diff options
Diffstat (limited to 'src/app/config/config.c')
| -rw-r--r-- | src/app/config/config.c | 160 |
1 files changed, 102 insertions, 58 deletions
diff --git a/src/app/config/config.c b/src/app/config/config.c index b3a6e57fa8..6e7e131055 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -1,4 +1,3 @@ - /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. @@ -61,58 +60,68 @@ #define CONFIG_PRIVATE #include "core/or/or.h" -#include "feature/client/bridges.h" -#include "feature/client/addressmap.h" +#include "app/config/config.h" +#include "app/config/confparse.h" +#include "app/config/statefile.h" +#include "app/main/main.h" +#include "core/mainloop/connection.h" +#include "core/mainloop/cpuworker.h" +#include "core/mainloop/mainloop.h" +#include "core/mainloop/netstatus.h" #include "core/or/channel.h" #include "core/or/circuitbuild.h" #include "core/or/circuitlist.h" #include "core/or/circuitmux.h" #include "core/or/circuitmux_ewma.h" #include "core/or/circuitstats.h" -#include "lib/compress/compress.h" -#include "app/config/config.h" -#include "lib/encoding/confline.h" -#include "core/mainloop/connection.h" #include "core/or/connection_edge.h" #include "core/or/connection_or.h" -#include "feature/dircache/consdiffmgr.h" -#include "feature/control/control.h" -#include "app/config/confparse.h" -#include "core/mainloop/cpuworker.h" -#include "lib/crypt_ops/crypto_rand.h" -#include "lib/crypt_ops/crypto_util.h" -#include "lib/crypt_ops/crypto_init.h" -#ifdef ENABLE_NSS -#include "lib/crypt_ops/crypto_nss_mgt.h" -#else -#include "lib/crypt_ops/crypto_openssl_mgt.h" -#endif -#include "feature/dircache/dirserv.h" -#include "feature/relay/dns.h" #include "core/or/dos.h" +#include "core/or/policies.h" +#include "core/or/relay.h" +#include "core/or/scheduler.h" +#include "feature/client/addressmap.h" +#include "feature/client/bridges.h" #include "feature/client/entrynodes.h" -#include "lib/log/git_revision.h" -#include "feature/stats/geoip.h" +#include "feature/client/transports.h" +#include "feature/control/control.h" +#include "feature/dirauth/bwauth.h" +#include "feature/dirauth/guardfraction.h" +#include "feature/dircache/consdiffmgr.h" +#include "feature/dircache/dirserv.h" +#include "feature/dircommon/voting_schedule.h" #include "feature/hibernate/hibernate.h" -#include "core/mainloop/main.h" +#include "feature/hs/hs_config.h" +#include "feature/nodelist/dirlist.h" #include "feature/nodelist/networkstatus.h" +#include "feature/nodelist/nickname.h" #include "feature/nodelist/nodelist.h" -#include "core/or/policies.h" -#include "core/or/relay.h" -#include "feature/rend/rendclient.h" -#include "feature/rend/rendservice.h" -#include "feature/hs/hs_config.h" -#include "feature/stats/rephist.h" -#include "feature/relay/router.h" -#include "lib/sandbox/sandbox.h" #include "feature/nodelist/routerlist.h" #include "feature/nodelist/routerset.h" -#include "core/or/scheduler.h" -#include "app/config/statefile.h" -#include "feature/client/transports.h" +#include "feature/relay/dns.h" #include "feature/relay/ext_orport.h" -#include "feature/dircommon/voting_schedule.h" +#include "feature/relay/routermode.h" +#include "feature/rend/rendclient.h" +#include "feature/rend/rendservice.h" +#include "lib/geoip/geoip.h" +#include "feature/stats/geoip_stats.h" +#include "feature/stats/predict_ports.h" +#include "feature/stats/rephist.h" +#include "lib/compress/compress.h" +#include "lib/crypt_ops/crypto_init.h" +#include "lib/crypt_ops/crypto_rand.h" +#include "lib/crypt_ops/crypto_util.h" +#include "lib/encoding/confline.h" +#include "lib/log/git_revision.h" #include "lib/net/resolve.h" +#include "lib/sandbox/sandbox.h" + +#ifdef ENABLE_NSS +#include "lib/crypt_ops/crypto_nss_mgt.h" +#else +#include "lib/crypt_ops/crypto_openssl_mgt.h" +#endif + #ifdef _WIN32 #include <shlobj.h> #endif @@ -141,7 +150,8 @@ #include "lib/evloop/procmon.h" #include "feature/dirauth/dirvote.h" -#include "feature/dirauth/mode.h" +#include "feature/dirauth/recommend_pkg.h" +#include "feature/dirauth/authmode.h" #include "core/or/connection_st.h" #include "core/or/port_cfg_st.h" @@ -316,7 +326,7 @@ static config_var_t option_vars_[] = { V(BridgeRelay, BOOL, "0"), V(BridgeDistribution, STRING, NULL), VAR("CacheDirectory", FILENAME, CacheDirectory_option, NULL), - V(CacheDirectoryGroupReadable, BOOL, "0"), + V(CacheDirectoryGroupReadable, AUTOBOOL, "auto"), V(CellStatistics, BOOL, "0"), V(PaddingStatistics, BOOL, "1"), V(LearnCircuitBuildTimeout, BOOL, "1"), @@ -457,6 +467,7 @@ static config_var_t option_vars_[] = { VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceNumIntroductionPoints", LINELIST_S, RendConfigLines, NULL), + VAR("HiddenServiceExportCircuitID", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"), V(HidServAuth, LINELIST, NULL), V(ClientOnionAuthDir, FILENAME, NULL), @@ -816,6 +827,7 @@ static void config_maybe_load_geoip_files_(const or_options_t *options, static int options_validate_cb(void *old_options, void *options, void *default_options, int from_setconf, char **msg); +static void options_free_cb(void *options); static void cleanup_protocol_warning_severity_level(void); static void set_protocol_warning_severity_level(int warning_severity); @@ -831,6 +843,7 @@ STATIC config_format_t options_format = { option_deprecation_notes_, option_vars_, options_validate_cb, + options_free_cb, NULL }; @@ -911,6 +924,7 @@ set_options(or_options_t *new_val, char **msg) "Acting on config options left us in a broken state. Dying."); tor_shutdown_event_loop_and_exit(1); } + global_options = old_options; return -1; } /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is @@ -1406,7 +1420,6 @@ static int options_act_reversible(const or_options_t *old_options, char **msg) { smartlist_t *new_listeners = smartlist_new(); - smartlist_t *replaced_listeners = smartlist_new(); or_options_t *options = get_options_mutable(); int running_tor = options->command == CMD_RUN_TOR; int set_conn_limit = 0; @@ -1418,6 +1431,8 @@ options_act_reversible(const or_options_t *old_options, char **msg) * the subprocess. Libevent bases can't be reliably inherited across * processes. */ if (running_tor && options->RunAsDaemon) { + if (! start_daemon_has_been_called()) + crypto_prefork(); /* No need to roll back, since you can't change the value. */ if (start_daemon()) crypto_postfork(); @@ -1491,8 +1506,7 @@ options_act_reversible(const or_options_t *old_options, char **msg) * shutting down. If networking is disabled, this will close all but the * control listeners, but disable those. */ if (!we_are_hibernating()) { - if (retry_all_listeners(replaced_listeners, new_listeners, - options->DisableNetwork) < 0) { + if (retry_all_listeners(new_listeners, options->DisableNetwork) < 0) { *msg = tor_strdup("Failed to bind one of the listener ports."); goto rollback; } @@ -1564,9 +1578,26 @@ options_act_reversible(const or_options_t *old_options, char **msg) msg) < 0) { goto done; } + + /* We need to handle the group-readable flag for the cache directory + * specially, since the directory defaults to being the same as the + * DataDirectory. */ + int cache_dir_group_readable; + if (options->CacheDirectoryGroupReadable != -1) { + /* If the user specified a value, use their setting */ + cache_dir_group_readable = options->CacheDirectoryGroupReadable; + } else if (!strcmp(options->CacheDirectory, options->DataDirectory)) { + /* If the user left the value as "auto", and the cache is the same as the + * datadirectory, use the datadirectory setting. + */ + cache_dir_group_readable = options->DataDirectoryGroupReadable; + } else { + /* Otherwise, "auto" means "not group readable". */ + cache_dir_group_readable = 0; + } if (check_and_create_data_directory(running_tor /* create */, options->CacheDirectory, - options->CacheDirectoryGroupReadable, + cache_dir_group_readable, options->User, msg) < 0) { goto done; @@ -1628,17 +1659,6 @@ options_act_reversible(const or_options_t *old_options, char **msg) "Overwrite the log afterwards.", badness); } - SMARTLIST_FOREACH(replaced_listeners, connection_t *, conn, - { - int marked = conn->marked_for_close; - log_notice(LD_NET, "Closing old %s on %s:%d", - conn_type_to_string(conn->type), conn->address, conn->port); - connection_close_immediate(conn); - if (!marked) { - connection_mark_for_close(conn); - } - }); - if (set_conn_limit) { /* * If we adjusted the conn limit, recompute the OOS threshold too @@ -1692,7 +1712,6 @@ options_act_reversible(const or_options_t *old_options, char **msg) done: smartlist_free(new_listeners); - smartlist_free(replaced_listeners); return r; } @@ -3135,6 +3154,13 @@ options_validate_cb(void *old_options, void *options, void *default_options, return rv; } +/** Callback to free an or_options_t */ +static void +options_free_cb(void *options) +{ + or_options_free_(options); +} + #define REJECT(arg) \ STMT_BEGIN *msg = tor_strdup(arg); return -1; STMT_END #if defined(__GNUC__) && __GNUC__ <= 3 @@ -3389,6 +3415,9 @@ options_validate(or_options_t *old_options, or_options_t *options, log_notice(LD_CONFIG, "Your ContactInfo config option is not set. " "Please consider setting it, so we can contact you if your server is " "misconfigured or something else goes wrong."); + const char *ContactInfo = options->ContactInfo; + if (ContactInfo && !string_is_utf8(ContactInfo, strlen(ContactInfo))) + REJECT("ContactInfo config option must be UTF-8."); /* Special case on first boot if no Log options are given. */ if (!options->Logs && !options->RunAsDaemon && !from_setconf) { @@ -8329,6 +8358,11 @@ config_load_geoip_file_(sa_family_t family, const char *fname, const char *default_fname) { + const or_options_t *options = get_options(); + const char *msg = ""; + int severity = options_need_geoip_info(options, &msg) ? LOG_WARN : LOG_INFO; + int r; + #ifdef _WIN32 char *free_fname = NULL; /* Used to hold any temporary-allocated value */ /* XXXX Don't use this "<default>" junk; make our filename options @@ -8338,12 +8372,16 @@ config_load_geoip_file_(sa_family_t family, tor_asprintf(&free_fname, "%s\\%s", conf_root, default_fname); fname = free_fname; } - geoip_load_file(family, fname); + r = geoip_load_file(family, fname, severity); tor_free(free_fname); #else /* !(defined(_WIN32)) */ (void)default_fname; - geoip_load_file(family, fname); + r = geoip_load_file(family, fname, severity); #endif /* defined(_WIN32) */ + + if (r < 0 && severity == LOG_WARN) { + log_warn(LD_GENERAL, "%s", msg); + } } /** Load geoip files for IPv4 and IPv6 if <a>options</a> and @@ -8357,13 +8395,19 @@ config_maybe_load_geoip_files_(const or_options_t *options, if (options->GeoIPFile && ((!old_options || !opt_streq(old_options->GeoIPFile, options->GeoIPFile)) - || !geoip_is_loaded(AF_INET))) + || !geoip_is_loaded(AF_INET))) { config_load_geoip_file_(AF_INET, options->GeoIPFile, "geoip"); + /* Okay, now we need to maybe change our mind about what is in + * which country. We do this for IPv4 only since that's what we + * store in node->country. */ + refresh_all_country_info(); + } if (options->GeoIPv6File && ((!old_options || !opt_streq(old_options->GeoIPv6File, options->GeoIPv6File)) - || !geoip_is_loaded(AF_INET6))) + || !geoip_is_loaded(AF_INET6))) { config_load_geoip_file_(AF_INET6, options->GeoIPv6File, "geoip6"); + } } /** Initialize cookie authentication (used so far by the ControlPort |