Tor  0.4.7.0-alpha-dev
config.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file config.c
9  * \brief Code to interpret the user's configuration of Tor.
10  *
11  * This module handles torrc configuration file, including parsing it,
12  * combining it with torrc.defaults and the command line, allowing
13  * user changes to it (via editing and SIGHUP or via the control port),
14  * writing it back to disk (because of SAVECONF from the control port),
15  * and -- most importantly, acting on it.
16  *
17  * The module additionally has some tools for manipulating and
18  * inspecting values that are calculated as a result of the
19  * configured options.
20  *
21  * <h3>How to add new options</h3>
22  *
23  * To add new items to the torrc, there are a minimum of three places to edit:
24  * <ul>
25  * <li>The or_options_t structure in or_options_st.h, where the options are
26  * stored.
27  * <li>The option_vars_ array below in this module, which configures
28  * the names of the torrc options, their types, their multiplicities,
29  * and their mappings to fields in or_options_t.
30  * <li>The manual in doc/man/tor.1.txt, to document what the new option
31  * is, and how it works.
32  * </ul>
33  *
34  * Additionally, you might need to edit these places too:
35  * <ul>
36  * <li>options_validate_cb() below, in case you want to reject some possible
37  * values of the new configuration option.
38  * <li>options_transition_allowed() below, in case you need to
39  * forbid some or all changes in the option while Tor is
40  * running.
41  * <li>options_transition_affects_workers(), in case changes in the option
42  * might require Tor to relaunch or reconfigure its worker threads.
43  * (This function is now in the relay module.)
44  * <li>options_transition_affects_descriptor(), in case changes in the
45  * option might require a Tor relay to build and publish a new server
46  * descriptor.
47  * (This function is now in the relay module.)
48  * <li>options_act() and/or options_act_reversible(), in case there's some
49  * action that needs to be taken immediately based on the option's
50  * value.
51  * </ul>
52  *
53  * <h3>Changing the value of an option</h3>
54  *
55  * Because of the SAVECONF command from the control port, it's a bad
56  * idea to change the value of any user-configured option in the
57  * or_options_t. If you want to sometimes do this anyway, we recommend
58  * that you create a secondary field in or_options_t; that you have the
59  * user option linked only to the secondary field; that you use the
60  * secondary field to initialize the one that Tor actually looks at; and that
61  * you use the one Tor looks as the one that you modify.
62  **/
63 
64 #define CONFIG_PRIVATE
65 #include "core/or/or.h"
66 #include "app/config/config.h"
67 #include "lib/confmgt/confmgt.h"
68 #include "app/config/statefile.h"
69 #include "app/main/main.h"
70 #include "app/main/subsysmgr.h"
72 #include "core/mainloop/mainloop.h"
74 #include "core/or/channel.h"
75 #include "core/or/circuitlist.h"
76 #include "core/or/circuitmux.h"
78 #include "core/or/circuitstats.h"
80 #include "core/or/dos.h"
81 #include "core/or/policies.h"
82 #include "core/or/relay.h"
83 #include "core/or/scheduler.h"
85 #include "feature/client/bridges.h"
93 #include "feature/hs/hs_config.h"
101 #include "feature/relay/dns.h"
106 #include "lib/geoip/geoip.h"
108 #include "lib/compress/compress.h"
109 #include "lib/confmgt/structvar.h"
113 #include "lib/encoding/confline.h"
114 #include "lib/net/resolve.h"
115 #include "lib/sandbox/sandbox.h"
116 #include "lib/version/torversion.h"
117 
118 #ifdef ENABLE_NSS
120 #else
122 #endif
123 
124 #ifdef _WIN32
125 #include <shlobj.h>
126 #endif
127 #ifdef HAVE_FCNTL_H
128 #include <fcntl.h>
129 #endif
130 #ifdef HAVE_SYS_STAT_H
131 #include <sys/stat.h>
132 #endif
133 #ifdef HAVE_SYS_PARAM_H
134 #include <sys/param.h>
135 #endif
136 #ifdef HAVE_UNISTD_H
137 #include <unistd.h>
138 #endif
139 
140 #include "lib/meminfo/meminfo.h"
141 #include "lib/osinfo/uname.h"
142 #include "lib/osinfo/libc.h"
143 #include "lib/process/daemon.h"
144 #include "lib/process/pidfile.h"
145 #include "lib/process/restrict.h"
146 #include "lib/process/setuid.h"
147 #include "lib/process/process.h"
148 #include "lib/net/gethostname.h"
149 #include "lib/thread/numcpus.h"
150 
151 #include "lib/encoding/keyval.h"
152 #include "lib/fs/conffile.h"
153 #include "lib/evloop/procmon.h"
154 
157 
158 #include "core/or/connection_st.h"
159 #include "core/or/port_cfg_st.h"
160 
161 #ifdef HAVE_SYSTEMD
162 # if defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__)
163 /* Systemd's use of gcc's __INCLUDE_LEVEL__ extension macro appears to confuse
164  * Coverity. Here's a kludge to unconfuse it.
165  */
166 # define __INCLUDE_LEVEL__ 2
167 #endif /* defined(__COVERITY__) && !defined(__INCLUDE_LEVEL__) */
168 #include <systemd/sd-daemon.h>
169 #endif /* defined(HAVE_SYSTEMD) */
170 
171 /* Prefix used to indicate a Unix socket in a FooPort configuration. */
172 static const char unix_socket_prefix[] = "unix:";
173 /* Prefix used to indicate a Unix socket with spaces in it, in a FooPort
174  * configuration. */
175 static const char unix_q_socket_prefix[] = "unix:\"";
176 
177 /* limits for TCP send and recv buffer size used for constrained sockets */
178 #define MIN_CONSTRAINED_TCP_BUFFER 2048
179 #define MAX_CONSTRAINED_TCP_BUFFER 262144 /* 256k */
180 
181 /** macro to help with the bulk rename of *DownloadSchedule to
182  * *DowloadInitialDelay . */
183 #ifndef COCCI
184 #define DOWNLOAD_SCHEDULE(name) \
185  { (#name "DownloadSchedule"), (#name "DownloadInitialDelay"), 0, 1 }
186 #else
187 #define DOWNLOAD_SCHEDULE(name) { NULL, NULL, 0, 1 }
188 #endif /* !defined(COCCI) */
189 
190 /** A list of abbreviations and aliases to map command-line options, obsolete
191  * option names, or alternative option names, to their current values. */
193  PLURAL(AuthDirBadDirCC),
194  PLURAL(AuthDirBadExitCC),
195  PLURAL(AuthDirInvalidCC),
196  PLURAL(AuthDirRejectCC),
197  PLURAL(EntryNode),
198  PLURAL(ExcludeNode),
199  PLURAL(FirewallPort),
200  PLURAL(LongLivedPort),
201  PLURAL(HiddenServiceNode),
202  PLURAL(HiddenServiceExcludeNode),
203  PLURAL(NumCPU),
204  PLURAL(RendNode),
205  PLURAL(RecommendedPackage),
206  PLURAL(RendExcludeNode),
207  PLURAL(StrictEntryNode),
208  PLURAL(StrictExitNode),
209  PLURAL(StrictNode),
210  { "l", "Log", 1, 0},
211  { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
212  { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
213  { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
214  { "BandwidthRateBytes", "BandwidthRate", 0, 0},
215  { "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
216  { "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
217  { "DirServer", "DirAuthority", 0, 0}, /* XXXX later, make this warn? */
218  { "MaxConn", "ConnLimit", 0, 1},
219  { "MaxMemInCellQueues", "MaxMemInQueues", 0, 0},
220  { "ORBindAddress", "ORListenAddress", 0, 0},
221  { "DirBindAddress", "DirListenAddress", 0, 0},
222  { "SocksBindAddress", "SocksListenAddress", 0, 0},
223  { "UseHelperNodes", "UseEntryGuards", 0, 0},
224  { "NumHelperNodes", "NumEntryGuards", 0, 0},
225  { "UseEntryNodes", "UseEntryGuards", 0, 0},
226  { "NumEntryNodes", "NumEntryGuards", 0, 0},
227  { "ResolvConf", "ServerDNSResolvConfFile", 0, 1},
228  { "SearchDomains", "ServerDNSSearchDomains", 0, 1},
229  { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0},
230  { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0},
231  { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
232  { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
233  { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
234  { "SocksSocketsGroupWritable", "UnixSocksGroupWritable", 0, 1},
235  { "_HSLayer2Nodes", "HSLayer2Nodes", 0, 1 },
236  { "_HSLayer3Nodes", "HSLayer3Nodes", 0, 1 },
237 
238  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthority),
239  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusAuthorityOnly),
240  DOWNLOAD_SCHEDULE(ClientBootstrapConsensusFallback),
241  DOWNLOAD_SCHEDULE(TestingBridge),
242  DOWNLOAD_SCHEDULE(TestingBridgeBootstrap),
243  DOWNLOAD_SCHEDULE(TestingClient),
244  DOWNLOAD_SCHEDULE(TestingClientConsensus),
245  DOWNLOAD_SCHEDULE(TestingServer),
246  DOWNLOAD_SCHEDULE(TestingServerConsensus),
247 
248  { NULL, NULL, 0, 0},
249 };
250 
251 /** dummy instance of or_options_t, used for type-checking its
252  * members with CONF_CHECK_VAR_TYPE. */
254 
255 /** An entry for config_vars: "The option <b>varname</b> has type
256  * CONFIG_TYPE_<b>conftype</b>, and corresponds to
257  * or_options_t.<b>member</b>"
258  */
259 #define VAR(varname,conftype,member,initvalue) \
260  CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, 0, initvalue)
261 
262 /* As VAR, but uses a type definition in addition to a type enum. */
263 #define VAR_D(varname,conftype,member,initvalue) \
264  CONFIG_VAR_DEFN(or_options_t, varname, conftype, member, 0, initvalue)
265 
266 #define VAR_NODUMP(varname,conftype,member,initvalue) \
267  CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
268  CFLG_NODUMP, initvalue)
269 #define VAR_NODUMP_IMMUTABLE(varname,conftype,member,initvalue) \
270  CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
271  CFLG_NODUMP | CFLG_IMMUTABLE, initvalue)
272 #define VAR_INVIS(varname,conftype,member,initvalue) \
273  CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
274  CFLG_NODUMP | CFLG_NOSET | CFLG_NOLIST, initvalue)
275 
276 #define V(member,conftype,initvalue) \
277  VAR(#member, conftype, member, initvalue)
278 
279 #define VAR_IMMUTABLE(varname, conftype, member, initvalue) \
280  CONFIG_VAR_ETYPE(or_options_t, varname, conftype, member, \
281  CFLG_IMMUTABLE, initvalue)
282 
283 #define V_IMMUTABLE(member,conftype,initvalue) \
284  VAR_IMMUTABLE(#member, conftype, member, initvalue)
285 
286 /** As V, but uses a type definition instead of a type enum */
287 #define V_D(member,type,initvalue) \
288  VAR_D(#member, type, member, initvalue)
289 
290 /** An entry for config_vars: "The option <b>varname</b> is obsolete." */
291 #define OBSOLETE(varname) CONFIG_VAR_OBSOLETE(varname)
292 
293 /**
294  * Macro to declare *Port options. Each one comes in three entries.
295  * For example, most users should use "SocksPort" to configure the
296  * socks port, but TorBrowser wants to use __SocksPort so that it
297  * isn't stored by SAVECONF. The SocksPortLines virtual option is
298  * used to query both options from the controller.
299  */
300 #define VPORT(member) \
301  VAR(#member "Lines", LINELIST_V, member ## _lines, NULL), \
302  VAR(#member, LINELIST_S, member ## _lines, NULL), \
303  VAR_NODUMP("__" #member, LINELIST_S, member ## _lines, NULL)
304 
305 /** UINT64_MAX as a decimal string */
306 #define UINT64_MAX_STRING "18446744073709551615"
307 
308 /** Array of configuration options. Until we disallow nonstandard
309  * abbreviations, order is significant, since the first matching option will
310  * be chosen first.
311  */
312 static const config_var_t option_vars_[] = {
313  V(AccountingMax, MEMUNIT, "0 bytes"),
314  VAR("AccountingRule", STRING, AccountingRule_option, "max"),
315  V(AccountingStart, STRING, NULL),
316  V(Address, LINELIST, NULL),
317  V(AddressDisableIPv6, BOOL, "0"),
318  OBSOLETE("AllowDotExit"),
319  OBSOLETE("AllowInvalidNodes"),
320  V(AllowNonRFC953Hostnames, BOOL, "0"),
321  OBSOLETE("AllowSingleHopCircuits"),
322  OBSOLETE("AllowSingleHopExits"),
323  V(AlternateBridgeAuthority, LINELIST, NULL),
324  V(AlternateDirAuthority, LINELIST, NULL),
325  OBSOLETE("AlternateHSAuthority"),
326  V(AssumeReachable, BOOL, "0"),
327  V(AssumeReachableIPv6, AUTOBOOL, "auto"),
328  OBSOLETE("AuthDirBadDir"),
329  OBSOLETE("AuthDirBadDirCCs"),
330  V(AuthDirBadExit, LINELIST, NULL),
331  V(AuthDirBadExitCCs, CSV, ""),
332  V(AuthDirInvalid, LINELIST, NULL),
333  V(AuthDirInvalidCCs, CSV, ""),
334  V(AuthDirReject, LINELIST, NULL),
335  V(AuthDirRejectCCs, CSV, ""),
336  OBSOLETE("AuthDirRejectUnlisted"),
337  OBSOLETE("AuthDirListBadDirs"),
338  OBSOLETE("AuthDirMaxServersPerAuthAddr"),
339  VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
340  V(AutomapHostsOnResolve, BOOL, "0"),
341  V(AutomapHostsSuffixes, CSV, ".onion,.exit"),
342  V(AvoidDiskWrites, BOOL, "0"),
343  V(BandwidthBurst, MEMUNIT, "1 GB"),
344  V(BandwidthRate, MEMUNIT, "1 GB"),
345  V(BridgeAuthoritativeDir, BOOL, "0"),
346  VAR("Bridge", LINELIST, Bridges, NULL),
347  V(BridgePassword, STRING, NULL),
348  V(BridgeRecordUsageByCountry, BOOL, "1"),
349  V(BridgeRelay, BOOL, "0"),
350  V(BridgeDistribution, STRING, NULL),
351  VAR_IMMUTABLE("CacheDirectory",FILENAME, CacheDirectory_option, NULL),
352  V(CacheDirectoryGroupReadable, AUTOBOOL, "auto"),
353  V(CellStatistics, BOOL, "0"),
354  V(PaddingStatistics, BOOL, "1"),
355  V(OverloadStatistics, BOOL, "1"),
356  V(LearnCircuitBuildTimeout, BOOL, "1"),
357  V(CircuitBuildTimeout, INTERVAL, "0"),
358  OBSOLETE("CircuitIdleTimeout"),
359  V(CircuitsAvailableTimeout, INTERVAL, "0"),
360  V(CircuitStreamTimeout, INTERVAL, "0"),
361  V(CircuitPriorityHalflife, DOUBLE, "-1.0"), /*negative:'Use default'*/
362  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
363 #if defined(HAVE_MODULE_RELAY) || defined(TOR_UNIT_TESTS)
364  /* The unit tests expect the ClientOnly default to be 0. */
365  V(ClientOnly, BOOL, "0"),
366 #else
367  /* We must be a Client if the relay module is disabled. */
368  V(ClientOnly, BOOL, "1"),
369 #endif /* defined(HAVE_MODULE_RELAY) || defined(TOR_UNIT_TESTS) */
370  V(ClientPreferIPv6ORPort, AUTOBOOL, "auto"),
371  V(ClientPreferIPv6DirPort, AUTOBOOL, "auto"),
372  OBSOLETE("ClientAutoIPv6ORPort"),
373  V(ClientRejectInternalAddresses, BOOL, "1"),
374  V(ClientTransportPlugin, LINELIST, NULL),
375  V(ClientUseIPv6, BOOL, "0"),
376  V(ClientUseIPv4, BOOL, "1"),
377  V(ConnLimit, POSINT, "1000"),
378  V(ConnDirectionStatistics, BOOL, "0"),
379  V(ConstrainedSockets, BOOL, "0"),
380  V(ConstrainedSockSize, MEMUNIT, "8192"),
381  V(ContactInfo, STRING, NULL),
382  OBSOLETE("ControlListenAddress"),
383  VPORT(ControlPort),
384  V(ControlPortFileGroupReadable,BOOL, "0"),
385  V(ControlPortWriteToFile, FILENAME, NULL),
386  V(ControlSocket, LINELIST, NULL),
387  V(ControlSocketsGroupWritable, BOOL, "0"),
388  V(UnixSocksGroupWritable, BOOL, "0"),
389  V(CookieAuthentication, BOOL, "0"),
390  V(CookieAuthFileGroupReadable, BOOL, "0"),
391  V(CookieAuthFile, FILENAME, NULL),
392  V(CountPrivateBandwidth, BOOL, "0"),
393  VAR_IMMUTABLE("DataDirectory", FILENAME, DataDirectory_option, NULL),
394  V(DataDirectoryGroupReadable, BOOL, "0"),
395  V(DisableOOSCheck, BOOL, "1"),
396  V(DisableNetwork, BOOL, "0"),
397  V(DirAllowPrivateAddresses, BOOL, "0"),
398  OBSOLETE("DirListenAddress"),
399  V(DirPolicy, LINELIST, NULL),
400  VPORT(DirPort),
401  V(DirPortFrontPage, FILENAME, NULL),
402  VAR("DirReqStatistics", BOOL, DirReqStatistics_option, "1"),
403  VAR("DirAuthority", LINELIST, DirAuthorities, NULL),
404 #if defined(HAVE_MODULE_RELAY) || defined(TOR_UNIT_TESTS)
405  /* The unit tests expect the DirCache default to be 1. */
406  V(DirCache, BOOL, "1"),
407 #else
408  /* We can't be a DirCache if the relay module is disabled. */
409  V(DirCache, BOOL, "0"),
410 #endif /* defined(HAVE_MODULE_RELAY) || defined(TOR_UNIT_TESTS) */
411  /* A DirAuthorityFallbackRate of 0.1 means that 0.5% of clients try an
412  * authority when all fallbacks are up, and 2% try an authority when 25% of
413  * fallbacks are down. (We rebuild the list when 25% of fallbacks are down).
414  *
415  * We want to reduce load on authorities, but keep these two figures within
416  * an order of magnitude, so there isn't too much load shifting to
417  * authorities when fallbacks go down. */
418  V(DirAuthorityFallbackRate, DOUBLE, "0.1"),
419  V_IMMUTABLE(DisableAllSwap, BOOL, "0"),
420  V_IMMUTABLE(DisableDebuggerAttachment, BOOL, "1"),
421  OBSOLETE("DisableIOCP"),
422  OBSOLETE("DisableV2DirectoryInfo_"),
423  OBSOLETE("DynamicDHGroups"),
424  VPORT(DNSPort),
425  OBSOLETE("DNSListenAddress"),
426  V(DormantClientTimeout, INTERVAL, "24 hours"),
427  V(DormantTimeoutEnabled, BOOL, "1"),
428  V(DormantTimeoutDisabledByIdleStreams, BOOL, "1"),
429  V(DormantOnFirstStartup, BOOL, "0"),
430  V(DormantCanceledByStartup, BOOL, "0"),
431  V(DownloadExtraInfo, BOOL, "0"),
432  V(TestingEnableConnBwEvent, BOOL, "0"),
433  V(TestingEnableCellStatsEvent, BOOL, "0"),
434  OBSOLETE("TestingEnableTbEmptyEvent"),
435  V(EnforceDistinctSubnets, BOOL, "1"),
436  V_D(EntryNodes, ROUTERSET, NULL),
437  V(EntryStatistics, BOOL, "0"),
438  OBSOLETE("TestingEstimatedDescriptorPropagationTime"),
439  V_D(ExcludeNodes, ROUTERSET, NULL),
440  V_D(ExcludeExitNodes, ROUTERSET, NULL),
441  OBSOLETE("ExcludeSingleHopRelays"),
442  V_D(ExitNodes, ROUTERSET, NULL),
443  /* Researchers need a way to tell their clients to use specific
444  * middles that they also control, to allow safe live-network
445  * experimentation with new padding machines. */
446  V_D(MiddleNodes, ROUTERSET, NULL),
447  V(ExitPolicy, LINELIST, NULL),
448  V(ExitPolicyRejectPrivate, BOOL, "1"),
449  V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
450  V(ExitPortStatistics, BOOL, "0"),
451  V(ExtendAllowPrivateAddresses, BOOL, "0"),
452  V(ExitRelay, AUTOBOOL, "auto"),
453  VPORT(ExtORPort),
454  V(ExtORPortCookieAuthFile, FILENAME, NULL),
455  V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
456  V(ExtraInfoStatistics, BOOL, "1"),
457  V(ExtendByEd25519ID, AUTOBOOL, "auto"),
458  V(FallbackDir, LINELIST, NULL),
459 
460  V(UseDefaultFallbackDirs, BOOL, "1"),
461 
462  OBSOLETE("FallbackNetworkstatusFile"),
463  V(FascistFirewall, BOOL, "0"),
464  V(FirewallPorts, CSV, ""),
465  OBSOLETE("FastFirstHopPK"),
466  V(FetchDirInfoEarly, BOOL, "0"),
467  V(FetchDirInfoExtraEarly, BOOL, "0"),
468  V(FetchServerDescriptors, BOOL, "1"),
469  V(FetchHidServDescriptors, BOOL, "1"),
470  V(FetchUselessDescriptors, BOOL, "0"),
471  OBSOLETE("FetchV2Networkstatus"),
472  V(GeoIPExcludeUnknown, AUTOBOOL, "auto"),
473 #ifdef _WIN32
474  V(GeoIPFile, FILENAME, "<default>"),
475  V(GeoIPv6File, FILENAME, "<default>"),
476 #else
477  V(GeoIPFile, FILENAME,
478  SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
479  V(GeoIPv6File, FILENAME,
480  SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip6"),
481 #endif /* defined(_WIN32) */
482  OBSOLETE("Group"),
483  V(GuardLifetime, INTERVAL, "0 minutes"),
484  V(HeartbeatPeriod, INTERVAL, "6 hours"),
485  V(MainloopStats, BOOL, "0"),
486  V(HashedControlPassword, LINELIST, NULL),
487  OBSOLETE("HidServDirectoryV2"),
488  OBSOLETE("HiddenServiceAuthorizeClient"),
489  OBSOLETE("HidServAuth"),
490  VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL),
491  VAR("HiddenServiceDirGroupReadable", LINELIST_S, RendConfigLines, NULL),
492  VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL),
493  VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL),
494  VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL),
495  VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL),
496  VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL),
497  VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL),
498  VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL),
499  VAR("HiddenServiceExportCircuitID", LINELIST_S, RendConfigLines, NULL),
500  VAR("HiddenServiceEnableIntroDoSDefense", LINELIST_S, RendConfigLines, NULL),
501  VAR("HiddenServiceEnableIntroDoSRatePerSec",
502  LINELIST_S, RendConfigLines, NULL),
503  VAR("HiddenServiceEnableIntroDoSBurstPerSec",
504  LINELIST_S, RendConfigLines, NULL),
505  VAR("HiddenServiceOnionBalanceInstance",
506  LINELIST_S, RendConfigLines, NULL),
507  VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"),
508  V(ClientOnionAuthDir, FILENAME, NULL),
509  OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"),
510  OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"),
511  V_IMMUTABLE(HiddenServiceSingleHopMode, BOOL, "0"),
512  V_IMMUTABLE(HiddenServiceNonAnonymousMode,BOOL, "0"),
513  V(HTTPProxy, STRING, NULL),
514  V(HTTPProxyAuthenticator, STRING, NULL),
515  V(HTTPSProxy, STRING, NULL),
516  V(HTTPSProxyAuthenticator, STRING, NULL),
517  VPORT(HTTPTunnelPort),
518  V(IPv6Exit, BOOL, "0"),
519  VAR("ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL),
520  V(ServerTransportListenAddr, LINELIST, NULL),
521  V(ServerTransportOptions, LINELIST, NULL),
522  V(SigningKeyLifetime, INTERVAL, "30 days"),
523  V(Socks4Proxy, STRING, NULL),
524  V(Socks5Proxy, STRING, NULL),
525  V(Socks5ProxyUsername, STRING, NULL),
526  V(Socks5ProxyPassword, STRING, NULL),
527  V(TCPProxy, STRING, NULL),
528  VAR_IMMUTABLE("KeyDirectory", FILENAME, KeyDirectory_option, NULL),
529  V(KeyDirectoryGroupReadable, AUTOBOOL, "auto"),
530  VAR_D("HSLayer2Nodes", ROUTERSET, HSLayer2Nodes, NULL),
531  VAR_D("HSLayer3Nodes", ROUTERSET, HSLayer3Nodes, NULL),
532  V(KeepalivePeriod, INTERVAL, "5 minutes"),
533  V_IMMUTABLE(KeepBindCapabilities, AUTOBOOL, "auto"),
534  VAR("Log", LINELIST, Logs, NULL),
535  V(LogMessageDomains, BOOL, "0"),
536  V(LogTimeGranularity, MSEC_INTERVAL, "1 second"),
537  V(TruncateLogFile, BOOL, "0"),
538  V_IMMUTABLE(SyslogIdentityTag, STRING, NULL),
539  OBSOLETE("AndroidIdentityTag"),
540  V(LongLivedPorts, CSV,
541  "21,22,706,1863,5050,5190,5222,5223,6523,6667,6697,8300"),
542  VAR("MapAddress", LINELIST, AddressMap, NULL),
543  V(MaxAdvertisedBandwidth, MEMUNIT, "1 GB"),
544  V(MaxCircuitDirtiness, INTERVAL, "10 minutes"),
545  V(MaxClientCircuitsPending, POSINT, "32"),
546  V(MaxConsensusAgeForDiffs, INTERVAL, "0 seconds"),
547  VAR("MaxMemInQueues", MEMUNIT, MaxMemInQueues_raw, "0"),
548  OBSOLETE("MaxOnionsPending"),
549  V(MaxOnionQueueDelay, MSEC_INTERVAL, "1750 msec"),
550  V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"),
551  VPORT(MetricsPort),
552  V(MetricsPortPolicy, LINELIST, NULL),
553  VAR("MyFamily", LINELIST, MyFamily_lines, NULL),
554  V(NewCircuitPeriod, INTERVAL, "30 seconds"),
555  OBSOLETE("NamingAuthoritativeDirectory"),
556  OBSOLETE("NATDListenAddress"),
557  VPORT(NATDPort),
558  V(Nickname, STRING, NULL),
559  OBSOLETE("PredictedPortsRelevanceTime"),
560  OBSOLETE("WarnUnsafeSocks"),
561  VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
562  V_IMMUTABLE(NoExec, BOOL, "0"),
563  V(NumCPUs, POSINT, "0"),
564  V(NumDirectoryGuards, POSINT, "0"),
565  V(NumEntryGuards, POSINT, "0"),
566  V(NumPrimaryGuards, POSINT, "0"),
567  V(OfflineMasterKey, BOOL, "0"),
568  OBSOLETE("ORListenAddress"),
569  VPORT(ORPort),
570  V(OutboundBindAddress, LINELIST, NULL),
571  V(OutboundBindAddressOR, LINELIST, NULL),
572  V(OutboundBindAddressExit, LINELIST, NULL),
573  V(OutboundBindAddressPT, LINELIST, NULL),
574 
575  OBSOLETE("PathBiasDisableRate"),
576  V(PathBiasCircThreshold, INT, "-1"),
577  V(PathBiasNoticeRate, DOUBLE, "-1"),
578  V(PathBiasWarnRate, DOUBLE, "-1"),
579  V(PathBiasExtremeRate, DOUBLE, "-1"),
580  V(PathBiasScaleThreshold, INT, "-1"),
581  OBSOLETE("PathBiasScaleFactor"),
582  OBSOLETE("PathBiasMultFactor"),
583  V(PathBiasDropGuards, AUTOBOOL, "0"),
584  OBSOLETE("PathBiasUseCloseCounts"),
585 
586  V(PathBiasUseThreshold, INT, "-1"),
587  V(PathBiasNoticeUseRate, DOUBLE, "-1"),
588  V(PathBiasExtremeUseRate, DOUBLE, "-1"),
589  V(PathBiasScaleUseThreshold, INT, "-1"),
590 
591  V(PathsNeededToBuildCircuits, DOUBLE, "-1"),
592  V(PerConnBWBurst, MEMUNIT, "0"),
593  V(PerConnBWRate, MEMUNIT, "0"),
594  V_IMMUTABLE(PidFile, FILENAME, NULL),
595  V_IMMUTABLE(TestingTorNetwork, BOOL, "0"),
596 
597  V(TestingLinkCertLifetime, INTERVAL, "2 days"),
598  V(TestingAuthKeyLifetime, INTERVAL, "2 days"),
599  V(TestingLinkKeySlop, INTERVAL, "3 hours"),
600  V(TestingAuthKeySlop, INTERVAL, "3 hours"),
601  V(TestingSigningKeySlop, INTERVAL, "1 day"),
602 
603  OBSOLETE("OptimisticData"),
604  OBSOLETE("PortForwarding"),
605  OBSOLETE("PortForwardingHelper"),
606  OBSOLETE("PreferTunneledDirConns"),
607  V(ProtocolWarnings, BOOL, "0"),
608  V(PublishServerDescriptor, CSV, "1"),
609  V(PublishHidServDescriptors, BOOL, "1"),
610  V(ReachableAddresses, LINELIST, NULL),
611  V(ReachableDirAddresses, LINELIST, NULL),
612  V(ReachableORAddresses, LINELIST, NULL),
613  OBSOLETE("RecommendedPackages"),
614  V(ReducedConnectionPadding, BOOL, "0"),
615  V(ConnectionPadding, AUTOBOOL, "auto"),
616  V(RefuseUnknownExits, AUTOBOOL, "auto"),
617  V(CircuitPadding, BOOL, "1"),
618  V(ReducedCircuitPadding, BOOL, "0"),
619  V(RejectPlaintextPorts, CSV, ""),
620  V(RelayBandwidthBurst, MEMUNIT, "0"),
621  V(RelayBandwidthRate, MEMUNIT, "0"),
622  V(RendPostPeriod, INTERVAL, "1 hour"), /* Used internally. */
623  V(RephistTrackTime, INTERVAL, "24 hours"),
624  V_IMMUTABLE(RunAsDaemon, BOOL, "0"),
625  V(ReducedExitPolicy, BOOL, "0"),
626  OBSOLETE("RunTesting"), // currently unused
627  V_IMMUTABLE(Sandbox, BOOL, "0"),
628  V(SafeLogging, STRING, "1"),
629  V(SafeSocks, BOOL, "0"),
630  V(ServerDNSAllowBrokenConfig, BOOL, "1"),
631  V(ServerDNSAllowNonRFC953Hostnames, BOOL,"0"),
632  V(ServerDNSDetectHijacking, BOOL, "1"),
633  V(ServerDNSRandomizeCase, BOOL, "1"),
634  V(ServerDNSResolvConfFile, FILENAME, NULL),
635  V(ServerDNSSearchDomains, BOOL, "0"),
636  V(ServerDNSTestAddresses, CSV,
637  "www.google.com,www.mit.edu,www.yahoo.com,www.slashdot.org"),
638  OBSOLETE("SchedulerLowWaterMark__"),
639  OBSOLETE("SchedulerHighWaterMark__"),
640  OBSOLETE("SchedulerMaxFlushCells__"),
641  V(KISTSchedRunInterval, MSEC_INTERVAL, "0 msec"),
642  V(KISTSockBufSizeFactor, DOUBLE, "1.0"),
643  V(Schedulers, CSV, "KIST,KISTLite,Vanilla"),
644  V(ShutdownWaitLength, INTERVAL, "30 seconds"),
645  OBSOLETE("SocksListenAddress"),
646  V(SocksPolicy, LINELIST, NULL),
647  VPORT(SocksPort),
648  V(SocksTimeout, INTERVAL, "2 minutes"),
649  V(SSLKeyLifetime, INTERVAL, "0"),
650  OBSOLETE("StrictEntryNodes"),
651  OBSOLETE("StrictExitNodes"),
652  V(StrictNodes, BOOL, "0"),
653  OBSOLETE("Support022HiddenServices"),
654  V(TestSocks, BOOL, "0"),
655  V_IMMUTABLE(TokenBucketRefillInterval, MSEC_INTERVAL, "100 msec"),
656  OBSOLETE("Tor2webMode"),
657  OBSOLETE("Tor2webRendezvousPoints"),
658  OBSOLETE("TLSECGroup"),
659  V(TrackHostExits, CSV, NULL),
660  V(TrackHostExitsExpire, INTERVAL, "30 minutes"),
661  OBSOLETE("TransListenAddress"),
662  VPORT(TransPort),
663  V(TransProxyType, STRING, "default"),
664  OBSOLETE("TunnelDirConns"),
665  V(UpdateBridgesFromAuthority, BOOL, "0"),
666  V(UseBridges, BOOL, "0"),
667  VAR("UseEntryGuards", BOOL, UseEntryGuards_option, "1"),
668  OBSOLETE("UseEntryGuardsAsDirGuards"),
669  V(UseGuardFraction, AUTOBOOL, "auto"),
670  V(UseMicrodescriptors, AUTOBOOL, "auto"),
671  OBSOLETE("UseNTorHandshake"),
672  V_IMMUTABLE(User, STRING, NULL),
673  OBSOLETE("UserspaceIOCPBuffers"),
674  OBSOLETE("V1AuthoritativeDirectory"),
675  OBSOLETE("V2AuthoritativeDirectory"),
676  VAR("V3AuthoritativeDirectory",BOOL, V3AuthoritativeDir, "0"),
677  V(TestingV3AuthInitialVotingInterval, INTERVAL, "30 minutes"),
678  V(TestingV3AuthInitialVoteDelay, INTERVAL, "5 minutes"),
679  V(TestingV3AuthInitialDistDelay, INTERVAL, "5 minutes"),
680  V(TestingV3AuthVotingStartOffset, INTERVAL, "0"),
681  V(V3AuthVotingInterval, INTERVAL, "1 hour"),
682  V(V3AuthVoteDelay, INTERVAL, "5 minutes"),
683  V(V3AuthDistDelay, INTERVAL, "5 minutes"),
684  V(V3AuthNIntervalsValid, POSINT, "3"),
685  V(V3AuthUseLegacyKey, BOOL, "0"),
686  V(V3BandwidthsFile, FILENAME, NULL),
687  V(GuardfractionFile, FILENAME, NULL),
688  OBSOLETE("VoteOnHidServDirectoriesV2"),
689  V(VirtualAddrNetworkIPv4, STRING, "127.192.0.0/10"),
690  V(VirtualAddrNetworkIPv6, STRING, "[FE80::]/10"),
691  V(WarnPlaintextPorts, CSV, "23,109,110,143"),
692  OBSOLETE("UseFilteringSSLBufferevents"),
693  OBSOLETE("__UseFilteringSSLBufferevents"),
694  VAR_NODUMP("__ReloadTorrcOnSIGHUP", BOOL, ReloadTorrcOnSIGHUP, "1"),
695  VAR_NODUMP("__AllDirActionsPrivate", BOOL, AllDirActionsPrivate, "0"),
696  VAR_NODUMP("__DisablePredictedCircuits",BOOL,DisablePredictedCircuits, "0"),
697  VAR_NODUMP_IMMUTABLE("__DisableSignalHandlers", BOOL,
698  DisableSignalHandlers, "0"),
699  VAR_NODUMP("__LeaveStreamsUnattached",BOOL, LeaveStreamsUnattached, "0"),
700  VAR_NODUMP("__HashedControlSessionPassword", LINELIST,
701  HashedControlSessionPassword,
702  NULL),
703  VAR_NODUMP("__OwningControllerProcess",STRING,
704  OwningControllerProcess, NULL),
705  VAR_NODUMP_IMMUTABLE("__OwningControllerFD", UINT64, OwningControllerFD,
707  V(TestingServerDownloadInitialDelay, CSV_INTERVAL, "0"),
708  V(TestingClientDownloadInitialDelay, CSV_INTERVAL, "0"),
709  V(TestingServerConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
710  V(TestingClientConsensusDownloadInitialDelay, CSV_INTERVAL, "0"),
711  /* With the ClientBootstrapConsensus*Download* below:
712  * Clients with only authorities will try:
713  * - at least 3 authorities over 10 seconds, then exponentially backoff,
714  * with the next attempt 3-21 seconds later,
715  * Clients with authorities and fallbacks will try:
716  * - at least 2 authorities and 4 fallbacks over 21 seconds, then
717  * exponentially backoff, with the next attempts 4-33 seconds later,
718  * Clients will also retry when an application request arrives.
719  * After a number of failed requests, clients retry every 3 days + 1 hour.
720  *
721  * Clients used to try 2 authorities over 10 seconds, then wait for
722  * 60 minutes or an application request.
723  *
724  * When clients have authorities and fallbacks available, they use these
725  * schedules: (we stagger the times to avoid thundering herds) */
726  V(ClientBootstrapConsensusAuthorityDownloadInitialDelay, CSV_INTERVAL, "6"),
727  V(ClientBootstrapConsensusFallbackDownloadInitialDelay, CSV_INTERVAL, "0"),
728  /* When clients only have authorities available, they use this schedule: */
729  V(ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay, CSV_INTERVAL,
730  "0"),
731  /* We don't want to overwhelm slow networks (or mirrors whose replies are
732  * blocked), but we also don't want to fail if only some mirrors are
733  * blackholed. Clients will try 3 directories simultaneously.
734  * (Relays never use simultaneous connections.) */
735  V(ClientBootstrapConsensusMaxInProgressTries, POSINT, "3"),
736  /* When a client has any running bridges, check each bridge occasionally,
737  * whether or not that bridge is actually up. */
738  V(TestingBridgeDownloadInitialDelay, CSV_INTERVAL,"10800"),
739  /* When a client is just starting, or has no running bridges, check each
740  * bridge a few times quickly, and then try again later. These schedules
741  * are much longer than the other schedules, because we try each and every
742  * configured bridge with this schedule. */
743  V(TestingBridgeBootstrapDownloadInitialDelay, CSV_INTERVAL, "0"),
744  V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
745  V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
746  OBSOLETE("TestingConsensusMaxDownloadTries"),
747  OBSOLETE("ClientBootstrapConsensusMaxDownloadTries"),
748  OBSOLETE("ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries"),
749  OBSOLETE("TestingDescriptorMaxDownloadTries"),
750  OBSOLETE("TestingMicrodescMaxDownloadTries"),
751  OBSOLETE("TestingCertMaxDownloadTries"),
752  VAR_INVIS("___UsingTestNetworkDefaults", BOOL, UsingTestNetworkDefaults_,
753  "0"),
754 
756 };
757 
758 /** List of default directory authorities */
759 static const char *default_authorities[] = {
760 #ifndef COCCI
761 #include "auth_dirs.inc"
762 #endif
763  NULL
764 };
765 
766 /** List of fallback directory authorities. The list is generated by opt-in of
767  * relays that meet certain stability criteria.
768  */
769 static const char *default_fallbacks[] = {
770 #ifndef COCCI
771 #include "fallback_dirs.inc"
772 #endif
773  NULL
774 };
775 
776 /** Override default values with these if the user sets the TestingTorNetwork
777  * option. */
778 static const struct {
779  const char *k;
780  const char *v;
782 #ifndef COCCI
783 #include "testnet.inc"
784 #endif
785  { NULL, NULL }
786 };
787 
788 #undef VAR
789 #undef V
790 #undef OBSOLETE
791 
792 static const config_deprecation_t option_deprecation_notes_[] = {
793  /* Deprecated since 0.3.2.0-alpha. */
794  { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
795  "to your directory server, which your Tor probably wasn't using." },
796  { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
797  "which should be used with HTTPSProxyAuthenticator." },
798  /* End of options deprecated since 0.3.2.1-alpha */
799 
800  /* Options deprecated since 0.3.2.2-alpha */
801  { "ReachableDirAddresses", "It has no effect on relays, and has had no "
802  "effect on clients since 0.2.8." },
803  { "ClientPreferIPv6DirPort", "It has no effect on relays, and has had no "
804  "effect on clients since 0.2.8." },
805  /* End of options deprecated since 0.3.2.2-alpha. */
806 
807  /* Options deprecated since 0.4.3.1-alpha. */
808  { "ClientAutoIPv6ORPort", "This option is unreliable if a connection isn't "
809  "reliably dual-stack."},
810  /* End of options deprecated since 0.4.3.1-alpha. */
811 
812  { NULL, NULL }
813 };
814 
815 #ifdef _WIN32
816 static char *get_windows_conf_root(void);
817 #endif
818 
819 static int options_check_transition_cb(const void *old,
820  const void *new,
821  char **msg);
822 static int validate_data_directories(or_options_t *options);
823 static int write_configuration_file(const char *fname,
824  const or_options_t *options);
825 
826 static void init_libevent(const or_options_t *options);
827 static int opt_streq(const char *s1, const char *s2);
828 static int parse_outbound_addresses(or_options_t *options, int validate_only,
829  char **msg);
830 static void config_maybe_load_geoip_files_(const or_options_t *options,
831  const or_options_t *old_options);
832 static int options_validate_cb(const void *old_options, void *options,
833  char **msg);
835 static void set_protocol_warning_severity_level(int warning_severity);
836 static void options_clear_cb(const config_mgr_t *mgr, void *opts);
837 static setopt_err_t options_validate_and_set(const or_options_t *old_options,
838  or_options_t *new_options,
839  char **msg_out);
842  struct listener_transaction_t *xn);
843 
844 /** Magic value for or_options_t. */
845 #define OR_OPTIONS_MAGIC 9090909
846 
847 /** Configuration format for or_options_t. */
849  .size = sizeof(or_options_t),
850  .magic = {
851  "or_options_t",
853  offsetof(or_options_t, magic_),
854  },
855  .abbrevs = option_abbrevs_,
856  .deprecations = option_deprecation_notes_,
857  .vars = option_vars_,
858  .legacy_validate_fn = options_validate_cb,
859  .check_transition_fn = options_check_transition_cb,
860  .clear_fn = options_clear_cb,
861  .has_config_suite = true,
862  .config_suite_offset = offsetof(or_options_t, subconfigs_),
863 };
864 
865 /*
866  * Functions to read and write the global options pointer.
867  */
868 
869 /** Command-line and config-file options. */
871 /** The fallback options_t object; this is where we look for options not
872  * in torrc before we fall back to Tor's defaults. */
874 /** Name of most recently read torrc file. */
875 static char *torrc_fname = NULL;
876 /** Name of the most recently read torrc-defaults file.*/
877 static char *torrc_defaults_fname = NULL;
878 /** Result of parsing the command line. */
880 /** List of port_cfg_t for all configured ports. */
882 /** True iff we're currently validating options, and any calls to
883  * get_options() are likely to be bugs. */
884 static int in_option_validation = 0;
885 /** True iff we have run options_act_once_on_startup() */
886 static bool have_set_startup_options = false;
887 
888 /* A global configuration manager to handle all configuration objects. */
889 static config_mgr_t *options_mgr = NULL;
890 
891 /** Return the global configuration manager object for torrc options. */
892 STATIC const config_mgr_t *
894 {
895  if (PREDICT_UNLIKELY(options_mgr == NULL)) {
896  options_mgr = config_mgr_new(&options_format);
897  int rv = subsystems_register_options_formats(options_mgr);
898  tor_assert(rv == 0);
899  config_mgr_freeze(options_mgr);
900  }
901  return options_mgr;
902 }
903 
904 #define CHECK_OPTIONS_MAGIC(opt) STMT_BEGIN \
905  config_check_toplevel_magic(get_options_mgr(), (opt)); \
906  STMT_END
907 
908 /** Returns the currently configured options. */
911 {
913  tor_assert_nonfatal(! in_option_validation);
914  return global_options;
915 }
916 
917 /** Returns the currently configured options */
918 MOCK_IMPL(const or_options_t *,
919 get_options,(void))
920 {
921  return get_options_mutable();
922 }
923 
924 /**
925  * True iff we have noticed that this is a testing tor network, and we
926  * should use the corresponding defaults.
927  **/
928 static bool testing_network_configured = false;
929 
930 /** Return a set of lines for any default options that we want to override
931  * from those set in our config_var_t values. */
932 static config_line_t *
934 {
935  int i;
936  config_line_t *result = NULL, **next = &result;
937 
939  for (i = 0; testing_tor_network_defaults[i].k; ++i) {
940  config_line_append(next,
943  next = &(*next)->next;
944  }
945  }
946 
947  return result;
948 }
949 
950 /** Change the current global options to contain <b>new_val</b> instead of
951  * their current value; take action based on the new value; free the old value
952  * as necessary. Returns 0 on success, -1 on failure.
953  */
954 int
955 set_options(or_options_t *new_val, char **msg)
956 {
957  or_options_t *old_options = global_options;
958  global_options = new_val;
959  /* Note that we pass the *old* options below, for comparison. It
960  * pulls the new options directly out of global_options. */
961  if (options_act_reversible(old_options, msg)<0) {
962  tor_assert(*msg);
963  global_options = old_options;
964  return -1;
965  }
966  if (subsystems_set_options(get_options_mgr(), new_val) < 0 ||
967  options_act(old_options) < 0) { /* acting on the options failed. die. */
969  log_err(LD_BUG,
970  "Acting on config options left us in a broken state. Dying.");
972  }
973  global_options = old_options;
974  return -1;
975  }
976  /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
977  * just starting up then the old_options will be undefined. */
978  if (old_options && old_options != global_options) {
979  config_line_t *changes =
980  config_get_changes(get_options_mgr(), old_options, new_val);
982  config_free_lines(changes);
983  }
984 
985  if (old_options != global_options) {
986  or_options_free(old_options);
987  /* If we are here it means we've successfully applied the new options and
988  * that the global options have been changed to the new values. We'll
989  * check if we need to remove or add periodic events. */
990  periodic_events_on_new_options(global_options);
991  }
992 
993  return 0;
994 }
995 
996 /** Release additional memory allocated in options
997  */
998 static void
999 options_clear_cb(const config_mgr_t *mgr, void *opts)
1000 {
1001  (void)mgr;
1002  CHECK_OPTIONS_MAGIC(opts);
1003  or_options_t *options = opts;
1004 
1005  routerset_free(options->ExcludeExitNodesUnion_);
1006  if (options->NodeFamilySets) {
1007  SMARTLIST_FOREACH(options->NodeFamilySets, routerset_t *,
1008  rs, routerset_free(rs));
1009  smartlist_free(options->NodeFamilySets);
1010  }
1011  if (options->SchedulerTypes_) {
1012  SMARTLIST_FOREACH(options->SchedulerTypes_, int *, i, tor_free(i));
1013  smartlist_free(options->SchedulerTypes_);
1014  }
1015  if (options->FilesOpenedByIncludes) {
1016  SMARTLIST_FOREACH(options->FilesOpenedByIncludes, char *, f, tor_free(f));
1017  smartlist_free(options->FilesOpenedByIncludes);
1018  }
1019  tor_free(options->DataDirectory);
1020  tor_free(options->CacheDirectory);
1021  tor_free(options->KeyDirectory);
1023  tor_free(options->command_arg);
1024  tor_free(options->master_key_fname);
1025  config_free_lines(options->MyFamily);
1026 }
1027 
1028 /** Release all memory allocated in options
1029  */
1030 STATIC void
1032 {
1033  config_free(get_options_mgr(), options);
1034 }
1035 
1036 /** Release all memory and resources held by global configuration structures.
1037  */
1038 void
1040 {
1041  or_options_free(global_options);
1042  global_options = NULL;
1043  or_options_free(global_default_options);
1044  global_default_options = NULL;
1045 
1046  parsed_cmdline_free(global_cmdline);
1047 
1048  if (configured_ports) {
1050  port_cfg_t *, p, port_cfg_free(p));
1051  smartlist_free(configured_ports);
1052  configured_ports = NULL;
1053  }
1054 
1057 
1059 
1060  have_set_startup_options = false;
1061 
1062  config_mgr_free(options_mgr);
1063 }
1064 
1065 /** Make <b>address</b> -- a piece of information related to our operation as
1066  * a client -- safe to log according to the settings in options->SafeLogging,
1067  * and return it.
1068  *
1069  * (We return "[scrubbed]" if SafeLogging is "1", and address otherwise.)
1070  */
1071 const char *
1072 safe_str_client_opts(const or_options_t *options, const char *address)
1073 {
1074  tor_assert(address);
1075  if (!options) {
1076  options = get_options();
1077  }
1078 
1079  if (options->SafeLogging_ == SAFELOG_SCRUB_ALL)
1080  return "[scrubbed]";
1081  else
1082  return address;
1083 }
1084 
1085 /** Make <b>address</b> -- a piece of information of unspecified sensitivity
1086  * -- safe to log according to the settings in options->SafeLogging, and
1087  * return it.
1088  *
1089  * (We return "[scrubbed]" if SafeLogging is anything besides "0", and address
1090  * otherwise.)
1091  */
1092 const char *
1093 safe_str_opts(const or_options_t *options, const char *address)
1094 {
1095  tor_assert(address);
1096  if (!options) {
1097  options = get_options();
1098  }
1099 
1100  if (options->SafeLogging_ != SAFELOG_SCRUB_NONE)
1101  return "[scrubbed]";
1102  else
1103  return address;
1104 }
1105 
1106 /** Equivalent to escaped(safe_str_client(address)). See reentrancy note on
1107  * escaped(): don't use this outside the main thread, or twice in the same
1108  * log statement. */
1109 const char *
1110 escaped_safe_str_client(const char *address)
1111 {
1112  if (get_options()->SafeLogging_ == SAFELOG_SCRUB_ALL)
1113  return "[scrubbed]";
1114  else
1115  return escaped(address);
1116 }
1117 
1118 /** Equivalent to escaped(safe_str(address)). See reentrancy note on
1119  * escaped(): don't use this outside the main thread, or twice in the same
1120  * log statement. */
1121 const char *
1122 escaped_safe_str(const char *address)
1123 {
1124  if (get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE)
1125  return "[scrubbed]";
1126  else
1127  return escaped(address);
1128 }
1129 
1130 /**
1131  * The severity level that should be used for warnings of severity
1132  * LOG_PROTOCOL_WARN.
1133  *
1134  * We keep this outside the options, and we use an atomic_counter_t, in case
1135  * one thread needs to use LOG_PROTOCOL_WARN while an option transition is
1136  * happening in the main thread.
1137  */
1139 
1140 /** Return the severity level that should be used for warnings of severity
1141  * LOG_PROTOCOL_WARN. */
1142 int
1144 {
1146 }
1147 
1148 /** Set the protocol warning severity level to <b>severity</b>. */
1149 static void
1151 {
1153  warning_severity);
1154 }
1155 
1156 /**
1157  * Initialize the log warning severity level for protocol warnings. Call
1158  * only once at startup.
1159  */
1160 void
1162 {
1165 }
1166 
1167 /**
1168  * Tear down protocol_warning_severity_level.
1169  */
1170 static void
1172 {
1173  /* Destroying a locked mutex is undefined behaviour. This mutex may be
1174  * locked, because multiple threads can access it. But we need to destroy
1175  * it, otherwise re-initialisation will trigger undefined behaviour.
1176  * See #31735 for details. */
1178 }
1179 
1180 /** Add the default directory authorities directly into the trusted dir list,
1181  * but only add them insofar as they share bits with <b>type</b>.
1182  * Each authority's bits are restricted to the bits shared with <b>type</b>.
1183  * If <b>type</b> is ALL_DIRINFO or NO_DIRINFO (zero), add all authorities. */
1184 STATIC void
1186 {
1187  int i;
1188  for (i=0; default_authorities[i]; i++) {
1189  if (parse_dir_authority_line(default_authorities[i], type, 0)<0) {
1190  log_err(LD_BUG, "Couldn't parse internal DirAuthority line %s",
1191  default_authorities[i]);
1192  }
1193  }
1194 }
1195 
1196 /** Add the default fallback directory servers into the fallback directory
1197  * server list. */
1198 MOCK_IMPL(void,
1200 {
1201  int i;
1202  for (i=0; default_fallbacks[i]; i++) {
1204  log_err(LD_BUG, "Couldn't parse internal FallbackDir line %s",
1205  default_fallbacks[i]);
1206  }
1207  }
1208 }
1209 
1210 /** Look at all the config options for using alternate directory
1211  * authorities, and make sure none of them are broken. Also, warn the
1212  * user if we changed any dangerous ones.
1213  */
1214 static int
1216  const or_options_t *old_options)
1217 {
1218  config_line_t *cl;
1219 
1220  if (options->DirAuthorities &&
1221  (options->AlternateDirAuthority || options->AlternateBridgeAuthority)) {
1222  log_warn(LD_CONFIG,
1223  "You cannot set both DirAuthority and Alternate*Authority.");
1224  return -1;
1225  }
1226 
1227  /* do we want to complain to the user about being partitionable? */
1228  if ((options->DirAuthorities &&
1229  (!old_options ||
1230  !config_lines_eq(options->DirAuthorities,
1231  old_options->DirAuthorities))) ||
1232  (options->AlternateDirAuthority &&
1233  (!old_options ||
1235  old_options->AlternateDirAuthority)))) {
1236  log_warn(LD_CONFIG,
1237  "You have used DirAuthority or AlternateDirAuthority to "
1238  "specify alternate directory authorities in "
1239  "your configuration. This is potentially dangerous: it can "
1240  "make you look different from all other Tor users, and hurt "
1241  "your anonymity. Even if you've specified the same "
1242  "authorities as Tor uses by default, the defaults could "
1243  "change in the future. Be sure you know what you're doing.");
1244  }
1245 
1246  /* Now go through the four ways you can configure an alternate
1247  * set of directory authorities, and make sure none are broken. */
1248  for (cl = options->DirAuthorities; cl; cl = cl->next)
1249  if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
1250  return -1;
1251  for (cl = options->AlternateBridgeAuthority; cl; cl = cl->next)
1252  if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
1253  return -1;
1254  for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
1255  if (parse_dir_authority_line(cl->value, NO_DIRINFO, 1)<0)
1256  return -1;
1257  for (cl = options->FallbackDir; cl; cl = cl->next)
1258  if (parse_dir_fallback_line(cl->value, 1)<0)
1259  return -1;
1260  return 0;
1261 }
1262 
1263 /** Look at all the config options and assign new dir authorities
1264  * as appropriate.
1265  */
1266 int
1268  const or_options_t *old_options)
1269 {
1270  config_line_t *cl;
1271  int need_to_update =
1272  !smartlist_len(router_get_trusted_dir_servers()) ||
1273  !smartlist_len(router_get_fallback_dir_servers()) || !old_options ||
1274  !config_lines_eq(options->DirAuthorities, old_options->DirAuthorities) ||
1275  !config_lines_eq(options->FallbackDir, old_options->FallbackDir) ||
1276  (options->UseDefaultFallbackDirs != old_options->UseDefaultFallbackDirs) ||
1278  old_options->AlternateBridgeAuthority) ||
1280  old_options->AlternateDirAuthority);
1281 
1282  if (!need_to_update)
1283  return 0; /* all done */
1284 
1285  /* "You cannot set both DirAuthority and Alternate*Authority."
1286  * Checking that this restriction holds allows us to simplify
1287  * the unit tests. */
1288  tor_assert(!(options->DirAuthorities &&
1289  (options->AlternateDirAuthority
1290  || options->AlternateBridgeAuthority)));
1291 
1292  /* Start from a clean slate. */
1294 
1295  if (!options->DirAuthorities) {
1296  /* then we may want some of the defaults */
1297  dirinfo_type_t type = NO_DIRINFO;
1298  if (!options->AlternateBridgeAuthority) {
1299  type |= BRIDGE_DIRINFO;
1300  }
1301  if (!options->AlternateDirAuthority) {
1303  /* Only add the default fallback directories when the DirAuthorities,
1304  * AlternateDirAuthority, and FallbackDir directory config options
1305  * are set to their defaults, and when UseDefaultFallbackDirs is 1. */
1306  if (!options->FallbackDir && options->UseDefaultFallbackDirs) {
1308  }
1309  }
1310  /* if type == NO_DIRINFO, we don't want to add any of the
1311  * default authorities, because we've replaced them all */
1312  if (type != NO_DIRINFO)
1314  }
1315 
1316  for (cl = options->DirAuthorities; cl; cl = cl->next)
1317  if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
1318  return -1;
1319  for (cl = options->AlternateBridgeAuthority; cl; cl = cl->next)
1320  if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
1321  return -1;
1322  for (cl = options->AlternateDirAuthority; cl; cl = cl->next)
1323  if (parse_dir_authority_line(cl->value, NO_DIRINFO, 0)<0)
1324  return -1;
1325  for (cl = options->FallbackDir; cl; cl = cl->next)
1326  if (parse_dir_fallback_line(cl->value, 0)<0)
1327  return -1;
1328  return 0;
1329 }
1330 
1331 /**
1332  * Make sure that <b>directory</b> exists, with appropriate ownership and
1333  * permissions (as modified by <b>group_readable</b>). If <b>create</b>,
1334  * create the directory if it is missing. Return 0 on success.
1335  * On failure, return -1 and set *<b>msg_out</b>.
1336  */
1337 static int
1339  const char *directory,
1340  int group_readable,
1341  const char *owner,
1342  char **msg_out)
1343 {
1344  cpd_check_t cpd_opts = create ? CPD_CREATE : CPD_CHECK;
1345  if (group_readable)
1346  cpd_opts |= CPD_GROUP_READ;
1347  if (check_private_dir(directory,
1348  cpd_opts,
1349  owner) < 0) {
1350  tor_asprintf(msg_out,
1351  "Couldn't %s private data directory \"%s\"",
1352  create ? "create" : "access",
1353  directory);
1354  return -1;
1355  }
1356 
1357 #ifndef _WIN32
1358  if (group_readable) {
1359  /* Only new dirs created get new opts, also enforce group read. */
1360  if (chmod(directory, 0750)) {
1361  log_warn(LD_FS,"Unable to make %s group-readable: %s",
1362  directory, strerror(errno));
1363  }
1364  }
1365 #endif /* !defined(_WIN32) */
1366 
1367  return 0;
1368 }
1369 
1370 /**
1371  * Ensure that our keys directory exists, with appropriate permissions.
1372  * Return 0 on success, -1 on failure.
1373  */
1374 int
1376 {
1377  /* Make sure DataDirectory exists, and is private. */
1378  cpd_check_t cpd_opts = CPD_CREATE;
1379  if (options->DataDirectoryGroupReadable)
1380  cpd_opts |= CPD_GROUP_READ;
1381  if (check_private_dir(options->DataDirectory, cpd_opts, options->User)) {
1382  log_err(LD_OR, "Can't create/check datadirectory %s",
1383  options->DataDirectory);
1384  return -1;
1385  }
1386 
1387  /* Check the key directory. */
1388  if (check_private_dir(options->KeyDirectory, CPD_CREATE, options->User)) {
1389  return -1;
1390  }
1391  return 0;
1392 }
1393 
1394 /* Helps determine flags to pass to switch_id. */
1395 static int have_low_ports = -1;
1396 
1397 /** Take case of initial startup tasks that must occur before any of the
1398  * transactional option-related changes are allowed. */
1399 static int
1401 {
1403  return 0;
1404 
1405  const or_options_t *options = get_options();
1406  const bool running_tor = options->command == CMD_RUN_TOR;
1407 
1408  if (!running_tor)
1409  return 0;
1410 
1411  /* Daemonize _first_, since we only want to open most of this stuff in
1412  * the subprocess. Libevent bases can't be reliably inherited across
1413  * processes. */
1414  if (options->RunAsDaemon) {
1417  /* No need to roll back, since you can't change the value. */
1418  if (start_daemon())
1420  }
1421 
1422 #ifdef HAVE_SYSTEMD
1423  /* Our PID may have changed, inform supervisor */
1424  sd_notifyf(0, "MAINPID=%ld\n", (long int)getpid());
1425 #endif
1426 
1427  /* Set up libevent. (We need to do this before we can register the
1428  * listeners as listeners.) */
1429  init_libevent(options);
1430 
1431  /* This has to come up after libevent is initialized. */
1432  control_initialize_event_queue();
1433 
1434  /*
1435  * Initialize the scheduler - this has to come after
1436  * options_init_from_torrc() sets up libevent - why yes, that seems
1437  * completely sensible to hide the libevent setup in the option parsing
1438  * code! It also needs to happen before init_keys(), so it needs to
1439  * happen here too. How yucky. */
1440  scheduler_init();
1441 
1442  /* Attempt to lock all current and future memory with mlockall() only once.
1443  * This must happen before setuid. */
1444  if (options->DisableAllSwap) {
1445  if (tor_mlockall() == -1) {
1446  *msg_out = tor_strdup("DisableAllSwap failure. Do you have proper "
1447  "permissions?");
1448  return -1;
1449  }
1450  }
1451 
1452  have_set_startup_options = true;
1453  return 0;
1454 }
1455 
1456 /**
1457  * Change our user ID if we're configured to do so.
1458  **/
1459 static int
1460 options_switch_id(char **msg_out)
1461 {
1462  const or_options_t *options = get_options();
1463 
1464  /* Setuid/setgid as appropriate */
1465  if (options->User) {
1466  tor_assert(have_low_ports != -1);
1467  unsigned switch_id_flags = 0;
1468  if (options->KeepBindCapabilities == 1) {
1469  switch_id_flags |= SWITCH_ID_KEEP_BINDLOW;
1470  switch_id_flags |= SWITCH_ID_WARN_IF_NO_CAPS;
1471  }
1472  if (options->KeepBindCapabilities == -1 && have_low_ports) {
1473  switch_id_flags |= SWITCH_ID_KEEP_BINDLOW;
1474  }
1475  if (switch_id(options->User, switch_id_flags) != 0) {
1476  /* No need to roll back, since you can't change the value. */
1477  *msg_out = tor_strdup("Problem with User value. See logs for details.");
1478  return -1;
1479  }
1480  }
1481 
1482  return 0;
1483 }
1484 
1485 /**
1486  * Helper. Given a data directory (<b>datadir</b>) and another directory
1487  * (<b>subdir</b>) with respective group-writable permissions
1488  * <b>datadir_gr</b> and <b>subdir_gr</b>, compute whether the subdir should
1489  * be group-writeable.
1490  **/
1491 static int
1492 compute_group_readable_flag(const char *datadir,
1493  const char *subdir,
1494  int datadir_gr,
1495  int subdir_gr)
1496 {
1497  if (subdir_gr != -1) {
1498  /* The user specified a default for "subdir", so we always obey it. */
1499  return subdir_gr;
1500  }
1501 
1502  /* The user left the subdir_gr option on "auto." */
1503  if (0 == strcmp(subdir, datadir)) {
1504  /* The directories are the same, so we use the group-readable flag from
1505  * the datadirectory */
1506  return datadir_gr;
1507  } else {
1508  /* The directories are different, so we default to "not group-readable" */
1509  return 0;
1510  }
1511 }
1512 
1513 /**
1514  * Create our DataDirectory, CacheDirectory, and KeyDirectory, and
1515  * set their permissions correctly.
1516  */
1517 STATIC int
1519 {
1520  const or_options_t *options = get_options();
1521  const bool running_tor = options->command == CMD_RUN_TOR;
1522 
1523  /* Ensure data directory is private; create if possible. */
1524  /* It's okay to do this in "options_act_reversible()" even though it isn't
1525  * actually reversible, since you can't change the DataDirectory while
1526  * Tor is running. */
1527  if (check_and_create_data_directory(running_tor /* create */,
1528  options->DataDirectory,
1529  options->DataDirectoryGroupReadable,
1530  options->User,
1531  msg_out) < 0) {
1532  return -1;
1533  }
1534 
1535  /* We need to handle the group-readable flag for the cache directory and key
1536  * directory specially, since they may be the same as the data directory */
1537  const int key_dir_group_readable = compute_group_readable_flag(
1538  options->DataDirectory,
1539  options->KeyDirectory,
1540  options->DataDirectoryGroupReadable,
1541  options->KeyDirectoryGroupReadable);
1542 
1543  if (check_and_create_data_directory(running_tor /* create */,
1544  options->KeyDirectory,
1545  key_dir_group_readable,
1546  options->User,
1547  msg_out) < 0) {
1548  return -1;
1549  }
1550 
1551  const int cache_dir_group_readable = compute_group_readable_flag(
1552  options->DataDirectory,
1553  options->CacheDirectory,
1554  options->DataDirectoryGroupReadable,
1555  options->CacheDirectoryGroupReadable);
1556 
1557  if (check_and_create_data_directory(running_tor /* create */,
1558  options->CacheDirectory,
1559  cache_dir_group_readable,
1560  options->User,
1561  msg_out) < 0) {
1562  return -1;
1563  }
1564 
1565  return 0;
1566 }
1567 
1568 /** Structure to represent an incomplete configuration of a set of
1569  * listeners.
1570  *
1571  * This structure is generated by options_start_listener_transaction(), and is
1572  * either committed by options_commit_listener_transaction() or rolled back by
1573  * options_rollback_listener_transaction(). */
1574 typedef struct listener_transaction_t {
1575  bool set_conn_limit; /**< True if we've set the connection limit */
1576  unsigned old_conn_limit; /**< If nonzero, previous connlimit value. */
1577  smartlist_t *new_listeners; /**< List of new listeners that we opened. */
1579 
1580 /**
1581  * Start configuring our listeners based on the current value of
1582  * get_options().
1583  *
1584  * The value <b>old_options</b> holds either the previous options object,
1585  * or NULL if we're starting for the first time.
1586  *
1587  * On success, return a listener_transaction_t that we can either roll back or
1588  * commit.
1589  *
1590  * On failure return NULL and write a message into a newly allocated string in
1591  * *<b>msg_out</b>.
1592  **/
1593 static listener_transaction_t *
1595  char **msg_out)
1596 {
1597  listener_transaction_t *xn = tor_malloc_zero(sizeof(listener_transaction_t));
1598  xn->new_listeners = smartlist_new();
1599  or_options_t *options = get_options_mutable();
1600  const bool running_tor = options->command == CMD_RUN_TOR;
1601 
1602  if (! running_tor) {
1603  return xn;
1604  }
1605 
1606  int n_ports=0;
1607  /* We need to set the connection limit before we can open the listeners. */
1608  if (! sandbox_is_active()) {
1609  if (set_max_file_descriptors((unsigned)options->ConnLimit,
1610  &options->ConnLimit_) < 0) {
1611  *msg_out = tor_strdup("Problem with ConnLimit value. "
1612  "See logs for details.");
1613  goto rollback;
1614  }
1615  xn->set_conn_limit = true;
1616  if (old_options)
1617  xn->old_conn_limit = (unsigned)old_options->ConnLimit;
1618  } else {
1619  tor_assert(old_options);
1620  options->ConnLimit_ = old_options->ConnLimit_;
1621  }
1622 
1623  /* Adjust the port configuration so we can launch listeners. */
1624  /* 31851: some ports are relay-only */
1625  if (parse_ports(options, 0, msg_out, &n_ports, NULL)) {
1626  if (!*msg_out)
1627  *msg_out = tor_strdup("Unexpected problem parsing port config");
1628  goto rollback;
1629  }
1630 
1631  /* Set the hibernation state appropriately.*/
1632  consider_hibernation(time(NULL));
1633 
1634  /* Launch the listeners. (We do this before we setuid, so we can bind to
1635  * ports under 1024.) We don't want to rebind if we're hibernating or
1636  * shutting down. If networking is disabled, this will close all but the
1637  * control listeners, but disable those. */
1638  /* 31851: some listeners are relay-only */
1639  if (!we_are_hibernating()) {
1641  options->DisableNetwork) < 0) {
1642  *msg_out = tor_strdup("Failed to bind one of the listener ports.");
1643  goto rollback;
1644  }
1645  }
1646  if (options->DisableNetwork) {
1647  /* Aggressively close non-controller stuff, NOW */
1648  log_notice(LD_NET, "DisableNetwork is set. Tor will not make or accept "
1649  "non-control network connections. Shutting down all existing "
1650  "connections.");
1652  /* We can't complete circuits until the network is re-enabled. */
1654  }
1655 
1656 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
1657  /* Open /dev/pf before (possibly) dropping privileges. */
1658  if (options->TransPort_set &&
1659  options->TransProxyType_parsed == TPT_DEFAULT) {
1660  if (get_pf_socket() < 0) {
1661  *msg_out = tor_strdup("Unable to open /dev/pf for transparent proxy.");
1662  goto rollback;
1663  }
1664  }
1665 #endif /* defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H) */
1666 
1667  return xn;
1668 
1669  rollback:
1671  return NULL;
1672 }
1673 
1674 /**
1675  * Finish configuring the listeners that started to get configured with
1676  * <b>xn</b>. Frees <b>xn</b>.
1677  **/
1678 static void
1680 {
1681  tor_assert(xn);
1682  if (xn->set_conn_limit) {
1683  or_options_t *options = get_options_mutable();
1684  /*
1685  * If we adjusted the conn limit, recompute the OOS threshold too
1686  *
1687  * How many possible sockets to keep in reserve? If we have lots of
1688  * possible sockets, keep this below a limit and set ConnLimit_high_thresh
1689  * very close to ConnLimit_, but if ConnLimit_ is low, shrink it in
1690  * proportion.
1691  *
1692  * Somewhat arbitrarily, set socks_in_reserve to 5% of ConnLimit_, but
1693  * cap it at 64.
1694  */
1695  int socks_in_reserve = options->ConnLimit_ / 20;
1696  if (socks_in_reserve > 64) socks_in_reserve = 64;
1697 
1698  options->ConnLimit_high_thresh = options->ConnLimit_ - socks_in_reserve;
1699  options->ConnLimit_low_thresh = (options->ConnLimit_ / 4) * 3;
1700  log_info(LD_GENERAL,
1701  "Recomputed OOS thresholds: ConnLimit %d, ConnLimit_ %d, "
1702  "ConnLimit_high_thresh %d, ConnLimit_low_thresh %d",
1703  options->ConnLimit, options->ConnLimit_,
1704  options->ConnLimit_high_thresh,
1705  options->ConnLimit_low_thresh);
1706 
1707  /* Give the OOS handler a chance with the new thresholds */
1709  }
1710 
1711  smartlist_free(xn->new_listeners);
1712  tor_free(xn);
1713 }
1714 
1715 /**
1716  * Revert the listener configuration changes that that started to get
1717  * configured with <b>xn</b>. Frees <b>xn</b>.
1718  **/
1719 static void
1721 {
1722  if (! xn)
1723  return;
1724 
1725  or_options_t *options = get_options_mutable();
1726 
1727  if (xn->set_conn_limit && xn->old_conn_limit)
1729 
1731  {
1732  log_notice(LD_NET, "Closing partially-constructed %s",
1733  connection_describe(conn));
1734  connection_close_immediate(conn);
1735  connection_mark_for_close(conn);
1736  });
1737 
1738  smartlist_free(xn->new_listeners);
1739  tor_free(xn);
1740 }
1741 
1742 /** Structure to represent an incomplete configuration of a set of logs.
1743  *
1744  * This structure is generated by options_start_log_transaction(), and is
1745  * either committed by options_commit_log_transaction() or rolled back by
1746  * options_rollback_log_transaction(). */
1747 typedef struct log_transaction_t {
1748  /** Previous lowest severity of any configured log. */
1750  /** True if we have marked the previous logs to be closed */
1752  /** True if we initialized the new set of logs */
1754  /** True if our safelogging configuration is different from what it was
1755  * previously (or if we are starting for the first time). */
1758 
1759 /**
1760  * Start configuring our logs based on the current value of get_options().
1761  *
1762  * The value <b>old_options</b> holds either the previous options object,
1763  * or NULL if we're starting for the first time.
1764  *
1765  * On success, return a log_transaction_t that we can either roll back or
1766  * commit.
1767  *
1768  * On failure return NULL and write a message into a newly allocated string in
1769  * *<b>msg_out</b>.
1770  **/
1773  char **msg_out)
1774 {
1775  const or_options_t *options = get_options();
1776  const bool running_tor = options->command == CMD_RUN_TOR;
1777 
1778  log_transaction_t *xn = tor_malloc_zero(sizeof(log_transaction_t));
1780  xn->safelogging_changed = !old_options ||
1781  old_options->SafeLogging_ != options->SafeLogging_;
1782 
1783  if (! running_tor)
1784  goto done;
1785 
1786  mark_logs_temp(); /* Close current logs once new logs are open. */
1787  xn->logs_marked = true;
1788  /* Configure the tor_log(s) */
1789  if (options_init_logs(old_options, options, 0)<0) {
1790  *msg_out = tor_strdup("Failed to init Log options. See logs for details.");
1792  xn = NULL;
1793  goto done;
1794  }
1795 
1796  xn->logs_initialized = true;
1797 
1798  done:
1799  return xn;
1800 }
1801 
1802 /**
1803  * Finish configuring the logs that started to get configured with <b>xn</b>.
1804  * Frees <b>xn</b>.
1805  **/
1806 STATIC void
1808 {
1809  const or_options_t *options = get_options();
1810  tor_assert(xn);
1811 
1812  if (xn->logs_marked) {
1813  log_severity_list_t *severity =
1814  tor_malloc_zero(sizeof(log_severity_list_t));
1815  close_temp_logs();
1819  tor_free(severity);
1821  }
1822 
1823  if (xn->logs_initialized) {
1825  }
1826 
1827  {
1828  const char *badness = NULL;
1829  int bad_safelog = 0, bad_severity = 0, new_badness = 0;
1830  if (options->SafeLogging_ != SAFELOG_SCRUB_ALL) {
1831  bad_safelog = 1;
1832  if (xn->safelogging_changed)
1833  new_badness = 1;
1834  }
1835  if (get_min_log_level() >= LOG_INFO) {
1836  bad_severity = 1;
1837  if (get_min_log_level() != xn->old_min_log_level)
1838  new_badness = 1;
1839  }
1840  if (bad_safelog && bad_severity)
1841  badness = "you disabled SafeLogging, and "
1842  "you're logging more than \"notice\"";
1843  else if (bad_safelog)
1844  badness = "you disabled SafeLogging";
1845  else
1846  badness = "you're logging more than \"notice\"";
1847  if (new_badness)
1848  log_warn(LD_GENERAL, "Your log may contain sensitive information - %s. "
1849  "Don't log unless it serves an important reason. "
1850  "Overwrite the log afterwards.", badness);
1851  }
1852 
1853  tor_free(xn);
1854 }
1855 
1856 /**
1857  * Revert the log configuration changes that that started to get configured
1858  * with <b>xn</b>. Frees <b>xn</b>.
1859  **/
1860 STATIC void
1862 {
1863  if (!xn)
1864  return;
1865 
1866  if (xn->logs_marked) {
1869  }
1870 
1871  tor_free(xn);
1872 }
1873 
1874 /**
1875  * Fetch the active option list, and take actions based on it. All of
1876  * the things we do in this function should survive being done
1877  * repeatedly, OR be done only once when starting Tor. If present,
1878  * <b>old_options</b> contains the previous value of the options.
1879  *
1880  * This function is only truly "reversible" _after_ the first time it
1881  * is run. The first time that it runs, it performs some irreversible
1882  * tasks in the correct sequence between the reversible option changes.
1883  *
1884  * Option changes should only be marked as "reversible" if they cannot
1885  * be validated before switching them, but they can be switched back if
1886  * some other validation fails.
1887  *
1888  * Return 0 if all goes well, return -1 if things went badly.
1889  */
1890 MOCK_IMPL(STATIC int,
1891 options_act_reversible,(const or_options_t *old_options, char **msg))
1892 {
1893  const bool first_time = ! have_set_startup_options;
1894  log_transaction_t *log_transaction = NULL;
1895  listener_transaction_t *listener_transaction = NULL;
1896  int r = -1;
1897 
1898  /* The ordering of actions in this function is not free, sadly.
1899  *
1900  * First of all, we _must_ daemonize before we take all kinds of
1901  * initialization actions, since they need to happen in the
1902  * subprocess.
1903  */
1904  if (options_act_once_on_startup(msg) < 0)
1905  goto rollback;
1906 
1907  /* Once we've handled most of once-off initialization, we need to
1908  * open our listeners before we switch IDs. (If we open listeners first,
1909  * we might not be able to bind to low ports.)
1910  */
1911  listener_transaction = options_start_listener_transaction(old_options, msg);
1912  if (listener_transaction == NULL)
1913  goto rollback;
1914 
1915  if (first_time) {
1916  if (options_switch_id(msg) < 0)
1917  goto rollback;
1918  }
1919 
1920  /* On the other hand, we need to touch the file system _after_ we
1921  * switch IDs: otherwise, we'll be making directories and opening files
1922  * with the wrong permissions.
1923  */
1924  if (first_time) {
1925  if (options_create_directories(msg) < 0)
1926  goto rollback;
1927  }
1928 
1929  /* Bail out at this point if we're not going to be a client or server:
1930  * we don't run Tor itself. */
1931  log_transaction = options_start_log_transaction(old_options, msg);
1932  if (log_transaction == NULL)
1933  goto rollback;
1934 
1935  // Commit!
1936  r = 0;
1937 
1938  options_commit_log_transaction(log_transaction);
1939 
1940  options_commit_listener_transaction(listener_transaction);
1941 
1942  goto done;
1943 
1944  rollback:
1945  r = -1;
1946  tor_assert(*msg);
1947 
1948  options_rollback_log_transaction(log_transaction);
1949  options_rollback_listener_transaction(listener_transaction);
1950 
1951  done:
1952  return r;
1953 }
1954 
1955 /** If we need to have a GEOIP ip-to-country map to run with our configured
1956  * options, return 1 and set *<b>reason_out</b> to a description of why. */
1957 int
1958 options_need_geoip_info(const or_options_t *options, const char **reason_out)
1959 {
1960  int bridge_usage = should_record_bridge_info(options);
1961  int routerset_usage =
1962  routerset_needs_geoip(options->EntryNodes) ||
1963  routerset_needs_geoip(options->ExitNodes) ||
1964  routerset_needs_geoip(options->MiddleNodes) ||
1966  routerset_needs_geoip(options->ExcludeNodes) ||
1969 
1970  if (routerset_usage && reason_out) {
1971  *reason_out = "We've been configured to use (or avoid) nodes in certain "
1972  "countries, and we need GEOIP information to figure out which ones they "
1973  "are.";
1974  } else if (bridge_usage && reason_out) {
1975  *reason_out = "We've been configured to see which countries can access "
1976  "us as a bridge, and we need GEOIP information to tell which countries "
1977  "clients are in.";
1978  }
1979  return bridge_usage || routerset_usage;
1980 }
1981 
1982 /* Used in the various options_transition_affects* functions. */
1983 #define YES_IF_CHANGED_BOOL(opt) \
1984  if (!CFG_EQ_BOOL(old_options, new_options, opt)) return 1;
1985 #define YES_IF_CHANGED_INT(opt) \
1986  if (!CFG_EQ_INT(old_options, new_options, opt)) return 1;
1987 #define YES_IF_CHANGED_STRING(opt) \
1988  if (!CFG_EQ_STRING(old_options, new_options, opt)) return 1;
1989 #define YES_IF_CHANGED_LINELIST(opt) \
1990  if (!CFG_EQ_LINELIST(old_options, new_options, opt)) return 1;
1991 #define YES_IF_CHANGED_SMARTLIST(opt) \
1992  if (!CFG_EQ_SMARTLIST(old_options, new_options, opt)) return 1;
1993 #define YES_IF_CHANGED_ROUTERSET(opt) \
1994  if (!CFG_EQ_ROUTERSET(old_options, new_options, opt)) return 1;
1995 
1996 /**
1997  * Return true if changing the configuration from <b>old</b> to <b>new</b>
1998  * affects the guard subsystem.
1999  */
2000 static int
2002  const or_options_t *new_options)
2003 {
2004  /* NOTE: Make sure this function stays in sync with
2005  * node_passes_guard_filter */
2006  tor_assert(old_options);
2007  tor_assert(new_options);
2008 
2009  YES_IF_CHANGED_BOOL(UseEntryGuards);
2010  YES_IF_CHANGED_BOOL(UseBridges);
2011  YES_IF_CHANGED_BOOL(ClientUseIPv4);
2012  YES_IF_CHANGED_BOOL(ClientUseIPv6);
2013  YES_IF_CHANGED_BOOL(FascistFirewall);
2014  YES_IF_CHANGED_ROUTERSET(ExcludeNodes);
2015  YES_IF_CHANGED_ROUTERSET(EntryNodes);
2016  YES_IF_CHANGED_SMARTLIST(FirewallPorts);
2017  YES_IF_CHANGED_LINELIST(Bridges);
2018  YES_IF_CHANGED_LINELIST(ReachableORAddresses);
2019  YES_IF_CHANGED_LINELIST(ReachableDirAddresses);
2020 
2021  return 0;
2022 }
2023 
2024 /** Fetch the active option list, and take actions based on it. All of the
2025  * things we do should survive being done repeatedly. If present,
2026  * <b>old_options</b> contains the previous value of the options.
2027  *
2028  * Return 0 if all goes well, return -1 if it's time to die.
2029  *
2030  * Note: We haven't moved all the "act on new configuration" logic
2031  * the options_act* functions yet. Some is still in do_hup() and other
2032  * places.
2033  */
2034 MOCK_IMPL(STATIC int,
2035 options_act,(const or_options_t *old_options))
2036 {
2037  config_line_t *cl;
2038  or_options_t *options = get_options_mutable();
2039  int running_tor = options->command == CMD_RUN_TOR;
2040  char *msg=NULL;
2041  const int transition_affects_guards =
2042  old_options && options_transition_affects_guards(old_options, options);
2043 
2044  if (options->NoExec || options->Sandbox) {
2046  }
2047 
2048  /* disable ptrace and later, other basic debugging techniques */
2049  {
2050  /* Remember if we already disabled debugger attachment */
2051  static int disabled_debugger_attach = 0;
2052  /* Remember if we already warned about being configured not to disable
2053  * debugger attachment */
2054  static int warned_debugger_attach = 0;
2055  /* Don't disable debugger attachment when we're running the unit tests. */
2056  if (options->DisableDebuggerAttachment && !disabled_debugger_attach &&
2057  running_tor) {
2058  int ok = tor_disable_debugger_attach();
2059  /* LCOV_EXCL_START the warned_debugger_attach is 0 can't reach inside. */
2060  if (warned_debugger_attach && ok == 1) {
2061  log_notice(LD_CONFIG, "Disabled attaching debuggers for unprivileged "
2062  "users.");
2063  }
2064  /* LCOV_EXCL_STOP */
2065  disabled_debugger_attach = (ok == 1);
2066  } else if (!options->DisableDebuggerAttachment &&
2067  !warned_debugger_attach) {
2068  log_notice(LD_CONFIG, "Not disabling debugger attaching for "
2069  "unprivileged users.");
2070  warned_debugger_attach = 1;
2071  }
2072  }
2073 
2074  /* Write control ports to disk as appropriate */
2076 
2077  if (running_tor && !have_lockfile()) {
2078  if (try_locking(options, 1) < 0)
2079  return -1;
2080  }
2081 
2082  {
2083  int warning_severity = options->ProtocolWarnings ? LOG_WARN : LOG_INFO;
2084  set_protocol_warning_severity_level(warning_severity);
2085  }
2086 
2087  if (consider_adding_dir_servers(options, old_options) < 0) {
2088  // XXXX This should get validated earlier, and committed here, to
2089  // XXXX lower opportunities for reaching an error case.
2090  return -1;
2091  }
2092 
2093  if (hs_service_non_anonymous_mode_enabled(options)) {
2094  log_warn(LD_GENERAL, "This copy of Tor was compiled or configured to run "
2095  "in a non-anonymous mode. It will provide NO ANONYMITY.");
2096  }
2097 
2098  /* 31851: OutboundBindAddressExit is relay-only */
2099  if (parse_outbound_addresses(options, 0, &msg) < 0) {
2100  // LCOV_EXCL_START
2101  log_warn(LD_BUG, "Failed parsing previously validated outbound "
2102  "bind addresses: %s", msg);
2103  tor_free(msg);
2104  return -1;
2105  // LCOV_EXCL_STOP
2106  }
2107 
2108  if (options->Bridges) {
2109  mark_bridge_list();
2110  for (cl = options->Bridges; cl; cl = cl->next) {
2111  bridge_line_t *bridge_line = parse_bridge_line(cl->value);
2112  if (!bridge_line) {
2113  // LCOV_EXCL_START
2114  log_warn(LD_BUG,
2115  "Previously validated Bridge line could not be added!");
2116  return -1;
2117  // LCOV_EXCL_STOP
2118  }
2119  bridge_add_from_config(bridge_line);
2120  }
2122  }
2123 
2124  if (running_tor && hs_config_service_all(options, 0)<0) {
2125  // LCOV_EXCL_START
2126  log_warn(LD_BUG,
2127  "Previously validated hidden services line could not be added!");
2128  return -1;
2129  // LCOV_EXCL_STOP
2130  }
2131 
2132  if (running_tor && hs_config_client_auth_all(options, 0) < 0) {
2133  // LCOV_EXCL_START
2134  log_warn(LD_BUG, "Previously validated client authorization for "
2135  "hidden services could not be added!");
2136  return -1;
2137  // LCOV_EXCL_STOP
2138  }
2139 
2140  if (running_tor && !old_options &&
2141  options->OwningControllerFD != UINT64_MAX) {
2142  const unsigned ctrl_flags =
2143  CC_LOCAL_FD_IS_OWNER |
2144  CC_LOCAL_FD_IS_AUTHENTICATED;
2145  tor_socket_t ctrl_sock = (tor_socket_t)options->OwningControllerFD;
2146  if (control_connection_add_local_fd(ctrl_sock, ctrl_flags) < 0) {
2147  log_warn(LD_CONFIG, "Could not add local controller connection with "
2148  "given FD.");
2149  return -1;
2150  }
2151  }
2152 
2153  /* Load state */
2154  if (! or_state_loaded() && running_tor) {
2155  if (or_state_load())
2156  return -1;
2157  if (options_act_dirauth_mtbf(options) < 0)
2158  return -1;
2159  }
2160 
2161  /* 31851: some of the code in these functions is relay-only */
2164  if (!options->DisableNetwork) {
2165  if (options->ClientTransportPlugin) {
2166  for (cl = options->ClientTransportPlugin; cl; cl = cl->next) {
2167  if (pt_parse_transport_line(options, cl->value, 0, 0) < 0) {
2168  // LCOV_EXCL_START
2169  log_warn(LD_BUG,
2170  "Previously validated ClientTransportPlugin line "
2171  "could not be added!");
2172  return -1;
2173  // LCOV_EXCL_STOP
2174  }
2175  }
2176  }
2177  }
2178 
2179  if (options_act_server_transport(old_options) < 0)
2180  return -1;
2181 
2183  sweep_proxy_list();
2184 
2185  /* Start the PT proxy configuration. By doing this configuration
2186  here, we also figure out which proxies need to be restarted and
2187  which not. */
2190 
2191  /* Bail out at this point if we're not going to be a client or server:
2192  * we want to not fork, and to log stuff to stderr. */
2193  if (!running_tor)
2194  return 0;
2195 
2196  /* Finish backgrounding the process */
2197  if (options->RunAsDaemon) {
2198  /* We may be calling this for the n'th time (on SIGHUP), but it's safe. */
2199  finish_daemon(options->DataDirectory);
2200  }
2201 
2202  if (options_act_relay(old_options) < 0)
2203  return -1;
2204 
2205  /* Write our PID to the PID file. If we do not have write permissions we
2206  * will log a warning and exit. */
2207  if (options->PidFile && !sandbox_is_active()) {
2208  if (write_pidfile(options->PidFile) < 0) {
2209  log_err(LD_CONFIG, "Unable to write PIDFile %s",
2210  escaped(options->PidFile));
2211  return -1;
2212  }
2213  }
2214 
2215  /* Register addressmap directives */
2216  config_register_addressmaps(options);
2217  parse_virtual_addr_network(options->VirtualAddrNetworkIPv4, AF_INET,0,NULL);
2218  parse_virtual_addr_network(options->VirtualAddrNetworkIPv6, AF_INET6,0,NULL);
2219 
2220  /* Update address policies. */
2221  if (policies_parse_from_options(options) < 0) {
2222  /* This should be impossible, but let's be sure. */
2223  log_warn(LD_BUG,"Error parsing already-validated policy options.");
2224  return -1;
2225  }
2226 
2227  if (init_control_cookie_authentication(options->CookieAuthentication) < 0) {
2228  log_warn(LD_CONFIG,"Error creating control cookie authentication file.");
2229  return -1;
2230  }
2231 
2233 
2234  /* reload keys as needed for rendezvous services. */
2235  if (hs_service_load_all_keys() < 0) {
2236  log_warn(LD_GENERAL,"Error loading rendezvous service keys");
2237  return -1;
2238  }
2239 
2240  /* Inform the scheduler subsystem that a configuration changed happened. It
2241  * might be a change of scheduler or parameter. */
2243 
2244  if (options_act_relay_accounting(old_options) < 0)
2245  return -1;
2246 
2247  /* Change the cell EWMA settings */
2249 
2250  /* Update the BridgePassword's hashed version as needed. We store this as a
2251  * digest so that we can do side-channel-proof comparisons on it.
2252  */
2253  if (options->BridgePassword) {
2254  char *http_authenticator;
2255  http_authenticator = alloc_http_authenticator(options->BridgePassword);
2256  if (!http_authenticator) {
2257  // XXXX This should get validated in options_validate().
2258  log_warn(LD_BUG, "Unable to allocate HTTP authenticator. Not setting "
2259  "BridgePassword.");
2260  return -1;
2261  }
2262  options->BridgePassword_AuthDigest_ = tor_malloc(DIGEST256_LEN);
2264  http_authenticator, strlen(http_authenticator),
2265  DIGEST_SHA256);
2266  tor_free(http_authenticator);
2267  }
2268 
2269  config_maybe_load_geoip_files_(options, old_options);
2270 
2271  if (geoip_is_loaded(AF_INET) && options->GeoIPExcludeUnknown) {
2272  /* ExcludeUnknown is true or "auto" */
2273  const int is_auto = options->GeoIPExcludeUnknown == -1;
2274  int changed;
2275 
2276  changed = routerset_add_unknown_ccs(&options->ExcludeNodes, is_auto);
2277  changed += routerset_add_unknown_ccs(&options->ExcludeExitNodes, is_auto);
2278 
2279  if (changed)
2281  }
2282 
2283  /* Check for transitions that need action. */
2284  if (old_options) {
2285  int revise_trackexithosts = 0;
2286  int revise_automap_entries = 0;
2287  int abandon_circuits = 0;
2288  if ((options->UseEntryGuards && !old_options->UseEntryGuards) ||
2289  options->UseBridges != old_options->UseBridges ||
2290  (options->UseBridges &&
2291  !config_lines_eq(options->Bridges, old_options->Bridges)) ||
2292  !routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes) ||
2293  !routerset_equal(old_options->ExcludeExitNodes,
2294  options->ExcludeExitNodes) ||
2295  !routerset_equal(old_options->EntryNodes, options->EntryNodes) ||
2296  !routerset_equal(old_options->ExitNodes, options->ExitNodes) ||
2297  !routerset_equal(old_options->HSLayer2Nodes,
2298  options->HSLayer2Nodes) ||
2299  !routerset_equal(old_options->HSLayer3Nodes,
2300  options->HSLayer3Nodes) ||
2301  !routerset_equal(old_options->MiddleNodes, options->MiddleNodes) ||
2302  options->StrictNodes != old_options->StrictNodes) {
2303  log_info(LD_CIRC,
2304  "Changed to using entry guards or bridges, or changed "
2305  "preferred or excluded node lists. "
2306  "Abandoning previous circuits.");
2307  abandon_circuits = 1;
2308  }
2309 
2310  if (transition_affects_guards) {
2311  if (guards_update_all()) {
2312  abandon_circuits = 1;
2313  }
2314  }
2315 
2316  if (abandon_circuits) {
2319  revise_trackexithosts = 1;
2320  }
2321 
2322  if (!smartlist_strings_eq(old_options->TrackHostExits,
2323  options->TrackHostExits))
2324  revise_trackexithosts = 1;
2325 
2326  if (revise_trackexithosts)
2328 
2329  if (!options->AutomapHostsOnResolve &&
2330  old_options->AutomapHostsOnResolve) {
2331  revise_automap_entries = 1;
2332  } else {
2333  if (!smartlist_strings_eq(old_options->AutomapHostsSuffixes,
2334  options->AutomapHostsSuffixes))
2335  revise_automap_entries = 1;
2336  else if (!opt_streq(old_options->VirtualAddrNetworkIPv4,
2337  options->VirtualAddrNetworkIPv4) ||
2338  !opt_streq(old_options->VirtualAddrNetworkIPv6,
2339  options->VirtualAddrNetworkIPv6))
2340  revise_automap_entries = 1;
2341  }
2342 
2343  if (revise_automap_entries)
2345 
2346  if (options_act_bridge_stats(old_options) < 0)
2347  return -1;
2348 
2349  if (dns_reset())
2350  return -1;
2351 
2352  if (options_act_relay_bandwidth(old_options) < 0)
2353  return -1;
2354 
2355  if (options->BandwidthRate != old_options->BandwidthRate ||
2356  options->BandwidthBurst != old_options->BandwidthBurst)
2357  connection_bucket_adjust(options);
2358 
2359  if (options->MainloopStats != old_options->MainloopStats) {
2361  }
2362  }
2363 
2364  /* 31851: These options are relay-only, but we need to disable them if we
2365  * are in client mode. In 29211, we will disable all relay options in
2366  * client mode. */
2367  /* Only collect directory-request statistics on relays and bridges. */
2368  options->DirReqStatistics = options->DirReqStatistics_option &&
2369  server_mode(options);
2370  options->HiddenServiceStatistics =
2371  options->HiddenServiceStatistics_option && server_mode(options);
2372 
2373  /* Only collect other relay-only statistics on relays. */
2374  if (!public_server_mode(options)) {
2375  options->CellStatistics = 0;
2376  options->EntryStatistics = 0;
2377  options->ConnDirectionStatistics = 0;
2378  options->ExitPortStatistics = 0;
2379  }
2380 
2381  bool print_notice = 0;
2382  if (options_act_relay_stats(old_options, &print_notice) < 0)
2383  return -1;
2384  if (options_act_dirauth_stats(old_options, &print_notice) < 0)
2385  return -1;
2386  if (print_notice)
2388 
2389  if (options_act_relay_desc(old_options) < 0)
2390  return -1;
2391 
2392  if (options_act_dirauth(old_options) < 0)
2393  return -1;
2394 
2395  /* We may need to reschedule some directory stuff if our status changed. */
2396  if (old_options) {
2398  dirclient_fetches_dir_info_early(old_options)) ||
2400  dirclient_fetches_dir_info_later(old_options)) ||
2401  !config_lines_eq(old_options->Bridges, options->Bridges)) {
2402  /* Make sure update_router_have_minimum_dir_info() gets called. */
2404  /* We might need to download a new consensus status later or sooner than
2405  * we had expected. */
2407  }
2408  }
2409 
2410  if (options_act_relay_dos(old_options) < 0)
2411  return -1;
2412  if (options_act_relay_dir(old_options) < 0)
2413  return -1;
2414 
2415  return 0;
2416 }
2417 
2418 /**
2419  * Enumeration to describe the syntax for a command-line option.
2420  **/
2421 typedef enum {
2422  /** Describe an option that does not take an argument. */
2424  /** Describes an option that takes a single argument. */
2426  /** Describes an option that takes a single optional argument. */
2427  ARGUMENT_OPTIONAL = 2
2429 
2430 /** Table describing arguments that Tor accepts on the command line,
2431  * other than those that are the same as in torrc. */
2432 static const struct {
2433  /** The string that the user has to provide. */
2434  const char *name;
2435  /** Optional short name. */
2436  const char *short_name;
2437  /** Does this option accept an argument? */
2439  /** If not CMD_RUN_TOR, what should Tor do when it starts? */
2441  /** If nonzero, set the quiet level to this. 1 is "hush", 2 is "quiet" */
2442  int quiet;
2443 } CMDLINE_ONLY_OPTIONS[] = {
2444  { .name="--torrc-file",
2445  .short_name="-f",
2446  .takes_argument=ARGUMENT_NECESSARY },
2447  { .name="--allow-missing-torrc" },
2448  { .name="--defaults-torrc",
2449  .takes_argument=ARGUMENT_NECESSARY },
2450  { .name="--hash-password",
2451  .takes_argument=ARGUMENT_NECESSARY,
2452  .command=CMD_HASH_PASSWORD,
2453  .quiet=QUIET_HUSH },
2454  { .name="--dump-config",
2455  .takes_argument=ARGUMENT_OPTIONAL,
2456  .command=CMD_DUMP_CONFIG,
2457  .quiet=QUIET_SILENT },
2458  { .name="--list-fingerprint",
2459  .takes_argument=ARGUMENT_OPTIONAL,
2460  .command=CMD_LIST_FINGERPRINT },
2461  { .name="--keygen",
2462  .command=CMD_KEYGEN },
2463  { .name="--key-expiration",
2464  .takes_argument=ARGUMENT_OPTIONAL,
2465  .command=CMD_KEY_EXPIRATION },
2466  { .name="--format",
2467  .takes_argument=ARGUMENT_NECESSARY },
2468  { .name="--newpass" },
2469  { .name="--no-passphrase" },
2470  { .name="--passphrase-fd",
2471  .takes_argument=ARGUMENT_NECESSARY },
2472  { .name="--verify-config",
2473  .command=CMD_VERIFY_CONFIG },
2474  { .name="--ignore-missing-torrc" },
2475  { .name="--quiet",
2476  .quiet=QUIET_SILENT },
2477  { .name="--hush",
2478  .quiet=QUIET_HUSH },
2479  { .name="--version",
2480  .command=CMD_IMMEDIATE,
2481  .quiet=QUIET_HUSH },
2482  { .name="--list-modules",
2483  .command=CMD_IMMEDIATE,
2484  .quiet=QUIET_HUSH },
2485  { .name="--library-versions",
2486  .command=CMD_IMMEDIATE,
2487  .quiet=QUIET_HUSH },
2488  { .name="--help",
2489  .short_name="-h",
2490  .command=CMD_IMMEDIATE,
2491  .quiet=QUIET_HUSH },
2492  { .name="--list-torrc-options",
2493  .command=CMD_IMMEDIATE,
2494  .quiet=QUIET_HUSH },
2495  { .name="--list-deprecated-options",
2496  .command=CMD_IMMEDIATE },
2497  { .name="--nt-service" },
2498  { .name="-nt-service" },
2499  { .name="--dbg-dump-subsystem-list",
2500  .command=CMD_IMMEDIATE,
2501  .quiet=QUIET_HUSH },
2502  { .name=NULL },
2503 };
2504 
2505 /** Helper: Read a list of configuration options from the command line. If
2506  * successful, return a newly allocated parsed_cmdline_t; otherwise return
2507  * NULL.
2508  *
2509  * If <b>ignore_errors</b> is set, try to recover from all recoverable
2510  * errors and return the best command line we can.
2511  */
2513 config_parse_commandline(int argc, char **argv, int ignore_errors)
2514 {
2515  parsed_cmdline_t *result = tor_malloc_zero(sizeof(parsed_cmdline_t));
2516  result->command = CMD_RUN_TOR;
2517  config_line_t *param = NULL;
2518 
2519  config_line_t **new_cmdline = &result->cmdline_opts;
2520  config_line_t **new = &result->other_opts;
2521 
2522  char *s, *arg;
2523  int i = 1;
2524 
2525  while (i < argc) {
2526  unsigned command = CONFIG_LINE_NORMAL;
2528  int is_cmdline = 0;
2529  int j;
2530  bool is_a_command = false;
2531 
2532  for (j = 0; CMDLINE_ONLY_OPTIONS[j].name != NULL; ++j) {
2533  if (!strcmp(argv[i], CMDLINE_ONLY_OPTIONS[j].name) ||
2535  !strcmp(argv[i], CMDLINE_ONLY_OPTIONS[j].short_name))) {
2536  is_cmdline = 1;
2537  want_arg = CMDLINE_ONLY_OPTIONS[j].takes_argument;
2539  is_a_command = true;
2540  result->command = CMDLINE_ONLY_OPTIONS[j].command;
2541  }
2543  if (quiet > result->quiet_level)
2544  result->quiet_level = quiet;
2545  break;
2546  }
2547  }
2548 
2549  s = argv[i];
2550 
2551  /* Each keyword may be prefixed with one or two dashes. */
2552  if (*s == '-')
2553  s++;
2554  if (*s == '-')
2555  s++;
2556  /* Figure out the command, if any. */
2557  if (*s == '+') {
2558  s++;
2560  } else if (*s == '/') {
2561  s++;
2562  command = CONFIG_LINE_CLEAR;
2563  /* A 'clear' command has no argument. */
2564  want_arg = 0;
2565  }
2566 
2567  const int is_last = (i == argc-1);
2568 
2569  if (want_arg == ARGUMENT_NECESSARY && is_last) {
2570  if (ignore_errors) {
2571  arg = tor_strdup("");
2572  } else {
2573  log_warn(LD_CONFIG,"Command-line option '%s' with no value. Failing.",
2574  argv[i]);
2575  parsed_cmdline_free(result);
2576  return NULL;
2577  }
2578  } else if (want_arg == ARGUMENT_OPTIONAL &&
2579  /* optional arguments may never start with '-'. */
2580  (is_last || argv[i+1][0] == '-')) {
2581  arg = tor_strdup("");
2582  want_arg = ARGUMENT_NONE; // prevent skipping the next flag.
2583  } else {
2584  arg = (want_arg != ARGUMENT_NONE) ? tor_strdup(argv[i+1]) :
2585  tor_strdup("");
2586  }
2587 
2588  param = tor_malloc_zero(sizeof(config_line_t));
2589  param->key = is_cmdline ? tor_strdup(argv[i]) :
2590  tor_strdup(config_expand_abbrev(get_options_mgr(), s, 1, 1));
2591  param->value = arg;
2592  param->command = command;
2593  param->next = NULL;
2594  log_debug(LD_CONFIG, "command line: parsed keyword '%s', value '%s'",
2595  param->key, param->value);
2596 
2597  if (is_a_command) {
2598  result->command_arg = param->value;
2599  }
2600 
2601  if (is_cmdline) {
2602  *new_cmdline = param;
2603  new_cmdline = &((*new_cmdline)->next);
2604  } else {
2605  *new = param;
2606  new = &((*new)->next);
2607  }
2608 
2609  i += want_arg ? 2 : 1;
2610  }
2611 
2612  return result;
2613 }
2614 
2615 /** Release all storage held by <b>cmdline</b>. */
2616 void
2618 {
2619  if (!cmdline)
2620  return;
2621  config_free_lines(cmdline->cmdline_opts);
2622  config_free_lines(cmdline->other_opts);
2623  tor_free(cmdline);
2624 }
2625 
2626 /** Return true iff key is a valid configuration option. */
2627 int
2628 option_is_recognized(const char *key)
2629 {
2630  return config_find_option_name(get_options_mgr(), key) != NULL;
2631 }
2632 
2633 /** Return the canonical name of a configuration option, or NULL
2634  * if no such option exists. */
2635 const char *
2637 {
2639 }
2640 
2641 /** Return a canonical list of the options assigned for key.
2642  */
2643 config_line_t *
2644 option_get_assignment(const or_options_t *options, const char *key)
2645 {
2646  return config_get_assigned_option(get_options_mgr(), options, key, 1);
2647 }
2648 
2649 /** Try assigning <b>list</b> to the global options. You do this by duping
2650  * options, assigning list to the new one, then validating it. If it's
2651  * ok, then throw out the old one and stick with the new one. Else,
2652  * revert to old and return failure. Return SETOPT_OK on success, or
2653  * a setopt_err_t on failure.
2654  *
2655  * If not success, point *<b>msg</b> to a newly allocated string describing
2656  * what went wrong.
2657  */
2659 options_trial_assign(config_line_t *list, unsigned flags, char **msg)
2660 {
2661  int r;
2662  or_options_t *trial_options = config_dup(get_options_mgr(), get_options());
2663 
2664  if ((r=config_assign(get_options_mgr(), trial_options,
2665  list, flags, msg)) < 0) {
2666  or_options_free(trial_options);
2667  return r;
2668  }
2669  const or_options_t *cur_options = get_options();
2670 
2671  return options_validate_and_set(cur_options, trial_options, msg);
2672 }
2673 
2674 /** Print a usage message for tor. */
2675 static void
2677 {
2678  printf(
2679 "Copyright (c) 2001-2004, Roger Dingledine\n"
2680 "Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n"
2681 "Copyright (c) 2007-2021, The Tor Project, Inc.\n\n"
2682 "tor -f <torrc> [args]\n"
2683 "See man page for options, or https://www.torproject.org/ for "
2684 "documentation.\n");
2685 }
2686 
2687 /** Print all non-obsolete torrc options. */
2688 static void
2690 {
2692  SMARTLIST_FOREACH_BEGIN(vars, const config_var_t *, var) {
2693  /* Possibly this should check listable, rather than (or in addition to)
2694  * settable. See ticket 31654.
2695  */
2696  if (! config_var_is_settable(var)) {
2697  /* This variable cannot be set, or cannot be set by this name. */
2698  continue;
2699  }
2700  printf("%s\n", var->member.name);
2701  } SMARTLIST_FOREACH_END(var);
2702  smartlist_free(vars);
2703 }
2704 
2705 /** Print all deprecated but non-obsolete torrc options. */
2706 static void
2708 {
2710  /* Possibly this should check whether the variables are listable,
2711  * but currently it does not. See ticket 31654. */
2712  SMARTLIST_FOREACH(deps, const char *, name,
2713  printf("%s\n", name));
2714  smartlist_free(deps);
2715 }
2716 
2717 /** Print all compile-time modules and their enabled/disabled status. */
2718 static void
2720 {
2721  printf("%s: %s\n", "relay", have_module_relay() ? "yes" : "no");
2722  printf("%s: %s\n", "dirauth", have_module_dirauth() ? "yes" : "no");
2723  // We don't list dircache, because it cannot be enabled or disabled
2724  // independently from relay. Listing it here would proliferate
2725  // test variants in test_parseconf.sh to no useful purpose.
2726 }
2727 
2728 /** Prints compile-time and runtime library versions. */
2729 static void
2731 {
2732  printf("Tor version %s. \n", get_version());
2733  printf("Library versions\tCompiled\t\tRuntime\n");
2734  printf("Libevent\t\t%-15s\t\t%s\n",
2737 #ifdef ENABLE_OPENSSL
2738  printf("OpenSSL \t\t%-15s\t\t%s\n",
2739  crypto_openssl_get_header_version_str(),
2740  crypto_openssl_get_version_str());
2741 #endif
2742 #ifdef ENABLE_NSS
2743  printf("NSS \t\t%-15s\t\t%s\n",
2744  crypto_nss_get_header_version_str(),
2745  crypto_nss_get_version_str());
2746 #endif
2747  if (tor_compress_supports_method(ZLIB_METHOD)) {
2748  printf("Zlib \t\t%-15s\t\t%s\n",
2749  tor_compress_version_str(ZLIB_METHOD),
2750  tor_compress_header_version_str(ZLIB_METHOD));
2751  }
2752  if (tor_compress_supports_method(LZMA_METHOD)) {
2753  printf("Liblzma \t\t%-15s\t\t%s\n",
2754  tor_compress_version_str(LZMA_METHOD),
2755  tor_compress_header_version_str(LZMA_METHOD));
2756  }
2757  if (tor_compress_supports_method(ZSTD_METHOD)) {
2758  printf("Libzstd \t\t%-15s\t\t%s\n",
2759  tor_compress_version_str(ZSTD_METHOD),
2760  tor_compress_header_version_str(ZSTD_METHOD));
2761  }
2762  if (tor_libc_get_name()) {
2763  printf("%-7s \t\t%-15s\t\t%s\n",
2767  }
2768  //TODO: Hex versions?
2769 }
2770 
2771 /** Handles the --no-passphrase command line option. */
2772 static int
2774 {
2775  if (command == CMD_KEYGEN) {
2776  get_options_mutable()->keygen_force_passphrase = FORCE_PASSPHRASE_OFF;
2777  return 0;
2778  } else {
2779  log_err(LD_CONFIG, "--no-passphrase specified without --keygen!");
2780  return -1;
2781  }
2782 }
2783 
2784 /** Handles the --format command line option. */
2785 static int
2787 {
2788  if (command == CMD_KEY_EXPIRATION) {
2789  // keep the same order as enum key_expiration_format
2790  const char *formats[] = { "iso8601", "timestamp" };
2791  int format = -1;
2792  for (unsigned i = 0; i < ARRAY_LENGTH(formats); i++) {
2793  if (!strcmp(value, formats[i])) {
2794  format = i;
2795  break;
2796  }
2797  }
2798 
2799  if (format < 0) {
2800  log_err(LD_CONFIG, "Invalid --format value %s", escaped(value));
2801  return -1;
2802  } else {
2803  get_options_mutable()->key_expiration_format = format;
2804  }
2805  return 0;
2806  } else {
2807  log_err(LD_CONFIG, "--format specified without --key-expiration!");
2808  return -1;
2809  }
2810 }
2811 
2812 /** Handles the --newpass command line option. */
2813 static int
2815 {
2816  if (command == CMD_KEYGEN) {
2817  get_options_mutable()->change_key_passphrase = 1;
2818  return 0;
2819  } else {
2820  log_err(LD_CONFIG, "--newpass specified without --keygen!");
2821  return -1;
2822  }
2823 }
2824 
2825 /** Handles the --passphrase-fd command line option. */
2826 static int
2828 {
2829  if (get_options()->keygen_force_passphrase == FORCE_PASSPHRASE_OFF) {
2830  log_err(LD_CONFIG, "--no-passphrase specified with --passphrase-fd!");
2831  return -1;
2832  } else if (command != CMD_KEYGEN) {
2833  log_err(LD_CONFIG, "--passphrase-fd specified without --keygen!");
2834  return -1;
2835  } else {
2836  int ok = 1;
2837  long fd = tor_parse_long(value, 10, 0, INT_MAX, &ok, NULL);
2838  if (fd < 0 || ok == 0) {
2839  log_err(LD_CONFIG, "Invalid --passphrase-fd value %s", escaped(value));
2840  return -1;
2841  }
2842  get_options_mutable()->keygen_passphrase_fd = (int)fd;
2843  get_options_mutable()->use_keygen_passphrase_fd = 1;
2844  get_options_mutable()->keygen_force_passphrase = FORCE_PASSPHRASE_ON;
2845  return 0;
2846  }
2847 }
2848 
2849 /** Handles the --master-key command line option. */
2850 static int
2852 {
2853  if (command != CMD_KEYGEN) {
2854  log_err(LD_CONFIG, "--master-key without --keygen!");
2855  return -1;
2856  } else {
2857  get_options_mutable()->master_key_fname = tor_strdup(value);
2858  return 0;
2859  }
2860 }
2861 
2862 /* Return true if <b>options</b> is using the default authorities, and false
2863  * if any authority-related option has been overridden. */
2864 int
2865 using_default_dir_authorities(const or_options_t *options)
2866 {
2867  return (!options->DirAuthorities && !options->AlternateDirAuthority);
2868 }
2869 
2870 /** Return a new empty or_options_t. Used for testing. */
2871 or_options_t *
2873 {
2874  or_options_t *options = config_new(get_options_mgr());
2875  options->command = CMD_RUN_TOR;
2876  return options;
2877 }
2878 
2879 /** Set <b>options</b> to hold reasonable defaults for most options.
2880  * Each option defaults to zero. */
2881 void
2883 {
2884  config_init(get_options_mgr(), options);
2886  char *msg=NULL;
2887  if (config_assign(get_options_mgr(), options, dflts,
2888  CAL_WARN_DEPRECATIONS, &msg)<0) {
2889  log_err(LD_BUG, "Unable to set default options: %s", msg);
2890  tor_free(msg);
2891  tor_assert_unreached();
2892  }
2893  config_free_lines(dflts);
2894  tor_free(msg);
2895 }
2896 
2897 /** Return a string containing a possible configuration file that would give
2898  * the configuration in <b>options</b>. If <b>minimal</b> is true, do not
2899  * include options that are the same as Tor's defaults.
2900  */
2901 char *
2902 options_dump(const or_options_t *options, int how_to_dump)
2903 {
2904  const or_options_t *use_defaults;
2905  int minimal;
2906  switch (how_to_dump) {
2907  case OPTIONS_DUMP_MINIMAL:
2908  use_defaults = global_default_options;
2909  minimal = 1;
2910  break;
2911  case OPTIONS_DUMP_ALL:
2912  use_defaults = NULL;
2913  minimal = 0;
2914  break;
2915  default:
2916  log_warn(LD_BUG, "Bogus value for how_to_dump==%d", how_to_dump);
2917  return NULL;
2918  }
2919 
2920  return config_dump(get_options_mgr(), use_defaults, options, minimal, 0);
2921 }
2922 
2923 /** Return 0 if every element of sl is a string holding a decimal
2924  * representation of a port number, or if sl is NULL.
2925  * Otherwise set *msg and return -1. */
2926 static int
2927 validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
2928 {
2929  int i;
2930  tor_assert(name);
2931 
2932  if (!sl)
2933  return 0;
2934 
2935  SMARTLIST_FOREACH(sl, const char *, cp,
2936  {
2937  i = atoi(cp);
2938  if (i < 1 || i > 65535) {
2939  tor_asprintf(msg, "Port '%s' out of range in %s", cp, name);
2940  return -1;
2941  }
2942  });
2943  return 0;
2944 }
2945 
2946 /** If <b>value</b> exceeds ROUTER_MAX_DECLARED_BANDWIDTH, write
2947  * a complaint into *<b>msg</b> using string <b>desc</b>, and return -1.
2948  * Else return 0.
2949  */
2950 int
2951 config_ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
2952 {
2953  if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2954  /* This handles an understandable special case where somebody says "2gb"
2955  * whereas our actual maximum is 2gb-1 (INT_MAX) */
2956  --*value;
2957  }
2958  if (*value > ROUTER_MAX_DECLARED_BANDWIDTH) {
2959  tor_asprintf(msg, "%s (%"PRIu64") must be at most %d",
2960  desc, (*value),
2961  ROUTER_MAX_DECLARED_BANDWIDTH);
2962  return -1;
2963  }
2964  return 0;
2965 }
2966 
2967 /** Lowest allowable value for RendPostPeriod; if this is too low, hidden
2968  * services can overload the directory system. */
2969 #define MIN_REND_POST_PERIOD (10*60)
2970 #define MIN_REND_POST_PERIOD_TESTING (5)
2971 
2972 /** Highest allowable value for CircuitsAvailableTimeout.
2973  * If this is too large, client connections will stay open for too long,
2974  * incurring extra padding overhead. */
2975 #define MAX_CIRCS_AVAILABLE_TIME (24*60*60)
2976 
2977 /** Highest allowable value for RendPostPeriod. */
2978 #define MAX_DIR_PERIOD ((7*24*60*60)/2)
2979 
2980 /** Lowest allowable value for MaxCircuitDirtiness; if this is too low, Tor
2981  * will generate too many circuits and potentially overload the network. */
2982 #define MIN_MAX_CIRCUIT_DIRTINESS 10
2983 
2984 /** Highest allowable value for MaxCircuitDirtiness: prevents time_t
2985  * overflows. */
2986 #define MAX_MAX_CIRCUIT_DIRTINESS (30*24*60*60)
2987 
2988 /** Lowest allowable value for CircuitStreamTimeout; if this is too low, Tor
2989  * will generate too many circuits and potentially overload the network. */
2990 #define MIN_CIRCUIT_STREAM_TIMEOUT 10
2991 
2992 /** Lowest recommended value for CircuitBuildTimeout; if it is set too low
2993  * and LearnCircuitBuildTimeout is off, the failure rate for circuit
2994  * construction may be very high. In that case, if it is set below this
2995  * threshold emit a warning.
2996  * */
2997 #define RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT (10)
2998 
2999 /**
3000  * Validate <b>new_options</b>. If it is valid, and it is a reasonable
3001  * replacement for <b>old_options</b>, replace the previous value of the
3002  * global options, and return return SETOPT_OK.
3003  *
3004  * If it is not valid, then free <b>new_options</b>, set *<b>msg_out</b> to a
3005  * newly allocated error message, and return an error code.
3006  */
3007 static setopt_err_t
3009  or_options_t *new_options,
3010  char **msg_out)
3011 {
3012  setopt_err_t rv;
3014 
3016  vs = config_validate(get_options_mgr(), old_options, new_options, msg_out);
3017 
3018  if (vs == VSTAT_TRANSITION_ERR) {
3019  rv = SETOPT_ERR_TRANSITION;
3020  goto err;
3021  } else if (vs < 0) {
3022  rv = SETOPT_ERR_PARSE;
3023  goto err;
3024  }
3026 
3027  if (set_options(new_options, msg_out)) {
3028  rv = SETOPT_ERR_SETTING;
3029  goto err;
3030  }
3031 
3032  rv = SETOPT_OK;
3033  new_options = NULL; /* prevent free */
3034  err:
3036  tor_assert(new_options == NULL || rv != SETOPT_OK);
3037  or_options_free(new_options);
3038  return rv;
3039 }
3040 
3041 #ifdef TOR_UNIT_TESTS
3042 /**
3043  * Return 0 if every setting in <b>options</b> is reasonable, is a
3044  * permissible transition from <b>old_options</b>, and none of the
3045  * testing-only settings differ from <b>default_options</b> unless in
3046  * testing mode. Else return -1. Should have no side effects, except for
3047  * normalizing the contents of <b>options</b>.
3048  *
3049  * On error, tor_strdup an error explanation into *<b>msg</b>.
3050  */
3051 int
3052 options_validate(const or_options_t *old_options, or_options_t *options,
3053  char **msg)
3054 {
3056  vs = config_validate(get_options_mgr(), old_options, options, msg);
3057  return vs < 0 ? -1 : 0;
3058 }
3059 #endif /* defined(TOR_UNIT_TESTS) */
3060 
3061 #define REJECT(arg) \
3062  STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END
3063 #if defined(__GNUC__) && __GNUC__ <= 3
3064 #define COMPLAIN(args...) \
3065  STMT_BEGIN log_warn(LD_CONFIG, args); STMT_END
3066 #else
3067 #define COMPLAIN(args, ...) \
3068  STMT_BEGIN log_warn(LD_CONFIG, args, ##__VA_ARGS__); STMT_END
3069 #endif /* defined(__GNUC__) && __GNUC__ <= 3 */
3070 
3071 /** Log a warning message iff <b>filepath</b> is not absolute.
3072  * Warning message must contain option name <b>option</b> and
3073  * an absolute path that <b>filepath</b> will resolve to.
3074  *
3075  * In case <b>filepath</b> is absolute, do nothing.
3076  *
3077  * Return 1 if there were relative paths; 0 otherwise.
3078  */
3079 static int
3081  const char *filepath)
3082 {
3083  if (filepath && path_is_relative(filepath)) {
3084  char *abs_path = make_path_absolute(filepath);
3085  COMPLAIN("Path for %s (%s) is relative and will resolve to %s."
3086  " Is this what you wanted?", option, filepath, abs_path);
3087  tor_free(abs_path);
3088  return 1;
3089  }
3090  return 0;
3091 }
3092 
3093 /** Scan <b>options</b> for occurrences of relative file/directory
3094  * paths and log a warning whenever one is found.
3095  *
3096  * Return 1 if there were relative paths; 0 otherwise.
3097  */
3098 static int
3100 {
3101  tor_assert(options);
3102  int n = 0;
3103  const config_mgr_t *mgr = get_options_mgr();
3104 
3105  smartlist_t *vars = config_mgr_list_vars(mgr);
3106  SMARTLIST_FOREACH_BEGIN(vars, const config_var_t *, cv) {
3107  config_line_t *line;
3108  if (cv->member.type != CONFIG_TYPE_FILENAME)
3109  continue;
3110  const char *name = cv->member.name;
3111  line = config_get_assigned_option(mgr, options, name, 0);
3112  if (line)
3113  n += warn_if_option_path_is_relative(name, line->value);
3114  config_free_lines(line);
3115  } SMARTLIST_FOREACH_END(cv);
3116  smartlist_free(vars);
3117 
3118  for (config_line_t *hs_line = options->RendConfigLines; hs_line;
3119  hs_line = hs_line->next) {
3120  if (!strcasecmp(hs_line->key, "HiddenServiceDir"))
3121  n += warn_if_option_path_is_relative("HiddenServiceDir",hs_line->value);
3122  }
3123  return n != 0;
3124 }
3125 
3126 /* Validate options related to the scheduler. From the Schedulers list, the
3127  * SchedulerTypes_ list is created with int values so once we select the
3128  * scheduler, which can happen anytime at runtime, we don't have to parse
3129  * strings and thus be quick.
3130  *
3131  * Return 0 on success else -1 and msg is set with an error message. */
3132 static int
3133 options_validate_scheduler(or_options_t *options, char **msg)
3134 {
3135  tor_assert(options);
3136  tor_assert(msg);
3137 
3138  if (!options->Schedulers || smartlist_len(options->Schedulers) == 0) {
3139  REJECT("Empty Schedulers list. Either remove the option so the defaults "
3140  "can be used or set at least one value.");
3141  }
3142  /* Ok, we do have scheduler types, validate them. */
3143  if (options->SchedulerTypes_) {
3144  SMARTLIST_FOREACH(options->SchedulerTypes_, int *, iptr, tor_free(iptr));
3145  smartlist_free(options->SchedulerTypes_);
3146  }
3147  options->SchedulerTypes_ = smartlist_new();
3148  SMARTLIST_FOREACH_BEGIN(options->Schedulers, const char *, type) {
3149  int *sched_type;
3150  if (!strcasecmp("KISTLite", type)) {
3151  sched_type = tor_malloc_zero(sizeof(int));
3152  *sched_type = SCHEDULER_KIST_LITE;
3153  smartlist_add(options->SchedulerTypes_, sched_type);
3154  } else if (!strcasecmp("KIST", type)) {
3155  sched_type = tor_malloc_zero(sizeof(int));
3156  *sched_type = SCHEDULER_KIST;
3157  smartlist_add(options->SchedulerTypes_, sched_type);
3158  } else if (!strcasecmp("Vanilla", type)) {
3159  sched_type = tor_malloc_zero(sizeof(int));
3160  *sched_type = SCHEDULER_VANILLA;
3161  smartlist_add(options->SchedulerTypes_, sched_type);
3162  } else {
3163  tor_asprintf(msg, "Unknown type %s in option Schedulers. "
3164  "Possible values are KIST, KISTLite and Vanilla.",
3165  escaped(type));
3166  return -1;
3167  }
3168  } SMARTLIST_FOREACH_END(type);
3169 
3170  if (options->KISTSockBufSizeFactor < 0) {
3171  REJECT("KISTSockBufSizeFactor must be at least 0");
3172  }
3173 
3174  /* Don't need to validate that the Interval is less than anything because
3175  * zero is valid and all negative values are valid. */
3176  if (options->KISTSchedRunInterval > KIST_SCHED_RUN_INTERVAL_MAX) {
3177  tor_asprintf(msg, "KISTSchedRunInterval must not be more than %d (ms)",
3178  KIST_SCHED_RUN_INTERVAL_MAX);
3179  return -1;
3180  }
3181 
3182  return 0;
3183 }
3184 
3185 /* Validate options related to single onion services.
3186  * Modifies some options that are incompatible with single onion services.
3187  * On failure returns -1, and sets *msg to an error string.
3188  * Returns 0 on success. */
3189 STATIC int
3190 options_validate_single_onion(or_options_t *options, char **msg)
3191 {
3192  /* The two single onion service options must have matching values. */
3193  if (options->HiddenServiceSingleHopMode &&
3194  !options->HiddenServiceNonAnonymousMode) {
3195  REJECT("HiddenServiceSingleHopMode does not provide any server anonymity. "
3196  "It must be used with HiddenServiceNonAnonymousMode set to 1.");
3197  }
3198  if (options->HiddenServiceNonAnonymousMode &&
3199  !options->HiddenServiceSingleHopMode) {
3200  REJECT("HiddenServiceNonAnonymousMode does not provide any server "
3201  "anonymity. It must be used with HiddenServiceSingleHopMode set to "
3202  "1.");
3203  }
3204 
3205  /* Now that we've checked that the two options are consistent, we can safely
3206  * call the hs_service_* functions that abstract these options. */
3207 
3208  /* If you run an anonymous client with an active Single Onion service, the
3209  * client loses anonymity. */
3210  const int client_port_set = (options->SocksPort_set ||
3211  options->TransPort_set ||
3212  options->NATDPort_set ||
3213  options->DNSPort_set ||
3214  options->HTTPTunnelPort_set);
3215  if (hs_service_non_anonymous_mode_enabled(options) && client_port_set) {
3216  REJECT("HiddenServiceNonAnonymousMode is incompatible with using Tor as "
3217  "an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
3218  "revert HiddenServiceNonAnonymousMode to 0.");
3219  }
3220 
3221  if (hs_service_allow_non_anonymous_connection(options)
3222  && options->UseEntryGuards) {
3223  /* Single Onion services only use entry guards when uploading descriptors;
3224  * all other connections are one-hop. Further, Single Onions causes the
3225  * hidden service code to do things which break the path bias
3226  * detector, and it's far easier to turn off entry guards (and
3227  * thus the path bias detector with it) than to figure out how to
3228  * make path bias compatible with single onions.
3229  */
3230  log_notice(LD_CONFIG,
3231  "HiddenServiceSingleHopMode is enabled; disabling "
3232  "UseEntryGuards.");
3233  options->UseEntryGuards = 0;
3234  }
3235 
3236  return 0;
3237 }
3238 
3239 /**
3240  * Legacy validation/normalization callback for or_options_t. See
3241  * legacy_validate_fn_t for more information.
3242  */
3243 static int
3244 options_validate_cb(const void *old_options_, void *options_, char **msg)
3245 {
3246  if (old_options_)
3247  CHECK_OPTIONS_MAGIC(old_options_);
3248  CHECK_OPTIONS_MAGIC(options_);
3249  const or_options_t *old_options = old_options_;
3250  or_options_t *options = options_;
3251 
3252  config_line_t *cl;
3253  int n_ports=0;
3254  int world_writable_control_socket=0;
3255 
3256  tor_assert(msg);
3257  *msg = NULL;
3258 
3259  if (parse_ports(options, 1, msg, &n_ports,
3260  &world_writable_control_socket) < 0)
3261  return -1;
3262 
3263 #ifndef HAVE_SYS_UN_H
3264  if (options->ControlSocket || options->ControlSocketsGroupWritable) {
3265  *msg = tor_strdup("Unix domain sockets (ControlSocket) not supported "
3266  "on this OS/with this build.");
3267  return -1;
3268  }
3269 #else /* defined(HAVE_SYS_UN_H) */
3270  if (options->ControlSocketsGroupWritable && !options->ControlSocket) {
3271  *msg = tor_strdup("Setting ControlSocketsGroupWritable without setting "
3272  "a ControlSocket makes no sense.");
3273  return -1;
3274  }
3275 #endif /* !defined(HAVE_SYS_UN_H) */
3276 
3277  /* Set UseEntryGuards from the configured value, before we check it below.
3278  * We change UseEntryGuards when it's incompatible with other options,
3279  * but leave UseEntryGuards_option with the original value.
3280  * Always use the value of UseEntryGuards, not UseEntryGuards_option. */
3281  options->UseEntryGuards = options->UseEntryGuards_option;
3282 
3283  if (options_validate_relay_os(old_options, options, msg) < 0)
3284  return -1;
3285 
3286  /* 31851: OutboundBindAddressExit is unused in client mode */
3287  if (parse_outbound_addresses(options, 1, msg) < 0)
3288  return -1;
3289 
3290  if (validate_data_directories(options)<0)
3291  REJECT("Invalid DataDirectory");
3292 
3293  /* need to check for relative paths after we populate
3294  * options->DataDirectory (just above). */
3295  if (warn_about_relative_paths(options) && options->RunAsDaemon) {
3296  REJECT("You have specified at least one relative path (see above) "
3297  "with the RunAsDaemon option. RunAsDaemon is not compatible "
3298  "with relative paths.");
3299  }
3300 
3301  if (options_validate_relay_info(old_options, options, msg) < 0)
3302  return -1;
3303 
3304  /* 31851: this function is currently a no-op in client mode */
3306 
3307  /* Validate the tor_log(s) */
3308  if (options_init_logs(old_options, options, 1)<0)
3309  REJECT("Failed to validate Log options. See logs for details.");
3310 
3311  /* XXXX require that the only port not be DirPort? */
3312  /* XXXX require that at least one port be listened-upon. */
3313  if (n_ports == 0 && !options->RendConfigLines)
3314  log_warn(LD_CONFIG,
3315  "SocksPort, TransPort, NATDPort, DNSPort, and ORPort are all "
3316  "undefined, and there aren't any hidden services configured. "
3317  "Tor will still run, but probably won't do anything.");
3318 
3319  options->TransProxyType_parsed = TPT_DEFAULT;
3320 #ifdef USE_TRANSPARENT
3321  if (options->TransProxyType) {
3322  if (!strcasecmp(options->TransProxyType, "default")) {
3323  options->TransProxyType_parsed = TPT_DEFAULT;
3324  } else if (!strcasecmp(options->TransProxyType, "pf-divert")) {
3325 #if !defined(OpenBSD) && !defined(DARWIN)
3326  /* Later versions of OS X have pf */
3327  REJECT("pf-divert is a OpenBSD-specific "
3328  "and OS X/Darwin-specific feature.");
3329 #else
3330  options->TransProxyType_parsed = TPT_PF_DIVERT;
3331 #endif /* !defined(OpenBSD) && !defined(DARWIN) */
3332  } else if (!strcasecmp(options->TransProxyType, "tproxy")) {
3333 #if !defined(__linux__)
3334  REJECT("TPROXY is a Linux-specific feature.");
3335 #else
3336  options->TransProxyType_parsed = TPT_TPROXY;
3337 #endif
3338  } else if (!strcasecmp(options->TransProxyType, "ipfw")) {
3339 #ifndef KERNEL_MAY_SUPPORT_IPFW
3340  /* Earlier versions of OS X have ipfw */
3341  REJECT("ipfw is a FreeBSD-specific "
3342  "and OS X/Darwin-specific feature.");
3343 #else
3344  options->TransProxyType_parsed = TPT_IPFW;
3345 #endif /* !defined(KERNEL_MAY_SUPPORT_IPFW) */
3346  } else {
3347  REJECT("Unrecognized value for TransProxyType");
3348  }
3349 
3350  if (strcasecmp(options->TransProxyType, "default") &&
3351  !options->TransPort_set) {
3352  REJECT("Cannot use TransProxyType without any valid TransPort.");
3353  }
3354  }
3355 #else /* !defined(USE_TRANSPARENT) */
3356  if (options->TransPort_set)
3357  REJECT("TransPort is disabled in this build.");
3358 #endif /* defined(USE_TRANSPARENT) */
3359 
3360  if (options->TokenBucketRefillInterval <= 0
3361  || options->TokenBucketRefillInterval > 1000) {
3362  REJECT("TokenBucketRefillInterval must be between 1 and 1000 inclusive.");
3363  }
3364 
3365  if (options->AssumeReachable && options->AssumeReachableIPv6 == 0) {
3366  REJECT("Cannot set AssumeReachable 1 and AssumeReachableIPv6 0.");
3367  }
3368 
3369  if (options->ExcludeExitNodes || options->ExcludeNodes) {
3373  }
3374 
3375  if (options->NodeFamilies) {
3376  options->NodeFamilySets = smartlist_new();
3377  for (cl = options->NodeFamilies; cl; cl = cl->next) {
3378  routerset_t *rs = routerset_new();
3379  if (routerset_parse(rs, cl->value, cl->key) == 0) {
3380  smartlist_add(options->NodeFamilySets, rs);
3381  } else {
3382  routerset_free(rs);
3383  }
3384  }
3385  }
3386 
3387  if (options->ExcludeNodes && options->StrictNodes) {
3388  COMPLAIN("You have asked to exclude certain relays from all positions "
3389  "in your circuits. Expect hidden services and other Tor "
3390  "features to be broken in unpredictable ways.");
3391  }
3392 
3393  if (options_validate_dirauth_mode(old_options, options, msg) < 0)
3394  return -1;
3395 
3396  if (options->FetchDirInfoExtraEarly && !options->FetchDirInfoEarly)
3397  REJECT("FetchDirInfoExtraEarly requires that you also set "
3398  "FetchDirInfoEarly");
3399 
3400  if (options->ConnLimit <= 0) {
3401  tor_asprintf(msg,
3402  "ConnLimit must be greater than 0, but was set to %d",
3403  options->ConnLimit);
3404  return -1;
3405  }
3406 
3407  if (options->PathsNeededToBuildCircuits >= 0.0) {
3408  if (options->PathsNeededToBuildCircuits < 0.25) {
3409  log_warn(LD_CONFIG, "PathsNeededToBuildCircuits is too low. Increasing "
3410  "to 0.25");
3411  options->PathsNeededToBuildCircuits = 0.25;
3412  } else if (options->PathsNeededToBuildCircuits > 0.95) {
3413  log_warn(LD_CONFIG, "PathsNeededToBuildCircuits is too high. Decreasing "
3414  "to 0.95");
3415  options->PathsNeededToBuildCircuits = 0.95;
3416  }
3417  }
3418 
3419  if (options->MaxClientCircuitsPending <= 0 ||
3420  options->MaxClientCircuitsPending > MAX_MAX_CLIENT_CIRCUITS_PENDING) {
3421  tor_asprintf(msg,
3422  "MaxClientCircuitsPending must be between 1 and %d, but "
3423  "was set to %d", MAX_MAX_CLIENT_CIRCUITS_PENDING,
3424  options->MaxClientCircuitsPending);
3425  return -1;
3426  }
3427 
3428  if (validate_ports_csv(options->FirewallPorts, "FirewallPorts", msg) < 0)
3429  return -1;
3430 
3431  if (validate_ports_csv(options->LongLivedPorts, "LongLivedPorts", msg) < 0)
3432  return -1;
3433 
3435  "RejectPlaintextPorts", msg) < 0)
3436  return -1;
3437 
3439  "WarnPlaintextPorts", msg) < 0)
3440  return -1;
3441 
3442  if (options->FascistFirewall && !options->ReachableAddresses) {
3443  if (options->FirewallPorts && smartlist_len(options->FirewallPorts)) {
3444  /* We already have firewall ports set, so migrate them to
3445  * ReachableAddresses, which will set ReachableORAddresses and
3446  * ReachableDirAddresses if they aren't set explicitly. */
3447  smartlist_t *instead = smartlist_new();
3448  config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
3449  new_line->key = tor_strdup("ReachableAddresses");
3450  /* If we're configured with the old format, we need to prepend some
3451  * open ports. */
3452  SMARTLIST_FOREACH(options->FirewallPorts, const char *, portno,
3453  {
3454  int p = atoi(portno);
3455  if (p<0) continue;
3456  smartlist_add_asprintf(instead, "*:%d", p);
3457  });
3458  new_line->value = smartlist_join_strings(instead,",",0,NULL);
3459  /* These have been deprecated since 0.1.1.5-alpha-cvs */
3460  log_notice(LD_CONFIG,
3461  "Converting FascistFirewall and FirewallPorts "
3462  "config options to new format: \"ReachableAddresses %s\"",
3463  new_line->value);
3464  options->ReachableAddresses = new_line;
3465  SMARTLIST_FOREACH(instead, char *, cp, tor_free(cp));
3466  smartlist_free(instead);
3467  } else {
3468  /* We do not have FirewallPorts set, so add 80 to
3469  * ReachableDirAddresses, and 443 to ReachableORAddresses. */
3470  if (!options->ReachableDirAddresses) {
3471  config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
3472  new_line->key = tor_strdup("ReachableDirAddresses");
3473  new_line->value = tor_strdup("*:80");
3474  options->ReachableDirAddresses = new_line;
3475  log_notice(LD_CONFIG, "Converting FascistFirewall config option "
3476  "to new format: \"ReachableDirAddresses *:80\"");
3477  }
3478  if (!options->ReachableORAddresses) {
3479  config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
3480  new_line->key = tor_strdup("ReachableORAddresses");
3481  new_line->value = tor_strdup("*:443");
3482  options->ReachableORAddresses = new_line;
3483  log_notice(LD_CONFIG, "Converting FascistFirewall config option "
3484  "to new format: \"ReachableORAddresses *:443\"");
3485  }
3486  }
3487  }
3488 
3489  if ((options->ReachableAddresses ||
3490  options->ReachableORAddresses ||
3491  options->ReachableDirAddresses ||
3492  options->ClientUseIPv4 == 0) &&
3493  server_mode(options))
3494  REJECT("Servers must be able to freely connect to the rest "
3495  "of the Internet, so they must not set Reachable*Addresses "
3496  "or FascistFirewall or FirewallPorts or ClientUseIPv4 0.");
3497 
3498  if (options->UseBridges &&
3499  server_mode(options))
3500  REJECT("Servers must be able to freely connect to the rest "
3501  "of the Internet, so they must not set UseBridges.");
3502 
3503  /* If both of these are set, we'll end up with funny behavior where we
3504  * demand enough entrynodes be up and running else we won't build
3505  * circuits, yet we never actually use them. */
3506  if (options->UseBridges && options->EntryNodes)
3507  REJECT("You cannot set both UseBridges and EntryNodes.");
3508 
3509  /* If we have UseBridges as 1 and UseEntryGuards as 0, we end up bypassing
3510  * the use of bridges */
3511  if (options->UseBridges && !options->UseEntryGuards)
3512  REJECT("Setting UseBridges requires also setting UseEntryGuards.");
3513 
3514  options->MaxMemInQueues =
3515  compute_real_max_mem_in_queues(options->MaxMemInQueues_raw,
3516  server_mode(options));
3517  options->MaxMemInQueues_low_threshold = (options->MaxMemInQueues / 4) * 3;
3518 
3519  if (!options->SafeLogging ||
3520  !strcasecmp(options->SafeLogging, "0")) {
3521  options->SafeLogging_ = SAFELOG_SCRUB_NONE;
3522  } else if (!strcasecmp(options->SafeLogging, "relay")) {
3523  options->SafeLogging_ = SAFELOG_SCRUB_RELAY;
3524  } else if (!strcasecmp(options->SafeLogging, "1")) {
3525  options->SafeLogging_ = SAFELOG_SCRUB_ALL;
3526  } else {
3527  tor_asprintf(msg,
3528  "Unrecognized value '%s' in SafeLogging",
3529  escaped(options->SafeLogging));
3530  return -1;
3531  }
3532 
3533  if (options_validate_publish_server(old_options, options, msg) < 0)
3534  return -1;
3535 
3536  if (options_validate_relay_padding(old_options, options, msg) < 0)
3537  return -1;
3538 
3539  const int min_rendpostperiod =
3540  options->TestingTorNetwork ?
3541  MIN_REND_POST_PERIOD_TESTING : MIN_REND_POST_PERIOD;
3542  if (options->RendPostPeriod < min_rendpostperiod) {
3543  log_warn(LD_CONFIG, "RendPostPeriod option is too short; "
3544  "raising to %d seconds.", min_rendpostperiod);
3545  options->RendPostPeriod = min_rendpostperiod;
3546  }
3547 
3548  if (options->RendPostPeriod > MAX_DIR_PERIOD) {
3549  log_warn(LD_CONFIG, "RendPostPeriod is too large; clipping to %ds.",
3550  MAX_DIR_PERIOD);
3551  options->RendPostPeriod = MAX_DIR_PERIOD;
3552  }
3553 
3554  /* Check the Single Onion Service options */
3555  if (options_validate_single_onion(options, msg) < 0)
3556  return -1;
3557 
3559  // options_t is immutable for new code (the above code is older),
3560  // so just make the user fix the value themselves rather than
3561  // silently keep a shadow value lower than what they asked for.
3562  REJECT("CircuitsAvailableTimeout is too large. Max is 24 hours.");
3563  }
3564 
3565  if (options->EntryNodes && !options->UseEntryGuards) {
3566  REJECT("If EntryNodes is set, UseEntryGuards must be enabled.");
3567  }
3568 
3569  if (!(options->UseEntryGuards) &&
3570  (options->RendConfigLines != NULL) &&
3571  !hs_service_allow_non_anonymous_connection(options)) {
3572  log_warn(LD_CONFIG,
3573  "UseEntryGuards is disabled, but you have configured one or more "
3574  "hidden services on this Tor instance. Your hidden services "
3575  "will be very easy to locate using a well-known attack -- see "
3576  "https://freehaven.net/anonbib/#hs-attack06 for details.");
3577  }
3578 
3579  if (options->NumPrimaryGuards && options->NumEntryGuards &&
3580  options->NumEntryGuards > options->NumPrimaryGuards) {
3581  REJECT("NumEntryGuards must not be greater than NumPrimaryGuards.");
3582  }
3583 
3584  if (options->EntryNodes &&
3585  routerset_is_list(options->EntryNodes) &&
3586  (routerset_len(options->EntryNodes) == 1) &&
3587  (options->RendConfigLines != NULL)) {
3588  tor_asprintf(msg,
3589  "You have one single EntryNodes and at least one hidden service "
3590  "configured. This is bad because it's very easy to locate your "
3591  "entry guard which can then lead to the deanonymization of your "
3592  "hidden service -- for more details, see "
3593  "https://bugs.torproject.org/tpo/core/tor/14917. "
3594  "For this reason, the use of one EntryNodes with an hidden "
3595  "service is prohibited until a better solution is found.");
3596  return -1;
3597  }
3598 
3599  /* Inform the hidden service operator that pinning EntryNodes can possibly
3600  * be harmful for the service anonymity. */
3601  if (options->EntryNodes &&
3602  routerset_is_list(options->EntryNodes) &&
3603  (options->RendConfigLines != NULL)) {
3604  log_warn(LD_CONFIG,
3605  "EntryNodes is set with multiple entries and at least one "
3606  "hidden service is configured. Pinning entry nodes can possibly "
3607  "be harmful to the service anonymity. Because of this, we "
3608  "recommend you either don't do that or make sure you know what "
3609  "you are doing. For more details, please look at "
3610  "https://bugs.torproject.org/tpo/core/tor/21155.");
3611  }
3612 
3613  /* Single Onion Services: non-anonymous hidden services */
3614  if (hs_service_non_anonymous_mode_enabled(options)) {
3615  log_warn(LD_CONFIG,
3616  "HiddenServiceNonAnonymousMode is set. Every hidden service on "
3617  "this tor instance is NON-ANONYMOUS. If "
3618  "the HiddenServiceNonAnonymousMode option is changed, Tor will "
3619  "refuse to launch hidden services from the same directories, to "
3620  "protect your anonymity against config errors. This setting is "
3621  "for experimental use only.");
3622  }
3623 
3624  if (!options->LearnCircuitBuildTimeout && options->CircuitBuildTimeout &&
3626  log_warn(LD_CONFIG,
3627  "CircuitBuildTimeout is shorter (%d seconds) than the recommended "
3628  "minimum (%d seconds), and LearnCircuitBuildTimeout is disabled. "
3629  "If tor isn't working, raise this value or enable "
3630  "LearnCircuitBuildTimeout.",
3631  options->CircuitBuildTimeout,
3633  } else if (!options->LearnCircuitBuildTimeout &&
3634  !options->CircuitBuildTimeout) {
3635  int severity = LOG_NOTICE;
3636  /* Be a little quieter if we've deliberately disabled
3637  * LearnCircuitBuildTimeout. */
3638  if (circuit_build_times_disabled_(options, 1)) {
3639  severity = LOG_INFO;
3640  }
3641  log_fn(severity, LD_CONFIG, "You disabled LearnCircuitBuildTimeout, but "
3642  "didn't specify a CircuitBuildTimeout. I'll pick a plausible "
3643  "default.");
3644  }
3645 
3646  if (options->DormantClientTimeout < 10*60 && !options->TestingTorNetwork) {
3647  REJECT("DormantClientTimeout is too low. It must be at least 10 minutes.");
3648  }
3649 
3650  if (options->PathBiasNoticeRate > 1.0) {
3651  tor_asprintf(msg,
3652  "PathBiasNoticeRate is too high. "
3653  "It must be between 0 and 1.0");
3654  return -1;
3655  }
3656  if (options->PathBiasWarnRate > 1.0) {
3657  tor_asprintf(msg,
3658  "PathBiasWarnRate is too high. "
3659  "It must be between 0 and 1.0");
3660  return -1;
3661  }
3662  if (options->PathBiasExtremeRate > 1.0) {
3663  tor_asprintf(msg,
3664  "PathBiasExtremeRate is too high. "
3665  "It must be between 0 and 1.0");
3666  return -1;
3667  }
3668  if (options->PathBiasNoticeUseRate > 1.0) {
3669  tor_asprintf(msg,
3670  "PathBiasNoticeUseRate is too high. "
3671  "It must be between 0 and 1.0");
3672  return -1;
3673  }
3674  if (options->PathBiasExtremeUseRate > 1.0) {
3675  tor_asprintf(msg,
3676  "PathBiasExtremeUseRate is too high. "
3677  "It must be between 0 and 1.0");
3678  return -1;
3679  }
3680 
3682  log_warn(LD_CONFIG, "MaxCircuitDirtiness option is too short; "
3683  "raising to %d seconds.", MIN_MAX_CIRCUIT_DIRTINESS);
3685  }
3686 
3688  log_warn(LD_CONFIG, "MaxCircuitDirtiness option is too high; "
3689  "setting to %d days.", MAX_MAX_CIRCUIT_DIRTINESS/86400);
3691  }
3692 
3693  if (options->CircuitStreamTimeout &&
3695  log_warn(LD_CONFIG, "CircuitStreamTimeout option is too short; "
3696  "raising to %d seconds.", MIN_CIRCUIT_STREAM_TIMEOUT);
3698  }
3699 
3700  if (options->HeartbeatPeriod &&
3702  !options->TestingTorNetwork) {
3703  log_warn(LD_CONFIG, "HeartbeatPeriod option is too short; "
3704  "raising to %d seconds.", MIN_HEARTBEAT_PERIOD);
3706  }
3707 
3708  if (options->KeepalivePeriod < 1)
3709  REJECT("KeepalivePeriod option must be positive.");
3710 
3712  "BandwidthRate", msg) < 0)
3713  return -1;
3715  "BandwidthBurst", msg) < 0)
3716  return -1;
3717 
3718  if (options_validate_relay_bandwidth(old_options, options, msg) < 0)
3719  return -1;
3720 
3721  if (options->BandwidthRate > options->BandwidthBurst)
3722  REJECT("BandwidthBurst must be at least equal to BandwidthRate.");
3723 
3724  if (options_validate_relay_accounting(old_options, options, msg) < 0)
3725  return -1;
3726 
3727  if (options_validate_relay_mode(old_options, options, msg) < 0)
3728  return -1;
3729 
3730  if (options->HTTPProxy) { /* parse it now */
3731  if (tor_addr_port_lookup(options->HTTPProxy,
3732  &options->HTTPProxyAddr, &options->HTTPProxyPort) < 0)
3733  REJECT("HTTPProxy failed to parse or resolve. Please fix.");
3734  if (options->HTTPProxyPort == 0) { /* give it a default */
3735  options->HTTPProxyPort = 80;
3736  }
3737  }
3738 
3739  if (options->HTTPProxyAuthenticator) {
3740  if (strlen(options->HTTPProxyAuthenticator) >= 512)
3741  REJECT("HTTPProxyAuthenticator is too long (>= 512 chars).");
3742  }
3743 
3744  if (options->HTTPSProxy) { /* parse it now */
3745  if (tor_addr_port_lookup(options->HTTPSProxy,
3746  &options->HTTPSProxyAddr, &options->HTTPSProxyPort) <0)
3747  REJECT("HTTPSProxy failed to parse or resolve. Please fix.");
3748  if (options->HTTPSProxyPort == 0) { /* give it a default */
3749  options->HTTPSProxyPort = 443;
3750  }
3751  }
3752 
3753  if (options->HTTPSProxyAuthenticator) {
3754  if (strlen(options->HTTPSProxyAuthenticator) >= 512)
3755  REJECT("HTTPSProxyAuthenticator is too long (>= 512 chars).");
3756  }
3757 
3758  if (options->Socks4Proxy) { /* parse it now */
3759  if (tor_addr_port_lookup(options->Socks4Proxy,
3760  &options->Socks4ProxyAddr,
3761  &options->Socks4ProxyPort) <0)
3762  REJECT("Socks4Proxy failed to parse or resolve. Please fix.");
3763  if (options->Socks4ProxyPort == 0) { /* give it a default */
3764  options->Socks4ProxyPort = 1080;
3765  }
3766  }
3767 
3768  if (options->Socks5Proxy) { /* parse it now */
3769  if (tor_addr_port_lookup(options->Socks5Proxy,
3770  &options->Socks5ProxyAddr,
3771  &options->Socks5ProxyPort) <0)
3772  REJECT("Socks5Proxy failed to parse or resolve. Please fix.");
3773  if (options->Socks5ProxyPort == 0) { /* give it a default */
3774  options->Socks5ProxyPort = 1080;
3775  }
3776  }
3777 
3778  if (options->TCPProxy) {
3779  int res = parse_tcp_proxy_line(options->TCPProxy, options, msg);
3780  if (res < 0) {
3781  return res;
3782  }
3783  }
3784 
3785  /* Check if more than one exclusive proxy type has been enabled. */
3786  if (!!options->Socks4Proxy + !!options->Socks5Proxy +
3787  !!options->HTTPSProxy + !!options->TCPProxy > 1)
3788  REJECT("You have configured more than one proxy type. "
3789  "(Socks4Proxy|Socks5Proxy|HTTPSProxy|TCPProxy)");
3790 
3791  /* Check if the proxies will give surprising behavior. */
3792  if (options->HTTPProxy && !(options->Socks4Proxy ||
3793  options->Socks5Proxy ||
3794  options->HTTPSProxy ||
3795  options->TCPProxy)) {
3796  log_warn(LD_CONFIG, "HTTPProxy configured, but no SOCKS proxy, "
3797  "HTTPS proxy, or any other TCP proxy configured. Watch out: "
3798  "this configuration will proxy unencrypted directory "
3799  "connections only.");
3800  }
3801 
3802  if (options->Socks5ProxyUsername) {
3803  size_t len;
3804 
3805  len = strlen(options->Socks5ProxyUsername);
3806  if (len < 1 || len > MAX_SOCKS5_AUTH_FIELD_SIZE)
3807  REJECT("Socks5ProxyUsername must be between 1 and 255 characters.");
3808 
3809  if (!options->Socks5ProxyPassword)
3810  REJECT("Socks5ProxyPassword must be included with Socks5ProxyUsername.");
3811 
3812  len = strlen(options->Socks5ProxyPassword);
3813  if (len < 1 || len > MAX_SOCKS5_AUTH_FIELD_SIZE)
3814  REJECT("Socks5ProxyPassword must be between 1 and 255 characters.");
3815  } else if (options->Socks5ProxyPassword)
3816  REJECT("Socks5ProxyPassword must be included with Socks5ProxyUsername.");
3817 
3818  if (options->HashedControlPassword) {
3820  if (!sl) {
3821  REJECT("Bad HashedControlPassword: wrong length or bad encoding");
3822  } else {
3823  SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
3824  smartlist_free(sl);
3825  }
3826  }
3827 
3828  if (options->HashedControlSessionPassword) {
3830  options->HashedControlSessionPassword);
3831  if (!sl) {
3832  REJECT("Bad HashedControlSessionPassword: wrong length or bad encoding");
3833  } else {
3834  SMARTLIST_FOREACH(sl, char*, cp, tor_free(cp));
3835  smartlist_free(sl);
3836  }
3837  }
3838 
3839  if (options->OwningControllerProcess) {
3840  const char *validate_pspec_msg = NULL;
3842  &validate_pspec_msg)) {
3843  tor_asprintf(msg, "Bad OwningControllerProcess: %s",
3844  validate_pspec_msg);
3845  return -1;
3846  }
3847  }
3848 
3849  if ((options->ControlPort_set || world_writable_control_socket) &&
3850  !options->HashedControlPassword &&
3851  !options->HashedControlSessionPassword &&
3852  !options->CookieAuthentication) {
3853  log_warn(LD_CONFIG, "Control%s is %s, but no authentication method "
3854  "has been configured. This means that any program on your "
3855  "computer can reconfigure your Tor. That's bad! You should "
3856  "upgrade your Tor controller as soon as possible.",
3857  options->ControlPort_set ? "Port" : "Socket",
3858  options->ControlPort_set ? "open" : "world writable");
3859  }
3860 
3861  if (options->CookieAuthFileGroupReadable && !options->CookieAuthFile) {
3862  log_warn(LD_CONFIG, "CookieAuthFileGroupReadable is set, but will have "
3863  "no effect: you must specify an explicit CookieAuthFile to "
3864  "have it group-readable.");
3865  }
3866 
3867  for (cl = options->NodeFamilies; cl; cl = cl->next) {
3868  routerset_t *rs = routerset_new();
3869  if (routerset_parse(rs, cl->value, cl->key)) {
3870  routerset_free(rs);
3871  return -1;
3872  }
3873  routerset_free(rs);
3874  }
3875 
3876  if (validate_addr_policies(options, msg) < 0)
3877  return -1;
3878 
3879  /* If FallbackDir is set, we don't UseDefaultFallbackDirs */
3880  if (options->UseDefaultFallbackDirs && options->FallbackDir) {
3881  log_info(LD_CONFIG, "You have set UseDefaultFallbackDirs 1 and "
3882  "FallbackDir(s). Ignoring UseDefaultFallbackDirs, and "
3883  "using the FallbackDir(s) you have set.");
3884  }
3885 
3886  if (validate_dir_servers(options, old_options) < 0)
3887  REJECT("Directory authority/fallback line did not parse. See logs "
3888  "for details.");
3889 
3890  if (options->UseBridges && !options->Bridges)
3891  REJECT("If you set UseBridges, you must specify at least one bridge.");
3892 
3893  for (cl = options->Bridges; cl; cl = cl->next) {
3894  bridge_line_t *bridge_line = parse_bridge_line(cl->value);
3895  if (!bridge_line)
3896  REJECT("Bridge line did not parse. See logs for details.");
3897  bridge_line_free(bridge_line);
3898  }
3899 
3900  for (cl = options->ClientTransportPlugin; cl; cl = cl->next) {
3901  if (pt_parse_transport_line(options, cl->value, 1, 0) < 0)
3902  REJECT("Invalid client transport line. See logs for details.");
3903  }
3904 
3905  if (options_validate_server_transport(old_options, options, msg) < 0)
3906  return -1;
3907 
3908  if (options->ConstrainedSockets) {
3909  /* If the user wants to constrain socket buffer use, make sure the desired
3910  * limit is between MIN|MAX_TCPSOCK_BUFFER in k increments. */
3911  if (options->ConstrainedSockSize < MIN_CONSTRAINED_TCP_BUFFER ||
3912  options->ConstrainedSockSize > MAX_CONSTRAINED_TCP_BUFFER ||
3913  options->ConstrainedSockSize % 1024) {
3914  tor_asprintf(msg,
3915  "ConstrainedSockSize is invalid. Must be a value between %d and %d "
3916  "in 1024 byte increments.",
3917  MIN_CONSTRAINED_TCP_BUFFER, MAX_CONSTRAINED_TCP_BUFFER);
3918  return -1;
3919  }
3920  }
3921 
3922  if (options_validate_dirauth_schedule(old_options, options, msg) < 0)
3923  return -1;
3924 
3925  if (hs_config_service_all(options, 1) < 0)
3926  REJECT("Failed to configure rendezvous options. See logs for details.");
3927 
3928  /* Parse client-side authorization for hidden services. */
3929  if (hs_config_client_auth_all(options, 1) < 0)
3930  REJECT("Failed to configure client authorization for hidden services. "
3931  "See logs for details.");
3932 
3934  AF_INET, 1, msg)<0)
3935  return -1;
3937  AF_INET6, 1, msg)<0)
3938  return -1;
3939 
3940  if (options->TestingTorNetwork &&
3941  !(options->DirAuthorities ||
3942  (options->AlternateDirAuthority &&
3943  options->AlternateBridgeAuthority))) {
3944  REJECT("TestingTorNetwork may only be configured in combination with "
3945  "a non-default set of DirAuthority or both of "
3946  "AlternateDirAuthority and AlternateBridgeAuthority configured.");
3947  }
3948 
3949 #define CHECK_DEFAULT(arg) \
3950  STMT_BEGIN \
3951  if (!config_is_same(get_options_mgr(),options, \
3952  dflt_options,#arg)) { \
3953  or_options_free(dflt_options); \
3954  REJECT(#arg " may only be changed in testing Tor " \
3955  "networks!"); \
3956  } \
3957  STMT_END
3958 
3959  /* Check for options that can only be changed from the defaults in testing
3960  networks. */
3961  if (! options->TestingTorNetwork && !options->UsingTestNetworkDefaults_) {
3962  or_options_t *dflt_options = options_new();
3963  options_init(dflt_options);
3964  /* 31851: some of these options are dirauth or relay only */
3965  CHECK_DEFAULT(TestingV3AuthInitialVotingInterval);
3966  CHECK_DEFAULT(TestingV3AuthInitialVoteDelay);
3967  CHECK_DEFAULT(TestingV3AuthInitialDistDelay);
3968  CHECK_DEFAULT(TestingV3AuthVotingStartOffset);
3969  CHECK_DEFAULT(TestingAuthDirTimeToLearnReachability);
3970  CHECK_DEFAULT(TestingServerDownloadInitialDelay);
3971  CHECK_DEFAULT(TestingClientDownloadInitialDelay);
3972  CHECK_DEFAULT(TestingServerConsensusDownloadInitialDelay);
3973  CHECK_DEFAULT(TestingClientConsensusDownloadInitialDelay);
3974  CHECK_DEFAULT(TestingBridgeDownloadInitialDelay);
3975  CHECK_DEFAULT(TestingBridgeBootstrapDownloadInitialDelay);
3976  CHECK_DEFAULT(TestingClientMaxIntervalWithoutRequest);
3977  CHECK_DEFAULT(TestingDirConnectionMaxStall);
3978  CHECK_DEFAULT(TestingAuthKeyLifetime);
3979  CHECK_DEFAULT(TestingLinkCertLifetime);
3980  CHECK_DEFAULT(TestingSigningKeySlop);
3981  CHECK_DEFAULT(TestingAuthKeySlop);
3982  CHECK_DEFAULT(TestingLinkKeySlop);
3983  or_options_free(dflt_options);
3984  }
3985 #undef CHECK_DEFAULT
3986 
3987  if (!options->ClientDNSRejectInternalAddresses &&
3988  !(options->DirAuthorities ||
3989  (options->AlternateDirAuthority && options->AlternateBridgeAuthority)))
3990  REJECT("ClientDNSRejectInternalAddresses used for default network.");
3991 
3992  if (options_validate_relay_testing(old_options, options, msg) < 0)
3993  return -1;
3994  if (options_validate_dirauth_testing(old_options, options, msg) < 0)
3995  return -1;
3996 
3997  if (options->TestingClientMaxIntervalWithoutRequest < 1) {
3998  REJECT("TestingClientMaxIntervalWithoutRequest is way too low.");
3999  } else if (options->TestingClientMaxIntervalWithoutRequest > 3600) {
4000  COMPLAIN("TestingClientMaxIntervalWithoutRequest is insanely high.");
4001  }
4002 
4003  if (options->TestingDirConnectionMaxStall < 5) {
4004  REJECT("TestingDirConnectionMaxStall is way too low.");
4005  } else if (options->TestingDirConnectionMaxStall > 3600) {
4006  COMPLAIN("TestingDirConnectionMaxStall is insanely high.");
4007  }
4008 
4009  if (options->ClientBootstrapConsensusMaxInProgressTries < 1) {
4010  REJECT("ClientBootstrapConsensusMaxInProgressTries must be greater "
4011  "than 0.");
4012  } else if (options->ClientBootstrapConsensusMaxInProgressTries
4013  > 100) {
4014  COMPLAIN("ClientBootstrapConsensusMaxInProgressTries is insanely "
4015  "high.");
4016  }
4017 
4018  if (options->TestingEnableConnBwEvent &&
4019  !options->TestingTorNetwork && !options->UsingTestNetworkDefaults_) {
4020  REJECT("TestingEnableConnBwEvent may only be changed in testing "
4021  "Tor networks!");
4022  }
4023 
4024  if (options->TestingEnableCellStatsEvent &&
4025  !options->TestingTorNetwork && !options->UsingTestNetworkDefaults_) {
4026  REJECT("TestingEnableCellStatsEvent may only be changed in testing "
4027  "Tor networks!");
4028  }
4029 
4030  if (options->TestingTorNetwork) {
4031  log_warn(LD_CONFIG, "TestingTorNetwork is set. This will make your node "
4032  "almost unusable in the public Tor network, and is "
4033  "therefore only advised if you are building a "
4034  "testing Tor network!");
4035  }
4036 
4037  if (options_validate_scheduler(options, msg) < 0) {
4038  return -1;
4039  }
4040 
4041  return 0;
4042 }
4043 
4044 #undef REJECT
4045 #undef COMPLAIN
4046 
4047 /* Given the value that the user has set for MaxMemInQueues, compute the
4048  * actual maximum value. We clip this value if it's too low, and autodetect
4049  * it if it's set to 0. */
4050 STATIC uint64_t
4051 compute_real_max_mem_in_queues(const uint64_t val, bool is_server)
4052 {
4053 #define MIN_SERVER_MB 64
4054 #define MIN_UNWARNED_SERVER_MB 256
4055 #define MIN_UNWARNED_CLIENT_MB 64
4056  uint64_t result;
4057 
4058  if (val == 0) {
4059 #define ONE_GIGABYTE (UINT64_C(1) << 30)
4060 #define ONE_MEGABYTE (UINT64_C(1) << 20)
4061  /* The user didn't pick a memory limit. Choose a very large one
4062  * that is still smaller than the system memory */
4063  static int notice_sent = 0;
4064  size_t ram = 0;
4065  if (get_total_system_memory(&ram) < 0) {
4066  /* We couldn't determine our total system memory! */
4067 #if SIZEOF_VOID_P >= 8
4068  /* 64-bit system. Let's hope for 8 GB. */
4069  result = 8 * ONE_GIGABYTE;
4070 #else
4071  /* (presumably) 32-bit system. Let's hope for 1 GB. */
4072  result = ONE_GIGABYTE;
4073 #endif /* SIZEOF_VOID_P >= 8 */
4074  } else {
4075  /* We detected the amount of memory available. */
4076  uint64_t avail = 0;
4077 
4078 #if SIZEOF_SIZE_T > 4
4079 /* On a 64-bit platform, we consider 8GB "very large". */
4080 #define RAM_IS_VERY_LARGE(x) ((x) >= (8 * ONE_GIGABYTE))
4081 #else
4082 /* On a 32-bit platform, we can't have 8GB of ram. */
4083 #define RAM_IS_VERY_LARGE(x) (0)
4084 #endif /* SIZEOF_SIZE_T > 4 */
4085 
4086  if (RAM_IS_VERY_LARGE(ram)) {
4087  /* If we have 8 GB, or more, RAM available, we set the MaxMemInQueues
4088  * to 0.4 * RAM. The idea behind this value is that the amount of RAM
4089  * is more than enough for a single relay and should allow the relay
4090  * operator to run two relays if they have additional bandwidth
4091  * available.
4092  */
4093  avail = (ram / 5) * 2;
4094  } else {
4095  /* If we have less than 8 GB of RAM available, we use the "old" default
4096  * for MaxMemInQueues of 0.75 * RAM.
4097  */
4098  avail = (ram / 4) * 3;
4099  }
4100 
4101  /* Make sure it's in range from 0.25 GB to 8 GB for 64-bit and 0.25 to 2
4102  * GB for 32-bit. */
4103  if (avail > MAX_DEFAULT_MEMORY_QUEUE_SIZE) {
4104  /* If you want to use more than this much RAM, you need to configure
4105  it yourself */
4107  } else if (avail < ONE_GIGABYTE / 4) {
4108  result = ONE_GIGABYTE / 4;
4109  } else {
4110  result = avail;
4111  }
4112  }
4113  if (is_server && ! notice_sent) {
4114  log_notice(LD_CONFIG, "%sMaxMemInQueues is set to %"PRIu64" MB. "
4115  "You can override this by setting MaxMemInQueues by hand.",
4116  ram ? "Based on detected system memory, " : "",
4117  (result / ONE_MEGABYTE));
4118  notice_sent = 1;
4119  }
4120  return result;
4121  } else if (is_server && val < ONE_MEGABYTE * MIN_SERVER_MB) {
4122  /* We can't configure less than this much on a server. */
4123  log_warn(LD_CONFIG, "MaxMemInQueues must be at least %d MB on servers "
4124  "for now. Ideally, have it as large as you can afford.",
4125  MIN_SERVER_MB);
4126  return MIN_SERVER_MB * ONE_MEGABYTE;
4127  } else if (is_server && val < ONE_MEGABYTE * MIN_UNWARNED_SERVER_MB) {
4128  /* On a server, if it's less than this much, we warn that things
4129  * may go badly. */
4130  log_warn(LD_CONFIG, "MaxMemInQueues is set to a low value; if your "
4131  "relay doesn't work, this may be the reason why.");
4132  return val;
4133  } else if (! is_server && val < ONE_MEGABYTE * MIN_UNWARNED_CLIENT_MB) {
4134  /* On a client, if it's less than this much, we warn that things
4135  * may go badly. */
4136  log_warn(LD_CONFIG, "MaxMemInQueues is set to a low value; if your "
4137  "client doesn't work, this may be the reason why.");
4138  return val;
4139  } else {
4140  /* The value was fine all along */
4141  return val;
4142  }
4143 }
4144 
4145 /** Helper: return true iff s1 and s2 are both NULL, or both non-NULL
4146  * equal strings. */
4147 static int
4148 opt_streq(const char *s1, const char *s2)
4149 {
4150  return 0 == strcmp_opt(s1, s2);
4151 }
4152 
4153 /** Check if any config options have changed but aren't allowed to. */
4154 static int
4156  const void *new_val_,
4157  char **msg)
4158 {
4159  CHECK_OPTIONS_MAGIC(old_);
4160  CHECK_OPTIONS_MAGIC(new_val_);
4161 
4162  const or_options_t *old = old_;
4163  const or_options_t *new_val = new_val_;
4164 
4165  if (BUG(!old))
4166  return 0;
4167 
4168 #define BAD_CHANGE_TO(opt, how) do { \
4169  *msg = tor_strdup("While Tor is running"how", changing " #opt \
4170  " is not allowed"); \
4171  return -1; \
4172  } while (0)
4173 
4174  if (sandbox_is_active()) {
4175 #define SB_NOCHANGE_STR(opt) \
4176  if (! CFG_EQ_STRING(old, new_val, opt)) \
4177  BAD_CHANGE_TO(opt," with Sandbox active")
4178 #define SB_NOCHANGE_LINELIST(opt) \
4179  if (! CFG_EQ_LINELIST(old, new_val, opt)) \
4180  BAD_CHANGE_TO(opt," with Sandbox active")
4181 #define SB_NOCHANGE_INT(opt) \
4182  if (! CFG_EQ_INT(old, new_val, opt)) \
4183  BAD_CHANGE_TO(opt," with Sandbox active")
4184 
4185  SB_NOCHANGE_LINELIST(Address);
4186  SB_NOCHANGE_STR(ServerDNSResolvConfFile);
4187  SB_NOCHANGE_STR(DirPortFrontPage);
4188  SB_NOCHANGE_STR(CookieAuthFile);
4189  SB_NOCHANGE_STR(ExtORPortCookieAuthFile);
4190  SB_NOCHANGE_LINELIST(Logs);
4191  SB_NOCHANGE_INT(ConnLimit);
4192 
4193  if (server_mode(old) != server_mode(new_val)) {
4194  *msg = tor_strdup("Can't start/stop being a server while "
4195  "Sandbox is active");
4196  return -1;
4197  }
4198  }
4199 
4200 #undef SB_NOCHANGE_LINELIST
4201 #undef SB_NOCHANGE_STR
4202 #undef SB_NOCHANGE_INT
4203 #undef BAD_CHANGE_TO
4204 #undef NO_CHANGE_BOOL
4205 #undef NO_CHANGE_INT
4206 #undef NO_CHANGE_STRING
4207  return 0;
4208 }
4209 
4210 #ifdef _WIN32
4211 /** Return the directory on windows where we expect to find our application
4212  * data. */
4213 static char *
4214 get_windows_conf_root(void)
4215 {
4216  static int is_set = 0;
4217  static char path[MAX_PATH*2+1];
4218  TCHAR tpath[MAX_PATH] = {0};
4219 
4220  LPITEMIDLIST idl;
4221  IMalloc *m;
4222  HRESULT result;
4223 
4224  if (is_set)
4225  return path;
4226 
4227  /* Find X:\documents and settings\username\application data\ .
4228  * We would use SHGetSpecialFolder path, but that wasn't added until IE4.
4229  */
4230 #ifdef ENABLE_LOCAL_APPDATA
4231 #define APPDATA_PATH CSIDL_LOCAL_APPDATA
4232 #else
4233 #define APPDATA_PATH CSIDL_APPDATA
4234 #endif
4235  if (!SUCCEEDED(SHGetSpecialFolderLocation(NULL, APPDATA_PATH, &idl))) {
4236  getcwd(path,MAX_PATH);
4237  is_set = 1;
4238  log_warn(LD_CONFIG,
4239  "I couldn't find your application data folder: are you "
4240  "running an ancient version of Windows 95? Defaulting to \"%s\"",
4241  path);
4242  return path;
4243  }
4244  /* Convert the path from an "ID List" (whatever that is!) to a path. */
4245  result = SHGetPathFromIDList(idl, tpath);
4246 #ifdef UNICODE
4247  wcstombs(path,tpath,sizeof(path));
4248  path[sizeof(path)-1] = '\0';
4249 #else
4250  strlcpy(path,tpath,sizeof(path));
4251 #endif /* defined(UNICODE) */
4252 
4253  /* Now we need to free the memory that the path-idl was stored in. In
4254  * typical Windows fashion, we can't just call 'free()' on it. */
4255  SHGetMalloc(&m);
4256  if (m) {
4257  m->lpVtbl->Free(m, idl);
4258  m->lpVtbl->Release(m);
4259  }
4260  if (!SUCCEEDED(result)) {
4261  return NULL;
4262  }
4263  strlcat(path,"\\tor",MAX_PATH);
4264  is_set = 1;
4265  return path;
4266 }
4267 #endif /* defined(_WIN32) */
4268 
4269 /** Return the default location for our torrc file (if <b>defaults_file</b> is
4270  * false), or for the torrc-defaults file (if <b>defaults_file</b> is true). */
4271 static const char *
4272 get_default_conf_file(int defaults_file)
4273 {
4274 #ifdef DISABLE_SYSTEM_TORRC
4275  (void) defaults_file;
4276  return NULL;
4277 #elif defined(_WIN32)
4278  if (defaults_file) {
4279  static char defaults_path[MAX_PATH+1];
4280  tor_snprintf(defaults_path, MAX_PATH, "%s\\torrc-defaults",
4281  get_windows_conf_root());
4282  return defaults_path;
4283  } else {
4284  static char path[MAX_PATH+1];
4285  tor_snprintf(path, MAX_PATH, "%s\\torrc",
4286  get_windows_conf_root());
4287  return path;
4288  }
4289 #else
4290  return defaults_file ? CONFDIR "/torrc-defaults" : CONFDIR "/torrc";
4291 #endif /* defined(DISABLE_SYSTEM_TORRC) || ... */
4292 }
4293 
4294 /** Learn config file name from command line arguments, or use the default.
4295  *
4296  * If <b>defaults_file</b> is true, we're looking for torrc-defaults;
4297  * otherwise, we're looking for the regular torrc_file.
4298  *
4299  * Set *<b>using_default_fname</b> to true if we're using the default
4300  * configuration file name; or false if we've set it from the command line.
4301  *
4302  * Set *<b>ignore_missing_torrc</b> to true if we should ignore the resulting
4303  * filename if it doesn't exist.
4304  */
4305 static char *
4307  int defaults_file,
4308  int *using_default_fname, int *ignore_missing_torrc)
4309 {
4310  char *fname=NULL;
4311  const config_line_t *p_index;
4312  const char *fname_opt = defaults_file ? "--defaults-torrc" : "-f";
4313  const char *fname_long_opt = defaults_file ? "--defaults-torrc" :
4314  "--torrc-file";
4315  const char *ignore_opt = defaults_file ? NULL : "--ignore-missing-torrc";
4316  const char *keygen_opt = "--keygen";
4317 
4318  if (defaults_file)
4319  *ignore_missing_torrc = 1;
4320 
4321  for (p_index = cmd_arg; p_index; p_index = p_index->next) {
4322  // options_init_from_torrc ensures only the short or long name is present
4323  if (!strcmp(p_index->key, fname_opt) ||
4324  !strcmp(p_index->key, fname_long_opt)) {
4325  if (fname) {
4326  log_warn(LD_CONFIG, "Duplicate %s options on command line.",
4327  p_index->key);
4328  tor_free(fname);
4329  }
4330  fname = expand_filename(p_index->value);
4331 
4332  {
4333  char *absfname;
4334  absfname = make_path_absolute(fname);
4335  tor_free(fname);
4336  fname = absfname;
4337  }
4338 
4339  *using_default_fname = 0;
4340  } else if ((ignore_opt && !strcmp(p_index->key, ignore_opt)) ||
4341  (keygen_opt && !strcmp(p_index->key, keygen_opt))) {
4342  *ignore_missing_torrc = 1;
4343  }
4344  }
4345 
4346  if (*using_default_fname) {
4347  /* didn't find one, try CONFDIR */
4348  const char *dflt = get_default_conf_file(defaults_file);
4349  file_status_t st = file_status(dflt);
4350  if (dflt && (st == FN_FILE || st == FN_EMPTY)) {
4351  fname = tor_strdup(dflt);
4352  } else {
4353 #ifndef _WIN32
4354  char *fn = NULL;
4355  if (!defaults_file) {
4356  fn = expand_filename("~/.torrc");
4357  }
4358  if (fn) {
4359  file_status_t hmst = file_status(fn);
4360  if (hmst == FN_FILE || hmst == FN_EMPTY || dflt == NULL) {
4361  fname = fn;
4362  } else {
4363  tor_free(fn);
4364  fname = tor_strdup(dflt);
4365  }
4366  } else {
4367  fname = dflt ? tor_strdup(dflt) : NULL;
4368  }
4369 #else /* defined(_WIN32) */
4370  fname = dflt ? tor_strdup(dflt) : NULL;
4371 #endif /* !defined(_WIN32) */
4372  }
4373  }
4374  return fname;
4375 }
4376 
4377 /** Read the torrc from standard input and return it as a string.
4378  * Upon failure, return NULL.
4379  */
4380 static char *
4382 {
4383  size_t sz_out;
4384 
4385  return read_file_to_str_until_eof(STDIN_FILENO,SIZE_MAX,&sz_out);
4386 }
4387 
4388 /** Load a configuration file from disk, setting torrc_fname or
4389  * torrc_defaults_fname if successful.
4390  *
4391  * If <b>defaults_file</b> is true, load torrc-defaults; otherwise load torrc.
4392  *
4393  * Return the contents of the file on success, and NULL on failure.
4394  */
4395 static char *
4396 load_torrc_from_disk(const config_line_t *cmd_arg, int defaults_file)
4397 {
4398  char *fname=NULL;
4399  char *cf = NULL;
4400  int using_default_torrc = 1;
4401  int ignore_missing_torrc = 0;
4402  char **fname_var = defaults_file ? &torrc_defaults_fname : &torrc_fname;
4403 
4404  if (*fname_var == NULL) {
4405  fname = find_torrc_filename(cmd_arg, defaults_file,
4406  &using_default_torrc, &ignore_missing_torrc);
4407  tor_free(*fname_var);
4408  *fname_var = fname;
4409  } else {
4410  fname = *fname_var;
4411  }
4412  log_debug(LD_CONFIG, "Opening config file \"%s\"", fname?fname:"<NULL>");
4413 
4414  /* Open config file */
4415  file_status_t st = fname ? file_status(fname) : FN_EMPTY;
4416  if (fname == NULL ||
4417  !(st == FN_FILE || st == FN_EMPTY) ||
4418  !(cf = read_file_to_str(fname,0,NULL))) {
4419  if (using_default_torrc == 1 || ignore_missing_torrc) {
4420  if (!defaults_file)
4421  log_notice(LD_CONFIG, "Configuration file \"%s\" not present, "
4422  "using reasonable defaults.", fname);
4423  tor_free(fname); /* sets fname to NULL */
4424  *fname_var = NULL;
4425  cf = tor_strdup("");
4426  } else {
4427  log_warn(LD_CONFIG,
4428  "Unable to open configuration file \"%s\".", fname);
4429  goto err;
4430  }
4431  } else {
4432  log_notice(LD_CONFIG, "Read configuration file \"%s\".", fname);
4433  }
4434 
4435  return cf;
4436  err:
4437  tor_free(fname);
4438  *fname_var = NULL;
4439  return NULL;
4440 }
4441 
4442 /** Read a configuration file into <b>options</b>, finding the configuration
4443  * file location based on the command line. After loading the file
4444  * call options_init_from_string() to load the config.
4445  * Return 0 if success, -1 if failure, and 1 if we succeeded but should exit
4446  * anyway. */
4447 int
4448 options_init_from_torrc(int argc, char **argv)
4449 {
4450  char *cf=NULL, *cf_defaults=NULL;
4451  int retval = -1;
4452  char *errmsg=NULL;
4453  const config_line_t *cmdline_only_options;
4454 
4455  /* Go through command-line variables */
4456  if (global_cmdline == NULL) {
4457  /* Or we could redo the list every time we pass this place.
4458  * It does not really matter */
4459  global_cmdline = config_parse_commandline(argc, argv, 0);
4460  if (global_cmdline == NULL) {
4461  goto err;
4462  }
4463  }
4464  cmdline_only_options = global_cmdline->cmdline_opts;
4465 
4466  if (config_line_find(cmdline_only_options, "-h") ||
4467  config_line_find(cmdline_only_options, "--help")) {
4468  print_usage();
4469  return 1;
4470  }
4471  if (config_line_find(cmdline_only_options, "--list-torrc-options")) {
4472  /* For validating whether we've documented everything. */
4474  return 1;
4475  }
4476  if (config_line_find(cmdline_only_options, "--list-deprecated-options")) {
4477  /* For validating whether what we have deprecated really exists. */
4479  return 1;
4480  }
4481  if (config_line_find(cmdline_only_options, "--dbg-dump-subsystem-list")) {
4483  return 1;
4484  }
4485 
4486  if (config_line_find(cmdline_only_options, "--version")) {
4487  printf("Tor version %s.\n",get_version());
4488  printf("Tor is running on %s with Libevent %s, "
4489  "%s %s, Zlib %s, Liblzma %s, Libzstd %s and %s %s as libc.\n",
4490  get_uname(),
4494  tor_compress_supports_method(ZLIB_METHOD) ?
4495  tor_compress_version_str(ZLIB_METHOD) : "N/A",
4496  tor_compress_supports_method(LZMA_METHOD) ?
4497  tor_compress_version_str(LZMA_METHOD) : "N/A",
4498  tor_compress_supports_method(ZSTD_METHOD) ?
4499  tor_compress_version_str(ZSTD_METHOD) : "N/A",
4500  tor_libc_get_name() ?
4501  tor_libc_get_name() : "Unknown",
4503  printf("Tor compiled with %s version %s\n",
4504  strcmp(COMPILER_VENDOR, "gnu") == 0?
4505  COMPILER:COMPILER_VENDOR, COMPILER_VERSION);
4506 
4507  return 1;
4508  }
4509 
4510  if (config_line_find(cmdline_only_options, "--list-modules")) {
4512  return 1;
4513  }
4514 
4515  if (config_line_find(cmdline_only_options, "--library-versions")) {
4517  return 1;
4518  }
4519 
4521  const char *command_arg = global_cmdline->command_arg;
4522  /* "immediate" has already been handled by this point. */
4524 
4525  if (command == CMD_HASH_PASSWORD) {
4526  cf_defaults = tor_strdup("");
4527  cf = tor_strdup("");
4528  } else {
4529  cf_defaults = load_torrc_from_disk(cmdline_only_options, 1);
4530  const config_line_t *f_line = config_line_find(cmdline_only_options, "-f");
4531  const config_line_t *f_line_long = config_line_find(cmdline_only_options,
4532  "--torrc-file");
4533  if (f_line && f_line_long) {
4534  log_err(LD_CONFIG, "-f and --torrc-file cannot be used together.");
4535  retval = -1;
4536  goto err;
4537  } else if (f_line_long) {
4538  f_line = f_line_long;
4539  }
4540 
4541  const int read_torrc_from_stdin =
4542  (f_line != NULL && strcmp(f_line->value, "-") == 0);
4543 
4544  if (read_torrc_from_stdin) {
4545  cf = load_torrc_from_stdin();
4546  } else {
4547  cf = load_torrc_from_disk(cmdline_only_options, 0);
4548  }
4549 
4550  if (!cf) {
4551  if (config_line_find(cmdline_only_options, "--allow-missing-torrc")) {
4552  cf = tor_strdup("");
4553  } else {
4554  goto err;
4555  }
4556  }
4557  }
4558 
4559  retval = options_init_from_string(cf_defaults, cf, command, command_arg,
4560  &errmsg);
4561  if (retval < 0)
4562  goto err;
4563 
4564  if (config_line_find(cmdline_only_options, "--no-passphrase")) {
4566  retval = -1;
4567  goto err;
4568  }
4569  }
4570 
4571  const config_line_t *format_line = config_line_find(cmdline_only_options,
4572  "--format");
4573  if (format_line) {
4574  if (handle_cmdline_format(command, format_line->value) < 0) {
4575  retval = -1;
4576  goto err;
4577  }
4578  } else {
4579  get_options_mutable()->key_expiration_format =
4580  KEY_EXPIRATION_FORMAT_ISO8601;
4581  }
4582 
4583  if (config_line_find(cmdline_only_options, "--newpass")) {
4584  if (handle_cmdline_newpass(command) < 0) {
4585  retval = -1;
4586  goto err;
4587  }
4588  }
4589 
4590  const config_line_t *fd_line = config_line_find(cmdline_only_options,
4591  "--passphrase-fd");
4592  if (fd_line) {
4593  if (handle_cmdline_passphrase_fd(command, fd_line->value) < 0) {
4594  retval = -1;
4595  goto err;
4596  }
4597  }
4598 
4599  const config_line_t *key_line = config_line_find(cmdline_only_options,
4600  "--master-key");
4601  if (key_line) {
4602  if (handle_cmdline_master_key(command, key_line->value) < 0) {
4603  retval = -1;
4604  goto err;
4605  }
4606  }
4607 
4608  err:
4609  tor_free(cf);
4610  tor_free(cf_defaults);
4611  if (errmsg) {
4612  log_warn(LD_CONFIG,"%s", errmsg);
4613  tor_free(errmsg);
4614  }
4615  return retval < 0 ? -1 : 0;
4616 }
4617 
4618 /** Load the options from the configuration in <b>cf</b>, validate
4619  * them for consistency and take actions based on them.
4620  *
4621  * Return 0 if success, negative on error:
4622  * * -1 for general errors.
4623  * * -2 for failure to parse/validate,
4624  * * -3 for transition not allowed
4625  * * -4 for error while setting the new options
4626  */
4628 options_init_from_string(const char *cf_defaults, const char *cf,
4629  int command, const char *command_arg,
4630  char **msg)
4631 {
4632  bool retry = false;
4633  or_options_t *oldoptions, *newoptions, *newdefaultoptions=NULL;
4634  config_line_t *cl;
4635  int retval;
4636  setopt_err_t err = SETOPT_ERR_MISC;
4637  int cf_has_include = 0;
4638  tor_assert(msg);
4639 
4640  oldoptions = global_options; /* get_options unfortunately asserts if
4641  this is the first time we run*/
4642 
4643  newoptions = options_new();
4644  options_init(newoptions);
4645  newoptions->command = command;
4646  newoptions->command_arg = command_arg ? tor_strdup(command_arg) : NULL;
4647 
4648  smartlist_t *opened_files = smartlist_new();
4649  for (int i = 0; i < 2; ++i) {
4650  const char *body = i==0 ? cf_defaults : cf;
4651  if (!body)
4652  continue;
4653 
4654  /* get config lines, assign them */
4655  retval = config_get_lines_include(body, &cl, 1,
4656  body == cf ? &cf_has_include : NULL,
4657  opened_files);
4658  if (retval < 0) {
4659  err = SETOPT_ERR_PARSE;
4660  goto err;
4661  }
4662  retval = config_assign(get_options_mgr(), newoptions, cl,
4663  CAL_WARN_DEPRECATIONS, msg);
4664  config_free_lines(cl);
4665  if (retval < 0) {
4666  err = SETOPT_ERR_PARSE;
4667  goto err;
4668  }
4669  if (i==0)
4670  newdefaultoptions = config_dup(get_options_mgr(), newoptions);
4671  }
4672 
4673  if (newdefaultoptions == NULL) {
4674  newdefaultoptions = config_dup(get_options_mgr(), global_default_options);
4675  }
4676 
4677  /* Go through command-line variables too */
4678  {
4679  config_line_t *other_opts = NULL;
4680  if (global_cmdline) {
4681  other_opts = global_cmdline->other_opts;
4682  }
4683  retval = config_assign(get_options_mgr(), newoptions,
4684  other_opts,
4685  CAL_WARN_DEPRECATIONS, msg);
4686  }
4687  if (retval < 0) {
4688  err = SETOPT_ERR_PARSE;
4689  goto err;
4690  }
4691 
4692  newoptions->IncludeUsed = cf_has_include;
4693  newoptions->FilesOpenedByIncludes = opened_files;
4694  opened_files = NULL; // prevent double-free.
4695 
4696  /* If this is a testing network configuration, change defaults
4697  * for a list of dependent config options, and try this function again. */
4698  if (newoptions->TestingTorNetwork && ! testing_network_configured) {
4699  // retry with the testing defaults.
4701  retry = true;
4702  goto err;
4703  }
4704 
4705  err = options_validate_and_set(oldoptions, newoptions, msg);
4706  if (err < 0) {
4707  newoptions = NULL; // This was already freed in options_validate_and_set.
4708  goto err;
4709  }
4710 
4711  or_options_free(global_default_options);
4712  global_default_options = newdefaultoptions;
4713 
4714  return SETOPT_OK;
4715 
4716  err:
4718  if (opened_files) {
4719  SMARTLIST_FOREACH(opened_files, char *, f, tor_free(f));
4720  smartlist_free(opened_files);
4721  }
4722  or_options_free(newdefaultoptions);
4723  or_options_free(newoptions);
4724  if (*msg) {
4725  char *old_msg = *msg;
4726  tor_asprintf(msg, "Failed to parse/validate config: %s", old_msg);
4727  tor_free(old_msg);
4728  }
4729  if (retry)
4730  return options_init_from_string(cf_defaults, cf, command, command_arg,
4731  msg);
4732  return err;
4733 }
4734 
4735 /** Return the location for our configuration file. May return NULL.
4736  */
4737 const char *
4738 get_torrc_fname(int defaults_fname)
4739 {
4740  const char *fname = defaults_fname ? torrc_defaults_fname : torrc_fname;
4741 
4742  if (fname)
4743  return fname;
4744  else
4745  return get_default_conf_file(defaults_fname);
4746 }
4747 
4748 /** Adjust the address map based on the MapAddress elements in the
4749  * configuration <b>options</b>
4750  */
4751 void
4753 {
4754  smartlist_t *elts;
4755  config_line_t *opt;
4756  const char *from, *to, *msg;
4757 
4759  elts = smartlist_new();
4760  for (opt = options->AddressMap; opt; opt = opt->next) {
4761  smartlist_split_string(elts, opt->value, NULL,
4762  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4763  if (smartlist_len(elts) < 2) {
4764  log_warn(LD_CONFIG,"MapAddress '%s' has too few arguments. Ignoring.",
4765  opt->value);
4766  goto cleanup;
4767  }
4768 
4769  from = smartlist_get(elts,0);
4770  to = smartlist_get(elts,1);
4771 
4772  if (to[0] == '.' || from[0] == '.') {
4773  log_warn(LD_CONFIG,"MapAddress '%s' is ambiguous - address starts with a"
4774  "'.'. Ignoring.",opt->value);
4775  goto cleanup;
4776  }
4777 
4778  if (addressmap_register_auto(from, to, 0, ADDRMAPSRC_TORRC, &msg) < 0) {
4779  log_warn(LD_CONFIG,"MapAddress '%s' failed: %s. Ignoring.", opt->value,
4780  msg);
4781  goto cleanup;
4782  }
4783 
4784  if (smartlist_len(elts) > 2)
4785  log_warn(LD_CONFIG,"Ignoring extra arguments to MapAddress.");
4786 
4787  cleanup:
4788  SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
4789  smartlist_clear(elts);
4790  }
4791  smartlist_free(elts);
4792 }
4793 
4794 /** As addressmap_register(), but detect the wildcarded status of "from" and
4795  * "to", and do not steal a reference to <b>to</b>. */
4796 /* XXXX move to connection_edge.c */
4797 int
4798 addressmap_register_auto(const char *from, const char *to,
4799  time_t expires,
4800  addressmap_entry_source_t addrmap_source,
4801  const char **msg)
4802 {
4803  int from_wildcard = 0, to_wildcard = 0;
4804 
4805  *msg = "whoops, forgot the error message";
4806 
4807  if (!strcmp(to, "*") || !strcmp(from, "*")) {
4808  *msg = "can't remap from or to *";
4809  return -1;
4810  }
4811  /* Detect asterisks in expressions of type: '*.example.com' */
4812  if (!strncmp(from,"*.",2)) {
4813  from += 2;
4814  from_wildcard = 1;
4815  }
4816  if (!strncmp(to,"*.",2)) {
4817  to += 2;
4818  to_wildcard = 1;
4819  }
4820 
4821  if (to_wildcard && !from_wildcard) {
4822  *msg = "can only use wildcard (i.e. '*.') if 'from' address "
4823  "uses wildcard also";
4824  return -1;
4825  }
4826 
4827  if (address_is_invalid_destination(to, 1)) {
4828  *msg = "destination is invalid";
4829  return -1;
4830  }
4831 
4832  addressmap_register(from, tor_strdup(to), expires, addrmap_source,
4833  from_wildcard, to_wildcard, 0);
4834 
4835  return 0;
4836 }
4837 
4838 /**
4839  * As add_file_log, but open the file as appropriate.
4840  */
4841 STATIC int
4843  const char *filename, int truncate_log)
4844 {
4845  int open_flags = O_WRONLY|O_CREAT;
4846  open_flags |= truncate_log ? O_TRUNC : O_APPEND;
4847 
4848  int fd = tor_open_cloexec(filename, open_flags, 0640);
4849  if (fd < 0)
4850  return -1;
4851 
4852  return add_file_log(severity, filename, fd);
4853 }
4854 
4855 /**
4856  * Try to set our global log granularity from `options->LogGranularity`,
4857  * adjusting it as needed so that we are an even divisor of a second, or an
4858  * even multiple of seconds. Return 0 on success, -1 on failure.
4859  **/
4860 static int
4862  int validate_only)
4863 {
4864  if (options->LogTimeGranularity <= 0) {
4865  log_warn(LD_CONFIG, "Log time granularity '%d' has to be positive.",
4866  options->LogTimeGranularity);
4867  return -1;
4868  } else if (1000 % options->LogTimeGranularity != 0 &&
4869  options->LogTimeGranularity % 1000 != 0) {
4870  int granularity = options->LogTimeGranularity;
4871  if (granularity < 40) {
4872  do granularity++;
4873  while (1000 % granularity != 0);
4874  } else if (granularity < 1000) {
4875  granularity = 1000 / granularity;
4876  while (1000 % granularity != 0)
4877  granularity--;
4878  granularity = 1000 / granularity;
4879  } else {
4880  granularity = 1000 * ((granularity / 1000) + 1);
4881  }
4882  log_warn(LD_CONFIG, "Log time granularity '%d' has to be either a "
4883  "divisor or a multiple of 1 second. Changing to "
4884  "'%d'.",
4885  options->LogTimeGranularity, granularity);
4886  if (!validate_only)
4887  set_log_time_granularity(granularity);
4888  } else {
4889  if (!validate_only)
4891  }
4892 
4893  return 0;
4894 }
4895 
4896 /**
4897  * Initialize the logs based on the configuration file.
4898  */
4899 STATIC int
4900 options_init_logs(const or_options_t *old_options, const or_options_t *options,
4901  int validate_only)
4902 {
4903  config_line_t *opt;
4904  int ok;
4905  smartlist_t *elts;
4906  int run_as_daemon =
4907 #ifdef _WIN32
4908  0;
4909 #else
4910  options->RunAsDaemon;
4911 #endif
4912 
4913  if (options_init_log_granularity(options, validate_only) < 0)
4914  return -1;
4915 
4916  ok = 1;
4917  elts = smartlist_new();
4918 
4919  if (options->Logs == NULL && !run_as_daemon && !validate_only) {
4920  /* When no logs are given, the default behavior is to log nothing (if
4921  RunAsDaemon is set) or to log based on the quiet level otherwise. */
4923  }
4924 
4925  for (opt = options->Logs; opt; opt = opt->next) {
4926  log_severity_list_t *severity;
4927  const char *cfg = opt->value;
4928  severity = tor_malloc_zero(sizeof(log_severity_list_t));
4929  if (parse_log_severity_config(&cfg, severity) < 0) {
4930  log_warn(LD_CONFIG, "Couldn't parse log levels in Log option 'Log %s'",
4931  opt->value);
4932  ok = 0; goto cleanup;
4933  }
4934 
4935  smartlist_split_string(elts, cfg, NULL,
4936  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
4937 
4938  if (smartlist_len(elts) == 0)
4939  smartlist_add_strdup(elts, "stdout");
4940 
4941  if (smartlist_len(elts) == 1 &&
4942  (!strcasecmp(smartlist_get(elts,0), "stdout") ||
4943  !strcasecmp(smartlist_get(elts,0), "stderr"))) {
4944  int err = smartlist_len(elts) &&
4945  !strcasecmp(smartlist_get(elts,0), "stderr");
4946  if (!validate_only) {
4947  if (run_as_daemon) {
4948  log_warn(LD_CONFIG,
4949  "Can't log to %s with RunAsDaemon set; skipping stdout",
4950  err?"stderr":"stdout");
4951  } else {
4952  add_stream_log(severity, err?"<stderr>":"<stdout>",
4953  fileno(err?stderr:stdout));
4954  }
4955  }
4956  goto cleanup;
4957  }
4958  if (smartlist_len(elts) == 1) {
4959  if (!strcasecmp(smartlist_get(elts,0), "syslog")) {
4960 #ifdef HAVE_SYSLOG_H
4961  if (!validate_only) {
4962  add_syslog_log(severity, options->SyslogIdentityTag);
4963  }
4964 #else
4965  log_warn(LD_CONFIG, "Syslog is not supported on this system. Sorry.");
4966 #endif /* defined(HAVE_SYSLOG_H) */
4967  goto cleanup;
4968  }
4969 
4970  /* We added this workaround in 0.4.5.x; we can remove it in 0.4.6 or
4971  * later */
4972  if (!strcasecmp(smartlist_get(elts, 0), "android")) {
4973 #ifdef HAVE_SYSLOG_H
4974  log_warn(LD_CONFIG, "The android logging API is no longer supported;"
4975  " adding a syslog instead. The 'android' logging "
4976  " type will no longer work in the future.");
4977  if (!validate_only) {
4978  add_syslog_log(severity, options->SyslogIdentityTag);
4979  }
4980 #else /* !defined(HAVE_SYSLOG_H) */
4981  log_warn(LD_CONFIG, "The android logging API is no longer supported.");
4982 #endif /* defined(HAVE_SYSLOG_H) */
4983  goto cleanup;
4984  }
4985  }
4986 
4987  if (smartlist_len(elts) == 2 &&
4988  !strcasecmp(smartlist_get(elts,0), "file")) {
4989  if (!validate_only) {
4990  char *fname = expand_filename(smartlist_get(elts, 1));
4991  /* Truncate if TruncateLogFile is set and we haven't seen this option
4992  line before. */
4993  int truncate_log = 0;
4994  if (options->TruncateLogFile) {
4995  truncate_log = 1;
4996  if (old_options) {
4997  config_line_t *opt2;
4998  for (opt2 = old_options->Logs; opt2; opt2 = opt2->next)
4999  if (!strcmp(opt->value, opt2->value)) {
5000  truncate_log = 0;
5001  break;
5002  }
5003  }
5004  }
5005  if (open_and_add_file_log(severity, fname, truncate_log) < 0) {
5006  log_warn(LD_CONFIG, "Couldn't open file for 'Log %s': %s",
5007  opt->value, strerror(errno));
5008  ok = 0;
5009  }
5010  tor_free(fname);
5011  }
5012  goto cleanup;
5013  }
5014 
5015  log_warn(LD_CONFIG, "Bad syntax on file Log option 'Log %s'",
5016  opt->value);
5017  ok = 0; goto cleanup;
5018 
5019  cleanup:
5020  SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
5021  smartlist_clear(elts);
5022  tor_free(severity);
5023  }
5024  smartlist_free(elts);
5025 
5026  if (ok && !validate_only)
5028 
5029  return ok?0:-1;
5030 }
5031 
5032 /** Given a smartlist of SOCKS arguments to be passed to a transport
5033  * proxy in <b>args</b>, validate them and return -1 if they are
5034  * corrupted. Return 0 if they seem OK. */
5035 static int
5037 {
5038  char *socks_string = NULL;
5039  size_t socks_string_len;
5040 
5041  tor_assert(args);
5042  tor_assert(smartlist_len(args) > 0);
5043 
5044  SMARTLIST_FOREACH_BEGIN(args, const char *, s) {
5045  if (!string_is_key_value(LOG_WARN, s)) { /* items should be k=v items */
5046  log_warn(LD_CONFIG, "'%s' is not a k=v item.", s);
5047  return -1;
5048  }
5049  } SMARTLIST_FOREACH_END(s);
5050 
5051  socks_string = pt_stringify_socks_args(args);
5052  if (!socks_string)
5053  return -1;
5054 
5055  socks_string_len = strlen(socks_string);
5056  tor_free(socks_string);
5057 
5058  if (socks_string_len > MAX_SOCKS5_AUTH_SIZE_TOTAL) {
5059  log_warn(LD_CONFIG, "SOCKS arguments can't be more than %u bytes (%lu).",
5061  (unsigned long) socks_string_len);
5062  return -1;
5063  }
5064 
5065  return 0;
5066 }
5067 
5068 /** Deallocate a bridge_line_t structure. */
5069 /* private */ void
5071 {
5072  if (!bridge_line)
5073  return;
5074 
5075  if (bridge_line->socks_args) {
5076  SMARTLIST_FOREACH(bridge_line->socks_args, char*, s, tor_free(s));
5077  smartlist_free(bridge_line->socks_args);
5078  }
5079  tor_free(bridge_line->transport_name);
5080  tor_free(bridge_line);
5081 }
5082 
5083 /** Parse the contents of a string, <b>line</b>, containing a Bridge line,
5084  * into a bridge_line_t.
5085  *
5086  * Validates that the IP:PORT, fingerprint, and SOCKS arguments (given to the
5087  * Pluggable Transport, if a one was specified) are well-formed.
5088  *
5089  * Returns NULL If the Bridge line could not be validated, and returns a
5090  * bridge_line_t containing the parsed information otherwise.
5091  *
5092  * Bridge line format:
5093  * Bridge [transport] IP:PORT [id-fingerprint] [k=v] [k=v] ...
5094  */
5095 /* private */ bridge_line_t *
5096 parse_bridge_line(const char *line)
5097 {
5098  smartlist_t *items = NULL;
5099  char *addrport=NULL, *fingerprint=NULL;
5100  char *field=NULL;
5101  bridge_line_t *bridge_line = tor_malloc_zero(sizeof(bridge_line_t));
5102 
5103  items = smartlist_new();
5104  smartlist_split_string(items, line, NULL,
5105  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5106  if (smartlist_len(items) < 1) {
5107  log_warn(LD_CONFIG, "Too few arguments to Bridge line.");
5108  goto err;
5109  }
5110 
5111  /* first field is either a transport name or addrport */
5112  field = smartlist_get(items, 0);
5113  smartlist_del_keeporder(items, 0);
5114 
5115  if (string_is_C_identifier(field)) {
5116  /* It's a transport name. */
5117  bridge_line->transport_name = field;
5118  if (smartlist_len(items) < 1) {
5119  log_warn(LD_CONFIG, "Too few items to Bridge line.");
5120  goto err;
5121  }
5122  addrport = smartlist_get(items, 0); /* Next field is addrport then. */
5123  smartlist_del_keeporder(items, 0);
5124  } else {
5125  addrport = field;
5126  }
5127 
5128  if (tor_addr_port_parse(LOG_INFO, addrport,
5129  &bridge_line->addr, &bridge_line->port, 443)<0) {
5130  log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport);
5131  goto err;
5132  }
5133 
5134  /* If transports are enabled, next field could be a fingerprint or a
5135  socks argument. If transports are disabled, next field must be
5136  a fingerprint. */
5137  if (smartlist_len(items)) {
5138  if (bridge_line->transport_name) { /* transports enabled: */
5139  field = smartlist_get(items, 0);
5140  smartlist_del_keeporder(items, 0);
5141 
5142  /* If it's a key=value pair, then it's a SOCKS argument for the
5143  transport proxy... */
5144  if (string_is_key_value(LOG_DEBUG, field)) {
5145  bridge_line->socks_args = smartlist_new();
5146  smartlist_add(bridge_line->socks_args, field);
5147  } else { /* ...otherwise, it's the bridge fingerprint. */
5148  fingerprint = field;
5149  }
5150 
5151  } else { /* transports disabled: */
5152  fingerprint = smartlist_join_strings(items, "", 0, NULL);
5153  }
5154  }
5155 
5156  /* Handle fingerprint, if it was provided. */
5157  if (fingerprint) {
5158  if (strlen(fingerprint) != HEX_DIGEST_LEN) {
5159  log_warn(LD_CONFIG, "Key digest for Bridge is wrong length.");
5160  goto err;
5161  }
5162  if (base16_decode(bridge_line->digest, DIGEST_LEN,
5163  fingerprint, HEX_DIGEST_LEN) != DIGEST_LEN) {
5164  log_warn(LD_CONFIG, "Unable to decode Bridge key digest.");
5165  goto err;
5166  }
5167  }
5168 
5169  /* If we are using transports, any remaining items in the smartlist
5170  should be k=v values. */
5171  if (bridge_line->transport_name && smartlist_len(items)) {
5172  if (!bridge_line->socks_args)
5173  bridge_line->socks_args = smartlist_new();
5174 
5175  /* append remaining items of 'items' to 'socks_args' */
5176  smartlist_add_all(bridge_line->socks_args, items);
5177  smartlist_clear(items);
5178 
5179  tor_assert(smartlist_len(bridge_line->socks_args) > 0);
5180  }
5181 
5182  if (bridge_line->socks_args) {
5183  if (validate_transport_socks_arguments(bridge_line->socks_args) < 0)
5184  goto err;
5185  }
5186 
5187  goto done;
5188 
5189  err:
5190  bridge_line_free(bridge_line);
5191  bridge_line = NULL;
5192 
5193  done:
5194  SMARTLIST_FOREACH(items, char*, s, tor_free(s));
5195  smartlist_free(items);
5196  tor_free(addrport);
5197  tor_free(fingerprint);
5198 
5199  return bridge_line;
5200 }
5201 
5202 /** Parse the contents of a TCPProxy line from <b>line</b> and put it
5203  * in <b>options</b>. Return 0 if the line is well-formed, and -1 if it
5204  * isn't.
5205  *
5206  * This will mutate only options->TCPProxyProtocol, options->TCPProxyAddr,
5207  * and options->TCPProxyPort.
5208  *
5209  * On error, tor_strdup an error explanation into *<b>msg</b>.
5210  */
5211 STATIC int
5212 parse_tcp_proxy_line(const char *line, or_options_t *options, char **msg)
5213 {
5214  int ret = 0;
5215  tor_assert(line);
5216  tor_assert(options);
5217  tor_assert(msg);
5218 
5219  smartlist_t *sl = smartlist_new();
5220  /* Split between the protocol and the address/port. */
5221  smartlist_split_string(sl, line, " ",
5222  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
5223 
5224  /* The address/port is not specified. */
5225  if (smartlist_len(sl) < 2) {
5226  *msg = tor_strdup("TCPProxy has no address/port. Please fix.");
5227  goto err;
5228  }
5229 
5230  char *protocol_string = smartlist_get(sl, 0);
5231  char *addrport_string = smartlist_get(sl, 1);
5232 
5233  /* The only currently supported protocol is 'haproxy'. */
5234  if (strcasecmp(protocol_string, "haproxy")) {
5235  *msg = tor_strdup("TCPProxy protocol is not supported. Currently "
5236  "the only supported protocol is 'haproxy'. "
5237  "Please fix.");
5238  goto err;
5239  } else {
5240  /* Otherwise, set the correct protocol. */
5242  }
5243 
5244  /* Parse the address/port. */
5245  if (tor_addr_port_lookup(addrport_string, &options->TCPProxyAddr,
5246  &options->TCPProxyPort) < 0) {
5247  *msg = tor_strdup("TCPProxy address/port failed to parse or resolve. "
5248  "Please fix.");
5249  goto err;
5250  }
5251 
5252  /* Success. */
5253  ret = 0;
5254  goto end;
5255 
5256  err:
5257  ret = -1;
5258  end:
5259  SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp));
5260  smartlist_free(sl);
5261  return ret;
5262 }
5263 
5264 /** Read the contents of a ClientTransportPlugin or ServerTransportPlugin
5265  * line from <b>line</b>, depending on the value of <b>server</b>. Return 0
5266  * if the line is well-formed, and -1 if it isn't.
5267  *
5268  * If <b>validate_only</b> is 0, the line is well-formed, and the transport is
5269  * needed by some bridge:
5270  * - If it's an external proxy line, add the transport described in the line to
5271  * our internal transport list.
5272  * - If it's a managed proxy line, launch the managed proxy.
5273  */
5274 int
5276  const char *line, int validate_only,
5277  int server)
5278 {
5279 
5280  smartlist_t *items = NULL;
5281  int r;
5282  const char *transports = NULL;
5283  smartlist_t *transport_list = NULL;
5284  char *type = NULL;
5285  char *addrport = NULL;
5286  tor_addr_t addr;
5287  uint16_t port = 0;
5288  int socks_ver = PROXY_NONE;
5289 
5290  /* managed proxy options */
5291  int is_managed = 0;
5292  char **proxy_argv = NULL;
5293  char **tmp = NULL;
5294  int proxy_argc, i;
5295  int is_useless_proxy = 1;
5296 
5297  int line_length;
5298 
5299  /* Split the line into space-separated tokens */
5300  items = smartlist_new();
5301  smartlist_split_string(items, line, NULL,
5302  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5303  line_length = smartlist_len(items);
5304 
5305  if (line_length < 3) {
5306  log_warn(LD_CONFIG,
5307  "Too few arguments on %sTransportPlugin line.",
5308  server ? "Server" : "Client");
5309  goto err;
5310  }
5311 
5312  /* Get the first line element, split it to commas into
5313  transport_list (in case it's multiple transports) and validate
5314  the transport names. */
5315  transports = smartlist_get(items, 0);
5317  smartlist_split_string(transport_list, transports, ",",
5318  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
5319  SMARTLIST_FOREACH_BEGIN(transport_list, const char *, transport_name) {
5320  /* validate transport names */
5321  if (!string_is_C_identifier(transport_name)) {
5322  log_warn(LD_CONFIG, "Transport name is not a C identifier (%s).",
5323  transport_name);
5324  goto err;
5325  }
5326 
5327  /* see if we actually need the transports provided by this proxy */
5328  if (!validate_only && transport_is_needed(transport_name))
5329  is_useless_proxy = 0;
5330  } SMARTLIST_FOREACH_END(transport_name);
5331 
5332  type = smartlist_get(items, 1);
5333  if (!strcmp(type, "exec")) {
5334  is_managed = 1;
5335  } else if (server && !strcmp(type, "proxy")) {
5336  /* 'proxy' syntax only with ServerTransportPlugin */
5337  is_managed = 0;
5338  } else if (!server && !strcmp(type, "socks4")) {
5339  /* 'socks4' syntax only with ClientTransportPlugin */
5340  is_managed = 0;
5341  socks_ver = PROXY_SOCKS4;
5342  } else if (!server && !strcmp(type, "socks5")) {
5343  /* 'socks5' syntax only with ClientTransportPlugin */
5344  is_managed = 0;
5345  socks_ver = PROXY_SOCKS5;
5346  } else {
5347  log_warn(LD_CONFIG,
5348  "Strange %sTransportPlugin type '%s'",
5349  server ? "Server" : "Client", type);
5350  goto err;
5351  }
5352 
5353  if (is_managed && options->Sandbox) {
5354  log_warn(LD_CONFIG,
5355  "Managed proxies are not compatible with Sandbox mode."
5356  "(%sTransportPlugin line was %s)",
5357  server ? "Server" : "Client", escaped(line));
5358  goto err;
5359  }
5360 
5361  if (is_managed && options->NoExec) {
5362  log_warn(LD_CONFIG,
5363  "Managed proxies are not compatible with NoExec mode; ignoring."
5364  "(%sTransportPlugin line was %s)",
5365  server ? "Server" : "Client", escaped(line));
5366  r = 0;
5367  goto done;
5368  }
5369 
5370  if (is_managed) {
5371  /* managed */
5372 
5373  if (!server && !validate_only && is_useless_proxy) {
5374  log_info(LD_GENERAL,
5375  "Pluggable transport proxy (%s) does not provide "
5376  "any needed transports and will not be launched.",
5377  line);
5378  }
5379 
5380  /*
5381  * If we are not just validating, use the rest of the line as the
5382  * argv of the proxy to be launched. Also, make sure that we are
5383  * only launching proxies that contribute useful transports.
5384  */
5385 
5386  if (!validate_only && (server || !is_useless_proxy)) {
5387  proxy_argc = line_length - 2;
5388  tor_assert(proxy_argc > 0);
5389  proxy_argv = tor_calloc((proxy_argc + 1), sizeof(char *));
5390  tmp = proxy_argv;
5391 
5392  for (i = 0; i < proxy_argc; i++) {
5393  /* store arguments */
5394  *tmp++ = smartlist_get(items, 2);
5395  smartlist_del_keeporder(items, 2);
5396  }
5397  *tmp = NULL; /* terminated with NULL, just like execve() likes it */
5398 
5399  /* kickstart the thing */
5400  if (server) {
5401  pt_kickstart_server_proxy(transport_list, proxy_argv);
5402  } else {
5403  pt_kickstart_client_proxy(transport_list, proxy_argv);
5404  }
5405  }
5406  } else {
5407  /* external */
5408 
5409  /* ClientTransportPlugins connecting through a proxy is managed only. */
5410  if (!server && (options->Socks4Proxy || options->Socks5Proxy ||
5411  options->HTTPSProxy || options->TCPProxy)) {
5412  log_warn(LD_CONFIG, "You have configured an external proxy with another "
5413  "proxy type. (Socks4Proxy|Socks5Proxy|HTTPSProxy|"
5414  "TCPProxy)");
5415  goto err;
5416  }
5417 
5418  if (smartlist_len(transport_list) != 1) {
5419  log_warn(LD_CONFIG,
5420  "You can't have an external proxy with more than "
5421  "one transport.");
5422  goto err;
5423  }
5424 
5425  addrport = smartlist_get(items, 2);
5426 
5427  if (tor_addr_port_lookup(addrport, &addr, &port) < 0) {
5428  log_warn(LD_CONFIG,
5429  "Error parsing transport address '%s'", addrport);
5430  goto err;
5431  }
5432 
5433  if (!port) {
5434  log_warn(LD_CONFIG,
5435  "Transport address '%s' has no port.", addrport);
5436  goto err;
5437  }
5438 
5439  if (!validate_only) {
5440  log_info(LD_DIR, "%s '%s' at %s.",
5441  server ? "Server transport" : "Transport",
5442  transports, fmt_addrport(&addr, port));
5443 
5444  if (!server) {
5445  transport_add_from_config(&addr, port,
5446  smartlist_get(transport_list, 0),
5447  socks_ver);
5448  }
5449  }
5450  }
5451 
5452  r = 0;
5453  goto done;
5454 
5455  err:
5456  r = -1;
5457 
5458  done:
5459  SMARTLIST_FOREACH(items, char*, s, tor_free(s));
5460  smartlist_free(items);
5461  if (transport_list) {
5462  SMARTLIST_FOREACH(transport_list, char*, s, tor_free(s));
5463  smartlist_free(transport_list);
5464  }
5465 
5466  return r;
5467 }
5468 
5469 /**
5470  * Parse a flag describing an extra dirport for a directory authority.
5471  *
5472  * Right now, the supported format is exactly:
5473  * `{upload,download,voting}=http://[IP:PORT]/`.
5474  * Other URL schemes, and other suffixes, might be supported in the future.
5475  *
5476  * Only call this function if `flag` starts with one of the above strings.
5477  *
5478  * Return 0 on success, and -1 on failure.
5479  *
5480  * If `ds` is provided, then add any parsed dirport to `ds`. If `ds` is NULL,
5481  * take no action other than parsing.
5482  **/
5483 static int
5484 parse_dirauth_dirport(dir_server_t *ds, const char *flag)
5485 {
5486  tor_assert(flag);
5487 
5488  auth_dirport_usage_t usage;
5489 
5490  if (!strcasecmpstart(flag, "upload=")) {
5491  usage = AUTH_USAGE_UPLOAD;
5492  } else if (!strcasecmpstart(flag, "download=")) {
5493  usage = AUTH_USAGE_DOWNLOAD;
5494  } else if (!strcasecmpstart(flag, "vote=")) {
5495  usage = AUTH_USAGE_VOTING;
5496  } else {
5497  // We shouldn't get called with a flag that we don't recognize.
5499  return -1;
5500  }
5501 
5502  const char *eq = strchr(flag, '=');
5503  tor_assert(eq);
5504  const char *target = eq + 1;
5505 
5506  // Find the part inside the http://{....}/
5507  if (strcmpstart(target, "http://")) {
5508  log_warn(LD_CONFIG, "Unsupported URL scheme in authority flag %s", flag);
5509  return -1;
5510  }
5511  const char *addr = target + strlen("http://");
5512 
5513  const char *eos = strchr(addr, '/');
5514  size_t addr_len;
5515  if (eos && strcmp(eos, "/")) {
5516  log_warn(LD_CONFIG, "Unsupported URL prefix in authority flag %s", flag);
5517  return -1;
5518  } else if (eos) {
5519  addr_len = eos - addr;
5520  } else {
5521  addr_len = strlen(addr);
5522  }
5523 
5524  // Finally, parse the addr:port part.
5525  char *addr_string = tor_strndup(addr, addr_len);
5526  tor_addr_port_t dirport;
5527  memset(&dirport, 0, sizeof(dirport));
5528  int rv = tor_addr_port_parse(LOG_WARN, addr_string,
5529  &dirport.addr, &dirport.port, -1);
5530  if (ds != NULL && rv == 0) {
5531  trusted_dir_server_add_dirport(ds, usage, &dirport);
5532  } else if (rv == -1) {
5533  log_warn(LD_CONFIG, "Unable to parse address in authority flag %s",flag);
5534  }
5535 
5536  tor_free(addr_string);
5537  return rv;
5538 }
5539 
5540 /** Read the contents of a DirAuthority line from <b>line</b>. If
5541  * <b>validate_only</b> is 0, and the line is well-formed, and it
5542  * shares any bits with <b>required_type</b> or <b>required_type</b>
5543  * is NO_DIRINFO (zero), then add the dirserver described in the line
5544  * (minus whatever bits it's missing) as a valid authority.
5545  * Return 0 on success or filtering out by type,
5546  * or -1 if the line isn't well-formed or if we can't add it. */
5547 STATIC int
5548 parse_dir_authority_line(const char *line, dirinfo_type_t required_type,
5549  int validate_only)
5550 {
5551  smartlist_t *items = NULL;
5552  int r;
5553  char *addrport=NULL, *address=NULL, *nickname=NULL, *fingerprint=NULL;
5554  tor_addr_port_t ipv6_addrport, *ipv6_addrport_ptr = NULL;
5555  uint16_t dir_port = 0, or_port = 0;
5556  char digest[DIGEST_LEN];
5557  char v3_digest[DIGEST_LEN];
5558  dirinfo_type_t type = 0;
5559  double weight = 1.0;
5560  smartlist_t *extra_dirports = smartlist_new();
5561 
5562  memset(v3_digest, 0, sizeof(v3_digest));
5563 
5564  items = smartlist_new();
5565  smartlist_split_string(items, line, NULL,
5566  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5567  if (smartlist_len(items) < 1) {
5568  log_warn(LD_CONFIG, "No arguments on DirAuthority line.");
5569  goto err;
5570  }
5571 
5572  if (is_legal_nickname(smartlist_get(items, 0))) {
5573  nickname = smartlist_get(items, 0);
5574  smartlist_del_keeporder(items, 0);
5575  }
5576 
5577  while (smartlist_len(items)) {
5578  char *flag = smartlist_get(items, 0);
5579  if (TOR_ISDIGIT(flag[0]))
5580  break;
5581  if (!strcasecmp(flag, "hs") ||
5582  !strcasecmp(flag, "no-hs")) {
5583  log_warn(LD_CONFIG, "The DirAuthority options 'hs' and 'no-hs' are "
5584  "obsolete; you don't need them any more.");
5585  } else if (!strcasecmp(flag, "bridge")) {
5586  type |= BRIDGE_DIRINFO;
5587  } else if (!strcasecmp(flag, "no-v2")) {
5588  /* obsolete, but may still be contained in DirAuthority lines generated
5589  by various tools */;
5590  } else if (!strcasecmpstart(flag, "orport=")) {
5591  int ok;
5592  char *portstring = flag + strlen("orport=");
5593  or_port = (uint16_t) tor_parse_long(portstring, 10, 1, 65535, &ok, NULL);
5594  if (!ok)
5595  log_warn(LD_CONFIG, "Invalid orport '%s' on DirAuthority line.",
5596  portstring);
5597  } else if (!strcmpstart(flag, "weight=")) {
5598  int ok;
5599  const char *wstring = flag + strlen("weight=");
5600  weight = tor_parse_double(wstring, 0, (double)UINT64_MAX, &ok, NULL);
5601  if (!ok) {
5602  log_warn(LD_CONFIG, "Invalid weight '%s' on DirAuthority line.",flag);
5603  weight=1.0;
5604  }
5605  } else if (!strcasecmpstart(flag, "v3ident=")) {
5606  char *idstr = flag + strlen("v3ident=");
5607  if (strlen(idstr) != HEX_DIGEST_LEN ||
5608  base16_decode(v3_digest, DIGEST_LEN,
5609  idstr, HEX_DIGEST_LEN) != DIGEST_LEN) {
5610  log_warn(LD_CONFIG, "Bad v3 identity digest '%s' on DirAuthority line",
5611  flag);
5612  } else {
5614  }
5615  } else if (!strcasecmpstart(flag, "ipv6=")) {
5616  if (ipv6_addrport_ptr) {
5617  log_warn(LD_CONFIG, "Redundant ipv6 addr/port on DirAuthority line");
5618  } else {
5619  if (tor_addr_port_parse(LOG_WARN, flag+strlen("ipv6="),
5620  &ipv6_addrport.addr, &ipv6_addrport.port,
5621  -1) < 0
5622  || tor_addr_family(&ipv6_addrport.addr) != AF_INET6) {
5623  log_warn(LD_CONFIG, "Bad ipv6 addr/port %s on DirAuthority line",
5624  escaped(flag));
5625  goto err;
5626  }
5627  ipv6_addrport_ptr = &ipv6_addrport;
5628  }
5629  } else if (!strcasecmpstart(flag, "upload=") ||
5630  !strcasecmpstart(flag, "download=") ||
5631  !strcasecmpstart(flag, "vote=")) {
5632  // We'll handle these after creating the authority object.
5633  smartlist_add(extra_dirports, flag);
5634  flag = NULL; // prevent double-free.
5635  } else {
5636  log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirAuthority line",
5637  flag);
5638  }
5639  tor_free(flag);
5640  smartlist_del_keeporder(items, 0);
5641  }
5642 
5643  if (smartlist_len(items) < 2) {
5644  log_warn(LD_CONFIG, "Too few arguments to DirAuthority line.");
5645  goto err;
5646  }
5647  addrport = smartlist_get(items, 0);
5648  smartlist_del_keeporder(items, 0);
5649 
5650  if (tor_addr_port_split(LOG_WARN, addrport, &address, &dir_port) < 0) {
5651  log_warn(LD_CONFIG, "Error parsing DirAuthority address '%s'.", addrport);
5652  goto err;
5653  }
5654 
5655  if (!string_is_valid_ipv4_address(address)) {
5656  log_warn(LD_CONFIG, "Error parsing DirAuthority address '%s' "
5657  "(invalid IPv4 address)", address);
5658  goto err;
5659  }
5660 
5661  if (!dir_port) {
5662  log_warn(LD_CONFIG, "Missing port in DirAuthority address '%s'",addrport);
5663  goto err;
5664  }
5665 
5666  fingerprint = smartlist_join_strings(items, "", 0, NULL);
5667  if (strlen(fingerprint) != HEX_DIGEST_LEN) {
5668  log_warn(LD_CONFIG, "Key digest '%s' for DirAuthority is wrong length %d.",
5669  fingerprint, (int)strlen(fingerprint));
5670  goto err;
5671  }
5672  if (base16_decode(digest, DIGEST_LEN,
5673  fingerprint, HEX_DIGEST_LEN) != DIGEST_LEN) {
5674  log_warn(LD_CONFIG, "Unable to decode DirAuthority key digest.");
5675  goto err;
5676  }
5677 
5678  if (validate_only) {
5679  SMARTLIST_FOREACH_BEGIN(extra_dirports, const char *, cp) {
5680  if (parse_dirauth_dirport(NULL, cp) < 0)
5681  goto err;
5682  } SMARTLIST_FOREACH_END(cp);
5683  }
5684 
5685  if (!validate_only && (!required_type || required_type & type)) {
5686  dir_server_t *ds;
5687  if (required_type)
5688  type &= required_type; /* pare down what we think of them as an
5689  * authority for. */
5690  log_debug(LD_DIR, "Trusted %d dirserver at %s:%d (%s)", (int)type,
5691  address, (int)dir_port, (char*)smartlist_get(items,0));
5692  if (!(ds = trusted_dir_server_new(nickname, address, dir_port, or_port,
5693  ipv6_addrport_ptr,
5694  digest, v3_digest, type, weight)))
5695  goto err;
5696 
5697  SMARTLIST_FOREACH_BEGIN(extra_dirports, const char *, cp) {
5698  if (parse_dirauth_dirport(ds, cp) < 0)
5699  goto err;
5700  } SMARTLIST_FOREACH_END(cp);
5701  dir_server_add(ds);
5702  }
5703 
5704  r = 0;
5705  goto done;
5706 
5707  err:
5708  r = -1;
5709 
5710  done:
5711  SMARTLIST_FOREACH(extra_dirports, char*, s, tor_free(s));
5712  smartlist_free(extra_dirports);
5713  SMARTLIST_FOREACH(items, char*, s, tor_free(s));
5714  smartlist_free(items);
5715  tor_free(addrport);
5716  tor_free(address);
5717  tor_free(nickname);
5718  tor_free(fingerprint);
5719  return r;
5720 }
5721 
5722 /** Read the contents of a FallbackDir line from <b>line</b>. If
5723  * <b>validate_only</b> is 0, and the line is well-formed, then add the
5724  * dirserver described in the line as a fallback directory. Return 0 on
5725  * success, or -1 if the line isn't well-formed or if we can't add it. */
5726 int
5727 parse_dir_fallback_line(const char *line,
5728  int validate_only)
5729 {
5730  int r = -1;
5731  smartlist_t *items = smartlist_new(), *positional = smartlist_new();
5732  int orport = -1;
5733  uint16_t dirport;
5734  tor_addr_t addr;
5735  int ok;
5736  char id[DIGEST_LEN];
5737  char *address=NULL;
5738  tor_addr_port_t ipv6_addrport, *ipv6_addrport_ptr = NULL;
5739  double weight=1.0;
5740 
5741  memset(id, 0, sizeof(id));
5742  smartlist_split_string(items, line, NULL,
5743  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
5744  SMARTLIST_FOREACH_BEGIN(items, const char *, cp) {
5745  const char *eq = strchr(cp, '=');
5746  ok = 1;
5747  if (! eq) {
5748  smartlist_add(positional, (char*)cp);
5749  continue;
5750  }
5751  if (!strcmpstart(cp, "orport=")) {
5752  orport = (int)tor_parse_long(cp+strlen("orport="), 10,
5753  1, 65535, &ok, NULL);
5754  } else if (!strcmpstart(cp, "id=")) {
5755  ok = base16_decode(id, DIGEST_LEN, cp+strlen("id="),
5756  strlen(cp)-strlen("id=")) == DIGEST_LEN;
5757  } else if (!strcasecmpstart(cp, "ipv6=")) {
5758  if (ipv6_addrport_ptr) {
5759  log_warn(LD_CONFIG, "Redundant ipv6 addr/port on FallbackDir line");
5760  } else {
5761  if (tor_addr_port_parse(LOG_WARN, cp+strlen("ipv6="),
5762  &ipv6_addrport.addr, &ipv6_addrport.port,
5763  -1) < 0
5764  || tor_addr_family(&ipv6_addrport.addr) != AF_INET6) {
5765  log_warn(LD_CONFIG, "Bad ipv6 addr/port %s on FallbackDir line",
5766  escaped(cp));
5767  goto end;
5768  }
5769  ipv6_addrport_ptr = &ipv6_addrport;
5770  }
5771  } else if (!strcmpstart(cp, "weight=")) {
5772  int num_ok;
5773  const char *wstring = cp + strlen("weight=");
5774  weight = tor_parse_double(wstring, 0, (double)UINT64_MAX, &num_ok, NULL);
5775  if (!num_ok) {
5776  log_warn(LD_CONFIG, "Invalid weight '%s' on FallbackDir line.", cp);
5777  weight=1.0;
5778  }
5779  }
5780 
5781  if (!ok) {
5782  log_warn(LD_CONFIG, "Bad FallbackDir option %s", escaped(cp));
5783  goto end;
5784  }
5785  } SMARTLIST_FOREACH_END(cp);
5786 
5787  if (smartlist_len(positional) != 1) {
5788  log_warn(LD_CONFIG, "Couldn't parse FallbackDir line %s", escaped(line));
5789  goto end;
5790  }
5791 
5792  if (tor_digest_is_zero(id)) {
5793  log_warn(LD_CONFIG, "Missing identity on FallbackDir line");
5794  goto end;
5795  }
5796 
5797  if (orport <= 0) {
5798  log_warn(LD_CONFIG, "Missing orport on FallbackDir line");
5799  goto end;
5800  }
5801 
5802  if (tor_addr_port_split(LOG_INFO, smartlist_get(positional, 0),
5803  &address, &dirport) < 0 ||
5804  tor_addr_parse(&addr, address)<0) {
5805  log_warn(LD_CONFIG, "Couldn't parse address:port %s on FallbackDir line",
5806  (const char*)smartlist_get(positional, 0));
5807  goto end;
5808  }
5809 
5810  if (!validate_only) {
5811  dir_server_t *ds;
5812  ds = fallback_dir_server_new(&addr, dirport, orport, ipv6_addrport_ptr,
5813  id, weight);
5814  if (!ds) {
5815  log_warn(LD_CONFIG, "Couldn't create FallbackDir %s", escaped(line));
5816  goto end;
5817  }
5818  dir_server_add(ds);
5819  }
5820 
5821  r = 0;
5822 
5823  end:
5824  SMARTLIST_FOREACH(items, char *, cp, tor_free(cp));
5825  smartlist_free(items);
5826  smartlist_free(positional);
5827  tor_free(address);
5828  return r;
5829 }
5830 
5831 /** Allocate and return a new port_cfg_t with reasonable defaults.
5832  *
5833  * <b>namelen</b> is the length of the unix socket name
5834  * (typically the filesystem path), not including the trailing NUL.
5835  * It should be 0 for ports that are not zunix sockets. */
5836 port_cfg_t *
5837 port_cfg_new(size_t namelen)
5838 {
5839  tor_assert(namelen <= SIZE_T_CEILING - sizeof(port_cfg_t) - 1);
5840  port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t) + namelen + 1);
5841 
5842  /* entry_cfg flags */
5843  cfg->entry_cfg.ipv4_traffic = 1;
5844  cfg->entry_cfg.ipv6_traffic = 1;
5845  cfg->entry_cfg.prefer_ipv6 = 0;
5846  cfg->entry_cfg.dns_request = 1;
5847  cfg->entry_cfg.onion_traffic = 1;
5851 
5852  /* Other flags default to 0 due to tor_malloc_zero */
5853  return cfg;
5854 }
5855 
5856 /** Free all storage held in <b>port</b> */
5857 void
5859 {
5860  tor_free(port);
5861 }
5862 
5863 /** Warn for every port in <b>ports</b> of type <b>listener_type</b> that is
5864  * on a publicly routable address. */
5865 static void
5867  const char *portname,
5868  const int listener_type)
5869 {
5870  SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
5871  if (port->type != listener_type)
5872  continue;
5873  if (port->is_unix_addr) {
5874  /* Unix sockets aren't accessible over a network. */
5875  } else if (!tor_addr_is_internal(&port->addr, 1)) {
5876  log_warn(LD_CONFIG, "You specified a public address '%s' for %sPort. "
5877  "Other people on the Internet might find your computer and "
5878  "use it as an open proxy. Please don't allow this unless you "
5879  "have a good reason.",
5880  fmt_addrport(&port->addr, port->port), portname);
5881  } else if (!tor_addr_is_loopback(&port->addr)) {
5882  log_notice(LD_CONFIG, "You configured a non-loopback address '%s' "
5883  "for %sPort. This allows everybody on your local network to "
5884  "use your machine as a proxy. Make sure this is what you "
5885  "wanted.",
5886  fmt_addrport(&port->addr, port->port), portname);
5887  }
5888  } SMARTLIST_FOREACH_END(port);
5889 }
5890 
5891 /** Given a list of port_cfg_t in <b>ports</b>, warn if any controller port
5892  * there is listening on any non-loopback address. If <b>forbid_nonlocal</b>
5893  * is true, then emit a stronger warning and remove the port from the list.
5894  */
5895 static void
5896 warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid_nonlocal)
5897 {
5898  int warned = 0;
5899  SMARTLIST_FOREACH_BEGIN(ports, port_cfg_t *, port) {
5900  if (port->type != CONN_TYPE_CONTROL_LISTENER)
5901  continue;
5902  if (port->is_unix_addr)
5903  continue;
5904  if (!tor_addr_is_loopback(&port->addr)) {
5905  if (forbid_nonlocal) {
5906  if (!warned)
5907  log_warn(LD_CONFIG,
5908  "You have a ControlPort set to accept "
5909  "unauthenticated connections from a non-local address. "
5910  "This means that programs not running on your computer "
5911  "can reconfigure your Tor, without even having to guess a "
5912  "password. That's so bad that I'm closing your ControlPort "
5913  "for you. If you need to control your Tor remotely, try "
5914  "enabling authentication and using a tool like stunnel or "
5915  "ssh to encrypt remote access.");
5916  warned = 1;
5917  port_cfg_free(port);
5918  SMARTLIST_DEL_CURRENT(ports, port);
5919  } else {
5920  log_warn(LD_CONFIG, "You have a ControlPort set to accept "
5921  "connections from a non-local address. This means that "
5922  "programs not running on your computer can reconfigure your "
5923  "Tor. That's pretty bad, since the controller "
5924  "protocol isn't encrypted! Maybe you should just listen on "
5925  "127.0.0.1 and use a tool like stunnel or ssh to encrypt "
5926  "remote connections to your control port.");
5927  return; /* No point in checking the rest */
5928  }
5929  }
5930  } SMARTLIST_FOREACH_END(port);
5931 }
5932 
5933 /**
5934  * Take a string (<b>line</b>) that begins with either an address:port, a
5935  * port, or an AF_UNIX address, optionally quoted, prefixed with
5936  * "unix:". Parse that line, and on success, set <b>addrport_out</b> to a new
5937  * string containing the beginning portion (without prefix). Iff there was a
5938  * unix: prefix, set <b>is_unix_out</b> to true. On success, also set
5939  * <b>rest_out</b> to point to the part of the line after the address portion.
5940  *
5941  * Return 0 on success, -1 on failure.
5942  */
5943 int
5945  char **addrport_out,
5946  int *is_unix_out,
5947  const char **rest_out)
5948 {
5949  tor_assert(line);
5950  tor_assert(addrport_out);
5951  tor_assert(is_unix_out);
5952  tor_assert(rest_out);
5953 
5954  line = eat_whitespace(line);
5955 
5956  if (!strcmpstart(line, unix_q_socket_prefix)) {
5957  // It starts with unix:"
5958  size_t sz;
5959  *is_unix_out = 1;
5960  *addrport_out = NULL;
5961  line += strlen(unix_socket_prefix); /* No 'unix:', but keep the quote */
5962  *rest_out = unescape_string(line, addrport_out, &sz);
5963  if (!*rest_out || (*addrport_out && sz != strlen(*addrport_out))) {
5964  tor_free(*addrport_out);
5965  return -1;
5966  }
5967  *rest_out = eat_whitespace(*rest_out);
5968  return 0;
5969  } else {
5970  // Is there a unix: prefix?
5971  if (!strcmpstart(line, unix_socket_prefix)) {
5972  line += strlen(unix_socket_prefix);
5973  *is_unix_out = 1;
5974  } else {
5975  *is_unix_out = 0;
5976  }
5977 
5978  const char *end = find_whitespace(line);
5979  if (BUG(!end)) {
5980  end = strchr(line, '\0'); // LCOV_EXCL_LINE -- this can't be NULL
5981  }
5982  tor_assert(end && end >= line);
5983  *addrport_out = tor_strndup(line, end - line);
5984  *rest_out = eat_whitespace(end);
5985  return 0;
5986  }
5987 }
5988 
5989 static void
5990 warn_client_dns_cache(const char *option, int disabling)
5991 {
5992  if (disabling)
5993  return;
5994 
5995  warn_deprecated_option(option,
5996  "Client-side DNS caching enables a wide variety of route-"
5997  "capture attacks. If a single bad exit node lies to you about "
5998  "an IP address, caching that address would make you visit "
5999  "an address of the attacker's choice every time you connected "
6000  "to your destination.");
6001 }
6002 
6003 /**
6004  * Parse port configuration for a single port type.
6005  *
6006  * Read entries of the "FooPort" type from the list <b>ports</b>. Syntax is
6007  * that FooPort can have any number of entries of the format
6008  * "[Address:][Port] IsolationOptions".
6009  *
6010  * In log messages, describe the port type as <b>portname</b>.
6011  *
6012  * If no address is specified, default to <b>defaultaddr</b>. If no
6013  * FooPort is given, default to defaultport (if 0, there is no default).
6014  *
6015  * If CL_PORT_NO_STREAM_OPTIONS is set in <b>flags</b>, do not allow stream
6016  * isolation options in the FooPort entries.
6017  *
6018  * If CL_PORT_WARN_NONLOCAL is set in <b>flags</b>, warn if any of the
6019  * ports are not on a local address. If CL_PORT_FORBID_NONLOCAL is set,
6020  * this is a control port with no password set: don't even allow it.
6021  *
6022  * If CL_PORT_SERVER_OPTIONS is set in <b>flags</b>, do not allow stream
6023  * isolation options in the FooPort entries; instead allow the
6024  * server-port option set.
6025  *
6026  * If CL_PORT_TAKES_HOSTNAMES is set in <b>flags</b>, allow the options
6027  * {No,}IPv{4,6}Traffic.
6028  *
6029  * On success, if <b>out</b> is given, add a new port_cfg_t entry to
6030  * <b>out</b> for every port that the client should listen on. Return 0
6031  * on success, -1 on failure.
6032  */
6033 int
6035  const config_line_t *ports,
6036  const char *portname,
6037  int listener_type,
6038  const char *defaultaddr,
6039  int defaultport,
6040  const unsigned flags)
6041 {
6042  smartlist_t *elts;
6043  int retval = -1;
6044  const unsigned is_control = (listener_type == CONN_TYPE_CONTROL_LISTENER);
6045  const unsigned is_ext_orport = (listener_type == CONN_TYPE_EXT_OR_LISTENER);
6046  const unsigned allow_no_stream_options = flags & CL_PORT_NO_STREAM_OPTIONS;
6047  const unsigned use_server_options = flags & CL_PORT_SERVER_OPTIONS;
6048  const unsigned warn_nonlocal = flags & CL_PORT_WARN_NONLOCAL;
6049  const unsigned forbid_nonlocal = flags & CL_PORT_FORBID_NONLOCAL;
6050  const unsigned default_to_group_writable =
6051  flags & CL_PORT_DFLT_GROUP_WRITABLE;
6052  const unsigned takes_hostnames = flags & CL_PORT_TAKES_HOSTNAMES;
6053  const unsigned is_unix_socket = flags & CL_PORT_IS_UNIXSOCKET;
6054  int got_zero_port=0, got_nonzero_port=0;
6055  char *unix_socket_path = NULL;
6056  port_cfg_t *cfg = NULL;
6057  bool addr_is_explicit = false;
6058  tor_addr_t default_addr = TOR_ADDR_NULL;
6059 
6060  /* Parse default address. This can fail for Unix socket so the default_addr
6061  * will simply be made UNSPEC. */
6062  if (defaultaddr) {
6063  tor_addr_parse(&default_addr, defaultaddr);
6064  }
6065 
6066  /* If there's no FooPort, then maybe make a default one. */
6067  if (! ports) {
6068  if (defaultport && defaultaddr && out) {
6069  cfg = port_cfg_new(is_unix_socket ? strlen(defaultaddr) : 0);
6070  cfg->type = listener_type;
6071  if (is_unix_socket) {
6072  tor_addr_make_unspec(&cfg->addr);
6073  memcpy(cfg->unix_addr, defaultaddr, strlen(defaultaddr) + 1);
6074  cfg->is_unix_addr = 1;
6075  } else {
6076  cfg->port = defaultport;
6077  tor_addr_parse(&cfg->addr, defaultaddr);
6078  }
6079  smartlist_add(out, cfg);
6080  }
6081  return 0;
6082  }
6083 
6084  /* At last we can actually parse the FooPort lines. The syntax is:
6085  * [Addr:](Port|auto) [Options].*/
6086  elts = smartlist_new();
6087  char *addrport = NULL;
6088 
6089  for (; ports; ports = ports->next) {
6090  tor_addr_t addr;
6091  tor_addr_make_unspec(&addr);
6092  int port, ok,
6093  has_used_unix_socket_only_option = 0,
6094  is_unix_tagged_addr = 0;
6095  uint16_t ptmp=0;
6096  const char *rest_of_line = NULL;
6097 
6098  if (port_cfg_line_extract_addrport(ports->value,
6099  &addrport, &is_unix_tagged_addr, &rest_of_line)<0) {
6100  log_warn(LD_CONFIG, "Invalid %sPort line with unparsable address",
6101  portname);
6102  goto err;
6103  }
6104  if (strlen(addrport) == 0) {
6105  log_warn(LD_CONFIG, "Invalid %sPort line with no address", portname);
6106  goto err;
6107  }
6108 
6109  /* Split the remainder... */
6110  smartlist_split_string(elts, rest_of_line, NULL,
6111  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
6112 
6113  /* Let's start to check if it's a Unix socket path. */
6114  if (is_unix_tagged_addr) {
6115 #ifndef HAVE_SYS_UN_H
6116  log_warn(LD_CONFIG, "Unix sockets not supported on this system.");
6117  goto err;
6118 #endif
6119  unix_socket_path = addrport;
6120  addrport = NULL;
6121  }
6122 
6123  if (unix_socket_path &&
6124  ! conn_listener_type_supports_af_unix(listener_type)) {
6125  log_warn(LD_CONFIG, "%sPort does not support unix sockets", portname);
6126  goto err;
6127  }
6128 
6129  if (unix_socket_path) {
6130  port = 1;
6131  } else if (is_unix_socket) {
6132  if (BUG(!addrport))
6133  goto err; // LCOV_EXCL_LINE unreachable, but coverity can't tell that
6134  unix_socket_path = tor_strdup(addrport);
6135  if (!strcmp(addrport, "0"))
6136  port = 0;
6137  else
6138  port = 1;
6139  } else if (!strcasecmp(addrport, "auto")) {
6140  port = CFG_AUTO_PORT;
6141  tor_addr_copy(&addr, &default_addr);
6142  } else if (!strcasecmpend(addrport, ":auto")) {
6143  char *addrtmp = tor_strndup(addrport, strlen(addrport)-5);
6144  port = CFG_AUTO_PORT;
6145  if (tor_addr_port_lookup(addrtmp, &addr, &ptmp)<0 || ptmp) {
6146  log_warn(LD_CONFIG, "Invalid address '%s' for %sPort",
6147  escaped(addrport), portname);
6148  tor_free(addrtmp);
6149  goto err;
6150  }
6151  tor_free(addrtmp);
6152  } else {
6153  /* Try parsing integer port before address, because, who knows?
6154  * "9050" might be a valid address. */
6155  port = (int) tor_parse_long(addrport, 10, 0, 65535, &ok, NULL);
6156  if (ok) {
6157  tor_addr_copy(&addr, &default_addr);
6158  addr_is_explicit = false;
6159  } else if (tor_addr_port_lookup(addrport, &addr, &ptmp) == 0) {
6160  if (ptmp == 0) {
6161  log_warn(LD_CONFIG, "%sPort line has address but no port", portname);
6162  goto err;
6163  }
6164  port = ptmp;
6165  addr_is_explicit = true;
6166  } else {
6167  log_warn(LD_CONFIG, "Couldn't parse address %s for %sPort",
6168  escaped(addrport), portname);
6169  goto err;
6170  }
6171  }
6172 
6173  /* Default port_cfg_t object initialization */
6174  cfg = port_cfg_new(unix_socket_path ? strlen(unix_socket_path) : 0);
6175 
6176  cfg->explicit_addr = addr_is_explicit;
6177  if (unix_socket_path && default_to_group_writable)
6178  cfg->is_group_writable = 1;
6179 
6180  /* Now parse the rest of the options, if any. */
6181  if (use_server_options) {
6182  /* This is a server port; parse advertising options */
6183  SMARTLIST_FOREACH_BEGIN(elts, char *, elt) {
6184  if (!strcasecmp(elt, "NoAdvertise")) {
6185  cfg->server_cfg.no_advertise = 1;
6186  } else if (!strcasecmp(elt, "NoListen")) {
6187  cfg->server_cfg.no_listen = 1;
6188 #if 0
6189  /* not implemented yet. */
6190  } else if (!strcasecmp(elt, "AllAddrs")) {
6191 
6192  all_addrs = 1;
6193 #endif /* 0 */
6194  } else if (!strcasecmp(elt, "IPv4Only")) {
6195  cfg->server_cfg.bind_ipv4_only = 1;
6196  } else if (!strcasecmp(elt, "IPv6Only")) {
6197  cfg->server_cfg.bind_ipv6_only = 1;
6198  } else {
6199  log_warn(LD_CONFIG, "Unrecognized %sPort option '%s'",
6200  portname, escaped(elt));
6201  }
6202  } SMARTLIST_FOREACH_END(elt);
6203 
6204  if (cfg->server_cfg.no_advertise && cfg->server_cfg.no_listen) {
6205  log_warn(LD_CONFIG, "Tried to set both NoListen and NoAdvertise "
6206  "on %sPort line '%s'",
6207  portname, escaped(ports->value));
6208  goto err;
6209  }
6210  if (cfg->server_cfg.bind_ipv4_only &&
6211  cfg->server_cfg.bind_ipv6_only) {
6212  log_warn(LD_CONFIG, "Tried to set both IPv4Only and IPv6Only "
6213  "on %sPort line '%s'",
6214  portname, escaped(ports->value));
6215  goto err;
6216  }
6217  if (cfg->server_cfg.bind_ipv4_only &&
6218  tor_addr_family(&addr) != AF_INET) {
6219  if (cfg->explicit_addr) {
6220  log_warn(LD_CONFIG, "Could not interpret %sPort address as IPv4",
6221  portname);
6222  goto err;
6223  }
6224  /* This ORPort is IPv4Only but the default address is IPv6, ignore it
6225  * since this will be configured with an IPv4 default address. */
6226  goto ignore;
6227  }
6228  if (cfg->server_cfg.bind_ipv6_only &&
6229  tor_addr_family(&addr) != AF_INET6) {
6230  if (cfg->explicit_addr) {
6231  log_warn(LD_CONFIG, "Could not interpret %sPort address as IPv6",
6232  portname);
6233  goto err;
6234  }
6235  /* This ORPort is IPv6Only but the default address is IPv4, ignore it
6236  * since this will be configured with an IPv6 default address. */
6237  goto ignore;
6238  }
6239  } else {
6240  /* This is a client port; parse isolation options */
6241  SMARTLIST_FOREACH_BEGIN(elts, char *, elt) {
6242  int no = 0, isoflag = 0;
6243  const char *elt_orig = elt;
6244 
6245  if (!strcasecmpstart(elt, "SessionGroup=")) {
6246  int group = (int)tor_parse_long(elt+strlen("SessionGroup="),
6247  10, 0, INT_MAX, &ok, NULL);
6248  if (!ok || allow_no_stream_options) {
6249  log_warn(LD_CONFIG, "Invalid %sPort option '%s'",
6250  portname, escaped(elt));
6251  goto err;
6252  }
6253  if (cfg->entry_cfg.session_group >= 0) {
6254  log_warn(LD_CONFIG, "Multiple SessionGroup options on %sPort",
6255  portname);
6256  goto err;
6257  }
6258  cfg->entry_cfg.session_group = group;
6259  continue;
6260  }
6261 
6262  if (!strcasecmpstart(elt, "No")) {
6263  no = 1;
6264  elt += 2;
6265  }
6266 
6267  if (!strcasecmp(elt, "GroupWritable")) {
6268  cfg->is_group_writable = !no;
6269  has_used_unix_socket_only_option = 1;
6270  continue;
6271  } else if (!strcasecmp(elt, "WorldWritable")) {
6272  cfg->is_world_writable = !no;
6273  has_used_unix_socket_only_option = 1;
6274  continue;
6275  } else if (!strcasecmp(elt, "RelaxDirModeCheck")) {
6276  cfg->relax_dirmode_check = !no;
6277  has_used_unix_socket_only_option = 1;
6278  continue;
6279  }
6280 
6281  if (allow_no_stream_options) {
6282  log_warn(LD_CONFIG, "Unrecognized %sPort option '%s'",
6283  portname, escaped(elt));
6284  continue;
6285  }
6286 
6287  if (takes_hostnames) {
6288  if (!strcasecmp(elt, "IPv4Traffic")) {
6289  cfg->entry_cfg.ipv4_traffic = ! no;
6290  continue;
6291  } else if (!strcasecmp(elt, "IPv6Traffic")) {
6292  cfg->entry_cfg.ipv6_traffic = ! no;
6293  continue;
6294  } else if (!strcasecmp(elt, "PreferIPv6")) {
6295  cfg->entry_cfg.prefer_ipv6 = ! no;
6296  continue;
6297  } else if (!strcasecmp(elt, "DNSRequest")) {
6298  cfg->entry_cfg.dns_request = ! no;
6299  continue;
6300  } else if (!strcasecmp(elt, "OnionTraffic")) {
6301  cfg->entry_cfg.onion_traffic = ! no;
6302  continue;
6303  } else if (!strcasecmp(elt, "OnionTrafficOnly")) {
6304  /* Only connect to .onion addresses. Equivalent to
6305  * NoDNSRequest, NoIPv4Traffic, NoIPv6Traffic. The option
6306  * NoOnionTrafficOnly is not supported, it's too confusing. */
6307  if (no) {
6308  log_warn(LD_CONFIG, "Unsupported %sPort option 'No%s'. Use "
6309  "DNSRequest, IPv4Traffic, and/or IPv6Traffic instead.",
6310  portname, escaped(elt));
6311  } else {
6312  cfg->entry_cfg.ipv4_traffic = 0;
6313  cfg->entry_cfg.ipv6_traffic = 0;
6314  cfg->entry_cfg.dns_request = 0;
6315  }
6316  continue;
6317  }
6318  }
6319  if (!strcasecmp(elt, "CacheIPv4DNS")) {
6320  warn_client_dns_cache(elt, no); // since 0.2.9.2-alpha
6321  cfg->entry_cfg.cache_ipv4_answers = ! no;
6322  continue;
6323  } else if (!strcasecmp(elt, "CacheIPv6DNS")) {
6324  warn_client_dns_cache(elt, no); // since 0.2.9.2-alpha
6325  cfg->entry_cfg.cache_ipv6_answers = ! no;
6326  continue;
6327  } else if (!strcasecmp(elt, "CacheDNS")) {
6328  warn_client_dns_cache(elt, no); // since 0.2.9.2-alpha
6329  cfg->entry_cfg.cache_ipv4_answers = ! no;
6330  cfg->entry_cfg.cache_ipv6_answers = ! no;
6331  continue;
6332  } else if (!strcasecmp(elt, "UseIPv4Cache")) {
6333  warn_client_dns_cache(elt, no); // since 0.2.9.2-alpha
6334  cfg->entry_cfg.use_cached_ipv4_answers = ! no;
6335  continue;
6336  } else if (!strcasecmp(elt, "UseIPv6Cache")) {
6337  warn_client_dns_cache(elt, no); // since 0.2.9.2-alpha
6338  cfg->entry_cfg.use_cached_ipv6_answers = ! no;
6339  continue;
6340  } else if (!strcasecmp(elt, "UseDNSCache")) {
6341  warn_client_dns_cache(elt, no); // since 0.2.9.2-alpha
6342  cfg->entry_cfg.use_cached_ipv4_answers = ! no;
6343  cfg->entry_cfg.use_cached_ipv6_answers = ! no;
6344  continue;
6345  } else if (!strcasecmp(elt, "PreferIPv6Automap")) {
6346  cfg->entry_cfg.prefer_ipv6_virtaddr = ! no;
6347  continue;
6348  } else if (!strcasecmp(elt, "PreferSOCKSNoAuth")) {
6349  cfg->entry_cfg.socks_prefer_no_auth = ! no;
6350  continue;
6351  } else if (!strcasecmp(elt, "KeepAliveIsolateSOCKSAuth")) {
6352  cfg->entry_cfg.socks_iso_keep_alive = ! no;
6353  continue;
6354  } else if (!strcasecmp(elt, "ExtendedErrors")) {
6355  cfg->entry_cfg.extended_socks5_codes = ! no;
6356  continue;
6357  }
6358 
6359  if (!strcasecmpend(elt, "s"))
6360  elt[strlen(elt)-1] = '\0'; /* kill plurals. */
6361 
6362  if (!strcasecmp(elt, "IsolateDestPort")) {
6363  isoflag = ISO_DESTPORT;
6364  } else if (!strcasecmp(elt, "IsolateDestAddr")) {
6365  isoflag = ISO_DESTADDR;
6366  } else if (!strcasecmp(elt, "IsolateSOCKSAuth")) {
6367  isoflag = ISO_SOCKSAUTH;
6368  } else if (!strcasecmp(elt, "IsolateClientProtocol")) {
6369  isoflag = ISO_CLIENTPROTO;
6370  } else if (!strcasecmp(elt, "IsolateClientAddr")) {
6371  isoflag = ISO_CLIENTADDR;
6372  } else {
6373  log_warn(LD_CONFIG, "Unrecognized %sPort option '%s'",
6374  portname, escaped(elt_orig));
6375  }
6376 
6377  if (no) {
6378  cfg->entry_cfg.isolation_flags &= ~isoflag;
6379  } else {
6380  cfg->entry_cfg.isolation_flags |= isoflag;
6381  }
6382  } SMARTLIST_FOREACH_END(elt);
6383  }
6384 
6385  if (port)
6386  got_nonzero_port = 1;
6387  else
6388  got_zero_port = 1;
6389 
6390  if (cfg->entry_cfg.dns_request == 0 &&
6391  listener_type == CONN_TYPE_AP_DNS_LISTENER) {
6392  log_warn(LD_CONFIG, "You have a %sPort entry with DNS disabled; that "
6393  "won't work.", portname);
6394  goto err;
6395  }
6396  if (cfg->entry_cfg.ipv4_traffic == 0 &&
6397  cfg->entry_cfg.ipv6_traffic == 0 &&
6398  cfg->entry_cfg.onion_traffic == 0 &&
6399  listener_type != CONN_TYPE_AP_DNS_LISTENER) {
6400  log_warn(LD_CONFIG, "You have a %sPort entry with all of IPv4 and "
6401  "IPv6 and .onion disabled; that won't work.", portname);
6402  goto err;
6403  }
6404  if (cfg->entry_cfg.dns_request == 1 &&
6405  cfg->entry_cfg.ipv4_traffic == 0 &&
6406  cfg->entry_cfg.ipv6_traffic == 0 &&
6407  listener_type != CONN_TYPE_AP_DNS_LISTENER) {
6408  log_warn(LD_CONFIG, "You have a %sPort entry with DNSRequest enabled, "
6409  "but IPv4 and IPv6 disabled; DNS-based sites won't work.",
6410  portname);
6411  goto err;
6412  }
6413  if (has_used_unix_socket_only_option && !unix_socket_path) {
6414  log_warn(LD_CONFIG, "You have a %sPort entry with GroupWritable, "
6415  "WorldWritable, or RelaxDirModeCheck, but it is not a "
6416  "unix socket.", portname);
6417  goto err;
6418  }
6419  if (!(cfg->entry_cfg.isolation_flags & ISO_SOCKSAUTH) &&
6421  log_warn(LD_CONFIG, "You have a %sPort entry with both "
6422  "NoIsolateSOCKSAuth and KeepAliveIsolateSOCKSAuth set.",
6423  portname);
6424  goto err;
6425  }
6426  if (unix_socket_path &&
6428  /* `IsolateClientAddr` is nonsensical in the context of AF_LOCAL.
6429  * just silently remove the isolation flag.
6430  */
6432  }
6433  if (out && port) {
6434  size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
6435  if (unix_socket_path) {
6436  tor_addr_make_unspec(&cfg->addr);
6437  memcpy(cfg->unix_addr, unix_socket_path, namelen + 1);
6438  cfg->is_unix_addr = 1;
6439  tor_free(unix_socket_path);
6440  } else {
6441  tor_addr_copy(&cfg->addr, &addr);
6442  cfg->port = port;
6443  }
6444  cfg->type = listener_type;
6445  if (! (cfg->entry_cfg.isolation_flags & ISO_SOCKSAUTH))
6447  smartlist_add(out, cfg);
6448  /* out owns cfg now, don't re-use or free it */
6449  cfg = NULL;
6450  }
6451 
6452  ignore:
6453  tor_free(cfg);
6454  SMARTLIST_FOREACH(elts, char *, cp, tor_free(cp));
6455  smartlist_clear(elts);
6456  tor_free(addrport);
6457  tor_free(unix_socket_path);
6458  }
6459 
6460  if (warn_nonlocal && out) {
6461  if (is_control)
6462  warn_nonlocal_controller_ports(out, forbid_nonlocal);
6463  else if (is_ext_orport)
6464  port_warn_nonlocal_ext_orports(out, portname);
6465  else
6466  warn_nonlocal_client_ports(out, portname, listener_type);
6467  }
6468 
6469  if (got_zero_port && got_nonzero_port) {
6470  log_warn(LD_CONFIG, "You specified a nonzero %sPort along with '%sPort 0' "
6471  "in the same configuration. Did you mean to disable %sPort or "
6472  "not?", portname, portname, portname);
6473  goto err;
6474  }
6475 
6476  retval = 0;
6477  err:
6478  /* There are two ways we can error out:
6479  * 1. part way through the loop: cfg needs to be freed;
6480  * 2. ending the loop normally: cfg is always NULL.
6481  * In this case, cfg has either been:
6482  * - added to out, then set to NULL, or
6483  * - freed and set to NULL (because out is NULL, or port is 0).
6484  */
6485  tor_free(cfg);
6486 
6487  /* Free the other variables from the loop.
6488  * elts is always non-NULL here, but it may or may not be empty. */
6489  SMARTLIST_FOREACH(elts, char *, cp, tor_free(cp));
6490  smartlist_free(elts);
6491  tor_free(unix_socket_path);
6492  tor_free(addrport);
6493 
6494  return retval;
6495 }
6496 
6497 /** Return the number of ports which are actually going to listen with type
6498  * <b>listenertype</b>. Do not count no_listen ports. Only count unix
6499  * sockets if count_sockets is true. */
6500 int
6501 port_count_real_listeners(const smartlist_t *ports, int listenertype,
6502  int count_sockets)
6503 {
6504  int n = 0;
6505  SMARTLIST_FOREACH_BEGIN(ports, port_cfg_t *, port) {
6506  if (port->server_cfg.no_listen)
6507  continue;
6508  if (!count_sockets && port->is_unix_addr)
6509  continue;
6510  if (port->type != listenertype)
6511  continue;
6512  ++n;
6513  } SMARTLIST_FOREACH_END(port);
6514  return n;
6515 }
6516 
6517 /** Parse all ports from <b>options</b>. On success, set *<b>n_ports_out</b>
6518  * to the number of ports that are listed, update the *Port_set values in
6519  * <b>options</b>, and return 0. On failure, set *<b>msg</b> to a
6520  * description of the problem and return -1.
6521  *
6522  * If <b>validate_only</b> is false, set configured_client_ports to the
6523  * new list of ports parsed from <b>options</b>.
6524  **/
6525 STATIC int
6526 parse_ports(or_options_t *options, int validate_only,
6527  char **msg, int *n_ports_out,
6528  int *world_writable_control_socket)
6529 {
6530  smartlist_t *ports;
6531  int retval = -1;
6532 
6533  ports = smartlist_new();
6534 
6535  *n_ports_out = 0;
6536 
6537  const unsigned gw_flag = options->UnixSocksGroupWritable ?
6538  CL_PORT_DFLT_GROUP_WRITABLE : 0;
6539  if (port_parse_config(ports,
6540  options->SocksPort_lines,
6541  "Socks", CONN_TYPE_AP_LISTENER,
6542  "127.0.0.1", 9050,
6543  ((validate_only ? 0 : CL_PORT_WARN_NONLOCAL)
6544  | CL_PORT_TAKES_HOSTNAMES | gw_flag)) < 0) {
6545  *msg = tor_strdup("Invalid SocksPort configuration");
6546  goto err;
6547  }
6548  if (port_parse_config(ports,
6549  options->DNSPort_lines,
6551  "127.0.0.1", 0,
6552  CL_PORT_WARN_NONLOCAL|CL_PORT_TAKES_HOSTNAMES) < 0) {
6553  *msg = tor_strdup("Invalid DNSPort configuration");
6554  goto err;
6555  }
6556  if (port_parse_config(ports,
6557  options->TransPort_lines,
6558  "Trans", CONN_TYPE_AP_TRANS_LISTENER,
6559  "127.0.0.1", 0,
6560  CL_PORT_WARN_NONLOCAL) < 0) {
6561  *msg = tor_strdup("Invalid TransPort configuration");
6562  goto err;
6563  }
6564  if (port_parse_config(ports,
6565  options->NATDPort_lines,
6567  "127.0.0.1", 0,
6568  CL_PORT_WARN_NONLOCAL) < 0) {
6569  *msg = tor_strdup("Invalid NatdPort configuration");
6570  goto err;
6571  }
6572  if (port_parse_config(ports,
6573  options->HTTPTunnelPort_lines,
6574  "HTTP Tunnel", CONN_TYPE_AP_HTTP_CONNECT_LISTENER,
6575  "127.0.0.1", 0,
6576  ((validate_only ? 0 : CL_PORT_WARN_NONLOCAL)
6577  | CL_PORT_TAKES_HOSTNAMES | gw_flag)) < 0) {
6578  *msg = tor_strdup("Invalid HTTPTunnelPort configuration");
6579  goto err;
6580  }
6581  if (metrics_parse_ports(options, ports, msg) < 0) {
6582  goto err;
6583  }
6584 
6585  {
6586  unsigned control_port_flags = CL_PORT_NO_STREAM_OPTIONS |
6587  CL_PORT_WARN_NONLOCAL;
6588  const int any_passwords = (options->HashedControlPassword ||
6589  options->HashedControlSessionPassword ||
6590  options->CookieAuthentication);
6591  if (! any_passwords)
6592  control_port_flags |= CL_PORT_FORBID_NONLOCAL;
6593  if (options->ControlSocketsGroupWritable)
6594  control_port_flags |= CL_PORT_DFLT_GROUP_WRITABLE;
6595 
6596  if (port_parse_config(ports,
6597  options->ControlPort_lines,
6598  "Control", CONN_TYPE_CONTROL_LISTENER,
6599  "127.0.0.1", 0,
6600  control_port_flags) < 0) {
6601  *msg = tor_strdup("Invalid ControlPort configuration");
6602  goto err;
6603  }
6604 
6605  if (port_parse_config(ports, options->ControlSocket,
6606  "ControlSocket",
6607  CONN_TYPE_CONTROL_LISTENER, NULL, 0,
6608  control_port_flags | CL_PORT_IS_UNIXSOCKET) < 0) {
6609  *msg = tor_strdup("Invalid ControlSocket configuration");
6610  goto err;
6611  }
6612  }
6613 
6614  if (port_parse_ports_relay(options, msg, ports, &have_low_ports) < 0)
6615  goto err;
6616 
6617  *n_ports_out = smartlist_len(ports);
6618 
6619  retval = 0;
6620 
6621  /* Update the *Port_set options. The !! here is to force a boolean out of
6622  an integer. */
6623  port_update_port_set_relay(options, ports);
6624  options->SocksPort_set =
6626  options->TransPort_set =
6628  options->NATDPort_set =
6630  options->HTTPTunnelPort_set =
6632  /* Use options->ControlSocket to test if a control socket is set */
6633  options->ControlPort_set =
6635  options->DNSPort_set =
6637 
6638  if (world_writable_control_socket) {
6639  SMARTLIST_FOREACH(ports, port_cfg_t *, p,
6640  if (p->type == CONN_TYPE_CONTROL_LISTENER &&
6641  p->is_unix_addr &&
6642  p->is_world_writable) {
6643  *world_writable_control_socket = 1;
6644  break;
6645  });
6646  }
6647 
6648  if (!validate_only) {
6649  if (configured_ports) {
6651  port_cfg_t *, p, port_cfg_free(p));
6652  smartlist_free(configured_ports);
6653  }
6654  configured_ports = ports;
6655  ports = NULL; /* prevent free below. */
6656  }
6657 
6658  err:
6659  if (ports) {
6660  SMARTLIST_FOREACH(ports, port_cfg_t *, p, port_cfg_free(p));
6661  smartlist_free(ports);
6662  }
6663  return retval;
6664 }
6665 
6666 /* Does port bind to IPv4? */
6667 int
6668 port_binds_ipv4(const port_cfg_t *port)
6669 {
6670  return tor_addr_family(&port->addr) == AF_INET ||
6671  (tor_addr_family(&port->addr) == AF_UNSPEC
6672  && !port->server_cfg.bind_ipv6_only);
6673 }
6674 
6675 /* Does port bind to IPv6? */
6676 int
6677 port_binds_ipv6(const port_cfg_t *port)
6678 {
6679  return tor_addr_family(&port->addr) == AF_INET6 ||
6680  (tor_addr_family(&port->addr) == AF_UNSPEC
6681  && !port->server_cfg.bind_ipv4_only);
6682 }
6683 
6684 /** Return a list of port_cfg_t for client ports parsed from the
6685  * options. */
6686 MOCK_IMPL(const smartlist_t *,
6688 {
6689  if (!configured_ports)
6691  return configured_ports;
6692 }
6693 
6694 /** Return an address:port string representation of the address
6695  * where the first <b>listener_type</b> listener waits for
6696  * connections. Return NULL if we couldn't find a listener. The
6697  * string is allocated on the heap and it's the responsibility of the
6698  * caller to free it after use.
6699  *
6700  * This function is meant to be used by the pluggable transport proxy
6701  * spawning code, please make sure that it fits your purposes before
6702  * using it. */
6703 char *
6705 {
6706  static const char *ipv4_localhost = "127.0.0.1";
6707  static const char *ipv6_localhost = "[::1]";
6708  const char *address;
6709  uint16_t port;
6710  char *string = NULL;
6711 
6712  if (!configured_ports)
6713  return NULL;
6714 
6716  if (cfg->server_cfg.no_listen)
6717  continue;
6718 
6719  if (cfg->type == listener_type &&
6720  tor_addr_family(&cfg->addr) != AF_UNSPEC) {
6721 
6722  /* We found the first listener of the type we are interested in! */
6723 
6724  /* If a listener is listening on INADDR_ANY, assume that it's
6725  also listening on 127.0.0.1, and point the transport proxy
6726  there: */
6727  if (tor_addr_is_null(&cfg->addr))
6728  address = tor_addr_is_v4(&cfg->addr) ? ipv4_localhost : ipv6_localhost;
6729  else
6730  address = fmt_and_decorate_addr(&cfg->addr);
6731 
6732  /* If a listener is configured with port 'auto', we are forced
6733  to iterate all listener connections and find out in which
6734  port it ended up listening: */
6735  if (cfg->port == CFG_AUTO_PORT) {
6736  port = router_get_active_listener_port_by_type_af(listener_type,
6737  tor_addr_family(&cfg->addr));
6738  if (!port)
6739  return NULL;
6740  } else {
6741  port = cfg->port;
6742  }
6743 
6744  tor_asprintf(&string, "%s:%u", address, port);
6745 
6746  return string;
6747  }
6748 
6749  } SMARTLIST_FOREACH_END(cfg);
6750 
6751  return NULL;
6752 }
6753 
6754 /** Find and return the first configured advertised `port_cfg_t` of type @a
6755  * listener_type in @a address_family. */
6756 static const port_cfg_t *
6757 portconf_get_first_advertised(int listener_type, int address_family)
6758 {
6759  const port_cfg_t *first_port = NULL;
6760  const port_cfg_t *first_port_explicit_addr = NULL;
6761 
6762  if (address_family == AF_UNSPEC)
6763  return NULL;
6764 
6765  const smartlist_t *conf_ports = get_configured_ports();
6766  SMARTLIST_FOREACH_BEGIN(conf_ports, const port_cfg_t *, cfg) {
6767  if (cfg->type == listener_type && !cfg->server_cfg.no_advertise) {
6768  if ((address_family == AF_INET && port_binds_ipv4(cfg)) ||
6769  (address_family == AF_INET6 && port_binds_ipv6(cfg))) {
6770  if (cfg->explicit_addr && !first_port_explicit_addr) {
6771  first_port_explicit_addr = cfg;
6772  } else if (!first_port) {
6773  first_port = cfg;
6774  }
6775  }
6776  }
6777  } SMARTLIST_FOREACH_END(cfg);
6778 
6779  /* Prefer the port with the explicit address if any. */
6780  return (first_port_explicit_addr) ? first_port_explicit_addr : first_port;
6781 }
6782 
6783 /** Return the first advertised port of type <b>listener_type</b> in
6784  * <b>address_family</b>. Returns 0 when no port is found, and when passed
6785  * AF_UNSPEC. */
6786 int
6787 portconf_get_first_advertised_port(int listener_type, int address_family)
6788 {
6789  const port_cfg_t *cfg;
6790  cfg = portconf_get_first_advertised(listener_type, address_family);
6791 
6792  return cfg ? cfg->port : 0;
6793 }
6794 
6795 /** Return the first advertised address of type <b>listener_type</b> in
6796  * <b>address_family</b>. Returns NULL if there is no advertised address,
6797  * and when passed AF_UNSPEC. */
6798 const tor_addr_t *
6799 portconf_get_first_advertised_addr(int listener_type, int address_family)
6800 {
6801  const port_cfg_t *cfg;
6802  cfg = portconf_get_first_advertised(listener_type, address_family);
6803 
6804  return cfg ? &cfg->addr : NULL;
6805 }
6806 
6807 /** Return 1 if a port exists of type <b>listener_type</b> on <b>addr</b> and
6808  * <b>port</b>. If <b>check_wildcard</b> is true, INADDR[6]_ANY and AF_UNSPEC
6809  * addresses match any address of the appropriate family; and port -1 matches
6810  * any port.
6811  * To match auto ports, pass CFG_PORT_AUTO. (Does not match on the actual
6812  * automatically chosen listener ports.) */
6813 int
6814 port_exists_by_type_addr_port(int listener_type, const tor_addr_t *addr,
6815  int port, int check_wildcard)
6816 {
6817  if (!configured_ports || !addr)
6818  return 0;
6820  if (cfg->type == listener_type) {
6821  if (cfg->port == port || (check_wildcard && port == -1)) {
6822  /* Exact match */
6823  if (tor_addr_eq(&cfg->addr, addr)) {
6824  return 1;
6825  }
6826  /* Skip wildcard matches if we're not doing them */
6827  if (!check_wildcard) {
6828  continue;
6829  }
6830  /* Wildcard matches IPv4 */
6831  const int cfg_v4 = port_binds_ipv4(cfg);
6832  const int cfg_any_v4 = tor_addr_is_null(&cfg->addr) && cfg_v4;
6833  const int addr_v4 = tor_addr_family(addr) == AF_INET ||
6834  tor_addr_family(addr) == AF_UNSPEC;
6835  const int addr_any_v4 = tor_addr_is_null(&cfg->addr) && addr_v4;
6836  if ((cfg_any_v4 && addr_v4) || (cfg_v4 && addr_any_v4)) {
6837  return 1;
6838  }
6839  /* Wildcard matches IPv6 */
6840  const int cfg_v6 = port_binds_ipv6(cfg);
6841  const int cfg_any_v6 = tor_addr_is_null(&cfg->addr) && cfg_v6;
6842  const int addr_v6 = tor_addr_family(addr) == AF_INET6 ||
6843  tor_addr_family(addr) == AF_UNSPEC;
6844  const int addr_any_v6 = tor_addr_is_null(&cfg->addr) && addr_v6;
6845  if ((cfg_any_v6 && addr_v6) || (cfg_v6 && addr_any_v6)) {
6846  return 1;
6847  }
6848  }
6849  }
6850  } SMARTLIST_FOREACH_END(cfg);
6851  return 0;
6852 }
6853 
6854 /* Like port_exists_by_type_addr_port, but accepts a host-order IPv4 address
6855  * instead. */
6856 int
6857 port_exists_by_type_addr32h_port(int listener_type, uint32_t addr_ipv4h,
6858  int port, int check_wildcard)
6859 {
6860  tor_addr_t ipv4;
6861  tor_addr_from_ipv4h(&ipv4, addr_ipv4h);
6862  return port_exists_by_type_addr_port(listener_type, &ipv4, port,
6863  check_wildcard);
6864 }
6865 
6866 /** Allocate and return a good value for the DataDirectory based on
6867  * <b>val</b>, which may be NULL. Return NULL on failure. */
6868 static char *
6869 get_data_directory(const char *val)
6870 {
6871 #ifdef _WIN32
6872  if (val) {
6873  return tor_strdup(val);
6874  } else {
6875  return tor_strdup(get_windows_conf_root());
6876  }
6877 #else /* !defined(_WIN32) */
6878  const char *d = val;
6879  if (!d)
6880  d = "~/.tor";
6881 
6882  if (!strcmpstart(d, "~/")) {
6883  char *fn = expand_filename(d);
6884  if (!fn) {
6885  log_warn(LD_CONFIG,"Failed to expand filename \"%s\".", d);
6886  return NULL;
6887  }
6888  if (!val && !strcmp(fn,"/.tor")) {
6889  /* If our homedir is /, we probably don't want to use it. */
6890  /* Default to LOCALSTATEDIR/tor which is probably closer to what we
6891  * want. */
6892  log_warn(LD_CONFIG,
6893  "Default DataDirectory is \"~/.tor\". This expands to "
6894  "\"%s\", which is probably not what you want. Using "
6895  "\"%s"PATH_SEPARATOR"tor\" instead", fn, LOCALSTATEDIR);
6896  tor_free(fn);
6897  fn = tor_strdup(LOCALSTATEDIR PATH_SEPARATOR "tor");
6898  }
6899  return fn;
6900  }
6901  return tor_strdup(d);
6902 #endif /* defined(_WIN32) */
6903 }
6904 
6905 /** Check and normalize the values of options->{Key,Data,Cache}Directory;
6906  * return 0 if it is sane, -1 otherwise. */
6907 static int
6909 {
6910  tor_free(options->DataDirectory);
6912  if (!options->DataDirectory)
6913  return -1;
6914  if (strlen(options->DataDirectory) > (512-128)) {
6915  log_warn(LD_CONFIG, "DataDirectory is too long.");
6916  return -1;
6917  }
6918 
6919  tor_free(options->KeyDirectory);
6920  if (options->KeyDirectory_option) {
6922  if (!options->KeyDirectory)
6923  return -1;
6924  } else {
6925  /* Default to the data directory's keys subdir */
6926  tor_asprintf(&options->KeyDirectory, "%s"PATH_SEPARATOR"keys",
6927  options->DataDirectory);
6928  }
6929 
6930  tor_free(options->CacheDirectory);
6931  if (options->CacheDirectory_option) {
6933  options->CacheDirectory_option);
6934  if (!options->CacheDirectory)
6935  return -1;
6936  } else {
6937  /* Default to the data directory. */
6938  options->CacheDirectory = tor_strdup(options->DataDirectory);
6939  }
6940 
6941  return 0;
6942 }
6943 
6944 /** This string must remain the same forevermore. It is how we
6945  * recognize that the torrc file doesn't need to be backed up. */
6946 #define GENERATED_FILE_PREFIX "# This file was generated by Tor; " \
6947  "if you edit it, comments will not be preserved"
6948 /** This string can change; it tries to give the reader an idea
6949  * that editing this file by hand is not a good plan. */
6950 #define GENERATED_FILE_COMMENT "# The old torrc file was renamed " \
6951  "to torrc.orig.1, and Tor will ignore it"
6952 
6953 /** Save a configuration file for the configuration in <b>options</b>
6954  * into the file <b>fname</b>. If the file already exists, and
6955  * doesn't begin with GENERATED_FILE_PREFIX, rename it. Otherwise
6956  * replace it. Return 0 on success, -1 on failure. */
6957 static int
6958 write_configuration_file(const char *fname, const or_options_t *options)
6959 {
6960  char *old_val=NULL, *new_val=NULL, *new_conf=NULL;
6961  int rename_old = 0, r;
6962 
6963  if (!fname)
6964  return -1;
6965 
6966  switch (file_status(fname)) {
6967  /* create backups of old config files, even if they're empty */
6968  case FN_FILE:
6969  case FN_EMPTY:
6970  old_val = read_file_to_str(fname, 0, NULL);
6971  if (!old_val || strcmpstart(old_val, GENERATED_FILE_PREFIX)) {
6972  rename_old = 1;
6973  }
6974  tor_free(old_val);
6975  break;
6976  case FN_NOENT:
6977  break;
6978  case FN_ERROR:
6979  case FN_DIR:
6980  default:
6981  log_warn(LD_CONFIG,
6982  "Config file \"%s\" is not a file? Failing.", fname);
6983  return -1;
6984  }
6985 
6986  if (!(new_conf = options_dump(options, OPTIONS_DUMP_MINIMAL))) {
6987  log_warn(LD_BUG, "Couldn't get configuration string");
6988  goto err;
6989  }
6990 
6991  tor_asprintf(&new_val, "%s\n%s\n\n%s",
6993 
6994  if (rename_old) {
6995  char *fn_tmp = NULL;
6996  tor_asprintf(&fn_tmp, CONFIG_BACKUP_PATTERN, fname);
6997  file_status_t fn_tmp_status = file_status(fn_tmp);
6998  if (fn_tmp_status == FN_DIR || fn_tmp_status == FN_ERROR) {
6999  log_warn(LD_CONFIG,
7000  "Config backup file \"%s\" is not a file? Failing.", fn_tmp);
7001  tor_free(fn_tmp);
7002  goto err;
7003  }
7004 
7005  log_notice(LD_CONFIG, "Renaming old configuration file to \"%s\"", fn_tmp);
7006  if (replace_file(fname, fn_tmp) < 0) {
7007  log_warn(LD_FS,
7008  "Couldn't rename configuration file \"%s\" to \"%s\": %s",
7009  fname, fn_tmp, strerror(errno));
7010  tor_free(fn_tmp);
7011  goto err;
7012  }
7013  tor_free(fn_tmp);
7014  }
7015 
7016  if (write_str_to_file(fname, new_val, 0) < 0)
7017  goto err;
7018 
7019  r = 0;
7020  goto done;
7021  err:
7022  r = -1;
7023  done:
7024  tor_free(new_val);
7025  tor_free(new_conf);
7026  return r;
7027 }
7028 
7029 /**
7030  * Save the current configuration file value to disk. Return 0 on
7031  * success, -1 on failure.
7032  **/
7033 int
7035 {
7036  /* This fails if we can't write to our configuration file.
7037  *
7038  * If we try falling back to datadirectory or something, we have a better
7039  * chance of saving the configuration, but a better chance of doing
7040  * something the user never expected. */
7042 }
7043 
7044 /** Return the number of cpus configured in <b>options</b>. If we are
7045  * told to auto-detect the number of cpus, return the auto-detected number. */
7046 int
7048 {
7049  if (options->NumCPUs == 0) {
7050  int n = compute_num_cpus();
7051  return (n >= 1) ? n : 1;
7052  } else {
7053  return options->NumCPUs;
7054  }
7055 }
7056 
7057 /**
7058  * Initialize the libevent library.
7059  */
7060 static void
7062 {
7063  tor_libevent_cfg_t cfg;
7064 
7065  tor_assert(options);
7066 
7068  /* If the kernel complains that some method (say, epoll) doesn't
7069  * exist, we don't care about it, since libevent will cope.
7070  */
7071  suppress_libevent_log_msg("Function not implemented");
7072 
7073  memset(&cfg, 0, sizeof(cfg));
7074  cfg.num_cpus = get_num_cpus(options);
7076 
7078 
7080 }
7081 
7082 /** Return a newly allocated string holding a filename relative to the
7083  * directory in <b>options</b> specified by <b>roottype</b>.
7084  * If <b>sub1</b> is present, it is the first path component after
7085  * the data directory. If <b>sub2</b> is also present, it is the second path
7086  * component after the data directory. If <b>suffix</b> is present, it
7087  * is appended to the filename.
7088  *
7089  * Note: Consider using macros in config.h that wrap this function;
7090  * you should probably never need to call it as-is.
7091  */
7092 MOCK_IMPL(char *,
7094  directory_root_t roottype,
7095  const char *sub1, const char *sub2,
7096  const char *suffix))
7097 {
7098  tor_assert(options);
7099 
7100  const char *rootdir = NULL;
7101  switch (roottype) {
7102  case DIRROOT_DATADIR:
7103  rootdir = options->DataDirectory;
7104  break;
7105  case DIRROOT_CACHEDIR:
7106  rootdir = options->CacheDirectory;
7107  break;
7108  case DIRROOT_KEYDIR:
7109  rootdir = options->KeyDirectory;
7110  break;
7111  default:
7112  tor_assert_unreached();
7113  break;
7114  }
7115  tor_assert(rootdir);
7116 
7117  if (!suffix)
7118  suffix = "";
7119 
7120  char *fname = NULL;
7121 
7122  if (sub1 == NULL) {
7123  tor_asprintf(&fname, "%s%s", rootdir, suffix);
7124  tor_assert(!sub2); /* If sub2 is present, sub1 must be present. */
7125  } else if (sub2 == NULL) {
7126  tor_asprintf(&fname, "%s"PATH_SEPARATOR"%s%s", rootdir, sub1, suffix);
7127  } else {
7128  tor_asprintf(&fname, "%s"PATH_SEPARATOR"%s"PATH_SEPARATOR"%s%s",
7129  rootdir, sub1, sub2, suffix);
7130  }
7131 
7132  return fname;
7133 }
7134 
7135 /** Check whether the data directory has a private subdirectory
7136  * <b>subdir</b>. If not, try to create it. Return 0 on success,
7137  * -1 otherwise. */
7138 int
7139 check_or_create_data_subdir(const char *subdir)
7140 {
7141  char *statsdir = get_datadir_fname(subdir);
7142  int return_val = 0;
7143 
7144  if (check_private_dir(statsdir, CPD_CREATE, get_options()->User) < 0) {
7145  log_warn(LD_HIST, "Unable to create %s/ directory!", subdir);
7146  return_val = -1;
7147  }
7148  tor_free(statsdir);
7149  return return_val;
7150 }
7151 
7152 /** Create a file named <b>fname</b> with contents <b>str</b> in the
7153  * subdirectory <b>subdir</b> of the data directory. <b>descr</b>
7154  * should be a short description of the file's content and will be
7155  * used for the warning message, if it's present and the write process
7156  * fails. Return 0 on success, -1 otherwise.*/
7157 int
7158 write_to_data_subdir(const char* subdir, const char* fname,
7159  const char* str, const char* descr)
7160 {
7161  char *filename = get_datadir_fname2(subdir, fname);
7162  int return_val = 0;
7163 
7164  if (write_str_to_file(filename, str, 0) < 0) {
7165  log_warn(LD_HIST, "Unable to write %s to disk!", descr ? descr : fname);
7166  return_val = -1;
7167  }
7168  tor_free(filename);
7169  return return_val;
7170 }
7171 
7172 /** Helper to implement GETINFO functions about configuration variables (not
7173  * their values). Given a "config/names" question, set *<b>answer</b> to a
7174  * new string describing the supported configuration variables and their
7175  * types. */
7176 int
7178  const char *question, char **answer,
7179  const char **errmsg)
7180 {
7181  (void) conn;
7182  (void) errmsg;
7183  if (!strcmp(question, "config/names")) {
7184  smartlist_t *sl = smartlist_new();
7186  SMARTLIST_FOREACH_BEGIN(vars, const config_var_t *, var) {
7187  /* don't tell controller about invisible options */
7188  if (! config_var_is_listable(var))
7189  continue;
7190  const char *type = struct_var_get_typename(&var->member);
7191  if (!type)
7192  continue;
7193  smartlist_add_asprintf(sl, "%s %s\n",var->member.name,type);
7194  } SMARTLIST_FOREACH_END(var);
7195  *answer = smartlist_join_strings(sl, "", 0, NULL);
7196  SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
7197  smartlist_free(sl);
7198  smartlist_free(vars);
7199  } else if (!strcmp(question, "config/defaults")) {
7200  smartlist_t *sl = smartlist_new();
7201  int dirauth_lines_seen = 0, fallback_lines_seen = 0;
7202  /* Possibly this should check whether the variables are listable,
7203  * but currently it does not. See ticket 31654. */
7205  SMARTLIST_FOREACH_BEGIN(vars, const config_var_t *, var) {
7206  if (var->initvalue != NULL) {
7207  if (strcmp(var->member.name, "DirAuthority") == 0) {
7208  /*
7209  * Count dirauth lines we have a default for; we'll use the
7210  * count later to decide whether to add the defaults manually
7211  */
7212  ++dirauth_lines_seen;
7213  }
7214  if (strcmp(var->member.name, "FallbackDir") == 0) {
7215  /*
7216  * Similarly count fallback lines, so that we can decide later
7217  * to add the defaults manually.
7218  */
7219  ++fallback_lines_seen;
7220  }
7221  char *val = esc_for_log(var->initvalue);
7222  smartlist_add_asprintf(sl, "%s %s\n",var->member.name,val);
7223  tor_free(val);
7224  }
7225  } SMARTLIST_FOREACH_END(var);
7226  smartlist_free(vars);
7227 
7228  if (dirauth_lines_seen == 0) {
7229  /*
7230  * We didn't see any directory authorities with default values,
7231  * so add the list of default authorities manually.
7232  */
7233 
7234  /*
7235  * default_authorities is defined earlier in this file and
7236  * is a const char ** NULL-terminated array of dirauth config
7237  * lines.
7238  */
7239  for (const char **i = default_authorities; *i != NULL; ++i) {
7240  char *val = esc_for_log(*i);
7241  smartlist_add_asprintf(sl, "DirAuthority %s\n", val);
7242  tor_free(val);
7243  }
7244  }
7245 
7246  if (fallback_lines_seen == 0 &&
7247  get_options()->UseDefaultFallbackDirs == 1) {
7248  /*
7249  * We didn't see any explicitly configured fallback mirrors,
7250  * so add the defaults to the list manually.
7251  *
7252  * default_fallbacks is included earlier in this file and
7253  * is a const char ** NULL-terminated array of fallback config lines.
7254  */
7255  const char **i;
7256 
7257  for (i = default_fallbacks; *i != NULL; ++i) {
7258  char *val = esc_for_log(*i);
7259  smartlist_add_asprintf(sl, "FallbackDir %s\n", val);
7260  tor_free(val);
7261  }
7262  }
7263 
7264  *answer = smartlist_join_strings(sl, "", 0, NULL);
7265  SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
7266  smartlist_free(sl);
7267  }
7268  return 0;
7269 }
7270 
7271 /* Check whether an address has already been set against the options
7272  * depending on address family and destination type. Any exsting
7273  * value will lead to a fail, even if it is the same value. If not
7274  * set and not only validating, copy it into this location too.
7275  * Returns 0 on success or -1 if this address is already set.
7276  */
7277 static int
7278 verify_and_store_outbound_address(sa_family_t family, tor_addr_t *addr,
7279  outbound_addr_t type, or_options_t *options, int validate_only)
7280 {
7281  if (type>=OUTBOUND_ADDR_MAX || (family!=AF_INET && family!=AF_INET6)) {
7282  return -1;
7283  }
7284  int fam_index=0;
7285  if (family==AF_INET6) {
7286  fam_index=1;
7287  }
7288  tor_addr_t *dest=&options->OutboundBindAddresses[type][fam_index];
7289  if (!tor_addr_is_null(dest)) {
7290  return -1;
7291  }
7292  if (!validate_only) {
7293  tor_addr_copy(dest, addr);
7294  }
7295  return 0;
7296 }
7297 
7298 /* Parse a list of address lines for a specific destination type.
7299  * Will store them into the options if not validate_only. If a
7300  * problem occurs, a suitable error message is store in msg.
7301  * Returns 0 on success or -1 if any address is already set.
7302  */
7303 static int
7304 parse_outbound_address_lines(const config_line_t *lines, outbound_addr_t type,
7305  or_options_t *options, int validate_only, char **msg)
7306 {
7307  tor_addr_t addr;
7308  sa_family_t family;
7309  while (lines) {
7310  family = tor_addr_parse(&addr, lines->value);
7311  if (verify_and_store_outbound_address(family, &addr, type,
7312  options, validate_only)) {
7313  if (msg)
7314  tor_asprintf(msg, "Multiple%s%s outbound bind addresses "
7315  "configured: %s",
7316  family==AF_INET?" IPv4":(family==AF_INET6?" IPv6":""),
7317  type==OUTBOUND_ADDR_OR?" OR":
7318  (type==OUTBOUND_ADDR_EXIT?" exit":
7319  (type==OUTBOUND_ADDR_PT?" PT":"")), lines->value);
7320  return -1;
7321  }
7322  lines = lines->next;
7323  }
7324  return 0;
7325 }
7326 
7327 /** Parse outbound bind address option lines. If <b>validate_only</b>
7328  * is not 0 update OutboundBindAddresses in <b>options</b>.
7329  * Only one address can be set for any of these values.
7330  * On failure, set <b>msg</b> (if provided) to a newly allocated string
7331  * containing a description of the problem and return -1.
7332  */
7333 static int
7334 parse_outbound_addresses(or_options_t *options, int validate_only, char **msg)
7335 {
7336  if (!validate_only) {
7337  memset(&options->OutboundBindAddresses, 0,
7338  sizeof(options->OutboundBindAddresses));
7339  }
7340 
7341  if (parse_outbound_address_lines(options->OutboundBindAddress,
7342  OUTBOUND_ADDR_ANY, options,
7343  validate_only, msg) < 0) {
7344  goto err;
7345  }
7346 
7347  if (parse_outbound_address_lines(options->OutboundBindAddressOR,
7348  OUTBOUND_ADDR_OR, options, validate_only,
7349  msg) < 0) {
7350  goto err;
7351  }
7352 
7353  if (parse_outbound_address_lines(options->OutboundBindAddressExit,
7354  OUTBOUND_ADDR_EXIT, options, validate_only,
7355  msg) < 0) {
7356  goto err;
7357  }
7358 
7359  if (parse_outbound_address_lines(options->OutboundBindAddressPT,
7360  OUTBOUND_ADDR_PT, options, validate_only,
7361  msg) < 0) {
7362  goto err;
7363  }
7364 
7365  return 0;
7366  err:
7367  return -1;
7368 }
7369 
7370 /** Load one of the geoip files, <a>family</a> determining which
7371  * one. <a>default_fname</a> is used if on Windows and
7372  * <a>fname</a> equals "<default>". */
7373 static void
7375  const char *fname,
7376  const char *default_fname)
7377 {
7378  const or_options_t *options = get_options();
7379  const char *msg = "";
7380  int severity = options_need_geoip_info(options, &msg) ? LOG_WARN : LOG_INFO;
7381  int r;
7382 
7383 #ifdef _WIN32
7384  char *free_fname = NULL; /* Used to hold any temporary-allocated value */
7385  /* XXXX Don't use this "<default>" junk; make our filename options
7386  * understand prefixes somehow. -NM */
7387  if (!strcmp(fname, "<default>")) {
7388  const char *conf_root = get_windows_conf_root();
7389  tor_asprintf(&free_fname, "%s\\%s", conf_root, default_fname);
7390  fname = free_fname;
7391  }
7392  r = geoip_load_file(family, fname, severity);
7393  tor_free(free_fname);
7394 #else /* !defined(_WIN32) */
7395  (void)default_fname;
7396  r = geoip_load_file(family, fname, severity);
7397 #endif /* defined(_WIN32) */
7398 
7399  if (r < 0 && severity == LOG_WARN) {
7400  log_warn(LD_GENERAL, "%s", msg);
7401  }
7402 }
7403 
7404 /** Load geoip files for IPv4 and IPv6 if <a>options</a> and
7405  * <a>old_options</a> indicate we should. */
7406 static void
7408  const or_options_t *old_options)
7409 {
7410  /* XXXX Reload GeoIPFile on SIGHUP. -NM */
7411 
7412  if (options->GeoIPFile &&
7413  ((!old_options || !opt_streq(old_options->GeoIPFile,
7414  options->GeoIPFile))
7415  || !geoip_is_loaded(AF_INET))) {
7416  config_load_geoip_file_(AF_INET, options->GeoIPFile, "geoip");
7417  /* Okay, now we need to maybe change our mind about what is in
7418  * which country. We do this for IPv4 only since that's what we
7419  * store in node->country. */
7421  }
7422  if (options->GeoIPv6File &&
7423  ((!old_options || !opt_streq(old_options->GeoIPv6File,
7424  options->GeoIPv6File))
7425  || !geoip_is_loaded(AF_INET6))) {
7426  config_load_geoip_file_(AF_INET6, options->GeoIPv6File, "geoip6");
7427  }
7428 }
7429 
7430 /** Initialize cookie authentication (used so far by the ControlPort
7431  * and Extended ORPort).
7432  *
7433  * Allocate memory and create a cookie (of length <b>cookie_len</b>)
7434  * in <b>cookie_out</b>.
7435  * Then write it down to <b>fname</b> and prepend it with <b>header</b>.
7436  *
7437  * If <b>group_readable</b> is set, set <b>fname</b> to be readable
7438  * by the default GID.
7439  *
7440  * If the whole procedure was successful, set
7441  * <b>cookie_is_set_out</b> to True. */
7442 int
7443 init_cookie_authentication(const char *fname, const char *header,
7444  int cookie_len, int group_readable,
7445  uint8_t **cookie_out, int *cookie_is_set_out)
7446 {
7447  char cookie_file_str_len = strlen(header) + cookie_len;
7448  char *cookie_file_str = tor_malloc(cookie_file_str_len);
7449  int retval = -1;
7450 
7451  /* We don't want to generate a new cookie every time we call
7452  * options_act(). One should be enough. */
7453  if (*cookie_is_set_out) {
7454  retval = 0; /* we are all set */
7455  goto done;
7456  }
7457 
7458  /* If we've already set the cookie, free it before re-setting
7459  it. This can happen if we previously generated a cookie, but
7460  couldn't write it to a disk. */
7461  if (*cookie_out)
7462  tor_free(*cookie_out);
7463 
7464  /* Generate the cookie */
7465  *cookie_out = tor_malloc(cookie_len);
7466  crypto_rand((char *)*cookie_out, cookie_len);
7467 
7468  /* Create the string that should be written on the file. */
7469  memcpy(cookie_file_str, header, strlen(header));
7470  memcpy(cookie_file_str+strlen(header), *cookie_out, cookie_len);
7471  if (write_bytes_to_file(fname, cookie_file_str, cookie_file_str_len, 1)) {
7472  log_warn(LD_FS,"Error writing auth cookie to %s.", escaped(fname));
7473  goto done;
7474  }
7475 
7476 #ifndef _WIN32
7477  if (group_readable) {
7478  if (chmod(fname, 0640)) {
7479  log_warn(LD_FS,"Unable to make %s group-readable.", escaped(fname));
7480  }
7481  }
7482 #else /* defined(_WIN32) */
7483  (void) group_readable;
7484 #endif /* !defined(_WIN32) */
7485 
7486  /* Success! */
7487  log_info(LD_GENERAL, "Generated auth cookie file in '%s'.", escaped(fname));
7488  *cookie_is_set_out = 1;
7489  retval = 0;
7490 
7491  done:
7492  memwipe(cookie_file_str, 0, cookie_file_str_len);
7493  tor_free(cookie_file_str);
7494  return retval;
7495 }
7496 
7497 /**
7498  * Return true if any option is set in <b>options</b> to make us behave
7499  * as a client.
7500  */
7501 int
7503 {
7504  return (options->SocksPort_set ||
7505  options->TransPort_set ||
7506  options->NATDPort_set ||
7507  options->DNSPort_set ||
7508  options->HTTPTunnelPort_set);
7509 }
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1199
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
int string_is_valid_ipv4_address(const char *string)
Definition: address.c:2133
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1349
int tor_addr_port_parse(int severity, const char *addrport, tor_addr_t *address_out, uint16_t *port_out, int default_port)
Definition: address.c:1857
int tor_addr_is_loopback(const tor_addr_t *addr)
Definition: address.c:805
int tor_addr_is_v4(const tor_addr_t *addr)
Definition: address.c:750
int tor_addr_port_split(int severity, const char *addrport, char **address_out, uint16_t *port_out)
Definition: address.c:1916
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
#define fmt_and_decorate_addr(a)
Definition: address.h:243
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:327
#define tor_addr_eq(a, b)
Definition: address.h:280
void addressmap_clear_invalid_automaps(const or_options_t *options)
Definition: addressmap.c:271
void addressmap_register(const char *address, char *new_address, time_t expires, addressmap_entry_source_t source, const int wildcard_addr, const int wildcard_new_addr, uint64_t stream_id)
Definition: addressmap.c:576
void addressmap_clear_configured(void)
Definition: addressmap.c:304
void addressmap_clear_excluded_trackexithosts(const or_options_t *options)
Definition: addressmap.c:197
int parse_virtual_addr_network(const char *val, sa_family_t family, int validate_only, char **msg)
Definition: addressmap.c:802
Header for addressmap.c.
Header file for directory authority mode.
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:506
void mark_bridge_list(void)
Definition: bridges.c:84
void sweep_bridge_list(void)
Definition: bridges.c:95
int transport_is_needed(const char *transport_name)
Definition: bridges.c:510
void bridge_add_from_config(bridge_line_t *bridge_line)
Definition: bridges.c:527
Header file for circuitbuild.c.
Header file for channel.c.
void circuit_mark_all_dirty_circs_as_unusable(void)
Definition: circuitlist.c:2064
void circuit_mark_all_unused_circs(void)
Definition: circuitlist.c:2045
Header file for circuitlist.c.
Header file for circuitmux.c.
void cmux_ewma_set_options(const or_options_t *options, const networkstatus_t *consensus)
Header file for circuitmux_ewma.c.
int circuit_build_times_disabled_(const or_options_t *options, int ignore_consensus)
Definition: circuitstats.c:124
Header file for circuitstats.c.
#define ARRAY_LENGTH(x)
void suppress_libevent_log_msg(const char *msg)
const char * tor_libevent_get_version_str(void)
void tor_libevent_initialize(tor_libevent_cfg_t *torcfg)
const char * tor_libevent_get_header_version_str(void)
void configure_libevent_logging(void)
size_t atomic_counter_exchange(atomic_counter_t *counter, size_t newval)
void atomic_counter_init(atomic_counter_t *counter)
size_t atomic_counter_get(atomic_counter_t *counter)
void atomic_counter_destroy(atomic_counter_t *counter)
int tor_compress_supports_method(compress_method_t method)
Definition: compress.c:304
const char * tor_compress_header_version_str(compress_method_t method)
Definition: compress.c:438
const char * tor_compress_version_str(compress_method_t method)
Definition: compress.c:417
Headers for compress.c.
Read configuration files from disk, with full include support.
int config_get_lines_include(const char *string, struct config_line_t **result, int extended, int *has_include, struct smartlist_t *opened_lst)
Definition: conffile.c:49
int config_ensure_bandwidth_cap(uint64_t *value, const char *desc, char **msg)
Definition: config.c:2951
const char * short_name
Definition: config.c:2436
static void options_commit_listener_transaction(listener_transaction_t *xn)
Definition: config.c:1679
static int compute_group_readable_flag(const char *datadir, const char *subdir, int datadir_gr, int subdir_gr)
Definition: config.c:1492
static int validate_transport_socks_arguments(const smartlist_t *args)
Definition: config.c:5036
void options_init(or_options_t *options)
Definition: config.c:2882
int options_save_current(void)
Definition: config.c:7034
#define MIN_REND_POST_PERIOD
Definition: config.c:2969
static const char * default_fallbacks[]
Definition: config.c:769
static void print_usage(void)
Definition: config.c:2676
const smartlist_t * get_configured_ports(void)
Definition: config.c:6687
static config_line_t * get_options_defaults(void)
Definition: config.c:933
takes_argument_t
Definition: config.c:2421
@ ARGUMENT_NONE
Definition: config.c:2423
@ ARGUMENT_NECESSARY
Definition: config.c:2425
@ ARGUMENT_OPTIONAL
Definition: config.c:2427
STATIC void add_default_trusted_dir_authorities(dirinfo_type_t type)
Definition: config.c:1185
int pt_parse_transport_line(const or_options_t *options, const char *line, int validate_only, int server)
Definition: config.c:5275
#define OR_OPTIONS_MAGIC
Definition: config.c:845
static char * get_data_directory(const char *val)
Definition: config.c:6869
#define MAX_MAX_CIRCUIT_DIRTINESS
Definition: config.c:2986
#define MIN_MAX_CIRCUIT_DIRTINESS
Definition: config.c:2982
static void warn_nonlocal_client_ports(const smartlist_t *ports, const char *portname, const int listener_type)
Definition: config.c:5866
static void set_protocol_warning_severity_level(int warning_severity)
Definition: config.c:1150
static int validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
Definition: config.c:2927
void bridge_line_free_(bridge_line_t *bridge_line)
Definition: config.c:5070
int get_num_cpus(const or_options_t *options)
Definition: config.c:7047
static void list_deprecated_options(void)
Definition: config.c:2707
or_options_t * get_options_mutable(void)
Definition: config.c:910
void add_default_fallback_dir_servers(void)
Definition: config.c:1199
static const config_var_t option_vars_[]
Definition: config.c:312
parsed_cmdline_t * config_parse_commandline(int argc, char **argv, int ignore_errors)
Definition: config.c:2513
or_options_t * options_new(void)
Definition: config.c:2872
static atomic_counter_t protocol_warning_severity_level
Definition: config.c:1138
static int write_configuration_file(const char *fname, const or_options_t *options)
Definition: config.c:6958
STATIC int options_act_reversible(const or_options_t *old_options, char **msg)
Definition: config.c:1891
#define MIN_CIRCUIT_STREAM_TIMEOUT
Definition: config.c:2990
STATIC void or_options_free_(or_options_t *options)
Definition: config.c:1031
static bool testing_network_configured
Definition: config.c:928
static char * load_torrc_from_stdin(void)
Definition: config.c:4381
static void list_torrc_options(void)
Definition: config.c:2689
static int validate_data_directories(or_options_t *options)
Definition: config.c:6908
static int in_option_validation
Definition: config.c:884
int getinfo_helper_config(control_connection_t *conn, const char *question, char **answer, const char **errmsg)
Definition: config.c:7177
#define MAX_DIR_PERIOD
Definition: config.c:2978
static void print_library_versions(void)
Definition: config.c:2730
char * get_first_listener_addrport_string(int listener_type)
Definition: config.c:6704
static int opt_streq(const char *s1, const char *s2)
Definition: config.c:4148
port_cfg_t * port_cfg_new(size_t namelen)
Definition: config.c:5837
STATIC int parse_ports(or_options_t *options, int validate_only, char **msg, int *n_ports_out, int *world_writable_control_socket)
Definition: config.c:6526
int consider_adding_dir_servers(const or_options_t *options, const or_options_t *old_options)
Definition: config.c:1267
static const char * default_authorities[]
Definition: config.c:759
static int options_transition_affects_guards(const or_options_t *old_options, const or_options_t *new_options)
Definition: config.c:2001
static int warn_if_option_path_is_relative(const char *option, const char *filepath)
Definition: config.c:3080
char * options_get_dir_fname2_suffix(const or_options_t *options, directory_root_t roottype, const char *sub1, const char *sub2, const char *suffix)
Definition: config.c:7096
#define V_D(member, type, initvalue)
Definition: config.c:287
int options_init_from_torrc(int argc, char **argv)
Definition: config.c:4448
static or_options_t * global_options
Definition: config.c:870
static void config_load_geoip_file_(sa_family_t family, const char *fname, const char *default_fname)
Definition: config.c:7374
static const config_abbrev_t option_abbrevs_[]
Definition: config.c:192
#define OBSOLETE(varname)
Definition: config.c:291
int quiet
Definition: config.c:2442
void port_cfg_free_(port_cfg_t *port)
Definition: config.c:5858
static int options_switch_id(char **msg_out)
Definition: config.c:1460
static int handle_cmdline_master_key(tor_cmdline_mode_t command, const char *value)
Definition: config.c:2851
takes_argument_t takes_argument
Definition: config.c:2438
STATIC void options_commit_log_transaction(log_transaction_t *xn)
Definition: config.c:1807
static void options_rollback_listener_transaction(struct listener_transaction_t *xn)
Definition: config.c:1720
static char * find_torrc_filename(const config_line_t *cmd_arg, int defaults_file, int *using_default_fname, int *ignore_missing_torrc)
Definition: config.c:4306
STATIC int open_and_add_file_log(const log_severity_list_t *severity, const char *filename, int truncate_log)
Definition: config.c:4842
static or_options_t * global_default_options
Definition: config.c:873
static void cleanup_protocol_warning_severity_level(void)
Definition: config.c:1171
static int parse_outbound_addresses(or_options_t *options, int validate_only, char **msg)
Definition: config.c:7334
STATIC int options_create_directories(char **msg_out)
Definition: config.c:1518
int portconf_get_first_advertised_port(int listener_type, int address_family)
Definition: config.c:6787
const or_options_t * get_options(void)
Definition: config.c:919
STATIC log_transaction_t * options_start_log_transaction(const or_options_t *old_options, char **msg_out)
Definition: config.c:1772
static char * torrc_defaults_fname
Definition: config.c:877
static const char * get_default_conf_file(int defaults_file)
Definition: config.c:4272
static int handle_cmdline_passphrase_fd(tor_cmdline_mode_t command, const char *value)
Definition: config.c:2827
const char * name
Definition: config.c:2434
int port_cfg_line_extract_addrport(const char *line, char **addrport_out, int *is_unix_out, const char **rest_out)
Definition: config.c:5944
int check_or_create_data_subdir(const char *subdir)
Definition: config.c:7139
STATIC const config_mgr_t * get_options_mgr(void)
Definition: config.c:893
static listener_transaction_t * options_start_listener_transaction(const or_options_t *old_options, char **msg_out)
Definition: config.c:1594
int options_any_client_port_set(const or_options_t *options)
Definition: config.c:7502
int create_keys_directory(const or_options_t *options)
Definition: config.c:1375
#define MAX_CIRCS_AVAILABLE_TIME
Definition: config.c:2975
void init_protocol_warning_severity_level(void)
Definition: config.c:1161
static int check_and_create_data_directory(int create, const char *directory, int group_readable, const char *owner, char **msg_out)
Definition: config.c:1338
static int handle_cmdline_no_passphrase(tor_cmdline_mode_t command)
Definition: config.c:2773
int get_protocol_warning_severity_level(void)
Definition: config.c:1143
static int warn_about_relative_paths(const or_options_t *options)
Definition: config.c:3099
static char * torrc_fname
Definition: config.c:875
const tor_addr_t * portconf_get_first_advertised_addr(int listener_type, int address_family)
Definition: config.c:6799
int parse_dir_fallback_line(const char *line, int validate_only)
Definition: config.c:5727
char * options_dump(const or_options_t *options, int how_to_dump)
Definition: config.c:2902
int option_is_recognized(const char *key)
Definition: config.c:2628
setopt_err_t options_trial_assign(config_line_t *list, unsigned flags, char **msg)
Definition: config.c:2659
static int options_init_log_granularity(const or_options_t *options, int validate_only)
Definition: config.c:4861
STATIC int options_act(const or_options_t *old_options)
Definition: config.c:2035
#define RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT
Definition: config.c:2997
STATIC int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only)
Definition: config.c:5548
#define VAR(varname, conftype, member, initvalue)
Definition: config.c:259
STATIC int options_init_logs(const or_options_t *old_options, const or_options_t *options, int validate_only)
Definition: config.c:4900
STATIC void options_rollback_log_transaction(log_transaction_t *xn)
Definition: config.c:1861
static int validate_dir_servers(const or_options_t *options, const or_options_t *old_options)
Definition: config.c:1215
const char * safe_str_client_opts(const or_options_t *options, const char *address)
Definition: config.c:1072
static int handle_cmdline_format(tor_cmdline_mode_t command, const char *value)
Definition: config.c:2786
#define VPORT(member)
Definition: config.c:300
static bool have_set_startup_options
Definition: config.c:886
#define GENERATED_FILE_PREFIX
Definition: config.c:6946
const char * safe_str_opts(const or_options_t *options, const char *address)
Definition: config.c:1093
void parsed_cmdline_free_(parsed_cmdline_t *cmdline)
Definition: config.c:2617
const char * option_get_canonical_name(const char *key)
Definition: config.c:2636
static const config_format_t options_format
Definition: config.c:848
static int options_act_once_on_startup(char **msg_out)
Definition: config.c:1400
static char * load_torrc_from_disk(const config_line_t *cmd_arg, int defaults_file)
Definition: config.c:4396
static void config_maybe_load_geoip_files_(const or_options_t *options, const or_options_t *old_options)
Definition: config.c:7407
static const struct @0 testing_tor_network_defaults[]
const char * get_torrc_fname(int defaults_fname)
Definition: config.c:4738
static int options_check_transition_cb(const void *old, const void *new, char **msg)
Definition: config.c:4155
int set_options(or_options_t *new_val, char **msg)
Definition: config.c:955
bridge_line_t * parse_bridge_line(const char *line)
Definition: config.c:5096
static void warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid_nonlocal)
Definition: config.c:5896
const char * escaped_safe_str_client(const char *address)
Definition: config.c:1110
DUMMY_TYPECHECK_INSTANCE(or_options_t)
static int handle_cmdline_newpass(tor_cmdline_mode_t command)
Definition: config.c:2814
int addressmap_register_auto(const char *from, const char *to, time_t expires, addressmap_entry_source_t addrmap_source, const char **msg)
Definition: config.c:4798
int options_need_geoip_info(const or_options_t *options, const char **reason_out)
Definition: config.c:1958
#define UINT64_MAX_STRING
Definition: config.c:306
void config_register_addressmaps(const or_options_t *options)
Definition: config.c:4752
static void options_clear_cb(const config_mgr_t *mgr, void *opts)
Definition: config.c:999
void config_free_all(void)
Definition: config.c:1039
static const port_cfg_t * portconf_get_first_advertised(int listener_type, int address_family)
Definition: config.c:6757
int port_count_real_listeners(const smartlist_t *ports, int listenertype, int count_sockets)
Definition: config.c:6501
static void init_libevent(const or_options_t *options)
Definition: config.c:7061
int port_exists_by_type_addr_port(int listener_type, const tor_addr_t *addr, int port, int check_wildcard)
Definition: config.c:6814
static int parse_dirauth_dirport(dir_server_t *ds, const char *flag)
Definition: config.c:5484
tor_cmdline_mode_t command
Definition: config.c:2440
int init_cookie_authentication(const char *fname, const char *header, int cookie_len, int group_readable, uint8_t **cookie_out, int *cookie_is_set_out)
Definition: config.c:7443
static const struct @1 CMDLINE_ONLY_OPTIONS[]
setopt_err_t options_init_from_string(const char *cf_defaults, const char *cf, int command, const char *command_arg, char **msg)
Definition: config.c:4628
static int options_validate_cb(const void *old_options, void *options, char **msg)
Definition: config.c:3244
static void list_enabled_modules(void)
Definition: config.c:2719
static setopt_err_t options_validate_and_set(const or_options_t *old_options, or_options_t *new_options, char **msg_out)
Definition: config.c:3008
static smartlist_t * configured_ports
Definition: config.c:881
config_line_t * option_get_assignment(const or_options_t *options, const char *key)
Definition: config.c:2644
const char * escaped_safe_str(const char *address)
Definition: config.c:1122
STATIC int parse_tcp_proxy_line(const char *line, or_options_t *options, char **msg)
Definition: config.c:5212
#define DOWNLOAD_SCHEDULE(name)
Definition: config.c:184
int write_to_data_subdir(const char *subdir, const char *fname, const char *str, const char *descr)
Definition: config.c:7158
int port_parse_config(smartlist_t *out, const config_line_t *ports, const char *portname, int listener_type, const char *defaultaddr, int defaultport, const unsigned flags)
Definition: config.c:6034
static parsed_cmdline_t * global_cmdline
Definition: config.c:879
#define GENERATED_FILE_COMMENT
Definition: config.c:6950
Header file for config.c.
#define MAX_DEFAULT_MEMORY_QUEUE_SIZE
Definition: config.h:31
#define CONFIG_BACKUP_PATTERN
Definition: config.h:48
#define MIN_HEARTBEAT_PERIOD
Definition: config.h:25
setopt_err_t
Definition: config.h:51
const config_line_t * config_line_find(const config_line_t *lines, const char *key)
Definition: confline.c:74
void config_line_append(config_line_t **lst, const char *key, const char *val)
Definition: confline.c:32
int config_lines_eq(const config_line_t *a, const config_line_t *b)
Definition: confline.c:287
Header for confline.c.
#define CONFIG_LINE_APPEND
Definition: confline.h:22
#define CONFIG_LINE_NORMAL
Definition: confline.h:19
#define END_OF_CONFIG_VARS
Definition: confmacros.h:22
void config_init(const config_mgr_t *mgr, void *options)
Definition: confmgt.c:1158
void config_mgr_freeze(config_mgr_t *mgr)
Definition: confmgt.c:285
void warn_deprecated_option(const char *what, const char *why)
Definition: confmgt.c:692
char * config_dump(const config_mgr_t *mgr, const void *default_options, const void *options, int minimal, int comment_defaults)
Definition: confmgt.c:1314
bool config_var_is_listable(const config_var_t *var)
Definition: confmgt.c:619
config_line_t * config_get_assigned_option(const config_mgr_t *mgr, const void *options, const char *key, int escape_val)
Definition: confmgt.c:843
config_line_t * config_get_changes(const config_mgr_t *mgr, const void *options1, const void *options2)
Definition: confmgt.c:1096
bool config_var_is_settable(const config_var_t *var)
Definition: confmgt.c:558
void * config_new(const config_mgr_t *mgr)
Definition: confmgt.c:387
config_mgr_t * config_mgr_new(const config_format_t *toplevel_fmt)
Definition: confmgt.c:145
const char * config_expand_abbrev(const config_mgr_t *mgr, const char *option, int command_line, int warn_obsolete)
Definition: confmgt.c:415
const char * config_find_option_name(const config_mgr_t *mgr, const char *key)
Definition: confmgt.c:513
validation_status_t config_validate(const config_mgr_t *mgr, const void *old_options, void *options, char **msg_out)
Definition: confmgt.c:1272
int config_assign(const config_mgr_t *mgr, void *options, config_line_t *list, unsigned config_assign_flags, char **msg)
Definition: confmgt.c:937
void * config_dup(const config_mgr_t *mgr, const void *old)
Definition: confmgt.c:1132
smartlist_t * config_mgr_list_deprecated_vars(const config_mgr_t *mgr)
Definition: confmgt.c:333
smartlist_t * config_mgr_list_vars(const config_mgr_t *mgr)
Definition: confmgt.c:319
Header for confmgt.c.
#define CAL_WARN_DEPRECATIONS
Definition: confmgt.h:63
validation_status_t
Definition: confmgt.h:83
#define PLURAL(tok)
Definition: conftypes.h:272
@ CONFIG_TYPE_FILENAME
Definition: conftypes.h:41
int retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
Definition: connection.c:3203
void connection_bucket_adjust(const or_options_t *options)
Definition: connection.c:3780
int conn_listener_type_supports_af_unix(int type)
Definition: connection.c:759
char * alloc_http_authenticator(const char *authenticator)
Definition: connection.c:4999
void connection_mark_all_noncontrol_connections(void)
Definition: connection.c:3319
void connection_check_oos(int n_socks, int failed)
Definition: connection.c:5438
Header file for connection.c.
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
Definition: connection.h:75
#define CONN_TYPE_CONTROL_LISTENER
Definition: connection.h:58
#define CONN_TYPE_EXT_OR_LISTENER
Definition: connection.h:73
#define MAX_SOCKS5_AUTH_SIZE_TOTAL
Definition: connection.h:215
#define MAX_SOCKS5_AUTH_FIELD_SIZE
Definition: connection.h:211
#define CONN_TYPE_AP_NATD_LISTENER
Definition: connection.h:66
#define CONN_TYPE_AP_LISTENER
Definition: connection.h:48
#define CONN_TYPE_AP_DNS_LISTENER
Definition: connection.h:68
#define CONN_TYPE_AP_TRANS_LISTENER
Definition: connection.h:63
Header file for connection_edge.c.
int address_is_invalid_destination(const char *address, int client)
Definition: addressmap.c:1082
Base connection structure.
void control_ports_write_to_file(void)
Definition: control.c:134
int control_connection_add_local_fd(tor_socket_t sock, unsigned flags)
Definition: control.c:95
void monitor_owning_controller_process(const char *process_spec)
Definition: control.c:571
Header file for control.c.
smartlist_t * decode_hashed_passwords(config_line_t *passwords)
Definition: control_auth.c:88
Header file for control_auth.c.
void control_adjust_event_log_severity(void)
void control_event_logmsg_pending(void)
void control_event_logmsg(int severity, log_domain_mask_t domain, const char *msg)
void control_event_conf_changed(const config_line_t *changes)
Header file for control_events.c.
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
const char * crypto_get_library_name(void)
Definition: crypto_init.c:178
const char * crypto_get_library_version_string(void)
Definition: crypto_init.c:191
Headers for crypto_init.c.
Headers for crypto_nss_mgt.c.
Headers for crypto_openssl_mgt.c.
void crypto_rand(char *to, size_t n)
Definition: crypto_rand.c:477
Common functions for using (pseudo-)random number generators.
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
const char * unescape_string(const char *s, char **result, size_t *size_out)
Definition: cstring.c:30
bool start_daemon_has_been_called(void)
Definition: daemon.c:46
int start_daemon(void)
Definition: daemon.c:58
int finish_daemon(const char *desired_cwd)
Definition: daemon.c:121
Header for daemon.c.
#define DIGEST_LEN
Definition: digest_sizes.h:20
#define DIGEST256_LEN
Definition: digest_sizes.h:23
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Definition: dir.c:71
unsigned int cpd_check_t
Definition: dir.h:20
int options_act_dirauth_mtbf(const or_options_t *old_options)
int options_act_dirauth_stats(const or_options_t *old_options, bool *print_notice_out)
int options_validate_dirauth_mode(const or_options_t *old_options, or_options_t *options, char **msg)
int options_act_dirauth(const or_options_t *old_options)
int options_validate_dirauth_testing(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_dirauth_schedule(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/dirauth/dirauth_config.c.
int dirclient_fetches_dir_info_later(const or_options_t *options)
int dirclient_fetches_dir_info_early(const or_options_t *options)
Header for feature/dirclient/dirclient_modes.c.
void trusted_dir_server_add_dirport(dir_server_t *ds, auth_dirport_usage_t usage, const tor_addr_port_t *dirport)
Definition: dirlist.c:477
dir_server_t * fallback_dir_server_new(const tor_addr_t *ipv4_addr, uint16_t ipv4_dirport, uint16_t ipv4_orport, const tor_addr_port_t *addrport_ipv6, const char *id_digest, double weight)
Definition: dirlist.c:553
void clear_dir_servers(void)
Definition: dirlist.c:600
void dir_server_add(dir_server_t *ent)
Definition: dirlist.c:564
dir_server_t * trusted_dir_server_new(const char *nickname, const char *address, uint16_t ipv4_dirport, uint16_t ipv4_orport, const tor_addr_port_t *ipv6_addrport, const char *digest, const char *v3_auth_digest, dirinfo_type_t type, double weight)
Definition: dirlist.c:419
Header file for dirlist.c.
auth_dirport_usage_t
Definition: dirlist.h:22
@ AUTH_USAGE_VOTING
Definition: dirlist.h:30
@ AUTH_USAGE_DOWNLOAD
Definition: dirlist.h:33
@ AUTH_USAGE_UPLOAD
Definition: dirlist.h:28
int dns_reset(void)
Definition: dns.c:230
Header file for dns.c.
int guards_update_all(void)
Definition: entrynodes.c:3727
Header file for circuitbuild.c.
const char * escaped(const char *s)
Definition: escape.c:126
char * esc_for_log(const char *s)
Definition: escape.c:30
Header for ext_orport.c.
int write_str_to_file(const char *fname, const char *str, int bin)
Definition: files.c:274
file_status_t file_status(const char *filename)
Definition: files.c:212
int tor_open_cloexec(const char *path, int flags, unsigned mode)
Definition: files.c:54
char * read_file_to_str_until_eof(int fd, size_t max_bytes_to_read, size_t *sz_out) ATTR_MALLOC
Definition: files.c:580
file_status_t
Definition: files.h:55
int replace_file(const char *from, const char *to)
Definition: files.c:117
int write_bytes_to_file(const char *fname, const char *str, size_t len, int bin)
Definition: files.c:545
int geoip_load_file(sa_family_t family, const char *filename, int severity)
Definition: geoip.c:324
int geoip_is_loaded(sa_family_t family)
Definition: geoip.c:458
Header file for geoip.c.
Header file for geoip_stats.c.
int should_record_bridge_info(const or_options_t *options)
Definition: geoip_stats.c:112
Header for gethostname.c.
void consider_hibernation(time_t now)
Definition: hibernate.c:1098
int we_are_hibernating(void)
Definition: hibernate.c:937
Header file for hibernate.c.
int hs_config_client_auth_all(const or_options_t *options, int validate_only)
Definition: hs_config.c:674
int hs_config_service_all(const or_options_t *options, int validate_only)
Definition: hs_config.c:609
Header file containing configuration ABI/API for the HS subsystem.
int hs_service_load_all_keys(void)
Definition: hs_service.c:4175
uint16_t sa_family_t
Definition: inaddr_st.h:77
int string_is_key_value(int severity, const char *string)
Definition: keyval.c:25
Header for keyval.c.
const char * tor_libc_get_name(void)
Definition: libc.c:32
const char * tor_libc_get_header_version_str(void)
Definition: libc.c:59
const char * tor_libc_get_version_str(void)
Definition: libc.c:44
Header for lib/osinfo/libc.c.
int add_file_log(const log_severity_list_t *severity, const char *filename, int fd)
Definition: log.c:1148
void flush_log_messages_from_startup(void)
Definition: log.c:1058
void mark_logs_temp(void)
Definition: log.c:1131
void rollback_log_changes(void)
Definition: log.c:1119
void logs_set_pending_callback_callback(pending_callback_callback cb)
Definition: log.c:967
int add_callback_log(const log_severity_list_t *severity, log_callback cb)
Definition: log.c:977
int get_min_log_level(void)
Definition: log.c:1426
void set_log_time_granularity(int granularity_msec)
Definition: log.c:247
void tor_log_update_sigsafe_err_fds(void)
Definition: log.c:625
void add_stream_log(const log_severity_list_t *severity, const char *name, int fd)
Definition: log.c:902
void logs_set_domain_logging(int enabled)
Definition: log.c:934
int parse_log_severity_config(const char **cfg_ptr, log_severity_list_t *severity_out)
Definition: log.c:1322
void close_temp_logs(void)
Definition: log.c:1095
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LOG_DEBUG
Definition: log.h:42
#define LD_OR
Definition: log.h:92
#define LD_FS
Definition: log.h:70
#define LD_BUG
Definition: log.h:86
#define LD_HIST
Definition: log.h:99
#define LD_NET
Definition: log.h:66
#define LD_GENERAL
Definition: log.h:62
#define LD_DIR
Definition: log.h:88
#define LOG_NOTICE
Definition: log.h:50
#define LD_CONFIG
Definition: log.h:68
#define LD_CIRC
Definition: log.h:82
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
#define bool_eq(a, b)
Definition: logic.h:16
int try_locking(const or_options_t *options, int err_if_locked)
Definition: main.c:667
int have_lockfile(void)
Definition: main.c:703
Header file for main.c.
void note_that_we_maybe_cant_complete_circuits(void)
Definition: mainloop.c:234
void tor_shutdown_event_loop_and_exit(int exitcode)
Definition: mainloop.c:764
void reset_main_loop_counters(void)
Definition: mainloop.c:518
int tor_event_loop_shutdown_is_pending(void)
Definition: mainloop.c:792
Header file for mainloop.c.
#define tor_free(p)
Definition: malloc.h:52
int get_total_system_memory(size_t *mem_out)
Definition: meminfo.c:129
Header for meminfo.c.
int metrics_parse_ports(or_options_t *options, smartlist_t *ports, char **err_msg_out)
Definition: metrics.c:175
Header for feature/metrics/metrics.c.
int net_is_disabled(void)
Definition: netstatus.c:25
Header for netstatus.c.
#define tor_socket_t
Definition: nettypes.h:36
networkstatus_t * networkstatus_get_latest_consensus(void)
void update_consensus_networkstatus_fetch_time(time_t now)
Header file for networkstatus.c.
int is_legal_nickname(const char *s)
Definition: nickname.c:19
Header file for nickname.c.
void router_dir_info_changed(void)
Definition: nodelist.c:2470
Header file for nodelist.c.
int compute_num_cpus(void)
Definition: numcpus.c:81
Header for numcpus.c.
Master header file for Tor-specific functionality.
addressmap_entry_source_t
Definition: or.h:915
@ ADDRMAPSRC_TORRC
Definition: or.h:923
#define CFG_AUTO_PORT
Definition: or.h:888
#define ISO_DEFAULT
Definition: or.h:872
#define ISO_CLIENTPROTO
Definition: or.h:860
#define ISO_DESTADDR
Definition: or.h:856
#define SESSION_GROUP_UNSET
Definition: or.h:875
#define ISO_SOCKSAUTH
Definition: or.h:858
#define ISO_DESTPORT
Definition: or.h:854
#define ISO_CLIENTADDR
Definition: or.h:862
dirinfo_type_t
Definition: or.h:785
@ V3_DIRINFO
Definition: or.h:788
@ BRIDGE_DIRINFO
Definition: or.h:790
@ EXTRAINFO_DIRINFO
Definition: or.h:792
@ MICRODESC_DIRINFO
Definition: or.h:794
@ TCP_PROXY_PROTOCOL_HAPROXY
Definition: or_options_st.h:54
outbound_addr_t
Definition: or_options_st.h:28
@ OUTBOUND_ADDR_OR
Definition: or_options_st.h:35
@ OUTBOUND_ADDR_EXIT
Definition: or_options_st.h:31
@ OUTBOUND_ADDR_ANY
Definition: or_options_st.h:45
@ OUTBOUND_ADDR_MAX
Definition: or_options_st.h:48
@ OUTBOUND_ADDR_PT
Definition: or_options_st.h:39
long tor_parse_long(const char *s, int base, long min, long max, int *ok, char **next)
Definition: parse_int.c:59
double tor_parse_double(const char *s, double min, double max, int *ok, char **next)
Definition: parse_int.c:97
char * expand_filename(const char *filename)
Definition: path.c:85
int path_is_relative(const char *filename)
Definition: path.c:145
char * make_path_absolute(const char *fname)
Definition: path.c:280
int write_pidfile(const char *filename)
Definition: pidfile.c:31
Header for pidfile.c.
int policies_parse_from_options(const or_options_t *options)
Definition: policies.c:1251
int validate_addr_policies(const or_options_t *options, char **msg)
Definition: policies.c:1138
Header file for policies.c.
Listener port configuration structure.
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
void tor_disable_spawning_background_processes(void)
Definition: process.c:132
Header for process.c.
int tor_validate_process_specifier(const char *process_spec, const char **msg)
Definition: procmon.c:157
Headers for procmon.c.
quiet_level_t quiet_level
Definition: quiet_level.c:20
void add_default_log_for_quiet_level(quiet_level_t quiet)
Definition: quiet_level.c:24
quiet_level_t
Definition: quiet_level.h:16
@ QUIET_SILENT
Definition: quiet_level.h:22
@ QUIET_HUSH
Definition: quiet_level.h:20
Header file for relay.c.
int options_act_relay_bandwidth(const or_options_t *old_options)
int options_validate_relay_padding(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:783
int options_act_relay_stats(const or_options_t *old_options, bool *print_notice_out)
void port_update_port_set_relay(or_options_t *options, const smartlist_t *ports)
Definition: relay_config.c:519
int options_act_relay(const or_options_t *old_options)
int options_validate_relay_accounting(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:917
int options_validate_relay_bandwidth(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:825
int options_validate_relay_os(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:549
int options_act_relay_dir(const or_options_t *old_options)
void port_warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname)
Definition: relay_config.c:118
int port_parse_ports_relay(or_options_t *options, char **msg, smartlist_t *ports_out, int *have_low_ports_out)
Definition: relay_config.c:438
int options_act_relay_accounting(const or_options_t *old_options)
void options_act_relay_stats_msg(void)
int options_validate_relay_info(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:586
int options_validate_publish_server(const or_options_t *old_options, or_options_t *options, char **msg)
Definition: relay_config.c:726
int options_act_relay_dos(const or_options_t *old_options)
int options_act_relay_desc(const or_options_t *old_options)
int options_act_bridge_stats(const or_options_t *old_options)
int options_validate_relay_testing(const or_options_t *old_options, or_options_t *options, char **msg)
int options_validate_relay_mode(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/relay/relay_config.c.
int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out, uint16_t *port_out)
Definition: resolve.c:252
Header for resolve.c.
int set_max_file_descriptors(rlim_t limit, int *max_out)
Definition: restrict.c:183
int tor_disable_debugger_attach(void)
Definition: restrict.c:43
int tor_mlockall(void)
Definition: restrict.c:117
Header for restrict.c.
uint16_t router_get_active_listener_port_by_type_af(int listener_type, sa_family_t family)
Definition: router.c:1482
void refresh_all_country_info(void)
Definition: routerlist.c:3284
Header file for routerlist.c.
int public_server_mode(const or_options_t *options)
Definition: routermode.c:43
int server_mode(const or_options_t *options)
Definition: routermode.c:34
Header file for routermode.c.
int routerset_needs_geoip(const routerset_t *set)
Definition: routerset.c:197
int routerset_equal(const routerset_t *old, const routerset_t *new)
Definition: routerset.c:439
int routerset_is_list(const routerset_t *set)
Definition: routerset.c:188
int routerset_add_unknown_ccs(routerset_t **setp, int only_if_some_cc_set)
Definition: routerset.c:272
int routerset_parse(routerset_t *target, const char *s, const char *description)
Definition: routerset.c:115
int routerset_len(const routerset_t *set)
Definition: routerset.c:212
routerset_t * routerset_new(void)
Definition: routerset.c:51
void routerset_union(routerset_t *target, const routerset_t *source)
Definition: routerset.c:174
Header file for routerset.c.
int sandbox_is_active(void)
Definition: sandbox.c:1953
Header file for sandbox.c.
void scheduler_conf_changed(void)
Definition: scheduler.c:452
Header file for scheduler*.c.
int switch_id(const char *user, const unsigned flags)
Definition: setuid.c:230
Header for setuid.c.
#define SWITCH_ID_WARN_IF_NO_CAPS
Definition: setuid.h:19
#define SWITCH_ID_KEEP_BINDLOW
Definition: setuid.h:17
static const char default_fname[]
int smartlist_strings_eq(const smartlist_t *sl1, const smartlist_t *sl2)
Definition: smartlist.c:157
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
Definition: smartlist.c:36
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
void smartlist_del_keeporder(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
void check_network_configuration(bool server_mode)
Definition: socket.c:69
int get_n_open_sockets(void)
Definition: socket.c:440
int or_state_loaded(void)
Definition: statefile.c:228
int or_state_load(void)
Definition: statefile.c:412
Header for statefile.c.
unsigned int command
Definition: confline.h:35
unsigned int cache_ipv4_answers
unsigned int socks_iso_keep_alive
unsigned int use_cached_ipv4_answers
unsigned int prefer_ipv6_virtaddr
unsigned int socks_prefer_no_auth
unsigned int extended_socks5_codes
smartlist_t * new_listeners
Definition: config.c:1577
unsigned old_conn_limit
Definition: config.c:1576
bool logs_initialized
Definition: config.c:1753
int old_min_log_level
Definition: config.c:1749
bool safelogging_changed
Definition: config.c:1756
struct config_line_t * ControlPort_lines
int ExitPortStatistics
tor_addr_t Socks4ProxyAddr
int MaxCircuitDirtiness
tor_addr_t HTTPProxyAddr
uint64_t MaxMemInQueues
int KISTSchedRunInterval
struct config_line_t * MyFamily
struct config_line_t * NATDPort_lines
int DirReqStatistics_option
int GeoIPExcludeUnknown
char * CacheDirectory
Definition: or_options_st.h:94
struct config_line_t * AlternateBridgeAuthority
tor_addr_t HTTPSProxyAddr
char * SyslogIdentityTag
Definition: or_options_st.h:79
uint16_t Socks4ProxyPort
int ConnLimit_high_thresh
char * KeyDirectory
Definition: or_options_st.h:89
struct routerset_t * ExcludeExitNodes
int TestingEnableConnBwEvent
struct config_line_t * OutboundBindAddressExit
struct config_line_t * DNSPort_lines
char * BridgePassword_AuthDigest_
char * BridgePassword
char * HTTPSProxy
uint64_t MaxMemInQueues_low_threshold
char * SafeLogging
char * command_arg
Definition: or_options_st.h:69
struct smartlist_t * RejectPlaintextPorts
tor_addr_t TCPProxyAddr
struct config_line_t * Logs
Definition: or_options_st.h:71
struct routerset_t * ExcludeExitNodesUnion_
int TestingDirConnectionMaxStall
int ClientBootstrapConsensusMaxInProgressTries
int ConnLimit_low_thresh
char * CookieAuthFile
struct smartlist_t * WarnPlaintextPorts
struct smartlist_t * TrackHostExits
struct smartlist_t * FirewallPorts
int TestingClientMaxIntervalWithoutRequest
char * HTTPProxy
struct smartlist_t * Schedulers
tcp_proxy_protocol_t TCPProxyProtocol
int FetchDirInfoExtraEarly
struct config_line_t * ClientTransportPlugin
struct config_line_t * OutboundBindAddressPT
struct smartlist_t * SchedulerTypes_
char * TransProxyType
uint64_t BandwidthRate
struct config_line_t * DirAuthorities
struct config_line_t * Bridges
int ControlSocketsGroupWritable
uint64_t OwningControllerFD
double KISTSockBufSizeFactor
struct config_line_t * ControlSocket
struct config_line_t * OutboundBindAddress
int UseDefaultFallbackDirs
struct config_line_t * AlternateDirAuthority
int DataDirectoryGroupReadable
Definition: or_options_st.h:85
int CacheDirectoryGroupReadable
Definition: or_options_st.h:95
int KeyDirectoryGroupReadable
Definition: or_options_st.h:90
char * KeyDirectory_option
Definition: or_options_st.h:87
struct smartlist_t * NodeFamilySets
uint64_t ConstrainedSockSize
struct config_line_t * AddressMap
struct smartlist_t * FilesOpenedByIncludes
int HiddenServiceStatistics_option
char * HTTPProxyAuthenticator
int CircuitBuildTimeout
struct config_line_t * HashedControlPassword
int TokenBucketRefillInterval
char * GeoIPFile
int LearnCircuitBuildTimeout
struct config_line_t * FallbackDir
char * Socks5Proxy
struct routerset_t * EntryNodes
int HiddenServiceStatistics
int UsingTestNetworkDefaults_
int UnixSocksGroupWritable
int KeepBindCapabilities
struct config_line_t * NodeFamilies
int CookieAuthentication
char * Socks4Proxy
int ConstrainedSockets
char * VirtualAddrNetworkIPv6
struct routerset_t * ExcludeNodes
char * OwningControllerProcess
struct config_line_t * ReachableORAddresses
char * Socks5ProxyUsername
struct config_line_t * HashedControlSessionPassword
char * Socks5ProxyPassword
int CookieAuthFileGroupReadable
int TestingEnableCellStatsEvent
struct routerset_t * ExitNodes
tor_addr_t Socks5ProxyAddr
int DormantClientTimeout
struct config_line_t * ReachableDirAddresses
int MaxClientCircuitsPending
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
int LogMessageDomains
Definition: or_options_st.h:75
struct routerset_t * HSLayer2Nodes
char * CacheDirectory_option
Definition: or_options_st.h:92
uint16_t TCPProxyPort
struct config_line_t * OutboundBindAddressOR
int CircuitsAvailableTimeout
uint16_t Socks5ProxyPort
enum or_options_t::@2 TransProxyType_parsed
struct smartlist_t * AutomapHostsSuffixes
int ConnDirectionStatistics
char * VirtualAddrNetworkIPv4
int AssumeReachableIPv6
int AutomapHostsOnResolve
char * HTTPSProxyAuthenticator
int CircuitStreamTimeout
tor_cmdline_mode_t command
Definition: or_options_st.h:68
int DisableDebuggerAttachment
uint16_t HTTPProxyPort
struct config_line_t * TransPort_lines
char * DataDirectory
Definition: or_options_st.h:84
struct smartlist_t * LongLivedPorts
int LogTimeGranularity
Definition: or_options_st.h:73
struct config_line_t * RendConfigLines
struct config_line_t * ReachableAddresses
int HiddenServiceSingleHopMode
double PathsNeededToBuildCircuits
int UseEntryGuards_option
struct config_line_t * HTTPTunnelPort_lines
char * DataDirectory_option
Definition: or_options_st.h:82
int ClientDNSRejectInternalAddresses
struct routerset_t * MiddleNodes
struct config_line_t * SocksPort_lines
uint16_t HTTPSProxyPort
uint64_t BandwidthBurst
struct routerset_t * HSLayer3Nodes
const char * command_arg
Definition: config.h:201
quiet_level_t quiet_level
Definition: config.h:203
struct config_line_t * cmdline_opts
Definition: config.h:194
struct config_line_t * other_opts
Definition: config.h:197
tor_cmdline_mode_t command
Definition: config.h:199
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: port_cfg_st.h:38
uint8_t type
Definition: port_cfg_st.h:23
unsigned is_unix_addr
Definition: port_cfg_st.h:24
entry_port_cfg_t entry_cfg
Definition: port_cfg_st.h:32
tor_addr_t addr
Definition: port_cfg_st.h:20
const char * struct_var_get_typename(const struct_member_t *member)
Definition: structvar.c:225
Header for lib/confmgt/structvar.c.
int subsystems_set_options(const config_mgr_t *mgr, struct or_options_t *options)
Definition: subsysmgr.c:410
void subsystems_prefork(void)
Definition: subsysmgr.c:237
void subsystems_postfork(void)
Definition: subsysmgr.c:258
void subsystems_dump_list(void)
Definition: subsysmgr.c:301
int subsystems_register_options_formats(config_mgr_t *mgr)
Definition: subsysmgr.c:316
Header for subsysmgr.c.
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
tor_cmdline_mode_t
@ CMD_HASH_PASSWORD
@ CMD_LIST_FINGERPRINT
@ CMD_VERIFY_CONFIG
@ CMD_RUN_TOR
@ CMD_KEY_EXPIRATION
@ CMD_KEYGEN
@ CMD_DUMP_CONFIG
@ CMD_IMMEDIATE
#define SIZE_T_CEILING
Definition: torint.h:126
Header for version.c.
const char * get_version(void)
Definition: version.c:38
int options_act_server_transport(const or_options_t *old_options)
int options_validate_server_transport(const or_options_t *old_options, or_options_t *options, char **msg)
Header for feature/relay/transport_config.c.
int pt_proxies_configuration_pending(void)
Definition: transports.c:396
int transport_add_from_config(const tor_addr_t *addr, uint16_t port, const char *name, int socks_ver)
Definition: transports.c:339
char * pt_stringify_socks_args(const smartlist_t *socks_args)
Definition: transports.c:1756
void pt_configure_remaining_proxies(void)
Definition: transports.c:589
void sweep_proxy_list(void)
Definition: transports.c:1808
void mark_transport_list(void)
Definition: transports.c:180
static smartlist_t * transport_list
Definition: transports.c:143
void sweep_transport_list(void)
Definition: transports.c:191
void pt_prepare_proxy_list_for_config_read(void)
Definition: transports.c:1617
Headers for transports.c.
const char * get_uname(void)
Definition: uname.c:67
Header for uname.c.
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:176
#define tor_assert(expr)
Definition: util_bug.h:102
int strcasecmpstart(const char *s1, const char *s2)
Definition: util_string.c:225
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:215
const char * find_whitespace(const char *s)
Definition: util_string.c:353
int strcasecmpend(const char *s1, const char *s2)
Definition: util_string.c:264
int strcmp_opt(const char *s1, const char *s2)
Definition: util_string.c:197
const char * eat_whitespace(const char *s)
Definition: util_string.c:277
int string_is_C_identifier(const char *string)
Definition: util_string.c:423
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96