) {
2470 method = "INTERFACE";
2471 h = NULL;
2472 } else {
2473 method = "GETHOSTNAME";
2474 }
2475 control_event_server_status(LOG_NOTICE,
2476 "EXTERNAL_ADDRESS ADDRESS=%s METHOD=%s %s%s",
2477 tmpbuf, method, h?"HOSTNAME=":"", h);
2478 }
2479 last_resolved_addr = *addr_out;
2480 if (hostname_out)
2481 *hostname_out = tor_strdup(hostname);
2482 return 0;
2483 }
2484
2485 /** Return true iff <b>addr</b> is judged to be on the same network as us, or
2486 * on a private network.
2487 */
2488 int
2489 is_local_addr(const tor_addr_t *addr)
2490 {
2491 if (tor_addr_is_internal(addr, 0))
2492 return 1;
2493 /* Check whether ip is on the same /24 as we are. */
2494 if (get_options()->EnforceDistinctSubnets == 0)
2495 return 0;
2496 if (tor_addr_family(addr) == AF_INET) {
2497 /*XXXX022 IP6 what corresponds to an /24? */
2498 uint32_t ip = tor_addr_to_ipv4h(addr);
2499
2500 /* It's possible that this next check will hit before the first time
2501 * resolve_my_address actually succeeds. (For clients, it is likely that
2502 * resolve_my_address will never be called at all). In those cases,
2503 * last_resolved_addr will be 0, and so checking to see whether ip is on
2504 * the same /24 as last_resolved_addr will be the same as checking whether
2505 * it was on net 0, which is already done by is_internal_IP.
2506 */
2507 if ((last_resolved_addr & (uint32_t)0xffffff00ul)
2508 == (ip & (uint32_t)0xffffff00ul))
2509 return 1;
2510 }
2511 return 0;
2512 }
2513
2514 /** Called when we don't have a nickname set. Try to guess a good nickname
2515 * based on the hostname, and return it in a newly allocated string. If we
2516 * can't, return NULL and let the caller warn if it wants to. */
2517 static char *
2518 get_default_nickname(void)
2519 {
2520 static const char * const bad_default_nicknames[] = {
2521 "localhost",
2522 NULL,
2523 };
2524 char localhostname[256];
2525 char *cp, *out, *outp;
2526 int i;
2527
2528 if (gethostname(localhostname, sizeof(localhostname)) < 0)
2529 return NULL;
2530
2531 /* Put it in lowercase; stop at the first dot. */
2532 if ((cp = strchr(localhostname, '.')))
2533 *cp = '\0';
2534 tor_strlower(localhostname);
2535
2536 /* Strip invalid characters. */
2537 cp = localhostname;
2538 out = outp = tor_malloc(strlen(localhostname) + 1);
2539 while (*cp) {
2540 if (strchr(LEGAL_NICKNAME_CHARACTERS, *cp))
2541 *outp++ = *cp++;
2542 else
2543 cp++;
2544 }
2545 *outp = '\0';
2546
2547 /* Enforce length. */
2548 if (strlen(out) > MAX_NICKNAME_LEN)
2549 out[MAX_NICKNAME_LEN]='\0';
2550
2551 /* Check for dumb names. */
2552 for (i = 0; bad_default_nicknames[i]; ++i) {
2553 if (!strcmp(out, bad_default_nicknames[i])) {
2554 tor_free(out);
2555 return NULL;
2556 }
2557 }
2558
2559 return out;
2560 }
2561
2562 /** Release storage held by <b>options</b>. */
2563 static void
2564 config_free(config_format_t *fmt, void *options)
2565 {
2566 int i;
2567
2568 tor_assert(options);
2569
2570 for (i=0; fmt->vars[i].name; ++i)
2571 option_clear(fmt, options, &(fmt->vars[i]));
2572 if (fmt->extra) {
2573 config_line_t **linep = STRUCT_VAR_P(options, fmt->extra->var_offset);
2574 config_free_lines(*linep);
2575 *linep = NULL;
2576 }
2577 tor_free(options);
2578 }
2579
2580 /** Return true iff a and b contain identical keys and values in identical
2581 * order. */
2582 static int
2583 config_lines_eq(config_line_t *a, config_line_t *b)
2584 {
2585 while (a && b) {
2586 if (strcasecmp(a->key, b->key) || strcmp(a->value, b->value))
2587 return 0;
2588 a = a->next;
2589 b = b->next;
2590 }
2591 if (a || b)
2592 return 0;
2593 return 1;
2594 }
2595
2596 /** Return true iff the option <b>name</b> has the same value in <b>o1</b>
2597 * and <b>o2</b>. Must not be called for LINELIST_S or OBSOLETE options.
2598 */
2599 static int
2600 option_is_same(config_format_t *fmt,
2601 or_options_t *o1, or_options_t *o2, const char *name)
2602 {
2603 config_line_t *c1, *c2;
2604 int r = 1;
2605 CHECK(fmt, o1);
2606 CHECK(fmt, o2);
2607
2608 c1 = get_assigned_option(fmt, o1, name, 0);
2609 c2 = get_assigned_option(fmt, o2, name, 0);
2610 r = config_lines_eq(c1, c2);
2611 config_free_lines(c1);
2612 config_free_lines(c2);
2613 return r;
2614 }
2615
2616 /** Copy storage held by <b>old</b> into a new or_options_t and return it. */
2617 static or_options_t *
2618 options_dup(config_format_t *fmt, or_options_t *old)
2619 {
2620 or_options_t *newopts;
2621 int i;
2622 config_line_t *line;
2623
2624 newopts = config_alloc(fmt);
2625 for (i=0; fmt->vars[i].name; ++i) {
2626 if (fmt->vars[i].type == CONFIG_TYPE_LINELIST_S)
2627 continue;
2628 if (fmt->vars[i].type == CONFIG_TYPE_OBSOLETE)
2629 continue;
2630 line = get_assigned_option(fmt, old, fmt->vars[i].name, 0);
2631 if (line) {
2632 char *msg = NULL;
2633 if (config_assign(fmt, newopts, line, 0, 0, &msg) < 0) {
2634 log_err(LD_BUG, "Config_get_assigned_option() generated "
2635 "something we couldn't config_assign(): %s", msg);
2636 tor_free(msg);
2637 tor_assert(0);
2638 }
2639 }
2640 config_free_lines(line);
2641 }
2642 return newopts;
2643 }
2644
2645 /** Return a new empty or_options_t. Used for testing. */
2646 or_options_t *
2647 options_new(void)
2648 {
2649 return config_alloc(&options_format);
2650 }
2651
2652 /** Set <b>options</b> to hold reasonable defaults for most options.
2653 * Each option defaults to zero. */
2654 void
2655 options_init(or_options_t *options)
2656 {
2657 config_init(&options_format, options);
2658 }
2659
2660 /* Check if the port number given in <b>port_option</b> in combination with
2661 * the specified port in <b>listen_options</b> will result in Tor actually
2662 * opening a low port (meaning a port lower than 1024). Return 1 if
2663 * it is, or 0 if it isn't or the concept of a low port isn't applicable for
2664 * the platform we're on. */
2665 static int
2666 is_listening_on_low_port(uint16_t port_option,
2667 const config_line_t *listen_options)
2668 {
2669 #ifdef MS_WINDOWS
2670 return 0; /* No port is too low for windows. */
2671 #else
2672 const config_line_t *l;
2673 uint16_t p;
2674 if (port_option == 0)
2675 return 0; /* We're not listening */
2676 if (listen_options == NULL)
2677 return (port_option < 1024);
2678
2679 for (l = listen_options; l; l = l->next) {
2680 parse_addr_port(LOG_WARN, l->value, NULL, NULL, &p);
2681 if (p<1024) {
2682 return 1;
2683 }
2684 }
2685 return 0;
2686 #endif
2687 }
2688
2689 /** Set all vars in the configuration object <b>options</b> to their default
2690 * values. */
2691 static void
2692 config_init(config_format_t *fmt, void *options)
2693 {
2694 int i;
2695 config_var_t *var;
2696 CHECK(fmt, options);
2697
2698 for (i=0; fmt->vars[i].name; ++i) {
2699 var = &fmt->vars[i];
2700 if (!var->initvalue)
2701 continue; /* defaults to NULL or 0 */
2702 option_reset(fmt, options, var, 1);
2703 }
2704 }
2705
2706 /** Allocate and return a new string holding the written-out values of the vars
2707 * in 'options'. If 'minimal', do not write out any default-valued vars.
2708 * Else, if comment_defaults, write default values as comments.
2709 */
2710 static char *
2711 config_dump(config_format_t *fmt, void *options, int minimal,
2712 int comment_defaults)
2713 {
2714 smartlist_t *elements;
2715 or_options_t *defaults;
2716 config_line_t *line, *assigned;
2717 char *result;
2718 int i;
2719 const char *desc;
2720 char *msg = NULL;
2721
2722 defaults = config_alloc(fmt);
2723 config_init(fmt, defaults);
2724
2725 /* XXX use a 1 here so we don't add a new log line while dumping */
2726 if (fmt->validate_fn(NULL,defaults, 1, &msg) < 0) {
2727 log_err(LD_BUG, "Failed to validate default config.");
2728 tor_free(msg);
2729 tor_assert(0);
2730 }
2731
2732 elements = smartlist_create();
2733 for (i=0; fmt->vars[i].name; ++i) {
2734 int comment_option = 0;
2735 if (fmt->vars[i].type == CONFIG_TYPE_OBSOLETE ||
2736 fmt->vars[i].type == CONFIG_TYPE_LINELIST_S)
2737 continue;
2738 /* Don't save 'hidden' control variables. */
2739 if (!strcmpstart(fmt->vars[i].name, "__"))
2740 continue;
2741 if (minimal && option_is_same(fmt, options, defaults, fmt->vars[i].name))
2742 continue;
2743 else if (comment_defaults &&
2744 option_is_same(fmt, options, defaults, fmt->vars[i].name))
2745 comment_option = 1;
2746
2747 desc = config_find_description(fmt, fmt->vars[i].name);
2748 line = assigned = get_assigned_option(fmt, options, fmt->vars[i].name, 1);
2749
2750 if (line && desc) {
2751 /* Only dump the description if there's something to describe. */
2752 wrap_string(elements, desc, 78, "# ", "# ");
2753 }
2754
2755 for (; line; line = line->next) {
2756 size_t len = strlen(line->key) + strlen(line->value) + 5;
2757 char *tmp;
2758 tmp = tor_malloc(len);
2759 if (tor_snprintf(tmp, len, "%s%s %s\n",
2760 comment_option ? "# " : "",
2761 line->key, line->value)<0) {
2762 log_err(LD_BUG,"Internal error writing option value");
2763 tor_assert(0);
2764 }
2765 smartlist_add(elements, tmp);
2766 }
2767 config_free_lines(assigned);
2768 }
2769
2770 if (fmt->extra) {
2771 line = *(config_line_t**)STRUCT_VAR_P(options, fmt->extra->var_offset);
2772 for (; line; line = line->next) {
2773 size_t len = strlen(line->key) + strlen(line->value) + 3;
2774 char *tmp;
2775 tmp = tor_malloc(len);
2776 if (tor_snprintf(tmp, len, "%s %s\n", line->key, line->value)<0) {
2777 log_err(LD_BUG,"Internal error writing option value");
2778 tor_assert(0);
2779 }
2780 smartlist_add(elements, tmp);
2781 }
2782 }
2783
2784 result = smartlist_join_strings(elements, "", 0, NULL);
2785 SMARTLIST_FOREACH(elements, char *, cp, tor_free(cp));
2786 smartlist_free(elements);
2787 config_free(fmt, defaults);
2788 return result;
2789 }
2790
2791 /** Return a string containing a possible configuration file that would give
2792 * the configuration in <b>options</b>. If <b>minimal</b> is true, do not
2793 * include options that are the same as Tor's defaults.
2794 */
2795 static char *
2796 options_dump(or_options_t *options, int minimal)
2797 {
2798 return config_dump(&options_format, options, minimal, 0);
2799 }
2800
2801 /** Return 0 if every element of sl is a string holding a decimal
2802 * representation of a port number, or if sl is NULL.
2803 * Otherwise set *msg and return -1. */
2804 static int
2805 validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
2806 {
2807 int i;
2808 char buf[1024];
2809 tor_assert(name);
2810
2811 if (!sl)
2812 return 0;
2813
2814 SMARTLIST_FOREACH(sl, const char *, cp,
2815 {
2816 i = atoi(cp);
2817 if (i < 1 || i > 65535) {
2818 int r = tor_snprintf(buf, sizeof(buf),
2819 "Port '%s' out of range in %s", cp, name);
2820 *msg = tor_strdup(r >= 0 ? buf : "internal error");
2821 return -1;
2822 }
2823 });
2824 return 0;
2825 }
2826
2827 /** If <b>value</b> exceeds ROUTER_MAX_DECLARED_BANDWIDTH, write
2828 * a complaint into *<b>msg</b> using string <b>desc</b>, and return -1.
2829 * Else return 0.
2830 */
2831 static int
2832 ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
2833 {
2834 int r;
2835 char buf[1024];
2836 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2837 /* This handles an understandable special case where somebody says "2gb"
2838 * whereas our actual maximum is 2gb-1 (INT_MAX) */
2839 --*value;
2840 }
2841 if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2842 r = tor_snprintf(buf, sizeof(buf), "%s ("U64_FORMAT") must be at most %d",
2843 desc, U64_PRINTF_ARG(*value),
2844 ROUTER_MAX_DECLARED_BANDWIDTH);
2845 *msg = tor_strdup(r >= 0 ? buf : "internal error");
2846 return -1;
2847 }
2848 return 0;
2849 }
2850
2851 /** Parse an authority type from <b>options</b>-\>PublishServerDescriptor
2852 * and write it to <b>options</b>-\>_PublishServerDescriptor. Treat "1"
2853 * as "v2,v3" unless BridgeRelay is 1, in which case treat it as "bridge".
2854 * Treat "0" as "".
2855 * Return 0 on success or -1 if not a recognized authority type (in which
2856 * case the value of _PublishServerDescriptor is undefined). */
2857 static int
2858 compute_publishserverdescriptor(or_options_t *options)
2859 {
2860 smartlist_t *list = options->PublishServerDescriptor;
2861 authority_type_t *auth = &options->_PublishServerDescriptor;
2862 *auth = NO_AUTHORITY;
2863 if (!list) /* empty list, answer is none */
2864 return 0;
2865 SMARTLIST_FOREACH(list, const char *, string, {
2866 if (!strcasecmp(string, "v1"))
2867 *auth |= V1_AUTHORITY;
2868 else if (!strcmp(string, "1"))
2869 if (options->BridgeRelay)
2870 *auth |= BRIDGE_AUTHORITY;
2871 else
2872 *auth |= V2_AUTHORITY | V3_AUTHORITY;
2873 else if (!strcasecmp(string, "v2"))
2874 *auth |= V2_AUTHORITY;
2875 else if (!strcasecmp(string, "v3"))
2876 *auth |= V3_AUTHORITY;
2877 else if (!strcasecmp(string, "bridge"))
2878 *auth |= BRIDGE_AUTHORITY;
2879 else if (!strcasecmp(string, "hidserv"))
2880 *auth |= HIDSERV_AUTHORITY;
2881 else if (!strcasecmp(string, "") || !strcmp(string, "0"))
2882 /* no authority */;
2883 else
2884 return -1;
2885 });
2886 return 0;
2887 }
2888
2889 /** Lowest allowable value for RendPostPeriod; if this is too low, hidden
2890 * services can overload the directory system. */
2891 #define MIN_REND_POST_PERIOD (10*60)
2892
2893 /** Highest allowable value for RendPostPeriod. */
2894 #define MAX_DIR_PERIOD (MIN_ONION_KEY_LIFETIME/2)
2895
2896 /** Lowest allowable value for CircuitBuildTimeout; values too low will
2897 * increase network load because of failing connections being retried, and
2898 * might prevent users from connecting to the network at all. */
2899 #define MIN_CIRCUIT_BUILD_TIMEOUT 30
2900
2901 /** Lowest allowable value for MaxCircuitDirtiness; if this is too low, Tor
2902 * will generate too many circuits and potentially overload the network. */
2903 #define MIN_MAX_CIRCUIT_DIRTINESS 10
2904
2905 /** Return 0 if every setting in <b>options</b> is reasonable, and a
2906 * permissible transition from <b>old_options</b>. Else return -1.
2907 * Should have no side effects, except for normalizing the contents of
2908 * <b>options</b>.
2909 *
2910 * On error, tor_strdup an error explanation into *<b>msg</b>.
2911 *
2912 * XXX
2913 * If <b>from_setconf</b>, we were called by the controller, and our
2914 * Log line should stay empty. If it's 0, then give us a default log
2915 * if there are no logs defined.
2916 */
2917 static int
2918 options_validate(or_options_t *old_options, or_options_t *options,
2919 int from_setconf, char **msg)
2920 {
2921 int i, r;
2922 config_line_t *cl;
2923 const char *uname = get_uname();
2924 char buf[1024];
2925 #define REJECT(arg) \
2926 STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
2927 #define COMPLAIN(arg) STMT_BEGIN log(LOG_WARN, LD_CONFIG, arg); STMT_END
2928
2929 tor_assert(msg);
2930 *msg = NULL;
2931
2932 if (options->ORPort < 0 || options->ORPort > 65535)
2933 REJECT("ORPort option out of bounds.");
2934
2935 if (server_mode(options) &&
2936 (!strcmpstart(uname, "Windows 95") ||
2937 !strcmpstart(uname, "Windows 98") ||
2938 !strcmpstart(uname, "Windows Me"))) {
2939 log(LOG_WARN, LD_CONFIG, "Tor is running as a server, but you are "
2940 "running %s; this probably won't work. See "
2941 "http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerOS "
2942 "for details.", uname);
2943 }
2944
2945 if (options->ORPort == 0 && options->ORListenAddress != NULL)
2946 REJECT("ORPort must be defined if ORListenAddress is defined.");
2947
2948 if (options->DirPort == 0 && options->DirListenAddress != NULL)
2949 REJECT("DirPort must be defined if DirListenAddress is defined.");
2950
2951 if (options->DNSPort == 0 && options->DNSListenAddress != NULL)
2952 REJECT("DNSPort must be defined if DNSListenAddress is defined.");
2953
2954 if (options->ControlPort == 0 && options->ControlListenAddress != NULL)
2955 REJECT("ControlPort must be defined if ControlListenAddress is defined.");
2956
2957 if (options->TransPort == 0 && options->TransListenAddress != NULL)
2958 REJECT("TransPort must be defined if TransListenAddress is defined.");
2959
2960 if (options->NatdPort == 0 && options->NatdListenAddress != NULL)
2961 REJECT("NatdPort must be defined if NatdListenAddress is defined.");
2962
2963 /* Don't gripe about SocksPort 0 with SocksListenAddress set; a standard
2964 * configuration does this. */
2965
2966 for (i = 0; i < 3; ++i) {
2967 int is_socks = i==0;
2968 int is_trans = i==1;
2969 config_line_t *line, *opt, *old;
2970 const char *tp;
2971 if (is_socks) {
2972 opt = options->SocksListenAddress;
2973 old = old_options ? old_options->SocksListenAddress : NULL;
2974 tp = "SOCKS proxy";
2975 } else if (is_trans) {
2976 opt = options->TransListenAddress;
2977 old = old_options ? old_options->TransListenAddress : NULL;
2978 tp = "transparent proxy";
2979 } else {
2980 opt = options->NatdListenAddress;
2981 old = old_options ? old_options->NatdListenAddress : NULL;
2982 tp = "natd proxy";
2983 }
2984
2985 for (line = opt; line; line = line->next) {
2986 char *address = NULL;
2987 uint16_t port;
2988 uint32_t addr;
2989 if (parse_addr_port(LOG_WARN, line->value, &address, &addr, &port)<0)
2990 continue; /* We'll warn about this later. */
2991 if (!is_internal_IP(addr, 1) &&
2992 (!old_options || !config_lines_eq(old, opt))) {
2993 log_warn(LD_CONFIG,
2994 "You specified a public address '%s' for a %s. Other "
2995 "people on the Internet might find your computer and use it as "
2996 "an open %s. Please don't allow this unless you have "
2997 "a good reason.", address, tp, tp);
2998 }
2999 tor_free(address);
3000 }
3001 }
3002
3003 if (validate_data_directory(options)<0)
3004 REJECT("Invalid DataDirectory");
3005
3006 if (options->Nickname == NULL) {
3007 if (server_mode(options)) {
3008 if (!(options->Nickname = get_default_nickname())) {
3009 log_notice(LD_CONFIG, "Couldn't pick a nickname based on "
3010 "our hostname; using %s instead.", UNNAMED_ROUTER_NICKNAME);
3011 options->Nickname = tor_strdup(UNNAMED_ROUTER_NICKNAME);
3012 } else {
3013 log_notice(LD_CONFIG, "Choosing default nickname '%s'",
3014 options->Nickname);
3015 }
3016 }
3017 } else {
3018 if (!is_legal_nickname(options->Nickname)) {
3019 r = tor_snprintf(buf, sizeof(buf),
3020 "Nickname '%s' is wrong length or contains illegal characters.",
3021 options->Nickname);
3022 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3023 return -1;
3024 }
3025 }
3026
3027 if (server_mode(options) && !options->ContactInfo)
3028 log(LOG_NOTICE, LD_CONFIG, "Your ContactInfo config option is not set. "
3029 "Please consider setting it, so we can contact you if your server is "
3030 "misconfigured or something else goes wrong.");
3031
3032 /* Special case on first boot if no Log options are given. */
3033 if (!options->Logs && !options->RunAsDaemon && !from_setconf)
3034 config_line_append(&options->Logs, "Log", "notice stdout");
3035
3036 if (options_init_logs(options, 1)<0) /* Validate the log(s) */
3037 REJECT("Failed to validate Log options. See logs for details.");
3038
3039 if (options->NoPublish) {
3040 log(LOG_WARN, LD_CONFIG,
3041 "NoPublish is obsolete. Use PublishServerDescriptor instead.");
3042 SMARTLIST_FOREACH(options->PublishServerDescriptor, char *, s,
3043 tor_free(s));
3044 smartlist_clear(options->PublishServerDescriptor);
3045 }
3046
3047 if (authdir_mode(options)) {
3048 /* confirm that our address isn't broken, so we can complain now */
3049 uint32_t tmp;
3050 if (resolve_my_address(LOG_WARN, options, &tmp, NULL) < 0)
3051 REJECT("Failed to resolve/guess local address. See logs for details.");
3052 }
3053
3054 #ifndef MS_WINDOWS
3055 if (options->RunAsDaemon && torrc_fname && path_is_relative(torrc_fname))
3056 REJECT("Can't use a relative path to torrc when RunAsDaemon is set.");
3057 #endif
3058
3059 if (options->SocksPort < 0 || options->SocksPort > 65535)
3060 REJECT("SocksPort option out of bounds.");
3061
3062 if (options->DNSPort < 0 || options->DNSPort > 65535)
3063 REJECT("DNSPort option out of bounds.");
3064
3065 if (options->TransPort < 0 || options->TransPort > 65535)
3066 REJECT("TransPort option out of bounds.");
3067
3068 if (options->NatdPort < 0 || options->NatdPort > 65535)
3069 REJECT("NatdPort option out of bounds.");
3070
3071 if (options->SocksPort == 0 && options->TransPort == 0 &&
3072 options->NatdPort == 0 && options->ORPort == 0 &&
3073 options->DNSPort == 0 && !options->RendConfigLines)
3074 log(LOG_WARN, LD_CONFIG,
3075 "SocksPort, TransPort, NatdPort, DNSPort, and ORPort are all "
3076 "undefined, and there aren't any hidden services configured. "
3077 "Tor will still run, but probably won't do anything.");
3078
3079 if (options->ControlPort < 0 || options->ControlPort > 65535)
3080 REJECT("ControlPort option out of bounds.");
3081
3082 if (options->DirPort < 0 || options->DirPort > 65535)
3083 REJECT("DirPort option out of bounds.");
3084
3085 #ifndef USE_TRANSPARENT
3086 if (options->TransPort || options->TransListenAddress)
3087 REJECT("TransPort and TransListenAddress are disabled in this build.");
3088 #endif
3089
3090 if (options->AccountingMax &&
3091 (is_listening_on_low_port(options->ORPort, options->ORListenAddress) ||
3092 is_listening_on_low_port(options->DirPort, options->DirListenAddress)))
3093 {
3094 log(LOG_WARN, LD_CONFIG,
3095 "You have set AccountingMax to use hibernation. You have also "
3096 "chosen a low DirPort or OrPort. This combination can make Tor stop "
3097 "working when it tries to re-attach the port after a period of "
3098 "hibernation. Please choose a different port or turn off "
3099 "hibernation unless you know this combination will work on your "
3100 "platform.");
3101 }
3102
3103 if (options->ExcludeExitNodes || options->ExcludeNodes) {
3104 options->_ExcludeExitNodesUnion = routerset_new();
3105 routerset_union(options->_ExcludeExitNodesUnion,options->ExcludeExitNodes);
3106 routerset_union(options->_ExcludeExitNodesUnion,options->ExcludeNodes);
3107 }
3108
3109 if (options->StrictExitNodes &&
3110 (!options->ExitNodes) &&
3111 (!old_options ||
3112 (old_options->StrictExitNodes != options->StrictExitNodes) ||
3113 (!routerset_equal(old_options->ExitNodes,options->ExitNodes))))
3114 COMPLAIN("StrictExitNodes set, but no ExitNodes listed.");
3115
3116 if (options->StrictEntryNodes &&
3117 (!options->EntryNodes) &&
3118 (!old_options ||
3119 (old_options->StrictEntryNodes != options->StrictEntryNodes) ||
3120 (!routerset_equal(old_options->EntryNodes,options->EntryNodes))))
3121 COMPLAIN("StrictEntryNodes set, but no EntryNodes listed.");
3122
3123 if (options->EntryNodes && !routerset_is_list(options->EntryNodes)) {
3124 /* XXXX fix this; see entry_guards_prepend_from_config(). */
3125 REJECT("IPs or countries are not yet supported in EntryNodes.");
3126 }
3127
3128 if (options->AuthoritativeDir) {
3129 if (!options->ContactInfo && !options->TestingTorNetwork)
3130 REJECT("Authoritative directory servers must set ContactInfo");
3131 if (options->V1AuthoritativeDir && !options->RecommendedVersions)
3132 REJECT("V1 authoritative dir servers must set RecommendedVersions.");
3133 if (!options->RecommendedClientVersions)
3134 options->RecommendedClientVersions =
3135 config_lines_dup(options->RecommendedVersions);
3136 if (!options->RecommendedServerVersions)
3137 options->RecommendedServerVersions =
3138 config_lines_dup(options->RecommendedVersions);
3139 if (options->VersioningAuthoritativeDir &&
3140 (!options->RecommendedClientVersions ||
3141 !options->RecommendedServerVersions))
3142 REJECT("Versioning authoritative dir servers must set "
3143 "Recommended*Versions.");
3144 if (options->UseEntryGuards) {
3145 log_info(LD_CONFIG, "Authoritative directory servers can't set "
3146 "UseEntryGuards. Disabling.");
3147 options->UseEntryGuards = 0;
3148 }
3149 if (!options->DownloadExtraInfo && authdir_mode_any_main(options)) {
3150 log_info(LD_CONFIG, "Authoritative directories always try to download "
3151 "extra-info documents. Setting DownloadExtraInfo.");
3152 options->DownloadExtraInfo = 1;
3153 }
3154 if (!(options->BridgeAuthoritativeDir || options->HSAuthoritativeDir ||
3155 options->V1AuthoritativeDir || options->V2AuthoritativeDir ||
3156 options->V3AuthoritativeDir))
3157 REJECT("AuthoritativeDir is set, but none of "
3158 "(Bridge/HS/V1/V2/V3)AuthoritativeDir is set.");
3159 }
3160
3161 if (options->AuthoritativeDir && !options->DirPort)
3162 REJECT("Running as authoritative directory, but no DirPort set.");
3163
3164 if (options->AuthoritativeDir && !options->ORPort)
3165 REJECT("Running as authoritative directory, but no ORPort set.");
3166
3167 if (options->AuthoritativeDir && options->ClientOnly)
3168 REJECT("Running as authoritative directory, but ClientOnly also set.");
3169
3170 if (options->HSAuthorityRecordStats && !options->HSAuthoritativeDir)
3171 REJECT("HSAuthorityRecordStats is set but we're not running as "
3172 "a hidden service authority.");
3173
3174 if (options->ConnLimit <= 0) {
3175 r = tor_snprintf(buf, sizeof(buf),
3176 "ConnLimit must be greater than 0, but was set to %d",
3177 options->ConnLimit);
3178 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3179 return -1;
3180 }
3181
3182 if (validate_ports_csv(options->FirewallPorts, "FirewallPorts", msg) < 0)
3183 return -1;
3184
3185 if (validate_ports_csv(options->LongLivedPorts, "LongLivedPorts", msg) < 0)
3186 return -1;
3187
3188 if (validate_ports_csv(options->RejectPlaintextPorts,
3189 "RejectPlaintextPorts", msg) < 0)
3190 return -1;
3191
3192 if (validate_ports_csv(options->WarnPlaintextPorts,
3193 "WarnPlaintextPorts", msg) < 0)
3194 return -1;
3195
3196 if (options->FascistFirewall && !options->ReachableAddresses) {
3197 if (options->FirewallPorts && smartlist_len(options->FirewallPorts)) {
3198 /* We already have firewall ports set, so migrate them to
3199 * ReachableAddresses, which will set ReachableORAddresses and
3200 * ReachableDirAddresses if they aren't set explicitly. */
3201 smartlist_t *instead = smartlist_create();
3202 config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
3203 new_line->key = tor_strdup("ReachableAddresses");
3204 /* If we're configured with the old format, we need to prepend some
3205 * open ports. */
3206 SMARTLIST_FOREACH(options->FirewallPorts, const char *, portno,
3207 {
3208 int p = atoi(portno);
3209 char *s;
3210 if (p<0) continue;
3211 s = tor_malloc(16);
3212 tor_snprintf(s, 16, "*:%d", p);
3213 smartlist_add(instead, s);
3214 });
3215 new_line->value = smartlist_join_strings(instead,",",0,NULL);
3216 /* These have been deprecated since 0.1.1.5-alpha-cvs */
3217 log(LOG_NOTICE, LD_CONFIG,
3218 "Converting FascistFirewall and FirewallPorts "
3219 "config options to new format: \"ReachableAddresses %s\"",
3220 new_line->value);
3221 options->ReachableAddresses = new_line;
3222 SMARTLIST_FOREACH(instead, char *, cp, tor_free(cp));
3223 smartlist_free(instead);
3224 } else {
3225 /* We do not have FirewallPorts set, so add 80 to
3226 * ReachableDirAddresses, and 443 to ReachableORAddresses. */
3227 if (!options->ReachableDirAddresses) {
3228 config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
3229 new_line->key = tor_strdup("ReachableDirAddresses");
3230 new_line->value = tor_strdup("*:80");
3231 options->ReachableDirAddresses = new_line;
3232 log(LOG_NOTICE, LD_CONFIG, "Converting FascistFirewall config option "
3233 "to new format: \"ReachableDirAddresses *:80\"");
3234 }
3235 if (!options->ReachableORAddresses) {
3236 config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
3237 new_line->key = tor_strdup("ReachableORAddresses");
3238 new_line->value = tor_strdup("*:443");
3239 options->ReachableORAddresses = new_line;
3240 log(LOG_NOTICE, LD_CONFIG, "Converting FascistFirewall config option "
3241 "to new format: \"ReachableORAddresses *:443\"");
3242 }
3243 }
3244 }
3245
3246 for (i=0; i<3; i++) {
3247 config_line_t **linep =
3248 (i==0) ? &options->ReachableAddresses :
3249 (i==1) ? &options->ReachableORAddresses :
3250 &options->ReachableDirAddresses;
3251 if (!*linep)
3252 continue;
3253 /* We need to end with a reject *:*, not an implicit accept *:* */
3254 for (;;) {
3255 if (!strcmp((*linep)->value, "reject *:*")) /* already there */
3256 break;
3257 linep = &((*linep)->next);
3258 if (!*linep) {
3259 *linep = tor_malloc_zero(sizeof(config_line_t));
3260 (*linep)->key = tor_strdup(
3261 (i==0) ? "ReachableAddresses" :
3262 (i==1) ? "ReachableORAddresses" :
3263 "ReachableDirAddresses");
3264 (*linep)->value = tor_strdup("reject *:*");
3265 break;
3266 }
3267 }
3268 }
3269
3270 if ((options->ReachableAddresses ||
3271 options->ReachableORAddresses ||
3272 options->ReachableDirAddresses) &&
3273 server_mode(options))
3274 REJECT("Servers must be able to freely connect to the rest "
3275 "of the Internet, so they must not set Reachable*Addresses "
3276 "or FascistFirewall.");
3277
3278 if (options->UseBridges &&
3279 server_mode(options))
3280 REJECT("Servers must be able to freely connect to the rest "
3281 "of the Internet, so they must not set UseBridges.");
3282
3283 options->_AllowInvalid = 0;
3284 if (options->AllowInvalidNodes) {
3285 SMARTLIST_FOREACH(options->AllowInvalidNodes, const char *, cp, {
3286 if (!strcasecmp(cp, "entry"))
3287 options->_AllowInvalid |= ALLOW_INVALID_ENTRY;
3288 else if (!strcasecmp(cp, "exit"))
3289 options->_AllowInvalid |= ALLOW_INVALID_EXIT;
3290 else if (!strcasecmp(cp, "middle"))
3291 options->_AllowInvalid |= ALLOW_INVALID_MIDDLE;
3292 else if (!strcasecmp(cp, "introduction"))
3293 options->_AllowInvalid |= ALLOW_INVALID_INTRODUCTION;
3294 else if (!strcasecmp(cp, "rendezvous"))
3295 options->_AllowInvalid |= ALLOW_INVALID_RENDEZVOUS;
3296 else {
3297 r = tor_snprintf(buf, sizeof(buf),
3298 "Unrecognized value '%s' in AllowInvalidNodes", cp);
3299 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3300 return -1;
3301 }
3302 });
3303 }
3304
3305 if (compute_publishserverdescriptor(options) < 0) {
3306 r = tor_snprintf(buf, sizeof(buf),
3307 "Unrecognized value in PublishServerDescriptor");
3308 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3309 return -1;
3310 }
3311
3312 if ((options->BridgeRelay
3313 || options->_PublishServerDescriptor & BRIDGE_AUTHORITY)
3314 && (options->_PublishServerDescriptor
3315 & (V1_AUTHORITY|V2_AUTHORITY|V3_AUTHORITY))) {
3316 REJECT("Bridges are not supposed to publish router descriptors to the "
3317 "directory authorities. Please correct your "
3318 "PublishServerDescriptor line.");
3319 }
3320
3321 if (options->MinUptimeHidServDirectoryV2 < 0) {
3322 log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at "
3323 "least 0 seconds. Changing to 0.");
3324 options->MinUptimeHidServDirectoryV2 = 0;
3325 }
3326
3327 if (options->RendPostPeriod < MIN_REND_POST_PERIOD) {
3328 log(LOG_WARN,LD_CONFIG,"RendPostPeriod option is too short; "
3329 "raising to %d seconds.", MIN_REND_POST_PERIOD);
3330 options->RendPostPeriod = MIN_REND_POST_PERIOD;
3331 }
3332
3333 if (options->RendPostPeriod > MAX_DIR_PERIOD) {
3334 log(LOG_WARN, LD_CONFIG, "RendPostPeriod is too large; clipping to %ds.",
3335 MAX_DIR_PERIOD);
3336 options->RendPostPeriod = MAX_DIR_PERIOD;
3337 }
3338
3339 if (options->CircuitBuildTimeout < MIN_CIRCUIT_BUILD_TIMEOUT) {
3340 log(LOG_WARN, LD_CONFIG, "CircuitBuildTimeout option is too short; "
3341 "raising to %d seconds.", MIN_CIRCUIT_BUILD_TIMEOUT);
3342 options->CircuitBuildTimeout = MIN_CIRCUIT_BUILD_TIMEOUT;
3343 }
3344
3345 if (options->MaxCircuitDirtiness < MIN_MAX_CIRCUIT_DIRTINESS) {
3346 log(LOG_WARN, LD_CONFIG, "MaxCircuitDirtiness option is too short; "
3347 "raising to %d seconds.", MIN_MAX_CIRCUIT_DIRTINESS);
3348 options->MaxCircuitDirtiness = MIN_MAX_CIRCUIT_DIRTINESS;
3349 }
3350
3351 if (options->KeepalivePeriod < 1)
3352 REJECT("KeepalivePeriod option must be positive.");
3353
3354 if (ensure_bandwidth_cap(&options->BandwidthRate,
3355 "BandwidthRate", msg) < 0)
3356 return -1;
3357 if (ensure_bandwidth_cap(&options->BandwidthBurst,
3358 "BandwidthBurst", msg) < 0)
3359 return -1;
3360 if (ensure_bandwidth_cap(&options->MaxAdvertisedBandwidth,
3361 "MaxAdvertisedBandwidth", msg) < 0)
3362 return -1;
3363 if (ensure_bandwidth_cap(&options->RelayBandwidthRate,
3364 "RelayBandwidthRate", msg) < 0)
3365 return -1;
3366 if (ensure_bandwidth_cap(&options->RelayBandwidthBurst,
3367 "RelayBandwidthBurst", msg) < 0)
3368 return -1;
3369
3370 if (server_mode(options)) {
3371 if (options->BandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
3372 r = tor_snprintf(buf, sizeof(buf),
3373 "BandwidthRate is set to %d bytes/second. "
3374 "For servers, it must be at least %d.",
3375 (int)options->BandwidthRate,
3376 ROUTER_REQUIRED_MIN_BANDWIDTH);
3377 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3378 return -1;
3379 } else if (options->MaxAdvertisedBandwidth <
3380 ROUTER_REQUIRED_MIN_BANDWIDTH/2) {
3381 r = tor_snprintf(buf, sizeof(buf),
3382 "MaxAdvertisedBandwidth is set to %d bytes/second. "
3383 "For servers, it must be at least %d.",
3384 (int)options->MaxAdvertisedBandwidth,
3385 ROUTER_REQUIRED_MIN_BANDWIDTH/2);
3386 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3387 return -1;
3388 }
3389 if (options->RelayBandwidthRate &&
3390 options->RelayBandwidthRate < ROUTER_REQUIRED_MIN_BANDWIDTH) {
3391 r = tor_snprintf(buf, sizeof(buf),
3392 "RelayBandwidthRate is set to %d bytes/second. "
3393 "For servers, it must be at least %d.",
3394 (int)options->RelayBandwidthRate,
3395 ROUTER_REQUIRED_MIN_BANDWIDTH);
3396 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3397 return -1;
3398 }
3399 }
3400
3401 if (options->RelayBandwidthRate && !options->RelayBandwidthBurst)
3402 options->RelayBandwidthBurst = options->RelayBandwidthRate;
3403
3404 if (options->RelayBandwidthRate > options->RelayBandwidthBurst)
3405 REJECT("RelayBandwidthBurst must be at least equal "
3406 "to RelayBandwidthRate.");
3407
3408 if (options->BandwidthRate > options->BandwidthBurst)
3409 REJECT("BandwidthBurst must be at least equal to BandwidthRate.");
3410
3411 /* if they set relaybandwidth* really high but left bandwidth*
3412 * at the default, raise the defaults. */
3413 if (options->RelayBandwidthRate > options->BandwidthRate)
3414 options->BandwidthRate = options->RelayBandwidthRate;
3415 if (options->RelayBandwidthBurst > options->BandwidthBurst)
3416 options->BandwidthBurst = options->RelayBandwidthBurst;
3417
3418 if (accounting_parse_options(options, 1)<0)
3419 REJECT("Failed to parse accounting options. See logs for details.");
3420
3421 if (options->HttpProxy) { /* parse it now */
3422 if (parse_addr_port(LOG_WARN, options->HttpProxy, NULL,
3423 &options->HttpProxyAddr, &options->HttpProxyPort) < 0)
3424 REJECT("HttpProxy failed to parse or resolve. Please fix.");
3425 if (options->HttpProxyPort == 0) { /* give it a default */
3426 options->HttpProxyPort = 80;
3427 }
3428 }
3429
3430 if (options->HttpProxyAuthenticator) {
3431 if (strlen(options->HttpProxyAuthenticator) >= 48)
3432 REJECT("HttpProxyAuthenticator is too long (>= 48 chars).");
3433 }
3434
3435 if (options->HttpsProxy) { /* parse it now */
3436 if (parse_addr_port(LOG_WARN, options->HttpsProxy, NULL,
3437 &options->HttpsProxyAddr, &options->HttpsProxyPort) <0)
3438 REJECT("HttpsProxy failed to parse or resolve. Please fix.");
3439 if (options->HttpsProxyPort == 0) { /* give it a default */
3440 options->HttpsProxyPort = 443;
3441 }
3442 }
3443
3444 if (options->HttpsProxyAuthenticator) {
3445 if (strlen(options->HttpsProxyAuthenticator) >= 48)
3446 REJECT("HttpsProxyAuthenticator is too long (>= 48 chars).");
3447 }
3448
3449 if (options->HashedControlPassword) {
3450 smartlist_t *sl = decode_hashed_passwords(options->HashedControlPassword);
3451 if (!sl) {
3452 REJECT("Bad HashedControlPassword: wrong length or bad encoding");
3453 } else {
3454 SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
3455 smartlist_free(sl);
3456 }
3457 }
3458
3459 if (options->HashedControlSessionPassword) {
3460 smartlist_t *sl = decode_hashed_passwords(
3461 options->HashedControlSessionPassword);
3462 if (!sl) {
3463 REJECT("Bad HashedControlSessionPassword: wrong length or bad encoding");
3464 } else {
3465 SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
3466 smartlist_free(sl);
3467 }
3468 }
3469
3470 if (options->ControlListenAddress) {
3471 int all_are_local = 1;
3472 config_line_t *ln;
3473 for (ln = options->ControlListenAddress; ln; ln = ln->next) {
3474 if (strcmpstart(ln->value, "127."))
3475 all_are_local = 0;
3476 }
3477 if (!all_are_local) {
3478 if (!options->HashedControlPassword &&
3479 !options->HashedControlSessionPassword &&
3480 !options->CookieAuthentication) {
3481 log_warn(LD_CONFIG,
3482 "You have a ControlListenAddress set to accept "
3483 "unauthenticated connections from a non-local address. "
3484 "This means that programs not running on your computer "
3485 "can reconfigure your Tor, without even having to guess a "
3486 "password. That's so bad that I'm closing your ControlPort "
3487 "for you. If you need to control your Tor remotely, try "
3488 "enabling authentication and using a tool like stunnel or "
3489 "ssh to encrypt remote access.");
3490 options->ControlPort = 0;
3491 } else {
3492 log_warn(LD_CONFIG, "You have a ControlListenAddress set to accept "
3493 "connections from a non-local address. This means that "
3494 "programs not running on your computer can reconfigure your "
3495 "Tor. That's pretty bad, since the controller "
3496 "protocol isn't encrypted! Maybe you should just listen on "
3497 "127.0.0.1 and use a tool like stunnel or ssh to encrypt "
3498 "remote connections to your control port.");
3499 }
3500 }
3501 }
3502
3503 if (options->ControlPort && !options->HashedControlPassword &&
3504 !options->HashedControlSessionPassword &&
3505 !options->CookieAuthentication) {
3506 log_warn(LD_CONFIG, "ControlPort is open, but no authentication method "
3507 "has been configured. This means that any program on your "
3508 "computer can reconfigure your Tor. That's bad! You should "
3509 "upgrade your Tor controller as soon as possible.");
3510 }
3511
3512 if (options->UseEntryGuards && ! options->NumEntryGuards)
3513 REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0");
3514
3515 if (check_nickname_list(options->MyFamily, "MyFamily", msg))
3516 return -1;
3517 for (cl = options->NodeFamilies; cl; cl = cl->next) {
3518 if (check_nickname_list(cl->value, "NodeFamily", msg))
3519 return -1;
3520 }
3521
3522 if (validate_addr_policies(options, msg) < 0)
3523 return -1;
3524
3525 if (validate_dir_authorities(options, old_options) < 0)
3526 REJECT("Directory authority line did not parse. See logs for details.");
3527
3528 if (options->UseBridges && !options->Bridges)
3529 REJECT("If you set UseBridges, you must specify at least one bridge.");
3530 if (options->UseBridges && !options->TunnelDirConns)
3531 REJECT("If you set UseBridges, you must set TunnelDirConns.");
3532 if (options->Bridges) {
3533 for (cl = options->Bridges; cl; cl = cl->next) {
3534 if (parse_bridge_line(cl->value, 1)<0)
3535 REJECT("Bridge line did not parse. See logs for details.");
3536 }
3537 }
3538
3539 if (options->ConstrainedSockets) {
3540 /* If the user wants to constrain socket buffer use, make sure the desired
3541 * limit is between MIN|MAX_TCPSOCK_BUFFER in k increments. */
3542 if (options->ConstrainedSockSize < MIN_CONSTRAINED_TCP_BUFFER ||
3543 options->ConstrainedSockSize > MAX_CONSTRAINED_TCP_BUFFER ||
3544 options->ConstrainedSockSize % 1024) {
3545 r = tor_snprintf(buf, sizeof(buf),
3546 "ConstrainedSockSize is invalid. Must be a value between %d and %d "
3547 "in 1024 byte increments.",
3548 MIN_CONSTRAINED_TCP_BUFFER, MAX_CONSTRAINED_TCP_BUFFER);
3549 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3550 return -1;
3551 }
3552 if (options->DirPort) {
3553 /* Providing cached directory entries while system TCP buffers are scarce
3554 * will exacerbate the socket errors. Suggest that this be disabled. */
3555 COMPLAIN("You have requested constrained socket buffers while also "
3556 "serving directory entries via DirPort. It is strongly "
3557 "suggested that you disable serving directory requests when "
3558 "system TCP buffer resources are scarce.");
3559 }
3560 }
3561
3562 if (options->V3AuthVoteDelay + options->V3AuthDistDelay >=
3563 options->V3AuthVotingInterval/2) {
3564 REJECT("V3AuthVoteDelay plus V3AuthDistDelay must be less than half "
3565 "V3AuthVotingInterval");
3566 }
3567 if (options->V3AuthVoteDelay < MIN_VOTE_SECONDS)
3568 REJECT("V3AuthVoteDelay is way too low.");
3569 if (options->V3AuthDistDelay < MIN_DIST_SECONDS)
3570 REJECT("V3AuthDistDelay is way too low.");
3571
3572 if (options->V3AuthNIntervalsValid < 2)
3573 REJECT("V3AuthNIntervalsValid must be at least 2.");
3574
3575 if (options->V3AuthVotingInterval < MIN_VOTE_INTERVAL) {
3576 REJECT("V3AuthVotingInterval is insanely low.");
3577 } else if (options->V3AuthVotingInterval > 24*60*60) {
3578 REJECT("V3AuthVotingInterval is insanely high.");
3579 } else if (((24*60*60) % options->V3AuthVotingInterval) != 0) {
3580 COMPLAIN("V3AuthVotingInterval does not divide evenly into 24 hours.");
3581 }
3582
3583 if (rend_config_services(options, 1) < 0)
3584 REJECT("Failed to configure rendezvous options. See logs for details.");
3585
3586 /* Parse client-side authorization for hidden services. */
3587 if (rend_parse_service_authorization(options, 1) < 0)
3588 REJECT("Failed to configure client authorization for hidden services. "
3589 "See logs for details.");
3590
3591 if (parse_virtual_addr_network(options->VirtualAddrNetwork, 1, NULL)<0)
3592 return -1;
3593
3594 if (options->PreferTunneledDirConns && !options->TunnelDirConns)
3595 REJECT("Must set TunnelDirConns if PreferTunneledDirConns is set.");
3596
3597 if (options->AutomapHostsSuffixes) {
3598 SMARTLIST_FOREACH(options->AutomapHostsSuffixes, char *, suf,
3599 {
3600 size_t len = strlen(suf);
3601 if (len && suf[len-1] == '.')
3602 suf[len-1] = '\0';
3603 });
3604 }
3605
3606 if (options->TestingTorNetwork && !options->DirServers) {
3607 REJECT("TestingTorNetwork may only be configured in combination with "
3608 "a non-default set of DirServers.");
3609 }
3610
3611 /*XXXX022 checking for defaults manually like this is a bit fragile.*/
3612
3613 /* Keep changes to hard-coded values synchronous to man page and default
3614 * values table. */
3615 if (options->TestingV3AuthInitialVotingInterval != 30*60 &&
3616 !options->TestingTorNetwork) {
3617 REJECT("TestingV3AuthInitialVotingInterval may only be changed in testing "
3618 "Tor networks!");
3619 } else if (options->TestingV3AuthInitialVotingInterval < MIN_VOTE_INTERVAL) {
3620 REJECT("TestingV3AuthInitialVotingInterval is insanely low.");
3621 } else if (((30*60) % options->TestingV3AuthInitialVotingInterval) != 0) {
3622 REJECT("TestingV3AuthInitialVotingInterval does not divide evenly into "
3623 "30 minutes.");
3624 }
3625
3626 if (options->TestingV3AuthInitialVoteDelay != 5*60 &&
3627 !options->TestingTorNetwork) {
3628 REJECT("TestingV3AuthInitialVoteDelay may only be changed in testing "
3629 "Tor networks!");
3630 } else if (options->TestingV3AuthInitialVoteDelay < MIN_VOTE_SECONDS) {
3631 REJECT("TestingV3AuthInitialVoteDelay is way too low.");
3632 }
3633
3634 if (options->TestingV3AuthInitialDistDelay != 5*60 &&
3635 !options->TestingTorNetwork) {
3636 REJECT("TestingV3AuthInitialDistDelay may only be changed in testing "
3637 "Tor networks!");
3638 } else if (options->TestingV3AuthInitialDistDelay < MIN_DIST_SECONDS) {
3639 REJECT("TestingV3AuthInitialDistDelay is way too low.");
3640 }
3641
3642 if (options->TestingV3AuthInitialVoteDelay +
3643 options->TestingV3AuthInitialDistDelay >=
3644 options->TestingV3AuthInitialVotingInterval/2) {
3645 REJECT("TestingV3AuthInitialVoteDelay plus TestingV3AuthInitialDistDelay "
3646 "must be less than half TestingV3AuthInitialVotingInterval");
3647 }
3648
3649 if (options->TestingAuthDirTimeToLearnReachability != 30*60 &&
3650 !options->TestingTorNetwork) {
3651 REJECT("TestingAuthDirTimeToLearnReachability may only be changed in "
3652 "testing Tor networks!");
3653 } else if (options->TestingAuthDirTimeToLearnReachability < 0) {
3654 REJECT("TestingAuthDirTimeToLearnReachability must be non-negative.");
3655 } else if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) {
3656 COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high.");
3657 }
3658
3659 if (options->TestingEstimatedDescriptorPropagationTime != 10*60 &&
3660 !options->TestingTorNetwork) {
3661 REJECT("TestingEstimatedDescriptorPropagationTime may only be changed in "
3662 "testing Tor networks!");
3663 } else if (options->TestingEstimatedDescriptorPropagationTime < 0) {
3664 REJECT("TestingEstimatedDescriptorPropagationTime must be non-negative.");
3665 } else if (options->TestingEstimatedDescriptorPropagationTime > 60*60) {
3666 COMPLAIN("TestingEstimatedDescriptorPropagationTime is insanely high.");
3667 }
3668
3669 if (options->TestingTorNetwork) {
3670 log_warn(LD_CONFIG, "TestingTorNetwork is set. This will make your node "
3671 "almost unusable in the public Tor network, and is "
3672 "therefore only advised if you are building a "
3673 "testing Tor network!");
3674 }
3675
3676 return 0;
3677 #undef REJECT
3678 #undef COMPLAIN
3679 }
3680
3681 /** Helper: return true iff s1 and s2 are both NULL, or both non-NULL
3682 * equal strings. */
3683 static int
3684 opt_streq(const char *s1, const char *s2)
3685 {
3686 if (!s1 && !s2)
3687 return 1;
3688 else if (s1 && s2 && !strcmp(s1,s2))
3689 return 1;
3690 else
3691 return 0;
3692 }
3693
3694 /** Check if any of the previous options have changed but aren't allowed to. */
3695 static int
3696 options_transition_allowed(or_options_t *old, or_options_t *new_val,
3697 char **msg)
3698 {
3699 if (!old)
3700 return 0;
3701
3702 if (!opt_streq(old->PidFile, new_val->PidFile)) {
3703 *msg = tor_strdup("PidFile is not allowed to change.");
3704 return -1;
3705 }
3706
3707 if (old->RunAsDaemon != new_val->RunAsDaemon) {
3708 *msg = tor_strdup("While Tor is running, changing RunAsDaemon "
3709 "is not allowed.");
3710 return -1;
3711 }
3712
3713 if (strcmp(old->DataDirectory,new_val->DataDirectory)!=0) {
3714 char buf[1024];
3715 int r = tor_snprintf(buf, sizeof(buf),
3716 "While Tor is running, changing DataDirectory "
3717 "(\"%s\"->\"%s\") is not allowed.",
3718 old->DataDirectory, new_val->DataDirectory);
3719 *msg = tor_strdup(r >= 0 ? buf : "internal error");
3720 return -1;
3721 }
3722
3723 if (!opt_streq(old->User, new_val->User)) {
3724 *msg = tor_strdup("While Tor is running, changing User is not allowed.");
3725 return -1;
3726 }
3727
3728 if (!opt_streq(old->Group, new_val->Group)) {
3729 *msg = tor_strdup("While Tor is running, changing Group is not allowed.");
3730 return -1;
3731 }
3732
3733 if (old->HardwareAccel != new_val->HardwareAccel) {
3734 *msg = tor_strdup("While Tor is running, changing HardwareAccel is "
3735 "not allowed.");
3736 return -1;
3737 }
3738
3739 if (old->TestingTorNetwork != new_val->TestingTorNetwork) {
3740 *msg = tor_strdup("While Tor is running, changing TestingTorNetwork "
3741 "is not allowed.");
3742 return -1;
3743 }
3744
3745 return 0;
3746 }
3747
3748 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
3749 * will require us to rotate the CPU and DNS workers; else return 0. */
3750 static int
3751 options_transition_affects_workers(or_options_t *old_options,
3752 or_options_t *new_options)
3753 {
3754 if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
3755 old_options->NumCpus != new_options->NumCpus ||
3756 old_options->ORPort != new_options->ORPort ||
3757 old_options->ServerDNSSearchDomains !=
3758 new_options->ServerDNSSearchDomains ||
3759 old_options->SafeLogging != new_options->SafeLogging ||
3760 old_options->ClientOnly != new_options->ClientOnly ||
3761 !config_lines_eq(old_options->Logs, new_options->Logs))
3762 return 1;
3763
3764 /* Check whether log options match. */
3765
3766 /* Nothing that changed matters. */
3767 return 0;
3768 }
3769
3770 /** Return 1 if any change from <b>old_options</b> to <b>new_options</b>
3771 * will require us to generate a new descriptor; else return 0. */
3772 static int
3773 options_transition_affects_descriptor(or_options_t *old_options,
3774 or_options_t *new_options)
3775 {
3776 /* XXX We can be smarter here. If your DirPort isn't being
3777 * published and you just turned it off, no need to republish. Etc. */
3778 if (!opt_streq(old_options->DataDirectory, new_options->DataDirectory) ||
3779 !opt_streq(old_options->Nickname,new_options->Nickname) ||
3780 !opt_streq(old_options->Address,new_options->Address) ||
3781 !config_lines_eq(old_options->ExitPolicy,new_options->ExitPolicy) ||
3782 old_options->ExitPolicyRejectPrivate !=
3783 new_options->ExitPolicyRejectPrivate ||
3784 old_options->ORPort != new_options->ORPort ||
3785 old_options->DirPort != new_options->DirPort ||
3786 old_options->ClientOnly != new_options->ClientOnly ||
3787 old_options->NoPublish != new_options->NoPublish ||
3788 old_options->_PublishServerDescriptor !=
3789 new_options->_PublishServerDescriptor ||
3790 get_effective_bwrate(old_options) != get_effective_bwrate(new_options) ||
3791 get_effective_bwburst(old_options) !=
3792 get_effective_bwburst(new_options) ||
3793 !opt_streq(old_options->ContactInfo, new_options->ContactInfo) ||
3794 !opt_streq(old_options->MyFamily, new_options->MyFamily) ||
3795 !opt_streq(old_options->AccountingStart, new_options->AccountingStart) ||
3796 old_options->AccountingMax != new_options->AccountingMax)
3797 return 1;
3798
3799 return 0;
3800 }
3801
3802 #ifdef MS_WINDOWS
3803 /** Return the directory on windows where we expect to find our application
3804 * data. */
3805 static char *
3806 get_windows_conf_root(void)
3807 {
3808 static int is_set = 0;
3809 static char path[MAX_PATH+1];
3810
3811 LPITEMIDLIST idl;
3812 IMalloc *m;
3813 HRESULT result;
3814
3815 if (is_set)
3816 return path;
3817
3818 /* Find X:\documents and settings\username\application data\ .
3819 * We would use SHGetSpecialFolder path, but that wasn't added until IE4.
3820 */
3821 #ifdef ENABLE_LOCAL_APPDATA
3822 #define APPDATA_PATH CSIDL_LOCAL_APPDATA
3823 #else
3824 #define APPDATA_PATH CSIDL_APPDATA
3825 #endif
3826 if (!SUCCEEDED(SHGetSpecialFolderLocation(NULL, APPDATA_PATH, &idl))) {
3827 GetCurrentDirectory(MAX_PATH, path);
3828 is_set = 1;
3829 log_warn(LD_CONFIG,
3830 "I couldn't find your application data folder: are you "
3831 "running an ancient version of Windows 95? Defaulting to \"%s\"",
3832 path);
3833 return path;
3834 }
3835 /* Convert the path from an "ID List" (whatever that is!) to a path. */
3836 result = SHGetPathFromIDList(idl, path);
3837 /* Now we need to free the */
3838 SHGetMalloc(&m);
3839 if (m) {
3840 m->lpVtbl->Free(m, idl);
3841 m->lpVtbl->Release(m);
3842 }
3843 if (!SUCCEEDED(result)) {
3844 return NULL;
3845 }
3846 strlcat(path,"\\tor",MAX_PATH);
3847 is_set = 1;
3848 return path;
3849 }
3850 #endif
3851
3852 /** Return the default location for our torrc file. */
3853 static const char *
3854 get_default_conf_file(void)
3855 {
3856 #ifdef MS_WINDOWS
3857 static char path[MAX_PATH+1];
3858 strlcpy(path, get_windows_conf_root(), MAX_PATH);
3859 strlcat(path,"\\torrc",MAX_PATH);
3860 return path;
3861 #else
3862 return (CONFDIR "/torrc");
3863 #endif
3864 }
3865
3866 /** Verify whether lst is a string containing valid-looking comma-separated
3867 * nicknames, or NULL. Return 0 on success. Warn and return -1 on failure.
3868 */
3869 static int
3870 check_nickname_list(const char *lst, const char *name, char **msg)
3871 {
3872 int r = 0;
3873 smartlist_t *sl;
3874
3875 if (!lst)
3876 return 0;
3877 sl = smartlist_create();
3878
3879 smartlist_split_string(sl, lst, ",",
3880 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK|SPLIT_STRIP_SPACE, 0);
3881
3882 SMARTLIST_FOREACH(sl, const char *, s,
3883 {
3884 if (!is_legal_nickname_or_hexdigest(s)) {
3885 char buf[1024];
3886 int tmp = tor_snprintf(buf, sizeof(buf),
3887 "Invalid nickname '%s' in %s line", s, name);
3888 *msg = tor_strdup(tmp >= 0 ? buf : "internal error");
3889 r = -1;
3890 break;
3891 }
3892 });
3893 SMARTLIST_FOREACH(sl, char *, s, tor_free(s));
3894 smartlist_free(sl);
3895 return r;
3896 }
3897
3898 /** Learn config file name from command line arguments, or use the default */
3899 static char *
3900 find_torrc_filename(int argc, char **argv,
3901 int *using_default_torrc, int *ignore_missing_torrc)
3902 {
3903 char *fname=NULL;
3904 int i;
3905
3906 for (i = 1; i < argc; ++i) {
3907 if (i < argc-1 && !strcmp(argv[i],"-f")) {
3908 if (fname) {
3909 log(LOG_WARN, LD_CONFIG, "Duplicate -f options on command line.");
3910 tor_free(fname);
3911 }
3912 #ifdef MS_WINDOWS
3913 /* XXX one day we might want to extend expand_filename to work
3914 * under Windows as well. */
3915 fname = tor_strdup(argv[i+1]);
3916 #else
3917 fname = expand_filename(argv[i+1]);
3918 #endif
3919 *using_default_torrc = 0;
3920 ++i;
3921 } else if (!strcmp(argv[i],"--ignore-missing-torrc")) {
3922 *ignore_missing_torrc = 1;
3923 }
3924 }
3925
3926 if (*using_default_torrc) {
3927 /* didn't find one, try CONFDIR */
3928 const char *dflt = get_default_conf_file();
3929 if (dflt && file_status(dflt) == FN_FILE) {
3930 fname = tor_strdup(dflt);
3931 } else {
3932 #ifndef MS_WINDOWS
3933 char *fn;
3934 fn = expand_filename("~/.torrc");
3935 if (fn && file_status(fn) == FN_FILE) {
3936 fname = fn;
3937 } else {
3938 tor_free(fn);
3939 fname = tor_strdup(dflt);
3940 }
3941 #else
3942 fname = tor_strdup(dflt);
3943 #endif
3944 }
3945 }
3946 return fname;
3947 }
3948
3949 /** Load torrc from disk, setting torrc_fname if successful */
3950 static char *
3951 load_torrc_from_disk(int argc, char **argv)
3952 {
3953 char *fname=NULL;
3954 char *cf = NULL;
3955 int using_default_torrc = 1;
3956 int ignore_missing_torrc = 0;
3957
3958 fname = find_torrc_filename(argc, argv,
3959 &using_default_torrc, &ignore_missing_torrc);
3960 tor_assert(fname);
3961 log(LOG_DEBUG, LD_CONFIG, "Opening config file \"%s\"", fname);
3962
3963 tor_free(torrc_fname);
3964 torrc_fname = fname;
3965
3966 /* Open config file */
3967 if (file_status(fname) != FN_FILE ||
3968 !(cf = read_file_to_str(fname,0,NULL))) {
3969 if (using_default_torrc == 1 || ignore_missing_torrc ) {
3970 log(LOG_NOTICE, LD_CONFIG, "Configuration file \"%s\" not present, "
3971 "using reasonable defaults.", fname);
3972 tor_free(fname); /* sets fname to NULL */
3973 torrc_fname = NULL;
3974 cf = tor_strdup("");
3975 } else {
3976 log(LOG_WARN, LD_CONFIG,
3977 "Unable to open configuration file \"%s\".", fname);
3978 goto err;
3979 }
3980 }
3981
3982 return cf;
3983 err:
3984 tor_free(fname);
3985 torrc_fname = NULL;
3986 return NULL;
3987 }
3988
3989 /** Read a configuration file into <b>options</b>, finding the configuration
3990 * file location based on the command line. After loading the file
3991 * call options_init_from_string() to load the config.
3992 * Return 0 if success, -1 if failure. */
3993 int
3994 options_init_from_torrc(int argc, char **argv)
3995 {
3996 char *cf=NULL;
3997 int i, retval, command;
3998 static char **backup_argv;
3999 static int backup_argc;
4000 char *command_arg = NULL;
4001 char *errmsg=NULL;
4002
4003 if (argv) { /* first time we're called. save command line args */
4004 backup_argv = argv;
4005 backup_argc = argc;
4006 } else { /* we're reloading. need to clean up old options first. */
4007 argv = backup_argv;
4008 argc = backup_argc;
4009 }
4010 if (argc > 1 && (!strcmp(argv[1], "-h") || !strcmp(argv[1],"--help"))) {
4011 print_usage();
4012 exit(0);
4013 }
4014 if (argc > 1 && !strcmp(argv[1], "--list-torrc-options")) {
4015 /* For documenting validating whether we've documented everything. */
4016 list_torrc_options();
4017 exit(0);
4018 }
4019
4020 if (argc > 1 && (!strcmp(argv[1],"--version"))) {
4021 printf("Tor version %s.\n",get_version());
4022 exit(0);
4023 }
4024
4025 /* Go through command-line variables */
4026 if (!global_cmdline_options) {
4027 /* Or we could redo the list every time we pass this place.
4028 * It does not really matter */
4029 if (config_get_commandlines(argc, argv, &global_cmdline_options) < 0) {
4030 goto err;
4031 }
4032 }
4033
4034 command = CMD_RUN_TOR;
4035 for (i = 1; i < argc; ++i) {
4036 if (!strcmp(argv[i],"--list-fingerprint")) {
4037 command = CMD_LIST_FINGERPRINT;
4038 } else if (!strcmp(argv[i],"--hash-password")) {
4039 command = CMD_HASH_PASSWORD;
4040 command_arg = tor_strdup( (i < argc-1) ? argv[i+1] : "");
4041 ++i;
4042 } else if (!strcmp(argv[i],"--verify-config")) {
4043 command = CMD_VERIFY_CONFIG;
4044 }
4045 }
4046
4047 if (command == CMD_HASH_PASSWORD) {
4048 cf = tor_strdup("");
4049 } else {
4050 cf = load_torrc_from_disk(argc, argv);
4051 if (!cf)
4052 goto err;
4053 }
4054
4055 retval = options_init_from_string(cf, command, command_arg, &errmsg);
4056 tor_free(cf);
4057 if (retval < 0)
4058 goto err;
4059
4060 return 0;
4061
4062 err:
4063 if (errmsg) {
4064 log(LOG_WARN,LD_CONFIG,"%s", errmsg);
4065 tor_free(errmsg);
4066 }
4067 return -1;
4068 }
4069
4070 /** Load the options from the configuration in <b>cf</b>, validate
4071 * them for consistency and take actions based on them.
4072 *
4073 * Return 0 if success, negative on error:
4074 * * -1 for general errors.
4075 * * -2 for failure to parse/validate,
4076 * * -3 for transition not allowed
4077 * * -4 for error while setting the new options
4078 */
4079 setopt_err_t
4080 options_init_from_string(const char *cf,
4081 int command, const char *command_arg,
4082 char **msg)
4083 {
4084 or_options_t *oldoptions, *newoptions;
4085 config_line_t *cl;
4086 int retval;
4087 setopt_err_t err = SETOPT_ERR_MISC;
4088 tor_assert(msg);
4089
4090 oldoptions = global_options; /* get_options unfortunately asserts if
4091 this is the first time we run*/
4092
4093 newoptions = tor_malloc_zero(sizeof(or_options_t));
4094 newoptions->_magic = OR_OPTIONS_MAGIC;
4095 options_init(newoptions);
4096 newoptions->command = command;
4097 newoptions->command_arg = command_arg;
4098
4099 /* get config lines, assign them */
4100 retval = config_get_lines(cf, &cl);
4101 if (retval < 0) {
4102 err = SETOPT_ERR_PARSE;
4103 goto err;
4104 }
4105 retval = config_assign(&options_format, newoptions, cl, 0, 0, msg);
4106 config_free_lines(cl);
4107 if (retval < 0) {
4108 err = SETOPT_ERR_PARSE;
4109 goto err;
4110 }
4111
4112 /* Go through command-line variables too */
4113 retval = config_assign(&options_format, newoptions,
4114 global_cmdline_options, 0, 0, msg);
4115 if (retval < 0) {
4116 err = SETOPT_ERR_PARSE;
4117 goto err;
4118 }
4119
4120 /* If this is a testing network configuration, change defaults
4121 * for a list of dependent config options, re-initialize newoptions
4122 * with the new defaults, and assign all options to it second time. */
4123 if (newoptions->TestingTorNetwork) {
4124 /* XXXX this is a bit of a kludge. perhaps there's a better way to do
4125 * this? We could, for example, make the parsing algorithm do two passes
4126 * over the configuration. If it finds any "suite" options like
4127 * TestingTorNetwork, it could change the defaults before its second pass.
4128 * Not urgent so long as this seems to work, but at any sign of trouble,
4129 * let's clean it up. -NM */
4130
4131 /* Change defaults. */
4132 int i;
4133 for (i = 0; testing_tor_network_defaults[i].name; ++i) {
4134 config_var_t *new_var = &testing_tor_network_defaults[i];
4135 config_var_t *old_var =
4136 config_find_option(&options_format, new_var->name);
4137 tor_assert(new_var);
4138 tor_assert(old_var);
4139 old_var->initvalue = new_var->initvalue;
4140 }
4141
4142 /* Clear newoptions and re-initialize them with new defaults. */
4143 config_free(&options_format, newoptions);
4144 newoptions = tor_malloc_zero(sizeof(or_options_t));
4145 newoptions->_magic = OR_OPTIONS_MAGIC;
4146 options_init(newoptions);
4147 newoptions->command = command;
4148 newoptions->command_arg = command_arg;
4149
4150 /* Assign all options a second time. */
4151 retval = config_get_lines(cf, &cl);
4152 if (retval < 0) {
4153 err = SETOPT_ERR_PARSE;
4154 goto err;
4155 }
4156 retval = config_assign(&options_format, newoptions, cl, 0, 0, msg);
4157 config_free_lines(cl);
4158 if (retval < 0) {
4159 err = SETOPT_ERR_PARSE;
4160 goto err;
4161 }
4162 retval = config_assign(&options_format, newoptions,
4163 global_cmdline_options, 0, 0, msg);
4164 if (retval < 0) {
4165 err = SETOPT_ERR_PARSE;
4166 goto err;
4167 }
4168 }
4169
4170 /* Validate newoptions */
4171 if (options_validate(oldoptions, newoptions, 0, msg) < 0) {
4172 err = SETOPT_ERR_PARSE; /*XXX make this a separate return value.*/
4173 goto err;
4174 }
4175
4176 if (options_transition_allowed(oldoptions, newoptions, msg) < 0) {
4177 err = SETOPT_ERR_TRANSITION;
4178 goto err;
4179 }
4180
4181 if (set_options(newoptions, msg)) {
4182 err = SETOPT_ERR_SETTING;
4183 goto err; /* frees and replaces old options */
4184 }
4185
4186 return SETOPT_OK;
4187
4188 err:
4189 config_free(&options_format, newoptions);
4190 if (*msg) {
4191 int len = (int)strlen(*msg)+256;
4192 char *newmsg = tor_malloc(len);
4193
4194 tor_snprintf(newmsg, len, "Failed to parse/validate config: %s", *msg);
4195 tor_free(*msg);
4196 *msg = newmsg;
4197 }
4198 return err;
4199 }
4200
4201 /** Return the location for our configuration file.
4202 */
4203 const char *
4204 get_torrc_fname(void)
4205 {
4206 if (torrc_fname)
4207 return torrc_fname;
4208 else
4209 return get_default_conf_file();
4210 }
4211
4212 /** Adjust the address map based on the MapAddress elements in the
4213 * configuration <b>options</b>
4214 */
4215 static void
4216 config_register_addressmaps(or_options_t *options)
4217 {
4218 smartlist_t *elts;
4219 config_line_t *opt;
4220 char *from, *to;
4221
4222 addressmap_clear_configured();
4223 elts = smartlist_create();
4224 for (opt = options->AddressMap; opt; opt = opt->next) {
4225 smartlist_split_string(elts, opt->value, NULL,
4226 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4227 if (smartlist_len(elts) >= 2) {
4228 from = smartlist_get(elts,0);
4229 to = smartlist_get(elts,1);
4230 if (address_is_invalid_destination(to, 1)) {
4231 log_warn(LD_CONFIG,
4232 "Skipping invalid argument '%s' to MapAddress", to);
4233 } else {
4234 addressmap_register(from, tor_strdup(to), 0, ADDRMAPSRC_TORRC);
4235 if (smartlist_len(elts)>2) {
4236 log_warn(LD_CONFIG,"Ignoring extra arguments to MapAddress.");
4237 }
4238 }
4239 } else {
4240 log_warn(LD_CONFIG,"MapAddress '%s' has too few arguments. Ignoring.",
4241 opt->value);
4242 }
4243 SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
4244 smartlist_clear(elts);
4245 }
4246 smartlist_free(elts);
4247 }
4248
4249 /**
4250 * Initialize the logs based on the configuration file.
4251 */
4252 static int
4253 options_init_logs(or_options_t *options, int validate_only)
4254 {
4255 config_line_t *opt;
4256 int ok;
4257 smartlist_t *elts;
4258 int daemon =
4259 #ifdef MS_WINDOWS
4260 0;
4261 #else
4262 options->RunAsDaemon;
4263 #endif
4264
4265 ok = 1;
4266 elts = smartlist_create();
4267
4268 for (opt = options->Logs; opt; opt = opt->next) {
4269 log_severity_list_t *severity;
4270 const char *cfg = opt->value;
4271 severity = tor_malloc_zero(sizeof(log_severity_list_t));
4272 if (parse_log_severity_config(&cfg, severity) < 0) {
4273 log_warn(LD_CONFIG, "Couldn't parse log levels in Log option 'Log %s'",
4274 opt->value);
4275 ok = 0; goto cleanup;
4276 }
4277
4278 smartlist_split_string(elts, cfg, NULL,
4279 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4280
4281 if (smartlist_len(elts) == 0)
4282 smartlist_add(elts, tor_strdup("stdout"));
4283
4284 if (smartlist_len(elts) == 1 &&
4285 (!strcasecmp(smartlist_get(elts,0), "stdout") ||
4286 !strcasecmp(smartlist_get(elts,0), "stderr"))) {
4287 int err = smartlist_len(elts) &&
4288 !strcasecmp(smartlist_get(elts,0), "stderr");
4289 if (!validate_only) {
4290 if (daemon) {
4291 log_warn(LD_CONFIG,
4292 "Can't log to %s with RunAsDaemon set; skipping stdout",
4293 err?"stderr":"stdout");
4294 } else {
4295 add_stream_log(severity, err?"<stderr>":"<stdout>",
4296 fileno(err?stderr:stdout));
4297 }
4298 }
4299 goto cleanup;
4300 }
4301 if (smartlist_len(elts) == 1 &&
4302 !strcasecmp(smartlist_get(elts,0), "syslog")) {
4303 #ifdef HAVE_SYSLOG_H
4304 if (!validate_only) {
4305 add_syslog_log(severity);
4306 }
4307 #else
4308 log_warn(LD_CONFIG, "Syslog is not supported on this system. Sorry.");
4309 #endif
4310 goto cleanup;
4311 }
4312
4313 if (smartlist_len(elts) == 2 &&
4314 !strcasecmp(smartlist_get(elts,0), "file")) {
4315 if (!validate_only) {
4316 if (add_file_log(severity, smartlist_get(elts, 1)) < 0) {
4317 log_warn(LD_CONFIG, "Couldn't open file for 'Log %s': %s",
4318 opt->value, strerror(errno));
4319 ok = 0;
4320 }
4321 }
4322 goto cleanup;
4323 }
4324
4325 log_warn(LD_CONFIG, "Bad syntax on file Log option 'Log %s'",
4326 opt->value);
4327 ok = 0; goto cleanup;
4328
4329 cleanup:
4330 SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
4331 smartlist_clear(elts);
4332 tor_free(severity);
4333 }
4334 smartlist_free(elts);
4335
4336 return ok?0:-1;
4337 }
4338
4339 /** Read the contents of a Bridge line from <b>line</b>. Return 0
4340 * if the line is well-formed, and -1 if it isn't. If
4341 * <b>validate_only</b> is 0, and the line is well-formed, then add
4342 * the bridge described in the line to our internal bridge list. */
4343 static int
4344 parse_bridge_line(const char *line, int validate_only)
4345 {
4346 smartlist_t *items = NULL;
4347 int r;
4348 char *addrport=NULL, *fingerprint=NULL;
4349 tor_addr_t addr;
4350 uint16_t port = 0;
4351 char digest[DIGEST_LEN];
4352
4353 items = smartlist_create();
4354 smartlist_split_string(items, line, NULL,
4355 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
4356 if (smartlist_len(items) < 1) {
4357 log_warn(LD_CONFIG, "Too few arguments to Bridge line.");
4358 goto err;
4359 }
4360 addrport = smartlist_get(items, 0);
4361 smartlist_del_keeporder(items, 0);
4362 if (tor_addr_port_parse(addrport, &addr, &port)<0) {
4363 log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport);
4364 goto err;
4365 }
4366 if (!port) {
4367 log_info(LD_CONFIG,
4368 "Bridge address '%s' has no port; using default port 443.",
4369 addrport);
4370 port = 443;
4371 }
4372
4373 if (smartlist_len(items)) {
4374 fingerprint = smartlist_join_strings(items, "", 0, NULL);
4375 if (strlen(fingerprint) != HEX_DIGEST_LEN) {
4376 log_warn(LD_CONFIG, "Key digest for Bridge is wrong length.");
4377 goto err;
4378 }
4379 if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
4380 log_warn(LD_CONFIG, "Unable to decode Bridge key digest.");
4381 goto err;
4382 }
4383 }
4384
4385 if (!validate_only) {
4386 log_debug(LD_DIR, "Bridge at %s:%d (%s)", fmt_addr(&addr),
4387 (int)port,
4388 fingerprint ? fingerprint : "no key listed");
4389 bridge_add_from_config(&addr, port, fingerprint ? digest : NULL);
4390 }
4391
4392 r = 0;
4393 goto done;
4394
4395 err:
4396 r = -1;
4397
4398 done:
4399 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
4400 smartlist_free(items);
4401 tor_free(addrport);
4402 tor_free(fingerprint);
4403 return r;
4404 }
4405
4406 /** Read the contents of a DirServer line from <b>line</b>. If
4407 * <b>validate_only</b> is 0, and the line is well-formed, and it
4408 * shares any bits with <b>required_type</b> or <b>required_type</b>
4409 * is 0, then add the dirserver described in the line (minus whatever
4410 * bits it's missing) as a valid authority. Return 0 on success,
4411 * or -1 if the line isn't well-formed or if we can't add it. */
4412 static int
4413 parse_dir_server_line(const char *line, authority_type_t required_type,
4414 int validate_only)
4415 {
4416 smartlist_t *items = NULL;
4417 int r;
4418 char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL;
4419 uint16_t dir_port = 0, or_port = 0;
4420 char digest[DIGEST_LEN];
4421 char v3_digest[DIGEST_LEN];
4422 authority_type_t type = V2_AUTHORITY;
4423 int is_not_hidserv_authority = 0, is_not_v2_authority = 0;
4424
4425 items = smartlist_create();
4426 smartlist_split_string(items, line, NULL,
4427 SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
4428 if (smartlist_len(items) < 1) {
4429 log_warn(LD_CONFIG, "No arguments on DirServer line.");
4430 goto err;
4431 }
4432
4433 if (is_legal_nickname(smartlist_get(items, 0))) {
4434 nickname = smartlist_get(items, 0);
4435 smartlist_del_keeporder(items, 0);
4436 }
4437
4438 while (smartlist_len(items)) {
4439 char *flag = smartlist_get(items, 0);
4440 if (TOR_ISDIGIT(flag[0]))
4441 break;
4442 if (!strcasecmp(flag, "v1")) {
4443 type |= (V1_AUTHORITY | HIDSERV_AUTHORITY);
4444 } else if (!strcasecmp(flag, "hs")) {
4445 type |= HIDSERV_AUTHORITY;
4446 } else if (!strcasecmp(flag, "no-hs")) {
4447 is_not_hidserv_authority = 1;
4448 } else if (!strcasecmp(flag, "bridge")) {
4449 type |= BRIDGE_AUTHORITY;
4450 } else if (!strcasecmp(flag, "no-v2")) {
4451 is_not_v2_authority = 1;
4452 } else if (!strcasecmpstart(flag, "orport=")) {
4453 int ok;
4454 char *portstring = flag + strlen("orport=");
4455 or_port = (uint16_t) tor_parse_long(portstring, 10, 1, 65535, &ok, NULL);
4456 if (!ok)
4457 log_warn(LD_CONFIG, "Invalid orport '%s' on DirServer line.",
4458 portstring);
4459 } else if (!strcasecmpstart(flag, "v3ident=")) {
4460 char *idstr = flag + strlen("v3ident=");
4461 if (strlen(idstr) != HEX_DIGEST_LEN ||
4462 base16_decode(v3_digest, DIGEST_LEN, idstr, HEX_DIGEST_LEN)<0) {
4463 log_warn(LD_CONFIG, "Bad v3 identity digest '%s' on DirServer line",
4464 flag);
4465 } else {
4466 type |= V3_AUTHORITY;
4467 }
4468 } else {
4469 log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirServer line",
4470 flag);
4471 }
4472 tor_free(flag);
4473 smartlist_del_keeporder(items, 0);
4474 }
4475 if (is_not_hidserv_authority)
4476 type &= ~HIDSERV_AUTHORITY;
4477 if (is_not_v2_authority)
4478 type &= ~V2_AUTHORITY;
4479
4480 if (smartlist_len(items) < 2) {
4481 log_warn(LD_CONFIG, "Too few arguments to DirServer line.");
4482 goto err;
4483 }
4484 addrport = smartlist_get(items, 0);
4485 smartlist_del_keeporder(items, 0);
4486 if (parse_addr_port(LOG_WARN, addrport, &address, NULL, &dir_port)<0) {
4487 log_warn(LD_CONFIG, "Error parsing DirServer address '%s'", addrport);
4488 goto err;
4489 }
4490 if (!dir_port) {
4491 log_warn(LD_CONFIG, "Missing port in DirServer address '%s'",addrport);
4492 goto err;
4493 }
4494
4495 fingerprint = smartlist_join_strings(items, "", 0, NULL);
4496 if (strlen(fingerprint) != HEX_DIGEST_LEN) {
4497 log_warn(LD_CONFIG, "Key digest for DirServer is wrong length %d.",
4498 (int)strlen(fingerprint));
4499 goto err;
4500 }
4501 if (!strcmp(fingerprint, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) {
4502 /* a known bad fingerprint. refuse to use it. We can remove this
4503 * clause once Tor 0.1.2.17 is obsolete. */
4504 log_warn(LD_CONFIG, "Dangerous dirserver line. To correct, erase your "
4505 "torrc file (%s), or reinstall Tor and use the default torrc.",
4506 get_torrc_fname());
4507 goto err;
4508 }
4509 if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
4510 log_warn(LD_CONFIG, "Unable to decode DirServer key digest.");
4511 goto err;
4512 }
4513
4514 if (!validate_only && (!required_type || required_type & type)) {
4515 if (required_type)
4516 type &= required_type; /* pare down what we think of them as an
4517 * authority for. */
4518 log_debug(LD_DIR, "Trusted %d dirserver at %s:%d (%s)", (int)type,
4519 address, (int)dir_port, (char*)smartlist_get(items,0));
4520 if (!add_trusted_dir_server(nickname, address, dir_port, or_port,
4521 digest, v3_digest, type))
4522 goto err;
4523 }
4524
4525 r = 0;
4526 goto done;
4527
4528 err:
4529 r = -1;
4530
4531 done:
4532 SMARTLIST_FOREACH(items, char*, s, tor_free(s));
4533 smartlist_free(items);
4534 tor_free(addrport);
4535 tor_free(address);
4536 tor_free(nickname);
4537 tor_free(fingerprint);
4538 return r;
4539 }
4540
4541 /** Adjust the value of options->DataDirectory, or fill it in if it's
4542 * absent. Return 0 on success, -1 on failure. */
4543 static int
4544 normalize_data_directory(or_options_t *options)
4545 {
4546 #ifdef MS_WINDOWS
4547 char *p;
4548 if (options->DataDirectory)
4549 return 0; /* all set */
4550 p = tor_malloc(MAX_PATH);
4551 strlcpy(p,get_windows_conf_root(),MAX_PATH);
4552 options->DataDirectory = p;
4553 return 0;
4554 #else
4555 const char *d = options->DataDirectory;
4556 if (!d)
4557 d = "~/.tor";
4558
4559 if (strncmp(d,"~/",2) == 0) {
4560 char *fn = expand_filename(d);
4561 if (!fn) {
4562 log_warn(LD_CONFIG,"Failed to expand filename \"%s\".", d);
4563 return -1;
4564 }
4565 if (!options->DataDirectory && !strcmp(fn,"/.tor")) {
4566 /* If our homedir is /, we probably don't want to use it. */
4567 /* Default to LOCALSTATEDIR/tor which is probably closer to what we
4568 * want. */
4569 log_warn(LD_CONFIG,
4570 "Default DataDirectory is \"~/.tor\". This expands to "
4571 "\"%s\", which is probably not what you want. Using "
4572 "\"%s"PATH_SEPARATOR"tor\" instead", fn, LOCALSTATEDIR);
4573 tor_free(fn);
4574 fn = tor_strdup(LOCALSTATEDIR PATH_SEPARATOR "tor");
4575 }
4576 tor_free(options->DataDirectory);
4577 options->DataDirectory = fn;
4578 }
4579 return 0;
4580 #endif
4581 }
4582
4583 /** Check and normalize the value of options->DataDirectory; return 0 if it
4584 * sane, -1 otherwise. */
4585 static int
4586 validate_data_directory(or_options_t *options)
4587 {
4588 if (normalize_data_directory(options) < 0)
4589 return -1;
4590 tor_assert(options->DataDirectory);
4591 if (strlen(options->DataDirectory) > (512-128)) {
4592 log_warn(LD_CONFIG, "DataDirectory is too long.");
4593 return -1;
4594 }
4595 return 0;
4596 }
4597
4598 /** This string must remain the same forevermore. It is how we
4599 * recognize that the torrc file doesn't need to be backed up. */
4600 #define GENERATED_FILE_PREFIX "# This file was generated by Tor; " \
4601 "if you edit it, comments will not be preserved"
4602 /** This string can change; it tries to give the reader an idea
4603 * that editing this file by hand is not a good plan. */
4604 #define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
4605 "to torrc.orig.1 or similar, and Tor will ignore it"
4606
4607 /** Save a configuration file for the configuration in <b>options</b>
4608 * into the file <b>fname</b>. If the file already exists, and
4609 * doesn't begin with GENERATED_FILE_PREFIX, rename it. Otherwise
4610 * replace it. Return 0 on success, -1 on failure. */
4611 static int
4612 write_configuration_file(const char *fname, or_options_t *options)
4613 {
4614 char *old_val=NULL, *new_val=NULL, *new_conf=NULL;
4615 int rename_old = 0, r;
4616 size_t len;
4617
4618 tor_assert(fname);
4619
4620 switch (file_status(fname)) {
4621 case FN_FILE:
4622 old_val = read_file_to_str(fname, 0, NULL);
4623 if (strcmpstart(old_val, GENERATED_FILE_PREFIX)) {
4624 rename_old = 1;
4625 }
4626 tor_free(old_val);
4627 break;
4628 case FN_NOENT:
4629 break;
4630 case FN_ERROR:
4631 case FN_DIR:
4632 default:
4633 log_warn(LD_CONFIG,
4634 "Config file \"%s\" is not a file? Failing.", fname);
4635 return -1;
4636 }
4637
4638 if (!(new_conf = options_dump(options, 1))) {
4639 log_warn(LD_BUG, "Couldn't get configuration string");
4640 goto err;
4641 }
4642
4643 len = strlen(new_conf)+256;
4644 new_val = tor_malloc(len);
4645 tor_snprintf(new_val, len, "%s\n%s\n\n%s",
4646 GENERATED_FILE_PREFIX, GENERATED_FILE_COMMENT, new_conf);
4647
4648 if (rename_old) {
4649 int i = 1;
4650 size_t fn_tmp_len = strlen(fname)+32;
4651 char *fn_tmp;
4652 tor_assert(fn_tmp_len > strlen(fname)); /*check for overflow*/
4653 fn_tmp = tor_malloc(fn_tmp_len);
4654 while (1) {
4655 if (tor_snprintf(fn_tmp, fn_tmp_len, "%s.orig.%d", fname, i)<0) {
4656 log_warn(LD_BUG, "tor_snprintf failed inexplicably");
4657 tor_free(fn_tmp);
4658 goto err;
4659 }
4660 if (file_status(fn_tmp) == FN_NOENT)
4661 break;
4662 ++i;
4663 }
4664 log_notice(LD_CONFIG, "Renaming old configuration file to \"%s\"", fn_tmp);
4665 if (rename(fname, fn_tmp) < 0) {
4666 log_warn(LD_FS,
4667 "Couldn't rename configuration file \"%s\" to \"%s\": %s",
4668 fname, fn_tmp, strerror(errno));
4669 tor_free(fn_tmp);
4670 goto err;
4671 }
4672 tor_free(fn_tmp);
4673 }
4674
4675 if (write_str_to_file(fname, new_val, 0) < 0)
4676 goto err;
4677
4678 r = 0;
4679 goto done;
4680 err:
4681 r = -1;
4682 done:
4683 tor_free(new_val);
4684 tor_free(new_conf);
4685 return r;
4686 }
4687
4688 /**
4689 * Save the current configuration file value to disk. Return 0 on
4690 * success, -1 on failure.
4691 **/
4692 int
4693 options_save_current(void)
4694 {
4695 if (torrc_fname) {
4696 /* This fails if we can't write to our configuration file.
4697 *
4698 * If we try falling back to datadirectory or something, we have a better
4699 * chance of saving the configuration, but a better chance of doing
4700 * something the user never expected. Let's just warn instead. */
4701 return write_configuration_file(torrc_fname, get_options());
4702 }
4703 return write_configuration_file(get_default_conf_file(), get_options());
4704 }
4705
4706 /** Mapping from a unit name to a multiplier for converting that unit into a
4707 * base unit. */
4708 struct unit_table_t {
4709 const char *unit;
4710 uint64_t multiplier;
4711 };
4712
4713 /** Table to map the names of memory units to the number of bytes they
4714 * contain. */
4715 static struct unit_table_t memory_units[] = {
4716 { "", 1 },
4717 { "b", 1<< 0 },
4718 { "byte", 1<< 0 },
4719 { "bytes", 1<< 0 },
4720 { "kb", 1<<10 },
4721 { "kbyte", 1<<10 },
4722 { "kbytes", 1<<10 },
4723 { "kilobyte", 1<<10 },
4724 { "kilobytes", 1<<10 },
4725 { "m", 1<<20 },
4726 { "mb", 1<<20 },
4727 { "mbyte", 1<<20 },
4728 { "mbytes", 1<<20 },
4729 { "megabyte", 1<<20 },
4730 { "megabytes", 1<<20 },
4731 { "gb", 1<<30 },
4732 { "gbyte", 1<<30 },
4733 { "gbytes", 1<<30 },
4734 { "gigabyte", 1<<30 },
4735 { "gigabytes", 1<<30 },
4736 { "tb", U64_LITERAL(1)<<40 },
4737 { "terabyte", U64_LITERAL(1)<<40 },
4738 { "terabytes", U64_LITERAL(1)<<40 },
4739 { NULL, 0 },
4740 };
4741
4742 /** Table to map the names of time units to the number of seconds they
4743 * contain. */
4744 static struct unit_table_t time_units[] = {
4745 { "", 1 },
4746 { "second", 1 },
4747 { "seconds", 1 },
4748 { "minute", 60 },
4749 { "minutes", 60 },
4750 { "hour", 60*60 },
4751 { "hours", 60*60 },
4752 { "day", 24*60*60 },
4753 { "days", 24*60*60 },
4754 { "week", 7*24*60*60 },
4755 { "weeks", 7*24*60*60 },
4756 { NULL, 0 },
4757 };
4758
4759 /** Parse a string <b>val</b> containing a number, zero or more
4760 * spaces, and an optional unit string. If the unit appears in the
4761 * table <b>u</b>, then multiply the number by the unit multiplier.
4762 * On success, set *<b>ok</b> to 1 and return this product.
4763 * Otherwise, set *<b>ok</b> to 0.
4764 */
4765 static uint64_t
4766 config_parse_units(const char *val, struct unit_table_t *u, int *ok)
4767 {
4768 uint64_t v;
4769 char *cp;
4770
4771 tor_assert(ok);
4772
4773 v = tor_parse_uint64(val, 10, 0, UINT64_MAX, ok, &cp);
4774 if (!*ok)
4775 return 0;
4776 if (!cp) {
4777 *ok = 1;
4778 return v;
4779 }
4780 while (TOR_ISSPACE(*cp))
4781 ++cp;
4782 for ( ;u->unit;++u) {
4783 if (!strcasecmp(u->unit, cp)) {
4784 v *= u->multiplier;
4785 *ok = 1;
4786 return v;
4787 }
4788 }
4789 log_warn(LD_CONFIG, "Unknown unit '%s'.", cp);
4790 *ok = 0;
4791 return 0;
4792 }
4793
4794 /** Parse a string in the format "number unit", where unit is a unit of
4795 * information (byte, KB, M, etc). On success, set *<b>ok</b> to true
4796 * and return the number of bytes specified. Otherwise, set
4797 * *<b>ok</b> to false and return 0. */
4798 static uint64_t
4799 config_parse_memunit(const char *s, int *ok)
4800 {
4801 return config_parse_units(s, memory_units, ok);
4802 }
4803
4804 /** Parse a string in the format "number unit", where unit is a unit of time.
4805 * On success, set *<b>ok</b> to true and return the number of seconds in
4806 * the provided interval. Otherwise, set *<b>ok</b> to 0 and return -1.
4807 */
4808 static int
4809 config_parse_interval(const char *s, int *ok)
4810 {
4811 uint64_t r;
4812 r = config_parse_units(s, time_units, ok);
4813 if (!ok)
4814 return -1;
4815 if (r > INT_MAX) {
4816 log_warn(LD_CONFIG, "Interval '%s' is too long", s);
4817 *ok = 0;
4818 return -1;
4819 }
4820 return (int)r;
4821 }
4822
4823 /* This is what passes for version detection on OSX. We set
4824 * MACOSX_KQUEUE_IS_BROKEN to true iff we're on a version of OSX before
4825 * 10.4.0 (aka 1040). */
4826 #ifdef __APPLE__
4827 #ifdef __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__
4828 #define MACOSX_KQUEUE_IS_BROKEN \
4829 (__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 1040)
4830 #else
4831 #define MACOSX_KQUEUE_IS_BROKEN 0
4832 #endif
4833 #endif
4834
4835 /**
4836 * Initialize the libevent library.
4837 */
4838 static void
4839 init_libevent(void)
4840 {
4841 configure_libevent_logging();
4842 /* If the kernel complains that some method (say, epoll) doesn't
4843 * exist, we don't care about it, since libevent will cope.
4844 */
4845 suppress_libevent_log_msg("Function not implemented");
4846 #ifdef __APPLE__
4847 if (MACOSX_KQUEUE_IS_BROKEN ||
4848 decode_libevent_version(event_get_version(), NULL) < LE_11B) {
4849 setenv("EVENT_NOKQUEUE","1",1);
4850 }
4851 #endif
4852
4853 /* In libevent versions before 2.0, it's hard to keep binary compatibility
4854 * between upgrades, and unpleasant to detect when the version we compiled
4855 * against is unlike the version we have linked against. Here's how. */
4856 #if defined(_EVENT_VERSION) && defined(HAVE_EVENT_GET_VERSION)
4857 /* We have a header-file version and a function-call version. Easy. */
4858 if (strcmp(_EVENT_VERSION, event_get_version())) {
4859 int compat1 = -1, compat2 = -1;
4860 int verybad, prettybad ;
4861 decode_libevent_version(_EVENT_VERSION, &compat1);
4862 decode_libevent_version(event_get_version(), &compat2);
4863 verybad = compat1 != compat2;
4864 prettybad = (compat1 == -1 || compat2 == -1) && compat1 != compat2;
4865
4866 log(verybad ? LOG_WARN : (prettybad ? LOG_NOTICE : LOG_INFO),
4867 LD_GENERAL, "We were compiled with headers from version %s "
4868 "of Libevent, but we're using a Libevent library that says it's "
4869 "version %s.", _EVENT_VERSION, event_get_version());
4870 if (verybad)
4871 log_warn(LD_GENERAL, "This will almost certainly make Tor crash.");
4872 else if (prettybad)
4873 log_notice(LD_GENERAL, "If Tor crashes, this might be why.");
4874 else
4875 log_info(LD_GENERAL, "I think these versions are binary-compatible.");
4876 }
4877 #elif defined(HAVE_EVENT_GET_VERSION)
4878 /* event_get_version but no _EVENT_VERSION. We might be in 1.4.0-beta or
4879 earlier, where that's normal. To see whether we were compiled with an
4880 earlier version, let's see whether the struct event defines MIN_HEAP_IDX.
4881 */
4882 #ifdef HAVE_STRUCT_EVENT_MIN_HEAP_IDX
4883 /* The header files are 1.4.0-beta or later. If the version is not
4884 * 1.4.0-beta, we are incompatible. */
4885 {
4886 if (strcmp(event_get_version(), "1.4.0-beta")) {
4887 log_warn(LD_GENERAL, "It's a little hard to tell, but you seem to have "
4888 "Libevent 1.4.0-beta header files, whereas you have linked "
4889 "against Libevent %s. This will probably make Tor crash.",
4890 event_get_version());
4891 }
4892 }
4893 #else
4894 /* Our headers are 1.3e or earlier. If the library version is not 1.4.x or
4895 later, we're probably fine. */
4896 {
4897 const char *v = event_get_version();
4898 if ((v[0] == '1' && v[2] == '.' && v[3] > '3') || v[0] > '1') {
4899 log_warn(LD_GENERAL, "It's a little hard to tell, but you seem to have "
4900 "Libevent header file from 1.3e or earlier, whereas you have "
4901 "linked against Libevent %s. This will probably make Tor "
4902 "crash.", event_get_version());
4903 }
4904 }
4905 #endif
4906
4907 #elif defined(_EVENT_VERSION)
4908 #warn "_EVENT_VERSION is defined but not get_event_version(): Libevent is odd."
4909 #else
4910 /* Your libevent is ancient. */
4911 #endif
4912
4913 event_init();
4914 suppress_libevent_log_msg(NULL);
4915 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
4916 /* Making this a NOTICE for now so we can link bugs to a libevent versions
4917 * or methods better. */
4918 log(LOG_NOTICE, LD_GENERAL,
4919 "Initialized libevent version %s using method %s. Good.",
4920 event_get_version(), event_get_method());
4921 check_libevent_version(event_get_method(), get_options()->ORPort != 0);
4922 #else
4923 log(LOG_NOTICE, LD_GENERAL,
4924 "Initialized old libevent (version 1.0b or earlier).");
4925 log(LOG_WARN, LD_GENERAL,
4926 "You have a *VERY* old version of libevent. It is likely to be buggy; "
4927 "please build Tor with a more recent version.");
4928 #endif
4929 }
4930
4931 /** Table mapping return value of event_get_version() to le_version_t. */
4932 static const struct {
4933 const char *name; le_version_t version; int bincompat;
4934 } le_version_table[] = {
4935 /* earlier versions don't have get_version. */
4936 { "1.0c", LE_10C, 1},
4937 { "1.0d", LE_10D, 1},
4938 { "1.0e", LE_10E, 1},
4939 { "1.1", LE_11, 1 },
4940 { "1.1a", LE_11A, 1 },
4941 { "1.1b", LE_11B, 1 },
4942 { "1.2", LE_12, 1 },
4943 { "1.2a", LE_12A, 1 },
4944 { "1.3", LE_13, 1 },
4945 { "1.3a", LE_13A, 1 },
4946 { "1.3b", LE_13B, 1 },
4947 { "1.3c", LE_13C, 1 },
4948 { "1.3d", LE_13D, 1 },
4949 { "1.3e", LE_13E, 1 },
4950 { "1.4.0-beta", LE_140, 2 },
4951 { "1.4.1-beta", LE_141, 2 },
4952 { "1.4.2-rc", LE_142, 2 },
4953 { "1.4.3-stable", LE_143, 2 },
4954 { "1.4.4-stable", LE_144, 2 },
4955 { "1.4.5-stable", LE_145, 2 },
4956 { "1.4.6-stable", LE_146, 2 },
4957 { "1.4.7-stable", LE_147, 2 },
4958 { "1.4.8-stable", LE_148, 2 },
4959 { "1.4.99-trunk", LE_1499, 3 },
4960 { NULL, LE_OTHER, 0 }
4961 };
4962
4963 /** Return the le_version_t for the current version of libevent. If the
4964 * version is very new, return LE_OTHER. If the version is so old that it
4965 * doesn't support event_get_version(), return LE_OLD. */
4966 static le_version_t
4967 decode_libevent_version(const char *v, int *bincompat_out)
4968 {
4969 int i;
4970 for (i=0; le_version_table[i].name; ++i) {
4971 if (!strcmp(le_version_table[i].name, v)) {
4972 if (bincompat_out)
4973 *bincompat_out = le_version_table[i].bincompat;
4974 return le_version_table[i].version;
4975 }
4976 }
4977 if (v[0] != '1' && bincompat_out)
4978 *bincompat_out = 100;
4979 else if (!strcmpstart(v, "1.4") && bincompat_out)
4980 *bincompat_out = 2;
4981 return LE_OTHER;
4982 }
4983
4984 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
4985 /**
4986 * Compare the given libevent method and version to a list of versions
4987 * which are known not to work. Warn the user as appropriate.
4988 */
4989 static void
4990 check_libevent_version(const char *m, int server)
4991 {
4992 int buggy = 0, iffy = 0, slow = 0, thread_unsafe = 0;
4993 le_version_t version;
4994 const char *v = event_get_version();
4995 const char *badness = NULL;
4996 const char *sad_os = "";
4997
4998 version = decode_libevent_version(v, NULL);
4999
5000 /* XXX Would it be worthwhile disabling the methods that we know
5001 * are buggy, rather than just warning about them and then proceeding
5002 * to use them? If so, we should probably not wrap this whole thing
5003 * in HAVE_EVENT_GET_VERSION and HAVE_EVENT_GET_METHOD. -RD */
5004 /* XXXX The problem is that it's not trivial to get libevent to change it's
5005 * method once it's initialized, and it's not trivial to tell what method it
5006 * will use without initializing it. I guess we could preemptively disable
5007 * buggy libevent modes based on the version _before_ initializing it,
5008 * though, but then there's no good way (afaict) to warn "I would have used
5009 * kqueue, but instead I'm using select." -NM */
5010 if (!strcmp(m, "kqueue")) {
5011 if (version < LE_11B)
5012 buggy = 1;
5013 } else if (!strcmp(m, "epoll")) {
5014 if (version < LE_11)
5015 iffy = 1;
5016 } else if (!strcmp(m, "poll")) {
5017 if (version < LE_10E)
5018 buggy = 1;
5019 else if (version < LE_11)
5020 slow = 1;
5021 } else if (!strcmp(m, "select")) {
5022 if (version < LE_11)
5023 slow = 1;
5024 } else if (!strcmp(m, "win32")) {
5025 if (version < LE_11B)
5026 buggy = 1;
5027 }
5028
5029 /* Libevent versions before 1.3b do very badly on operating systems with
5030 * user-space threading implementations. */
5031 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__)
5032 if (server && version < LE_13B) {
5033 thread_unsafe = 1;
5034 sad_os = "BSD variants";
5035 }
5036 #elif defined(__APPLE__) || defined(__darwin__)
5037 if (server && version < LE_13B) {
5038 thread_unsafe = 1;
5039 sad_os = "Mac OS X";
5040 }
5041 #endif
5042
5043 if (thread_unsafe) {
5044 log(LOG_WARN, LD_GENERAL,
5045 "Libevent version %s often crashes when running a Tor server with %s. "
5046 "Please use the latest version of libevent (1.3b or later)",v,sad_os);
5047 badness = "BROKEN";
5048 } else if (buggy) {
5049 log(LOG_WARN, LD_GENERAL,
5050 "There are serious bugs in using %s with libevent %s. "
5051 "Please use the latest version of libevent.", m, v);
5052 badness = "BROKEN";
5053 } else if (iffy) {
5054 log(LOG_WARN, LD_GENERAL,
5055 "There are minor bugs in using %s with libevent %s. "
5056 "You may want to use the latest version of libevent.", m, v);
5057 badness = "BUGGY";
5058 } else if (slow && server) {
5059 log(LOG_WARN, LD_GENERAL,
5060 "libevent %s can be very slow with %s. "
5061 "When running a server, please use the latest version of libevent.",
5062 v,m);
5063 badness = "SLOW";
5064 }
5065 if (badness) {
5066 control_event_general_status(LOG_WARN,
5067 "BAD_LIBEVENT VERSION=%s METHOD=%s BADNESS=%s RECOVERED=NO",
5068 v, m, badness);
5069 }
5070
5071 }
5072 #endif
5073
5074 /** Return the persistent state struct for this Tor. */
5075 or_state_t *
5076 get_or_state(void)
5077 {
5078 tor_assert(global_state);
5079 return global_state;
5080 }
5081
5082 /** Return a newly allocated string holding a filename relative to the data
5083 * directory. If <b>sub1</b> is present, it is the first path component after
5084 * the data directory. If <b>sub2</b> is also present, it is the second path
5085 * component after the data directory. If <b>suffix</b> is present, it
5086 * is appended to the filename.
5087 *
5088 * Examples:
5089 * get_datadir_fname2_suffix("a", NULL, NULL) -> $DATADIR/a
5090 * get_datadir_fname2_suffix("a", NULL, ".tmp") -> $DATADIR/a.tmp
5091 * get_datadir_fname2_suffix("a", "b", ".tmp") -> $DATADIR/a/b/.tmp
5092 * get_datadir_fname2_suffix("a", "b", NULL) -> $DATADIR/a/b
5093 *
5094 * Note: Consider using the get_datadir_fname* macros in or.h.
5095 */
5096 char *
5097 options_get_datadir_fname2_suffix(or_options_t *options,
5098 const char *sub1, const char *sub2,
5099 const char *suffix)
5100 {
5101 char *fname = NULL;
5102 size_t len;
5103 tor_assert(options);
5104 tor_assert(options->DataDirectory);
5105 tor_assert(sub1 || !sub2); /* If sub2 is present, sub1 must be present. */
5106 len = strlen(options->DataDirectory);
5107 if (sub1) {
5108 len += strlen(sub1)+1;
5109 if (sub2)
5110 len += strlen(sub2)+1;
5111 }
5112 if (suffix)
5113 len += strlen(suffix);
5114 len++;
5115 fname = tor_malloc(len);
5116 if (sub1) {
5117 if (sub2) {
5118 tor_snprintf(fname, len, "%s"PATH_SEPARATOR"%s"PATH_SEPARATOR"%s",
5119 options->DataDirectory, sub1, sub2);
5120 } else {
5121 tor_snprintf(fname, len, "%s"PATH_SEPARATOR"%s",
5122 options->DataDirectory, sub1);
5123 }
5124 } else {
5125 strlcpy(fname, options->DataDirectory, len);
5126 }
5127 if (suffix)
5128 strlcat(fname, suffix, len);
5129 return fname;
5130 }
5131
5132 /** Return 0 if every setting in <b>state</b> is reasonable, and a
5133 * permissible transition from <b>old_state</b>. Else warn and return -1.
5134 * Should have no side effects, except for normalizing the contents of
5135 * <b>state</b>.
5136 */
5137 /* XXX from_setconf is here because of bug 238 */
5138 static int
5139 or_state_validate(or_state_t *old_state, or_state_t *state,
5140 int from_setconf, char **msg)
5141 {
5142 /* We don't use these; only options do. Still, we need to match that
5143 * signature. */
5144 (void) from_setconf;
5145 (void) old_state;
5146
5147 if (entry_guards_parse_state(state, 0, msg)<0)
5148 return -1;
5149
5150 return 0;
5151 }
5152
5153 /** Replace the current persistent state with <b>new_state</b> */
5154 static void
5155 or_state_set(or_state_t *new_state)
5156 {
5157 char *err = NULL;
5158 tor_assert(new_state);
5159 if (global_state)
5160 config_free(&state_format, global_state);
5161 global_state = new_state;
5162 if (entry_guards_parse_state(global_state, 1, &err)<0) {
5163 log_warn(LD_GENERAL,"%s",err);
5164 tor_free(err);
5165 }
5166 if (rep_hist_load_state(global_state, &err)<0) {
5167 log_warn(LD_GENERAL,"Unparseable bandwidth history state: %s",err);
5168 tor_free(err);
5169 }
5170 }
5171
5172 /** Reload the persistent state from disk, generating a new state as needed.
5173 * Return 0 on success, less than 0 on failure.
5174 */
5175 static int
5176 or_state_load(void)
5177 {
5178 or_state_t *new_state = NULL;
5179 char *contents = NULL, *fname;
5180 char *errmsg = NULL;
5181 int r = -1, badstate = 0;
5182
5183 fname = get_datadir_fname("state");
5184 switch (file_status(fname)) {
5185 case FN_FILE:
5186 if (!(contents = read_file_to_str(fname, 0, NULL))) {
5187 log_warn(LD_FS, "Unable to read state file \"%s\"", fname);
5188 goto done;
5189 }
5190 break;
5191 case FN_NOENT:
5192 break;
5193 case FN_ERROR:
5194 case FN_DIR:
5195 default:
5196 log_warn(LD_GENERAL,"State file \"%s\" is not a file? Failing.", fname);
5197 goto done;
5198 }
5199 new_state = tor_malloc_zero(sizeof(or_state_t));
5200 new_state->_magic = OR_STATE_MAGIC;
5201 config_init(&state_format, new_state);
5202 if (contents) {
5203 config_line_t *lines=NULL;
5204 int assign_retval;
5205 if (config_get_lines(contents, &lines)<0)
5206 goto done;
5207 assign_retval = config_assign(&state_format, new_state,
5208 lines, 0, 0, &errmsg);
5209 config_free_lines(lines);
5210 if (assign_retval<0)
5211 badstate = 1;
5212 if (errmsg) {
5213 log_warn(LD_GENERAL, "%s", errmsg);
5214 tor_free(errmsg);
5215 }
5216 }
5217
5218 if (!badstate && or_state_validate(NULL, new_state, 1, &errmsg) < 0)
5219 badstate = 1;
5220
5221 if (errmsg) {
5222 log_warn(LD_GENERAL, "%s", errmsg);
5223 tor_free(errmsg);
5224 }
5225
5226 if (badstate && !contents) {
5227 log_warn(LD_BUG, "Uh oh. We couldn't even validate our own default state."
5228 " This is a bug in Tor.");
5229 goto done;
5230 } else if (badstate && contents) {
5231 int i;
5232 file_status_t status;
5233 size_t len = strlen(fname)+16;
5234 char *fname2 = tor_malloc(len);
5235 for (i = 0; i < 100; ++i) {
5236 tor_snprintf(fname2, len, "%s.%d", fname, i);
5237 status = file_status(fname2);
5238 if (status == FN_NOENT)
5239 break;
5240 }
5241 if (i == 100) {
5242 log_warn(LD_BUG, "Unable to parse state in \"%s\"; too many saved bad "
5243 "state files to move aside. Discarding the old state file.",
5244 fname);
5245 unlink(fname);
5246 } else {
5247 log_warn(LD_BUG, "Unable to parse state in \"%s\". Moving it aside "
5248 "to \"%s\". This could be a bug in Tor; please tell "
5249 "the developers.", fname, fname2);
5250 if (rename(fname, fname2) < 0) {
5251 log_warn(LD_BUG, "Weirdly, I couldn't even move the state aside. The "
5252 "OS gave an error of %s", strerror(errno));
5253 }
5254 }
5255 tor_free(fname2);
5256 tor_free(contents);
5257 config_free(&state_format, new_state);
5258
5259 new_state = tor_malloc_zero(sizeof(or_state_t));
5260 new_state->_magic = OR_STATE_MAGIC;
5261 config_init(&state_format, new_state);
5262 } else if (contents) {
5263 log_info(LD_GENERAL, "Loaded state from \"%s\"", fname);
5264 } else {
5265 log_info(LD_GENERAL, "Initialized state");
5266 }
5267 or_state_set(new_state);
5268 new_state = NULL;
5269 if (!contents) {
5270 global_state->next_write = 0;
5271 or_state_save(time(NULL));
5272 }
5273 r = 0;
5274
5275 done:
5276 tor_free(fname);
5277 tor_free(contents);
5278 if (new_state)
5279 config_free(&state_format, new_state);
5280
5281 return r;
5282 }
5283
5284 /** Write the persistent state to disk. Return 0 for success, <0 on failure. */
5285 int
5286 or_state_save(time_t now)
5287 {
5288 char *state, *contents;
5289 char tbuf[ISO_TIME_LEN+1];
5290 size_t len;
5291 char *fname;
5292
5293 tor_assert(global_state);
5294
5295 if (global_state->next_write > now)
5296 return 0;
5297
5298 /* Call everything else that might dirty the state even more, in order
5299 * to avoid redundant writes. */
5300 entry_guards_update_state(global_state);
5301 rep_hist_update_state(global_state);
5302 if (accounting_is_enabled(get_options()))
5303 accounting_run_housekeeping(now);
5304
5305 global_state->LastWritten = time(NULL);
5306 tor_free(global_state->TorVersion);
5307 len = strlen(get_version())+8;
5308 global_state->TorVersion = tor_malloc(len);
5309 tor_snprintf(global_state->TorVersion, len, "Tor %s", get_version());
5310
5311 state = config_dump(&state_format, global_state, 1, 0);
5312 len = strlen(state)+256;
5313 contents = tor_malloc(len);
5314 format_local_iso_time(tbuf, time(NULL));
5315 tor_snprintf(contents, len,
5316 "# Tor state file last generated on %s local time\n"
5317 "# Other times below are in GMT\n"
5318 "# You *do not* need to edit this file.\n\n%s",
5319 tbuf, state);
5320 tor_free(state);
5321 fname = get_datadir_fname("state");
5322 if (write_str_to_file(fname, contents, 0)<0) {
5323 log_warn(LD_FS, "Unable to write state to file \"%s\"", fname);
5324 tor_free(fname);
5325 tor_free(contents);
5326 return -1;
5327 }
5328 log_info(LD_GENERAL, "Saved state to \"%s\"", fname);
5329 tor_free(fname);
5330 tor_free(contents);
5331
5332 global_state->next_write = TIME_MAX;
5333 return 0;
5334 }
5335
5336 /** Given a file name check to see whether the file exists but has not been
5337 * modified for a very long time. If so, remove it. */
5338 void
5339 remove_file_if_very_old(const char *fname, time_t now)
5340 {
5341 #define VERY_OLD_FILE_AGE (28*24*60*60)
5342 struct stat st;
5343
5344 if (stat(fname, &st)==0 && st.st_mtime < now-VERY_OLD_FILE_AGE) {
5345 char buf[ISO_TIME_LEN+1];
5346 format_local_iso_time(buf, st.st_mtime);
5347 log_notice(LD_GENERAL, "Obsolete file %s hasn't been modified since %s. "
5348 "Removing it.", fname, buf);
5349 unlink(fname);
5350 }
5351 }
5352
5353 /** Helper to implement GETINFO functions about configuration variables (not
5354 * their values). Given a "config/names" question, set *<b>answer</b> to a
5355 * new string describing the supported configuration variables and their
5356 * types. */
5357 int
5358 getinfo_helper_config(control_connection_t *conn,
5359 const char *question, char **answer)
5360 {
5361 (void) conn;
5362 if (!strcmp(question, "config/names")) {
5363 smartlist_t *sl = smartlist_create();
5364 int i;
5365 for (i = 0; _option_vars[i].name; ++i) {
5366 config_var_t *var = &_option_vars[i];
5367 const char *type, *desc;
5368 char *line;
5369 size_t len;
5370 desc = config_find_description(&options_format, var->name);
5371 switch (var->type) {
5372 case CONFIG_TYPE_STRING: type = "String"; break;
5373 case CONFIG_TYPE_FILENAME: type = "Filename"; break;
5374 case CONFIG_TYPE_UINT: type = "Integer"; break;
5375 case CONFIG_TYPE_INTERVAL: type = "TimeInterval"; break;
5376 case CONFIG_TYPE_MEMUNIT: type = "DataSize"; break;
5377 case CONFIG_TYPE_DOUBLE: type = "Float"; break;
5378 case CONFIG_TYPE_BOOL: type = "Boolean"; break;
5379 case CONFIG_TYPE_ISOTIME: type = "Time"; break;
5380 case CONFIG_TYPE_ROUTERSET: type = "RouterList"; break;
5381 case CONFIG_TYPE_CSV: type = "CommaList"; break;
5382 case CONFIG_TYPE_LINELIST: type = "LineList"; break;
5383 case CONFIG_TYPE_LINELIST_S: type = "Dependant"; break;
5384 case CONFIG_TYPE_LINELIST_V: type = "Virtual"; break;
5385 default:
5386 case CONFIG_TYPE_OBSOLETE:
5387 type = NULL; break;
5388 }
5389 if (!type)
5390 continue;
5391 len = strlen(var->name)+strlen(type)+16;
5392 if (desc)
5393 len += strlen(desc);
5394 line = tor_malloc(len);
5395 if (desc)
5396 tor_snprintf(line, len, "%s %s %s\n",var->name,type,desc);
5397 else
5398 tor_snprintf(line, len, "%s %s\n",var->name,type);
5399 smartlist_add(sl, line);
5400 }
5401 *answer = smartlist_join_strings(sl, "", 0, NULL);
5402 SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
5403 smartlist_free(sl);
5404 }
5405 return 0;
5406 }
5407